last executing test programs: 10m31.21050588s ago: executing program 1 (id=295): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000140)={0x0, 0x9}, &(0x7f0000000200)=0x8) 10m31.112925372s ago: executing program 1 (id=296): setfsuid(0xee00) pipe(&(0x7f0000000d00)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) splice(r0, 0x0, r1, 0x0, 0x7151, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000400)='task\x00') fchdir(r3) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f00000002c0)='proc\x00', 0x0, 0x0) syz_open_procfs(r2, 0x0) 10m30.274989469s ago: executing program 1 (id=307): socket$nl_netfilter(0x10, 0x3, 0xc) syz_io_uring_setup(0x88b, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x80000) bind(r0, 0x0, 0x0) dup(0xffffffffffffffff) ioctl$sock_SIOCOUTQNSD(r0, 0x894b, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00'}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prctl$PR_SET_IO_FLUSHER(0x39, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) mbind(&(0x7f0000d75000/0x1000)=nil, 0x1000, 0x3, 0x0, 0x3, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 10m30.04325534s ago: executing program 1 (id=309): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='proc\x00', 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newtaction={0x204, 0x30, 0x1, 0x0, 0x0, {}, [{0x1f0, 0x1, [@m_simple={0x1a4, 0x5, 0x0, 0x0, {{0xb}, {0xfffffffffffffce8, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0xe4, 0x8749, 0x2, 0x5, 0x400}}, @TCA_DEF_PARMS={0x18, 0x2, {0x51b8, 0x1, 0xfffffffffffffff5, 0x2, 0x34}}, @TCA_DEF_DATA={0x6, 0x3, '#\x00'}, @TCA_DEF_DATA={0xe, 0x3, ')[{\',j.&-\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x400, 0x9, 0x0, 0x4, 0xa67c}}, @TCA_DEF_DATA={0x9, 0x3, 'proc\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x4c7c, 0xfffffffe, 0x4, 0x0, 0x7}}]}, {0xf1, 0x6, "c0f7a8b83d9688e82f74545cddcfc4e45a597454863ee11eb38413323561f95ebe75c82ab627d9c6faa7dcde6513b4666ff1cb0fffe17c9ab5005f490cf8fafc50cfcd0877e3d61bb670f0e6718cf06eb0647179dfbc7f79535f66fd429919d529ed2a8a852f4336443cfe4344eebfa6702861f31f73cc13cf2d00e0be361cbb2680d0f056e59ac85eb5776513a72f9c08c351577ec728dc568b42f164a0520fae9b04b662ea645597f22f9937bf6235067bcba5b0c118a9fc18ec5c7bf056f3e53502b677fb768d3a4c15d616e5d74d555a65e51bf7f4c1e9d7ce2540c36628b2b5ae3e3e2b00ab4071eabb56"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x6}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x204}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000067000/0x1000)=nil, 0x1000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000840)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@private1, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x80}, {}, {0x0, 0x0, 0x7b}}}, 0xb8}, 0x1, 0x0, 0x0, 0xc090}, 0x0) sendmmsg$unix(r3, &(0x7f0000000000), 0x0, 0xc0c0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ppoll(0x0, 0x0, &(0x7f0000000100)={0x0, 0x3938700}, 0x0, 0x0) ioctl$TIOCSSOFTCAR(r5, 0x5453, 0x0) r6 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0xffffff06, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c064001000009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r7, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r7, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) 10m28.966952601s ago: executing program 1 (id=317): socket$nl_netfilter(0x10, 0x3, 0xc) syz_io_uring_setup(0x88b, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x80000) bind(r0, 0x0, 0x0) dup(0xffffffffffffffff) ioctl$sock_SIOCOUTQNSD(r0, 0x894b, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prctl$PR_SET_IO_FLUSHER(0x39, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) mbind(&(0x7f0000d75000/0x1000)=nil, 0x1000, 0x3, 0x0, 0x3, 0x1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 10m28.723502535s ago: executing program 1 (id=319): r0 = landlock_create_ruleset(&(0x7f0000000140)={0x0, 0x2}, 0x18, 0x0) r1 = landlock_create_ruleset(0x0, 0x0, 0x0) landlock_restrict_self(r1, 0x0) r2 = open(&(0x7f0000000280)='.\x00', 0x141080, 0x0) landlock_restrict_self(r0, 0x0) fcntl$notify(r2, 0x402, 0x8000003d) landlock_restrict_self(r1, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 10m28.669372329s ago: executing program 32 (id=319): r0 = landlock_create_ruleset(&(0x7f0000000140)={0x0, 0x2}, 0x18, 0x0) r1 = landlock_create_ruleset(0x0, 0x0, 0x0) landlock_restrict_self(r1, 0x0) r2 = open(&(0x7f0000000280)='.\x00', 0x141080, 0x0) landlock_restrict_self(r0, 0x0) fcntl$notify(r2, 0x402, 0x8000003d) landlock_restrict_self(r1, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 21.237299526s ago: executing program 3 (id=3786): symlink(&(0x7f0000000300)='./file1\x00', &(0x7f0000000340)='./file1\x00') socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1001, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000440)=0x2) clock_nanosleep(0x8, 0x0, &(0x7f0000000280), 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}]}]}], {0x14}}, 0x88}, 0x1, 0x0, 0x0, 0x400c041}, 0x0) 20.988613305s ago: executing program 4 (id=3788): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000700)={"ce85bf2fb3cd8f0e18f44494adfd754252f57b44e3463dfcb57b5aa2b43cd438723b695eec6b442606838fcc7114ee6e137328f81af34923eb4829d751fe67819c96419effe8f53ecc9abb1c638d0daf743cf4f42698c10d497e714371c2c78b293c2e33df72ca75c4f998b90a473868c98f53ed8f448286b859d15f97b4b6802e87f2170db785ac72fbc40e3ca4684e282864a612c553ebd1ca1948bfea0769e283fa6ed8e2216714062bcf9059e36c3697dd9aee5af04c32980b53ea45e5cf150d3442ba0e58aacdfdeb14d6a20bed8351e1f2b17abdb988f50fbf4074f815d68745a04f2e7ac4212ab17a2872ad028e133aa42778e459ab306a7b6b1cef1f7facf93ddfc3f93908f1b21a13217f02d020f45649159822d69c818682368f0e59316563717a71fcf3c65c496d766a7d7fa6840377e9e93d46f322c1d36fd5275d97da2d9f5eeaee4cdd98e9d0c911ba7b21e47766397360658f815eff477dd353f82cb463aa5e1b9fc305d21e07e657de987152fd9372f4225a5b1231c4b680c9b8918bc5b10786c1660eb829c5f1096f7c4270dcef52c9ad70a3dd9b80e32d0a2c45a6a469e28fa75a064cdaae3e59099df9c3e384e6927ebf0f84df459d179410ce200dc8d9452923b32c67a5165c78a0b382aa9c2755e83834be0b88fbdeffb4841192d5c9480dfd52aaad7c928f601ebf48523775c20399fbaa5b6d83e5add38fea61e11491496e164b09fbffeab88f9329bc4526a076377a4d0a47ea223e1660e9dcbf562e505914b6ca6d978d84162fa5895299eb8fb8eaec40808fe6eb449333f62ac02b8bece9c708971d1d1cb6dffe416c2c6fae7c906678dfe105ff10cfe1eda88c69dcaa73c89cfcfdf92ef6ad69889b1d9984feb026fae4523f0e3d087978b127cc272033c9f3f1b0ac7e0ed4f3cfeb3e60b691478d9fb01b4158d22d1f64698d076aa830586aff206b3e65772b0d189e770ea239689638d0d935aef9ab8c167819cb17ad67a7e8fd5d658f4f929efa834be01e2644e36ab7c13930499a50ad46716274d62407635b97d6e6c19b1226451294b5e575135a8c972a739e89c92f698b043ed9b97d8b6d7e44522d462a54c10190eecb15f7edd14e3815eff39d614b50f015356e731f0812649979de235f19552bc2826e1533135fee831df925e9baabdb846b5bf66855e3f8b751ca16f3bec23aa634606196a388f8e1b126f36618f685cb62065d30f6fe2b0a562a94591ee3fa981160e1481ee781c371cc7ee8c928f77b4e6d9b73fa3bfc479060ce1f4f0b68fd21d068d50e29c84bc2af8328817bcc3293afe6c78d4ee87c835097b383169d8017ef12eabd7ff4f91701088ace6da8a31c05e729aade819777203973c20f6c1611f8adb2ac10d22795c125db94b18cf900"}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x8400ae8e, &(0x7f0000000140)=@x86={0xff, 0x0, 0x0, 0x0, 0xfffffff7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd8}) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000501c0007800c00"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000003e000701fe040042800ce243a86ef8420d250c716a3c554ddc00018006000600800a0000200002801c000b801800"/60], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) ioctl$BTRFS_IOC_DEFRAG(r1, 0x50009402, 0x0) 20.687927326s ago: executing program 4 (id=3789): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0xee) ioctl$UI_DEV_CREATE(r0, 0x5501) 20.687416322s ago: executing program 4 (id=3790): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f000001aa80)=ANY=[@ANYBLOB='permprofile &'], 0xff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x1, 0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="3c010000100000030300000000000000ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000a033000000", @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000000000000000000000330000007f0000010000000000000000000000000000000000000000010000000000000000000000000000005b40000000000000fcffffffffffffff0000000000000000f30d0000000000000000000000000000000010000000000000000000000000000020005d570400000000000000320000000000feff03ff000000000000000025bd700000000000020002e8020000004800010073686132353600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c55c0000000000000000000000000000050019006c000000"], 0x13c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r6 = dup(r5) write$6lowpan_enable(r6, 0x0, 0x0) ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x0, 0x80600}) r7 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$SO_BINDTODEVICE_wg(r7, 0x1, 0x19, 0x0, 0x0) sendto$inet(r7, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0) unshare(0x40020000) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4004, 0x7, &(0x7f0000006680)) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x42) 20.350880691s ago: executing program 3 (id=3791): mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) r0 = openat$cgroup_root(0xffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='mpol=prefer:0']) close(r0) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') 20.277815229s ago: executing program 3 (id=3792): symlink(&(0x7f0000000300)='./file1\x00', &(0x7f0000000340)='./file1\x00') socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1001, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000440)=0x2) clock_nanosleep(0x8, 0x0, &(0x7f0000000280), 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}]}]}], {0x14}}, 0x88}, 0x1, 0x0, 0x0, 0x400c041}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9}) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="184c09061092c096854e92dcc38c0000007800010600000000000000000700000007000000"], 0x18}], 0x1}, 0x0) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r3, 0x100000) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001580)={&(0x7f0000000480)=ANY=[@ANYBLOB="5c000062000000000000000000000000080000000900020073797a320000000005000100070000dd14000300686173683a69702c706f03e22c72742c6e657400000000050005000a0000080c00d4e108000640000000000500040000000000"], 0x5c}}, 0x0) getpid() socket$inet_tcp(0x2, 0x1, 0x0) 19.873826409s ago: executing program 2 (id=3793): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f000001aa80)=ANY=[@ANYBLOB='permprofile &'], 0xff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x1, 0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="3c010000100000030300000000000000ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000a033000000", @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000000000000000000000330000007f0000010000000000000000000000000000000000000000010000000000000000000000000000005b40000000000000fcffffffffffffff0000000000000000f30d0000000000000000000000000000000010000000000000000000000000000020005d570400000000000000320000000000feff03ff000000000000000025bd700000000000020002e8020000004800010073686132353600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c55c0000000000000000000000000000050019006c000000"], 0x13c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r6 = dup(r5) ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x0, 0x80600}) r7 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$SO_BINDTODEVICE_wg(r7, 0x1, 0x19, 0x0, 0x0) unshare(0x40020000) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4004, 0x7, &(0x7f0000006680)) 19.70408933s ago: executing program 4 (id=3794): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x80002, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x1a, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f00000000c0)=0x3) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x2def, 0x2e0e, 0x0, 0x0, 0xffffffffffffffa2) mkdirat(r1, 0x0, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r3, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) syz_usb_connect(0x2, 0x24, 0x0, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0) ioctl$DRM_IOCTL_RM_MAP(r1, 0x4028641b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x2000)=nil}) r5 = dup(r4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r5, 0x0) r6 = fsopen(&(0x7f0000000240)='xfs\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r6, 0x2, &(0x7f0000000080)='disBard', &(0x7f0000000200)='\x00', 0x1) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) madvise(&(0x7f0000b90000/0x3000)=nil, 0x3000, 0x19) r7 = syz_clone(0x85240000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_emit_vhci(0x0, 0xd) ptrace(0x10, r7) mmap$IORING_OFF_SQ_RING(&(0x7f000062a000/0x1000)=nil, 0x1000, 0x1000000, 0x12, r5, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@newtaction={0x3f4, 0x30, 0x100, 0x70bd29, 0x25dfdbfe, {}, [{0x3e0, 0x1, [@m_skbedit={0x1f0, 0x17, 0x0, 0x0, {{0xc}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x23}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0xffd4}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x1}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x6, 0xb, 0x0, 0xffff, 0xffffffff}}]}, {0x191, 0x6, "de616dd9ce3b892bb6fafca061bed3e644dcf9151f4527045657b89def02bb9cad6c62f8293cff1e7df3eb0803889f2fd92b151ed17ab9007c47463bf4e7afe47ab1d24292b0103cbbc15977a51c0ae02a16535a666c86a6321ae76cba859e771aa7d0ff9fa033e50e56e0f68419fd47894ab8f8d473fc2af5fc18fb9399fdbb44bce22ac4c64feea69875f61ef4f46591d0547ce0f025b0a5f6dc470fd9635a05e318fa41b23e07582b3128621edbf17703923cea8b079f042f9924f50ce06116fc38e34430e0a4b60e7144cccb31d0a0457e528dd782264fec2417bd1b18aa82a223185cee31b2989e534df535b22243ec2971118b283cebb23130d1622a675cabf8788d71473f98949841ab1c34d28257f4b10e6eec198365490620753627951432cf82875ec0fccc70181d74035e141d4bbdd59571d5c3fa68b6a9365539b7e734e38e7083fe43b3104f03a618c99dc38b7b166c71dcda72645a7ddd09b867d20ef1d0f2154c6c2af7bfc13509c92a055f4ba6134cf5124359fccca93ea9ef30597c542c2e259bbd96051f"}, {0xc}, {0xc, 0x8, {0x7, 0x2}}}}, @m_tunnel_key={0x190, 0x4, 0x0, 0x0, {{0xf}, {0x4c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @initdev={0xac, 0x1e, 0x1, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @multicast2}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @empty}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x8}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @loopback}]}, {0x118, 0x6, "0cafc1543fc7130bc310cdfdfa32eedba6ebd01dbde5a4800c565d5e08108743157ceaf57502ae16424fc680ad63d81b33a68e622980f6c40294c4fce065d4a37c8f3b3b0603ebbab685a5aa7d92e46d5e70031c4d75ef2cc74391dc7b5967f16367e0d148ec3cd64d18363064364b504283ea01e20b7cdcc036c9ed103899c4cbe527596b08253c193f3e89e7811a43ba11e25da8279c3e1c0e5153f6834e47dc79b48d6c763b2954504501f5684056ff1f90a6c10a6701f298e259ee374fd09424770afab52825645a764322052dc4ac0ebf83320fb0d4defb2a247707152eb8dbc7563c4e1cbdb0af9f2d2f6be4cbc8fa4712833ffb01cbbb51151697849a2e46d5fee35c5acaee938e84e7df2dce0354cbe0"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_sample={0x5c, 0x15, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x80000000}]}, {0x28, 0x6, "5c284c3a3976241974dfcfebd3f12300000000dd32682ee8d4f40ac50fe8693977f5ce2c"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x3f4}}, 0x4004) socket(0x11, 0x6, 0x0) 19.335546031s ago: executing program 3 (id=3795): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x80002, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x1a, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f00000000c0)=0x3) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x2def, 0x2e0e, 0x0, 0x0, 0xffffffffffffffa2) mkdirat(r1, 0x0, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r3, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) syz_usb_connect(0x2, 0x24, 0x0, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0) ioctl$DRM_IOCTL_RM_MAP(r1, 0x4028641b, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x2000)=nil}) r5 = dup(r4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r5, 0x0) r6 = fsopen(&(0x7f0000000240)='xfs\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r6, 0x2, &(0x7f0000000080)='disBard', &(0x7f0000000200)='\x00', 0x1) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) madvise(&(0x7f0000b90000/0x3000)=nil, 0x3000, 0x19) r7 = syz_clone(0x85240000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_emit_vhci(0x0, 0xd) ptrace(0x10, r7) mmap$IORING_OFF_SQ_RING(&(0x7f000062a000/0x1000)=nil, 0x1000, 0x1000000, 0x12, r5, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@newtaction={0x3f4, 0x30, 0x100, 0x70bd29, 0x25dfdbfe, {}, [{0x3e0, 0x1, [@m_skbedit={0x1f0, 0x17, 0x0, 0x0, {{0xc}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x23}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0xffd4}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x1}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x6, 0xb, 0x0, 0xffff, 0xffffffff}}]}, {0x191, 0x6, "de616dd9ce3b892bb6fafca061bed3e644dcf9151f4527045657b89def02bb9cad6c62f8293cff1e7df3eb0803889f2fd92b151ed17ab9007c47463bf4e7afe47ab1d24292b0103cbbc15977a51c0ae02a16535a666c86a6321ae76cba859e771aa7d0ff9fa033e50e56e0f68419fd47894ab8f8d473fc2af5fc18fb9399fdbb44bce22ac4c64feea69875f61ef4f46591d0547ce0f025b0a5f6dc470fd9635a05e318fa41b23e07582b3128621edbf17703923cea8b079f042f9924f50ce06116fc38e34430e0a4b60e7144cccb31d0a0457e528dd782264fec2417bd1b18aa82a223185cee31b2989e534df535b22243ec2971118b283cebb23130d1622a675cabf8788d71473f98949841ab1c34d28257f4b10e6eec198365490620753627951432cf82875ec0fccc70181d74035e141d4bbdd59571d5c3fa68b6a9365539b7e734e38e7083fe43b3104f03a618c99dc38b7b166c71dcda72645a7ddd09b867d20ef1d0f2154c6c2af7bfc13509c92a055f4ba6134cf5124359fccca93ea9ef30597c542c2e259bbd96051f"}, {0xc}, {0xc, 0x8, {0x7, 0x2}}}}, @m_tunnel_key={0x190, 0x4, 0x0, 0x0, {{0xf}, {0x4c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @initdev={0xac, 0x1e, 0x1, 0x0}}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @multicast2}, @TCA_TUNNEL_KEY_ENC_IPV6_DST={0x14, 0x6, @empty}, @TCA_TUNNEL_KEY_ENC_KEY_ID={0x8, 0x7, 0x8}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @loopback}]}, {0x118, 0x6, "0cafc1543fc7130bc310cdfdfa32eedba6ebd01dbde5a4800c565d5e08108743157ceaf57502ae16424fc680ad63d81b33a68e622980f6c40294c4fce065d4a37c8f3b3b0603ebbab685a5aa7d92e46d5e70031c4d75ef2cc74391dc7b5967f16367e0d148ec3cd64d18363064364b504283ea01e20b7cdcc036c9ed103899c4cbe527596b08253c193f3e89e7811a43ba11e25da8279c3e1c0e5153f6834e47dc79b48d6c763b2954504501f5684056ff1f90a6c10a6701f298e259ee374fd09424770afab52825645a764322052dc4ac0ebf83320fb0d4defb2a247707152eb8dbc7563c4e1cbdb0af9f2d2f6be4cbc8fa4712833ffb01cbbb51151697849a2e46d5fee35c5acaee938e84e7df2dce0354cbe0"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_sample={0x5c, 0x15, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x80000000}]}, {0x28, 0x6, "5c284c3a3976241974dfcfebd3f12300000000dd32682ee8d4f40ac50fe8693977f5ce2c"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x3f4}}, 0x4004) socket(0x11, 0x6, 0x0) 18.952481705s ago: executing program 2 (id=3796): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f000001aa80)=ANY=[@ANYBLOB='permprofile &'], 0xff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x1, 0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="3c010000100000030300000000000000ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000a033000000", @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000000000000000000000330000007f0000010000000000000000000000000000000000000000010000000000000000000000000000005b40000000000000fcffffffffffffff0000000000000000f30d0000000000000000000000000000000010000000000000000000000000000020005d570400000000000000320000000000feff03ff000000000000000025bd700000000000020002e8020000004800010073686132353600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c55c0000000000000000000000000000050019006c000000"], 0x13c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r6 = dup(r5) ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x0, 0x80600}) r7 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$SO_BINDTODEVICE_wg(r7, 0x1, 0x19, 0x0, 0x0) unshare(0x40020000) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4004, 0x7, &(0x7f0000006680)) 18.020589158s ago: executing program 2 (id=3798): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0xee) ioctl$UI_DEV_CREATE(r0, 0x5501) 17.967291347s ago: executing program 2 (id=3799): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0xa, 0x800000000000002, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x400ad80, &(0x7f0000000080)={0xa, 0x4621, 0x0, @local}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000006780)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000001c0)="b3ab706204ee39c9dae21a1718ee351ebc92d2f0d482a863ae5c0b4d768ffe745af2c53a083d9b761b", 0xfff7}], 0x1}}], 0x1, 0x0) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f0000000100)='./file0\x00') r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) pwritev2(r5, &(0x7f0000000980)=[{0x0}, {&(0x7f0000000500)="be81e1310fb465f31a42f6efa58772d291c57be2782f6ff63ea3517e50771580447f7d195ee15e186027d518b2c77a051895fece1dc014c33d6928ab0376cf4077399b51451472f53be50af6897bc0fa353cad9156d19de3665191fdf17a2f07f4286cea5c10fbb81feb85e406524a47b1978139eaa8daec929e00572df90f9d8a3ce9b03cc2ee0eb9b4875c4e3d02e9570f627ef6771beca770bc6b2a", 0x9d}, {&(0x7f0000001980)="d8e266371b5a156dd615cef16752ad1da46006beac8c2afe470fda4ab99cbefd1d99a8bd233725239a987587077bf416a7cfa51b1f90320b2b3be3c625ae7a1ceb556334ffdf2aeb3ccb275458c596b17ba4ba1b9065b27d2c5d7f651119daedb16067158ebbb3835ba06546990a9e283378df9dcc41e1f31764da215dd047e02c235e3f0fb673961d3e8fc263c657418e7c5343cfc0388779bab9eba0af8a39635e940a42c857b5dbf0c85abec5bb56dff74ed0ba59c908a7d073fe79f650e0ea161760177e5b0bb98c0e70c8dffd7557afe30962031ecc63b9369ec0e882378a0c11c9f4d393b1bfec24fb155c078f1875f5987fd4220cf4ea1de57fea6bfbe21ed47227add291d38593a6b8472b12f2c241e5772cf9de4c1f7969f6a8f0862978773f3f5b557bd8d744db1970c0145f8df60c7364c46e06f1d19e89fabd5fcc92bf1d5f4583f9823dd68c4e097c8e306779c2ee47edf20b44a3ddcf9fbfe78a133343bf9195e5d2008f29e5c94b7885c817733deec78e744745d39ce3d9d3cbaa60fa5034e5afdcb2061f5c4600f17157826e8b86ac8ab7dffd10a494d60ca78197953abe66c0f94c4b7f678228baa85a9c375cc119cfca5b3447d8d7249db4f85875a5d30c9182ace809fd471311f4ae548088c382d2dbf903480b192511e74ceac914588c9a8c5eee734c523e54d56d72625bf2c50de0c6e14c68ffb9178ad095e11e64db74563b9cb566b9d513d6cfb172737fdbcba17110cf8f6983ee01017cf66dd47a37e0357789cb749e67a21520e8fcab8572826a6490c8bc427155afe3b79421d4cc5a41c72850a25e9241e6b2cb678188d8bcb1b9764e23a05570979e951d03b4c307d9350b307dbd634890d2dfd0ea90ddf5ac4b48c5a4c669112e853aaa62116126e9ce4c4e90f981a370c57f8b834011eabf792ccdd762eb46d48b814db572e856df3455d53a4552b0619c27faec3c921d79b15d984270d91a10702bf21044746f2fa2ce5176005715949524b787c724f55cce45d94427403553ed6437fb599f106abc670f625bb38e3a90ba894ddf0654464a8e22d68ba2b26978b52bb2a7a0fda821a0122355990fd9a14f3be86c8244ca3a15abb799c02aed2fc9f1cf8b9458b0e1d8ae8cdeda9de40adef98ca0def017d438714eac2873b3df14bb8f5c455fa76579edd04c5ae64b48638bb62dc9b678264713bc9e40b11559da793a125b5d4f5772bd7a369218b17d16c217e101e381422bb32003e6dcc0d0113b256569b43a8865b986b826f7073af99f6ed11753f88758470befc513628d25c50f7dc24ec14cc7354a659353c09779c83aa87d2cf9bc04f59522d065e4a55cb990d20e93ada39726e4baf5a23284ad19ba9eb8bbb5023eb12b4acb02768fe6599d36a3d7fc7c2a8cd9369997b7c179ebe385117f0e7b60fce56f033426d0ca78ef0dd953a0c6b2114b9034fc4fa0d576448171fc32eff97836c00a92674e47224779ef2f2dd3385dbfc88d6e7f6eb78c73a1668e5cf8ecf2d39ec62788ae1f3786262d3cdf8a208ab0a28196e6163a06809d3c0c41f3cd79a7e7d72b7c2c66c8662b8405532d8d00e8cf740f6388cc595405b4cd6d1ee6db4168379394a7ebea3c4ec1375b0a0ea05288a5fcfca8ccbcc198e8d319ca5121fbf70ed5dabece1a733b2c591a20d8faa59e30acc62ef5a74de7397308379aebd69fd52bf155b47c7dfeb0576205ec81b2f96b6137c375464a6dc8bbdef6693bec4dcb23286c2f102b1cc5a18a0251cfaaacee3cc7f61a6a99ae216350284901eec57c6d23380f2f5dcbdbf1b463509b42372064d14ecab7b4812b5304fe5ef48125ab446c7b93e5bab9f1a19f004170788ed59e278c06cee96b6e4cfd73ac7d85fffee05be3a5b3e613b1d14ac3074f4e872d01b742376c178d7b74866dadf7155255ea0e9b41edad219be52de205f1ce40f7b0cdcb674e35e9704e3f69d84499a8fa623f2c799be4e85e64af46cd73ba1c051b9e72a1778b1a3fd90b937c5d4c7afc59db11645c1806f8903992b7216d56de591d3e4985483df2a48061349498e6504605a0a730b9a84589ca7af5142168b887a80818cb5d7ee132998eb90d", 0x5dd}, {0x0}], 0x4, 0x5, 0xa, 0x14) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) r6 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000180)="1400000016000b63d25a80648c2594f90224fc60", 0x14}], 0x1}, 0x0) readv(r0, &(0x7f0000000100)=[{&(0x7f00000001c0)=""/21, 0xb}], 0x3e8) r7 = socket$kcm(0x2, 0xa, 0x2) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r5) sendmsg$NL80211_CMD_LEAVE_OCB(r5, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000003c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="02002dbd7000fedbdf256d000000080003003b5335af1d0ac671f67259fe334f2f1d21b58267e90feb220be58ee4fac2324ef518ee2bec9aacec284731f937ad25ee034272a577d29afcfc8780de240454a1afc945ca8f55816ceb098e65a1557e6d89cfb041593a3d7ddaabdd847ea2cd0293df643e9f88ab0c054d32dcb19aacd01997ad59b0918c779407e2c9e16bb2c9727da824855e5bcb6e61f56ab2f87b6cd798dd562cf4332ffb6f003761cdfa8b75e6e3b3c33b15a927e3e4bbce7afb8f08ee9338f187343be7ae2f8cdae2a22168080c8b63d9658a9ab1a14cb1ac8620e16ec7dcf0a2b79f94a15c80ea06", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40040) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r7, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}}) 17.74639546s ago: executing program 0 (id=3800): pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000000400)=[{&(0x7f0000000100)="92", 0x1}], 0x1) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0) splice(r0, 0x0, r4, 0x0, 0x80, 0x6) write(r2, 0x0, 0x0) 17.576983774s ago: executing program 0 (id=3801): mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x0) 17.576603481s ago: executing program 0 (id=3802): setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e22, 0x0, @empty}, 0x1c) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) socket$unix(0x1, 0x5, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) read$FUSE(r2, &(0x7f0000003980)={0x2020, 0x0, 0x0}, 0x2020) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000140)={0x30, 0x0, 0x1, 0x70bd29, 0x25dfdbff, {}, [@NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x7}]}, 0x30}, 0x1, 0x0, 0x0, 0x24004040}, 0x20008044) sendmsg$inet(r6, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) connect$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) write$FUSE_ATTR(r2, &(0x7f0000000240)={0x78, 0x0, r3, {0x2000000007, 0x0, 0x0, {0x0, 0x0, 0x55, 0x0, 0x0, 0xfffffffffffffffc, 0x2, 0x0, 0x1ff, 0xa000}}}, 0x78) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x10, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x8, 0x10, &(0x7f0000000500)=ANY=[@ANYBLOB="18080000cdbe0000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7eaff00030000008500000005000000bf09000000000000557d7c00000000009500000000bf9800000000000056080000000000008500000007000000b700000000000000950000000000000040b926e74035835cdb66cb2d862552b2d2b1ab77835313270352a2b18be09187c6e14e7056db1b17404eae62422bcb63c054b2dc7ad28f1ba2a8dafb13030d01ad5a824b8ed12f4c624385cbb4651cc53a3a6ce9278f5d69f6c2d4562755d0b4bc4e017c32344a265f08423f0c7d95519fa454401f6932b49f9d53b76c3318edf5fea2daba63587918239f870cadf9903147c8b15b3c1d84fdaa3e42f5b7ae0b9342c37cef6ec8b48e68d5e633a16b72d307f5b56779d7aa09d088516673333ad66593e3788c9e0b8f2b"], &(0x7f0000000980)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, @void, @value}, 0x94) sendmsg$can_bcm(r1, 0x0, 0x20004004) r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2000007, 0x401d031, 0xffffffffffffffff, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x0, 0x0, 0x0, 0x4) preadv(r1, 0x0, 0x0, 0x2, 0x0) socket(0x2, 0x3, 0x67) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000000}, 0x24008854) 16.990100088s ago: executing program 2 (id=3803): r0 = syz_open_dev$vcsn(&(0x7f0000000180), 0x0, 0x26642) fsetxattr$security_capability(r0, &(0x7f0000000280), &(0x7f0000000380)=@v3={0x3000000, [{0x5, 0x82}, {0x80000000, 0xffffaf0a}]}, 0x18, 0x0) io_uring_setup(0xb3a, &(0x7f0000000400)={0x0, 0x0, 0x100, 0xfffffffd}) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000100)={0x4}) arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_RECV_OWN_MSGS(r1, 0x65, 0x4, 0x0, &(0x7f0000000280)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x8, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3}}}}, @m_ife={0x48, 0x3, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x8000, 0x80, 0x5, 0x1}]}) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200)) bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[], 0x50) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) 16.632971076s ago: executing program 4 (id=3804): symlink(&(0x7f0000000300)='./file1\x00', &(0x7f0000000340)='./file1\x00') socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1001, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000440)=0x2) clock_nanosleep(0x8, 0x0, &(0x7f0000000280), 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}]}]}], {0x14}}, 0x88}, 0x1, 0x0, 0x0, 0x400c041}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9}) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="184c09061092c096854e92dcc38c0000007800010600000000000000000700000007000000"], 0x18}], 0x1}, 0x0) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r3, 0x100000) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000015c0)={0x0, 0x0, &(0x7f0000001580)={&(0x7f0000000480)=ANY=[@ANYBLOB="5c000062000000000000000000000000080000000900020073797a320000000005000100070000dd14000300686173683a69702c706f03e22c72742c6e657400000000050005000a0000080c00d4e108000640000000000500040000000000"], 0x5c}}, 0x0) getpid() r6 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r6, 0x6, 0x11, 0x0, &(0x7f00000000c0)) 16.615097139s ago: executing program 0 (id=3805): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r0 = socket(0x10, 0x803, 0x0) r1 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000200)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000300)=@IORING_OP_RECVMSG={0xa, 0x30, 0x2, r0, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0, 0x8002, 0x0, {0x1}}) io_uring_enter(r1, 0x627, 0x4c1, 0x43, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xe, 0x7}, {}, {0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x40) 16.536051053s ago: executing program 0 (id=3806): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'xfrm0\x00', 0x0}) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x6}, 0x14) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r2, &(0x7f0000000080)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0002}}}, 0x14) r3 = dup(r2) connect$802154_dgram(r3, &(0x7f0000000040)={0x24, @none={0x0, 0x1}}, 0x14) ioctl$BTRFS_IOC_INO_PATHS(r0, 0xc0389423, &(0x7f0000000100)={0xb, 0x30, [0x0, 0x4, 0x4, 0xfffffffffffffffe], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) mknod$loop(&(0x7f0000000040)='./file0\x00', 0x100000000000600d, 0x1) socket$alg(0x26, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd74) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, 0x0) write$tun(r6, 0x0, 0xfdef) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={0xffffffffffffffff, 0xffff0000, 0xe, 0x0, &(0x7f0000000140)="2b206d074843b397737ea49da2aa", 0x0, 0xf000, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004b40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=ANY=[], 0x18}}], 0x2, 0x4000000) r7 = syz_io_uring_setup(0x497, &(0x7f0000000480)={0x0, 0x7079, 0x10, 0x4, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0x0) 16.310025073s ago: executing program 3 (id=3807): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0xee) ioctl$UI_DEV_CREATE(r0, 0x5501) 15.968840732s ago: executing program 3 (id=3808): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f000001aa80)=ANY=[@ANYBLOB='permprofile &'], 0xff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x1, 0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="3c010000100000030300000000000000ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000a033000000", @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000000000000000000000330000007f0000010000000000000000000000000000000000000000010000000000000000000000000000005b40000000000000fcffffffffffffff0000000000000000f30d0000000000000000000000000000000010000000000000000000000000000020005d570400000000000000320000000000feff03ff000000000000000025bd700000000000020002e8020000004800010073686132353600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c55c0000000000000000000000000000050019006c000000"], 0x13c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r6 = dup(r5) ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x0, 0x80600}) r7 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$SO_BINDTODEVICE_wg(r7, 0x1, 0x19, 0x0, 0x0) unshare(0x40020000) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4004, 0x7, &(0x7f0000006680)) 15.884157046s ago: executing program 2 (id=3809): r0 = syz_open_dev$vcsn(&(0x7f0000000180), 0x0, 0x26642) fsetxattr$security_capability(r0, &(0x7f0000000280), &(0x7f0000000380)=@v3={0x3000000, [{0x5, 0x82}, {0x80000000, 0xffffaf0a}]}, 0x18, 0x0) io_uring_setup(0xb3a, &(0x7f0000000400)={0x0, 0x0, 0x100, 0xfffffffd}) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000100)={0x4}) arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_RECV_OWN_MSGS(r1, 0x65, 0x4, 0x0, &(0x7f0000000280)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x8, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3}}}}, @m_ife={0x48, 0x3, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x8000, 0x80, 0x5, 0x1}]}) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200)) bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[], 0x50) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) 15.377607712s ago: executing program 4 (id=3810): socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socket(0x10, 0x80002, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) socket(0x1e, 0x4, 0x0) socket(0x1e, 0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @mcast1={0xff, 0x2}}]}, 0x2c}}, 0x0) 15.377151629s ago: executing program 0 (id=3811): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xe, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff, 0x4}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = socket$inet6(0xa, 0x80003, 0xff) setsockopt$inet6_int(r0, 0x29, 0x13, &(0x7f0000fcb000), 0x4) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000002000)=@newsa={0x104, 0x10, 0x633, 0x0, 0x0, {{@in6=@loopback, @in6=@dev}, {@in6=@dev, 0x0, 0x32}, @in=@local, {}, {}, {}, 0x0, 0x0, 0xa}, [@replay_val={0x10, 0xa, {0x70bd25, 0x70bd25}}, @extra_flags={0x8, 0x18, 0x3}]}, 0x104}}, 0x880) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10138, 0x2, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r5, 0x80046402, 0x0) ioctl$DRM_IOCTL_AUTH_MAGIC(r5, 0x40046411, &(0x7f0000000000)=0x1) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000080)={0x0, 0x0, 0xa294}) ioctl$SG_SET_TIMEOUT(r4, 0x2201, &(0x7f0000000000)=0xc) r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) r7 = epoll_create(0x3) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f00000003c0)={0x8000201c}) syz_clone(0x20304000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00'}, 0x10) r8 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0) mq_getsetattr(r8, 0x0, 0xffffffffffffffff) 143.621137ms ago: executing program 33 (id=3811): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xe, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff, 0x4}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = socket$inet6(0xa, 0x80003, 0xff) setsockopt$inet6_int(r0, 0x29, 0x13, &(0x7f0000fcb000), 0x4) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000002000)=@newsa={0x104, 0x10, 0x633, 0x0, 0x0, {{@in6=@loopback, @in6=@dev}, {@in6=@dev, 0x0, 0x32}, @in=@local, {}, {}, {}, 0x0, 0x0, 0xa}, [@replay_val={0x10, 0xa, {0x70bd25, 0x70bd25}}, @extra_flags={0x8, 0x18, 0x3}]}, 0x104}}, 0x880) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10138, 0x2, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r5, 0x80046402, 0x0) ioctl$DRM_IOCTL_AUTH_MAGIC(r5, 0x40046411, &(0x7f0000000000)=0x1) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000080)={0x0, 0x0, 0xa294}) ioctl$SG_SET_TIMEOUT(r4, 0x2201, &(0x7f0000000000)=0xc) r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) r7 = epoll_create(0x3) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r6, &(0x7f00000003c0)={0x8000201c}) syz_clone(0x20304000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00'}, 0x10) r8 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0) mq_getsetattr(r8, 0x0, 0xffffffffffffffff) 89.667858ms ago: executing program 34 (id=3810): socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socket(0x10, 0x80002, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) socket(0x1e, 0x4, 0x0) socket(0x1e, 0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @mcast1={0xff, 0x2}}]}, 0x2c}}, 0x0) 64.961235ms ago: executing program 35 (id=3809): r0 = syz_open_dev$vcsn(&(0x7f0000000180), 0x0, 0x26642) fsetxattr$security_capability(r0, &(0x7f0000000280), &(0x7f0000000380)=@v3={0x3000000, [{0x5, 0x82}, {0x80000000, 0xffffaf0a}]}, 0x18, 0x0) io_uring_setup(0xb3a, &(0x7f0000000400)={0x0, 0x0, 0x100, 0xfffffffd}) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000100)={0x4}) arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_RECV_OWN_MSGS(r1, 0x65, 0x4, 0x0, &(0x7f0000000280)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfb, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x8, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3}}}}, @m_ife={0x48, 0x3, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x8000, 0x80, 0x5, 0x1}]}) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200)) bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[], 0x50) ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) 0s ago: executing program 36 (id=3808): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r0, &(0x7f000001aa80)=ANY=[@ANYBLOB='permprofile &'], 0xff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x1, 0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="3c010000100000030300000000000000ac1414aa000000000000000000000000000000000000000000000000000000000000000000000000000000a033000000", @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000000000000000000000330000007f0000010000000000000000000000000000000000000000010000000000000000000000000000005b40000000000000fcffffffffffffff0000000000000000f30d0000000000000000000000000000000010000000000000000000000000000020005d570400000000000000320000000000feff03ff000000000000000025bd700000000000020002e8020000004800010073686132353600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c55c0000000000000000000000000000050019006c000000"], 0x13c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r6 = dup(r5) ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x0, 0x80600}) r7 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$SO_BINDTODEVICE_wg(r7, 0x1, 0x19, 0x0, 0x0) unshare(0x40020000) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4004, 0x7, &(0x7f0000006680)) kernel console output (not intermixed with test programs): 6952] __kmalloc_noprof+0xd2/0x510 [ 592.370898][T16952] tomoyo_realpath_from_path+0xc2/0x6e0 [ 592.370912][T16952] ? tomoyo_profile+0x47/0x60 [ 592.370929][T16952] tomoyo_path_number_perm+0x245/0x580 [ 592.370939][T16952] ? tomoyo_path_number_perm+0x237/0x580 [ 592.370951][T16952] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 592.370976][T16952] ? find_held_lock+0x2b/0x80 [ 592.370986][T16952] ? hook_file_ioctl_common+0x145/0x410 [ 592.370996][T16952] ? __fget_files+0x204/0x3c0 [ 592.371014][T16952] ? __fget_files+0x20e/0x3c0 [ 592.371027][T16952] ? fput+0x60/0xf0 [ 592.371040][T16952] security_file_ioctl_compat+0x9b/0x240 [ 592.371053][T16952] __ia32_compat_sys_ioctl+0xc3/0x360 [ 592.371068][T16952] __do_fast_syscall_32+0x73/0x120 [ 592.371083][T16952] do_fast_syscall_32+0x32/0x80 [ 592.371096][T16952] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 592.371108][T16952] RIP: 0023:0xf7fd3579 [ 592.371116][T16952] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 592.371126][T16952] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 592.371136][T16952] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080284504 [ 592.371142][T16952] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 592.371148][T16952] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 592.371154][T16952] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 592.371159][T16952] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 592.371183][T16952] [ 592.371273][T16952] ERROR: Out of memory at tomoyo_realpath_from_path. [ 592.380232][T13509] dvb-usb: bulk message failed: -22 (1/0) [ 592.448213][T13509] dvb-usb: error while querying for an remote control event. [ 592.496482][ T29] usb 8-1: USB disconnect, device number 60 [ 592.516967][ T29] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 592.526463][ T24] usb 9-1: USB disconnect, device number 86 [ 592.542025][ T24] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 592.606264][T11172] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 592.856184][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 593.896711][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 594.055379][T16978] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3409'. [ 594.058350][T16978] netlink: 160 bytes leftover after parsing attributes in process `syz.2.3409'. [ 594.344585][ T40] audit: type=1400 audit(1745994826.079:1113): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=16992 comm="syz.4.3414" [ 594.509051][T16998] FAULT_INJECTION: forcing a failure. [ 594.509051][T16998] name failslab, interval 1, probability 0, space 0, times 0 [ 594.513024][T16998] CPU: 3 UID: 0 PID: 16998 Comm: syz.3.3415 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 594.513038][T16998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 594.513044][T16998] Call Trace: [ 594.513048][T16998] [ 594.513053][T16998] dump_stack_lvl+0x16c/0x1f0 [ 594.513071][T16998] should_fail_ex+0x512/0x640 [ 594.513085][T16998] ? fs_reclaim_acquire+0xae/0x150 [ 594.513102][T16998] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 594.513115][T16998] should_failslab+0xc2/0x120 [ 594.513128][T16998] __kmalloc_noprof+0xd2/0x510 [ 594.513142][T16998] tomoyo_realpath_from_path+0xc2/0x6e0 [ 594.513156][T16998] ? tomoyo_profile+0x47/0x60 [ 594.513172][T16998] tomoyo_path_number_perm+0x245/0x580 [ 594.513182][T16998] ? tomoyo_path_number_perm+0x237/0x580 [ 594.513194][T16998] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 594.513218][T16998] ? find_held_lock+0x2b/0x80 [ 594.513228][T16998] ? hook_file_ioctl_common+0x145/0x410 [ 594.513238][T16998] ? __fget_files+0x204/0x3c0 [ 594.513255][T16998] ? __fget_files+0x20e/0x3c0 [ 594.513268][T16998] ? fput+0x60/0xf0 [ 594.513281][T16998] security_file_ioctl_compat+0x9b/0x240 [ 594.513294][T16998] __ia32_compat_sys_ioctl+0xc3/0x360 [ 594.513323][T16998] __do_fast_syscall_32+0x73/0x120 [ 594.513337][T16998] do_fast_syscall_32+0x32/0x80 [ 594.513350][T16998] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 594.513368][T16998] RIP: 0023:0xf7fd3579 [ 594.513376][T16998] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 594.513386][T16998] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 594.513396][T16998] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000c048aeca [ 594.513402][T16998] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 594.513408][T16998] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 594.513414][T16998] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 594.513419][T16998] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 594.513432][T16998] [ 594.513476][T16998] ERROR: Out of memory at tomoyo_realpath_from_path. [ 594.936260][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 595.662970][T11172] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 596.020203][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 596.349117][T17022] FAULT_INJECTION: forcing a failure. [ 596.349117][T17022] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 596.353180][T17022] CPU: 3 UID: 0 PID: 17022 Comm: syz.4.3422 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 596.353194][T17022] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 596.353200][T17022] Call Trace: [ 596.353204][T17022] [ 596.353208][T17022] dump_stack_lvl+0x16c/0x1f0 [ 596.353226][T17022] should_fail_ex+0x512/0x640 [ 596.353242][T17022] _copy_from_user+0x2e/0xd0 [ 596.353257][T17022] get_compat_msghdr+0xa7/0x170 [ 596.353269][T17022] ? __pfx_get_compat_msghdr+0x10/0x10 [ 596.353283][T17022] ___sys_sendmsg+0x1ae/0x1d0 [ 596.353295][T17022] ? __pfx____sys_sendmsg+0x10/0x10 [ 596.353320][T17022] __sys_sendmsg+0x16d/0x220 [ 596.353330][T17022] ? __pfx___sys_sendmsg+0x10/0x10 [ 596.353346][T17022] ? rcu_is_watching+0x12/0xc0 [ 596.353357][T17022] __do_fast_syscall_32+0x73/0x120 [ 596.353372][T17022] do_fast_syscall_32+0x32/0x80 [ 596.353385][T17022] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 596.353398][T17022] RIP: 0023:0xf703e579 [ 596.353406][T17022] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 596.353416][T17022] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 596.353426][T17022] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280 [ 596.353432][T17022] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 596.353438][T17022] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 596.353444][T17022] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 596.353450][T17022] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 596.353461][T17022] [ 596.410672][T17026] 9pnet_fd: Insufficient options for proto=fd [ 596.460709][T17032] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 596.465087][T17032] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 596.619740][T17036] syz.2.3426: attempt to access beyond end of device [ 596.619740][T17036] nbd2: rw=0, sector=64, nr_sectors = 2 limit=0 [ 596.624763][T17036] syz.2.3426: attempt to access beyond end of device [ 596.624763][T17036] nbd2: rw=0, sector=512, nr_sectors = 2 limit=0 [ 596.628879][T17036] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 596.631892][T17036] syz.2.3426: attempt to access beyond end of device [ 596.631892][T17036] nbd2: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 596.635910][T17036] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 596.639275][T17036] syz.2.3426: attempt to access beyond end of device [ 596.639275][T17036] nbd2: rw=0, sector=64, nr_sectors = 4 limit=0 [ 596.643287][T17036] syz.2.3426: attempt to access beyond end of device [ 596.643287][T17036] nbd2: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 596.647482][T17036] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 596.651122][T17036] syz.2.3426: attempt to access beyond end of device [ 596.651122][T17036] nbd2: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 596.655870][T17036] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 596.659488][T17036] syz.2.3426: attempt to access beyond end of device [ 596.659488][T17036] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 596.663505][T17036] syz.2.3426: attempt to access beyond end of device [ 596.663505][T17036] nbd2: rw=0, sector=2048, nr_sectors = 8 limit=0 [ 596.667640][T17036] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 596.671249][T17036] syz.2.3426: attempt to access beyond end of device [ 596.671249][T17036] nbd2: rw=0, sector=4096, nr_sectors = 8 limit=0 [ 596.677577][T17036] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 596.680518][T17036] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1) [ 596.696109][ T833] usb 9-1: new high-speed USB device number 87 using dummy_hcd [ 596.866092][ T833] usb 9-1: Using ep0 maxpacket: 8 [ 596.868478][ T833] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 596.868502][ T833] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 596.868515][ T833] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 596.868527][ T833] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 596.868539][ T833] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 596.869527][ T833] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 596.869546][ T833] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 596.869559][ T833] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 596.869571][ T833] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 596.869584][ T833] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 596.870683][ T833] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 596.870705][ T833] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 596.870718][ T833] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 596.870730][ T833] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 596.870741][ T833] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 596.874711][ T833] usb 9-1: string descriptor 0 read error: -22 [ 596.874765][ T833] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 596.874776][ T833] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 596.906404][ T833] adutux 9-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 596.926590][ T833] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 597.186384][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 597.380543][ T10] usb 9-1: USB disconnect, device number 87 [ 597.769157][T17049] input: syz1 as /devices/virtual/input/input44 [ 597.930245][T17058] netlink: 'syz.2.3432': attribute type 10 has an invalid length. [ 597.933724][T17058] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3432'. [ 597.939038][T17058] CUSE: unknown device info "ÿ" [ 597.941215][T17058] CUSE: zero length info key specified [ 597.958188][T17059] netlink: 'syz.3.3433': attribute type 10 has an invalid length. [ 597.960772][T17059] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3433'. [ 597.966881][T17059] CUSE: unknown device info "ÿ" [ 597.968520][T17059] CUSE: zero length info key specified [ 598.216383][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 598.696304][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 598.776461][ T40] audit: type=1400 audit(1745994830.519:1114): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17060 comm="syz.2.3434" [ 598.831915][T17063] FAULT_INJECTION: forcing a failure. [ 598.831915][T17063] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 598.835975][T17063] CPU: 2 UID: 0 PID: 17063 Comm: syz.3.3435 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 598.835989][T17063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 598.835996][T17063] Call Trace: [ 598.836000][T17063] [ 598.836004][T17063] dump_stack_lvl+0x16c/0x1f0 [ 598.836021][T17063] should_fail_ex+0x512/0x640 [ 598.836037][T17063] _copy_from_user+0x2e/0xd0 [ 598.836052][T17063] get_compat_msghdr+0xa7/0x170 [ 598.836063][T17063] ? __pfx_get_compat_msghdr+0x10/0x10 [ 598.836103][T17063] ___sys_sendmsg+0x1ae/0x1d0 [ 598.836115][T17063] ? __pfx____sys_sendmsg+0x10/0x10 [ 598.836142][T17063] __sys_sendmsg+0x16d/0x220 [ 598.836152][T17063] ? __pfx___sys_sendmsg+0x10/0x10 [ 598.836168][T17063] ? rcu_is_watching+0x12/0xc0 [ 598.836179][T17063] __do_fast_syscall_32+0x73/0x120 [ 598.836194][T17063] do_fast_syscall_32+0x32/0x80 [ 598.836207][T17063] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 598.836220][T17063] RIP: 0023:0xf7fd3579 [ 598.836228][T17063] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 598.836238][T17063] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 598.836249][T17063] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080006040 [ 598.836255][T17063] RDX: 0000000020004804 RSI: 0000000000000000 RDI: 0000000000000000 [ 598.836261][T17063] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 598.836266][T17063] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 598.836272][T17063] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 598.836284][T17063] [ 599.254485][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 599.927676][T17084] FAULT_INJECTION: forcing a failure. [ 599.927676][T17084] name failslab, interval 1, probability 0, space 0, times 0 [ 599.932230][T17084] CPU: 3 UID: 0 PID: 17084 Comm: syz.0.3440 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 599.932244][T17084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 599.932250][T17084] Call Trace: [ 599.932254][T17084] [ 599.932259][T17084] dump_stack_lvl+0x16c/0x1f0 [ 599.932276][T17084] should_fail_ex+0x512/0x640 [ 599.932290][T17084] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 599.932307][T17084] should_failslab+0xc2/0x120 [ 599.932319][T17084] __kmalloc_cache_noprof+0x6a/0x3e0 [ 599.932334][T17084] ? do_raw_spin_lock+0x12c/0x2b0 [ 599.932349][T17084] ? create_io_worker+0xc9/0x5b0 [ 599.932362][T17084] ? create_io_worker+0x1f/0x5b0 [ 599.932372][T17084] create_io_worker+0xc9/0x5b0 [ 599.932384][T17084] io_wq_enqueue+0x5c4/0xa10 [ 599.932397][T17084] ? __pfx_io_wq_enqueue+0x10/0x10 [ 599.932407][T17084] ? __pfx_io_wq_work_match_item+0x10/0x10 [ 599.932419][T17084] ? io_prep_async_work+0x654/0x770 [ 599.932437][T17084] io_queue_iowq+0x28a/0x5b0 [ 599.932449][T17084] io_req_task_submit+0x142/0x1f0 [ 599.932460][T17084] io_poll_task_func+0x942/0x1320 [ 599.932476][T17084] ? __pfx_io_poll_task_func+0x10/0x10 [ 599.932490][T17084] ? find_held_lock+0x2b/0x80 [ 599.932499][T17084] ? io_handle_tw_list+0x112/0x500 [ 599.932509][T17084] ? __pfx_io_poll_task_func+0x10/0x10 [ 599.932523][T17084] io_handle_tw_list+0x155/0x500 [ 599.932535][T17084] ? __pfx_io_handle_tw_list+0x10/0x10 [ 599.932548][T17084] tctx_task_work_run+0xac/0x380 [ 599.932560][T17084] tctx_task_work+0x7a/0xd0 [ 599.932570][T17084] ? __pfx_tctx_task_work+0x10/0x10 [ 599.932585][T17084] ? rcu_is_watching+0x12/0xc0 [ 599.932594][T17084] ? _raw_spin_unlock_irq+0x23/0x50 [ 599.932605][T17084] ? lockdep_hardirqs_on+0x7c/0x110 [ 599.932618][T17084] task_work_run+0x14d/0x240 [ 599.932634][T17084] ? __pfx_task_work_run+0x10/0x10 [ 599.932648][T17084] ? __pfx_inet6_recvmsg+0x10/0x10 [ 599.932661][T17084] get_signal+0x1d1/0x26d0 [ 599.932672][T17084] ? fput+0x70/0xf0 [ 599.932684][T17084] ? __sys_recvfrom+0x279/0x310 [ 599.932695][T17084] ? __pfx___sys_recvfrom+0x10/0x10 [ 599.932705][T17084] ? __pfx_get_signal+0x10/0x10 [ 599.932719][T17084] arch_do_signal_or_restart+0x8f/0x7a0 [ 599.932734][T17084] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 599.932750][T17084] ? __pfx_ksys_write+0x10/0x10 [ 599.932763][T17084] syscall_exit_to_user_mode+0x150/0x2a0 [ 599.932776][T17084] do_int80_emulation+0x111/0x200 [ 599.932791][T17084] asm_int80_emulation+0x1a/0x20 [ 599.932800][T17084] RIP: 0023:0xf70ee579 [ 599.932809][T17084] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 599.932819][T17084] RSP: 002b:00000000f50bd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000173 [ 599.932828][T17084] RAX: fffffffffffffe00 RBX: 0000000000000006 RCX: 0000000000000000 [ 599.932834][T17084] RDX: 0000000001000000 RSI: 0000000000000300 RDI: 0000000000000000 [ 599.932840][T17084] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 599.932845][T17084] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 599.932851][T17084] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 599.932863][T17084] [ 600.286128][T13391] Bluetooth: hci2: command 0x0406 tx timeout [ 600.326986][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 600.352714][T17095] mkiss: ax0: crc mode is auto. [ 601.021912][T17105] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 601.024806][T17105] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 601.342498][ T40] audit: type=1400 audit(1745994833.079:1115): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17114 comm="syz.3.3448" [ 601.388078][T17119] FAULT_INJECTION: forcing a failure. [ 601.388078][T17119] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 601.392094][T17119] CPU: 3 UID: 0 PID: 17119 Comm: syz.2.3450 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 601.392110][T17119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 601.392116][T17119] Call Trace: [ 601.392121][T17119] [ 601.392125][T17119] dump_stack_lvl+0x16c/0x1f0 [ 601.392142][T17119] should_fail_ex+0x512/0x640 [ 601.392158][T17119] _copy_from_user+0x2e/0xd0 [ 601.392173][T17119] get_compat_msghdr+0xa7/0x170 [ 601.392184][T17119] ? __pfx_get_compat_msghdr+0x10/0x10 [ 601.392198][T17119] ___sys_sendmsg+0x1ae/0x1d0 [ 601.392209][T17119] ? __pfx____sys_sendmsg+0x10/0x10 [ 601.392234][T17119] __sys_sendmsg+0x16d/0x220 [ 601.392245][T17119] ? __pfx___sys_sendmsg+0x10/0x10 [ 601.392260][T17119] ? rcu_is_watching+0x12/0xc0 [ 601.392276][T17119] __do_fast_syscall_32+0x73/0x120 [ 601.392290][T17119] do_fast_syscall_32+0x32/0x80 [ 601.392303][T17119] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 601.392316][T17119] RIP: 0023:0xf7f23579 [ 601.392324][T17119] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 601.392334][T17119] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 601.392344][T17119] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340 [ 601.392350][T17119] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 601.392356][T17119] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 601.392361][T17119] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 601.392370][T17119] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 601.392388][T17119] [ 601.450353][ T5836] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 601.606043][ T29] usb 9-1: new high-speed USB device number 88 using dummy_hcd [ 601.856078][ T29] usb 9-1: Using ep0 maxpacket: 8 [ 601.860179][ T29] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 601.860985][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 601.867179][ T29] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 601.870748][ T29] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 601.874443][ T29] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 601.878156][ T29] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 601.882468][ T29] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 601.884946][ T29] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 601.890359][ T29] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 601.893939][ T29] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 601.897546][ T29] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 601.901878][ T29] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 601.904383][ T29] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 601.908018][ T29] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 601.911703][ T29] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 601.915327][ T29] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 601.921125][ T29] usb 9-1: string descriptor 0 read error: -22 [ 601.923236][ T29] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 601.926180][ T29] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 601.933051][ T29] adutux 9-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 602.377370][ T10] usb 9-1: USB disconnect, device number 88 [ 602.526220][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 602.552751][T17142] FAULT_INJECTION: forcing a failure. [ 602.552751][T17142] name failslab, interval 1, probability 0, space 0, times 0 [ 602.556869][T17142] CPU: 1 UID: 0 PID: 17142 Comm: syz.2.3463 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 602.556893][T17142] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 602.556900][T17142] Call Trace: [ 602.556904][T17142] [ 602.556908][T17142] dump_stack_lvl+0x16c/0x1f0 [ 602.556926][T17142] should_fail_ex+0x512/0x640 [ 602.556940][T17142] ? fs_reclaim_acquire+0xae/0x150 [ 602.556955][T17142] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 602.556969][T17142] should_failslab+0xc2/0x120 [ 602.556981][T17142] __kmalloc_noprof+0xd2/0x510 [ 602.556995][T17142] tomoyo_realpath_from_path+0xc2/0x6e0 [ 602.557009][T17142] ? tomoyo_profile+0x47/0x60 [ 602.557025][T17142] tomoyo_path_number_perm+0x245/0x580 [ 602.557036][T17142] ? tomoyo_path_number_perm+0x237/0x580 [ 602.557048][T17142] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 602.557073][T17142] ? find_held_lock+0x2b/0x80 [ 602.557082][T17142] ? hook_file_ioctl_common+0x145/0x410 [ 602.557104][T17142] ? __fget_files+0x204/0x3c0 [ 602.557121][T17142] ? __fget_files+0x20e/0x3c0 [ 602.557134][T17142] ? fput+0x60/0xf0 [ 602.557147][T17142] security_file_ioctl_compat+0x9b/0x240 [ 602.557160][T17142] __ia32_compat_sys_ioctl+0xc3/0x360 [ 602.557175][T17142] __do_fast_syscall_32+0x73/0x120 [ 602.557190][T17142] do_fast_syscall_32+0x32/0x80 [ 602.557203][T17142] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 602.557216][T17142] RIP: 0023:0xf7f23579 [ 602.557224][T17142] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 602.557233][T17142] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 602.557243][T17142] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0185647 [ 602.557249][T17142] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 602.557255][T17142] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 602.557260][T17142] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 602.557266][T17142] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 602.557278][T17142] [ 602.567829][T17142] ERROR: Out of memory at tomoyo_realpath_from_path. [ 602.689567][ T40] audit: type=1400 audit(1745994834.429:1116): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17144 comm="syz.2.3456" [ 603.337737][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 603.656645][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 603.887430][T17158] i801_smbus 0000:00:1f.3: Illegal SMBus block read size 0 [ 604.160890][T17170] hub 2-0:1.0: USB hub found [ 604.162616][T17170] hub 2-0:1.0: 2 ports detected [ 604.482670][ T40] audit: type=1400 audit(1745994836.219:1117): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17180 comm="syz.0.3467" [ 604.600472][T17184] mac80211_hwsim hwsim12 wlan0: entered promiscuous mode [ 604.896793][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 605.645886][T17201] netlink: 304 bytes leftover after parsing attributes in process `syz.0.3473'. [ 605.663829][T17201] 9pnet_virtio: no channels available for device syz [ 605.691016][T17202] hub 2-0:1.0: USB hub found [ 605.693176][T17202] hub 2-0:1.0: 2 ports detected [ 605.791773][T17207] FAULT_INJECTION: forcing a failure. [ 605.791773][T17207] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 605.795856][T17207] CPU: 0 UID: 0 PID: 17207 Comm: syz.0.3475 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 605.795869][T17207] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 605.795876][T17207] Call Trace: [ 605.795879][T17207] [ 605.795883][T17207] dump_stack_lvl+0x16c/0x1f0 [ 605.795900][T17207] should_fail_ex+0x512/0x640 [ 605.795916][T17207] _copy_from_user+0x2e/0xd0 [ 605.795931][T17207] get_compat_msghdr+0xa7/0x170 [ 605.795942][T17207] ? __pfx_get_compat_msghdr+0x10/0x10 [ 605.795956][T17207] ___sys_sendmsg+0x1ae/0x1d0 [ 605.795980][T17207] ? __pfx____sys_sendmsg+0x10/0x10 [ 605.796021][T17207] __sys_sendmsg+0x16d/0x220 [ 605.796034][T17207] ? __pfx___sys_sendmsg+0x10/0x10 [ 605.796050][T17207] ? rcu_is_watching+0x12/0xc0 [ 605.796061][T17207] __do_fast_syscall_32+0x73/0x120 [ 605.796076][T17207] do_fast_syscall_32+0x32/0x80 [ 605.796089][T17207] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 605.796101][T17207] RIP: 0023:0xf70ee579 [ 605.796109][T17207] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 605.796119][T17207] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 605.796129][T17207] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080006040 [ 605.796136][T17207] RDX: 0000000004000800 RSI: 0000000000000000 RDI: 0000000000000000 [ 605.796142][T17207] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 605.796147][T17207] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 605.796153][T17207] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 605.796166][T17207] [ 605.976506][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 605.990792][ T40] audit: type=1400 audit(1745994837.729:1118): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17211 comm="syz.0.3477" [ 605.993983][T17210] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 606.004947][T17209] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 606.376652][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 606.486173][ T7732] usb 7-1: new high-speed USB device number 76 using dummy_hcd [ 606.608304][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 606.646113][ T7732] usb 7-1: Using ep0 maxpacket: 8 [ 606.651062][ T7732] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 606.654129][ T7732] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 606.664395][ T7732] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 606.672229][ T7732] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 606.678232][ T7732] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 606.688084][ T7732] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 606.690866][ T7732] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 606.698727][ T7732] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 606.703488][ T7732] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 606.714031][ T7732] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 606.722373][ T7732] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 606.725174][ T7732] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 606.730182][ T7732] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 606.738191][ T7732] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 606.746432][ T7732] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 606.753342][ T7732] usb 7-1: string descriptor 0 read error: -22 [ 606.755361][ T7732] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 606.758282][ T7732] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 606.770078][ T7732] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 606.777284][T17230] hub 2-0:1.0: USB hub found [ 606.779561][T17230] hub 2-0:1.0: 2 ports detected [ 607.006740][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 607.249355][ T1342] usb 7-1: USB disconnect, device number 76 [ 607.954136][T17253] FAULT_INJECTION: forcing a failure. [ 607.954136][T17253] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 607.959795][T17253] CPU: 3 UID: 0 PID: 17253 Comm: syz.3.3487 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 607.959810][T17253] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 607.959816][T17253] Call Trace: [ 607.959820][T17253] [ 607.959824][T17253] dump_stack_lvl+0x16c/0x1f0 [ 607.959841][T17253] should_fail_ex+0x512/0x640 [ 607.959857][T17253] _copy_from_user+0x2e/0xd0 [ 607.959871][T17253] get_compat_msghdr+0xa7/0x170 [ 607.959882][T17253] ? __pfx_get_compat_msghdr+0x10/0x10 [ 607.959896][T17253] ___sys_sendmsg+0x1ae/0x1d0 [ 607.959908][T17253] ? __pfx____sys_sendmsg+0x10/0x10 [ 607.959933][T17253] __sys_sendmsg+0x16d/0x220 [ 607.959943][T17253] ? __pfx___sys_sendmsg+0x10/0x10 [ 607.959958][T17253] ? rcu_is_watching+0x12/0xc0 [ 607.959970][T17253] __do_fast_syscall_32+0x73/0x120 [ 607.960003][T17253] do_fast_syscall_32+0x32/0x80 [ 607.960019][T17253] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 607.960032][T17253] RIP: 0023:0xf7fd3579 [ 607.960040][T17253] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 607.960050][T17253] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 607.960060][T17253] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0 [ 607.960066][T17253] RDX: 000000000000c010 RSI: 0000000000000000 RDI: 0000000000000000 [ 607.960072][T17253] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 607.960077][T17253] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 607.960083][T17253] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 607.960094][T17253] [ 608.046343][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 608.079803][ T40] audit: type=1400 audit(1745994839.819:1119): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17256 comm="syz.3.3490" [ 609.119081][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 609.366230][ T6003] usb 8-1: new high-speed USB device number 61 using dummy_hcd [ 609.406470][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 609.526311][ T6003] usb 8-1: Using ep0 maxpacket: 16 [ 609.532044][ T6003] usb 8-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 609.535044][ T6003] usb 8-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 609.537926][ T6003] usb 8-1: Product: syz [ 609.539526][ T6003] usb 8-1: Manufacturer: syz [ 609.541240][ T6003] usb 8-1: SerialNumber: syz [ 609.543864][ T6003] usb 8-1: config 0 descriptor?? [ 609.630100][T17280] usb usb8: usbfs: process 17280 (syz.0.3496) did not claim interface 0 before use [ 609.656763][T17282] FAULT_INJECTION: forcing a failure. [ 609.656763][T17282] name failslab, interval 1, probability 0, space 0, times 0 [ 609.660668][T17282] CPU: 1 UID: 0 PID: 17282 Comm: syz.0.3497 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 609.660683][T17282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 609.660689][T17282] Call Trace: [ 609.660693][T17282] [ 609.660697][T17282] dump_stack_lvl+0x16c/0x1f0 [ 609.660714][T17282] should_fail_ex+0x512/0x640 [ 609.660729][T17282] ? fs_reclaim_acquire+0xae/0x150 [ 609.660746][T17282] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 609.660760][T17282] should_failslab+0xc2/0x120 [ 609.660772][T17282] __kmalloc_noprof+0xd2/0x510 [ 609.660787][T17282] tomoyo_realpath_from_path+0xc2/0x6e0 [ 609.660801][T17282] ? tomoyo_profile+0x47/0x60 [ 609.660818][T17282] tomoyo_path_number_perm+0x245/0x580 [ 609.660829][T17282] ? tomoyo_path_number_perm+0x237/0x580 [ 609.660841][T17282] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 609.660866][T17282] ? find_held_lock+0x2b/0x80 [ 609.660876][T17282] ? hook_file_ioctl_common+0x145/0x410 [ 609.660887][T17282] ? __fget_files+0x204/0x3c0 [ 609.660904][T17282] ? __fget_files+0x20e/0x3c0 [ 609.660918][T17282] ? fput+0x60/0xf0 [ 609.660931][T17282] security_file_ioctl_compat+0x9b/0x240 [ 609.660945][T17282] __ia32_compat_sys_ioctl+0xc3/0x360 [ 609.660961][T17282] __do_fast_syscall_32+0x73/0x120 [ 609.660976][T17282] do_fast_syscall_32+0x32/0x80 [ 609.660989][T17282] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 609.661002][T17282] RIP: 0023:0xf70ee579 [ 609.661011][T17282] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 609.661022][T17282] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 609.661032][T17282] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0105502 [ 609.661038][T17282] RDX: 0000000080000300 RSI: 0000000000000000 RDI: 0000000000000000 [ 609.661044][T17282] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 609.661050][T17282] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 609.661057][T17282] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 609.661069][T17282] [ 609.661074][T17282] ERROR: Out of memory at tomoyo_realpath_from_path. [ 609.731033][T17282] usb usb8: usbfs: process 17282 (syz.0.3497) did not claim interface 0 before use [ 609.736281][ T10] usb 7-1: new high-speed USB device number 77 using dummy_hcd [ 609.758982][ T1342] usb 8-1: USB disconnect, device number 61 [ 609.886115][ T10] usb 7-1: Using ep0 maxpacket: 16 [ 609.892546][ T10] usb 7-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 609.896681][ T10] usb 7-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 609.900100][ T10] usb 7-1: Product: syz [ 609.901835][ T10] usb 7-1: Manufacturer: syz [ 609.903766][ T10] usb 7-1: SerialNumber: syz [ 609.908626][ T10] usb 7-1: config 0 descriptor?? [ 610.084988][ T40] audit: type=1400 audit(1745994841.819:1120): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17296 comm="syz.0.3502" [ 610.179736][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 610.234906][T17278] hpfs: hpfs_map_sector(): read error [ 610.546063][ T10] usb 8-1: new high-speed USB device number 62 using dummy_hcd [ 610.696145][ T10] usb 8-1: Using ep0 maxpacket: 8 [ 610.700579][ T10] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 610.704792][ T10] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 610.711270][ T10] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 610.718259][ T10] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 610.724564][ T10] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 610.732471][ T10] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 610.737913][ T10] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 610.745565][ T10] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 610.752524][ T10] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 610.759723][ T10] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 610.767523][ T10] usb 8-1: config 168 descriptor has 1 excess byte, ignoring [ 610.771983][ T10] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 610.779500][ T10] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 610.784859][ T10] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 610.789953][ T10] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 610.799144][ T10] usb 8-1: string descriptor 0 read error: -22 [ 610.804509][ T10] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 610.808657][ T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 610.822108][ T10] adutux 8-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 611.295602][ T6003] usb 8-1: USB disconnect, device number 62 [ 611.313708][T17312] adutux: No device or device unplugged -19 [ 611.330204][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 612.376672][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 612.456215][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 612.516396][ T29] usb 7-1: USB disconnect, device number 77 [ 613.406252][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 613.566569][ T6003] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 613.571895][ T1135] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 613.576313][ T6003] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 613.949798][ T40] audit: type=1804 audit(1745994845.689:1121): pid=17352 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3513" name="/newroot/258/bus/bus" dev="overlay" ino=1401 res=1 errno=0 [ 613.959758][T17352] Invalid ELF header magic: != ELF [ 614.323271][T17363] mkiss: ax1: crc mode is auto. [ 614.449198][ T1342] net_ratelimit: 5 callbacks suppressed [ 614.449209][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 614.450946][ T40] audit: type=1400 audit(1745994846.189:1122): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17364 comm="syz.3.3516" [ 614.816620][T17371] nbd: must specify an index to disconnect [ 615.368911][ T835] usb 9-1: new high-speed USB device number 89 using dummy_hcd [ 615.494615][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 615.527440][ T835] usb 9-1: Using ep0 maxpacket: 8 [ 615.561736][ T835] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 615.569945][ T835] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 615.574302][ T835] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 615.580581][ T835] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 615.589549][ T835] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 615.609054][ T835] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 615.611381][ T835] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 615.617414][ T835] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 615.622131][ T835] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 615.625644][ T835] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 615.630411][ T835] usb 9-1: config 168 descriptor has 1 excess byte, ignoring [ 615.632758][ T835] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 615.639629][ T835] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 615.659617][ T835] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 615.663217][ T835] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 615.675189][ T835] usb 9-1: string descriptor 0 read error: -22 [ 615.683458][ T835] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 615.690056][ T835] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 615.703014][ T835] adutux 9-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 615.852002][T17389] hub 2-0:1.0: USB hub found [ 615.854187][T17389] hub 2-0:1.0: 2 ports detected [ 616.417326][ T7732] usb 9-1: USB disconnect, device number 89 [ 616.526940][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 616.686482][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 617.241243][T17407] netlink: 'syz.0.3525': attribute type 10 has an invalid length. [ 617.244269][T17407] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3525'. [ 617.248822][T17407] CUSE: unknown device info "ÿ" [ 617.250565][T17407] CUSE: zero length info key specified [ 617.851827][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 618.686540][ T77] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 618.832411][ T7732] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 618.844052][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 618.846683][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 618.971639][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 619.530203][T17431] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 619.533249][T17431] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 619.606220][ T24] usb 9-1: new full-speed USB device number 90 using dummy_hcd [ 619.738452][T11172] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 619.759468][ T24] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 619.764059][ T24] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 619.768253][ T24] usb 9-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 619.772026][ T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 619.777704][ T24] usb 9-1: config 0 descriptor?? [ 620.077973][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 620.399537][T17440] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 620.402500][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 621.084680][T17444] netlink: 'syz.2.3535': attribute type 10 has an invalid length. [ 621.086882][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 621.087570][T17444] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3535'. [ 621.115162][T17444] CUSE: unknown device info "ÿ" [ 621.116905][T17444] CUSE: zero length info key specified [ 621.662420][ T40] audit: type=1400 audit(1745994853.399:1123): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17449 comm="syz.2.3537" [ 622.135846][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 622.326935][T17457] IPVS: sync thread started: state = BACKUP, mcast_ifn = wlan0, syncid = 1, id = 0 [ 622.390968][ T24] usbhid 9-1:0.0: can't add hid device: -71 [ 622.392954][ T24] usbhid 9-1:0.0: probe with driver usbhid failed with error -71 [ 622.396467][ T24] usb 9-1: USB disconnect, device number 90 [ 622.576089][ T7732] usb 8-1: new high-speed USB device number 63 using dummy_hcd [ 622.772551][T17467] netlink: 'syz.2.3542': attribute type 10 has an invalid length. [ 622.775138][T17467] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3542'. [ 622.779087][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 622.786985][T17467] CUSE: unknown device info "ÿ" [ 622.789209][T17467] CUSE: zero length info key specified [ 622.936432][ T7732] usb 8-1: Using ep0 maxpacket: 16 [ 623.153210][ T40] audit: type=1400 audit(1745994854.889:1124): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17471 comm="syz.4.3544" [ 623.236305][ T7732] usb 8-1: unable to read config index 0 descriptor/start: -61 [ 623.260293][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 623.620157][ T7732] usb 8-1: can't read configurations, error -61 [ 623.724437][T17479] netlink: 'syz.2.3545': attribute type 10 has an invalid length. [ 623.727887][T17479] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3545'. [ 623.737684][T17479] CUSE: unknown device info "ÿ" [ 623.740022][T17479] CUSE: zero length info key specified [ 623.808032][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 623.810308][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 623.846045][ T7732] usb 8-1: new high-speed USB device number 64 using dummy_hcd [ 624.193420][T17486] hub 2-0:1.0: USB hub found [ 624.195660][T17486] hub 2-0:1.0: 2 ports detected [ 624.286158][ T57] usb 9-1: new full-speed USB device number 91 using dummy_hcd [ 624.299145][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 624.467360][ T57] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 624.470821][ T57] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 624.473968][ T57] usb 9-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 624.476959][ T57] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 624.484889][ T57] usb 9-1: config 0 descriptor?? [ 624.546075][ T7732] usb 8-1: Using ep0 maxpacket: 16 [ 624.549415][ T7732] usb 8-1: unable to read config index 0 descriptor/start: -61 [ 624.551779][ T7732] usb 8-1: can't read configurations, error -61 [ 624.554331][ T7732] usb usb8-port1: attempt power cycle [ 624.896082][ T7732] usb 8-1: new high-speed USB device number 65 using dummy_hcd [ 624.908185][T17489] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 624.910818][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 624.916567][ T7732] usb 8-1: Using ep0 maxpacket: 16 [ 624.921018][ T7732] usb 8-1: unable to read config index 0 descriptor/start: -61 [ 624.923405][ T7732] usb 8-1: can't read configurations, error -61 [ 625.046116][ T7732] usb 8-1: new high-speed USB device number 66 using dummy_hcd [ 625.066806][ T7732] usb 8-1: Using ep0 maxpacket: 16 [ 625.071263][ T7732] usb 8-1: unable to read config index 0 descriptor/start: -61 [ 625.074488][ T7732] usb 8-1: can't read configurations, error -61 [ 625.078461][ T7732] usb usb8-port1: unable to enumerate USB device [ 625.133105][ T40] audit: type=1400 audit(1745994856.859:1125): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17493 comm="syz.0.3548" [ 625.336304][T12914] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 625.360852][T17500] FAULT_INJECTION: forcing a failure. [ 625.360852][T17500] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 625.365334][T17500] CPU: 0 UID: 0 PID: 17500 Comm: syz.3.3550 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 625.365357][T17500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 625.365368][T17500] Call Trace: [ 625.365374][T17500] [ 625.365382][T17500] dump_stack_lvl+0x16c/0x1f0 [ 625.365407][T17500] should_fail_ex+0x512/0x640 [ 625.365431][T17500] _copy_to_user+0x32/0xd0 [ 625.365457][T17500] simple_read_from_buffer+0xcb/0x170 [ 625.365483][T17500] proc_fail_nth_read+0x197/0x270 [ 625.365507][T17500] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 625.365530][T17500] ? rw_verify_area+0xcf/0x680 [ 625.365552][T17500] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 625.365575][T17500] vfs_read+0x1de/0xc70 [ 625.365594][T17500] ? __pfx___mutex_lock+0x10/0x10 [ 625.365615][T17500] ? __pfx_vfs_read+0x10/0x10 [ 625.365637][T17500] ? __fget_files+0x20e/0x3c0 [ 625.365668][T17500] ksys_read+0x12a/0x240 [ 625.365683][T17500] ? __pfx_ksys_read+0x10/0x10 [ 625.365700][T17500] ? rcu_is_watching+0x12/0xc0 [ 625.365719][T17500] __do_fast_syscall_32+0x73/0x120 [ 625.365743][T17500] do_fast_syscall_32+0x32/0x80 [ 625.365765][T17500] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 625.365786][T17500] RIP: 0023:0xf7fd3579 [ 625.365800][T17500] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 625.365816][T17500] RSP: 002b:00000000f50f6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 625.365832][T17500] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50f6620 [ 625.365843][T17500] RDX: 000000000000000f RSI: 00000000f7462ff4 RDI: 0000000000000000 [ 625.365853][T17500] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 625.365862][T17500] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 625.365872][T17500] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 625.365894][T17500] [ 625.806313][ T834] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 625.832171][T17507] hub 2-0:1.0: USB hub found [ 625.834750][T17507] hub 2-0:1.0: 2 ports detected [ 626.050622][ T40] audit: type=1400 audit(1745994857.789:1126): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17509 comm="syz.0.3553" [ 626.432422][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 626.647774][T17516] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.667384][T17517] program syz.3.3555 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 626.673184][T17517] netlink: 'syz.3.3555': attribute type 11 has an invalid length. [ 626.809380][T17516] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.894504][T17516] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.954533][T17516] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 627.136663][T17516] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 627.144224][T17516] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 627.150358][T17516] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 627.157537][T17516] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 627.162448][ T57] usbhid 9-1:0.0: can't add hid device: -71 [ 627.168067][ T57] usbhid 9-1:0.0: probe with driver usbhid failed with error -71 [ 627.178988][ T57] usb 9-1: USB disconnect, device number 91 [ 627.640303][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 627.660263][T17532] FAULT_INJECTION: forcing a failure. [ 627.660263][T17532] name failslab, interval 1, probability 0, space 0, times 0 [ 627.666716][T17532] CPU: 2 UID: 0 PID: 17532 Comm: syz.2.3559 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 627.666731][T17532] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 627.666737][T17532] Call Trace: [ 627.666741][T17532] [ 627.666745][T17532] dump_stack_lvl+0x16c/0x1f0 [ 627.666761][T17532] should_fail_ex+0x512/0x640 [ 627.666775][T17532] ? fs_reclaim_acquire+0xae/0x150 [ 627.666791][T17532] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 627.666805][T17532] should_failslab+0xc2/0x120 [ 627.666817][T17532] __kmalloc_noprof+0xd2/0x510 [ 627.666832][T17532] tomoyo_realpath_from_path+0xc2/0x6e0 [ 627.666846][T17532] ? tomoyo_profile+0x47/0x60 [ 627.666862][T17532] tomoyo_path_number_perm+0x245/0x580 [ 627.666872][T17532] ? tomoyo_path_number_perm+0x237/0x580 [ 627.666885][T17532] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 627.666909][T17532] ? find_held_lock+0x2b/0x80 [ 627.666918][T17532] ? hook_file_ioctl_common+0x145/0x410 [ 627.666929][T17532] ? __fget_files+0x204/0x3c0 [ 627.666946][T17532] ? __fget_files+0x20e/0x3c0 [ 627.666959][T17532] ? fput+0x60/0xf0 [ 627.666972][T17532] security_file_ioctl_compat+0x9b/0x240 [ 627.666985][T17532] __ia32_compat_sys_ioctl+0xc3/0x360 [ 627.667000][T17532] __do_fast_syscall_32+0x73/0x120 [ 627.667014][T17532] do_fast_syscall_32+0x32/0x80 [ 627.667027][T17532] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 627.667040][T17532] RIP: 0023:0xf7f23579 [ 627.667048][T17532] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 627.667057][T17532] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 627.667067][T17532] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80 [ 627.667074][T17532] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 627.667079][T17532] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 627.667085][T17532] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 627.667090][T17532] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 627.667107][T17532] [ 627.667112][T17532] ERROR: Out of memory at tomoyo_realpath_from_path. [ 628.298821][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 628.686178][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 628.746076][ T835] usb 9-1: new high-speed USB device number 92 using dummy_hcd [ 628.846323][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 628.906057][ T835] usb 9-1: Using ep0 maxpacket: 32 [ 628.908158][ T835] usb 9-1: too many configurations: 136, using maximum allowed: 8 [ 628.911674][ T835] usb 9-1: unable to read config index 0 descriptor/start: -61 [ 628.914055][ T835] usb 9-1: can't read configurations, error -61 [ 628.926386][ T834] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 628.946098][ T9] usb 7-1: new full-speed USB device number 78 using dummy_hcd [ 629.046076][ T835] usb 9-1: new high-speed USB device number 93 using dummy_hcd [ 629.098118][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 629.099553][ T40] audit: type=1400 audit(1745994860.839:1127): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17552 comm="syz.3.3566" [ 629.101471][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 629.110967][ T9] usb 7-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 629.113799][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.117635][ T9] usb 7-1: config 0 descriptor?? [ 629.196107][ T835] usb 9-1: Using ep0 maxpacket: 32 [ 629.198700][ T835] usb 9-1: too many configurations: 136, using maximum allowed: 8 [ 629.202126][ T835] usb 9-1: unable to read config index 0 descriptor/start: -61 [ 629.204392][ T835] usb 9-1: can't read configurations, error -61 [ 629.206674][ T835] usb usb9-port1: attempt power cycle [ 629.546165][ T835] usb 9-1: new high-speed USB device number 94 using dummy_hcd [ 629.566509][ T835] usb 9-1: Using ep0 maxpacket: 32 [ 629.568637][ T835] usb 9-1: too many configurations: 136, using maximum allowed: 8 [ 629.572175][ T835] usb 9-1: unable to read config index 0 descriptor/start: -61 [ 629.574812][ T835] usb 9-1: can't read configurations, error -61 [ 629.706171][ T835] usb 9-1: new high-speed USB device number 95 using dummy_hcd [ 629.726730][ T835] usb 9-1: Using ep0 maxpacket: 32 [ 629.729470][ T835] usb 9-1: too many configurations: 136, using maximum allowed: 8 [ 629.734201][ T835] usb 9-1: unable to read config index 0 descriptor/start: -61 [ 629.737691][ T835] usb 9-1: can't read configurations, error -61 [ 629.740484][ T835] usb usb9-port1: unable to enumerate USB device [ 630.121213][ T40] audit: type=1400 audit(1745994861.859:1128): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17569 comm="syz.3.3572" [ 630.339974][T17577] FAULT_INJECTION: forcing a failure. [ 630.339974][T17577] name failslab, interval 1, probability 0, space 0, times 0 [ 630.343820][T17577] CPU: 0 UID: 0 PID: 17577 Comm: syz.0.3573 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 630.343834][T17577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 630.343840][T17577] Call Trace: [ 630.343844][T17577] [ 630.343848][T17577] dump_stack_lvl+0x16c/0x1f0 [ 630.343865][T17577] should_fail_ex+0x512/0x640 [ 630.343879][T17577] ? fs_reclaim_acquire+0xae/0x150 [ 630.343896][T17577] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 630.343909][T17577] should_failslab+0xc2/0x120 [ 630.343933][T17577] __kmalloc_noprof+0xd2/0x510 [ 630.343948][T17577] tomoyo_realpath_from_path+0xc2/0x6e0 [ 630.343967][T17577] ? tomoyo_profile+0x47/0x60 [ 630.343983][T17577] tomoyo_path_number_perm+0x245/0x580 [ 630.343994][T17577] ? tomoyo_path_number_perm+0x237/0x580 [ 630.344006][T17577] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 630.344032][T17577] ? find_held_lock+0x2b/0x80 [ 630.344041][T17577] ? hook_file_ioctl_common+0x145/0x410 [ 630.344051][T17577] ? __fget_files+0x204/0x3c0 [ 630.344069][T17577] ? __fget_files+0x20e/0x3c0 [ 630.344082][T17577] ? fput+0x60/0xf0 [ 630.344095][T17577] security_file_ioctl_compat+0x9b/0x240 [ 630.344108][T17577] __ia32_compat_sys_ioctl+0xc3/0x360 [ 630.344123][T17577] __do_fast_syscall_32+0x73/0x120 [ 630.344137][T17577] do_fast_syscall_32+0x32/0x80 [ 630.344151][T17577] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 630.344163][T17577] RIP: 0023:0xf70ee579 [ 630.344171][T17577] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 630.344181][T17577] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 630.344191][T17577] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80 [ 630.344198][T17577] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 630.344203][T17577] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 630.344209][T17577] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 630.344215][T17577] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 630.344227][T17577] [ 630.344311][T17577] ERROR: Out of memory at tomoyo_realpath_from_path. [ 630.776181][ T1342] net_ratelimit: 1 callbacks suppressed [ 630.776193][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 631.163421][ T40] audit: type=1400 audit(1745994862.899:1129): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17589 comm="syz.3.3576" [ 631.541388][ T40] audit: type=1400 audit(1745994863.279:1130): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17593 comm="syz.4.3577" [ 631.768789][ T9] usbhid 7-1:0.0: can't add hid device: -71 [ 631.770802][ T9] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 631.777144][ T9] usb 7-1: USB disconnect, device number 78 [ 631.806197][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 632.255858][ T834] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 632.490786][T17611] hub 2-0:1.0: USB hub found [ 632.493606][T17611] hub 2-0:1.0: 2 ports detected [ 632.566650][T17614] netlink: 'syz.4.3581': attribute type 10 has an invalid length. [ 632.569456][T17614] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3581'. [ 632.590511][T17614] CUSE: unknown device info "ÿ" [ 632.592572][T17614] CUSE: zero length info key specified [ 632.748033][T17616] FAULT_INJECTION: forcing a failure. [ 632.748033][T17616] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 632.752041][T17616] CPU: 0 UID: 0 PID: 17616 Comm: syz.2.3582 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 632.752055][T17616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 632.752061][T17616] Call Trace: [ 632.752065][T17616] [ 632.752069][T17616] dump_stack_lvl+0x16c/0x1f0 [ 632.752086][T17616] should_fail_ex+0x512/0x640 [ 632.752102][T17616] _copy_from_user+0x2e/0xd0 [ 632.752117][T17616] get_compat_msghdr+0xa7/0x170 [ 632.752127][T17616] ? __pfx_get_compat_msghdr+0x10/0x10 [ 632.752141][T17616] ___sys_sendmsg+0x1ae/0x1d0 [ 632.752152][T17616] ? __pfx____sys_sendmsg+0x10/0x10 [ 632.752177][T17616] __sys_sendmsg+0x16d/0x220 [ 632.752187][T17616] ? __pfx___sys_sendmsg+0x10/0x10 [ 632.752203][T17616] ? rcu_is_watching+0x12/0xc0 [ 632.752214][T17616] __do_fast_syscall_32+0x73/0x120 [ 632.752228][T17616] do_fast_syscall_32+0x32/0x80 [ 632.752247][T17616] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 632.752259][T17616] RIP: 0023:0xf7f23579 [ 632.752267][T17616] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 632.752277][T17616] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 632.752286][T17616] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000600 [ 632.752292][T17616] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 632.752298][T17616] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 632.752304][T17616] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 632.752309][T17616] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 632.752321][T17616] [ 632.846181][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 633.717477][ T835] usb 9-1: new full-speed USB device number 96 using dummy_hcd [ 633.779337][ T40] audit: type=1400 audit(1745994865.519:1131): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17634 comm="syz.0.3588" [ 633.867247][ T835] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 633.870638][ T835] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 633.873922][ T835] usb 9-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 633.879086][ T835] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 633.886364][ T835] usb 9-1: config 0 descriptor?? [ 633.896194][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 634.303374][T17641] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 634.306107][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 634.631915][ T40] audit: type=1400 audit(1745994866.369:1132): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17649 comm="syz.3.3592" [ 634.926598][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 635.326402][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 635.568556][ T40] audit: type=1400 audit(1745994867.309:1133): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17664 comm="syz.3.3596" [ 636.126789][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 636.131669][T17674] mkiss: ax0: crc mode is auto. [ 636.350213][T17676] hub 2-0:1.0: USB hub found [ 636.354548][T17676] hub 2-0:1.0: 2 ports detected [ 636.502097][ T835] usbhid 9-1:0.0: can't add hid device: -71 [ 636.511615][ T835] usbhid 9-1:0.0: probe with driver usbhid failed with error -71 [ 636.529861][ T835] usb 9-1: USB disconnect, device number 96 [ 636.671561][ T40] audit: type=1400 audit(1745994868.409:1134): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17683 comm="syz.4.3601" [ 637.166471][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 637.628868][T17702] netlink: 'syz.4.3606': attribute type 10 has an invalid length. [ 637.631354][T17702] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3606'. [ 637.634993][T17702] CUSE: unknown device info "ÿ" [ 637.636721][T17702] CUSE: zero length info key specified [ 638.206944][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 638.230268][T17708] IPVS: Error connecting to the multicast addr [ 638.366137][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 638.402354][T17709] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3607'. [ 638.539929][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 638.580638][T17715] netlink: 'syz.4.3610': attribute type 10 has an invalid length. [ 638.583526][T17715] syz_tun: entered promiscuous mode [ 638.590069][T17715] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 638.736157][ T833] usb 7-1: new full-speed USB device number 79 using dummy_hcd [ 638.899271][ T833] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 638.904690][ T833] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 638.909773][ T833] usb 7-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 638.914160][ T833] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 638.920256][ T833] usb 7-1: config 0 descriptor?? [ 639.281552][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 639.336870][T17730] hub 2-0:1.0: USB hub found [ 639.338680][T17730] hub 2-0:1.0: 2 ports detected [ 640.125659][T17740] netlink: 'syz.0.3616': attribute type 10 has an invalid length. [ 640.128318][T17740] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3616'. [ 640.132700][T17740] CUSE: unknown device info "ÿ" [ 640.134305][T17740] CUSE: zero length info key specified [ 640.394027][ T835] usb 8-1: new high-speed USB device number 67 using dummy_hcd [ 640.444947][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 640.560127][ T835] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 640.563733][ T835] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 640.566976][ T835] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 640.569975][ T835] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 640.580505][T17737] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 640.584592][ T835] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 640.787900][ T10] usb 8-1: USB disconnect, device number 67 [ 641.266029][ T10] usb 9-1: new high-speed USB device number 97 using dummy_hcd [ 641.406222][ T834] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 641.418947][ T10] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 641.422716][ T10] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 641.425874][ T10] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 641.428793][ T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 641.434690][T17749] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 641.440725][ T10] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 641.497591][ T833] usbhid 7-1:0.0: can't add hid device: -71 [ 641.499629][ T833] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 641.504064][ T833] usb 7-1: USB disconnect, device number 79 [ 641.530483][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 641.650801][T17749] FAULT_INJECTION: forcing a failure. [ 641.650801][T17749] name failslab, interval 1, probability 0, space 0, times 0 [ 641.655513][ T834] usb 9-1: USB disconnect, device number 97 [ 641.666546][T17749] CPU: 2 UID: 0 PID: 17749 Comm: syz.4.3621 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 641.666561][T17749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 641.666568][T17749] Call Trace: [ 641.666572][T17749] [ 641.666576][T17749] dump_stack_lvl+0x16c/0x1f0 [ 641.666606][T17749] should_fail_ex+0x512/0x640 [ 641.666625][T17749] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 641.666644][T17749] should_failslab+0xc2/0x120 [ 641.666663][T17749] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 641.666682][T17749] ? getname_flags.part.0+0x4c/0x550 [ 641.666702][T17749] getname_flags.part.0+0x4c/0x550 [ 641.666716][T17749] getname_flags+0x93/0xf0 [ 641.666730][T17749] do_sys_openat2+0xb8/0x1d0 [ 641.666743][T17749] ? __pfx_do_sys_openat2+0x10/0x10 [ 641.666757][T17749] ? __fget_files+0x20e/0x3c0 [ 641.666775][T17749] __ia32_compat_sys_openat+0x16d/0x210 [ 641.666789][T17749] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 641.666802][T17749] ? ksys_write+0x1b9/0x240 [ 641.666811][T17749] ? rcu_is_watching+0x12/0xc0 [ 641.666822][T17749] ? rcu_is_watching+0x12/0xc0 [ 641.666832][T17749] __do_fast_syscall_32+0x73/0x120 [ 641.666859][T17749] do_fast_syscall_32+0x32/0x80 [ 641.666873][T17749] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 641.666886][T17749] RIP: 0023:0xf703e579 [ 641.666894][T17749] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 641.666904][T17749] RSP: 002b:00000000f502e100 EFLAGS: 00000293 ORIG_RAX: 0000000000000127 [ 641.666916][T17749] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f502e150 [ 641.666922][T17749] RDX: 0000000000088c02 RSI: 0000000000000000 RDI: 00000000f73a2ff4 [ 641.666928][T17749] RBP: 0000000000088c02 R08: 0000000000000000 R09: 0000000000000000 [ 641.666933][T17749] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 641.666939][T17749] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 641.666952][T17749] [ 642.000139][T17757] hub 2-0:1.0: USB hub found [ 642.003506][T17757] hub 2-0:1.0: 2 ports detected [ 642.607048][T17498] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 642.632821][T17769] netlink: 'syz.3.3626': attribute type 10 has an invalid length. [ 642.636512][T17769] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3626'. [ 642.644071][T17769] CUSE: unknown device info "ÿ" [ 642.646188][T17769] CUSE: zero length info key specified [ 643.116339][T17780] random: crng reseeded on system resumption [ 643.356155][T17498] usb 7-1: new high-speed USB device number 80 using dummy_hcd [ 643.589108][T17787] FAULT_INJECTION: forcing a failure. [ 643.589108][T17787] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 643.594243][T17787] CPU: 2 UID: 0 PID: 17787 Comm: syz.4.3631 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 643.594263][T17787] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 643.594273][T17787] Call Trace: [ 643.594279][T17787] [ 643.594285][T17787] dump_stack_lvl+0x16c/0x1f0 [ 643.594310][T17787] should_fail_ex+0x512/0x640 [ 643.594335][T17787] _copy_from_iter+0x2a4/0x15b0 [ 643.594361][T17787] ? __lock_acquire+0xaa4/0x1ba0 [ 643.594381][T17787] ? __pfx__copy_from_iter+0x10/0x10 [ 643.594408][T17787] ? find_held_lock+0x2b/0x80 [ 643.594424][T17787] tun_get_user+0x240/0x3b10 [ 643.594446][T17787] ? __lock_acquire+0x5ca/0x1ba0 [ 643.594465][T17787] ? __pfx_tun_get_user+0x10/0x10 [ 643.594479][T17787] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 643.594508][T17787] ? find_held_lock+0x2b/0x80 [ 643.594522][T17787] ? tun_get+0x191/0x370 [ 643.594549][T17787] tun_chr_write_iter+0xdc/0x210 [ 643.594566][T17787] vfs_write+0x5ba/0x1180 [ 643.594581][T17787] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 643.594598][T17787] ? __pfx_vfs_write+0x10/0x10 [ 643.594610][T17787] ? find_held_lock+0x2b/0x80 [ 643.594638][T17787] ksys_write+0x12a/0x240 [ 643.594652][T17787] ? __pfx_ksys_write+0x10/0x10 [ 643.594668][T17787] ? rcu_is_watching+0x12/0xc0 [ 643.594685][T17787] __do_fast_syscall_32+0x73/0x120 [ 643.594707][T17787] do_fast_syscall_32+0x32/0x80 [ 643.594728][T17787] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 643.594747][T17787] RIP: 0023:0xf703e579 [ 643.594758][T17787] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 643.594773][T17787] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 643.594788][T17787] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200 [ 643.594798][T17787] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000000 [ 643.594806][T17787] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 643.594815][T17787] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 643.594824][T17787] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 643.594844][T17787] [ 643.646319][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 643.691142][T17498] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 643.694878][T17498] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 643.698300][T17498] usb 7-1: Product: syz [ 643.700083][T17498] usb 7-1: Manufacturer: syz [ 643.702020][T17498] usb 7-1: SerialNumber: syz [ 643.711915][T17498] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 643.768574][T17498] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 643.975855][T17807] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 644.413658][T17814] fuse: Bad value for 'fd' [ 644.462125][ T834] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 644.754947][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 644.856134][T17498] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive [ 644.861057][T17498] ath9k_htc: Failed to initialize the device [ 644.885177][T17498] usb 7-1: ath9k_htc: USB layer deinitialized [ 644.947691][T17824] hub 2-0:1.0: USB hub found [ 644.951950][T17824] hub 2-0:1.0: 2 ports detected [ 645.680837][ T40] audit: type=1400 audit(1745994877.419:1135): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17834 comm="syz.3.3641" [ 645.859104][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 645.899449][T17838] loop2: detected capacity change from 0 to 7 [ 645.904527][T17838] Dev loop2: unable to read RDB block 7 [ 645.908267][T17838] loop2: AHDI p1 p2 p3 [ 645.909619][T17838] loop2: partition table partially beyond EOD, truncated [ 645.912064][T17838] loop2: p1 start 1601398130 is beyond EOD, truncated [ 645.914262][T17838] loop2: p2 start 1702059890 is beyond EOD, truncated [ 645.970445][ T40] audit: type=1400 audit(1745994877.709:1136): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17840 comm="syz.4.3643" [ 646.288095][T13509] usb 7-1: USB disconnect, device number 80 [ 646.926409][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 647.498080][ T834] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 647.966324][T17498] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 648.083298][T17881] wireguard0: entered promiscuous mode [ 648.085089][T17881] wireguard0: entered allmulticast mode [ 648.126286][ T833] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 648.194706][T17888] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 649.041657][T17498] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 649.076947][T17902] netlink: 'syz.4.3661': attribute type 1 has an invalid length. [ 649.101539][T17904] FAULT_INJECTION: forcing a failure. [ 649.101539][T17904] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 649.105527][T17904] CPU: 3 UID: 0 PID: 17904 Comm: syz.4.3662 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 649.105541][T17904] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 649.105547][T17904] Call Trace: [ 649.105551][T17904] [ 649.105556][T17904] dump_stack_lvl+0x16c/0x1f0 [ 649.105573][T17904] should_fail_ex+0x512/0x640 [ 649.105589][T17904] _copy_from_user+0x2e/0xd0 [ 649.105605][T17904] get_compat_msghdr+0xa7/0x170 [ 649.105616][T17904] ? __pfx_get_compat_msghdr+0x10/0x10 [ 649.105630][T17904] ___sys_sendmsg+0x1ae/0x1d0 [ 649.105642][T17904] ? __pfx____sys_sendmsg+0x10/0x10 [ 649.105667][T17904] __sys_sendmsg+0x16d/0x220 [ 649.105678][T17904] ? __pfx___sys_sendmsg+0x10/0x10 [ 649.105693][T17904] ? rcu_is_watching+0x12/0xc0 [ 649.105704][T17904] __do_fast_syscall_32+0x73/0x120 [ 649.105718][T17904] do_fast_syscall_32+0x32/0x80 [ 649.105731][T17904] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 649.105745][T17904] RIP: 0023:0xf703e579 [ 649.105753][T17904] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 649.105762][T17904] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 649.105773][T17904] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100 [ 649.105779][T17904] RDX: 0000000004004000 RSI: 0000000000000000 RDI: 0000000000000000 [ 649.105784][T17904] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 649.105790][T17904] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 649.105796][T17904] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 649.105807][T17904] [ 649.406247][ T833] usb 7-1: new high-speed USB device number 81 using dummy_hcd [ 649.436130][T17498] usb 9-1: new full-speed USB device number 98 using dummy_hcd [ 649.439548][ T40] audit: type=1400 audit(1745994881.179:1137): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=17909 comm="syz.0.3665" [ 649.557845][ T833] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 649.562348][ T833] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 649.566637][ T833] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 649.571879][ T833] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 649.575592][ T833] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 649.580622][ T833] usb 7-1: config 0 descriptor?? [ 649.714002][T17498] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 649.719189][T17498] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 649.722242][T17498] usb 9-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 649.725072][T17498] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 649.731204][T17498] usb 9-1: config 0 descriptor?? [ 649.989972][ T833] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 649.992810][ T833] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 649.998678][ T833] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 650.046246][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 650.049146][ T1135] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 650.052374][T13509] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 650.057369][T13509] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 650.256472][T17906] FAULT_INJECTION: forcing a failure. [ 650.256472][T17906] name failslab, interval 1, probability 0, space 0, times 0 [ 650.260408][T17906] CPU: 2 UID: 0 PID: 17906 Comm: syz.2.3663 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 650.260422][T17906] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 650.260428][T17906] Call Trace: [ 650.260432][T17906] [ 650.260436][T17906] dump_stack_lvl+0x16c/0x1f0 [ 650.260453][T17906] should_fail_ex+0x512/0x640 [ 650.260467][T17906] ? fs_reclaim_acquire+0xae/0x150 [ 650.260483][T17906] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 650.260496][T17906] should_failslab+0xc2/0x120 [ 650.260508][T17906] __kmalloc_noprof+0xd2/0x510 [ 650.260522][T17906] tomoyo_realpath_from_path+0xc2/0x6e0 [ 650.260536][T17906] ? tomoyo_profile+0x47/0x60 [ 650.260552][T17906] tomoyo_path_number_perm+0x245/0x580 [ 650.260563][T17906] ? tomoyo_path_number_perm+0x237/0x580 [ 650.260575][T17906] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 650.260599][T17906] ? find_held_lock+0x2b/0x80 [ 650.260608][T17906] ? hook_file_ioctl_common+0x145/0x410 [ 650.260620][T17906] ? __fget_files+0x204/0x3c0 [ 650.260636][T17906] ? __fget_files+0x20e/0x3c0 [ 650.260650][T17906] ? fput+0x60/0xf0 [ 650.260662][T17906] security_file_ioctl_compat+0x9b/0x240 [ 650.260676][T17906] __ia32_compat_sys_ioctl+0xc3/0x360 [ 650.260691][T17906] __do_fast_syscall_32+0x73/0x120 [ 650.260705][T17906] do_fast_syscall_32+0x32/0x80 [ 650.260718][T17906] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 650.260731][T17906] RIP: 0023:0xf7f23579 [ 650.260739][T17906] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 650.260749][T17906] RSP: 002b:00000000f504655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 650.260758][T17906] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000400c4807 [ 650.260764][T17906] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 650.260770][T17906] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 650.260780][T17906] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 650.260786][T17906] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 650.260798][T17906] [ 650.260802][T17906] ERROR: Out of memory at tomoyo_realpath_from_path. [ 651.183850][T17938] ptrace attach of "/syz-executor exec"[13660] was attempted by "/syz-executor exec"[17938] [ 651.835017][ T40] audit: type=1400 audit(1745994883.569:1138): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="#(%#{//(@\)//&@},['%%&\#*" pid=17947 comm="syz.2.3674" [ 652.038959][T17967] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3680'. [ 652.070031][ T57] usb 7-1: USB disconnect, device number 81 [ 652.127334][ T29] net_ratelimit: 4 callbacks suppressed [ 652.127347][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.153400][T17967] tc_dump_action: action bad kind [ 652.231132][T17498] usbhid 9-1:0.0: can't add hid device: -71 [ 652.233756][T17498] usbhid 9-1:0.0: probe with driver usbhid failed with error -71 [ 652.239109][T17498] usb 9-1: USB disconnect, device number 98 [ 652.264720][T17974] netlink: 'syz.4.3682': attribute type 1 has an invalid length. [ 652.290145][T17974] 8021q: adding VLAN 0 to HW filter on device bond1 [ 652.324316][T17974] bond1: (slave veth5): Enslaving as an active interface with a down link [ 652.330343][T17974] FAULT_INJECTION: forcing a failure. [ 652.330343][T17974] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 652.335317][T17972] bridge0: port 1(bridge_slave_0) entered disabled state [ 652.335455][T17974] CPU: 0 UID: 0 PID: 17974 Comm: syz.4.3682 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 652.335475][T17974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 652.335484][T17974] Call Trace: [ 652.335490][T17974] [ 652.335496][T17974] dump_stack_lvl+0x16c/0x1f0 [ 652.335520][T17974] should_fail_ex+0x512/0x640 [ 652.335542][T17974] _copy_from_user+0x2e/0xd0 [ 652.335562][T17974] get_compat_msghdr+0xa7/0x170 [ 652.335577][T17974] ? __pfx_get_compat_msghdr+0x10/0x10 [ 652.335619][T17974] ___sys_sendmsg+0x1ae/0x1d0 [ 652.335636][T17974] ? __pfx____sys_sendmsg+0x10/0x10 [ 652.335674][T17974] __sys_sendmsg+0x16d/0x220 [ 652.335689][T17974] ? __pfx___sys_sendmsg+0x10/0x10 [ 652.335712][T17974] ? rcu_is_watching+0x12/0xc0 [ 652.335729][T17974] __do_fast_syscall_32+0x73/0x120 [ 652.335749][T17974] do_fast_syscall_32+0x32/0x80 [ 652.335767][T17974] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 652.335785][T17974] RIP: 0023:0xf703e579 [ 652.335797][T17974] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 652.335811][T17974] RSP: 002b:00000000f502e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 652.335825][T17974] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000280 [ 652.335835][T17974] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 652.335843][T17974] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 652.335851][T17974] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 652.335859][T17974] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 652.335878][T17974] [ 652.393447][T17972] bridge0: port 2(bridge_slave_1) entered disabled state [ 652.458910][T17977] netlink: 'syz.4.3683': attribute type 1 has an invalid length. [ 652.482662][T17977] 8021q: adding VLAN 0 to HW filter on device bond2 [ 652.505331][T17977] bond2: (slave veth7): Enslaving as an active interface with a down link [ 652.729006][T17982] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.731884][T17982] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.734524][T17982] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.738571][T17982] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.741954][T17982] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.746328][T17982] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.750051][T17982] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.766080][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.769722][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 652.875694][T17985] FAULT_INJECTION: forcing a failure. [ 652.875694][T17985] name failslab, interval 1, probability 0, space 0, times 0 [ 652.880651][T17985] CPU: 1 UID: 0 PID: 17985 Comm: syz.3.3686 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 652.880665][T17985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 652.880671][T17985] Call Trace: [ 652.880675][T17985] [ 652.880679][T17985] dump_stack_lvl+0x16c/0x1f0 [ 652.880696][T17985] should_fail_ex+0x512/0x640 [ 652.880710][T17985] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 652.880723][T17985] should_failslab+0xc2/0x120 [ 652.880735][T17985] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 652.880745][T17985] ? __pfx_tcp_current_mss+0x10/0x10 [ 652.880759][T17985] ? unwind_get_return_address+0x59/0xa0 [ 652.880770][T17985] ? __alloc_skb+0x2b2/0x380 [ 652.880787][T17985] __alloc_skb+0x2b2/0x380 [ 652.880796][T17985] ? __pfx___alloc_skb+0x10/0x10 [ 652.880806][T17985] ? __lock_acquire+0xaa4/0x1ba0 [ 652.880819][T17985] ? aa_label_sk_perm+0x19b/0x5a0 [ 652.880833][T17985] tcp_stream_alloc_skb+0x34/0x570 [ 652.880847][T17985] tcp_sendmsg_locked+0xec1/0x3930 [ 652.880869][T17985] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 652.880883][T17985] ? do_raw_spin_lock+0x12c/0x2b0 [ 652.880898][T17985] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 652.880915][T17985] ? __local_bh_enable_ip+0xa4/0x120 [ 652.880928][T17985] tcp_sendmsg+0x2e/0x50 [ 652.880939][T17985] ? __pfx_tcp_sendmsg+0x10/0x10 [ 652.880951][T17985] inet_sendmsg+0xb9/0x140 [ 652.880965][T17985] __sys_sendto+0x431/0x510 [ 652.880981][T17985] ? __pfx___sys_sendto+0x10/0x10 [ 652.881006][T17985] ? ksys_write+0x1b9/0x240 [ 652.881016][T17985] ? __pfx_ksys_write+0x10/0x10 [ 652.881026][T17985] __ia32_sys_sendto+0xdd/0x1b0 [ 652.881037][T17985] ? lockdep_hardirqs_on+0x7c/0x110 [ 652.881049][T17985] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 652.881062][T17985] __do_fast_syscall_32+0x73/0x120 [ 652.881076][T17985] do_fast_syscall_32+0x32/0x80 [ 652.881089][T17985] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 652.881102][T17985] RIP: 0023:0xf7fd3579 [ 652.881111][T17985] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 652.881120][T17985] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 652.881130][T17985] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 652.881136][T17985] RDX: 00000000ffffff94 RSI: 0000000000000000 RDI: 0000000000000000 [ 652.881142][T17985] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 652.881148][T17985] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 652.881154][T17985] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 652.881166][T17985] [ 653.072648][T17988] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3687'. [ 653.338510][T17996] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 653.343286][T17996] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 654.550254][T18013] FAULT_INJECTION: forcing a failure. [ 654.550254][T18013] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 654.554035][T18013] CPU: 2 UID: 0 PID: 18013 Comm: syz.4.3694 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 654.554058][T18013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 654.554067][T18013] Call Trace: [ 654.554080][T18013] [ 654.554087][T18013] dump_stack_lvl+0x16c/0x1f0 [ 654.554112][T18013] should_fail_ex+0x512/0x640 [ 654.554135][T18013] _copy_from_user+0x2e/0xd0 [ 654.554159][T18013] get_compat_msghdr+0xa7/0x170 [ 654.554177][T18013] ? __pfx_get_compat_msghdr+0x10/0x10 [ 654.554201][T18013] ___sys_sendmsg+0x1ae/0x1d0 [ 654.554220][T18013] ? __pfx____sys_sendmsg+0x10/0x10 [ 654.554262][T18013] __sys_sendmsg+0x16d/0x220 [ 654.554281][T18013] ? __pfx___sys_sendmsg+0x10/0x10 [ 654.554306][T18013] ? rcu_is_watching+0x12/0xc0 [ 654.554326][T18013] __do_fast_syscall_32+0x73/0x120 [ 654.554348][T18013] do_fast_syscall_32+0x32/0x80 [ 654.554369][T18013] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 654.554390][T18013] RIP: 0023:0xf703e579 [ 654.554402][T18013] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 654.554418][T18013] RSP: 002b:00000000f500d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 654.554432][T18013] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080002340 [ 654.554443][T18013] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 654.554452][T18013] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 654.554460][T18013] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 654.554469][T18013] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 654.554489][T18013] [ 655.216084][ T833] usb 8-1: new full-speed USB device number 68 using dummy_hcd [ 655.390903][ T833] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 655.394479][ T833] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 655.397904][ T833] usb 8-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 655.400713][ T833] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 655.404291][ T833] usb 8-1: config 0 descriptor?? [ 657.310499][ T40] audit: type=1400 audit(1745994889.049:1139): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=18036 comm="syz.4.3700" [ 657.424783][T17498] net_ratelimit: 264 callbacks suppressed [ 657.424795][T17498] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 657.736292][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 657.942493][ T40] audit: type=1400 audit(1745994889.679:1140): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=18043 comm="syz.2.3702" [ 658.055699][ T833] usbhid 8-1:0.0: can't add hid device: -71 [ 658.058287][ T833] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 658.061642][ T833] usb 8-1: USB disconnect, device number 68 [ 658.426086][T18054] FAULT_INJECTION: forcing a failure. [ 658.426086][T18054] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 658.431026][T18054] CPU: 0 UID: 0 PID: 18054 Comm: syz.0.3706 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 658.431048][T18054] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 658.431055][T18054] Call Trace: [ 658.431060][T18054] [ 658.431065][T18054] dump_stack_lvl+0x16c/0x1f0 [ 658.431081][T18054] should_fail_ex+0x512/0x640 [ 658.431097][T18054] _copy_from_user+0x2e/0xd0 [ 658.431112][T18054] get_compat_msghdr+0xa7/0x170 [ 658.431123][T18054] ? __pfx_get_compat_msghdr+0x10/0x10 [ 658.431137][T18054] ___sys_sendmsg+0x1ae/0x1d0 [ 658.431149][T18054] ? __pfx____sys_sendmsg+0x10/0x10 [ 658.431174][T18054] __sys_sendmsg+0x16d/0x220 [ 658.431184][T18054] ? __pfx___sys_sendmsg+0x10/0x10 [ 658.431200][T18054] ? rcu_is_watching+0x12/0xc0 [ 658.431211][T18054] __do_fast_syscall_32+0x73/0x120 [ 658.431225][T18054] do_fast_syscall_32+0x32/0x80 [ 658.431238][T18054] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 658.431251][T18054] RIP: 0023:0xf70ee579 [ 658.431259][T18054] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 658.431269][T18054] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 658.431280][T18054] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000480 [ 658.431286][T18054] RDX: 0000000000008814 RSI: 0000000000000000 RDI: 0000000000000000 [ 658.431292][T18054] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 658.431298][T18054] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 658.431303][T18054] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 658.431315][T18054] [ 658.446154][T17498] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 658.696249][ T835] usb 9-1: new full-speed USB device number 99 using dummy_hcd [ 658.866323][ T40] audit: type=1400 audit(1745994890.599:1141): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=18063 comm="syz.2.3709" [ 658.867359][ T835] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 658.879339][ T835] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 658.883462][ T835] usb 9-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 658.889276][ T835] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 658.894606][ T835] usb 9-1: config 0 descriptor?? [ 659.143881][T18071] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3711'. [ 659.212087][ T40] audit: type=1400 audit(1745994890.949:1142): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=18073 comm="syz.3.3712" [ 659.361877][T18076] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 659.365384][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 659.771501][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 659.774313][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 660.002527][T18083] FAULT_INJECTION: forcing a failure. [ 660.002527][T18083] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 660.006773][T18083] CPU: 3 UID: 0 PID: 18083 Comm: syz.0.3713 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 660.006786][T18083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 660.006793][T18083] Call Trace: [ 660.006798][T18083] [ 660.006802][T18083] dump_stack_lvl+0x16c/0x1f0 [ 660.006818][T18083] should_fail_ex+0x512/0x640 [ 660.006834][T18083] _copy_from_user+0x2e/0xd0 [ 660.006863][T18083] get_compat_msghdr+0xa7/0x170 [ 660.006875][T18083] ? __pfx_get_compat_msghdr+0x10/0x10 [ 660.006887][T18083] ? __lock_acquire+0x5ca/0x1ba0 [ 660.006903][T18083] ___sys_recvmsg+0x191/0x1a0 [ 660.006914][T18083] ? __pfx____sys_recvmsg+0x10/0x10 [ 660.006931][T18083] ? get_pid_task+0xb0/0x250 [ 660.006947][T18083] do_recvmmsg+0x568/0x740 [ 660.006959][T18083] ? __pfx_do_recvmmsg+0x10/0x10 [ 660.006979][T18083] ? __fget_files+0x20e/0x3c0 [ 660.006996][T18083] __sys_recvmmsg+0x21c/0x280 [ 660.007007][T18083] ? __pfx___sys_recvmmsg+0x10/0x10 [ 660.007019][T18083] ? syscall_user_dispatch+0x78/0x140 [ 660.007040][T18083] __ia32_compat_sys_recvmmsg_time32+0xc4/0x160 [ 660.007051][T18083] ? syscall_trace_enter+0x5e/0x260 [ 660.007065][T18083] __do_fast_syscall_32+0x73/0x120 [ 660.007079][T18083] do_fast_syscall_32+0x32/0x80 [ 660.007092][T18083] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 660.007105][T18083] RIP: 0023:0xf70ee579 [ 660.007113][T18083] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 660.007122][T18083] RSP: 002b:00000000f50bd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000151 [ 660.007133][T18083] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080005b40 [ 660.007141][T18083] RDX: 0000000000000001 RSI: 0000000000000100 RDI: 0000000000000000 [ 660.007147][T18083] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 660.007152][T18083] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 660.007158][T18083] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 660.007170][T18083] [ 660.007437][T18083] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3713'. [ 660.852899][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 660.871776][T18099] netlink: 'syz.0.3717': attribute type 10 has an invalid length. [ 660.874291][T18099] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3717'. [ 660.878384][T18099] CUSE: unknown device info "ÿ" [ 660.879972][T18099] CUSE: zero length info key specified [ 661.163612][T18105] netlink: 'syz.3.3719': attribute type 10 has an invalid length. [ 661.166274][T18105] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3719'. [ 661.169966][T18105] CUSE: unknown device info "ÿ" [ 661.171567][T18105] CUSE: zero length info key specified [ 661.461006][ T835] usbhid 9-1:0.0: can't add hid device: -71 [ 661.466442][ T835] usbhid 9-1:0.0: probe with driver usbhid failed with error -71 [ 661.471686][ T835] usb 9-1: USB disconnect, device number 99 [ 661.518135][ T40] audit: type=1400 audit(1745994893.259:1143): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=18107 comm="syz.4.3720" [ 661.888328][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 661.980128][ T40] audit: type=1400 audit(1745994893.719:1144): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=18115 comm="syz.3.3722" [ 662.520086][T18125] netlink: 'syz.4.3724': attribute type 11 has an invalid length. [ 662.540744][T18125] netlink: 'syz.4.3724': attribute type 58 has an invalid length. [ 662.766872][T18129] hub 2-0:1.0: USB hub found [ 662.768670][T18129] hub 2-0:1.0: 2 ports detected [ 662.848194][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 662.938526][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 662.952554][T18130] hub 2-0:1.0: USB hub found [ 662.958653][T18130] hub 2-0:1.0: 2 ports detected [ 663.236374][ T835] usb 8-1: new full-speed USB device number 69 using dummy_hcd [ 663.398064][ T835] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 663.401598][ T835] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 663.404751][ T835] usb 8-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 663.407704][ T835] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 663.411981][ T835] usb 8-1: config 0 descriptor?? [ 664.007582][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 664.072578][T18149] input: syz1 as /devices/virtual/input/input45 [ 664.759529][T18158] netlink: 'syz.2.3734': attribute type 10 has an invalid length. [ 664.765528][T18158] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3734'. [ 664.785071][T18158] CUSE: unknown device info "ÿ" [ 664.796201][T18158] CUSE: zero length info key specified [ 664.853130][T18159] hub 2-0:1.0: USB hub found [ 664.855302][T18159] hub 2-0:1.0: 2 ports detected [ 665.022192][T18163] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 665.025079][T18163] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 665.029888][T18163] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 665.032679][T18163] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 665.039839][T18163] pimreg: entered allmulticast mode [ 665.086558][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 665.806282][T18173] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 665.809132][T18173] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 665.812067][T18173] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 665.818729][T18173] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 665.821575][T18173] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 665.827622][T18173] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 666.022060][ T835] usbhid 8-1:0.0: can't add hid device: -71 [ 666.024890][ T835] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 666.028775][ T835] usb 8-1: USB disconnect, device number 69 [ 668.259812][ T57] net_ratelimit: 212 callbacks suppressed [ 668.259828][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 668.430071][T18193] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 669.053567][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 669.264293][T18210] netlink: 'syz.0.3748': attribute type 10 has an invalid length. [ 669.267761][T18210] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3748'. [ 669.274323][T18210] CUSE: unknown device info "ÿ" [ 669.277075][T18210] CUSE: zero length info key specified [ 669.326220][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 669.376088][ T835] usb 8-1: new full-speed USB device number 70 using dummy_hcd [ 669.538358][ T835] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 669.542768][ T835] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 669.547981][ T835] usb 8-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 669.551614][ T835] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 669.557214][ T835] usb 8-1: config 0 descriptor?? [ 669.671415][T18213] kvm: requested 3352 ns i8254 timer period limited to 200000 ns [ 669.694567][T18213] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3749'. [ 669.816190][ T40] audit: type=1400 audit(1745994901.559:1145): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=18218 comm="syz.2.3750" [ 670.097006][ T40] audit: type=1400 audit(1745994901.839:1146): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=18222 comm="syz.0.3751" [ 670.607848][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 670.806784][T18234] netlink: 'syz.2.3753': attribute type 10 has an invalid length. [ 670.812587][T18234] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3753'. [ 670.821298][T18234] CUSE: unknown device info "ÿ" [ 670.825308][T18234] CUSE: zero length info key specified [ 671.011080][ T40] audit: type=1400 audit(1745994902.749:1147): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=18238 comm="syz.0.3755" [ 671.646599][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 671.856059][ T7732] usb 7-1: new high-speed USB device number 82 using dummy_hcd [ 671.926973][T18250] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 671.935165][T18250] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 672.056085][ T7732] usb 7-1: Using ep0 maxpacket: 8 [ 672.059076][ T7732] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 672.061439][ T7732] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 672.064922][ T7732] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 672.069241][ T7732] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 672.073038][ T7732] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 672.078107][ T7732] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 672.080674][ T7732] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 672.084482][ T7732] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 672.088365][ T7732] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 672.092106][ T7732] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 672.097620][ T7732] usb 7-1: config 168 descriptor has 1 excess byte, ignoring [ 672.100079][ T7732] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 672.104121][ T7732] usb 7-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 672.108903][ T7732] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 672.112539][ T7732] usb 7-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 672.119081][ T7732] usb 7-1: string descriptor 0 read error: -22 [ 672.121275][ T7732] usb 7-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 672.124305][ T7732] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 672.126958][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 672.135003][ T7732] adutux 7-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 672.165641][ T835] usbhid 8-1:0.0: can't add hid device: -71 [ 672.167910][ T835] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 672.172672][ T835] usb 8-1: USB disconnect, device number 70 [ 672.544044][ T833] usb 7-1: USB disconnect, device number 82 [ 672.548188][T18255] adutux: No device or device unplugged -19 [ 672.688207][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 673.325335][ T40] audit: type=1400 audit(1745994905.059:1148): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=18268 comm="syz.3.3764" [ 673.771971][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 674.646203][ T833] usb 8-1: new full-speed USB device number 71 using dummy_hcd [ 674.797395][ T833] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 674.800843][ T833] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 674.803946][ T833] usb 8-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 674.806963][ T833] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 674.812344][ T833] usb 8-1: config 0 descriptor?? [ 674.850031][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 674.966371][ T40] audit: type=1400 audit(1745994906.709:1149): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=18285 comm="syz.2.3768" [ 675.166219][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 675.579201][T18296] FAULT_INJECTION: forcing a failure. [ 675.579201][T18296] name failslab, interval 1, probability 0, space 0, times 0 [ 675.583199][T18296] CPU: 2 UID: 0 PID: 18296 Comm: syz.0.3771 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 675.583220][T18296] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 675.583230][T18296] Call Trace: [ 675.583234][T18296] [ 675.583238][T18296] dump_stack_lvl+0x16c/0x1f0 [ 675.583255][T18296] should_fail_ex+0x512/0x640 [ 675.583270][T18296] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 675.583287][T18296] should_failslab+0xc2/0x120 [ 675.583299][T18296] __kmalloc_cache_noprof+0x6a/0x3e0 [ 675.583314][T18296] ? sctp_datamsg_from_user+0x8d/0x1320 [ 675.583328][T18296] sctp_datamsg_from_user+0x8d/0x1320 [ 675.583339][T18296] ? __sk_mem_raise_allocated+0x895/0x1700 [ 675.583355][T18296] ? __sk_mem_schedule+0xd0/0x100 [ 675.583367][T18296] sctp_sendmsg_to_asoc+0xaf5/0x1bf0 [ 675.583412][T18296] ? find_held_lock+0x2b/0x80 [ 675.583424][T18296] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 675.583438][T18296] ? do_raw_spin_lock+0x12c/0x2b0 [ 675.583453][T18296] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 675.583470][T18296] ? sctp_sendmsg_check_sflags+0x176/0x320 [ 675.583485][T18296] sctp_sendmsg+0xef5/0x1ee0 [ 675.583499][T18296] ? __pfx_sctp_sendmsg+0x10/0x10 [ 675.583509][T18296] ? __pfx___might_resched+0x10/0x10 [ 675.583524][T18296] ? aa_file_perm+0x4d6/0xfb0 [ 675.583544][T18296] ? __pfx_aa_sk_perm+0x10/0x10 [ 675.583564][T18296] ? __pfx_sctp_sendmsg+0x10/0x10 [ 675.583579][T18296] inet_sendmsg+0x119/0x140 [ 675.583601][T18296] sock_write_iter+0x4aa/0x5b0 [ 675.583623][T18296] ? __pfx_sock_write_iter+0x10/0x10 [ 675.583648][T18296] ? bpf_lsm_file_permission+0x9/0x10 [ 675.583670][T18296] ? security_file_permission+0x71/0x210 [ 675.583692][T18296] ? rw_verify_area+0xcf/0x680 [ 675.583716][T18296] vfs_write+0x5ba/0x1180 [ 675.583731][T18296] ? __pfx_sock_write_iter+0x10/0x10 [ 675.583754][T18296] ? __pfx_vfs_write+0x10/0x10 [ 675.583768][T18296] ? find_held_lock+0x2b/0x80 [ 675.583799][T18296] ksys_write+0x205/0x240 [ 675.583814][T18296] ? __pfx_ksys_write+0x10/0x10 [ 675.583838][T18296] ? rcu_is_watching+0x12/0xc0 [ 675.583857][T18296] __do_fast_syscall_32+0x73/0x120 [ 675.583881][T18296] do_fast_syscall_32+0x32/0x80 [ 675.583903][T18296] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 675.583923][T18296] RIP: 0023:0xf70ee579 [ 675.583937][T18296] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 675.583953][T18296] RSP: 002b:00000000f50de55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 675.583969][T18296] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000 [ 675.583979][T18296] RDX: 000000000000ffe0 RSI: 0000000000000000 RDI: 0000000000000000 [ 675.583989][T18296] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 675.583998][T18296] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 675.584007][T18296] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 675.584029][T18296] [ 675.997067][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 676.926228][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 677.063433][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 677.431366][ T833] usbhid 8-1:0.0: can't add hid device: -71 [ 677.433301][ T833] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 677.437558][ T833] usb 8-1: USB disconnect, device number 71 [ 678.132083][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 678.216219][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 678.440236][T18333] FAULT_INJECTION: forcing a failure. [ 678.440236][T18333] name failslab, interval 1, probability 0, space 0, times 0 [ 678.445278][T18333] CPU: 3 UID: 0 PID: 18333 Comm: syz.3.3781 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 678.445300][T18333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 678.445311][T18333] Call Trace: [ 678.445317][T18333] [ 678.445324][T18333] dump_stack_lvl+0x16c/0x1f0 [ 678.445351][T18333] should_fail_ex+0x512/0x640 [ 678.445372][T18333] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 678.445401][T18333] should_failslab+0xc2/0x120 [ 678.445420][T18333] __kmalloc_cache_noprof+0x6a/0x3e0 [ 678.445444][T18333] ? alloc_pipe_info+0x10e/0x590 [ 678.445465][T18333] alloc_pipe_info+0x10e/0x590 [ 678.445485][T18333] splice_direct_to_actor+0x77d/0xa30 [ 678.445510][T18333] ? __pfx_direct_splice_actor+0x10/0x10 [ 678.445535][T18333] ? __pfx_aa_file_perm+0x10/0x10 [ 678.445557][T18333] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 678.445585][T18333] ? get_pid_task+0xfc/0x250 [ 678.445613][T18333] do_splice_direct+0x174/0x240 [ 678.445635][T18333] ? __pfx_do_splice_direct+0x10/0x10 [ 678.445658][T18333] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 678.445685][T18333] ? rw_verify_area+0xcf/0x680 [ 678.445711][T18333] do_sendfile+0xafd/0xe50 [ 678.445741][T18333] ? __pfx_do_sendfile+0x10/0x10 [ 678.445764][T18333] ? __might_fault+0xe3/0x190 [ 678.445781][T18333] ? __might_fault+0x13b/0x190 [ 678.445805][T18333] __ia32_compat_sys_sendfile+0x162/0x220 [ 678.445825][T18333] ? __pfx___ia32_compat_sys_sendfile+0x10/0x10 [ 678.445847][T18333] ? rcu_is_watching+0x12/0xc0 [ 678.445866][T18333] __do_fast_syscall_32+0x73/0x120 [ 678.445889][T18333] do_fast_syscall_32+0x32/0x80 [ 678.445929][T18333] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 678.445950][T18333] RIP: 0023:0xf7fd3579 [ 678.445978][T18333] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 678.445994][T18333] RSP: 002b:00000000f50f655c EFLAGS: 00000296 ORIG_RAX: 00000000000000bb [ 678.446012][T18333] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000003 [ 678.446023][T18333] RDX: 00000000800000c0 RSI: 000000000000000a RDI: 0000000000000000 [ 678.446032][T18333] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 678.446042][T18333] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 678.446051][T18333] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 678.446072][T18333] [ 678.668763][T18338] netlink: 'syz.3.3782': attribute type 10 has an invalid length. [ 678.671221][T18338] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3782'. [ 678.675135][T18338] CUSE: unknown device info "ÿ" [ 678.677507][T18338] CUSE: zero length info key specified [ 678.898969][T18344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 678.902440][T18344] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 679.294271][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 679.533083][ T40] audit: type=1400 audit(1745994911.269:1150): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=18350 comm="syz.2.3787" [ 679.982253][ T40] audit: type=1400 audit(1745994911.719:1151): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=18361 comm="syz.4.3790" [ 680.386257][ T1342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 680.812647][ T40] audit: type=1400 audit(1745994912.549:1152): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=18373 comm="syz.2.3793" [ 681.246292][ T6003] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 681.409138][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 681.737596][ T40] audit: type=1400 audit(1745994913.479:1153): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=18387 comm="syz.2.3796" [ 682.452188][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 683.195160][T18413] netlink: 'syz.0.3802': attribute type 10 has an invalid length. [ 683.198729][T18413] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3802'. [ 683.203014][T18413] CUSE: unknown device info "ÿ" [ 683.205147][T18413] CUSE: zero length info key specified [ 683.490274][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 684.039865][T18417] hub 2-0:1.0: USB hub found [ 684.047393][T18417] hub 2-0:1.0: 2 ports detected [ 684.296567][ T6003] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 684.667463][ T40] audit: type=1400 audit(1745994916.409:1154): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=18429 comm="syz.3.3808" [ 684.797124][ T57] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 685.256310][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.258695][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.326227][ T6003] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 690.367541][ T6003] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 696.126274][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 701.165391][T13391] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 701.172075][T13391] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 701.175599][T13391] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 701.179474][T13391] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 701.183972][T13391] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 701.237233][T13654] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 701.245040][T13654] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 701.248417][T13654] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 701.252030][T13654] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 701.255016][T13654] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 701.318145][T13391] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 701.323194][T13391] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 701.331938][T13391] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 701.344128][T13391] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 701.347809][T13391] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 701.489344][T18447] chnl_net:caif_netlink_parms(): no params data found [ 701.496611][T13654] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 701.501550][T13654] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 701.505304][T13654] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 701.507955][T13654] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 701.510403][T13654] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 702.057842][ T1419] ================================================================== [ 702.060257][ T1419] BUG: KASAN: slab-use-after-free in handle_tx+0x5a5/0x630 [ 702.062478][ T1419] Read of size 8 at addr ffff88804c25e020 by task aoe_tx0/1419 [ 702.065294][ T1419] [ 702.066621][ T1419] CPU: 0 UID: 0 PID: 1419 Comm: aoe_tx0 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 702.066635][ T1419] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 702.066641][ T1419] Call Trace: [ 702.066646][ T1419] [ 702.066650][ T1419] dump_stack_lvl+0x116/0x1f0 [ 702.066666][ T1419] print_report+0xc3/0x670 [ 702.066690][ T1419] ? __virt_addr_valid+0x5e/0x590 [ 702.066703][ T1419] ? __phys_addr+0xc6/0x150 [ 702.066715][ T1419] ? handle_tx+0x5a5/0x630 [ 702.066724][ T1419] kasan_report+0xe0/0x110 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 702.066735][ T1419] ? handle_tx+0x5a5/0x630 [ 702.066745][ T1419] handle_tx+0x5a5/0x630 [ 702.066755][ T1419] dev_hard_start_xmit+0x93/0x740 [ 702.066771][ T1419] __dev_queue_xmit+0x7eb/0x43e0 [ 702.066786][ T1419] ? lockdep_hardirqs_on+0x7c/0x110 [ 702.066799][ T1419] ? finish_task_switch.isra.0+0x221/0xc10 [ 702.066809][ T1419] ? rcu_is_watching+0x12/0xc0 [ 702.066818][ T1419] ? __pfx___dev_queue_xmit+0x10/0x10 [ 702.066833][ T1419] ? __lock_acquire+0xaa4/0x1ba0 [ 702.066846][ T1419] ? __lock_acquire+0xaa4/0x1ba0 [ 702.066858][ T1419] ? do_raw_spin_lock+0x12c/0x2b0 [ 702.066872][ T1419] ? find_held_lock+0x2b/0x80 [ 702.066881][ T1419] ? skb_dequeue+0x126/0x180 [ 702.066894][ T1419] ? find_held_lock+0x2b/0x80 [ 702.066903][ T1419] ? rcu_is_watching+0x12/0xc0 [ 702.066912][ T1419] tx+0xcc/0x190 [ 702.066922][ T1419] ? __pfx_tx+0x10/0x10 [ 702.066931][ T1419] kthread+0x1e1/0x3e0 [ 702.066945][ T1419] ? find_held_lock+0x2b/0x80 [ 702.066954][ T1419] ? __pfx_kthread+0x10/0x10 [ 702.066968][ T1419] ? __pfx_default_wake_function+0x10/0x10 [ 702.066978][ T1419] ? lockdep_hardirqs_on+0x7c/0x110 [ 702.066989][ T1419] ? __kthread_parkme+0x19e/0x250 [ 702.067001][ T1419] ? __pfx_kthread+0x10/0x10 [ 702.067014][ T1419] kthread+0x3c2/0x780 [ 702.067028][ T1419] ? __pfx_kthread+0x10/0x10 [ 702.067040][ T1419] ? __pfx_kthread+0x10/0x10 [ 702.067052][ T1419] ? __pfx_kthread+0x10/0x10 [ 702.067064][ T1419] ? __pfx_kthread+0x10/0x10 [ 702.067077][ T1419] ? rcu_is_watching+0x12/0xc0 [ 702.067085][ T1419] ? __pfx_kthread+0x10/0x10 [ 702.067098][ T1419] ret_from_fork+0x45/0x80 [ 702.067112][ T1419] ? __pfx_kthread+0x10/0x10 [ 702.067125][ T1419] ret_from_fork_asm+0x1a/0x30 [ 702.067167][ T1419] [ 702.067170][ T1419] [ 702.141066][ T1419] Allocated by task 8359: [ 702.142386][ T1419] kasan_save_stack+0x33/0x60 [ 702.143825][ T1419] kasan_save_track+0x14/0x30 [ 702.145316][ T1419] __kasan_kmalloc+0xaa/0xb0 [ 702.146766][ T1419] alloc_tty_struct+0x96/0x8c0 [ 702.148315][ T1419] tty_init_dev.part.0+0x1e/0x500 [ 702.149914][ T1419] tty_open+0xa50/0xf90 [ 702.151267][ T1419] chrdev_open+0x231/0x6a0 [ 702.152799][ T1419] do_dentry_open+0x741/0x1c10 [ 702.154294][ T1419] vfs_open+0x82/0x3f0 [ 702.155602][ T1419] path_openat+0x1e5e/0x2d40 [ 702.157059][ T1419] do_filp_open+0x20b/0x470 [ 702.158479][ T1419] do_sys_openat2+0x11b/0x1d0 [ 702.159960][ T1419] __ia32_compat_sys_openat+0x16d/0x210 [ 702.161679][ T1419] __do_fast_syscall_32+0x73/0x120 [ 702.163268][ T1419] do_fast_syscall_32+0x32/0x80 [ 702.164837][ T1419] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 702.167034][ T1419] [ 702.167983][ T1419] Freed by task 24: [ 702.169362][ T1419] kasan_save_stack+0x33/0x60 [ 702.170838][ T1419] kasan_save_track+0x14/0x30 [ 702.172321][ T1419] kasan_save_free_info+0x3b/0x60 [ 702.173898][ T1419] __kasan_slab_free+0x51/0x70 [ 702.175409][ T1419] kfree+0x2b6/0x4d0 [ 702.176661][ T1419] process_one_work+0x9cc/0x1b70 [ 702.178234][ T1419] worker_thread+0x6c8/0xf10 [ 702.179757][ T1419] kthread+0x3c2/0x780 [ 702.181102][ T1419] ret_from_fork+0x45/0x80 [ 702.182497][ T1419] ret_from_fork_asm+0x1a/0x30 [ 702.184005][ T1419] [ 702.184772][ T1419] Last potentially related work creation: [ 702.186535][ T1419] kasan_save_stack+0x33/0x60 [ 702.188020][ T1419] kasan_record_aux_stack+0xb8/0xd0 [ 702.189666][ T1419] insert_work+0x36/0x230 [ 702.191018][ T1419] __queue_work+0x97e/0x10f0 [ 702.192471][ T1419] queue_work_on+0x1a4/0x1f0 [ 702.193919][ T1419] release_tty+0x4de/0x5d0 [ 702.195316][ T1419] tty_release_struct+0xb7/0xe0 [ 702.196839][ T1419] tty_release+0xe2d/0x1430 [ 702.198303][ T1419] __fput+0x3ff/0xb70 [ 702.199802][ T1419] task_work_run+0x14d/0x240 [ 702.201361][ T1419] do_exit+0xafb/0x2c30 [ 702.202703][ T1419] do_group_exit+0xd3/0x2a0 [ 702.204193][ T1419] get_signal+0x2673/0x26d0 [ 702.205672][ T1419] arch_do_signal_or_restart+0x8f/0x7a0 [ 702.207449][ T1419] syscall_exit_to_user_mode+0x150/0x2a0 [ 702.209299][ T1419] __do_fast_syscall_32+0x80/0x120 [ 702.210959][ T1419] do_fast_syscall_32+0x32/0x80 [ 702.212530][ T1419] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 702.214581][ T1419] [ 702.215390][ T1419] The buggy address belongs to the object at ffff88804c25e000 [ 702.215390][ T1419] which belongs to the cache kmalloc-cg-2k of size 2048 [ 702.219938][ T1419] The buggy address is located 32 bytes inside of [ 702.219938][ T1419] freed 2048-byte region [ffff88804c25e000, ffff88804c25e800) [ 702.224229][ T1419] [ 702.224999][ T1419] The buggy address belongs to the physical page: [ 702.227036][ T1419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4c258 [ 702.229918][ T1419] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 702.232606][ T1419] memcg:ffff88804f52a181 [ 702.233965][ T1419] anon flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff) [ 702.236608][ T1419] page_type: f5(slab) [ 702.237908][ T1419] raw: 04fff00000000040 ffff88801b44c140 0000000000000000 dead000000000001 [ 702.240683][ T1419] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff88804f52a181 [ 702.243425][ T1419] head: 04fff00000000040 ffff88801b44c140 0000000000000000 dead000000000001 [ 702.246186][ T1419] head: 0000000000000000 0000000000080008 00000000f5000000 ffff88804f52a181 [ 702.249014][ T1419] head: 04fff00000000003 ffffea0001309601 00000000ffffffff 00000000ffffffff [ 702.251858][ T1419] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 702.254804][ T1419] page dumped because: kasan: bad access detected [ 702.256868][ T1419] page_owner tracks the page as allocated [ 702.258687][ T1419] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5953, tgid 5953 (syz-executor), ts 47738131572, free_ts 47497754867 [ 702.265921][ T1419] post_alloc_hook+0x181/0x1b0 [ 702.267514][ T1419] get_page_from_freelist+0x135c/0x3920 [ 702.269279][ T1419] __alloc_frozen_pages_noprof+0x263/0x23a0 [ 702.271225][ T1419] alloc_pages_mpol+0x1fb/0x550 [ 702.272787][ T1419] new_slab+0x244/0x340 [ 702.274155][ T1419] ___slab_alloc+0xd9c/0x1940 [ 702.275682][ T1419] __slab_alloc.constprop.0+0x56/0xb0 [ 702.277412][ T1419] __kvmalloc_node_noprof+0x3a6/0x600 [ 702.279283][ T1419] alloc_netdev_mqs+0xcf8/0x1570 [ 702.281230][ T1419] rtnl_create_link+0xc10/0xfa0 [ 702.282803][ T1419] rtnl_newlink+0xb69/0x2000 [ 702.284338][ T1419] rtnetlink_rcv_msg+0x95b/0xe90 [ 702.285926][ T1419] netlink_rcv_skb+0x16a/0x440 [ 702.287508][ T1419] netlink_unicast+0x53a/0x7f0 [ 702.289092][ T1419] netlink_sendmsg+0x8d1/0xdd0 [ 702.290632][ T1419] __sys_sendto+0x495/0x510 [ 702.292145][ T1419] page last free pid 5945 tgid 5945 stack trace: [ 702.294156][ T1419] __free_frozen_pages+0x69d/0xff0 [ 702.296495][ T1419] qlist_free_all+0x4e/0x120 [ 702.298746][ T1419] kasan_quarantine_reduce+0x195/0x1e0 [ 702.300704][ T1419] __kasan_slab_alloc+0x69/0x90 [ 702.302371][ T1419] __kmalloc_cache_noprof+0x1f1/0x3e0 [ 702.304636][ T1419] ref_tracker_alloc+0x18e/0x5b0 [ 702.306460][ T1419] net_rx_queue_update_kobjects+0x32e/0x770 [ 702.308442][ T1419] netdev_register_kobject+0x269/0x3a0 [ 702.310183][ T1419] register_netdevice+0x13dc/0x2270 [ 702.311841][ T1419] veth_newlink+0x30f/0xa00 [ 702.313306][ T1419] rtnl_newlink+0xc42/0x2000 [ 702.314810][ T1419] rtnetlink_rcv_msg+0x95b/0xe90 [ 702.316393][ T1419] netlink_rcv_skb+0x16a/0x440 [ 702.317902][ T1419] netlink_unicast+0x53a/0x7f0 [ 702.319490][ T1419] netlink_sendmsg+0x8d1/0xdd0 [ 702.321010][ T1419] __sys_sendto+0x495/0x510 [ 702.322460][ T1419] [ 702.323272][ T1419] Memory state around the buggy address: [ 702.325027][ T1419] ffff88804c25df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 702.327512][ T1419] ffff88804c25df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 702.330029][ T1419] >ffff88804c25e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 702.332560][ T1419] ^ [ 702.334243][ T1419] ffff88804c25e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 702.337537][ T1419] ffff88804c25e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 702.340873][ T1419] ================================================================== [ 702.344152][ T1419] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 702.347257][ T1419] CPU: 0 UID: 0 PID: 1419 Comm: aoe_tx0 Not tainted 6.15.0-rc4-syzkaller-00040-g8bac8898fe39 #0 PREEMPT(full) [ 702.352062][ T1419] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 702.356471][ T1419] Call Trace: [ 702.357912][ T1419] [ 702.359248][ T1419] dump_stack_lvl+0x3d/0x1f0 [ 702.361225][ T1419] panic+0x71c/0x800 [ 702.362909][ T1419] ? __pfx_panic+0x10/0x10 [ 702.364447][ T1419] ? mark_held_locks+0x49/0x80 [ 702.366247][ T1419] ? handle_tx+0x5a5/0x630 [ 702.368161][ T1419] ? check_panic_on_warn+0x1f/0xb0 [ 702.370290][ T1419] ? handle_tx+0x5a5/0x630 [ 702.372201][ T1419] check_panic_on_warn+0xab/0xb0 [ 702.374311][ T1419] end_report+0x107/0x170 [ 702.376119][ T1419] kasan_report+0xee/0x110 [ 702.377971][ T1419] ? handle_tx+0x5a5/0x630 [ 702.379873][ T1419] handle_tx+0x5a5/0x630 [ 702.381659][ T1419] dev_hard_start_xmit+0x93/0x740 [ 702.383839][ T1419] __dev_queue_xmit+0x7eb/0x43e0 [ 702.385947][ T1419] ? lockdep_hardirqs_on+0x7c/0x110 [ 702.388148][ T1419] ? finish_task_switch.isra.0+0x221/0xc10 [ 702.390613][ T1419] ? rcu_is_watching+0x12/0xc0 [ 702.392302][ T1419] ? __pfx___dev_queue_xmit+0x10/0x10 [ 702.393994][ T1419] ? __lock_acquire+0xaa4/0x1ba0 [ 702.396063][ T1419] ? __lock_acquire+0xaa4/0x1ba0 [ 702.398196][ T1419] ? do_raw_spin_lock+0x12c/0x2b0 [ 702.400360][ T1419] ? find_held_lock+0x2b/0x80 [ 702.402356][ T1419] ? skb_dequeue+0x126/0x180 [ 702.404315][ T1419] ? find_held_lock+0x2b/0x80 [ 702.406294][ T1419] ? rcu_is_watching+0x12/0xc0 [ 702.408345][ T1419] tx+0xcc/0x190 [ 702.409888][ T1419] ? __pfx_tx+0x10/0x10 [ 702.411681][ T1419] kthread+0x1e1/0x3e0 [ 702.413387][ T1419] ? find_held_lock+0x2b/0x80 [ 702.415367][ T1419] ? __pfx_kthread+0x10/0x10 [ 702.417343][ T1419] ? __pfx_default_wake_function+0x10/0x10 [ 702.419753][ T1419] ? lockdep_hardirqs_on+0x7c/0x110 [ 702.421943][ T1419] ? __kthread_parkme+0x19e/0x250 [ 702.424077][ T1419] ? __pfx_kthread+0x10/0x10 [ 702.426063][ T1419] kthread+0x3c2/0x780 [ 702.427693][ T1419] ? __pfx_kthread+0x10/0x10 [ 702.429251][ T1419] ? __pfx_kthread+0x10/0x10 [ 702.431238][ T1419] ? __pfx_kthread+0x10/0x10 [ 702.433216][ T1419] ? __pfx_kthread+0x10/0x10 [ 702.435089][ T1419] ? rcu_is_watching+0x12/0xc0 [ 702.436647][ T1419] ? __pfx_kthread+0x10/0x10 [ 702.438122][ T1419] ret_from_fork+0x45/0x80 [ 702.439593][ T1419] ? __pfx_kthread+0x10/0x10 [ 702.441050][ T1419] ret_from_fork_asm+0x1a/0x30 [ 702.442555][ T1419] [ 702.444240][ T1419] Kernel Offset: disabled [ 702.445657][ T1419] Rebooting in 86400 seconds.. VM DIAGNOSIS: 06:35:33 Registers: info registers vcpu 0 CPU#0 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff854bf6b0 RDI=ffffffff9addebc0 RBP=ffffffff9addeb80 RSP=ffffc90007097408 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552 R12=0000000000000000 R13=0000000000000020 R14=fffffbfff35bbdca R15=dffffc0000000000 RIP=ffffffff854bf6d7 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977ed000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f73a5994 CR3=000000000e180000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000a000000000 0000000200000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000001fcf255 RBX=0000000000000001 RCX=ffffffff8b6903e9 RDX=0000000000000000 RSI=ffffffff8dbdad3b RDI=ffffffff8bf467e0 RBP=ffffed1003b55488 RSP=ffffc9000046fdf8 R8 =0000000000000001 R9 =ffffed10056665bd R10=ffff88802b332deb R11=0000000000000000 R12=0000000000000001 R13=ffff88801daaa440 R14=ffffffff90851a10 R15=0000000000000000 RIP=ffffffff8b68ec7f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880978ed000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000031a02ffc CR3=00000000616fb000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 fca89fe4745582d9 fab985852e5b4687 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 dd82e2e471126dbf 70737cc5621ea775 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 60ff24a8f3e52925 e90a7ba61c062fd7 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 fff8b1d5089b9782 cb16b97916fccd7c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000005e40 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001a023 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 495fc40000000000 000000000001a024 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000a66b8e00 0001a02300000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 17d1720000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 afed93e16c26276b c2413fa8a3a2d93d ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a096ebceacfdb311 95d78683e3c5d11a ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000007 RBX=ffff88801bf10000 RCX=1ffffffff210a932 RDX=0000000000000000 RSI=ffffffff8186ce07 RDI=0000000000000001 RBP=dffffc0000000000 RSP=ffffc9000050fe08 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=ffff88801ce944a0 R13=ffffffff8e26a0e0 R14=0000000000000000 R15=0000000000000001 RIP=ffffffff8b6a24fc RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880979ed000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055833291a000 CR3=000000004f7c0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=a9e5463aa9e5463a a9e5463aa9e5463a a9e5463aa9e5463a a9e5463aa9e5463a a9e5463aa9e5463a a9e5463aa9e5463a a9e5463aa9e5463a a9e5463aa9e5463a ZMM22=f4ee4004f4ee4004 f4ee4004f4ee4004 f4ee4004f4ee4004 f4ee4004f4ee4004 f4ee4004f4ee4004 f4ee4004f4ee4004 f4ee4004f4ee4004 f4ee4004f4ee4004 ZMM23=796ca064796ca064 796ca064796ca064 796ca064796ca064 796ca064796ca064 796ca064796ca064 796ca064796ca064 796ca064796ca064 796ca064796ca064 ZMM24=d8931a4cd8931a4c d8931a4cd8931a4c d8931a4cd8931a4c d8931a4cd8931a4c d8931a4cd8931a4c d8931a4cd8931a4c d8931a4cd8931a4c d8931a4cd8931a4c ZMM25=7bfe2c177bfe2c17 7bfe2c177bfe2c17 7bfe2c177bfe2c17 7bfe2c177bfe2c17 7bfe2c177bfe2c17 7bfe2c177bfe2c17 7bfe2c177bfe2c17 7bfe2c177bfe2c17 ZMM26=25313f1725313f17 25313f1725313f17 25313f1725313f17 25313f1725313f17 25313f1725313f17 25313f1725313f17 25313f1725313f17 25313f1725313f17 ZMM27=2363c2b82363c2b8 2363c2b82363c2b8 2363c2b82363c2b8 2363c2b82363c2b8 2363c2b82363c2b8 2363c2b82363c2b8 2363c2b82363c2b8 2363c2b82363c2b8 ZMM28=000001700000016f 0000016e0000016d 0000016c0000016b 0000016a00000169 0000016800000167 0000016600000165 0000016400000163 0000016200000161 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=9e2900009e290000 9e2900009e290000 9e2900009e290000 9e2900009e290000 9e2900009e290000 9e2900009e290000 9e2900009e290000 9e2900009e290000 info registers vcpu 3 CPU#3 RAX=0000000080000202 RBX=00000000eb13043a RCX=ffffffff84d334a4 RDX=ffff888024e04880 RSI=0000000000000000 RDI=0000000000000007 RBP=ffff88807181c54e RSP=ffffc900048c71b8 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000ab2 R11=0000000000000000 R12=dffffc0000000000 R13=0000000000000ab2 R14=0000000000000ab1 R15=ffffc900048c7448 RIP=ffffffff81baa49c RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f31ac8cbd00 ffffffff 00c00000 GS =0000 ffff888097aed000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055833291b000 CR3=000000004f7c0000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=a9e5463aa9e5463a a9e5463aa9e5463a a9e5463aa9e5463a a9e5463aa9e5463a a9e5463aa9e5463a a9e5463aa9e5463a a9e5463aa9e5463a a9e5463aa9e5463a ZMM22=f4ee4004f4ee4004 f4ee4004f4ee4004 f4ee4004f4ee4004 f4ee4004f4ee4004 f4ee4004f4ee4004 f4ee4004f4ee4004 f4ee4004f4ee4004 f4ee4004f4ee4004 ZMM23=796ca064796ca064 796ca064796ca064 796ca064796ca064 796ca064796ca064 796ca064796ca064 796ca064796ca064 796ca064796ca064 796ca064796ca064 ZMM24=d8931a4cd8931a4c d8931a4cd8931a4c d8931a4cd8931a4c d8931a4cd8931a4c d8931a4cd8931a4c d8931a4cd8931a4c d8931a4cd8931a4c d8931a4cd8931a4c ZMM25=7bfe2c177bfe2c17 7bfe2c177bfe2c17 7bfe2c177bfe2c17 7bfe2c177bfe2c17 7bfe2c177bfe2c17 7bfe2c177bfe2c17 7bfe2c177bfe2c17 7bfe2c177bfe2c17 ZMM26=25313f1725313f17 25313f1725313f17 25313f1725313f17 25313f1725313f17 25313f1725313f17 25313f1725313f17 25313f1725313f17 25313f1725313f17 ZMM27=2363c2b82363c2b8 2363c2b82363c2b8 2363c2b82363c2b8 2363c2b82363c2b8 2363c2b82363c2b8 2363c2b82363c2b8 2363c2b82363c2b8 2363c2b82363c2b8 ZMM28=000001700000016f 0000016e0000016d 0000016c0000016b 0000016a00000169 0000016800000167 0000016600000165 0000016400000163 0000016200000161 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=9e2900009e290000 9e2900009e290000 9e2900009e290000 9e2900009e290000 9e2900009e290000 9e2900009e290000 9e2900009e290000 9e2900009e290000