last executing test programs: 4.94270827s ago: executing program 2 (id=1317): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff00100000080039503230"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58) mount$9p_fd(0x0, &(0x7f00000025c0)='./file0\x00', &(0x7f0000002340), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) chdir(&(0x7f0000000100)='./file0\x00') r3 = inotify_init1(0x0) inotify_add_watch(r3, &(0x7f0000002180)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000775) 4.142690925s ago: executing program 2 (id=1320): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(0x0) r0 = open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0) io_setup(0x7d, &(0x7f0000000600)=0x0) io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}]) 3.857246046s ago: executing program 2 (id=1324): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x14, r4, 0x1}, 0x14}}, 0x0) 3.501732865s ago: executing program 2 (id=1327): syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201100153a42908f00a71729188010203010902240001060000000904020002ffffff0009050b0000000000000905"], 0x0) 3.355353035s ago: executing program 1 (id=1329): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0010000008003950323030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58) mount$9p_fd(0x0, &(0x7f00000025c0)='./file0\x00', &(0x7f0000002340), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) chdir(&(0x7f0000000100)='./file0\x00') r3 = inotify_init1(0x0) inotify_add_watch(r3, &(0x7f0000002180)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000775) 3.230835338s ago: executing program 1 (id=1330): mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00') 3.095208739s ago: executing program 1 (id=1332): syz_open_dev$loop(0x0, 0x207, 0x161a81) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) socket$inet6_sctp(0xa, 0x5, 0x84) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) madvise(&(0x7f0000834000/0x3000)=nil, 0x3000, 0x11) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r1, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000002c00)}}, {{0x0, 0x0, &(0x7f0000002f00)=[{&(0x7f0000000540)="679512f062b8d965651edd4c06c901784e56aa174403ad4134742b71d211c6a85d8bc563c27f754fc2af5351f2f41e867c71c19837f2feba7862e511a47c446cd11c960f018962a53f6cf31a1123ff8092c9ff560701bfc579fa80f9149acafe2a225fed70d9173f0243a55be3c4028da556cf126da9c1b9b8f8e11356", 0x7d}, {&(0x7f0000002d80)="15", 0x1}, {0x0}], 0x3}}, {{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000003200)="8c", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000001100)=[{&(0x7f0000000380)="01", 0x1}, {&(0x7f00000012c0)="c89339f96fa636ba2f527aaa37159cc815448e015b23284d531bdd25a86c02e88b8f962021a37fd9614193094b27b21bf40bc7b43441ae5179a127ea80e91899e1f10a7045c4412bb7997ff8838923521fe0754832209cd546f4ed81500298511e080ec7059b1c32c07fd26f721c6611b8cb344a3fd8f7a889c50a42881e09d4d7ee7ee6c308a13ae6436c858933dc99f71924b68ae0faf95b0afcd3533bcc32840737f434728a12e99aea5c4ee6a603636560b8d9de530d395181e440c1a025ff8d6f33062f14ba2403a178e32ff2d4ec5d0d2c83233b01a41103ef38daeed650987abebe0e8ba7effc07bb5dbbc9a38a11f082f2c99937942f017c37a59572f5069ca709702ef133aa9730ebb5b72687f6175906dbc32289108cc93e5c84284bc701a0629e12eca8c15e763acd011323b758fdb82a63665c906b176042a6c601b5428722c8f6b795a4effc0d4c9a4b4963ae30e77afa0b473d27f4938b1f081765f30aee60de80b1154e3afc3593cad6a146f1c4e954a6b7535f7c4f1baf0e7280ae8957eb14aecb29cc42be434b6a73840fb4668ab11c7ad5f300d7561aa60619fc26a1bfe8fa4858b8b4282d0c9a86c8c2eed644303c1213114081f9cd2358f6609ed25113de321db6b3efbfea341c7318fdcf6776383d3329f080e2386a708679852ee2c28c2ab423163be97f818424b862486791ce5b8b25836a4f07079b65c7c3b2e797eee7f267e5cf37fb63bb89f6b15c332da46b2a313ff6cd958152701a73601c7d02b74622ba7ff9c2fccb1826a3238b95163edcf5dbb381c666fcd8f0ce22eb182135bd8a32c627e20354f2253edb77efadbb48d512ca030763df825c1dd71d34295dc2e75e0a3054354ca6674e2d16ae319c8f3bf7a7fe1e1e596cc2679444c2b5e84a5caaa40136a41a3a35e2ca053d8e4ff2134c2bd7dc2c5c7ef55579a7b569b5face778afba93a877b622f473d942fef36d909b7c17e2ba3948fc889f377f0bce583835ce70b86ee8c419f77c9fa9da33d5f3fd2f994c2229b59db0670a15d7ba9b8b3245c7c2f83953c046528db1d9626877752071b0389bb18edd4d3797b6846e8746911526b6cfb1da1a206f5d13f69d7a8a76f5dfaf02abdfde171ed51a80ca2146fe8a181df5f9c9e969c1e2113bb355a956dd0139446d7e5b1ae338513459753977c245177ed5ae398bb23ad503739c2d75b99d70af19a2faf0a6922585378c0c881298f5af7dc63f99b40be3aea8c25bb8f599ffc4d47caec400357f2fa0675c5a81141d6b1697a92f7ab1e465361bdec4bc837595cc257aac0bcd3333eef2199c622268f0aafdccf73b3fda6ddef6102aa03c1a07a85509025be45443e71d63e4a8b54cde98554b1dd9a2f431b62d29f0cf67e069c15988b8b78c6c66f7f1d831e6307473250bf66b88c1c326faa8f093f03824980bbddc34e2324754fdaafa45ea1a1cc4baaef3104108c8e7987696d3634aa61cd9af0f2b5e427eff51cc66792a37a6e09278c6457a92a84d2fd23f7a753120758e5ca80582848d537d2704315ee55374ca8204c427c8f1138c901a29f83c0b63fb00dca30a90aa0b81d09fad2bf556100a3f762dcafd44d89936f8d5e037bff746a3d7f769ef8045ca50b1f7e8b24b723f06b5582564133e8d6b9f78c0e0d19c6808b65aa19e0dbd18527e5cf4f1c2a7e9b9dcf996d781b0851b925a02a02a9ec2887fa049d10bf8e3cf99157df4f6708c9b3673e565ad47f3518d45c69e4c18f511a9973938279a0c607d4d5b010b83b7edf9dc91ac7b9dabcabf45f4abf863c87c9671b22421600e6358ab3798afeabb0021b587e125b4f599271228944365b1333e3a9f5cc7211fde35179bc2237a26d11b9ed5387644e34efbffb54c615c7e52efc06b425d43d85227f73d7d7a7435c4bf35c76be6e5daf24785f197710503a7cf3c6bde5d5f9ac3312f50af0bcd4e05313bf02e8737761c47957cdb07f1efe8468502e58e1ef9d02582fdfe2db9c1300d99d97b2b339b73a78ef91206a8f08a21988076987ca3b6e361bdd86fb74a9184789586a1815935d837fa7590ec4ae4aa838bcc5cc94c9193b4f3084f9854f21223bc2d8fb4cb4f888ebf6dc9daed2b5f36a964955daf5fac1e69e40952b09e3124491d9d6db5eb2529c0d0a6d7a9329a05a9d4d05a9fb55711786daca3519573d1a19c9200561e9e08d74190583fc4127d99ec251cc2597ddfc77562ebcb0c4107ed839e8d4e39cf048f7c3bf4d3af99d32b419f7e46cb70d23039bf965874be68923e7947fcc8f6182f620576221209a1781eb0e490d53831a01e5c3bb406b8004534c5f5c631a6a46a06bbd56c4d309f8e7f1de903dc9561cd23cb9a7ab63db127ab22adf1294aaab41e73bc067935901e66de985aafb506744c96d12af55e5961718a250ccde0db9dc94c5ab817448f193f922361f8d3043d4095ab1bb1126580c094f5f0356773fca30f963c2cf97c033c634a057d376140faeff8e19273749acc9322c94ec87d0f4b70615b76f8e2b256daa5c034382a1b93889081862c20dd2b956566321f69b192fc7f2bc135bdb2bd9575cfff340bfdddc21ce37647f7e34724286e5faf447e039e67fd64938a40151d9aedbb772a059b0ff3d2dd8c2b7f96df3b48f611758e28ad8812fee6708cc39e77bb55743db0df4cc08653c78182adc3a67db7e760d5f3741d6ee241576d0c55d5c40b5932769d80e2a687ec05c7f4c3f137ffdc5abe3e7039fd5a86990374ff0b00192088182e82b970c5bf0cfc054ca99aa225a69df5519a78fa31ca37ced124e84ded418aa9868a5ff95334ada067084fa98e5fdf353285836246154b0eef9ec625c855721a6cd0c649b6d2f72e600ebdbcfc207347a3d083033b03fb233946e9aca086456ef2bb02efff8e7953d833eb986c22afac7fd3753c19a7fd39e4d1f709e70272013b41614df4f1db326250b5588de369c7a8bf3842acf15c78a4d3881a6e092877665ef63e88dc97dd72d38612d5380abc72b9266cd325f05fe16ef0a01799e33adbff1d86d0980d2ed3f496495e5b7f41278c9498d1616db7ba860ffb87aee648df3f19bffa2edafb89940f930fd8beb2825492305b074757730accb8d20c847dd4d8beabc318c78cccfbc406314fea2da4b4cb8a67371bbce9dd7ec2d3c5b4ea21059130fa76fefdb4a7669ee25748468ef2d78088d1b3bb997ae4d51b5b739acfbd3bb1236db07dbcd0c810c07c73e5c6735a0be9d539d5c6caae62b3707d1a18cec5e16cac8575484604ca884e4f91c9bad2476f18be0b873a2cbe9c997335479b8487919a78922fd5175e8dd3b571a7677e6ac9f82e4e7c67cdfcb9ceee59b08a51bbc737bdff9b6e2250877d44a8d8c1d5ef113b2372833307be3cf0db834d043f529db04185b557910009d92cdfaa07c0533483459294a3e3da555c29416e1af2ec90b4b891e028e5af3ff5b274a0dc93ad4a3a33f886675f86bd1573bea665221e6bda9e2682bc00de3e603531f5e7d7a52c5fec65f478414833e22f36fe2b18930be9e4ef6367955623a9b938f79ff7e288678344c378b2bfd168e4c929357ab39640d677bcc17ac12fd999f3d4cd17b25a26e2bf78bcf9f898e89af6af47390908d5ea767f516cd4194165cea481c8f7ab946b66aa3083f21c02e7d61c19a4358c1cc92503c6e3bb1e7bdeb5badafdda9cec995830f5fadfb3fffe12426db1253db1268e4d3a24ca1d3d06822a439d8ccfb26af736751ac2d6dcec3763eba1c56d8a9f0bb66edb73e0dc9d5b56b23058fa9afa3667ac6188027bda68211b45b5451fb5a7e359fc61cdcf13d1f0965d9fddfd3d5d75684353a8687d18c3970b1c89e217b6cc1c7a34cec7c1e667dcd205346c2a8f85835c186811ab1121136ea83d297eb05a9ac1afa3b33346b392c3e9f479a19f7563531d0519f29868015ff20163530ce8d31bb298801b772dbb65d5caeda85982798a5ccdb4576ecc9378dadb21b3bfbb4cc33b3883164fbb6ac1a0401492c453fe2430a9de3b96d445b2c36e9a82200e00df7649544966c8f39a2d173fd8529ff8ac0f068216ae62f68c21485d6a5638f916cb5c27e5b4859c799b0a6786fd48fbacd83a9a472f50e024fa394537b33d3b4f9301266ea5e2462310ee2b862635d32d780d6411e4e6eb49d1e3732d1a0b8f0aef5bb7fd71cf9f861fad635e321fa146a630ac18d45c425214d79becc8cb97b8cac0ed0155daa9861c57ad549ae9d3cab7259a4b1eeaa72f7fb575f1dfd7268365e194e15518e176a32b82cc13544e75170bccf49161b67f649ebd1b81c85b128312b78e93750bbe9a2c456be9743859c8d80c4ec1dc4fd9d1a059042b058347b8bd02e65d469448953ac787b827fc95071d67ba047ac40ddd8a2503f62bf94457ea53073336cc284b2af1ef5598b0c0a0df3e2d729c43a7307dedb785240ab9cbe89075fb6b7ab8e6482b1ce31332e1bfa3f72e850bcea57260e4ee064ea5cfb629a058fba119e7d09ea4abd1f3b13d5ba5f8fc8abf967baf2da74099fd298e3bf3dc19ccbfe4c5e6be8cdb5e10066eceef59da3fef70c4b3d0d3f1ab7c347b63e3373e3327f9df11c73283234de66a9fa7bd2465318c6ef3a6f6a90b09c547bb93c2e5a1d12af02a0abfbc697c38ae95e1cbfd12706e96bbb2e12aaf6d40b032d61f9ee527bf464d51cc1a80ea0baebaeb8fd0523a7028387c43fc27f5fe6d2880a9f2b69eae550e3dcad889ae61abbfca58140760b53c85cea987e242f9ac38ba50ae7da73", 0xd41}, {&(0x7f0000000a00)=',', 0x1}, {&(0x7f00000022c0)='Z', 0x1}, {&(0x7f00000005c0)="f5364e548c550000000000000000000000009c20aa8f88f2a2e98330e3799522896ebfddd4848b9deeecae27e7d77317facda9ee98b10c68444b7c094658bed24fd6766444ba58941c4d2a2cea03546fa8d215c3547d076a9543f841b2add236c19bdcf172a69ab70a7df1ad7ebc55e947f2c7a7a356fd68dbce155d2e22d72a5a65dbc16f7103ee6d06748b2ddf2799d94bfbcf1140285facb31bce2fba7fe3617478337692b1236f", 0xa9}, {&(0x7f0000003240)="d4570847b1937948b7111dd96d83d8a455529f100357457d4f0f5c91105a3c58131bf10de83dc9ee9d239e5e89e59edb35abbf64c1a92109f8eb01bf689b90055bd51506423f4e456274a778c228aeb5d65e191f1bbb21f0f6dd25edc276f1264580344fed0ee32709a73a160c7578465757b87291dcefc84e58ae39e56fb10d42fd5a34aa4fca42ff53e3c9467d8dc1278a34d406df142092ed6661092ce85816f8e6a119860c3314d0e13f5d50a266f738b71fd531396d768c35bc45c042ee7d69b0b7b90da2aab111667ef006593c99c27c67bc3812dbc9f1994b4830ed54ed1f0bdf4966c1d20bddeb83972b15a86ed5fdef279ce58447059a2ba491d21120dc7e0a1d8cc5eff2deedec41057e178eb95ff00fed1e7095decea9cfd52c0a7438dbfc135c796bfa2bb290ab03f35ea2f2d72b8b0503f4972d6d7c60bf5a80981c4f9826007fdcaad959e1c90cace1664480e98069a86f1c059d112e9da27fa71716f530c2a5bf2296d09e5fcc726a8e5287499f563089bdcb6bf3779298dc9b6f739190f434983651f5f29857cbf62faac8c20bc7ac69334fe99e70c29a1294d0ee89dd6c9cd57845e64b289f84220b6e1fe9e81381cf688fa945a68eed3ebc0e8c1efa403b5a4cde68a24a863c17c9f8ad6d24a09e60d83fcf2beb51e6faac173ac98bb2269d7523f8654417ffe70ab87b477045715ad6aa3db39d3f32760fe25bdc0f3e083232ea6a55da3986cbdbd654ed71a4780f7dc3edb628e14287963c3b5f7f177a35071d7f1169351863516fc96f8cce8781439de06c9f76d6e303518493676b3b135900b89eeac40d994936e3a5a6bbc2f2cf6a2a8ed0ad2f81386f8c327cf9b15f8039df0a950641f7d14728194d7640f4cf7e28e1f89b2485857f5f70866844cead5b29f5d9166dce885bd4343bb1fd2c8437105e8e295c27cb44b10a01590c0fdddbc8abc71f777171adef0a45fe5c92b39e32a9c119c6c9a340be0df8cb3b8b77a2a6b5ba1ed4449674811dfae90889b3fb174e11fb947e15232d57bdeee29db4bc0816a878120e84e0ec40a99fd2b88bdb8502922d7015dff05a94ce7c79852bb7ea9a043fa629afc702300d49ac7fbe67a7b0161d2703348b8d0efb144f2920e341debd821ddc4a12a3f89891f24427a169c741568a06825d4f12d64da0935f2f217798b41f44b90140ac2f4cf08219f42b5d30bdd52e76c74100326babb4d1bc576c944fc5bd3a985f9b209a6a473e4fe3afe0c110b630ac443b75c6e13b20810fd3e5ecf9c6785dabeb758a5ddcfb1ad889b5349606ead8f3fa34ba8ea706de19da6b3a0bc36c4c2e3173a9c929157aedf649699f1f8887a31fccebbd7f28843c91753483541b2b895e642855f856e3951e4853fb70b4090512112e813edaa8edb0a5ddf2c329dde5381e6a5716ec9d5a79d9438ba6de736ac9ad45754bfe7227ada116507c84ffd942a84f4ce115d4fd9029f17e62383ce5fc7048a3f85d2709f2375334f1fce2f8b1af99742869f00f2d2fa37ccaf385dc2eaabe2f67671f06addf403d94bffda4bf5747a8773e9ce3beb7ca2b2e2714dd50eb387e226d834a0696b689b004cbb5b3a5aa7a2878be737f4dd7d65bf976f8deb39ad07265be604ce4f9246225f91cd10afd4725d800eeae4abcd0fd17fdf11257b19db7dcb4b9c34dc3cee03dce7d9ab6f7ac5e12316ce9879abb4432f87faa2b25094963f48582fc8a617067b1a0f0960ddf8cfd5065352d9aba09d37b9b10c7a8f702547fd86f34b62183cc883e41c40f5b0676eb077bda0204bd08dae7e7922b7934f2b449229950b4fc54cd7dafc709d828e9301be8c767e0f3bc420cd10ee3dac383bb8ab8aefe3515d6b959dfe578d256f375751beecbd24a152939b59f913728e47207b8a642b100aadfc685cd7d77ba43ec2298db4f551d851991723cd1cdd42f2837e7fd5df3dbf52945ea9a97b73d8915336023beb9bd3c91d9b1c7f5d49b0cba9c30016bb3216e9d6e9070a5dff813ce85a2a36fffa6bf750cf21eaa91a754f9788663690189fe58a9205e4733b6ac0711e98123f145a87eceb00561ac7d1a699d00384c57f6dc92939f45956d489946a365440d40911dabed15b67748000e0d244b21276032667f66119a2485f31d2c098da4cbbd0c5bbf8373fb53b662e48fc572b6e6c5700a360c5b905b548eaee0aa928b38703c84f7ed4a9a858801ad26c2911d4bbbfc1f46a070fa64db31a619dad30ba96eea1edccc6b0e67b7acffe1261af8e08ffb27fb625820f7a823c63febe0fb32e8907415a973cb42c8752d6a9ac3af2bcbd91d5e5c3ac288b2e2a92cb860d97cbf2b17da25b5333d90156493076ab457afb59f3443894a3c1d3d8b1ce7cbd47d36a7a64bcb194ea00d46181a7b65e3e104bea46434643ac722d04437b72f518e98289edba99559dd6aa03af60da7a00ad4f6105d31745b808a243c8ee9ebd70fa8516c", 0x6e1}, {&(0x7f0000002380)='L', 0x1}], 0x7}}], 0x4, 0xf000000) setsockopt$sock_int(r1, 0x1, 0x20, &(0x7f0000000000)=0x7fffffff, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socket$can_raw(0x1d, 0x3, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r2, 0x84, 0x81, &(0x7f0000000280)="1a00000002", 0x5) 2.361307034s ago: executing program 3 (id=1333): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = open(0x0, 0x14507e, 0x0) io_setup(0x7d, &(0x7f0000000600)=0x0) io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}]) 1.759718827s ago: executing program 0 (id=1335): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x18, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}}, 0x0) 1.650660375s ago: executing program 3 (id=1336): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, 0x0, 0x0) bind$tipc(r0, 0x0, 0x0) 1.629746146s ago: executing program 0 (id=1337): r0 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) r1 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) ftruncate(r1, 0xffff) fcntl$addseals(r1, 0x409, 0x7) r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x13, r2, 0x0) 1.537074575s ago: executing program 3 (id=1338): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0010000008003950323030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58) mount$9p_fd(0x0, &(0x7f00000025c0)='./file0\x00', &(0x7f0000002340), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) chdir(&(0x7f0000000100)='./file0\x00') r3 = inotify_init1(0x0) inotify_add_watch(r3, &(0x7f0000002180)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000775) 1.437475243s ago: executing program 0 (id=1339): ftruncate(0xffffffffffffffff, 0x800799c) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x405, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7}, 0x1c) sendfile(r0, 0xffffffffffffffff, 0x0, 0xfeff) 1.41873578s ago: executing program 3 (id=1340): mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00') 1.147283811s ago: executing program 3 (id=1341): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) ftruncate(r3, 0xffff) fcntl$addseals(r3, 0x409, 0x7) r4 = ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000140)={r3, 0x0, 0x0, 0x4000}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x13, r4, 0x0) syz_clone3(&(0x7f0000002a40)={0x24888100, 0x0, 0x0, 0x0, {0x1c}, 0x0, 0x0, 0x0, 0x0}, 0x58) 1.067488181s ago: executing program 1 (id=1342): socketpair$unix(0x1, 0x2, 0x0, 0x0) unshare(0x22020600) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x4) 1.019295296s ago: executing program 1 (id=1343): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='huge=always']) chdir(&(0x7f0000000140)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0xb4ed6000) ftruncate(r0, 0xc254) 999.889338ms ago: executing program 0 (id=1344): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = open(0x0, 0x14507e, 0x0) io_setup(0x7d, &(0x7f0000000600)=0x0) io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, r0}]) 861.687851ms ago: executing program 2 (id=1345): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x18, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}}, 0x0) 679.194226ms ago: executing program 1 (id=1346): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x4) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000180)={0x1, 0x7c}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f00000000c0)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000580)=""/43, 0x0, 0x6000}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f0000000500)=""/93, &(0x7f0000000480)=""/66}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000300)={[0xe6, 0x55e, 0xffffffff, 0xdd5, 0xffffffffffffffff, 0x7, 0x9, 0xb, 0x4, 0x80, 0x6, 0x794, 0xa, 0x40, 0xc976, 0x6], 0x2, 0x60200}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) 160.329523ms ago: executing program 0 (id=1347): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, 0x0, 0x0) bind$tipc(r0, 0x0, 0x0) 98.219529ms ago: executing program 2 (id=1348): r0 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) r1 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2) ftruncate(r1, 0xffff) fcntl$addseals(r1, 0x409, 0x7) r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x13, r2, 0x0) 47.232449ms ago: executing program 3 (id=1349): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0010000008003950323030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENT(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="58000000000000009fed2788c5532994414b47034801d524faf416638217", @ANYRES32], 0x58) mount$9p_fd(0x0, &(0x7f00000025c0)='./file0\x00', &(0x7f0000002340), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) chdir(&(0x7f0000000100)='./file0\x00') r3 = inotify_init1(0x0) inotify_add_watch(r3, &(0x7f0000002180)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000775) 0s ago: executing program 0 (id=1350): mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') rename(&(0x7f0000000400)='./bus\x00', &(0x7f0000000f00)='./file0\x00') kernel console output (not intermixed with test programs): [ 163.874334][ T7403] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 163.874367][ T7403] ? __pfx_drm_ioctl+0x10/0x10 [ 163.874412][ T7403] ? __fget_files+0x2a/0x420 [ 163.874447][ T7403] ? bpf_lsm_file_ioctl+0x9/0x20 [ 163.874468][ T7403] ? __pfx_drm_ioctl+0x10/0x10 [ 163.874499][ T7403] __se_sys_ioctl+0xfc/0x170 [ 163.874526][ T7403] do_syscall_64+0xfa/0x3b0 [ 163.874553][ T7403] ? lockdep_hardirqs_on+0x9c/0x150 [ 163.874579][ T7403] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.874600][ T7403] ? clear_bhb_loop+0x60/0xb0 [ 163.874629][ T7403] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.874649][ T7403] RIP: 0033:0x7f7e0758e929 [ 163.874670][ T7403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.874688][ T7403] RSP: 002b:00007f7e0836e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 163.874713][ T7403] RAX: ffffffffffffffda RBX: 00007f7e077b5fa0 RCX: 00007f7e0758e929 [ 163.874731][ T7403] RDX: 0000200000000180 RSI: 00000000c03864bc RDI: 000000000000000e [ 163.874746][ T7403] RBP: 00007f7e0836e090 R08: 0000000000000000 R09: 0000000000000000 [ 163.874759][ T7403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 163.874773][ T7403] R13: 0000000000000000 R14: 00007f7e077b5fa0 R15: 00007ffecb1b0698 [ 163.874805][ T7403] [ 164.459591][ T7410] fuseblk: Unknown parameter 'u´3‡œ¢group_id' [ 164.499162][ T7412] FAULT_INJECTION: forcing a failure. [ 164.499162][ T7412] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 164.513008][ T7412] CPU: 0 UID: 0 PID: 7412 Comm: syz.1.453 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 164.513036][ T7412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 164.513048][ T7412] Call Trace: [ 164.513056][ T7412] [ 164.513064][ T7412] dump_stack_lvl+0x189/0x250 [ 164.513092][ T7412] ? __pfx____ratelimit+0x10/0x10 [ 164.513117][ T7412] ? __pfx_dump_stack_lvl+0x10/0x10 [ 164.513139][ T7412] ? __pfx__printk+0x10/0x10 [ 164.513171][ T7412] should_fail_ex+0x414/0x560 [ 164.513206][ T7412] _copy_to_user+0x31/0xb0 [ 164.513227][ T7412] simple_read_from_buffer+0xe1/0x170 [ 164.513270][ T7412] proc_fail_nth_read+0x1df/0x250 [ 164.513303][ T7412] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 164.513335][ T7412] ? rw_verify_area+0x258/0x650 [ 164.513357][ T7412] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 164.513388][ T7412] vfs_read+0x1fd/0x980 [ 164.513417][ T7412] ? __pfx___mutex_lock+0x10/0x10 [ 164.513443][ T7412] ? __pfx_vfs_read+0x10/0x10 [ 164.513468][ T7412] ? __fget_files+0x2a/0x420 [ 164.513500][ T7412] ? __fget_files+0x3a0/0x420 [ 164.513526][ T7412] ? __fget_files+0x2a/0x420 [ 164.513563][ T7412] ksys_read+0x145/0x250 [ 164.513585][ T7412] ? __fget_files+0x3a0/0x420 [ 164.513612][ T7412] ? __pfx_ksys_read+0x10/0x10 [ 164.513640][ T7412] ? do_syscall_64+0xbe/0x3b0 [ 164.513670][ T7412] do_syscall_64+0xfa/0x3b0 [ 164.513694][ T7412] ? lockdep_hardirqs_on+0x9c/0x150 [ 164.513717][ T7412] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.513737][ T7412] ? clear_bhb_loop+0x60/0xb0 [ 164.513761][ T7412] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.513781][ T7412] RIP: 0033:0x7fba8b38d33c [ 164.513799][ T7412] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 164.513816][ T7412] RSP: 002b:00007fba8c244030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 164.513837][ T7412] RAX: ffffffffffffffda RBX: 00007fba8b5b5fa0 RCX: 00007fba8b38d33c [ 164.513851][ T7412] RDX: 000000000000000f RSI: 00007fba8c2440a0 RDI: 0000000000000005 [ 164.513864][ T7412] RBP: 00007fba8c244090 R08: 0000000000000000 R09: 0000000000000000 [ 164.513876][ T7412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 164.513888][ T7412] R13: 0000000000000000 R14: 00007fba8b5b5fa0 R15: 00007ffdcc3e95d8 [ 164.513919][ T7412] [ 165.008850][ T7422] Zero length message leads to an empty skb [ 165.036114][ T7425] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 165.050435][ T7425] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 165.062679][ T7425] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 165.071768][ T7425] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 165.082231][ T7425] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 165.091867][ T7425] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 165.162317][ T7428] input: syz1 as /devices/virtual/input/input14 [ 165.174527][ T7429] FAT-fs (rnullb0): bogus number of reserved sectors [ 165.184279][ T7429] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 165.241824][ T7432] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 165.245447][ T7428] tipc: Started in network mode [ 165.255170][ T7432] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 165.257458][ T7428] tipc: Node identity 8632c060d581, cluster identity 4711 [ 165.267756][ T7432] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 165.278000][ T7428] tipc: Enabled bearer , priority 0 [ 165.326232][ T7432] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 165.328477][ T7428] syzkaller0: entered promiscuous mode [ 165.340207][ T7428] syzkaller0: entered allmulticast mode [ 165.354492][ T7428] tipc: Resetting bearer [ 165.393675][ T7434] tipc: Started in network mode [ 165.400846][ T7434] tipc: Node identity 92303d69ef4e, cluster identity 4711 [ 165.409943][ T7434] tipc: Enabled bearer , priority 0 [ 165.417678][ T7434] syzkaller0: entered promiscuous mode [ 165.430530][ T7434] syzkaller0: entered allmulticast mode [ 165.438795][ T7427] tipc: Resetting bearer [ 165.452515][ T7427] tipc: Disabling bearer [ 165.471680][ T7434] tipc: Resetting bearer [ 165.478234][ T7433] tipc: Resetting bearer [ 165.502934][ T7433] tipc: Disabling bearer [ 165.587358][ T7436] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 165.605183][ T7436] overlayfs: overlapping lowerdir path [ 165.616014][ T7438] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 165.692780][ T7440] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 165.700840][ T7440] FAULT_INJECTION: forcing a failure. [ 165.700840][ T7440] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 165.715377][ T7440] CPU: 0 UID: 0 PID: 7440 Comm: syz.3.464 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 165.715422][ T7440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 165.715434][ T7440] Call Trace: [ 165.715442][ T7440] [ 165.715450][ T7440] dump_stack_lvl+0x189/0x250 [ 165.715479][ T7440] ? __pfx____ratelimit+0x10/0x10 [ 165.715504][ T7440] ? __pfx_dump_stack_lvl+0x10/0x10 [ 165.715526][ T7440] ? __pfx__printk+0x10/0x10 [ 165.715549][ T7440] ? __might_fault+0xb0/0x130 [ 165.715582][ T7440] should_fail_ex+0x414/0x560 [ 165.715617][ T7440] _copy_to_user+0x31/0xb0 [ 165.715637][ T7440] iommufd_option+0x142/0x1a0 [ 165.715659][ T7440] iommufd_fops_ioctl+0x45e/0x580 [ 165.715681][ T7440] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 165.715698][ T7440] ? __fget_files+0x2a/0x420 [ 165.715723][ T7440] ? __fget_files+0x2a/0x420 [ 165.715744][ T7440] ? bpf_lsm_file_ioctl+0x9/0x20 [ 165.715758][ T7440] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 165.715772][ T7440] __se_sys_ioctl+0xfc/0x170 [ 165.715789][ T7440] do_syscall_64+0xfa/0x3b0 [ 165.715807][ T7440] ? lockdep_hardirqs_on+0x9c/0x150 [ 165.715823][ T7440] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.715837][ T7440] ? clear_bhb_loop+0x60/0xb0 [ 165.715854][ T7440] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.715867][ T7440] RIP: 0033:0x7f71bd38e929 [ 165.715879][ T7440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 165.715893][ T7440] RSP: 002b:00007f71be237038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 165.715909][ T7440] RAX: ffffffffffffffda RBX: 00007f71bd5b5fa0 RCX: 00007f71bd38e929 [ 165.715919][ T7440] RDX: 0000200000000380 RSI: 0000000000003b87 RDI: 0000000000000003 [ 165.715928][ T7440] RBP: 00007f71be237090 R08: 0000000000000000 R09: 0000000000000000 [ 165.715937][ T7440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 165.715945][ T7440] R13: 0000000000000000 R14: 00007f71bd5b5fa0 R15: 00007ffcda789318 [ 165.715984][ T7440] [ 166.537910][ T7465] hfs: can't find a HFS filesystem on dev rnullb0 [ 166.851946][ T7471] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 166.870208][ T7471] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 166.878887][ T7473] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 166.894734][ T7473] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 166.903009][ T7471] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 166.916814][ T7471] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 166.983622][ T7477] FAULT_INJECTION: forcing a failure. [ 166.983622][ T7477] name failslab, interval 1, probability 0, space 0, times 0 [ 166.996630][ T7477] CPU: 0 UID: 0 PID: 7477 Comm: syz.3.478 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 166.996656][ T7477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 166.996668][ T7477] Call Trace: [ 166.996676][ T7477] [ 166.996684][ T7477] dump_stack_lvl+0x189/0x250 [ 166.996711][ T7477] ? __pfx____ratelimit+0x10/0x10 [ 166.996735][ T7477] ? __pfx_dump_stack_lvl+0x10/0x10 [ 166.996757][ T7477] ? __pfx__printk+0x10/0x10 [ 166.996787][ T7477] ? ref_tracker_alloc+0x318/0x460 [ 166.996809][ T7477] should_fail_ex+0x414/0x560 [ 166.996843][ T7477] should_failslab+0xa8/0x100 [ 166.996869][ T7477] kmem_cache_alloc_noprof+0x73/0x3c0 [ 166.996890][ T7477] ? skb_clone+0x212/0x3a0 [ 166.996914][ T7477] skb_clone+0x212/0x3a0 [ 166.996936][ T7477] __netlink_deliver_tap+0x404/0x850 [ 166.996974][ T7477] ? netlink_deliver_tap+0x2e/0x1b0 [ 166.997001][ T7477] netlink_deliver_tap+0x19c/0x1b0 [ 166.997034][ T7477] netlink_unicast+0x72f/0x8d0 [ 166.997070][ T7477] netlink_sendmsg+0x805/0xb30 [ 166.997106][ T7477] ? __pfx_netlink_sendmsg+0x10/0x10 [ 166.997136][ T7477] ? aa_sock_msg_perm+0xf1/0x1d0 [ 166.997159][ T7477] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 166.997187][ T7477] ? __pfx_netlink_sendmsg+0x10/0x10 [ 166.997214][ T7477] __sock_sendmsg+0x21c/0x270 [ 166.997241][ T7477] ____sys_sendmsg+0x505/0x830 [ 166.997276][ T7477] ? __pfx_____sys_sendmsg+0x10/0x10 [ 166.997316][ T7477] ? import_iovec+0x74/0xa0 [ 166.997350][ T7477] ___sys_sendmsg+0x21f/0x2a0 [ 166.997383][ T7477] ? __pfx____sys_sendmsg+0x10/0x10 [ 166.997451][ T7477] ? __fget_files+0x2a/0x420 [ 166.997477][ T7477] ? __fget_files+0x3a0/0x420 [ 166.997515][ T7477] __x64_sys_sendmsg+0x19b/0x260 [ 166.997547][ T7477] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 166.997588][ T7477] ? __pfx_ksys_write+0x10/0x10 [ 166.997617][ T7477] ? do_syscall_64+0xbe/0x3b0 [ 166.997647][ T7477] do_syscall_64+0xfa/0x3b0 [ 166.997670][ T7477] ? lockdep_hardirqs_on+0x9c/0x150 [ 166.997692][ T7477] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.997722][ T7477] ? clear_bhb_loop+0x60/0xb0 [ 166.997745][ T7477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.997762][ T7477] RIP: 0033:0x7f71bd38e929 [ 166.997778][ T7477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 166.997794][ T7477] RSP: 002b:00007f71be237038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 166.997814][ T7477] RAX: ffffffffffffffda RBX: 00007f71bd5b5fa0 RCX: 00007f71bd38e929 [ 166.997828][ T7477] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000017 [ 166.997839][ T7477] RBP: 00007f71be237090 R08: 0000000000000000 R09: 0000000000000000 [ 166.997850][ T7477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 166.997860][ T7477] R13: 0000000000000000 R14: 00007f71bd5b5fa0 R15: 00007ffcda789318 [ 166.997889][ T7477] [ 167.328101][ T7479] overlayfs: failed to resolve './file0': -2 [ 167.342387][ T7481] overlayfs: failed to resolve './file0': -2 [ 167.543275][ T7492] netlink: 60 bytes leftover after parsing attributes in process `syz.3.483'. [ 167.555878][ T7488] netlink: 60 bytes leftover after parsing attributes in process `syz.3.483'. [ 167.802127][ T5942] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 167.978660][ T5942] usb 4-1: Using ep0 maxpacket: 8 [ 168.002168][ T5942] usb 4-1: unable to get BOS descriptor or descriptor too short [ 168.012613][ T5942] usb 4-1: config 4 has an invalid interface number: 0 but max is -1 [ 168.021484][ T5942] usb 4-1: config 4 has 1 interface, different from the descriptor's value: 0 [ 168.038202][ T5942] usb 4-1: config 4 interface 0 has no altsetting 0 [ 168.049177][ T5942] usb 4-1: string descriptor 0 read error: -22 [ 168.055685][ T5942] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 168.075711][ T5942] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.116272][ T5942] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 168.155093][ T5942] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 168.184512][ T5942] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 168.204358][ T7512] syz.1.491: attempt to access beyond end of device [ 168.204358][ T7512] loop1: rw=0, sector=0, nr_sectors = 2 limit=0 [ 168.223335][ T5942] usb 4-1: media controller created [ 168.271403][ T5942] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 168.282915][ T7516] FAULT_INJECTION: forcing a failure. [ 168.282915][ T7516] name failslab, interval 1, probability 0, space 0, times 0 [ 168.299745][ T7516] CPU: 0 UID: 0 PID: 7516 Comm: syz.1.492 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 168.299781][ T7516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 168.299794][ T7516] Call Trace: [ 168.299802][ T7516] [ 168.299811][ T7516] dump_stack_lvl+0x189/0x250 [ 168.299839][ T7516] ? __pfx____ratelimit+0x10/0x10 [ 168.299863][ T7516] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.299885][ T7516] ? __pfx__printk+0x10/0x10 [ 168.299912][ T7516] ? __pfx___might_resched+0x10/0x10 [ 168.299931][ T7516] ? fs_reclaim_acquire+0x7d/0x100 [ 168.299969][ T7516] should_fail_ex+0x414/0x560 [ 168.300004][ T7516] should_failslab+0xa8/0x100 [ 168.300028][ T7516] __kmalloc_cache_noprof+0x70/0x3d0 [ 168.300048][ T7516] ? ipv6_add_addr+0x530/0x1090 [ 168.300074][ T7516] ipv6_add_addr+0x530/0x1090 [ 168.300100][ T7516] ? __pfx_ipv6_add_addr+0x10/0x10 [ 168.300136][ T7516] inet6_addr_add+0x387/0xc00 [ 168.300167][ T7516] ? __pfx_inet6_addr_add+0x10/0x10 [ 168.300195][ T7516] ? addrconf_add_ifaddr+0x13e/0x400 [ 168.300220][ T7516] ? __pfx___mutex_lock+0x10/0x10 [ 168.300267][ T7516] addrconf_add_ifaddr+0x27d/0x400 [ 168.300300][ T7516] ? __pfx_addrconf_add_ifaddr+0x10/0x10 [ 168.300355][ T7516] inet6_ioctl+0x13d/0x280 [ 168.300378][ T7516] ? __pfx_inet6_ioctl+0x10/0x10 [ 168.300399][ T7516] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 168.300431][ T7516] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 168.300460][ T7516] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 168.300492][ T7516] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 168.300535][ T7516] sock_do_ioctl+0xdc/0x300 [ 168.300561][ T7516] ? __pfx_sock_do_ioctl+0x10/0x10 [ 168.300581][ T7516] ? __lock_acquire+0xab9/0xd20 [ 168.300627][ T7516] sock_ioctl+0x576/0x790 [ 168.300660][ T7516] ? __pfx_sock_ioctl+0x10/0x10 [ 168.300682][ T7516] ? __fget_files+0x2a/0x420 [ 168.300709][ T7516] ? __fget_files+0x3a0/0x420 [ 168.300735][ T7516] ? __fget_files+0x2a/0x420 [ 168.300765][ T7516] ? bpf_lsm_file_ioctl+0x9/0x20 [ 168.300783][ T7516] ? __pfx_sock_ioctl+0x10/0x10 [ 168.300805][ T7516] __se_sys_ioctl+0xfc/0x170 [ 168.300830][ T7516] do_syscall_64+0xfa/0x3b0 [ 168.300854][ T7516] ? lockdep_hardirqs_on+0x9c/0x150 [ 168.300877][ T7516] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.300897][ T7516] ? clear_bhb_loop+0x60/0xb0 [ 168.300923][ T7516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.300955][ T7516] RIP: 0033:0x7fba8b38e929 [ 168.300972][ T7516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.300989][ T7516] RSP: 002b:00007fba8c244038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 168.301010][ T7516] RAX: ffffffffffffffda RBX: 00007fba8b5b5fa0 RCX: 00007fba8b38e929 [ 168.301024][ T7516] RDX: 0000200000000100 RSI: 0000000000008916 RDI: 0000000000000004 [ 168.301037][ T7516] RBP: 00007fba8c244090 R08: 0000000000000000 R09: 0000000000000000 [ 168.301049][ T7516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 168.301060][ T7516] R13: 0000000000000000 R14: 00007fba8b5b5fa0 R15: 00007ffdcc3e95d8 [ 168.301092][ T7516] [ 168.374726][ T7518] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 168.506808][ T5942] zl10353_read_register: readreg error (reg=127, ret==0) [ 168.517569][ T7518] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 168.584755][ T5942] usb 4-1: USB disconnect, device number 17 [ 168.586159][ C1] vkms_vblank_simulate: vblank timer overrun [ 168.647972][ C1] vkms_vblank_simulate: vblank timer overrun [ 168.860909][ T7521] netlink: 32 bytes leftover after parsing attributes in process `syz.0.494'. [ 168.937369][ T7523] FAULT_INJECTION: forcing a failure. [ 168.937369][ T7523] name failslab, interval 1, probability 0, space 0, times 0 [ 168.950638][ T7523] CPU: 1 UID: 0 PID: 7523 Comm: syz.0.495 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 168.950663][ T7523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 168.950675][ T7523] Call Trace: [ 168.950682][ T7523] [ 168.950690][ T7523] dump_stack_lvl+0x189/0x250 [ 168.950717][ T7523] ? __pfx____ratelimit+0x10/0x10 [ 168.950740][ T7523] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.950761][ T7523] ? __pfx__printk+0x10/0x10 [ 168.950788][ T7523] ? __pfx___might_resched+0x10/0x10 [ 168.950805][ T7523] ? fs_reclaim_acquire+0x7d/0x100 [ 168.950833][ T7523] should_fail_ex+0x414/0x560 [ 168.950866][ T7523] should_failslab+0xa8/0x100 [ 168.950897][ T7523] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 168.950919][ T7523] ? __alloc_skb+0x112/0x2d0 [ 168.950943][ T7523] ? tcp_fastopen_cache_get+0x2f/0x4c0 [ 168.950970][ T7523] __alloc_skb+0x112/0x2d0 [ 168.950999][ T7523] tcp_stream_alloc_skb+0x3d/0x340 [ 168.951024][ T7523] tcp_connect+0x1ceb/0x46f0 [ 168.951074][ T7523] tcp_v6_connect+0x11f7/0x1870 [ 168.951110][ T7523] ? __pfx_tcp_v6_connect+0x10/0x10 [ 168.951130][ T7523] ? tcp_sendmsg_fastopen+0x1de/0x5e0 [ 168.951150][ T7523] ? __sock_sendmsg+0xe5/0x270 [ 168.951168][ T7523] ? __sys_sendto+0x3bd/0x520 [ 168.951235][ T7523] __inet_stream_connect+0x298/0xf10 [ 168.951272][ T7523] ? __pfx___inet_stream_connect+0x10/0x10 [ 168.951291][ T7523] ? tcp_sendmsg_fastopen+0x1de/0x5e0 [ 168.951312][ T7523] ? __kasan_kmalloc+0x93/0xb0 [ 168.951335][ T7523] ? tcp_sendmsg_fastopen+0x1de/0x5e0 [ 168.951358][ T7523] tcp_sendmsg_fastopen+0x3a7/0x5e0 [ 168.951383][ T7523] tcp_sendmsg_locked+0x4d29/0x5630 [ 168.951404][ T7523] ? tcp_sendmsg_locked+0x2d1/0x5630 [ 168.951424][ T7523] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 168.951462][ T7523] ? __lock_acquire+0xab9/0xd20 [ 168.951496][ T7523] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 168.951514][ T7523] ? __local_bh_enable_ip+0x12d/0x1c0 [ 168.951532][ T7523] ? __local_bh_enable_ip+0x12d/0x1c0 [ 168.951558][ T7523] tcp_sendmsg+0x2f/0x50 [ 168.951577][ T7523] __sock_sendmsg+0xe5/0x270 [ 168.951598][ T7523] __sys_sendto+0x3bd/0x520 [ 168.951623][ T7523] ? __pfx___sys_sendto+0x10/0x10 [ 168.951645][ T7523] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 168.951677][ T7523] ? __fget_files+0x3a0/0x420 [ 168.951709][ T7523] ? ksys_write+0x22a/0x250 [ 168.951730][ T7523] ? __pfx_ksys_write+0x10/0x10 [ 168.951747][ T7523] ? rcu_is_watching+0x15/0xb0 [ 168.951768][ T7523] __x64_sys_sendto+0xde/0x100 [ 168.951794][ T7523] do_syscall_64+0xfa/0x3b0 [ 168.951814][ T7523] ? lockdep_hardirqs_on+0x9c/0x150 [ 168.951834][ T7523] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.951850][ T7523] ? clear_bhb_loop+0x60/0xb0 [ 168.951870][ T7523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.951891][ T7523] RIP: 0033:0x7fe11dd8e929 [ 168.951905][ T7523] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.951919][ T7523] RSP: 002b:00007fe11eb52038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 168.951937][ T7523] RAX: ffffffffffffffda RBX: 00007fe11dfb5fa0 RCX: 00007fe11dd8e929 [ 168.951950][ T7523] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 168.951960][ T7523] RBP: 00007fe11eb52090 R08: 00002000000001c0 R09: 000000000000001c [ 168.951971][ T7523] R10: 0000000020000045 R11: 0000000000000246 R12: 0000000000000001 [ 168.951981][ T7523] R13: 0000000000000000 R14: 00007fe11dfb5fa0 R15: 00007ffe9fc5f588 [ 168.952005][ T7523] [ 169.297013][ C1] vkms_vblank_simulate: vblank timer overrun [ 169.381150][ T7525] netlink: 56 bytes leftover after parsing attributes in process `syz.0.496'. [ 169.457836][ T7525] netlink: 16 bytes leftover after parsing attributes in process `syz.0.496'. [ 169.504410][ T7525] netlink: 56 bytes leftover after parsing attributes in process `syz.0.496'. [ 169.517448][ T7525] netlink: 16 bytes leftover after parsing attributes in process `syz.0.496'. [ 169.625909][ T7525] netlink: 56 bytes leftover after parsing attributes in process `syz.0.496'. [ 169.665759][ T7536] capability: warning: `syz.2.498' uses deprecated v2 capabilities in a way that may be insecure [ 169.695569][ T7525] netlink: 16 bytes leftover after parsing attributes in process `syz.0.496'. [ 169.765597][ T7541] FAULT_INJECTION: forcing a failure. [ 169.765597][ T7541] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 169.823061][ T7525] netlink: 56 bytes leftover after parsing attributes in process `syz.0.496'. [ 169.898389][ T7541] CPU: 0 UID: 0 PID: 7541 Comm: syz.3.501 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 169.898416][ T7541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 169.898428][ T7541] Call Trace: [ 169.898435][ T7541] [ 169.898442][ T7541] dump_stack_lvl+0x189/0x250 [ 169.898485][ T7541] ? __pfx____ratelimit+0x10/0x10 [ 169.898509][ T7541] ? __pfx_dump_stack_lvl+0x10/0x10 [ 169.898529][ T7541] ? __pfx__printk+0x10/0x10 [ 169.898551][ T7541] ? __might_fault+0xb0/0x130 [ 169.898583][ T7541] should_fail_ex+0x414/0x560 [ 169.898616][ T7541] _copy_to_iter+0x3f5/0x16f0 [ 169.898655][ T7541] ? __pfx__copy_to_iter+0x10/0x10 [ 169.898686][ T7541] ? stats_show+0x604/0x620 [ 169.898705][ T7541] ? seq_read_iter+0x1fd/0xe10 [ 169.898731][ T7541] seq_read_iter+0xbeb/0xe10 [ 169.898780][ T7541] seq_read+0x2e2/0x3d0 [ 169.898810][ T7541] ? __pfx_seq_read+0x10/0x10 [ 169.898831][ T7541] ? __debugfs_file_get+0x5dd/0x710 [ 169.898856][ T7541] ? __pfx___debugfs_file_get+0x10/0x10 [ 169.898890][ T7541] full_proxy_read+0x153/0x220 [ 169.898914][ T7541] ? __pfx_full_proxy_read+0x10/0x10 [ 169.898937][ T7541] vfs_read+0x1fd/0x980 [ 169.898965][ T7541] ? __pfx___mutex_lock+0x10/0x10 [ 169.898989][ T7541] ? __pfx_vfs_read+0x10/0x10 [ 169.899011][ T7541] ? __fget_files+0x2a/0x420 [ 169.899039][ T7541] ? __fget_files+0x3a0/0x420 [ 169.899063][ T7541] ? __fget_files+0x2a/0x420 [ 169.899097][ T7541] ksys_read+0x145/0x250 [ 169.899122][ T7541] ? __pfx_ksys_read+0x10/0x10 [ 169.899140][ T7541] ? rcu_is_watching+0x15/0xb0 [ 169.899164][ T7541] ? do_syscall_64+0xbe/0x3b0 [ 169.899192][ T7541] do_syscall_64+0xfa/0x3b0 [ 169.899215][ T7541] ? lockdep_hardirqs_on+0x9c/0x150 [ 169.899237][ T7541] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.899256][ T7541] ? clear_bhb_loop+0x60/0xb0 [ 169.899279][ T7541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.899297][ T7541] RIP: 0033:0x7f71bd38e929 [ 169.899314][ T7541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.899330][ T7541] RSP: 002b:00007f71be237038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 169.899350][ T7541] RAX: ffffffffffffffda RBX: 00007f71bd5b5fa0 RCX: 00007f71bd38e929 [ 169.899364][ T7541] RDX: 0000000000002020 RSI: 0000200000007fc0 RDI: 0000000000000003 [ 169.899376][ T7541] RBP: 00007f71be237090 R08: 0000000000000000 R09: 0000000000000000 [ 169.899387][ T7541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 169.899398][ T7541] R13: 0000000000000000 R14: 00007f71bd5b5fa0 R15: 00007ffcda789318 [ 169.899427][ T7541] [ 170.189525][ T7536] 9pnet_rdma: rdma_create_trans (7536): problem binding to privport: 13 [ 170.698784][ T7553] FAULT_INJECTION: forcing a failure. [ 170.698784][ T7553] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 170.730937][ T7553] CPU: 0 UID: 0 PID: 7553 Comm: syz.0.505 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 170.730967][ T7553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 170.730980][ T7553] Call Trace: [ 170.730988][ T7553] [ 170.730997][ T7553] dump_stack_lvl+0x189/0x250 [ 170.731026][ T7553] ? __pfx____ratelimit+0x10/0x10 [ 170.731051][ T7553] ? __pfx_dump_stack_lvl+0x10/0x10 [ 170.731075][ T7553] ? __pfx__printk+0x10/0x10 [ 170.731111][ T7553] should_fail_ex+0x414/0x560 [ 170.731146][ T7553] _copy_from_user+0x2d/0xb0 [ 170.731182][ T7553] __copy_msghdr+0x3c5/0x5b0 [ 170.731235][ T7553] ___sys_sendmsg+0x1a5/0x2a0 [ 170.731270][ T7553] ? __pfx____sys_sendmsg+0x10/0x10 [ 170.731340][ T7553] ? __fget_files+0x2a/0x420 [ 170.731368][ T7553] ? __fget_files+0x3a0/0x420 [ 170.731407][ T7553] __x64_sys_sendmsg+0x19b/0x260 [ 170.731442][ T7553] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 170.731484][ T7553] ? __pfx_ksys_write+0x10/0x10 [ 170.731507][ T7553] ? rcu_is_watching+0x15/0xb0 [ 170.731534][ T7553] ? do_syscall_64+0xbe/0x3b0 [ 170.731564][ T7553] do_syscall_64+0xfa/0x3b0 [ 170.731589][ T7553] ? lockdep_hardirqs_on+0x9c/0x150 [ 170.731614][ T7553] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.731634][ T7553] ? clear_bhb_loop+0x60/0xb0 [ 170.731659][ T7553] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.731689][ T7553] RIP: 0033:0x7fe11dd8e929 [ 170.731707][ T7553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.731724][ T7553] RSP: 002b:00007fe11eb52038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 170.731747][ T7553] RAX: ffffffffffffffda RBX: 00007fe11dfb5fa0 RCX: 00007fe11dd8e929 [ 170.731761][ T7553] RDX: 0000000004000004 RSI: 00002000000006c0 RDI: 0000000000000004 [ 170.731774][ T7553] RBP: 00007fe11eb52090 R08: 0000000000000000 R09: 0000000000000000 [ 170.731787][ T7553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 170.731799][ T7553] R13: 0000000000000000 R14: 00007fe11dfb5fa0 R15: 00007ffe9fc5f588 [ 170.731830][ T7553] [ 171.394792][ T7559] netlink: 'syz.0.507': attribute type 10 has an invalid length. [ 171.415001][ T7559] team0: Port device geneve0 added [ 171.433168][ T7559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 171.448619][ T7559] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 171.925692][ T7571] hfs: can't find a HFS filesystem on dev rnullb0 [ 172.118740][ T7576] netlink: 'syz.0.514': attribute type 1 has an invalid length. [ 172.275836][ T7583] binder: 7577:7583 ioctl c0306201 0 returned -14 [ 172.346250][ T7585] FAULT_INJECTION: forcing a failure. [ 172.346250][ T7585] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 172.366460][ T7585] CPU: 1 UID: 0 PID: 7585 Comm: syz.3.517 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 172.366489][ T7585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 172.366509][ T7585] Call Trace: [ 172.366518][ T7585] [ 172.366527][ T7585] dump_stack_lvl+0x189/0x250 [ 172.366557][ T7585] ? __pfx____ratelimit+0x10/0x10 [ 172.366584][ T7585] ? __pfx_dump_stack_lvl+0x10/0x10 [ 172.366607][ T7585] ? __pfx__printk+0x10/0x10 [ 172.366649][ T7585] should_fail_ex+0x414/0x560 [ 172.366698][ T7585] _copy_to_user+0x31/0xb0 [ 172.366728][ T7585] simple_read_from_buffer+0xe1/0x170 [ 172.366770][ T7585] proc_fail_nth_read+0x1df/0x250 [ 172.366815][ T7585] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 172.366870][ T7585] ? rw_verify_area+0x258/0x650 [ 172.366902][ T7585] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 172.366942][ T7585] vfs_read+0x1fd/0x980 [ 172.366979][ T7585] ? __pfx___mutex_lock+0x10/0x10 [ 172.367014][ T7585] ? __pfx_vfs_read+0x10/0x10 [ 172.367047][ T7585] ? __fget_files+0x2a/0x420 [ 172.367091][ T7585] ? __fget_files+0x3a0/0x420 [ 172.367126][ T7585] ? __fget_files+0x2a/0x420 [ 172.367180][ T7585] ksys_read+0x145/0x250 [ 172.367212][ T7585] ? __fget_files+0x3a0/0x420 [ 172.367251][ T7585] ? __pfx_ksys_read+0x10/0x10 [ 172.367298][ T7585] ? do_syscall_64+0xbe/0x3b0 [ 172.367337][ T7585] do_syscall_64+0xfa/0x3b0 [ 172.367370][ T7585] ? lockdep_hardirqs_on+0x9c/0x150 [ 172.367401][ T7585] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.367428][ T7585] ? clear_bhb_loop+0x60/0xb0 [ 172.367466][ T7585] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.367493][ T7585] RIP: 0033:0x7f71bd38d33c [ 172.367536][ T7585] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 172.367561][ T7585] RSP: 002b:00007f71be237030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 172.367590][ T7585] RAX: ffffffffffffffda RBX: 00007f71bd5b5fa0 RCX: 00007f71bd38d33c [ 172.367611][ T7585] RDX: 000000000000000f RSI: 00007f71be2370a0 RDI: 0000000000000005 [ 172.367628][ T7585] RBP: 00007f71be237090 R08: 0000000000000000 R09: 0000000000000000 [ 172.367647][ T7585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 172.367661][ T7585] R13: 0000000000000000 R14: 00007f71bd5b5fa0 R15: 00007ffcda789318 [ 172.367694][ T7585] [ 172.599245][ C1] vkms_vblank_simulate: vblank timer overrun [ 172.903341][ T7595] FAULT_INJECTION: forcing a failure. [ 172.903341][ T7595] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 172.945540][ T7595] CPU: 1 UID: 0 PID: 7595 Comm: syz.3.518 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 172.945570][ T7595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 172.945583][ T7595] Call Trace: [ 172.945602][ T7595] [ 172.945610][ T7595] dump_stack_lvl+0x189/0x250 [ 172.945635][ T7595] ? __pfx____ratelimit+0x10/0x10 [ 172.945655][ T7595] ? __pfx_dump_stack_lvl+0x10/0x10 [ 172.945671][ T7595] ? __pfx__printk+0x10/0x10 [ 172.945697][ T7595] should_fail_ex+0x414/0x560 [ 172.945724][ T7595] _copy_to_user+0x31/0xb0 [ 172.945739][ T7595] simple_read_from_buffer+0xe1/0x170 [ 172.945763][ T7595] proc_fail_nth_read+0x1df/0x250 [ 172.945808][ T7595] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 172.945835][ T7595] ? rw_verify_area+0x258/0x650 [ 172.945852][ T7595] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 172.945878][ T7595] vfs_read+0x1fd/0x980 [ 172.945900][ T7595] ? __pfx___mutex_lock+0x10/0x10 [ 172.945921][ T7595] ? __pfx_vfs_read+0x10/0x10 [ 172.945941][ T7595] ? __fget_files+0x2a/0x420 [ 172.945966][ T7595] ? __fget_files+0x3a0/0x420 [ 172.945987][ T7595] ? __fget_files+0x2a/0x420 [ 172.946016][ T7595] ksys_read+0x145/0x250 [ 172.946034][ T7595] ? __fget_files+0x3a0/0x420 [ 172.946057][ T7595] ? __pfx_ksys_read+0x10/0x10 [ 172.946080][ T7595] ? do_syscall_64+0xbe/0x3b0 [ 172.946103][ T7595] do_syscall_64+0xfa/0x3b0 [ 172.946122][ T7595] ? lockdep_hardirqs_on+0x9c/0x150 [ 172.946141][ T7595] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.946157][ T7595] ? clear_bhb_loop+0x60/0xb0 [ 172.946176][ T7595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 172.946192][ T7595] RIP: 0033:0x7f71bd38d33c [ 172.946207][ T7595] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 172.946231][ T7595] RSP: 002b:00007f71be237030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 172.946248][ T7595] RAX: ffffffffffffffda RBX: 00007f71bd5b5fa0 RCX: 00007f71bd38d33c [ 172.946260][ T7595] RDX: 000000000000000f RSI: 00007f71be2370a0 RDI: 0000000000000006 [ 172.946270][ T7595] RBP: 00007f71be237090 R08: 0000000000000000 R09: 0000000000000000 [ 172.946280][ T7595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 172.946289][ T7595] R13: 0000000000000000 R14: 00007f71bd5b5fa0 R15: 00007ffcda789318 [ 172.946313][ T7595] [ 173.178025][ C1] vkms_vblank_simulate: vblank timer overrun [ 173.559776][ T7607] __nla_validate_parse: 58 callbacks suppressed [ 173.559796][ T7607] netlink: 32 bytes leftover after parsing attributes in process `syz.2.522'. [ 173.591548][ T7607] /dev/rnullb0: Can't open blockdev [ 173.601167][ T7607] /dev/rnullb0: Can't open blockdev [ 173.658379][ T5892] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 173.966240][ T7609] 9pnet_fd: Insufficient options for proto=fd [ 174.009183][ T5892] usb 4-1: device descriptor read/64, error -71 [ 174.147566][ T7612] FAULT_INJECTION: forcing a failure. [ 174.147566][ T7612] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 174.167992][ T7612] CPU: 0 UID: 0 PID: 7612 Comm: syz.2.524 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 174.168021][ T7612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 174.168034][ T7612] Call Trace: [ 174.168042][ T7612] [ 174.168051][ T7612] dump_stack_lvl+0x189/0x250 [ 174.168080][ T7612] ? __pfx____ratelimit+0x10/0x10 [ 174.168111][ T7612] ? __pfx_dump_stack_lvl+0x10/0x10 [ 174.168135][ T7612] ? __pfx__printk+0x10/0x10 [ 174.168160][ T7612] ? fs_reclaim_acquire+0x7d/0x100 [ 174.168197][ T7612] should_fail_ex+0x414/0x560 [ 174.168233][ T7612] prepare_alloc_pages+0x213/0x610 [ 174.168268][ T7612] __alloc_frozen_pages_noprof+0x123/0x370 [ 174.168302][ T7612] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 174.168329][ T7612] ? check_path+0x21/0x40 [ 174.168366][ T7612] ? policy_nodemask+0x27c/0x720 [ 174.168397][ T7612] alloc_pages_mpol+0x232/0x4a0 [ 174.168427][ T7612] folio_alloc_mpol_noprof+0x39/0x70 [ 174.168454][ T7612] shmem_alloc_and_add_folio+0x447/0xf60 [ 174.168482][ T7612] ? filemap_get_entry+0xad/0x2f0 [ 174.168508][ T7612] ? filemap_get_entry+0xad/0x2f0 [ 174.168532][ T7612] ? filemap_get_entry+0xad/0x2f0 [ 174.168563][ T7612] ? shmem_huge_global_enabled+0x174/0x3a0 [ 174.168595][ T7612] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 174.168623][ T7612] ? shmem_allowable_huge_orders+0x414/0x420 [ 174.168663][ T7612] shmem_get_folio_gfp+0x59d/0x1660 [ 174.168706][ T7612] shmem_fault+0x179/0x390 [ 174.168738][ T7612] __do_fault+0x135/0x390 [ 174.168766][ T7612] __handle_mm_fault+0x1847/0x5440 [ 174.168806][ T7612] ? __pfx___handle_mm_fault+0x10/0x10 [ 174.168851][ T7612] ? find_vma+0xe7/0x160 [ 174.168870][ T7612] ? __pfx_find_vma+0x10/0x10 [ 174.168894][ T7612] handle_mm_fault+0x40a/0x8e0 [ 174.168928][ T7612] do_user_addr_fault+0x764/0x1390 [ 174.168976][ T7612] exc_page_fault+0x76/0xf0 [ 174.169002][ T7612] asm_exc_page_fault+0x26/0x30 [ 174.169021][ T7612] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 174.169041][ T7612] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 174.169059][ T7612] RSP: 0018:ffffc9001953f8f8 EFLAGS: 00050206 [ 174.169077][ T7612] RAX: ffffffff84cb4d01 RBX: ffff88807aac8000 RCX: 000000000000051c [ 174.169093][ T7612] RDX: 0000000000000000 RSI: ffff88807aac89c0 RDI: 0000200000001000 [ 174.169107][ T7612] RBP: ffffc9001953fa50 R08: ffff88807aac8edb R09: 1ffff1100f5591db [ 174.169122][ T7612] R10: dffffc0000000000 R11: ffffed100f5591dc R12: dffffc0000000000 [ 174.169136][ T7612] R13: 0000000000000000 R14: 00007ffffffff000 R15: 0000000000000edc [ 174.169159][ T7612] ? _copy_to_iter+0x3d1/0x16f0 [ 174.169194][ T7612] _copy_to_iter+0x484/0x16f0 [ 174.169236][ T7612] ? __pfx__copy_to_iter+0x10/0x10 [ 174.169264][ T7612] ? m_stop+0x123/0x300 [ 174.169299][ T7612] ? m_stop+0x27b/0x300 [ 174.169330][ T7612] seq_read_iter+0xbeb/0xe10 [ 174.169382][ T7612] seq_read+0x2e2/0x3d0 [ 174.169414][ T7612] ? __pfx_seq_read+0x10/0x10 [ 174.169451][ T7612] ? rw_verify_area+0x258/0x650 [ 174.169474][ T7612] ? __pfx_seq_read+0x10/0x10 [ 174.169498][ T7612] vfs_read+0x1fd/0x980 [ 174.169528][ T7612] ? __pfx___mutex_lock+0x10/0x10 [ 174.169555][ T7612] ? __pfx_vfs_read+0x10/0x10 [ 174.169581][ T7612] ? __fget_files+0x2a/0x420 [ 174.169613][ T7612] ? __fget_files+0x3a0/0x420 [ 174.169641][ T7612] ? __fget_files+0x2a/0x420 [ 174.169679][ T7612] ksys_read+0x145/0x250 [ 174.169706][ T7612] ? __pfx_ksys_read+0x10/0x10 [ 174.169727][ T7612] ? rcu_is_watching+0x15/0xb0 [ 174.169753][ T7612] ? do_syscall_64+0xbe/0x3b0 [ 174.169784][ T7612] do_syscall_64+0xfa/0x3b0 [ 174.169811][ T7612] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.169830][ T7612] ? asm_common_interrupt+0x26/0x40 [ 174.169849][ T7612] ? clear_bhb_loop+0x60/0xb0 [ 174.169874][ T7612] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.169893][ T7612] RIP: 0033:0x7f7e0758e929 [ 174.169911][ T7612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.169928][ T7612] RSP: 002b:00007f7e0836e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 174.169948][ T7612] RAX: ffffffffffffffda RBX: 00007f7e077b5fa0 RCX: 00007f7e0758e929 [ 174.169963][ T7612] RDX: 0000000000002020 RSI: 0000200000000640 RDI: 0000000000000003 [ 174.169976][ T7612] RBP: 00007f7e0836e090 R08: 0000000000000000 R09: 0000000000000000 [ 174.169988][ T7612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 174.170000][ T7612] R13: 0000000000000000 R14: 00007f7e077b5fa0 R15: 00007ffecb1b0698 [ 174.170032][ T7612] [ 174.632199][ T5892] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 174.746354][ T7622] FAULT_INJECTION: forcing a failure. [ 174.746354][ T7622] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 174.783592][ T5892] usb 4-1: device descriptor read/64, error -71 [ 174.790257][ T7622] CPU: 1 UID: 0 PID: 7622 Comm: syz.1.526 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 174.790284][ T7622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 174.790297][ T7622] Call Trace: [ 174.790305][ T7622] [ 174.790313][ T7622] dump_stack_lvl+0x189/0x250 [ 174.790341][ T7622] ? __pfx____ratelimit+0x10/0x10 [ 174.790366][ T7622] ? __pfx_dump_stack_lvl+0x10/0x10 [ 174.790389][ T7622] ? __pfx__printk+0x10/0x10 [ 174.790411][ T7622] ? __might_fault+0xb0/0x130 [ 174.790444][ T7622] should_fail_ex+0x414/0x560 [ 174.790480][ T7622] _copy_from_user+0x2d/0xb0 [ 174.790510][ T7622] __se_sys_mount+0x18a/0x410 [ 174.790545][ T7622] ? __pfx___se_sys_mount+0x10/0x10 [ 174.790570][ T7622] ? rcu_is_watching+0x15/0xb0 [ 174.790596][ T7622] ? do_syscall_64+0xbe/0x3b0 [ 174.790620][ T7622] ? __x64_sys_mount+0x20/0xc0 [ 174.790649][ T7622] do_syscall_64+0xfa/0x3b0 [ 174.790673][ T7622] ? lockdep_hardirqs_on+0x9c/0x150 [ 174.790697][ T7622] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.790716][ T7622] ? clear_bhb_loop+0x60/0xb0 [ 174.790741][ T7622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.790760][ T7622] RIP: 0033:0x7fba8b38e929 [ 174.790777][ T7622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.790793][ T7622] RSP: 002b:00007fba8c244038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 174.790814][ T7622] RAX: ffffffffffffffda RBX: 00007fba8b5b5fa0 RCX: 00007fba8b38e929 [ 174.790829][ T7622] RDX: 0000200000004380 RSI: 0000200000000180 RDI: 0000000000000000 [ 174.790841][ T7622] RBP: 00007fba8c244090 R08: 0000200000000740 R09: 0000000000000000 [ 174.790854][ T7622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 174.790866][ T7622] R13: 0000000000000000 R14: 00007fba8b5b5fa0 R15: 00007ffdcc3e95d8 [ 174.790896][ T7622] [ 174.984844][ C1] vkms_vblank_simulate: vblank timer overrun [ 175.112304][ T5892] usb usb4-port1: attempt power cycle [ 175.115711][ T7627] sock: sock_timestamping_bind_phc: sock not bind to device [ 175.181513][ T7629] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 175.193780][ T7629] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 175.310931][ T7631] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 175.325078][ T7631] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 175.449898][ T5892] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 175.481836][ T5892] usb 4-1: device descriptor read/8, error -71 [ 175.768700][ T5892] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 175.816827][ T5892] usb 4-1: device descriptor read/8, error -71 [ 175.950573][ T5892] usb usb4-port1: unable to enumerate USB device [ 176.100626][ T7647] binder: 7645:7647 ioctl c0306201 2000000003c0 returned -22 [ 176.156766][ T7648] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 176.173191][ T7648] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 176.215531][ T7646] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 176.240298][ T7646] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 176.303309][ T7648] raw_sendmsg: syz.0.536 forgot to set AF_INET. Fix it! [ 176.466876][ T7656] FAULT_INJECTION: forcing a failure. [ 176.466876][ T7656] name failslab, interval 1, probability 0, space 0, times 0 [ 176.482427][ T7656] CPU: 0 UID: 0 PID: 7656 Comm: syz.3.539 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 176.482448][ T7656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 176.482457][ T7656] Call Trace: [ 176.482464][ T7656] [ 176.482470][ T7656] dump_stack_lvl+0x189/0x250 [ 176.482490][ T7656] ? __pfx____ratelimit+0x10/0x10 [ 176.482508][ T7656] ? __pfx_dump_stack_lvl+0x10/0x10 [ 176.482524][ T7656] ? __pfx__printk+0x10/0x10 [ 176.482542][ T7656] ? __pfx___might_resched+0x10/0x10 [ 176.482556][ T7656] ? fs_reclaim_acquire+0x7d/0x100 [ 176.482583][ T7656] should_fail_ex+0x414/0x560 [ 176.482619][ T7656] should_failslab+0xa8/0x100 [ 176.482645][ T7656] __kmalloc_noprof+0xcb/0x4f0 [ 176.482667][ T7656] ? tomoyo_encode+0x28b/0x550 [ 176.482695][ T7656] tomoyo_encode+0x28b/0x550 [ 176.482716][ T7656] tomoyo_realpath_from_path+0x58d/0x5d0 [ 176.482740][ T7656] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 176.482763][ T7656] tomoyo_path_number_perm+0x1e8/0x5a0 [ 176.482787][ T7656] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 176.482827][ T7656] ? __lock_acquire+0xab9/0xd20 [ 176.482862][ T7656] ? __fget_files+0x2a/0x420 [ 176.482889][ T7656] ? __fget_files+0x2a/0x420 [ 176.482907][ T7656] ? __fget_files+0x3a0/0x420 [ 176.482925][ T7656] ? __fget_files+0x2a/0x420 [ 176.482947][ T7656] security_file_ioctl+0xcb/0x2d0 [ 176.482970][ T7656] __se_sys_ioctl+0x47/0x170 [ 176.482987][ T7656] do_syscall_64+0xfa/0x3b0 [ 176.483006][ T7656] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.483019][ T7656] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 176.483033][ T7656] ? clear_bhb_loop+0x60/0xb0 [ 176.483050][ T7656] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.483063][ T7656] RIP: 0033:0x7f71bd38e929 [ 176.483076][ T7656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.483087][ T7656] RSP: 002b:00007f71be237038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 176.483102][ T7656] RAX: ffffffffffffffda RBX: 00007f71bd5b5fa0 RCX: 00007f71bd38e929 [ 176.483112][ T7656] RDX: 00002000000003c0 RSI: 00000000c0306201 RDI: 0000000000000003 [ 176.483121][ T7656] RBP: 00007f71be237090 R08: 0000000000000000 R09: 0000000000000000 [ 176.483131][ T7656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 176.483139][ T7656] R13: 0000000000000000 R14: 00007f71bd5b5fa0 R15: 00007ffcda789318 [ 176.483160][ T7656] [ 176.483176][ T7656] ERROR: Out of memory at tomoyo_realpath_from_path. [ 176.732797][ T7656] binder: 7655:7656 ioctl c0306201 2000000003c0 returned -22 [ 176.915909][ T30] audit: type=1800 audit(1751401351.760:9): pid=7662 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.542" name="dmabuf" dev="dmabuf" ino=4 res=0 errno=0 [ 176.984019][ T7664] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 177.000718][ T7664] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 177.165100][ T7672] FAULT_INJECTION: forcing a failure. [ 177.165100][ T7672] name failslab, interval 1, probability 0, space 0, times 0 [ 177.223138][ T7674] sg_write: data in/out 2013/126 bytes for SCSI command 0x0-- guessing data in; [ 177.223138][ T7674] program syz.2.546 not setting count and/or reply_len properly [ 177.243596][ T30] audit: type=1800 audit(1751401352.090:10): pid=7676 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.547" name="dmabuf" dev="dmabuf" ino=5 res=0 errno=0 [ 177.244992][ T7676] FAULT_INJECTION: forcing a failure. [ 177.244992][ T7676] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 177.276539][ T7672] CPU: 1 UID: 0 PID: 7672 Comm: syz.3.545 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 177.276567][ T7672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 177.276579][ T7672] Call Trace: [ 177.276587][ T7672] [ 177.276596][ T7672] dump_stack_lvl+0x189/0x250 [ 177.276623][ T7672] ? __pfx____ratelimit+0x10/0x10 [ 177.276649][ T7672] ? __pfx_dump_stack_lvl+0x10/0x10 [ 177.276671][ T7672] ? __pfx__printk+0x10/0x10 [ 177.276701][ T7672] ? ref_tracker_alloc+0x318/0x460 [ 177.276724][ T7672] should_fail_ex+0x414/0x560 [ 177.276760][ T7672] should_failslab+0xa8/0x100 [ 177.276786][ T7672] kmem_cache_alloc_noprof+0x73/0x3c0 [ 177.276809][ T7672] ? skb_clone+0x212/0x3a0 [ 177.276834][ T7672] skb_clone+0x212/0x3a0 [ 177.276857][ T7672] __netlink_deliver_tap+0x404/0x850 [ 177.276899][ T7672] ? netlink_deliver_tap+0x2e/0x1b0 [ 177.276926][ T7672] netlink_deliver_tap+0x19c/0x1b0 [ 177.276954][ T7672] netlink_unicast+0x72f/0x8d0 [ 177.276990][ T7672] netlink_sendmsg+0x805/0xb30 [ 177.277028][ T7672] ? __pfx_netlink_sendmsg+0x10/0x10 [ 177.277058][ T7672] ? aa_sock_msg_perm+0xf1/0x1d0 [ 177.277089][ T7672] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 177.277117][ T7672] ? __pfx_netlink_sendmsg+0x10/0x10 [ 177.277145][ T7672] __sock_sendmsg+0x21c/0x270 [ 177.277172][ T7672] ____sys_sendmsg+0x505/0x830 [ 177.277209][ T7672] ? __pfx_____sys_sendmsg+0x10/0x10 [ 177.277250][ T7672] ? import_iovec+0x74/0xa0 [ 177.277284][ T7672] ___sys_sendmsg+0x21f/0x2a0 [ 177.277318][ T7672] ? __pfx____sys_sendmsg+0x10/0x10 [ 177.277388][ T7672] ? __fget_files+0x2a/0x420 [ 177.277415][ T7672] ? __fget_files+0x3a0/0x420 [ 177.277454][ T7672] __x64_sys_sendmsg+0x19b/0x260 [ 177.277488][ T7672] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 177.277530][ T7672] ? __pfx_ksys_write+0x10/0x10 [ 177.277551][ T7672] ? rcu_is_watching+0x15/0xb0 [ 177.277576][ T7672] ? do_syscall_64+0xbe/0x3b0 [ 177.277605][ T7672] do_syscall_64+0xfa/0x3b0 [ 177.277629][ T7672] ? lockdep_hardirqs_on+0x9c/0x150 [ 177.277652][ T7672] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.277672][ T7672] ? clear_bhb_loop+0x60/0xb0 [ 177.277697][ T7672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.277717][ T7672] RIP: 0033:0x7f71bd38e929 [ 177.277735][ T7672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 177.277751][ T7672] RSP: 002b:00007f71be237038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 177.277772][ T7672] RAX: ffffffffffffffda RBX: 00007f71bd5b5fa0 RCX: 00007f71bd38e929 [ 177.277788][ T7672] RDX: 0000000020050800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 177.277801][ T7672] RBP: 00007f71be237090 R08: 0000000000000000 R09: 0000000000000000 [ 177.277813][ T7672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 177.277827][ T7672] R13: 0000000000000000 R14: 00007f71bd5b5fa0 R15: 00007ffcda789318 [ 177.277859][ T7672] [ 177.563938][ C1] vkms_vblank_simulate: vblank timer overrun [ 177.582133][ T7676] CPU: 1 UID: 0 PID: 7676 Comm: syz.1.547 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 177.582162][ T7676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 177.582175][ T7676] Call Trace: [ 177.582183][ T7676] [ 177.582192][ T7676] dump_stack_lvl+0x189/0x250 [ 177.582221][ T7676] ? __pfx____ratelimit+0x10/0x10 [ 177.582247][ T7676] ? __pfx_dump_stack_lvl+0x10/0x10 [ 177.582270][ T7676] ? __pfx__printk+0x10/0x10 [ 177.582307][ T7676] should_fail_ex+0x414/0x560 [ 177.582344][ T7676] _copy_to_user+0x31/0xb0 [ 177.582378][ T7676] simple_read_from_buffer+0xe1/0x170 [ 177.582410][ T7676] proc_fail_nth_read+0x1df/0x250 [ 177.582444][ T7676] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 177.582477][ T7676] ? rw_verify_area+0x258/0x650 [ 177.582500][ T7676] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 177.582532][ T7676] vfs_read+0x1fd/0x980 [ 177.582561][ T7676] ? __pfx___mutex_lock+0x10/0x10 [ 177.582587][ T7676] ? __pfx_vfs_read+0x10/0x10 [ 177.582612][ T7676] ? __fget_files+0x2a/0x420 [ 177.582643][ T7676] ? __fget_files+0x3a0/0x420 [ 177.582669][ T7676] ? __fget_files+0x2a/0x420 [ 177.582706][ T7676] ksys_read+0x145/0x250 [ 177.582732][ T7676] ? __pfx_ksys_read+0x10/0x10 [ 177.582753][ T7676] ? rcu_is_watching+0x15/0xb0 [ 177.582778][ T7676] ? do_syscall_64+0xbe/0x3b0 [ 177.582809][ T7676] do_syscall_64+0xfa/0x3b0 [ 177.582832][ T7676] ? lockdep_hardirqs_on+0x9c/0x150 [ 177.582856][ T7676] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.582876][ T7676] ? clear_bhb_loop+0x60/0xb0 [ 177.582901][ T7676] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.582920][ T7676] RIP: 0033:0x7fba8b38d33c [ 177.582937][ T7676] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 177.582954][ T7676] RSP: 002b:00007fba8c244030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 177.582975][ T7676] RAX: ffffffffffffffda RBX: 00007fba8b5b5fa0 RCX: 00007fba8b38d33c [ 177.582989][ T7676] RDX: 000000000000000f RSI: 00007fba8c2440a0 RDI: 0000000000000006 [ 177.583002][ T7676] RBP: 00007fba8c244090 R08: 0000000000000000 R09: 0000000000000000 [ 177.583014][ T7676] R10: 0000000000000805 R11: 0000000000000246 R12: 0000000000000001 [ 177.583025][ T7676] R13: 0000000000000000 R14: 00007fba8b5b5fa0 R15: 00007ffdcc3e95d8 [ 177.583063][ T7676] [ 177.818148][ C1] vkms_vblank_simulate: vblank timer overrun [ 177.901652][ T7679] exFAT-fs (rnullb0): invalid boot record signature [ 177.911950][ T7679] exFAT-fs (rnullb0): failed to read boot sector [ 177.918664][ T7679] exFAT-fs (rnullb0): failed to recognize exfat type [ 177.935553][ T7681] bridge0: port 3(syz_tun) entered blocking state [ 177.943616][ T7681] bridge0: port 3(syz_tun) entered disabled state [ 177.951428][ T7681] syz_tun: entered allmulticast mode [ 177.959849][ T7681] syz_tun: entered promiscuous mode [ 177.965688][ T7681] bridge0: port 3(syz_tun) entered blocking state [ 177.972423][ T7681] bridge0: port 3(syz_tun) entered forwarding state [ 177.980100][ T5945] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 178.118530][ T5945] usb 3-1: device descriptor read/64, error -71 [ 178.139037][ T7686] bridge0: port 3(syz_tun) entered blocking state [ 178.145642][ T7686] bridge0: port 3(syz_tun) entered disabled state [ 178.180870][ T7686] syz_tun: entered allmulticast mode [ 178.213280][ T7688] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 178.218296][ T7686] syz_tun: entered promiscuous mode [ 178.232200][ T7686] bridge0: port 3(syz_tun) entered blocking state [ 178.238791][ T7686] bridge0: port 3(syz_tun) entered forwarding state [ 178.238792][ T7688] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 178.240943][ T7688] qnx6: unable to set blocksize [ 178.268274][ T2014] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 178.358239][ T5945] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 178.438758][ T2014] usb 4-1: Using ep0 maxpacket: 8 [ 178.444623][ T7690] netlink: 256 bytes leftover after parsing attributes in process `syz.1.553'. [ 178.449082][ T2014] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 178.465783][ T2014] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.482320][ T2014] pvrusb2: Hardware description: Terratec Grabster AV400 [ 178.493018][ T2014] pvrusb2: ********** [ 178.497032][ T2014] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 178.498284][ T5945] usb 3-1: device descriptor read/64, error -71 [ 178.507294][ T2014] pvrusb2: Important functionality might not be entirely working. [ 178.522165][ T2014] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 178.533919][ T2014] pvrusb2: ********** [ 178.572108][ T7692] FAULT_INJECTION: forcing a failure. [ 178.572108][ T7692] name failslab, interval 1, probability 0, space 0, times 0 [ 178.585482][ T7692] CPU: 1 UID: 0 PID: 7692 Comm: syz.1.554 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 178.585506][ T7692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 178.585517][ T7692] Call Trace: [ 178.585524][ T7692] [ 178.585535][ T7692] dump_stack_lvl+0x189/0x250 [ 178.585561][ T7692] ? __pfx____ratelimit+0x10/0x10 [ 178.585579][ T7692] ? __pfx_dump_stack_lvl+0x10/0x10 [ 178.585593][ T7692] ? __pfx__printk+0x10/0x10 [ 178.585609][ T7692] ? __pfx___might_resched+0x10/0x10 [ 178.585621][ T7692] ? fs_reclaim_acquire+0x7d/0x100 [ 178.585641][ T7692] should_fail_ex+0x414/0x560 [ 178.585662][ T7692] should_failslab+0xa8/0x100 [ 178.585678][ T7692] __kmalloc_cache_noprof+0x70/0x3d0 [ 178.585693][ T7692] ? p9_fid_create+0x50/0x220 [ 178.585708][ T7692] p9_fid_create+0x50/0x220 [ 178.585721][ T7692] p9_client_attach+0x8d/0x3c0 [ 178.585737][ T7692] ? __pfx_p9_client_attach+0x10/0x10 [ 178.585750][ T7692] ? _raw_spin_unlock+0x28/0x50 [ 178.585763][ T7692] ? v9fs_fid_find_inode+0x1d2/0x220 [ 178.585784][ T7692] v9fs_fid_lookup+0x9ab/0xb70 [ 178.585809][ T7692] v9fs_vfs_setattr+0x188/0xb10 [ 178.585830][ T7692] ? __pfx_v9fs_vfs_setattr+0x10/0x10 [ 178.585850][ T7692] ? __pfx_current_time+0x10/0x10 [ 178.585865][ T7692] ? try_break_deleg+0x79/0x130 [ 178.585878][ T7692] ? __pfx_v9fs_vfs_setattr+0x10/0x10 [ 178.585893][ T7692] notify_change+0xb36/0xe40 [ 178.585914][ T7692] chmod_common+0x248/0x400 [ 178.585935][ T7692] ? __pfx_chmod_common+0x10/0x10 [ 178.585957][ T7692] ? kasan_quarantine_put+0xdd/0x220 [ 178.585974][ T7692] ? user_path_at+0x44/0x60 [ 178.585985][ T7692] ? kmem_cache_free+0x18f/0x400 [ 178.586004][ T7692] do_fchmodat+0x12d/0x200 [ 178.586019][ T7692] ? __pfx_do_fchmodat+0x10/0x10 [ 178.586032][ T7692] ? __pfx_ksys_write+0x10/0x10 [ 178.586045][ T7692] ? rcu_is_watching+0x15/0xb0 [ 178.586061][ T7692] __x64_sys_fchmodat+0x7d/0x90 [ 178.586079][ T7692] do_syscall_64+0xfa/0x3b0 [ 178.586094][ T7692] ? lockdep_hardirqs_on+0x9c/0x150 [ 178.586109][ T7692] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.586120][ T7692] ? clear_bhb_loop+0x60/0xb0 [ 178.586135][ T7692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.586147][ T7692] RIP: 0033:0x7fba8b38e929 [ 178.586157][ T7692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.586168][ T7692] RSP: 002b:00007fba8c244038 EFLAGS: 00000246 ORIG_RAX: 000000000000010c [ 178.586181][ T7692] RAX: ffffffffffffffda RBX: 00007fba8b5b5fa0 RCX: 00007fba8b38e929 [ 178.586190][ T7692] RDX: 00000000000001ff RSI: 0000200000000440 RDI: ffffffffffffff9c [ 178.586198][ T7692] RBP: 00007fba8c244090 R08: 0000000000000000 R09: 0000000000000000 [ 178.586205][ T7692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 178.586212][ T7692] R13: 0000000000000000 R14: 00007fba8b5b5fa0 R15: 00007ffdcc3e95d8 [ 178.586231][ T7692] [ 178.873554][ C1] vkms_vblank_simulate: vblank timer overrun [ 178.883603][ T5945] usb usb3-port1: attempt power cycle [ 178.899478][ T2345] pvrusb2: Invalid write control endpoint [ 178.947086][ T2345] pvrusb2: Invalid write control endpoint [ 178.954307][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 178.965513][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 178.974989][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 178.985332][ T2345] pvrusb2: Device being rendered inoperable [ 178.996935][ T2345] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 179.011257][ T2345] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 179.022095][ T2345] pvrusb2: Attached sub-driver cx25840 [ 179.027756][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 179.037954][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 179.070760][ T7695] FAULT_INJECTION: forcing a failure. [ 179.070760][ T7695] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 179.084146][ T7695] CPU: 1 UID: 0 PID: 7695 Comm: syz.0.556 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 179.084169][ T7695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 179.084180][ T7695] Call Trace: [ 179.084187][ T7695] [ 179.084195][ T7695] dump_stack_lvl+0x189/0x250 [ 179.084220][ T7695] ? __pfx____ratelimit+0x10/0x10 [ 179.084242][ T7695] ? __pfx_dump_stack_lvl+0x10/0x10 [ 179.084278][ T7695] ? __pfx__printk+0x10/0x10 [ 179.084322][ T7695] should_fail_ex+0x414/0x560 [ 179.084353][ T7695] _copy_from_user+0x2d/0xb0 [ 179.084380][ T7695] get_user_ifreq+0x6c/0x180 [ 179.084401][ T7695] br_ioctl_stub+0x160/0xc80 [ 179.084425][ T7695] ? trace_contention_end+0x39/0x120 [ 179.084447][ T7695] ? __pfx_br_ioctl_stub+0x10/0x10 [ 179.084477][ T7695] ? sock_ioctl+0x4b4/0x790 [ 179.084502][ T7695] ? __lock_acquire+0xab9/0xd20 [ 179.084540][ T7695] ? __pfx_br_ioctl_stub+0x10/0x10 [ 179.084562][ T7695] sock_ioctl+0x4d8/0x790 [ 179.084583][ T7695] ? __pfx_sock_ioctl+0x10/0x10 [ 179.084602][ T7695] ? __fget_files+0x2a/0x420 [ 179.084626][ T7695] ? __fget_files+0x3a0/0x420 [ 179.084648][ T7695] ? __fget_files+0x2a/0x420 [ 179.084675][ T7695] ? bpf_lsm_file_ioctl+0x9/0x20 [ 179.084692][ T7695] ? __pfx_sock_ioctl+0x10/0x10 [ 179.084710][ T7695] __se_sys_ioctl+0xfc/0x170 [ 179.084731][ T7695] do_syscall_64+0xfa/0x3b0 [ 179.084751][ T7695] ? lockdep_hardirqs_on+0x9c/0x150 [ 179.084771][ T7695] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.084788][ T7695] ? clear_bhb_loop+0x60/0xb0 [ 179.084808][ T7695] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.084824][ T7695] RIP: 0033:0x7fe11dd8e929 [ 179.084839][ T7695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.084854][ T7695] RSP: 002b:00007fe11eb52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 179.084872][ T7695] RAX: ffffffffffffffda RBX: 00007fe11dfb5fa0 RCX: 00007fe11dd8e929 [ 179.084891][ T7695] RDX: 0000200000000000 RSI: 00000000000089a2 RDI: 0000000000000009 [ 179.084903][ T7695] RBP: 00007fe11eb52090 R08: 0000000000000000 R09: 0000000000000000 [ 179.084913][ T7695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 179.084923][ T7695] R13: 0000000000000000 R14: 00007fe11dfb5fa0 R15: 00007ffe9fc5f588 [ 179.084948][ T7695] [ 179.317109][ C1] vkms_vblank_simulate: vblank timer overrun [ 179.329455][ T2014] usb 4-1: USB disconnect, device number 22 [ 179.390547][ T5945] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 179.423334][ T5945] usb 3-1: device descriptor read/8, error -71 [ 179.668221][ T5945] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 179.685437][ T7707] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 179.693418][ T7707] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 179.704880][ T5945] usb 3-1: device descriptor read/8, error -71 [ 179.820376][ T5945] usb usb3-port1: unable to enumerate USB device [ 179.887131][ T7710] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 179.914921][ T7710] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 179.971339][ T7716] netlink: 256 bytes leftover after parsing attributes in process `syz.1.562'. [ 179.982567][ T7716] FAULT_INJECTION: forcing a failure. [ 179.982567][ T7716] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 179.995864][ T7716] CPU: 1 UID: 0 PID: 7716 Comm: syz.1.562 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 179.995886][ T7716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 179.995897][ T7716] Call Trace: [ 179.995903][ T7716] [ 179.995911][ T7716] dump_stack_lvl+0x189/0x250 [ 179.995936][ T7716] ? __pfx____ratelimit+0x10/0x10 [ 179.995975][ T7716] ? __pfx_dump_stack_lvl+0x10/0x10 [ 179.995996][ T7716] ? __pfx__printk+0x10/0x10 [ 179.996028][ T7716] should_fail_ex+0x414/0x560 [ 179.996062][ T7716] _copy_to_user+0x31/0xb0 [ 179.996082][ T7716] simple_read_from_buffer+0xe1/0x170 [ 179.996111][ T7716] proc_fail_nth_read+0x1df/0x250 [ 179.996142][ T7716] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 179.996174][ T7716] ? rw_verify_area+0x258/0x650 [ 179.996195][ T7716] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 179.996224][ T7716] vfs_read+0x1fd/0x980 [ 179.996251][ T7716] ? __pfx___mutex_lock+0x10/0x10 [ 179.996276][ T7716] ? __pfx_vfs_read+0x10/0x10 [ 179.996299][ T7716] ? __fget_files+0x2a/0x420 [ 179.996329][ T7716] ? __fget_files+0x3a0/0x420 [ 179.996353][ T7716] ? __fget_files+0x2a/0x420 [ 179.996387][ T7716] ksys_read+0x145/0x250 [ 179.996412][ T7716] ? __pfx_ksys_read+0x10/0x10 [ 179.996431][ T7716] ? rcu_is_watching+0x15/0xb0 [ 179.996455][ T7716] ? do_syscall_64+0xbe/0x3b0 [ 179.996483][ T7716] do_syscall_64+0xfa/0x3b0 [ 179.996505][ T7716] ? lockdep_hardirqs_on+0x9c/0x150 [ 179.996527][ T7716] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.996546][ T7716] ? clear_bhb_loop+0x60/0xb0 [ 179.996578][ T7716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.996596][ T7716] RIP: 0033:0x7fba8b38d33c [ 179.996613][ T7716] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 179.996629][ T7716] RSP: 002b:00007fba8c244030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 179.996649][ T7716] RAX: ffffffffffffffda RBX: 00007fba8b5b5fa0 RCX: 00007fba8b38d33c [ 179.996663][ T7716] RDX: 000000000000000f RSI: 00007fba8c2440a0 RDI: 0000000000000003 [ 179.996675][ T7716] RBP: 00007fba8c244090 R08: 0000000000000000 R09: 0000000000000000 [ 179.996687][ T7716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 179.996698][ T7716] R13: 0000000000000000 R14: 00007fba8b5b5fa0 R15: 00007ffdcc3e95d8 [ 179.996727][ T7716] [ 180.227855][ C1] vkms_vblank_simulate: vblank timer overrun [ 180.300123][ T5942] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 180.363304][ T7720] tls_set_device_offload: netdev not found [ 180.466684][ T5942] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 180.481885][ T5942] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 180.495386][ T5942] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 180.520248][ T7728] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 180.521148][ T5942] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.534285][ T7728] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 180.552219][ T5942] usb 4-1: config 0 descriptor?? [ 180.764047][ T30] audit: type=1800 audit(1751401355.610:11): pid=7735 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.572" name="dmabuf" dev="dmabuf" ino=6 res=0 errno=0 [ 180.917208][ T30] audit: type=1800 audit(1751401355.760:12): pid=7737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.573" name="bus" dev="overlay" ino=726 res=0 errno=0 [ 180.946417][ T5884] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 181.048765][ T7741] hfs: can't find a HFS filesystem on dev rnullb0 [ 181.100785][ T5884] usb 3-1: Using ep0 maxpacket: 32 [ 181.111995][ T5884] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 181.121997][ T5884] usb 3-1: config 0 has no interface number 0 [ 181.128259][ T5884] usb 3-1: config 0 interface 184 has no altsetting 0 [ 181.142474][ T5884] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 181.151593][ T5884] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.159729][ T5884] usb 3-1: Product: syz [ 181.164056][ T5884] usb 3-1: Manufacturer: syz [ 181.168736][ T5884] usb 3-1: SerialNumber: syz [ 181.176072][ T5884] usb 3-1: config 0 descriptor?? [ 181.184202][ T5884] smsc75xx v1.0.0 [ 181.191796][ T5942] usb 4-1: string descriptor 0 read error: -22 [ 181.405214][ T5942] input: HID 256c:006d as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0009/input/input15 [ 181.486936][ T5942] uclogic 0003:256C:006D.0009: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.3-1/input0 [ 181.695074][ T5942] usb 4-1: USB disconnect, device number 23 [ 181.990465][ T7731] netlink: 8 bytes leftover after parsing attributes in process `syz.2.571'. [ 182.021876][ T5884] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 182.048676][ T5884] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 182.079243][ T7751] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 182.090340][ T7751] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 182.104081][ T7751] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 182.114921][ T7751] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 182.139144][ T7749] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 182.151248][ T7749] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 182.396019][ T5884] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71 [ 182.436098][ T5884] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71 [ 182.456226][ T5884] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 182.480715][ T5884] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71 [ 182.500148][ T5884] usb 3-1: USB disconnect, device number 19 [ 182.667089][ T7765] netlink: 4 bytes leftover after parsing attributes in process `syz.0.581'. [ 182.682335][ T7765] syz.0.581: attempt to access beyond end of device [ 182.682335][ T7765] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0 [ 182.748332][ T7767] FAULT_INJECTION: forcing a failure. [ 182.748332][ T7767] name failslab, interval 1, probability 0, space 0, times 0 [ 182.763225][ T7767] CPU: 0 UID: 0 PID: 7767 Comm: syz.0.582 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 182.763246][ T7767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 182.763256][ T7767] Call Trace: [ 182.763262][ T7767] [ 182.763268][ T7767] dump_stack_lvl+0x189/0x250 [ 182.763289][ T7767] ? __pfx____ratelimit+0x10/0x10 [ 182.763310][ T7767] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.763327][ T7767] ? __pfx__printk+0x10/0x10 [ 182.763357][ T7767] ? __pfx___might_resched+0x10/0x10 [ 182.763377][ T7767] ? fs_reclaim_acquire+0x7d/0x100 [ 182.763409][ T7767] should_fail_ex+0x414/0x560 [ 182.763446][ T7767] should_failslab+0xa8/0x100 [ 182.763465][ T7767] kmem_cache_alloc_lru_noprof+0x78/0x3d0 [ 182.763482][ T7767] ? __d_alloc+0x36/0x7a0 [ 182.763499][ T7767] __d_alloc+0x36/0x7a0 [ 182.763516][ T7767] d_alloc_parallel+0xe5/0x15e0 [ 182.763542][ T7767] ? __d_lookup+0x66/0x780 [ 182.763566][ T7767] ? __pfx_d_alloc_parallel+0x10/0x10 [ 182.763594][ T7767] path_openat+0xa3b/0x3830 [ 182.763608][ T7767] ? arch_stack_walk+0xfc/0x150 [ 182.763649][ T7767] ? __pfx_path_openat+0x10/0x10 [ 182.763662][ T7767] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.763692][ T7767] do_filp_open+0x1fa/0x410 [ 182.763706][ T7767] ? __lock_acquire+0xab9/0xd20 [ 182.763729][ T7767] ? __pfx_do_filp_open+0x10/0x10 [ 182.763761][ T7767] ? _raw_spin_unlock+0x28/0x50 [ 182.763775][ T7767] ? alloc_fd+0x64c/0x6c0 [ 182.763803][ T7767] do_sys_openat2+0x121/0x1c0 [ 182.763819][ T7767] ? __pfx_do_sys_openat2+0x10/0x10 [ 182.763833][ T7767] ? ksys_write+0x22a/0x250 [ 182.763851][ T7767] ? __pfx_ksys_write+0x10/0x10 [ 182.763879][ T7767] __x64_sys_open+0x11e/0x150 [ 182.763904][ T7767] do_syscall_64+0xfa/0x3b0 [ 182.763929][ T7767] ? lockdep_hardirqs_on+0x9c/0x150 [ 182.763954][ T7767] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.763975][ T7767] ? clear_bhb_loop+0x60/0xb0 [ 182.764000][ T7767] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.764015][ T7767] RIP: 0033:0x7fe11dd8e929 [ 182.764028][ T7767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 182.764040][ T7767] RSP: 002b:00007fe11eb52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 182.764056][ T7767] RAX: ffffffffffffffda RBX: 00007fe11dfb5fa0 RCX: 00007fe11dd8e929 [ 182.764067][ T7767] RDX: 0000000000000000 RSI: 0000000000066842 RDI: 00002000000005c0 [ 182.764077][ T7767] RBP: 00007fe11eb52090 R08: 0000000000000000 R09: 0000000000000000 [ 182.764086][ T7767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 182.764095][ T7767] R13: 0000000000000000 R14: 00007fe11dfb5fa0 R15: 00007ffe9fc5f588 [ 182.764129][ T7767] [ 183.088201][ T5884] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 183.270169][ T5884] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 183.285908][ T5884] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 183.297332][ T5884] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 183.307490][ T5884] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 183.320991][ T5884] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 183.330361][ T5884] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.346896][ T5884] usb 3-1: config 0 descriptor?? [ 183.758420][ T5945] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 183.767221][ T5884] usbhid 3-1:0.0: can't add hid device: -71 [ 183.774319][ T5884] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 183.794784][ T5884] usb 3-1: USB disconnect, device number 20 [ 183.919403][ T5945] usb 4-1: Using ep0 maxpacket: 8 [ 183.926520][ T5945] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 183.940194][ T5945] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.962399][ T5945] pvrusb2: Hardware description: Terratec Grabster AV400 [ 183.972340][ T5945] pvrusb2: ********** [ 183.976492][ T5945] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 183.987899][ T5945] pvrusb2: Important functionality might not be entirely working. [ 184.002230][ T5945] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 184.013927][ T5945] pvrusb2: ********** [ 184.160062][ T2345] pvrusb2: Invalid write control endpoint [ 184.251497][ T2345] pvrusb2: Invalid write control endpoint [ 184.265862][ T2345] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 184.276534][ T2345] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 184.290257][ T2345] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 184.304515][ T2345] pvrusb2: Device being rendered inoperable [ 184.313813][ T2345] cx25840 2-0044: Unable to detect h/w, assuming cx23887 [ 184.331920][ T2345] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 184.352821][ T2345] pvrusb2: Attached sub-driver cx25840 [ 184.361073][ T7784] FAULT_INJECTION: forcing a failure. [ 184.361073][ T7784] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 184.387142][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 184.401233][ T7784] CPU: 0 UID: 0 PID: 7784 Comm: syz.3.587 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 184.401261][ T7784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 184.401274][ T7784] Call Trace: [ 184.401283][ T7784] [ 184.401291][ T7784] dump_stack_lvl+0x189/0x250 [ 184.401321][ T7784] ? __pfx____ratelimit+0x10/0x10 [ 184.401346][ T7784] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.401370][ T7784] ? __pfx__printk+0x10/0x10 [ 184.401480][ T7784] should_fail_ex+0x414/0x560 [ 184.401525][ T7784] _copy_to_user+0x31/0xb0 [ 184.401555][ T7784] simple_read_from_buffer+0xe1/0x170 [ 184.401587][ T7784] proc_fail_nth_read+0x1df/0x250 [ 184.401621][ T7784] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 184.401652][ T7784] ? rw_verify_area+0x258/0x650 [ 184.401674][ T7784] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 184.401706][ T7784] vfs_read+0x1fd/0x980 [ 184.401734][ T7784] ? __pfx___mutex_lock+0x10/0x10 [ 184.401760][ T7784] ? __pfx_vfs_read+0x10/0x10 [ 184.401785][ T7784] ? __fget_files+0x2a/0x420 [ 184.401816][ T7784] ? __fget_files+0x3a0/0x420 [ 184.401841][ T7784] ? __fget_files+0x2a/0x420 [ 184.401879][ T7784] ksys_read+0x145/0x250 [ 184.401901][ T7784] ? __fget_files+0x3a0/0x420 [ 184.401930][ T7784] ? __pfx_ksys_read+0x10/0x10 [ 184.401960][ T7784] ? do_syscall_64+0xbe/0x3b0 [ 184.401990][ T7784] do_syscall_64+0xfa/0x3b0 [ 184.402014][ T7784] ? lockdep_hardirqs_on+0x9c/0x150 [ 184.402038][ T7784] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.402059][ T7784] ? clear_bhb_loop+0x60/0xb0 [ 184.402084][ T7784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.402104][ T7784] RIP: 0033:0x7f71bd38d33c [ 184.402123][ T7784] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 184.402150][ T7784] RSP: 002b:00007f71be237030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 184.402177][ T7784] RAX: ffffffffffffffda RBX: 00007f71bd5b5fa0 RCX: 00007f71bd38d33c [ 184.402192][ T7784] RDX: 000000000000000f RSI: 00007f71be2370a0 RDI: 0000000000000004 [ 184.402205][ T7784] RBP: 00007f71be237090 R08: 0000000000000000 R09: 0000000000000000 [ 184.402218][ T7784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 184.402230][ T7784] R13: 0000000000000000 R14: 00007f71bd5b5fa0 R15: 00007ffcda789318 [ 184.402266][ T7784] [ 184.566101][ T7798] FAULT_INJECTION: forcing a failure. [ 184.566101][ T7798] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 184.568492][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 184.681751][ T5942] usb 4-1: USB disconnect, device number 24 [ 184.687886][ T7798] CPU: 1 UID: 0 PID: 7798 Comm: syz.2.591 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 184.687916][ T7798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 184.687929][ T7798] Call Trace: [ 184.687938][ T7798] [ 184.687947][ T7798] dump_stack_lvl+0x189/0x250 [ 184.687977][ T7798] ? __pfx____ratelimit+0x10/0x10 [ 184.688004][ T7798] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.688029][ T7798] ? __pfx__printk+0x10/0x10 [ 184.688066][ T7798] should_fail_ex+0x414/0x560 [ 184.688108][ T7798] _copy_to_user+0x31/0xb0 [ 184.688130][ T7798] simple_read_from_buffer+0xe1/0x170 [ 184.688164][ T7798] proc_fail_nth_read+0x1df/0x250 [ 184.688199][ T7798] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 184.688233][ T7798] ? rw_verify_area+0x258/0x650 [ 184.688257][ T7798] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 184.688290][ T7798] vfs_read+0x1fd/0x980 [ 184.688315][ T7798] ? __pfx___mutex_lock+0x10/0x10 [ 184.688339][ T7798] ? __pfx_vfs_read+0x10/0x10 [ 184.688372][ T7798] ? __fget_files+0x2a/0x420 [ 184.688402][ T7798] ? __fget_files+0x3a0/0x420 [ 184.688425][ T7798] ? __fget_files+0x2a/0x420 [ 184.688457][ T7798] ksys_read+0x145/0x250 [ 184.688477][ T7798] ? __fget_files+0x2a/0x420 [ 184.688505][ T7798] ? __pfx_ksys_read+0x10/0x10 [ 184.688535][ T7798] ? do_syscall_64+0xbe/0x3b0 [ 184.688568][ T7798] do_syscall_64+0xfa/0x3b0 [ 184.688593][ T7798] ? lockdep_hardirqs_on+0x9c/0x150 [ 184.688618][ T7798] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.688640][ T7798] ? clear_bhb_loop+0x60/0xb0 [ 184.688665][ T7798] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.688685][ T7798] RIP: 0033:0x7f7e0758d33c [ 184.688705][ T7798] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 184.688722][ T7798] RSP: 002b:00007f7e0836e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 184.688744][ T7798] RAX: ffffffffffffffda RBX: 00007f7e077b5fa0 RCX: 00007f7e0758d33c [ 184.688760][ T7798] RDX: 000000000000000f RSI: 00007f7e0836e0a0 RDI: 0000000000000004 [ 184.688774][ T7798] RBP: 00007f7e0836e090 R08: 0000000000000000 R09: 0000000000000000 [ 184.688786][ T7798] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001 [ 184.688799][ T7798] R13: 0000000000000000 R14: 00007f7e077b5fa0 R15: 00007ffecb1b0698 [ 184.688832][ T7798] [ 184.988451][ T7802] PKCS7: Unknown OID: [4] 0.0 [ 184.993507][ T7802] PKCS7: Only support pkcs7_signedData type [ 185.100967][ T7805] overlayfs: failed to resolve './file1': -2 [ 185.129750][ T7806] exFAT-fs (rnullb0): invalid boot record signature [ 185.136382][ T7806] exFAT-fs (rnullb0): failed to read boot sector [ 185.159044][ T7806] exFAT-fs (rnullb0): failed to recognize exfat type [ 185.169984][ T7808] exFAT-fs (rnullb0): invalid boot record signature [ 185.200374][ T7808] exFAT-fs (rnullb0): failed to read boot sector [ 185.206758][ T7808] exFAT-fs (rnullb0): failed to recognize exfat type [ 185.384708][ T7816] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 185.396636][ T7816] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 185.594407][ T7818] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 185.633759][ T7818] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 186.065198][ T7826] capability: warning: `syz.1.601' uses 32-bit capabilities (legacy support in use) [ 186.509138][ T7813] syz.2.597 (7813): drop_caches: 2 [ 186.858190][ T5942] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 186.878220][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 187.058368][ T5942] usb 3-1: device descriptor read/64, error -71 [ 187.208578][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 187.318362][ T5942] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 187.448321][ T5942] usb 3-1: device descriptor read/64, error -71 [ 187.455871][ T7859] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 187.468717][ T7859] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 187.571486][ T5942] usb usb3-port1: attempt power cycle [ 187.877080][ T7856] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 187.928233][ T5942] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 187.961974][ T5942] usb 3-1: device descriptor read/8, error -71 [ 188.000418][ T7863] netlink: 14 bytes leftover after parsing attributes in process `syz.0.610'. [ 188.066687][ T7865] FAULT_INJECTION: forcing a failure. [ 188.066687][ T7865] name failslab, interval 1, probability 0, space 0, times 0 [ 188.087181][ T7865] CPU: 1 UID: 0 PID: 7865 Comm: syz.1.611 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 188.087207][ T7865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 188.087218][ T7865] Call Trace: [ 188.087226][ T7865] [ 188.087234][ T7865] dump_stack_lvl+0x189/0x250 [ 188.087260][ T7865] ? __pfx____ratelimit+0x10/0x10 [ 188.087284][ T7865] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.087304][ T7865] ? __pfx__printk+0x10/0x10 [ 188.087327][ T7865] ? __pfx___might_resched+0x10/0x10 [ 188.087346][ T7865] ? fs_reclaim_acquire+0x7d/0x100 [ 188.087375][ T7865] should_fail_ex+0x414/0x560 [ 188.087407][ T7865] should_failslab+0xa8/0x100 [ 188.087432][ T7865] __kmalloc_noprof+0xcb/0x4f0 [ 188.087450][ T7865] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 188.087466][ T7865] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 188.087492][ T7865] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 188.087518][ T7865] genl_family_rcv_msg_doit+0xb8/0x300 [ 188.087543][ T7865] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 188.087560][ T7865] ? rcu_is_watching+0x15/0xb0 [ 188.087579][ T7865] ? apparmor_capable+0x137/0x1b0 [ 188.087620][ T7865] ? bpf_lsm_capable+0x9/0x20 [ 188.087638][ T7865] ? security_capable+0x7e/0x2e0 [ 188.087661][ T7865] genl_rcv_msg+0x60e/0x790 [ 188.087683][ T7865] ? __pfx_genl_rcv_msg+0x10/0x10 [ 188.087697][ T7865] ? ref_tracker_free+0x63a/0x7d0 [ 188.087712][ T7865] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 188.087727][ T7865] ? __pfx_nl80211_start_ap+0x10/0x10 [ 188.087744][ T7865] ? __pfx_nl80211_post_doit+0x10/0x10 [ 188.087761][ T7865] ? __pfx_ref_tracker_free+0x10/0x10 [ 188.087787][ T7865] netlink_rcv_skb+0x205/0x470 [ 188.087810][ T7865] ? __pfx_genl_rcv_msg+0x10/0x10 [ 188.087838][ T7865] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 188.087877][ T7865] ? down_read+0x1ad/0x2e0 [ 188.087903][ T7865] genl_rcv+0x28/0x40 [ 188.087917][ T7865] netlink_unicast+0x758/0x8d0 [ 188.087948][ T7865] netlink_sendmsg+0x805/0xb30 [ 188.087979][ T7865] ? __pfx_netlink_sendmsg+0x10/0x10 [ 188.088005][ T7865] ? aa_sock_msg_perm+0xf1/0x1d0 [ 188.088026][ T7865] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 188.088061][ T7865] ? __pfx_netlink_sendmsg+0x10/0x10 [ 188.088083][ T7865] __sock_sendmsg+0x21c/0x270 [ 188.088110][ T7865] ____sys_sendmsg+0x505/0x830 [ 188.088139][ T7865] ? __pfx_____sys_sendmsg+0x10/0x10 [ 188.088172][ T7865] ? import_iovec+0x74/0xa0 [ 188.088200][ T7865] ___sys_sendmsg+0x21f/0x2a0 [ 188.088226][ T7865] ? __pfx____sys_sendmsg+0x10/0x10 [ 188.088282][ T7865] ? __fget_files+0x2a/0x420 [ 188.088303][ T7865] ? __fget_files+0x3a0/0x420 [ 188.088334][ T7865] __x64_sys_sendmsg+0x19b/0x260 [ 188.088361][ T7865] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 188.088393][ T7865] ? __pfx_ksys_write+0x10/0x10 [ 188.088410][ T7865] ? rcu_is_watching+0x15/0xb0 [ 188.088430][ T7865] ? do_syscall_64+0xbe/0x3b0 [ 188.088455][ T7865] do_syscall_64+0xfa/0x3b0 [ 188.088474][ T7865] ? lockdep_hardirqs_on+0x9c/0x150 [ 188.088493][ T7865] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.088509][ T7865] ? clear_bhb_loop+0x60/0xb0 [ 188.088529][ T7865] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.088544][ T7865] RIP: 0033:0x7fba8b38e929 [ 188.088560][ T7865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.088574][ T7865] RSP: 002b:00007fba8c244038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 188.088591][ T7865] RAX: ffffffffffffffda RBX: 00007fba8b5b5fa0 RCX: 00007fba8b38e929 [ 188.088603][ T7865] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 188.088613][ T7865] RBP: 00007fba8c244090 R08: 0000000000000000 R09: 0000000000000000 [ 188.088622][ T7865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 188.088632][ T7865] R13: 0000000000000000 R14: 00007fba8b5b5fa0 R15: 00007ffdcc3e95d8 [ 188.088658][ T7865] [ 188.092864][ T7863] bond0: (slave syz_tun): Releasing backup interface [ 188.293331][ T7867] netlink: 16 bytes leftover after parsing attributes in process `syz.1.612'. [ 188.415286][ T7870] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 188.496362][ T5942] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 188.513754][ T7870] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 188.522821][ T5942] usb 3-1: device descriptor read/8, error -71 [ 188.640190][ T7867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 188.648665][ T5942] usb usb3-port1: unable to enumerate USB device [ 188.649305][ T7867] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 188.662400][ T5884] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 188.687751][ T7874] ieee802154 phy0 wpan0: encryption failed: -22 [ 188.751256][ T7875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 188.760767][ T7875] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 188.774514][ T7875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 188.786488][ T7875] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 188.832130][ T5884] usb 4-1: config 0 has an invalid interface number: 179 but max is 0 [ 188.840519][ T5884] usb 4-1: config 0 has no interface number 0 [ 188.850806][ T5884] usb 4-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=7d.08 [ 188.859900][ T5884] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.867886][ T5884] usb 4-1: Product: syz [ 188.872138][ T5884] usb 4-1: Manufacturer: syz [ 188.876752][ T5884] usb 4-1: SerialNumber: syz [ 188.884012][ T5884] usb 4-1: config 0 descriptor?? [ 188.891589][ T5884] usb-storage 4-1:0.179: USB Mass Storage device detected [ 188.903940][ T5884] usb-storage 4-1:0.179: device ignored [ 189.097064][ T2014] usb 4-1: USB disconnect, device number 25 [ 190.048575][ T2014] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 190.210019][ T2014] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 190.223138][ T2014] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 190.233954][ T2014] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.245627][ T2014] usb 3-1: config 0 descriptor?? [ 190.261867][ T2014] pwc: Askey VC010 type 2 USB webcam detected. [ 190.298996][ T45] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 190.462146][ T45] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 190.474912][ T45] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 190.487196][ T45] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 190.497614][ T45] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 190.511171][ T45] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 190.520746][ T45] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.539008][ T45] usb 4-1: config 0 descriptor?? [ 190.539954][ T7897] FAULT_INJECTION: forcing a failure. [ 190.539954][ T7897] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 190.561634][ T7897] CPU: 0 UID: 0 PID: 7897 Comm: syz.0.622 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 190.561661][ T7897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 190.561674][ T7897] Call Trace: [ 190.561684][ T7897] [ 190.561692][ T7897] dump_stack_lvl+0x189/0x250 [ 190.561712][ T7897] ? __pfx____ratelimit+0x10/0x10 [ 190.561731][ T7897] ? __pfx_dump_stack_lvl+0x10/0x10 [ 190.561758][ T7897] ? __pfx__printk+0x10/0x10 [ 190.561794][ T7897] should_fail_ex+0x414/0x560 [ 190.561829][ T7897] _copy_to_user+0x31/0xb0 [ 190.561849][ T7897] simple_read_from_buffer+0xe1/0x170 [ 190.561873][ T7897] proc_fail_nth_read+0x1df/0x250 [ 190.561905][ T7897] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 190.561940][ T7897] ? rw_verify_area+0x258/0x650 [ 190.561962][ T7897] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 190.561994][ T7897] vfs_read+0x1fd/0x980 [ 190.562015][ T7897] ? __pfx___mutex_lock+0x10/0x10 [ 190.562034][ T7897] ? __pfx_vfs_read+0x10/0x10 [ 190.562060][ T7897] ? __fget_files+0x2a/0x420 [ 190.562094][ T7897] ? __fget_files+0x3a0/0x420 [ 190.562119][ T7897] ? __fget_files+0x2a/0x420 [ 190.562154][ T7897] ksys_read+0x145/0x250 [ 190.562173][ T7897] ? __pfx_ksys_read+0x10/0x10 [ 190.562188][ T7897] ? rcu_is_watching+0x15/0xb0 [ 190.562215][ T7897] ? do_syscall_64+0xbe/0x3b0 [ 190.562246][ T7897] do_syscall_64+0xfa/0x3b0 [ 190.562271][ T7897] ? lockdep_hardirqs_on+0x9c/0x150 [ 190.562295][ T7897] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.562315][ T7897] ? clear_bhb_loop+0x60/0xb0 [ 190.562339][ T7897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.562359][ T7897] RIP: 0033:0x7fe11dd8d33c [ 190.562377][ T7897] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 190.562395][ T7897] RSP: 002b:00007fe11eb52030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 190.562416][ T7897] RAX: ffffffffffffffda RBX: 00007fe11dfb5fa0 RCX: 00007fe11dd8d33c [ 190.562431][ T7897] RDX: 000000000000000f RSI: 00007fe11eb520a0 RDI: 0000000000000005 [ 190.562443][ T7897] RBP: 00007fe11eb52090 R08: 0000000000000000 R09: 0000000000000000 [ 190.562455][ T7897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 190.562467][ T7897] R13: 0000000000000000 R14: 00007fe11dfb5fa0 R15: 00007ffe9fc5f588 [ 190.562492][ T7897] [ 190.676381][ T2014] pwc: recv_control_msg error -32 req 02 val 2b00 [ 190.817189][ T2014] pwc: recv_control_msg error -32 req 02 val 2700 [ 190.825998][ T2014] pwc: recv_control_msg error -32 req 02 val 2c00 [ 190.835755][ T2014] pwc: recv_control_msg error -32 req 04 val 1000 [ 190.843260][ T2014] pwc: recv_control_msg error -32 req 04 val 1300 [ 190.852589][ T2014] pwc: recv_control_msg error -32 req 04 val 1400 [ 190.863362][ T2014] pwc: recv_control_msg error -32 req 02 val 2000 [ 190.870084][ T7885] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 190.881480][ T7885] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 190.890376][ T2014] pwc: recv_control_msg error -32 req 02 val 2100 [ 190.898080][ T2014] pwc: recv_control_msg error -32 req 04 val 1500 [ 190.905662][ T2014] pwc: recv_control_msg error -32 req 02 val 2500 [ 190.913724][ T2014] pwc: recv_control_msg error -32 req 02 val 2400 [ 190.964107][ T7899] erofs (device nbd0): cannot find valid erofs superblock [ 190.979331][ T45] usbhid 4-1:0.0: can't add hid device: -71 [ 190.985357][ T45] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 190.994557][ T7899] binder: BC_ACQUIRE_RESULT not supported [ 191.000884][ T45] usb 4-1: USB disconnect, device number 26 [ 191.001097][ T7899] binder: 7898:7899 ioctl c0306201 200000000580 returned -22 [ 191.022279][ T7899] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 191.032970][ T7899] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 191.125606][ T2014] pwc: recv_control_msg error -71 req 02 val 2900 [ 191.133459][ T2014] pwc: recv_control_msg error -71 req 02 val 2800 [ 191.141597][ T2014] pwc: recv_control_msg error -71 req 04 val 1100 [ 191.148936][ T2014] pwc: recv_control_msg error -71 req 04 val 1200 [ 191.157922][ T2014] pwc: Registered as video103. [ 191.167956][ T2014] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input16 [ 191.196723][ T2014] usb 3-1: USB disconnect, device number 25 [ 191.390821][ T7905] syz.1.625: attempt to access beyond end of device [ 191.390821][ T7905] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 191.722790][ T7919] netlink: 'syz.0.628': attribute type 11 has an invalid length. [ 191.806875][ T7927] netlink: 'syz.0.628': attribute type 11 has an invalid length. [ 192.321526][ T7943] netlink: 16 bytes leftover after parsing attributes in process `syz.3.634'. [ 192.556595][ T7952] netlink: 16 bytes leftover after parsing attributes in process `syz.3.638'. [ 192.572085][ T7952] hugetlbfs: Unknown parameter 'trans' [ 192.678700][ T5942] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 192.739450][ T7956] FAULT_INJECTION: forcing a failure. [ 192.739450][ T7956] name failslab, interval 1, probability 0, space 0, times 0 [ 192.787256][ T7956] CPU: 0 UID: 0 PID: 7956 Comm: syz.0.640 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 192.787284][ T7956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 192.787296][ T7956] Call Trace: [ 192.787304][ T7956] [ 192.787313][ T7956] dump_stack_lvl+0x189/0x250 [ 192.787342][ T7956] ? __pfx____ratelimit+0x10/0x10 [ 192.787376][ T7956] ? __pfx_dump_stack_lvl+0x10/0x10 [ 192.787399][ T7956] ? __pfx__printk+0x10/0x10 [ 192.787428][ T7956] ? __pfx___might_resched+0x10/0x10 [ 192.787446][ T7956] ? fs_reclaim_acquire+0x7d/0x100 [ 192.787477][ T7956] should_fail_ex+0x414/0x560 [ 192.787512][ T7956] should_failslab+0xa8/0x100 [ 192.787538][ T7956] __kmalloc_cache_noprof+0x70/0x3d0 [ 192.787561][ T7956] ? sctp_transport_new+0x7e/0x640 [ 192.787586][ T7956] sctp_transport_new+0x7e/0x640 [ 192.787609][ T7956] sctp_assoc_add_peer+0x260/0x13b0 [ 192.787642][ T7956] ? sctp_bind_addr_copy+0x380/0x3c0 [ 192.787672][ T7956] sctp_connect_new_asoc+0x30a/0x690 [ 192.787705][ T7956] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 192.787736][ T7956] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 192.787783][ T7956] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 192.787809][ T7956] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 192.787839][ T7956] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 192.787857][ T7956] ? security_sctp_bind_connect+0x7e/0x2e0 [ 192.787888][ T7956] sctp_sendmsg+0x155c/0x2810 [ 192.787928][ T7956] ? __pfx_sctp_sendmsg+0x10/0x10 [ 192.787959][ T7956] ? aa_sk_perm+0x81e/0x950 [ 192.787982][ T7956] ? __pfx_aa_sk_perm+0x10/0x10 [ 192.788005][ T7956] ? sock_rps_record_flow+0x19/0x410 [ 192.788030][ T7956] ? inet_sendmsg+0x2f4/0x370 [ 192.788050][ T7956] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 192.788082][ T7956] __sock_sendmsg+0x19c/0x270 [ 192.788113][ T7956] __sys_sendto+0x3bd/0x520 [ 192.788144][ T7956] ? __pfx___sys_sendto+0x10/0x10 [ 192.788169][ T7956] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 192.788208][ T7956] ? __fget_files+0x3a0/0x420 [ 192.788247][ T7956] ? ksys_write+0x22a/0x250 [ 192.788273][ T7956] ? __pfx_ksys_write+0x10/0x10 [ 192.788294][ T7956] ? rcu_is_watching+0x15/0xb0 [ 192.788319][ T7956] __x64_sys_sendto+0xde/0x100 [ 192.788351][ T7956] do_syscall_64+0xfa/0x3b0 [ 192.788382][ T7956] ? lockdep_hardirqs_on+0x9c/0x150 [ 192.788406][ T7956] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.788426][ T7956] ? clear_bhb_loop+0x60/0xb0 [ 192.788450][ T7956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.788469][ T7956] RIP: 0033:0x7fe11dd8e929 [ 192.788487][ T7956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.788504][ T7956] RSP: 002b:00007fe11eb52038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 192.788525][ T7956] RAX: ffffffffffffffda RBX: 00007fe11dfb5fa0 RCX: 00007fe11dd8e929 [ 192.788539][ T7956] RDX: 0000000000000001 RSI: 0000200000000200 RDI: 0000000000000003 [ 192.788552][ T7956] RBP: 00007fe11eb52090 R08: 0000200000000140 R09: 000000000000001c [ 192.788565][ T7956] R10: 000000000400c0d4 R11: 0000000000000246 R12: 0000000000000001 [ 192.788577][ T7956] R13: 0000000000000000 R14: 00007fe11dfb5fa0 R15: 00007ffe9fc5f588 [ 192.788608][ T7956] [ 193.099843][ C0] vkms_vblank_simulate: vblank timer overrun [ 193.151308][ T5942] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 193.163641][ T5942] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 193.174575][ T5942] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 193.184550][ T5942] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 193.197674][ T5942] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 193.206781][ T5942] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.218754][ T5942] usb 3-1: config 0 descriptor?? [ 193.267182][ T7962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 193.276538][ T7962] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 193.368600][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 193.378166][ T0] NOHZ tick-stop error: local softirq work is pending, handler #280!!! [ 193.388142][ T0] NOHZ tick-stop error: local softirq work is pending, handler #280!!! [ 193.698827][ T5942] usbhid 3-1:0.0: can't add hid device: -71 [ 193.733387][ T5942] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 193.827580][ T5942] usb 3-1: USB disconnect, device number 26 [ 194.359681][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.366189][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.766766][ T7983] delete_channel: no stack [ 197.189211][ T7994] fuse: Invalid rootmode [ 197.566934][ T8008] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 198.464268][ T8015] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 198.492292][ T8015] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 198.525372][ T30] audit: type=1326 audit(1751401373.370:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8013 comm="syz.2.662" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e0758e929 code=0x0 [ 198.528362][ T8015] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 198.602293][ T8015] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 198.640971][ T30] audit: type=1800 audit(1751401373.490:14): pid=8018 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.664" name="bus" dev="overlay" ino=894 res=0 errno=0 [ 198.835292][ T5942] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 198.861816][ T5942] hid-generic 0000:0000:0000.000A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 199.158261][ T24] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 199.330594][ T24] usb 4-1: unable to get BOS descriptor or descriptor too short [ 199.339718][ T24] usb 4-1: not running at top speed; connect to a high speed hub [ 199.412754][ T24] usb 4-1: config 129 has an invalid interface number: 61 but max is 0 [ 199.694937][ T24] usb 4-1: config 129 has no interface number 0 [ 199.711709][ T24] usb 4-1: config 129 interface 61 has no altsetting 0 [ 199.771986][ T24] usb 4-1: New USB device found, idVendor=17cc, idProduct=1020, bcdDevice=fb.92 [ 199.788322][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.802826][ T24] usb 4-1: Product: syz [ 199.810360][ T24] usb 4-1: Manufacturer: syz [ 199.815075][ T24] usb 4-1: SerialNumber: syz [ 200.308577][ T8035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 200.330370][ T8035] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 200.393797][ T24] snd-usb-audio 4-1:129.61: probe with driver snd-usb-audio failed with error -71 [ 200.413620][ T24] usb 4-1: USB disconnect, device number 27 [ 201.392478][ T8050] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 201.408634][ T8050] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 202.507367][ T8078] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 202.543933][ T8078] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 202.764349][ T8083] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 203.447653][ T8091] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 204.155295][ T8094] netlink: 256 bytes leftover after parsing attributes in process `syz.0.693'. [ 204.164362][ T8094] netlink: 72 bytes leftover after parsing attributes in process `syz.0.693'. [ 207.484748][ T30] audit: type=1800 audit(1751401382.330:15): pid=8122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.703" name="bus" dev="overlay" ino=1004 res=0 errno=0 [ 207.631281][ T8127] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 207.671373][ T8127] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 207.728351][ T8127] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 207.780680][ T8127] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 207.836818][ T8127] input: syz1 as /devices/virtual/input/input19 [ 208.481751][ T30] audit: type=1800 audit(1751401383.330:16): pid=8148 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.714" name="bus" dev="overlay" ino=898 res=0 errno=0 [ 209.935198][ T30] audit: type=1800 audit(1751401384.780:17): pid=8170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.723" name="bus" dev="overlay" ino=927 res=0 errno=0 [ 210.402408][ T8186] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 210.568008][ T8193] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0. [ 211.645660][ T8203] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 211.676897][ T8203] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 214.019684][ T8217] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 215.620379][ T8258] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 218.347160][ T8292] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 218.798173][ T5884] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 219.078175][ T5884] usb 3-1: Using ep0 maxpacket: 8 [ 219.185398][ T5884] usb 3-1: config 6 has an invalid interface number: 2 but max is 0 [ 219.347187][ T5884] usb 3-1: config 6 has no interface number 0 [ 219.353547][ T5884] usb 3-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 219.365731][ T5884] usb 3-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xDD, changing to 0x8D [ 219.385607][ T5884] usb 3-1: config 6 interface 2 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0 [ 219.443019][ T5884] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 219.457749][ T5884] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.473338][ T5884] usb 3-1: Product: syz [ 219.508158][ T5884] usb 3-1: Manufacturer: syz [ 219.512805][ T5884] usb 3-1: SerialNumber: syz [ 219.601588][ T5884] hso 3-1:6.2: Failed to find INT IN ep [ 219.932710][ T2014] usb 3-1: USB disconnect, device number 27 [ 220.514647][ T8322] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 224.344141][ T8380] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 224.354866][ T8380] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 226.118667][ T5884] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 226.392012][ T5884] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 226.471413][ T5884] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 226.497302][ T5884] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 226.522096][ T5884] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 226.554049][ T5884] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 226.586549][ T5884] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.623922][ T5884] usb 3-1: config 0 descriptor?? [ 227.192511][ T5884] plantronics 0003:047F:FFFF.000B: ignoring exceeding usage max [ 227.216431][ T5884] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 227.923204][ T5884] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 227.935591][ T5884] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 227.943357][ T5884] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 227.951552][ T5884] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 227.966718][ T5884] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 227.990497][ T5884] usb 3-1: USB disconnect, device number 28 [ 230.095430][ T8467] overlayfs: failed to resolve './file1': -2 [ 230.590271][ T8470] netlink: 192 bytes leftover after parsing attributes in process `syz.3.840'. [ 231.815342][ T8495] overlayfs: failed to resolve './file1': -2 [ 235.061243][ T8565] ieee802154 phy0 wpan0: encryption failed: -22 [ 235.147880][ T8560] kvm: pic: non byte write [ 235.968746][ T8587] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 239.587872][ T8619] netlink: 'syz.1.896': attribute type 1 has an invalid length. [ 239.595937][ T8621] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 239.596574][ T8619] netlink: 224 bytes leftover after parsing attributes in process `syz.1.896'. [ 239.611375][ T8621] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 242.189140][ T8651] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 242.270329][ T5942] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 243.014063][ T5942] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 243.042284][ T5942] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 243.098174][ T5942] usb 3-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 243.160448][ T5942] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.450241][ T5942] usb 3-1: config 0 descriptor?? [ 243.992834][ T5942] Bluetooth: Can't get state to change to load configuration err [ 244.248439][ T5942] Bluetooth: Loading sysconfig file failed [ 244.254315][ T5942] ath3k 3-1:0.0: probe with driver ath3k failed with error -16 [ 244.312802][ T5942] usb 3-1: USB disconnect, device number 29 [ 245.120674][ T8680] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 245.457814][ T8696] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 246.239311][ T8710] netlink: 104 bytes leftover after parsing attributes in process `syz.3.932'. [ 246.675851][ T8719] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 246.910263][ T8731] overlayfs: conflicting options: nfs_export=on,index=off [ 247.770269][ T8753] netlink: 8 bytes leftover after parsing attributes in process `syz.1.946'. [ 248.284969][ T8758] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 249.081087][ T8782] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 250.391796][ T8799] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«= [ 250.930796][ T8796] [U] J"—e:ÀÆ" [ 251.550167][ T8811] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 255.628192][ T30] audit: type=1326 audit(1751401430.460:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8878 comm="syz.3.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71bd38e929 code=0x7ffc0000 [ 255.654996][ T30] audit: type=1326 audit(1751401430.460:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8878 comm="syz.3.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71bd38e929 code=0x7ffc0000 [ 255.678752][ T30] audit: type=1326 audit(1751401430.460:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8878 comm="syz.3.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f71bd38e929 code=0x7ffc0000 [ 255.700998][ T30] audit: type=1326 audit(1751401430.500:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8881 comm="syz.3.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f71bd3c11e5 code=0x7ffc0000 [ 255.723641][ T30] audit: type=1326 audit(1751401430.500:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8878 comm="syz.3.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71bd38e929 code=0x7ffc0000 [ 255.750478][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.410212][ T30] audit: type=1326 audit(1751401430.500:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8878 comm="syz.3.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71bd38e929 code=0x7ffc0000 [ 256.432528][ T30] audit: type=1326 audit(1751401430.500:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8878 comm="syz.3.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f71bd38e929 code=0x7ffc0000 [ 256.456424][ T30] audit: type=1326 audit(1751401430.500:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8878 comm="syz.3.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71bd38e929 code=0x7ffc0000 [ 256.516109][ T30] audit: type=1326 audit(1751401430.500:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8878 comm="syz.3.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71bd38e929 code=0x7ffc0000 [ 256.568159][ T30] audit: type=1326 audit(1751401430.500:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8878 comm="syz.3.993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f71bd32ab19 code=0x7ffc0000 [ 257.426400][ T2014] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 258.395638][ T2014] usb 3-1: device descriptor read/64, error -71 [ 258.477313][ T8911] overlayfs: failed to resolve './file1': -2 [ 258.658622][ T2014] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 258.716899][ T8923] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 258.798280][ T2014] usb 3-1: device descriptor read/64, error -71 [ 259.808993][ T2014] usb usb3-port1: attempt power cycle [ 259.913968][ T8936] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 259.924931][ T8936] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 259.950723][ T8938] overlayfs: failed to resolve './file1': -2 [ 260.992690][ T8950] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 261.142893][ T8957] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 261.151080][ T8958] overlayfs: failed to resolve './file1': -2 [ 261.160570][ T8957] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 261.313484][ T8962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 261.322715][ T8962] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 261.448181][ T2014] usb 3-1: new full-speed USB device number 32 using dummy_hcd [ 261.472240][ T2014] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 261.483562][ T2014] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00 [ 261.492686][ T2014] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.503769][ T2014] usb 3-1: config 0 descriptor?? [ 261.779285][ T8964] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1027'. [ 262.034964][ T2014] pyra 0003:1E7D:2C24.000C: hidraw0: USB HID v0.08 Device [HID 1e7d:2c24] on usb-dummy_hcd.2-1/input0 [ 262.043809][ T8973] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 262.165719][ T8974] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 262.316179][ T2014] usb 3-1: USB disconnect, device number 32 [ 262.862197][ T8982] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 262.878596][ T8982] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 263.966558][ T8999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 264.024187][ T8999] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 266.501060][ T9028] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 266.518873][ T9028] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 270.740524][ T5884] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 270.899881][ T5884] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 270.931573][ T5884] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 270.943119][ T5884] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 270.967097][ T5884] usb 4-1: config 0 interface 0 has no altsetting 0 [ 270.984878][ T5884] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 271.002417][ T5884] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 271.035112][ T5884] usb 4-1: config 0 interface 0 has no altsetting 0 [ 271.054009][ T5884] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 271.076341][ T5884] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 271.096002][ T9098] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 271.105813][ T5884] usb 4-1: config 0 interface 0 has no altsetting 0 [ 271.120879][ T9098] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 271.145144][ T5884] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 271.176390][ T5884] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 271.207945][ T5884] usb 4-1: config 0 interface 0 has no altsetting 0 [ 271.225534][ T5884] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 271.242295][ T5884] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 271.265760][ T5884] usb 4-1: config 0 interface 0 has no altsetting 0 [ 271.281368][ T5884] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 271.294707][ T5884] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 271.320775][ T5884] usb 4-1: config 0 interface 0 has no altsetting 0 [ 271.336647][ T5884] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 271.349038][ T5884] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 271.372628][ T5884] usb 4-1: config 0 interface 0 has no altsetting 0 [ 271.387117][ T5884] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 271.399336][ T5884] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 271.421722][ T5884] usb 4-1: config 0 interface 0 has no altsetting 0 [ 271.438451][ T5884] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 271.449720][ T5884] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 271.475394][ T5884] usb 4-1: Product: syz [ 271.489265][ T5884] usb 4-1: Manufacturer: syz [ 271.504769][ T5884] usb 4-1: SerialNumber: syz [ 271.530531][ T5884] usb 4-1: config 0 descriptor?? [ 271.548922][ T5884] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 272.305444][ T9] usb 4-1: USB disconnect, device number 28 [ 272.315288][ T9] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 272.743930][ T9119] overlayfs: failed to resolve './file1': -2 [ 273.004370][ T9127] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 273.036960][ T9127] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 273.720826][ T9144] overlayfs: failed to resolve './file1': -2 [ 273.880541][ T9150] 9pnet_fd: Insufficient options for proto=fd [ 275.273320][ T9172] overlayfs: failed to resolve './file1': -2 [ 275.336137][ T9176] overlayfs: missing 'lowerdir' [ 275.368442][ T45] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 275.394787][ T9180] 9pnet_fd: Insufficient options for proto=fd [ 275.708558][ T45] usb 3-1: Using ep0 maxpacket: 8 [ 275.724823][ T45] usb 3-1: config 6 has an invalid interface number: 2 but max is 0 [ 275.732986][ T45] usb 3-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 276.450368][ T45] usb 3-1: config 6 has no interface number 0 [ 276.456890][ T45] usb 3-1: config 6 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 276.484537][ T45] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 276.493787][ T45] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.578151][ T45] usb 3-1: Product: syz [ 276.597315][ T45] usb 3-1: Manufacturer: syz [ 276.612804][ T45] usb 3-1: SerialNumber: syz [ 276.647158][ T45] hso 3-1:6.2: Failed to find INT IN ep [ 276.847978][ T9204] overlayfs: failed to resolve './file0': -2 [ 276.867187][ T45] usb 3-1: USB disconnect, device number 33 [ 277.073097][ T9210] overlayfs: missing 'lowerdir' [ 277.139171][ T9214] 9pnet_fd: Insufficient options for proto=fd [ 277.572305][ T9226] overlayfs: failed to resolve './file0': -2 [ 278.673838][ T9242] overlayfs: missing 'lowerdir' [ 279.088296][ T9] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 279.206341][ T9262] overlayfs: failed to resolve './file0': -2 [ 279.248263][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 279.264423][ T9] usb 4-1: config 6 has an invalid interface number: 2 but max is 0 [ 279.276019][ T9] usb 4-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 279.303351][ T9] usb 4-1: config 6 has no interface number 0 [ 279.316866][ T9] usb 4-1: config 6 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 279.336230][ T9] usb 4-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 279.345769][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.357155][ T9] usb 4-1: Product: syz [ 279.371997][ T9] usb 4-1: Manufacturer: syz [ 279.376843][ T9] usb 4-1: SerialNumber: syz [ 279.592204][ T9] hso 4-1:6.2: Failed to find INT IN ep [ 280.038516][ T9] usb 4-1: USB disconnect, device number 29 [ 280.297344][ T9275] overlayfs: missing 'lowerdir' [ 281.115802][ T9288] overlayfs: failed to resolve './file0': -2 [ 281.513835][ T9304] overlayfs: missing 'lowerdir' [ 282.392208][ T9314] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 282.470039][ T9314] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 282.756806][ T9327] overlayfs: failed to resolve './file0': -2 [ 282.916175][ T9331] overlayfs: missing 'lowerdir' [ 283.911188][ T9346] : entered promiscuous mode [ 284.565010][ T9358] overlayfs: failed to resolve './file0': -2 [ 284.714056][ T9365] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 284.726933][ T9365] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 284.888189][ T45] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 285.038257][ T45] usb 4-1: Using ep0 maxpacket: 8 [ 285.053200][ T45] usb 4-1: config 6 has an invalid interface number: 2 but max is 0 [ 285.063584][ T45] usb 4-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 285.089324][ T45] usb 4-1: config 6 has no interface number 0 [ 285.103526][ T45] usb 4-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 285.124885][ T45] usb 4-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 285.151080][ T45] usb 4-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 285.173773][ T45] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.183466][ T45] usb 4-1: Product: syz [ 285.187673][ T45] usb 4-1: Manufacturer: syz [ 285.818863][ T45] usb 4-1: SerialNumber: syz [ 285.837056][ T45] hso 4-1:6.2: Failed to find INT IN ep [ 286.097063][ T45] usb 4-1: USB disconnect, device number 30 [ 286.129589][ T9389] overlayfs: failed to resolve './file1': -2 [ 286.519513][ T9392] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 286.537480][ T9392] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 287.051390][ T9416] overlayfs: failed to resolve './file1': -2 [ 288.262083][ T9426] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 288.318650][ T9426] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 288.429731][ T9434] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 288.447723][ T9434] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 288.662779][ T9445] overlayfs: failed to resolve './file1': -2 [ 290.069708][ T9462] overlayfs: missing 'lowerdir' [ 290.755592][ T9487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 290.791919][ T9487] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 290.833390][ T9491] overlayfs: missing 'lowerdir' [ 292.453257][ T9526] overlayfs: missing 'lowerdir' [ 292.601559][ T9534] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 292.636220][ T9534] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 294.050331][ T9562] overlayfs: missing 'workdir' [ 295.494889][ T9587] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 295.527156][ T9587] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 296.427302][ T9601] overlayfs: missing 'workdir' [ 297.779807][ T9623] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 297.799092][ T9623] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 297.979927][ T9636] overlayfs: missing 'workdir' [ 300.666713][ T5945] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 300.968358][ T5945] usb 4-1: Using ep0 maxpacket: 8 [ 300.994326][ T5945] usb 4-1: config 6 has an invalid interface number: 2 but max is 0 [ 301.002519][ T5945] usb 4-1: config 6 has no interface number 0 [ 301.020552][ T5945] usb 4-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 301.039973][ T5945] usb 4-1: config 6 interface 2 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 301.079972][ T5945] usb 4-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 301.089277][ T5945] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.101132][ T5945] usb 4-1: Product: syz [ 301.105340][ T5945] usb 4-1: Manufacturer: syz [ 301.128188][ T5945] usb 4-1: SerialNumber: syz [ 301.137900][ T5945] hso 4-1:6.2: Failed to find INT IN ep [ 301.360855][ T2014] usb 4-1: USB disconnect, device number 31 [ 302.038703][ T9713] loop8: detected capacity change from 0 to 16384 [ 303.209528][ T5945] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 303.948150][ T5945] usb 3-1: Using ep0 maxpacket: 8 [ 303.963358][ T5945] usb 3-1: config 6 has an invalid interface number: 2 but max is 0 [ 303.997133][ T5945] usb 3-1: config 6 has no interface number 0 [ 304.054616][ T5945] usb 3-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 304.146434][ T5945] usb 3-1: config 6 interface 2 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 304.323763][ T5945] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 304.333154][ T5945] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.343739][ T5945] usb 3-1: Product: syz [ 304.352933][ T5945] usb 3-1: Manufacturer: syz [ 304.370452][ T5945] usb 3-1: SerialNumber: syz [ 304.571493][ T5945] hso 3-1:6.2: Failed to find INT IN ep [ 304.780296][ T5945] usb 3-1: USB disconnect, device number 34 [ 306.298851][ T31] INFO: task kworker/1:5:5901 blocked for more than 143 seconds. [ 306.307257][ T31] Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 [ 306.314936][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 306.338171][ T31] task:kworker/1:5 state:D stack:21368 pid:5901 tgid:5901 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 306.358190][ T31] Workqueue: usb_hub_wq hub_event [ 306.363448][ T31] Call Trace: [ 306.366755][ T31] [ 306.377525][ T31] __schedule+0x16f5/0x4d00 [ 306.383054][ T31] ? __schedule+0x1713/0x4d00 [ 306.408392][ T31] ? schedule+0x165/0x360 [ 306.412790][ T31] ? __lock_acquire+0xab9/0xd20 [ 306.417684][ T31] ? __pfx___schedule+0x10/0x10 [ 306.442006][ T31] ? schedule+0x91/0x360 [ 306.446551][ T31] schedule+0x165/0x360 [ 306.451185][ T31] schedule_timeout+0x9a/0x270 [ 306.456001][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 306.462310][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 306.467738][ T31] ? wait_for_completion+0x267/0x5d0 [ 306.473076][ T31] wait_for_completion+0x2bf/0x5d0 [ 306.478320][ T31] ? __pfx_wait_for_completion+0x10/0x10 [ 306.483993][ T31] i2c_del_adapter+0x581/0x6e0 [ 306.488878][ T31] ? __pfx_i2c_del_adapter+0x10/0x10 [ 306.494211][ T31] ? rcu_is_watching+0x15/0xb0 [ 306.499300][ T31] ? dvb_usb_adapter_exit+0xd7/0x240 [ 306.504634][ T31] dvb_usb_i2c_exit+0x64/0xb0 [ 306.509748][ T31] dvb_usb_device_exit+0x1be/0x350 [ 306.514907][ T31] ? __pfx_dvb_usb_device_exit+0x10/0x10 [ 306.520878][ T31] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 306.526892][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 306.532169][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 306.538168][ T31] cxusb_probe+0x603/0x700 [ 306.542702][ T31] ? __pfx_cxusb_probe+0x10/0x10 [ 306.547654][ T31] ? __pm_runtime_set_status+0x785/0xa50 [ 306.553342][ T31] usb_probe_interface+0x634/0xbf0 [ 306.558536][ T31] ? __pfx_usb_probe_interface+0x10/0x10 [ 306.564219][ T31] really_probe+0x26d/0x9a0 [ 306.568805][ T31] __driver_probe_device+0x18c/0x2f0 [ 306.574153][ T31] driver_probe_device+0x4f/0x430 [ 306.579249][ T31] __device_attach_driver+0x2ce/0x530 [ 306.584646][ T31] bus_for_each_drv+0x24e/0x2e0 [ 306.589551][ T31] ? __pfx___device_attach_driver+0x10/0x10 [ 306.595475][ T31] ? __pfx_bus_for_each_drv+0x10/0x10 [ 306.600923][ T31] __device_attach+0x2b8/0x400 [ 306.605727][ T31] ? __pfx___device_attach+0x10/0x10 [ 306.611170][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 306.616398][ T31] bus_probe_device+0x185/0x260 [ 306.621368][ T31] device_add+0x7b6/0xb50 [ 306.625827][ T31] usb_set_configuration+0x1a87/0x20e0 [ 306.631414][ T31] usb_generic_driver_probe+0x8d/0x150 [ 306.636908][ T31] usb_probe_device+0x1c4/0x390 [ 306.641933][ T31] ? __pfx_usb_probe_device+0x10/0x10 [ 306.647451][ T31] really_probe+0x26d/0x9a0 [ 306.652082][ T31] __driver_probe_device+0x18c/0x2f0 [ 306.657423][ T31] driver_probe_device+0x4f/0x430 [ 306.662515][ T31] __device_attach_driver+0x2ce/0x530 [ 306.667919][ T31] bus_for_each_drv+0x24e/0x2e0 [ 306.672862][ T31] ? __pfx___device_attach_driver+0x10/0x10 [ 306.678813][ T31] ? __pfx_bus_for_each_drv+0x10/0x10 [ 306.684221][ T31] __device_attach+0x2b8/0x400 [ 306.689048][ T31] ? __pfx___device_attach+0x10/0x10 [ 306.694359][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 306.699617][ T31] bus_probe_device+0x185/0x260 [ 306.704498][ T31] device_add+0x7b6/0xb50 [ 306.708889][ T31] usb_new_device+0xa39/0x16f0 [ 306.713710][ T31] ? __pfx_usb_new_device+0x10/0x10 [ 306.719015][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 306.724242][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 306.729520][ T31] hub_event+0x2941/0x4a00 [ 306.733960][ T31] ? __lock_acquire+0xab9/0xd20 [ 306.738950][ T31] ? __pfx_hub_event+0x10/0x10 [ 306.743739][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 306.749534][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 306.754761][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 306.760556][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 306.766308][ T31] process_scheduled_works+0xae1/0x17b0 [ 306.772059][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 306.781393][ T31] worker_thread+0x8a0/0xda0 [ 306.786011][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 306.792404][ T31] ? __kthread_parkme+0x7b/0x200 [ 306.797397][ T31] kthread+0x70e/0x8a0 [ 306.801559][ T31] ? __pfx_worker_thread+0x10/0x10 [ 306.806733][ T31] ? __pfx_kthread+0x10/0x10 [ 306.811418][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 306.816733][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 306.821997][ T31] ? __pfx_kthread+0x10/0x10 [ 306.826642][ T31] ret_from_fork+0x3fc/0x770 [ 306.831316][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 306.836469][ T31] ? __switch_to_asm+0x39/0x70 [ 306.841283][ T31] ? __switch_to_asm+0x33/0x70 [ 306.846085][ T31] ? __pfx_kthread+0x10/0x10 [ 306.850744][ T31] ret_from_fork_asm+0x1a/0x30 [ 306.855555][ T31] [ 306.858770][ T31] [ 306.858770][ T31] Showing all locks held in the system: [ 306.866503][ T31] 1 lock held by khungtaskd/31: [ 306.872030][ T31] #0: ffffffff8e33bee0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 306.881994][ T31] 2 locks held by getty/5596: [ 306.886698][ T31] #0: ffff88814e2e00a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 306.896549][ T31] #1: ffffc9000331b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 306.906738][ T31] 1 lock held by syz-executor/5836: [ 306.912116][ T31] #0: ffffffff8e3419f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 [ 306.925769][ T31] 4 locks held by udevd/5841: [ 306.932501][ T31] #0: ffff8880773ab0a0 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10 [ 306.946606][ T31] #1: ffff88805b1fa888 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x55/0x3c0 [ 306.956150][ T31] #2: ffff88805c16e0f8 (kn->active#22){.+.+}-{0:0}, at: kernfs_seq_start+0x75/0x3c0 [ 306.965831][ T31] #3: ffff888021afa198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0 [ 306.975290][ T31] 5 locks held by kworker/1:5/5901: [ 306.980542][ T31] #0: ffff8880222ae948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 306.991940][ T31] #1: ffffc900048f7bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 307.003858][ T31] #2: ffff888145f0d198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00 [ 307.012804][ T31] #3: ffff888021afa198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 [ 307.022182][ T31] #4: ffff888021afc160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 [ 307.031503][ T31] [ 307.033859][ T31] ============================================= [ 307.033859][ T31] [ 307.043944][ T31] NMI backtrace for cpu 1 [ 307.043963][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 307.043986][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 307.043998][ T31] Call Trace: [ 307.044006][ T31] [ 307.044014][ T31] dump_stack_lvl+0x189/0x250 [ 307.044039][ T31] ? __wake_up_klogd+0xd9/0x110 [ 307.044067][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 307.044100][ T31] ? __pfx__printk+0x10/0x10 [ 307.044133][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 307.044156][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 307.044172][ T31] ? _printk+0xcf/0x120 [ 307.044197][ T31] ? __pfx__printk+0x10/0x10 [ 307.044219][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 307.044249][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 307.044271][ T31] watchdog+0xfee/0x1030 [ 307.044297][ T31] ? watchdog+0x1de/0x1030 [ 307.044330][ T31] kthread+0x70e/0x8a0 [ 307.044355][ T31] ? __pfx_watchdog+0x10/0x10 [ 307.044378][ T31] ? __pfx_kthread+0x10/0x10 [ 307.044402][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 307.044423][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 307.044443][ T31] ? __pfx_kthread+0x10/0x10 [ 307.044465][ T31] ret_from_fork+0x3fc/0x770 [ 307.044497][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 307.044531][ T31] ? __switch_to_asm+0x39/0x70 [ 307.044552][ T31] ? __switch_to_asm+0x33/0x70 [ 307.044573][ T31] ? __pfx_kthread+0x10/0x10 [ 307.044596][ T31] ret_from_fork_asm+0x1a/0x30 [ 307.044633][ T31] [ 307.044640][ T31] Sending NMI from CPU 1 to CPUs 0: [ 307.206537][ C0] NMI backtrace for cpu 0 [ 307.206554][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 307.206572][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 307.206583][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 307.206607][ C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 45 11 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 307.206620][ C0] RSP: 0018:ffffffff8e007d80 EFLAGS: 000002c6 [ 307.206635][ C0] RAX: 99f3b6a394c45f00 RBX: ffffffff81971188 RCX: 99f3b6a394c45f00 [ 307.206652][ C0] RDX: 0000000000000001 RSI: ffffffff8da68861 RDI: ffffffff8be4a9c0 [ 307.206663][ C0] RBP: ffffffff8e007ea8 R08: ffff8880b8632f1b R09: 1ffff110170c65e3 [ 307.206675][ C0] R10: dffffc0000000000 R11: ffffed10170c65e4 R12: ffffffff8fc29730 [ 307.206686][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1c12a50 [ 307.206714][ C0] FS: 0000000000000000(0000) GS:ffff8881259e4000(0000) knlGS:0000000000000000 [ 307.206728][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 307.206739][ C0] CR2: 00007fe11df80ab8 CR3: 00000000762b0000 CR4: 00000000003526f0 [ 307.206753][ C0] Call Trace: [ 307.206760][ C0] [ 307.206767][ C0] default_idle+0x13/0x20 [ 307.206789][ C0] default_idle_call+0x74/0xb0 [ 307.206811][ C0] do_idle+0x1e8/0x510 [ 307.206831][ C0] ? __pfx_do_idle+0x10/0x10 [ 307.206853][ C0] cpu_startup_entry+0x44/0x60 [ 307.206869][ C0] rest_init+0x2de/0x300 [ 307.206892][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 307.206918][ C0] start_kernel+0x47d/0x500 [ 307.206940][ C0] x86_64_start_reservations+0x24/0x30 [ 307.206965][ C0] x86_64_start_kernel+0x143/0x1c0 [ 307.206988][ C0] common_startup_64+0x13e/0x147 [ 307.207016][ C0] [ 307.390442][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 307.397331][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 307.408649][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 307.418719][ T31] Call Trace: [ 307.422038][ T31] [ 307.424976][ T31] dump_stack_lvl+0x99/0x250 [ 307.429579][ T31] ? __asan_memcpy+0x40/0x70 [ 307.434185][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 307.439388][ T31] ? __pfx__printk+0x10/0x10 [ 307.443994][ T31] panic+0x2db/0x790 [ 307.447907][ T31] ? __pfx_panic+0x10/0x10 [ 307.452340][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 307.458156][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 307.463551][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 307.469742][ T31] watchdog+0x102d/0x1030 [ 307.474087][ T31] ? watchdog+0x1de/0x1030 [ 307.478522][ T31] kthread+0x70e/0x8a0 [ 307.482606][ T31] ? __pfx_watchdog+0x10/0x10 [ 307.487295][ T31] ? __pfx_kthread+0x10/0x10 [ 307.491894][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 307.497107][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 307.502311][ T31] ? __pfx_kthread+0x10/0x10 [ 307.506916][ T31] ret_from_fork+0x3fc/0x770 [ 307.511526][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 307.516664][ T31] ? __switch_to_asm+0x39/0x70 [ 307.521461][ T31] ? __switch_to_asm+0x33/0x70 [ 307.526232][ T31] ? __pfx_kthread+0x10/0x10 [ 307.530847][ T31] ret_from_fork_asm+0x1a/0x30 [ 307.535641][ T31] [ 307.539004][ T31] Kernel Offset: disabled [ 307.543331][ T31] Rebooting in 86400 seconds..