last executing test programs: 3m0.969497866s ago: executing program 3 (id=701): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x4}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_COMPAT={0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) 2m54.083939018s ago: executing program 3 (id=709): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000100)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220f00000083000000000b11"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) syz_genetlink_get_family_id$gtp(0x0, 0xffffffffffffffff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r2, 0x0, 0x20040000) sendmsg$GTP_CMD_GETPDP(0xffffffffffffffff, 0x0, 0x4000800) fsetxattr$security_ima(r2, 0x0, 0x0, 0x0, 0x2) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) ioctl$HIDIOCGUCODE(r1, 0xc018480d, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000700)={0x2c, &(0x7f0000000280)={0x40, 0x6, 0x8f, {0x8f, 0xe, "708daef82f2052246faa3c87499a0d526721df70363296c8382fc7432276e3122f9dcf20b0396508215bd4321d0ef467dbea992237e91466fb0af20a62a3aab5bb8a493cfa50c993e02090513afabf5d8a54e5ac94acf9cb23b27e6fe1b3c39062b91ab3aca4f53a0de77c5f7036c5eb454fb13a5286460eb9f408a9570e823475d10f3163fa5b66765ecae421"}}, &(0x7f0000000340)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x411}}, &(0x7f0000000580)={0x0, 0xf, 0xdc, {0x5, 0xf, 0xdc, 0x4, [@generic={0x8, 0x10, 0x3, "6e6fb1f41d"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x5, 0x2, 0x6, 0x9952}, @generic={0xbe, 0x10, 0x2, "1821665aec26bb1a3e5f3cbd314e184d802e4e0af41ed1c351c92a96404769ba958848b9449b6ec34a47879194df9bf9c5c914c9f3f6cae6e2cbfcc1fe76129f083704e93b64c5223ef9eb436a7aed35d742f5401d9fa842a5fdd3f9d6bf87a14d1bd1c71c94e95c39641adf764cf847f5bc4a7252411f6679b3c4a33f1ee8b6e16d8f45666df0389ca9a838987ac3290567d5d17bdcfee478b761434d3c4fe75af6d204c185a5b55d574ab520314cf53c6efc626a1fca87a73216"}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x4, 0x4, 0x9}]}}, &(0x7f0000000680)={0x20, 0x29, 0xf, {0xf, 0x29, 0x17, 0x80, 0x7, 0x63, "a996111a", "23d40e37"}}, &(0x7f00000006c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xfd, 0x2, 0x7, 0x4, 0x33, 0x1, 0x7}}}, &(0x7f0000000b40)={0x84, &(0x7f0000001a00)={0x20, 0x11, 0xe3, "72408762fabcaa05c6afa6fe56d711332f35d1696532956e3da2005498f57adc097e91fc87dac39d5d84dd65c81878d663d37d0665af31d3edf68e3711b9877dc4f1a9bff45eb48500a3d06d9fd4b976c69c322a4d0ef6679977513e1edcc9db8b2bc1e7e03d043fdfc155b559149bd35df123584c96f74e8d53d1427aeb8bccddb46deb2739a015b1b97b3de37193b2c0dd09ba43afa5ed69afa6cf928c6db88d1143d51bfcb6375f00f31fcb19babd9aee55a7d6e2bb0aa9a38054195f93e12f5677e4a0798eab9cbe69014277d4dafa775187b9bbd0b50fb87a855b77bc3fcdf473"}, &(0x7f0000000780)={0x0, 0xa, 0x1, 0x23}, &(0x7f00000007c0)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000800)={0x20, 0x0, 0x4, {0x2, 0x1}}, &(0x7f0000000840)={0x20, 0x0, 0x8, {0x140, 0x2caaa645f949895f, [0xf0]}}, &(0x7f0000000880)={0x40, 0x7, 0x2, 0xf800}, &(0x7f00000008c0)={0x40, 0x9, 0x1, 0xe}, &(0x7f0000000900)={0x40, 0xb, 0x2, "8b33"}, &(0x7f0000000940)={0x40, 0xf, 0x2, 0x5}, &(0x7f0000000980)={0x40, 0x13, 0x6, @remote}, &(0x7f00000009c0)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x9}}, &(0x7f0000000a00)={0x40, 0x19, 0x2, "ef90"}, &(0x7f0000000a40)={0x40, 0x1a, 0x2, 0x7ff}, &(0x7f0000000a80)={0x40, 0x1c, 0x1, 0x3}, &(0x7f0000000ac0)={0x40, 0x1e, 0x1, 0x2}, &(0x7f0000000b00)={0x40, 0x21, 0x1, 0x8}}) 2m50.926869435s ago: executing program 3 (id=717): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x4}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_COMPAT={0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) 2m50.706925154s ago: executing program 1 (id=719): fsopen(&(0x7f0000000100)='configfs\x00', 0x0) r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000)) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b95}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x4, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0xa, 0x81, 0x8a, 0x79, 0x2, 0x8, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x7fffffff, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x4, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x0, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0xc7c, 0x4, 0x0, 0xfffffff8, 0x4, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x1, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000000, 0x6, 0x438, 0x2, 0x9, 0x92, 0x7ffdffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x9, 0x8, 0x3fc, 0x4000006, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x4e, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e55, 0x4005, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x6, 0x8922, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x5, 0x9, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa774, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x4, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x100009, 0xc, 0x5, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x5, 0x3, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x1, 0x26d, 0x6, 0xffff7ff9, 0x4, 0xfffffff9, 0x9, 0x3, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001280)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000005c0)=ANY=[@ANYBLOB=' \x00\x00\x00m'], 0x28}], 0x1}, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304}) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000840)=ANY=[@ANYBLOB="280000001200010101000000000000000000", @ANYRES32], 0x28}}, 0x0) syz_emit_vhci(&(0x7f00000000c0)=ANY=[], 0x1a) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x60, 0x0, 0x200, 0x70bd2c, 0x25dfdbfd, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x8800) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x31}}, 0x2, 0x0, 0x4}}, 0x2e) sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x28, 0x0, 0x11, 0x70bd28, 0x25dfdbfc, {{}, {}, {0xc, 0x14, 'syz1\x00'}}}, 0x28}, 0x1, 0x0, 0x0, 0xe4}, 0x2c90224929df06d3) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = dup(r5) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f00000000c0)={0x60, 0x2, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00002c5000/0x3000)=nil, 0x6, 0x0, 0x0, 0x5, 0x12, 0x5, 0x4c, 0x46}) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a31000000002c0003800800014000000000180003801400010076657468315f746f5f626f6e6400000008000240000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e640000"], 0x10c}}, 0x0) 2m49.005802255s ago: executing program 3 (id=721): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x140, 0x1a0) r0 = openat$sndtimer(0xffffff9c, 0x0, 0x20000) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x403c5404, 0x0) syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0) r1 = syz_usb_connect(0x0, 0x2d, 0x0, 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_control_io(r1, 0x0, 0x0) pwritev(r2, &(0x7f0000000240)=[{&(0x7f00000001c0)="dbdf", 0x2}], 0x1, 0x7fd, 0x7) 2m47.998191192s ago: executing program 3 (id=723): ioctl$USBDEVFS_BULK(0xffffffffffffffff, 0xc0185502, &(0x7f0000000100)={{{0x8}}, 0x45, 0x7, &(0x7f0000000080)="1995e247cfebaee4859f7ec2cb69d8dea74689f05fd9e2f0bc8bb7f5070bce2181d1cf796f5888c2a3dad04409eacf33adba299bd778db72dfbc2eb6778884649e59001872"}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$FOU_CMD_DEL(0xffffffffffffffff, 0x0, 0x10) syz_usb_connect(0x5, 0x36, &(0x7f0000000880)={{0x12, 0x1, 0x250, 0xc, 0xde, 0xe, 0x20, 0x499, 0x1034, 0xb69f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0xb, 0x9, 0x50, 0x5, "", [{{0x9, 0x4, 0x56, 0x5c, 0x1, 0xd8, 0x1f, 0x2e, 0x3, [@hid_hid={0x9, 0x21, 0x40, 0x3, 0x1, {0x22, 0x6d}}], [{{0x9, 0x5, 0x3, 0x1, 0x0, 0x7, 0x9, 0x6}}]}}]}}]}}, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0}) r1 = syz_io_uring_complete(0x0, 0x0) setsockopt$sock_linger(r1, 0x1, 0xd, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8b2b, &(0x7f0000000040)={'wlan1\x00', @random="008000"}) 2m47.62947402s ago: executing program 1 (id=727): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="b800000019000100ffffffff00000100e000000200000000000000000000000000000000f7000000000000000000000000000010000000000a"], 0xb8}}, 0x4004) sendmsg$nl_xfrm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="b8000000190001000000000000000000e0000002000000000000000000f700000000000000000000000000000000000000000000000000000a", @ANYRES32=0x0], 0xb8}}, 0x2c000010) 2m47.329518777s ago: executing program 1 (id=728): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x419, 0x600, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x0, "", [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x4, 0x9, 0x1, {0x22, 0x28}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x4, 0xb, 0xfe}}}}}]}}]}}, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]}) open_tree(0xffffffffffffff9c, 0x0, 0x1000) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r1, 0xc0182101, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f0000000240)={0x0, 0x6, 0x28, {0x28, 0x31, "f70ba381030000000000000000cb4fdca0560fb30d54f365c5b1d43ee44fbf6fc93f0808251f"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 2m45.512217865s ago: executing program 3 (id=729): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x7c, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x48, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x38, 0x2, 0x0, 0x1, [@NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TARGET_INFO={0x2c, 0x3, "7339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c700"/40}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_COMPAT={0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) 2m44.17132613s ago: executing program 1 (id=733): openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000100)='devices.deny\x00', 0x2, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3", 0x5) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=ANY=[@ANYBLOB="ec000000210001000000000000000000fc020000000000000000000000000001fe80000000000000000000000000002000000000000000000a0003a02e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c001100ac1414aa000000000000000000000000fe800000000000000000000000000026fc02000000000000000000000000c1b2c91400000000000000000000000000003c04"], 0xec}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 2m43.998082996s ago: executing program 1 (id=734): r0 = syz_io_uring_setup(0xd3a, &(0x7f0000000080)={0x0, 0x2, 0x3010, 0x3, 0x3}, &(0x7f0000000280)=0x0, &(0x7f0000000140)=0x0, &(0x7f0000000180)=0x0) syz_ublk_add_dev(r0, r1, r2, r3, &(0x7f00000002c0)={0x2e, 0x8, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000200)=@new_dev={0x1, 0xad0, 0x0, 0x0, 0x1000, 0xffffffff, 0xffffffffffffffff, 0x0, 0x8}, 0xf0}}, &(0x7f0000000340)) 2m43.837161193s ago: executing program 1 (id=736): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x400000f1, 0x0, 0x2afc9260}]}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r3) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4) sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x1}]}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r5 = accept$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000180)=0x14) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000600)={0x0, @loopback, @empty}, &(0x7f0000000640)=0xc) sendto$packet(r5, &(0x7f0000000500)="689f5ff940a90be516f58f2512d7201311385fdc806ea5ac136454e870b153f4bcd818970bfe523edb326d2d1d4714662144d5d4cf08c0fe554270b66d2a557fe4bc82a7b4aa1d7ef965b03959e87872564820a07b0347fa8705dc338aeaf149ee0995d5ae48ba9dfb7ad54ee81e72839bfd075e053d75c067be003db13681710c6d32527b585f3234c9fa9670d19043f5141edd2e72cabdff8bbf73c803210472bf8919674998896bcbce67fe14ba5e482ce287ee965d7af2c3349f4b7c319523b167d08d8aa5b95f4d503fee295a9f1426dc9fec69586df165216bda9326388150c7a27bd7c69ee9", 0xe9, 0x4000050, &(0x7f0000000680)={0x11, 0xf5, r6, 0x1, 0x9, 0x6, @multicast}, 0x14) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003080)=ANY=[@ANYBLOB="501a0000210a010800000000000000000a0000000900020073797a31000000000900010073797a3100000000241a038018013f800c000180060001"], 0x1a50}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000004c0), 0x60081, 0x0) r9 = socket$packet(0x11, 0x3, 0x300) r10 = socket$pptp(0x18, 0x1, 0x2) connect$pptp(r10, &(0x7f0000000040)={0x18, 0x2, {0x2, @broadcast}}, 0x1e) setsockopt$packet_int(r9, 0x107, 0xa, 0x0, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000000)=0x15) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r8, 0x40204706, 0x0) 2m30.434377238s ago: executing program 32 (id=729): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x7c, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x48, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x38, 0x2, 0x0, 0x1, [@NFTA_TARGET_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TARGET_INFO={0x2c, 0x3, "7339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c700"/40}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_COMPAT={0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) 2m28.254303503s ago: executing program 33 (id=736): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x400000f1, 0x0, 0x2afc9260}]}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r3) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4) sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x1}]}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r5 = accept$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000180)=0x14) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000600)={0x0, @loopback, @empty}, &(0x7f0000000640)=0xc) sendto$packet(r5, &(0x7f0000000500)="689f5ff940a90be516f58f2512d7201311385fdc806ea5ac136454e870b153f4bcd818970bfe523edb326d2d1d4714662144d5d4cf08c0fe554270b66d2a557fe4bc82a7b4aa1d7ef965b03959e87872564820a07b0347fa8705dc338aeaf149ee0995d5ae48ba9dfb7ad54ee81e72839bfd075e053d75c067be003db13681710c6d32527b585f3234c9fa9670d19043f5141edd2e72cabdff8bbf73c803210472bf8919674998896bcbce67fe14ba5e482ce287ee965d7af2c3349f4b7c319523b167d08d8aa5b95f4d503fee295a9f1426dc9fec69586df165216bda9326388150c7a27bd7c69ee9", 0xe9, 0x4000050, &(0x7f0000000680)={0x11, 0xf5, r6, 0x1, 0x9, 0x6, @multicast}, 0x14) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003080)=ANY=[@ANYBLOB="501a0000210a010800000000000000000a0000000900020073797a31000000000900010073797a3100000000241a038018013f800c000180060001"], 0x1a50}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000004c0), 0x60081, 0x0) r9 = socket$packet(0x11, 0x3, 0x300) r10 = socket$pptp(0x18, 0x1, 0x2) connect$pptp(r10, &(0x7f0000000040)={0x18, 0x2, {0x2, @broadcast}}, 0x1e) setsockopt$packet_int(r9, 0x107, 0xa, 0x0, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000000)=0x15) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r8, 0x40204706, 0x0) 2m24.111230796s ago: executing program 0 (id=751): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req={0x4, 0x6a4, 0x8, 0x101}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000000c0)={0x64, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0, 0x0, 0x2bb4bf1e017492a3}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}]}, 0x64}}, 0x44) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x74) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000540)='/dev/comedi3\x00', 0x40040, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f00000000c0)={'dt2801\x00', [0xfffffffe, 0x2, 0x3, 0x5, 0x1, 0x5, 0x75, 0xffffffeb, 0x8000b, 0x2, 0x10001, 0x1, 0x3, 0x41, 0x2, 0xfc, 0x0, 0x8, 0x5, 0x7, 0x8007, 0x81, 0xffff, 0x20001e58, 0xffffffff, 0xf3a2, 0x8, 0x80040008, 0x10003, 0x9, 0xffffffff]}) dup(r3) 2m18.121519564s ago: executing program 0 (id=753): r0 = socket$inet_sctp(0x2, 0x5, 0x84) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000040)='bdev\x00', 0x0, &(0x7f00000001c0)='=\n\x9b\xa1Q\x83\xe9\n@\xf6\"2a\xd7\x1fch\x1a}#\xfa\xe4\n\xdc[\x03\x97\xcd\xf1\xa6b\x9a\x1f\xff\xff\xffIT\xe4\x8c&\xac\xe6:\xc5\xe8\xd9\"\x82\xd5\xeb\x90\xef1:\xba\xc3\xc3\xd3\xad\'\xc44\x17,,\x8dZz\x04\x17-#F\xc7<\xe6\xf5]%gC\x9e\xca\nS\xc3\xc8\x98\xd8\xc8\x9eZ\xa76\x9f\xc2=\xaa\xcet7\xb9\xbd\xd47\xe3\xc8@$8\v\x9f\xfd\xe1!\x11\x19Y\x06J\x8f\x80\xef9Tw8\x1b\xe2\xf3\x85\xd5}\xa5\xb7\xd5|') ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000002580)={'erspan0\x00', {0x2, 0x4e22, @empty}}) (async) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000002580)={'erspan0\x00', {0x2, 0x4e22, @empty}}) 2m12.311299771s ago: executing program 0 (id=759): r0 = socket$can_j1939(0x1d, 0x2, 0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', 0x0}) sendto$packet(r2, &(0x7f0000000180)="0b036800e0ff64000200475400f6a13bb10000000800894f4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x0, r3}, 0x14) setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f00000000c0)=0x7, 0x4) 2m11.890557008s ago: executing program 0 (id=760): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x140, 0x1a0) r0 = openat$sndtimer(0xffffff9c, 0x0, 0x20000) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x403c5404, 0x0) syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[], 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_control_io(r1, 0x0, 0x0) pwritev(r2, &(0x7f0000000240)=[{&(0x7f00000001c0)="dbdf", 0x2}], 0x1, 0x7fd, 0x7) 2m8.73418055s ago: executing program 0 (id=764): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) r3 = syz_usb_connect(0x1, 0x24, &(0x7f0000000080)=ANY=[@ANYRES64=0x0], 0x0) r4 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c0000001200010003950000000000000a0900004001000000000000000000000000ffff"], 0x4c}}, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = getpgrp(0x0) r6 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0) socket(0x6b, 0x6, 0xfffffff7) syz_emit_vhci(&(0x7f00000001c0)=ANY=[@ANYBLOB="043c"], 0xa) r7 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp\x00') socket$netlink(0x10, 0x3, 0x4) ioprio_set$uid(0x3, 0x0, 0x0) preadv(r7, &(0x7f0000000340)=[{&(0x7f0000000200)=""/109, 0x6d}], 0x1, 0x2, 0x0) write$nbd(r6, &(0x7f0000000340)=ANY=[@ANYBLOB="01000000000014"], 0x40) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000000180)=@x86={0x3, 0x2, 0x9, 0x0, 0x8001, 0x4, 0x3, 0x9, 0x1, 0xb, 0x20, 0x4, 0x0, 0x400, 0x5, 0x38, 0x6, 0x6, 0x9, '\x00', 0x5, 0x1}) prlimit64(r5, 0xe, 0x0, 0x0) ptrace$setregset(0x4205, r5, 0x202, &(0x7f00000000c0)={&(0x7f0000000000)="90d3caba61e9dafea2c96fd86e", 0xd}) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYRESHEX=r5], 0xa) syz_usb_control_io(r3, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r8 = socket$nl_sock_diag(0x10, 0x3, 0x4) setsockopt$sock_int(r8, 0x1, 0x6, &(0x7f0000000100)=0x2, 0x4) syz_usb_control_io$uac1(r3, 0x0, 0x0) 2m5.54121871s ago: executing program 0 (id=766): clock_gettime(0x4, &(0x7f00000000c0)) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt6_stats\x00') readv(r0, &(0x7f0000000200)=[{&(0x7f0000000180)=""/89, 0x59}], 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000100)={0x54, r2, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0x5, 0x34, @random="8e"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_KEYS={0x24, 0x51, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "dba06c8914"}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac06}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x7044}, 0x20004800) r4 = getpid() syz_emit_vhci(&(0x7f00000001c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0x37}, @l2cap_cid_signaling={{0x33}, [@l2cap_create_chan_rsp={{0xd, 0xa3, 0x8}, {0xb, 0x8, 0x401, 0x4}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0xa6}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x9, 0x2}, {0x3}}, @l2cap_move_chan_rsp={{0xf, 0xe4, 0x4}, {0x4, 0x40}}, @l2cap_move_chan_req={{0xe, 0xd, 0x3}, {0x1, 0x5}}, @l2cap_cmd_rej_unk={{0x1, 0x6, 0x2}, {0x7dbb}}, @l2cap_info_req={{0xa, 0x3, 0x2}, {0xf}}]}}, 0x3c) syz_pidfd_open(r4, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = syz_open_dev$loop(&(0x7f00000003c0), 0x800, 0x280) r7 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101701) ioctl$USBDEVFS_CLEAR_HALT(r7, 0xc0105502, &(0x7f0000000300)={0x1, 0x1}) ioctl$BLKRRPART(r6, 0x125f, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a80)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a20000000080a01010000000000000000000000050900010073797a00010000000000000000000a00000a"], 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f0000000080)=0xc) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = syz_genetlink_get_family_id$batadv(&(0x7f00000002c0), r0) sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x24, r11, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x6}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xf}]}, 0x24}, 0x1, 0x0, 0x0, 0x8004}, 0x8811) r12 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1) ioctl$KVM_XEN_HVM_CONFIG(r10, 0x4038ae7a, &(0x7f0000000100)={0x2, 0x40000105, 0x0, 0x0}) ioctl$KVM_RUN(r12, 0xae80, 0x0) r13 = syz_open_procfs(r8, &(0x7f0000000000)='net/mcfilter6\x00') write$RDMA_USER_CM_CMD_CREATE_ID(r13, 0x0, 0x0) 1m50.445665128s ago: executing program 34 (id=766): clock_gettime(0x4, &(0x7f00000000c0)) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/rt6_stats\x00') readv(r0, &(0x7f0000000200)=[{&(0x7f0000000180)=""/89, 0x59}], 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000100)={0x54, r2, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0x5, 0x34, @random="8e"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_KEYS={0x24, 0x51, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "dba06c8914"}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac06}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x7044}, 0x20004800) r4 = getpid() syz_emit_vhci(&(0x7f00000001c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0x37}, @l2cap_cid_signaling={{0x33}, [@l2cap_create_chan_rsp={{0xd, 0xa3, 0x8}, {0xb, 0x8, 0x401, 0x4}}, @l2cap_cmd_rej_unk={{0x1, 0x7, 0x2}, {0xa6}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x9, 0x2}, {0x3}}, @l2cap_move_chan_rsp={{0xf, 0xe4, 0x4}, {0x4, 0x40}}, @l2cap_move_chan_req={{0xe, 0xd, 0x3}, {0x1, 0x5}}, @l2cap_cmd_rej_unk={{0x1, 0x6, 0x2}, {0x7dbb}}, @l2cap_info_req={{0xa, 0x3, 0x2}, {0xf}}]}}, 0x3c) syz_pidfd_open(r4, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = syz_open_dev$loop(&(0x7f00000003c0), 0x800, 0x280) r7 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101701) ioctl$USBDEVFS_CLEAR_HALT(r7, 0xc0105502, &(0x7f0000000300)={0x1, 0x1}) ioctl$BLKRRPART(r6, 0x125f, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a80)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a20000000080a01010000000000000000000000050900010073797a00010000000000000000000a00000a"], 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f0000000080)=0xc) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = syz_genetlink_get_family_id$batadv(&(0x7f00000002c0), r0) sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x24, r11, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x6}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xf}]}, 0x24}, 0x1, 0x0, 0x0, 0x8004}, 0x8811) r12 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x1) ioctl$KVM_XEN_HVM_CONFIG(r10, 0x4038ae7a, &(0x7f0000000100)={0x2, 0x40000105, 0x0, 0x0}) ioctl$KVM_RUN(r12, 0xae80, 0x0) r13 = syz_open_procfs(r8, &(0x7f0000000000)='net/mcfilter6\x00') write$RDMA_USER_CM_CMD_CREATE_ID(r13, 0x0, 0x0) 24.872164281s ago: executing program 2 (id=816): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000000)=0x4b4, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x9d1, 0x4) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0) recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x10020) 24.426278747s ago: executing program 2 (id=817): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000042}, 0x90) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x1000000000000, 0x20004080}, 0x48810) 24.045897931s ago: executing program 2 (id=818): r0 = syz_usb_connect$hid(0x3, 0x3f, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000000000406a05000000000000000109022d00010000000009040000010300000009210000080122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000180)=ANY=[], 0x0}, 0x0) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$apparmor_current(r1, &(0x7f0000000000)=ANY=[@ANYBLOB='permhat 9'], 0x25) r2 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000080)=0x2c91, 0x4) sendmsg$sock(r2, &(0x7f0000000540)={&(0x7f0000000580)=@in6={0xa, 0x4ea7, 0x81, @ipv4={'\x00', '\xff\xff', @local}, 0x3}, 0x80, 0x0, 0x0, &(0x7f0000000700)=[@mark={{0x14, 0x1, 0x51, 0xfffffffb}}], 0x18}, 0x4c040) syz_usb_connect$uac1(0x3, 0x9f, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8d, 0x3, 0x1, 0x0, 0x30, 0x9, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xe3, 0x27}, [@extension_unit={0xb, 0x24, 0x8, 0x3, 0x1, 0x3, "3eedaef4"}, @output_terminal={0x9, 0x24, 0x3, 0x6, 0x100, 0x1, 0x2, 0xef}, @output_terminal={0x9, 0x24, 0x3, 0x4, 0x304, 0x2, 0x6, 0xf4}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x0, 0x0, 0x1}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0xa, 0x3, 0x8f, 0x9, "e4"}]}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0x5, 0xf0, 0x80, {0x7, 0x25, 0x1, 0x8, 0xfb, 0x8000}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x6, 0x1, 0x6, {0x7, 0x25, 0x1, 0x8, 0x40, 0x80}}}}}}}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x200, 0x46, 0x9d, 0xe, 0x10}, 0x6b, &(0x7f00000004c0)={0x5, 0xf, 0x6b, 0x5, [@ssp_cap={0x20, 0x10, 0xa, 0x8, 0x5, 0x30, 0xf, 0x9, [0x3fcf, 0x0, 0xff000f, 0x30, 0xc000]}, @ss_container_id={0x14, 0x10, 0x4, 0x0, "ab41004f2c47e5e2d3dc85b18a4158c4"}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "694ea7f0adc426a730c012e5382dadf7"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x9, 0x5, 0x0, 0x3}, @ss_container_id={0x14, 0x10, 0x4, 0xd, "5f2cbe32effb9a0ebf8215e5107f60ad"}]}, 0x3, [{0x5a, &(0x7f0000000280)=@string={0x5a, 0x3, "927543852867dc86dfc483c74d7d21bf0a08660542a7639050bccd40349e2606ac7c586812311411122f95a80b16cca196b4c0dde33b8a5aeb036371e90bfbc4a575e861a0554cb646612f96fcccd285a92af982e7d79518"}}, {0xec, &(0x7f0000000300)=@string={0xec, 0x3, "2fcbf4213ceb681c3cb79940bbfe32b39d8d1f8dd27f7636d71c373cb987220da37c685d55713c9215fea63398a58b5dabb89e73ebb07e7902169ccf14ceb2d9573147b629592c537368e51ad62e93c99364bdd9e5e373a44b62f405a7978e4a06a43deed14cd0747036ce51edb45c6399b15c318062aa66bd0c1aaa997a40af7443dc355f80eb6b035a5fd8d9c9e7910723a7f57acb2be5f1b0b8fc0891cd3ea6b0891eb677993afbd3ea8d0a2c1a62265b0062ecff27797ace88e0cc00762d5f32cd093db71ee37aa58f9b3341d046180e727b1b2c0940868fe70e6e79ad123bf090160c2b8627ac34"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x1c09}}]}) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000000)={0xbffffffc, 0x32315559, 0x640, 0xf0, 0x3, @stepwise={{0x1ff, 0x7}, {0x3ff, 0xfffffff7}, {0x3759, 0x5}}}) r3 = socket(0x2, 0x80805, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r4, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x7a, &(0x7f0000000340)={r5, @in6={{0xa, 0x3, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, &(0x7f0000000040)=0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x70, &(0x7f0000000480)={r5, @in6={{0xa, 0x4e24, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x3}}, [0x6577, 0x6, 0x4760, 0x200, 0x7, 0x4, 0x3, 0x200, 0xffffffff00000000, 0xc, 0x0, 0x0, 0x8000000000000001, 0x76d, 0x2]}, &(0x7f0000000580)=0x100) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)={0x34, r7, 0x705, 0x70bd2b, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}]}, @ETHTOOL_A_STRSET_STRINGSETS={0x8, 0x2, 0x0, 0x1, [{0x4}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x40008d0}, 0x0) r8 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402505a8a4410001020b0109021b00010100c00009040000020701010009050102"], 0x0) syz_usb_control_io$printer(r8, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}}) r9 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) pwritev2(r9, &(0x7f00000015c0)=[{&(0x7f0000000080)="ec", 0x1}], 0x1, 0xfffff, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r11, 0x1, 0x2a, &(0x7f0000000100)=0xfffe, 0x4) recvmmsg(r11, &(0x7f0000001440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40002002, 0x0) sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0) 20.122120939s ago: executing program 2 (id=819): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x140, 0x1a0) r0 = openat$sndtimer(0xffffff9c, 0x0, 0x20000) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x403c5404, 0x0) syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b000100000001090401"], 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_control_io(r1, 0x0, 0x0) pwritev(r2, &(0x7f0000000240)=[{&(0x7f00000001c0)="dbdf", 0x2}], 0x1, 0x7fd, 0x7) 16.999283355s ago: executing program 2 (id=820): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000900000a20000000000a01030000000000000000010000090900010073797a31000000002c000000030a0102000000000000000001000000090003"], 0xc8}, 0x1, 0x0, 0x0, 0x400c081}, 0x50) r0 = syz_usb_connect(0x5, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff030000000905ba3e79"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000240)=ANY=[@ANYBLOB="40010400000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080006067c09e8fe55a10a0015400400142603600e120800060000001001a8001600a400014003000000036004fab94dcf5c0461c1d6", 0x48}], 0x1}, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) syz_usb_control_io$uac3(r0, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000000400)=ANY=[@ANYBLOB="400e1d0000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 15.090090125s ago: executing program 2 (id=821): r0 = socket$inet6(0xa, 0x3, 0x7) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40106309, 0x1}], 0x0, 0x0, 0x0}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x14, 0x4, 0x7, 0x101, 0x70bd26, 0x25dfdbfb, {0x2, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x4000) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000540), r4) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x40, r5, 0x1, 0x0, 0xfffffffe, {}, [@NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0xffffffffffffffff}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x40}, 0x1, 0x0, 0x0, 0x5}, 0x8000090) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r7 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r8 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) lseek(r8, 0x6, 0x2) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) r9 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCFLSH(r9, 0x4b63, 0x0) write$tun(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000001011ff00000000000100070000000000000000ff0200000000000000000000000000014f194e20"], 0xfdef) 0s ago: executing program 35 (id=821): r0 = socket$inet6(0xa, 0x3, 0x7) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000000)=[@acquire_done={0x40106309, 0x1}], 0x0, 0x0, 0x0}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x14, 0x4, 0x7, 0x101, 0x70bd26, 0x25dfdbfb, {0x2, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x4000) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000540), r4) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x40, r5, 0x1, 0x0, 0xfffffffe, {}, [@NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0xffffffffffffffff}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x40}, 0x1, 0x0, 0x0, 0x5}, 0x8000090) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r7 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r8 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) lseek(r8, 0x6, 0x2) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) r9 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCFLSH(r9, 0x4b63, 0x0) write$tun(r3, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000001011ff00000000000100070000000000000000ff0200000000000000000000000000014f194e20"], 0xfdef) kernel console output (not intermixed with test programs): ing 218 has a duplicate endpoint with address 0x1, skipping [ 237.142913][ T5621] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x7, skipping [ 237.142940][ T5621] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x3, skipping [ 237.142967][ T5621] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x8, skipping [ 237.142993][ T5621] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x1, skipping [ 237.143019][ T5621] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x8, skipping [ 237.143055][ T5621] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x7, skipping [ 237.143080][ T5621] usb 3-1: config 128 interface 24 altsetting 218 has 11 endpoint descriptors, different from the interface descriptor's value: 23 [ 237.143110][ T5621] usb 3-1: config 128 interface 165 has no altsetting 0 [ 237.143130][ T5621] usb 3-1: config 128 interface 227 has no altsetting 0 [ 237.143151][ T5621] usb 3-1: config 128 interface 37 has no altsetting 0 [ 237.143171][ T5621] usb 3-1: config 128 interface 65 has no altsetting 0 [ 237.143191][ T5621] usb 3-1: config 128 interface 24 has no altsetting 0 [ 237.320811][ T5621] usb 3-1: New USB device found, idVendor=0bfd, idProduct=0112, bcdDevice=2e.58 [ 237.320847][ T5621] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.320870][ T5621] usb 3-1: Product: syz [ 237.320886][ T5621] usb 3-1: Manufacturer: 뜧恾庺궵쟦杲姎㔇Ⓚ湥鋸ﻶ宼죕ౄ鵹遦눡釠儳臖௒㼄뙴糛橄Ἁ酄ꂑﴐ鼥⠎ᑸ໏垑孮寲⿟襞鼝絣䇕楂䲐껹맊쫑ᆳ꒞똒恓宇 [ 237.320914][ T5621] usb 3-1: SerialNumber: syz [ 237.867760][ T7620] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 237.870751][ T7620] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 238.165511][ T7626] loop2: detected capacity change from 0 to 7 [ 238.212976][ T7626] Dev loop2: unable to read RDB block 7 [ 238.213085][ T7626] loop2: unable to read partition table [ 238.214882][ T7626] loop2: partition table beyond EOD, truncated [ 238.215195][ T7626] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 238.585561][ T7628] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 238.607707][ T7628] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 239.128540][ T9] usb 1-1: USB disconnect, device number 36 [ 239.591514][ T5621] kvaser_usb 3-1:128.165: error -ENODEV: Cannot get usb endpoint(s) [ 239.699442][ T5621] kvaser_usb 3-1:128.227: error -ENODEV: Cannot get usb endpoint(s) [ 239.757074][ T5621] kvaser_usb 3-1:128.37: error -ENODEV: Cannot get usb endpoint(s) [ 239.783807][ T5621] kvaser_usb 3-1:128.65: error -ENODEV: Cannot get usb endpoint(s) [ 239.818365][ T5621] kvaser_usb 3-1:128.24: error -ENODEV: Cannot get usb endpoint(s) [ 239.882961][ T5621] usb 3-1: USB disconnect, device number 55 [ 241.837558][ T5705] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 241.991328][ T7663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 242.002481][ T5705] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 242.002517][ T5705] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 242.002542][ T5705] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 242.002588][ T5705] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 242.002614][ T5705] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.064605][ T5705] usb 4-1: config 0 descriptor?? [ 242.155431][ T7663] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 242.246805][ T5621] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 242.406690][ T5621] usb 1-1: Using ep0 maxpacket: 8 [ 242.409591][ T5621] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 242.409667][ T5621] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 242.409693][ T5621] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 242.409719][ T5621] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 242.409749][ T5621] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 242.409775][ T5621] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 242.409819][ T5621] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 242.409845][ T5621] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.767251][ T5621] usb 1-1: usb_control_msg returned -32 [ 242.767304][ T5621] usbtmc 1-1:16.0: can't read capabilities [ 243.371409][ T5705] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 243.371450][ T5705] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 243.371479][ T5705] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 243.371509][ T5705] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 243.371537][ T5705] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 243.371566][ T5705] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 243.371595][ T5705] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 243.371624][ T5705] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 243.371652][ T5705] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 243.379676][ T5705] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 243.727661][ T7674] usbtmc 1-1:16.0: INITIATE_CLEAR returned 0 [ 243.820262][ T5705] plantronics 0003:047F:FFFF.0015: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 244.401305][ T7683] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 244.401917][ T9] usb 4-1: USB disconnect, device number 45 [ 244.463057][ T7683] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 244.979135][ T7690] loop5: detected capacity change from 0 to 7 [ 244.982901][ T7690] loop5: [POWERTEC] p1 p2 p3 p4 [ 244.983152][ T7690] loop5: p1 size 1153433600 extends beyond EOD, truncated [ 245.069077][ T9] usb 1-1: USB disconnect, device number 37 [ 245.121862][ T7690] loop5: p2 size 327680 extends beyond EOD, truncated [ 245.213876][ T7690] loop5: p3 start 589824 is beyond EOD, truncated [ 245.213907][ T7690] loop5: p4 start 1848407154 is beyond EOD, truncated [ 245.321599][ T5621] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 245.741414][ T5621] usb 4-1: Using ep0 maxpacket: 32 [ 245.752541][ T5621] usb 4-1: config index 0 descriptor too short (expected 11556, got 36) [ 245.752571][ T5621] usb 4-1: config 0 has an invalid descriptor of length 169, skipping remainder of the config [ 245.752594][ T5621] usb 4-1: config 0 has no interfaces? [ 245.801137][ T5621] usb 4-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 245.801172][ T5621] usb 4-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 245.801196][ T5621] usb 4-1: Product: syz [ 245.801212][ T5621] usb 4-1: Manufacturer: syz [ 245.801227][ T5621] usb 4-1: SerialNumber: syz [ 245.868417][ T5621] usb 4-1: config 0 descriptor?? [ 245.986682][ T9] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 246.125120][ T5621] usb 4-1: USB disconnect, device number 46 [ 246.183660][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 246.183701][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 246.183728][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 246.183776][ T9] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 246.183802][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.265100][ T9] usb 1-1: config 0 descriptor?? [ 246.353520][ T7700] FAULT_INJECTION: forcing a failure. [ 246.353520][ T7700] name failslab, interval 1, probability 0, space 0, times 0 [ 246.353567][ T7700] CPU: 1 UID: 0 PID: 7700 Comm: syz.1.692 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 246.353593][ T7700] Tainted: [L]=SOFTLOCKUP [ 246.353600][ T7700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 246.353631][ T7700] Call Trace: [ 246.353638][ T7700] [ 246.353646][ T7700] dump_stack_lvl+0xe8/0x150 [ 246.353675][ T7700] should_fail_ex+0x46b/0x600 [ 246.353713][ T7700] should_failslab+0xa8/0x100 [ 246.353739][ T7700] __kmalloc_cache_noprof+0x84/0x690 [ 246.353763][ T7700] ? udmabuf_create+0xd0/0xf90 [ 246.353785][ T7700] ? __lock_acquire+0x6b5/0x2d10 [ 246.353809][ T7700] udmabuf_create+0xd0/0xf90 [ 246.353835][ T7700] ? tomoyo_path_number_perm+0x219/0x630 [ 246.353866][ T7700] ? tomoyo_path_number_perm+0x219/0x630 [ 246.353897][ T7700] ? do_vfs_ioctl+0x117b/0x1540 [ 246.353927][ T7700] ? __might_fault+0xaf/0x130 [ 246.353951][ T7700] ? __might_fault+0xaf/0x130 [ 246.353972][ T7700] ? __pfx_udmabuf_create+0x10/0x10 [ 246.354012][ T7700] udmabuf_ioctl+0x1f6/0x310 [ 246.354039][ T7700] ? __pfx_udmabuf_ioctl+0x10/0x10 [ 246.354073][ T7700] ? __fget_files+0x2a/0x420 [ 246.354095][ T7700] ? __fget_files+0x2a/0x420 [ 246.354122][ T7700] ? bpf_lsm_file_ioctl+0x9/0x20 [ 246.354155][ T7700] ? __pfx_udmabuf_ioctl+0x10/0x10 [ 246.354183][ T7700] __se_sys_ioctl+0xff/0x170 [ 246.354210][ T7700] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.354230][ T7700] do_syscall_64+0x174/0x580 [ 246.354257][ T7700] ? trace_irq_disable+0x3b/0x140 [ 246.354277][ T7700] ? clear_bhb_loop+0x40/0x90 [ 246.354301][ T7700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.354319][ T7700] RIP: 0033:0x7f99d456ce59 [ 246.354336][ T7700] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 246.354352][ T7700] RSP: 002b:00007f99d2784028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 246.354371][ T7700] RAX: ffffffffffffffda RBX: 00007f99d47e6180 RCX: 00007f99d456ce59 [ 246.354384][ T7700] RDX: 0000200000000000 RSI: 0000000040187542 RDI: 0000000000000003 [ 246.354395][ T7700] RBP: 00007f99d2784090 R08: 0000000000000000 R09: 0000000000000000 [ 246.354406][ T7700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 246.354417][ T7700] R13: 00007f99d47e6218 R14: 00007f99d47e6180 R15: 00007ffd48425b98 [ 246.354443][ T7700] [ 246.951038][ T9] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 248.180136][ T7712] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 248.180796][ T7712] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 248.496667][ T10] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 248.903294][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 248.903333][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 248.903360][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 248.903408][ T10] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 248.903434][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.088348][ T10] usb 4-1: config 0 descriptor?? [ 249.252206][ T5621] usb 1-1: USB disconnect, device number 38 [ 249.692902][ T10] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 249.700302][ T10] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 249.700341][ T10] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 249.700462][ T10] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 249.700493][ T10] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 250.103542][ T10] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 250.713520][ T5621] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 250.868979][ T5621] usb 1-1: Using ep0 maxpacket: 8 [ 250.871755][ T5621] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 250.871819][ T5621] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 250.871846][ T5621] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 250.871874][ T5621] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 250.871905][ T5621] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 250.871932][ T5621] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 250.871978][ T5621] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 250.872004][ T5621] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.201541][ T10] usb 4-1: USB disconnect, device number 47 [ 251.311815][ T5621] usb 1-1: usb_control_msg returned -32 [ 251.311873][ T5621] usbtmc 1-1:16.0: can't read capabilities [ 251.937551][ T5621] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 252.106733][ T5621] usb 3-1: device descriptor read/64, error -71 [ 252.376638][ T5621] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 252.526626][ T5621] usb 3-1: device descriptor read/64, error -71 [ 252.652485][ T5621] usb usb3-port1: attempt power cycle [ 252.996947][ T5621] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 253.017990][ T5621] usb 3-1: device descriptor read/8, error -71 [ 253.322263][ T5621] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 253.349901][ T5621] usb 3-1: device descriptor read/8, error -71 [ 253.425459][ T10] usb 1-1: USB disconnect, device number 39 [ 253.461136][ T5621] usb usb3-port1: unable to enumerate USB device [ 253.692657][ T7734] mmap: syz.0.702 (7734) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 254.096857][ T10] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 254.266696][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 254.272442][ T10] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 254.272479][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.272503][ T10] usb 1-1: Product: syz [ 254.272519][ T10] usb 1-1: Manufacturer: syz [ 254.272536][ T10] usb 1-1: SerialNumber: syz [ 254.323307][ T10] r8152-cfgselector 1-1: Unknown version 0x0000 [ 254.323338][ T10] r8152-cfgselector 1-1: config 0 descriptor?? [ 255.134135][ T5621] r8152-cfgselector 1-1: USB disconnect, device number 40 [ 255.857444][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.857543][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.984921][ T7752] netlink: 8 bytes leftover after parsing attributes in process `syz.0.707'. [ 256.715975][ T7755] tc_dump_action: action bad kind [ 258.556649][ T9] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 258.699254][ T7766] FAULT_INJECTION: forcing a failure. [ 258.699254][ T7766] name failslab, interval 1, probability 0, space 0, times 0 [ 258.699294][ T7766] CPU: 0 UID: 0 PID: 7766 Comm: syz.1.712 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 258.699326][ T7766] Tainted: [L]=SOFTLOCKUP [ 258.699334][ T7766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 258.699347][ T7766] Call Trace: [ 258.699357][ T7766] [ 258.699367][ T7766] dump_stack_lvl+0xe8/0x150 [ 258.699400][ T7766] should_fail_ex+0x46b/0x600 [ 258.699440][ T7766] should_failslab+0xa8/0x100 [ 258.699473][ T7766] __kmalloc_cache_noprof+0x84/0x690 [ 258.699502][ T7766] ? kvm_vm_ioctl_set_msr_filter+0x2c4/0xc50 [ 258.699539][ T7766] kvm_vm_ioctl_set_msr_filter+0x2c4/0xc50 [ 258.699583][ T7766] kvm_arch_vm_ioctl+0xe41/0x1a20 [ 258.699618][ T7766] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 258.699647][ T7766] ? __lock_acquire+0x6b5/0x2d10 [ 258.699678][ T7766] ? __lock_acquire+0x6b5/0x2d10 [ 258.699730][ T7766] ? unwind_next_frame+0xa6/0x2550 [ 258.699769][ T7766] ? unwind_next_frame+0xa6/0x2550 [ 258.699801][ T7766] ? is_bpf_text_address+0x26/0x2b0 [ 258.699852][ T7766] ? is_bpf_text_address+0x26/0x2b0 [ 258.699885][ T7766] ? is_bpf_text_address+0x292/0x2b0 [ 258.699933][ T7766] ? is_bpf_text_address+0x26/0x2b0 [ 258.699966][ T7766] ? kernel_text_address+0xa5/0xe0 [ 258.699995][ T7766] ? __kernel_text_address+0xd/0x30 [ 258.700022][ T7766] ? unwind_get_return_address+0x4d/0x90 [ 258.700052][ T7766] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 258.700078][ T7766] ? arch_stack_walk+0xfb/0x150 [ 258.700164][ T7766] kvm_vm_ioctl+0x908/0xd50 [ 258.700197][ T7766] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 258.700244][ T7766] ? kasan_quarantine_put+0xbb/0x1f0 [ 258.700279][ T7766] ? tomoyo_path_number_perm+0x219/0x630 [ 258.700317][ T7766] ? tomoyo_path_number_perm+0x219/0x630 [ 258.700356][ T7766] ? do_vfs_ioctl+0x117b/0x1540 [ 258.700393][ T7766] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 258.700458][ T7766] ? __fget_files+0x2a/0x420 [ 258.700486][ T7766] ? __fget_files+0x2a/0x420 [ 258.700512][ T7766] ? __fget_files+0x3a6/0x420 [ 258.700537][ T7766] ? __fget_files+0x2a/0x420 [ 258.700566][ T7766] ? bpf_lsm_file_ioctl+0x9/0x20 [ 258.700598][ T7766] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 258.700624][ T7766] __se_sys_ioctl+0xff/0x170 [ 258.700656][ T7766] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.700681][ T7766] do_syscall_64+0x174/0x580 [ 258.700716][ T7766] ? trace_irq_disable+0x3b/0x140 [ 258.700743][ T7766] ? clear_bhb_loop+0x40/0x90 [ 258.700772][ T7766] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.700797][ T7766] RIP: 0033:0x7f99d456ce59 [ 258.700818][ T7766] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 258.700838][ T7766] RSP: 002b:00007f99d27c6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 258.700873][ T7766] RAX: ffffffffffffffda RBX: 00007f99d47e5fa0 RCX: 00007f99d456ce59 [ 258.700890][ T7766] RDX: 0000200000000040 RSI: 000000004188aec6 RDI: 0000000000000004 [ 258.700904][ T7766] RBP: 00007f99d27c6090 R08: 0000000000000000 R09: 0000000000000000 [ 258.700918][ T7766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 258.700931][ T7766] R13: 00007f99d47e6038 R14: 00007f99d47e5fa0 R15: 00007ffd48425b98 [ 258.700966][ T7766] [ 258.852003][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 258.852041][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 258.852066][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 258.852112][ T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 258.852137][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.096595][ T5705] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 259.103896][ T9] usb 4-1: config 0 descriptor?? [ 259.276528][ T5705] usb 1-1: Using ep0 maxpacket: 16 [ 259.280520][ T5705] usb 1-1: config 128 has an invalid interface number: 165 but max is 3 [ 259.280554][ T5705] usb 1-1: config 128 contains an unexpected descriptor of type 0x1, skipping [ 259.280577][ T5705] usb 1-1: config 128 has an invalid interface number: 227 but max is 3 [ 259.280603][ T5705] usb 1-1: config 128 has an invalid interface number: 37 but max is 3 [ 259.280626][ T5705] usb 1-1: config 128 has an invalid interface number: 65 but max is 3 [ 259.280649][ T5705] usb 1-1: config 128 has an invalid interface number: 24 but max is 3 [ 259.280671][ T5705] usb 1-1: config 128 contains an unexpected descriptor of type 0x2, skipping [ 259.280693][ T5705] usb 1-1: config 128 has 5 interfaces, different from the descriptor's value: 4 [ 259.280727][ T5705] usb 1-1: config 128 has no interface number 0 [ 259.280746][ T5705] usb 1-1: config 128 has no interface number 1 [ 259.280765][ T5705] usb 1-1: config 128 has no interface number 2 [ 259.280783][ T5705] usb 1-1: config 128 has no interface number 3 [ 259.280802][ T5705] usb 1-1: config 128 has no interface number 4 [ 259.280930][ T5705] usb 1-1: config 128 interface 165 altsetting 7 endpoint 0x7 has invalid wMaxPacketSize 0 [ 259.280957][ T5705] usb 1-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0x7, skipping [ 259.280982][ T5705] usb 1-1: config 128 interface 165 altsetting 7 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 259.281011][ T5705] usb 1-1: config 128 interface 165 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 259.281037][ T5705] usb 1-1: config 128 interface 165 altsetting 7 has an endpoint descriptor with address 0x26, changing to 0x6 [ 259.281066][ T5705] usb 1-1: config 128 interface 165 altsetting 7 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 259.281097][ T5705] usb 1-1: config 128 interface 165 altsetting 7 has an endpoint descriptor with address 0xFE, changing to 0x8E [ 259.281125][ T5705] usb 1-1: config 128 interface 165 altsetting 7 bulk endpoint 0x8E has invalid maxpacket 16 [ 259.281152][ T5705] usb 1-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0xB, skipping [ 259.281178][ T5705] usb 1-1: config 128 interface 165 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 259.281202][ T5705] usb 1-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0xB, skipping [ 259.281227][ T5705] usb 1-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0x1, skipping [ 259.281254][ T5705] usb 1-1: config 128 interface 165 altsetting 7 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 259.281299][ T5705] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x9, skipping [ 259.281327][ T5705] usb 1-1: config 128 interface 227 altsetting 9 endpoint 0xA has invalid maxpacket 47788, setting to 64 [ 259.281356][ T5705] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xB, skipping [ 259.281381][ T5705] usb 1-1: config 128 interface 227 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 259.281407][ T5705] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xC, skipping [ 259.281435][ T5705] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x7, skipping [ 259.281460][ T5705] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x6, skipping [ 259.281485][ T5705] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xD, skipping [ 259.281524][ T5705] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x7, skipping [ 259.281554][ T5705] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xA, skipping [ 259.281580][ T5705] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x3, skipping [ 259.281606][ T5705] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x6, skipping [ 259.281647][ T5705] usb 1-1: config 128 interface 37 altsetting 3 has a duplicate endpoint with address 0xF, skipping [ 259.281706][ T5705] usb 1-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xF, skipping [ 259.281733][ T5705] usb 1-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xB, skipping [ 259.281758][ T5705] usb 1-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xD, skipping [ 259.281783][ T5705] usb 1-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xE, skipping [ 259.281809][ T5705] usb 1-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0x6, skipping [ 259.281833][ T5705] usb 1-1: config 128 interface 65 altsetting 7 has 5 endpoint descriptors, different from the interface descriptor's value: 16 [ 259.281881][ T5705] usb 1-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x2, skipping [ 259.281909][ T5705] usb 1-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x1, skipping [ 259.281934][ T5705] usb 1-1: config 128 interface 24 altsetting 218 has an invalid descriptor for endpoint zero, skipping [ 259.283551][ T5705] usb 1-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x1, skipping [ 259.283585][ T5705] usb 1-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x7, skipping [ 259.283615][ T5705] usb 1-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x3, skipping [ 259.283643][ T5705] usb 1-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x8, skipping [ 259.283670][ T5705] usb 1-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x1, skipping [ 259.283696][ T5705] usb 1-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x8, skipping [ 259.283733][ T5705] usb 1-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x7, skipping [ 259.283760][ T5705] usb 1-1: config 128 interface 24 altsetting 218 has 11 endpoint descriptors, different from the interface descriptor's value: 23 [ 259.283792][ T5705] usb 1-1: config 128 interface 165 has no altsetting 0 [ 259.283814][ T5705] usb 1-1: config 128 interface 227 has no altsetting 0 [ 259.283834][ T5705] usb 1-1: config 128 interface 37 has no altsetting 0 [ 259.283855][ T5705] usb 1-1: config 128 interface 65 has no altsetting 0 [ 259.283875][ T5705] usb 1-1: config 128 interface 24 has no altsetting 0 [ 259.291033][ T5705] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0112, bcdDevice=2e.58 [ 259.291069][ T5705] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.291142][ T5705] usb 1-1: Product: syz [ 259.291185][ T5705] usb 1-1: Manufacturer: 뜧恾庺궵쟦杲姎㔇Ⓚ湥鋸ﻶ宼죕ౄ鵹遦눡釠儳臖௒㼄뙴糛橄Ἁ酄ꂑﴐ鼥⠎ᑸ໏垑孮寲⿟襞鼝絣䇕楂䲐껹맊쫑ᆳ꒞똒恓宇 [ 259.291214][ T5705] usb 1-1: SerialNumber: syz [ 259.686835][ T7767] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 259.756317][ T7767] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 260.004271][ T9] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 260.004310][ T9] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 260.004339][ T9] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 260.004367][ T9] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 260.004396][ T9] plantronics 0003:047F:FFFF.0018: unknown main item tag 0x0 [ 260.870772][ T9] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 261.067512][ T7781] netlink: 28 bytes leftover after parsing attributes in process `syz.1.716'. [ 261.290075][ T5705] kvaser_usb 1-1:128.165: error -ENODEV: Cannot get usb endpoint(s) [ 261.418617][ T5705] kvaser_usb 1-1:128.227: error -ENODEV: Cannot get usb endpoint(s) [ 261.420223][ T9] usb 4-1: USB disconnect, device number 48 [ 261.512153][ T5705] kvaser_usb 1-1:128.37: error -ENODEV: Cannot get usb endpoint(s) [ 261.707397][ T5705] kvaser_usb 1-1:128.65: error -ENODEV: Cannot get usb endpoint(s) [ 262.002231][ T7788] netlink: 8 bytes leftover after parsing attributes in process `syz.1.719'. [ 262.054473][ T5705] kvaser_usb 1-1:128.24: error -ENODEV: Cannot get usb endpoint(s) [ 262.107393][ T5705] usb 1-1: USB disconnect, device number 41 [ 264.412410][ T7803] netlink: 'syz.0.724': attribute type 1 has an invalid length. [ 264.733496][ T10] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 264.916612][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 264.919896][ T10] usb 4-1: unable to get BOS descriptor or descriptor too short [ 264.923253][ T10] usb 4-1: config 11 has an invalid interface number: 86 but max is 0 [ 264.923284][ T10] usb 4-1: config 11 has no interface number 0 [ 264.923333][ T10] usb 4-1: config 11 interface 86 altsetting 92 endpoint 0x3 has invalid wMaxPacketSize 0 [ 264.923359][ T10] usb 4-1: config 11 interface 86 has no altsetting 0 [ 264.988890][ T10] usb 4-1: New USB device found, idVendor=0499, idProduct=1034, bcdDevice=b6.9f [ 264.988925][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.988949][ T10] usb 4-1: Product: syz [ 264.988965][ T10] usb 4-1: Manufacturer: syz [ 264.988981][ T10] usb 4-1: SerialNumber: syz [ 265.155329][ T7812] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 265.156374][ T7812] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 265.176861][ T9] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 265.351286][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 265.372900][ T9] usb 3-1: config 128 has an invalid interface number: 165 but max is 3 [ 265.372944][ T9] usb 3-1: config 128 contains an unexpected descriptor of type 0x1, skipping [ 265.373192][ T9] usb 3-1: config 128 has an invalid interface number: 227 but max is 3 [ 265.373220][ T9] usb 3-1: config 128 has an invalid interface number: 37 but max is 3 [ 265.373243][ T9] usb 3-1: config 128 has an invalid interface number: 65 but max is 3 [ 265.373266][ T9] usb 3-1: config 128 has an invalid interface number: 24 but max is 3 [ 265.373367][ T9] usb 3-1: config 128 contains an unexpected descriptor of type 0x2, skipping [ 265.373393][ T9] usb 3-1: config 128 has 5 interfaces, different from the descriptor's value: 4 [ 265.373417][ T9] usb 3-1: config 128 has no interface number 0 [ 265.373437][ T9] usb 3-1: config 128 has no interface number 1 [ 265.373554][ T9] usb 3-1: config 128 has no interface number 2 [ 265.373574][ T9] usb 3-1: config 128 has no interface number 3 [ 265.373592][ T9] usb 3-1: config 128 has no interface number 4 [ 265.373767][ T9] usb 3-1: config 128 interface 165 altsetting 7 endpoint 0x7 has invalid wMaxPacketSize 0 [ 265.373851][ T9] usb 3-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0x7, skipping [ 265.373878][ T9] usb 3-1: config 128 interface 165 altsetting 7 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 265.373909][ T9] usb 3-1: config 128 interface 165 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 265.373946][ T9] usb 3-1: config 128 interface 165 altsetting 7 has an endpoint descriptor with address 0x26, changing to 0x6 [ 265.374035][ T9] usb 3-1: config 128 interface 165 altsetting 7 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 265.374065][ T9] usb 3-1: config 128 interface 165 altsetting 7 has an endpoint descriptor with address 0xFE, changing to 0x8E [ 265.374093][ T9] usb 3-1: config 128 interface 165 altsetting 7 bulk endpoint 0x8E has invalid maxpacket 16 [ 265.374120][ T9] usb 3-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0xB, skipping [ 265.374521][ T9] usb 3-1: config 128 interface 165 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 265.374550][ T9] usb 3-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0xB, skipping [ 265.374576][ T9] usb 3-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0x1, skipping [ 265.374709][ T9] usb 3-1: config 128 interface 165 altsetting 7 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 265.374757][ T9] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x9, skipping [ 265.374844][ T9] usb 3-1: config 128 interface 227 altsetting 9 endpoint 0xA has invalid maxpacket 47788, setting to 64 [ 265.374875][ T9] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xB, skipping [ 265.374901][ T9] usb 3-1: config 128 interface 227 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 265.374934][ T9] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xC, skipping [ 265.375192][ T9] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x7, skipping [ 265.375220][ T9] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x6, skipping [ 265.375247][ T9] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xD, skipping [ 265.375273][ T9] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x7, skipping [ 265.375373][ T9] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xA, skipping [ 265.375400][ T9] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x3, skipping [ 265.375426][ T9] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x6, skipping [ 265.375528][ T9] usb 3-1: config 128 interface 37 altsetting 3 has a duplicate endpoint with address 0xF, skipping [ 265.375570][ T9] usb 3-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xF, skipping [ 265.375595][ T9] usb 3-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xB, skipping [ 265.375678][ T9] usb 3-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xD, skipping [ 265.375706][ T9] usb 3-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xE, skipping [ 265.375732][ T9] usb 3-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0x6, skipping [ 265.375827][ T9] usb 3-1: config 128 interface 65 altsetting 7 has 5 endpoint descriptors, different from the interface descriptor's value: 16 [ 265.375877][ T9] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x2, skipping [ 265.375903][ T9] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x1, skipping [ 265.376083][ T9] usb 3-1: config 128 interface 24 altsetting 218 has an invalid descriptor for endpoint zero, skipping [ 265.376168][ T9] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x1, skipping [ 265.376196][ T9] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x7, skipping [ 265.376223][ T9] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x3, skipping [ 265.376249][ T9] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x8, skipping [ 265.376328][ T9] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x1, skipping [ 265.376356][ T9] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x8, skipping [ 265.376382][ T9] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x7, skipping [ 265.376406][ T9] usb 3-1: config 128 interface 24 altsetting 218 has 11 endpoint descriptors, different from the interface descriptor's value: 23 [ 265.381993][ T9] usb 3-1: config 128 interface 165 has no altsetting 0 [ 265.382021][ T9] usb 3-1: config 128 interface 227 has no altsetting 0 [ 265.382042][ T9] usb 3-1: config 128 interface 37 has no altsetting 0 [ 265.382062][ T9] usb 3-1: config 128 interface 65 has no altsetting 0 [ 265.398486][ T9] usb 3-1: config 128 interface 24 has no altsetting 0 [ 265.936607][ T9] usb 3-1: New USB device found, idVendor=0bfd, idProduct=0112, bcdDevice=2e.58 [ 265.941486][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.941518][ T9] usb 3-1: Product: syz [ 265.941535][ T9] usb 3-1: Manufacturer: 뜧恾庺궵쟦杲姎㔇Ⓚ湥鋸ﻶ宼죕ౄ鵹遦눡釠儳臖௒㼄뙴糛橄Ἁ酄ꂑﴐ鼥⠎ᑸ໏垑孮寲⿟襞鼝絣䇕楂䲐껹맊쫑ᆳ꒞똒恓宇 [ 265.941564][ T9] usb 3-1: SerialNumber: syz [ 266.177706][ T7810] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 266.180680][ T7810] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 266.394213][ T10] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 266.786050][ T9] kvaser_usb 3-1:128.165: error -ENODEV: Cannot get usb endpoint(s) [ 266.823160][ T10] snd-usb-audio 4-1:11.86: probe with driver snd-usb-audio failed with error -2 [ 266.865010][ T10] usb 4-1: USB disconnect, device number 49 [ 266.960675][ T9] kvaser_usb 3-1:128.227: error -ENODEV: Cannot get usb endpoint(s) [ 267.018409][ T5806] udevd[5806]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:11.86/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 267.050764][ T9] kvaser_usb 3-1:128.37: error -ENODEV: Cannot get usb endpoint(s) [ 267.077465][ T9] kvaser_usb 3-1:128.65: error -ENODEV: Cannot get usb endpoint(s) [ 267.105818][ T9] kvaser_usb 3-1:128.24: error -ENODEV: Cannot get usb endpoint(s) [ 267.158834][ T9] usb 3-1: USB disconnect, device number 60 [ 268.722539][ T7828] netlink: 264 bytes leftover after parsing attributes in process `syz.1.736'. [ 268.722585][ T7828] netlink: 264 bytes leftover after parsing attributes in process `syz.1.736'. [ 272.246787][ T7837] netlink: 324 bytes leftover after parsing attributes in process `syz.0.738'. [ 282.326233][ T7862] netlink: 'syz.0.745': attribute type 10 has an invalid length. [ 282.337856][ T7862] veth1_vlan: left allmulticast mode [ 282.906570][ T5719] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 283.114361][ T5719] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 283.114404][ T5719] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 283.114430][ T5719] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 283.114479][ T5719] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 283.114506][ T5719] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.181628][ T4925] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 283.216721][ T4925] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 283.266231][ T4925] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 283.280448][ T4925] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 283.297351][ T4925] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 283.479473][ T5719] usb 3-1: config 0 descriptor?? [ 284.267384][ T5719] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 284.872638][ T5719] usb 2-1: USB disconnect, device number 30 [ 285.507284][ T5719] usb 3-1: reset high-speed USB device number 61 using dummy_hcd [ 285.507612][ C0] raw-gadget.0 gadget.2: ignoring, device is not running [ 285.606656][ T5623] Bluetooth: hci4: command tx timeout [ 285.814333][ T5621] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 285.991183][ T5621] usb 1-1: Using ep0 maxpacket: 16 [ 286.001917][ T5621] usb 1-1: config 128 has an invalid interface number: 165 but max is 3 [ 286.001953][ T5621] usb 1-1: config 128 contains an unexpected descriptor of type 0x1, skipping [ 286.001976][ T5621] usb 1-1: config 128 has an invalid interface number: 227 but max is 3 [ 286.002002][ T5621] usb 1-1: config 128 has an invalid interface number: 37 but max is 3 [ 286.002025][ T5621] usb 1-1: config 128 has an invalid interface number: 65 but max is 3 [ 286.002049][ T5621] usb 1-1: config 128 has an invalid interface number: 24 but max is 3 [ 286.002071][ T5621] usb 1-1: config 128 contains an unexpected descriptor of type 0x2, skipping [ 286.002095][ T5621] usb 1-1: config 128 has 5 interfaces, different from the descriptor's value: 4 [ 286.002118][ T5621] usb 1-1: config 128 has no interface number 0 [ 286.002137][ T5621] usb 1-1: config 128 has no interface number 1 [ 286.002155][ T5621] usb 1-1: config 128 has no interface number 2 [ 286.002173][ T5621] usb 1-1: config 128 has no interface number 3 [ 286.002190][ T5621] usb 1-1: config 128 has no interface number 4 [ 286.002301][ T5621] usb 1-1: config 128 interface 165 altsetting 7 endpoint 0x7 has invalid wMaxPacketSize 0 [ 286.002329][ T5621] usb 1-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0x7, skipping [ 286.002356][ T5621] usb 1-1: config 128 interface 165 altsetting 7 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 286.002386][ T5621] usb 1-1: config 128 interface 165 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 286.002414][ T5621] usb 1-1: config 128 interface 165 altsetting 7 has an endpoint descriptor with address 0x26, changing to 0x6 [ 286.002443][ T5621] usb 1-1: config 128 interface 165 altsetting 7 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 286.002473][ T5621] usb 1-1: config 128 interface 165 altsetting 7 has an endpoint descriptor with address 0xFE, changing to 0x8E [ 286.002500][ T5621] usb 1-1: config 128 interface 165 altsetting 7 bulk endpoint 0x8E has invalid maxpacket 16 [ 286.002527][ T5621] usb 1-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0xB, skipping [ 286.002551][ T5621] usb 1-1: config 128 interface 165 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 286.002575][ T5621] usb 1-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0xB, skipping [ 286.002602][ T5621] usb 1-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0x1, skipping [ 286.002628][ T5621] usb 1-1: config 128 interface 165 altsetting 7 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 286.002675][ T5621] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x9, skipping [ 286.002703][ T5621] usb 1-1: config 128 interface 227 altsetting 9 endpoint 0xA has invalid maxpacket 47788, setting to 64 [ 286.002733][ T5621] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xB, skipping [ 286.002759][ T5621] usb 1-1: config 128 interface 227 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 286.002784][ T5621] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xC, skipping [ 286.002811][ T5621] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x7, skipping [ 286.002847][ T5621] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x6, skipping [ 286.002873][ T5621] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xD, skipping [ 286.002897][ T5621] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x7, skipping [ 286.002925][ T5621] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xA, skipping [ 286.002953][ T5621] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x3, skipping [ 286.002979][ T5621] usb 1-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x6, skipping [ 286.003021][ T5621] usb 1-1: config 128 interface 37 altsetting 3 has a duplicate endpoint with address 0xF, skipping [ 286.003061][ T5621] usb 1-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xF, skipping [ 286.003087][ T5621] usb 1-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xB, skipping [ 286.003113][ T5621] usb 1-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xD, skipping [ 286.003140][ T5621] usb 1-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xE, skipping [ 286.003165][ T5621] usb 1-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0x6, skipping [ 286.003213][ T5621] usb 1-1: config 128 interface 65 altsetting 7 has 5 endpoint descriptors, different from the interface descriptor's value: 16 [ 286.003274][ T5621] usb 1-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x2, skipping [ 286.003300][ T5621] usb 1-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x1, skipping [ 286.005903][ T5621] usb 1-1: config 128 interface 24 altsetting 218 has an invalid descriptor for endpoint zero, skipping [ 286.005942][ T5621] usb 1-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x1, skipping [ 286.005970][ T5621] usb 1-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x7, skipping [ 286.005998][ T5621] usb 1-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x3, skipping [ 286.006025][ T5621] usb 1-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x8, skipping [ 286.006051][ T5621] usb 1-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x1, skipping [ 286.006080][ T5621] usb 1-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x8, skipping [ 286.006107][ T5621] usb 1-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x7, skipping [ 286.006134][ T5621] usb 1-1: config 128 interface 24 altsetting 218 has 11 endpoint descriptors, different from the interface descriptor's value: 23 [ 286.006164][ T5621] usb 1-1: config 128 interface 165 has no altsetting 0 [ 286.006185][ T5621] usb 1-1: config 128 interface 227 has no altsetting 0 [ 286.006205][ T5621] usb 1-1: config 128 interface 37 has no altsetting 0 [ 286.006225][ T5621] usb 1-1: config 128 interface 65 has no altsetting 0 [ 286.006245][ T5621] usb 1-1: config 128 interface 24 has no altsetting 0 [ 286.133022][ T5621] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0112, bcdDevice=2e.58 [ 286.133055][ T5621] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.133078][ T5621] usb 1-1: Product: syz [ 286.133093][ T5621] usb 1-1: Manufacturer: 뜧恾庺궵쟦杲姎㔇Ⓚ湥鋸ﻶ宼죕ౄ鵹遦눡釠儳臖௒㼄뙴糛橄Ἁ酄ꂑﴐ鼥⠎ᑸ໏垑孮寲⿟襞鼝絣䇕楂䲐껹맊쫑ᆳ꒞똒恓宇 [ 286.133121][ T5621] usb 1-1: SerialNumber: syz [ 286.141783][ T4925] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 286.386978][ T4925] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 286.399080][ T4925] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 286.582270][ T5696] usb 3-1: USB disconnect, device number 61 [ 286.687170][ T7879] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 286.696851][ T7879] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 286.900803][ T4925] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 286.942033][ T4925] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 287.562284][ T5621] kvaser_usb 1-1:128.165: error -ENODEV: Cannot get usb endpoint(s) [ 287.696746][ T5623] Bluetooth: hci4: command tx timeout [ 287.826994][ T5621] kvaser_usb 1-1:128.227: error -ENODEV: Cannot get usb endpoint(s) [ 287.965535][ T5621] kvaser_usb 1-1:128.37: error -ENODEV: Cannot get usb endpoint(s) [ 288.013232][ T5621] kvaser_usb 1-1:128.65: error -ENODEV: Cannot get usb endpoint(s) [ 288.044554][ T5621] kvaser_usb 1-1:128.24: error -ENODEV: Cannot get usb endpoint(s) [ 288.114125][ T5621] usb 1-1: USB disconnect, device number 42 [ 288.296637][ T5696] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 288.479837][ T5696] usb 3-1: Using ep0 maxpacket: 8 [ 288.484218][ T5696] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 288.484286][ T5696] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 288.484312][ T5696] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 288.484340][ T5696] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 288.484371][ T5696] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 288.484408][ T5696] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 288.484454][ T5696] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 288.484480][ T5696] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.667210][ T7900] comedi comedi3: dt2801: I/O base address or length out of range [ 289.028579][ T5696] usb 3-1: usb_control_msg returned -32 [ 289.028634][ T5696] usbtmc 3-1:16.0: can't read capabilities [ 289.446680][ T5623] Bluetooth: hci5: command tx timeout [ 289.766699][ T5623] Bluetooth: hci4: command tx timeout [ 290.936573][ T5718] usb 3-1: USB disconnect, device number 62 [ 291.396678][ T5718] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 291.526939][ T5623] Bluetooth: hci5: command tx timeout [ 291.527169][ T5718] usb 3-1: device descriptor read/64, error -71 [ 291.766693][ T5718] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 291.846660][ T5623] Bluetooth: hci4: command tx timeout [ 291.896662][ T5718] usb 3-1: device descriptor read/64, error -71 [ 292.007454][ T5718] usb usb3-port1: attempt power cycle [ 292.346572][ T5718] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 292.378847][ T5718] usb 3-1: device descriptor read/8, error -71 [ 292.619645][ T5718] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 292.637520][ T5718] usb 3-1: device descriptor read/8, error -71 [ 292.747187][ T5718] usb usb3-port1: unable to enumerate USB device [ 293.607052][ T5623] Bluetooth: hci5: command tx timeout [ 294.351776][ T7917] binder_alloc: 7915: pid 7915 spamming oneway? 1 buffers allocated for a total size of 4096 [ 294.355625][ T7917] binder_alloc: 7915: pid 7915 spamming oneway? 2 buffers allocated for a total size of 5120 [ 295.690673][ T5623] Bluetooth: hci5: command tx timeout [ 296.276757][ T5718] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 296.436571][ T5718] usb 3-1: Using ep0 maxpacket: 16 [ 296.453086][ T5718] usb 3-1: config 128 has an invalid interface number: 165 but max is 3 [ 296.453119][ T5718] usb 3-1: config 128 contains an unexpected descriptor of type 0x1, skipping [ 296.453141][ T5718] usb 3-1: config 128 has an invalid interface number: 227 but max is 3 [ 296.453168][ T5718] usb 3-1: config 128 has an invalid interface number: 37 but max is 3 [ 296.453190][ T5718] usb 3-1: config 128 has an invalid interface number: 65 but max is 3 [ 296.453213][ T5718] usb 3-1: config 128 has an invalid interface number: 24 but max is 3 [ 296.453235][ T5718] usb 3-1: config 128 contains an unexpected descriptor of type 0x2, skipping [ 296.453257][ T5718] usb 3-1: config 128 has 5 interfaces, different from the descriptor's value: 4 [ 296.453281][ T5718] usb 3-1: config 128 has no interface number 0 [ 296.453299][ T5718] usb 3-1: config 128 has no interface number 1 [ 296.453318][ T5718] usb 3-1: config 128 has no interface number 2 [ 296.453337][ T5718] usb 3-1: config 128 has no interface number 3 [ 296.453354][ T5718] usb 3-1: config 128 has no interface number 4 [ 296.453457][ T5718] usb 3-1: config 128 interface 165 altsetting 7 endpoint 0x7 has invalid wMaxPacketSize 0 [ 296.453484][ T5718] usb 3-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0x7, skipping [ 296.453510][ T5718] usb 3-1: config 128 interface 165 altsetting 7 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 296.453539][ T5718] usb 3-1: config 128 interface 165 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 296.453565][ T5718] usb 3-1: config 128 interface 165 altsetting 7 has an endpoint descriptor with address 0x26, changing to 0x6 [ 296.453608][ T5718] usb 3-1: config 128 interface 165 altsetting 7 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 296.453637][ T5718] usb 3-1: config 128 interface 165 altsetting 7 has an endpoint descriptor with address 0xFE, changing to 0x8E [ 296.453665][ T5718] usb 3-1: config 128 interface 165 altsetting 7 bulk endpoint 0x8E has invalid maxpacket 16 [ 296.453692][ T5718] usb 3-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0xB, skipping [ 296.453717][ T5718] usb 3-1: config 128 interface 165 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 296.453741][ T5718] usb 3-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0xB, skipping [ 296.453767][ T5718] usb 3-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0x1, skipping [ 296.453794][ T5718] usb 3-1: config 128 interface 165 altsetting 7 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 296.453840][ T5718] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x9, skipping [ 296.453868][ T5718] usb 3-1: config 128 interface 227 altsetting 9 endpoint 0xA has invalid maxpacket 47788, setting to 64 [ 296.453898][ T5718] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xB, skipping [ 296.453924][ T5718] usb 3-1: config 128 interface 227 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 296.453948][ T5718] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xC, skipping [ 296.453974][ T5718] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x7, skipping [ 296.454000][ T5718] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x6, skipping [ 296.454025][ T5718] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xD, skipping [ 296.454050][ T5718] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x7, skipping [ 296.454090][ T5718] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xA, skipping [ 296.454115][ T5718] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x3, skipping [ 296.454141][ T5718] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x6, skipping [ 296.454183][ T5718] usb 3-1: config 128 interface 37 altsetting 3 has a duplicate endpoint with address 0xF, skipping [ 296.454299][ T5718] usb 3-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xF, skipping [ 296.454326][ T5718] usb 3-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xB, skipping [ 296.454352][ T5718] usb 3-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xD, skipping [ 296.454378][ T5718] usb 3-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xE, skipping [ 296.454405][ T5718] usb 3-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0x6, skipping [ 296.454430][ T5718] usb 3-1: config 128 interface 65 altsetting 7 has 5 endpoint descriptors, different from the interface descriptor's value: 16 [ 296.454478][ T5718] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x2, skipping [ 296.454504][ T5718] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x1, skipping [ 296.454528][ T5718] usb 3-1: config 128 interface 24 altsetting 218 has an invalid descriptor for endpoint zero, skipping [ 296.454553][ T5718] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x1, skipping [ 296.454588][ T5718] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x7, skipping [ 296.454615][ T5718] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x3, skipping [ 296.454648][ T5718] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x8, skipping [ 296.454675][ T5718] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x1, skipping [ 296.454702][ T5718] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x8, skipping [ 296.454727][ T5718] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x7, skipping [ 296.454753][ T5718] usb 3-1: config 128 interface 24 altsetting 218 has 11 endpoint descriptors, different from the interface descriptor's value: 23 [ 296.454783][ T5718] usb 3-1: config 128 interface 165 has no altsetting 0 [ 296.454803][ T5718] usb 3-1: config 128 interface 227 has no altsetting 0 [ 296.454824][ T5718] usb 3-1: config 128 interface 37 has no altsetting 0 [ 296.454843][ T5718] usb 3-1: config 128 interface 65 has no altsetting 0 [ 296.454864][ T5718] usb 3-1: config 128 interface 24 has no altsetting 0 [ 296.804997][ T5718] usb 3-1: New USB device found, idVendor=0bfd, idProduct=0112, bcdDevice=2e.58 [ 296.805045][ T5718] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.805068][ T5718] usb 3-1: Product: syz [ 296.805084][ T5718] usb 3-1: Manufacturer: 뜧恾庺궵쟦杲姎㔇Ⓚ湥鋸ﻶ宼죕ౄ鵹遦눡釠儳臖௒㼄뙴糛橄Ἁ酄ꂑﴐ鼥⠎ᑸ໏垑孮寲⿟襞鼝絣䇕楂䲐껹맊쫑ᆳ꒞똒恓宇 [ 296.805112][ T5718] usb 3-1: SerialNumber: syz [ 297.263757][ T7928] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 297.278238][ T7928] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 297.534835][ T5718] kvaser_usb 3-1:128.165: error -ENODEV: Cannot get usb endpoint(s) [ 297.626296][ T5718] kvaser_usb 3-1:128.227: error -ENODEV: Cannot get usb endpoint(s) [ 297.670106][ T5718] kvaser_usb 3-1:128.37: error -ENODEV: Cannot get usb endpoint(s) [ 297.691107][ T5718] kvaser_usb 3-1:128.65: error -ENODEV: Cannot get usb endpoint(s) [ 297.713014][ T5718] kvaser_usb 3-1:128.24: error -ENODEV: Cannot get usb endpoint(s) [ 297.748774][ T5718] usb 3-1: USB disconnect, device number 67 [ 298.416590][ T5718] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 298.566672][ T5718] usb 3-1: Using ep0 maxpacket: 8 [ 298.569719][ T5718] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 298.569796][ T5718] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 298.569822][ T5718] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 298.569850][ T5718] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 298.569881][ T5718] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 298.569907][ T5718] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 298.569955][ T5718] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 298.569980][ T5718] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.943621][ T5718] usb 3-1: usb_control_msg returned -32 [ 298.943673][ T5718] usbtmc 3-1:16.0: can't read capabilities [ 299.661240][ T7935] usbtmc 3-1:16.0: usb_control_msg returned -32 [ 299.867358][ T5696] usb 3-1: USB disconnect, device number 68 [ 300.796859][ T10] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 300.941332][ T10] usb 1-1: device descriptor read/64, error -71 [ 300.955895][ T7943] binder_alloc: 7942: pid 7942 spamming oneway? 1 buffers allocated for a total size of 4096 [ 300.956736][ T7943] binder_alloc: 7942: pid 7942 spamming oneway? 2 buffers allocated for a total size of 5120 [ 300.990184][ T7943] FAULT_INJECTION: forcing a failure. [ 300.990184][ T7943] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 300.990223][ T7943] CPU: 0 UID: 0 PID: 7943 Comm: syz.2.762 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 300.990254][ T7943] Tainted: [L]=SOFTLOCKUP [ 300.990263][ T7943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 300.990277][ T7943] Call Trace: [ 300.990299][ T7943] [ 300.990310][ T7943] dump_stack_lvl+0xe8/0x150 [ 300.990344][ T7943] should_fail_ex+0x46b/0x600 [ 300.990389][ T7943] _copy_to_iter+0x404/0x17d0 [ 300.990427][ T7943] ? rt_mutex_slowunlock+0x1cb/0x300 [ 300.990455][ T7943] ? __pfx__copy_to_iter+0x10/0x10 [ 300.990496][ T7943] seq_read_iter+0xbf6/0xe20 [ 300.990568][ T7943] seq_read+0x36a/0x490 [ 300.990613][ T7943] ? __pfx_seq_read+0x10/0x10 [ 300.990648][ T7943] ? __debugfs_file_get+0x5d5/0x710 [ 300.990683][ T7943] ? __pfx___debugfs_file_get+0x10/0x10 [ 300.990718][ T7943] ? apparmor_file_permission+0x1f4/0x300 [ 300.990759][ T7943] full_proxy_read+0x127/0x1f0 [ 300.990794][ T7943] ? __pfx_full_proxy_read+0x10/0x10 [ 300.990829][ T7943] vfs_read+0x212/0xa80 [ 300.990871][ T7943] ? __pfx_vfs_read+0x10/0x10 [ 300.990905][ T7943] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 300.990939][ T7943] ? lockdep_hardirqs_on+0x7a/0x110 [ 300.990971][ T7943] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 300.991006][ T7943] ? mutex_lock_nested+0x152/0x1d0 [ 300.991031][ T7943] ? fdget_pos+0x252/0x320 [ 300.991068][ T7943] ksys_read+0x156/0x270 [ 300.991103][ T7943] ? __pfx_ksys_read+0x10/0x10 [ 300.991145][ T7943] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.991170][ T7943] do_syscall_64+0x174/0x580 [ 300.991203][ T7943] ? trace_irq_disable+0x3b/0x140 [ 300.991229][ T7943] ? clear_bhb_loop+0x40/0x90 [ 300.991258][ T7943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.991281][ T7943] RIP: 0033:0x7f721f5dce59 [ 300.991303][ T7943] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 300.991321][ T7943] RSP: 002b:00007f721d836028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 300.991346][ T7943] RAX: ffffffffffffffda RBX: 00007f721f855fa0 RCX: 00007f721f5dce59 [ 300.991363][ T7943] RDX: 0000000000002020 RSI: 0000200000007fc0 RDI: 0000000000000006 [ 300.991378][ T7943] RBP: 00007f721d836090 R08: 0000000000000000 R09: 0000000000000000 [ 300.991392][ T7943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 300.991406][ T7943] R13: 00007f721f856038 R14: 00007f721f855fa0 R15: 00007ffd028cf1e8 [ 300.991443][ T7943] [ 301.436707][ T10] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 301.576642][ T10] usb 1-1: device descriptor read/64, error -71 [ 301.687202][ T10] usb usb1-port1: attempt power cycle [ 301.721349][ T7947] IPVS: set_ctl: invalid protocol: 4 172.20.20.20:20004 [ 302.026539][ T10] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 302.049190][ T10] usb 1-1: device descriptor read/8, error -71 [ 302.296595][ T10] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 302.322934][ T10] usb 1-1: device descriptor read/8, error -71 [ 302.427264][ T10] usb usb1-port1: unable to enumerate USB device [ 303.988432][ T10] usb 1-1: new low-speed USB device number 47 using dummy_hcd [ 304.136581][ T10] usb 1-1: device descriptor read/64, error -71 [ 304.378171][ T10] usb 1-1: new low-speed USB device number 48 using dummy_hcd [ 304.506560][ T10] usb 1-1: device descriptor read/64, error -71 [ 304.617250][ T10] usb usb1-port1: attempt power cycle [ 304.956983][ T10] usb 1-1: new low-speed USB device number 49 using dummy_hcd [ 304.978105][ T10] usb 1-1: device descriptor read/8, error -71 [ 305.219787][ T10] usb 1-1: new low-speed USB device number 50 using dummy_hcd [ 305.237389][ T10] usb 1-1: device descriptor read/8, error -71 [ 305.357127][ T10] usb usb1-port1: unable to enumerate USB device [ 305.880011][ T7946] netlink: 36 bytes leftover after parsing attributes in process `syz.2.763'. [ 306.646781][ T5696] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 306.856730][ T5696] usb 3-1: Using ep0 maxpacket: 16 [ 306.917180][ T5696] usb 3-1: config 128 has an invalid interface number: 165 but max is 3 [ 306.917218][ T5696] usb 3-1: config 128 contains an unexpected descriptor of type 0x1, skipping [ 306.917245][ T5696] usb 3-1: config 128 has an invalid interface number: 227 but max is 3 [ 306.917274][ T5696] usb 3-1: config 128 has an invalid interface number: 37 but max is 3 [ 306.917299][ T5696] usb 3-1: config 128 has an invalid interface number: 65 but max is 3 [ 306.917326][ T5696] usb 3-1: config 128 has an invalid interface number: 24 but max is 3 [ 306.917350][ T5696] usb 3-1: config 128 contains an unexpected descriptor of type 0x2, skipping [ 306.917374][ T5696] usb 3-1: config 128 has 5 interfaces, different from the descriptor's value: 4 [ 306.917400][ T5696] usb 3-1: config 128 has no interface number 0 [ 306.917421][ T5696] usb 3-1: config 128 has no interface number 1 [ 306.917442][ T5696] usb 3-1: config 128 has no interface number 2 [ 306.917462][ T5696] usb 3-1: config 128 has no interface number 3 [ 306.917482][ T5696] usb 3-1: config 128 has no interface number 4 [ 306.917597][ T5696] usb 3-1: config 128 interface 165 altsetting 7 endpoint 0x7 has invalid wMaxPacketSize 0 [ 306.917626][ T5696] usb 3-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0x7, skipping [ 306.917657][ T5696] usb 3-1: config 128 interface 165 altsetting 7 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 306.917692][ T5696] usb 3-1: config 128 interface 165 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 306.917721][ T5696] usb 3-1: config 128 interface 165 altsetting 7 has an endpoint descriptor with address 0x26, changing to 0x6 [ 306.917753][ T5696] usb 3-1: config 128 interface 165 altsetting 7 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 306.917786][ T5696] usb 3-1: config 128 interface 165 altsetting 7 has an endpoint descriptor with address 0xFE, changing to 0x8E [ 306.917818][ T5696] usb 3-1: config 128 interface 165 altsetting 7 bulk endpoint 0x8E has invalid maxpacket 16 [ 306.917850][ T5696] usb 3-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0xB, skipping [ 306.917878][ T5696] usb 3-1: config 128 interface 165 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 306.917905][ T5696] usb 3-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0xB, skipping [ 306.917934][ T5696] usb 3-1: config 128 interface 165 altsetting 7 has a duplicate endpoint with address 0x1, skipping [ 306.917963][ T5696] usb 3-1: config 128 interface 165 altsetting 7 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 306.918041][ T5696] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x9, skipping [ 306.918074][ T5696] usb 3-1: config 128 interface 227 altsetting 9 endpoint 0xA has invalid maxpacket 47788, setting to 64 [ 306.918108][ T5696] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xB, skipping [ 306.918136][ T5696] usb 3-1: config 128 interface 227 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 306.918163][ T5696] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xC, skipping [ 306.918193][ T5696] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x7, skipping [ 306.918223][ T5696] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x6, skipping [ 306.918251][ T5696] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xD, skipping [ 306.918280][ T5696] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x7, skipping [ 306.918336][ T5696] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0xA, skipping [ 306.918365][ T5696] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x3, skipping [ 306.918393][ T5696] usb 3-1: config 128 interface 227 altsetting 9 has a duplicate endpoint with address 0x6, skipping [ 306.918440][ T5696] usb 3-1: config 128 interface 37 altsetting 3 has a duplicate endpoint with address 0xF, skipping [ 306.918485][ T5696] usb 3-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xF, skipping [ 306.918514][ T5696] usb 3-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xB, skipping [ 306.918542][ T5696] usb 3-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xD, skipping [ 306.918570][ T5696] usb 3-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0xE, skipping [ 306.918598][ T5696] usb 3-1: config 128 interface 65 altsetting 7 has a duplicate endpoint with address 0x6, skipping [ 306.918627][ T5696] usb 3-1: config 128 interface 65 altsetting 7 has 5 endpoint descriptors, different from the interface descriptor's value: 16 [ 306.918799][ T5696] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x2, skipping [ 306.918831][ T5696] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x1, skipping [ 306.918860][ T5696] usb 3-1: config 128 interface 24 altsetting 218 has an invalid descriptor for endpoint zero, skipping [ 306.918887][ T5696] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x1, skipping [ 306.918916][ T5696] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x7, skipping [ 306.918945][ T5696] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x3, skipping [ 306.918987][ T5696] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x8, skipping [ 306.919017][ T5696] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x1, skipping [ 306.919048][ T5696] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x8, skipping [ 306.919078][ T5696] usb 3-1: config 128 interface 24 altsetting 218 has a duplicate endpoint with address 0x7, skipping [ 306.919107][ T5696] usb 3-1: config 128 interface 24 altsetting 218 has 11 endpoint descriptors, different from the interface descriptor's value: 23 [ 306.919142][ T5696] usb 3-1: config 128 interface 165 has no altsetting 0 [ 306.919165][ T5696] usb 3-1: config 128 interface 227 has no altsetting 0 [ 306.919188][ T5696] usb 3-1: config 128 interface 37 has no altsetting 0 [ 306.919211][ T5696] usb 3-1: config 128 interface 65 has no altsetting 0 [ 306.919233][ T5696] usb 3-1: config 128 interface 24 has no altsetting 0 [ 307.166571][ T5696] usb 3-1: New USB device found, idVendor=0bfd, idProduct=0112, bcdDevice=2e.58 [ 307.166624][ T5696] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 307.166649][ T5696] usb 3-1: Product: syz [ 307.166665][ T5696] usb 3-1: Manufacturer: 뜧恾庺궵쟦杲姎㔇Ⓚ湥鋸ﻶ宼죕ౄ鵹遦눡釠儳臖௒㼄뙴糛橄Ἁ酄ꂑﴐ鼥⠎ᑸ໏垑孮寲⿟襞鼝絣䇕楂䲐껹맊쫑ᆳ꒞똒恓宇 [ 307.166694][ T5696] usb 3-1: SerialNumber: syz [ 307.683402][ T7956] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 307.711360][ T7956] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 307.775056][ T7962] usb usb8: usbfs: process 7962 (syz.0.766) did not claim interface 0 before use [ 307.971922][ T5696] kvaser_usb 3-1:128.165: error -ENODEV: Cannot get usb endpoint(s) [ 308.060354][ T5696] kvaser_usb 3-1:128.227: error -ENODEV: Cannot get usb endpoint(s) [ 308.094708][ T5696] kvaser_usb 3-1:128.37: error -ENODEV: Cannot get usb endpoint(s) [ 308.114864][ T5696] kvaser_usb 3-1:128.65: error -ENODEV: Cannot get usb endpoint(s) [ 308.140414][ T5696] kvaser_usb 3-1:128.24: error -ENODEV: Cannot get usb endpoint(s) [ 308.179349][ T5696] usb 3-1: USB disconnect, device number 69 [ 308.832786][ T7867] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.834950][ T7867] bridge0: port 1(bridge_slave_0) entered disabled state [ 308.835691][ T7867] bridge_slave_0: entered allmulticast mode [ 308.860829][ T7867] bridge_slave_0: entered promiscuous mode [ 308.914743][ T7867] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.915131][ T7867] bridge0: port 2(bridge_slave_1) entered disabled state [ 308.916252][ T7867] bridge_slave_1: entered allmulticast mode [ 308.946159][ T7867] bridge_slave_1: entered promiscuous mode [ 308.968153][ T5696] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 309.118400][ T5696] usb 3-1: Using ep0 maxpacket: 8 [ 309.145522][ T5696] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 309.145590][ T5696] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 309.145617][ T5696] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 309.145644][ T5696] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 309.145675][ T5696] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 309.145701][ T5696] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 309.145748][ T5696] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 309.145774][ T5696] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.415649][ T7867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 309.469645][ T5696] usb 3-1: usb_control_msg returned -32 [ 309.469697][ T5696] usbtmc 3-1:16.0: can't read capabilities [ 309.594230][ T7867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 309.684939][ T7885] bridge0: port 1(bridge_slave_0) entered blocking state [ 309.685408][ T7885] bridge0: port 1(bridge_slave_0) entered disabled state [ 309.685794][ T7885] bridge_slave_0: entered allmulticast mode [ 309.717422][ T7885] bridge_slave_0: entered promiscuous mode [ 309.792034][ T7885] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.792455][ T7885] bridge0: port 2(bridge_slave_1) entered disabled state [ 309.792786][ T7885] bridge_slave_1: entered allmulticast mode [ 309.823741][ T7885] bridge_slave_1: entered promiscuous mode [ 309.839729][ T7867] team0: Port device team_slave_0 added [ 309.903317][ T7867] team0: Port device team_slave_1 added [ 310.028960][ T7885] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 310.084990][ T7885] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 310.109543][ T7867] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 310.109563][ T7867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 310.109595][ T7867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 310.180462][ T7976] usbtmc 3-1:16.0: usb_control_msg returned -32 [ 310.390032][ T5696] usb 3-1: USB disconnect, device number 70 [ 311.112570][ T7980] netlink: 8 bytes leftover after parsing attributes in process `syz.2.769'. [ 311.476612][ T5696] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 311.608230][ T5696] usb 3-1: device descriptor read/64, error -71 [ 311.847055][ T5696] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 311.976633][ T5696] usb 3-1: device descriptor read/64, error -71 [ 312.093086][ T5696] usb usb3-port1: attempt power cycle [ 312.438333][ T5696] usb 3-1: new high-speed USB device number 73 using dummy_hcd [ 312.457614][ T5696] usb 3-1: device descriptor read/8, error -71 [ 312.716769][ T5696] usb 3-1: new high-speed USB device number 74 using dummy_hcd [ 312.737752][ T5696] usb 3-1: device descriptor read/8, error -71 [ 312.858600][ T5696] usb usb3-port1: unable to enumerate USB device [ 314.614704][ T7986] loop8: detected capacity change from 0 to 7 [ 314.624315][ T7986] Dev loop8: unable to read RDB block 7 [ 314.624360][ T7986] loop8: unable to read partition table [ 314.624593][ T7986] loop8: partition table beyond EOD, truncated [ 314.632520][ T7986] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 317.292699][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.292815][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.101363][ T4925] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 322.165151][ T4925] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 322.183877][ T4925] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 322.196264][ T4925] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 322.202319][ T4925] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 322.503494][ T7867] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 322.503513][ T7867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 322.503546][ T7867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 322.746127][ T7885] team0: Port device team_slave_0 added [ 322.809902][ T7885] team0: Port device team_slave_1 added [ 322.994056][ T8008] binder_alloc: 8007: binder_alloc_buf size 50331744 failed, no address space [ 322.994082][ T8008] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 323.440796][ T8012] netlink: 24 bytes leftover after parsing attributes in process `syz.2.776'. [ 324.406775][ T5623] Bluetooth: hci1: command tx timeout [ 325.976839][ T5718] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 326.106637][ T5718] usb 3-1: device descriptor read/64, error -71 [ 326.346604][ T5718] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 326.476615][ T5718] usb 3-1: device descriptor read/64, error -71 [ 326.486970][ T5623] Bluetooth: hci1: command tx timeout [ 326.588196][ T5718] usb usb3-port1: attempt power cycle [ 326.926883][ T5718] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 326.947610][ T5718] usb 3-1: device descriptor read/8, error -71 [ 327.186839][ T5718] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 327.207720][ T5718] usb 3-1: device descriptor read/8, error -71 [ 327.318350][ T5718] usb usb3-port1: unable to enumerate USB device [ 328.576830][ T5623] Bluetooth: hci1: command tx timeout [ 328.981157][ T8018] netlink: 8 bytes leftover after parsing attributes in process `syz.2.778'. [ 329.032765][ T8018] binder: BINDER_SET_CONTEXT_MGR already set [ 329.032782][ T8018] binder: 8017:8018 ioctl 40046207 0 returned -16 [ 329.270867][ T8020] capability: warning: `syz.2.779' uses deprecated v2 capabilities in a way that may be insecure [ 329.347159][ T6605] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.876933][ T5718] usb 3-1: new high-speed USB device number 79 using dummy_hcd [ 330.033984][ T5718] usb 3-1: New USB device found, idVendor=0c45, idProduct=6005, bcdDevice=b5.55 [ 330.034029][ T5718] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.034052][ T5718] usb 3-1: Product: syz [ 330.034068][ T5718] usb 3-1: Manufacturer: syz [ 330.034085][ T5718] usb 3-1: SerialNumber: syz [ 330.081754][ T5718] usb 3-1: config 0 descriptor?? [ 330.101738][ T5718] gspca_main: sonixb-2.14.0 probing 0c45:6005 [ 330.527540][ T5718] usb 3-1: USB disconnect, device number 79 [ 330.646605][ T5623] Bluetooth: hci1: command tx timeout [ 330.828779][ T7885] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 330.828799][ T7885] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 330.828831][ T7885] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 331.289030][ T8030] netlink: 28 bytes leftover after parsing attributes in process `syz.2.782'. [ 332.265208][ T7867] hsr_slave_0: entered promiscuous mode [ 332.274271][ T7867] hsr_slave_1: entered promiscuous mode [ 332.287677][ T7867] debugfs: 'hsr0' already exists in 'hsr' [ 332.287708][ T7867] Cannot create hsr debugfs directory [ 332.291676][ T7885] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 332.291694][ T7885] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 332.291725][ T7885] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 332.833863][ T7885] hsr_slave_0: entered promiscuous mode [ 332.845488][ T7885] hsr_slave_1: entered promiscuous mode [ 332.860176][ T7885] debugfs: 'hsr0' already exists in 'hsr' [ 332.860207][ T7885] Cannot create hsr debugfs directory [ 334.506594][ T5718] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 334.636704][ T5718] usb 3-1: device descriptor read/64, error -71 [ 334.876590][ T5718] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 335.008289][ T5718] usb 3-1: device descriptor read/64, error -71 [ 335.118398][ T5718] usb usb3-port1: attempt power cycle [ 335.466818][ T5718] usb 3-1: new high-speed USB device number 82 using dummy_hcd [ 335.489057][ T5718] usb 3-1: device descriptor read/8, error -71 [ 335.726872][ T5718] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 335.749133][ T5718] usb 3-1: device descriptor read/8, error -71 [ 335.862955][ T5718] usb usb3-port1: unable to enumerate USB device [ 337.922934][ T8039] netlink: 8 bytes leftover after parsing attributes in process `syz.2.785'. [ 339.030773][ T7867] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 340.765852][ T7867] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 340.819888][ T7867] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 341.723561][ T7867] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 341.758468][ T7867] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 341.891033][ T5696] usb 3-1: new high-speed USB device number 84 using dummy_hcd [ 342.046666][ T5696] usb 3-1: Using ep0 maxpacket: 32 [ 342.049574][ T5696] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 342.049608][ T5696] usb 3-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 342.049636][ T5696] usb 3-1: config 0 interface 0 has no altsetting 0 [ 342.053418][ T5696] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 342.053451][ T5696] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 342.053475][ T5696] usb 3-1: Product: syz [ 342.053491][ T5696] usb 3-1: Manufacturer: syz [ 342.053507][ T5696] usb 3-1: SerialNumber: syz [ 342.132837][ T5696] usb 3-1: config 0 descriptor?? [ 342.559669][ T5696] gs_usb 3-1:0.0: Configuring for 240 interfaces [ 342.765020][ T5696] gs_usb 3-1:0.0: Couldn't get bit timing const for channel 0 (-EREMOTEIO) [ 342.765483][ T5696] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -121 [ 342.874481][ T7867] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 343.356256][ T4925] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 343.403514][ T4925] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 343.443971][ T4925] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 343.472172][ T4925] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 343.473254][ T4925] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 344.779448][ T5621] usb 3-1: USB disconnect, device number 84 [ 345.648615][ T5621] usb 3-1: new high-speed USB device number 85 using dummy_hcd [ 345.701151][ T5623] Bluetooth: hci3: command tx timeout [ 345.730912][ T5618] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 345.783960][ T5618] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 345.808723][ T5618] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 345.875466][ T5618] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 345.888314][ T5618] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 345.919241][ T5621] usb 3-1: Using ep0 maxpacket: 8 [ 345.936070][ T5621] usb 3-1: config index 0 descriptor too short (expected 260, got 27) [ 345.936101][ T5621] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 345.936123][ T5621] usb 3-1: config 2 has 0 interfaces, different from the descriptor's value: 1 [ 345.936174][ T5621] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 345.936201][ T5621] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 346.568259][ T5621] usb 3-1: string descriptor 0 read error: -71 [ 346.599546][ T5621] usb 3-1: USB disconnect, device number 85 [ 347.768118][ T5618] Bluetooth: hci3: command tx timeout [ 348.486724][ T5618] Bluetooth: hci6: command tx timeout [ 349.846554][ T5618] Bluetooth: hci3: command tx timeout [ 350.578155][ T5618] Bluetooth: hci6: command tx timeout [ 350.778732][ T7999] bridge0: port 1(bridge_slave_0) entered blocking state [ 350.779238][ T7999] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.779666][ T7999] bridge_slave_0: entered allmulticast mode [ 350.855244][ T7999] bridge_slave_0: entered promiscuous mode [ 350.965052][ T7999] bridge0: port 2(bridge_slave_1) entered blocking state [ 350.965647][ T7999] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.966028][ T7999] bridge_slave_1: entered allmulticast mode [ 350.988798][ T5718] usb 3-1: new high-speed USB device number 86 using dummy_hcd [ 350.995623][ T7999] bridge_slave_1: entered promiscuous mode [ 351.163210][ T5718] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 351.163251][ T5718] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 351.163277][ T5718] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 351.163325][ T5718] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 351.163352][ T5718] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.259927][ T5718] usb 3-1: config 0 descriptor?? [ 351.557709][ T7999] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 351.695478][ T7999] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 351.936802][ T5618] Bluetooth: hci3: command tx timeout [ 351.938754][ T5718] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 352.270125][ T5718] usb 3-1: USB disconnect, device number 86 [ 352.646655][ T5618] Bluetooth: hci6: command tx timeout [ 354.727408][ T5618] Bluetooth: hci6: command tx timeout [ 354.842189][ T8085] netlink: 128 bytes leftover after parsing attributes in process `syz.2.792'. [ 354.842669][ T8085] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 354.976804][ T7999] team0: Port device team_slave_0 added [ 355.012234][ T7999] team0: Port device team_slave_1 added [ 355.277126][ T7999] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 355.277148][ T7999] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 355.277179][ T7999] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 355.341409][ T7999] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 355.341429][ T7999] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 355.341460][ T7999] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 365.071476][ T7999] hsr_slave_0: entered promiscuous mode [ 365.074261][ T7999] hsr_slave_1: entered promiscuous mode [ 365.088600][ T7999] debugfs: 'hsr0' already exists in 'hsr' [ 365.088630][ T7999] Cannot create hsr debugfs directory [ 365.856771][ T5621] usb 3-1: new high-speed USB device number 87 using dummy_hcd [ 366.018144][ T5621] usb 3-1: Using ep0 maxpacket: 8 [ 366.021695][ T5621] usb 3-1: config index 0 descriptor too short (expected 260, got 27) [ 366.021727][ T5621] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 366.021749][ T5621] usb 3-1: config 2 has 0 interfaces, different from the descriptor's value: 1 [ 366.021796][ T5621] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 366.021823][ T5621] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.301370][ T5621] usb 3-1: string descriptor 0 read error: -71 [ 366.343898][ T5621] usb 3-1: USB disconnect, device number 87 [ 367.525712][ T5696] usb 3-1: new high-speed USB device number 88 using dummy_hcd [ 367.677009][ T5696] usb 3-1: Using ep0 maxpacket: 16 [ 367.681791][ T5696] usb 3-1: config 0 has an invalid interface number: 98 but max is 0 [ 367.681822][ T5696] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 367.681856][ T5696] usb 3-1: config 0 has no interface number 0 [ 367.681904][ T5696] usb 3-1: config 0 interface 98 altsetting 2 bulk endpoint 0x8 has invalid maxpacket 16 [ 367.681932][ T5696] usb 3-1: config 0 interface 98 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 367.681959][ T5696] usb 3-1: config 0 interface 98 has no altsetting 0 [ 367.686292][ T5696] usb 3-1: New USB device found, idVendor=0846, idProduct=1040, bcdDevice=d0.c9 [ 367.686343][ T5696] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 367.686367][ T5696] usb 3-1: Product: syz [ 367.727971][ T5696] usb 3-1: Manufacturer: syz [ 367.727997][ T5696] usb 3-1: SerialNumber: syz [ 367.811576][ T5696] usb 3-1: config 0 descriptor?? [ 367.882545][ T8104] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 367.882797][ T8104] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 368.140847][ T8104] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 368.141644][ T8104] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 368.577128][ T8112] capability: warning: `syz.2.797' uses 32-bit capabilities (legacy support in use) [ 369.455360][ T5696] asix 3-1:0.98 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 369.455714][ T5696] asix 3-1:0.98: probe with driver asix failed with error -71 [ 369.554832][ T5696] usb 3-1: USB disconnect, device number 88 [ 370.003739][ T8104] syz.2.797 (8104) used greatest stack depth: 18920 bytes left [ 370.231228][ T8048] bridge0: port 1(bridge_slave_0) entered blocking state [ 370.231616][ T8048] bridge0: port 1(bridge_slave_0) entered disabled state [ 370.231984][ T8048] bridge_slave_0: entered allmulticast mode [ 370.261983][ T8048] bridge_slave_0: entered promiscuous mode [ 370.289098][ T8048] bridge0: port 2(bridge_slave_1) entered blocking state [ 370.289491][ T8048] bridge0: port 2(bridge_slave_1) entered disabled state [ 370.289835][ T8048] bridge_slave_1: entered allmulticast mode [ 370.317934][ T8048] bridge_slave_1: entered promiscuous mode [ 370.446552][ T5696] usb 3-1: new high-speed USB device number 89 using dummy_hcd [ 370.531724][ T8048] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 370.579660][ T8048] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 370.580624][ T8061] bridge0: port 1(bridge_slave_0) entered blocking state [ 370.581090][ T8061] bridge0: port 1(bridge_slave_0) entered disabled state [ 370.581462][ T8061] bridge_slave_0: entered allmulticast mode [ 370.585548][ T8061] bridge_slave_0: entered promiscuous mode [ 370.599498][ T5696] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 370.599535][ T5696] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 370.599561][ T5696] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 370.599619][ T5696] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 370.599646][ T5696] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.746850][ T5696] usb 3-1: config 0 descriptor?? [ 370.869916][ T8061] bridge0: port 2(bridge_slave_1) entered blocking state [ 370.870551][ T8061] bridge0: port 2(bridge_slave_1) entered disabled state [ 370.871219][ T8061] bridge_slave_1: entered allmulticast mode [ 370.914792][ T8061] bridge_slave_1: entered promiscuous mode [ 371.128453][ T8048] team0: Port device team_slave_0 added [ 371.259449][ T8048] team0: Port device team_slave_1 added [ 371.265908][ T5696] plantronics 0003:047F:FFFF.001B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 371.327078][ T8061] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 371.631965][ T5696] usb 3-1: USB disconnect, device number 89 [ 372.286742][ T8126] netlink: 8 bytes leftover after parsing attributes in process `syz.2.799'. [ 376.046541][ T5718] usb 3-1: new high-speed USB device number 90 using dummy_hcd [ 376.216805][ T5718] usb 3-1: Using ep0 maxpacket: 8 [ 376.219708][ T5718] usb 3-1: config index 0 descriptor too short (expected 260, got 27) [ 376.219739][ T5718] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 376.219761][ T5718] usb 3-1: config 2 has 0 interfaces, different from the descriptor's value: 1 [ 376.219800][ T5718] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 376.219827][ T5718] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.491550][ C0] raw-gadget.0 gadget.2: ignoring, device is not running [ 376.495744][ T5718] usb 3-1: string descriptor 0 read error: -71 [ 376.522415][ T5718] usb 3-1: USB disconnect, device number 90 [ 378.750196][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.750317][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.153200][ T8061] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 382.439415][ T5623] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 382.486106][ T5623] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 382.512076][ T5623] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 382.519616][ T5623] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 382.549839][ T5623] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 384.726862][ T5618] Bluetooth: hci0: command tx timeout [ 386.806665][ T5618] Bluetooth: hci0: command tx timeout [ 388.139056][ T8048] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 388.139076][ T8048] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 388.139108][ T8048] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 388.350340][ T8048] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 388.357467][ T8048] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 388.357513][ T8048] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 388.453456][ T8061] team0: Port device team_slave_0 added [ 388.579327][ T8061] team0: Port device team_slave_1 added [ 388.903075][ T5618] Bluetooth: hci0: command tx timeout [ 388.991763][ T8061] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 388.991783][ T8061] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 388.991814][ T8061] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 389.114477][ T8160] netlink: 20 bytes leftover after parsing attributes in process `syz.2.805'. [ 389.145595][ T8061] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 389.145616][ T8061] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 389.145647][ T8061] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 389.386539][ T5718] usb 3-1: new high-speed USB device number 91 using dummy_hcd [ 389.517097][ T5718] usb 3-1: device descriptor read/64, error -71 [ 389.756611][ T5718] usb 3-1: new high-speed USB device number 92 using dummy_hcd [ 389.900250][ T5718] usb 3-1: device descriptor read/64, error -71 [ 390.007163][ T5718] usb usb3-port1: attempt power cycle [ 390.356582][ T5718] usb 3-1: new high-speed USB device number 93 using dummy_hcd [ 390.377348][ T5718] usb 3-1: device descriptor read/8, error -71 [ 390.616596][ T5718] usb 3-1: new high-speed USB device number 94 using dummy_hcd [ 390.650363][ T5718] usb 3-1: device descriptor read/8, error -71 [ 390.757905][ T5718] usb usb3-port1: unable to enumerate USB device [ 390.967508][ T5618] Bluetooth: hci0: command tx timeout [ 390.989370][ T8048] hsr_slave_0: entered promiscuous mode [ 390.992127][ T8048] hsr_slave_1: entered promiscuous mode [ 390.994668][ T8048] debugfs: 'hsr0' already exists in 'hsr' [ 390.994697][ T8048] Cannot create hsr debugfs directory [ 391.358497][ T8061] hsr_slave_0: entered promiscuous mode [ 391.361544][ T8061] hsr_slave_1: entered promiscuous mode [ 391.363821][ T8061] debugfs: 'hsr0' already exists in 'hsr' [ 391.363849][ T8061] Cannot create hsr debugfs directory [ 394.616544][ T5719] usb 3-1: new high-speed USB device number 95 using dummy_hcd [ 394.746839][ T5719] usb 3-1: device descriptor read/64, error -71 [ 394.989835][ T5719] usb 3-1: new high-speed USB device number 96 using dummy_hcd [ 395.116570][ T5719] usb 3-1: device descriptor read/64, error -71 [ 395.227447][ T5719] usb usb3-port1: attempt power cycle [ 395.579879][ T5719] usb 3-1: new high-speed USB device number 97 using dummy_hcd [ 395.598713][ T5719] usb 3-1: device descriptor read/8, error -71 [ 395.867004][ T5719] usb 3-1: new high-speed USB device number 98 using dummy_hcd [ 395.888432][ T5719] usb 3-1: device descriptor read/8, error -71 [ 396.007327][ T5719] usb usb3-port1: unable to enumerate USB device [ 396.175730][ T8138] bridge0: port 1(bridge_slave_0) entered blocking state [ 396.176202][ T8138] bridge0: port 1(bridge_slave_0) entered disabled state [ 396.192233][ T8138] bridge_slave_0: entered allmulticast mode [ 396.203216][ T8138] bridge_slave_0: entered promiscuous mode [ 396.215025][ T8138] bridge0: port 2(bridge_slave_1) entered blocking state [ 396.215497][ T8138] bridge0: port 2(bridge_slave_1) entered disabled state [ 396.216243][ T8138] bridge_slave_1: entered allmulticast mode [ 396.241653][ T8138] bridge_slave_1: entered promiscuous mode [ 396.348963][ T8138] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 396.367167][ T8138] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 396.462926][ T8138] team0: Port device team_slave_0 added [ 396.475328][ T8138] team0: Port device team_slave_1 added [ 397.796697][ T5718] usb 3-1: new high-speed USB device number 99 using dummy_hcd [ 397.946682][ T5718] usb 3-1: Using ep0 maxpacket: 8 [ 397.949593][ T5718] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 397.949623][ T5718] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 397.949644][ T5718] usb 3-1: config 0 has no interface number 0 [ 397.949691][ T5718] usb 3-1: config 0 interface 1 altsetting 130 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 397.949722][ T5718] usb 3-1: config 0 interface 1 has no altsetting 0 [ 397.949758][ T5718] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 397.949783][ T5718] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 398.030912][ T5718] usb 3-1: config 0 descriptor?? [ 398.049629][ T5718] iowarrior 3-1:0.1: no interrupt-in endpoint found [ 400.594383][ T5696] usb 3-1: USB disconnect, device number 99 [ 400.953282][ T8138] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 400.953301][ T8138] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 400.953341][ T8138] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 401.072043][ T8138] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 401.072062][ T8138] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 401.072094][ T8138] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 401.323968][ T8138] hsr_slave_0: entered promiscuous mode [ 401.340314][ T8138] hsr_slave_1: entered promiscuous mode [ 401.353964][ T8138] debugfs: 'hsr0' already exists in 'hsr' [ 401.353995][ T8138] Cannot create hsr debugfs directory [ 402.887177][ T5696] usb 3-1: new high-speed USB device number 100 using dummy_hcd [ 403.036654][ T5696] usb 3-1: Using ep0 maxpacket: 8 [ 403.039580][ T5696] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 403.039610][ T5696] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 403.039633][ T5696] usb 3-1: config 0 has no interface number 0 [ 403.039697][ T5696] usb 3-1: config 0 interface 1 altsetting 130 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 403.039728][ T5696] usb 3-1: config 0 interface 1 has no altsetting 0 [ 403.039763][ T5696] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 403.039790][ T5696] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 403.054036][ T5696] usb 3-1: config 0 descriptor?? [ 403.329344][ T5696] iowarrior 3-1:0.1: no interrupt-in endpoint found [ 403.815786][ T5623] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 403.865769][ T5623] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 403.902874][ T5623] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 403.923039][ T5623] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 403.952001][ T5623] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 405.730174][ T5719] usb 3-1: USB disconnect, device number 100 [ 406.178928][ T5618] Bluetooth: hci4: command tx timeout [ 406.644236][ T5623] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 406.703071][ T5623] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 406.704750][ T5623] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 406.706316][ T5623] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 406.760024][ T5623] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 407.341944][ T8194] bridge0: port 1(bridge_slave_0) entered blocking state [ 407.342499][ T8194] bridge0: port 1(bridge_slave_0) entered disabled state [ 407.343019][ T8194] bridge_slave_0: entered allmulticast mode [ 407.379484][ T8194] bridge_slave_0: entered promiscuous mode [ 407.441854][ T8194] bridge0: port 2(bridge_slave_1) entered blocking state [ 407.445948][ T8194] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.454330][ T8194] bridge_slave_1: entered allmulticast mode [ 407.490621][ T8194] bridge_slave_1: entered promiscuous mode [ 408.111076][ T8194] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 408.154632][ T8194] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 408.249709][ T5623] Bluetooth: hci4: command tx timeout [ 408.473708][ T8194] team0: Port device team_slave_0 added [ 408.500543][ T8194] team0: Port device team_slave_1 added [ 408.648316][ T5696] usb 3-1: new high-speed USB device number 101 using dummy_hcd [ 408.707577][ T8194] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 408.707597][ T8194] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 408.707630][ T8194] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 408.754263][ T8194] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 408.754283][ T8194] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 408.754315][ T8194] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 408.806822][ T5623] Bluetooth: hci7: command tx timeout [ 408.821754][ T5696] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 408.821815][ T5696] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 408.821845][ T5696] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 408.821888][ T5696] usb 3-1: New USB device found, idVendor=056a, idProduct=0000, bcdDevice= 0.00 [ 408.821914][ T5696] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 408.899212][ T5696] usb 3-1: config 0 descriptor?? [ 409.525162][ T8232] AppArmor: change_hat: Invalid input '9' [ 409.559771][ T8232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 409.604117][ T8232] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 409.636328][ T5696] usbhid 3-1:0.0: can't add hid device: -71 [ 409.636514][ T5696] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 409.811484][ T5696] usb 3-1: USB disconnect, device number 101 [ 410.166812][ T5696] usb 3-1: new high-speed USB device number 102 using dummy_hcd [ 410.321411][ T5696] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 5 [ 410.321448][ T5696] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 410.325238][ T5696] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 410.325272][ T5696] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 410.325296][ T5696] usb 3-1: Product: syz [ 410.325313][ T5696] usb 3-1: Manufacturer: syz [ 410.325329][ T5696] usb 3-1: SerialNumber: syz [ 410.326747][ T5623] Bluetooth: hci4: command tx timeout [ 410.403890][ T8232] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 410.616996][ T5696] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 102 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 410.855029][ C0] usblp0: nonzero write bulk status received: -71 [ 410.886888][ T5623] Bluetooth: hci7: command tx timeout [ 411.530104][ T5623] Bluetooth: hci5: command 0x0406 tx timeout [ 411.960732][ T5696] usb 3-1: USB disconnect, device number 102 [ 411.995863][ T5696] usblp0: removed [ 412.406633][ T5623] Bluetooth: hci4: command tx timeout [ 412.506549][ T5696] usb 3-1: new high-speed USB device number 103 using dummy_hcd [ 412.656675][ T5696] usb 3-1: Using ep0 maxpacket: 8 [ 412.660030][ T5696] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 412.660059][ T5696] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 412.660082][ T5696] usb 3-1: config 0 has no interface number 0 [ 412.660128][ T5696] usb 3-1: config 0 interface 1 altsetting 130 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 412.660160][ T5696] usb 3-1: config 0 interface 1 has no altsetting 0 [ 412.660197][ T5696] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 412.660221][ T5696] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 412.739189][ T5696] usb 3-1: config 0 descriptor?? [ 412.756225][ T5696] iowarrior 3-1:0.1: no interrupt-in endpoint found [ 412.966621][ T5623] Bluetooth: hci7: command tx timeout [ 413.148568][ T8194] hsr_slave_0: entered promiscuous mode [ 413.151433][ T8194] hsr_slave_1: entered promiscuous mode [ 413.153719][ T8194] debugfs: 'hsr0' already exists in 'hsr' [ 413.153746][ T8194] Cannot create hsr debugfs directory [ 415.046862][ T5618] Bluetooth: hci7: command tx timeout [ 415.284648][ T5696] usb 3-1: USB disconnect, device number 103 [ 415.521998][ T8214] bridge0: port 1(bridge_slave_0) entered blocking state [ 415.523214][ T8214] bridge0: port 1(bridge_slave_0) entered disabled state [ 415.524552][ T8214] bridge_slave_0: entered allmulticast mode [ 415.566272][ T8214] bridge_slave_0: entered promiscuous mode [ 415.625318][ T8214] bridge0: port 2(bridge_slave_1) entered blocking state [ 415.625808][ T8214] bridge0: port 2(bridge_slave_1) entered disabled state [ 415.626187][ T8214] bridge_slave_1: entered allmulticast mode [ 415.652280][ T8214] bridge_slave_1: entered promiscuous mode [ 415.749093][ T8214] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 415.767299][ T8214] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 415.866686][ T5696] usb 3-1: new high-speed USB device number 104 using dummy_hcd [ 415.871399][ T8214] team0: Port device team_slave_0 added [ 415.891956][ T8214] team0: Port device team_slave_1 added [ 415.983420][ T8214] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 415.983441][ T8214] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 415.983472][ T8214] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 416.029645][ T5696] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 416.029683][ T5696] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 416.029714][ T5696] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 416.033361][ T5696] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 416.033392][ T5696] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.033415][ T5696] usb 3-1: Product: syz [ 416.033450][ T5696] usb 3-1: Manufacturer: syz [ 416.033467][ T5696] usb 3-1: SerialNumber: syz [ 416.059999][ T8214] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 416.060019][ T8214] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 416.060051][ T8214] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 416.172998][ T5696] usb 3-1: config 0 descriptor?? [ 416.174141][ T8246] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 416.174380][ T8246] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 416.208447][ T5696] usb 3-1: ucan: probing device on interface #0 [ 416.603342][ T5696] usb 3-1: ucan: failed to retrieve device info [ 416.603369][ T5696] usb 3-1: ucan: probe failed; try to update the device firmware [ 416.650779][ T5696] usb 3-1: USB disconnect, device number 104 [ 431.994772][ T8214] hsr_slave_0: entered promiscuous mode [ 432.004037][ T8214] hsr_slave_1: entered promiscuous mode [ 432.014365][ T8214] debugfs: 'hsr0' already exists in 'hsr' [ 432.014407][ T8214] Cannot create hsr debugfs directory [ 432.636019][ T5623] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 432.685412][ T5623] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 432.734745][ T5623] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 432.749953][ T5623] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 432.750882][ T5623] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 434.966754][ T5618] Bluetooth: hci8: command tx timeout [ 437.056823][ T5618] Bluetooth: hci8: command tx timeout [ 437.406681][ T8255] bridge0: port 1(bridge_slave_0) entered blocking state [ 437.407248][ T8255] bridge0: port 1(bridge_slave_0) entered disabled state [ 437.407661][ T8255] bridge_slave_0: entered allmulticast mode [ 437.411983][ T8255] bridge_slave_0: entered promiscuous mode [ 437.444496][ T8255] bridge0: port 2(bridge_slave_1) entered blocking state [ 437.444956][ T8255] bridge0: port 2(bridge_slave_1) entered disabled state [ 437.445372][ T8255] bridge_slave_1: entered allmulticast mode [ 437.484529][ T8255] bridge_slave_1: entered promiscuous mode [ 437.573881][ T8255] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 437.594313][ T8255] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 437.710325][ T8255] team0: Port device team_slave_0 added [ 437.723693][ T8255] team0: Port device team_slave_1 added [ 437.798426][ T8255] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 437.798445][ T8255] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 437.798476][ T8255] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 437.806303][ T8255] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 437.806320][ T8255] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 437.889475][ T8255] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 438.000663][ T8255] hsr_slave_0: entered promiscuous mode [ 438.003493][ T8255] hsr_slave_1: entered promiscuous mode [ 438.005899][ T8255] debugfs: 'hsr0' already exists in 'hsr' [ 438.005926][ T8255] Cannot create hsr debugfs directory [ 439.126586][ T5618] Bluetooth: hci8: command tx timeout [ 440.169922][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.170041][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.206737][ T5618] Bluetooth: hci8: command tx timeout [ 442.608057][ T5623] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 442.664821][ T5623] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 442.696579][ T5623] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 442.698070][ T5623] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 442.727516][ T5623] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 444.886793][ T5618] Bluetooth: hci9: command tx timeout [ 446.967925][ T5618] Bluetooth: hci9: command tx timeout [ 447.373939][ T5618] Bluetooth: hci1: command 0x0406 tx timeout [ 449.046833][ T5618] Bluetooth: hci9: command tx timeout [ 450.830481][ T8276] bridge0: port 1(bridge_slave_0) entered blocking state [ 450.830973][ T8276] bridge0: port 1(bridge_slave_0) entered disabled state [ 450.831696][ T8276] bridge_slave_0: entered allmulticast mode [ 450.835846][ T8276] bridge_slave_0: entered promiscuous mode [ 450.882182][ T8276] bridge0: port 2(bridge_slave_1) entered blocking state [ 450.882656][ T8276] bridge0: port 2(bridge_slave_1) entered disabled state [ 450.883083][ T8276] bridge_slave_1: entered allmulticast mode [ 450.910887][ T8276] bridge_slave_1: entered promiscuous mode [ 451.009495][ T8276] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 451.031874][ T8276] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 451.110422][ T8276] team0: Port device team_slave_0 added [ 451.125357][ T8276] team0: Port device team_slave_1 added [ 451.126798][ T5623] Bluetooth: hci9: command tx timeout [ 454.835440][ T8276] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 454.835461][ T8276] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 454.835492][ T8276] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 454.889596][ T8276] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 454.889616][ T8276] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 454.889648][ T8276] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 455.039348][ T8276] hsr_slave_0: entered promiscuous mode [ 455.042234][ T8276] hsr_slave_1: entered promiscuous mode [ 455.044720][ T8276] debugfs: 'hsr0' already exists in 'hsr' [ 455.044750][ T8276] Cannot create hsr debugfs directory [ 464.811712][ T5618] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 464.863319][ T5618] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 464.875065][ T5618] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 464.932112][ T5618] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 464.933049][ T5618] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 466.617088][ T8303] bridge0: port 1(bridge_slave_0) entered blocking state [ 466.617562][ T8303] bridge0: port 1(bridge_slave_0) entered disabled state [ 466.644214][ T8303] bridge_slave_0: entered allmulticast mode [ 466.665316][ T8303] bridge_slave_0: entered promiscuous mode [ 466.694009][ T8303] bridge0: port 2(bridge_slave_1) entered blocking state [ 466.695583][ T8303] bridge0: port 2(bridge_slave_1) entered disabled state [ 466.696075][ T8303] bridge_slave_1: entered allmulticast mode [ 466.729394][ T8303] bridge_slave_1: entered promiscuous mode [ 466.960930][ T8303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 466.998863][ T8303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 467.057446][ T5618] Bluetooth: hci10: command tx timeout [ 467.211913][ T4925] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 467.283775][ T4925] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 467.285936][ T4925] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 467.302581][ T4925] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 467.303526][ T4925] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 467.541363][ T8303] team0: Port device team_slave_0 added [ 467.853781][ T4925] Bluetooth: hci3: command 0x0406 tx timeout [ 469.126860][ T4925] Bluetooth: hci10: command tx timeout [ 469.366844][ T4925] Bluetooth: hci11: command tx timeout [ 470.969722][ T8303] team0: Port device team_slave_1 added [ 471.064840][ T8303] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 471.064860][ T8303] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 471.064890][ T8303] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 471.127249][ T8303] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 471.127269][ T8303] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 471.127300][ T8303] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 471.216698][ T5623] Bluetooth: hci10: command tx timeout [ 471.418308][ T8303] hsr_slave_0: entered promiscuous mode [ 471.421294][ T8303] hsr_slave_1: entered promiscuous mode [ 471.423515][ T8303] debugfs: 'hsr0' already exists in 'hsr' [ 471.423787][ T8303] Cannot create hsr debugfs directory [ 471.446575][ T5623] Bluetooth: hci11: command tx timeout [ 472.966888][ T5623] Bluetooth: hci6: command 0x0406 tx timeout [ 473.286756][ T5623] Bluetooth: hci10: command tx timeout [ 473.536911][ T5623] Bluetooth: hci11: command tx timeout [ 475.606482][ T5618] Bluetooth: hci11: command tx timeout [ 476.441994][ T8322] bridge0: port 1(bridge_slave_0) entered blocking state [ 476.442480][ T8322] bridge0: port 1(bridge_slave_0) entered disabled state [ 476.442881][ T8322] bridge_slave_0: entered allmulticast mode [ 476.471810][ T8322] bridge_slave_0: entered promiscuous mode [ 476.485463][ T8322] bridge0: port 2(bridge_slave_1) entered blocking state [ 476.485973][ T8322] bridge0: port 2(bridge_slave_1) entered disabled state [ 476.504324][ T8322] bridge_slave_1: entered allmulticast mode [ 476.520313][ T8322] bridge_slave_1: entered promiscuous mode [ 476.625268][ T8322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 476.645657][ T8322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 476.750073][ T8322] team0: Port device team_slave_0 added [ 476.763674][ T8322] team0: Port device team_slave_1 added [ 476.846260][ T8322] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 476.846280][ T8322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 476.846312][ T8322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 476.909337][ T8322] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 476.909356][ T8322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 476.909388][ T8322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 477.076289][ T8322] hsr_slave_0: entered promiscuous mode [ 477.088924][ T8322] hsr_slave_1: entered promiscuous mode [ 477.091343][ T8322] debugfs: 'hsr0' already exists in 'hsr' [ 477.091372][ T8322] Cannot create hsr debugfs directory [ 493.102993][ T5623] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 493.173802][ T5623] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 493.188287][ T5623] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 493.198653][ T5623] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 493.223592][ T5623] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 494.914420][ T8343] bridge0: port 1(bridge_slave_0) entered blocking state [ 494.914929][ T8343] bridge0: port 1(bridge_slave_0) entered disabled state [ 494.915368][ T8343] bridge_slave_0: entered allmulticast mode [ 494.941000][ T8343] bridge_slave_0: entered promiscuous mode [ 494.953420][ T8343] bridge0: port 2(bridge_slave_1) entered blocking state [ 494.953904][ T8343] bridge0: port 2(bridge_slave_1) entered disabled state [ 494.954333][ T8343] bridge_slave_1: entered allmulticast mode [ 494.987195][ T8343] bridge_slave_1: entered promiscuous mode [ 495.096652][ T8343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 495.105410][ T8343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 495.188287][ T8343] team0: Port device team_slave_0 added [ 495.209241][ T8343] team0: Port device team_slave_1 added [ 495.276896][ T8343] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 495.276915][ T8343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 495.276946][ T8343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 495.281411][ T8343] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 495.281430][ T8343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 495.281460][ T8343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 495.366635][ T5618] Bluetooth: hci12: command tx timeout [ 495.533995][ T8343] hsr_slave_0: entered promiscuous mode [ 495.548331][ T8343] hsr_slave_1: entered promiscuous mode [ 495.562672][ T8343] debugfs: 'hsr0' already exists in 'hsr' [ 495.562707][ T8343] Cannot create hsr debugfs directory [ 497.447056][ T5618] Bluetooth: hci12: command tx timeout [ 499.526674][ T5618] Bluetooth: hci12: command tx timeout [ 501.608884][ T38] INFO: task syz-executor:7885 blocked for more than 143 seconds. [ 501.608918][ T38] Tainted: G L syzkaller #0 [ 501.608932][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 501.608944][ T38] task:syz-executor state:D stack:21560 pid:7885 tgid:7885 ppid:1 task_flags:0x400140 flags:0x00080002 [ 501.609026][ T38] Call Trace: [ 501.609125][ T38] [ 501.609199][ T38] __schedule+0x16f9/0x5500 [ 501.609322][ T38] ? __pfx___schedule+0x10/0x10 [ 501.609413][ T38] rt_mutex_schedule+0x76/0xf0 [ 501.609447][ T38] rt_mutex_slowlock_block+0x508/0x680 [ 501.609496][ T38] rt_mutex_slowlock+0x2dc/0x780 [ 501.609526][ T38] ? rt_mutex_slowlock+0x1fd/0x780 [ 501.609556][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 501.609597][ T38] ? rcu_barrier+0x4c/0x580 [ 501.609637][ T38] ? rcu_barrier+0x4c/0x580 [ 501.609678][ T38] ? rcu_barrier+0x4c/0x580 [ 501.609712][ T38] mutex_lock_nested+0x168/0x1d0 [ 501.609739][ T38] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 501.609773][ T38] rcu_barrier+0x4c/0x580 [ 501.609818][ T38] netdev_run_todo+0x2fc/0x12b0 [ 501.609853][ T38] ? __pfx_netdev_run_todo+0x10/0x10 [ 501.609878][ T38] ? kasan_quarantine_put+0xbb/0x1f0 [ 501.609904][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 501.609945][ T38] ? kfree+0x1c5/0x6c0 [ 501.609969][ T38] ? nsim_create+0xf70/0x1170 [ 501.610008][ T38] nsim_create+0xf95/0x1170 [ 501.610053][ T38] __nsim_dev_port_add+0x857/0xd30 [ 501.610077][ T38] ? do_raw_spin_unlock+0xf5/0x210 [ 501.610155][ T38] ? __pfx___nsim_dev_port_add+0x10/0x10 [ 501.610190][ T38] ? __mod_timer+0xb64/0xf60 [ 501.610230][ T38] ? queue_delayed_work_on+0x171/0x1e0 [ 501.610277][ T38] nsim_dev_port_add_all+0x37/0xf0 [ 501.610306][ T38] nsim_drv_probe+0x8f1/0xc20 [ 501.610330][ T38] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 501.610372][ T38] ? __pfx_nsim_drv_probe+0x10/0x10 [ 501.610414][ T38] ? driver_sysfs_add+0x1fe/0x210 [ 501.610447][ T38] ? __pfx_nsim_bus_probe+0x10/0x10 [ 501.610479][ T38] really_probe+0x267/0xaf0 [ 501.610518][ T38] __driver_probe_device+0x1e2/0x350 [ 501.610552][ T38] driver_probe_device+0x4f/0x240 [ 501.610587][ T38] __device_attach_driver+0x270/0x410 [ 501.610624][ T38] bus_for_each_drv+0x25b/0x2f0 [ 501.610662][ T38] ? __pfx___device_attach_driver+0x10/0x10 [ 501.610693][ T38] ? __pfx_bus_for_each_drv+0x10/0x10 [ 501.610727][ T38] ? lockdep_hardirqs_on+0x7a/0x110 [ 501.610761][ T38] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 501.610804][ T38] __device_attach+0x2c8/0x450 [ 501.610837][ T38] ? __pfx___device_attach+0x10/0x10 [ 501.610865][ T38] ? rt_spin_unlock+0x160/0x200 [ 501.610902][ T38] device_initial_probe+0xa1/0xd0 [ 501.610933][ T38] bus_probe_device+0x12d/0x220 [ 501.610959][ T38] device_add+0x7ec/0xb90 [ 501.610992][ T38] new_device_store+0x37b/0x710 [ 501.611031][ T38] ? __pfx_new_device_store+0x10/0x10 [ 501.611064][ T38] ? sysfs_file_kobj+0x1a/0x230 [ 501.611090][ T38] ? sysfs_file_kobj+0x1e4/0x230 [ 501.611125][ T38] ? sysfs_kf_write+0x166/0x260 [ 501.611153][ T38] ? __pfx_sysfs_kf_write+0x10/0x10 [ 501.611174][ T38] kernfs_fop_write_iter+0x3b0/0x540 [ 501.611217][ T38] vfs_write+0x629/0xba0 [ 501.611260][ T38] ? __pfx_vfs_write+0x10/0x10 [ 501.611296][ T38] ? do_sys_openat2+0x14e/0x200 [ 501.611320][ T38] ? kmem_cache_free+0x187/0x6c0 [ 501.611368][ T38] ksys_write+0x156/0x270 [ 501.611403][ T38] ? __pfx_ksys_write+0x10/0x10 [ 501.611444][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.611470][ T38] do_syscall_64+0x174/0x580 [ 501.611508][ T38] ? clear_bhb_loop+0x40/0x90 [ 501.611537][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.611561][ T38] RIP: 0033:0x7f705cb6d68e [ 501.611635][ T38] RSP: 002b:00007ffee5a13038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 501.611691][ T38] RAX: ffffffffffffffda RBX: 000055558ebd5500 RCX: 00007f705cb6d68e [ 501.611708][ T38] RDX: 0000000000000003 RSI: 00007ffee5a130c0 RDI: 0000000000000005 [ 501.611724][ T38] RBP: 00007f705cc43616 R08: 0000000000000000 R09: 0000000000000000 [ 501.611739][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 501.611753][ T38] R13: 00007ffee5a130c0 R14: 00007f705d954620 R15: 0000000000000003 [ 501.611788][ T38] [ 501.611850][ T38] [ 501.611850][ T38] Showing all locks held in the system: [ 501.611863][ T38] 4 locks held by rcuc/1/29: [ 501.611907][ T38] #0: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420 [ 501.612061][ T38] #1: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: process_backlog+0x271/0xc60 [ 501.612131][ T38] #2: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: NF_HOOK+0x9e/0x3c0 [ 501.612183][ T38] #3: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550 [ 501.612249][ T38] 1 lock held by khungtaskd/38: [ 501.612262][ T38] #0: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 501.612357][ T38] 2 locks held by kworker/u8:13/3303: [ 501.612370][ T38] #0: ffff88813fe54138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 501.612436][ T38] #1: ffffc9000ffa7c40 ((work_completion)(&(&kfence_timer)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 501.612503][ T38] 2 locks held by getty/5363: [ 501.612516][ T38] #0: ffff88803566e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 501.612664][ T38] #1: ffffc90003cbe2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13a0 [ 501.612765][ T38] 2 locks held by kworker/1:5/5705: [ 501.612779][ T38] #0: ffff888035d8e138 ((wq_completion)wg-crypt-wg0#3){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 501.612850][ T38] #1: ffffc90004b37c40 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 501.612918][ T38] 6 locks held by kworker/u8:22/6605: [ 501.612932][ T38] #0: ffff88801bae6138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 501.612996][ T38] #1: ffffc9000641fc40 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 501.613060][ T38] #2: ffffffff8f59d4e0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf4/0x800 [ 501.613132][ T38] #3: ffff88803dcd7160 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x129/0x420 [ 501.613185][ T38] #4: ffff888036c78310 (&devlink->lock_key){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x142/0x420 [ 501.613238][ T38] #5: ffffffff8e1d0e30 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 501.613304][ T38] 3 locks held by kworker/u8:24/6607: [ 501.613318][ T38] #0: ffff88813fe54138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 501.613382][ T38] #1: ffffc9000691fc40 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 501.613446][ T38] #2: ffffffff8f5ac9f8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 501.613508][ T38] 3 locks held by kworker/1:7/7564: [ 501.613520][ T38] #0: ffff88813fe16538 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x897/0x1630 [ 501.613585][ T38] #1: ffffc9000f177c40 ((gc_work).work){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630 [ 501.613646][ T38] #2: ffffffff8ececcf8 ("ratelimiter_table_lock"){+.+.}-{3:3}, at: wg_ratelimiter_gc_entries+0x5d/0x480 [ 501.613711][ T38] 1 lock held by syz-executor/7867: [ 501.613724][ T38] #0: ffffffff8e1d0e30 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 501.613789][ T38] 7 locks held by syz-executor/7885: [ 501.613803][ T38] #0: ffff88803494a480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 501.613870][ T38] #1: ffff88805d22e078 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 501.613934][ T38] #2: ffff888029d0cc38 (kn->active#53){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 [ 501.614005][ T38] #3: ffffffff8ee21ab8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: new_device_store+0x13c/0x710 [ 501.614071][ T38] #4: ffff88805e60e160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 [ 501.614141][ T38] #5: ffff88804d3f2310 (&devlink->lock_key#6){+.+.}-{4:4}, at: nsim_drv_probe+0xcf/0xc20 [ 501.614202][ T38] #6: ffffffff8e1d0e30 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 501.614269][ T38] 1 lock held by syz.0.766/7962: [ 501.614281][ T38] #0: ffffffff8e1d0e30 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 501.614349][ T38] 4 locks held by syz-executor/7999: [ 501.614363][ T38] #0: ffff88803494a480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 501.614430][ T38] #1: ffff888069330878 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 501.614495][ T38] #2: ffff888029d0cb48 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 [ 501.614564][ T38] #3: ffffffff8ee21ab8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd7/0x370 [ 501.614631][ T38] 4 locks held by syz-executor/8048: [ 501.614645][ T38] #0: ffff88803494a480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 501.614712][ T38] #1: ffff8880350af478 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 501.614778][ T38] #2: ffff888029d0cb48 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 [ 501.614850][ T38] #3: ffffffff8ee21ab8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd7/0x370 [ 501.614918][ T38] 4 locks held by syz-executor/8061: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 501.614932][ T38] #0: ffff88803494a480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 501.615000][ T38] #1: ffff888052870478 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 501.615065][ T38] #2: ffff888029d0cb48 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 [ 501.615147][ T38] #3: ffffffff8ee21ab8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd7/0x370 [ 501.615217][ T38] 4 locks held by syz-executor/8138: [ 501.615230][ T38] #0: ffff88803494a480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 501.615298][ T38] #1: ffff88801ef5e078 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 501.615362][ T38] #2: ffff888029d0cb48 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 [ 501.615433][ T38] #3: ffffffff8ee21ab8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd7/0x370 [ 501.615501][ T38] 4 locks held by syz-executor/8194: [ 501.615514][ T38] #0: ffff88803494a480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 501.615581][ T38] #1: ffff888037f6ec78 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 501.615651][ T38] #2: ffff888029d0cb48 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 [ 501.615721][ T38] #3: ffffffff8ee21ab8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd7/0x370 [ 501.615789][ T38] 4 locks held by syz-executor/8214: [ 501.615802][ T38] #0: ffff88803494a480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 501.615869][ T38] #1: ffff88805de3d478 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 501.615933][ T38] #2: ffff888029d0cb48 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 [ 501.616004][ T38] #3: ffffffff8ee21ab8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd7/0x370 [ 501.616072][ T38] 1 lock held by syz.2.821/8249: [ 501.616085][ T38] #0: ffffffff8e1d0e30 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580 [ 501.616162][ T38] 4 locks held by syz-executor/8255: [ 501.616175][ T38] #0: ffff88803494a480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 501.616242][ T38] #1: ffff888077408078 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 501.616307][ T38] #2: [ 501.616496][ T5618] Bluetooth: hci12: command tx timeout [ 501.632222][ T1338] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.632335][ T1338] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.123570][ T38] ffff888029d0cb48 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 [ 503.123655][ T38] #3: ffffffff8ee21ab8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd7/0x370 [ 503.123725][ T38] 4 locks held by syz-executor/8276: [ 503.123738][ T38] #0: ffff88803494a480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 503.123803][ T38] #1: ffff888079696c78 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 503.123868][ T38] #2: ffff888029d0cb48 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 [ 503.123937][ T38] #3: ffffffff8ee21ab8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd7/0x370 [ 503.124002][ T38] 4 locks held by syz-executor/8303: [ 503.124016][ T38] #0: ffff88803494a480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 503.124082][ T38] #1: ffff88806f839478 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 503.124145][ T38] #2: ffff888029d0cb48 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 [ 503.124215][ T38] #3: ffffffff8ee21ab8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd7/0x370 [ 503.124281][ T38] 4 locks held by syz-executor/8322: [ 503.124294][ T38] #0: ffff88803494a480 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0 [ 503.124358][ T38] #1: ffff8880776d8078 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540 [ 503.124422][ T38] #2: ffff888029d0cb48 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x232/0x540 [ 503.124500][ T38] #3: ffffffff8ee21ab8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd7/0x370 [ 503.124566][ T38] 2 locks held by syz-executor/8343: [ 503.124580][ T38] #0: ffffffff8ede99e8 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 503.124649][ T38] #1: ffffffff8f5ac9f8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 [ 503.124713][ T38] [ 503.124755][ T38] ============================================= [ 503.124755][ T38] [ 503.124833][ T38] NMI backtrace for cpu 1 [ 503.124857][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 503.124887][ T38] Tainted: [L]=SOFTLOCKUP [ 503.124895][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 503.124909][ T38] Call Trace: [ 503.124918][ T38] [ 503.124928][ T38] dump_stack_lvl+0xe8/0x150 [ 503.124958][ T38] nmi_cpu_backtrace+0x274/0x2d0 [ 503.124987][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 503.125016][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x380 [ 503.125047][ T38] sys_info+0x135/0x170 [ 503.125071][ T38] watchdog+0xfd3/0x1030 [ 503.125103][ T38] ? watchdog+0x1c9/0x1030 [ 503.125133][ T38] kthread+0x388/0x470 [ 503.125159][ T38] ? __pfx_watchdog+0x10/0x10 [ 503.125180][ T38] ? __pfx_kthread+0x10/0x10 [ 503.125206][ T38] ret_from_fork+0x514/0xb70 [ 503.125237][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 503.125263][ T38] ? __switch_to+0xc79/0x1410 [ 503.125289][ T38] ? __pfx_kthread+0x10/0x10 [ 503.125315][ T38] ret_from_fork_asm+0x1a/0x30 [ 503.125360][ T38] [ 503.125368][ T38] Sending NMI from CPU 1 to CPUs 0: [ 503.125401][ C0] NMI backtrace for cpu 0 [ 503.125418][ C0] CPU: 0 UID: 0 PID: 5593 Comm: sshd-session Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 503.125445][ C0] Tainted: [L]=SOFTLOCKUP [ 503.125452][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 503.125463][ C0] RIP: 0010:vm_normal_page+0x7c/0x1d0 [ 503.125493][ C0] Code: ff ff ff ff 00 00 00 48 21 c3 4c 89 f6 48 81 e6 00 02 00 00 31 ff e8 83 19 af ff 4c 89 f0 48 25 00 02 00 00 0f 85 a6 00 00 00 <4c> 8b 2d 7d 4d 98 0d 48 89 df 4c 89 ee e8 a2 16 af ff 4c 39 eb 0f [ 503.125555][ C0] RSP: 0018:ffffc900043575a8 EFLAGS: 00000246 [ 503.125571][ C0] RAX: 0000000000000000 RBX: 0000000000040a35 RCX: ffff88803511dd00 [ 503.125584][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 503.125595][ C0] RBP: ffffc90004357800 R08: 0000000000000000 R09: 0000000000000000 [ 503.125607][ C0] R10: dffffc0000000000 R11: fffff94000205a47 R12: ffff888040101780 [ 503.125621][ C0] R13: dffffc0000000000 R14: 8400000040a35825 R15: 000055fdf90aa000 [ 503.125635][ C0] FS: 0000000000000000(0000) GS:ffff888125c7e000(0000) knlGS:0000000000000000 [ 503.125650][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 503.125663][ C0] CR2: 000055fdf90adee8 CR3: 000000000dfb8000 CR4: 00000000003526f0 [ 503.125679][ C0] Call Trace: [ 503.125687][ C0] [ 503.125695][ C0] __zap_vma_range+0xd09/0x4ab0 [ 503.125749][ C0] ? __pfx___zap_vma_range+0x10/0x10 [ 503.125782][ C0] ? mas_find+0xb0e/0xd30 [ 503.125808][ C0] ? unmap_vmas+0x1c5/0x570 [ 503.125836][ C0] unmap_vmas+0x3ac/0x570 [ 503.125867][ C0] ? __pfx_unmap_vmas+0x10/0x10 [ 503.125906][ C0] exit_mmap+0x280/0x9e0 [ 503.125935][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 503.125955][ C0] ? do_raw_spin_lock+0x12b/0x2f0 [ 503.125980][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 503.126012][ C0] ? __pfx_exit_aio+0x10/0x10 [ 503.126040][ C0] ? uprobe_clear_state+0x2bf/0x3f0 [ 503.126068][ C0] __mmput+0xcb/0x3e0 [ 503.126095][ C0] exit_mm+0x18e/0x250 [ 503.126117][ C0] do_exit+0x6a2/0x22c0 [ 503.126136][ C0] ? lockdep_hardirqs_on+0x7a/0x110 [ 503.126166][ C0] ? rt_spin_lock+0x1e0/0x400 [ 503.126186][ C0] ? __pfx_do_exit+0x10/0x10 [ 503.126206][ C0] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 503.126232][ C0] ? rt_spin_unlock+0x160/0x200 [ 503.126255][ C0] do_group_exit+0x21b/0x2d0 [ 503.126276][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.126296][ C0] __x64_sys_exit_group+0x3f/0x40 [ 503.126321][ C0] x64_sys_call+0x221a/0x2240 [ 503.126346][ C0] do_syscall_64+0x174/0x580 [ 503.126376][ C0] ? trace_irq_disable+0x3b/0x140 [ 503.126397][ C0] ? clear_bhb_loop+0x40/0x90 [ 503.126418][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.126437][ C0] RIP: 0033:0x7f5165d166c5 [ 503.126453][ C0] Code: Unable to access opcode bytes at 0x7f5165d1669b. [ 503.126493][ C0] RSP: 002b:00007ffe2c322168 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 503.126511][ C0] RAX: ffffffffffffffda RBX: 00000000000000ff RCX: 00007f5165d166c5 [ 503.126524][ C0] RDX: 00000000000000e7 RSI: fffffffffffffea0 RDI: 00000000000000ff [ 503.126536][ C0] RBP: 000055fdf90a5e80 R08: 0000000000000000 R09: 0000000000000000 [ 503.126548][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe2c3221e4 [ 503.126559][ C0] R13: 000055fdf10cd4e3 R14: 000055fdf10de4f0 R15: 00000000000015da [ 503.126582][ C0] [ 503.127415][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 503.127444][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 503.127475][ T38] Tainted: [L]=SOFTLOCKUP [ 503.127483][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 503.127497][ T38] Call Trace: [ 503.127506][ T38] [ 503.127515][ T38] vpanic+0x56c/0xa60 [ 503.127550][ T38] ? __pfx___schedule+0x10/0x10 [ 503.127581][ T38] ? __pfx_vpanic+0x10/0x10 [ 503.127624][ T38] panic+0xc5/0xd0 [ 503.127656][ T38] ? __pfx_panic+0x10/0x10 [ 503.127690][ T38] ? preempt_schedule_thunk+0x16/0x40 [ 503.127730][ T38] ? nmi_trigger_cpumask_backtrace+0x319/0x380 [ 503.127763][ T38] watchdog+0x102c/0x1030 [ 503.127796][ T38] ? watchdog+0x1c9/0x1030 [ 503.127827][ T38] kthread+0x388/0x470 [ 503.127853][ T38] ? __pfx_watchdog+0x10/0x10 [ 503.127875][ T38] ? __pfx_kthread+0x10/0x10 [ 503.127902][ T38] ret_from_fork+0x514/0xb70 [ 503.127931][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 503.127960][ T38] ? __switch_to+0xc79/0x1410 [ 503.127985][ T38] ? __pfx_kthread+0x10/0x10 [ 503.128012][ T38] ret_from_fork_asm+0x1a/0x30 [ 503.128057][ T38] [ 503.128681][ T38] Kernel Offset: disabled