last executing test programs: 4.85100669s ago: executing program 1: r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/card1/oss_mixer\x00', 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4.483097376s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000008000000000500000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180000000000000000000000000000008500000050"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 4.090714304s ago: executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x20, 0x0) 3.857795975s ago: executing program 1: socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_io_uring_setup(0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2, 0x9}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000000f40)=[{{0x0, 0xcb000000, 0x0}}], 0x28000, 0x0) 3.722768291s ago: executing program 0: socket$unix(0x1, 0x1, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) ioctl$KDSKBLED(0xffffffffffffffff, 0x5450, 0x0) 3.351570558s ago: executing program 0: socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2, 0x9}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000000f40)=[{{0x0, 0xcb000000, 0x0}}], 0x28000, 0x0) 1.08814558s ago: executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) write$FUSE_INIT(r0, &(0x7f0000000280)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0x0, 0x4, 0x1f, 0x2}}, 0x50) 752.257555ms ago: executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$IPCTNL_MSG_EXP_GET(r1, &(0x7f0000003300)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000410221"], 0x14}}, 0x0) recvmsg$inet_nvme(r1, &(0x7f0000005900)={&(0x7f0000003440)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, 0x0}, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$DEVLINK_CMD_TRAP_SET(r2, 0x0, 0x0) 692.363528ms ago: executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x4, 0xf1, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r2}, 0x10) write$cgroup_int(r0, &(0x7f00000004c0), 0x12) 341.629704ms ago: executing program 0: socket$unix(0x1, 0x1, 0x0) socket$inet_icmp(0x2, 0x2, 0x1) ioctl$KDSKBLED(0xffffffffffffffff, 0x5450, 0x0) 204.72318ms ago: executing program 1: r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r2, 0x80184132, &(0x7f0000000240)) 0s ago: executing program 0: socket$l2tp(0x2, 0x2, 0x73) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) r1 = io_uring_setup(0x3eae, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000080)={&(0x7f0000c15000/0x1000)=nil, &(0x7f0000508000/0x4000)=nil, 0x1000}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:58725' (ED25519) to the list of known hosts. 1970/01/01 00:02:16 fuzzer started 1970/01/01 00:02:19 dialing manager at localhost:30006 syzkaller login: [ 141.622671][ T3198] cgroup: Unknown subsys name 'net' [ 142.032084][ T3198] cgroup: Unknown subsys name 'rlimit' [ 142.147681][ T3194] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 1970/01/01 00:02:22 starting 2 executor processes [ 147.686026][ T3208] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.784086][ T3208] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 147.803165][ T3209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.897151][ T3209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 149.892411][ T3208] hsr_slave_0: entered promiscuous mode [ 149.951670][ T3208] hsr_slave_1: entered promiscuous mode [ 150.313170][ T3209] hsr_slave_0: entered promiscuous mode [ 150.357953][ T3209] hsr_slave_1: entered promiscuous mode [ 150.396624][ T3209] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 150.397778][ T3209] Cannot create hsr debugfs directory [ 151.358627][ T3208] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 151.398277][ T3208] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 151.434286][ T3208] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 151.451824][ T3208] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 151.637533][ T3209] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 151.669261][ T3209] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 151.707660][ T3209] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 151.737961][ T3209] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 153.278287][ T3208] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.457061][ T3209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 160.014156][ T3209] veth0_vlan: entered promiscuous mode [ 160.092144][ T3209] veth1_vlan: entered promiscuous mode [ 160.371748][ T3209] veth0_macvtap: entered promiscuous mode [ 160.415387][ T3209] veth1_macvtap: entered promiscuous mode [ 160.740274][ T3208] veth0_vlan: entered promiscuous mode [ 160.754201][ T3209] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.757081][ T3209] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.758366][ T3209] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.759554][ T3209] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.887010][ T3208] veth1_vlan: entered promiscuous mode [ 161.293277][ T3208] veth0_macvtap: entered promiscuous mode [ 161.326114][ T3208] veth1_macvtap: entered promiscuous mode [ 161.692689][ T3208] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.694146][ T3208] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.716366][ T3208] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.717592][ T3208] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.788115][ T3342] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 162.419321][ T3345] loop1: detected capacity change from 0 to 1024 [ 162.501888][ T3345] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 162.513940][ T3345] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 162.570820][ T3345] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 162.634271][ T3345] EXT4-fs (loop1): orphan cleanup on readonly fs [ 162.763090][ T3345] EXT4-fs error (device loop1): ext4_free_blocks:6589: comm syz-executor.1: Freeing blocks not in datazone - block = 0, count = 4096 [ 162.783372][ T3345] EXT4-fs (loop1): Remounting filesystem read-only [ 162.788043][ T3345] EXT4-fs (loop1): 1 orphan inode deleted [ 162.814095][ T3345] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 163.070173][ T3209] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.556415][ T3353] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 164.447224][ T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 164.490511][ C0] hrtimer: interrupt took 858672 ns [ 164.746240][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 164.748689][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 164.751252][ T10] usb 1-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 164.753116][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.782022][ T10] usb 1-1: config 0 descriptor?? [ 165.381038][ T10] hid-generic 0003:06CB:73F5.0001: unknown main item tag 0x0 [ 165.421222][ T10] hid-generic 0003:06CB:73F5.0001: hidraw0: USB HID v0.00 Device [HID 06cb:73f5] on usb-dummy_hcd.0-1/input0 [ 165.588953][ T25] usb 1-1: USB disconnect, device number 2 [ 175.104987][ C1] sched: RT throttling activated [ 175.884080][ T3405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 175.899877][ T3405] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 177.326707][ T3413] loop0: detected capacity change from 0 to 128 [ 179.745932][ T30] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 179.975669][ T30] usb 1-1: Using ep0 maxpacket: 8 [ 180.050275][ T30] usb 1-1: config 0 has an invalid interface number: 52 but max is 0 [ 180.051121][ T30] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 180.052004][ T30] usb 1-1: config 0 has no interface number 0 [ 180.052704][ T30] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 180.053468][ T30] usb 1-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 180.054322][ T30] usb 1-1: config 0 interface 52 has no altsetting 0 [ 180.066245][ T30] usb 1-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00 [ 180.066964][ T30] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.097733][ T30] usb 1-1: config 0 descriptor?? [ 180.367335][ T10] usb 1-1: USB disconnect, device number 3 [ 181.136471][ T3438] sctp: [Deprecated]: syz-executor.1 (pid 3438) Use of int in max_burst socket option deprecated. [ 181.136471][ T3438] Use struct sctp_assoc_value instead [ 184.769408][ T3457] loop1: detected capacity change from 0 to 512 [ 185.060764][ T3457] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 185.106984][ T3457] EXT4-fs error (device loop1): ext4_readdir:258: inode #2: block 3: comm syz-executor.1: path /syzkaller-testdir2476893904/syzkaller.aSkQDq/26/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0 [ 185.202742][ T3457] EXT4-fs error (device loop1): ext4_readdir:258: inode #2: block 12: comm syz-executor.1: path /syzkaller-testdir2476893904/syzkaller.aSkQDq/26/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 185.252366][ T3457] EXT4-fs error (device loop1): ext4_readdir:258: inode #2: block 13: comm syz-executor.1: path /syzkaller-testdir2476893904/syzkaller.aSkQDq/26/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 185.282272][ T3457] EXT4-fs error (device loop1): ext4_readdir:258: inode #2: block 14: comm syz-executor.1: path /syzkaller-testdir2476893904/syzkaller.aSkQDq/26/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 185.289526][ T3457] EXT4-fs error (device loop1): ext4_readdir:258: inode #2: block 15: comm syz-executor.1: path /syzkaller-testdir2476893904/syzkaller.aSkQDq/26/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 185.297420][ T3457] EXT4-fs error (device loop1): ext4_readdir:258: inode #2: block 16: comm syz-executor.1: path /syzkaller-testdir2476893904/syzkaller.aSkQDq/26/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 185.303786][ T3457] EXT4-fs error (device loop1): ext4_readdir:258: inode #2: block 17: comm syz-executor.1: path /syzkaller-testdir2476893904/syzkaller.aSkQDq/26/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 185.312360][ T3457] EXT4-fs error (device loop1): ext4_map_blocks:580: inode #2: block 18: comm syz-executor.1: lblock 23 mapped to illegal pblock 18 (length 1) [ 185.508225][ T3209] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.146420][ T3479] loop1: detected capacity change from 0 to 512 [ 188.232142][ T3479] EXT4-fs error (device loop1): ext4_validate_block_bitmap:440: comm syz-executor.1: bg 0: block 393: padding at end of block bitmap is not set [ 188.239276][ T3479] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6551: Corrupt filesystem [ 188.243899][ T3479] EXT4-fs (loop1): 2 truncates cleaned up [ 188.249625][ T3479] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 188.288374][ T3479] netlink: 'syz-executor.1': attribute type 10 has an invalid length. [ 188.401855][ T3209] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.888635][ T3487] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 188.890987][ T3487] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 188.901781][ T3487] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 188.915578][ T3487] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 188.920706][ T3487] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 188.933050][ T3487] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 188.941484][ T3487] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 188.996754][ T3489] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 188.998354][ T3489] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 190.603113][ T3509] loop1: detected capacity change from 0 to 1024 [ 190.741795][ T3509] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 191.223268][ T3209] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.056517][ T8] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 194.306301][ T8] usb 1-1: device descriptor read/64, error -71 [ 194.595746][ T8] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 194.787392][ T8] usb 1-1: device descriptor read/64, error -71 [ 194.908957][ T8] usb usb1-port1: attempt power cycle [ 195.366706][ T8] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 195.437669][ T8] usb 1-1: device descriptor read/8, error -71 [ 195.726526][ T8] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 195.787085][ T8] usb 1-1: device descriptor read/8, error -71 [ 195.911432][ T8] usb usb1-port1: unable to enumerate USB device [ 211.919459][ T3637] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 211.921095][ T3637] CPU: 1 PID: 3637 Comm: syz-executor.1 Not tainted 6.10.0-rc1-syzkaller-00027-g4a4be1ad3a6e #0 [ 211.922906][ T3637] Hardware name: linux,dummy-virt (DT) [ 211.924484][ T3637] Call trace: [ 211.926086][ T3637] dump_backtrace+0x94/0xec [ 211.927683][ T3637] show_stack+0x18/0x24 [ 211.928548][ T3637] dump_stack_lvl+0x38/0x90 [ 211.929455][ T3637] dump_stack+0x18/0x24 [ 211.930187][ T3637] panic+0x39c/0x3d0 [ 211.930887][ T3637] schedule+0x0/0x104 [ 211.931692][ T3637] preempt_schedule_irq+0x3c/0x80 [ 211.932603][ T3637] el1_interrupt+0x4c/0x64 [ 211.933644][ T3637] el1h_64_irq_handler+0x18/0x24 [ 211.934795][ T3637] el1h_64_irq+0x64/0x68 [ 211.935614][ T3637] mulaw_decode+0x104/0x1e8 [ 211.936505][ T3637] mulaw_transfer+0x58/0x6c [ 211.937245][ T3637] snd_pcm_plug_write_transfer+0xcc/0x1a4 [ 211.938193][ T3637] snd_pcm_oss_write2+0xb8/0x1ac [ 211.939021][ T3637] snd_pcm_oss_write+0x290/0x340 [ 211.940229][ T3637] vfs_write+0xd0/0x368 [ 211.940966][ T3637] ksys_write+0x70/0x104 [ 211.941891][ T3637] __arm64_sys_write+0x1c/0x28 [ 211.942896][ T3637] invoke_syscall+0x48/0x118 [ 211.943817][ T3637] el0_svc_common.constprop.0+0x40/0xe0 [ 211.944988][ T3637] do_el0_svc+0x1c/0x28 [ 211.946071][ T3637] el0_svc+0x34/0xf8 [ 211.946964][ T3637] el0t_64_sync_handler+0x100/0x12c [ 211.947884][ T3637] el0t_64_sync+0x19c/0x1a0 [ 211.949141][ T3637] SMP: stopping secondary CPUs [ 211.950776][ T3637] Kernel Offset: disabled [ 211.952048][ T3637] CPU features: 0x00,00000006,8f17bd7c,1767f6bf [ 211.953980][ T3637] Memory Limit: none [ 211.955728][ T3637] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:14:40 Registers: info registers vcpu 0 CPU#0 PC=ffff80008068b148 X00=00000000077000c6 X01=f8f000000c45db40 X02=0000000000000025 X03=000000008d09b7ee X04=0000000000000003 X05=000000000000000b X06=000000000000000b X07=fbf0000004c83b9c X08=0000000000000128 X09=000000000000000c X10=0000000000000004 X11=0000000000000000 X12=0000000000000001 X13=00000000000003ca X14=00000000000003ca X15=1850b022f8674afc X16=e2d100001f33ffff X17=fb6f8b5f6402ebe9 X18=0000000000000000 X19=f9f0000002c4eb00 X20=fcf00000067a0800 X21=0000000000000820 X22=0000000000000001 X23=0000000000000001 X24=0000000000000004 X25=f5f0000005902000 X26=ffff8000825d9ad0 X27=ffff800082356908 X28=0000000000000000 X29=ffff800080003380 X30=ddcf8000814b44d8 SP=ffff800080003380 PSTATE=20400009 --C- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffe8c05f50:0000ffff83826a64 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffe8c06140:0000ffffe8c06170 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffe8c05f40:ffffff80ffffffd8 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000033631:0000ffff83980000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffe8c06170:431bde82d7b634db Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffe8c06170:0000ffffe8c06170 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffe8c06140 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff80008197e844 X00=ffff8000828e6628 X01=00000000000000c0 X02=ffff8000828e6608 X03=0000000000000000 X04=ffff80008ba0344f X05=ffff800082850ce7 X06=392e31313220205b X07=205b5d3438343432 X08=7f7f7f7f7f7f7f7f X09=ffff80008ba03340 X10=000000000000005d X11=0000000000000350 X12=5b5d343834343239 X13=205d373336335420 X14=0000000000000000 X15=ffff80008ba03250 X16=302e30312e362064 X17=7a79732d3163722d X18=ffffffffffffffff X19=0000000000000000 X20=00000000000000c0 X21=ffff80008ba0365f X22=ffff800082604000 X23=ffff80008ba03660 X24=0000000000000023 X25=ffff8000825dffe0 X26=ffff800082734138 X27=ffff8000825b0008 X28=00000000000000c0 X29=ffff80008ba034e0 X30=ffff800080795948 SP=ffff80008ba034e0 PSTATE=604000c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000007002000000:0000007002000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000070 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000028:0000000000000070 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000fffff23438f0:0000fffff23438f0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000fffff23438c0 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000