last executing test programs: 6.926699844s ago: executing program 4 (id=5757): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f0000000040)=r1}, 0x20) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r5}, 0x0, &(0x7f0000000040)}, 0x20) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 4.629603676s ago: executing program 1 (id=5769): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x1e, 0x80004, 0x0) socket(0x1e, 0x4, 0x0) sendmmsg(r1, 0x0, 0x0, 0x9200000000000000) unshare(0x40000300) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cpuinfo\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000023896) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1f"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={0x1}, 0x4) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000003c0)={'erspan0\x00', &(0x7f00000010c0)={'sit0\x00', 0x0, 0x80, 0x80, 0x5, 0x1, {{0x3d, 0x4, 0x1, 0x8, 0xf4, 0x68, 0x0, 0x6e, 0x4, 0x0, @broadcast, @remote, {[@ssrr={0x89, 0xb, 0x9e, [@multicast2, @dev={0xac, 0x14, 0x14, 0x3}]}, @generic={0x88, 0xe, "e1635c0754b3480000000000"}, @timestamp_addr={0x44, 0x44, 0xa1, 0x1, 0xb, [{@multicast1, 0x1}, {@private=0xa010100, 0x200}, {@dev={0xac, 0x14, 0x14, 0x38}, 0x1}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xfffffffd}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x72}, {@remote, 0x8000}, {@private=0xa010100, 0x3}, {@local, 0x3}]}, @cipso={0x86, 0x39, 0x1, [{0x6, 0x2}, {0x6, 0x4, '`{'}, {0x7, 0xb, "85bd5b904036cbade8"}, {0x6, 0x6, "f01dc7cf"}, {0x5, 0xe, "3246a79b8cc8431ba2f777e2"}, {0x0, 0xe, "b29e42ad913c290d7fac9cb2"}]}, @timestamp_prespec={0x44, 0x24, 0xb9, 0x3, 0x0, [{@rand_addr=0x64010100, 0x2}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8}, {@multicast2, 0xc9ac}, {@rand_addr=0x64010100, 0xb}]}, @timestamp_addr={0x44, 0x14, 0xc5, 0x1, 0x8, [{@dev={0xac, 0x14, 0x14, 0x40}, 0xffffff7f}, {@empty, 0x5}]}, @ra={0x94, 0x4}, @timestamp_prespec={0x44, 0xc, 0x59, 0x3, 0x9, [{@local, 0xab3}]}]}}}}}) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400), 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x18, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000ffffffde000000220700000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000002126f8ff01000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000540)='GPL\x00', 0xa, 0x32, &(0x7f0000000580)=""/50, 0x41100, 0x2, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000005c0)={0x3, 0x10, 0x2, 0xe4}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000600)=[0x1, 0x1], &(0x7f0000000640)=[{0x2, 0x4, 0xd, 0x2}], 0x10, 0x40000}, 0x94) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) 4.625357876s ago: executing program 4 (id=5770): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e2793b10d10501200006010203010902120008000000000904"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x3, 0x8000, 0x1}, 0x50) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r3}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback=0x3b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10) timer_create(0x0, &(0x7f00000003c0)={0x0, 0x21, 0x800000000004}, &(0x7f0000000380)) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) 4.381075561s ago: executing program 2 (id=5771): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000100000"], 0x0, 0xfa50, 0x0, 0x0, 0x0, 0x48}, 0x94) socket$nl_route(0x10, 0x3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r5) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r6, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054) (fail_nth: 1) 3.726447552s ago: executing program 1 (id=5774): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), r0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001812", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000340), 0x206, 0x8401) ioctl$USBDEVFS_BULK(r4, 0x4004550c, 0x0) (async, rerun: 64) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) (rerun: 64) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000005c0)=ANY=[@ANYRESDEC=r2, @ANYRES32, @ANYRES16=r0], &(0x7f00000001c0)='syzkaller\x00', 0x6, 0xcd, &(0x7f0000000600)=""/205, 0x41100, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r6 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x5, &(0x7f0000000000)=0x206) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async) keyctl$reject(0x13, 0x0, 0x400, 0x8000000000000204, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) (async) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000900)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000827bd75150500df49f6d75f00080003003c34adfce80f4d36b0282fda25938c79b434de7d0523ebc6ce9b04c9e301ec83e204aa876634b1c6d15ab2ae8b2ef9baf7ceb9a68499499af0a67740203bd6de7ccc0b76782fb6c35c81d289844d88ae12aae8783bd953f3975c5e8b363761595963ff1d89d2cac930905465e8619b1449a39b190c58ad81c654ac38f9cdc8c18ddf6dbc5595599d985e4f0b60a7b845fcc3d47179c63f80121e8eced1c4b496307a2ca9e134703357f73b87fc30245a68b7fc61d20b250431b573ea8d4f027cd7827a755e3bddf9383394acc530519687e83f623f995d3c70cf196255a085fae7c1b067bac0b8dcb56b602fa454f3f9417510bb50ba12d93448ac7c5992638e079170f8e64a7ea5e7f60c38791e7764f088dbda8b8a6c9e247127199750149606b91cd437234c5821374b6838200c87899df1fdcc2acfcfa317f1dd4712723d2edf28fa3778828406cf318a0d8470c975f6c45dce18d9de5600e0ad5482639f8097bc074b69ae58d53e5d9207bb4f3decc6e11a71198cec3d475800ae42cf0e5d9e0d0a18ff7ed171caf4eb803c359187cac19a685d608c8d67de1300"/444, @ANYRES32=r5, @ANYBLOB="0c0099000600000055000000"], 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x20004001) connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2) (async) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) (async) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) (async) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) (async) madvise(&(0x7f0000f0f000/0x2000)=nil, 0x2000, 0x15) (async) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) 3.655563663s ago: executing program 1 (id=5775): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000100000"], 0x0, 0xfa50, 0x0, 0x0, 0x0, 0x48}, 0x94) socket$nl_route(0x10, 0x3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r5) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r6, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054) 3.454379727s ago: executing program 2 (id=5776): pipe2$9p(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000400), 0x8) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x3, [@func_proto={0x0, 0x5, 0x0, 0xd, 0x0, [{0x5, 0x2}, {0x0, 0x3}, {0x3, 0x2}, {0xb}, {0xc, 0x3}]}]}, {0x0, [0x2e]}}, &(0x7f0000000300)=""/245, 0x4f, 0xf5, 0x0, 0x7, 0x10000, @value=r3}, 0x28) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00'}, 0x18) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r4, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10) sendto$inet(r4, &(0x7f0000000100), 0x0, 0x4004084, 0x0, 0x0) 2.959564496s ago: executing program 0 (id=5778): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020100008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000218c17", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r0 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0), 0x8) r1 = socket$inet6(0xa, 0x80002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000500)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x52, '\x00', 0x0, @fallback=0x35, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r5}, 0x18) r6 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r6, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x13}}, {0xa, 0x0, 0x5, @mcast2, 0x1}, 0x0, {[0x1, 0x0, 0x0, 0x0, 0x9]}}, 0x5c) setsockopt$MRT6_ADD_MFC(r6, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x4e24, 0xfffffffe, @dev={0xfe, 0x80, '\x00', 0x40}}, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00', 0xfffffffe}, 0x0, {[0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x3]}}, 0x5c) setsockopt$MRT6_FLUSH(r6, 0x29, 0xd4, &(0x7f0000000340)=0x6, 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socketpair(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r7, 0x0, &(0x7f0000000040)) sendmsg$NL80211_CMD_DEL_STATION(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB="141a017f", @ANYRES16=0x0, @ANYBLOB="00082cbd7000fbdbdf2514000000"], 0x14}, 0x1, 0x0, 0x0, 0x4048815}, 0x0) setsockopt$inet6_udp_int(r1, 0x11, 0x67, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e2a, 0xffffffff, @mcast2, 0x9}, 0x1c) close(r0) 2.669659542s ago: executing program 4 (id=5779): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{}, &(0x7f0000000480), &(0x7f0000000080)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r0}, 0x10) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)) 2.546911534s ago: executing program 2 (id=5780): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000480), &(0x7f0000000080)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) statx(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x4000, 0x40, &(0x7f00000006c0)) 2.319618048s ago: executing program 2 (id=5781): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, 0x0}, 0x20) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) dup2(r1, r1) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r6}, 0x0, &(0x7f0000000040)}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 2.319366968s ago: executing program 4 (id=5782): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020100008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000218c17", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r0 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0), 0x8) r1 = socket$inet6(0xa, 0x80002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000500)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x52, '\x00', 0x0, @fallback=0x35, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r5}, 0x18) r6 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r6, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x13}}, {0xa, 0x0, 0x5, @mcast2, 0x1}, 0x0, {[0x1, 0x0, 0x0, 0x0, 0x9]}}, 0x5c) setsockopt$MRT6_ADD_MFC(r6, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x4e24, 0xfffffffe, @dev={0xfe, 0x80, '\x00', 0x40}}, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00', 0xfffffffe}, 0x0, {[0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x3]}}, 0x5c) setsockopt$MRT6_FLUSH(r6, 0x29, 0xd4, &(0x7f0000000340)=0x6, 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socketpair(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r7, 0x0, &(0x7f0000000040)) sendmsg$NL80211_CMD_DEL_STATION(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB="141a017f", @ANYRES16=0x0, @ANYBLOB="00082cbd7000fbdbdf2514000000"], 0x14}, 0x1, 0x0, 0x0, 0x4048815}, 0x0) ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, &(0x7f0000000180)={{&(0x7f000043c000/0x4000)=nil, 0x4000}, 0x3}) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e2a, 0xffffffff, @mcast2, 0x9}, 0x1c) close(r0) 1.993420664s ago: executing program 0 (id=5783): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) statx(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x4000, 0x40, &(0x7f00000006c0)) 1.930368275s ago: executing program 1 (id=5784): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x1e, 0x80004, 0x0) socket(0x1e, 0x4, 0x0) sendmmsg(r1, 0x0, 0x0, 0x9200000000000000) unshare(0x40000300) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cpuinfo\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x20000023896) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1f"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={0x1}, 0x4) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000003c0)={'erspan0\x00', &(0x7f00000010c0)={'sit0\x00', 0x0, 0x80, 0x80, 0x5, 0x1, {{0x3d, 0x4, 0x1, 0x8, 0xf4, 0x68, 0x0, 0x6e, 0x4, 0x0, @broadcast, @remote, {[@ssrr={0x89, 0xb, 0x9e, [@multicast2, @dev={0xac, 0x14, 0x14, 0x3}]}, @generic={0x88, 0xe, "e1635c0754b3480000000000"}, @timestamp_addr={0x44, 0x44, 0xa1, 0x1, 0xb, [{@multicast1, 0x1}, {@private=0xa010100, 0x200}, {@dev={0xac, 0x14, 0x14, 0x38}, 0x1}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xfffffffd}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x72}, {@remote, 0x8000}, {@private=0xa010100, 0x3}, {@local, 0x3}]}, @cipso={0x86, 0x39, 0x1, [{0x6, 0x2}, {0x6, 0x4, '`{'}, {0x7, 0xb, "85bd5b904036cbade8"}, {0x6, 0x6, "f01dc7cf"}, {0x5, 0xe, "3246a79b8cc8431ba2f777e2"}, {0x0, 0xe, "b29e42ad913c290d7fac9cb2"}]}, @timestamp_prespec={0x44, 0x24, 0xb9, 0x3, 0x0, [{@rand_addr=0x64010100, 0x2}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8}, {@multicast2, 0xc9ac}, {@rand_addr=0x64010100, 0xb}]}, @timestamp_addr={0x44, 0x14, 0xc5, 0x1, 0x8, [{@dev={0xac, 0x14, 0x14, 0x40}, 0xffffff7f}, {@empty, 0x5}]}, @ra={0x94, 0x4}, @timestamp_prespec={0x44, 0xc, 0x59, 0x3, 0x9, [{@local, 0xab3}]}]}}}}}) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400), 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x18, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000ffffffde000000220700000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000002126f8ff01000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000540)='GPL\x00', 0xa, 0x32, &(0x7f0000000580)=""/50, 0x41100, 0x2, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000005c0)={0x3, 0x10, 0x2, 0xe4}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000600)=[0x1, 0x1], &(0x7f0000000640)=[{0x2, 0x4, 0xd, 0x2}], 0x10, 0x40000}, 0x94) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) 1.611678591s ago: executing program 0 (id=5785): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000030000000800000008"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000480), &(0x7f0000000080)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00'}, 0x10) getresgid(&(0x7f0000000cc0), &(0x7f0000000d00), &(0x7f0000000d40)) 960.991503ms ago: executing program 0 (id=5786): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x19, 0x4, 0x8, 0xf632}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r3}, 0x10) syz_clone(0x80400, 0x0, 0x0, 0x0, 0x0, 0x0) 960.594953ms ago: executing program 2 (id=5787): pipe2$9p(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$TOKEN_CREATE(0x24, &(0x7f0000000400)={0x0, r3}, 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) inotify_init() socket$inet_udp(0x2, 0x2, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10) sendto$inet(r4, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10) sendto$inet(r4, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) 960.331853ms ago: executing program 3 (id=5788): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000d00000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18) ftruncate(0xffffffffffffffff, 0x2007ffc) 959.861413ms ago: executing program 4 (id=5789): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x19, 0x4, 0x8, 0xf632}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r3}, 0x10) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) 912.507374ms ago: executing program 0 (id=5790): pipe2$9p(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000400), 0x8) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x3, [@func_proto={0x0, 0x5, 0x0, 0xd, 0x0, [{0x5, 0x2}, {0x0, 0x3}, {0x3, 0x2}, {0xb}, {0xc, 0x3}]}]}, {0x0, [0x2e]}}, &(0x7f0000000300)=""/245, 0x4f, 0xf5, 0x0, 0x7, 0x10000, @value=r3}, 0x28) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00'}, 0x18) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r4, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10) sendto$inet(r4, &(0x7f0000000100), 0x0, 0x4004084, 0x0, 0x0) 912.303254ms ago: executing program 3 (id=5791): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000030000"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000480), &(0x7f0000000080)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) statx(0xffffffffffffffff, &(0x7f00000004c0)='./file0\x00', 0x4000, 0x40, &(0x7f00000006c0)) 904.224644ms ago: executing program 3 (id=5792): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{}, &(0x7f0000000480), &(0x7f0000000080)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r0}, 0x10) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)) 838.237425ms ago: executing program 3 (id=5793): pipe2$9p(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000400)={0x0, r0}, 0x8) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x58, 0x58, 0x3, [@func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{0x7, 0x2}, {0x2, 0x2}]}, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{0x5, 0x2}, {0x0, 0x3}, {0x3, 0x2}, {0x6, 0x3}, {0xb}, {0xc, 0x3}]}]}, {0x0, [0x2e]}}, &(0x7f0000000300)=""/245, 0x73, 0xf5, 0x0, 0x7, 0x10000, @value=r1}, 0x28) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10) sendto$inet(r2, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10) sendto$inet(r2, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) 572.55312ms ago: executing program 4 (id=5794): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020100008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000218c17", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r0 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0), 0x8) r1 = socket$inet6(0xa, 0x80002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000500)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x52, '\x00', 0x0, @fallback=0x35, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r5}, 0x18) r6 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r6, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x13}}, {0xa, 0x0, 0x5, @mcast2, 0x1}, 0x0, {[0x1, 0x0, 0x0, 0x0, 0x9]}}, 0x5c) setsockopt$MRT6_ADD_MFC(r6, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x4e24, 0xfffffffe, @dev={0xfe, 0x80, '\x00', 0x40}}, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00', 0xfffffffe}, 0x0, {[0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x3]}}, 0x5c) setsockopt$MRT6_FLUSH(r6, 0x29, 0xd4, &(0x7f0000000340)=0x6, 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socketpair(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r7, 0x0, &(0x7f0000000040)) sendmsg$NL80211_CMD_DEL_STATION(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB="141a017f", @ANYRES16=0x0, @ANYBLOB="00082cbd7000fbdbdf2514000000"], 0x14}, 0x1, 0x0, 0x0, 0x4048815}, 0x0) setsockopt$inet6_udp_int(r1, 0x11, 0x67, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e2a, 0xffffffff, @mcast2, 0x9}, 0x1c) close(r0) 519.42291ms ago: executing program 1 (id=5795): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) (async) openat$tun(0xffffffffffffff9c, 0x0, 0x2241, 0x0) (async) ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010024bd7000fc0ddf2500000000", @ANYRES32=0x0, @ANYBLOB="1b0b04000300000008001b"], 0x28}, 0x1, 0x0, 0x0, 0x68010}, 0x0) (async) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x20702, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) (async) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) (async) r4 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000000c000000760080000000000027000000000000009500000000000000a02c0efe98b68e69691570af6dba99f45e2fad580e3d71471bf8f2284561f9f9d43638b307"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8}, 0x3f) (async) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0xf, 0x4, 0x8, 0x1}, 0x37) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x3, 0x0, 0x3, 0xf, 0x0, 0x700, 0x0, [@sadb_key={0x5, 0x9, 0xe0, 0x0, "01d78771b90bd8a3b4914783c58777003d5b9538a9d03e6e9bfdac55"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @private}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x2, 0xd}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}]}, 0x78}, 0x1, 0x7}, 0x0) close(r4) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0xe, 0xf, &(0x7f00000016c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r8}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001440)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map=r5, r9, 0x5}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r5}, &(0x7f0000000100), &(0x7f0000000140)=r4}, 0x20) (async) ioctl$TUNSETSTEERINGEBPF(0xffffffffffffffff, 0x800454e0, &(0x7f0000000000)=r9) sendmsg(r7, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000001400)='H', 0x20001401}], 0x1}, 0x803e000000000000) (async) write$cgroup_int(r3, &(0x7f0000000100)=0x9, 0x12) 519.32905ms ago: executing program 1 (id=5796): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10) sendto$inet(r1, 0x0, 0x0, 0xc806, 0x0, 0x0) sendto$inet(r1, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00) 286.757825ms ago: executing program 3 (id=5797): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000030000000800000008"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000480), &(0x7f0000000080)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00'}, 0x10) getresgid(&(0x7f0000000cc0), &(0x7f0000000d00), &(0x7f0000000d40)) 93.091279ms ago: executing program 3 (id=5798): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, 0x0}, 0x20) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) dup2(r1, r1) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r6}, 0x0, &(0x7f0000000040)}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 90.698498ms ago: executing program 2 (id=5799): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x7, 0x4, 0x8, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) getsockname$packet(r5, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r6, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0) socket(0x10, 0x803, 0x4) r7 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x20, 0x56a, 0x307, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0xf1, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0xfb, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x0, 0x7}}, [{{0x9, 0x5, 0x2, 0x3, 0x8, 0x7, 0x0, 0x81}}]}}}]}}]}}, 0x0) syz_usb_control_io(r7, 0x0, 0x0) syz_usb_control_io(r7, &(0x7f0000000280)={0x2c, &(0x7f0000000400)={0x0, 0x1, 0x21, {0x21, 0x21, "3cc1e04f54ba0a22097c56312239b633d1bf7327624a9f318543d2bc779027"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/notes', 0x24902, 0x8) openat2(r8, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x28000, 0xa2, 0x20}, 0x18) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000a8500000005000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='sys_enter\x00', r9}, 0x10) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r10, 0x6, 0x19, &(0x7f0000000880)=0x3, 0x4) ppoll(&(0x7f00000000c0)=[{r10}], 0x1, 0x0, 0x0, 0x0) 0s ago: executing program 0 (id=5800): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) bpf$ITER_CREATE(0x21, 0x0, 0x0) (fail_nth: 1) kernel console output (not intermixed with test programs): am with bpf_probe_write_user helper that may corrupt user memory! [ 1190.676658][T17934] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5320'. [ 1191.064040][ T371] usb 1-1: new high-speed USB device number 81 using dummy_hcd [ 1191.154023][ T39] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 1191.244018][ T371] usb 1-1: Using ep0 maxpacket: 16 [ 1191.250191][ T371] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1191.260654][ T371] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1191.269748][ T371] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1191.277743][ T371] usb 1-1: Product: syz [ 1191.281894][ T371] usb 1-1: Manufacturer: syz [ 1191.286505][ T371] usb 1-1: SerialNumber: syz [ 1191.291862][ T371] usb 1-1: config 0 descriptor?? [ 1191.297768][ T371] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 1191.305691][ T371] usb 1-1: Detected FT232R [ 1191.334018][ T39] usb 4-1: Using ep0 maxpacket: 16 [ 1191.340158][ T39] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1191.352315][ T39] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1191.386482][ T39] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1191.394975][ T39] usb 4-1: Product: syz [ 1191.399439][ T39] usb 4-1: Manufacturer: syz [ 1191.404294][ T39] usb 4-1: SerialNumber: syz [ 1191.440845][ T39] usb 4-1: config 0 descriptor?? [ 1191.447046][ T39] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 1191.454812][ T39] usb 4-1: Detected FT232R [ 1191.597596][ T371] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1191.610752][ T371] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1191.667258][ T39] ftdi_sio ttyUSB1: Unable to read latency timer: -71 [ 1191.722465][ T371] ftdi_sio 1-1:0.0: GPIO initialisation failed: -71 [ 1191.729436][ T39] ftdi_sio ttyUSB1: Unable to write latency timer: -71 [ 1191.736941][ T371] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1191.745146][ T39] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 1191.752902][ T39] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB1 [ 1191.761243][ T371] usb 1-1: USB disconnect, device number 81 [ 1191.768589][ T371] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1191.777964][ T39] usb 4-1: USB disconnect, device number 57 [ 1191.798877][ T371] ftdi_sio 1-1:0.0: device disconnected [ 1191.830191][ T39] ftdi_sio ttyUSB1: FTDI USB Serial Device converter now disconnected from ttyUSB1 [ 1191.879604][ T39] ftdi_sio 4-1:0.0: device disconnected [ 1191.979394][ T6] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 1192.164050][ T6] usb 2-1: Using ep0 maxpacket: 16 [ 1192.170241][ T6] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1192.180475][ T6] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1192.189551][ T6] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1192.197580][ T6] usb 2-1: Product: syz [ 1192.201763][ T6] usb 2-1: Manufacturer: syz [ 1192.206416][ T6] usb 2-1: SerialNumber: syz [ 1192.211732][ T6] usb 2-1: config 0 descriptor?? [ 1192.217816][ T6] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 1192.225707][ T6] usb 2-1: Detected FT232R [ 1192.271386][T17959] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5329'. [ 1192.286525][T17959] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5329'. [ 1192.300095][ T28] audit: type=1400 audit(1756862962.473:572): avc: denied { mounton } for pid=17958 comm="syz.4.5329" path="/483/file0" dev="incremental-fs" ino=2519 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 1192.324349][ T28] audit: type=1400 audit(1756862962.473:573): avc: denied { ioctl } for pid=17958 comm="syz.4.5329" path="/483/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x671e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1192.530341][ T6] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1192.537492][ T6] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1192.544716][ T6] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71 [ 1192.551947][ T6] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1192.611360][T17969] syz.4.5330[17969] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1192.611667][T17969] syz.4.5330[17969] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1193.589453][ T6] usb 2-1: USB disconnect, device number 67 [ 1193.607493][ T6] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1194.123184][ T6] ftdi_sio 2-1:0.0: device disconnected [ 1195.019988][T18011] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5341'. [ 1195.028962][T18011] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5341'. [ 1195.425281][T18022] syz.1.5344[18022] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1195.425382][T18022] syz.1.5344[18022] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1198.754088][ T675] usb 5-1: new high-speed USB device number 86 using dummy_hcd [ 1198.944036][ T675] usb 5-1: Using ep0 maxpacket: 16 [ 1198.950242][ T675] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1198.960516][ T675] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1198.969629][ T675] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1198.977651][ T675] usb 5-1: Product: syz [ 1198.981834][ T675] usb 5-1: Manufacturer: syz [ 1198.986465][ T675] usb 5-1: SerialNumber: syz [ 1198.991788][ T675] usb 5-1: config 0 descriptor?? [ 1198.997722][ T675] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 1199.005592][ T675] usb 5-1: Detected FT232R [ 1199.097221][T18071] fuse: Bad value for 'group_id' [ 1199.202342][ T675] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1199.209448][ T675] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1199.216626][ T675] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71 [ 1199.298218][T18080] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5360'. [ 1199.433258][T18082] syz.3.5362[18082] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1199.433328][T18082] syz.3.5362[18082] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1199.576343][T10208] usb 1-1: new high-speed USB device number 82 using dummy_hcd [ 1200.662774][T18095] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5364'. [ 1200.671802][T18095] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5364'. [ 1200.812203][ T675] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1200.881172][ T675] usb 5-1: USB disconnect, device number 86 [ 1200.889371][ T675] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1200.899123][ T675] ftdi_sio 5-1:0.0: device disconnected [ 1201.064032][T10208] usb 1-1: Using ep0 maxpacket: 16 [ 1201.070900][T10208] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1201.085595][T10208] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1201.094734][T10208] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1201.102828][T10208] usb 1-1: Product: syz [ 1201.107391][T10208] usb 1-1: Manufacturer: syz [ 1201.112005][T10208] usb 1-1: SerialNumber: syz [ 1201.117684][T10208] usb 1-1: config 0 descriptor?? [ 1201.128193][T10208] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 1201.136194][T10208] usb 1-1: Detected FT232R [ 1201.254016][ T675] usb 5-1: new high-speed USB device number 87 using dummy_hcd [ 1201.326077][T10208] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1201.338558][T10208] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1201.346218][T10208] ftdi_sio 1-1:0.0: GPIO initialisation failed: -71 [ 1201.353326][T10208] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1201.362527][T10208] usb 1-1: USB disconnect, device number 82 [ 1201.369339][T10208] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1201.378838][T10208] ftdi_sio 1-1:0.0: device disconnected [ 1201.434036][ T675] usb 5-1: Using ep0 maxpacket: 16 [ 1201.454052][ T28] audit: type=1400 audit(1756862980.636:574): avc: denied { bind } for pid=18101 comm="syz.1.5368" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 1201.486591][ T675] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1201.505106][ T675] usb 5-1: config 0 has no interfaces? [ 1201.512487][ T675] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1201.522092][ T675] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1201.530428][ T675] usb 5-1: Product: syz [ 1201.534924][ T675] usb 5-1: Manufacturer: syz [ 1201.539638][ T675] usb 5-1: SerialNumber: syz [ 1201.546975][ T675] usb 5-1: config 0 descriptor?? [ 1201.994044][T18112] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5370'. [ 1202.581206][ T371] usb 5-1: USB disconnect, device number 87 [ 1203.084025][T10208] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 1203.264016][T10208] usb 4-1: Using ep0 maxpacket: 16 [ 1203.270380][T10208] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1203.280653][T10208] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1203.289748][T10208] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1203.297819][T10208] usb 4-1: Product: syz [ 1203.301988][T10208] usb 4-1: Manufacturer: syz [ 1203.306603][T10208] usb 4-1: SerialNumber: syz [ 1203.311996][T10208] usb 4-1: config 0 descriptor?? [ 1203.317887][T10208] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 1203.325747][T10208] usb 4-1: Detected FT232R [ 1203.452933][T18131] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5376'. [ 1203.474040][T18131] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5376'. [ 1203.479174][ T6] usb 5-1: new high-speed USB device number 88 using dummy_hcd [ 1203.533628][T17061] udevd[17061]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 1203.603642][T10208] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1203.611464][T10208] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1203.621041][T10208] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 1204.725746][T18144] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5380'. [ 1204.734683][T18144] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5380'. [ 1204.780153][T10208] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1204.789690][T10208] usb 4-1: USB disconnect, device number 58 [ 1204.796689][T10208] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1204.806224][ T6] usb 5-1: Using ep0 maxpacket: 16 [ 1204.812058][T10208] ftdi_sio 4-1:0.0: device disconnected [ 1204.818037][ T6] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1204.854836][ T6] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1204.863945][ T6] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1204.872086][ T6] usb 5-1: Product: syz [ 1204.876702][ T6] usb 5-1: Manufacturer: syz [ 1204.881291][ T6] usb 5-1: SerialNumber: syz [ 1204.916811][ T6] usb 5-1: config 0 descriptor?? [ 1204.935022][ T6] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 1204.942928][ T6] usb 5-1: Detected FT232R [ 1205.104073][ T675] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 1205.194063][ T371] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 1205.206675][ T6] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1205.216248][ T6] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1205.216578][T18148] netlink: 96 bytes leftover after parsing attributes in process `syz.0.5381'. [ 1205.223321][ T6] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71 [ 1205.240003][ T6] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1205.259999][ T6] usb 5-1: USB disconnect, device number 88 [ 1205.266825][ T6] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1205.278542][ T6] ftdi_sio 5-1:0.0: device disconnected [ 1205.304031][ T675] usb 2-1: Using ep0 maxpacket: 16 [ 1205.311804][ T675] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1205.330522][ T675] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1205.344031][ T675] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1205.362177][ T675] usb 2-1: Product: syz [ 1205.362678][ T28] audit: type=1400 audit(1756862984.546:575): avc: denied { append } for pid=18155 comm="syz.0.5385" name="ptp0" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 1205.389511][ T675] usb 2-1: Manufacturer: syz [ 1205.389731][ T371] usb 3-1: Using ep0 maxpacket: 16 [ 1205.394162][ T675] usb 2-1: SerialNumber: syz [ 1205.404515][ T675] usb 2-1: config 0 descriptor?? [ 1205.406108][ T28] audit: type=1400 audit(1756862984.596:576): avc: denied { ioctl } for pid=18155 comm="syz.0.5385" path="/dev/ptp0" dev="devtmpfs" ino=264 ioctlcmd=0x3d0d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 1205.410980][ T675] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 1205.439608][ T371] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1205.442351][ T675] usb 2-1: Detected FT232R [ 1205.462063][ T371] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1205.468332][T18158] overlayfs: failed to resolve './bus': -2 [ 1205.471845][ T371] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1205.525867][ T371] usb 3-1: Product: syz [ 1205.530058][ T371] usb 3-1: Manufacturer: syz [ 1205.570658][ T371] usb 3-1: SerialNumber: syz [ 1205.576380][ T371] usb 3-1: config 0 descriptor?? [ 1205.582703][ T371] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 1205.590644][ T371] usb 3-1: Detected FT232R [ 1205.616317][ T675] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1205.623746][ T675] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1205.631245][ T675] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71 [ 1205.639254][T18164] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5388'. [ 1205.641475][ T675] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1205.663420][ T675] usb 2-1: USB disconnect, device number 68 [ 1205.670061][ T675] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1205.679572][ T675] ftdi_sio 2-1:0.0: device disconnected [ 1205.814776][ T371] ftdi_sio ttyUSB1: Unable to read latency timer: -71 [ 1205.821773][ T371] ftdi_sio ttyUSB1: Unable to write latency timer: -71 [ 1205.828925][ T371] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 1205.840040][ T371] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB1 [ 1205.854821][ T371] usb 3-1: USB disconnect, device number 80 [ 1205.864761][ T371] ftdi_sio ttyUSB1: FTDI USB Serial Device converter now disconnected from ttyUSB1 [ 1205.876697][ T371] ftdi_sio 3-1:0.0: device disconnected [ 1205.897528][T18169] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5389'. [ 1205.906592][T18169] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5389'. [ 1206.074016][ T6] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 1206.264073][ T6] usb 4-1: Using ep0 maxpacket: 32 [ 1206.270362][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1206.281427][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1206.291271][ T6] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1206.304318][ T6] usb 4-1: New USB device found, idVendor=056a, idProduct=0307, bcdDevice= 0.00 [ 1206.329663][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1206.344289][ T6] usb 4-1: config 0 descriptor?? [ 1207.983758][T18192] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5394'. [ 1207.992669][T18192] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5394'. [ 1208.005463][T18195] FAULT_INJECTION: forcing a failure. [ 1208.005463][T18195] name failslab, interval 1, probability 0, space 0, times 0 [ 1208.018178][T18195] CPU: 0 PID: 18195 Comm: syz.0.5395 Not tainted syzkaller #0 [ 1208.025636][T18195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1208.035678][T18195] Call Trace: [ 1208.038947][T18195] [ 1208.041865][T18195] __dump_stack+0x21/0x24 [ 1208.046187][T18195] dump_stack_lvl+0xee/0x150 [ 1208.050776][T18195] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1208.055798][T18195] dump_stack+0x15/0x24 [ 1208.059949][T18195] should_fail_ex+0x3d4/0x520 [ 1208.064621][T18195] ? getname_flags+0xb9/0x500 [ 1208.069301][T18195] __should_failslab+0xac/0xf0 [ 1208.074054][T18195] should_failslab+0x9/0x20 [ 1208.078546][T18195] kmem_cache_alloc+0x3b/0x330 [ 1208.083300][T18195] ? __cfi_sched_clock_cpu+0x10/0x10 [ 1208.088577][T18195] ? rto_push_irq_work_func+0xd0/0x100 [ 1208.094030][T18195] getname_flags+0xb9/0x500 [ 1208.098645][T18195] __x64_sys_mkdirat+0x7c/0xa0 [ 1208.103404][T18195] x64_sys_call+0x73d/0x9a0 [ 1208.107899][T18195] do_syscall_64+0x4c/0xa0 [ 1208.112303][T18195] ? clear_bhb_loop+0x30/0x80 [ 1208.116979][T18195] ? clear_bhb_loop+0x30/0x80 [ 1208.121648][T18195] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1208.127531][T18195] RIP: 0033:0x7f348498ebe9 [ 1208.131935][T18195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1208.151534][T18195] RSP: 002b:00007f3485844038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 1208.159961][T18195] RAX: ffffffffffffffda RBX: 00007f3484bc6180 RCX: 00007f348498ebe9 [ 1208.167926][T18195] RDX: 00000000000001ff RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1208.175977][T18195] RBP: 00007f3485844090 R08: 0000000000000000 R09: 0000000000000000 [ 1208.183945][T18195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1208.191908][T18195] R13: 00007f3484bc6218 R14: 00007f3484bc6180 R15: 00007ffc46aa3438 [ 1208.199871][T18195] [ 1208.516099][ T6] usb 4-1: string descriptor 0 read error: -71 [ 1208.526491][ T6] usbhid 4-1:0.0: can't add hid device: -71 [ 1209.036084][T18206] netlink: 16 bytes leftover after parsing attributes in process `syz.1.5399'. [ 1209.203435][ T6] usbhid: probe of 4-1:0.0 failed with error -71 [ 1209.227711][T18204] netlink: 60 bytes leftover after parsing attributes in process `syz.4.5397'. [ 1209.248710][ T6] usb 4-1: USB disconnect, device number 59 [ 1209.896774][T18231] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5403'. [ 1210.021091][T18233] syz.2.5405[18233] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1210.021305][T18233] syz.2.5405[18233] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1210.592168][T18246] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5408'. [ 1210.612638][T18246] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5408'. [ 1210.879035][T18247] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5411'. [ 1211.184372][T10208] usb 1-1: new high-speed USB device number 83 using dummy_hcd [ 1211.195037][T18264] FAULT_INJECTION: forcing a failure. [ 1211.195037][T18264] name failslab, interval 1, probability 0, space 0, times 0 [ 1211.208499][T18264] CPU: 0 PID: 18264 Comm: syz.3.5416 Not tainted syzkaller #0 [ 1211.215952][T18264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1211.225988][T18264] Call Trace: [ 1211.229251][T18264] [ 1211.232174][T18264] __dump_stack+0x21/0x24 [ 1211.236491][T18264] dump_stack_lvl+0xee/0x150 [ 1211.241061][T18264] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1211.246066][T18264] ? stack_trace_save+0x98/0xe0 [ 1211.250901][T18264] dump_stack+0x15/0x24 [ 1211.255031][T18264] should_fail_ex+0x3d4/0x520 [ 1211.259689][T18264] __should_failslab+0xac/0xf0 [ 1211.264438][T18264] should_failslab+0x9/0x20 [ 1211.269022][T18264] kmem_cache_alloc_node+0x42/0x340 [ 1211.274200][T18264] ? dup_task_struct+0x5a/0x790 [ 1211.279047][T18264] dup_task_struct+0x5a/0x790 [ 1211.283703][T18264] ? __kasan_check_write+0x14/0x20 [ 1211.288797][T18264] ? recalc_sigpending+0x168/0x1c0 [ 1211.293888][T18264] copy_process+0x5b8/0x3480 [ 1211.298458][T18264] ? __cfi_kstrtouint_from_user+0x10/0x10 [ 1211.304167][T18264] ? __kasan_check_write+0x14/0x20 [ 1211.309260][T18264] ? idle_dummy+0x10/0x10 [ 1211.313658][T18264] kernel_clone+0x23a/0x810 [ 1211.318142][T18264] ? __cfi_kernel_clone+0x10/0x10 [ 1211.323147][T18264] ? __kasan_check_write+0x14/0x20 [ 1211.328240][T18264] ? mutex_unlock+0x89/0x220 [ 1211.332809][T18264] __x64_sys_clone+0x168/0x1b0 [ 1211.337558][T18264] ? __cfi___x64_sys_clone+0x10/0x10 [ 1211.342825][T18264] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 1211.348882][T18264] x64_sys_call+0x990/0x9a0 [ 1211.353363][T18264] do_syscall_64+0x4c/0xa0 [ 1211.357754][T18264] ? clear_bhb_loop+0x30/0x80 [ 1211.362411][T18264] ? clear_bhb_loop+0x30/0x80 [ 1211.367071][T18264] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1211.372956][T18264] RIP: 0033:0x7f98d1b8ebe9 [ 1211.377374][T18264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1211.396970][T18264] RSP: 002b:00007f98d2a79fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1211.405457][T18264] RAX: ffffffffffffffda RBX: 00007f98d1dc5fa0 RCX: 00007f98d1b8ebe9 [ 1211.413408][T18264] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000640c7000 [ 1211.421369][T18264] RBP: 00007f98d2a7a090 R08: 0000000000000000 R09: 0000000000000000 [ 1211.429343][T18264] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 1211.437290][T18264] R13: 00007f98d1dc6038 R14: 00007f98d1dc5fa0 R15: 00007ffec2bbc138 [ 1211.445314][T18264] [ 1211.549840][T10208] usb 1-1: Using ep0 maxpacket: 32 [ 1211.556271][T10208] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1211.567531][T10208] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1211.577468][T10208] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1211.590576][T10208] usb 1-1: New USB device found, idVendor=056a, idProduct=0307, bcdDevice= 0.00 [ 1211.600184][T10208] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1211.776460][T10208] usb 1-1: config 0 descriptor?? [ 1212.535861][T18293] syz.3.5423[18293] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1212.536075][T18293] syz.3.5423[18293] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1212.723692][T18296] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5426'. [ 1212.744223][T18296] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5426'. [ 1213.201339][T18299] FAULT_INJECTION: forcing a failure. [ 1213.201339][T18299] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1213.214849][T18299] CPU: 0 PID: 18299 Comm: syz.2.5427 Not tainted syzkaller #0 [ 1213.222317][T18299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1213.232458][T18299] Call Trace: [ 1213.235737][T18299] [ 1213.238664][T18299] __dump_stack+0x21/0x24 [ 1213.242992][T18299] dump_stack_lvl+0xee/0x150 [ 1213.247604][T18299] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1213.252623][T18299] ? __cfi_avc_has_perm_noaudit+0x10/0x10 [ 1213.258626][T18299] dump_stack+0x15/0x24 [ 1213.262792][T18299] should_fail_ex+0x3d4/0x520 [ 1213.267457][T18299] should_fail+0xb/0x10 [ 1213.271596][T18299] should_fail_usercopy+0x1a/0x20 [ 1213.276712][T18299] _copy_from_user+0x1e/0xc0 [ 1213.281288][T18299] sk_setsockopt+0x294/0x2590 [ 1213.285984][T18299] ? __cfi_sk_setsockopt+0x10/0x10 [ 1213.291173][T18299] ? proc_fail_nth_write+0x17a/0x1f0 [ 1213.296534][T18299] ? selinux_socket_setsockopt+0x21c/0x300 [ 1213.302347][T18299] ? slab_free_freelist_hook+0xc2/0x190 [ 1213.307890][T18299] ? __fget_files+0x2d5/0x330 [ 1213.312568][T18299] sock_setsockopt+0x5a/0x70 [ 1213.317153][T18299] __sys_setsockopt+0x270/0x4e0 [ 1213.321999][T18299] ? __cfi___sys_setsockopt+0x10/0x10 [ 1213.327448][T18299] ? ksys_write+0x1eb/0x240 [ 1213.331946][T18299] ? __cfi_ksys_write+0x10/0x10 [ 1213.336793][T18299] __x64_sys_setsockopt+0xbf/0xd0 [ 1213.341807][T18299] x64_sys_call+0x124/0x9a0 [ 1213.346297][T18299] do_syscall_64+0x4c/0xa0 [ 1213.350692][T18299] ? clear_bhb_loop+0x30/0x80 [ 1213.355350][T18299] ? clear_bhb_loop+0x30/0x80 [ 1213.360008][T18299] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1213.365882][T18299] RIP: 0033:0x7fb6a3d8ebe9 [ 1213.370284][T18299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1213.390407][T18299] RSP: 002b:00007fb6a4b4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1213.398901][T18299] RAX: ffffffffffffffda RBX: 00007fb6a3fc5fa0 RCX: 00007fb6a3d8ebe9 [ 1213.406855][T18299] RDX: 000000000000001d RSI: 0000000000000001 RDI: 0000000000000008 [ 1213.414807][T18299] RBP: 00007fb6a4b4a090 R08: 0000000000000004 R09: 0000000000000000 [ 1213.422755][T18299] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001 [ 1213.430708][T18299] R13: 00007fb6a3fc6038 R14: 00007fb6a3fc5fa0 R15: 00007ffc59d1f7d8 [ 1213.438695][T18299] [ 1213.552461][T18302] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1213.587164][ T28] audit: type=1400 audit(1756862992.776:577): avc: denied { getopt } for pid=18301 comm="syz.4.5428" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 1213.762368][T18320] FAULT_INJECTION: forcing a failure. [ 1213.762368][T18320] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1213.776000][T18320] CPU: 1 PID: 18320 Comm: syz.4.5431 Not tainted syzkaller #0 [ 1213.783463][T18320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1213.793515][T18320] Call Trace: [ 1213.796783][T18320] [ 1213.799712][T18320] __dump_stack+0x21/0x24 [ 1213.804032][T18320] dump_stack_lvl+0xee/0x150 [ 1213.804420][T10208] usb 1-1: string descriptor 0 read error: -71 [ 1213.808616][T18320] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1213.808646][T18320] dump_stack+0x15/0x24 [ 1213.808660][T18320] should_fail_ex+0x3d4/0x520 [ 1213.808681][T18320] should_fail+0xb/0x10 [ 1213.808699][T18320] should_fail_usercopy+0x1a/0x20 [ 1213.808718][T18320] _copy_from_user+0x1e/0xc0 [ 1213.808735][T18320] __sys_bpf+0x277/0x780 [ 1213.808751][T18320] ? bpf_link_show_fdinfo+0x320/0x320 [ 1213.851848][T18320] ? __cfi_ksys_write+0x10/0x10 [ 1213.856700][T18320] ? do_user_addr_fault+0x9ac/0x1050 [ 1213.861970][T18320] ? debug_smp_processor_id+0x17/0x20 [ 1213.867323][T18320] __x64_sys_bpf+0x7c/0x90 [ 1213.871724][T18320] x64_sys_call+0x488/0x9a0 [ 1213.876206][T18320] do_syscall_64+0x4c/0xa0 [ 1213.880606][T18320] ? clear_bhb_loop+0x30/0x80 [ 1213.885259][T18320] ? clear_bhb_loop+0x30/0x80 [ 1213.889922][T18320] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1213.895797][T18320] RIP: 0033:0x7f5e7118ebe9 [ 1213.900196][T18320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1213.919779][T18320] RSP: 002b:00007f5e71f6f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1213.928172][T18320] RAX: ffffffffffffffda RBX: 00007f5e713c6090 RCX: 00007f5e7118ebe9 [ 1213.936124][T18320] RDX: 0000000000000020 RSI: 0000200000000480 RDI: 0000000000000002 [ 1213.944076][T18320] RBP: 00007f5e71f6f090 R08: 0000000000000000 R09: 0000000000000000 [ 1213.952027][T18320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1213.959988][T18320] R13: 00007f5e713c6128 R14: 00007f5e713c6090 R15: 00007fffd16b0bc8 [ 1213.967943][T18320] [ 1214.158538][T10208] usbhid 1-1:0.0: can't add hid device: -71 [ 1214.165744][T10208] usbhid: probe of 1-1:0.0 failed with error -71 [ 1214.179618][T10208] usb 1-1: USB disconnect, device number 83 [ 1214.271525][T18328] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5436'. [ 1216.014074][ T28] audit: type=1400 audit(1756862995.196:578): avc: denied { ioctl } for pid=18339 comm="syz.1.5439" path="socket:[112209]" dev="sockfs" ino=112209 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 1216.104250][T18355] FAULT_INJECTION: forcing a failure. [ 1216.104250][T18355] name failslab, interval 1, probability 0, space 0, times 0 [ 1216.116899][T18355] CPU: 1 PID: 18355 Comm: syz.4.5440 Not tainted syzkaller #0 [ 1216.124364][T18355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1216.134423][T18355] Call Trace: [ 1216.137707][T18355] [ 1216.140638][T18355] __dump_stack+0x21/0x24 [ 1216.145010][T18355] dump_stack_lvl+0xee/0x150 [ 1216.149604][T18355] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1216.154637][T18355] ? __cfi_vfs_write+0x10/0x10 [ 1216.159407][T18355] dump_stack+0x15/0x24 [ 1216.163557][T18355] should_fail_ex+0x3d4/0x520 [ 1216.168238][T18355] __should_failslab+0xac/0xf0 [ 1216.173004][T18355] ? __se_sys_memfd_create+0xf2/0x3b0 [ 1216.178391][T18355] should_failslab+0x9/0x20 [ 1216.182892][T18355] __kmem_cache_alloc_node+0x3d/0x2c0 [ 1216.188254][T18355] ? ksys_write+0x1eb/0x240 [ 1216.192764][T18355] ? __se_sys_memfd_create+0xf2/0x3b0 [ 1216.198139][T18355] __kmalloc+0xa1/0x1e0 [ 1216.202300][T18355] ? strnlen_user+0x10d/0x190 [ 1216.207001][T18355] __se_sys_memfd_create+0xf2/0x3b0 [ 1216.212209][T18355] __x64_sys_memfd_create+0x5b/0x70 [ 1216.217412][T18355] x64_sys_call+0x235/0x9a0 [ 1216.221911][T18355] do_syscall_64+0x4c/0xa0 [ 1216.226339][T18355] ? clear_bhb_loop+0x30/0x80 [ 1216.231012][T18355] ? clear_bhb_loop+0x30/0x80 [ 1216.235689][T18355] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1216.241585][T18355] RIP: 0033:0x7f5e7118ebe9 [ 1216.245999][T18355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1216.265611][T18355] RSP: 002b:00007f5e71f6ee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 1216.274027][T18355] RAX: ffffffffffffffda RBX: 00000000000014fe RCX: 00007f5e7118ebe9 [ 1216.282086][T18355] RDX: 00007f5e71f6eef0 RSI: 0000000000000000 RDI: 00007f5e712127e8 [ 1216.290055][T18355] RBP: 0000200000002ac0 R08: 00007f5e71f6ebb7 R09: 00007f5e71f6ee40 [ 1216.298031][T18355] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000001540 [ 1216.305985][T18355] R13: 00007f5e71f6eef0 R14: 00007f5e71f6eeb0 R15: 0000200000006d40 [ 1216.313947][T18355] [ 1216.401402][T18359] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5447'. [ 1216.440851][T18365] syz.3.5445[18365] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1216.445747][T18365] syz.3.5445[18365] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1216.672337][T18371] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5449'. [ 1217.982084][T18385] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5451'. [ 1218.494022][T10208] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 1218.966463][T10208] usb 3-1: Using ep0 maxpacket: 32 [ 1218.975843][T10208] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1218.986878][T10208] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1218.996821][T10208] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1219.009933][T10208] usb 3-1: New USB device found, idVendor=056a, idProduct=0307, bcdDevice= 0.00 [ 1219.019045][T10208] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1219.027852][T10208] usb 3-1: config 0 descriptor?? [ 1219.227102][T18403] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5458'. [ 1219.383462][ T9726] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 1219.580148][T18407] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5459'. [ 1219.589106][T18407] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5459'. [ 1219.660886][ T9726] usb 2-1: Using ep0 maxpacket: 16 [ 1219.667952][ T9726] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1219.679939][ T9726] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1219.697071][ T9726] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1219.705167][ T9726] usb 2-1: Product: syz [ 1219.709379][ T9726] usb 2-1: Manufacturer: syz [ 1219.714041][ T9726] usb 2-1: SerialNumber: syz [ 1219.719466][ T9726] usb 2-1: config 0 descriptor?? [ 1219.725472][ T9726] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 1219.733318][ T9726] usb 2-1: Detected FT232R [ 1219.937297][ T9726] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1219.946701][ T9726] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1219.953821][ T9726] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71 [ 1219.960994][ T9726] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1219.971009][ T9726] usb 2-1: USB disconnect, device number 69 [ 1219.979806][ T9726] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1219.990477][ T9726] ftdi_sio 2-1:0.0: device disconnected [ 1220.034030][T18414] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5460'. [ 1220.215714][T18412] loop0: detected capacity change from 0 to 8192 [ 1220.275238][T18417] netlink: 'syz.0.5462': attribute type 13 has an invalid length. [ 1220.283167][T18417] netlink: 'syz.0.5462': attribute type 27 has an invalid length. [ 1220.290713][ T28] audit: type=1400 audit(1756862999.456:579): avc: denied { bind } for pid=18416 comm="syz.0.5462" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 1220.361007][T18417] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1220.393509][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 1220.402231][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1220.413153][ T8024] bridge10: port 2(veth0_to_bond) entered blocking state [ 1220.420234][ T8024] bridge10: port 2(veth0_to_bond) entered forwarding state [ 1220.429711][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 1220.438588][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1220.449967][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1220.459597][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1220.469340][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1220.587588][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1220.626483][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth3: link becomes ready [ 1220.634152][ T8024] bridge1: port 1(veth3) entered blocking state [ 1220.640416][ T8024] bridge1: port 1(veth3) entered forwarding state [ 1220.647074][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth2: link becomes ready [ 1220.656885][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth5: link becomes ready [ 1220.664752][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth4: link becomes ready [ 1220.672443][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth7: link becomes ready [ 1220.729562][ T8024] bridge2: port 1(veth7) entered blocking state [ 1220.735875][ T8024] bridge2: port 1(veth7) entered forwarding state [ 1220.742683][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth6: link becomes ready [ 1221.063771][T10208] usb 3-1: string descriptor 0 read error: -71 [ 1221.072271][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth9: link becomes ready [ 1221.082689][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth8: link becomes ready [ 1221.088062][T10208] usbhid 3-1:0.0: can't add hid device: -71 [ 1221.090641][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth11: link becomes ready [ 1221.101055][T10208] usbhid: probe of 3-1:0.0 failed with error -71 [ 1221.105065][ T8024] bridge3: port 1(veth11) entered blocking state [ 1221.115984][ T8024] bridge3: port 1(veth11) entered forwarding state [ 1221.124366][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth10: link becomes ready [ 1221.131863][T10208] usb 3-1: USB disconnect, device number 81 [ 1221.134515][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth13: link becomes ready [ 1221.145608][ T8024] bridge4: port 1(veth13) entered blocking state [ 1221.151961][ T8024] bridge4: port 1(veth13) entered forwarding state [ 1221.159941][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth12: link becomes ready [ 1221.293133][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth15: link becomes ready [ 1221.362826][ T8024] bridge5: port 1(veth15) entered blocking state [ 1221.369229][ T8024] bridge5: port 1(veth15) entered forwarding state [ 1221.381135][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth14: link becomes ready [ 1221.390879][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth17: link becomes ready [ 1221.400245][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth16: link becomes ready [ 1221.409251][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth19: link becomes ready [ 1221.418234][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth18: link becomes ready [ 1221.427238][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth21: link becomes ready [ 1221.436847][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth20: link becomes ready [ 1221.445902][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth23: link becomes ready [ 1221.453778][ T8024] bridge6: port 1(veth23) entered blocking state [ 1221.460149][ T8024] bridge6: port 1(veth23) entered forwarding state [ 1221.467342][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth22: link becomes ready [ 1221.475005][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth25: link becomes ready [ 1221.482659][ T8024] bridge7: port 1(veth25) entered blocking state [ 1221.489034][ T8024] bridge7: port 1(veth25) entered forwarding state [ 1221.499118][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth24: link becomes ready [ 1221.506888][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth27: link becomes ready [ 1221.547070][ T8024] bridge8: port 1(veth27) entered blocking state [ 1221.553459][ T8024] bridge8: port 1(veth27) entered forwarding state [ 1221.560807][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth26: link becomes ready [ 1221.568969][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth29: link becomes ready [ 1221.576792][ T8024] bridge9: port 1(veth29) entered blocking state [ 1221.583178][ T8024] bridge9: port 1(veth29) entered forwarding state [ 1221.590203][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth28: link becomes ready [ 1221.597934][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth31: link becomes ready [ 1221.612064][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth30: link becomes ready [ 1221.620626][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth33: link becomes ready [ 1221.628502][ T8024] bridge10: port 1(veth33) entered blocking state [ 1221.634965][ T8024] bridge10: port 1(veth33) entered forwarding state [ 1221.642040][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth32: link becomes ready [ 1221.649902][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth35: link becomes ready [ 1221.657900][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth34: link becomes ready [ 1221.666141][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth37: link becomes ready [ 1221.675200][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth36: link becomes ready [ 1221.683734][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth39: link becomes ready [ 1221.692829][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth38: link becomes ready [ 1221.701580][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth41: link becomes ready [ 1221.738114][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): veth40: link becomes ready [ 1221.775449][ T8024] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready [ 1221.828155][ T8024] bridge1: port 2(vlan2) entered blocking state [ 1221.834593][ T8024] bridge1: port 2(vlan2) entered forwarding state [ 1221.843548][T18422] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5463'. [ 1221.860079][T18442] device pim6reg1 entered promiscuous mode [ 1222.037245][T18457] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5471'. [ 1222.324823][ T28] audit: type=1400 audit(1756863001.516:580): avc: denied { mount } for pid=18464 comm="syz.2.5475" name="/" dev="ramfs" ino=112499 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 1222.352883][ T28] audit: type=1400 audit(1756863001.516:581): avc: denied { watch watch_reads } for pid=18464 comm="syz.2.5475" path="/file1" dev="ramfs" ino=112501 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 1222.376000][ T28] audit: type=1400 audit(1756863001.516:582): avc: denied { execute } for pid=18464 comm="syz.2.5475" name="file0" dev="ramfs" ino=112500 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 1222.406483][ T28] audit: type=1400 audit(1756863001.516:583): avc: denied { execute_no_trans } for pid=18464 comm="syz.2.5475" path="/file0" dev="ramfs" ino=112500 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 1222.458500][T18469] tap0: tun_chr_ioctl cmd 2147767511 [ 1222.464085][T18469] FAULT_INJECTION: forcing a failure. [ 1222.464085][T18469] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1222.477476][T18469] CPU: 0 PID: 18469 Comm: syz.0.5477 Not tainted syzkaller #0 [ 1222.484938][T18469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1222.494989][T18469] Call Trace: [ 1222.498432][T18469] [ 1222.501352][T18469] __dump_stack+0x21/0x24 [ 1222.505665][T18469] dump_stack_lvl+0xee/0x150 [ 1222.510236][T18469] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1222.515246][T18469] ? netdev_info+0x107/0x150 [ 1222.519911][T18469] ? __cfi_ref_tracker_alloc+0x10/0x10 [ 1222.525347][T18469] dump_stack+0x15/0x24 [ 1222.529481][T18469] should_fail_ex+0x3d4/0x520 [ 1222.534139][T18469] should_fail+0xb/0x10 [ 1222.538282][T18469] should_fail_usercopy+0x1a/0x20 [ 1222.543299][T18469] _copy_to_user+0x1e/0x90 [ 1222.547698][T18469] __tun_chr_ioctl+0x1448/0x1e70 [ 1222.552618][T18469] ? tun_flow_create+0x320/0x320 [ 1222.557536][T18469] ? mutex_unlock+0x89/0x220 [ 1222.562113][T18469] tun_chr_ioctl+0x2a/0x40 [ 1222.566509][T18469] ? __cfi_tun_chr_ioctl+0x10/0x10 [ 1222.571606][T18469] __se_sys_ioctl+0x12f/0x1b0 [ 1222.576266][T18469] __x64_sys_ioctl+0x7b/0x90 [ 1222.580851][T18469] x64_sys_call+0x58b/0x9a0 [ 1222.585334][T18469] do_syscall_64+0x4c/0xa0 [ 1222.589729][T18469] ? clear_bhb_loop+0x30/0x80 [ 1222.594384][T18469] ? clear_bhb_loop+0x30/0x80 [ 1222.599040][T18469] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1222.604909][T18469] RIP: 0033:0x7f348498ebe9 [ 1222.609307][T18469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1222.628983][T18469] RSP: 002b:00007f3485886038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1222.637374][T18469] RAX: ffffffffffffffda RBX: 00007f3484bc5fa0 RCX: 00007f348498ebe9 [ 1222.645326][T18469] RDX: 0000200000000300 RSI: 00000000800454d7 RDI: 0000000000000003 [ 1222.653277][T18469] RBP: 00007f3485886090 R08: 0000000000000000 R09: 0000000000000000 [ 1222.661223][T18469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1222.669186][T18469] R13: 00007f3484bc6038 R14: 00007f3484bc5fa0 R15: 00007ffc46aa3438 [ 1222.677140][T18469] [ 1222.744038][ T675] usb 3-1: new high-speed USB device number 82 using dummy_hcd [ 1222.813829][T18477] loop0: detected capacity change from 0 to 8192 [ 1223.814130][ T675] usb 3-1: Using ep0 maxpacket: 16 [ 1223.820828][ T675] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1223.843178][ T675] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1223.858429][ T675] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1223.866733][ T675] usb 3-1: Product: syz [ 1223.871015][ T675] usb 3-1: Manufacturer: syz [ 1223.875816][ T675] usb 3-1: SerialNumber: syz [ 1223.881719][ T675] usb 3-1: config 0 descriptor?? [ 1223.888088][ T675] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 1223.896284][ T675] usb 3-1: Detected FT232R [ 1224.099936][T10208] usb 5-1: new high-speed USB device number 89 using dummy_hcd [ 1224.107711][ T675] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1224.114842][ T675] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1224.121896][ T675] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 1224.128930][ T675] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1224.137848][ T675] usb 3-1: USB disconnect, device number 82 [ 1224.144825][ T675] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1224.154311][ T675] ftdi_sio 3-1:0.0: device disconnected [ 1224.184064][ T39] usb 1-1: new high-speed USB device number 84 using dummy_hcd [ 1224.294016][T10208] usb 5-1: Using ep0 maxpacket: 16 [ 1224.300192][T10208] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1224.310526][T10208] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1224.319641][T10208] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1224.327702][T10208] usb 5-1: Product: syz [ 1224.331867][T10208] usb 5-1: Manufacturer: syz [ 1224.336478][T10208] usb 5-1: SerialNumber: syz [ 1224.341825][T10208] usb 5-1: config 0 descriptor?? [ 1224.347630][T10208] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 1224.355565][T10208] usb 5-1: Detected FT232R [ 1224.364165][ T39] usb 1-1: Using ep0 maxpacket: 16 [ 1224.370481][ T39] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1224.380829][ T39] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1224.389935][ T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1224.398049][ T39] usb 1-1: Product: syz [ 1224.402229][ T39] usb 1-1: Manufacturer: syz [ 1224.406882][ T39] usb 1-1: SerialNumber: syz [ 1224.412366][ T39] usb 1-1: config 0 descriptor?? [ 1224.418359][ T39] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 1224.426232][ T39] usb 1-1: Detected FT232R [ 1224.587966][T10208] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1224.595062][T10208] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1224.602200][T10208] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71 [ 1224.609763][T10208] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1224.619502][T10208] usb 5-1: USB disconnect, device number 89 [ 1224.626295][T10208] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1224.677036][T10208] ftdi_sio 5-1:0.0: device disconnected [ 1225.231830][T18513] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5491'. [ 1225.252370][T18516] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5492'. [ 1225.261347][T18516] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5492'. [ 1225.789010][ T39] ftdi_sio ttyUSB1: Unable to read latency timer: -71 [ 1225.830328][ T39] ftdi_sio ttyUSB1: Unable to write latency timer: -71 [ 1226.362688][ T39] ftdi_sio 1-1:0.0: GPIO initialisation failed: -71 [ 1227.365854][ T39] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB1 [ 1227.376184][ T39] usb 1-1: USB disconnect, device number 84 [ 1227.382890][ T39] ftdi_sio ttyUSB1: FTDI USB Serial Device converter now disconnected from ttyUSB1 [ 1227.393094][ T39] ftdi_sio 1-1:0.0: device disconnected [ 1228.596799][T18546] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5500'. [ 1228.942294][T12210] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 1229.635782][T18561] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5503'. [ 1229.704029][T12210] usb 2-1: Using ep0 maxpacket: 16 [ 1229.710966][T12210] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1229.725226][T12210] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1229.734329][T12210] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1229.742348][T12210] usb 2-1: Product: syz [ 1229.746880][T12210] usb 2-1: Manufacturer: syz [ 1229.751489][T12210] usb 2-1: SerialNumber: syz [ 1229.756957][T12210] usb 2-1: config 0 descriptor?? [ 1229.768985][T12210] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 1229.777056][T12210] usb 2-1: Detected FT232R [ 1229.794033][T13079] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 1230.166179][T13079] usb 3-1: Using ep0 maxpacket: 16 [ 1230.172716][T13079] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1230.193354][T13079] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1230.207636][T13079] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1230.220860][T13079] usb 3-1: Product: syz [ 1230.227167][T13079] usb 3-1: Manufacturer: syz [ 1230.227515][T12210] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1230.234158][T13079] usb 3-1: SerialNumber: syz [ 1230.245326][T12210] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1230.248079][T13079] usb 3-1: config 0 descriptor?? [ 1230.259304][T12210] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71 [ 1230.265379][T13079] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 1230.275941][T12210] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1230.277461][T13079] usb 3-1: Detected FT232R [ 1230.319672][T12210] usb 2-1: USB disconnect, device number 70 [ 1230.359237][T12210] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1230.387949][T12210] ftdi_sio 2-1:0.0: device disconnected [ 1230.496525][T13079] ftdi_sio ttyUSB1: Unable to read latency timer: -71 [ 1230.506502][T13079] ftdi_sio ttyUSB1: Unable to write latency timer: -71 [ 1230.520324][T13079] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 1230.530319][T13079] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB1 [ 1230.552268][T13079] usb 3-1: USB disconnect, device number 83 [ 1230.562738][T13079] ftdi_sio ttyUSB1: FTDI USB Serial Device converter now disconnected from ttyUSB1 [ 1230.573806][T13079] ftdi_sio 3-1:0.0: device disconnected [ 1230.918905][T18586] fuse: Unknown parameter 'grou00000000000000000000' [ 1232.015142][T18595] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5515'. [ 1232.024047][T18595] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5515'. [ 1232.463499][ T28] audit: type=1400 audit(1756863011.646:584): avc: denied { write } for pid=18603 comm="syz.1.5517" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 1232.516561][ T28] audit: type=1400 audit(1756863011.686:585): avc: denied { read } for pid=18603 comm="syz.1.5517" name="msr" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 1232.541964][ T28] audit: type=1400 audit(1756863011.686:586): avc: denied { open } for pid=18603 comm="syz.1.5517" path="/dev/cpu/0/msr" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 1232.583622][T18609] FAULT_INJECTION: forcing a failure. [ 1232.583622][T18609] name failslab, interval 1, probability 0, space 0, times 0 [ 1232.596231][T18609] CPU: 1 PID: 18609 Comm: syz.2.5520 Not tainted syzkaller #0 [ 1232.603693][T18609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1232.613745][T18609] Call Trace: [ 1232.617020][T18609] [ 1232.619944][T18609] __dump_stack+0x21/0x24 [ 1232.624270][T18609] dump_stack_lvl+0xee/0x150 [ 1232.628864][T18609] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1232.633886][T18609] ? finish_task_switch+0x16b/0x7b0 [ 1232.639088][T18609] ? __switch_to_asm+0x3a/0x60 [ 1232.643864][T18609] dump_stack+0x15/0x24 [ 1232.648018][T18609] should_fail_ex+0x3d4/0x520 [ 1232.652702][T18609] ? __sigqueue_alloc+0x13f/0x210 [ 1232.657722][T18609] __should_failslab+0xac/0xf0 [ 1232.662479][T18609] should_failslab+0x9/0x20 [ 1232.666971][T18609] kmem_cache_alloc+0x3b/0x330 [ 1232.671740][T18609] __sigqueue_alloc+0x13f/0x210 [ 1232.676595][T18609] __send_signal_locked+0x19d/0xb70 [ 1232.681788][T18609] ? __kasan_check_write+0x14/0x20 [ 1232.686887][T18609] ? __task_pid_nr_ns+0x1dd/0x280 [ 1232.691891][T18609] send_signal_locked+0x422/0x580 [ 1232.696896][T18609] force_sig_info_to_task+0x31c/0x3f0 [ 1232.702248][T18609] force_sig+0xb7/0x100 [ 1232.706382][T18609] ? __cfi_force_sig+0x10/0x10 [ 1232.711124][T18609] ? __schedule+0xb8f/0x14e0 [ 1232.715709][T18609] ? cond_local_irq_disable+0x40/0x40 [ 1232.721070][T18609] gp_user_force_sig_segv+0xc2/0x1f0 [ 1232.726336][T18609] exc_general_protection+0xb9/0x1e0 [ 1232.731601][T18609] ? fpregs_restore_userregs+0x128/0x260 [ 1232.737220][T18609] asm_exc_general_protection+0x27/0x30 [ 1232.742743][T18609] RIP: 0033:0x7fb6a3d67739 [ 1232.747140][T18609] Code: f8 77 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 89 f8 48 89 fa c5 f9 ef c0 25 ff 0f 00 00 3d e0 0f 00 00 0f 87 27 01 00 00 fd 74 0f c5 fd d7 c1 85 c0 74 5b f3 0f bc c0 e9 30 01 00 00 66 [ 1232.766726][T18609] RSP: 002b:00007fb6a4b497c8 EFLAGS: 00010283 [ 1232.772779][T18609] RAX: 0000000000000999 RBX: 00007fb6a4b49d30 RCX: 00007fb6a3f88120 [ 1232.780737][T18609] RDX: 9999999999999999 RSI: 00007fb6a3e11b31 RDI: 9999999999999999 [ 1232.788694][T18609] RBP: 000000000000000b R08: 0000000000000000 R09: 0000000000000000 [ 1232.796667][T18609] R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000000073 [ 1232.804620][T18609] R13: 00007fb6a4b49eb0 R14: 9999999999999999 R15: 0000000000000000 [ 1232.812573][T18609] [ 1232.974141][ T336] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 1233.174075][ T336] usb 4-1: Using ep0 maxpacket: 16 [ 1233.305974][ T336] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1233.330046][ T336] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1233.340289][ T336] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1233.348695][ T336] usb 4-1: Product: syz [ 1233.373236][ T336] usb 4-1: Manufacturer: syz [ 1233.398584][ T336] usb 4-1: SerialNumber: syz [ 1233.405599][ T336] usb 4-1: config 0 descriptor?? [ 1233.418221][ T336] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 1233.426450][ T336] usb 4-1: Detected FT232R [ 1233.475176][T18626] FAULT_INJECTION: forcing a failure. [ 1233.475176][T18626] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1233.488640][T18626] CPU: 0 PID: 18626 Comm: syz.4.5524 Not tainted syzkaller #0 [ 1233.496111][T18626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1233.506278][T18626] Call Trace: [ 1233.509565][T18626] [ 1233.512498][T18626] __dump_stack+0x21/0x24 [ 1233.516879][T18626] dump_stack_lvl+0xee/0x150 [ 1233.521549][T18626] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1233.526569][T18626] dump_stack+0x15/0x24 [ 1233.530713][T18626] should_fail_ex+0x3d4/0x520 [ 1233.535408][T18626] should_fail+0xb/0x10 [ 1233.539645][T18626] should_fail_usercopy+0x1a/0x20 [ 1233.544681][T18626] _copy_from_user+0x1e/0xc0 [ 1233.549356][T18626] sock_do_ioctl+0x186/0x310 [ 1233.553949][T18626] ? sock_show_fdinfo+0xb0/0xb0 [ 1233.558808][T18626] ? selinux_file_ioctl+0x377/0x480 [ 1233.564004][T18626] sock_ioctl+0x4d8/0x6e0 [ 1233.568329][T18626] ? __cfi_sock_ioctl+0x10/0x10 [ 1233.573259][T18626] ? __fget_files+0x2d5/0x330 [ 1233.577932][T18626] ? security_file_ioctl+0x95/0xc0 [ 1233.583050][T18626] ? __cfi_sock_ioctl+0x10/0x10 [ 1233.587903][T18626] __se_sys_ioctl+0x12f/0x1b0 [ 1233.592600][T18626] __x64_sys_ioctl+0x7b/0x90 [ 1233.597195][T18626] x64_sys_call+0x58b/0x9a0 [ 1233.601701][T18626] do_syscall_64+0x4c/0xa0 [ 1233.606113][T18626] ? clear_bhb_loop+0x30/0x80 [ 1233.610778][T18626] ? clear_bhb_loop+0x30/0x80 [ 1233.615451][T18626] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1233.621348][T18626] RIP: 0033:0x7f5e7118ebe9 [ 1233.625752][T18626] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1233.645365][T18626] RSP: 002b:00007f5e71f90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1233.653771][T18626] RAX: ffffffffffffffda RBX: 00007f5e713c5fa0 RCX: 00007f5e7118ebe9 [ 1233.661727][T18626] RDX: 0000200000000140 RSI: 0000000000008914 RDI: 000000000000000a [ 1233.669691][T18626] RBP: 00007f5e71f90090 R08: 0000000000000000 R09: 0000000000000000 [ 1233.677653][T18626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1233.685616][T18626] R13: 00007f5e713c6038 R14: 00007f5e713c5fa0 R15: 00007fffd16b0bc8 [ 1233.693571][T18626] [ 1233.698043][T18628] device pim6reg1 entered promiscuous mode [ 1233.773348][ T336] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1233.780874][ T336] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1233.788158][ T336] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 1233.795463][ T336] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1234.159361][T18638] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5527'. [ 1234.168319][T18638] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5527'. [ 1234.273728][ T336] usb 4-1: USB disconnect, device number 60 [ 1234.385144][ T336] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1234.395560][ T336] ftdi_sio 4-1:0.0: device disconnected [ 1235.453307][T18650] FAULT_INJECTION: forcing a failure. [ 1235.453307][T18650] name failslab, interval 1, probability 0, space 0, times 0 [ 1235.466174][T18650] CPU: 0 PID: 18650 Comm: syz.4.5531 Not tainted syzkaller #0 [ 1235.473716][T18650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1235.483932][T18650] Call Trace: [ 1235.487193][T18650] [ 1235.490105][T18650] __dump_stack+0x21/0x24 [ 1235.494422][T18650] dump_stack_lvl+0xee/0x150 [ 1235.498990][T18650] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1235.504006][T18650] ? avc_has_perm+0x158/0x240 [ 1235.508674][T18650] dump_stack+0x15/0x24 [ 1235.512812][T18650] should_fail_ex+0x3d4/0x520 [ 1235.517471][T18650] __should_failslab+0xac/0xf0 [ 1235.522218][T18650] should_failslab+0x9/0x20 [ 1235.526724][T18650] slab_pre_alloc_hook+0x30/0x1e0 [ 1235.531752][T18650] ? __kasan_check_write+0x14/0x20 [ 1235.536873][T18650] kmem_cache_alloc_lru+0x49/0x280 [ 1235.541988][T18650] ? sock_alloc_inode+0x28/0xc0 [ 1235.546841][T18650] sock_alloc_inode+0x28/0xc0 [ 1235.551515][T18650] ? __cfi_sock_alloc_inode+0x10/0x10 [ 1235.556884][T18650] new_inode_pseudo+0x70/0x1f0 [ 1235.561649][T18650] __sock_create+0x12c/0x7c0 [ 1235.566247][T18650] __sys_socketpair+0x1a1/0x5b0 [ 1235.571099][T18650] __x64_sys_socketpair+0x9b/0xb0 [ 1235.576117][T18650] x64_sys_call+0x6e/0x9a0 [ 1235.580527][T18650] do_syscall_64+0x4c/0xa0 [ 1235.584935][T18650] ? clear_bhb_loop+0x30/0x80 [ 1235.589602][T18650] ? clear_bhb_loop+0x30/0x80 [ 1235.594270][T18650] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1235.600144][T18650] RIP: 0033:0x7f5e7118ebe9 [ 1235.604552][T18650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1235.624141][T18650] RSP: 002b:00007f5e71f90038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 1235.632546][T18650] RAX: ffffffffffffffda RBX: 00007f5e713c5fa0 RCX: 00007f5e7118ebe9 [ 1235.640497][T18650] RDX: 0000000000000002 RSI: 0000000000000003 RDI: 000000000000000f [ 1235.648444][T18650] RBP: 00007f5e71f90090 R08: 0000000000000000 R09: 0000000000000000 [ 1235.656392][T18650] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001 [ 1235.664344][T18650] R13: 00007f5e713c6038 R14: 00007f5e713c5fa0 R15: 00007fffd16b0bc8 [ 1235.672298][T18650] [ 1235.716235][T18650] socket: no more sockets [ 1237.334607][T18686] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5542'. [ 1237.343485][T18686] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5542'. [ 1237.517938][T18683] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5540'. [ 1237.856377][T18709] FAULT_INJECTION: forcing a failure. [ 1237.856377][T18709] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1237.869484][T18709] CPU: 1 PID: 18709 Comm: syz.0.5547 Not tainted syzkaller #0 [ 1237.876941][T18709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1237.886989][T18709] Call Trace: [ 1237.890256][T18709] [ 1237.893179][T18709] __dump_stack+0x21/0x24 [ 1237.897593][T18709] dump_stack_lvl+0xee/0x150 [ 1237.902177][T18709] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1237.907209][T18709] dump_stack+0x15/0x24 [ 1237.911370][T18709] should_fail_ex+0x3d4/0x520 [ 1237.916059][T18709] should_fail+0xb/0x10 [ 1237.920214][T18709] should_fail_usercopy+0x1a/0x20 [ 1237.925233][T18709] _copy_from_user+0x1e/0xc0 [ 1237.929818][T18709] do_ipt_set_ctl+0x676/0xcb0 [ 1237.934483][T18709] ? __schedule+0xb8f/0x14e0 [ 1237.939064][T18709] ? __cfi_do_ipt_set_ctl+0x10/0x10 [ 1237.944238][T18709] ? __kasan_check_read+0x11/0x20 [ 1237.949242][T18709] ? preempt_schedule_irq+0xbb/0x110 [ 1237.954499][T18709] ? __kasan_check_write+0x14/0x20 [ 1237.959581][T18709] ? mutex_unlock+0x89/0x220 [ 1237.964141][T18709] ? __cfi_mutex_unlock+0x10/0x10 [ 1237.969134][T18709] ? irqentry_exit+0x37/0x40 [ 1237.973695][T18709] ? sysvec_reschedule_ipi+0x78/0x80 [ 1237.978949][T18709] nf_setsockopt+0x284/0x2b0 [ 1237.983511][T18709] ip_setsockopt+0xed/0x100 [ 1237.987994][T18709] udp_setsockopt+0x8a/0xa0 [ 1237.992467][T18709] sock_common_setsockopt+0xb1/0xc0 [ 1237.997638][T18709] ? __cfi_sock_common_setsockopt+0x10/0x10 [ 1238.003501][T18709] __sys_setsockopt+0x306/0x4e0 [ 1238.008322][T18709] ? __cfi___sys_setsockopt+0x10/0x10 [ 1238.013663][T18709] ? ksys_write+0x1eb/0x240 [ 1238.018145][T18709] ? __kasan_check_write+0x14/0x20 [ 1238.023232][T18709] ? fpregs_restore_userregs+0x128/0x260 [ 1238.028924][T18709] __x64_sys_setsockopt+0xbf/0xd0 [ 1238.033924][T18709] x64_sys_call+0x124/0x9a0 [ 1238.038400][T18709] do_syscall_64+0x4c/0xa0 [ 1238.042786][T18709] ? clear_bhb_loop+0x30/0x80 [ 1238.047456][T18709] ? clear_bhb_loop+0x30/0x80 [ 1238.052106][T18709] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1238.057974][T18709] RIP: 0033:0x7f348498ebe9 [ 1238.062359][T18709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1238.081939][T18709] RSP: 002b:00007f3485844038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1238.090322][T18709] RAX: ffffffffffffffda RBX: 00007f3484bc6180 RCX: 00007f348498ebe9 [ 1238.098264][T18709] RDX: 0000000000000040 RSI: 9003000000000000 RDI: 0000000000000008 [ 1238.106220][T18709] RBP: 00007f3485844090 R08: 0000000000000328 R09: 0000000000000000 [ 1238.114163][T18709] R10: 0000200000000b40 R11: 0000000000000246 R12: 0000000000000001 [ 1238.122111][T18709] R13: 00007f3484bc6218 R14: 00007f3484bc6180 R15: 00007ffc46aa3438 [ 1238.130055][T18709] [ 1238.238140][ T9726] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 1238.638645][T18713] xt_socket: unknown flags 0x50 [ 1239.227667][T18712] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5551'. [ 1239.236572][T18712] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5551'. [ 1239.370443][ T9726] usb 2-1: Using ep0 maxpacket: 16 [ 1239.376748][ T9726] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1239.387520][ T9726] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1239.396838][ T9726] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1239.405061][ T9726] usb 2-1: Product: syz [ 1239.409323][ T9726] usb 2-1: Manufacturer: syz [ 1239.430734][ T9726] usb 2-1: SerialNumber: syz [ 1239.454593][ T9726] usb 2-1: config 0 descriptor?? [ 1239.472207][ T9726] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 1239.507413][ T9726] usb 2-1: Detected FT232R [ 1239.604037][T12210] usb 3-1: new high-speed USB device number 84 using dummy_hcd [ 1239.654023][T13079] usb 1-1: new high-speed USB device number 85 using dummy_hcd [ 1239.671337][ T9726] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1239.683079][ T9726] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1239.703774][ T9726] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71 [ 1239.751081][T18722] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5554'. [ 1239.760072][T18722] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5554'. [ 1239.797711][ T9726] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1239.864502][T12210] usb 3-1: Using ep0 maxpacket: 32 [ 1239.871004][T12210] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 1239.879779][ T9726] usb 2-1: USB disconnect, device number 71 [ 1239.886366][ T9726] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1239.904697][T12210] usb 3-1: config 0 has no interface number 0 [ 1239.910798][T12210] usb 3-1: config 0 interface 184 has no altsetting 0 [ 1239.917772][ T9726] ftdi_sio 2-1:0.0: device disconnected [ 1239.924741][T12210] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1239.933804][T12210] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1239.934030][T13079] usb 1-1: Using ep0 maxpacket: 32 [ 1239.942031][T12210] usb 3-1: Product: syz [ 1239.948897][T13079] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 1239.951107][T12210] usb 3-1: Manufacturer: syz [ 1239.959523][T13079] usb 1-1: config 0 has no interface number 0 [ 1239.963884][T12210] usb 3-1: SerialNumber: syz [ 1239.970250][T13079] usb 1-1: config 0 interface 184 has no altsetting 0 [ 1239.975460][T12210] usb 3-1: config 0 descriptor?? [ 1239.984072][T13079] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1239.987310][T12210] smsc75xx v1.0.0 [ 1239.995669][T13079] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1240.007195][T13079] usb 1-1: Product: syz [ 1240.011394][T13079] usb 1-1: Manufacturer: syz [ 1240.016104][T13079] usb 1-1: SerialNumber: syz [ 1240.021491][T13079] usb 1-1: config 0 descriptor?? [ 1240.027172][T13079] smsc75xx v1.0.0 [ 1240.876840][T18728] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5555'. [ 1240.885755][T18728] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5555'. [ 1241.315316][T18738] overlayfs: missing 'lowerdir' [ 1242.216657][T12210] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1242.235958][T13079] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 1242.254938][T12210] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 1242.265102][T12210] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 1242.276908][T12210] smsc75xx: probe of 3-1:0.184 failed with error -71 [ 1242.277241][T13079] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 1242.286537][T12210] usb 3-1: USB disconnect, device number 84 [ 1242.327383][T13079] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 1242.376711][T13079] smsc75xx: probe of 1-1:0.184 failed with error -71 [ 1242.391992][T13079] usb 1-1: USB disconnect, device number 85 [ 1242.696007][T18766] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5566'. [ 1242.704945][T18766] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5566'. [ 1242.749354][T18768] loop0: detected capacity change from 0 to 512 [ 1242.776126][T18768] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1242.785088][T18768] ext4 filesystem being mounted at /451/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1242.804778][ T335] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 1242.920246][T12210] usb 3-1: new high-speed USB device number 85 using dummy_hcd [ 1243.104111][T12210] usb 3-1: Using ep0 maxpacket: 16 [ 1243.195713][ T335] usb 4-1: Using ep0 maxpacket: 16 [ 1243.205942][ T335] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1243.209524][T12210] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1243.225212][ T335] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1243.236385][ T335] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1243.251274][T10434] EXT4-fs (loop0): unmounting filesystem. [ 1243.258153][T12210] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1243.259144][ T335] usb 4-1: Product: syz [ 1243.274017][T12210] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1243.283297][T12210] usb 3-1: Product: syz [ 1243.287679][ T335] usb 4-1: Manufacturer: syz [ 1243.287736][T12210] usb 3-1: Manufacturer: syz [ 1243.296885][ T335] usb 4-1: SerialNumber: syz [ 1243.304305][T12210] usb 3-1: SerialNumber: syz [ 1243.312561][T12210] usb 3-1: config 0 descriptor?? [ 1243.312598][ T335] usb 4-1: config 0 descriptor?? [ 1243.324436][ T335] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 1243.324452][T12210] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 1243.340053][ T335] usb 4-1: Detected FT232R [ 1243.354279][T12210] usb 3-1: Detected FT232R [ 1243.544574][ T335] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1243.552979][ T335] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1243.560478][ T335] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 1243.569927][T12210] ftdi_sio ttyUSB1: Unable to read latency timer: -71 [ 1243.577324][T12210] ftdi_sio ttyUSB1: Unable to write latency timer: -71 [ 1243.577919][ T335] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1243.584589][T12210] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 1243.600144][ T335] usb 4-1: USB disconnect, device number 61 [ 1243.610569][ T335] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1243.614437][T12210] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB1 [ 1243.625394][ T335] ftdi_sio 4-1:0.0: device disconnected [ 1243.641365][T12210] usb 3-1: USB disconnect, device number 85 [ 1243.650683][T12210] ftdi_sio ttyUSB1: FTDI USB Serial Device converter now disconnected from ttyUSB1 [ 1243.660988][T12210] ftdi_sio 3-1:0.0: device disconnected [ 1243.756903][T18786] overlayfs: missing 'lowerdir' [ 1244.534157][T12210] usb 5-1: new high-speed USB device number 90 using dummy_hcd [ 1245.286931][T12210] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1245.296122][T12210] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 1245.307970][T12210] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16 [ 1245.318889][T12210] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 1245.329912][T12210] usb 5-1: language id specifier not provided by device, defaulting to English [ 1245.625096][T12210] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1245.634195][T12210] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1245.642158][T12210] usb 5-1: Product: syz [ 1245.646336][T12210] usb 5-1: Manufacturer: 񰄉 [ 1245.651008][T12210] usb 5-1: SerialNumber: syz [ 1245.754066][ T335] usb 1-1: new high-speed USB device number 86 using dummy_hcd [ 1245.864997][T18803] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=18803 comm=syz.4.5579 [ 1245.880058][T18803] tipc: MTU too low for tipc bearer [ 1245.888457][T12210] cdc_ncm 5-1:1.0: bind() failure [ 1245.894073][T12210] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 1245.894231][T13079] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 1245.900911][T12210] cdc_ncm 5-1:1.1: bind() failure [ 1245.904296][T12210] usb 5-1: USB disconnect, device number 90 [ 1245.934027][ T335] usb 1-1: Using ep0 maxpacket: 16 [ 1245.940609][ T335] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1245.951281][ T335] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1245.960467][ T335] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1245.968544][ T335] usb 1-1: Product: syz [ 1245.972739][ T335] usb 1-1: Manufacturer: syz [ 1245.977364][ T335] usb 1-1: SerialNumber: syz [ 1245.982465][ T335] usb 1-1: config 0 descriptor?? [ 1245.994454][ T335] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 1246.002354][ T335] usb 1-1: Detected FT232R [ 1246.084010][T13079] usb 4-1: Using ep0 maxpacket: 16 [ 1246.090325][T13079] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1246.101173][T13079] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1246.134625][T13079] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1246.142789][T13079] usb 4-1: Product: syz [ 1246.147000][T13079] usb 4-1: Manufacturer: syz [ 1246.151753][T13079] usb 4-1: SerialNumber: syz [ 1246.160449][T13079] usb 4-1: config 0 descriptor?? [ 1246.167874][T13079] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 1246.177172][T13079] usb 4-1: Detected FT232R [ 1246.212463][ T335] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1246.222069][ T335] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1246.229564][ T335] ftdi_sio 1-1:0.0: GPIO initialisation failed: -71 [ 1246.237021][ T335] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1246.320521][ T335] usb 1-1: USB disconnect, device number 86 [ 1246.344690][ T335] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1246.356226][ T335] ftdi_sio 1-1:0.0: device disconnected [ 1246.407505][T13079] ftdi_sio ttyUSB1: Unable to read latency timer: -71 [ 1246.418559][T13079] ftdi_sio ttyUSB1: Unable to write latency timer: -71 [ 1246.426399][T13079] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 1246.442341][T13079] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB1 [ 1246.470932][T13079] usb 4-1: USB disconnect, device number 62 [ 1246.481743][T13079] ftdi_sio ttyUSB1: FTDI USB Serial Device converter now disconnected from ttyUSB1 [ 1246.492970][T13079] ftdi_sio 4-1:0.0: device disconnected [ 1247.407457][T18867] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5597'. [ 1248.537295][T18888] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5604'. [ 1249.064011][T18891] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5605'. [ 1249.304052][ T6] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 1250.468881][T18912] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5609'. [ 1250.477985][T18912] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5609'. [ 1250.874068][ T6] usb 2-1: Using ep0 maxpacket: 16 [ 1250.880387][ T6] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1250.949769][T18933] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5616'. [ 1250.958769][T18933] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5616'. [ 1251.536439][ T6] usb 2-1: string descriptor 0 read error: -71 [ 1251.547958][ T6] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1251.589748][ T6] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1251.598907][ T6] usb 2-1: config 0 descriptor?? [ 1251.610277][ T6] usb 2-1: can't set config #0, error -71 [ 1251.616913][ T6] usb 2-1: USB disconnect, device number 72 [ 1251.717981][T18948] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5621'. [ 1252.194107][T12210] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 1252.374018][T12210] usb 4-1: Using ep0 maxpacket: 16 [ 1252.380153][T12210] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1252.390531][T12210] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1252.394007][ T6] usb 2-1: new high-speed USB device number 73 using dummy_hcd [ 1252.399682][T12210] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1252.415207][T12210] usb 4-1: Product: syz [ 1252.419497][T12210] usb 4-1: Manufacturer: syz [ 1252.424249][T12210] usb 4-1: SerialNumber: syz [ 1252.432134][T12210] usb 4-1: config 0 descriptor?? [ 1252.437915][T12210] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 1252.445624][T12210] usb 4-1: Detected FT232R [ 1252.627277][T18966] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5628'. [ 1252.734009][ T6] usb 2-1: Using ep0 maxpacket: 32 [ 1252.740246][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1252.751655][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1252.761645][ T6] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1252.774584][ T6] usb 2-1: New USB device found, idVendor=056a, idProduct=0307, bcdDevice= 0.00 [ 1252.783640][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1252.792038][T12210] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1252.796998][ T6] usb 2-1: config 0 descriptor?? [ 1252.799129][T12210] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1252.810961][T12210] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 1252.818450][T12210] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1252.828636][T12210] usb 4-1: USB disconnect, device number 63 [ 1252.838841][T12210] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1252.848607][T12210] ftdi_sio 4-1:0.0: device disconnected [ 1253.278048][ T675] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 1254.348306][ T675] usb 5-1: Using ep0 maxpacket: 16 [ 1254.424264][ T675] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1254.466696][ T6] usb 2-1: string descriptor 0 read error: -71 [ 1254.494031][ T6] usbhid 2-1:0.0: can't add hid device: -71 [ 1254.510466][ T6] usbhid: probe of 2-1:0.0 failed with error -71 [ 1254.518506][ T675] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1254.537387][ T6] usb 2-1: USB disconnect, device number 73 [ 1254.550162][ T675] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1254.597947][ T675] usb 5-1: Product: syz [ 1254.605574][ T675] usb 5-1: Manufacturer: syz [ 1254.612330][ T675] usb 5-1: SerialNumber: syz [ 1254.671353][ T675] usb 5-1: config 0 descriptor?? [ 1255.175082][T18996] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5639'. [ 1255.246376][T18998] loop0: detected capacity change from 0 to 512 [ 1255.394739][T18999] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5638'. [ 1255.403627][T18999] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5638'. [ 1255.417280][ T675] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 1255.425356][ T675] usb 5-1: Detected FT232R [ 1255.434177][ T675] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1255.446032][ T675] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1255.458770][ T675] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71 [ 1255.494465][ T675] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1255.516281][T18998] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1255.525241][T18998] ext4 filesystem being mounted at /465/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1255.544570][ T675] usb 5-1: USB disconnect, device number 91 [ 1255.551479][ T675] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1255.564560][ T675] ftdi_sio 5-1:0.0: device disconnected [ 1255.856423][T10434] EXT4-fs (loop0): unmounting filesystem. [ 1256.238648][T19020] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5644'. [ 1257.665385][T19043] overlayfs: missing 'lowerdir' [ 1257.836591][T19052] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5651'. [ 1258.159637][T19059] loop0: detected capacity change from 0 to 256 [ 1258.200169][T19059] FAT-fs (loop0): Directory bread(block 64) failed [ 1258.216949][T19059] FAT-fs (loop0): Directory bread(block 65) failed [ 1258.236241][T19059] FAT-fs (loop0): Directory bread(block 66) failed [ 1258.246036][T19059] FAT-fs (loop0): Directory bread(block 67) failed [ 1258.252687][T19059] FAT-fs (loop0): Directory bread(block 68) failed [ 1258.259571][T19059] FAT-fs (loop0): Directory bread(block 69) failed [ 1258.275848][T19059] FAT-fs (loop0): Directory bread(block 70) failed [ 1258.282578][T19059] FAT-fs (loop0): Directory bread(block 71) failed [ 1258.289224][T19059] FAT-fs (loop0): Directory bread(block 72) failed [ 1258.295849][T19059] FAT-fs (loop0): Directory bread(block 73) failed [ 1258.305576][ T28] audit: type=1400 audit(1756863037.496:587): avc: denied { mount } for pid=19057 comm="syz.0.5655" name="/" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 1258.329803][T19065] FAULT_INJECTION: forcing a failure. [ 1258.329803][T19065] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1258.345024][T19065] CPU: 1 PID: 19065 Comm: syz.3.5658 Not tainted syzkaller #0 [ 1258.352494][T19065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1258.362544][T19065] Call Trace: [ 1258.365825][T19065] [ 1258.368763][T19065] __dump_stack+0x21/0x24 [ 1258.373087][T19065] dump_stack_lvl+0xee/0x150 [ 1258.377671][T19065] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1258.382708][T19065] ? ioctl_has_perm+0x391/0x4c0 [ 1258.387564][T19065] dump_stack+0x15/0x24 [ 1258.391717][T19065] should_fail_ex+0x3d4/0x520 [ 1258.396414][T19065] should_fail+0xb/0x10 [ 1258.400550][T19065] should_fail_usercopy+0x1a/0x20 [ 1258.405554][T19065] _copy_from_user+0x1e/0xc0 [ 1258.410136][T19065] __tun_chr_ioctl+0x1ed/0x1e70 [ 1258.414964][T19065] ? tun_flow_create+0x320/0x320 [ 1258.419880][T19065] ? mutex_unlock+0x89/0x220 [ 1258.424481][T19065] tun_chr_ioctl+0x2a/0x40 [ 1258.428880][T19065] ? __cfi_tun_chr_ioctl+0x10/0x10 [ 1258.433976][T19065] __se_sys_ioctl+0x12f/0x1b0 [ 1258.438682][T19065] __x64_sys_ioctl+0x7b/0x90 [ 1258.443252][T19065] x64_sys_call+0x58b/0x9a0 [ 1258.447748][T19065] do_syscall_64+0x4c/0xa0 [ 1258.452142][T19065] ? clear_bhb_loop+0x30/0x80 [ 1258.456798][T19065] ? clear_bhb_loop+0x30/0x80 [ 1258.461541][T19065] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1258.467518][T19065] RIP: 0033:0x7f98d1b8ebe9 [ 1258.471927][T19065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1258.491514][T19065] RSP: 002b:00007f98d2a7a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1258.499931][T19065] RAX: ffffffffffffffda RBX: 00007f98d1dc5fa0 RCX: 00007f98d1b8ebe9 [ 1258.507882][T19065] RDX: 0000200000000100 RSI: 00000000400454d9 RDI: 0000000000000009 [ 1258.515843][T19065] RBP: 00007f98d2a7a090 R08: 0000000000000000 R09: 0000000000000000 [ 1258.523806][T19065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1258.531770][T19065] R13: 00007f98d1dc6038 R14: 00007f98d1dc5fa0 R15: 00007ffec2bbc138 [ 1258.539733][T19065] [ 1258.614015][T12210] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 1258.623854][ T28] audit: type=1400 audit(1756863037.806:588): avc: denied { unmount } for pid=10434 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 1258.977182][T19074] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5660'. [ 1259.034063][T12210] usb 2-1: Using ep0 maxpacket: 32 [ 1259.041244][T12210] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1259.052469][T12210] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1259.065608][T12210] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1259.079798][T12210] usb 2-1: New USB device found, idVendor=056a, idProduct=0307, bcdDevice= 0.00 [ 1259.090109][T12210] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1259.102249][T12210] usb 2-1: config 0 descriptor?? [ 1260.780443][T19103] device pim6reg1 entered promiscuous mode [ 1260.828706][ T28] audit: type=1400 audit(1756863040.016:589): avc: denied { ioctl } for pid=19099 comm="syz.3.5670" path="socket:[115759]" dev="sockfs" ino=115759 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 1260.858945][ T28] audit: type=1400 audit(1756863040.016:590): avc: denied { read } for pid=19099 comm="syz.3.5670" path="socket:[115763]" dev="sockfs" ino=115763 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 1261.295507][T19111] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5672'. [ 1261.763293][T12210] usb 2-1: string descriptor 0 read error: -71 [ 1261.773103][T12210] usbhid 2-1:0.0: can't add hid device: -71 [ 1261.834046][T12210] usbhid: probe of 2-1:0.0 failed with error -71 [ 1261.841464][T12210] usb 2-1: USB disconnect, device number 74 [ 1262.805941][T19141] FAULT_INJECTION: forcing a failure. [ 1262.805941][T19141] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1262.839360][T19141] CPU: 0 PID: 19141 Comm: syz.3.5683 Not tainted syzkaller #0 [ 1262.846855][T19141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1262.856911][T19141] Call Trace: [ 1262.860188][T19141] [ 1262.863111][T19141] __dump_stack+0x21/0x24 [ 1262.867434][T19141] dump_stack_lvl+0xee/0x150 [ 1262.872022][T19141] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1262.877123][T19141] dump_stack+0x15/0x24 [ 1262.881269][T19141] should_fail_ex+0x3d4/0x520 [ 1262.886034][T19141] should_fail+0xb/0x10 [ 1262.890186][T19141] should_fail_usercopy+0x1a/0x20 [ 1262.895219][T19141] _copy_from_user+0x1e/0xc0 [ 1262.899804][T19141] __sys_bpf+0x277/0x780 [ 1262.904036][T19141] ? bpf_link_show_fdinfo+0x320/0x320 [ 1262.909409][T19141] ? __cfi_ksys_write+0x10/0x10 [ 1262.914263][T19141] ? debug_smp_processor_id+0x17/0x20 [ 1262.919633][T19141] __x64_sys_bpf+0x7c/0x90 [ 1262.924045][T19141] x64_sys_call+0x488/0x9a0 [ 1262.928543][T19141] do_syscall_64+0x4c/0xa0 [ 1262.932956][T19141] ? clear_bhb_loop+0x30/0x80 [ 1262.937632][T19141] ? clear_bhb_loop+0x30/0x80 [ 1262.942309][T19141] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1262.948196][T19141] RIP: 0033:0x7f98d1b8ebe9 [ 1262.952590][T19141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1262.972214][T19141] RSP: 002b:00007f98d2a7a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1262.980613][T19141] RAX: ffffffffffffffda RBX: 00007f98d1dc5fa0 RCX: 00007f98d1b8ebe9 [ 1262.988569][T19141] RDX: 0000000000000050 RSI: 0000200000000040 RDI: 000000000000000a [ 1262.996540][T19141] RBP: 00007f98d2a7a090 R08: 0000000000000000 R09: 0000000000000000 [ 1263.004505][T19141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1263.012471][T19141] R13: 00007f98d1dc6038 R14: 00007f98d1dc5fa0 R15: 00007ffec2bbc138 [ 1263.020473][T19141] [ 1263.922169][T19153] FAULT_INJECTION: forcing a failure. [ 1263.922169][T19153] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1264.124036][T19153] CPU: 1 PID: 19153 Comm: syz.1.5674 Not tainted syzkaller #0 [ 1264.131522][T19153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1264.141570][T19153] Call Trace: [ 1264.144842][T19153] [ 1264.147761][T19153] __dump_stack+0x21/0x24 [ 1264.152089][T19153] dump_stack_lvl+0xee/0x150 [ 1264.156688][T19153] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1264.161708][T19153] dump_stack+0x15/0x24 [ 1264.165854][T19153] should_fail_ex+0x3d4/0x520 [ 1264.170525][T19153] should_fail+0xb/0x10 [ 1264.174672][T19153] should_fail_usercopy+0x1a/0x20 [ 1264.179690][T19153] _copy_to_user+0x1e/0x90 [ 1264.184096][T19153] simple_read_from_buffer+0xe9/0x160 [ 1264.189457][T19153] proc_fail_nth_read+0x19a/0x210 [ 1264.194472][T19153] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 1264.200005][T19153] ? security_file_permission+0x94/0xb0 [ 1264.205543][T19153] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 1264.211082][T19153] vfs_read+0x26e/0x8c0 [ 1264.215231][T19153] ? __cfi_vfs_read+0x10/0x10 [ 1264.219899][T19153] ? __kasan_check_write+0x14/0x20 [ 1264.225006][T19153] ? mutex_lock+0x8d/0x1a0 [ 1264.229409][T19153] ? __cfi_mutex_lock+0x10/0x10 [ 1264.234251][T19153] ? __fdget_pos+0x2cd/0x380 [ 1264.238835][T19153] ? ksys_read+0x71/0x240 [ 1264.243171][T19153] ksys_read+0x140/0x240 [ 1264.247499][T19153] ? __cfi_ksys_read+0x10/0x10 [ 1264.252264][T19153] ? debug_smp_processor_id+0x17/0x20 [ 1264.257644][T19153] __x64_sys_read+0x7b/0x90 [ 1264.262150][T19153] x64_sys_call+0x2f/0x9a0 [ 1264.266560][T19153] do_syscall_64+0x4c/0xa0 [ 1264.270970][T19153] ? clear_bhb_loop+0x30/0x80 [ 1264.275653][T19153] ? clear_bhb_loop+0x30/0x80 [ 1264.280324][T19153] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1264.286213][T19153] RIP: 0033:0x7f07e378d5fc [ 1264.290619][T19153] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1264.310220][T19153] RSP: 002b:00007f07e45e3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1264.318619][T19153] RAX: ffffffffffffffda RBX: 00007f07e39c6180 RCX: 00007f07e378d5fc [ 1264.326570][T19153] RDX: 000000000000000f RSI: 00007f07e45e30a0 RDI: 0000000000000008 [ 1264.334520][T19153] RBP: 00007f07e45e3090 R08: 0000000000000000 R09: 0000000000000000 [ 1264.342472][T19153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1264.350436][T19153] R13: 00007f07e39c6218 R14: 00007f07e39c6180 R15: 00007ffe87b2af18 [ 1264.358409][T19153] [ 1264.434013][ T675] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 1264.556653][T12210] usb 5-1: new high-speed USB device number 92 using dummy_hcd [ 1264.565859][T19179] overlayfs: failed to resolve './file0': -2 [ 1264.717635][T19174] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5693'. [ 1264.727565][T19174] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5693'. [ 1264.753987][T12210] usb 5-1: Using ep0 maxpacket: 32 [ 1264.760241][T12210] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1264.774127][T12210] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1264.775072][ T675] usb 4-1: config 0 has an invalid interface number: 160 but max is 0 [ 1264.783983][T12210] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1264.799304][ T675] usb 4-1: config 0 has no interface number 0 [ 1264.805011][T12210] usb 5-1: New USB device found, idVendor=056a, idProduct=0307, bcdDevice= 0.00 [ 1264.811393][ T675] usb 4-1: config 0 interface 160 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 1264.820328][T12210] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1264.832793][ T675] usb 4-1: New USB device found, idVendor=05ac, idProduct=8101, bcdDevice=9e.4e [ 1264.846565][T12210] usb 5-1: config 0 descriptor?? [ 1264.848233][ T675] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1264.861538][ T675] usb 4-1: Product: syz [ 1264.865746][ T675] usb 4-1: Manufacturer: syz [ 1264.870329][ T675] usb 4-1: SerialNumber: syz [ 1264.885546][ T675] usb 4-1: config 0 descriptor?? [ 1264.895592][ T675] usb 4-1: Found UVC 0.00 device syz (05ac:8101) [ 1264.906109][ T675] usb 4-1: No valid video chain found. [ 1265.734750][T19165] ip6t_rpfilter: unknown options [ 1265.740460][T10208] usb 4-1: USB disconnect, device number 64 [ 1266.182591][T19201] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5698'. [ 1266.272115][T19202] loop0: detected capacity change from 0 to 512 [ 1266.430320][T19202] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1266.439723][T19202] ext4 filesystem being mounted at /488/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1266.458737][T19209] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 1266.473530][T19209] EXT4-fs (loop0): Remounting filesystem read-only [ 1266.616902][T10434] EXT4-fs (loop0): unmounting filesystem. [ 1266.642284][T19215] loop0: detected capacity change from 0 to 128 [ 1266.653927][T19215] FAT-fs (loop0): Unrecognized mount option "0xffffffffffffffff01777777777777777777777=d̞ YS38`" or missing value [ 1266.751979][T19221] overlayfs: missing 'lowerdir' [ 1266.809869][T12210] usb 5-1: string descriptor 0 read error: -71 [ 1266.821174][T12210] usbhid 5-1:0.0: can't add hid device: -71 [ 1266.993101][T19228] FAULT_INJECTION: forcing a failure. [ 1266.993101][T19228] name failslab, interval 1, probability 0, space 0, times 0 [ 1267.005774][T19228] CPU: 0 PID: 19228 Comm: syz.0.5701 Not tainted syzkaller #0 [ 1267.013231][T19228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1267.023275][T19228] Call Trace: [ 1267.026542][T19228] [ 1267.029460][T19228] __dump_stack+0x21/0x24 [ 1267.033869][T19228] dump_stack_lvl+0xee/0x150 [ 1267.038452][T19228] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1267.043473][T19228] ? __kasan_check_write+0x14/0x20 [ 1267.048582][T19228] dump_stack+0x15/0x24 [ 1267.052726][T19228] should_fail_ex+0x3d4/0x520 [ 1267.057399][T19228] ? getname_flags+0xb9/0x500 [ 1267.062068][T19228] __should_failslab+0xac/0xf0 [ 1267.066829][T19228] should_failslab+0x9/0x20 [ 1267.071322][T19228] kmem_cache_alloc+0x3b/0x330 [ 1267.076090][T19228] getname_flags+0xb9/0x500 [ 1267.080596][T19228] ? debug_smp_processor_id+0x17/0x20 [ 1267.085976][T19228] __x64_sys_mkdirat+0x7c/0xa0 [ 1267.090732][T19228] x64_sys_call+0x73d/0x9a0 [ 1267.095225][T19228] do_syscall_64+0x4c/0xa0 [ 1267.099626][T19228] ? clear_bhb_loop+0x30/0x80 [ 1267.104303][T19228] ? clear_bhb_loop+0x30/0x80 [ 1267.108971][T19228] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1267.114856][T19228] RIP: 0033:0x7f348498ebe9 [ 1267.119261][T19228] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1267.138940][T19228] RSP: 002b:00007f3485844038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 1267.147349][T19228] RAX: ffffffffffffffda RBX: 00007f3484bc6180 RCX: 00007f348498ebe9 [ 1267.155313][T19228] RDX: 0000000000000000 RSI: 0000200000001dc0 RDI: ffffffffffffff9c [ 1267.163274][T19228] RBP: 00007f3485844090 R08: 0000000000000000 R09: 0000000000000000 [ 1267.171236][T19228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1267.179198][T19228] R13: 00007f3484bc6218 R14: 00007f3484bc6180 R15: 00007ffc46aa3438 [ 1267.187165][T19228] [ 1267.470114][T12210] usbhid: probe of 5-1:0.0 failed with error -71 [ 1267.482823][T12210] usb 5-1: USB disconnect, device number 92 [ 1267.698133][T19243] sit: non-ECT from 0.0.0.0 with TOS=0x2 [ 1267.777704][T19243] loop0: detected capacity change from 0 to 512 [ 1267.819423][T19251] fuse: Invalid rootmode [ 1267.830023][T19243] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1267.840686][T19243] ext4 filesystem being mounted at /490/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1267.868354][T10434] EXT4-fs (loop0): unmounting filesystem. [ 1268.175886][T19268] loop0: detected capacity change from 0 to 512 [ 1268.185968][T19268] EXT4-fs error (device loop0): ext4_orphan_get:1400: inode #15: comm syz.0.5719: casefold flag without casefold feature [ 1268.198805][T19268] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.5719: couldn't read orphan inode 15 (err -117) [ 1268.918496][T19268] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1268.956430][T19275] overlayfs: failed to resolve './file1': -2 [ 1268.967209][T19275] overlayfs: failed to resolve './file1': -2 [ 1268.980287][T10434] EXT4-fs (loop0): unmounting filesystem. [ 1268.986063][ T28] audit: type=1400 audit(1756863048.166:591): avc: denied { setattr } for pid=19267 comm="syz.0.5719" name="file0" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 1268.986525][T19277] FAULT_INJECTION: forcing a failure. [ 1268.986525][T19277] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1269.021678][ T28] audit: type=1400 audit(1756863048.206:592): avc: denied { remount } for pid=19274 comm="syz.4.5721" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 1269.053383][T19277] CPU: 1 PID: 19277 Comm: syz.2.5722 Not tainted syzkaller #0 [ 1269.060861][T19277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1269.070917][T19277] Call Trace: [ 1269.074183][T19277] [ 1269.077129][T19277] __dump_stack+0x21/0x24 [ 1269.081449][T19277] dump_stack_lvl+0xee/0x150 [ 1269.086026][T19277] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1269.091040][T19277] dump_stack+0x15/0x24 [ 1269.095176][T19277] should_fail_ex+0x3d4/0x520 [ 1269.099838][T19277] should_fail+0xb/0x10 [ 1269.103984][T19277] should_fail_usercopy+0x1a/0x20 [ 1269.108998][T19277] _copy_from_user+0x1e/0xc0 [ 1269.113568][T19277] ___sys_recvmsg+0x12b/0x510 [ 1269.118227][T19277] ? __sys_recvmsg+0x270/0x270 [ 1269.122969][T19277] ? security_file_permission+0x94/0xb0 [ 1269.128581][T19277] ? __fget_files+0x2d5/0x330 [ 1269.133248][T19277] ? __fdget+0x19c/0x220 [ 1269.137483][T19277] __x64_sys_recvmsg+0x1ed/0x2c0 [ 1269.142429][T19277] ? __cfi___x64_sys_recvmsg+0x10/0x10 [ 1269.147890][T19277] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 1269.153951][T19277] x64_sys_call+0x75/0x9a0 [ 1269.158356][T19277] do_syscall_64+0x4c/0xa0 [ 1269.162760][T19277] ? clear_bhb_loop+0x30/0x80 [ 1269.167418][T19277] ? clear_bhb_loop+0x30/0x80 [ 1269.172074][T19277] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1269.177944][T19277] RIP: 0033:0x7fb6a3d8ebe9 [ 1269.182346][T19277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1269.202028][T19277] RSP: 002b:00007fb6a4b4a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 1269.210424][T19277] RAX: ffffffffffffffda RBX: 00007fb6a3fc5fa0 RCX: 00007fb6a3d8ebe9 [ 1269.218462][T19277] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000007 [ 1269.226414][T19277] RBP: 00007fb6a4b4a090 R08: 0000000000000000 R09: 0000000000000000 [ 1269.234372][T19277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1269.242330][T19277] R13: 00007fb6a3fc6038 R14: 00007fb6a3fc5fa0 R15: 00007ffc59d1f7d8 [ 1269.250290][T19277] [ 1269.264111][T19285] fuse: Bad value for 'rootmode' [ 1269.274561][T19282] device veth1_macvtap left promiscuous mode [ 1269.280974][T19282] device macsec0 entered promiscuous mode [ 1270.481777][ T28] audit: type=1400 audit(1756863049.656:593): avc: denied { ioctl } for pid=19301 comm="syz.3.5733" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=116139 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 1271.148062][T12210] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 1271.253037][T19316] loop0: detected capacity change from 0 to 512 [ 1271.296508][T19316] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 1271.309635][T19316] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 1271.477140][T19316] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2818: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 1271.491197][T19316] EXT4-fs (loop0): 1 truncate cleaned up [ 1271.496987][T19316] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1271.830986][T19324] fuse: Bad value for 'rootmode' [ 1271.909879][ T28] audit: type=1400 audit(1756863050.766:594): avc: denied { read write } for pid=19304 comm="syz.0.5734" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1271.940616][T19329] tipc: Can't bind to reserved service type 1 [ 1272.015084][T19333] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5738'. [ 1272.024024][T19333] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5738'. [ 1272.049370][T10434] EXT4-fs (loop0): unmounting filesystem. [ 1272.118469][ T28] audit: type=1400 audit(1756863050.766:595): avc: denied { open } for pid=19304 comm="syz.0.5734" path="/498/file2/file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 1272.199034][ T28] audit: type=1400 audit(1756863051.386:596): avc: denied { associate } for pid=19342 comm="syz.4.5744" name="pfkey" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 1272.342784][T19347] FAULT_INJECTION: forcing a failure. [ 1272.342784][T19347] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1272.355905][T19347] CPU: 1 PID: 19347 Comm: syz.3.5742 Not tainted syzkaller #0 [ 1272.363362][T19347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1272.373416][T19347] Call Trace: [ 1272.376699][T19347] [ 1272.379636][T19347] __dump_stack+0x21/0x24 [ 1272.383966][T19347] dump_stack_lvl+0xee/0x150 [ 1272.388553][T19347] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1272.393578][T19347] dump_stack+0x15/0x24 [ 1272.397726][T19347] should_fail_ex+0x3d4/0x520 [ 1272.402402][T19347] should_fail+0xb/0x10 [ 1272.406552][T19347] should_fail_usercopy+0x1a/0x20 [ 1272.411570][T19347] _copy_from_user+0x1e/0xc0 [ 1272.416150][T19347] iovec_from_user+0x1aa/0x2e0 [ 1272.420907][T19347] __import_iovec+0x71/0x470 [ 1272.425491][T19347] ? push_rt_task+0x35f/0x5b0 [ 1272.430171][T19347] import_iovec+0x7c/0xb0 [ 1272.434513][T19347] vfs_writev+0x113/0x590 [ 1272.438863][T19347] ? do_writev+0x2b0/0x2b0 [ 1272.443297][T19347] ? __schedule+0xb8f/0x14e0 [ 1272.447891][T19347] ? __fdget+0x19c/0x220 [ 1272.452134][T19347] ? __se_sys_pwritev2+0xad/0x2b0 [ 1272.457248][T19347] __se_sys_pwritev2+0x1a9/0x2b0 [ 1272.462223][T19347] ? __x64_sys_pwritev2+0xd0/0xd0 [ 1272.467247][T19347] __x64_sys_pwritev2+0xbf/0xd0 [ 1272.472097][T19347] x64_sys_call+0x2d6/0x9a0 [ 1272.476602][T19347] do_syscall_64+0x4c/0xa0 [ 1272.481108][T19347] ? clear_bhb_loop+0x30/0x80 [ 1272.485870][T19347] ? clear_bhb_loop+0x30/0x80 [ 1272.490637][T19347] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1272.496612][T19347] RIP: 0033:0x7f98d1b8ebe9 [ 1272.501016][T19347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1272.520625][T19347] RSP: 002b:00007f98d2a38038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 1272.529038][T19347] RAX: ffffffffffffffda RBX: 00007f98d1dc6180 RCX: 00007f98d1b8ebe9 [ 1272.537005][T19347] RDX: 0000000000000001 RSI: 00002000000001c0 RDI: 0000000000000007 [ 1272.544973][T19347] RBP: 00007f98d2a38090 R08: 0000000000000000 R09: 0000000000000000 [ 1272.552936][T19347] R10: 0000000000000e7b R11: 0000000000000246 R12: 0000000000000001 [ 1272.560897][T19347] R13: 00007f98d1dc6218 R14: 00007f98d1dc6180 R15: 00007ffec2bbc138 [ 1272.568867][T19347] [ 1272.634067][T12210] usb 2-1: device descriptor read/64, error -71 [ 1273.138413][T12210] usb 2-1: Using ep0 maxpacket: 16 [ 1273.156266][T12210] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1273.168221][T19359] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=19359 comm=syz.3.5746 [ 1273.203319][T19359] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=19359 comm=syz.3.5746 [ 1273.223288][T19359] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=19359 comm=syz.3.5746 [ 1273.236379][T19359] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=19359 comm=syz.3.5746 [ 1273.249810][T19359] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=19359 comm=syz.3.5746 [ 1273.262865][T19359] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=19359 comm=syz.3.5746 [ 1273.264623][T12210] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1273.281935][T19359] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=19359 comm=syz.3.5746 [ 1273.284913][T12210] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1273.305711][T19359] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=19359 comm=syz.3.5746 [ 1273.306704][T12210] usb 2-1: Product: syz [ 1273.318737][T19359] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=19359 comm=syz.3.5746 [ 1273.322609][T12210] usb 2-1: Manufacturer: syz [ 1273.339860][T12210] usb 2-1: SerialNumber: syz [ 1273.339960][T19359] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=19359 comm=syz.3.5746 [ 1273.345339][T12210] usb 2-1: config 0 descriptor?? [ 1273.787375][T12210] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 1273.797616][T12210] usb 2-1: Detected FT232R [ 1274.025829][ T39] usb 3-1: new high-speed USB device number 86 using dummy_hcd [ 1274.108478][T17061] udevd[17061]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory [ 1274.120981][T12210] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1274.130742][T12210] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1274.208805][T12210] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71 [ 1274.219248][T12210] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1274.904102][ T39] usb 3-1: Using ep0 maxpacket: 32 [ 1274.912965][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1275.459273][T12210] usb 2-1: USB disconnect, device number 75 [ 1275.465364][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1275.476111][T12210] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1275.510896][ T39] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1275.530734][T12210] ftdi_sio 2-1:0.0: device disconnected [ 1275.545309][T19397] FAULT_INJECTION: forcing a failure. [ 1275.545309][T19397] name failslab, interval 1, probability 0, space 0, times 0 [ 1275.607334][ T39] usb 3-1: New USB device found, idVendor=056a, idProduct=0307, bcdDevice= 0.00 [ 1275.616930][T19397] CPU: 1 PID: 19397 Comm: syz.3.5758 Not tainted syzkaller #0 [ 1275.624394][T19397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1275.634427][T19397] Call Trace: [ 1275.637682][T19397] [ 1275.640588][T19397] __dump_stack+0x21/0x24 [ 1275.644890][T19397] dump_stack_lvl+0xee/0x150 [ 1275.649455][T19397] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1275.654460][T19397] ? stack_trace_save+0x98/0xe0 [ 1275.659315][T19397] dump_stack+0x15/0x24 [ 1275.663451][T19397] should_fail_ex+0x3d4/0x520 [ 1275.668107][T19397] __should_failslab+0xac/0xf0 [ 1275.672861][T19397] should_failslab+0x9/0x20 [ 1275.677435][T19397] kmem_cache_alloc_node+0x42/0x340 [ 1275.682637][T19397] ? dup_task_struct+0x5a/0x790 [ 1275.687494][T19397] dup_task_struct+0x5a/0x790 [ 1275.692176][T19397] ? __kasan_check_write+0x14/0x20 [ 1275.697296][T19397] ? recalc_sigpending+0x168/0x1c0 [ 1275.702404][T19397] copy_process+0x5b8/0x3480 [ 1275.706999][T19397] ? __cfi_kstrtouint_from_user+0x10/0x10 [ 1275.712723][T19397] ? __kasan_check_write+0x14/0x20 [ 1275.717840][T19397] ? idle_dummy+0x10/0x10 [ 1275.722187][T19397] kernel_clone+0x23a/0x810 [ 1275.726682][T19397] ? __cfi_kernel_clone+0x10/0x10 [ 1275.731694][T19397] ? __kasan_check_write+0x14/0x20 [ 1275.736798][T19397] ? mutex_unlock+0x89/0x220 [ 1275.741374][T19397] __x64_sys_clone+0x168/0x1b0 [ 1275.746121][T19397] ? __cfi___x64_sys_clone+0x10/0x10 [ 1275.751389][T19397] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 1275.757435][T19397] x64_sys_call+0x990/0x9a0 [ 1275.761922][T19397] do_syscall_64+0x4c/0xa0 [ 1275.766315][T19397] ? clear_bhb_loop+0x30/0x80 [ 1275.770969][T19397] ? clear_bhb_loop+0x30/0x80 [ 1275.775624][T19397] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1275.781493][T19397] RIP: 0033:0x7f98d1b8ebe9 [ 1275.785883][T19397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1275.805473][T19397] RSP: 002b:00007f98d2a79fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1275.813865][T19397] RAX: ffffffffffffffda RBX: 00007f98d1dc5fa0 RCX: 00007f98d1b8ebe9 [ 1275.821815][T19397] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000400 [ 1275.829767][T19397] RBP: 00007f98d2a7a090 R08: 0000000000000000 R09: 0000000000000000 [ 1275.837733][T19397] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 1275.845699][T19397] R13: 00007f98d1dc6038 R14: 00007f98d1dc5fa0 R15: 00007ffec2bbc138 [ 1275.853652][T19397] [ 1275.884184][ T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1275.947850][ T39] usb 3-1: config 0 descriptor?? [ 1275.954351][ T39] usb 3-1: can't set config #0, error -71 [ 1275.962889][ T39] usb 3-1: USB disconnect, device number 86 [ 1276.466764][T19409] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5761'. [ 1276.482010][T19409] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5761'. [ 1276.894081][ T39] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 1277.007072][T19444] FAULT_INJECTION: forcing a failure. [ 1277.007072][T19444] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1277.020726][T19444] CPU: 1 PID: 19444 Comm: syz.2.5771 Not tainted syzkaller #0 [ 1277.028187][T19444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1277.038221][T19444] Call Trace: [ 1277.041472][T19444] [ 1277.044376][T19444] __dump_stack+0x21/0x24 [ 1277.048678][T19444] dump_stack_lvl+0xee/0x150 [ 1277.053242][T19444] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1277.058255][T19444] ? tracing_record_taskinfo_sched_switch+0x80/0x3a0 [ 1277.064903][T19444] ? probe_sched_switch+0x63/0x90 [ 1277.069909][T19444] dump_stack+0x15/0x24 [ 1277.074052][T19444] should_fail_ex+0x3d4/0x520 [ 1277.078720][T19444] should_fail+0xb/0x10 [ 1277.082854][T19444] should_fail_usercopy+0x1a/0x20 [ 1277.087856][T19444] _copy_from_user+0x1e/0xc0 [ 1277.092419][T19444] ___sys_sendmsg+0x155/0x290 [ 1277.097085][T19444] ? __sys_sendmsg+0x270/0x270 [ 1277.101831][T19444] ? __fdget+0x19c/0x220 [ 1277.106048][T19444] __x64_sys_sendmsg+0x1f0/0x2c0 [ 1277.110952][T19444] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 1277.116382][T19444] ? __kasan_check_write+0x14/0x20 [ 1277.121473][T19444] ? fpregs_restore_userregs+0x128/0x260 [ 1277.127078][T19444] ? switch_fpu_return+0xe/0x10 [ 1277.131919][T19444] x64_sys_call+0x171/0x9a0 [ 1277.136392][T19444] do_syscall_64+0x4c/0xa0 [ 1277.140782][T19444] ? clear_bhb_loop+0x30/0x80 [ 1277.145432][T19444] ? clear_bhb_loop+0x30/0x80 [ 1277.150079][T19444] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1277.155942][T19444] RIP: 0033:0x7fb6a3d8ebe9 [ 1277.160327][T19444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1277.179903][T19444] RSP: 002b:00007fb6a27f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1277.188285][T19444] RAX: ffffffffffffffda RBX: 00007fb6a3fc6180 RCX: 00007fb6a3d8ebe9 [ 1277.196227][T19444] RDX: 0000000004000054 RSI: 0000200000000480 RDI: 000000000000000a [ 1277.204168][T19444] RBP: 00007fb6a27f7090 R08: 0000000000000000 R09: 0000000000000000 [ 1277.212110][T19444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1277.220062][T19444] R13: 00007fb6a3fc6218 R14: 00007fb6a3fc6180 R15: 00007ffc59d1f7d8 [ 1277.228098][T19444] [ 1277.255371][ T39] usb 5-1: Using ep0 maxpacket: 16 [ 1277.289802][ T39] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 1277.300257][ T39] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 1277.309870][ T39] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1277.317865][ T39] usb 5-1: Product: syz [ 1277.322011][ T39] usb 5-1: Manufacturer: syz [ 1277.326609][ T39] usb 5-1: SerialNumber: syz [ 1277.332095][ T39] usb 5-1: config 0 descriptor?? [ 1277.337970][ T39] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 1277.345886][ T39] usb 5-1: Detected FT232R [ 1277.374007][ T336] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 1277.412629][ T28] audit: type=1400 audit(1756863056.596:597): avc: denied { append } for pid=19448 comm="syz.1.5774" name="001" dev="devtmpfs" ino=185 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 1277.564050][ T336] usb 4-1: Using ep0 maxpacket: 32 [ 1277.572547][ T336] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1277.590185][ T336] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1277.602873][ T336] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1277.615868][ T336] usb 4-1: New USB device found, idVendor=056a, idProduct=0307, bcdDevice= 0.00 [ 1277.625070][ T336] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1277.637938][ T336] usb 4-1: config 0 descriptor?? [ 1277.650377][ T39] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1277.670487][ T39] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1277.688089][ T39] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71 [ 1277.750641][ T39] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1277.766568][ T39] usb 5-1: USB disconnect, device number 93 [ 1277.773171][ T39] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1277.782735][ T39] ftdi_sio 5-1:0.0: device disconnected [ 1280.134331][ T336] usb 4-1: string descriptor 0 read error: -71 [ 1280.142478][ T336] usbhid 4-1:0.0: can't add hid device: -71 [ 1280.148703][ T336] usbhid: probe of 4-1:0.0 failed with error -71 [ 1280.155983][ T336] usb 4-1: USB disconnect, device number 65 [ 1280.237067][T19502] FAULT_INJECTION: forcing a failure. [ 1280.237067][T19502] name failslab, interval 1, probability 0, space 0, times 0 [ 1280.249760][T19502] CPU: 0 PID: 19502 Comm: syz.4.5789 Not tainted syzkaller #0 [ 1280.257228][T19502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1280.267280][T19502] Call Trace: [ 1280.270553][T19502] [ 1280.273476][T19502] __dump_stack+0x21/0x24 [ 1280.277802][T19502] dump_stack_lvl+0xee/0x150 [ 1280.282389][T19502] ? __cfi_dump_stack_lvl+0x8/0x8 [ 1280.287414][T19502] ? stack_trace_save+0x98/0xe0 [ 1280.292260][T19502] dump_stack+0x15/0x24 [ 1280.296411][T19502] should_fail_ex+0x3d4/0x520 [ 1280.301091][T19502] __should_failslab+0xac/0xf0 [ 1280.305853][T19502] should_failslab+0x9/0x20 [ 1280.310348][T19502] kmem_cache_alloc_node+0x42/0x340 [ 1280.315537][T19502] ? dup_task_struct+0x5a/0x790 [ 1280.320826][T19502] dup_task_struct+0x5a/0x790 [ 1280.325494][T19502] ? __kasan_check_write+0x14/0x20 [ 1280.330589][T19502] ? recalc_sigpending+0x168/0x1c0 [ 1280.335690][T19502] copy_process+0x5b8/0x3480 [ 1280.340263][T19502] ? __cfi_kstrtouint_from_user+0x10/0x10 [ 1280.345983][T19502] ? __kasan_check_write+0x14/0x20 [ 1280.351100][T19502] ? idle_dummy+0x10/0x10 [ 1280.355413][T19502] kernel_clone+0x23a/0x810 [ 1280.359897][T19502] ? __cfi_kernel_clone+0x10/0x10 [ 1280.364938][T19502] ? __kasan_check_write+0x14/0x20 [ 1280.370069][T19502] ? mutex_unlock+0x89/0x220 [ 1280.374651][T19502] __x64_sys_clone+0x168/0x1b0 [ 1280.379407][T19502] ? __cfi___x64_sys_clone+0x10/0x10 [ 1280.384681][T19502] ? fpregs_assert_state_consistent+0xb1/0xe0 [ 1280.390735][T19502] x64_sys_call+0x990/0x9a0 [ 1280.395219][T19502] do_syscall_64+0x4c/0xa0 [ 1280.399621][T19502] ? clear_bhb_loop+0x30/0x80 [ 1280.404292][T19502] ? clear_bhb_loop+0x30/0x80 [ 1280.408954][T19502] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1280.414829][T19502] RIP: 0033:0x7f5e7118ebe9 [ 1280.419229][T19502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1280.438825][T19502] RSP: 002b:00007f5e71f8ffe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1280.447225][T19502] RAX: ffffffffffffffda RBX: 00007f5e713c5fa0 RCX: 00007f5e7118ebe9 [ 1280.455177][T19502] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000400 [ 1280.463129][T19502] RBP: 00007f5e71f90090 R08: 0000000000000000 R09: 0000000000000000 [ 1280.471077][T19502] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 1280.479024][T19502] R13: 00007f5e713c6038 R14: 00007f5e713c5fa0 R15: 00007fffd16b0bc8 [ 1280.486996][T19502] [ 1381.183905][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1381.190896][ C0] (detected by 0, t=10002 jiffies, g=106621, q=129 ncpus=2) [ 1381.198262][ C0] rcu: All QSes seen, last rcu_preempt kthread activity 10002 (4295075335-4295065333), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 1381.211616][ C0] rcu: rcu_preempt kthread starved for 10002 jiffies! g106621 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 1381.222898][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 1381.232868][ C0] rcu: RCU grace-period kthread stack dump: [ 1381.238747][ C0] task:rcu_preempt state:R running task stack:28064 pid:14 ppid:2 flags:0x00004000 [ 1381.249527][ C0] Call Trace: [ 1381.252813][ C0] [ 1381.255739][ C0] __schedule+0xb87/0x14e0 [ 1381.260162][ C0] ? release_firmware_map_entry+0x194/0x194 [ 1381.266044][ C0] ? __mod_timer+0x7ae/0xb30 [ 1381.270646][ C0] schedule+0xbd/0x170 [ 1381.274721][ C0] schedule_timeout+0x12c/0x2e0 [ 1381.279572][ C0] ? __cfi_schedule_timeout+0x10/0x10 [ 1381.284948][ C0] ? __cfi_process_timeout+0x10/0x10 [ 1381.290233][ C0] ? prepare_to_swait_event+0x308/0x320 [ 1381.295791][ C0] rcu_gp_fqs_loop+0x2d8/0x10a0 [ 1381.300827][ C0] ? rcu_gp_init+0xf10/0xf10 [ 1381.305419][ C0] rcu_gp_kthread+0x95/0x370 [ 1381.310013][ C0] ? __cfi_rcu_gp_kthread+0x10/0x10 [ 1381.315212][ C0] ? __kasan_check_read+0x11/0x20 [ 1381.320233][ C0] ? __kthread_parkme+0x142/0x180 [ 1381.325251][ C0] kthread+0x281/0x320 [ 1381.329315][ C0] ? __cfi_rcu_gp_kthread+0x10/0x10 [ 1381.334512][ C0] ? __cfi_kthread+0x10/0x10 [ 1381.339093][ C0] ret_from_fork+0x1f/0x30 [ 1381.343504][ C0] [ 1381.346514][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 1381.352823][ C0] Sending NMI from CPU 0 to CPUs 1: [ 1381.358014][ C1] NMI backtrace for cpu 1 [ 1381.358023][ C1] CPU: 1 PID: 19507 Comm: syz.4.5794 Not tainted syzkaller #0 [ 1381.358038][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1381.358047][ C1] RIP: 0010:x2apic_send_IPI+0x73/0xd0 [ 1381.358073][ C1] Code: f0 48 c1 e8 03 42 0f b6 04 20 84 c0 75 40 41 0f b7 16 0f ae f0 0f ae e8 83 fb 02 b8 00 04 00 00 0f 45 c3 b9 30 08 00 00 0f 30 <66> 90 5b 41 5c 41 5e 41 5f 5d c3 89 fe 41 89 fe 48 c7 c7 a0 9e ed [ 1381.358086][ C1] RSP: 0018:ffffc900001b0b50 EFLAGS: 00000002 [ 1381.358099][ C1] RAX: 00000000000000fd RBX: 00000000000000fd RCX: 0000000000000830 [ 1381.358110][ C1] RDX: 0000000000000000 RSI: 00000000000000fd RDI: 0000000000000000 [ 1381.358119][ C1] RBP: ffffc900001b0b70 R08: dffffc0000000000 R09: fffffbfff0ee4b9e [ 1381.358131][ C1] R10: 0000000000000000 R11: ffffffff81342170 R12: dffffc0000000000 [ 1381.358141][ C1] R13: dffffc0000000000 R14: ffff8881f7021170 R15: ffffffff864929a0 [ 1381.358153][ C1] FS: 00007f5e71f906c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 1381.358166][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1381.358177][ C1] CR2: 000000110c28d58b CR3: 0000000122f01000 CR4: 00000000003506a0 [ 1381.358191][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1381.358200][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1381.358210][ C1] Call Trace: [ 1381.358214][ C1] [ 1381.358220][ C1] native_smp_send_reschedule+0x93/0xb0 [ 1381.358243][ C1] kick_process+0xe4/0x160 [ 1381.358260][ C1] complete_signal+0x851/0xe00 [ 1381.358282][ C1] ? prepare_signal+0xac0/0xac0 [ 1381.358302][ C1] __send_signal_locked+0x85c/0xb70 [ 1381.358320][ C1] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 1381.358343][ C1] send_signal_locked+0x422/0x580 [ 1381.358362][ C1] do_send_sig_info+0xd6/0x210 [ 1381.358379][ C1] group_send_sig_info+0x118/0x2b0 [ 1381.358397][ C1] ? __cfi_group_send_sig_info+0x10/0x10 [ 1381.358417][ C1] do_bpf_send_signal+0x82/0x150 [ 1381.358439][ C1] irq_work_run_list+0x18b/0x2b0 [ 1381.358457][ C1] ? irq_work_run+0xf0/0xf0 [ 1381.358475][ C1] irq_work_run+0x6a/0xf0 [ 1381.358491][ C1] __sysvec_irq_work+0x75/0x1c0 [ 1381.358511][ C1] sysvec_irq_work+0xa1/0xc0 [ 1381.358528][ C1] [ 1381.358533][ C1] [ 1381.358538][ C1] asm_sysvec_irq_work+0x1b/0x20 [ 1381.358554][ C1] RIP: 0010:native_apic_msr_write+0x39/0x50 [ 1381.358576][ C1] Code: 74 05 83 ff 30 75 12 5d c3 81 ff d0 00 00 00 74 f6 81 ff e0 00 00 00 74 ee c1 ef 04 81 c7 00 08 00 00 89 f9 89 f0 31 d2 0f 30 <66> 90 eb d9 89 f6 31 d2 e8 7a d6 56 01 5d c3 0f 1f 84 00 00 00 00 [ 1381.358588][ C1] RSP: 0018:ffffc90008e1fc20 EFLAGS: 00000246 [ 1381.358599][ C1] RAX: 00000000000000f6 RBX: 00000000000000f6 RCX: 000000000000083f [ 1381.358608][ C1] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f [ 1381.358617][ C1] RBP: ffffc90008e1fc20 R08: dffffc0000000000 R09: fffff520011c3f81 [ 1381.358627][ C1] R10: 0000000000000000 R11: ffffffff81342080 R12: 0000000000000000 [ 1381.358637][ C1] R13: dffffc0000000001 R14: ffffffff86492b60 R15: dffffc0000000000 [ 1381.358649][ C1] ? __cfi_native_apic_msr_write+0x10/0x10 [ 1381.358671][ C1] x2apic_send_IPI_self+0x6f/0x80 [ 1381.358690][ C1] arch_irq_work_raise+0x98/0xf0 [ 1381.358710][ C1] __irq_work_queue_local+0x115/0x190 [ 1381.358728][ C1] irq_work_queue+0x9e/0x150 [ 1381.358745][ C1] bpf_send_signal_common+0x2b2/0x420 [ 1381.358766][ C1] ? __set_printk_clr_event+0x80/0x80 [ 1381.358788][ C1] bpf_send_signal+0x19/0x20 [ 1381.358804][ C1] bpf_prog_7ba5217f62dcd359+0x38/0x3c [ 1381.358819][ C1] bpf_trace_run2+0xff/0x250 [ 1381.358838][ C1] ? __cfi_bpf_trace_run2+0x10/0x10 [ 1381.358864][ C1] __bpf_trace_sys_enter+0x62/0x70 [ 1381.358879][ C1] trace_sys_enter+0x3d/0x50 [ 1381.358893][ C1] syscall_trace_enter+0xf3/0x150 [ 1381.358908][ C1] syscall_enter_from_user_mode+0x1f/0x30 [ 1381.358926][ C1] do_syscall_64+0x24/0xa0 [ 1381.358938][ C1] ? clear_bhb_loop+0x30/0x80 [ 1381.358955][ C1] ? clear_bhb_loop+0x30/0x80 [ 1381.358972][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1381.358988][ C1] RIP: 0033:0x7f5e7112adb9 [ 1381.358998][ C1] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 1381.359010][ C1] RSP: 002b:00007f5e71f8fb40 EFLAGS: 00000246 ORIG_RAX: 000000000000000f [ 1381.359024][ C1] RAX: ffffffffffffffda RBX: 00007f5e713c5fa8 RCX: 00007f5e7112adb9 [ 1381.359034][ C1] RDX: 00007f5e71f8fb40 RSI: 00007f5e71f8fc70 RDI: 0000000000000011 [ 1381.359045][ C1] RBP: 00007f5e713c5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1381.359054][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1381.359063][ C1] R13: 00007f5e713c6038 R14: 00007fffd16b0ae0 R15: 00007fffd16b0bc8 [ 1381.359076][ C1] [ 1575.673860][ C0] BUG: workqueue lockup - pool cpus=0 node=0 flags=0x0 nice=0 stuck for 294s! [ 1575.683416][ C0] BUG: workqueue lockup - pool cpus=1 node=0 flags=0x0 nice=0 stuck for 294s! [ 1575.692401][ C0] Showing busy workqueues and worker pools: [ 1575.698337][ C0] workqueue events: flags=0x0 [ 1575.703116][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=3/256 refcnt=4 [ 1575.703164][ C0] pending: kfree_rcu_monitor, rht_deferred_worker, rht_deferred_worker [ 1575.703229][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=9/256 refcnt=10 [ 1575.703265][ C0] pending: free_work, psi_avgs_work, vmstat_shepherd, kfree_rcu_monitor, rht_deferred_worker, rht_deferred_worker, rht_deferred_worker, rht_deferred_worker, rht_deferred_worker [ 1575.703400][ C0] workqueue events_long: flags=0x0 [ 1575.750374][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=36/256 refcnt=37 [ 1575.750424][ C0] pending: br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_multicast_gc_work, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_multicast_gc_work, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup, br_fdb_cleanup [ 1575.750948][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=16/256 refcnt=17 [ 1575.750986][ C0] pending: br_fdb_cleanup, br_multicast_gc_work, br_multicast_gc_work, br_multicast_gc_work, br_multicast_gc_work, br_multicast_gc_work, br_multicast_gc_work, br_multicast_gc_work, br_multicast_gc_work, br_multicast_gc_work, br_multicast_gc_work, br_multicast_gc_work, br_multicast_gc_work, br_fdb_cleanup, br_multicast_gc_work, br_fdb_cleanup [ 1575.751241][ C0] workqueue events_unbound: flags=0x2 [ 1575.860053][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=2/512 refcnt=4 [ 1575.860095][ C0] pending: toggle_allocation_gate, flush_memcg_stats_dwork [ 1575.860143][ C0] workqueue events_power_efficient: flags=0x80 [ 1575.881059][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=5/256 refcnt=6 [ 1575.881107][ C0] pending: neigh_managed_work, neigh_managed_work, neigh_periodic_work, neigh_periodic_work, check_lifetime [ 1575.881209][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=3/256 refcnt=4 [ 1575.881243][ C0] pending: wg_ratelimiter_gc_entries, gc_worker, reg_check_chans_work [ 1575.881310][ C0] workqueue mm_percpu_wq: flags=0x8 [ 1575.922401][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1575.922445][ C0] pending: vmstat_update [ 1575.922483][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1575.922516][ C0] pending: vmstat_update [ 1575.922549][ C0] workqueue writeback: flags=0x4a [ 1575.951967][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3 [ 1575.952006][ C0] pending: wb_workfn [ 1575.952128][ C0] workqueue dm_bufio_cache: flags=0x8 [ 1575.969141][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1575.969195][ C0] pending: work_fn [ 1575.969236][ C0] workqueue ipv6_addrconf: flags=0x40008 [ 1575.986736][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/1 refcnt=2 [ 1575.986779][ C0] pending: addrconf_verify_work [ 1575.986815][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/1 refcnt=6 [ 1575.986851][ C0] pending: addrconf_verify_work [ 1575.986881][ C0] inactive: addrconf_verify_work, addrconf_verify_work, addrconf_verify_work, addrconf_verify_work [ 1575.986975][ C0] workqueue wg-kex-wg2: flags=0x6 [ 1576.028461][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=2/256 refcnt=4 [ 1576.028502][ C0] pending: wg_packet_handshake_send_worker, wg_packet_handshake_send_worker [ 1576.028546][ C0] workqueue wg-crypt-wg0: flags=0x28 [ 1576.050025][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.050068][ C0] pending: wg_packet_encrypt_worker [ 1576.050106][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.050139][ C0] pending: wg_packet_encrypt_worker [ 1576.050166][ C0] workqueue wg-crypt-wg1: flags=0x28 [ 1576.081885][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.081928][ C0] pending: wg_packet_encrypt_worker [ 1576.081963][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.081998][ C0] pending: wg_packet_encrypt_worker [ 1576.082025][ C0] workqueue wg-crypt-wg2: flags=0x28 [ 1576.113830][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.113872][ C0] pending: wg_packet_encrypt_worker [ 1576.113906][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.113940][ C0] pending: wg_packet_encrypt_worker [ 1576.113968][ C0] workqueue wg-crypt-wg0: flags=0x28 [ 1576.145643][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.145684][ C0] pending: wg_packet_encrypt_worker [ 1576.145720][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.145755][ C0] pending: wg_packet_encrypt_worker [ 1576.145782][ C0] workqueue wg-crypt-wg1: flags=0x28 [ 1576.177558][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.177602][ C0] pending: wg_packet_encrypt_worker [ 1576.177636][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.177671][ C0] pending: wg_packet_encrypt_worker [ 1576.177698][ C0] workqueue wg-crypt-wg2: flags=0x28 [ 1576.209454][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.209498][ C0] pending: wg_packet_encrypt_worker [ 1576.209532][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.209569][ C0] pending: wg_packet_encrypt_worker [ 1576.209595][ C0] workqueue wg-kex-wg0: flags=0x6 [ 1576.241200][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3 [ 1576.241243][ C0] pending: wg_packet_handshake_send_worker [ 1576.241273][ C0] workqueue wg-crypt-wg0: flags=0x28 [ 1576.259887][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.259931][ C0] pending: wg_packet_encrypt_worker [ 1576.259969][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.260003][ C0] pending: wg_packet_encrypt_worker [ 1576.260031][ C0] workqueue wg-kex-wg1: flags=0x6 [ 1576.291523][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3 [ 1576.291568][ C0] pending: wg_packet_handshake_send_worker [ 1576.291598][ C0] workqueue wg-crypt-wg1: flags=0x28 [ 1576.310407][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.310451][ C0] pending: wg_packet_encrypt_worker [ 1576.310485][ C0] workqueue wg-kex-wg2: flags=0x6 [ 1576.328691][ C0] pwq 4: cpus=0-1 flags=0x4 nice=0 active=1/256 refcnt=3 [ 1576.328731][ C0] pending: wg_packet_handshake_send_worker [ 1576.328758][ C0] workqueue wg-crypt-wg2: flags=0x28 [ 1576.347423][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.347466][ C0] pending: wg_packet_encrypt_worker [ 1576.347501][ C0] workqueue wg-crypt-wg0: flags=0x28 [ 1576.366106][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.366149][ C0] pending: wg_packet_encrypt_worker [ 1576.366184][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.366218][ C0] pending: wg_packet_encrypt_worker [ 1576.366245][ C0] workqueue wg-crypt-wg1: flags=0x28 [ 1576.397870][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.397917][ C0] pending: wg_packet_encrypt_worker [ 1576.397951][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.397988][ C0] pending: wg_packet_encrypt_worker [ 1576.398013][ C0] workqueue wg-crypt-wg2: flags=0x28 [ 1576.429757][ C0] pwq 2: cpus=1 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.429804][ C0] pending: wg_packet_encrypt_worker [ 1576.429842][ C0] pwq 0: cpus=0 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 [ 1576.429878][ C0] pending: wg_packet_encrypt_worker