last executing test programs: 29.76056086s ago: executing program 3 (id=709): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r0) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0xe4, r1, 0xe701ac47a3d23ecd, 0x0, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0xce, 0x1, 'C\xec\xf8\xa0w\x15|\xd8\xbcs\xe1\xb93\x14\xcd\xcb\xb6\xb9\xbb\x84\xe5\xbc\xdb\x7f\x9a\xf2\xea\xcc\x91:v@\xe83-\x1d\xaagQl\x7f\tKt\fc\x1f\x17]\xd5\xd0\xf0\xa8\xeb\xd2g\x92\x04\x02\v\x00od\xe6,\xd3@I\x17\xf3\xbees0\xad\xc6\xbf/*\xb6(o\x91t\x12\x93U6\xf4@n\xdc\xdc\x8a7y\x81FY\xbe\xbbc\xd2\xc3\x01\xa5\xe2V\x8c\xb3im~\xd2V\xdaG\xbdbF\xc8n\x86\xac\x9c\xfb\xda\xe2&\"\xb4:\x13\xe9\tc\x85\xb4\xcb\x17\xbfm\x846\xe7\x7fp\x9eCdb\xad;\xa2\x8fs\xbf6\xe8\xe3Xg3&\xe2 \xd6\n\x9d=~<\x93/\xaf\x89\x06+\x96]\xb5+\xee\xff8^D*\xdb\xb8\xd8t\x80\xd4\x8fK=E0\xe8R\x83'}]}, 0xe4}}, 0x20040084) 29.499941901s ago: executing program 3 (id=711): setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x4004f50d, 0x0) r2 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x26) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_BLANKSCREEN(r3, 0x560e, &(0x7f0000000000)) ioctl$I2C_PEC(0xffffffffffffffff, 0x708, 0xc0) ioctl$TIOCSWINSZ(r3, 0x5414, &(0x7f0000000040)={0x9, 0x2, 0x1000, 0x5}) 28.596628987s ago: executing program 3 (id=723): r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0x5b06, 0x0) 24.219986021s ago: executing program 3 (id=739): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2}) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000040)=0x1) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x2) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000180)=@mmap={0x1, 0x1, 0xfffffffffffffe05, 0x8, 0x81, {}, {0x4, 0x8, 0x8, 0x5, 0x29, 0x9, "0adb3fb8"}, 0x5}) 23.608132456s ago: executing program 3 (id=745): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) syz_fuse_handle_req(r0, 0x0, 0x0, 0x0) setxattr$system_posix_acl(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='system.posix_acl_default\x00', &(0x7f0000000500)={{}, {0x1, 0x4}, [{0x2, 0x5}], {0x4, 0x2}, [{0x8, 0x2}], {0x10, 0x2}}, 0x34, 0x1) syz_fuse_handle_req(r0, 0x0, 0x0, 0x0) 22.116873576s ago: executing program 3 (id=751): socket$igmp6(0xa, 0x3, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x8, 0x5, 0x0, 0x9, 0x0, 0x2, 0xfa11, 0xffffffff}, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) poll(&(0x7f0000000140)=[{r0, 0x2141}, {r0, 0x1}], 0x2, 0x8000004) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20) connect$l2tp6(r2, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20) sendmmsg$inet6(r2, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0}}], 0x17fd147c801ae9af, 0xff00) 10.426611275s ago: executing program 2 (id=794): openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0) syz_io_uring_setup(0x3e3, 0x0, &(0x7f0000000000)=0x0, 0x0, 0x0) syz_io_uring_modify_offsets$generic(r0, 0x0, 0x2c, 0x10000) mmap$IORING_OFF_SQES(&(0x7f0000fed000/0x13000)=nil, 0x13000, 0x1, 0x20010, 0xffffffffffffffff, 0x10000000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x25104000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_ublk_setup_io_uring(0x7bf9, &(0x7f0000000340)={0x0, 0x1e12, 0x1000, 0x2, 0x1e5}, &(0x7f0000000000)=0x0, &(0x7f0000000080)=0x0, &(0x7f0000000140)=0x0) r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@gettaction={0x28, 0x5a, 0x1, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x28}}, 0x0) syz_io_uring_submit$UBLK(r5, r6, r7, &(0x7f0000001a00)=@ublk_ctrl_cmd_sqes={0x2e, 0x40, 0x0, 0xffffffffffffffff, 0x80207501, 0x0, 0x0, 0x0, 0x1, 0x986, 0x0, 0x0, '\x00', @get_dev_info_cmd={0x0, 0xffff, 0x0, 0x0}}) syz_ublk_add_dev(r4, r5, r6, r7, &(0x7f00000003c0)={0x2e, 0x5, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000200)=@any_dev={0x4, 0xd74, 0x0, 0x0, 0x1000, 0x68ba, 0x0, 0x0, 0x10}}}, 0x0) 9.873925335s ago: executing program 4 (id=796): r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x101000, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x17}) 8.967825002s ago: executing program 2 (id=798): r0 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x4, 0x3132564e, 0x8, 0xfffffffd, 0x0, 0x5, 0xfeedcafe, 0x3, 0x7, 0x1}}) r1 = syz_open_dev$evdev(0x0, 0x1ff, 0x80900) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x40004580, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace$PTRACE_SETSIGMASK(0x420b, r2, 0x8, &(0x7f00000000c0)={[0x1]}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f0000000b2e2b5ab40bf85edaca83"], 0x0}, 0x0) syz_usb_control_io(r4, 0x0, &(0x7f0000000c00)={0x44, &(0x7f0000000580)=ANY=[@ANYBLOB="000301"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x8080) ioctl$HIDIOCSFLAG(r5, 0x4004480f, &(0x7f0000000040)=0x3) read$hiddev(r5, &(0x7f0000001140)=""/126, 0x7e) ioctl$HIDIOCGUSAGE(r5, 0xc018480b, 0x0) r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r7 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r7, 0x4601, &(0x7f0000000100)={0x60, 0xf0, 0x60, 0x0, 0x0, 0x4db, 0x8, 0x0, {0x5, 0x40}, {0x0, 0x1}, {0x8000}, {0x3, 0x0, 0x1}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffc00, 0x0, 0x400, 0x0, 0x0, 0x21, 0x0, 0x0, 0x7}) rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) rseq(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r8 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "5d9bc136c963254c661fb620148b6f72ca6ae2a44829bfa79ec13499f8ec9077d85d879711d98bb1687ad36dfe5f14a7b0ce15c1e6be0e7ecabfdfde0dfa00b1"}, 0x48, 0xffffffffffffffff) open_by_handle_at(r5, &(0x7f00000002c0)=ANY=[@ANYBLOB="0c0000000100ffffffff7f"], 0x40101) pipe2$watch_queue(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r8, r9, 0x7a) keyctl$invalidate(0x15, r8) r10 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x26d, 0xec000000, 0xcd}]}) 8.719259252s ago: executing program 4 (id=800): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) mkdir(0x0, 0x0) chmod(0x0, 0x100) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000) io_uring_enter(0xffffffffffffffff, 0x6a8a, 0xffefffff, 0x21, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0) r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x2000, 0x2, 0x3}, 0x18, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f00000001c0)={0x1211, r2}, 0x0) landlock_restrict_self(r1, 0x0) linkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file2\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) 8.712729505s ago: executing program 1 (id=801): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x40000000100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) shmat(0x0, &(0x7f0000d6f000/0x3000)=nil, 0x6000) shmdt(0x0) mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='f2fs\x00', 0x10, &(0x7f0000000100)='barrier') socket$netlink(0x10, 0x3, 0xf) ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000300)={0x203, 0xa, 0x2}) getpid() 7.769534827s ago: executing program 4 (id=802): syz_emit_ethernet(0xe, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaa000000000000008864"], 0x0) 6.324772611s ago: executing program 32 (id=751): socket$igmp6(0xa, 0x3, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x8, 0x5, 0x0, 0x9, 0x0, 0x2, 0xfa11, 0xffffffff}, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) poll(&(0x7f0000000140)=[{r0, 0x2141}, {r0, 0x1}], 0x2, 0x8000004) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20) connect$l2tp6(r2, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20) sendmmsg$inet6(r2, &(0x7f0000000ac0)=[{{&(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, 0x1b, 0x0}}], 0x17fd147c801ae9af, 0xff00) 6.143304491s ago: executing program 1 (id=806): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x100000001) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x14, 0x2a, 0xa01, 0xfffffffc, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x40000d0}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r7, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00"/151], 0x13c}}, 0x20040880) r9 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000000), r2) sendmsg$NET_DM_CMD_START(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r9, 0x1, 0x70bd27, 0x25dfdbfd}, 0x14}}, 0x40000) 6.142615695s ago: executing program 4 (id=807): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000c00000009"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xb, 0x8, 0x2, 0x6, 0x1}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{}, &(0x7f00000002c0), &(0x7f0000000480)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32, @ANYBLOB="0000000000000000b7080000010000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 4.35288657s ago: executing program 1 (id=809): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002d00)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x0, 0x4f, 0x0, 0x8}, 0x28) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000000016000000060001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000180)}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000540)={r1, 0x58, &(0x7f00000004c0)}, 0x10) 4.097174334s ago: executing program 0 (id=810): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f0000000480)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x2, 0xa2ad, 0xffff, 0x7, 0x5, "73ec8f7f4f994242a51098ceaf1e64bc8bbe1d85db5442305fc1d2f24c2148137bef5226bd87d017bb706c11d81e2d42de8dc71a75039525f881f38d159d9637d4ad699d40686e10853ab4df2690870c77642d665b27274ba7666b41ce809b0bd692748f3449c8bbf1a8359e7cb5d1aa6f9fca89e86def465e67fbd5633ac48b"}) 3.952225369s ago: executing program 4 (id=811): r0 = syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB=' #)'], 0x0, 0x0, 0x0, 0x0}, 0x0) 3.594233977s ago: executing program 2 (id=812): fchdir(0xffffffffffffffff) ioctl$F2FS_IOC_GET_FEATURES(0xffffffffffffffff, 0x8004f50c, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000380)={0xfffffff8, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r1, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a) 3.44773315s ago: executing program 0 (id=813): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0xfffffffffffffe02, &(0x7f00000002c0)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000300)={0x28, 0x0, 0x2711, @local}, 0x10) ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, 0x0) r1 = fsopen(0x0, 0x1) r2 = gettid() rt_sigqueueinfo(r2, 0x21, &(0x7f0000000100)={0x1f}) ioprio_set$pid(0x1, r2, 0x4000) bpf$ENABLE_STATS(0x20, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x1, 0x6, 0x7ff00003}]}) r3 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000240), 0x200000, 0x0) pidfd_getfd(0xffffffffffffffff, r3, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) 3.410702962s ago: executing program 1 (id=814): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x40, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, 0x0}], 0x1, 0x21, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000040)=0x1000) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x40000073, 0x0, 0x81}]}) 2.898460843s ago: executing program 4 (id=815): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) r1 = epoll_create1(0x80000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x2000001c}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r1, &(0x7f0000000000)={0xa0000001}) epoll_pwait(r4, &(0x7f0000000040)=[{}], 0x1, 0xff, 0x0, 0x2000) 2.898301023s ago: executing program 0 (id=816): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000012c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109024a0001100000000904000003fe03010009cd8d1f00020000000905050200067e001009058b1e", @ANYRESHEX], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, 0x0, 0x0) 2.287352347s ago: executing program 0 (id=817): socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x28}}, 0x0) signalfd(0xffffffffffffffff, 0x0, 0x0) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0x0) openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$qrtr(0x2a, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) keyctl$instantiate(0xc, 0x0, 0x0, 0x2a, 0x0) add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@deltaction={0x14, 0x31, 0x2, 0x70bd26, 0x25dfdbff}, 0x14}}, 0x0) mount(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000000)='ubifs\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file3\x00', 0x105042, 0x0) mount(&(0x7f0000000280)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000300)='./file3\x00', &(0x7f0000000340)='gfs2\x00', 0x0, 0x0) 2.286846561s ago: executing program 2 (id=818): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106-gcm-aesni\x00'}, 0x58) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x100000001) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)={0x14, 0x2a, 0xa01, 0xfffffffc, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x40000d0}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r7, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00"/151], 0x13c}}, 0x20040880) r9 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000000), r2) sendmsg$NET_DM_CMD_START(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r9, 0x1, 0x70bd27, 0x25dfdbfd}, 0x14}}, 0x40000) 2.166498018s ago: executing program 1 (id=819): r0 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r0, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x69}, [@call={0x85, 0x0, 0x0, 0x97}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x60}, 0x94) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000940)=@newtfilter={0x54, 0x2c, 0xf3f, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x3, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_fw={{0x7}, {0x4}}, @filter_kind_options=@f_bpf={{0x8}, {0x1c, 0x2, [@TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_FD={0x8, 0x6, r2}, @TCA_BPF_ACT={0x4}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x20041090}, 0x0) 1.881756185s ago: executing program 0 (id=820): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000c00000009"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xb, 0x8, 0x2, 0x6, 0x1}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{}, &(0x7f00000002c0), &(0x7f0000000480)}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r4, 0x0, 0xd, 0x0, &(0x7f0000000100)="c1dfb061cd21d3084d94d35486", 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 453.33013ms ago: executing program 2 (id=821): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x400) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f0000000040)={0x5}) 169.134859ms ago: executing program 1 (id=822): r0 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x4, 0x3132564e, 0x8, 0xfffffffd, 0x0, 0x5, 0xfeedcafe, 0x3, 0x7, 0x1}}) r1 = syz_open_dev$evdev(0x0, 0x1ff, 0x80900) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x40004580, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace$PTRACE_SETSIGMASK(0x420b, r2, 0x8, &(0x7f00000000c0)={[0x1]}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00220f0000000b2e2b5ab40bf85edaca83"], 0x0}, 0x0) syz_usb_control_io(r4, 0x0, &(0x7f0000000c00)={0x44, &(0x7f0000000580)=ANY=[@ANYBLOB="000301"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x8080) ioctl$HIDIOCSFLAG(r5, 0x4004480f, &(0x7f0000000040)=0x3) read$hiddev(r5, &(0x7f0000001140)=""/126, 0x7e) ioctl$HIDIOCGUSAGE(r5, 0xc018480b, 0x0) r6 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r7 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r7, 0x4601, &(0x7f0000000100)={0x60, 0xf0, 0x60, 0x0, 0x0, 0x4db, 0x8, 0x0, {0x5, 0x40}, {0x0, 0x1}, {0x8000}, {0x3, 0x0, 0x1}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffc00, 0x0, 0x400, 0x0, 0x0, 0x21, 0x0, 0x0, 0x7}) rseq(&(0x7f0000000400), 0x20, 0x0, 0x0) rseq(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r8 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "5d9bc136c963254c661fb620148b6f72ca6ae2a44829bfa79ec13499f8ec9077d85d879711d98bb1687ad36dfe5f14a7b0ce15c1e6be0e7ecabfdfde0dfa00b1"}, 0x48, 0xffffffffffffffff) open_by_handle_at(r5, &(0x7f00000002c0)=ANY=[@ANYBLOB="0c0000000100ffffffff7f"], 0x40101) pipe2$watch_queue(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r8, r9, 0x7a) 112.810271ms ago: executing program 2 (id=823): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/net\x00') r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000080)=0x7f) read$dsp(r0, &(0x7f0000000280)=""/79, 0x4f) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000a, 0x204031, 0xffffffffffffffff, 0xec776000) bpf$ENABLE_STATS(0x20, 0x0, 0x0) landlock_create_ruleset(0xfffffffffffffffe, 0x5c, 0x0) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x82381, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm(anubis))\x00'}, 0x58) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) close_range(r4, 0xffffffffffffffff, 0x0) r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="540000001200010004000000000000000a030000fffc4e220200000308000000000000380000000100"/56, @ANYRES32=0x0, @ANYBLOB="01000000ffffff7f00000000000000000800030011"], 0x54}}, 0x200040c4) syz_usb_connect$uac3(0x6, 0x89, &(0x7f0000000180)=ANY=[@ANYBLOB="12011003000000081e040500400001020301090277000301024000080b000101003000193a5fc8035c0d0c7a197168beddb9180904000000010130000a2401000a0008000000090401", @ANYRES8=r5], &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0}) bpf$ENABLE_STATS(0x20, &(0x7f0000000100), 0x4) 0s ago: executing program 0 (id=824): r0 = gettid() r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r1, &(0x7f0000000040)='\x00', 0x1) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) syz_open_procfs$pagemap(r0, &(0x7f00000000c0)) kernel console output (not intermixed with test programs): 158.289428][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 158.289438][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 158.289448][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 158.289458][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 158.289467][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 158.289485][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 158.289495][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 158.289505][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 158.289515][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 158.289525][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 158.289533][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 158.289542][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 158.289551][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 158.289561][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 158.289570][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 158.289580][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 158.289589][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 158.289598][ T10] gspca_vc032x: Unknown sensor... [ 158.289694][ T10] vc032x 5-1:0.0: probe with driver vc032x failed with error -22 [ 158.310009][ T5632] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 158.457721][ T10] usb 5-1: USB disconnect, device number 3 [ 158.645504][ T6156] loop3: detected capacity change from 0 to 16 [ 158.758868][ T38] kauditd_printk_skb: 119 callbacks suppressed [ 158.758889][ T38] audit: type=1326 audit(1780394917.157:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6153 comm="syz.3.100" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 158.758944][ T38] audit: type=1326 audit(1780394917.157:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6153 comm="syz.3.100" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 158.758992][ T38] audit: type=1326 audit(1780394917.157:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6153 comm="syz.3.100" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 158.759040][ T38] audit: type=1326 audit(1780394917.157:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6153 comm="syz.3.100" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 158.759105][ T38] audit: type=1326 audit(1780394917.157:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6153 comm="syz.3.100" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f9976d1cbc2 code=0x7ffc0000 [ 158.759153][ T38] audit: type=1326 audit(1780394917.157:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6153 comm="syz.3.100" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 158.768287][ T38] audit: type=1326 audit(1780394917.157:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6153 comm="syz.3.100" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f9976cdd68e code=0x7ffc0000 [ 158.938811][ T38] audit: type=1326 audit(1780394917.327:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6153 comm="syz.3.100" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f9976d1cc87 code=0x7ffc0000 [ 158.955988][ T38] audit: type=1326 audit(1780394917.357:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6153 comm="syz.3.100" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9976cdd68e code=0x7ffc0000 [ 158.977995][ T38] audit: type=1326 audit(1780394917.357:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6153 comm="syz.3.100" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9976d1caeb code=0x7ffc0000 [ 159.114551][ T6156] loop3: detected capacity change from 0 to 512 [ 159.202780][ T6158] netlink: 8 bytes leftover after parsing attributes in process `syz.1.101'. [ 159.277570][ T6156] EXT4-fs (loop3): 1 orphan inode deleted [ 159.356604][ T5623] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 159.494095][ T6156] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 159.618758][ T6156] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.100: invalid indirect mapped block 234881024 (level 0) [ 159.619270][ T6156] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 159.661444][ T6156] EXT4-fs (loop3): Remounting filesystem read-only [ 159.782887][ T6170] loop4: detected capacity change from 0 to 4096 [ 159.846175][ T6170] ntfs3(loop4): ino=0, mi_enum_attr [ 159.958010][ T6170] ntfs3(loop4): ino=0, mi_enum_attr [ 159.958328][ T6170] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 160.215402][ T6170] ntfs3(loop4): ino=0, mi_enum_attr [ 160.619041][ T5616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.734979][ T6184] netlink: 28 bytes leftover after parsing attributes in process `syz.1.109'. [ 160.735017][ T6184] netlink: 28 bytes leftover after parsing attributes in process `syz.1.109'. [ 161.090748][ T10] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 161.283901][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 161.283949][ T10] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 161.283966][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.331998][ T10] usb 2-1: config 0 descriptor?? [ 161.789241][ T10] ath6kl: Unsupported hardware version: 0x0 [ 161.825508][ T10] ath6kl: Failed to init ath6kl core: -22 [ 161.825887][ T10] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 162.159687][ T6199] loop3: detected capacity change from 0 to 32768 [ 162.160588][ T6199] btrfs: Deprecated parameter 'usebackuproot' [ 162.160603][ T6199] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 162.220223][ T6199] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.116 (6199) [ 162.229353][ T6199] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 162.229387][ T6199] BTRFS info (device loop3): using crc32c checksum algorithm [ 162.476063][ T68] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 162.479559][ T6199] BTRFS error (device loop3): failed to load root extent [ 162.487950][ T6199] BTRFS warning (device loop3): try to load backup roots slot 1 [ 162.490442][ T13] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 162.490590][ T6199] BTRFS warning (device loop3): couldn't read tree root [ 162.490612][ T6199] BTRFS warning (device loop3): try to load backup roots slot 2 [ 162.501518][ T3425] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 162.501630][ T6199] BTRFS warning (device loop3): couldn't read tree root [ 162.501651][ T6199] BTRFS warning (device loop3): try to load backup roots slot 3 [ 162.524165][ T6199] BTRFS info (device loop3): rebuilding free space tree [ 162.583700][ T37] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 162.831095][ T37] usb 5-1: Using ep0 maxpacket: 32 [ 162.834397][ T37] usb 5-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 162.834518][ T37] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.924503][ T37] usb 5-1: config 0 descriptor?? [ 162.971966][ T37] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 163.137605][ T6199] BTRFS info (device loop3): checking UUID tree [ 163.139205][ T6199] BTRFS info (device loop3): enabling ssd optimizations [ 163.139235][ T6199] BTRFS info (device loop3): turning on sync discard [ 163.139247][ T6199] BTRFS info (device loop3): enabling free space tree [ 163.139279][ T6199] BTRFS info (device loop3): force clearing of disk cache [ 163.139297][ T6199] BTRFS info (device loop3): enabling auto defrag [ 163.139316][ T6199] BTRFS info (device loop3): trying to use backup root at mount time [ 163.139336][ T6199] BTRFS info (device loop3): use zstd compression, level 3 [ 163.842931][ T5716] usb 2-1: USB disconnect, device number 6 [ 163.991298][ T6200] loop4: detected capacity change from 0 to 128 [ 164.038976][ T6200] EXT4-fs (loop4): Test dummy encryption mode enabled [ 164.096138][ T6200] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 164.106938][ T6200] ext4 filesystem being mounted at /14/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 164.208979][ T5616] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 165.322556][ T37] gspca_vc032x: reg_w err -110 [ 165.322576][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 165.322588][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 165.322597][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 165.322607][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 165.322616][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 165.322625][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 165.322633][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 165.322643][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 165.322652][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 165.322661][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 165.322670][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 165.322679][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 165.322688][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 165.322698][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 165.322707][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 165.322716][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 165.322725][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 165.322734][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 165.322743][ T37] gspca_vc032x: Unknown sensor... [ 165.322825][ T37] vc032x 5-1:0.0: probe with driver vc032x failed with error -22 [ 165.468495][ T6233] loop1: detected capacity change from 0 to 8192 [ 166.529977][ T5725] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 166.722625][ T5725] usb 4-1: config 0 has an invalid interface number: 69 but max is 0 [ 166.722656][ T5725] usb 4-1: config 0 has no interface number 0 [ 166.722703][ T5725] usb 4-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 166.722731][ T5725] usb 4-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 166.726281][ T5725] usb 4-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 166.726313][ T5725] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.726336][ T5725] usb 4-1: Product: syz [ 166.726352][ T5725] usb 4-1: Manufacturer: syz [ 166.726368][ T5725] usb 4-1: SerialNumber: syz [ 166.931957][ T5725] usb 4-1: config 0 descriptor?? [ 166.935877][ T6245] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 167.007789][ T5725] cyberjack 4-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 167.103028][ T10] usb 5-1: USB disconnect, device number 4 [ 167.311458][ T6245] netlink: 67 bytes leftover after parsing attributes in process `syz.3.120'. [ 167.447053][ T5623] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 167.464494][ T5725] usb 4-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 167.500222][ T6259] FAULT_INJECTION: forcing a failure. [ 167.500222][ T6259] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 167.500258][ T6259] CPU: 1 UID: 0 PID: 6259 Comm: syz.2.128 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 167.500282][ T6259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 167.500296][ T6259] Call Trace: [ 167.500305][ T6259] [ 167.500314][ T6259] dump_stack_lvl+0xe8/0x150 [ 167.500350][ T6259] should_fail_ex+0x46b/0x600 [ 167.500384][ T6259] _copy_from_user+0x2d/0xb0 [ 167.500419][ T6259] __snd_timer_user_ioctl+0x18d2/0x44e0 [ 167.500457][ T6259] ? kasan_quarantine_put+0xbb/0x1f0 [ 167.500492][ T6259] ? __pfx___snd_timer_user_ioctl+0x10/0x10 [ 167.500525][ T6259] ? tomoyo_path_number_perm+0x219/0x630 [ 167.500553][ T6259] ? look_up_lock_class+0x57/0x110 [ 167.500577][ T6259] ? register_lock_class+0x31/0x2e0 [ 167.500613][ T6259] ? __lock_acquire+0x6b5/0x2d10 [ 167.500669][ T6259] ? do_raw_spin_lock+0x12b/0x2f0 [ 167.500708][ T6259] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 167.500745][ T6259] ? lockdep_hardirqs_on+0x7a/0x110 [ 167.500769][ T6259] ? mutex_lock_nested+0x152/0x1d0 [ 167.500796][ T6259] ? snd_timer_user_ioctl+0x4f/0x90 [ 167.500828][ T6259] ? __pfx_snd_timer_user_ioctl+0x10/0x10 [ 167.500867][ T6259] snd_timer_user_ioctl+0x5e/0x90 [ 167.500900][ T6259] __se_sys_ioctl+0xff/0x170 [ 167.500922][ T6259] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.500946][ T6259] do_syscall_64+0x174/0x580 [ 167.500967][ T6259] ? trace_irq_disable+0x3b/0x140 [ 167.500995][ T6259] ? clear_bhb_loop+0x40/0x90 [ 167.501027][ T6259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.501049][ T6259] RIP: 0033:0x7f459475ce59 [ 167.501070][ T6259] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 167.501088][ T6259] RSP: 002b:00007f45929ae028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 167.501112][ T6259] RAX: ffffffffffffffda RBX: 00007f45949d5fa0 RCX: 00007f459475ce59 [ 167.501129][ T6259] RDX: 0000200000000280 RSI: 0000000040345410 RDI: 0000000000000003 [ 167.501141][ T6259] RBP: 00007f45929ae090 R08: 0000000000000000 R09: 0000000000000000 [ 167.501155][ T6259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 167.501168][ T6259] R13: 00007f45949d6038 R14: 00007f45949d5fa0 R15: 00007ffe11952188 [ 167.501209][ T6259] [ 167.560637][ T5725] usb 4-1: USB disconnect, device number 9 [ 167.987980][ T5725] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 167.988645][ T5725] cyberjack 4-1:0.69: device disconnected [ 168.226140][ T6263] FAULT_INJECTION: forcing a failure. [ 168.226140][ T6263] name failslab, interval 1, probability 0, space 0, times 0 [ 168.226175][ T6263] CPU: 1 UID: 0 PID: 6263 Comm: syz.4.130 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 168.226196][ T6263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 168.226208][ T6263] Call Trace: [ 168.226215][ T6263] [ 168.226224][ T6263] dump_stack_lvl+0xe8/0x150 [ 168.226257][ T6263] should_fail_ex+0x46b/0x600 [ 168.226289][ T6263] should_failslab+0xa8/0x100 [ 168.226321][ T6263] __kvmalloc_node_noprof+0x170/0x8e0 [ 168.226365][ T6263] ? cgroup_pidlist_start+0x41a/0x1270 [ 168.226400][ T6263] cgroup_pidlist_start+0x41a/0x1270 [ 168.226437][ T6263] ? __pfx_cgroup_pidlist_start+0x10/0x10 [ 168.226466][ T6263] ? kernfs_seq_start+0xb2/0x420 [ 168.226489][ T6263] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 168.226520][ T6263] ? lockdep_hardirqs_on+0x7a/0x110 [ 168.226548][ T6263] kernfs_seq_start+0x1c9/0x420 [ 168.226572][ T6263] traverse+0x164/0x580 [ 168.226595][ T6263] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 168.226633][ T6263] seq_read_iter+0xd09/0xe20 [ 168.226653][ T6263] ? __pfx_aa_file_perm+0x10/0x10 [ 168.226682][ T6263] ? kstrtoull+0x12f/0x1d0 [ 168.226716][ T6263] do_iter_readv_writev+0x62b/0x8d0 [ 168.226739][ T6263] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 168.226767][ T6263] ? rw_verify_area+0x2ac/0x4e0 [ 168.226808][ T6263] vfs_readv+0x292/0x850 [ 168.226857][ T6263] ? __pfx_vfs_readv+0x10/0x10 [ 168.226895][ T6263] ? __fget_files+0x2a/0x420 [ 168.226927][ T6263] ? __fget_files+0x3a6/0x420 [ 168.226953][ T6263] ? __fget_files+0x2a/0x420 [ 168.226988][ T6263] __x64_sys_preadv+0x1a2/0x2b0 [ 168.227012][ T6263] ? __pfx___x64_sys_preadv+0x10/0x10 [ 168.227041][ T6263] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.227064][ T6263] do_syscall_64+0x174/0x580 [ 168.227083][ T6263] ? trace_irq_disable+0x3b/0x140 [ 168.227109][ T6263] ? clear_bhb_loop+0x40/0x90 [ 168.227134][ T6263] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.227154][ T6263] RIP: 0033:0x7f27f808ce59 [ 168.227173][ T6263] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 168.227206][ T6263] RSP: 002b:00007f27f62e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 168.227230][ T6263] RAX: ffffffffffffffda RBX: 00007f27f8305fa0 RCX: 00007f27f808ce59 [ 168.227245][ T6263] RDX: 0000000000000001 RSI: 00002000000002c0 RDI: 0000000000000003 [ 168.227258][ T6263] RBP: 00007f27f62e6090 R08: 0000000000000800 R09: 0000000000000000 [ 168.227272][ T6263] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 168.227284][ T6263] R13: 00007f27f8306038 R14: 00007f27f8305fa0 R15: 00007ffddc31a0b8 [ 168.227320][ T6263] [ 169.712634][ T6252] loop1: detected capacity change from 0 to 32768 [ 169.820820][ T5725] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 169.990231][ T5725] usb 5-1: Using ep0 maxpacket: 32 [ 170.000950][ T5725] usb 5-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 170.001026][ T5725] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.093037][ T5725] usb 5-1: config 0 descriptor?? [ 170.141517][ T5725] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 170.343051][ T6265] loop3: detected capacity change from 0 to 32768 [ 170.648994][ T6265] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.134 (6265) [ 170.972188][ T6265] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 170.972224][ T6265] BTRFS info (device loop3): using sha256 checksum algorithm [ 171.159595][ T6286] loop4: detected capacity change from 0 to 128 [ 171.178719][ T6286] EXT4-fs (loop4): Test dummy encryption mode enabled [ 171.300011][ T37] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 171.302164][ T6286] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 171.422997][ T6286] ext4 filesystem being mounted at /18/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 171.432382][ T37] usb 2-1: device descriptor read/64, error -71 [ 171.504242][ T5725] gspca_vc032x: reg_w err -110 [ 171.504262][ T5725] gspca_vc032x: I2c Bus Busy Wait 00 [ 171.504274][ T5725] gspca_vc032x: I2c Bus Busy Wait 00 [ 171.504283][ T5725] gspca_vc032x: I2c Bus Busy Wait 00 [ 171.504293][ T5725] gspca_vc032x: I2c Bus Busy Wait 00 [ 171.504301][ T5725] gspca_vc032x: I2c Bus Busy Wait 00 [ 171.504310][ T5725] gspca_vc032x: I2c Bus Busy Wait 00 [ 171.504319][ T5725] gspca_vc032x: I2c Bus Busy Wait 00 [ 171.504328][ T5725] gspca_vc032x: I2c Bus Busy Wait 00 [ 171.504337][ T5725] gspca_vc032x: I2c Bus Busy Wait 00 [ 171.504346][ T5725] gspca_vc032x: I2c Bus Busy Wait 00 [ 171.504356][ T5725] gspca_vc032x: I2c Bus Busy Wait 00 [ 171.504366][ T5725] gspca_vc032x: I2c Bus Busy Wait 00 [ 171.504376][ T5725] gspca_vc032x: I2c Bus Busy Wait 00 [ 171.504385][ T5725] gspca_vc032x: I2c Bus Busy Wait 00 [ 171.504395][ T5725] gspca_vc032x: I2c Bus Busy Wait 00 [ 171.504404][ T5725] gspca_vc032x: I2c Bus Busy Wait 00 [ 171.504413][ T5725] gspca_vc032x: I2c Bus Busy Wait 00 [ 171.504423][ T5725] gspca_vc032x: I2c Bus Busy Wait 00 [ 171.504432][ T5725] gspca_vc032x: Unknown sensor... [ 171.504514][ T5725] vc032x 5-1:0.0: probe with driver vc032x failed with error -22 [ 171.780038][ T37] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 171.911661][ T37] usb 2-1: device descriptor read/64, error -71 [ 172.020445][ T37] usb usb2-port1: attempt power cycle [ 172.380236][ T37] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 172.426869][ T37] usb 2-1: device descriptor read/8, error -71 [ 172.448420][ T6265] BTRFS error (device loop3): open_ctree failed: -4 [ 172.680014][ T37] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 172.708187][ T37] usb 2-1: device descriptor read/8, error -71 [ 172.771853][ T6338] netlink: 20 bytes leftover after parsing attributes in process `syz.3.157'. [ 172.810333][ T37] usb usb2-port1: unable to enumerate USB device [ 172.815157][ T6341] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 173.984014][ T6347] loop2: detected capacity change from 0 to 32768 [ 174.006160][ T6347] (syz.2.158,6347,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 174.012081][ T6347] (syz.2.158,6347,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 174.074401][ T6347] (syz.2.158,6347,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xbec99099, computed 0x3881d996. Applying ECC. [ 174.076363][ T6347] (syz.2.158,6347,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x93f628a2, computed 0x2aee8be5. Applying ECC. [ 174.092011][ T6347] JBD2: Ignoring recovery information on journal [ 174.305456][ T6347] (syz.2.158,6347,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xbec99099, computed 0x3881d996. Applying ECC. [ 174.309464][ T6347] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 174.345443][ T6347] (syz.2.158,6347,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x93f628a2, computed 0x2aee8be5. Applying ECC. [ 174.374413][ T6347] (syz.2.158,6347,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x98842a5e, computed 0xe74db1cd. Applying ECC. [ 174.662432][ T6341] (syz.2.158,6341,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x1cec3d0f, computed 0xd2ffbdfe. Applying ECC. [ 174.716163][ T5924] usb 5-1: USB disconnect, device number 5 [ 174.898231][ T6359] loop1: detected capacity change from 0 to 32768 [ 174.901687][ T6359] btrfs: Deprecated parameter 'usebackuproot' [ 174.901708][ T6359] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 174.930728][ T6359] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.163 (6359) [ 174.983964][ T6359] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 174.983998][ T6359] BTRFS info (device loop1): using crc32c checksum algorithm [ 175.044253][ T5623] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 175.146985][ T1029] BTRFS warning (device loop1): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 175.147699][ T6359] BTRFS error (device loop1): failed to load root extent [ 175.147743][ T6359] BTRFS warning (device loop1): try to load backup roots slot 1 [ 175.148718][ T1029] BTRFS warning (device loop1): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 175.148835][ T6359] BTRFS warning (device loop1): couldn't read tree root [ 175.148854][ T6359] BTRFS warning (device loop1): try to load backup roots slot 2 [ 175.151231][ T1029] BTRFS error (device loop1): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 175.151309][ T6359] BTRFS warning (device loop1): couldn't read tree root [ 175.151329][ T6359] BTRFS warning (device loop1): try to load backup roots slot 3 [ 175.290434][ T6359] BTRFS info (device loop1): rebuilding free space tree [ 175.388739][ T6383] FAULT_INJECTION: forcing a failure. [ 175.388739][ T6383] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 175.388777][ T6383] CPU: 1 UID: 0 PID: 6383 Comm: syz.0.169 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 175.388802][ T6383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 175.388816][ T6383] Call Trace: [ 175.388824][ T6383] [ 175.388833][ T6383] dump_stack_lvl+0xe8/0x150 [ 175.388868][ T6383] should_fail_ex+0x46b/0x600 [ 175.388903][ T6383] _copy_from_user+0x2d/0xb0 [ 175.388939][ T6383] bpf_test_init+0xd8/0x150 [ 175.388968][ T6383] bpf_prog_test_run_skb+0x392/0x2260 [ 175.388990][ T6383] ? bpf_prog_test_run_skb+0x181/0x2260 [ 175.389043][ T6383] ? __fget_files+0x3a6/0x420 [ 175.389071][ T6383] ? __fget_files+0x2a/0x420 [ 175.389107][ T6383] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 175.389132][ T6383] bpf_prog_test_run+0x2cd/0x340 [ 175.389167][ T6383] __sys_bpf+0xa20/0xd90 [ 175.389209][ T6383] ? __pfx___sys_bpf+0x10/0x10 [ 175.389248][ T6383] ? lockdep_hardirqs_on+0x7a/0x110 [ 175.389271][ T6383] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 175.389337][ T6383] ? ksys_write+0x248/0x270 [ 175.389373][ T6383] ? __pfx_ksys_write+0x10/0x10 [ 175.389413][ T6383] __x64_sys_bpf+0xba/0xd0 [ 175.389439][ T6383] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.389463][ T6383] do_syscall_64+0x174/0x580 [ 175.389485][ T6383] ? trace_irq_disable+0x3b/0x140 [ 175.389513][ T6383] ? clear_bhb_loop+0x40/0x90 [ 175.389554][ T6383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.389575][ T6383] RIP: 0033:0x7fa2404bce59 [ 175.389595][ T6383] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 175.389612][ T6383] RSP: 002b:00007fa23e716028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 175.389634][ T6383] RAX: ffffffffffffffda RBX: 00007fa240735fa0 RCX: 00007fa2404bce59 [ 175.389650][ T6383] RDX: 0000000000000050 RSI: 0000200000000900 RDI: 000000000000000a [ 175.389663][ T6383] RBP: 00007fa23e716090 R08: 0000000000000000 R09: 0000000000000000 [ 175.389676][ T6383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 175.389688][ T6383] R13: 00007fa240736038 R14: 00007fa240735fa0 R15: 00007ffd920e2138 [ 175.389722][ T6383] [ 175.484705][ T6341] (syz.2.158,6341,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x2c7b5077, computed 0x4d558a87. Applying ECC. [ 175.484820][ T6341] (syz.2.158,6341,0):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0x2c7b5077, computed 0x5d2751af [ 175.484894][ T6341] (syz.2.158,6341,0):ocfs2_read_quota_phys_block:160 ERROR: status = -5 [ 175.484952][ T6341] (syz.2.158,6341,0):ocfs2_quota_read:201 ERROR: status = -5 [ 175.485003][ T6341] __quota_error: 128 callbacks suppressed [ 175.485033][ T6341] Quota error (device loop2): find_tree_dqentry: Can't read quota tree block 5 [ 175.485552][ T6341] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 175.485643][ T6341] (syz.2.158,6341,0):ocfs2_acquire_dquot:904 ERROR: status = -5 [ 175.702621][ T6341] (syz.2.158,6341,1):ocfs2_symlink:1892 ERROR: status = -5 [ 175.704630][ T6341] (syz.2.158,6341,1):ocfs2_symlink:2078 ERROR: status = -5 [ 178.030046][ T6359] BTRFS warning (device loop1): discard failed for extent [5259264, 5267455]: errno=-512 unknown [ 178.030534][ T6359] BTRFS info (device loop1): checking UUID tree [ 178.030606][ T6359] BTRFS error (device loop1): failed to check the UUID tree: -4 [ 178.184646][ T6359] BTRFS error (device loop1): open_ctree failed: -4 [ 178.576272][ T5914] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 178.778034][ T5914] usb 5-1: config 0 has an invalid interface number: 69 but max is 0 [ 178.778065][ T5914] usb 5-1: config 0 has no interface number 0 [ 178.778127][ T5914] usb 5-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 178.778155][ T5914] usb 5-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 178.823851][ T5914] usb 5-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 178.823884][ T5914] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.823906][ T5914] usb 5-1: Product: syz [ 178.823921][ T5914] usb 5-1: Manufacturer: syz [ 178.823937][ T5914] usb 5-1: SerialNumber: syz [ 178.866320][ T5914] usb 5-1: config 0 descriptor?? [ 178.873648][ T6390] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 179.027760][ T5914] cyberjack 5-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 179.069268][ T5914] usb 5-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 179.111005][ T6390] netlink: 67 bytes leftover after parsing attributes in process `syz.4.166'. [ 179.300140][ T5914] usb 5-1: USB disconnect, device number 6 [ 179.348948][ T5914] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 179.411319][ T5914] cyberjack 5-1:0.69: device disconnected [ 179.718436][ T5619] ocfs2: Unmounting device (7,2) on (node local) [ 180.141533][ T10] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 180.315764][ T6416] FAULT_INJECTION: forcing a failure. [ 180.315764][ T6416] name failslab, interval 1, probability 0, space 0, times 0 [ 180.315801][ T6416] CPU: 1 UID: 0 PID: 6416 Comm: syz.0.181 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 180.315824][ T6416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 180.315836][ T6416] Call Trace: [ 180.315844][ T6416] [ 180.315854][ T6416] dump_stack_lvl+0xe8/0x150 [ 180.315888][ T6416] should_fail_ex+0x46b/0x600 [ 180.315922][ T6416] should_failslab+0xa8/0x100 [ 180.315957][ T6416] __kmalloc_noprof+0xdf/0x7b0 [ 180.315987][ T6416] ? tomoyo_encode+0x28b/0x550 [ 180.316035][ T6416] tomoyo_encode+0x28b/0x550 [ 180.316071][ T6416] tomoyo_realpath_from_path+0x58d/0x5d0 [ 180.316105][ T6416] ? tomoyo_domain+0xd7/0x130 [ 180.316142][ T6416] ? tomoyo_path_number_perm+0x219/0x630 [ 180.316168][ T6416] tomoyo_path_number_perm+0x246/0x630 [ 180.316197][ T6416] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 180.316222][ T6416] ? __lock_acquire+0x6b5/0x2d10 [ 180.316254][ T6416] ? do_raw_spin_lock+0x12b/0x2f0 [ 180.316330][ T6416] ? __fget_files+0x2a/0x420 [ 180.316363][ T6416] ? __fget_files+0x2a/0x420 [ 180.316391][ T6416] ? __fget_files+0x3a6/0x420 [ 180.316420][ T6416] ? __fget_files+0x2a/0x420 [ 180.316456][ T6416] security_file_ioctl+0xc3/0x2a0 [ 180.316483][ T6416] __se_sys_ioctl+0x47/0x170 [ 180.316505][ T6416] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.316530][ T6416] do_syscall_64+0x174/0x580 [ 180.316553][ T6416] ? trace_irq_disable+0x3b/0x140 [ 180.316581][ T6416] ? clear_bhb_loop+0x40/0x90 [ 180.316610][ T6416] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.316632][ T6416] RIP: 0033:0x7fa2404bce59 [ 180.316653][ T6416] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 180.316671][ T6416] RSP: 002b:00007fa23e716028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 180.316695][ T6416] RAX: ffffffffffffffda RBX: 00007fa240735fa0 RCX: 00007fa2404bce59 [ 180.316732][ T6416] RDX: 0000200000000040 RSI: 00000000000089e1 RDI: 0000000000000004 [ 180.316747][ T6416] RBP: 00007fa23e716090 R08: 0000000000000000 R09: 0000000000000000 [ 180.316760][ T6416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 180.316773][ T6416] R13: 00007fa240736038 R14: 00007fa240735fa0 R15: 00007ffd920e2138 [ 180.316812][ T6416] [ 180.316846][ T6416] ERROR: Out of memory at tomoyo_realpath_from_path. [ 180.322641][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 180.329406][ T10] usb 4-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 180.329480][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.620080][ T10] usb 4-1: config 0 descriptor?? [ 180.686793][ T10] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 183.081988][ T10] gspca_vc032x: reg_w err -110 [ 183.082008][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 183.082018][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 183.082026][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 183.082033][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 183.082042][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 183.082051][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 183.082059][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 183.082068][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 183.082076][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 183.082085][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 183.082094][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 183.082102][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 183.082110][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 183.082117][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 183.082125][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 183.082133][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 183.082141][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 183.082149][ T10] gspca_vc032x: I2c Bus Busy Wait 00 [ 183.082156][ T10] gspca_vc032x: Unknown sensor... [ 183.082229][ T10] vc032x 4-1:0.0: probe with driver vc032x failed with error -22 [ 183.416689][ T10] usb 4-1: USB disconnect, device number 10 [ 183.823802][ T6431] loop4: detected capacity change from 0 to 32768 [ 183.825068][ T6431] btrfs: Deprecated parameter 'usebackuproot' [ 183.825091][ T6431] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 183.842813][ T6431] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.185 (6431) [ 183.860725][ T6432] loop2: detected capacity change from 0 to 32768 [ 183.861995][ T6432] btrfs: Deprecated parameter 'usebackuproot' [ 183.862018][ T6432] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 183.936522][ T6432] BTRFS info: device /dev/loop2 (7:2) using temp-fsid 80cceea1-842e-4073-b13d-5b86fdab3087 [ 183.936591][ T6432] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.171 (6432) [ 183.986133][ T6431] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 183.986170][ T6431] BTRFS info (device loop4): using crc32c checksum algorithm [ 184.021625][ T6432] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 184.021660][ T6432] BTRFS info (device loop2): using crc32c checksum algorithm [ 184.238061][ T1029] BTRFS warning (device loop4): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 184.238214][ T6431] BTRFS error (device loop4): failed to load root extent [ 184.238267][ T6431] BTRFS warning (device loop4): try to load backup roots slot 1 [ 184.254165][ T1228] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 184.254664][ T6432] BTRFS error (device loop2): failed to load root extent [ 184.254782][ T6432] BTRFS warning (device loop2): try to load backup roots slot 1 [ 184.281986][ T126] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 184.282322][ T6432] BTRFS warning (device loop2): couldn't read tree root [ 184.282385][ T6432] BTRFS warning (device loop2): try to load backup roots slot 2 [ 184.382101][ T56] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 184.382220][ T6432] BTRFS warning (device loop2): couldn't read tree root [ 184.382236][ T6432] BTRFS warning (device loop2): try to load backup roots slot 3 [ 184.437760][ T6432] BTRFS info (device loop2): rebuilding free space tree [ 184.455531][ T13] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 184.457082][ T6431] BTRFS warning (device loop4): couldn't read tree root [ 184.457109][ T6431] BTRFS warning (device loop4): try to load backup roots slot 2 [ 184.459110][ T3278] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 184.461461][ T6431] BTRFS warning (device loop4): couldn't read tree root [ 184.461486][ T6431] BTRFS warning (device loop4): try to load backup roots slot 3 [ 184.646612][ T6431] BTRFS info (device loop4): rebuilding free space tree [ 184.705879][ T6431] BTRFS info (device loop4): checking UUID tree [ 184.716243][ T6431] BTRFS info (device loop4): enabling ssd optimizations [ 184.716271][ T6431] BTRFS info (device loop4): turning on sync discard [ 184.716289][ T6431] BTRFS info (device loop4): enabling free space tree [ 184.716306][ T6431] BTRFS info (device loop4): force clearing of disk cache [ 184.716324][ T6431] BTRFS info (device loop4): enabling auto defrag [ 184.716342][ T6431] BTRFS info (device loop4): trying to use backup root at mount time [ 184.716361][ T6431] BTRFS info (device loop4): use zstd compression, level 3 [ 184.820557][ T6432] BTRFS info (device loop2): checking UUID tree [ 184.825398][ T6432] BTRFS info (device loop2): enabling ssd optimizations [ 184.825425][ T6432] BTRFS info (device loop2): turning on sync discard [ 184.825442][ T6432] BTRFS info (device loop2): enabling free space tree [ 184.825459][ T6432] BTRFS info (device loop2): force clearing of disk cache [ 184.825477][ T6432] BTRFS info (device loop2): enabling auto defrag [ 184.825494][ T6432] BTRFS info (device loop2): trying to use backup root at mount time [ 184.825514][ T6432] BTRFS info (device loop2): use zstd compression, level 3 [ 185.490735][ T5623] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 185.692746][ T5924] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 185.780732][ T5619] BTRFS info (device loop2): last unmount of filesystem 80cceea1-842e-4073-b13d-5b86fdab3087 [ 185.873086][ T5924] usb 4-1: config 0 has an invalid interface number: 69 but max is 0 [ 185.873117][ T5924] usb 4-1: config 0 has no interface number 0 [ 185.873159][ T5924] usb 4-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 185.873178][ T5924] usb 4-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 185.888147][ T5924] usb 4-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 185.888192][ T5924] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.888252][ T5924] usb 4-1: Product: syz [ 185.888288][ T5924] usb 4-1: Manufacturer: syz [ 185.888331][ T5924] usb 4-1: SerialNumber: syz [ 186.077364][ T5924] usb 4-1: config 0 descriptor?? [ 186.081885][ T6474] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 186.262365][ T5924] cyberjack 4-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 186.351991][ T6474] netlink: 67 bytes leftover after parsing attributes in process `syz.3.192'. [ 186.418846][ T5924] usb 4-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 186.546674][ T5924] usb 4-1: USB disconnect, device number 11 [ 188.678316][ T5924] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 188.679212][ T5924] cyberjack 4-1:0.69: device disconnected [ 190.129170][ T6525] FAULT_INJECTION: forcing a failure. [ 190.129170][ T6525] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 190.129203][ T6525] CPU: 0 UID: 0 PID: 6525 Comm: syz.3.214 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 190.129224][ T6525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 190.129235][ T6525] Call Trace: [ 190.129242][ T6525] [ 190.129249][ T6525] dump_stack_lvl+0xe8/0x150 [ 190.129280][ T6525] should_fail_ex+0x46b/0x600 [ 190.129307][ T6525] _copy_from_user+0x2d/0xb0 [ 190.129344][ T6525] __copy_msghdr+0x3c5/0x5b0 [ 190.129367][ T6525] ___sys_sendmsg+0x213/0x360 [ 190.129385][ T6525] ? __lock_acquire+0x6b5/0x2d10 [ 190.129413][ T6525] ? __pfx____sys_sendmsg+0x10/0x10 [ 190.129465][ T6525] ? __fget_files+0x2a/0x420 [ 190.129488][ T6525] ? __fget_files+0x3a6/0x420 [ 190.129526][ T6525] __x64_sys_sendmsg+0x1c3/0x2a0 [ 190.129548][ T6525] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 190.129575][ T6525] ? __pfx_ksys_write+0x10/0x10 [ 190.129611][ T6525] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.129631][ T6525] do_syscall_64+0x174/0x580 [ 190.129648][ T6525] ? trace_irq_disable+0x3b/0x140 [ 190.129671][ T6525] ? clear_bhb_loop+0x40/0x90 [ 190.129697][ T6525] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.129715][ T6525] RIP: 0033:0x7f9976d1ce59 [ 190.129733][ T6525] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 190.129747][ T6525] RSP: 002b:00007f9974f6e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 190.129766][ T6525] RAX: ffffffffffffffda RBX: 00007f9976f95fa0 RCX: 00007f9976d1ce59 [ 190.129779][ T6525] RDX: 0000000000000011 RSI: 0000200000001780 RDI: 0000000000000003 [ 190.129790][ T6525] RBP: 00007f9974f6e090 R08: 0000000000000000 R09: 0000000000000000 [ 190.129801][ T6525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 190.129811][ T6525] R13: 00007f9976f96038 R14: 00007f9976f95fa0 R15: 00007fff3bc95a38 [ 190.129841][ T6525] [ 190.320032][ T5836] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 190.480384][ T5836] usb 5-1: config 0 has an invalid interface number: 69 but max is 0 [ 190.480415][ T5836] usb 5-1: config 0 has no interface number 0 [ 190.480463][ T5836] usb 5-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 190.480492][ T5836] usb 5-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 190.521901][ T5836] usb 5-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 190.521940][ T5836] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.521962][ T5836] usb 5-1: Product: syz [ 190.521978][ T5836] usb 5-1: Manufacturer: syz [ 190.521994][ T5836] usb 5-1: SerialNumber: syz [ 190.572550][ T5836] usb 5-1: config 0 descriptor?? [ 190.588406][ T6522] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 190.613423][ T5836] cyberjack 5-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 192.699525][ T6522] netlink: 67 bytes leftover after parsing attributes in process `syz.4.212'. [ 192.757986][ T5836] usb 5-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 192.849604][ T5836] usb 5-1: USB disconnect, device number 7 [ 193.013915][ T5836] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 193.035953][ T5836] cyberjack 5-1:0.69: device disconnected [ 193.530823][ T5725] usb 4-1: new low-speed USB device number 12 using dummy_hcd [ 193.720781][ T5725] usb 4-1: unable to get BOS descriptor set [ 193.729731][ T5725] usb 4-1: config 1 has an invalid interface number: 0 but max is -1 [ 193.729762][ T5725] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 0 [ 193.761934][ T5725] usb 4-1: config 1 interface 0 has no altsetting 0 [ 193.848549][ T5725] usb 4-1: string descriptor 0 read error: -22 [ 193.848712][ T5725] usb 4-1: New USB device found, idVendor=05ac, idProduct=1440, bcdDevice= 0.40 [ 193.848739][ T5725] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.405408][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.405529][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.683266][ T5716] IPVS: starting estimator thread 0... [ 194.810111][ T6568] IPVS: using max 8 ests per chain, 19200 per kthread [ 194.941641][ T10] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 195.102164][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 195.107253][ T10] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x2 has invalid maxpacket 131, setting to 64 [ 195.107279][ T10] usb 5-1: config 0 interface 0 has no altsetting 0 [ 195.147102][ T10] usb 5-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 195.147136][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.147158][ T10] usb 5-1: Product: syz [ 195.147174][ T10] usb 5-1: Manufacturer: syz [ 195.147189][ T10] usb 5-1: SerialNumber: syz [ 195.202229][ T10] usb 5-1: config 0 descriptor?? [ 195.235031][ T10] snd_usb_toneport 5-1:0.0: Line 6 TonePort UX2 found [ 195.503539][ T10] snd_usb_toneport 5-1:0.0: Line 6 TonePort UX2 now disconnected [ 195.541996][ T10] snd_usb_toneport 5-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 195.678472][ T37] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 195.812161][ T10] usb 5-1: USB disconnect, device number 8 [ 195.862426][ T37] usb 3-1: Using ep0 maxpacket: 32 [ 195.874749][ T37] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 195.874781][ T37] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.001772][ T37] usb 3-1: config 0 descriptor?? [ 196.065518][ T37] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 197.091343][ T6575] loop2: detected capacity change from 0 to 128 [ 197.140139][ T6575] EXT4-fs (loop2): Test dummy encryption mode enabled [ 197.165175][ T6575] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 197.167178][ T6575] ext4 filesystem being mounted at /21/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 197.350215][ T37] gspca_vc032x: reg_w err -110 [ 197.350234][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.350246][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.350256][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.350265][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.350275][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.350284][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.350293][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.350303][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.350323][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.350333][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.350343][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.350352][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.350362][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.350371][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.350380][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.350390][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.350399][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.350409][ T37] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.350419][ T37] gspca_vc032x: Unknown sensor... [ 197.350507][ T37] vc032x 3-1:0.0: probe with driver vc032x failed with error -22 [ 198.845890][ T10] usb 3-1: USB disconnect, device number 3 [ 199.033343][ T5619] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 199.589200][ T5836] usb 4-1: USB disconnect, device number 12 [ 199.612041][ T6629] F2FS-fs: Value of option "test_dummy_encryption" is unrecognized [ 201.419206][ T6634] netlink: 20 bytes leftover after parsing attributes in process `syz.2.248'. [ 202.187615][ T6634] loop2: detected capacity change from 0 to 4096 [ 202.239234][ T6634] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 203.331407][ T6634] ntfs3(loop2): Failed to read $UpCase (-4). [ 207.579027][ T6667] loop2: detected capacity change from 0 to 32768 [ 207.582611][ T6667] btrfs: Deprecated parameter 'usebackuproot' [ 207.582634][ T6667] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 207.588609][ T6667] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.266 (6667) [ 207.602203][ T6667] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 207.602239][ T6667] BTRFS info (device loop2): using crc32c checksum algorithm [ 207.766971][ T3278] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 207.767075][ T6667] BTRFS error (device loop2): failed to load root extent [ 207.767114][ T6667] BTRFS warning (device loop2): try to load backup roots slot 1 [ 207.791452][ T56] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 207.791868][ T6667] BTRFS warning (device loop2): couldn't read tree root [ 207.791931][ T6667] BTRFS warning (device loop2): try to load backup roots slot 2 [ 207.793164][ T56] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 207.793434][ T6667] BTRFS warning (device loop2): couldn't read tree root [ 207.793523][ T6667] BTRFS warning (device loop2): try to load backup roots slot 3 [ 207.890993][ T6667] BTRFS info (device loop2): rebuilding free space tree [ 208.060595][ T6687] netlink: 67 bytes leftover after parsing attributes in process `syz.4.271'. [ 208.148624][ T6667] BTRFS info (device loop2): checking UUID tree [ 208.158193][ T6667] BTRFS info (device loop2): enabling ssd optimizations [ 208.158230][ T6667] BTRFS info (device loop2): turning on sync discard [ 208.158250][ T6667] BTRFS info (device loop2): enabling free space tree [ 208.158268][ T6667] BTRFS info (device loop2): force clearing of disk cache [ 208.158286][ T6667] BTRFS info (device loop2): enabling auto defrag [ 208.158304][ T6667] BTRFS info (device loop2): trying to use backup root at mount time [ 208.158324][ T6667] BTRFS info (device loop2): use zstd compression, level 3 [ 208.741550][ T5619] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 212.353499][ T5725] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 212.479976][ T5836] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 212.482016][ T6727] netlink: 28 bytes leftover after parsing attributes in process `syz.4.284'. [ 212.482050][ T6727] netlink: 28 bytes leftover after parsing attributes in process `syz.4.284'. [ 212.486464][ T5725] usb 2-1: device descriptor read/64, error -71 [ 212.629984][ T5836] usb 3-1: Using ep0 maxpacket: 32 [ 212.646959][ T5836] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 212.646990][ T5836] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.726619][ T5836] usb 3-1: config 0 descriptor?? [ 212.729309][ T6734] FAULT_INJECTION: forcing a failure. [ 212.729309][ T6734] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 212.729344][ T6734] CPU: 1 UID: 0 PID: 6734 Comm: syz.3.287 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 212.729368][ T6734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 212.729381][ T6734] Call Trace: [ 212.729389][ T6734] [ 212.729398][ T6734] dump_stack_lvl+0xe8/0x150 [ 212.729433][ T6734] should_fail_ex+0x46b/0x600 [ 212.729468][ T6734] _copy_to_user+0x31/0xb0 [ 212.729506][ T6734] simple_read_from_buffer+0xe1/0x170 [ 212.729543][ T6734] proc_fail_nth_read+0x1be/0x230 [ 212.729577][ T6734] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 212.729609][ T6734] ? rw_verify_area+0x2ac/0x4e0 [ 212.729643][ T6734] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 212.729673][ T6734] vfs_read+0x212/0xa80 [ 212.729718][ T6734] ? __pfx_vfs_read+0x10/0x10 [ 212.729759][ T6734] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 212.729796][ T6734] ? lockdep_hardirqs_on+0x7a/0x110 [ 212.729817][ T6734] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 212.729853][ T6734] ? mutex_lock_nested+0x152/0x1d0 [ 212.729881][ T6734] ? fdget_pos+0x252/0x320 [ 212.729929][ T6734] ksys_read+0x156/0x270 [ 212.729966][ T6734] ? __pfx_ksys_read+0x10/0x10 [ 212.729999][ T6734] ? __pfx_blkdev_ioctl+0x10/0x10 [ 212.730035][ T6734] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.730061][ T6734] do_syscall_64+0x174/0x580 [ 212.730083][ T6734] ? trace_irq_disable+0x3b/0x140 [ 212.730112][ T6734] ? clear_bhb_loop+0x40/0x90 [ 212.730141][ T6734] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.730163][ T6734] RIP: 0033:0x7f9976cdd68e [ 212.730183][ T6734] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 212.730203][ T6734] RSP: 002b:00007f9974f6dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 212.730227][ T6734] RAX: ffffffffffffffda RBX: 00007f9974f6e6c0 RCX: 00007f9976cdd68e [ 212.730244][ T6734] RDX: 000000000000000f RSI: 00007f9974f6e0a0 RDI: 0000000000000004 [ 212.730265][ T6734] RBP: 00007f9974f6e090 R08: 0000000000000000 R09: 0000000000000000 [ 212.730279][ T6734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.730293][ T6734] R13: 00007f9976f96038 R14: 00007f9976f95fa0 R15: 00007fff3bc95a38 [ 212.730333][ T6734] [ 212.750021][ T5725] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 212.835925][ T5924] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 213.011963][ T5924] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 213.012022][ T5924] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 213.012048][ T5924] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.049663][ T5836] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 213.103500][ T5924] usb 5-1: config 0 descriptor?? [ 213.150713][ T5725] usb 2-1: device descriptor read/64, error -71 [ 213.281155][ T5725] usb usb2-port1: attempt power cycle [ 213.740665][ T5725] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 213.743864][ T5924] ath6kl: Unsupported hardware version: 0x0 [ 213.748627][ T5924] ath6kl: Failed to init ath6kl core: -22 [ 213.749193][ T5924] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 213.820925][ T5725] usb 2-1: device descriptor read/8, error -71 [ 213.898968][ T6722] loop2: detected capacity change from 0 to 128 [ 213.939442][ T6722] EXT4-fs (loop2): Test dummy encryption mode enabled [ 213.986798][ T6722] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 213.987355][ T6722] ext4 filesystem being mounted at /25/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 214.008970][ T6727] netlink: 132 bytes leftover after parsing attributes in process `syz.4.284'. [ 214.071259][ T5725] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 214.100999][ T5725] usb 2-1: device descriptor read/8, error -71 [ 214.189979][ T5924] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 214.211014][ T5725] usb usb2-port1: unable to enumerate USB device [ 214.341688][ T5924] usb 4-1: not running at top speed; connect to a high speed hub [ 214.345477][ T5924] usb 4-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 214.348941][ T5924] usb 4-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=60.1b [ 214.348974][ T5924] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.348997][ T5924] usb 4-1: Product: syz [ 214.349014][ T5924] usb 4-1: Manufacturer: syz [ 214.349030][ T5924] usb 4-1: SerialNumber: syz [ 214.627352][ T6747] netlink: 36 bytes leftover after parsing attributes in process `syz.3.293'. [ 214.650406][ T6747] netlink: 40 bytes leftover after parsing attributes in process `syz.3.293'. [ 214.715985][ T6747] binder: 6746:6747 ioctl c038480a 200000000180 returned -22 [ 214.801200][ T6747] loop3: detected capacity change from 0 to 16 [ 214.935086][ T6747] erofs (device loop3): mounted with root inode @ nid 36. [ 215.048327][ T5924] usb 4-1: USB disconnect, device number 13 [ 215.118023][ T6764] loop0: detected capacity change from 0 to 32768 [ 215.127141][ T5836] gspca_vc032x: reg_r err -71 [ 215.127214][ T5836] gspca_vc032x: I2c Bus Busy Wait 00 [ 215.127246][ T5836] gspca_vc032x: I2c Bus Busy Wait 00 [ 215.127273][ T5836] gspca_vc032x: I2c Bus Busy Wait 00 [ 215.127295][ T5836] gspca_vc032x: I2c Bus Busy Wait 00 [ 215.127316][ T5836] gspca_vc032x: I2c Bus Busy Wait 00 [ 215.127344][ T5836] gspca_vc032x: I2c Bus Busy Wait 00 [ 215.127372][ T5836] gspca_vc032x: I2c Bus Busy Wait 00 [ 215.127394][ T5836] gspca_vc032x: I2c Bus Busy Wait 00 [ 215.127403][ T5836] gspca_vc032x: I2c Bus Busy Wait 00 [ 215.127412][ T5836] gspca_vc032x: I2c Bus Busy Wait 00 [ 215.127422][ T5836] gspca_vc032x: I2c Bus Busy Wait 00 [ 215.127432][ T5836] gspca_vc032x: I2c Bus Busy Wait 00 [ 215.127441][ T5836] gspca_vc032x: I2c Bus Busy Wait 00 [ 215.127451][ T5836] gspca_vc032x: I2c Bus Busy Wait 00 [ 215.127460][ T5836] gspca_vc032x: I2c Bus Busy Wait 00 [ 215.127470][ T5836] gspca_vc032x: I2c Bus Busy Wait 00 [ 215.127479][ T5836] gspca_vc032x: I2c Bus Busy Wait 00 [ 215.127503][ T5836] gspca_vc032x: I2c Bus Busy Wait 00 [ 215.127541][ T5836] gspca_vc032x: Unknown sensor... [ 215.127765][ T5836] vc032x 3-1:0.0: probe with driver vc032x failed with error -22 [ 215.146732][ T5836] usb 3-1: USB disconnect, device number 4 [ 215.179917][ T6764] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.300 (6764) [ 215.359758][ T6764] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 215.359843][ T6764] BTRFS info (device loop0): using crc32c checksum algorithm [ 215.520390][ T44] BTRFS warning (device loop0): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 215.520559][ T6764] BTRFS error (device loop0): failed to load root extent [ 215.520932][ T6764] BTRFS warning (device loop0): unable to release extent buffer 1052672 owner 3 gen 5 refs 3 flags 0x5 [ 215.521002][ T6764] BTRFS warning (device loop0): unable to release extent buffer 5332992 owner 1 gen 8 refs 3 flags 0x5 [ 215.521038][ T6764] BTRFS warning (device loop0): unable to release extent buffer 5337088 owner 2 gen 8 refs 3 flags 0xc [ 215.530964][ T32] usb 5-1: USB disconnect, device number 9 [ 215.625283][ T6764] BTRFS error (device loop0): open_ctree failed: -5 [ 215.963642][ T5619] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 216.540739][ T6789] loop2: detected capacity change from 0 to 128 [ 216.970883][ T6789] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 216.971081][ T6789] hpfs: filesystem error: improperly stopped [ 216.971101][ T6789] hpfs: You really don't want any checks? You are crazy... [ 216.986453][ T6798] loop3: detected capacity change from 0 to 16 [ 219.108233][ T38] audit: type=1326 audit(1780394977.507:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6797 comm="syz.3.309" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 219.108419][ T38] audit: type=1326 audit(1780394977.507:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6797 comm="syz.3.309" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 219.117445][ T38] audit: type=1326 audit(1780394977.517:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6797 comm="syz.3.309" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 219.137451][ T38] audit: type=1326 audit(1780394977.547:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6797 comm="syz.3.309" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 219.137613][ T38] audit: type=1326 audit(1780394977.547:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6797 comm="syz.3.309" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f9976d1cbc2 code=0x7ffc0000 [ 219.159152][ T38] audit: type=1326 audit(1780394977.557:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6797 comm="syz.3.309" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 219.294521][ T38] audit: type=1326 audit(1780394977.697:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6797 comm="syz.3.309" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f9976cdd68e code=0x7ffc0000 [ 219.334466][ T38] audit: type=1326 audit(1780394977.737:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6797 comm="syz.3.309" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f9976d1cc87 code=0x7ffc0000 [ 219.334509][ T38] audit: type=1326 audit(1780394977.737:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6797 comm="syz.3.309" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9976cdd68e code=0x7ffc0000 [ 219.334542][ T38] audit: type=1326 audit(1780394977.737:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6797 comm="syz.3.309" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9976d1caeb code=0x7ffc0000 [ 219.353495][ T5725] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 219.426957][ T6789] hpfs: hpfs_map_sector(): read error [ 219.427008][ T6789] hpfs: code page support is disabled [ 219.478050][ T6798] loop3: detected capacity change from 0 to 512 [ 219.499949][ T5725] usb 5-1: device descriptor read/64, error -71 [ 219.563854][ T6789] hpfs: hpfs_map_4sectors(): unaligned read [ 219.600582][ T6789] hpfs: hpfs_map_4sectors(): unaligned read [ 219.600605][ T6789] hpfs: filesystem error: unable to find root dir [ 219.679505][ T6798] EXT4-fs (loop3): 1 orphan inode deleted [ 219.698624][ T6798] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 219.797660][ T6798] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.309: invalid indirect mapped block 234881024 (level 0) [ 219.797742][ T6798] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 219.811361][ T5725] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 219.848408][ T6798] EXT4-fs (loop3): Remounting filesystem read-only [ 219.996873][ T5725] usb 5-1: device descriptor read/64, error -71 [ 220.101859][ T5725] usb usb5-port1: attempt power cycle [ 220.358896][ T5616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.401395][ T6813] loop2: detected capacity change from 0 to 2048 [ 220.480043][ T5725] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 220.502357][ T5725] usb 5-1: device descriptor read/8, error -71 [ 220.654751][ T6813] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 220.740011][ T5725] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 220.784300][ T5725] usb 5-1: device descriptor read/8, error -71 [ 220.903422][ T5725] usb usb5-port1: unable to enumerate USB device [ 221.004415][ T6819] loop3: detected capacity change from 0 to 32768 [ 221.005547][ T6819] btrfs: Deprecated parameter 'usebackuproot' [ 221.005568][ T6819] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 221.007131][ T6819] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.317 (6819) [ 221.023309][ T6819] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 221.023345][ T6819] BTRFS info (device loop3): using crc32c checksum algorithm [ 221.213403][ T3425] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 221.213534][ T6819] BTRFS error (device loop3): failed to load root extent [ 221.213579][ T6819] BTRFS warning (device loop3): try to load backup roots slot 1 [ 221.214835][ T3425] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 221.215694][ T6819] BTRFS warning (device loop3): couldn't read tree root [ 221.215736][ T6819] BTRFS warning (device loop3): try to load backup roots slot 2 [ 221.217253][ T3425] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 221.217341][ T6819] BTRFS warning (device loop3): couldn't read tree root [ 221.217363][ T6819] BTRFS warning (device loop3): try to load backup roots slot 3 [ 221.348618][ T6819] BTRFS info (device loop3): rebuilding free space tree [ 221.392696][ T6819] BTRFS info (device loop3): checking UUID tree [ 221.393391][ T6819] BTRFS info (device loop3): enabling ssd optimizations [ 221.393415][ T6819] BTRFS info (device loop3): turning on async discard [ 221.393432][ T6819] BTRFS info (device loop3): enabling free space tree [ 221.393450][ T6819] BTRFS info (device loop3): force clearing of disk cache [ 221.393469][ T6819] BTRFS info (device loop3): enabling auto defrag [ 221.393487][ T6819] BTRFS info (device loop3): trying to use backup root at mount time [ 221.393507][ T6819] BTRFS info (device loop3): use zstd compression, level 3 [ 221.704121][ T5616] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 221.874511][ T5836] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 222.009983][ T5836] usb 3-1: device descriptor read/64, error -71 [ 222.083865][ T5632] Bluetooth: hci2: command 0x0406 tx timeout [ 222.084006][ T5632] Bluetooth: hci4: command 0x0406 tx timeout [ 222.084036][ T5632] Bluetooth: hci1: command 0x0406 tx timeout [ 222.084148][ T5632] Bluetooth: hci0: command 0x0406 tx timeout [ 222.084167][ T5632] Bluetooth: hci3: command 0x0406 tx timeout [ 222.275761][ T5836] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 222.431582][ T5836] usb 3-1: device descriptor read/64, error -71 [ 222.567931][ T5836] usb usb3-port1: attempt power cycle [ 222.747150][ T6859] netlink: 28 bytes leftover after parsing attributes in process `syz.1.312'. [ 222.747194][ T6859] netlink: 28 bytes leftover after parsing attributes in process `syz.1.312'. [ 223.014052][ T5836] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 223.034011][ T5836] usb 3-1: device descriptor read/8, error -71 [ 223.100075][ T5914] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 223.251914][ T6871] netlink: 8 bytes leftover after parsing attributes in process `syz.3.328'. [ 223.256212][ T6871] netlink: 32 bytes leftover after parsing attributes in process `syz.3.328'. [ 223.270063][ T5836] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 223.365314][ T5914] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 223.365375][ T5914] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 223.365401][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.491031][ T5836] usb 3-1: device not accepting address 8, error -71 [ 223.491452][ T5836] usb usb3-port1: unable to enumerate USB device [ 223.665560][ T5914] usb 2-1: config 0 descriptor?? [ 224.175643][ T5914] ath6kl: Unsupported hardware version: 0x0 [ 224.240116][ T5914] ath6kl: Failed to init ath6kl core: -22 [ 224.240652][ T5914] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 224.302393][ T5924] IPVS: starting estimator thread 0... [ 224.383150][ T6859] netlink: 132 bytes leftover after parsing attributes in process `syz.1.312'. [ 224.390066][ T6893] IPVS: using max 9 ests per chain, 21600 per kthread [ 224.485612][ T6898] netlink: 28 bytes leftover after parsing attributes in process `syz.4.338'. [ 224.485652][ T6898] netlink: 28 bytes leftover after parsing attributes in process `syz.4.338'. [ 224.551953][ T5836] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 224.559919][ T5924] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 224.682886][ T5836] usb 4-1: device descriptor read/64, error -71 [ 224.750207][ T5924] usb 3-1: Using ep0 maxpacket: 8 [ 224.754301][ T5924] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x2 has invalid maxpacket 131, setting to 64 [ 224.754337][ T5924] usb 3-1: config 0 interface 0 has no altsetting 0 [ 224.783524][ T5924] usb 3-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 224.783555][ T5924] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.783578][ T5924] usb 3-1: Product: syz [ 224.783594][ T5924] usb 3-1: Manufacturer: syz [ 224.783610][ T5924] usb 3-1: SerialNumber: syz [ 224.804569][ T5716] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 224.839348][ T5924] usb 3-1: config 0 descriptor?? [ 224.863573][ T5924] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 found [ 224.922783][ T5836] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 224.963227][ T5716] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 224.963287][ T5716] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 224.963315][ T5716] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.060142][ T5716] usb 5-1: config 0 descriptor?? [ 225.071026][ T5836] usb 4-1: device descriptor read/64, error -71 [ 225.098369][ T5924] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 now disconnected [ 225.122703][ T5924] snd_usb_toneport 3-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 225.180389][ T5836] usb usb4-port1: attempt power cycle [ 225.378265][ T5717] usb 3-1: USB disconnect, device number 9 [ 225.428601][ T5914] usb 2-1: USB disconnect, device number 15 [ 225.540623][ T5716] ath6kl: Unsupported hardware version: 0x0 [ 225.558916][ T5836] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 225.571768][ T5836] usb 4-1: device descriptor read/8, error -71 [ 225.611368][ T5716] ath6kl: Failed to init ath6kl core: -22 [ 225.611961][ T5716] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 225.751193][ T6898] netlink: 132 bytes leftover after parsing attributes in process `syz.4.338'. [ 225.819956][ T5836] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 225.891138][ T6925] loop1: detected capacity change from 0 to 2048 [ 225.892550][ T5836] usb 4-1: device descriptor read/8, error -71 [ 225.961207][ T6925] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 225.998119][ T6925] netlink: 'syz.1.351': attribute type 3 has an invalid length. [ 225.998142][ T6925] netlink: 'syz.1.351': attribute type 1 has an invalid length. [ 225.998157][ T6925] netlink: 216 bytes leftover after parsing attributes in process `syz.1.351'. [ 226.004574][ T5836] usb usb4-port1: unable to enumerate USB device [ 226.111412][ T6931] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 226.326140][ T6925] overlayfs: conflicting lowerdir path [ 226.456603][ T6941] loop2: detected capacity change from 0 to 512 [ 226.462711][ T6941] EXT4-fs: Ignoring removed nobh option [ 226.618171][ T6941] EXT4-fs (loop2): orphan cleanup on readonly fs [ 226.640766][ T6941] EXT4-fs warning (device loop2): ext4_xattr_inode_get:546: inode #11: comm syz.2.354: ea_inode file size=1535 entry size=6 [ 226.641199][ T6941] EXT4-fs error (device loop2): ext4_do_update_inode:5690: inode #15: comm syz.2.354: corrupted inode contents [ 226.641229][ T6941] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 226.661188][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 226.661250][ C0] EXT4-fs (loop2): initial error at time 1780394985: ext4_do_update_inode:5690: inode 15 [ 226.661349][ C0] EXT4-fs (loop2): last error at time 1780394985: ext4_do_update_inode:5690: inode 15 [ 226.665756][ T6941] EXT4-fs error (device loop2): ext4_dirty_inode:6587: inode #15: comm syz.2.354: mark_inode_dirty error [ 226.665788][ T6941] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 226.667722][ T6941] EXT4-fs error (device loop2): ext4_do_update_inode:5690: inode #15: comm syz.2.354: corrupted inode contents [ 226.667806][ T6941] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 226.680489][ T6941] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3001: inode #15: comm syz.2.354: mark_inode_dirty error [ 226.680580][ T6941] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 226.686432][ T6941] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3004: inode #15: comm syz.2.354: mark inode dirty (error -117) [ 226.686532][ T6941] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 226.688635][ T6941] EXT4-fs warning (device loop2): ext4_evict_inode:287: xattr delete (err -117) [ 226.689071][ T6941] EXT4-fs (loop2): 1 orphan inode deleted [ 226.846234][ T6941] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 226.899364][ T5620] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.044804][ T5619] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 227.314758][ T6959] loop2: detected capacity change from 0 to 16 [ 227.330192][ T6961] netlink: 28 bytes leftover after parsing attributes in process `syz.1.359'. [ 227.471187][ T38] kauditd_printk_skb: 132 callbacks suppressed [ 227.471207][ T38] audit: type=1326 audit(1780394985.877:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6958 comm="syz.2.362" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459475ce59 code=0x7ffc0000 [ 227.472448][ T5914] usb 5-1: USB disconnect, device number 14 [ 227.479919][ T38] audit: type=1326 audit(1780394985.877:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6958 comm="syz.2.362" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459475ce59 code=0x7ffc0000 [ 227.479981][ T38] audit: type=1326 audit(1780394985.877:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6958 comm="syz.2.362" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459475ce59 code=0x7ffc0000 [ 227.480075][ T38] audit: type=1326 audit(1780394985.877:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6958 comm="syz.2.362" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f459475ce59 code=0x7ffc0000 [ 227.480123][ T38] audit: type=1326 audit(1780394985.877:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6958 comm="syz.2.362" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f459475cbc2 code=0x7ffc0000 [ 227.499664][ T38] audit: type=1326 audit(1780394985.887:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6958 comm="syz.2.362" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459475ce59 code=0x7ffc0000 [ 227.545185][ T38] audit: type=1326 audit(1780394985.937:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6958 comm="syz.2.362" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f459471d68e code=0x7ffc0000 [ 227.694291][ T38] audit: type=1326 audit(1780394986.097:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6958 comm="syz.2.362" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f459475cc87 code=0x7ffc0000 [ 227.695056][ T38] audit: type=1326 audit(1780394986.097:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6958 comm="syz.2.362" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f459471d68e code=0x7ffc0000 [ 227.695409][ T38] audit: type=1326 audit(1780394986.097:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6958 comm="syz.2.362" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f459475caeb code=0x7ffc0000 [ 227.793329][ T6959] loop2: detected capacity change from 0 to 512 [ 227.850946][ T5924] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 227.869165][ T6969] __nla_validate_parse: 1 callbacks suppressed [ 227.869184][ T6969] netlink: 12 bytes leftover after parsing attributes in process `syz.3.369'. [ 227.927869][ T6959] EXT4-fs (loop2): 1 orphan inode deleted [ 227.943397][ T6959] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 227.964096][ T6959] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.362: invalid indirect mapped block 234881024 (level 0) [ 227.964183][ T6959] loop2: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 227.964803][ T6959] EXT4-fs (loop2): Remounting filesystem read-only [ 227.994210][ T6973] loop3: detected capacity change from 0 to 764 [ 228.019344][ T6973] ISOFS: Logical zone size(41) < hardware blocksize(1024) [ 228.063214][ T5924] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 228.063277][ T5924] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 228.063303][ T5924] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.224113][ T5924] usb 2-1: config 0 descriptor?? [ 228.265965][ T6974] netlink: 8 bytes leftover after parsing attributes in process `syz.4.368'. [ 228.292281][ T6974] netlink: 32 bytes leftover after parsing attributes in process `syz.4.368'. [ 228.677480][ T5924] ath6kl: Unsupported hardware version: 0x0 [ 228.681819][ T5924] ath6kl: Failed to init ath6kl core: -22 [ 228.683060][ T5924] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 228.986457][ T6961] netlink: 132 bytes leftover after parsing attributes in process `syz.1.359'. [ 228.989688][ T5619] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.242247][ T6993] netlink: 28 bytes leftover after parsing attributes in process `syz.3.376'. [ 229.242286][ T6993] netlink: 28 bytes leftover after parsing attributes in process `syz.3.376'. [ 229.450005][ T5836] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 229.590147][ T5924] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 229.652486][ T5836] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 229.652517][ T5836] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 229.695222][ T5836] usb 5-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 229.695257][ T5836] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.695280][ T5836] usb 5-1: Product: syz [ 229.695295][ T5836] usb 5-1: Manufacturer: syz [ 229.695312][ T5836] usb 5-1: SerialNumber: syz [ 229.737389][ T5836] usb 5-1: config 0 descriptor?? [ 229.806321][ T5924] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 229.806382][ T5924] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 229.806409][ T5924] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.859146][ T5924] usb 4-1: config 0 descriptor?? [ 230.062651][ T5914] usb 5-1: USB disconnect, device number 15 [ 230.084313][ T7012] loop2: detected capacity change from 0 to 16 [ 230.194778][ T7012] loop2: detected capacity change from 0 to 512 [ 230.282408][ T7012] EXT4-fs (loop2): 1 orphan inode deleted [ 230.296776][ T5924] ath6kl: Unsupported hardware version: 0x0 [ 230.299221][ T5924] ath6kl: Failed to init ath6kl core: -22 [ 230.299743][ T5924] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 230.356110][ T7012] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 230.472938][ T5725] usb 2-1: USB disconnect, device number 16 [ 230.518759][ T6993] netlink: 132 bytes leftover after parsing attributes in process `syz.3.376'. [ 230.573565][ T7012] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.383: invalid indirect mapped block 234881024 (level 0) [ 230.573648][ T7012] loop2: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 230.602163][ T7012] EXT4-fs (loop2): Remounting filesystem read-only [ 230.671871][ T7019] loop1: detected capacity change from 0 to 512 [ 230.677785][ T7019] EXT4-fs: Ignoring removed nobh option [ 230.750969][ T7019] EXT4-fs (loop1): orphan cleanup on readonly fs [ 230.752367][ T7019] EXT4-fs warning (device loop1): ext4_xattr_inode_get:546: inode #11: comm syz.1.385: ea_inode file size=1535 entry size=6 [ 230.752736][ T7019] EXT4-fs error (device loop1): ext4_do_update_inode:5690: inode #15: comm syz.1.385: corrupted inode contents [ 230.752761][ T7019] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 230.758614][ T7019] EXT4-fs error (device loop1): ext4_dirty_inode:6587: inode #15: comm syz.1.385: mark_inode_dirty error [ 230.758650][ T7019] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 230.760501][ C1] EXT4-fs (loop1): error count since last fsck: 2 [ 230.760523][ C1] EXT4-fs (loop1): initial error at time 1780394989: ext4_do_update_inode:5690: inode 15 [ 230.760555][ C1] EXT4-fs (loop1): last error at time 1780394989: ext4_dirty_inode:6587: inode 15 [ 230.856187][ T7019] EXT4-fs error (device loop1): ext4_do_update_inode:5690: inode #15: comm syz.1.385: corrupted inode contents [ 230.856222][ T7019] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 230.909966][ T7019] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3001: inode #15: comm syz.1.385: mark_inode_dirty error [ 230.910503][ T7019] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3004: inode #15: comm syz.1.385: mark inode dirty (error -117) [ 230.913098][ T7019] EXT4-fs warning (device loop1): ext4_evict_inode:287: xattr delete (err -117) [ 230.913294][ T7019] EXT4-fs (loop1): 1 orphan inode deleted [ 230.919455][ T7019] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 231.182984][ T5620] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.423482][ T5619] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.881648][ T7050] netlink: 67 bytes leftover after parsing attributes in process `syz.2.394'. [ 232.189580][ T5836] usb 4-1: USB disconnect, device number 18 [ 232.279262][ T7059] ieee802154 phy0 wpan0: encryption failed: -22 [ 232.348673][ T7062] loop3: detected capacity change from 0 to 16 [ 232.481663][ T38] kauditd_printk_skb: 330 callbacks suppressed [ 232.481684][ T38] audit: type=1326 audit(1780394990.877:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7061 comm="syz.3.404" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 232.481767][ T38] audit: type=1326 audit(1780394990.887:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7061 comm="syz.3.404" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 232.485945][ T38] audit: type=1326 audit(1780394990.887:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7061 comm="syz.3.404" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 232.503886][ T38] audit: type=1326 audit(1780394990.907:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7061 comm="syz.3.404" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 232.508716][ T38] audit: type=1326 audit(1780394990.907:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7061 comm="syz.3.404" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 232.508775][ T38] audit: type=1326 audit(1780394990.907:1060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7061 comm="syz.3.404" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 232.529917][ T38] audit: type=1326 audit(1780394990.917:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7061 comm="syz.3.404" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 232.539704][ T38] audit: type=1326 audit(1780394990.937:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7061 comm="syz.3.404" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 232.540033][ T38] audit: type=1326 audit(1780394990.937:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7061 comm="syz.3.404" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 232.540169][ T38] audit: type=1326 audit(1780394990.937:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7061 comm="syz.3.404" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 232.561951][ T32] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 232.841742][ T32] usb 5-1: config 1 interface 0 altsetting 5 endpoint 0x1 has invalid maxpacket 1023, setting to 64 [ 232.841781][ T32] usb 5-1: config 1 interface 0 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 232.841812][ T32] usb 5-1: config 1 interface 0 has no altsetting 0 [ 232.844223][ T32] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 232.844263][ T32] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.844285][ T32] usb 5-1: Product:   [ 232.844302][ T32] usb 5-1: Manufacturer: Д [ 232.844318][ T32] usb 5-1: SerialNumber: 샎쨝◮Ջ⭄䏓궈뾷鵅숵㎴曔땲鹻㐘ᗒʃᖎ䲂䶼雼雡돴笖Ჩ걯窄秮詪㛥잏哞걘Ꜯ੬줋Ǜ疟 [ 232.939551][ T7059] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 233.244626][ T7053] loop1: detected capacity change from 0 to 32768 [ 233.325852][ T7075] netlink: 'syz.3.410': attribute type 12 has an invalid length. [ 233.325878][ T7075] netlink: 'syz.3.410': attribute type 29 has an invalid length. [ 233.325895][ T7075] netlink: 148 bytes leftover after parsing attributes in process `syz.3.410'. [ 233.325925][ T7075] netlink: 'syz.3.410': attribute type 1 has an invalid length. [ 233.325949][ T7075] netlink: 'syz.3.410': attribute type 2 has an invalid length. [ 233.325963][ T7075] netlink: 11 bytes leftover after parsing attributes in process `syz.3.410'. [ 233.449307][ T7075] netlink: 16 bytes leftover after parsing attributes in process `syz.3.410'. [ 233.531309][ T7078] FAULT_INJECTION: forcing a failure. [ 233.531309][ T7078] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 233.531409][ T7078] CPU: 1 UID: 0 PID: 7078 Comm: syz.0.411 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 233.531442][ T7078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 233.531453][ T7078] Call Trace: [ 233.531461][ T7078] [ 233.531468][ T7078] dump_stack_lvl+0xe8/0x150 [ 233.531502][ T7078] should_fail_ex+0x46b/0x600 [ 233.531529][ T7078] _copy_to_user+0x31/0xb0 [ 233.531561][ T7078] copy_siginfo_to_user+0x22/0xc0 [ 233.531582][ T7078] x64_setup_rt_frame+0x77b/0xcb0 [ 233.531605][ T7078] ? rt_spin_unlock+0x14f/0x200 [ 233.531649][ T7078] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 233.531681][ T7078] arch_do_signal_or_restart+0x442/0x840 [ 233.531707][ T7078] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 233.531748][ T7078] exit_to_user_mode_loop+0xa9/0x680 [ 233.531774][ T7078] ? rcu_is_watching+0x15/0xb0 [ 233.531805][ T7078] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.531827][ T7078] do_syscall_64+0x353/0x580 [ 233.531848][ T7078] ? clear_bhb_loop+0x40/0x90 [ 233.531872][ T7078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.531891][ T7078] RIP: 0033:0x7fa2404bce59 [ 233.531910][ T7078] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 233.531931][ T7078] RSP: 002b:00007fa23e716028 EFLAGS: 00000246 ORIG_RAX: 0000000000000082 [ 233.531951][ T7078] RAX: fffffffffffffffc RBX: 00007fa240735fa0 RCX: 00007fa2404bce59 [ 233.531964][ T7078] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000200000000000 [ 233.531974][ T7078] RBP: 00007fa23e716090 R08: 0000000000000000 R09: 0000000000000000 [ 233.531985][ T7078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.531995][ T7078] R13: 00007fa240736038 R14: 00007fa240735fa0 R15: 00007ffd920e2138 [ 233.532022][ T7078] [ 233.773457][ T32] usb 5-1: USB disconnect, device number 16 [ 233.868089][ T7053] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 233.924518][ T7081] loop2: detected capacity change from 0 to 512 [ 233.925728][ T7081] EXT4-fs: Ignoring removed nobh option [ 233.963558][ T7081] EXT4-fs (loop2): orphan cleanup on readonly fs [ 233.981164][ T7083] netlink: 36 bytes leftover after parsing attributes in process `syz.1.400'. [ 233.981225][ T7083] netlink: 8 bytes leftover after parsing attributes in process `syz.1.400'. [ 234.065981][ T7083] netlink: 3 bytes leftover after parsing attributes in process `syz.1.400'. [ 234.066332][ T7083] 0X: renamed from batadv0 (while UP) [ 234.167486][ T7081] EXT4-fs warning (device loop2): ext4_xattr_inode_get:546: inode #11: comm syz.2.412: ea_inode file size=1535 entry size=6 [ 234.187974][ T7081] EXT4-fs error (device loop2): ext4_do_update_inode:5690: inode #15: comm syz.2.412: corrupted inode contents [ 234.188007][ T7081] fserror_report: 2 callbacks suppressed [ 234.188019][ T7081] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 234.194327][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 234.194349][ C0] EXT4-fs (loop2): initial error at time 1780394992: ext4_do_update_inode:5690: inode 15 [ 234.194379][ C0] EXT4-fs (loop2): last error at time 1780394992: ext4_do_update_inode:5690: inode 15 [ 234.245090][ T7083] 0X: entered allmulticast mode [ 234.255587][ T7083] A link change request failed with some changes committed already. Interface 60X may have been left with an inconsistent configuration, please check. [ 234.425189][ T7081] EXT4-fs error (device loop2): ext4_dirty_inode:6587: inode #15: comm syz.2.412: mark_inode_dirty error [ 234.425224][ T7081] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 234.426809][ T7081] EXT4-fs error (device loop2): ext4_do_update_inode:5690: inode #15: comm syz.2.412: corrupted inode contents [ 234.426845][ T7081] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 234.428352][ T7081] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3001: inode #15: comm syz.2.412: mark_inode_dirty error [ 234.428384][ T7081] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 234.437355][ T7081] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3004: inode #15: comm syz.2.412: mark inode dirty (error -117) [ 234.437397][ T7081] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 234.478193][ T7081] EXT4-fs warning (device loop2): ext4_evict_inode:287: xattr delete (err -117) [ 234.478394][ T7081] EXT4-fs (loop2): 1 orphan inode deleted [ 234.572362][ T7081] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 234.775134][ T7093] netlink: 67 bytes leftover after parsing attributes in process `syz.4.417'. [ 234.833587][ T5619] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 235.029705][ T5620] ocfs2: Unmounting device (7,1) on (node local) [ 235.098450][ T7100] loop3: detected capacity change from 0 to 16 [ 235.308208][ T7100] loop3: detected capacity change from 0 to 512 [ 236.155040][ T7100] EXT4-fs (loop3): 1 orphan inode deleted [ 236.165661][ T7100] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 236.230766][ T7100] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.420: invalid indirect mapped block 234881024 (level 0) [ 236.230848][ T7100] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 236.233736][ T7100] EXT4-fs (loop3): Remounting filesystem read-only [ 236.429018][ T7115] FAULT_INJECTION: forcing a failure. [ 236.429018][ T7115] name failslab, interval 1, probability 0, space 0, times 0 [ 236.429055][ T7115] CPU: 1 UID: 0 PID: 7115 Comm: syz.1.416 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 236.429081][ T7115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 236.429100][ T7115] Call Trace: [ 236.429109][ T7115] [ 236.429119][ T7115] dump_stack_lvl+0xe8/0x150 [ 236.429155][ T7115] should_fail_ex+0x46b/0x600 [ 236.429189][ T7115] should_failslab+0xa8/0x100 [ 236.429225][ T7115] kmem_cache_alloc_lru_noprof+0x8b/0x680 [ 236.429256][ T7115] ? hugetlbfs_alloc_inode+0xef/0x130 [ 236.429289][ T7115] hugetlbfs_alloc_inode+0xef/0x130 [ 236.429316][ T7115] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 236.429341][ T7115] alloc_inode+0x6a/0x1b0 [ 236.429372][ T7115] new_inode+0x22/0x170 [ 236.429399][ T7115] ? resv_map_alloc+0x200/0x2e0 [ 236.429443][ T7115] hugetlbfs_get_inode+0x78/0x650 [ 236.429475][ T7115] hugetlb_file_setup+0x21d/0x630 [ 236.429501][ T7115] ksys_mmap_pgoff+0x22e/0x720 [ 236.429531][ T7115] ? __x64_sys_mmap+0x7f/0x140 [ 236.429562][ T7115] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.429588][ T7115] do_syscall_64+0x174/0x580 [ 236.429617][ T7115] ? trace_irq_disable+0x3b/0x140 [ 236.429646][ T7115] ? clear_bhb_loop+0x40/0x90 [ 236.429675][ T7115] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.429698][ T7115] RIP: 0033:0x7f9624d5ce59 [ 236.429719][ T7115] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 236.429739][ T7115] RSP: 002b:00007f9622fb6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 236.429763][ T7115] RAX: ffffffffffffffda RBX: 00007f9624fd5fa0 RCX: 00007f9624d5ce59 [ 236.429779][ T7115] RDX: 0000000002000009 RSI: 0000000000800000 RDI: 0000200000800000 [ 236.429793][ T7115] RBP: 00007f9622fb6090 R08: ffffffffffffffff R09: 0000000000004000 [ 236.429808][ T7115] R10: 000200000006c832 R11: 0000000000000246 R12: 0000000000000001 [ 236.429824][ T7115] R13: 00007f9624fd6038 R14: 00007f9624fd5fa0 R15: 00007fff42db6658 [ 236.429861][ T7115] [ 237.302777][ T7124] ieee802154 phy0 wpan0: encryption failed: -22 [ 237.541150][ T5616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 237.581316][ T5836] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 237.736025][ T5836] usb 3-1: config 1 interface 0 altsetting 5 endpoint 0x1 has invalid maxpacket 1023, setting to 64 [ 237.736065][ T5836] usb 3-1: config 1 interface 0 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 237.736138][ T5836] usb 3-1: config 1 interface 0 has no altsetting 0 [ 237.742446][ T5836] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 237.742483][ T5836] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.742499][ T5836] usb 3-1: Product:   [ 237.742509][ T5836] usb 3-1: Manufacturer: Д [ 237.742521][ T5836] usb 3-1: SerialNumber: 샎쨝◮Ջ⭄䏓궈뾷鵅숵㎴曔땲鹻㐘ᗒʃᖎ䲂䶼雼雡돴笖Ჩ걯窄秮詪㛥잏哞걘Ꜯ੬줋Ǜ疟 [ 237.826191][ T7124] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 238.010489][ T7137] netlink: 28 bytes leftover after parsing attributes in process `syz.4.431'. [ 238.010529][ T7137] netlink: 28 bytes leftover after parsing attributes in process `syz.4.431'. [ 238.334483][ T5836] usb 3-1: USB disconnect, device number 10 [ 238.359936][ T5924] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 238.524958][ T7147] netlink: 67 bytes leftover after parsing attributes in process `syz.1.435'. [ 238.553245][ T5924] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 238.553299][ T5924] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 238.553323][ T5924] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.680247][ T5924] usb 5-1: config 0 descriptor?? [ 239.195726][ T5924] ath6kl: Unsupported hardware version: 0x0 [ 239.225724][ T5924] ath6kl: Failed to init ath6kl core: -22 [ 239.226308][ T5924] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 239.347280][ T7158] loop3: detected capacity change from 0 to 16 [ 239.370418][ T38] kauditd_printk_skb: 227 callbacks suppressed [ 239.370437][ T38] audit: type=1326 audit(1780394997.767:1292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7157 comm="syz.3.440" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 239.370484][ T38] audit: type=1326 audit(1780394997.767:1293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7152 comm="syz.2.438" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459475ce59 code=0x7ffc0000 [ 239.370525][ T38] audit: type=1326 audit(1780394997.767:1294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7152 comm="syz.2.438" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459475ce59 code=0x7ffc0000 [ 239.377668][ T38] audit: type=1326 audit(1780394997.777:1295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7157 comm="syz.3.440" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 239.377727][ T38] audit: type=1326 audit(1780394997.777:1296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7157 comm="syz.3.440" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 239.377777][ T38] audit: type=1326 audit(1780394997.777:1297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7157 comm="syz.3.440" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 239.377828][ T38] audit: type=1326 audit(1780394997.777:1298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7157 comm="syz.3.440" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 239.377960][ T38] audit: type=1326 audit(1780394997.777:1299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7157 comm="syz.3.440" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f9976d1ce59 code=0x7ffc0000 [ 239.378098][ T38] audit: type=1326 audit(1780394997.777:1300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7157 comm="syz.3.440" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f9976d1cbc2 code=0x7ffc0000 [ 239.378228][ T38] audit: type=1326 audit(1780394997.777:1301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7152 comm="syz.2.438" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f459475ce59 code=0x7ffc0000 [ 239.698111][ T7155] capability: warning: `syz.2.438' uses 32-bit capabilities (legacy support in use) [ 239.733540][ T7137] netlink: 132 bytes leftover after parsing attributes in process `syz.4.431'. [ 239.937552][ T7158] loop3: detected capacity change from 0 to 512 [ 239.995374][ T7158] EXT4-fs (loop3): 1 orphan inode deleted [ 239.998372][ T7158] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 240.065274][ T7158] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #13: comm syz.3.440: invalid indirect mapped block 234881024 (level 0) [ 240.065358][ T7158] loop3: lost file I/O error report for ino 13 type 5 pos 0x0 len 0x0 error -117 [ 240.077701][ T7158] EXT4-fs (loop3): Remounting filesystem read-only [ 240.475034][ T7170] loop2: detected capacity change from 0 to 32768 [ 240.588889][ T7170] JBD2: Ignoring recovery information on journal [ 240.716370][ T7170] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 242.047507][ T7168] loop1: detected capacity change from 0 to 4096 [ 243.020530][ T7168] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512). [ 243.605634][ T7168] ntfs3(loop1): Failed to read $AttrDef (-4). [ 243.655765][ T5616] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 243.722964][ T5725] usb 5-1: USB disconnect, device number 17 [ 245.331764][ T5619] ocfs2: Unmounting device (7,2) on (node local) [ 245.629455][ T7202] process 'syz.3.450' launched './file0' with NULL argv: empty string added [ 245.752363][ T5717] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 245.797073][ T7202] Invalid argument reading file caps for ./file0 [ 245.856922][ T7201] syz.2.448 (7201) used obsolete PPPIOCDETACH ioctl [ 245.899917][ T5717] usb 5-1: device descriptor read/64, error -71 [ 246.169984][ T5717] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 246.300119][ T5717] usb 5-1: device descriptor read/64, error -71 [ 248.152648][ T5717] usb usb5-port1: attempt power cycle [ 250.985909][ T5717] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 251.199927][ T5717] usb 5-1: device not accepting address 20, error -71 [ 252.679877][ T7246] loop1: detected capacity change from 0 to 32768 [ 252.680783][ T7246] btrfs: Deprecated parameter 'usebackuproot' [ 252.680798][ T7246] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 252.698825][ T7246] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.472 (7246) [ 252.708767][ T7246] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 252.708803][ T7246] BTRFS info (device loop1): using crc32c checksum algorithm [ 254.596315][ T3278] BTRFS warning (device loop1): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 254.596439][ T7246] BTRFS error (device loop1): failed to load root extent [ 254.596485][ T7246] BTRFS warning (device loop1): try to load backup roots slot 1 [ 254.601775][ T13] BTRFS warning (device loop1): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 254.602012][ T7246] BTRFS warning (device loop1): couldn't read tree root [ 254.602036][ T7246] BTRFS warning (device loop1): try to load backup roots slot 2 [ 254.605569][ T3278] BTRFS error (device loop1): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 254.605732][ T7246] BTRFS warning (device loop1): couldn't read tree root [ 254.605754][ T7246] BTRFS warning (device loop1): try to load backup roots slot 3 [ 254.771843][ T7246] BTRFS info (device loop1): rebuilding free space tree [ 254.895615][ T7246] BTRFS info (device loop1): checking UUID tree [ 254.905001][ T7246] BTRFS info (device loop1): enabling ssd optimizations [ 254.905029][ T7246] BTRFS info (device loop1): turning on sync discard [ 254.905047][ T7246] BTRFS info (device loop1): enabling free space tree [ 254.905065][ T7246] BTRFS info (device loop1): force clearing of disk cache [ 254.905084][ T7246] BTRFS info (device loop1): enabling auto defrag [ 254.905103][ T7246] BTRFS info (device loop1): trying to use backup root at mount time [ 254.905123][ T7246] BTRFS info (device loop1): use zstd compression, level 3 [ 255.428500][ T5620] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 255.476176][ T7273] FAULT_INJECTION: forcing a failure. [ 255.476176][ T7273] name failslab, interval 1, probability 0, space 0, times 0 [ 255.476215][ T7273] CPU: 1 UID: 0 PID: 7273 Comm: syz.0.478 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 255.476240][ T7273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 255.476255][ T7273] Call Trace: [ 255.476264][ T7273] [ 255.476273][ T7273] dump_stack_lvl+0xe8/0x150 [ 255.476309][ T7273] should_fail_ex+0x46b/0x600 [ 255.476344][ T7273] should_failslab+0xa8/0x100 [ 255.476380][ T7273] kmem_cache_alloc_noprof+0x87/0x680 [ 255.476412][ T7273] ? alloc_empty_file+0x5b/0x1d0 [ 255.476445][ T7273] alloc_empty_file+0x5b/0x1d0 [ 255.476477][ T7273] path_openat+0x11b/0x3960 [ 255.476514][ T7273] ? unwind_next_frame+0xa6/0x2550 [ 255.476556][ T7273] ? unwind_next_frame+0xa6/0x2550 [ 255.476609][ T7273] ? is_bpf_text_address+0x26/0x2b0 [ 255.476658][ T7273] ? __pfx_path_openat+0x10/0x10 [ 255.476692][ T7273] ? is_bpf_text_address+0x292/0x2b0 [ 255.476724][ T7273] ? is_bpf_text_address+0x26/0x2b0 [ 255.476759][ T7273] ? kernel_text_address+0xa5/0xe0 [ 255.476791][ T7273] ? __kernel_text_address+0xd/0x30 [ 255.476826][ T7273] ? do_raw_spin_lock+0x12b/0x2f0 [ 255.476861][ T7273] do_file_open+0x23e/0x4a0 [ 255.476893][ T7273] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 255.476942][ T7273] ? __pfx_do_file_open+0x10/0x10 [ 255.477006][ T7273] ? do_open_execat+0xad/0x590 [ 255.477043][ T7273] do_open_execat+0x12b/0x590 [ 255.477078][ T7273] ? __pfx_do_open_execat+0x10/0x10 [ 255.477123][ T7273] alloc_bprm+0x28/0x650 [ 255.477161][ T7273] do_execveat_common+0x175/0x690 [ 255.477201][ T7273] ? do_getname+0x151/0x250 [ 255.477229][ T7273] __x64_sys_execveat+0xc7/0xf0 [ 255.477264][ T7273] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.477288][ T7273] do_syscall_64+0x174/0x580 [ 255.477309][ T7273] ? trace_irq_disable+0x3b/0x140 [ 255.477337][ T7273] ? clear_bhb_loop+0x40/0x90 [ 255.477364][ T7273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.477387][ T7273] RIP: 0033:0x7fa2404bce59 [ 255.477407][ T7273] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 255.477426][ T7273] RSP: 002b:00007fa23e716028 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 255.477449][ T7273] RAX: ffffffffffffffda RBX: 00007fa240735fa0 RCX: 00007fa2404bce59 [ 255.477466][ T7273] RDX: 0000000000000000 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 255.477481][ T7273] RBP: 00007fa23e716090 R08: 0000000000000000 R09: 0000000000000000 [ 255.477495][ T7273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 255.477509][ T7273] R13: 00007fa240736038 R14: 00007fa240735fa0 R15: 00007ffd920e2138 [ 255.477543][ T7273] [ 255.845064][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.845184][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.846507][ T7284] ieee802154 phy0 wpan0: encryption failed: -22 [ 257.044642][ T7286] loop1: detected capacity change from 0 to 1024 [ 257.123183][ T5725] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 257.300292][ T5725] usb 3-1: config 1 interface 0 altsetting 5 endpoint 0x1 has invalid maxpacket 1023, setting to 64 [ 257.300331][ T5725] usb 3-1: config 1 interface 0 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 257.300360][ T5725] usb 3-1: config 1 interface 0 has no altsetting 0 [ 257.367559][ T5725] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 257.367593][ T5725] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.367614][ T5725] usb 3-1: Product:   [ 257.367629][ T5725] usb 3-1: Manufacturer: Д [ 257.367643][ T5725] usb 3-1: SerialNumber: 샎쨝◮Ջ⭄䏓궈뾷鵅숵㎴曔땲鹻㐘ᗒʃᖎ䲂䶼雼雡돴笖Ჩ걯窄秮詪㛥잏哞걘Ꜯ੬줋Ǜ疟 [ 257.430612][ T7284] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 257.981733][ T5725] usb 3-1: USB disconnect, device number 11 [ 258.663697][ T7299] 9p: Bad value for 'wfdno' [ 258.668856][ T7299] netlink: 24 bytes leftover after parsing attributes in process `syz.3.474'. [ 258.774124][ T7304] hfsplus: bad catalog entry type [ 260.669447][ T821] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 260.895372][ T7349] syz.2.505 uses obsolete (PF_INET,SOCK_PACKET) [ 261.604627][ T5725] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 261.606610][ C0] raw-gadget.1 gadget.3: ignoring, device is not running [ 261.711956][ T821] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 261.711985][ T821] usb 2-1: config 0 has no interface number 0 [ 261.712038][ T821] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 261.712067][ T821] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 261.712120][ T821] usb 2-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18 [ 261.712145][ T821] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.820116][ T5725] usb 4-1: device descriptor read/64, error -32 [ 261.986010][ T821] usb 2-1: config 0 descriptor?? [ 262.183834][ T5725] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 262.432671][ T5725] usb 4-1: unable to get BOS descriptor or descriptor too short [ 262.433691][ T5725] usb 4-1: not running at top speed; connect to a high speed hub [ 262.439726][ T5725] usb 4-1: New USB device found, idVendor=1235, idProduct=8212, bcdDevice= 0.40 [ 262.447634][ T5725] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.447665][ T5725] usb 4-1: Product: syz [ 262.447681][ T5725] usb 4-1: Manufacturer: syz [ 262.447697][ T5725] usb 4-1: SerialNumber: syz [ 264.288211][ T5725] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 264.288289][ T5725] usb 4-1: MIDIStreaming interface descriptor not found [ 264.471951][ T821] input: HID 04d9:a055 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/0003:04D9:A055.0002/input/input5 [ 264.889685][ T7379] overlayfs: overlapping lowerdir path [ 265.391351][ T5924] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 265.581602][ T5924] usb 5-1: Using ep0 maxpacket: 8 [ 265.990792][ T38] kauditd_printk_skb: 209 callbacks suppressed [ 265.990815][ T38] audit: type=1326 audit(1780395024.387:1511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7398 comm="syz.1.525" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9624d5ce59 code=0x0 [ 266.074337][ T5725] usb 4-1: USB disconnect, device number 20 [ 266.790778][ T5924] usb 5-1: unable to get BOS descriptor or descriptor too short [ 266.793406][ T5924] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 266.793445][ T5924] usb 5-1: can't read configurations, error -71 [ 269.141604][ T821] holtek_kbd 0003:04D9:A055.0002: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.1-1/input1 [ 269.675740][ T7413] syz.1.530 (7413): drop_caches: 2 [ 270.491402][ T821] usb 2-1: USB disconnect, device number 17 [ 270.722099][ T5625] Bluetooth: hci3: unexpected event for opcode 0x0c57 [ 274.153606][ T7443] fido_id[7443]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 281.956485][ T7513] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate. [ 282.093365][ T38] audit: type=1326 audit(1780395040.487:1512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7506 comm="syz.2.556" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f459475ce59 code=0x0 [ 282.184368][ T7521] Bluetooth: MGMT ver 1.23 [ 282.215423][ T7521] warning: `syz.4.571' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 282.290565][ T5836] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 282.442381][ T5836] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 282.442413][ T5836] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 282.442454][ T5836] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 282.442480][ T5836] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.449573][ T5836] usb 4-1: config 0 descriptor?? [ 282.780376][ T5836] usb 4-1: USB disconnect, device number 21 [ 283.216197][ T821] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 283.383771][ T821] usb 2-1: too many endpoints for config 0 interface 0 altsetting 18: 254, using maximum allowed: 30 [ 283.383839][ T821] usb 2-1: config 0 interface 0 altsetting 18 endpoint 0x81 has an invalid bInterval 180, changing to 11 [ 283.383876][ T821] usb 2-1: config 0 interface 0 altsetting 18 endpoint 0x81 has invalid maxpacket 1056, setting to 1024 [ 283.383906][ T821] usb 2-1: config 0 interface 0 altsetting 18 has 1 endpoint descriptor, different from the interface descriptor's value: 254 [ 283.383935][ T821] usb 2-1: config 0 interface 0 has no altsetting 0 [ 283.383971][ T821] usb 2-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 283.383995][ T821] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.487619][ T821] usb 2-1: config 0 descriptor?? [ 283.507765][ T7544] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 284.528484][ T821] uclogic 0003:28BD:0071.0003: interface is invalid, ignoring [ 284.545343][ T821] usb 2-1: USB disconnect, device number 18 [ 285.410856][ T5716] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 285.506282][ T7594] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 285.560021][ T5716] usb 3-1: Using ep0 maxpacket: 16 [ 285.566963][ T5716] usb 3-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 285.567012][ T5716] usb 3-1: config 0 interface 0 has no altsetting 0 [ 285.567049][ T5716] usb 3-1: New USB device found, idVendor=1b96, idProduct=0001, bcdDevice= 0.00 [ 285.567088][ T5716] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.734537][ T5716] usb 3-1: config 0 descriptor?? [ 286.699936][ T37] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 286.890302][ T37] usb 5-1: Using ep0 maxpacket: 32 [ 286.904626][ T37] usb 5-1: config 0 has an invalid interface number: 196 but max is 0 [ 286.904647][ T37] usb 5-1: config 0 has no interface number 0 [ 286.904678][ T37] usb 5-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 286.904697][ T37] usb 5-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 286.905229][ T37] usb 5-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 286.905250][ T37] usb 5-1: config 0 interface 196 has no altsetting 0 [ 287.034309][ T37] usb 5-1: New USB device found, idVendor=05ac, idProduct=7700, bcdDevice=eb.3a [ 287.034343][ T37] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.034365][ T37] usb 5-1: Product: syz [ 287.034993][ T37] usb 5-1: Manufacturer: syz [ 287.035015][ T37] usb 5-1: SerialNumber: syz [ 287.151114][ T37] usb 5-1: config 0 descriptor?? [ 287.153322][ T7614] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 287.324048][ T7630] netlink: 8 bytes leftover after parsing attributes in process `syz.3.617'. [ 287.565191][ T37] ipheth 5-1:0.196: ipheth_get_macaddr: usb_control_msg: short packet: 0 bytes [ 287.601248][ T37] ipheth 5-1:0.196: probe with driver ipheth failed with error -22 [ 287.959647][ T5716] usbhid 3-1:0.0: can't add hid device: -71 [ 287.960005][ T5716] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 287.979595][ T37] usb 5-1: USB disconnect, device number 24 [ 288.005170][ T5716] usb 3-1: USB disconnect, device number 12 [ 288.322218][ T5717] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 288.783762][ T5717] usb 2-1: Using ep0 maxpacket: 32 [ 289.184759][ T5717] usb 2-1: unable to get BOS descriptor or descriptor too short [ 289.193364][ T5717] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 48, changing to 7 [ 289.193419][ T5717] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 174, changing to 7 [ 289.219991][ T5717] usb 2-1: New USB device found, idVendor=0bda, idProduct=4014, bcdDevice= 0.40 [ 289.220026][ T5717] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.220050][ T5717] usb 2-1: Product: syz [ 289.220066][ T5717] usb 2-1: Manufacturer: syz [ 289.220083][ T5717] usb 2-1: SerialNumber: syz [ 289.643713][ T5717] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 289.692963][ T5717] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 289.771034][ T7670] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 290.200081][ T5717] usb 2-1: USB disconnect, device number 19 [ 290.260076][ T5725] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 290.448128][ T5725] usb 4-1: Using ep0 maxpacket: 16 [ 290.465005][ T5725] usb 4-1: unable to get BOS descriptor or descriptor too short [ 290.468347][ T5725] usb 4-1: config 16 has an invalid interface number: 44 but max is 0 [ 290.468376][ T5725] usb 4-1: config 16 has no interface number 0 [ 290.468409][ T5725] usb 4-1: config 16 interface 44 has no altsetting 0 [ 290.506808][ T5725] usb 4-1: New USB device found, idVendor=0a2c, idProduct=0008, bcdDevice=1d.64 [ 290.506840][ T5725] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.506862][ T5725] usb 4-1: Product: syz [ 290.507005][ T5725] usb 4-1: Manufacturer: syz [ 290.507023][ T5725] usb 4-1: SerialNumber: syz [ 290.895642][ T5725] cypress_cy7c63 4-1:16.44: Cypress CY7C63xxx device now attached [ 290.996249][ T5725] usb 4-1: USB disconnect, device number 22 [ 291.010320][ T5725] cypress_cy7c63 4-1:16.44: Cypress CY7C63xxx device now disconnected [ 291.150847][ T5869] udevd[5869]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 291.240128][ T5726] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 291.423944][ T5726] usb 3-1: unable to get BOS descriptor or descriptor too short [ 291.424552][ T5726] usb 3-1: not running at top speed; connect to a high speed hub [ 291.445544][ T5726] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 291.445571][ T5726] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 291.471700][ T5726] usb 3-1: New USB device found, idVendor=0763, idProduct=1033, bcdDevice= 0.40 [ 291.471732][ T5726] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.471764][ T5726] usb 3-1: Product: syz [ 291.471775][ T5726] usb 3-1: Manufacturer: syz [ 291.471785][ T5726] usb 3-1: SerialNumber: syz [ 291.758827][ T5726] hub 3-1:1.0: bad descriptor, ignoring hub [ 291.758864][ T5726] hub 3-1:1.0: probe with driver hub failed with error -5 [ 291.848379][ T5726] usb 3-1: 0:1 : does not exist [ 291.848403][ T5726] usb 3-1: 0:2 : does not exist [ 293.486980][ T7723] netlink: 'syz.4.653': attribute type 2 has an invalid length. [ 293.934212][ T5726] usb 3-1: USB disconnect, device number 13 [ 294.539497][ T7748] exFAT-fs (nbd4): unable to read boot sector [ 294.539543][ T7748] exFAT-fs (nbd4): failed to read boot sector [ 294.539581][ T7748] exFAT-fs (nbd4): failed to recognize exfat type [ 295.349943][ T5717] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 297.818209][ T5869] udevd[5869]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 298.186292][ T5717] usb 2-1: device descriptor read/all, error -71 [ 300.800019][ T5725] usb 3-1: new low-speed USB device number 14 using dummy_hcd [ 300.983355][ T5725] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 300.983387][ T5725] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 300.983439][ T5725] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8 [ 300.983494][ T5725] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 300.983520][ T5725] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.056488][ T7791] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 301.110001][ T5725] hub 3-1:1.0: bad descriptor, ignoring hub [ 301.110043][ T5725] hub 3-1:1.0: probe with driver hub failed with error -5 [ 301.144032][ T5725] cdc_wdm 3-1:1.0: skipping garbage [ 301.144056][ T5725] cdc_wdm 3-1:1.0: skipping garbage [ 301.281419][ T5717] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 301.429979][ T5717] usb 2-1: Using ep0 maxpacket: 8 [ 301.432496][ T5717] usb 2-1: config 6 has an invalid interface number: 127 but max is 0 [ 301.432522][ T5717] usb 2-1: config 6 has no interface number 0 [ 301.483685][ T5717] usb 2-1: New USB device found, idVendor=084f, idProduct=0001, bcdDevice=88.8e [ 301.483720][ T5717] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.483744][ T5717] usb 2-1: Product: syz [ 301.483761][ T5717] usb 2-1: Manufacturer: syz [ 301.483777][ T5717] usb 2-1: SerialNumber: syz [ 301.778718][ T5725] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 301.778755][ T5725] cdc_wdm 3-1:1.0: Unknown control protocol [ 301.821957][ T5726] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 301.860501][ T5717] empeg 2-1:6.127: empeg converter detected [ 301.860587][ T5717] usb 2-1: active config #6 != 1 ?? [ 301.881856][ T5717] usb 2-1: USB disconnect, device number 22 [ 302.013338][ T5725] usb 3-1: USB disconnect, device number 14 [ 302.064253][ T5726] usb 5-1: Using ep0 maxpacket: 16 [ 302.069692][ T5726] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 302.088725][ T5726] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 302.088757][ T5726] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.088785][ T5726] usb 5-1: Product: syz [ 302.088798][ T5726] usb 5-1: Manufacturer: syz [ 302.088809][ T5726] usb 5-1: SerialNumber: syz [ 302.167687][ T5726] usb 5-1: config 0 descriptor?? [ 302.197847][ T5726] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 302.212389][ T5726] usb 5-1: Detected FT232R [ 302.388674][ T5726] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 302.391925][ T5726] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 302.394253][ T5726] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71 [ 302.423874][ T5726] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 302.482930][ T5726] usb 5-1: USB disconnect, device number 25 [ 302.622967][ T5726] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 302.629245][ T5726] ftdi_sio 5-1:0.0: device disconnected [ 302.772245][ T7841] binder: 7838:7841 ioctl 4018620d 0 returned -22 [ 303.920491][ T5625] Bluetooth: hci1: unexpected event for opcode 0x200c [ 303.946884][ T5625] Bluetooth: hci3: unexpected event for opcode 0x2002 [ 305.840063][ T5725] usb 4-1: new full-speed USB device number 23 using dummy_hcd [ 305.997142][ T5725] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 305.997176][ T5725] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 305.997222][ T5725] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 305.997246][ T5725] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.220616][ T5725] usb 4-1: usb_control_msg returned -32 [ 306.220667][ T5725] usbtmc 4-1:16.0: can't read capabilities [ 308.639281][ T5725] usb 4-1: USB disconnect, device number 23 [ 308.933325][ T7919] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 308.986282][ T7919] batadv0: entered promiscuous mode [ 309.009611][ T7919] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 310.769012][ T7943] netlink: 36 bytes leftover after parsing attributes in process `syz.2.749'. [ 318.943852][ T1339] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.943997][ T1339] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.369325][ T8060] netlink: 'syz.2.794': attribute type 2 has an invalid length. [ 325.280006][ T5717] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 325.684923][ T8083] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 325.684954][ T8083] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 325.685246][ T8083] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 325.685268][ T8083] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 330.235741][ T60] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 330.315709][ T60] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 330.346439][ T60] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 330.361593][ T60] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 330.384913][ T60] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 332.554476][ T5625] Bluetooth: hci5: command tx timeout [ 333.930133][ T8125] ================================================================== [ 333.930159][ T8125] BUG: KASAN: slab-use-after-free in clear_tfile_check_list+0x114/0x380 [ 333.930192][ T8125] Read of size 8 at addr ffff88803ec1b7e8 by task syz.4.815/8125 [ 333.930212][ T8125] [ 333.930225][ T8125] CPU: 0 UID: 0 PID: 8125 Comm: syz.4.815 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 333.930252][ T8125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 333.930267][ T8125] Call Trace: [ 333.930275][ T8125] [ 333.930285][ T8125] dump_stack_lvl+0xe8/0x150 [ 333.930317][ T8125] print_address_description+0x55/0x1e0 [ 333.930346][ T8125] ? clear_tfile_check_list+0x114/0x380 [ 333.930367][ T8125] print_report+0x58/0x70 [ 333.930394][ T8125] kasan_report+0x117/0x150 [ 333.930428][ T8125] ? clear_tfile_check_list+0x114/0x380 [ 333.930458][ T8125] clear_tfile_check_list+0x114/0x380 [ 333.930482][ T8125] ? clear_tfile_check_list+0x22/0x380 [ 333.930506][ T8125] do_epoll_ctl_file+0x8fd/0xed0 [ 333.930539][ T8125] ? do_epoll_ctl_file+0xac3/0xed0 [ 333.930574][ T8125] ? __pfx_do_epoll_ctl_file+0x10/0x10 [ 333.930610][ T8125] ? __fget_files+0x3a6/0x420 [ 333.930640][ T8125] ? __fget_files+0x2a/0x420 [ 333.930680][ T8125] __se_sys_epoll_ctl+0x14e/0x210 [ 333.930717][ T8125] ? __pfx___se_sys_epoll_ctl+0x10/0x10 [ 333.930757][ T8125] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.930782][ T8125] do_syscall_64+0x174/0x580 [ 333.930805][ T8125] ? trace_irq_disable+0x3b/0x140 [ 333.930834][ T8125] ? clear_bhb_loop+0x40/0x90 [ 333.930861][ T8125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.930884][ T8125] RIP: 0033:0x7f27f808ce59 [ 333.930906][ T8125] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 333.930927][ T8125] RSP: 002b:00007f27f5e81028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 333.930953][ T8125] RAX: ffffffffffffffda RBX: 00007f27f8306270 RCX: 00007f27f808ce59 [ 333.930971][ T8125] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000006 [ 333.930986][ T8125] RBP: 00007f27f8122d6f R08: 0000000000000000 R09: 0000000000000000 [ 333.931001][ T8125] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 333.931016][ T8125] R13: 00007f27f8306308 R14: 00007f27f8306270 R15: 00007ffddc31a0b8 [ 333.931044][ T8125] [ 333.931052][ T8125] [ 333.931058][ T8125] Allocated by task 8120: [ 333.931069][ T8125] kasan_save_track+0x3e/0x80 [ 333.931097][ T8125] __kasan_slab_alloc+0x6c/0x80 [ 333.931124][ T8125] kmem_cache_alloc_noprof+0x33b/0x680 [ 333.931162][ T8125] ep_insert+0x512/0x1820 [ 333.931193][ T8125] do_epoll_ctl_file+0x8bb/0xed0 [ 333.931222][ T8125] __se_sys_epoll_ctl+0x14e/0x210 [ 333.931252][ T8125] do_syscall_64+0x174/0x580 [ 333.931271][ T8125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.931291][ T8125] [ 333.931296][ T8125] Freed by task 8114: [ 333.931307][ T8125] kasan_save_track+0x3e/0x80 [ 333.931331][ T8125] kasan_save_free_info+0x46/0x50 [ 333.931351][ T8125] __kasan_slab_free+0x5c/0x80 [ 333.931377][ T8125] kmem_cache_free+0x187/0x6c0 [ 333.931406][ T8125] eventpoll_release_file+0xc2/0x240 [ 333.931437][ T8125] __fput+0x83c/0xa70 [ 333.931458][ T8125] task_work_run+0x1d9/0x270 [ 333.931479][ T8125] get_signal+0x11eb/0x1330 [ 333.931505][ T8125] arch_do_signal_or_restart+0xbc/0x840 [ 333.931524][ T8125] exit_to_user_mode_loop+0xa9/0x680 [ 333.931546][ T8125] do_syscall_64+0x353/0x580 [ 333.931561][ T8125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.931579][ T8125] [ 333.931584][ T8125] The buggy address belongs to the object at ffff88803ec1b7e0 [ 333.931584][ T8125] which belongs to the cache ep_head of size 16 [ 333.931602][ T8125] The buggy address is located 8 bytes inside of [ 333.931602][ T8125] freed 16-byte region [ffff88803ec1b7e0, ffff88803ec1b7f0) [ 333.931623][ T8125] [ 333.931629][ T8125] The buggy address belongs to the physical page: [ 333.931652][ T8125] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803ec1b7a0 pfn:0x3ec1b [ 333.931672][ T8125] memcg:ffff888035ac3801 [ 333.931681][ T8125] flags: 0x80000000000200(workingset|node=0|zone=1) [ 333.931701][ T8125] page_type: f5(slab) [ 333.931719][ T8125] raw: 0080000000000200 ffff888020aeddc0 ffff88801ab5e088 ffffea0000b2a550 [ 333.931738][ T8125] raw: ffff88803ec1b7a0 0000000800800023 00000000f5000000 ffff888035ac3801 [ 333.931749][ T8125] page dumped because: kasan: bad access detected [ 333.931764][ T8125] page_owner tracks the page as allocated [ 333.931771][ T8125] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4982, tgid 4982 (udevd), ts 43510069672, free_ts 0 [ 333.931805][ T8125] post_alloc_hook+0x1f9/0x250 [ 333.931829][ T8125] get_page_from_freelist+0x265c/0x26e0 [ 333.931856][ T8125] __alloc_frozen_pages_noprof+0x18d/0x380 [ 333.931884][ T8125] allocate_slab+0x74/0x5e0 [ 333.931901][ T8125] refill_objects+0x33c/0x3d0 [ 333.931917][ T8125] __pcs_replace_empty_main+0x373/0x720 [ 333.931936][ T8125] kmem_cache_alloc_noprof+0x433/0x680 [ 333.931959][ T8125] ep_insert+0x512/0x1820 [ 333.931984][ T8125] do_epoll_ctl_file+0x8bb/0xed0 [ 333.932011][ T8125] __se_sys_epoll_ctl+0x14e/0x210 [ 333.932039][ T8125] do_syscall_64+0x174/0x580 [ 333.932058][ T8125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.932077][ T8125] page_owner free stack trace missing [ 333.932085][ T8125] [ 333.932090][ T8125] Memory state around the buggy address: [ 333.932101][ T8125] ffff88803ec1b680: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 333.932117][ T8125] ffff88803ec1b700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 333.932131][ T8125] >ffff88803ec1b780: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 333.932152][ T8125] ^ [ 333.932166][ T8125] ffff88803ec1b800: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 333.932180][ T8125] ffff88803ec1b880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 333.932192][ T8125] ================================================================== [ 333.969246][ T8125] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 333.969323][ T8125] CPU: 0 UID: 0 PID: 8125 Comm: syz.4.815 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 333.969413][ T8125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 333.969456][ T8125] Call Trace: [ 333.969479][ T8125] [ 333.969509][ T8125] vpanic+0x56c/0xa60 [ 333.969613][ T8125] ? __pfx_vpanic+0x10/0x10 [ 333.969687][ T8125] ? __pfx___schedule+0x10/0x10 [ 333.969756][ T8125] panic+0xc5/0xd0 [ 333.969826][ T8125] ? __pfx_panic+0x10/0x10 [ 333.969914][ T8125] ? preempt_schedule_thunk+0x16/0x40 [ 333.969998][ T8125] ? clear_tfile_check_list+0x114/0x380 [ 333.970067][ T8125] check_panic_on_warn+0x89/0xb0 [ 333.970100][ T8125] ? clear_tfile_check_list+0x114/0x380 [ 333.970131][ T8125] end_report+0x73/0x170 [ 333.970163][ T8125] ? clear_tfile_check_list+0x114/0x380 [ 333.970183][ T8125] kasan_report+0x128/0x150 [ 333.970216][ T8125] ? clear_tfile_check_list+0x114/0x380 [ 333.970242][ T8125] clear_tfile_check_list+0x114/0x380 [ 333.970265][ T8125] ? clear_tfile_check_list+0x22/0x380 [ 333.970290][ T8125] do_epoll_ctl_file+0x8fd/0xed0 [ 333.970324][ T8125] ? do_epoll_ctl_file+0xac3/0xed0 [ 333.970358][ T8125] ? __pfx_do_epoll_ctl_file+0x10/0x10 [ 333.970394][ T8125] ? __fget_files+0x3a6/0x420 [ 333.970424][ T8125] ? __fget_files+0x2a/0x420 [ 333.970459][ T8125] __se_sys_epoll_ctl+0x14e/0x210 [ 333.970497][ T8125] ? __pfx___se_sys_epoll_ctl+0x10/0x10 [ 333.970538][ T8125] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.970563][ T8125] do_syscall_64+0x174/0x580 [ 333.970585][ T8125] ? trace_irq_disable+0x3b/0x140 [ 333.970615][ T8125] ? clear_bhb_loop+0x40/0x90 [ 333.970642][ T8125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.970665][ T8125] RIP: 0033:0x7f27f808ce59 [ 333.970687][ T8125] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 333.970708][ T8125] RSP: 002b:00007f27f5e81028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 333.970735][ T8125] RAX: ffffffffffffffda RBX: 00007f27f8306270 RCX: 00007f27f808ce59 [ 333.970754][ T8125] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000006 [ 333.970769][ T8125] RBP: 00007f27f8122d6f R08: 0000000000000000 R09: 0000000000000000 [ 333.970784][ T8125] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 333.970800][ T8125] R13: 00007f27f8306308 R14: 00007f27f8306270 R15: 00007ffddc31a0b8 [ 333.970828][ T8125] [ 333.971463][ T8125] Kernel Offset: disabled