last executing test programs: 8.721949643s ago: executing program 2 (id=1023): mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0x200002, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c) listen(r1, 0x6) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r2 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0) recvfrom(0xffffffffffffffff, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x3e8, 0x0, 0x0) 8.421318229s ago: executing program 0 (id=1029): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) connect$unix(r1, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000023896) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, 0x0, 0x0) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) listen(r2, 0x0) connect$unix(r1, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r2, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x20000000) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='vegas\x00', 0x6) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c) syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1781, 0x898, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x2, 0xa0, 0x2, [{{0x9, 0x4, 0x0, 0x1, 0x1, 0x3, 0x1, 0x3, 0x7, {0x9, 0x21, 0x2, 0x6, 0x1, {0x22, 0x57d}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x0, 0x7, 0x9}}}}}]}}]}}, 0x0) shutdown(r0, 0x1) 7.800011439s ago: executing program 2 (id=1033): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) syz_clone(0x88200000, 0x0, 0xfffffffffffffdd3, 0x0, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, 0x2, 0x3, 0x201, 0x0, 0x0, {0x0, 0x0, 0x800}}, 0x14}, 0x1, 0x0, 0x0, 0x24040040}, 0x8000) ioprio_set$uid(0x3, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) ioctl$I2C_PEC(r2, 0x708, 0x40) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000180)={0x1, 0xe, 0x7, &(0x7f0000000100)={0x17, "2a2d0214087d522459d63dc82d734e3b52660540308956e76fa06b19020ee768e4"}}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r3, 0x7b1, &(0x7f0000000040)={0x0, 0x1}) ioctl$I2C_SMBUS(r2, 0x720, &(0x7f00000000c0)={0x1, 0x0, 0x3, &(0x7f0000000080)={0x0, "6a4da751434fd7f4a4331cbdbfe693a5babcdf3aa54bce5d926ef908d52773fa7f"}}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r4, &(0x7f0000000700)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x1400, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x1400, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @multicast2, @loopback}, "ca8fdbc1451a9c85"}}}, 0x46) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sendfile(r0, r0, 0x0, 0x7ffff000) 4.305995491s ago: executing program 0 (id=1035): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = socket$inet(0xa, 0x801, 0x84) listen(r1, 0xfffffffd) r2 = socket$inet(0xa, 0x801, 0x84) listen(r2, 0x8) r3 = socket$inet(0xa, 0x801, 0x84) listen(r3, 0x10008) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) listen(r4, 0x7) r5 = socket$netlink(0x10, 0x3, 0x4) writev(r5, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) 3.89456978s ago: executing program 0 (id=1037): mkdir(&(0x7f0000000000)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') r0 = syz_clone(0x904000, 0x0, 0x5f, 0x0, 0x0, 0x0) setpgid(r0, 0x0) r1 = getpgid(r0) setpgid(0x0, r1) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) (fail_nth: 2) 3.871303791s ago: executing program 2 (id=1038): mkdir(&(0x7f0000000000)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') r0 = syz_clone(0x904000, 0x0, 0x5f, 0x0, 0x0, 0x0) setpgid(r0, 0x0) r1 = getpgid(r0) setpgid(0x0, r1) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) 3.364005052s ago: executing program 0 (id=1039): syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fstat(r1, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(0x0, r2) ioctl$SIOCAX25DELFWD(r0, 0x89eb, 0x0) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x22052, r3, 0x2000) 3.363682788s ago: executing program 1 (id=1040): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x400448ca, 0x0) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) (fail_nth: 3) 3.187231599s ago: executing program 2 (id=1041): mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0x200002, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c) listen(r1, 0x6) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r2 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0) recvfrom(0xffffffffffffffff, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x3e8, 0x0, 0x0) 3.186891168s ago: executing program 0 (id=1042): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d0102030109021200"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, &(0x7f0000001400)={0x14, &(0x7f00000012c0)={0x20, 0x8, 0xd4, {0xd4, 0x21, "e28b01c7e35c972f4783c3dc8f1b7364aaa1921be4d8db24c53e8dc4589740abc5b41ce36e2875c27073ef779541fa41a51741abac3bb646daf6989225658d63d293afd675d4fb3100ed52282399bf37d4ebbfd34b0790ab7542ddb211cfd09f69c421afce17d46d5bcb7324b4024cdf2c41bdc3377e061908917f4f914dfd3a7b39b7dbdc720a2e398e10c76d06275106ea16df8664fb70f169c5c32a4bde1e4ca8600fb35d7fe281059e5c0d4291e2deec287f7f583c6cc5e89e5b4d76fa7c401afeead64cfbe463cc4108590f2332a50d"}}, &(0x7f00000013c0)={0x0, 0x3, 0x25, @string={0x25, 0x3, "e5fbd8106c11cc30f988f0df0bbe81cea03213a6254c91543b9628274ea0d849fa6465"}}}, &(0x7f0000001740)={0x34, &(0x7f0000001440)={0x40, 0x9, 0xdd, "a03b34d6c147a2eb08f378308b31d6af929fb5548fa5a58e071d8956e6bd610469cb0d2891209acdad1b8eb8ce3717f9052b0b832aa540ed7bbb729f4ebb72847faae72371924201acfe28a71a4cfc3e86798901089ba3b7e94b257f8f3950b0c7b541f72b7fb363f3cfa0570a83bc1bd1069cea671932d537649ca937073480e715637268c2811eb1cbb1f33e20abccb9e1afb1a2805c17e9212879965988c88522e5d61f90c1db764ee665f45297d995b73f9a89fac48d9d58195274e08c8020536573d0fe7c7f021ea67e36e89b7b7fea1c1b35496a0bff5eb4e3d2"}, &(0x7f0000001540)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000001580)={0x0, 0x8, 0x1, 0x7}, &(0x7f00000015c0)=ANY=[@ANYBLOB="2000f100000000efc11d7555de159989e88c2ebf0726114f48e0337758ac6e8e3f704a812f6a19ea0f479a41efe54a417d4cacbc843ae833a3ae743faf7cf0260fbd8a48e807b35e0e9f207cb99543c4285e03000000d72fdafcbfde247ffcbaf4f3a4e8a0f6bf09e06fbcc72b366f0d1be437ffef8b76e42c86093d6690240f07628add4064671475760543064fc3c05f28a8eb84c532f97f8b44f6137fa814737a4ea5475673bd7b5bddadf698cd50e4f1447a8869131bdccca633d7d53b4093ebd5e0fbc49eea7916e1a65d867f8761453b6f95340b270535602a644f8b46a3badf15dc89f3e6a589b2d2b4041dfcb7fb3bd5825ba8"], &(0x7f00000016c0)={0x20, 0x1, 0x1, 0x4}, &(0x7f0000001700)={0x20, 0x0, 0x1, 0xb4}}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000540)=ANY=[], 0x0, 0x0}) 2.972441597s ago: executing program 1 (id=1043): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000000), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r1}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d6fe682c6100000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000004"], 0x20000600}}, 0x0) (fail_nth: 3) 2.403785273s ago: executing program 1 (id=1044): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYRES64=r1, @ANYRESOCT=r0, @ANYRESDEC=r1], 0xfce) r2 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x240007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r3, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f00000006c0)="0d18687da3e7", 0x6}], 0x1}}], 0x1, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000002240)=""/4096, 0x1000, 0x0, 0x0}, &(0x7f0000000040)=0xfffffe03) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$printer(r2, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000080)="390000001300090468fe0700000000000000ff3f08000000480100100000000019002b", 0x23}], 0x1) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$fou(&(0x7f0000002b40), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r4, &(0x7f0000002c00)={0x0, 0x100000, &(0x7f0000002bc0)={&(0x7f0000000140)=ANY=[@ANYBLOB="010400009beaa49c705e0b0020226197451f18941fe4244a08eb44fd9c8fb9203561da47bbd3b64b64d5a4a2228803562d8539e80506c321758bd23bcd266bb69dca4d4b805fefc74af4889e37914fc35aff50163625ae91023d73376a3d60a49eab1b8f735e93a6a096a3440b267d6269206d2f6c5d49b4a101a4a7d7c1e904c0fcbc9d151aa0b0bb1c88ce472c0da1572eeebc8df1df14c4db39fa2d5168a4b6ec6daeb336cfb5c2c1b73466dc4036ede029991b265a33724cefa6f659a1a02be009", @ANYRES16=r5, @ANYBLOB="010000000000000000000100000006000a004e220000050002000a0000001400090000000000000000000000ffffac1e0001"], 0x38}}, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000080)=ANY=[@ANYBLOB="0100000000000000"]) syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) r6 = syz_open_dev$vbi(&(0x7f0000000100), 0x1, 0x2) ioctl$VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000380)={0x1, @pix={0x1, 0x2, 0x36315247, 0x0, 0x0, 0x0, 0x9, 0xfeedcafe, 0x3, 0x0, 0x1, 0x7}}) mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f000015d000/0x3000)=nil, &(0x7f00001fa000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000274000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000000000/0x3000)=nil, &(0x7f0000543000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0}, 0x68) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0) syz_usb_control_io$uac1(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000740)={0x2c, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0}) 2.188338772s ago: executing program 2 (id=1046): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) r2 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x2000, 0x0, 0x2ffffffff}, 0xc) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000, 0x6}, 0x7c) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_BT_VOICE(r4, 0x112, 0xb, 0x0, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x18, r6}, 0x10) setsockopt$MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000000)={0x0, 0x0, 0x2, r6, 0x80}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000200), 0x4) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @loopback}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0xfffffffffffffdd6, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @local}}}, @CTA_TUPLE_ZONE]}, @CTA_SEQ_ADJ_ORIG={0x0, 0xf, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x0, 0x2, 0x1, 0x0, 0x6}, @CTA_SEQADJ_CORRECTION_POS, @CTA_SEQADJ_OFFSET_BEFORE={0x0, 0x2, 0x1, 0x0, 0xfad2}, @CTA_SEQADJ_OFFSET_AFTER={0x0, 0x3, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x0, 0x3, 0x1, 0x0, 0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x0, 0x2, 0x1, 0x0, 0x9}, @CTA_SEQADJ_OFFSET_BEFORE={0x0, 0x2, 0x1, 0x0, 0x6}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x14, 0x2, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x8094}, 0x4) r8 = syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x20, 0x67, 0x9e, 0x8, 0xc72, 0x14, 0xc776, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x38, 0x0, 0x0, 0x1, 0x28, 0xff}}]}}]}}, 0x0) syz_usb_control_io$printer(r8, 0x0, &(0x7f0000000c40)={0x34, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r8, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) 1.71992205s ago: executing program 3 (id=1048): mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$kcm(0x2, 0x0, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 1.410126229s ago: executing program 3 (id=1049): mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0x200002, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c) listen(r1, 0x6) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) r3 = open$dir(&(0x7f0000000280)='./cgroup\x00', 0x1bc406731c15ef, 0x28) open_tree(r3, &(0x7f00000002c0)='./cgroup\x00', 0x901) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r4 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0) recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x3e8, 0x0, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) setsockopt$sock_int(r5, 0x1, 0x800000000f, &(0x7f0000000080)=0x7, 0x4) listen(r5, 0x0) ioctl$HIDIOCGRAWINFO(0xffffffffffffffff, 0x80084803, &(0x7f0000000200)=""/106) 822.847826ms ago: executing program 3 (id=1050): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001fc0)={{0x14}, [@NFT_MSG_DELSETELEM={0x20, 0xe, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x801, 0x0, 0x0, {0x7, 0x0, 0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x68}}, 0x0) (fail_nth: 3) 652.107231ms ago: executing program 3 (id=1051): r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) 597.455627ms ago: executing program 1 (id=1052): openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0) (async) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r2 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r2, 0x11b, 0x7, 0x0, &(0x7f0000000480)) (async) getsockopt$XDP_STATISTICS(r2, 0x11b, 0x7, 0x0, &(0x7f0000000480)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x103ff, 0x0, 0x5000, 0x2000, &(0x7f0000913000/0x2000)=nil}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x103ff, 0x0, 0x5000, 0x2000, &(0x7f0000913000/0x2000)=nil}) open_by_handle_at(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="1000"], 0x800) r4 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r4, &(0x7f0000000000), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', 0x0}) sendmsg$can_bcm(r4, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r5}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="01000000d6fe682c6100000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000004"], 0x20000600}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r4, &(0x7f0000000480)={&(0x7f0000000380)={0x1d, r6, 0x0, 0x4000}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[], 0x80}, 0x1, 0x0, 0x0, 0x4000}, 0x4044001) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) r7 = socket$igmp6(0xa, 0x3, 0x2) getsockopt$inet6_int(r7, 0x29, 0x7, 0x0, &(0x7f0000000dc0)) (async) getsockopt$inet6_int(r7, 0x29, 0x7, 0x0, &(0x7f0000000dc0)) 533.532366ms ago: executing program 3 (id=1053): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001fc0)={{0x14}, [@NFT_MSG_DELSETELEM={0x20, 0xe, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x801, 0x0, 0x0, {0x7, 0x0, 0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x68}}, 0x0) 420.895887ms ago: executing program 3 (id=1054): mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0x200002, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c) listen(r1, 0x6) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r2 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0xfffffdef}}, 0x0) recvfrom(0xffffffffffffffff, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x3e8, 0x0, 0x0) 300.027973ms ago: executing program 1 (id=1055): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, &(0x7f0000000080)={0x101, 0x2, 0x8, 0x3, 0x18, "9ed28913afdbcebcd93321530c2865a36ef6d3"}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001fc0)={{0x14}, [@NFT_MSG_DELSETELEM={0x20, 0xe, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x801, 0x0, 0x0, {0x7, 0x0, 0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x68}}, 0x0) 294.525715ms ago: executing program 1 (id=1056): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000480)={0x0, 0x8, 0x30, 0x80000000}, &(0x7f00000004c0)=0x18) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r1, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) getgroups(0x2, &(0x7f0000001080)=[0xee01, 0xffffffffffffffff]) keyctl$chown(0x4, r2, 0xee01, r3) keyctl$setperm(0x5, r2, 0x30925) keyctl$KEYCTL_MOVE(0x3, r2, 0x0, 0x0, 0x0) keyctl$revoke(0x3, r2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) mbind(&(0x7f0000384000/0x4000)=nil, 0x4000, 0x3, &(0x7f00000000c0)=0x1, 0x80000000, 0x7) sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in6=@remote}, {@in6=@remote, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0) mount(&(0x7f0000000080)=@loop={'/dev/loop', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='hfs\x00', 0x200000, 0x0) 103.270382ms ago: executing program 2 (id=1057): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="ab55", 0x2) r2 = accept$alg(r1, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000600), 0xfec8) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) splice(r2, 0x0, r3, 0x0, 0x7, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='net/rfcomm\x00') ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r4, 0xc0106407, &(0x7f0000000000)={0x1, 0x0, 0x1}) ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r0, 0x3b87, &(0x7f00000005c0)={0x18, 0x0, 0x1}) ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, 0x0) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r6 = dup(r5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r6, 0x2000) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r8 = dup(r7) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) write$binfmt_aout(r8, 0x0, 0xffffffdb) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, 0x0, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1000}) 0s ago: executing program 0 (id=1058): creat(&(0x7f0000001380)='./file0\x00', 0x4) r0 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x980912, 0x0, '\x00', @string=0x0}}) mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='romfs\x00', 0x8000, 0x0) kernel console output (not intermixed with test programs): 5318e929 [ 204.344067][ T8005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 204.344087][ T8005] RSP: 002b:00007fb053f1a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 204.344111][ T8005] RAX: ffffffffffffffda RBX: 00007fb0533b5fa0 RCX: 00007fb05318e929 [ 204.344127][ T8005] RDX: 000000000000059a RSI: 0000200000000580 RDI: 0000000000000003 [ 204.344142][ T8005] RBP: 00007fb053f1a090 R08: 0000000000000000 R09: 0000000000000000 [ 204.344157][ T8005] R10: 0000000010008095 R11: 0000000000000246 R12: 0000000000000001 [ 204.344170][ T8005] R13: 0000000000000000 R14: 00007fb0533b5fa0 R15: 00007ffd056630e8 [ 204.344205][ T8005] [ 204.615947][ T8009] netlink: 'syz.0.778': attribute type 10 has an invalid length. [ 204.623748][ T8009] netlink: 40 bytes leftover after parsing attributes in process `syz.0.778'. [ 204.634548][ T5885] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 204.644482][ T5885] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 204.656339][ T8009] batman_adv: batadv0: Adding interface: virt_wifi0 [ 204.663096][ T8009] batman_adv: batadv0: Interface activated: virt_wifi0 [ 204.684821][ T5885] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 204.705473][ T5885] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 204.714557][ T5885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.834995][ T5876] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 204.936584][ T5885] usb 3-1: usb_control_msg returned -32 [ 204.942263][ T5885] usbtmc 3-1:16.0: can't read capabilities [ 204.971421][ T5876] usb 2-1: device descriptor read/64, error -71 [ 205.031731][ T8014] exFAT-fs (rnullb0): invalid boot record signature [ 205.039499][ T8014] exFAT-fs (rnullb0): failed to read boot sector [ 205.047403][ T8014] exFAT-fs (rnullb0): failed to recognize exfat type [ 205.224929][ T5876] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 205.322424][ T8019] usbtmc 3-1:16.0: INITIATE_ABORT_BULK_OUT returned e [ 205.338566][ T8021] netlink: 277 bytes leftover after parsing attributes in process `syz.3.783'. [ 205.358018][ T5876] usb 2-1: device descriptor read/64, error -71 [ 205.475287][ T5876] usb usb2-port1: attempt power cycle [ 205.532042][ T24] usb 3-1: USB disconnect, device number 35 [ 205.589099][ T5885] usb 1-1: new full-speed USB device number 38 using dummy_hcd [ 205.605087][ T5831] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 205.748385][ T5885] usb 1-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 205.760206][ T5885] usb 1-1: config 1 interface 0 has no altsetting 0 [ 205.769291][ T5831] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 205.770549][ T5885] usb 1-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40 [ 205.781689][ T5831] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 205.791197][ T5885] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.805812][ T5831] usb 4-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 205.805844][ T5831] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.805865][ T5831] usb 4-1: Product: syz [ 205.805881][ T5831] usb 4-1: Manufacturer: syz [ 205.805897][ T5831] usb 4-1: SerialNumber: syz [ 205.817076][ T5831] usb 4-1: config 0 descriptor?? [ 205.824694][ T5876] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 205.850624][ T5885] usb 1-1: Product: syz [ 205.854968][ T5885] usb 1-1: Manufacturer: syz [ 205.859600][ T5885] usb 1-1: SerialNumber: syz [ 205.887856][ T5876] usb 2-1: device descriptor read/8, error -71 [ 206.045433][ T30] audit: type=1800 audit(1751596860.644:3): pid=8021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.783" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 206.083823][ T24] usb 4-1: USB disconnect, device number 43 [ 206.117690][ T8025] FAULT_INJECTION: forcing a failure. [ 206.117690][ T8025] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 206.120002][ T5885] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input36 [ 206.131090][ T8025] CPU: 0 UID: 0 PID: 8025 Comm: syz.2.784 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 206.131123][ T8025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 206.131139][ T8025] Call Trace: [ 206.131151][ T8025] [ 206.131161][ T8025] dump_stack_lvl+0x189/0x250 [ 206.131196][ T8025] ? __pfx____ratelimit+0x10/0x10 [ 206.131226][ T8025] ? __pfx_dump_stack_lvl+0x10/0x10 [ 206.131252][ T8025] ? __pfx__printk+0x10/0x10 [ 206.131291][ T8025] should_fail_ex+0x414/0x560 [ 206.131333][ T8025] _copy_to_user+0x31/0xb0 [ 206.131359][ T8025] simple_read_from_buffer+0xe1/0x170 [ 206.131396][ T8025] proc_fail_nth_read+0x1df/0x250 [ 206.131423][ T8025] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 206.131447][ T8025] ? rw_verify_area+0x258/0x650 [ 206.131473][ T8025] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 206.131498][ T8025] vfs_read+0x200/0x980 [ 206.131529][ T8025] ? __pfx___mutex_lock+0x10/0x10 [ 206.131560][ T8025] ? __pfx_vfs_read+0x10/0x10 [ 206.131588][ T8025] ? __fget_files+0x2a/0x420 [ 206.131625][ T8025] ? __fget_files+0x3a0/0x420 [ 206.131654][ T8025] ? __fget_files+0x2a/0x420 [ 206.131695][ T8025] ksys_read+0x145/0x250 [ 206.131725][ T8025] ? __pfx_ksys_read+0x10/0x10 [ 206.131748][ T8025] ? rcu_is_watching+0x15/0xb0 [ 206.131777][ T8025] ? do_syscall_64+0xbe/0x3b0 [ 206.131809][ T8025] do_syscall_64+0xfa/0x3b0 [ 206.131838][ T8025] ? lockdep_hardirqs_on+0x9c/0x150 [ 206.131866][ T8025] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.131887][ T8025] ? clear_bhb_loop+0x60/0xb0 [ 206.131915][ T8025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.131937][ T8025] RIP: 0033:0x7f8f7918d33c [ 206.131959][ T8025] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 206.131979][ T8025] RSP: 002b:00007f8f79f98030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 206.132002][ T8025] RAX: ffffffffffffffda RBX: 00007f8f793b5fa0 RCX: 00007f8f7918d33c [ 206.132019][ T8025] RDX: 000000000000000f RSI: 00007f8f79f980a0 RDI: 0000000000000004 [ 206.132034][ T8025] RBP: 00007f8f79f98090 R08: 0000000000000000 R09: 0000000000000000 [ 206.132047][ T8025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 206.132068][ T8025] R13: 0000000000000000 R14: 00007f8f793b5fa0 R15: 00007ffed3ee2738 [ 206.132104][ T8025] [ 206.303500][ T8027] netlink: 164 bytes leftover after parsing attributes in process `syz.2.785'. [ 206.310074][ T5876] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 206.421345][ T5876] usb 2-1: device descriptor read/8, error -71 [ 206.428684][ T5885] usb 1-1: USB disconnect, device number 38 [ 206.489592][ T8029] Can't find a SQUASHFS superblock on rnullb0 [ 206.535600][ T5876] usb usb2-port1: unable to enumerate USB device [ 207.004887][ T5885] usb 1-1: new full-speed USB device number 39 using dummy_hcd [ 207.157882][ T5885] usb 1-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 207.169141][ T5885] usb 1-1: config 1 interface 0 has no altsetting 0 [ 207.177861][ T5885] usb 1-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40 [ 207.187224][ T5885] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.195309][ T5885] usb 1-1: Product: syz [ 207.204817][ T5885] usb 1-1: Manufacturer: syz [ 207.209455][ T5885] usb 1-1: SerialNumber: syz [ 207.360965][ T8038] netlink: 'syz.1.790': attribute type 33 has an invalid length. [ 207.369090][ T8038] netlink: 152 bytes leftover after parsing attributes in process `syz.1.790'. [ 207.461447][ T5885] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input37 [ 207.522908][ T5885] usb 1-1: USB disconnect, device number 39 [ 207.570302][ T8040] Can't find a SQUASHFS superblock on rnullb0 [ 207.720388][ T8045] netlink: 12 bytes leftover after parsing attributes in process `syz.2.793'. [ 207.864924][ T24] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 207.965003][ T5835] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 207.980616][ T8052] FAULT_INJECTION: forcing a failure. [ 207.980616][ T8052] name failslab, interval 1, probability 0, space 0, times 0 [ 207.997002][ T8052] CPU: 1 UID: 0 PID: 8052 Comm: syz.2.796 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 207.997033][ T8052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 207.997047][ T8052] Call Trace: [ 207.997055][ T8052] [ 207.997064][ T8052] dump_stack_lvl+0x189/0x250 [ 207.997093][ T8052] ? __pfx____ratelimit+0x10/0x10 [ 207.997120][ T8052] ? __pfx_dump_stack_lvl+0x10/0x10 [ 207.997143][ T8052] ? __pfx__printk+0x10/0x10 [ 207.997173][ T8052] ? __pfx___might_resched+0x10/0x10 [ 207.997198][ T8052] should_fail_ex+0x414/0x560 [ 207.997235][ T8052] should_failslab+0xa8/0x100 [ 207.997262][ T8052] __kmalloc_cache_noprof+0x70/0x3d0 [ 207.997285][ T8052] ? vt_do_diacrit+0x15e/0xa40 [ 207.997312][ T8052] vt_do_diacrit+0x15e/0xa40 [ 207.997340][ T8052] vt_ioctl+0x101a/0x1f00 [ 207.997376][ T8052] ? __pfx_vt_ioctl+0x10/0x10 [ 207.997421][ T8052] ? __fget_files+0x2a/0x420 [ 207.997453][ T8052] ? __fget_files+0x3a0/0x420 [ 207.997479][ T8052] ? __fget_files+0x2a/0x420 [ 207.997509][ T8052] tty_ioctl+0x926/0xde0 [ 207.997532][ T8052] ? __pfx_tty_ioctl+0x10/0x10 [ 207.997554][ T8052] __se_sys_ioctl+0xf9/0x170 [ 207.997580][ T8052] do_syscall_64+0xfa/0x3b0 [ 207.997606][ T8052] ? lockdep_hardirqs_on+0x9c/0x150 [ 207.997631][ T8052] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.997651][ T8052] ? clear_bhb_loop+0x60/0xb0 [ 207.997676][ T8052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.997695][ T8052] RIP: 0033:0x7f8f7918e929 [ 207.997713][ T8052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 207.997732][ T8052] RSP: 002b:00007f8f79f98038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 207.997754][ T8052] RAX: ffffffffffffffda RBX: 00007f8f793b5fa0 RCX: 00007f8f7918e929 [ 207.997769][ T8052] RDX: 0000000000000000 RSI: 0000000000004b4a RDI: 0000000000000003 [ 207.997781][ T8052] RBP: 00007f8f79f98090 R08: 0000000000000000 R09: 0000000000000000 [ 207.997794][ T8052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 207.997806][ T8052] R13: 0000000000000000 R14: 00007f8f793b5fa0 R15: 00007ffed3ee2738 [ 207.997837][ T8052] [ 208.029911][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 208.039342][ T24] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 208.039403][ T24] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 208.039428][ T24] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 208.039455][ T24] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 208.039481][ T24] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 208.039525][ T24] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 208.039550][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.095093][ T5835] usb 4-1: device descriptor read/64, error -71 [ 208.406605][ T24] usb 2-1: usb_control_msg returned -32 [ 208.412358][ T24] usbtmc 2-1:16.0: can't read capabilities [ 208.555946][ T5835] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 208.580953][ T8063] FAULT_INJECTION: forcing a failure. [ 208.580953][ T8063] name failslab, interval 1, probability 0, space 0, times 0 [ 208.594286][ T5876] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 208.596308][ T8063] CPU: 0 UID: 0 PID: 8063 Comm: syz.0.799 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 208.596340][ T8063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 208.596353][ T8063] Call Trace: [ 208.596362][ T8063] [ 208.596374][ T8063] dump_stack_lvl+0x189/0x250 [ 208.596405][ T8063] ? __pfx____ratelimit+0x10/0x10 [ 208.596437][ T8063] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.596462][ T8063] ? __pfx__printk+0x10/0x10 [ 208.596495][ T8063] ? __pfx___might_resched+0x10/0x10 [ 208.596516][ T8063] ? fs_reclaim_acquire+0x7d/0x100 [ 208.596551][ T8063] should_fail_ex+0x414/0x560 [ 208.596594][ T8063] should_failslab+0xa8/0x100 [ 208.596632][ T8063] __kmalloc_noprof+0xcb/0x4f0 [ 208.596657][ T8063] ? kfree+0x4d/0x440 [ 208.596676][ T8063] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 208.596710][ T8063] tomoyo_realpath_from_path+0xe3/0x5d0 [ 208.596739][ T8063] ? tomoyo_domain+0xd9/0x130 [ 208.596773][ T8063] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 208.596808][ T8063] tomoyo_path_number_perm+0x1e8/0x5a0 [ 208.596846][ T8063] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 208.596901][ T8063] ? __lock_acquire+0xab9/0xd20 [ 208.596959][ T8063] ? __fget_files+0x2a/0x420 [ 208.596992][ T8063] ? __fget_files+0x2a/0x420 [ 208.597020][ T8063] ? __fget_files+0x3a0/0x420 [ 208.597050][ T8063] ? __fget_files+0x2a/0x420 [ 208.597086][ T8063] security_file_ioctl+0xcb/0x2d0 [ 208.597122][ T8063] __se_sys_ioctl+0x47/0x170 [ 208.597149][ T8063] do_syscall_64+0xfa/0x3b0 [ 208.597178][ T8063] ? lockdep_hardirqs_on+0x9c/0x150 [ 208.597207][ T8063] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.597230][ T8063] ? clear_bhb_loop+0x60/0xb0 [ 208.597258][ T8063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.597280][ T8063] RIP: 0033:0x7f4fba18e52b [ 208.597302][ T8063] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 208.597321][ T8063] RSP: 002b:00007f4fbb009490 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 208.597346][ T8063] RAX: ffffffffffffffda RBX: 00007f4fbb009be0 RCX: 00007f4fba18e52b [ 208.597362][ T8063] RDX: 00007f4fbb009be0 RSI: 000000004020ae46 RDI: 0000000000000007 [ 208.597377][ T8063] RBP: 0000000000000007 R08: 0000000000000001 R09: 0000000000000001 [ 208.597391][ T8063] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001 [ 208.597404][ T8063] R13: 000020000000b000 R14: 000020000000a000 R15: 00000000fec00000 [ 208.597440][ T8063] [ 208.598315][ T8063] ERROR: Out of memory at tomoyo_realpath_from_path. [ 208.765011][ T5876] usb 3-1: Using ep0 maxpacket: 8 [ 208.825163][ T5835] usb 4-1: device descriptor read/64, error -71 [ 208.832275][ T5876] usb 3-1: no configurations [ 208.875301][ T5876] usb 3-1: can't read configurations, error -22 [ 208.965097][ T5835] usb usb4-port1: attempt power cycle [ 208.979125][ T8066] netlink: 164 bytes leftover after parsing attributes in process `syz.0.800'. [ 209.014968][ T5876] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 209.103012][ T8070] program syz.0.802 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 209.122007][ T8071] usbtmc 2-1:16.0: usb_control_msg returned -32 [ 209.122649][ T8070] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found [ 209.137907][ T8070] UDF-fs: Scanning with blocksize 4096 failed [ 209.198184][ T5876] usb 3-1: Using ep0 maxpacket: 8 [ 209.209577][ T5876] usb 3-1: no configurations [ 209.214222][ T5876] usb 3-1: can't read configurations, error -22 [ 209.228631][ T5876] usb usb3-port1: attempt power cycle [ 209.248360][ T8073] FAULT_INJECTION: forcing a failure. [ 209.248360][ T8073] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 209.262549][ T8073] CPU: 0 UID: 0 PID: 8073 Comm: syz.0.803 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 209.262578][ T8073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 209.262592][ T8073] Call Trace: [ 209.262601][ T8073] [ 209.262609][ T8073] dump_stack_lvl+0x189/0x250 [ 209.262637][ T8073] ? __pfx____ratelimit+0x10/0x10 [ 209.262663][ T8073] ? __pfx_dump_stack_lvl+0x10/0x10 [ 209.262685][ T8073] ? __pfx__printk+0x10/0x10 [ 209.262714][ T8073] ? __might_fault+0xb0/0x130 [ 209.262748][ T8073] should_fail_ex+0x414/0x560 [ 209.262779][ T8073] _copy_from_user+0x2d/0xb0 [ 209.262797][ T8073] ___sys_recvmsg+0x12e/0x510 [ 209.262817][ T8073] ? __pfx____sys_recvmsg+0x10/0x10 [ 209.262861][ T8073] ? __might_fault+0xb0/0x130 [ 209.262881][ T8073] do_recvmmsg+0x307/0x770 [ 209.262912][ T8073] ? __pfx_do_recvmmsg+0x10/0x10 [ 209.262946][ T8073] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 209.262991][ T8073] __x64_sys_recvmmsg+0x190/0x240 [ 209.263014][ T8073] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 209.263028][ T8073] ? rcu_is_watching+0x15/0xb0 [ 209.263046][ T8073] ? do_syscall_64+0xbe/0x3b0 [ 209.263068][ T8073] do_syscall_64+0xfa/0x3b0 [ 209.263086][ T8073] ? lockdep_hardirqs_on+0x9c/0x150 [ 209.263104][ T8073] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.263118][ T8073] ? clear_bhb_loop+0x60/0xb0 [ 209.263135][ T8073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.263149][ T8073] RIP: 0033:0x7f4fba18e929 [ 209.263162][ T8073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.263174][ T8073] RSP: 002b:00007f4fbb00b038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 209.263190][ T8073] RAX: ffffffffffffffda RBX: 00007f4fba3b5fa0 RCX: 00007f4fba18e929 [ 209.263201][ T8073] RDX: 0000000000001003 RSI: 00002000000048c0 RDI: 0000000000000003 [ 209.263210][ T8073] RBP: 00007f4fbb00b090 R08: 0000000000000000 R09: 0000000000000000 [ 209.263219][ T8073] R10: 0000000000010122 R11: 0000000000000246 R12: 0000000000000001 [ 209.263228][ T8073] R13: 0000000000000000 R14: 00007f4fba3b5fa0 R15: 00007ffe646ead48 [ 209.263249][ T8073] [ 209.478193][ T5835] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 209.500739][ T5831] usb 2-1: USB disconnect, device number 30 [ 209.510647][ T5835] usb 4-1: device descriptor read/8, error -71 [ 209.595134][ T5876] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 209.631118][ T5876] usb 3-1: Using ep0 maxpacket: 8 [ 209.640745][ T5876] usb 3-1: no configurations [ 209.654463][ T5876] usb 3-1: can't read configurations, error -22 [ 209.754889][ T5835] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 209.785438][ T5835] usb 4-1: device descriptor read/8, error -71 [ 209.804881][ T5876] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 209.827609][ T5876] usb 3-1: Using ep0 maxpacket: 8 [ 209.833555][ T5876] usb 3-1: no configurations [ 209.843194][ T5876] usb 3-1: can't read configurations, error -22 [ 209.852975][ T5876] usb usb3-port1: unable to enumerate USB device [ 209.895301][ T5835] usb usb4-port1: unable to enumerate USB device [ 210.154442][ T8085] Can't find a SQUASHFS superblock on rnullb0 [ 210.314861][ T5831] usb 2-1: new full-speed USB device number 31 using dummy_hcd [ 210.470661][ T8090] netlink: 'syz.3.810': attribute type 33 has an invalid length. [ 210.495597][ T8090] netlink: 164 bytes leftover after parsing attributes in process `syz.3.810'. [ 210.510244][ T5831] usb 2-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 210.524146][ T5831] usb 2-1: config 1 interface 0 has no altsetting 0 [ 210.538546][ T5831] usb 2-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40 [ 210.548619][ T5831] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.559123][ T5831] usb 2-1: Product: syz [ 210.563326][ T5831] usb 2-1: Manufacturer: syz [ 210.568932][ T5831] usb 2-1: SerialNumber: syz [ 210.672943][ T8097] Can't find a SQUASHFS superblock on rnullb0 [ 210.812099][ T5831] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input38 [ 210.844649][ T5831] usb 2-1: USB disconnect, device number 31 [ 211.054901][ T24] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 211.135279][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 211.234862][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 211.249458][ T24] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 211.265885][ T8107] usb usb8: usbfs: process 8107 (syz.0.818) did not claim interface 0 before use [ 211.277341][ T24] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 211.287893][ T8107] FAULT_INJECTION: forcing a failure. [ 211.287893][ T8107] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 211.301263][ T24] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 211.317379][ T24] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 211.330033][ T8107] CPU: 1 UID: 0 PID: 8107 Comm: syz.0.818 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 211.330062][ T8107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 211.330075][ T8107] Call Trace: [ 211.330083][ T8107] [ 211.330091][ T8107] dump_stack_lvl+0x189/0x250 [ 211.330120][ T8107] ? __pfx____ratelimit+0x10/0x10 [ 211.330147][ T8107] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.330170][ T8107] ? __pfx__printk+0x10/0x10 [ 211.330228][ T8107] should_fail_ex+0x414/0x560 [ 211.330267][ T8107] _copy_to_user+0x31/0xb0 [ 211.330290][ T8107] simple_read_from_buffer+0xe1/0x170 [ 211.330323][ T8107] proc_fail_nth_read+0x1df/0x250 [ 211.330346][ T8107] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 211.330369][ T8107] ? rw_verify_area+0x258/0x650 [ 211.330392][ T8107] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 211.330413][ T8107] vfs_read+0x200/0x980 [ 211.330443][ T8107] ? __pfx___mutex_lock+0x10/0x10 [ 211.330471][ T8107] ? __pfx_vfs_read+0x10/0x10 [ 211.330501][ T8107] ? __fget_files+0x2a/0x420 [ 211.330534][ T8107] ? __fget_files+0x3a0/0x420 [ 211.330560][ T8107] ? __fget_files+0x2a/0x420 [ 211.330598][ T8107] ksys_read+0x145/0x250 [ 211.330646][ T8107] ? __fget_files+0x3a0/0x420 [ 211.330674][ T8107] ? __pfx_ksys_read+0x10/0x10 [ 211.330714][ T8107] ? do_syscall_64+0xbe/0x3b0 [ 211.330745][ T8107] do_syscall_64+0xfa/0x3b0 [ 211.330771][ T8107] ? lockdep_hardirqs_on+0x9c/0x150 [ 211.330797][ T8107] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.330816][ T8107] ? clear_bhb_loop+0x60/0xb0 [ 211.330841][ T8107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.330860][ T8107] RIP: 0033:0x7f4fba18d33c [ 211.330878][ T8107] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 211.330896][ T8107] RSP: 002b:00007f4fbb00b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 211.330916][ T8107] RAX: ffffffffffffffda RBX: 00007f4fba3b5fa0 RCX: 00007f4fba18d33c [ 211.330931][ T8107] RDX: 000000000000000f RSI: 00007f4fbb00b0a0 RDI: 0000000000000004 [ 211.330944][ T8107] RBP: 00007f4fbb00b090 R08: 0000000000000000 R09: 0000000000000000 [ 211.330957][ T8107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.330969][ T8107] R13: 0000000000000000 R14: 00007f4fba3b5fa0 R15: 00007ffe646ead48 [ 211.331000][ T8107] [ 211.582301][ T24] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 211.595382][ T24] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 211.604459][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.777759][ T5838] Bluetooth: hci0: command 0x0406 tx timeout [ 211.783932][ T5838] Bluetooth: hci2: command 0x0406 tx timeout [ 211.790253][ T5837] Bluetooth: hci1: command 0x0406 tx timeout [ 211.895169][ T5885] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 211.909079][ T24] usb 4-1: usb_control_msg returned -32 [ 211.914875][ T24] usbtmc 4-1:16.0: can't read capabilities [ 211.946406][ T5831] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 211.982532][ T8125] netlink: 'syz.2.824': attribute type 33 has an invalid length. [ 211.991759][ T8125] netlink: 152 bytes leftover after parsing attributes in process `syz.2.824'. [ 212.055704][ T8127] Can't find a SQUASHFS superblock on rnullb0 [ 212.074836][ T5885] usb 2-1: Using ep0 maxpacket: 16 [ 212.081345][ T5885] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 212.092971][ T5885] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 212.102792][ T5885] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 212.105007][ T5831] usb 1-1: Using ep0 maxpacket: 8 [ 212.116031][ T5885] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 212.135664][ T5831] usb 1-1: config 2 has an invalid interface number: 76 but max is 0 [ 212.151004][ T5831] usb 1-1: config 2 has no interface number 0 [ 212.151008][ T5885] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.167471][ T5831] usb 1-1: config 2 interface 76 altsetting 9 endpoint 0xB has an invalid bInterval 252, changing to 11 [ 212.169479][ T5885] usb 2-1: config 0 descriptor?? [ 212.178959][ T5831] usb 1-1: config 2 interface 76 altsetting 9 has an invalid endpoint descriptor of length 4, skipping [ 212.199990][ T5831] usb 1-1: config 2 interface 76 altsetting 9 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 212.213542][ T5831] usb 1-1: config 2 interface 76 has no altsetting 0 [ 212.231491][ T5831] usb 1-1: New USB device found, idVendor=10cf, idProduct=8062, bcdDevice=50.79 [ 212.241105][ T5831] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.249471][ T5831] usb 1-1: Product: syz [ 212.254312][ T5831] usb 1-1: Manufacturer: syz [ 212.259271][ T5831] usb 1-1: SerialNumber: syz [ 212.280377][ T8113] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 212.623674][ T5885] HID 045e:07da: Invalid code 65791 type 1 [ 212.648896][ T5885] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0006/input/input39 [ 212.668466][ T8134] usbtmc 4-1:16.0: usb_control_msg returned -32 [ 212.693453][ T5885] microsoft 0003:045E:07DA.0006: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 212.822052][ T5835] usb 2-1: USB disconnect, device number 32 [ 212.888436][ T5885] usb 4-1: USB disconnect, device number 48 [ 212.895395][ T10] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 213.084846][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 213.090653][ T10] usb 3-1: no configurations [ 213.095801][ T10] usb 3-1: can't read configurations, error -22 [ 213.224992][ T10] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 213.375227][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 213.382893][ T10] usb 3-1: no configurations [ 213.387777][ T10] usb 3-1: can't read configurations, error -22 [ 213.394701][ T10] usb usb3-port1: attempt power cycle [ 213.434074][ T8138] FAULT_INJECTION: forcing a failure. [ 213.434074][ T8138] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 213.464863][ T8138] CPU: 1 UID: 0 PID: 8138 Comm: syz.1.828 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 213.464893][ T8138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 213.464905][ T8138] Call Trace: [ 213.464913][ T8138] [ 213.464921][ T8138] dump_stack_lvl+0x189/0x250 [ 213.464949][ T8138] ? __pfx____ratelimit+0x10/0x10 [ 213.464976][ T8138] ? __pfx_dump_stack_lvl+0x10/0x10 [ 213.465004][ T8138] ? __pfx__printk+0x10/0x10 [ 213.465028][ T8138] ? __might_fault+0xb0/0x130 [ 213.465062][ T8138] should_fail_ex+0x414/0x560 [ 213.465100][ T8138] _copy_from_user+0x2d/0xb0 [ 213.465121][ T8138] hidp_sock_ioctl+0x257/0x560 [ 213.465152][ T8138] ? __pfx_hidp_sock_ioctl+0x10/0x10 [ 213.465232][ T8138] ? do_vfs_ioctl+0xbe8/0x1430 [ 213.465266][ T8138] sock_do_ioctl+0xd9/0x300 [ 213.465294][ T8138] ? __pfx_sock_do_ioctl+0x10/0x10 [ 213.465316][ T8138] ? __lock_acquire+0xab9/0xd20 [ 213.465360][ T8138] sock_ioctl+0x576/0x790 [ 213.465384][ T8138] ? __pfx_sock_ioctl+0x10/0x10 [ 213.465407][ T8138] ? __fget_files+0x2a/0x420 [ 213.465434][ T8138] ? __fget_files+0x3a0/0x420 [ 213.465459][ T8138] ? __fget_files+0x2a/0x420 [ 213.465490][ T8138] ? bpf_lsm_file_ioctl+0x9/0x20 [ 213.465509][ T8138] ? __pfx_sock_ioctl+0x10/0x10 [ 213.465532][ T8138] __se_sys_ioctl+0xf9/0x170 [ 213.465556][ T8138] do_syscall_64+0xfa/0x3b0 [ 213.465582][ T8138] ? lockdep_hardirqs_on+0x9c/0x150 [ 213.465608][ T8138] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.465628][ T8138] ? clear_bhb_loop+0x60/0xb0 [ 213.465653][ T8138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.465672][ T8138] RIP: 0033:0x7f2fd378e929 [ 213.465691][ T8138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 213.465709][ T8138] RSP: 002b:00007f2fd45a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 213.465730][ T8138] RAX: ffffffffffffffda RBX: 00007f2fd39b6080 RCX: 00007f2fd378e929 [ 213.465746][ T8138] RDX: 0000200000000340 RSI: 00000000400448c8 RDI: 0000000000000005 [ 213.465759][ T8138] RBP: 00007f2fd45a5090 R08: 0000000000000000 R09: 0000000000000000 [ 213.465772][ T8138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 213.465784][ T8138] R13: 0000000000000000 R14: 00007f2fd39b6080 R15: 00007ffd7e61bb18 [ 213.465815][ T8138] [ 213.765019][ T10] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 213.786142][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 213.793248][ T10] usb 3-1: no configurations [ 213.799374][ T10] usb 3-1: can't read configurations, error -22 [ 213.935036][ T10] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 213.954835][ T5885] usb 4-1: new full-speed USB device number 49 using dummy_hcd [ 213.965600][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 213.972978][ T10] usb 3-1: no configurations [ 213.978557][ T10] usb 3-1: can't read configurations, error -22 [ 213.987411][ T10] usb usb3-port1: unable to enumerate USB device [ 214.107236][ T5885] usb 4-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 214.118470][ T5885] usb 4-1: config 1 interface 0 has no altsetting 0 [ 214.129064][ T5885] usb 4-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40 [ 214.138577][ T5885] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.147911][ T5885] usb 4-1: Product: syz [ 214.152429][ T5885] usb 4-1: Manufacturer: syz [ 214.157199][ T5885] usb 4-1: SerialNumber: syz [ 214.298237][ T8142] FAULT_INJECTION: forcing a failure. [ 214.298237][ T8142] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 214.311650][ T8142] CPU: 0 UID: 0 PID: 8142 Comm: syz.1.830 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 214.311680][ T8142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 214.311692][ T8142] Call Trace: [ 214.311701][ T8142] [ 214.311710][ T8142] dump_stack_lvl+0x189/0x250 [ 214.311742][ T8142] ? __pfx____ratelimit+0x10/0x10 [ 214.311768][ T8142] ? __pfx_dump_stack_lvl+0x10/0x10 [ 214.311792][ T8142] ? __pfx__printk+0x10/0x10 [ 214.311810][ T8142] ? __might_fault+0xb0/0x130 [ 214.311835][ T8142] should_fail_ex+0x414/0x560 [ 214.311870][ T8142] _copy_from_user+0x2d/0xb0 [ 214.311893][ T8142] proc_submiturb+0xb5/0x160 [ 214.311925][ T8142] ? __pfx_proc_submiturb+0x10/0x10 [ 214.311970][ T8142] usbdev_ioctl+0x10e7/0x20c0 [ 214.311997][ T8142] ? __pfx_usbdev_ioctl+0x10/0x10 [ 214.312021][ T8142] ? __fget_files+0x2a/0x420 [ 214.312049][ T8142] ? __fget_files+0x3a0/0x420 [ 214.312074][ T8142] ? __fget_files+0x2a/0x420 [ 214.312105][ T8142] ? bpf_lsm_file_ioctl+0x9/0x20 [ 214.312127][ T8142] ? __pfx_usbdev_ioctl+0x10/0x10 [ 214.312148][ T8142] __se_sys_ioctl+0xf9/0x170 [ 214.312170][ T8142] do_syscall_64+0xfa/0x3b0 [ 214.312197][ T8142] ? lockdep_hardirqs_on+0x9c/0x150 [ 214.312222][ T8142] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.312241][ T8142] ? clear_bhb_loop+0x60/0xb0 [ 214.312264][ T8142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.312279][ T8142] RIP: 0033:0x7f2fd378e929 [ 214.312292][ T8142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 214.312304][ T8142] RSP: 002b:00007f2fd45c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 214.312324][ T8142] RAX: ffffffffffffffda RBX: 00007f2fd39b5fa0 RCX: 00007f2fd378e929 [ 214.312340][ T8142] RDX: 0000200000000000 RSI: 000000008038550a RDI: 0000000000000007 [ 214.312354][ T8142] RBP: 00007f2fd45c6090 R08: 0000000000000000 R09: 0000000000000000 [ 214.312366][ T8142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 214.312377][ T8142] R13: 0000000000000000 R14: 00007f2fd39b5fa0 R15: 00007ffd7e61bb18 [ 214.312407][ T8142] [ 214.526018][ C0] vkms_vblank_simulate: vblank timer overrun [ 214.563293][ T5885] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input40 [ 214.575009][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 214.594593][ T5885] usb 4-1: USB disconnect, device number 49 [ 214.741859][ T5831] vmk80xx 1-1:2.76: driver 'vmk80xx' failed to auto-configure device. [ 214.761858][ T5831] usb 1-1: USB disconnect, device number 40 [ 214.882402][ T8148] netlink: 'syz.0.833': attribute type 33 has an invalid length. [ 214.890425][ T8148] netlink: 152 bytes leftover after parsing attributes in process `syz.0.833'. [ 214.948627][ T8150] program syz.0.834 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 215.034857][ T10] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 215.132390][ T8153] netlink: 'syz.3.835': attribute type 33 has an invalid length. [ 215.143707][ T8153] netlink: 164 bytes leftover after parsing attributes in process `syz.3.835'. [ 215.186685][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 215.193824][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 215.209418][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 215.222637][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 215.236064][ T10] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 215.244950][ T5876] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 215.245205][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.265349][ T10] usb 2-1: config 0 descriptor?? [ 215.425318][ T5876] usb 1-1: Using ep0 maxpacket: 32 [ 215.441834][ T5876] usb 1-1: unable to get BOS descriptor or descriptor too short [ 215.454261][ T5876] usb 1-1: config 3 has an invalid interface number: 220 but max is 0 [ 215.464059][ T5876] usb 1-1: config 3 has no interface number 0 [ 215.479951][ T5876] usb 1-1: config 3 interface 220 has no altsetting 0 [ 215.490405][ T5876] usb 1-1: New USB device found, idVendor=0867, idProduct=9812, bcdDevice=f6.e8 [ 215.504360][ T5876] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.512554][ T5876] usb 1-1: Product: syz [ 215.519775][ T5876] usb 1-1: Manufacturer: syz [ 215.524508][ T5876] usb 1-1: SerialNumber: syz [ 215.694490][ T10] HID 045e:07da: Invalid code 65791 type 1 [ 215.726705][ T10] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0007/input/input41 [ 215.758769][ T8150] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 215.781515][ T10] microsoft 0003:045E:07DA.0007: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 215.821946][ T8150] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 215.822735][ T8167] netlink: 'syz.2.842': attribute type 33 has an invalid length. [ 215.859064][ T8150] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 215.887225][ T8146] FAULT_INJECTION: forcing a failure. [ 215.887225][ T8146] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 215.889183][ T8167] netlink: 152 bytes leftover after parsing attributes in process `syz.2.842'. [ 215.915475][ T8150] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 215.941546][ T8146] CPU: 1 UID: 0 PID: 8146 Comm: syz.1.832 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 215.941575][ T8146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 215.941588][ T8146] Call Trace: [ 215.941596][ T8146] [ 215.941604][ T8146] dump_stack_lvl+0x189/0x250 [ 215.941633][ T8146] ? __pfx____ratelimit+0x10/0x10 [ 215.941660][ T8146] ? __pfx_dump_stack_lvl+0x10/0x10 [ 215.941683][ T8146] ? __pfx__printk+0x10/0x10 [ 215.941706][ T8146] ? __might_fault+0xb0/0x130 [ 215.941741][ T8146] should_fail_ex+0x414/0x560 [ 215.941779][ T8146] _copy_from_user+0x2d/0xb0 [ 215.941800][ T8146] evdev_ioctl_handler+0x557/0x1f10 [ 215.941836][ T8146] ? do_vfs_ioctl+0xbe8/0x1430 [ 215.941861][ T8146] ? __pfx_evdev_ioctl_handler+0x10/0x10 [ 215.941906][ T8146] ? __lock_acquire+0xab9/0xd20 [ 215.941966][ T8146] ? __fget_files+0x2a/0x420 [ 215.941998][ T8146] ? bpf_lsm_file_ioctl+0x9/0x20 [ 215.942018][ T8146] ? __pfx_evdev_ioctl+0x10/0x10 [ 215.942045][ T8146] __se_sys_ioctl+0xf9/0x170 [ 215.942070][ T8146] do_syscall_64+0xfa/0x3b0 [ 215.942098][ T8146] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.942117][ T8146] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 215.942138][ T8146] ? clear_bhb_loop+0x60/0xb0 [ 215.942162][ T8146] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.942190][ T8146] RIP: 0033:0x7f2fd378e929 [ 215.942207][ T8146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.942224][ T8146] RSP: 002b:00007f2fd45c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 215.942245][ T8146] RAX: ffffffffffffffda RBX: 00007f2fd39b5fa0 RCX: 00007f2fd378e929 [ 215.942260][ T8146] RDX: 0000200000000100 RSI: 0000000080284504 RDI: 0000000000000004 [ 215.942273][ T8146] RBP: 00007f2fd45c6090 R08: 0000000000000000 R09: 0000000000000000 [ 215.942286][ T8146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 215.942298][ T8146] R13: 0000000000000000 R14: 00007f2fd39b5fa0 R15: 00007ffd7e61bb18 [ 215.942329][ T8146] [ 216.174580][ T8170] Can't find a SQUASHFS superblock on rnullb0 [ 216.232075][ T5915] usb 2-1: USB disconnect, device number 33 [ 216.242030][ T5876] comedi comedi0: Wrong number of endpoints [ 216.252078][ T5876] dt9812 1-1:3.220: driver 'dt9812' failed to auto-configure device. [ 216.282922][ T8173] Can't find a SQUASHFS superblock on rnullb0 [ 216.310551][ T5876] usb 1-1: USB disconnect, device number 41 [ 216.643482][ T8176] netlink: 'syz.3.845': attribute type 33 has an invalid length. [ 216.654607][ T8176] netlink: 164 bytes leftover after parsing attributes in process `syz.3.845'. [ 216.796079][ T8179] tap0: tun_chr_ioctl cmd 1074025677 [ 216.801612][ T8179] tap0: linktype set to 776 [ 217.295085][ T8189] Can't find a SQUASHFS superblock on rnullb0 [ 217.376521][ T8194] tmpfs: Bad value for 'mpol' [ 217.624912][ T5915] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 217.794993][ T5915] usb 3-1: Using ep0 maxpacket: 8 [ 217.814591][ T5915] usb 3-1: no configurations [ 217.827146][ T5915] usb 3-1: can't read configurations, error -22 [ 217.885317][ T8200] syz.3.854 (8200): drop_caches: 2 [ 217.931386][ T8203] FAULT_INJECTION: forcing a failure. [ 217.931386][ T8203] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 217.963349][ T8203] CPU: 1 UID: 0 PID: 8203 Comm: syz.1.855 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 217.963381][ T8203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 217.963394][ T8203] Call Trace: [ 217.963403][ T8203] [ 217.963412][ T8203] dump_stack_lvl+0x189/0x250 [ 217.963439][ T8203] ? __pfx____ratelimit+0x10/0x10 [ 217.963466][ T8203] ? __pfx_dump_stack_lvl+0x10/0x10 [ 217.963490][ T8203] ? __pfx__printk+0x10/0x10 [ 217.963527][ T8203] should_fail_ex+0x414/0x560 [ 217.963565][ T8203] _copy_to_user+0x31/0xb0 [ 217.963588][ T8203] __x64_sys_clock_adjtime+0x21b/0x2b0 [ 217.963620][ T8203] ? __pfx___x64_sys_clock_adjtime+0x10/0x10 [ 217.963669][ T8203] ? __pfx_ksys_write+0x10/0x10 [ 217.963693][ T8203] ? rcu_is_watching+0x15/0xb0 [ 217.963719][ T8203] ? do_syscall_64+0xbe/0x3b0 [ 217.963749][ T8203] do_syscall_64+0xfa/0x3b0 [ 217.963775][ T8203] ? lockdep_hardirqs_on+0x9c/0x150 [ 217.963801][ T8203] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.963820][ T8203] ? clear_bhb_loop+0x60/0xb0 [ 217.963855][ T8203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.963874][ T8203] RIP: 0033:0x7f2fd378e929 [ 217.963892][ T8203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 217.963910][ T8203] RSP: 002b:00007f2fd45c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000131 [ 217.963932][ T8203] RAX: ffffffffffffffda RBX: 00007f2fd39b5fa0 RCX: 00007f2fd378e929 [ 217.963946][ T8203] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000000 [ 217.963959][ T8203] RBP: 00007f2fd45c6090 R08: 0000000000000000 R09: 0000000000000000 [ 217.963972][ T8203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 217.963984][ T8203] R13: 0000000000000000 R14: 00007f2fd39b5fa0 R15: 00007ffd7e61bb18 [ 217.964015][ T8203] [ 218.152801][ T5915] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 218.305205][ T5915] usb 3-1: Using ep0 maxpacket: 8 [ 218.316193][ T5915] usb 3-1: no configurations [ 218.320858][ T5915] usb 3-1: can't read configurations, error -22 [ 218.328368][ T5915] usb usb3-port1: attempt power cycle [ 218.370109][ T5830] Bluetooth: hci1: unexpected event 0x2f length: 763 > 260 [ 218.371778][ T8209] omfs: Invalid superblock (0) [ 218.398228][ T5830] Bluetooth: hci1: unexpected event 0x2f length: 763 > 260 [ 218.399094][ T8214] Can't find a SQUASHFS superblock on rnullb0 [ 218.674850][ T5915] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 218.681721][ T8221] kvm: pic: level sensitive irq not supported [ 218.683292][ T8221] kvm: pic: level sensitive irq not supported [ 218.690049][ T8221] kvm: pic: level sensitive irq not supported [ 218.696917][ T8221] kvm: pic: level sensitive irq not supported [ 218.703660][ T8221] kvm: pic: level sensitive irq not supported [ 218.706593][ T5915] usb 3-1: Using ep0 maxpacket: 8 [ 218.729009][ T5915] usb 3-1: no configurations [ 218.733895][ T5915] usb 3-1: can't read configurations, error -22 [ 218.865115][ T5915] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 218.897479][ T5915] usb 3-1: Using ep0 maxpacket: 8 [ 218.909222][ T5915] usb 3-1: no configurations [ 218.914236][ T5915] usb 3-1: can't read configurations, error -22 [ 218.922509][ T5915] usb usb3-port1: unable to enumerate USB device [ 219.345987][ T8224] FAULT_INJECTION: forcing a failure. [ 219.345987][ T8224] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 219.363556][ T8224] CPU: 1 UID: 0 PID: 8224 Comm: syz.3.862 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 219.363585][ T8224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 219.363597][ T8224] Call Trace: [ 219.363605][ T8224] [ 219.363623][ T8224] dump_stack_lvl+0x189/0x250 [ 219.363651][ T8224] ? __pfx____ratelimit+0x10/0x10 [ 219.363679][ T8224] ? __pfx_dump_stack_lvl+0x10/0x10 [ 219.363702][ T8224] ? __pfx__printk+0x10/0x10 [ 219.363738][ T8224] should_fail_ex+0x414/0x560 [ 219.363776][ T8224] _copy_to_user+0x31/0xb0 [ 219.363799][ T8224] simple_read_from_buffer+0xe1/0x170 [ 219.363831][ T8224] proc_fail_nth_read+0x1df/0x250 [ 219.363854][ T8224] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 219.363877][ T8224] ? rw_verify_area+0x258/0x650 [ 219.363899][ T8224] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 219.363920][ T8224] vfs_read+0x200/0x980 [ 219.363948][ T8224] ? __pfx___mutex_lock+0x10/0x10 [ 219.363975][ T8224] ? __pfx_vfs_read+0x10/0x10 [ 219.364001][ T8224] ? __fget_files+0x2a/0x420 [ 219.364032][ T8224] ? __fget_files+0x3a0/0x420 [ 219.364057][ T8224] ? __fget_files+0x2a/0x420 [ 219.364094][ T8224] ksys_read+0x145/0x250 [ 219.364117][ T8224] ? __fget_files+0x3a0/0x420 [ 219.364145][ T8224] ? __pfx_ksys_read+0x10/0x10 [ 219.364175][ T8224] ? do_syscall_64+0xbe/0x3b0 [ 219.364207][ T8224] do_syscall_64+0xfa/0x3b0 [ 219.364232][ T8224] ? lockdep_hardirqs_on+0x9c/0x150 [ 219.364258][ T8224] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.364278][ T8224] ? clear_bhb_loop+0x60/0xb0 [ 219.364302][ T8224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 219.364322][ T8224] RIP: 0033:0x7fb05318d33c [ 219.364340][ T8224] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 219.364357][ T8224] RSP: 002b:00007fb053f1a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 219.364379][ T8224] RAX: ffffffffffffffda RBX: 00007fb0533b5fa0 RCX: 00007fb05318d33c [ 219.364394][ T8224] RDX: 000000000000000f RSI: 00007fb053f1a0a0 RDI: 0000000000000004 [ 219.364407][ T8224] RBP: 00007fb053f1a090 R08: 0000000000000000 R09: 0000000000000000 [ 219.364419][ T8224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 219.364430][ T8224] R13: 0000000000000000 R14: 00007fb0533b5fa0 R15: 00007ffd056630e8 [ 219.364460][ T8224] [ 219.667904][ T8229] Can't find a SQUASHFS superblock on rnullb0 [ 219.790523][ T8235] netlink: 'syz.3.866': attribute type 2 has an invalid length. [ 220.086506][ T8246] netlink: 'syz.3.870': attribute type 33 has an invalid length. [ 220.094374][ T8246] netlink: 152 bytes leftover after parsing attributes in process `syz.3.870'. [ 220.156612][ T8248] Can't find a SQUASHFS superblock on rnullb0 [ 220.199199][ T8250] netlink: 'syz.3.872': attribute type 33 has an invalid length. [ 220.208326][ T8250] netlink: 164 bytes leftover after parsing attributes in process `syz.3.872'. [ 220.265001][ T5876] usb 1-1: new full-speed USB device number 42 using dummy_hcd [ 220.440603][ T5876] usb 1-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 220.464882][ T5876] usb 1-1: config 1 interface 0 has no altsetting 0 [ 220.482897][ T5876] usb 1-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40 [ 220.492224][ T5876] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.500332][ T5876] usb 1-1: Product: syz [ 220.504537][ T5876] usb 1-1: Manufacturer: syz [ 220.563049][ T5876] usb 1-1: SerialNumber: syz [ 220.685577][ T8267] netlink: 'syz.2.877': attribute type 10 has an invalid length. [ 220.802980][ T5876] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input42 [ 220.840714][ T5876] usb 1-1: USB disconnect, device number 42 [ 220.840776][ C0] pxrc 1-1:1.0: pxrc_usb_irq - usb_submit_urb failed with result: -19 [ 220.873606][ T8271] Can't find a SQUASHFS superblock on rnullb0 [ 221.014878][ T5915] usb 2-1: new low-speed USB device number 34 using dummy_hcd [ 221.154638][ T8274] netlink: 'syz.3.881': attribute type 33 has an invalid length. [ 221.165067][ T5915] usb 2-1: device descriptor read/64, error -71 [ 221.172990][ T8274] netlink: 152 bytes leftover after parsing attributes in process `syz.3.881'. [ 221.405561][ T5915] usb 2-1: new low-speed USB device number 35 using dummy_hcd [ 221.481487][ T8283] FAULT_INJECTION: forcing a failure. [ 221.481487][ T8283] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 221.495780][ T8283] CPU: 0 UID: 0 PID: 8283 Comm: syz.0.884 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 221.495814][ T8283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 221.495826][ T8283] Call Trace: [ 221.495835][ T8283] [ 221.495843][ T8283] dump_stack_lvl+0x189/0x250 [ 221.495871][ T8283] ? __pfx____ratelimit+0x10/0x10 [ 221.495897][ T8283] ? __pfx_dump_stack_lvl+0x10/0x10 [ 221.495919][ T8283] ? __pfx__printk+0x10/0x10 [ 221.495940][ T8283] ? __might_fault+0xb0/0x130 [ 221.495973][ T8283] should_fail_ex+0x414/0x560 [ 221.496001][ T8283] _copy_from_iter+0x1db/0x16f0 [ 221.496026][ T8283] ? __phys_addr+0xd3/0x180 [ 221.496047][ T8283] ? __pfx__copy_from_iter+0x10/0x10 [ 221.496067][ T8283] ? rcu_is_watching+0x15/0xb0 [ 221.496081][ T8283] ? file_tty_write+0x2a8/0x990 [ 221.496097][ T8283] ? file_tty_write+0x2e8/0x990 [ 221.496111][ T8283] ? rcu_is_watching+0x15/0xb0 [ 221.496124][ T8283] ? kfree+0x4d/0x440 [ 221.496143][ T8283] file_tty_write+0x486/0x990 [ 221.496165][ T8283] vfs_write+0x54b/0xa90 [ 221.496190][ T8283] ? __pfx_tty_write+0x10/0x10 [ 221.496205][ T8283] ? __pfx_vfs_write+0x10/0x10 [ 221.496230][ T8283] ? __fget_files+0x2a/0x420 [ 221.496257][ T8283] ksys_write+0x145/0x250 [ 221.496277][ T8283] ? __pfx_ksys_write+0x10/0x10 [ 221.496292][ T8283] ? rcu_is_watching+0x15/0xb0 [ 221.496309][ T8283] ? do_syscall_64+0xbe/0x3b0 [ 221.496331][ T8283] do_syscall_64+0xfa/0x3b0 [ 221.496350][ T8283] ? lockdep_hardirqs_on+0x9c/0x150 [ 221.496368][ T8283] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.496382][ T8283] ? clear_bhb_loop+0x60/0xb0 [ 221.496400][ T8283] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.496422][ T8283] RIP: 0033:0x7f4fba18e929 [ 221.496436][ T8283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 221.496449][ T8283] RSP: 002b:00007f4fbafea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 221.496465][ T8283] RAX: ffffffffffffffda RBX: 00007f4fba3b6080 RCX: 00007f4fba18e929 [ 221.496475][ T8283] RDX: 00000000ffffff5c RSI: 0000200000002440 RDI: 0000000000000003 [ 221.496485][ T8283] RBP: 00007f4fbafea090 R08: 0000000000000000 R09: 0000000000000000 [ 221.496494][ T8283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 221.496502][ T8283] R13: 0000000000000000 R14: 00007f4fba3b6080 R15: 00007ffe646ead48 [ 221.496524][ T8283] [ 221.554950][ T5915] usb 2-1: device descriptor read/64, error -71 [ 221.556678][ C0] vkms_vblank_simulate: vblank timer overrun [ 221.707807][ T5915] usb usb2-port1: attempt power cycle [ 221.709081][ C0] vkms_vblank_simulate: vblank timer overrun [ 221.867755][ C0] vkms_vblank_simulate: vblank timer overrun [ 221.874983][ T10] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 222.034867][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 222.041507][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 222.054125][ T10] usb 4-1: config 0 has no interfaces? [ 222.061706][ T10] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 222.073251][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.081929][ T10] usb 4-1: Product: syz [ 222.084878][ T5915] usb 2-1: new low-speed USB device number 36 using dummy_hcd [ 222.086683][ T10] usb 4-1: Manufacturer: syz [ 222.098880][ T10] usb 4-1: SerialNumber: syz [ 222.106405][ T10] usb 4-1: config 0 descriptor?? [ 222.114309][ T5915] usb 2-1: device descriptor read/8, error -71 [ 222.277199][ T8289] FAULT_INJECTION: forcing a failure. [ 222.277199][ T8289] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 222.293619][ T8289] CPU: 0 UID: 0 PID: 8289 Comm: syz.0.886 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 222.293648][ T8289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 222.293660][ T8289] Call Trace: [ 222.293668][ T8289] [ 222.293676][ T8289] dump_stack_lvl+0x189/0x250 [ 222.293704][ T8289] ? __pfx____ratelimit+0x10/0x10 [ 222.293730][ T8289] ? __pfx_dump_stack_lvl+0x10/0x10 [ 222.293752][ T8289] ? __pfx__printk+0x10/0x10 [ 222.293775][ T8289] ? __might_fault+0xb0/0x130 [ 222.293810][ T8289] should_fail_ex+0x414/0x560 [ 222.293847][ T8289] _copy_from_user+0x2d/0xb0 [ 222.293869][ T8289] __snd_timer_user_ioctl+0x2bd/0x3ff0 [ 222.293897][ T8289] ? kasan_quarantine_put+0xdd/0x220 [ 222.293923][ T8289] ? __pfx___snd_timer_user_ioctl+0x10/0x10 [ 222.293956][ T8289] ? __mutex_trylock_common+0x153/0x260 [ 222.293980][ T8289] ? __pfx___mutex_trylock_common+0x10/0x10 [ 222.294006][ T8289] ? rcu_is_watching+0x15/0xb0 [ 222.294025][ T8289] ? trace_contention_end+0x39/0x120 [ 222.294048][ T8289] ? __mutex_lock+0x330/0xe80 [ 222.294075][ T8289] ? __lock_acquire+0xab9/0xd20 [ 222.294112][ T8289] ? snd_timer_user_ioctl+0x4b/0x80 [ 222.294137][ T8289] ? __pfx___mutex_lock+0x10/0x10 [ 222.294175][ T8289] ? __fget_files+0x2a/0x420 [ 222.294202][ T8289] ? __fget_files+0x3a0/0x420 [ 222.294228][ T8289] ? __fget_files+0x2a/0x420 [ 222.294258][ T8289] ? __pfx_snd_timer_user_ioctl+0x10/0x10 [ 222.294280][ T8289] snd_timer_user_ioctl+0x5a/0x80 [ 222.294305][ T8289] __se_sys_ioctl+0xf9/0x170 [ 222.294340][ T8289] do_syscall_64+0xfa/0x3b0 [ 222.294366][ T8289] ? lockdep_hardirqs_on+0x9c/0x150 [ 222.294392][ T8289] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.294413][ T8289] ? clear_bhb_loop+0x60/0xb0 [ 222.294431][ T8289] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.294445][ T8289] RIP: 0033:0x7f4fba18e929 [ 222.294458][ T8289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 222.294470][ T8289] RSP: 002b:00007f4fbb00b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 222.294487][ T8289] RAX: ffffffffffffffda RBX: 00007f4fba3b5fa0 RCX: 00007f4fba18e929 [ 222.294497][ T8289] RDX: 00002000000000c0 RSI: 0000000040505412 RDI: 0000000000000003 [ 222.294507][ T8289] RBP: 00007f4fbb00b090 R08: 0000000000000000 R09: 0000000000000000 [ 222.294516][ T8289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 222.294524][ T8289] R13: 0000000000000000 R14: 00007f4fba3b5fa0 R15: 00007ffe646ead48 [ 222.294546][ T8289] [ 222.604860][ T5915] usb 2-1: new low-speed USB device number 37 using dummy_hcd [ 222.631590][ T5915] usb 2-1: device descriptor read/8, error -71 [ 222.652844][ T8293] Can't find a SQUASHFS superblock on rnullb0 [ 222.713320][ T8295] netlink: 8 bytes leftover after parsing attributes in process `syz.0.889'. [ 222.747466][ T5915] usb usb2-port1: unable to enumerate USB device [ 222.835414][ T8298] syz.0.890 (8298): drop_caches: 2 [ 222.919187][ T8300] netlink: 'syz.0.891': attribute type 33 has an invalid length. [ 222.927896][ T8300] netlink: 152 bytes leftover after parsing attributes in process `syz.0.891'. [ 223.264955][ T5915] usb 3-1: new full-speed USB device number 48 using dummy_hcd [ 223.438900][ T5915] usb 3-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 223.450318][ T5915] usb 3-1: config 1 interface 0 has no altsetting 0 [ 223.461260][ T5915] usb 3-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40 [ 223.470524][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.478905][ T5915] usb 3-1: Product: syz [ 223.483270][ T5915] usb 3-1: Manufacturer: syz [ 223.488070][ T5915] usb 3-1: SerialNumber: syz [ 223.711685][ T5915] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input43 [ 223.735142][ T5915] usb 3-1: USB disconnect, device number 48 [ 223.835707][ T5876] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 223.856484][ T8320] syz.1.899 (8320): drop_caches: 2 [ 223.994925][ T5876] usb 1-1: Using ep0 maxpacket: 8 [ 224.001940][ T5876] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 224.012228][ T5876] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.036617][ T5876] pvrusb2: Hardware description: Terratec Grabster AV400 [ 224.044124][ T5876] pvrusb2: ********** [ 224.050845][ T5876] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 224.061076][ T5876] pvrusb2: Important functionality might not be entirely working. [ 224.069305][ T5876] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 224.080689][ T5876] pvrusb2: ********** [ 224.243206][ T2346] pvrusb2: Invalid write control endpoint [ 224.290461][ T8327] Can't find a SQUASHFS superblock on rnullb0 [ 224.372719][ T2346] pvrusb2: Invalid write control endpoint [ 224.397624][ T2346] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 224.404678][ T8329] netlink: 'syz.2.902': attribute type 33 has an invalid length. [ 224.415491][ T2346] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 224.419752][ T8329] netlink: 152 bytes leftover after parsing attributes in process `syz.2.902'. [ 224.432211][ T2346] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 224.454179][ T5876] usb 4-1: USB disconnect, device number 50 [ 224.475793][ T2346] pvrusb2: Device being rendered inoperable [ 224.483533][ T8317] pvrusb2: Attempted to execute control transfer when device not ok [ 224.518873][ T2346] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 224.525253][ T8317] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 224.543053][ T2346] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 224.572185][ T8317] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 224.574254][ T2346] pvrusb2: Attached sub-driver cx25840 [ 224.591647][ T8334] vxfs: WRONG superblock magic 00000000 at 1 [ 224.595445][ T8333] netlink: 'syz.3.903': attribute type 33 has an invalid length. [ 224.605854][ T8333] netlink: 152 bytes leftover after parsing attributes in process `syz.3.903'. [ 224.617850][ T8334] vxfs: WRONG superblock magic 00000000 at 8 [ 224.631046][ T10] usb 1-1: USB disconnect, device number 43 [ 224.639560][ T2346] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 224.642250][ T30] audit: type=1800 audit(1751596879.234:4): pid=8317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.898" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 224.663021][ T2346] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 224.704860][ T8334] vxfs: can't find superblock. [ 224.793300][ T8337] 9pnet_fd: Insufficient options for proto=fd [ 224.997215][ T8347] FAULT_INJECTION: forcing a failure. [ 224.997215][ T8347] name failslab, interval 1, probability 0, space 0, times 0 [ 225.002144][ T8348] Can't find a SQUASHFS superblock on rnullb0 [ 225.011604][ T8347] CPU: 1 UID: 0 PID: 8347 Comm: syz.2.909 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 225.011644][ T8347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 225.011666][ T8347] Call Trace: [ 225.011675][ T8347] [ 225.011685][ T8347] dump_stack_lvl+0x189/0x250 [ 225.011716][ T8347] ? __pfx____ratelimit+0x10/0x10 [ 225.011752][ T8347] ? __pfx_dump_stack_lvl+0x10/0x10 [ 225.011778][ T8347] ? __pfx__printk+0x10/0x10 [ 225.011806][ T8347] ? __pfx___might_resched+0x10/0x10 [ 225.011828][ T8347] ? fs_reclaim_acquire+0x7d/0x100 [ 225.011864][ T8347] should_fail_ex+0x414/0x560 [ 225.011906][ T8347] should_failslab+0xa8/0x100 [ 225.011935][ T8347] __kmalloc_noprof+0xcb/0x4f0 [ 225.011960][ T8347] ? alloc_pipe_info+0x1fd/0x4d0 [ 225.011995][ T8347] alloc_pipe_info+0x1fd/0x4d0 [ 225.012026][ T8347] splice_direct_to_actor+0xa5d/0xcc0 [ 225.012075][ T8347] ? __pfx_aa_file_perm+0x10/0x10 [ 225.012100][ T8347] ? __lock_acquire+0xab9/0xd20 [ 225.012132][ T8347] ? __pfx_direct_splice_actor+0x10/0x10 [ 225.012161][ T8347] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 225.012204][ T8347] do_splice_direct+0x181/0x270 [ 225.012237][ T8347] ? __pfx_do_splice_direct+0x10/0x10 [ 225.012267][ T8347] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 225.012307][ T8347] ? rw_verify_area+0x258/0x650 [ 225.012346][ T8347] do_sendfile+0x4da/0x7e0 [ 225.012389][ T8347] ? __pfx_do_sendfile+0x10/0x10 [ 225.012438][ T8347] __se_sys_sendfile64+0xd9/0x190 [ 225.012474][ T8347] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 225.012503][ T8347] ? rcu_is_watching+0x15/0xb0 [ 225.012531][ T8347] ? do_syscall_64+0xbe/0x3b0 [ 225.012566][ T8347] do_syscall_64+0xfa/0x3b0 [ 225.012594][ T8347] ? lockdep_hardirqs_on+0x9c/0x150 [ 225.012622][ T8347] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.012643][ T8347] ? clear_bhb_loop+0x60/0xb0 [ 225.012670][ T8347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.012693][ T8347] RIP: 0033:0x7f8f7918e929 [ 225.012713][ T8347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.012733][ T8347] RSP: 002b:00007f8f79f98038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 225.012758][ T8347] RAX: ffffffffffffffda RBX: 00007f8f793b5fa0 RCX: 00007f8f7918e929 [ 225.012775][ T8347] RDX: 0000200000002700 RSI: 0000000000000003 RDI: 0000000000000004 [ 225.012788][ T8347] RBP: 00007f8f79f98090 R08: 0000000000000000 R09: 0000000000000000 [ 225.012803][ T8347] R10: 000000000000001c R11: 0000000000000246 R12: 0000000000000001 [ 225.012816][ T8347] R13: 0000000000000000 R14: 00007f8f793b5fa0 R15: 00007ffed3ee2738 [ 225.012852][ T8347] [ 225.343440][ T8356] netlink: 'syz.0.913': attribute type 33 has an invalid length. [ 225.351283][ T8356] netlink: 152 bytes leftover after parsing attributes in process `syz.0.913'. [ 225.424414][ T8358] FAULT_INJECTION: forcing a failure. [ 225.424414][ T8358] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 225.442992][ T8358] CPU: 1 UID: 0 PID: 8358 Comm: syz.3.914 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 225.443023][ T8358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 225.443035][ T8358] Call Trace: [ 225.443043][ T8358] [ 225.443052][ T8358] dump_stack_lvl+0x189/0x250 [ 225.443080][ T8358] ? __pfx____ratelimit+0x10/0x10 [ 225.443107][ T8358] ? __pfx_dump_stack_lvl+0x10/0x10 [ 225.443129][ T8358] ? __pfx__printk+0x10/0x10 [ 225.443152][ T8358] ? __might_fault+0xb0/0x130 [ 225.443187][ T8358] should_fail_ex+0x414/0x560 [ 225.443224][ T8358] _copy_from_iter+0x1db/0x16f0 [ 225.443251][ T8358] ? rcu_is_watching+0x15/0xb0 [ 225.443272][ T8358] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 225.443298][ T8358] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 225.443330][ T8358] ? __pfx__copy_from_iter+0x10/0x10 [ 225.443364][ T8358] ? skb_page_frag_refill+0x1be/0x320 [ 225.443396][ T8358] tcp_sendmsg_locked+0x21fc/0x5630 [ 225.443478][ T8358] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 225.443501][ T8358] ? __local_bh_enable_ip+0x12d/0x1c0 [ 225.443525][ T8358] ? __local_bh_enable_ip+0x12d/0x1c0 [ 225.443558][ T8358] tcp_sendmsg+0x2f/0x50 [ 225.443584][ T8358] __sock_sendmsg+0x19c/0x270 [ 225.443613][ T8358] __sys_sendto+0x3bd/0x520 [ 225.443645][ T8358] ? __pfx___sys_sendto+0x10/0x10 [ 225.443671][ T8358] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 225.443712][ T8358] ? __fget_files+0x3a0/0x420 [ 225.443753][ T8358] ? ksys_write+0x22a/0x250 [ 225.443779][ T8358] ? __pfx_ksys_write+0x10/0x10 [ 225.443800][ T8358] ? rcu_is_watching+0x15/0xb0 [ 225.443825][ T8358] __x64_sys_sendto+0xde/0x100 [ 225.443859][ T8358] do_syscall_64+0xfa/0x3b0 [ 225.443884][ T8358] ? lockdep_hardirqs_on+0x9c/0x150 [ 225.443909][ T8358] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.443929][ T8358] ? clear_bhb_loop+0x60/0xb0 [ 225.443953][ T8358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.443972][ T8358] RIP: 0033:0x7fb05318e929 [ 225.443990][ T8358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.444008][ T8358] RSP: 002b:00007fb053f1a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 225.444029][ T8358] RAX: ffffffffffffffda RBX: 00007fb0533b5fa0 RCX: 00007fb05318e929 [ 225.444044][ T8358] RDX: 0000000000000381 RSI: 00002000000004c0 RDI: 0000000000000003 [ 225.444057][ T8358] RBP: 00007fb053f1a090 R08: 0000000000000000 R09: 0000000000000000 [ 225.444069][ T8358] R10: 0000000000000805 R11: 0000000000000246 R12: 0000000000000001 [ 225.444081][ T8358] R13: 0000000000000000 R14: 00007fb0533b5fa0 R15: 00007ffd056630e8 [ 225.444113][ T8358] [ 225.720718][ T5876] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 225.764886][ T10] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 225.887172][ T8366] netlink: 68 bytes leftover after parsing attributes in process `syz.3.917'. [ 225.923894][ T5876] usb 3-1: Using ep0 maxpacket: 8 [ 225.930855][ T5876] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 225.942556][ T5876] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 225.945237][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 225.953300][ T5876] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 225.963995][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 225.967516][ T5876] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 225.989451][ T5876] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 226.001217][ T10] usb 2-1: config 0 has no interfaces? [ 226.003153][ T5876] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 226.017152][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.035196][ T10] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 226.058590][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.068772][ T8369] netlink: 'syz.3.917': attribute type 10 has an invalid length. [ 226.074381][ T10] usb 2-1: Product: syz [ 226.100428][ T10] usb 2-1: Manufacturer: syz [ 226.106027][ T10] usb 2-1: SerialNumber: syz [ 226.116136][ T10] usb 2-1: config 0 descriptor?? [ 226.387403][ T43] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 226.554998][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 226.562690][ T43] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 226.574674][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 226.588639][ T43] usb 1-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice=d2.a2 [ 226.598342][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.606523][ T43] usb 1-1: Product: syz [ 226.610797][ T43] usb 1-1: Manufacturer: syz [ 226.615529][ T43] usb 1-1: SerialNumber: syz [ 226.622931][ T43] usb 1-1: config 0 descriptor?? [ 226.631338][ T43] keyspan 1-1:0.0: Keyspan 1 port adapter converter detected [ 226.639231][ T43] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 87 [ 226.647052][ T43] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 7 [ 226.657601][ T43] keyspan 1-1:0.0: unsupported endpoint type 0 [ 226.663896][ T43] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 1 [ 226.671922][ T43] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 2 [ 226.679720][ T43] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 85 [ 226.687523][ T43] keyspan 1-1:0.0: found no endpoint descriptor for endpoint 5 [ 226.700146][ T43] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 226.866397][ T8372] 9pnet_fd: Insufficient options for proto=fd [ 226.881477][ T10] usb 1-1: USB disconnect, device number 44 [ 226.910972][ T10] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 226.940085][ T10] keyspan 1-1:0.0: device disconnected [ 227.443151][ T8385] Can't find a SQUASHFS superblock on rnullb0 [ 227.696190][ T8390] Can't find a SQUASHFS superblock on rnullb0 [ 228.204849][ T8353] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 228.229431][ T5915] usb 2-1: USB disconnect, device number 38 [ 228.296929][ T5876] usb 3-1: usb_control_msg returned -71 [ 228.320316][ T5876] usbtmc 3-1:16.0: can't read capabilities [ 228.356679][ T5876] usb 3-1: USB disconnect, device number 49 [ 228.512449][ T8404] FAULT_INJECTION: forcing a failure. [ 228.512449][ T8404] name failslab, interval 1, probability 0, space 0, times 0 [ 228.553380][ T8404] CPU: 0 UID: 0 PID: 8404 Comm: syz.0.929 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 228.553410][ T8404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 228.553422][ T8404] Call Trace: [ 228.553430][ T8404] [ 228.553438][ T8404] dump_stack_lvl+0x189/0x250 [ 228.553466][ T8404] ? __pfx____ratelimit+0x10/0x10 [ 228.553492][ T8404] ? __pfx_dump_stack_lvl+0x10/0x10 [ 228.553514][ T8404] ? __pfx__printk+0x10/0x10 [ 228.553542][ T8404] ? __pfx___might_resched+0x10/0x10 [ 228.553560][ T8404] ? fs_reclaim_acquire+0x7d/0x100 [ 228.553590][ T8404] should_fail_ex+0x414/0x560 [ 228.553645][ T8404] should_failslab+0xa8/0x100 [ 228.553671][ T8404] kmem_cache_alloc_noprof+0x73/0x3c0 [ 228.553692][ T8404] ? alloc_empty_file+0x55/0x1d0 [ 228.553728][ T8404] alloc_empty_file+0x55/0x1d0 [ 228.553760][ T8404] path_openat+0x107/0x3830 [ 228.553780][ T8404] ? arch_stack_walk+0xfc/0x150 [ 228.553830][ T8404] ? kasan_save_track+0x4f/0x80 [ 228.553849][ T8404] ? kasan_save_track+0x3e/0x80 [ 228.553867][ T8404] ? __kasan_slab_alloc+0x6c/0x80 [ 228.553887][ T8404] ? getname_flags+0xb8/0x540 [ 228.553916][ T8404] ? __pfx_path_openat+0x10/0x10 [ 228.553936][ T8404] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.553978][ T8404] do_filp_open+0x1fa/0x410 [ 228.554006][ T8404] ? __lock_acquire+0xab9/0xd20 [ 228.554038][ T8404] ? __pfx_do_filp_open+0x10/0x10 [ 228.554084][ T8404] ? _raw_spin_unlock+0x28/0x50 [ 228.554105][ T8404] ? alloc_fd+0x64c/0x6c0 [ 228.554144][ T8404] do_sys_openat2+0x121/0x1c0 [ 228.554167][ T8404] ? __pfx_do_sys_openat2+0x10/0x10 [ 228.554187][ T8404] ? ksys_write+0x22a/0x250 [ 228.554213][ T8404] ? __pfx_ksys_write+0x10/0x10 [ 228.554235][ T8404] ? rcu_is_watching+0x15/0xb0 [ 228.554258][ T8404] __x64_sys_openat+0x138/0x170 [ 228.554284][ T8404] do_syscall_64+0xfa/0x3b0 [ 228.554321][ T8404] ? lockdep_hardirqs_on+0x9c/0x150 [ 228.554344][ T8404] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.554363][ T8404] ? clear_bhb_loop+0x60/0xb0 [ 228.554386][ T8404] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 228.554405][ T8404] RIP: 0033:0x7f4fba18e929 [ 228.554423][ T8404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.554440][ T8404] RSP: 002b:00007f4fbb00b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 228.554461][ T8404] RAX: ffffffffffffffda RBX: 00007f4fba3b5fa0 RCX: 00007f4fba18e929 [ 228.554476][ T8404] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 228.554490][ T8404] RBP: 00007f4fbb00b090 R08: 0000000000000000 R09: 0000000000000000 [ 228.554502][ T8404] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 228.554514][ T8404] R13: 0000000000000000 R14: 00007f4fba3b5fa0 R15: 00007ffe646ead48 [ 228.554544][ T8404] [ 229.024833][ T5915] usb 2-1: new full-speed USB device number 39 using dummy_hcd [ 229.196737][ T5835] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 229.220572][ T8398] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 229.261251][ T8398] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 229.366671][ T5835] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 229.398725][ T5835] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 229.409851][ T5915] usb 2-1: unable to get BOS descriptor or descriptor too short [ 229.417899][ T5835] usb 1-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 229.438463][ T5915] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 229.452305][ T5915] usb 2-1: can't read configurations, error -71 [ 229.493755][ T5835] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 229.513069][ T5835] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.531283][ T5835] usb 1-1: Product: syz [ 229.542191][ T5835] usb 1-1: Manufacturer: syz [ 229.548595][ T5835] usb 1-1: SerialNumber: syz [ 229.864949][ T5915] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 229.891568][ T8424] FAULT_INJECTION: forcing a failure. [ 229.891568][ T8424] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 229.909237][ T8424] CPU: 0 UID: 0 PID: 8424 Comm: syz.3.935 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 229.909268][ T8424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 229.909280][ T8424] Call Trace: [ 229.909289][ T8424] [ 229.909298][ T8424] dump_stack_lvl+0x189/0x250 [ 229.909330][ T8424] ? __pfx____ratelimit+0x10/0x10 [ 229.909357][ T8424] ? __pfx_dump_stack_lvl+0x10/0x10 [ 229.909380][ T8424] ? __pfx__printk+0x10/0x10 [ 229.909403][ T8424] ? __might_fault+0xb0/0x130 [ 229.909438][ T8424] should_fail_ex+0x414/0x560 [ 229.909475][ T8424] _copy_from_user+0x2d/0xb0 [ 229.909497][ T8424] drm_ioctl+0x58a/0xb10 [ 229.909531][ T8424] ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10 [ 229.909561][ T8424] ? __pfx_drm_ioctl+0x10/0x10 [ 229.909605][ T8424] ? __fget_files+0x2a/0x420 [ 229.909638][ T8424] ? bpf_lsm_file_ioctl+0x9/0x20 [ 229.909658][ T8424] ? __pfx_drm_ioctl+0x10/0x10 [ 229.909688][ T8424] __se_sys_ioctl+0xf9/0x170 [ 229.909714][ T8424] do_syscall_64+0xfa/0x3b0 [ 229.909741][ T8424] ? lockdep_hardirqs_on+0x9c/0x150 [ 229.909766][ T8424] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.909786][ T8424] ? clear_bhb_loop+0x60/0xb0 [ 229.909811][ T8424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.909830][ T8424] RIP: 0033:0x7fb05318e929 [ 229.909848][ T8424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 229.909866][ T8424] RSP: 002b:00007fb053f1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 229.909895][ T8424] RAX: ffffffffffffffda RBX: 00007fb0533b5fa0 RCX: 00007fb05318e929 [ 229.909910][ T8424] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000006 [ 229.909924][ T8424] RBP: 00007fb053f1a090 R08: 0000000000000000 R09: 0000000000000000 [ 229.909937][ T8424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 229.909949][ T8424] R13: 0000000000000000 R14: 00007fb0533b5fa0 R15: 00007ffd056630e8 [ 229.909980][ T8424] [ 230.064985][ T5876] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 230.186336][ T5915] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 230.198903][ T5915] usb 2-1: config 0 interface 0 has no altsetting 0 [ 230.218925][ T8426] FAULT_INJECTION: forcing a failure. [ 230.218925][ T8426] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 230.232398][ T8426] CPU: 0 UID: 0 PID: 8426 Comm: syz.3.936 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 230.232427][ T8426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 230.232440][ T8426] Call Trace: [ 230.232448][ T8426] [ 230.232456][ T8426] dump_stack_lvl+0x189/0x250 [ 230.232489][ T8426] ? __pfx____ratelimit+0x10/0x10 [ 230.232516][ T8426] ? __pfx_dump_stack_lvl+0x10/0x10 [ 230.232538][ T8426] ? __pfx__printk+0x10/0x10 [ 230.232574][ T8426] should_fail_ex+0x414/0x560 [ 230.232611][ T8426] _copy_to_user+0x31/0xb0 [ 230.232634][ T8426] simple_read_from_buffer+0xe1/0x170 [ 230.232666][ T8426] proc_fail_nth_read+0x1df/0x250 [ 230.232689][ T8426] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 230.232712][ T8426] ? rw_verify_area+0x258/0x650 [ 230.232735][ T8426] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 230.232756][ T8426] vfs_read+0x200/0x980 [ 230.232785][ T8426] ? __pfx___mutex_lock+0x10/0x10 [ 230.232812][ T8426] ? __pfx_vfs_read+0x10/0x10 [ 230.232838][ T8426] ? __fget_files+0x2a/0x420 [ 230.232877][ T8426] ? __fget_files+0x3a0/0x420 [ 230.232903][ T8426] ? __fget_files+0x2a/0x420 [ 230.232940][ T8426] ksys_read+0x145/0x250 [ 230.232967][ T8426] ? __pfx_ksys_read+0x10/0x10 [ 230.232988][ T8426] ? rcu_is_watching+0x15/0xb0 [ 230.233014][ T8426] ? do_syscall_64+0xbe/0x3b0 [ 230.233045][ T8426] do_syscall_64+0xfa/0x3b0 [ 230.233070][ T8426] ? lockdep_hardirqs_on+0x9c/0x150 [ 230.233095][ T8426] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.233115][ T8426] ? clear_bhb_loop+0x60/0xb0 [ 230.233139][ T8426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.233158][ T8426] RIP: 0033:0x7fb05318d33c [ 230.233177][ T8426] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 230.233194][ T8426] RSP: 002b:00007fb053f1a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 230.233216][ T8426] RAX: ffffffffffffffda RBX: 00007fb0533b5fa0 RCX: 00007fb05318d33c [ 230.233231][ T8426] RDX: 000000000000000f RSI: 00007fb053f1a0a0 RDI: 0000000000000004 [ 230.233244][ T8426] RBP: 00007fb053f1a090 R08: 0000000000000000 R09: 0000000000000000 [ 230.233257][ T8426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 230.233269][ T8426] R13: 0000000000000000 R14: 00007fb0533b5fa0 R15: 00007ffd056630e8 [ 230.233301][ T8426] [ 230.245252][ T5915] usb 2-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce [ 230.479552][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.488201][ T5915] usb 2-1: Product: syz [ 230.492440][ T5915] usb 2-1: Manufacturer: syz [ 230.497389][ T5915] usb 2-1: SerialNumber: syz [ 230.504981][ T5915] usb 2-1: config 0 descriptor?? [ 230.517438][ T5915] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 230.533792][ T5915] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 230.555628][ T5915] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 230.564604][ T5915] usb 2-1: media controller created [ 230.655092][ T5876] usb 3-1: Using ep0 maxpacket: 8 [ 230.663619][ T5876] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 230.688269][ T5915] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 230.701810][ T5835] cdc_ncm 1-1:1.0: bind() failure [ 230.707094][ T5876] usb 3-1: config 0 has no interfaces? [ 230.724645][ T5835] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 230.732976][ T5876] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 230.758495][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.758790][ T5835] cdc_ncm 1-1:1.1: bind() failure [ 230.771519][ T5876] usb 3-1: Product: syz [ 230.779741][ T5876] usb 3-1: Manufacturer: syz [ 230.792743][ T5876] usb 3-1: SerialNumber: syz [ 230.815565][ T5876] usb 3-1: config 0 descriptor?? [ 230.871852][ T5915] DVB: Unable to find symbol tda10046_attach() [ 230.885235][ T5915] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 230.905222][ T5915] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 230.914567][ T5835] usb 1-1: USB disconnect, device number 45 [ 231.264843][ T5831] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 231.437080][ T5831] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 231.447394][ T5831] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 231.462571][ T5831] usb 4-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 231.478789][ T5831] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.487339][ T5831] usb 4-1: Product: syz [ 231.491542][ T5831] usb 4-1: Manufacturer: syz [ 231.499894][ T5831] usb 4-1: SerialNumber: syz [ 231.508786][ T5831] usb 4-1: config 0 descriptor?? [ 231.526927][ T8442] Can't find a SQUASHFS superblock on rnullb0 [ 231.719232][ T8415] netlink: 17279 bytes leftover after parsing attributes in process `syz.1.933'. [ 231.732396][ T5915] dvb_usb_m920x 2-1:0.0: probe with driver dvb_usb_m920x failed with error -71 [ 231.747876][ T5915] usb 2-1: USB disconnect, device number 40 [ 232.441489][ T8448] Can't find a SQUASHFS superblock on rnullb0 [ 232.805336][ T5876] usb 3-1: USB disconnect, device number 50 [ 232.806095][ T8452] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.883611][ T8452] bond0: (slave rose0): Enslaving as an active interface with an up link [ 232.980694][ T8460] netlink: 'syz.0.944': attribute type 33 has an invalid length. [ 233.000000][ T8460] netlink: 152 bytes leftover after parsing attributes in process `syz.0.944'. [ 233.374852][ T8481] qnx4: no qnx4 filesystem (no root dir). [ 233.501388][ T8483] FAULT_INJECTION: forcing a failure. [ 233.501388][ T8483] name failslab, interval 1, probability 0, space 0, times 0 [ 233.554881][ T8483] CPU: 1 UID: 0 PID: 8483 Comm: syz.0.949 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 233.554910][ T8483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 233.554922][ T8483] Call Trace: [ 233.554930][ T8483] [ 233.554938][ T8483] dump_stack_lvl+0x189/0x250 [ 233.554967][ T8483] ? __pfx____ratelimit+0x10/0x10 [ 233.554994][ T8483] ? __pfx_dump_stack_lvl+0x10/0x10 [ 233.555016][ T8483] ? __pfx__printk+0x10/0x10 [ 233.555046][ T8483] ? __pfx___might_resched+0x10/0x10 [ 233.555064][ T8483] ? fs_reclaim_acquire+0x7d/0x100 [ 233.555095][ T8483] should_fail_ex+0x414/0x560 [ 233.555133][ T8483] should_failslab+0xa8/0x100 [ 233.555160][ T8483] kmem_cache_alloc_noprof+0x73/0x3c0 [ 233.555187][ T8483] ? alloc_empty_file+0x55/0x1d0 [ 233.555222][ T8483] alloc_empty_file+0x55/0x1d0 [ 233.555254][ T8483] path_openat+0x107/0x3830 [ 233.555275][ T8483] ? arch_stack_walk+0xfc/0x150 [ 233.555326][ T8483] ? kasan_save_track+0x4f/0x80 [ 233.555346][ T8483] ? kasan_save_track+0x3e/0x80 [ 233.555363][ T8483] ? __kasan_slab_alloc+0x6c/0x80 [ 233.555384][ T8483] ? getname_flags+0xb8/0x540 [ 233.555412][ T8483] ? __pfx_path_openat+0x10/0x10 [ 233.555432][ T8483] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.555473][ T8483] do_filp_open+0x1fa/0x410 [ 233.555493][ T8483] ? __lock_acquire+0xab9/0xd20 [ 233.555524][ T8483] ? __pfx_do_filp_open+0x10/0x10 [ 233.555578][ T8483] ? _raw_spin_unlock+0x28/0x50 [ 233.555601][ T8483] ? alloc_fd+0x64c/0x6c0 [ 233.555639][ T8483] do_sys_openat2+0x121/0x1c0 [ 233.555662][ T8483] ? __pfx_do_sys_openat2+0x10/0x10 [ 233.555682][ T8483] ? ksys_write+0x22a/0x250 [ 233.555709][ T8483] ? __pfx_ksys_write+0x10/0x10 [ 233.555729][ T8483] ? rcu_is_watching+0x15/0xb0 [ 233.555753][ T8483] __x64_sys_openat+0x138/0x170 [ 233.555779][ T8483] do_syscall_64+0xfa/0x3b0 [ 233.555804][ T8483] ? lockdep_hardirqs_on+0x9c/0x150 [ 233.555830][ T8483] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.555850][ T8483] ? clear_bhb_loop+0x60/0xb0 [ 233.555874][ T8483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 233.555894][ T8483] RIP: 0033:0x7f4fba18e929 [ 233.555913][ T8483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 233.555932][ T8483] RSP: 002b:00007f4fbb00b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 233.555955][ T8483] RAX: ffffffffffffffda RBX: 00007f4fba3b5fa0 RCX: 00007f4fba18e929 [ 233.555971][ T8483] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 233.555986][ T8483] RBP: 00007f4fbb00b090 R08: 0000000000000000 R09: 0000000000000000 [ 233.555999][ T8483] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 233.556012][ T8483] R13: 0000000000000000 R14: 00007f4fba3b5fa0 R15: 00007ffe646ead48 [ 233.556045][ T8483] [ 233.980313][ T5876] usb 4-1: USB disconnect, device number 51 [ 234.165312][ T5831] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 234.214835][ T5915] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 234.243555][ T8504] netlink: 'syz.2.955': attribute type 33 has an invalid length. [ 234.251735][ T8504] netlink: 152 bytes leftover after parsing attributes in process `syz.2.955'. [ 234.349938][ T5831] usb 1-1: Using ep0 maxpacket: 8 [ 234.376452][ T5831] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 234.387359][ T5915] usb 2-1: config 0 has no interfaces? [ 234.394894][ T5831] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 234.394912][ T5915] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 234.444881][ T5831] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 234.449525][ T5915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.458774][ T8512] syz.3.956: attempt to access beyond end of device [ 234.458774][ T8512] loop3: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 234.484825][ T5831] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.497639][ T5915] usb 2-1: config 0 descriptor?? [ 234.514873][ T5831] usb 1-1: Product: syz [ 234.517612][ T8512] gfs2: error -5 reading superblock [ 234.531161][ T5831] usb 1-1: Manufacturer: syz [ 234.553649][ T5831] usb 1-1: SerialNumber: syz [ 234.559515][ T8507] tmpfs: Invalid uid '0x00000000ffffffff' [ 234.572232][ T5831] usb 1-1: config 0 descriptor?? [ 234.582083][ T8515] netlink: 'syz.2.957': attribute type 21 has an invalid length. [ 234.616866][ T8515] netlink: 128 bytes leftover after parsing attributes in process `syz.2.957'. [ 234.705073][ T8491] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.724283][ T8491] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 234.756142][ T8491] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.773671][ T8491] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 234.802881][ T8491] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.833868][ T8491] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 234.856403][ T8491] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.887705][ T8491] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 234.913851][ T8491] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.927782][ T8491] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 235.002598][ T43] usb 2-1: USB disconnect, device number 41 [ 235.034841][ T5915] usb 4-1: new full-speed USB device number 52 using dummy_hcd [ 235.186674][ T5915] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 235.204826][ T5915] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 235.233827][ T5915] usb 4-1: New USB device found, idVendor=104f, idProduct=0004, bcdDevice=c6.c3 [ 235.253694][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=18, SerialNumber=3 [ 235.265608][ T5915] usb 4-1: Product: syz [ 235.269828][ T5915] usb 4-1: Manufacturer: syz [ 235.290997][ T5915] usb 4-1: SerialNumber: syz [ 235.310903][ T5915] usb 4-1: config 0 descriptor?? [ 235.330147][ T5915] iuu_phoenix 4-1:0.0: required endpoints missing [ 236.119735][ T8571] Can't find a SQUASHFS superblock on rnullb0 [ 236.185338][ T8567] usb 1-1: USB disconnect, device number 46 [ 236.492116][ T8576] exFAT-fs (rnullb0): invalid boot record signature [ 236.501942][ T8576] exFAT-fs (rnullb0): failed to read boot sector [ 236.513839][ T8576] exFAT-fs (rnullb0): failed to recognize exfat type [ 236.549247][ T8579] FAULT_INJECTION: forcing a failure. [ 236.549247][ T8579] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 236.571306][ T8579] CPU: 1 UID: 0 PID: 8579 Comm: syz.1.968 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 236.571335][ T8579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 236.571347][ T8579] Call Trace: [ 236.571354][ T8579] [ 236.571363][ T8579] dump_stack_lvl+0x189/0x250 [ 236.571391][ T8579] ? __pfx____ratelimit+0x10/0x10 [ 236.571417][ T8579] ? __pfx_dump_stack_lvl+0x10/0x10 [ 236.571438][ T8579] ? __pfx__printk+0x10/0x10 [ 236.571462][ T8579] ? fs_reclaim_acquire+0x7d/0x100 [ 236.571497][ T8579] should_fail_ex+0x414/0x560 [ 236.571533][ T8579] prepare_alloc_pages+0x213/0x610 [ 236.571568][ T8579] __alloc_frozen_pages_noprof+0x123/0x370 [ 236.571599][ T8579] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 236.571625][ T8579] ? do_raw_spin_lock+0x121/0x290 [ 236.571652][ T8579] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 236.571678][ T8579] ? policy_nodemask+0x27c/0x720 [ 236.571707][ T8579] alloc_pages_mpol+0x232/0x4a0 [ 236.571736][ T8579] alloc_pages_noprof+0xa9/0x190 [ 236.571761][ T8579] get_free_pages_noprof+0xf/0x80 [ 236.571788][ T8579] __pollwait+0x27b/0x460 [ 236.571813][ T8579] ? __pfx___pollwait+0x10/0x10 [ 236.571837][ T8579] snd_rawmidi_poll+0x240/0x420 [ 236.571863][ T8579] ? __pfx_snd_rawmidi_poll+0x10/0x10 [ 236.571889][ T8579] do_select+0x105b/0x17e0 [ 236.571912][ T8579] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 236.571952][ T8579] ? do_select+0x7f1/0x17e0 [ 236.571996][ T8579] ? __pfx_do_select+0x10/0x10 [ 236.572020][ T8579] ? __lock_acquire+0xab9/0xd20 [ 236.572053][ T8579] ? __pfx___pollwait+0x10/0x10 [ 236.572081][ T8579] ? __pfx_pollwake+0x10/0x10 [ 236.572110][ T8579] ? __pfx_pollwake+0x10/0x10 [ 236.572136][ T8579] ? __pfx_pollwake+0x10/0x10 [ 236.572164][ T8579] ? __pfx_pollwake+0x10/0x10 [ 236.572192][ T8579] ? __pfx_pollwake+0x10/0x10 [ 236.572221][ T8579] ? __pfx_pollwake+0x10/0x10 [ 236.572255][ T8579] ? __pfx_pollwake+0x10/0x10 [ 236.572288][ T8579] ? __pfx_pollwake+0x10/0x10 [ 236.572316][ T8579] ? __pfx_pollwake+0x10/0x10 [ 236.572365][ T8579] core_sys_select+0x6dd/0xa20 [ 236.572401][ T8579] ? __pfx_core_sys_select+0x10/0x10 [ 236.572450][ T8579] ? __pfx_set_user_sigmask+0x10/0x10 [ 236.572480][ T8579] __se_sys_pselect6+0x27a/0x300 [ 236.572511][ T8579] ? __pfx___se_sys_pselect6+0x10/0x10 [ 236.572535][ T8579] ? __pfx_ksys_write+0x10/0x10 [ 236.572556][ T8579] ? rcu_is_watching+0x15/0xb0 [ 236.572580][ T8579] ? __x64_sys_pselect6+0x21/0xf0 [ 236.572608][ T8579] do_syscall_64+0xfa/0x3b0 [ 236.572632][ T8579] ? lockdep_hardirqs_on+0x9c/0x150 [ 236.572654][ T8579] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.572672][ T8579] ? clear_bhb_loop+0x60/0xb0 [ 236.572694][ T8579] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.572712][ T8579] RIP: 0033:0x7f2fd378e929 [ 236.572729][ T8579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.572745][ T8579] RSP: 002b:00007f2fd45a5038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 236.572765][ T8579] RAX: ffffffffffffffda RBX: 00007f2fd39b6080 RCX: 00007f2fd378e929 [ 236.572779][ T8579] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040 [ 236.572791][ T8579] RBP: 00007f2fd45a5090 R08: 0000000000000000 R09: 0000000000000000 [ 236.572803][ T8579] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 236.572815][ T8579] R13: 0000000000000000 R14: 00007f2fd39b6080 R15: 00007ffd7e61bb18 [ 236.572843][ T8579] [ 237.343979][ T5915] usb 4-1: USB disconnect, device number 52 [ 237.470704][ T43] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 237.501990][ T43] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz1] on syz0 [ 237.602229][ T43] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 238.117621][ T8612] Can't find a SQUASHFS superblock on rnullb0 [ 238.303330][ T43] hid-generic 0000:0000:0000.0009: hidraw1: HID v0.00 Device [syz1] on syz0 [ 238.422016][ T8614] fido_id[8614]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 238.527214][ T8618] netlink: 8 bytes leftover after parsing attributes in process `syz.1.980'. [ 238.819099][ T8629] netlink: 'syz.2.986': attribute type 29 has an invalid length. [ 238.843250][ T8629] netlink: 'syz.2.986': attribute type 29 has an invalid length. [ 238.877219][ T8629] netlink: 'syz.2.986': attribute type 29 has an invalid length. [ 238.880558][ T8633] FAULT_INJECTION: forcing a failure. [ 238.880558][ T8633] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 238.914935][ T8629] netlink: 'syz.2.986': attribute type 29 has an invalid length. [ 238.928984][ T8633] CPU: 0 UID: 0 PID: 8633 Comm: syz.0.985 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 238.929014][ T8633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 238.929026][ T8633] Call Trace: [ 238.929034][ T8633] [ 238.929043][ T8633] dump_stack_lvl+0x189/0x250 [ 238.929080][ T8633] ? __pfx____ratelimit+0x10/0x10 [ 238.929106][ T8633] ? __pfx_dump_stack_lvl+0x10/0x10 [ 238.929129][ T8633] ? __pfx__printk+0x10/0x10 [ 238.929156][ T8633] ? __might_fault+0xb0/0x130 [ 238.929186][ T8633] should_fail_ex+0x414/0x560 [ 238.929224][ T8633] _copy_from_user+0x2d/0xb0 [ 238.929245][ T8633] copy_from_sockptr+0x5e/0xa0 [ 238.929276][ T8633] do_tcp_getsockopt+0xc9c/0x2610 [ 238.929317][ T8633] ? __pfx_do_tcp_getsockopt+0x10/0x10 [ 238.929347][ T8633] ? sock_recv_errqueue+0x510/0x510 [ 238.929373][ T8633] ? __might_fault+0xb0/0x130 [ 238.929396][ T8633] ? _parse_integer_limit+0x1ae/0x1f0 [ 238.929424][ T8633] ? aa_label_sk_perm+0x4d3/0x630 [ 238.929449][ T8633] ? __lock_acquire+0xab9/0xd20 [ 238.929480][ T8633] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 238.929531][ T8633] ? __lock_acquire+0xab9/0xd20 [ 238.929587][ T8633] tcp_getsockopt+0x89/0x130 [ 238.929616][ T8633] ? sock_recv_errqueue+0x510/0x510 [ 238.929642][ T8633] ? sock_recv_errqueue+0x510/0x510 [ 238.929671][ T8633] do_sock_getsockopt+0x35d/0x650 [ 238.929707][ T8633] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 238.929738][ T8633] ? do_syscall_64+0x60/0x3b0 [ 238.929764][ T8633] ? __fget_files+0x3a0/0x420 [ 238.929791][ T8633] ? __fget_files+0x2a/0x420 [ 238.929827][ T8633] __x64_sys_getsockopt+0x1a5/0x250 [ 238.929858][ T8633] ? do_syscall_64+0x60/0x3b0 [ 238.929885][ T8633] ? do_syscall_64+0x60/0x3b0 [ 238.929916][ T8633] do_syscall_64+0xfa/0x3b0 [ 238.929941][ T8633] ? lockdep_hardirqs_on+0x9c/0x150 [ 238.929966][ T8633] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.929985][ T8633] ? clear_bhb_loop+0x60/0xb0 [ 238.930015][ T8633] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.930034][ T8633] RIP: 0033:0x7f4fba18e929 [ 238.930057][ T8633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.930075][ T8633] RSP: 002b:00007f4fbb00b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 238.930096][ T8633] RAX: ffffffffffffffda RBX: 00007f4fba3b5fa0 RCX: 00007f4fba18e929 [ 238.930111][ T8633] RDX: 0000000000000023 RSI: 0000000000000006 RDI: 0000000000000003 [ 238.930123][ T8633] RBP: 00007f4fbb00b090 R08: 0000200000000040 R09: 0000000000000000 [ 238.930137][ T8633] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 238.930151][ T8633] R13: 0000000000000000 R14: 00007f4fba3b5fa0 R15: 00007ffe646ead48 [ 238.930182][ T8633] [ 239.001039][ T8635] netlink: 'syz.3.988': attribute type 33 has an invalid length. [ 239.233177][ T8635] netlink: 152 bytes leftover after parsing attributes in process `syz.3.988'. [ 239.403995][ T8644] FAULT_INJECTION: forcing a failure. [ 239.403995][ T8644] name failslab, interval 1, probability 0, space 0, times 0 [ 239.467716][ T8644] CPU: 1 UID: 0 PID: 8644 Comm: syz.0.990 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 239.467746][ T8644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 239.467759][ T8644] Call Trace: [ 239.467766][ T8644] [ 239.467775][ T8644] dump_stack_lvl+0x189/0x250 [ 239.467807][ T8644] ? __pfx____ratelimit+0x10/0x10 [ 239.467841][ T8644] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.467864][ T8644] ? __pfx__printk+0x10/0x10 [ 239.467892][ T8644] ? __pfx___might_resched+0x10/0x10 [ 239.467910][ T8644] ? fs_reclaim_acquire+0x7d/0x100 [ 239.467942][ T8644] should_fail_ex+0x414/0x560 [ 239.467979][ T8644] should_failslab+0xa8/0x100 [ 239.468005][ T8644] kmem_cache_alloc_noprof+0x73/0x3c0 [ 239.468027][ T8644] ? alloc_empty_file+0x55/0x1d0 [ 239.468062][ T8644] alloc_empty_file+0x55/0x1d0 [ 239.468093][ T8644] path_openat+0x107/0x3830 [ 239.468113][ T8644] ? arch_stack_walk+0xfc/0x150 [ 239.468165][ T8644] ? kasan_save_track+0x4f/0x80 [ 239.468183][ T8644] ? kasan_save_track+0x3e/0x80 [ 239.468200][ T8644] ? __kasan_slab_alloc+0x6c/0x80 [ 239.468218][ T8644] ? getname_flags+0xb8/0x540 [ 239.468245][ T8644] ? __pfx_path_openat+0x10/0x10 [ 239.468264][ T8644] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.468306][ T8644] do_filp_open+0x1fa/0x410 [ 239.468326][ T8644] ? __lock_acquire+0xab9/0xd20 [ 239.468357][ T8644] ? __pfx_do_filp_open+0x10/0x10 [ 239.468402][ T8644] ? _raw_spin_unlock+0x28/0x50 [ 239.468423][ T8644] ? alloc_fd+0x64c/0x6c0 [ 239.468462][ T8644] do_sys_openat2+0x121/0x1c0 [ 239.468485][ T8644] ? __pfx_do_sys_openat2+0x10/0x10 [ 239.468505][ T8644] ? ksys_write+0x22a/0x250 [ 239.468531][ T8644] ? __pfx_ksys_write+0x10/0x10 [ 239.468552][ T8644] ? rcu_is_watching+0x15/0xb0 [ 239.468575][ T8644] __x64_sys_openat+0x138/0x170 [ 239.468601][ T8644] do_syscall_64+0xfa/0x3b0 [ 239.468626][ T8644] ? lockdep_hardirqs_on+0x9c/0x150 [ 239.468651][ T8644] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.468670][ T8644] ? clear_bhb_loop+0x60/0xb0 [ 239.468694][ T8644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 239.468713][ T8644] RIP: 0033:0x7f4fba18e929 [ 239.468731][ T8644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 239.468748][ T8644] RSP: 002b:00007f4fbb00b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 239.468769][ T8644] RAX: ffffffffffffffda RBX: 00007f4fba3b5fa0 RCX: 00007f4fba18e929 [ 239.468784][ T8644] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 239.468798][ T8644] RBP: 00007f4fbb00b090 R08: 0000000000000000 R09: 0000000000000000 [ 239.468811][ T8644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 239.468823][ T8644] R13: 0000000000000000 R14: 00007f4fba3b5fa0 R15: 00007ffe646ead48 [ 239.468863][ T8644] [ 239.788599][ T8652] Can't find a SQUASHFS superblock on rnullb0 [ 240.062594][ T8639] orangefs_mount: mount request failed with -4 [ 240.100423][ T8660] netlink: 'syz.3.997': attribute type 29 has an invalid length. [ 240.128170][ T8660] netlink: 'syz.3.997': attribute type 29 has an invalid length. [ 240.175374][ T8660] netlink: 'syz.3.997': attribute type 29 has an invalid length. [ 240.184188][ T8660] netlink: 'syz.3.997': attribute type 29 has an invalid length. [ 240.285314][ T8664] netlink: 'syz.3.1000': attribute type 33 has an invalid length. [ 240.300116][ T8664] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1000'. [ 240.331275][ T8666] tipc: Enabled bearer , priority 10 [ 240.444846][ T10] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 240.467272][ T8666] tipc: Resetting bearer [ 240.519010][ T8671] FAULT_INJECTION: forcing a failure. [ 240.519010][ T8671] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 240.538088][ T8586] syz.0.970 (8586) used greatest stack depth: 19320 bytes left [ 240.545936][ T8671] CPU: 1 UID: 0 PID: 8671 Comm: syz.3.1002 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 240.545964][ T8671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 240.545977][ T8671] Call Trace: [ 240.545985][ T8671] [ 240.545993][ T8671] dump_stack_lvl+0x189/0x250 [ 240.546021][ T8671] ? __pfx____ratelimit+0x10/0x10 [ 240.546059][ T8671] ? __pfx_dump_stack_lvl+0x10/0x10 [ 240.546080][ T8671] ? __pfx__printk+0x10/0x10 [ 240.546103][ T8671] ? __might_fault+0xb0/0x130 [ 240.546135][ T8671] should_fail_ex+0x414/0x560 [ 240.546171][ T8671] _copy_from_user+0x2d/0xb0 [ 240.546192][ T8671] iommufd_fops_ioctl+0x411/0x580 [ 240.546220][ T8671] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 240.546246][ T8671] ? __fget_files+0x2a/0x420 [ 240.546279][ T8671] ? __fget_files+0x2a/0x420 [ 240.546309][ T8671] ? bpf_lsm_file_ioctl+0x9/0x20 [ 240.546328][ T8671] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 240.546348][ T8671] __se_sys_ioctl+0xf9/0x170 [ 240.546373][ T8671] do_syscall_64+0xfa/0x3b0 [ 240.546398][ T8671] ? lockdep_hardirqs_on+0x9c/0x150 [ 240.546422][ T8671] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.546441][ T8671] ? clear_bhb_loop+0x60/0xb0 [ 240.546464][ T8671] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.546483][ T8671] RIP: 0033:0x7fb05318e929 [ 240.546500][ T8671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 240.546517][ T8671] RSP: 002b:00007fb053f1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 240.546537][ T8671] RAX: ffffffffffffffda RBX: 00007fb0533b5fa0 RCX: 00007fb05318e929 [ 240.546552][ T8671] RDX: 0000200000000b80 RSI: 0000000000003ba0 RDI: 0000000000000003 [ 240.546564][ T8671] RBP: 00007fb053f1a090 R08: 0000000000000000 R09: 0000000000000000 [ 240.546576][ T8671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 240.546588][ T8671] R13: 0000000000000000 R14: 00007fb0533b5fa0 R15: 00007ffd056630e8 [ 240.546617][ T8671] [ 240.605051][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 240.767596][ T10] usb 3-1: no configurations [ 240.772252][ T10] usb 3-1: can't read configurations, error -22 [ 240.793040][ T8673] netlink: 172 bytes leftover after parsing attributes in process `syz.3.1003'. [ 240.909892][ T10] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 241.067332][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 241.073387][ T10] usb 3-1: no configurations [ 241.078669][ T10] usb 3-1: can't read configurations, error -22 [ 241.087836][ T10] usb usb3-port1: attempt power cycle [ 241.184953][ T5835] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 241.304985][ T5831] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 241.337994][ T5835] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 241.351196][ T5835] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 241.360330][ T5835] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.374966][ T5835] usb 2-1: config 0 descriptor?? [ 241.387321][ T5835] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 241.425303][ T10] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 241.449037][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 241.455080][ T5831] usb 4-1: Using ep0 maxpacket: 8 [ 241.460996][ T10] usb 3-1: no configurations [ 241.466026][ T10] usb 3-1: can't read configurations, error -22 [ 241.472718][ T5831] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 15 [ 241.482213][ T5831] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 241.493852][ T5831] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 241.505046][ T5831] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 241.519262][ T5831] usb 4-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8 [ 241.528494][ T5831] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.537012][ T5831] usb 4-1: Product: syz [ 241.541215][ T5831] usb 4-1: Manufacturer: syz [ 241.546433][ T5831] usb 4-1: SerialNumber: syz [ 241.553149][ T5831] usb 4-1: config 0 descriptor?? [ 241.559161][ T8685] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 241.604877][ T10] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 241.625524][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 241.631203][ T10] usb 3-1: no configurations [ 241.636179][ T10] usb 3-1: can't read configurations, error -22 [ 241.642853][ T10] usb usb3-port1: unable to enumerate USB device [ 241.769716][ T5831] powermate: Expected payload of 3--6 bytes, found 1024 bytes! [ 241.780725][ T5831] input: Griffin SoundKnob as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input44 [ 241.973624][ T8687] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 241.985438][ T8687] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 242.024273][ C0] powermate: config urb returned -71 [ 242.029946][ C0] powermate: config urb returned -71 [ 242.035594][ C0] powermate: config urb returned -71 [ 242.045757][ T10] usb 4-1: USB disconnect, device number 53 [ 242.051756][ C0] powermate 4-1:0.0: powermate_irq - usb_submit_urb failed with result: -19 [ 242.122259][ T30] audit: type=1326 audit(1751596896.724:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8691 comm="syz.3.1009" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb05318e929 code=0x0 [ 242.231764][ T8696] 9pnet_fd: Insufficient options for proto=fd [ 242.252122][ T8693] XFS (rnullb0): Invalid superblock magic number [ 243.008736][ T8703] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1010'. [ 243.274170][ T8714] Can't find a SQUASHFS superblock on rnullb0 [ 243.332003][ T8665] tipc: Resetting bearer [ 243.494994][ T43] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 243.647813][ T43] usb 4-1: device descriptor read/64, error -71 [ 243.764489][ T8719] FAULT_INJECTION: forcing a failure. [ 243.764489][ T8719] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 243.783064][ T8719] CPU: 1 UID: 0 PID: 8719 Comm: syz.2.1015 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 243.783091][ T8719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 243.783103][ T8719] Call Trace: [ 243.783111][ T8719] [ 243.783118][ T8719] dump_stack_lvl+0x189/0x250 [ 243.783143][ T8719] ? __pfx____ratelimit+0x10/0x10 [ 243.783166][ T8719] ? __pfx_dump_stack_lvl+0x10/0x10 [ 243.783186][ T8719] ? __pfx__printk+0x10/0x10 [ 243.783216][ T8719] should_fail_ex+0x414/0x560 [ 243.783248][ T8719] _copy_to_user+0x31/0xb0 [ 243.783267][ T8719] simple_read_from_buffer+0xe1/0x170 [ 243.783305][ T8719] proc_fail_nth_read+0x1df/0x250 [ 243.783335][ T8719] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 243.783353][ T8719] ? rw_verify_area+0x258/0x650 [ 243.783371][ T8719] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 243.783388][ T8719] vfs_read+0x200/0x980 [ 243.783411][ T8719] ? __pfx___mutex_lock+0x10/0x10 [ 243.783434][ T8719] ? __pfx_vfs_read+0x10/0x10 [ 243.783454][ T8719] ? __fget_files+0x2a/0x420 [ 243.783480][ T8719] ? __fget_files+0x3a0/0x420 [ 243.783500][ T8719] ? __fget_files+0x2a/0x420 [ 243.783530][ T8719] ksys_read+0x145/0x250 [ 243.783552][ T8719] ? __pfx_ksys_read+0x10/0x10 [ 243.783569][ T8719] ? rcu_is_watching+0x15/0xb0 [ 243.783592][ T8719] ? do_syscall_64+0xbe/0x3b0 [ 243.783617][ T8719] do_syscall_64+0xfa/0x3b0 [ 243.783637][ T8719] ? lockdep_hardirqs_on+0x9c/0x150 [ 243.783676][ T8719] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.783693][ T8719] ? clear_bhb_loop+0x60/0xb0 [ 243.783714][ T8719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.783730][ T8719] RIP: 0033:0x7f8f7918d33c [ 243.783748][ T8719] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 243.783763][ T8719] RSP: 002b:00007f8f79f98030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 243.783782][ T8719] RAX: ffffffffffffffda RBX: 00007f8f793b5fa0 RCX: 00007f8f7918d33c [ 243.783794][ T8719] RDX: 000000000000000f RSI: 00007f8f79f980a0 RDI: 0000000000000004 [ 243.783804][ T8719] RBP: 00007f8f79f98090 R08: 0000000000000000 R09: 0000000000000000 [ 243.783815][ T8719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 243.783825][ T8719] R13: 0000000000000000 R14: 00007f8f793b5fa0 R15: 00007ffed3ee2738 [ 243.783852][ T8719] [ 244.054479][ T5915] usb 2-1: USB disconnect, device number 42 [ 244.086372][ T8721] exFAT-fs (rnullb0): invalid boot record signature [ 244.093052][ T8721] exFAT-fs (rnullb0): failed to read boot sector [ 244.100470][ T8721] exFAT-fs (rnullb0): failed to recognize exfat type [ 244.126215][ T43] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 244.264886][ T43] usb 4-1: device descriptor read/64, error -71 [ 244.385763][ T43] usb usb4-port1: attempt power cycle [ 244.448078][ T10] usb 3-1: new full-speed USB device number 55 using dummy_hcd [ 244.571746][ T8734] validate_nla: 1 callbacks suppressed [ 244.571763][ T8734] netlink: 'syz.1.1019': attribute type 33 has an invalid length. [ 244.591676][ T8734] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1019'. [ 244.612862][ T10] usb 3-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 244.624181][ T10] usb 3-1: config 1 interface 0 has no altsetting 0 [ 244.633350][ T10] usb 3-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40 [ 244.642613][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.650739][ T10] usb 3-1: Product: syz [ 244.655311][ T10] usb 3-1: Manufacturer: syz [ 244.659952][ T10] usb 3-1: SerialNumber: syz [ 244.737315][ T43] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 244.775536][ T43] usb 4-1: device descriptor read/8, error -71 [ 244.902907][ T10] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input45 [ 244.945197][ T10] usb 3-1: USB disconnect, device number 55 [ 244.951230][ C0] pxrc 3-1:1.0: pxrc_usb_irq - usb_submit_urb failed with result: -19 [ 244.965057][ T5187] pxrc 3-1:1.0: pxrc_open - usb_submit_urb failed, error: -19 [ 245.028671][ T43] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 245.070085][ T43] usb 4-1: device descriptor read/8, error -71 [ 245.185271][ T43] usb usb4-port1: unable to enumerate USB device [ 245.517697][ T8665] tipc: Disabling bearer [ 245.605640][ T8736] FAULT_INJECTION: forcing a failure. [ 245.605640][ T8736] name failslab, interval 1, probability 0, space 0, times 0 [ 245.631268][ T8736] CPU: 1 UID: 0 PID: 8736 Comm: syz.2.1020 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 245.631297][ T8736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 245.631309][ T8736] Call Trace: [ 245.631318][ T8736] [ 245.631326][ T8736] dump_stack_lvl+0x189/0x250 [ 245.631355][ T8736] ? __pfx____ratelimit+0x10/0x10 [ 245.631382][ T8736] ? __pfx_dump_stack_lvl+0x10/0x10 [ 245.631406][ T8736] ? __pfx__printk+0x10/0x10 [ 245.631435][ T8736] ? __pfx___might_resched+0x10/0x10 [ 245.631455][ T8736] ? fs_reclaim_acquire+0x7d/0x100 [ 245.631487][ T8736] should_fail_ex+0x414/0x560 [ 245.631526][ T8736] should_failslab+0xa8/0x100 [ 245.631553][ T8736] __kmalloc_cache_noprof+0x70/0x3d0 [ 245.631576][ T8736] ? vhost_task_create+0xf6/0x290 [ 245.631603][ T8736] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 245.631631][ T8736] vhost_task_create+0xf6/0x290 [ 245.631655][ T8736] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 245.631683][ T8736] ? __pfx_vhost_task_create+0x10/0x10 [ 245.631716][ T8736] ? __pfx_vhost_task_fn+0x10/0x10 [ 245.631752][ T8736] ? kasan_save_track+0x4f/0x80 [ 245.631771][ T8736] ? kasan_save_track+0x3e/0x80 [ 245.631797][ T8736] kvm_mmu_post_init_vm+0x147/0x2b0 [ 245.631830][ T8736] kvm_arch_vcpu_ioctl_run+0xdc/0x1940 [ 245.631865][ T8736] ? __mutex_trylock_common+0x153/0x260 [ 245.631891][ T8736] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 245.631925][ T8736] ? rcu_is_watching+0x15/0xb0 [ 245.631944][ T8736] ? look_up_lock_class+0x74/0x170 [ 245.631971][ T8736] ? register_lock_class+0x51/0x320 [ 245.632006][ T8736] ? __lock_acquire+0xab9/0xd20 [ 245.632066][ T8736] kvm_vcpu_ioctl+0x95c/0xe90 [ 245.632098][ T8736] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 245.632119][ T8736] ? __lock_acquire+0xab9/0xd20 [ 245.632171][ T8736] ? __fget_files+0x2a/0x420 [ 245.632209][ T8736] ? __fget_files+0x2a/0x420 [ 245.632235][ T8736] ? __fget_files+0x3a0/0x420 [ 245.632261][ T8736] ? __fget_files+0x2a/0x420 [ 245.632293][ T8736] ? bpf_lsm_file_ioctl+0x9/0x20 [ 245.632313][ T8736] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 245.632337][ T8736] __se_sys_ioctl+0xf9/0x170 [ 245.632362][ T8736] do_syscall_64+0xfa/0x3b0 [ 245.632388][ T8736] ? lockdep_hardirqs_on+0x9c/0x150 [ 245.632413][ T8736] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.632434][ T8736] ? clear_bhb_loop+0x60/0xb0 [ 245.632459][ T8736] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.632479][ T8736] RIP: 0033:0x7f8f7918e929 [ 245.632498][ T8736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 245.632516][ T8736] RSP: 002b:00007f8f79f98038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 245.632537][ T8736] RAX: ffffffffffffffda RBX: 00007f8f793b5fa0 RCX: 00007f8f7918e929 [ 245.632552][ T8736] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 245.632565][ T8736] RBP: 00007f8f79f98090 R08: 0000000000000000 R09: 0000000000000000 [ 245.632578][ T8736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 245.632590][ T8736] R13: 0000000000000000 R14: 00007f8f793b5fa0 R15: 00007ffed3ee2738 [ 245.632623][ T8736] [ 245.703506][ T8741] kvm: pic: non byte write [ 246.060303][ T8745] Can't find a SQUASHFS superblock on rnullb0 [ 246.075267][ T5835] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 246.109115][ T8747] warning: `syz.0.1024' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 246.122812][ T8747] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 246.245612][ T5835] usb 2-1: Using ep0 maxpacket: 8 [ 246.252065][ T5835] usb 2-1: no configurations [ 246.257702][ T5835] usb 2-1: can't read configurations, error -22 [ 246.395090][ T5835] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 246.514607][ T8765] netlink: 'syz.3.1030': attribute type 33 has an invalid length. [ 246.522535][ T8765] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1030'. [ 246.554956][ T5835] usb 2-1: Using ep0 maxpacket: 8 [ 246.573639][ T5835] usb 2-1: no configurations [ 246.581543][ T5835] usb 2-1: can't read configurations, error -22 [ 246.591782][ T5835] usb usb2-port1: attempt power cycle [ 246.618924][ T8767] Can't find a SQUASHFS superblock on rnullb0 [ 246.948456][ T5835] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 246.975713][ T5835] usb 2-1: Using ep0 maxpacket: 8 [ 246.983095][ T5835] usb 2-1: no configurations [ 247.007896][ T5835] usb 2-1: can't read configurations, error -22 [ 247.017787][ T8773] syzkaller1: entered promiscuous mode [ 247.029787][ T8773] syzkaller1: entered allmulticast mode [ 249.006500][ T5835] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 250.012196][ T5915] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 250.016095][ T5835] usb 2-1: device descriptor read/8, error -71 [ 250.415245][ T5835] usb usb2-port1: unable to enumerate USB device [ 251.047789][ T8803] FAULT_INJECTION: forcing a failure. [ 251.047789][ T8803] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 251.078931][ T8803] CPU: 0 UID: 0 PID: 8803 Comm: syz.0.1037 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 251.078961][ T8803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 251.078974][ T8803] Call Trace: [ 251.078982][ T8803] [ 251.078990][ T8803] dump_stack_lvl+0x189/0x250 [ 251.079028][ T8803] ? __pfx____ratelimit+0x10/0x10 [ 251.079054][ T8803] ? __pfx_dump_stack_lvl+0x10/0x10 [ 251.079077][ T8803] ? __pfx__printk+0x10/0x10 [ 251.079113][ T8803] should_fail_ex+0x414/0x560 [ 251.079151][ T8803] strncpy_from_user+0x36/0x290 [ 251.079186][ T8803] getname_flags+0xf3/0x540 [ 251.079220][ T8803] do_sys_openat2+0xbc/0x1c0 [ 251.079242][ T8803] ? __pfx_do_sys_openat2+0x10/0x10 [ 251.079262][ T8803] ? ksys_write+0x22a/0x250 [ 251.079288][ T8803] ? __pfx_ksys_write+0x10/0x10 [ 251.079310][ T8803] ? rcu_is_watching+0x15/0xb0 [ 251.079334][ T8803] __x64_sys_openat+0x138/0x170 [ 251.079360][ T8803] do_syscall_64+0xfa/0x3b0 [ 251.079386][ T8803] ? lockdep_hardirqs_on+0x9c/0x150 [ 251.079411][ T8803] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.079431][ T8803] ? clear_bhb_loop+0x60/0xb0 [ 251.079455][ T8803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.079474][ T8803] RIP: 0033:0x7f4fba18e929 [ 251.079492][ T8803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 251.079509][ T8803] RSP: 002b:00007f4fbb00b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 251.079530][ T8803] RAX: ffffffffffffffda RBX: 00007f4fba3b5fa0 RCX: 00007f4fba18e929 [ 251.079545][ T8803] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 251.079559][ T8803] RBP: 00007f4fbb00b090 R08: 0000000000000000 R09: 0000000000000000 [ 251.079571][ T8803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 251.079583][ T8803] R13: 0000000000000000 R14: 00007f4fba3b5fa0 R15: 00007ffe646ead48 [ 251.079615][ T8803] [ 251.862071][ T8826] FAULT_INJECTION: forcing a failure. [ 251.862071][ T8826] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 251.980465][ T8826] CPU: 0 UID: 0 PID: 8826 Comm: syz.1.1043 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 251.980495][ T8826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 251.980508][ T8826] Call Trace: [ 251.980516][ T8826] [ 251.980525][ T8826] dump_stack_lvl+0x189/0x250 [ 251.980554][ T8826] ? __pfx____ratelimit+0x10/0x10 [ 251.980582][ T8826] ? __pfx_dump_stack_lvl+0x10/0x10 [ 251.980605][ T8826] ? __pfx__printk+0x10/0x10 [ 251.980629][ T8826] ? __might_fault+0xb0/0x130 [ 251.980664][ T8826] should_fail_ex+0x414/0x560 [ 251.980701][ T8826] _copy_from_iter+0x1db/0x16f0 [ 251.980747][ T8826] ? __pfx__copy_from_iter+0x10/0x10 [ 251.980773][ T8826] ? __lock_acquire+0xab9/0xd20 [ 251.980817][ T8826] bcm_sendmsg+0x15b/0x6a0 [ 251.980846][ T8826] ? __pfx_bcm_sendmsg+0x10/0x10 [ 251.980881][ T8826] ? __lock_acquire+0xab9/0xd20 [ 251.980907][ T8826] ? aa_sock_msg_perm+0xf1/0x1d0 [ 251.980932][ T8826] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 251.980960][ T8826] ? __pfx_bcm_sendmsg+0x10/0x10 [ 251.980982][ T8826] __sock_sendmsg+0x219/0x270 [ 251.981012][ T8826] ____sys_sendmsg+0x505/0x830 [ 251.981038][ T8826] ? __pfx_____sys_sendmsg+0x10/0x10 [ 251.981069][ T8826] ? import_iovec+0x74/0xa0 [ 251.981092][ T8826] ___sys_sendmsg+0x21f/0x2a0 [ 251.981115][ T8826] ? __pfx____sys_sendmsg+0x10/0x10 [ 251.981174][ T8826] ? __fget_files+0x2a/0x420 [ 251.981201][ T8826] ? __fget_files+0x3a0/0x420 [ 251.981240][ T8826] __x64_sys_sendmsg+0x19b/0x260 [ 251.981263][ T8826] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 251.981294][ T8826] ? __pfx_ksys_write+0x10/0x10 [ 251.981314][ T8826] ? rcu_is_watching+0x15/0xb0 [ 251.981338][ T8826] ? do_syscall_64+0xbe/0x3b0 [ 251.981367][ T8826] do_syscall_64+0xfa/0x3b0 [ 251.981392][ T8826] ? lockdep_hardirqs_on+0x9c/0x150 [ 251.981416][ T8826] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.981434][ T8826] ? clear_bhb_loop+0x60/0xb0 [ 251.981457][ T8826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.981476][ T8826] RIP: 0033:0x7f2fd378e929 [ 251.981494][ T8826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 251.981512][ T8826] RSP: 002b:00007f2fd45c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 251.981534][ T8826] RAX: ffffffffffffffda RBX: 00007f2fd39b5fa0 RCX: 00007f2fd378e929 [ 251.981549][ T8826] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003 [ 251.981562][ T8826] RBP: 00007f2fd45c6090 R08: 0000000000000000 R09: 0000000000000000 [ 251.981575][ T8826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 251.981587][ T8826] R13: 0000000000000000 R14: 00007f2fd39b5fa0 R15: 00007ffd7e61bb18 [ 251.981618][ T8826] [ 252.306292][ T8792] exFAT-fs (rnullb0): invalid boot record signature [ 252.331559][ T8820] /dev/rnullb0: Can't open blockdev [ 252.368669][ T8792] exFAT-fs (rnullb0): failed to read boot sector [ 252.397693][ T8792] exFAT-fs (rnullb0): failed to recognize exfat type [ 252.443924][ T8794] exFAT-fs (rnullb0): invalid boot record signature [ 252.459934][ T8794] exFAT-fs (rnullb0): failed to read boot sector [ 252.468976][ T8794] exFAT-fs (rnullb0): failed to recognize exfat type [ 252.584849][ T5835] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 252.760692][ T5835] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 252.781384][ T5835] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 252.798197][ T8837] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1046'. [ 252.811145][ T5835] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.819888][ T8837] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1046'. [ 252.840228][ T5835] usb 2-1: config 0 descriptor?? [ 252.861477][ T5835] pwc: Askey VC010 type 2 USB webcam detected. [ 253.085483][ T978] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 253.270592][ T5835] pwc: recv_control_msg error -32 req 02 val 2b00 [ 253.285069][ T978] usb 3-1: Using ep0 maxpacket: 8 [ 253.296609][ T5835] pwc: recv_control_msg error -32 req 02 val 2700 [ 253.310539][ T978] usb 3-1: config 0 has an invalid interface number: 56 but max is 0 [ 253.319523][ T978] usb 3-1: config 0 has no interface number 0 [ 253.348383][ T978] usb 3-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=c7.76 [ 253.364077][ T978] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.372974][ T5835] pwc: recv_control_msg error -32 req 02 val 2c00 [ 253.389548][ T978] usb 3-1: Product: syz [ 253.396604][ T5835] pwc: recv_control_msg error -32 req 04 val 1000 [ 253.403090][ T978] usb 3-1: Manufacturer: syz [ 253.409630][ T978] usb 3-1: SerialNumber: syz [ 253.423968][ T5835] pwc: recv_control_msg error -32 req 04 val 1300 [ 253.432083][ T8853] Can't find a SQUASHFS superblock on rnullb0 [ 253.432147][ T978] usb 3-1: config 0 descriptor?? [ 253.447982][ T5835] pwc: recv_control_msg error -32 req 04 val 1400 [ 253.465827][ T5835] pwc: recv_control_msg error -71 req 02 val 2000 [ 253.475627][ T5835] pwc: recv_control_msg error -71 req 02 val 2100 [ 253.485187][ T5835] pwc: recv_control_msg error -71 req 04 val 1500 [ 253.498786][ T5835] pwc: recv_control_msg error -71 req 02 val 2500 [ 253.515858][ T5835] pwc: recv_control_msg error -71 req 02 val 2400 [ 253.524095][ T5835] pwc: recv_control_msg error -71 req 02 val 2600 [ 253.535408][ T5835] pwc: recv_control_msg error -71 req 02 val 2900 [ 253.550234][ T5835] pwc: recv_control_msg error -71 req 02 val 2800 [ 253.557780][ T5835] pwc: recv_control_msg error -71 req 04 val 1100 [ 253.574992][ T5835] pwc: recv_control_msg error -71 req 04 val 1200 [ 253.590980][ T5835] pwc: Registered as video103. [ 253.608352][ T5835] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input46 [ 253.645549][ T5835] usb 2-1: USB disconnect, device number 47 [ 253.657131][ T978] peak_usb 3-1:0.56: PEAK-System PCAN-USB X6 v0 fw v0.0.0 (2 channels) [ 253.855641][ T978] peak_usb 3-1:0.56 can0: sending command failure: -22 [ 253.862581][ T978] peak_usb 3-1:0.56 can0: sending command failure: -22 [ 253.885511][ T978] peak_usb 3-1:0.56 can0: sending command failure: -22 [ 253.957879][ T978] peak_usb 3-1:0.56: probe with driver peak_usb failed with error -22 [ 254.078986][ T978] usb 3-1: USB disconnect, device number 56 [ 254.361473][ T8868] /dev/rnullb0: Can't open blockdev [ 254.698248][ T8873] ================================================================== [ 254.706380][ T8873] BUG: KASAN: slab-use-after-free in rose_get_neigh+0x391/0x990 [ 254.714058][ T8873] Read of size 1 at addr ffff888024970c30 by task syz.1.1056/8873 [ 254.721892][ T8873] [ 254.724251][ T8873] CPU: 1 UID: 0 PID: 8873 Comm: syz.1.1056 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 254.724281][ T8873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 254.724295][ T8873] Call Trace: [ 254.724304][ T8873] [ 254.724313][ T8873] dump_stack_lvl+0x189/0x250 [ 254.724348][ T8873] ? __virt_addr_valid+0x1c8/0x5c0 [ 254.724373][ T8873] ? rcu_is_watching+0x15/0xb0 [ 254.724392][ T8873] ? __kasan_check_byte+0x12/0x40 [ 254.724417][ T8873] ? __pfx_dump_stack_lvl+0x10/0x10 [ 254.724439][ T8873] ? rcu_is_watching+0x15/0xb0 [ 254.724457][ T8873] ? lock_release+0x4b/0x3e0 [ 254.724489][ T8873] ? __virt_addr_valid+0x1c8/0x5c0 [ 254.724512][ T8873] ? __virt_addr_valid+0x4a5/0x5c0 [ 254.724537][ T8873] print_report+0xd2/0x2b0 [ 254.724564][ T8873] ? rose_get_neigh+0x391/0x990 [ 254.724585][ T8873] kasan_report+0x118/0x150 [ 254.724610][ T8873] ? rose_get_neigh+0x391/0x990 [ 254.724637][ T8873] rose_get_neigh+0x391/0x990 [ 254.724663][ T8873] rose_connect+0x416/0x10a0 [ 254.724694][ T8873] ? __pfx_current_check_access_socket+0x10/0x10 [ 254.724720][ T8873] ? aa_sk_perm+0x81e/0x950 [ 254.724739][ T8873] ? __might_fault+0xb0/0x130 [ 254.724761][ T8873] ? __pfx_rose_connect+0x10/0x10 [ 254.724792][ T8873] ? aa_af_perm+0x270/0x2d0 [ 254.724812][ T8873] ? tomoyo_socket_connect_permission+0x164/0x290 [ 254.724842][ T8873] ? bpf_lsm_socket_connect+0x9/0x20 [ 254.724873][ T8873] __sys_connect+0x313/0x440 [ 254.724903][ T8873] ? __pfx___sys_connect+0x10/0x10 [ 254.724939][ T8873] ? rcu_is_watching+0x15/0xb0 [ 254.724962][ T8873] __x64_sys_connect+0x7a/0x90 [ 254.724990][ T8873] do_syscall_64+0xfa/0x3b0 [ 254.725018][ T8873] ? lockdep_hardirqs_on+0x9c/0x150 [ 254.725043][ T8873] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.725063][ T8873] ? clear_bhb_loop+0x60/0xb0 [ 254.725085][ T8873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.725105][ T8873] RIP: 0033:0x7f2fd378e929 [ 254.725124][ T8873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.725143][ T8873] RSP: 002b:00007f2fd45c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 254.725164][ T8873] RAX: ffffffffffffffda RBX: 00007f2fd39b5fa0 RCX: 00007f2fd378e929 [ 254.725180][ T8873] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000005 [ 254.725194][ T8873] RBP: 00007f2fd3810b39 R08: 0000000000000000 R09: 0000000000000000 [ 254.725208][ T8873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 254.725221][ T8873] R13: 0000000000000000 R14: 00007f2fd39b5fa0 R15: 00007ffd7e61bb18 [ 254.725253][ T8873] [ 254.725260][ T8873] [ 254.985334][ T8873] Allocated by task 5202: [ 254.989766][ T8873] kasan_save_track+0x3e/0x80 [ 254.994479][ T8873] __kasan_kmalloc+0x93/0xb0 [ 254.999075][ T8873] __kmalloc_cache_noprof+0x230/0x3d0 [ 255.004465][ T8873] kernfs_fop_open+0x397/0xca0 [ 255.009263][ T8873] do_dentry_open+0xdf0/0x1970 [ 255.014066][ T8873] vfs_open+0x3b/0x340 [ 255.018152][ T8873] path_openat+0x2ee5/0x3830 [ 255.022871][ T8873] do_filp_open+0x1fa/0x410 [ 255.027400][ T8873] do_sys_openat2+0x121/0x1c0 [ 255.032084][ T8873] __x64_sys_openat+0x138/0x170 [ 255.036940][ T8873] do_syscall_64+0xfa/0x3b0 [ 255.041462][ T8873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.047373][ T8873] [ 255.049725][ T8873] Freed by task 5202: [ 255.053708][ T8873] kasan_save_track+0x3e/0x80 [ 255.058409][ T8873] kasan_save_free_info+0x46/0x50 [ 255.063462][ T8873] __kasan_slab_free+0x62/0x70 [ 255.068237][ T8873] kfree+0x18e/0x440 [ 255.072188][ T8873] kernfs_fop_release+0x160/0x190 [ 255.077347][ T8873] __fput+0x44c/0xa70 [ 255.081333][ T8873] fput_close_sync+0x119/0x200 [ 255.086118][ T8873] __x64_sys_close+0x7f/0x110 [ 255.090850][ T8873] do_syscall_64+0xfa/0x3b0 [ 255.095387][ T8873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.101389][ T8873] [ 255.103723][ T8873] The buggy address belongs to the object at ffff888024970c00 [ 255.103723][ T8873] which belongs to the cache kmalloc-512 of size 512 [ 255.117877][ T8873] The buggy address is located 48 bytes inside of [ 255.117877][ T8873] freed 512-byte region [ffff888024970c00, ffff888024970e00) [ 255.131602][ T8873] [ 255.133933][ T8873] The buggy address belongs to the physical page: [ 255.140350][ T8873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24970 [ 255.149112][ T8873] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 255.157614][ T8873] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 255.165269][ T8873] page_type: f5(slab) [ 255.169253][ T8873] raw: 00fff00000000040 ffff88801a841c80 dead000000000100 dead000000000122 [ 255.177841][ T8873] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 255.186438][ T8873] head: 00fff00000000040 ffff88801a841c80 dead000000000100 dead000000000122 [ 255.195113][ T8873] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 255.203785][ T8873] head: 00fff00000000002 ffffea0000925c01 00000000ffffffff 00000000ffffffff [ 255.212548][ T8873] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 255.221333][ T8873] page dumped because: kasan: bad access detected [ 255.227759][ T8873] page_owner tracks the page as allocated [ 255.233473][ T8873] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2, tgid 2 (kthreadd), ts 9212557771, free_ts 0 [ 255.253141][ T8873] post_alloc_hook+0x240/0x2a0 [ 255.257923][ T8873] get_page_from_freelist+0x21e4/0x22c0 [ 255.263484][ T8873] __alloc_frozen_pages_noprof+0x181/0x370 [ 255.269300][ T8873] alloc_pages_mpol+0x232/0x4a0 [ 255.274164][ T8873] allocate_slab+0x8a/0x370 [ 255.278676][ T8873] ___slab_alloc+0xbeb/0x1410 [ 255.283370][ T8873] __kmalloc_cache_noprof+0x296/0x3d0 [ 255.288748][ T8873] set_kthread_struct+0xbb/0x340 [ 255.293688][ T8873] copy_process+0x10c4/0x3c00 [ 255.298370][ T8873] kernel_clone+0x21e/0x870 [ 255.302879][ T8873] kernel_thread+0x10c/0x160 [ 255.307699][ T8873] kthreadd+0x575/0x770 [ 255.311866][ T8873] ret_from_fork+0x3fc/0x770 [ 255.316482][ T8873] ret_from_fork_asm+0x1a/0x30 [ 255.321347][ T8873] page_owner free stack trace missing [ 255.326799][ T8873] [ 255.329139][ T8873] Memory state around the buggy address: [ 255.334773][ T8873] ffff888024970b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 255.342840][ T8873] ffff888024970b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 255.350991][ T8873] >ffff888024970c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 255.359072][ T8873] ^ [ 255.364706][ T8873] ffff888024970c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 255.372778][ T8873] ffff888024970d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 255.380842][ T8873] ================================================================== [ 255.389038][ T8873] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 255.396259][ T8873] CPU: 1 UID: 0 PID: 8873 Comm: syz.1.1056 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 255.407748][ T8873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 255.417823][ T8873] Call Trace: [ 255.421120][ T8873] [ 255.424062][ T8873] dump_stack_lvl+0x99/0x250 [ 255.428673][ T8873] ? __asan_memcpy+0x40/0x70 [ 255.433272][ T8873] ? __pfx_dump_stack_lvl+0x10/0x10 [ 255.438492][ T8873] ? __pfx__printk+0x10/0x10 [ 255.443101][ T8873] panic+0x2db/0x790 [ 255.447035][ T8873] ? __pfx_panic+0x10/0x10 [ 255.451463][ T8873] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 255.457365][ T8873] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 255.463266][ T8873] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 255.469608][ T8873] ? print_memory_metadata+0x314/0x400 [ 255.475082][ T8873] ? rose_get_neigh+0x391/0x990 [ 255.479955][ T8873] check_panic_on_warn+0x89/0xb0 [ 255.484909][ T8873] ? rose_get_neigh+0x391/0x990 [ 255.489768][ T8873] end_report+0x78/0x160 [ 255.494031][ T8873] kasan_report+0x129/0x150 [ 255.498554][ T8873] ? rose_get_neigh+0x391/0x990 [ 255.503417][ T8873] rose_get_neigh+0x391/0x990 [ 255.508104][ T8873] rose_connect+0x416/0x10a0 [ 255.512706][ T8873] ? __pfx_current_check_access_socket+0x10/0x10 [ 255.519085][ T8873] ? aa_sk_perm+0x81e/0x950 [ 255.523614][ T8873] ? __might_fault+0xb0/0x130 [ 255.528304][ T8873] ? __pfx_rose_connect+0x10/0x10 [ 255.533345][ T8873] ? aa_af_perm+0x270/0x2d0 [ 255.537948][ T8873] ? tomoyo_socket_connect_permission+0x164/0x290 [ 255.544379][ T8873] ? bpf_lsm_socket_connect+0x9/0x20 [ 255.549682][ T8873] __sys_connect+0x313/0x440 [ 255.554330][ T8873] ? __pfx___sys_connect+0x10/0x10 [ 255.559469][ T8873] ? rcu_is_watching+0x15/0xb0 [ 255.564238][ T8873] __x64_sys_connect+0x7a/0x90 [ 255.569017][ T8873] do_syscall_64+0xfa/0x3b0 [ 255.573533][ T8873] ? lockdep_hardirqs_on+0x9c/0x150 [ 255.578746][ T8873] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.584818][ T8873] ? clear_bhb_loop+0x60/0xb0 [ 255.589507][ T8873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.595407][ T8873] RIP: 0033:0x7f2fd378e929 [ 255.599827][ T8873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.619446][ T8873] RSP: 002b:00007f2fd45c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 255.627874][ T8873] RAX: ffffffffffffffda RBX: 00007f2fd39b5fa0 RCX: 00007f2fd378e929 [ 255.635854][ T8873] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000005 [ 255.643850][ T8873] RBP: 00007f2fd3810b39 R08: 0000000000000000 R09: 0000000000000000 [ 255.651832][ T8873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 255.659836][ T8873] R13: 0000000000000000 R14: 00007f2fd39b5fa0 R15: 00007ffd7e61bb18 [ 255.667820][ T8873] [ 255.671165][ T8873] Kernel Offset: disabled [ 255.675487][ T8873] Rebooting in 86400 seconds..