last executing test programs: 6m15.549343024s ago: executing program 0 (id=48): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0xed, 0x0, 0x7}) 6m15.549052821s ago: executing program 0 (id=49): ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000140)={0x28, 0x2, r0, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x80000000}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f0000000100)='./file0\x00') r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f00000003c0)={'#! ', './bus', [], 0xa, "a8ef589dfedbb0a4a97ededd0799e84b7afb4a64623b014dc0626ca443b70d6cffcd7c08996f3c3c96b7540bf59a41503b3dd1732e21a76c6ecb41f78ac5c1d53a5ccfd28c2ed7df7a53a3820489d749ad8c1488ef0961abf4118dbd8a6ca49a8c12b0914af0e0d7f40ad3f5e1340a1ac4f0dfcd"}, 0x7d) ftruncate(r3, 0x5) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200), 0x80040, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r4, 0x40085112, &(0x7f0000000080)=@e={0xff, 0xb, 0x0, 0x0, @generic=0x3}) ioctl$DRM_IOCTL_MODE_ADDFB(r2, 0xc01c64ae, &(0x7f0000000040)={0x0, 0x2, 0x5, 0xf0f3, 0x2, 0x2, 0x6}) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mkdir(&(0x7f0000000380)='./bus\x00', 0x0) 6m15.439435916s ago: executing program 0 (id=50): openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x10, 0x6, &(0x7f0000000c80)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x300}, {0x4}}, @exit], &(0x7f0000000180)='syzkaller\x00', 0x2}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{0x1}, &(0x7f0000000040), &(0x7f00000000c0)=r0}, 0x20) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000001040)={'wlan1\x00'}) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_dev$media(&(0x7f0000000080), 0x4, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_open_procfs$userns(0x0, &(0x7f0000000040)) syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8001}, 0x8c800) r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x40300, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000340)={0x1fe, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) landlock_create_ruleset(&(0x7f0000000040)={0x310, 0x1, 0x2}, 0x18, 0x2) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x85, 0x2, 0x0, 0x4002004c8, 0x1004, 0x45c5, 0xc595, 0x7, 0x2, 0x4, 0x0, 0x80000004000000, 0x200000000c], 0x100000, 0x2010d3}) ioctl$KVM_RUN(r5, 0xae80, 0x0) 6m15.109186403s ago: executing program 0 (id=53): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r0 = syz_open_dev$loop(&(0x7f0000000180), 0x3, 0x2) bind$inet(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x6b46, 0x80000000, 0x0, 0x0, 0x8, 0xc, "a2bba2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000001200", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f30600301a00000020000000000000000c100", [0x3]}}) 6m15.108538161s ago: executing program 0 (id=54): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'syzkaller0\x00', 0x0}) bind$packet(r0, &(0x7f0000000080)={0x11, 0x1a, r1, 0x1, 0x8, 0x6, @broadcast}, 0x14) r2 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0x7a, &(0x7f00000009c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa86dd60381f3400052f00fc000000000000000000000000000000ff020000000000000000000000000001042088a8"], 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'}) dup2(r0, r0) 6m14.704960747s ago: executing program 0 (id=58): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000280)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0xffffffffffffff61, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0xfffffffffffffff0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000540)={@ptr={0x77682a85, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x25}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x29}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x20}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) 6m14.684677881s ago: executing program 32 (id=58): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000280)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0xffffffffffffff61, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0xfffffffffffffff0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000540)={@ptr={0x77682a85, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x25}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x29}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x20}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) 1m35.70908299s ago: executing program 2 (id=5357): r0 = socket$inet6(0xa, 0x3, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000000)=0x2, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x0}, 0x94) sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="24000000000000002900b40532"], 0x28}}], 0x1, 0x0) 1m35.708802172s ago: executing program 2 (id=5358): r0 = socket$inet6(0xa, 0x80002, 0x88) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) lstat(&(0x7f0000000280)='./file1\x00', &(0x7f00000001c0)) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) setsockopt$inet6_udp_int(r0, 0x11, 0xb, &(0x7f00000001c0)=0x7, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff02000000000000000000000000000104004e20"], 0x0) 1m35.638167608s ago: executing program 2 (id=5359): syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [], {0x95, 0x0, 0x0, 0x700}}, &(0x7f0000000200)='GPL\x00', 0xe, 0x0, 0x0, 0x0, 0x0, '\x00', r1}, 0x94) 1m35.637643771s ago: executing program 2 (id=5361): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000012c0)=ANY=[], 0x2ec}, 0x1, 0x0, 0x0, 0x40099}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='tmpfs\x00', 0x0, 0x0) r1 = socket$inet(0xa, 0x801, 0x84) listen(r1, 0x8) accept4(r1, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]}) chdir(&(0x7f00000000c0)='./bus\x00') r2 = creat(&(0x7f0000000440)='./file0\x00', 0x0) open_by_handle_at(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000fb00000000fb"], 0x830200) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='nv', 0x2) r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = syz_pidfd_open(r4, 0x0) ioctl$FS_IOC_GETVERSION(r5, 0xff0a, 0x0) shutdown(r3, 0x1) r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 1m35.539264572s ago: executing program 2 (id=5362): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="180000002e00010026bdf000fcdbdf1b04"], 0x18}, 0x1, 0x0, 0x6000, 0x4000d}, 0x20000000) 1m35.229099697s ago: executing program 2 (id=5366): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048801) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4, 0x80000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9, 0x3}, {0xffe0, 0x2}, {0x0, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_ECN={0x8}]}}]}, 0x3c}}, 0x20004055) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000040)={0x1d, r1, 0x1, {0x2, 0x1}, 0xfe}, 0x29) sendmmsg$sock(r0, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="1f", 0x1}], 0x1}}], 0x1, 0x4000) bind$bt_hci(r0, &(0x7f0000000840)={0x1f, 0x2, 0x2}, 0x6) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b40)=ANY=[@ANYBLOB="1400000010000100000000000000000000464e53a6de78e7eec2acfdd52197000000000a14000000"], 0x28}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) syz_open_dev$dri(&(0x7f00000001c0), 0x5, 0x101) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0xff, 0x56a, 0x94, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x2, 0x70, 0x8, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x1, 0x1, 0x7, {0x9, 0x21, 0x3, 0x4, 0x1, {0x22, 0x979}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x5, 0x0, 0xc}}}}}]}}]}}, &(0x7f00000007c0)={0xa, &(0x7f0000000380)={0xa, 0x6, 0x201, 0x4, 0xc, 0x2, 0x1a401598e4fdb516}, 0x9a, &(0x7f00000003c0)={0x5, 0xf, 0x9a, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0x14, 0x3, 0x0, 0x5}, @generic={0x8e, 0x10, 0x4, "a138f3b6064d60b6c575ca10fc613b2ae7b63307289b3d094ecd42b53383fd29a111dc6241073f017f9f82151256792518696d6a4565eedb14c084a72dad2843f92cf4237d9a1fe9870a0b3b1678095195b26bfbee11b555249912e896b67be359464d4d61d10aa0a911595bac5cf774d9c444616770c69545373dfa67ef4890d9d37ed140643de1eb063a"}]}, 0x7, [{0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x2801}}, {0x4e, &(0x7f00000004c0)=@string={0x4e, 0x3, "42f9476736cba98d20ccdac7fffd778c585df72929beea777c7f7b44728f930d23d01ee38482357764b9bb481080c47148d85faea2977768c6b4303a8bf6cc686537bea886223ab03fcc931f"}}, {0x9b, &(0x7f0000000540)=@string={0x9b, 0x3, "1d73bad3783eb79a17aca7c80b18adc4a96fe08e65fe1f9faabeac3c5c1e6758df78aa3a42d3e9827b0d71961430d65f93bf26b9012a2b3b47aa2a2a4e6b502d7158bd5fd8b28db9a7e711721381f4c059f537fa3989bb23b76e55eb68c6b8e5fa7d8818690e4a9766adc2bc339f8a01ddb86b27b00fb029c2c91f0880ea063ba9da6a96b2e73cf3b3738d9ca008af838898d30659817e8eac"}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0xc0c}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x409}}, {0xa1, &(0x7f0000000680)=@string={0xa1, 0x3, "908190282226cf10c984ddf0374a9e72c69bb19c02674a60686238187e8e9bdf8f7b13618fb5d0c785c01a06b384e597f6c6e07ee64801c139614a8d1ac8f6f5bf3d198e6c5dfb3c75af300bcd134ba9c389a8e5f21badec90fca8939289d442b2d21945967904ae1414b322d4b0ccf0cb48b2f69f6710938d156f16bb4d8e6de853d535cacd7cc3ca49e4a6012a073161db5aa7968b5074b60f3ca8f1d799"}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x41e}}]}) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r3, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0, 0xeeee0000}) ioctl$VHOST_SET_LOG_BASE(r3, 0x4008af04, &(0x7f0000000080)=&(0x7f0000000040)) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$DRM_IOCTL_VERSION(r0, 0xc0406400, &(0x7f0000000880)={0x3, 0x4, 0x8f6e, 0x4f, &(0x7f0000000940)=""/79, 0x98, &(0x7f00000009c0)=""/152, 0xc2, &(0x7f0000000b80)=""/194}) socket(0x10, 0x800, 0xe8) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f00000000c0)) r5 = dup(r4) ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f0000000000)={0x1, r5}) r6 = socket(0x1e, 0x1, 0x0) connect$tipc(r6, &(0x7f0000000000)=@id={0x1e, 0x3, 0x1, {0x4e21, 0x3}}, 0x10) r7 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r7, &(0x7f0000000080)=[{&(0x7f0000000180)="580000001400192340834b80040d8c561e067f0202ff000000020000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000c0c100000000000000003a0", 0x58}], 0x1) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)={0x58, 0x3a, 0x9, 0x70bd29, 0x0, {0x8}, [@typed={0x44, 0x94, 0x0, 0x0, @binary="cb326a6332ff7fc1fa4eebd05a64c80993554f77a7c86788eb3a97dff6d147a3bdf45508eb8f9e1aaf10de048fd5cfa3e00a2f220bade55cd3a797f819301724"}]}, 0x58}, 0x1, 0x0, 0x0, 0x42804}, 0x0) 1m35.186613699s ago: executing program 33 (id=5366): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048801) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x4, 0x80000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9, 0x3}, {0xffe0, 0x2}, {0x0, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_ECN={0x8}]}}]}, 0x3c}}, 0x20004055) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000040)={0x1d, r1, 0x1, {0x2, 0x1}, 0xfe}, 0x29) sendmmsg$sock(r0, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="1f", 0x1}], 0x1}}], 0x1, 0x4000) bind$bt_hci(r0, &(0x7f0000000840)={0x1f, 0x2, 0x2}, 0x6) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b40)=ANY=[@ANYBLOB="1400000010000100000000000000000000464e53a6de78e7eec2acfdd52197000000000a14000000"], 0x28}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) syz_open_dev$dri(&(0x7f00000001c0), 0x5, 0x101) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0xff, 0x56a, 0x94, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x2, 0x70, 0x8, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x1, 0x1, 0x7, {0x9, 0x21, 0x3, 0x4, 0x1, {0x22, 0x979}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x5, 0x0, 0xc}}}}}]}}]}}, &(0x7f00000007c0)={0xa, &(0x7f0000000380)={0xa, 0x6, 0x201, 0x4, 0xc, 0x2, 0x1a401598e4fdb516}, 0x9a, &(0x7f00000003c0)={0x5, 0xf, 0x9a, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0x14, 0x3, 0x0, 0x5}, @generic={0x8e, 0x10, 0x4, "a138f3b6064d60b6c575ca10fc613b2ae7b63307289b3d094ecd42b53383fd29a111dc6241073f017f9f82151256792518696d6a4565eedb14c084a72dad2843f92cf4237d9a1fe9870a0b3b1678095195b26bfbee11b555249912e896b67be359464d4d61d10aa0a911595bac5cf774d9c444616770c69545373dfa67ef4890d9d37ed140643de1eb063a"}]}, 0x7, [{0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x2801}}, {0x4e, &(0x7f00000004c0)=@string={0x4e, 0x3, "42f9476736cba98d20ccdac7fffd778c585df72929beea777c7f7b44728f930d23d01ee38482357764b9bb481080c47148d85faea2977768c6b4303a8bf6cc686537bea886223ab03fcc931f"}}, {0x9b, &(0x7f0000000540)=@string={0x9b, 0x3, "1d73bad3783eb79a17aca7c80b18adc4a96fe08e65fe1f9faabeac3c5c1e6758df78aa3a42d3e9827b0d71961430d65f93bf26b9012a2b3b47aa2a2a4e6b502d7158bd5fd8b28db9a7e711721381f4c059f537fa3989bb23b76e55eb68c6b8e5fa7d8818690e4a9766adc2bc339f8a01ddb86b27b00fb029c2c91f0880ea063ba9da6a96b2e73cf3b3738d9ca008af838898d30659817e8eac"}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0xc0c}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x409}}, {0xa1, &(0x7f0000000680)=@string={0xa1, 0x3, "908190282226cf10c984ddf0374a9e72c69bb19c02674a60686238187e8e9bdf8f7b13618fb5d0c785c01a06b384e597f6c6e07ee64801c139614a8d1ac8f6f5bf3d198e6c5dfb3c75af300bcd134ba9c389a8e5f21badec90fca8939289d442b2d21945967904ae1414b322d4b0ccf0cb48b2f69f6710938d156f16bb4d8e6de853d535cacd7cc3ca49e4a6012a073161db5aa7968b5074b60f3ca8f1d799"}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x41e}}]}) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r3, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0, 0xeeee0000}) ioctl$VHOST_SET_LOG_BASE(r3, 0x4008af04, &(0x7f0000000080)=&(0x7f0000000040)) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$DRM_IOCTL_VERSION(r0, 0xc0406400, &(0x7f0000000880)={0x3, 0x4, 0x8f6e, 0x4f, &(0x7f0000000940)=""/79, 0x98, &(0x7f00000009c0)=""/152, 0xc2, &(0x7f0000000b80)=""/194}) socket(0x10, 0x800, 0xe8) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f00000000c0)) r5 = dup(r4) ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f0000000000)={0x1, r5}) r6 = socket(0x1e, 0x1, 0x0) connect$tipc(r6, &(0x7f0000000000)=@id={0x1e, 0x3, 0x1, {0x4e21, 0x3}}, 0x10) r7 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r7, &(0x7f0000000080)=[{&(0x7f0000000180)="580000001400192340834b80040d8c561e067f0202ff000000020000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000c0c100000000000000003a0", 0x58}], 0x1) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)={0x58, 0x3a, 0x9, 0x70bd29, 0x0, {0x8}, [@typed={0x44, 0x94, 0x0, 0x0, @binary="cb326a6332ff7fc1fa4eebd05a64c80993554f77a7c86788eb3a97dff6d147a3bdf45508eb8f9e1aaf10de048fd5cfa3e00a2f220bade55cd3a797f819301724"}]}, 0x58}, 0x1, 0x0, 0x0, 0x42804}, 0x0) 16.256048599s ago: executing program 3 (id=7096): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x9, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x0, 0x6, 0xa, 0x0, 0xfe00, 0x41}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(r2, 0x84, 0x84, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, {0x0, @in={{0x2, 0x0, @empty}}}}, &(0x7f0000000280)=0xb0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r5 = dup(r4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r5, 0x2000) ioctl$SNDCTL_DSP_SUBDIVIDE(r5, 0xc0045009, &(0x7f0000000640)=0x6625a1f5) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r7 = accept4(r6, 0x0, 0x0, 0x0) sendto$unix(r7, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea888bf13de8e8f74c6178e31e47593732ae1a501ad3641d423195a788efdb643f50a8c8b9794a62f7b8dfa0fa7da9d391b92ce2a7f9fe0f9d584a3775f", 0x703d59595f6742a8, 0x800, 0x0, 0x0) recvfrom(r7, &(0x7f00000030c0)=""/4117, 0x1015, 0x10043, 0x0, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000005c0)={r3, 0x472, 0xfff1, 0x18, 0x3, 0x8}, &(0x7f0000000600)=0x14) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r7, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0x98, r9, 0x200, 0x70bd2d, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xa0}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}, @MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast2}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xc}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x24, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x4}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x9}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @private=0xa010101}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x6}]}, 0x98}, 0x1, 0x0, 0x0, 0x10}, 0x4080) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000001c0)={r1, &(0x7f00000000c0)="6557275f55444aeb879792cb138a060c1a76fb62e1140d9a6a15559eb03c2b4dec8cec8b02c9bfff602fa447a16eb52d6cb661c9730d5c8373038d022fe34211f907a43a1bf406931387563020a3c31210fa70d32060617fc88732857f0b42b3ad0932c8e66038385b6c73b9744dbf35e4097e1d68e77662a0ecdd1f4a1b24fe1a79576d672a5720b6bcb0a8e83d641df1429fb2b311d8200d8a32b72af8d49cbce622c7635e59320c892c64e08607ad34a4085bba6d2a152f1dbfb104d6487a0053bc2efcaedfd4fa7ebc091c2eb9e332b088"}, 0x20) 16.188246522s ago: executing program 3 (id=7098): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x70bd2a, 0x25dfdbfe, {0xa, 0x10, 0x80, 0x8, 0xfe, 0x0, 0xfd, 0x4, 0x2000}, [@RTA_OIF={0x8}]}, 0x24}}, 0x0) (async, rerun: 64) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async, rerun: 64) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000580)={'veth1_to_bond\x00', 0x0}) r5 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000001c0)={r2, r4, 0x25, 0x2, @void}, 0x10) bpf$LINK_DETACH(0x22, &(0x7f0000000000)=r5, 0x4) (async) sendmsg$tipc(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000300)="3ccc8bc228b437650a3365743f5468e97885a67a792234242dddb7158e3234bb4de9c8bbebcde2f6c5cc60fe3cdc5636a33b2c76ffffefcabd4d4d25a8c1f26b42bede477fcbcea97cf4565d22657b40fc32dd3c6a702039a9765ca2c7ead4e5f1ca7ede", 0x64}, {&(0x7f0000000380)="a31be4e64f6bc442b79a331ef7f26ea27d5144610cb039fb1615749661a3d40a7f0c2bf2c9", 0x25}], 0x2}, 0x0) writev(r0, &(0x7f0000000880)=[{&(0x7f0000000040)="ec7c018f9ff1c3f27949a4d87400a7d9bcc81226dd11cdbcf78b3ed29d6d790ddf7bc703a553320b34d954f0101a1cde965ddfa58d1f01641f29c620", 0x3c}, {&(0x7f0000000080)="93580cb015d75c87326780dda197c8efa3fae0729e8d9bf4a77bb7b4a2a33ebdb3313c0a885b34470e8b7306617b0539cda5fca4fe6fb8d7a6af69ccb490d39c76a2140f873a0d1f5c20d0ab01997a4118fee4af97cef16543fe5137116ea9bb3c04fddd630c717d9ff71c3c3ed1204b2b30afade7b2f7721c29d8840bba484eb188235744de46b5a4a56d817af454b6050879bf198d8e971f12872cf30dc7c1161c2175babe80b25515e6514cc666c591b23ca9b2473cd42761b2b324ba82a541458dac3e619e8951a512205d5661939152fbc33b00ab7575fa3c1042016270352842dd1a2209d608", 0xe9}, {&(0x7f00000003c0)="d73cbeaf234bc9e9da9b94355669a071950c8cc4e5de9648d16c49b2bf60fa780ff59911cddc5e83286849aa14d065349afa1f12ff1c3de7902c7dfe51126ed973a2cc456af8c07d2a92f0f0b5370f7c41e276ebbd7018da68b7185060725a108c21b51e5d343c09da257c3425f66e1b940009f2f4e2de882f0fafcf2f0c06ff236434cb334d32a82cc2af4974", 0x8d}, {&(0x7f0000000500)="b58c8a5cb08831ff3cc7681bb0aab886dbe4036815c257986737c4ffad3f5b7dc320f8a08a8def034091aaa0", 0x2c}, {&(0x7f00000001c0)="b875983b6a86cd7ccd0ceb92f8d12f149a3fa805afd6a43c1381daf0f3618fb9f317ec7d6f", 0x25}, {&(0x7f00000005c0)="7d385b1c13b2b89348299bd7ec370b7073158d8d3ddc64529ea6030498ddc3d987f76bba62b13efd38d9cb13d30275bbceef0c1d5b001c6fc6eafc6a48bb046f3eda40e2d5fe4added221a2c3b245e743da89aa1f8cec82f64c5a2f939f6dc514177e01cda25e6c0c3227ec4fc258e8bff8c5cfe55811b50be6887b87d6f8a397aae510a48776ae451e137adae9ba5d310b25defadecd4557d15ca04574be6c0a9a26221e8fc7058bb036009bed5e7ebd7a8bbc55801ad2c2f6ff59f0fcb19766d16ae80790b29d2dfd37556201f7eea5d", 0xd1}, {&(0x7f0000000240)="109f6f3c86d232f7ed9e038b3f261e54776f83d6343c8518dfa021eb14755d5fad0aa0a0494283264ecbb8b3505233c1be2b657dfed25da1221491654b728d11211c2c77acd5b732f7febf376381dc4ea459fdd90c5d26b659adc314264e5e304c", 0x68}, {&(0x7f00000006c0)="b07f169f3b35b429df8871b25ea08dc9ae278985bbeece25cc953cd47328fa0d18edce8fa136606eb73e0b0ad62010a54987ce790296e46a297d35903f25efd09b5fb7b31b65c5ff210c1820e4341863222ab13978dd6a0248704763d825d5ed0dba2ae2c17f00d96d0ad16fefc92abce6a992c95569bac0344b6fa78ce1bded824df351bff5e4632db91ea783c91a8795e68745ff82262a028ecccddeae4733ac0450a97b168e997e5d203056f37df76c96810227faa502afa35bea88c4a12b02f6ebcf8cc4164ea1a100b910353ba0dc11ab9fd6f8843e8e34559cd68083fee535965d4f616f", 0xe7}, {&(0x7f0000000480)="6b2e9cae0b2fb83e7f57e34b2c77adfcbc47d59d2b2deea79dcebb0883675039d0382140767d7364b2b87f6a7a4c13529414f4845a81e09aa5f8a9a0bf4c5e27b14f872bbb4336b3c5bac7ada6d38444cc48e73b72af4b4d8b6656c56f6c61943898417e2327a966738bb5", 0x6b}, {&(0x7f00000007c0)="ee2d29732000a3de4e1e95faf57c4ca9dc89521d612202c21028e666061ff33e8208abca3eb7f88f8289a3ccc032bafb37146849cd72a181100012ef764d81e4f089b873299e1ad8ef1c9f04b58abba0d85499154449939914e3b1fe4520e99e4cdc4dcd1d2b49fb0c379ad84d0eba4ea511c544e7f81d5c2f6300a9a474b0eef65d6659bbbd616b0fd2b0ba6bf06ef2553db5cf", 0x94}], 0xa) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001b80), 0xffffffffffffffff) (async, rerun: 64) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) (rerun: 64) sendmsg$NL80211_CMD_SET_MCAST_RATE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="3904feffffff000705769600000008000300", @ANYRES32=r8, @ANYBLOB='\b\x00k'], 0x24}}, 0x4004000) (async, rerun: 64) sendmsg$tipc(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) (async, rerun: 64) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000540)={{0x1, 0x1, 0x18, r5, {0x4}}, './file0\x00'}) getsockopt$netrom_NETROM_T1(r9, 0x103, 0x1, &(0x7f0000000940), &(0x7f0000000980)=0x4) 10.935357469s ago: executing program 5 (id=7250): madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) socket$nl_route(0x10, 0x3, 0x0) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) syz_clone3(&(0x7f0000000240)={0x24000000, 0x0, 0x0, 0x0, {0x23}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/uevent_seqnum', 0x0, 0x0) read$FUSE(r0, &(0x7f0000007040)={0x2020}, 0x2020) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$igmp6(0xa, 0x3, 0x2) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @loopback, 0x80000000}, 0x1c) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x28, 0x4, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x40000) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x38) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000800)=@raw={'raw\x00', 0x3c1, 0x3, 0x13a0, 0x1170, 0xc8, 0x8, 0x0, 0x5803, 0x12d0, 0x2e8, 0x2e8, 0x12d0, 0x2e8, 0x3, 0x0, {[{{@ipv6={@private0, @loopback, [0xffffff00, 0xffffffff, 0x80, 0xffffff00], [0xffffffff, 0x0, 0xffffff00, 0xff0000ff], 'lo\x00', 'vlan0\x00', {}, {0xff}, 0x3a, 0x7, 0x0, 0x20}, 0x0, 0x1108, 0x1170, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@cgroup1={{0x1030}, {0x1, 0x0, 0x0, 0x1, './cgroup/syz0\x00', 0x4f6, {0xd}}}, @common=@frag={{0x30}, {[0x6, 0x3], 0x3, 0x2, 0x1}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x17, 0x3, 0x10, 0xc0000000, 'pptp\x00', 'syz0\x00', {0xe6}}}}, {{@ipv6={@rand_addr=' \x01\x00', @rand_addr=' \x01\x00', [0xff, 0xffffff00, 0xff000000, 0xff], [0xff, 0x0, 0xffffff00], 'wg0\x00', 'nicvf0\x00', {0xff}, {}, 0x0, 0xc0, 0x0, 0x14}, 0x0, 0xf8, 0x160, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x4, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00', {0x4}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1400) 10.733707144s ago: executing program 5 (id=7255): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) write$tun(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000000311ff00000000000000000000000000000000ff02fe070000000060000000000000014f194e20"], 0x52) 10.583904579s ago: executing program 5 (id=7261): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff0000000002"], 0x7c}}, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x7fff, 0x0, 0x1}}, 0x40) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000540)=""/67, 0x0, 0x4}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/231, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/57, 0xd000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) r2 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000200)=[@in={0x2, 0x4e24, @empty}], 0x10) listen(r2, 0x100) sendmsg$inet_sctp(r2, &(0x7f0000001640)={&(0x7f0000000080)=@in={0x2, 0x4e24, @remote}, 0x300, &(0x7f0000000280)=[{&(0x7f0000000040)="f4", 0x1}], 0x1, 0x0, 0x0, 0x8000}, 0x20000050) 10.583326216s ago: executing program 5 (id=7263): fchdir(0xffffffffffffffff) mount$9p_virtio(&(0x7f00000000c0), &(0x7f0000000080)='.\x00', &(0x7f0000000000), 0x4, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0) sendmsg$NL80211_CMD_VENDOR(r1, 0x0, 0x800) syz_open_procfs(0x0, &(0x7f00000001c0)='net/icmp6\x00') openat$dsp(0xffffffffffffff9c, 0x0, 0x101a02, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$ptp0(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x28000, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="14000000100001000000000000000000000e000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140003006e657464657673696d30000000000000080000000000000014000000110001"], 0xac}, 0x1, 0x0, 0x0, 0x4008805}, 0x0) 10.422484175s ago: executing program 3 (id=7100): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r0 = syz_open_dev$loop(&(0x7f0000000180), 0x3, 0x2) bind$inet(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x6b46, 0x80000000, 0x0, 0x0, 0x8, 0xc, "a2bba2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100000000000000000000000000000000000000007fffffffffffffff00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f30600301a00000020000000000000000c100", [0x3]}}) 9.925009424s ago: executing program 3 (id=7100): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r0 = syz_open_dev$loop(&(0x7f0000000180), 0x3, 0x2) bind$inet(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x6b46, 0x80000000, 0x0, 0x0, 0x8, 0xc, "a2bba2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100000000000000000000000000000000000000007fffffffffffffff00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f30600301a00000020000000000000000c100", [0x3]}}) 9.343580574s ago: executing program 3 (id=7100): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r0 = syz_open_dev$loop(&(0x7f0000000180), 0x3, 0x2) bind$inet(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x6b46, 0x80000000, 0x0, 0x0, 0x8, 0xc, "a2bba2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100000000000000000000000000000000000000007fffffffffffffff00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f30600301a00000020000000000000000c100", [0x3]}}) 8.593619568s ago: executing program 3 (id=7100): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r0 = syz_open_dev$loop(&(0x7f0000000180), 0x3, 0x2) bind$inet(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x6b46, 0x80000000, 0x0, 0x0, 0x8, 0xc, "a2bba2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100000000000000000000000000000000000000007fffffffffffffff00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f30600301a00000020000000000000000c100", [0x3]}}) 7.573934417s ago: executing program 4 (id=7298): fchdir(0xffffffffffffffff) mount$9p_virtio(&(0x7f00000000c0), &(0x7f0000000080)='.\x00', &(0x7f0000000000), 0x4, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0) sendmsg$NL80211_CMD_VENDOR(r1, 0x0, 0x800) syz_open_procfs(0x0, &(0x7f00000001c0)='net/icmp6\x00') openat$dsp(0xffffffffffffff9c, 0x0, 0x101a02, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$ptp0(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x28000, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000010000100000000000000fffffff5000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140003006e657464657673696d30000000000000080000000000000014000000110001"], 0xac}, 0x1, 0x0, 0x0, 0x4008805}, 0x0) 7.394163894s ago: executing program 4 (id=7299): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x20, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}, [@nested={0x9, 0x11, 0x0, 0x1, [@generic="31f9e05e2f"]}]}, 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x500000000000000) 7.021172064s ago: executing program 4 (id=7300): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f0000002000/0x4000)=nil) r1 = epoll_create1(0x0) epoll_pwait(r1, &(0x7f0000000040)=[{}], 0x1, 0xff, 0x0, 0x0) fdatasync(r1) r2 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) munmap(&(0x7f0000002000/0x2000)=nil, 0x2000) r3 = syz_io_uring_setup(0x61ac, &(0x7f00000003c0)={0x0, 0x0, 0x10100, 0x0, 0xffffffff}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r4, r5, &(0x7f0000000380)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r6, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f00000014c0)=ANY=[@ANYBLOB="1010"], 0x1010}, 0x0, 0xe3d08660d3cd4684}) io_uring_enter(r3, 0x92, 0x2, 0x9, 0x0, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(r2, 0x400442c8, &(0x7f0000000100)=ANY=[@ANYRES32=r0, @ANYBLOB="050000000500afe4116f9803915e1c8dd14c7b4c787a5fb22b90bf23caa13e72ae534aeb2579642c775707b1ff3d621d22eaef1db49720e691f6d74f4de401e3e3c677e17342a96a1511cef7765966f297f7d87c842d165e7f0fefdbc572fe2dea54ecd33496d0429da55942af9e9ef9c440362320d418a9d2848d276a71f517cff86289fab991819f354aae9b9c2bdb6dc56980ce4d97525bf3abaa6008169135c4a4f4df3de11212edaa18b801b86bf42c8c0962a4d7eb35227c7b0ba96f53c3e6e8e9fde8a963bb04eb1d7893c93cf21f720f568cd73a96fa611175dfda9c07daa418392e28fde06c977e638e9a97418d5828674f2689ed6773dfec136dfba9377ac1d9067837db41f2eb914c1bbe36d1e7d31d70e71af8662148b1fe7f698f938f691ffe02894e78bf0107d1c970"]) 6.733218715s ago: executing program 4 (id=7304): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x32, 0x0, &(0x7f0000000400)=[@increfs], 0xfffffcb0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000540)={@fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x0, &(0x7f0000000440)=""/210, 0xd2, 0x1, 0x29}, @ptr={0x70742a85, 0x5, 0x0, 0x22, 0x1}}, &(0x7f0000000600)={0x0, 0x18, 0x40}}, 0x1000}], 0xd2, 0x0, 0x0}) 6.732870888s ago: executing program 4 (id=7305): mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) (async) mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') (async) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0\x00', 0x0) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0) (async) mount$bpf(0x0, 0x0, 0x0, 0x84000, 0x0) (async) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) (async) r2 = socket(0x2, 0x80805, 0x0) getsockopt$bt_hci(r2, 0x84, 0x3, &(0x7f0000004280)=""/4087, &(0x7f00000001c0)=0xff7) (async) r3 = inotify_init1(0x0) inotify_add_watch(r3, &(0x7f0000000000)='.\x00', 0x52000775) (async) open(&(0x7f00000000c0)='.\x00', 0x800, 0x50) (async) close(0x3) (async) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000000c0)={'veth0_virt_wifi\x00', 0x0}) (async) r6 = socket$netlink(0x10, 0x3, 0x0) (async) sendmsg$IPVS_CMD_GET_INFO(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, 0x0, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8004}, 0x4008085) sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x8c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r5, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3], 0x0, [0x5, 0x4, 0x2, 0x2, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8001]}}]}}]}, 0x8c}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="6c00000010001fff010000000000000000060000", @ANYRES32=0x0, @ANYBLOB="81ffffff00000000440012800b00010067656e6576650000340002800500090000000000050009000100000005000a000000000005000300f90000000500040040000000050004000800000008000a00", @ANYRES32], 0x6c}}, 0x40) 6.674206134s ago: executing program 4 (id=7306): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x24, 0x3, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x8}, @NFTA_SET_ELEM_EXPRESSIONS={0x18, 0xb, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @counter={{0x10}, @val={0x4}}}]}]}]}]}], {0x14, 0x10}}, 0xd0}}, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) ioctl$sock_ifreq(r1, 0x8943, &(0x7f0000000080)={'dummy0\x00', @ifru_ivalue}) 2.528773351s ago: executing program 5 (id=7266): r0 = socket$inet6(0xa, 0x3, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000000)=0x2, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x0}, 0x94) sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002'], 0x28}}], 0x1, 0xfec00000) 2.150694868s ago: executing program 5 (id=7266): r0 = socket$inet6(0xa, 0x3, 0x8) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000000)=0x2, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x0}, 0x94) sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002'], 0x28}}], 0x1, 0xfec00000) 1.969529023s ago: executing program 1 (id=7328): socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="b80000001000210400000000fedbdf25000000f0", @ANYRES32=0x0, @ANYBLOB="adffa888e16000009000128009000100766c616e00000000800002800c0002000e0000000a000000340004800c00010017900000020000000c000100f04ae965cb0b00000c00010004000000002000000c000100001000000900000006000100020000000c0002000a0000000c000000280003800c00010008000000090000000c00010009000000030000000c000100090000000080000008000500", @ANYRES32=r2], 0xb8}}, 0x2) 1.89008821s ago: executing program 1 (id=7329): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b70500000000000061103000000000000fa000000000000095000000000000001f495ff727520cccddfad6fab92a770b445d050000006edc1b5613c5e35079725d19e88b662c2596b2f0b40aa9de45cf931a7ddaae7bdd97a9787684a5a6bbe879d6561715a194eb15d509b1837f6d317d12dd2c98f05e43aa14b3655a78009367bac65148a671b0ffd1c946b31202b7c73e0f1c5df29d57ed708602599a04fde318753c358d42ba7c52b4e20bc5c0e91fbc96da558c38891cd5bc38b6db9863a1273811976d15ba39fe2700"/218], &(0x7f00000002c0)='GPL\x00', 0x5, 0x9e, &(0x7f0000000300)=""/188, 0x0, 0x300, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79, 0x0, 0xffffffffffffffff, 0xfffffffffffffe21}, 0x2a) 1.8899539s ago: executing program 1 (id=7330): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_80211_inject_frame(0x0, 0x0, 0x3c) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e14060200f000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 1.280686933s ago: executing program 1 (id=7331): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r1, &(0x7f0000008140)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000900)=""/243, 0xf3}], 0x1, &(0x7f0000000280)=""/11, 0xb}, 0x1}, {{0x0, 0x0, &(0x7f00000080c0)=[{&(0x7f0000007cc0)=""/122, 0x7a}], 0x1}, 0x9}], 0x2, 0x2, 0x0) close(r0) r2 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0) r5 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x3, 0x82000) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r5, 0xc0045520, &(0x7f0000000040)=0xffffffff) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r6, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x7) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0x8}, {0xfff1, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000980)=@delchain={0x24, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0x9}, {0xfff3, 0xffff}, {0x0, 0x1b}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) 338.098µs ago: executing program 1 (id=7332): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000940)=@newsa={0x158, 0x10, 0x413, 0x0, 0x0, {{@in6=@private2, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x4e24, 0x0, 0xa, 0x0, 0x20, 0x2b}, {@in=@loopback, 0x0, 0x32}, @in=@remote, {0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x7}, {0x0, 0x4, 0xcc}, {0xf6}, 0x0, 0x0, 0xa, 0x1, 0x1}, [@algo_aead={0x67, 0x12, {{'rfc4309(ccm(aes))\x00'}, 0xd8, 0x80, "b38e4d000000000000004600000000000000089fd797d6e037989f"}}]}, 0x158}, 0x1, 0x0, 0x0, 0x1}, 0x0) 0s ago: executing program 1 (id=7333): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x1}) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r0, 0x7b2, &(0x7f00000000c0)={&(0x7f0000000e80)=[0x4, 0x5, 0x2, 0x8, 0x81, 0x5, 0x6, 0xa5e1, 0xa, 0x0, 0x9, 0x7f, 0x4, 0x3, 0x275b, 0x5, 0x3ff, 0x6, 0xfffffffc, 0x85f, 0x2, 0xe56, 0x4, 0x4, 0x6, 0x5, 0x327a, 0x3, 0x52, 0x1ff, 0x1, 0xd, 0x4, 0x9a, 0x0, 0xb8, 0x448c9e4e, 0x6, 0x6, 0x6, 0x3, 0x0, 0x8, 0x4, 0x340e, 0x1, 0x9165, 0x5, 0xfffffffd, 0x6, 0xb, 0x5913, 0xb, 0x1da, 0x7b480c01, 0x6, 0x7, 0x8, 0x4, 0x5, 0x8, 0xa2, 0x3, 0x3, 0x3, 0x4, 0x10, 0x9, 0x7, 0x0, 0x401, 0x9, 0x10, 0x9e2, 0x0, 0x0, 0x5, 0x0, 0xf10000, 0x2, 0x101, 0x1, 0x9, 0x144, 0xe7a, 0x5, 0x0, 0xf, 0x1000, 0x560b, 0x4, 0x1, 0x9, 0x7a, 0x8, 0x5f5, 0x60, 0x3, 0x45, 0x0, 0x5, 0xbc, 0xfff, 0x4, 0x68, 0x8001, 0x386, 0xd7, 0x61, 0xbe7e, 0x2, 0x0, 0xfffffff7, 0x5b, 0x6, 0xc78, 0xb, 0x8000, 0x6, 0x8, 0x28, 0x5, 0x1, 0x9da, 0x800, 0x36b3, 0x0, 0x8, 0xb3, 0x8, 0x2, 0x7, 0x8, 0xc6bf, 0x7114, 0x74fe, 0x4, 0x2a8, 0x7f, 0x1, 0x9, 0x8, 0x2, 0x3, 0x3, 0x401, 0x7, 0x8, 0x7fff8000, 0x6, 0x56a, 0x800, 0x4, 0x101, 0x2, 0x2, 0x3, 0x0, 0xef10, 0x1ff, 0x7, 0x9, 0x800, 0xfffffff7, 0xa6a, 0x8000, 0x8f05, 0x0, 0x7, 0x8, 0x0, 0xfffffffa, 0x9, 0x2, 0x2f5, 0x9, 0x5, 0x80, 0x0, 0xfffffffa, 0x80000001, 0xa419, 0x8, 0x5, 0xfffff861, 0x1, 0xe, 0x6, 0xee0, 0x1, 0x7fffffff, 0x7, 0x3, 0x7fff, 0x1, 0x6, 0x3, 0x5, 0x6, 0x2, 0x6, 0x889, 0x3, 0xff81, 0xfff, 0x32, 0x1, 0x5, 0xffff, 0x7, 0x6, 0x2, 0x9, 0x7, 0x3ff, 0xef, 0x7f, 0x4, 0x7, 0x7, 0xfffffffd, 0x1, 0x7, 0xcc6, 0x3f, 0x8001, 0xfffffffd, 0x7fffffff, 0x3, 0x3, 0x9, 0xffffffff, 0x0, 0x6, 0x3, 0x7f, 0x4, 0x7, 0x8, 0x9, 0x4f8bde6e, 0x200, 0x3, 0x0, 0x80, 0x1000, 0x6, 0x7, 0x3, 0x8, 0x4b, 0x1, 0x2, 0x80000000, 0x8, 0x2, 0x0, 0xdc6, 0xb20b, 0x10, 0x1, 0x9, 0x2, 0x7f, 0x1, 0x101, 0x322, 0x4, 0xfffffffa, 0xe, 0x4c4, 0xc92b, 0xd3e2, 0x4, 0x0, 0x9, 0xfff, 0x7fff8000, 0x5, 0xfffffff9, 0x1, 0x6, 0x6, 0x3, 0x9, 0x80000001, 0x401, 0x4, 0x9, 0x5, 0x4, 0x1ff, 0x6c5ac0b7, 0x1, 0x1ff, 0x7, 0x2, 0xfff, 0x80, 0xb, 0x1, 0xfffffff8, 0x400, 0x7f, 0x76f2a90d, 0x9, 0x401, 0x3, 0x4, 0x3, 0x3, 0x480000, 0x6, 0x277, 0x1, 0x4, 0x5, 0xffffff3c, 0x8, 0x9, 0x0, 0xfffffff7, 0xb, 0x80, 0x3938, 0x218, 0x69df, 0x334, 0x9, 0x2, 0x0, 0x3a, 0x8, 0x6, 0xfffffff7, 0x1ff, 0x5, 0x10000, 0x80000001, 0x1, 0x2, 0x9a2, 0x8, 0x10000, 0x80000001, 0x9, 0x4, 0x0, 0x90e1, 0x1, 0xfffffff9, 0x1, 0xa, 0x6, 0x80, 0x7, 0x7, 0x10, 0x9, 0xfffffffd, 0x3, 0x4, 0x2f, 0xb, 0x6, 0x10001, 0x9, 0x7, 0xff, 0x80, 0xffff, 0x3, 0x2000, 0x8b, 0x3ff, 0xe, 0x9, 0x2, 0xfffffff8, 0xe, 0x8, 0x80000001, 0x400, 0x7, 0x6, 0x511, 0x80, 0x80000000, 0xfffffff7, 0x8000, 0x6, 0x9258, 0x0, 0x0, 0x8, 0xfffffbff, 0x800, 0xdc0c, 0x3, 0x6, 0x4, 0x8, 0x89cf, 0x0, 0xfffffffa, 0x1, 0xfffffffd, 0x4, 0x5, 0x5, 0x5, 0x7ff, 0x2, 0x8, 0x2, 0xfffffffb, 0x8, 0x2, 0x6, 0x3, 0x5, 0x0, 0xffff, 0x0, 0xfff, 0x1000, 0x0, 0x1, 0xd, 0x9, 0x0, 0x6, 0xffffffff, 0x8, 0x864, 0x8, 0x100, 0x7ff, 0x570f, 0x9, 0x6, 0x2, 0x4, 0x0, 0xb, 0x5, 0x9, 0x6, 0x437, 0x4, 0x9, 0x8, 0xff, 0x7ff, 0x0, 0xd6, 0x4, 0x7b, 0x2, 0x7, 0x0, 0x9, 0x3, 0x5, 0x7, 0x3ff, 0xe, 0x4, 0x5, 0x5, 0x7, 0x9, 0x21bf, 0x9, 0x8, 0xfffffff9, 0x8, 0x0, 0xffffffc0, 0x8, 0x2, 0x3, 0x0, 0x9, 0x80, 0x4, 0x3ff, 0x1, 0xfff, 0x7, 0x7, 0x7, 0xdf1, 0x2, 0x2, 0x4da06683, 0x80, 0xa, 0x1ff, 0x1, 0x9, 0xe, 0x6acd, 0x9, 0x7, 0x7, 0xff, 0x1, 0x8, 0xffff, 0x1, 0x4, 0x8c, 0x4, 0x2, 0x3, 0xd, 0x5, 0x9, 0xfff, 0x2, 0x9, 0x7fff, 0x9, 0x7, 0x0, 0x1000, 0x1, 0x1, 0x8000, 0x7, 0xffff8af5, 0x1ff, 0x0, 0x7, 0x7fff, 0x3, 0x3, 0xffffffff, 0x0, 0x8, 0x4, 0x8, 0x80000001, 0x0, 0x5, 0x9, 0x5, 0x99, 0x8, 0x6, 0x3, 0xbc, 0x7, 0xb, 0x7, 0x7, 0x501, 0x9, 0x6, 0xfff, 0x5df7a298, 0x0, 0x7, 0xa, 0x8, 0xfffffffd, 0x2, 0x5, 0x5, 0x3, 0x200, 0x4, 0xc0, 0x8, 0xfffffff4, 0x2, 0x80000, 0x1, 0x7fffffff, 0x8d, 0x17400, 0x5, 0x0, 0x81, 0xfff, 0x6, 0x5, 0x5, 0x6, 0x6, 0x38, 0x4, 0x2, 0x6, 0x9, 0x7, 0x6, 0x1000, 0x4, 0x2, 0x73, 0x39, 0x9, 0x1144, 0x4, 0x0, 0x4, 0x8, 0x2, 0x6, 0x7fffffff, 0x7ff, 0x5, 0x8, 0x7, 0x4, 0xd521, 0x8, 0xb3aa, 0x0, 0x53, 0x1, 0x8, 0x7, 0xffffffff, 0x7, 0xa0, 0x7, 0x7b5, 0xa, 0x18000, 0x6, 0xfffffff9, 0xffff5509, 0xa5d4, 0x8000, 0x1, 0x44, 0x2, 0x4, 0x5, 0x8b3e, 0x3, 0x1, 0x5, 0x894, 0x90, 0x44, 0x7, 0x8, 0x7, 0x6, 0x0, 0x2, 0x76, 0x81, 0x5, 0x12000, 0x46ebfcf, 0x8, 0x3, 0x375, 0x10001, 0x7, 0xff, 0x40, 0x5, 0x10001, 0x8, 0xf, 0x68b7, 0x6, 0x8, 0xde5, 0x9, 0x9, 0xe708, 0x3, 0x3, 0x80, 0x200, 0x7, 0x47, 0x0, 0x10000, 0x3, 0x0, 0x4, 0x2, 0x5, 0x0, 0x3, 0x0, 0x3, 0x3, 0x7, 0x7, 0x0, 0x5, 0xd2, 0x0, 0x1, 0x6, 0x7f, 0x7, 0x2, 0x5314, 0x8, 0xfffffe00, 0x9, 0x1, 0xc1e, 0x81, 0x9, 0x6, 0x1, 0x8, 0x0, 0x7, 0x2, 0x5, 0x7, 0x3, 0x1, 0x5, 0xdc92, 0x9, 0x2, 0x8001, 0x3a, 0x2, 0x2, 0xfffffffc, 0x3, 0x2, 0x3, 0x8, 0x70, 0xa644, 0x401, 0x6, 0x77, 0x1, 0x2, 0x969, 0x837, 0x9, 0x8000, 0xff, 0x7e0e, 0x244, 0x4, 0xbc, 0x2, 0x9, 0x7, 0xffff, 0xd, 0x1, 0x6, 0xffff, 0x9, 0x0, 0x0, 0x5, 0x40, 0x100000, 0x8, 0x4, 0x9, 0x0, 0x9, 0xda11, 0x9, 0x10000, 0x5, 0x2, 0x4, 0x7, 0x6, 0x100, 0x9, 0x7f, 0x9, 0xff, 0xa8, 0x8d5b, 0x7, 0x8f6, 0x10001, 0xcd81, 0x800, 0x4, 0x1, 0xf970, 0x6, 0xffffffc7, 0x7fffffff, 0x432a, 0xa79a, 0x1000, 0x7fffffff, 0x4, 0x10000, 0xa16, 0x1, 0x3, 0x8, 0xbe3, 0x3, 0x0, 0x3, 0x9, 0x8, 0x100, 0x80000001, 0xffe, 0x8, 0x9, 0x6, 0x9, 0x9, 0x10, 0x2, 0x7, 0x1873, 0x1e, 0xa, 0x3, 0x6, 0x80, 0x7a884f05, 0xfff, 0x7fff, 0x7, 0x8, 0x5, 0x0, 0x3, 0x7ff, 0x1, 0x9, 0x2, 0xd, 0xc7, 0x400, 0x1, 0x1, 0x6, 0x7f, 0x10001, 0x8, 0x9, 0x2, 0xe3f, 0xdd, 0x4, 0x800, 0xfffffff7, 0x4, 0x4, 0xce4, 0xf, 0xfffff598, 0xfffffff2, 0xb, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffff9, 0x400, 0x6, 0x7ff, 0x5, 0x3, 0x2, 0x5b, 0xff, 0x81, 0xa000, 0x2, 0xffffffff, 0x4b252e7e, 0x3, 0x984, 0x101, 0x8000, 0x1, 0x4, 0x2f85ab14, 0x4, 0x2, 0x9, 0x5, 0x2, 0xeb, 0x9, 0x3f80000, 0x6, 0x9, 0x0, 0xf, 0x6ab, 0xfffffffc, 0x4, 0xe4d, 0xdda, 0x9, 0x5, 0x767, 0x9, 0xc, 0x6c8, 0xc87a, 0x0, 0x1, 0x4, 0x435c, 0xf98, 0xff, 0x4, 0xb, 0x2, 0x8, 0x35d, 0x6, 0x1, 0x9, 0xffff, 0x9, 0x87a, 0x7, 0x4, 0xfffffeff, 0x5, 0x3, 0x5, 0xcdb8, 0x6, 0x0, 0x7, 0x40, 0xffffea79, 0x241, 0x5, 0x8, 0x0, 0xe4, 0x4, 0x6, 0x2, 0x7fffffff, 0x9, 0xfffffffc, 0x3ff, 0x8, 0x8, 0x0, 0x5, 0x3, 0x2, 0x7, 0x80000000, 0x6, 0x4, 0x26d8, 0x9, 0x4, 0x70000000, 0x4, 0x2, 0xec, 0xfffffffc, 0x3, 0x4, 0x0, 0x3ff, 0x1, 0x5, 0x1, 0x8, 0x6, 0x80000001, 0xc, 0x4, 0x6, 0x13a, 0xff, 0xfffffffb, 0x2, 0x9, 0x9, 0x2, 0x9, 0x5, 0x59d5, 0x4, 0x5, 0x3ff, 0x7, 0xfffff000, 0xdd1, 0xe6b, 0x0, 0x9, 0x1, 0x9, 0x3, 0x1, 0x4, 0x8, 0x401, 0x3, 0x5, 0xc00, 0x5, 0x2, 0x16, 0x2, 0x5, 0x10], 0x2, 0x400, 0x6}) 0s ago: executing program 1 (id=7334): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000600), r1) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) chdir(&(0x7f00000000c0)='./file0\x00') openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0, 0x15e) sendmsg$ETHTOOL_MSG_FEATURES_GET(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000780)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="01009fb0500327ad7000ffdbdf25"], 0x14}, 0x1, 0x0, 0x0, 0x4004000}, 0x4840) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) write$cgroup_int(r3, &(0x7f00000000c0)=0x10001, 0x12) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r3, 0xc018937c, &(0x7f0000000140)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x16) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) migrate_pages(0x0, 0xeb, &(0x7f00000000c0)=0x5d11, &(0x7f0000000100)=0x3) r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='[:]:/', 0x0) write$dsp(0xffffffffffffffff, &(0x7f0000000000)="a52876830a60b6b31c4c09289e9ebb628600000000000000000000000000000004d1c3bc012a3f7ee051568e14fe82b9ec7a0f2541b04a8786737cedadaee691c3027a051fd11b2097a716872099566c664b27183df99a899fe3a3dddd2bf62c77a6398c7c84c704000000000000000c04d2aca03f7fc2945e873dab27169c37e7d20aec96a18f5c877162759de6aa0f36c15b1ef726395821ef92e589ea279ac3fe1f21817a54f8f28cb847fcc7be7e41d9f1da80833a03397a", 0xba) mlock2(&(0x7f0000e55000/0x1000)=nil, 0x1000, 0x0) kernel console output (not intermixed with test programs): 63][T22834] bond3 (unregistering): Released all slaves [ 386.423918][T22688] IPVS: stopping master sync thread 15332 ... [ 386.739235][T22869] binder: 22868:22869 unknown command 0 [ 386.741694][T22869] binder: 22868:22869 ioctl c0306201 200000000080 returned -22 [ 386.778518][T22875] validate_nla: 6 callbacks suppressed [ 386.778531][T22875] netlink: 'syz.1.6602': attribute type 29 has an invalid length. [ 386.778708][T22876] netlink: 'syz.1.6602': attribute type 29 has an invalid length. [ 386.821551][T22881] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 386.824899][T22881] CPU: 3 UID: 0 PID: 22881 Comm: syz.1.6603 Not tainted syzkaller #0 PREEMPT(full) [ 386.824923][T22881] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 386.824934][T22881] Call Trace: [ 386.824940][T22881] [ 386.824949][T22881] dump_stack_lvl+0x16c/0x1f0 [ 386.824981][T22881] sysfs_warn_dup+0x7f/0xa0 [ 386.825005][T22881] sysfs_do_create_link_sd+0x124/0x140 [ 386.825029][T22881] sysfs_create_link+0x61/0xc0 [ 386.825050][T22881] device_add+0x62c/0x1aa0 [ 386.825076][T22881] ? __pfx_device_add+0x10/0x10 [ 386.825110][T22881] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 386.825135][T22881] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 386.825169][T22881] wiphy_register+0x1eb0/0x2b20 [ 386.825188][T22881] ? netdev_run_todo+0x864/0x1320 [ 386.825220][T22881] ? __pfx_wiphy_register+0x10/0x10 [ 386.825254][T22881] ieee80211_register_hw+0x253d/0x4120 [ 386.825284][T22881] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 386.825303][T22881] ? __pfx___debug_object_init+0x10/0x10 [ 386.825334][T22881] ? find_held_lock+0x2b/0x80 [ 386.825357][T22881] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 386.825378][T22881] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 386.825396][T22881] ? __hrtimer_setup+0x176/0x280 [ 386.825419][T22881] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 386.825483][T22881] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 386.825511][T22881] ? __asan_memcpy+0x3c/0x60 [ 386.825540][T22881] hwsim_new_radio_nl+0xba2/0x1330 [ 386.825567][T22881] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 386.825600][T22881] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 386.825619][T22881] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 386.825649][T22881] genl_family_rcv_msg_doit+0x209/0x2f0 [ 386.825668][T22881] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 386.825697][T22881] ? bpf_lsm_capable+0x9/0x10 [ 386.825718][T22881] ? security_capable+0x7e/0x260 [ 386.825747][T22881] ? ns_capable+0xd7/0x110 [ 386.825771][T22881] genl_rcv_msg+0x55c/0x800 [ 386.825791][T22881] ? __pfx_genl_rcv_msg+0x10/0x10 [ 386.825809][T22881] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 386.825835][T22881] ? __lock_acquire+0x622/0x1c90 [ 386.825866][T22881] netlink_rcv_skb+0x158/0x420 [ 386.825890][T22881] ? __pfx_genl_rcv_msg+0x10/0x10 [ 386.825908][T22881] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 386.825944][T22881] ? netlink_deliver_tap+0x1ae/0xd30 [ 386.825989][T22881] genl_rcv+0x28/0x40 [ 386.826014][T22881] netlink_unicast+0x5aa/0x870 [ 386.826044][T22881] ? __pfx_netlink_unicast+0x10/0x10 [ 386.826080][T22881] netlink_sendmsg+0x8c8/0xdd0 [ 386.826109][T22881] ? __pfx_netlink_sendmsg+0x10/0x10 [ 386.826143][T22881] ____sys_sendmsg+0xa98/0xc70 [ 386.826162][T22881] ? copy_msghdr_from_user+0x10a/0x160 [ 386.826184][T22881] ? __pfx_____sys_sendmsg+0x10/0x10 [ 386.826208][T22881] ? __pfx_futex_wake_mark+0x10/0x10 [ 386.826233][T22881] ___sys_sendmsg+0x134/0x1d0 [ 386.826253][T22881] ? futex_private_hash_put+0x176/0x300 [ 386.826280][T22881] ? __pfx____sys_sendmsg+0x10/0x10 [ 386.826300][T22881] ? __lock_acquire+0x622/0x1c90 [ 386.826365][T22881] __sys_sendmsg+0x16d/0x220 [ 386.826387][T22881] ? __pfx___sys_sendmsg+0x10/0x10 [ 386.826409][T22881] ? __x64_sys_futex+0x1e0/0x4c0 [ 386.826444][T22881] do_syscall_64+0xcd/0xfa0 [ 386.826462][T22881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.826480][T22881] RIP: 0033:0x7f6c2738f6c9 [ 386.826496][T22881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 386.826513][T22881] RSP: 002b:00007f6c28187038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 386.826530][T22881] RAX: ffffffffffffffda RBX: 00007f6c275e5fa0 RCX: 00007f6c2738f6c9 [ 386.826541][T22881] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 386.826552][T22881] RBP: 00007f6c27411f91 R08: 0000000000000000 R09: 0000000000000000 [ 386.826563][T22881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 386.826574][T22881] R13: 00007f6c275e6038 R14: 00007f6c275e5fa0 R15: 00007ffdff85f5d8 [ 386.826602][T22881] [ 386.866883][T22886] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6605'. [ 386.920347][T22891] Attempt to restore checkpoint with obsolete wellknown handles [ 386.923108][ T40] audit: type=1400 audit(1763508121.681:28915): avc: denied { write } for pid=22885 comm="syz.1.6605" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 387.003615][ T40] audit: type=1400 audit(1763508121.751:28916): avc: denied { bind } for pid=22892 comm="syz.4.6608" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 387.009930][ T40] audit: type=1400 audit(1763508121.771:28917): avc: denied { listen } for pid=22892 comm="syz.4.6608" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 387.016467][ T40] audit: type=1400 audit(1763508121.771:28918): avc: denied { read } for pid=22892 comm="syz.4.6608" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 387.127416][T22906] netlink: 'syz.1.6614': attribute type 10 has an invalid length. [ 387.130249][T22905] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 387.171937][T22910] bond0: (slave ipvlan3): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 387.175581][T22910] bond0: (slave ipvlan3): The slave device specified does not support setting the MAC address [ 387.178814][T22910] bond0: (slave ipvlan3): Error -95 calling set_mac_address [ 387.266515][T22912] netlink: 'syz.3.6615': attribute type 4 has an invalid length. [ 387.274784][T22912] netlink: 'syz.3.6615': attribute type 4 has an invalid length. [ 387.320884][T22915] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6619'. [ 387.322077][T22916] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 387.328309][T22916] iommufd_mock iommufd_mock1: Adding to iommu group 10 [ 387.370378][T22918] 9pnet_virtio: no channels available for device syz [ 387.459131][T22920] openvswitch: netlink: IP tunnel dst address not specified [ 387.468944][T22922] Attempt to restore checkpoint with obsolete wellknown handles [ 387.488367][T22920] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.498019][T22920] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.610293][T22932] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 387.614315][T22932] CPU: 0 UID: 0 PID: 22932 Comm: syz.4.6626 Not tainted syzkaller #0 PREEMPT(full) [ 387.614342][T22932] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 387.614355][T22932] Call Trace: [ 387.614363][T22932] [ 387.614371][T22932] dump_stack_lvl+0x16c/0x1f0 [ 387.614406][T22932] sysfs_warn_dup+0x7f/0xa0 [ 387.614432][T22932] sysfs_do_create_link_sd+0x124/0x140 [ 387.614459][T22932] sysfs_create_link+0x61/0xc0 [ 387.614484][T22932] device_add+0x62c/0x1aa0 [ 387.614510][T22932] ? __pfx_device_add+0x10/0x10 [ 387.614532][T22932] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 387.614559][T22932] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 387.614595][T22932] wiphy_register+0x1eb0/0x2b20 [ 387.614616][T22932] ? netdev_run_todo+0x864/0x1320 [ 387.614658][T22932] ? __pfx_wiphy_register+0x10/0x10 [ 387.614695][T22932] ieee80211_register_hw+0x253d/0x4120 [ 387.614729][T22932] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 387.614752][T22932] ? __pfx___debug_object_init+0x10/0x10 [ 387.614786][T22932] ? find_held_lock+0x2b/0x80 [ 387.614809][T22932] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 387.614834][T22932] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 387.614853][T22932] ? __hrtimer_setup+0x176/0x280 [ 387.614877][T22932] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 387.614922][T22932] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 387.614952][T22932] ? __asan_memcpy+0x3c/0x60 [ 387.614986][T22932] hwsim_new_radio_nl+0xba2/0x1330 [ 387.615015][T22932] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 387.615051][T22932] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 387.615072][T22932] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 387.615099][T22932] genl_family_rcv_msg_doit+0x209/0x2f0 [ 387.615120][T22932] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 387.615150][T22932] ? bpf_lsm_capable+0x9/0x10 [ 387.615171][T22932] ? security_capable+0x7e/0x260 [ 387.615202][T22932] ? ns_capable+0xd7/0x110 [ 387.615226][T22932] genl_rcv_msg+0x55c/0x800 [ 387.615249][T22932] ? __pfx_genl_rcv_msg+0x10/0x10 [ 387.615269][T22932] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 387.615305][T22932] netlink_rcv_skb+0x158/0x420 [ 387.615331][T22932] ? __pfx_genl_rcv_msg+0x10/0x10 [ 387.615349][T22932] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 387.615386][T22932] ? netlink_deliver_tap+0x1ae/0xd30 [ 387.615415][T22932] genl_rcv+0x28/0x40 [ 387.615441][T22932] netlink_unicast+0x5aa/0x870 [ 387.615473][T22932] ? __pfx_netlink_unicast+0x10/0x10 [ 387.615512][T22932] netlink_sendmsg+0x8c8/0xdd0 [ 387.615544][T22932] ? __pfx_netlink_sendmsg+0x10/0x10 [ 387.615584][T22932] ____sys_sendmsg+0xa98/0xc70 [ 387.615605][T22932] ? copy_msghdr_from_user+0x10a/0x160 [ 387.615630][T22932] ? __pfx_____sys_sendmsg+0x10/0x10 [ 387.615662][T22932] ? __pfx_futex_wake_mark+0x10/0x10 [ 387.615691][T22932] ___sys_sendmsg+0x134/0x1d0 [ 387.615715][T22932] ? futex_private_hash_put+0x176/0x300 [ 387.615747][T22932] ? __pfx____sys_sendmsg+0x10/0x10 [ 387.615770][T22932] ? __lock_acquire+0x622/0x1c90 [ 387.615844][T22932] __sys_sendmsg+0x16d/0x220 [ 387.615875][T22932] ? __pfx___sys_sendmsg+0x10/0x10 [ 387.615901][T22932] ? __x64_sys_futex+0x1e0/0x4c0 [ 387.615940][T22932] do_syscall_64+0xcd/0xfa0 [ 387.615961][T22932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.615980][T22932] RIP: 0033:0x7efe64d8f6c9 [ 387.615997][T22932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 387.616016][T22932] RSP: 002b:00007efe62ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 387.616036][T22932] RAX: ffffffffffffffda RBX: 00007efe64fe5fa0 RCX: 00007efe64d8f6c9 [ 387.616049][T22932] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 387.616061][T22932] RBP: 00007efe64e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 387.616071][T22932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 387.616082][T22932] R13: 00007efe64fe6038 R14: 00007efe64fe5fa0 R15: 00007ffebc504378 [ 387.616110][T22932] [ 387.769528][T22936] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 387.774224][T22936] CPU: 3 UID: 0 PID: 22936 Comm: syz.4.6628 Not tainted syzkaller #0 PREEMPT(full) [ 387.774247][T22936] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 387.774256][T22936] Call Trace: [ 387.774262][T22936] [ 387.774268][T22936] dump_stack_lvl+0x16c/0x1f0 [ 387.774298][T22936] sysfs_warn_dup+0x7f/0xa0 [ 387.774319][T22936] sysfs_do_create_link_sd+0x124/0x140 [ 387.774340][T22936] sysfs_create_link+0x61/0xc0 [ 387.774359][T22936] device_add+0x62c/0x1aa0 [ 387.774379][T22936] ? __pfx_device_add+0x10/0x10 [ 387.774395][T22936] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 387.774416][T22936] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 387.774447][T22936] wiphy_register+0x1eb0/0x2b20 [ 387.774467][T22936] ? netdev_run_todo+0x864/0x1320 [ 387.774504][T22936] ? __pfx_wiphy_register+0x10/0x10 [ 387.774544][T22936] ieee80211_register_hw+0x253d/0x4120 [ 387.774579][T22936] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 387.774600][T22936] ? __pfx___debug_object_init+0x10/0x10 [ 387.774640][T22936] ? find_held_lock+0x2b/0x80 [ 387.774665][T22936] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 387.774689][T22936] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 387.774707][T22936] ? __hrtimer_setup+0x176/0x280 [ 387.774730][T22936] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 387.774773][T22936] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 387.774798][T22936] ? __asan_memcpy+0x3c/0x60 [ 387.774831][T22936] hwsim_new_radio_nl+0xba2/0x1330 [ 387.774862][T22936] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 387.774898][T22936] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 387.774921][T22936] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 387.774948][T22936] genl_family_rcv_msg_doit+0x209/0x2f0 [ 387.774970][T22936] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 387.775000][T22936] ? bpf_lsm_capable+0x9/0x10 [ 387.775021][T22936] ? security_capable+0x7e/0x260 [ 387.775051][T22936] ? ns_capable+0xd7/0x110 [ 387.775076][T22936] genl_rcv_msg+0x55c/0x800 [ 387.775098][T22936] ? __pfx_genl_rcv_msg+0x10/0x10 [ 387.775117][T22936] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 387.775154][T22936] netlink_rcv_skb+0x158/0x420 [ 387.775181][T22936] ? __pfx_genl_rcv_msg+0x10/0x10 [ 387.775201][T22936] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 387.775260][T22936] ? netlink_deliver_tap+0x1ae/0xd30 [ 387.775293][T22936] genl_rcv+0x28/0x40 [ 387.775321][T22936] netlink_unicast+0x5aa/0x870 [ 387.775353][T22936] ? __pfx_netlink_unicast+0x10/0x10 [ 387.775390][T22936] netlink_sendmsg+0x8c8/0xdd0 [ 387.775423][T22936] ? __pfx_netlink_sendmsg+0x10/0x10 [ 387.775464][T22936] ____sys_sendmsg+0xa98/0xc70 [ 387.775485][T22936] ? copy_msghdr_from_user+0x10a/0x160 [ 387.775511][T22936] ? __pfx_____sys_sendmsg+0x10/0x10 [ 387.775535][T22936] ? __pfx_futex_wake_mark+0x10/0x10 [ 387.775563][T22936] ___sys_sendmsg+0x134/0x1d0 [ 387.775585][T22936] ? futex_private_hash_put+0x176/0x300 [ 387.775621][T22936] ? __pfx____sys_sendmsg+0x10/0x10 [ 387.775645][T22936] ? __lock_acquire+0x622/0x1c90 [ 387.775713][T22936] __sys_sendmsg+0x16d/0x220 [ 387.775739][T22936] ? __pfx___sys_sendmsg+0x10/0x10 [ 387.775763][T22936] ? __x64_sys_futex+0x1e0/0x4c0 [ 387.775798][T22936] do_syscall_64+0xcd/0xfa0 [ 387.775819][T22936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.775838][T22936] RIP: 0033:0x7efe64d8f6c9 [ 387.775854][T22936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 387.775873][T22936] RSP: 002b:00007efe62ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 387.775893][T22936] RAX: ffffffffffffffda RBX: 00007efe64fe5fa0 RCX: 00007efe64d8f6c9 [ 387.775906][T22936] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 387.775918][T22936] RBP: 00007efe64e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 387.775929][T22936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 387.775941][T22936] R13: 00007efe64fe6038 R14: 00007efe64fe5fa0 R15: 00007ffebc504378 [ 387.775970][T22936] [ 387.837364][T22943] netlink: 4456 bytes leftover after parsing attributes in process `syz.4.6631'. [ 387.899817][T22946] loop8: detected capacity change from 0 to 7 [ 387.962602][T22946] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 387.965564][T22946] loop8: partition table partially beyond EOD, truncated [ 387.968425][T22946] loop8: p1 size 3651402975 extends beyond EOD, truncated [ 387.974113][T22946] loop8: p2 start 956478 is beyond EOD, truncated [ 388.102744][T22971] Attempt to restore checkpoint with obsolete wellknown handles [ 388.314835][T22688] hsr_slave_0: left promiscuous mode [ 388.319183][T22688] hsr_slave_1: left promiscuous mode [ 388.367091][T22688] veth1_macvtap: left promiscuous mode [ 388.369359][T22688] veth0_macvtap: left promiscuous mode [ 388.371620][T22688] veth1_vlan: left promiscuous mode [ 388.373344][T22688] veth0_vlan: left promiscuous mode [ 388.517172][T23002] __nla_validate_parse: 2 callbacks suppressed [ 388.517184][T23002] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6654'. [ 388.542095][ T34] usb 9-1: new low-speed USB device number 22 using dummy_hcd [ 388.694099][ T34] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 32, setting to 8 [ 388.698489][ T34] usb 9-1: config 1 interface 1 altsetting 1 endpoint 0x82 is Bulk; changing to Interrupt [ 388.703987][ T34] usb 9-1: config 1 interface 1 altsetting 1 endpoint 0x3 is Bulk; changing to Interrupt [ 388.710766][ T34] usb 9-1: string descriptor 0 read error: -22 [ 388.714051][ T34] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 388.717749][ T34] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 388.724323][T22989] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 388.930940][ T34] cdc_ncm 9-1:1.0: bind() failure [ 388.937361][ T34] cdc_ncm 9-1:1.1: CDC Union missing and no IAD found [ 388.940960][ T34] cdc_ncm 9-1:1.1: bind() failure [ 388.949263][ T34] usb 9-1: USB disconnect, device number 22 [ 389.480391][T22688] team0 (unregistering): Port device team_slave_1 removed [ 389.567819][T22688] team0 (unregistering): Port device team_slave_0 removed [ 390.182302][ T40] audit: type=1400 audit(1763508124.940:28919): avc: denied { associate } for pid=23015 comm="syz.5.6656" name="core" scontext=root:object_r:etc_runtime_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1 [ 390.316915][T23030] 9pnet_fd: Insufficient options for proto=fd [ 390.357805][T23033] Failed to initialize the IGMP autojoin socket (err -2) [ 390.454498][T23048] netlink: 40 bytes leftover after parsing attributes in process `syz.5.6671'. [ 390.539780][T23056] bond0: (slave ipvlan4): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 390.544721][T23056] bond0: (slave ipvlan4): The slave device specified does not support setting the MAC address [ 390.548938][T23056] bond0: (slave ipvlan4): Error -95 calling set_mac_address [ 390.559717][T23059] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6674'. [ 390.562433][T22688] IPVS: stop unused estimator thread 0... [ 390.652400][T23063] Attempt to restore checkpoint with obsolete wellknown handles [ 390.719424][T23075] binder: 23074:23075 unknown command 0 [ 390.721254][T23075] binder: 23074:23075 ioctl c0306201 200000000080 returned -22 [ 390.861444][T23086] rdma_rxe: rxe_newlink: failed to add lo [ 390.867994][T23086] netlink: 'syz.1.6683': attribute type 4 has an invalid length. [ 390.875084][T23086] netlink: 'syz.1.6683': attribute type 4 has an invalid length. [ 391.128244][T23122] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 391.131143][T23122] CPU: 2 UID: 0 PID: 23122 Comm: syz.5.6699 Not tainted syzkaller #0 PREEMPT(full) [ 391.131170][T23122] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 391.131183][T23122] Call Trace: [ 391.131192][T23122] [ 391.131199][T23122] dump_stack_lvl+0x16c/0x1f0 [ 391.131232][T23122] sysfs_warn_dup+0x7f/0xa0 [ 391.131256][T23122] sysfs_do_create_link_sd+0x124/0x140 [ 391.131284][T23122] sysfs_create_link+0x61/0xc0 [ 391.131308][T23122] device_add+0x62c/0x1aa0 [ 391.131335][T23122] ? __pfx_device_add+0x10/0x10 [ 391.131355][T23122] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 391.131380][T23122] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 391.131413][T23122] wiphy_register+0x1eb0/0x2b20 [ 391.131432][T23122] ? netdev_run_todo+0x864/0x1320 [ 391.131466][T23122] ? __pfx_wiphy_register+0x10/0x10 [ 391.131502][T23122] ieee80211_register_hw+0x253d/0x4120 [ 391.131531][T23122] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 391.131552][T23122] ? __pfx___debug_object_init+0x10/0x10 [ 391.131584][T23122] ? find_held_lock+0x2b/0x80 [ 391.131615][T23122] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 391.131641][T23122] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 391.131660][T23122] ? __hrtimer_setup+0x176/0x280 [ 391.131686][T23122] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 391.131731][T23122] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 391.131758][T23122] ? __asan_memcpy+0x3c/0x60 [ 391.131789][T23122] hwsim_new_radio_nl+0xba2/0x1330 [ 391.131815][T23122] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 391.131845][T23122] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 391.131867][T23122] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 391.131890][T23122] genl_family_rcv_msg_doit+0x209/0x2f0 [ 391.131912][T23122] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 391.131939][T23122] ? bpf_lsm_capable+0x9/0x10 [ 391.131957][T23122] ? security_capable+0x7e/0x260 [ 391.131985][T23122] ? ns_capable+0xd7/0x110 [ 391.132010][T23122] genl_rcv_msg+0x55c/0x800 [ 391.132032][T23122] ? __pfx_genl_rcv_msg+0x10/0x10 [ 391.132052][T23122] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 391.132086][T23122] netlink_rcv_skb+0x158/0x420 [ 391.132113][T23122] ? __pfx_genl_rcv_msg+0x10/0x10 [ 391.132135][T23122] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 391.132171][T23122] ? netlink_deliver_tap+0x1ae/0xd30 [ 391.132199][T23122] genl_rcv+0x28/0x40 [ 391.132224][T23122] netlink_unicast+0x5aa/0x870 [ 391.132254][T23122] ? __pfx_netlink_unicast+0x10/0x10 [ 391.132293][T23122] netlink_sendmsg+0x8c8/0xdd0 [ 391.132322][T23122] ? __pfx_netlink_sendmsg+0x10/0x10 [ 391.132358][T23122] ____sys_sendmsg+0xa98/0xc70 [ 391.132380][T23122] ? copy_msghdr_from_user+0x10a/0x160 [ 391.132418][T23122] ? __pfx_____sys_sendmsg+0x10/0x10 [ 391.132446][T23122] ? __pfx_futex_wake_mark+0x10/0x10 [ 391.132474][T23122] ___sys_sendmsg+0x134/0x1d0 [ 391.132499][T23122] ? futex_private_hash_put+0x176/0x300 [ 391.132530][T23122] ? __pfx____sys_sendmsg+0x10/0x10 [ 391.132552][T23122] ? __lock_acquire+0x622/0x1c90 [ 391.132621][T23122] __sys_sendmsg+0x16d/0x220 [ 391.132649][T23122] ? __pfx___sys_sendmsg+0x10/0x10 [ 391.132672][T23122] ? __x64_sys_futex+0x1e0/0x4c0 [ 391.132710][T23122] do_syscall_64+0xcd/0xfa0 [ 391.132731][T23122] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.132751][T23122] RIP: 0033:0x7f6b69d8f6c9 [ 391.132767][T23122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 391.132785][T23122] RSP: 002b:00007f6b6abd4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 391.132804][T23122] RAX: ffffffffffffffda RBX: 00007f6b69fe5fa0 RCX: 00007f6b69d8f6c9 [ 391.132817][T23122] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 391.132829][T23122] RBP: 00007f6b69e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 391.132840][T23122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 391.132851][T23122] R13: 00007f6b69fe6038 R14: 00007f6b69fe5fa0 R15: 00007fff8a7986b8 [ 391.132881][T23122] [ 391.307778][T23128] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6702'. [ 391.382183][T23138] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6706'. [ 391.403762][T23140] netlink: 'syz.5.6707': attribute type 9 has an invalid length. [ 391.408731][T23140] netlink: 'syz.5.6707': attribute type 11 has an invalid length. [ 391.412183][T23140] netlink: 'syz.5.6707': attribute type 12 has an invalid length. [ 391.416969][T23140] netlink: 210060 bytes leftover after parsing attributes in process `syz.5.6707'. [ 391.420716][T23140] openvswitch: netlink: Message has 4 unknown bytes. [ 391.675461][T23156] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 391.809176][ C1] vcan0: j1939_tp_rxtimer: 0xffff888034d1a800: rx timeout, send abort [ 391.815100][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888034d1a800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 391.818028][ T40] audit: type=1400 audit(1763508126.579:28920): avc: denied { read } for pid=5325 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 391.828611][ T40] audit: type=1400 audit(1763508126.579:28921): avc: denied { search } for pid=5325 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 391.837847][ T40] audit: type=1400 audit(1763508126.579:28922): avc: denied { search } for pid=5325 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 391.847267][ T40] audit: type=1400 audit(1763508126.579:28923): avc: denied { add_name } for pid=5325 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 391.857405][ T40] audit: type=1400 audit(1763508126.579:28924): avc: denied { create } for pid=5325 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 391.866142][T23164] rdma_rxe: rxe_newlink: failed to add lo [ 391.867246][T23164] validate_nla: 1 callbacks suppressed [ 391.867259][T23164] netlink: 'syz.3.6718': attribute type 4 has an invalid length. [ 391.870122][ T40] audit: type=1400 audit(1763508126.579:28925): avc: denied { append open } for pid=5325 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 391.884306][ T40] audit: type=1400 audit(1763508126.579:28926): avc: denied { getattr } for pid=5325 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 391.886078][T23164] netlink: 'syz.3.6718': attribute type 4 has an invalid length. [ 391.976066][T23171] Attempt to restore checkpoint with obsolete wellknown handles [ 392.036241][ T40] audit: type=1400 audit(1763508126.799:28927): avc: denied { create } for pid=23174 comm="syz.4.6719" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 392.041873][T23175] netlink: 20 bytes leftover after parsing attributes in process `syz.4.6719'. [ 392.047955][T23179] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 392.051289][T23179] CPU: 2 UID: 0 PID: 23179 Comm: syz.3.6725 Not tainted syzkaller #0 PREEMPT(full) [ 392.051327][T23179] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 392.051341][T23179] Call Trace: [ 392.051349][T23179] [ 392.051357][T23179] dump_stack_lvl+0x16c/0x1f0 [ 392.051391][T23179] sysfs_warn_dup+0x7f/0xa0 [ 392.051417][T23179] sysfs_do_create_link_sd+0x124/0x140 [ 392.051442][T23179] sysfs_create_link+0x61/0xc0 [ 392.051465][T23179] device_add+0x62c/0x1aa0 [ 392.051492][T23179] ? __pfx_device_add+0x10/0x10 [ 392.051512][T23179] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 392.051545][T23179] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 392.051577][T23179] wiphy_register+0x1eb0/0x2b20 [ 392.051601][T23179] ? netdev_run_todo+0x864/0x1320 [ 392.051633][T23179] ? __pfx_wiphy_register+0x10/0x10 [ 392.051669][T23179] ieee80211_register_hw+0x253d/0x4120 [ 392.051700][T23179] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 392.051721][T23179] ? __pfx___debug_object_init+0x10/0x10 [ 392.051754][T23179] ? find_held_lock+0x2b/0x80 [ 392.051778][T23179] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 392.051803][T23179] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 392.051819][T23179] ? __hrtimer_setup+0x176/0x280 [ 392.051843][T23179] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 392.051883][T23179] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 392.051910][T23179] ? __asan_memcpy+0x3c/0x60 [ 392.051942][T23179] hwsim_new_radio_nl+0xba2/0x1330 [ 392.051969][T23179] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 392.052004][T23179] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 392.052023][T23179] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 392.052047][T23179] genl_family_rcv_msg_doit+0x209/0x2f0 [ 392.052070][T23179] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 392.052095][T23179] ? bpf_lsm_capable+0x9/0x10 [ 392.052117][T23179] ? security_capable+0x7e/0x260 [ 392.052144][T23179] ? ns_capable+0xd7/0x110 [ 392.052169][T23179] genl_rcv_msg+0x55c/0x800 [ 392.052192][T23179] ? __pfx_genl_rcv_msg+0x10/0x10 [ 392.052209][T23179] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 392.052244][T23179] netlink_rcv_skb+0x158/0x420 [ 392.052269][T23179] ? __pfx_genl_rcv_msg+0x10/0x10 [ 392.052288][T23179] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 392.052326][T23179] ? netlink_deliver_tap+0x1ae/0xd30 [ 392.052357][T23179] genl_rcv+0x28/0x40 [ 392.052382][T23179] netlink_unicast+0x5aa/0x870 [ 392.052413][T23179] ? __pfx_netlink_unicast+0x10/0x10 [ 392.052448][T23179] netlink_sendmsg+0x8c8/0xdd0 [ 392.052480][T23179] ? __pfx_netlink_sendmsg+0x10/0x10 [ 392.052517][T23179] ____sys_sendmsg+0xa98/0xc70 [ 392.052543][T23179] ? copy_msghdr_from_user+0x10a/0x160 [ 392.052569][T23179] ? __pfx_____sys_sendmsg+0x10/0x10 [ 392.052593][T23179] ? __pfx_futex_wake_mark+0x10/0x10 [ 392.052622][T23179] ___sys_sendmsg+0x134/0x1d0 [ 392.052645][T23179] ? futex_private_hash_put+0x176/0x300 [ 392.052674][T23179] ? __pfx____sys_sendmsg+0x10/0x10 [ 392.052694][T23179] ? __lock_acquire+0x622/0x1c90 [ 392.052756][T23179] __sys_sendmsg+0x16d/0x220 [ 392.052782][T23179] ? __pfx___sys_sendmsg+0x10/0x10 [ 392.052806][T23179] ? __x64_sys_futex+0x1e0/0x4c0 [ 392.052841][T23179] do_syscall_64+0xcd/0xfa0 [ 392.052862][T23179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.052881][T23179] RIP: 0033:0x7ffa85f8f6c9 [ 392.052898][T23179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.052914][T23179] RSP: 002b:00007ffa86ee4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 392.052933][T23179] RAX: ffffffffffffffda RBX: 00007ffa861e5fa0 RCX: 00007ffa85f8f6c9 [ 392.052946][T23179] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 392.052958][T23179] RBP: 00007ffa86011f91 R08: 0000000000000000 R09: 0000000000000000 [ 392.052970][T23179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 392.052981][T23179] R13: 00007ffa861e6038 R14: 00007ffa861e5fa0 R15: 00007ffddc40a858 [ 392.053010][T23179] [ 392.056540][T23175] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6719'. [ 392.103609][T23182] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6726'. [ 392.142971][T23184] overlayfs: missing 'lowerdir' [ 392.245320][T23190] netlink: 'syz.4.6729': attribute type 1 has an invalid length. [ 392.248682][T23190] netlink: 224 bytes leftover after parsing attributes in process `syz.4.6729'. [ 392.325305][ T40] audit: type=1400 audit(1763508127.088:28928): avc: denied { ioctl } for pid=23203 comm="syz.4.6736" path="socket:[145630]" dev="sockfs" ino=145630 ioctlcmd=0x8918 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 392.465332][T23215] loop8: detected capacity change from 0 to 7 [ 392.469466][T23215] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 392.472539][T23215] loop8: partition table partially beyond EOD, truncated [ 392.476039][T23215] loop8: p1 size 3651402975 extends beyond EOD, truncated [ 392.480534][T23215] loop8: p2 start 956478 is beyond EOD, truncated [ 392.496580][T23222] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 392.499079][T23222] CPU: 0 UID: 0 PID: 23222 Comm: syz.4.6740 Not tainted syzkaller #0 PREEMPT(full) [ 392.499095][T23222] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 392.499102][T23222] Call Trace: [ 392.499107][T23222] [ 392.499111][T23222] dump_stack_lvl+0x16c/0x1f0 [ 392.499133][T23222] sysfs_warn_dup+0x7f/0xa0 [ 392.499149][T23222] sysfs_do_create_link_sd+0x124/0x140 [ 392.499165][T23222] sysfs_create_link+0x61/0xc0 [ 392.499179][T23222] device_add+0x62c/0x1aa0 [ 392.499195][T23222] ? __pfx_device_add+0x10/0x10 [ 392.499208][T23222] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 392.499224][T23222] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 392.499244][T23222] wiphy_register+0x1eb0/0x2b20 [ 392.499256][T23222] ? netdev_run_todo+0x864/0x1320 [ 392.499276][T23222] ? __pfx_wiphy_register+0x10/0x10 [ 392.499296][T23222] ieee80211_register_hw+0x253d/0x4120 [ 392.499316][T23222] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 392.499335][T23222] ? __pfx___debug_object_init+0x10/0x10 [ 392.499367][T23222] ? find_held_lock+0x2b/0x80 [ 392.499392][T23222] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 392.499412][T23222] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 392.499432][T23222] ? __hrtimer_setup+0x176/0x280 [ 392.499456][T23222] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 392.499482][T23222] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 392.499498][T23222] ? __asan_memcpy+0x3c/0x60 [ 392.499517][T23222] hwsim_new_radio_nl+0xba2/0x1330 [ 392.499534][T23222] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 392.499554][T23222] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 392.499567][T23222] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 392.499587][T23222] genl_family_rcv_msg_doit+0x209/0x2f0 [ 392.499600][T23222] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 392.499617][T23222] ? bpf_lsm_capable+0x9/0x10 [ 392.499630][T23222] ? security_capable+0x7e/0x260 [ 392.499648][T23222] ? ns_capable+0xd7/0x110 [ 392.499663][T23222] genl_rcv_msg+0x55c/0x800 [ 392.499675][T23222] ? __pfx_genl_rcv_msg+0x10/0x10 [ 392.499687][T23222] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 392.499707][T23222] netlink_rcv_skb+0x158/0x420 [ 392.499739][T23222] ? __pfx_genl_rcv_msg+0x10/0x10 [ 392.499752][T23222] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 392.499776][T23222] ? netlink_deliver_tap+0x1ae/0xd30 [ 392.499794][T23222] genl_rcv+0x28/0x40 [ 392.499810][T23222] netlink_unicast+0x5aa/0x870 [ 392.499830][T23222] ? __pfx_netlink_unicast+0x10/0x10 [ 392.499853][T23222] netlink_sendmsg+0x8c8/0xdd0 [ 392.499871][T23222] ? __pfx_netlink_sendmsg+0x10/0x10 [ 392.499893][T23222] ____sys_sendmsg+0xa98/0xc70 [ 392.499905][T23222] ? copy_msghdr_from_user+0x10a/0x160 [ 392.499919][T23222] ? __pfx_____sys_sendmsg+0x10/0x10 [ 392.499933][T23222] ? __pfx_futex_wake_mark+0x10/0x10 [ 392.499949][T23222] ___sys_sendmsg+0x134/0x1d0 [ 392.499962][T23222] ? futex_private_hash_put+0x176/0x300 [ 392.499979][T23222] ? __pfx____sys_sendmsg+0x10/0x10 [ 392.499992][T23222] ? __lock_acquire+0x622/0x1c90 [ 392.500028][T23222] __sys_sendmsg+0x16d/0x220 [ 392.500049][T23222] ? __pfx___sys_sendmsg+0x10/0x10 [ 392.500070][T23222] ? __x64_sys_futex+0x1e0/0x4c0 [ 392.500103][T23222] do_syscall_64+0xcd/0xfa0 [ 392.500122][T23222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.500140][T23222] RIP: 0033:0x7efe64d8f6c9 [ 392.500157][T23222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.500176][T23222] RSP: 002b:00007efe62ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 392.500194][T23222] RAX: ffffffffffffffda RBX: 00007efe64fe5fa0 RCX: 00007efe64d8f6c9 [ 392.500207][T23222] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 392.500220][T23222] RBP: 00007efe64e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 392.500230][T23222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 392.500241][T23222] R13: 00007efe64fe6038 R14: 00007efe64fe5fa0 R15: 00007ffebc504378 [ 392.500269][T23222] [ 392.865629][T23251] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 392.870068][T23251] bond0: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 392.876256][T23251] bond0: (slave ipvlan2): Error -95 calling set_mac_address [ 392.909633][T23255] Attempt to restore checkpoint with obsolete wellknown handles [ 392.963514][T23261] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 392.967298][T23261] CPU: 0 UID: 0 PID: 23261 Comm: syz.4.6758 Not tainted syzkaller #0 PREEMPT(full) [ 392.967325][T23261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 392.967338][T23261] Call Trace: [ 392.967346][T23261] [ 392.967354][T23261] dump_stack_lvl+0x16c/0x1f0 [ 392.967390][T23261] sysfs_warn_dup+0x7f/0xa0 [ 392.967416][T23261] sysfs_do_create_link_sd+0x124/0x140 [ 392.967443][T23261] sysfs_create_link+0x61/0xc0 [ 392.967467][T23261] device_add+0x62c/0x1aa0 [ 392.967493][T23261] ? __pfx_device_add+0x10/0x10 [ 392.967514][T23261] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 392.967541][T23261] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 392.967586][T23261] wiphy_register+0x1eb0/0x2b20 [ 392.967607][T23261] ? netdev_run_todo+0x864/0x1320 [ 392.967646][T23261] ? __pfx_wiphy_register+0x10/0x10 [ 392.967682][T23261] ieee80211_register_hw+0x253d/0x4120 [ 392.967715][T23261] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 392.967736][T23261] ? __pfx___debug_object_init+0x10/0x10 [ 392.967771][T23261] ? find_held_lock+0x2b/0x80 [ 392.967796][T23261] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 392.967821][T23261] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 392.967840][T23261] ? __hrtimer_setup+0x176/0x280 [ 392.967865][T23261] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 392.967908][T23261] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 392.967937][T23261] ? __asan_memcpy+0x3c/0x60 [ 392.967970][T23261] hwsim_new_radio_nl+0xba2/0x1330 [ 392.967998][T23261] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 392.968034][T23261] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 392.968055][T23261] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 392.968081][T23261] genl_family_rcv_msg_doit+0x209/0x2f0 [ 392.968102][T23261] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 392.968131][T23261] ? bpf_lsm_capable+0x9/0x10 [ 392.968152][T23261] ? security_capable+0x7e/0x260 [ 392.968181][T23261] ? ns_capable+0xd7/0x110 [ 392.968206][T23261] genl_rcv_msg+0x55c/0x800 [ 392.968228][T23261] ? __pfx_genl_rcv_msg+0x10/0x10 [ 392.968247][T23261] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 392.968281][T23261] netlink_rcv_skb+0x158/0x420 [ 392.968307][T23261] ? __pfx_genl_rcv_msg+0x10/0x10 [ 392.968326][T23261] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 392.968367][T23261] ? netlink_deliver_tap+0x1ae/0xd30 [ 392.968396][T23261] genl_rcv+0x28/0x40 [ 392.968422][T23261] netlink_unicast+0x5aa/0x870 [ 392.968453][T23261] ? __pfx_netlink_unicast+0x10/0x10 [ 392.968491][T23261] netlink_sendmsg+0x8c8/0xdd0 [ 392.968524][T23261] ? __pfx_netlink_sendmsg+0x10/0x10 [ 392.968570][T23261] ____sys_sendmsg+0xa98/0xc70 [ 392.968591][T23261] ? copy_msghdr_from_user+0x10a/0x160 [ 392.968618][T23261] ? __pfx_____sys_sendmsg+0x10/0x10 [ 392.968644][T23261] ? __pfx_futex_wake_mark+0x10/0x10 [ 392.968672][T23261] ___sys_sendmsg+0x134/0x1d0 [ 392.968695][T23261] ? futex_private_hash_put+0x176/0x300 [ 392.968726][T23261] ? __pfx____sys_sendmsg+0x10/0x10 [ 392.968750][T23261] ? __lock_acquire+0x622/0x1c90 [ 392.968819][T23261] __sys_sendmsg+0x16d/0x220 [ 392.968845][T23261] ? __pfx___sys_sendmsg+0x10/0x10 [ 392.968870][T23261] ? __x64_sys_futex+0x1e0/0x4c0 [ 392.968908][T23261] do_syscall_64+0xcd/0xfa0 [ 392.968930][T23261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.968949][T23261] RIP: 0033:0x7efe64d8f6c9 [ 392.968966][T23261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.968984][T23261] RSP: 002b:00007efe62ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 392.969004][T23261] RAX: ffffffffffffffda RBX: 00007efe64fe5fa0 RCX: 00007efe64d8f6c9 [ 392.969018][T23261] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 392.969031][T23261] RBP: 00007efe64e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 392.969043][T23261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 392.969054][T23261] R13: 00007efe64fe6038 R14: 00007efe64fe5fa0 R15: 00007ffebc504378 [ 392.969084][T23261] [ 393.190826][T23274] 9pnet_virtio: no channels available for device syz [ 393.321402][T23297] kAFS: No cell specified [ 393.325252][T23298] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 393.328547][T23298] CPU: 0 UID: 0 PID: 23298 Comm: syz.3.6776 Not tainted syzkaller #0 PREEMPT(full) [ 393.328573][T23298] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 393.328585][T23298] Call Trace: [ 393.328593][T23298] [ 393.328602][T23298] dump_stack_lvl+0x16c/0x1f0 [ 393.328636][T23298] sysfs_warn_dup+0x7f/0xa0 [ 393.328662][T23298] sysfs_do_create_link_sd+0x124/0x140 [ 393.328690][T23298] sysfs_create_link+0x61/0xc0 [ 393.328715][T23298] device_add+0x62c/0x1aa0 [ 393.328743][T23298] ? __pfx_device_add+0x10/0x10 [ 393.328764][T23298] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 393.328792][T23298] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 393.328825][T23298] wiphy_register+0x1eb0/0x2b20 [ 393.328844][T23298] ? netdev_run_todo+0x864/0x1320 [ 393.328878][T23298] ? __pfx_wiphy_register+0x10/0x10 [ 393.328916][T23298] ieee80211_register_hw+0x253d/0x4120 [ 393.328950][T23298] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 393.328972][T23298] ? __pfx___debug_object_init+0x10/0x10 [ 393.329007][T23298] ? find_held_lock+0x2b/0x80 [ 393.329033][T23298] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 393.329058][T23298] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 393.329079][T23298] ? __hrtimer_setup+0x176/0x280 [ 393.329102][T23298] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 393.329147][T23298] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 393.329176][T23298] ? __asan_memcpy+0x3c/0x60 [ 393.329209][T23298] hwsim_new_radio_nl+0xba2/0x1330 [ 393.329239][T23298] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 393.329284][T23298] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 393.329305][T23298] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 393.329332][T23298] genl_family_rcv_msg_doit+0x209/0x2f0 [ 393.329354][T23298] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 393.329414][T23298] ? bpf_lsm_capable+0x9/0x10 [ 393.329438][T23298] ? security_capable+0x7e/0x260 [ 393.329471][T23298] ? ns_capable+0xd7/0x110 [ 393.329495][T23298] genl_rcv_msg+0x55c/0x800 [ 393.329515][T23298] ? __pfx_genl_rcv_msg+0x10/0x10 [ 393.329534][T23298] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 393.329569][T23298] netlink_rcv_skb+0x158/0x420 [ 393.329595][T23298] ? __pfx_genl_rcv_msg+0x10/0x10 [ 393.329615][T23298] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 393.329653][T23298] ? netlink_deliver_tap+0x1ae/0xd30 [ 393.329683][T23298] genl_rcv+0x28/0x40 [ 393.329709][T23298] netlink_unicast+0x5aa/0x870 [ 393.329740][T23298] ? __pfx_netlink_unicast+0x10/0x10 [ 393.329779][T23298] netlink_sendmsg+0x8c8/0xdd0 [ 393.329811][T23298] ? __pfx_netlink_sendmsg+0x10/0x10 [ 393.329851][T23298] ____sys_sendmsg+0xa98/0xc70 [ 393.329872][T23298] ? copy_msghdr_from_user+0x10a/0x160 [ 393.329898][T23298] ? __pfx_____sys_sendmsg+0x10/0x10 [ 393.329923][T23298] ? __pfx_futex_wake_mark+0x10/0x10 [ 393.329950][T23298] ___sys_sendmsg+0x134/0x1d0 [ 393.329972][T23298] ? futex_private_hash_put+0x176/0x300 [ 393.330001][T23298] ? __pfx____sys_sendmsg+0x10/0x10 [ 393.330023][T23298] ? __lock_acquire+0x622/0x1c90 [ 393.330089][T23298] __sys_sendmsg+0x16d/0x220 [ 393.330115][T23298] ? __pfx___sys_sendmsg+0x10/0x10 [ 393.330149][T23298] ? __x64_sys_futex+0x1e0/0x4c0 [ 393.330185][T23298] do_syscall_64+0xcd/0xfa0 [ 393.330206][T23298] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.330224][T23298] RIP: 0033:0x7ffa85f8f6c9 [ 393.330240][T23298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 393.330264][T23298] RSP: 002b:00007ffa86ee4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 393.330283][T23298] RAX: ffffffffffffffda RBX: 00007ffa861e5fa0 RCX: 00007ffa85f8f6c9 [ 393.330296][T23298] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 393.330308][T23298] RBP: 00007ffa86011f91 R08: 0000000000000000 R09: 0000000000000000 [ 393.330320][T23298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 393.330331][T23298] R13: 00007ffa861e6038 R14: 00007ffa861e5fa0 R15: 00007ffddc40a858 [ 393.330362][T23298] [ 393.416076][T23301] rdma_rxe: rxe_newlink: failed to add lo [ 393.459487][T23306] binder: 23305:23306 unknown command 0 [ 393.462387][T23301] netlink: 'syz.3.6779': attribute type 4 has an invalid length. [ 393.465071][T23306] binder: 23305:23306 ioctl c0306201 200000000080 returned -22 [ 393.487952][T23301] netlink: 'syz.3.6779': attribute type 4 has an invalid length. [ 393.526311][T23317] loop8: detected capacity change from 0 to 7 [ 393.529401][T23317] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 393.533136][T23317] loop8: partition table partially beyond EOD, truncated [ 393.537159][T23317] loop8: p1 size 3651402975 extends beyond EOD, truncated [ 393.540976][T23317] loop8: p2 start 956478 is beyond EOD, truncated [ 393.593843][T23327] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 393.596761][T23327] CPU: 0 UID: 0 PID: 23327 Comm: syz.5.6789 Not tainted syzkaller #0 PREEMPT(full) [ 393.596777][T23327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 393.596784][T23327] Call Trace: [ 393.596788][T23327] [ 393.596793][T23327] dump_stack_lvl+0x16c/0x1f0 [ 393.596815][T23327] sysfs_warn_dup+0x7f/0xa0 [ 393.596831][T23327] sysfs_do_create_link_sd+0x124/0x140 [ 393.596848][T23327] sysfs_create_link+0x61/0xc0 [ 393.596862][T23327] device_add+0x62c/0x1aa0 [ 393.596877][T23327] ? __pfx_device_add+0x10/0x10 [ 393.596890][T23327] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 393.596906][T23327] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 393.596926][T23327] wiphy_register+0x1eb0/0x2b20 [ 393.596938][T23327] ? netdev_run_todo+0x864/0x1320 [ 393.596958][T23327] ? __pfx_wiphy_register+0x10/0x10 [ 393.596978][T23327] ieee80211_register_hw+0x253d/0x4120 [ 393.596996][T23327] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 393.597008][T23327] ? __pfx___debug_object_init+0x10/0x10 [ 393.597028][T23327] ? find_held_lock+0x2b/0x80 [ 393.597043][T23327] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 393.597057][T23327] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 393.597069][T23327] ? __hrtimer_setup+0x176/0x280 [ 393.597082][T23327] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 393.597106][T23327] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 393.597123][T23327] ? __asan_memcpy+0x3c/0x60 [ 393.597142][T23327] hwsim_new_radio_nl+0xba2/0x1330 [ 393.597158][T23327] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 393.597177][T23327] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 393.597190][T23327] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 393.597204][T23327] genl_family_rcv_msg_doit+0x209/0x2f0 [ 393.597215][T23327] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 393.597231][T23327] ? bpf_lsm_capable+0x9/0x10 [ 393.597243][T23327] ? security_capable+0x7e/0x260 [ 393.597260][T23327] ? ns_capable+0xd7/0x110 [ 393.597274][T23327] genl_rcv_msg+0x55c/0x800 [ 393.597286][T23327] ? __pfx_genl_rcv_msg+0x10/0x10 [ 393.597297][T23327] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 393.597320][T23327] netlink_rcv_skb+0x158/0x420 [ 393.597337][T23327] ? __pfx_genl_rcv_msg+0x10/0x10 [ 393.597353][T23327] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 393.597414][T23327] ? netlink_deliver_tap+0x1ae/0xd30 [ 393.597442][T23327] genl_rcv+0x28/0x40 [ 393.597467][T23327] netlink_unicast+0x5aa/0x870 [ 393.597494][T23327] ? __pfx_netlink_unicast+0x10/0x10 [ 393.597517][T23327] netlink_sendmsg+0x8c8/0xdd0 [ 393.597535][T23327] ? __pfx_netlink_sendmsg+0x10/0x10 [ 393.597562][T23327] ____sys_sendmsg+0xa98/0xc70 [ 393.597573][T23327] ? copy_msghdr_from_user+0x10a/0x160 [ 393.597589][T23327] ? __pfx_____sys_sendmsg+0x10/0x10 [ 393.597603][T23327] ? __pfx_futex_wake_mark+0x10/0x10 [ 393.597621][T23327] ___sys_sendmsg+0x134/0x1d0 [ 393.597635][T23327] ? futex_private_hash_put+0x176/0x300 [ 393.597655][T23327] ? __pfx____sys_sendmsg+0x10/0x10 [ 393.597668][T23327] ? __lock_acquire+0x622/0x1c90 [ 393.597703][T23327] __sys_sendmsg+0x16d/0x220 [ 393.597718][T23327] ? __pfx___sys_sendmsg+0x10/0x10 [ 393.597732][T23327] ? __x64_sys_futex+0x1e0/0x4c0 [ 393.597752][T23327] do_syscall_64+0xcd/0xfa0 [ 393.597764][T23327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.597776][T23327] RIP: 0033:0x7f6b69d8f6c9 [ 393.597786][T23327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 393.597796][T23327] RSP: 002b:00007f6b6abd4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 393.597808][T23327] RAX: ffffffffffffffda RBX: 00007f6b69fe5fa0 RCX: 00007f6b69d8f6c9 [ 393.597815][T23327] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 393.597822][T23327] RBP: 00007f6b69e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 393.597829][T23327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 393.597836][T23327] R13: 00007f6b69fe6038 R14: 00007f6b69fe5fa0 R15: 00007fff8a7986b8 [ 393.597852][T23327] [ 393.788137][T23333] afs: Unknown parameter '18446744073709551615' [ 393.849345][T23341] bond0: (slave ipvlan3): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 393.854115][T23341] bond0: (slave ipvlan3): The slave device specified does not support setting the MAC address [ 393.859598][T23341] bond0: (slave ipvlan3): Error -95 calling set_mac_address [ 393.874287][T23343] __nla_validate_parse: 7 callbacks suppressed [ 393.874298][T23343] netlink: 40 bytes leftover after parsing attributes in process `syz.5.6796'. [ 393.880154][T23343] 9pnet_virtio: no channels available for device syz [ 393.931680][T23350] rdma_rxe: rxe_newlink: failed to add lo [ 393.935526][T23350] netlink: 'syz.5.6798': attribute type 4 has an invalid length. [ 393.943685][T23350] netlink: 'syz.5.6798': attribute type 4 has an invalid length. [ 394.069774][T23363] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 394.072919][T23363] CPU: 0 UID: 0 PID: 23363 Comm: syz.5.6805 Not tainted syzkaller #0 PREEMPT(full) [ 394.072942][T23363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 394.072954][T23363] Call Trace: [ 394.072961][T23363] [ 394.072968][T23363] dump_stack_lvl+0x16c/0x1f0 [ 394.073001][T23363] sysfs_warn_dup+0x7f/0xa0 [ 394.073026][T23363] sysfs_do_create_link_sd+0x124/0x140 [ 394.073053][T23363] sysfs_create_link+0x61/0xc0 [ 394.073076][T23363] device_add+0x62c/0x1aa0 [ 394.073100][T23363] ? __pfx_device_add+0x10/0x10 [ 394.073120][T23363] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 394.073145][T23363] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 394.073177][T23363] wiphy_register+0x1eb0/0x2b20 [ 394.073195][T23363] ? netdev_run_todo+0x864/0x1320 [ 394.073229][T23363] ? __pfx_wiphy_register+0x10/0x10 [ 394.073264][T23363] ieee80211_register_hw+0x253d/0x4120 [ 394.073294][T23363] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 394.073314][T23363] ? __pfx___debug_object_init+0x10/0x10 [ 394.073345][T23363] ? find_held_lock+0x2b/0x80 [ 394.073388][T23363] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 394.073413][T23363] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 394.073434][T23363] ? __hrtimer_setup+0x176/0x280 [ 394.073457][T23363] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 394.073497][T23363] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 394.073529][T23363] ? __asan_memcpy+0x3c/0x60 [ 394.073558][T23363] hwsim_new_radio_nl+0xba2/0x1330 [ 394.073585][T23363] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 394.073618][T23363] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 394.073639][T23363] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 394.073663][T23363] genl_family_rcv_msg_doit+0x209/0x2f0 [ 394.073684][T23363] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 394.073711][T23363] ? bpf_lsm_capable+0x9/0x10 [ 394.073729][T23363] ? security_capable+0x7e/0x260 [ 394.073757][T23363] ? ns_capable+0xd7/0x110 [ 394.073781][T23363] genl_rcv_msg+0x55c/0x800 [ 394.073802][T23363] ? __pfx_genl_rcv_msg+0x10/0x10 [ 394.073819][T23363] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 394.073853][T23363] netlink_rcv_skb+0x158/0x420 [ 394.073878][T23363] ? __pfx_genl_rcv_msg+0x10/0x10 [ 394.073897][T23363] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 394.073933][T23363] ? netlink_deliver_tap+0x1ae/0xd30 [ 394.073961][T23363] genl_rcv+0x28/0x40 [ 394.073986][T23363] netlink_unicast+0x5aa/0x870 [ 394.074013][T23363] ? __pfx_netlink_unicast+0x10/0x10 [ 394.074050][T23363] netlink_sendmsg+0x8c8/0xdd0 [ 394.074077][T23363] ? __pfx_netlink_sendmsg+0x10/0x10 [ 394.074111][T23363] ____sys_sendmsg+0xa98/0xc70 [ 394.074128][T23363] ? copy_msghdr_from_user+0x10a/0x160 [ 394.074149][T23363] ? __pfx_____sys_sendmsg+0x10/0x10 [ 394.074171][T23363] ? __pfx_futex_wake_mark+0x10/0x10 [ 394.074197][T23363] ___sys_sendmsg+0x134/0x1d0 [ 394.074219][T23363] ? futex_private_hash_put+0x176/0x300 [ 394.074246][T23363] ? __pfx____sys_sendmsg+0x10/0x10 [ 394.074265][T23363] ? __lock_acquire+0x622/0x1c90 [ 394.074326][T23363] __sys_sendmsg+0x16d/0x220 [ 394.074350][T23363] ? __pfx___sys_sendmsg+0x10/0x10 [ 394.074374][T23363] ? __x64_sys_futex+0x1e0/0x4c0 [ 394.074408][T23363] do_syscall_64+0xcd/0xfa0 [ 394.074427][T23363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 394.074446][T23363] RIP: 0033:0x7f6b69d8f6c9 [ 394.074461][T23363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 394.074480][T23363] RSP: 002b:00007f6b6abd4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 394.074498][T23363] RAX: ffffffffffffffda RBX: 00007f6b69fe5fa0 RCX: 00007f6b69d8f6c9 [ 394.074510][T23363] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 394.074527][T23363] RBP: 00007f6b69e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 394.074539][T23363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 394.074550][T23363] R13: 00007f6b69fe6038 R14: 00007f6b69fe5fa0 R15: 00007fff8a7986b8 [ 394.074579][T23363] [ 394.281085][T23369] netlink: 40 bytes leftover after parsing attributes in process `syz.5.6807'. [ 394.285482][T23369] 9pnet_virtio: no channels available for device syz [ 394.331425][T23377] rdma_rxe: rxe_newlink: failed to add lo [ 394.335664][T23377] netlink: 'syz.3.6811': attribute type 4 has an invalid length. [ 394.342587][T23377] netlink: 'syz.3.6811': attribute type 4 has an invalid length. [ 394.638415][T23396] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 394.640959][T23396] CPU: 1 UID: 0 PID: 23396 Comm: syz.3.6818 Not tainted syzkaller #0 PREEMPT(full) [ 394.640975][T23396] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 394.640982][T23396] Call Trace: [ 394.640987][T23396] [ 394.640992][T23396] dump_stack_lvl+0x16c/0x1f0 [ 394.641014][T23396] sysfs_warn_dup+0x7f/0xa0 [ 394.641031][T23396] sysfs_do_create_link_sd+0x124/0x140 [ 394.641048][T23396] sysfs_create_link+0x61/0xc0 [ 394.641062][T23396] device_add+0x62c/0x1aa0 [ 394.641078][T23396] ? __pfx_device_add+0x10/0x10 [ 394.641091][T23396] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 394.641107][T23396] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 394.641128][T23396] wiphy_register+0x1eb0/0x2b20 [ 394.641140][T23396] ? netdev_run_todo+0x864/0x1320 [ 394.641160][T23396] ? __pfx_wiphy_register+0x10/0x10 [ 394.641180][T23396] ieee80211_register_hw+0x253d/0x4120 [ 394.641198][T23396] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 394.641210][T23396] ? __pfx___debug_object_init+0x10/0x10 [ 394.641231][T23396] ? find_held_lock+0x2b/0x80 [ 394.641246][T23396] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 394.641260][T23396] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 394.641271][T23396] ? __hrtimer_setup+0x176/0x280 [ 394.641285][T23396] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 394.641309][T23396] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 394.641326][T23396] ? __asan_memcpy+0x3c/0x60 [ 394.641349][T23396] hwsim_new_radio_nl+0xba2/0x1330 [ 394.641397][T23396] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 394.641418][T23396] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 394.641432][T23396] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 394.641447][T23396] genl_family_rcv_msg_doit+0x209/0x2f0 [ 394.641460][T23396] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 394.641476][T23396] ? bpf_lsm_capable+0x9/0x10 [ 394.641489][T23396] ? security_capable+0x7e/0x260 [ 394.641506][T23396] ? ns_capable+0xd7/0x110 [ 394.641521][T23396] genl_rcv_msg+0x55c/0x800 [ 394.641533][T23396] ? __pfx_genl_rcv_msg+0x10/0x10 [ 394.641544][T23396] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 394.641565][T23396] netlink_rcv_skb+0x158/0x420 [ 394.641580][T23396] ? __pfx_genl_rcv_msg+0x10/0x10 [ 394.641591][T23396] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 394.641613][T23396] ? netlink_deliver_tap+0x1ae/0xd30 [ 394.641631][T23396] genl_rcv+0x28/0x40 [ 394.641646][T23396] netlink_unicast+0x5aa/0x870 [ 394.641664][T23396] ? __pfx_netlink_unicast+0x10/0x10 [ 394.641685][T23396] netlink_sendmsg+0x8c8/0xdd0 [ 394.641704][T23396] ? __pfx_netlink_sendmsg+0x10/0x10 [ 394.641725][T23396] ____sys_sendmsg+0xa98/0xc70 [ 394.641737][T23396] ? copy_msghdr_from_user+0x10a/0x160 [ 394.641751][T23396] ? __pfx_____sys_sendmsg+0x10/0x10 [ 394.641765][T23396] ? __pfx_futex_wake_mark+0x10/0x10 [ 394.641780][T23396] ___sys_sendmsg+0x134/0x1d0 [ 394.641793][T23396] ? futex_private_hash_put+0x176/0x300 [ 394.641811][T23396] ? __pfx____sys_sendmsg+0x10/0x10 [ 394.641824][T23396] ? __lock_acquire+0x622/0x1c90 [ 394.641859][T23396] __sys_sendmsg+0x16d/0x220 [ 394.641874][T23396] ? __pfx___sys_sendmsg+0x10/0x10 [ 394.641888][T23396] ? __x64_sys_futex+0x1e0/0x4c0 [ 394.641907][T23396] do_syscall_64+0xcd/0xfa0 [ 394.641919][T23396] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 394.641930][T23396] RIP: 0033:0x7ffa85f8f6c9 [ 394.641940][T23396] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 394.641952][T23396] RSP: 002b:00007ffa86ee4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 394.641963][T23396] RAX: ffffffffffffffda RBX: 00007ffa861e5fa0 RCX: 00007ffa85f8f6c9 [ 394.641970][T23396] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 394.641976][T23396] RBP: 00007ffa86011f91 R08: 0000000000000000 R09: 0000000000000000 [ 394.641983][T23396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 394.641989][T23396] R13: 00007ffa861e6038 R14: 00007ffa861e5fa0 R15: 00007ffddc40a858 [ 394.642004][T23396] [ 394.652275][T23398] bond0: (slave ipvlan3): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 394.657952][T23400] netlink: 'syz.1.6821': attribute type 21 has an invalid length. [ 394.658993][T23398] bond0: (slave ipvlan3): The slave device specified does not support setting the MAC address [ 394.686946][T23402] Attempt to restore checkpoint with obsolete wellknown handles [ 394.825381][T23398] bond0: (slave ipvlan3): Error -95 calling set_mac_address [ 394.853592][T23405] rdma_rxe: rxe_newlink: failed to add lo [ 394.866420][T23407] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6824'. [ 394.930087][T23416] netlink: 24 bytes leftover after parsing attributes in process `syz.5.6830'. [ 394.938699][T23417] netlink: 44 bytes leftover after parsing attributes in process `syz.4.6827'. [ 394.952431][T23417] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6827'. [ 394.978759][T23416] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=23416 comm=syz.5.6830 [ 394.986502][T23425] netlink: 128 bytes leftover after parsing attributes in process `syz.4.6833'. [ 394.997081][T23427] Attempt to restore checkpoint with obsolete wellknown handles [ 395.036763][T23429] bond0: (slave ipvlan4): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 395.040854][T23429] bond0: (slave ipvlan4): The slave device specified does not support setting the MAC address [ 395.044536][T23429] bond0: (slave ipvlan4): Error -95 calling set_mac_address [ 395.045266][T23434] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6833'. [ 395.199118][ T40] kauditd_printk_skb: 5 callbacks suppressed [ 395.199134][ T40] audit: type=1400 audit(1763508129.957:28934): avc: denied { append } for pid=23453 comm="syz.3.6844" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 395.230163][T23460] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6846'. [ 395.237734][T23464] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6847'. [ 395.241326][T23457] UBIFS error (pid: 23457): cannot open "c:::", error -22 [ 395.247237][T23464] 9pnet_virtio: no channels available for device syz [ 395.316755][T23465] "syz.3.6844" (23465) uses obsolete ecb(arc4) skcipher [ 395.410728][T23483] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 395.414710][T23483] bond0: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 395.418130][T23483] bond0: (slave ipvlan2): Error -95 calling set_mac_address [ 395.659267][T23494] tmpfs: Bad value for 'mpol' [ 395.684729][ T40] audit: type=1400 audit(1763508130.437:28935): avc: denied { connect } for pid=23495 comm="syz.4.6853" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 395.684990][T23496] comedi comedi0: comedi_config --init_data is deprecated [ 395.695355][T23497] comedi comedi0: comedi_config --init_data is deprecated [ 395.697885][T23496] comedi comedi0: comedi_config --init_data is deprecated [ 395.948044][T23538] program syz.4.6871 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 396.028197][T23548] rdma_rxe: rxe_newlink: failed to add lo [ 396.262766][T23575] binder: 23573:23575 unknown command 0 [ 396.264564][T23575] binder: 23573:23575 ioctl c0306201 200000000080 returned -22 [ 396.269066][T23577] rdma_rxe: rxe_newlink: failed to add lo [ 396.307980][ T40] audit: type=1400 audit(1763508131.067:28936): avc: denied { ioctl } for pid=23578 comm="syz.1.6891" path="socket:[144365]" dev="sockfs" ino=144365 ioctlcmd=0x89f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 396.322922][T23586] loop8: detected capacity change from 0 to 7 [ 396.324831][ T40] audit: type=1400 audit(1763508131.077:28937): avc: denied { kexec_image_load } for pid=23584 comm="syz.4.6894" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 396.325293][T23586] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 396.335209][T23586] loop8: partition table partially beyond EOD, truncated [ 396.338379][T23586] loop8: p1 size 3651402975 extends beyond EOD, truncated [ 396.342438][T23586] loop8: p2 start 956478 is beyond EOD, truncated [ 396.431358][T23610] binder: 23609:23610 unknown command 0 [ 396.433251][T23610] binder: 23609:23610 ioctl c0306201 200000000080 returned -22 [ 396.445198][T23612] rdma_rxe: rxe_newlink: failed to add lo [ 396.475988][T23618] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 396.767144][T23644] binder: 23643:23644 unknown command 0 [ 396.769074][T23644] binder: 23643:23644 ioctl c0306201 200000000080 returned -22 [ 396.780981][T23646] tmpfs: Unknown parameter 'ŒŽùº88' [ 396.784213][T23646] syz.5.6915(23646): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 396.998970][T23678] rdma_rxe: rxe_newlink: failed to add lo [ 397.001936][T23678] validate_nla: 12 callbacks suppressed [ 397.001945][T23678] netlink: 'syz.3.6929': attribute type 4 has an invalid length. [ 397.013918][T23678] netlink: 'syz.3.6929': attribute type 4 has an invalid length. [ 397.084072][T23685] tmpfs: Unknown parameter '0xffffffffffffffff' [ 397.156766][T23699] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 397.161753][T23699] bond0: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 397.165961][T23699] bond0: (slave ipvlan2): Error -95 calling set_mac_address [ 397.199206][ T40] audit: type=1400 audit(1763508131.956:28938): avc: denied { bind } for pid=23704 comm="syz.4.6940" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 397.205256][ T40] audit: type=1400 audit(1763508131.956:28939): avc: denied { write } for pid=23704 comm="syz.4.6940" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 397.249111][T23715] binder: 23714:23715 unknown command 0 [ 397.250501][T23704] delete_channel: no stack [ 397.250930][T23715] binder: 23714:23715 ioctl c0306201 200000000080 returned -22 [ 397.274017][T23720] rdma_rxe: rxe_newlink: failed to add lo [ 397.278038][T23720] netlink: 'syz.5.6945': attribute type 4 has an invalid length. [ 397.284190][T23720] netlink: 'syz.5.6945': attribute type 4 has an invalid length. [ 397.288240][ T40] audit: type=1400 audit(1763508132.046:28940): avc: denied { read } for pid=23721 comm="syz.4.6946" name="mice" dev="devtmpfs" ino=939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 397.299161][ T40] audit: type=1400 audit(1763508132.046:28941): avc: denied { open } for pid=23721 comm="syz.4.6946" path="/dev/input/mice" dev="devtmpfs" ino=939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 397.541616][T23755] rdma_rxe: rxe_newlink: failed to add lo [ 397.544705][T23755] netlink: 'syz.5.6962': attribute type 4 has an invalid length. [ 397.549732][T23755] netlink: 'syz.5.6962': attribute type 4 has an invalid length. [ 397.578491][T23758] netlink: 'syz.5.6964': attribute type 10 has an invalid length. [ 397.609046][T23749] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 397.611911][T23749] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 397.614711][T23749] vhci_hcd vhci_hcd.0: Device attached [ 397.867830][ T6018] usb 43-1: new high-speed USB device number 2 using vhci_hcd [ 397.983939][T23788] netlink: 'syz.5.6978': attribute type 21 has an invalid length. [ 398.104625][T23800] Attempt to restore checkpoint with obsolete wellknown handles [ 398.134875][T23802] rdma_rxe: rxe_newlink: failed to add lo [ 398.142893][T23802] netlink: 'syz.1.6974': attribute type 4 has an invalid length. [ 398.150133][T23802] netlink: 'syz.1.6974': attribute type 4 has an invalid length. [ 398.247790][T23813] hugetlbfs: Bad value for 'uid' [ 398.249608][T23813] hugetlbfs: Bad value for 'uid' [ 398.317767][ T29] e1000 0000:00:06.0 eth0: Reset adapter [ 398.339080][T23759] vhci_hcd: connection reset by peer [ 398.340980][ T1149] vhci_hcd: stop threads [ 398.342693][ T1149] vhci_hcd: release socket [ 398.345621][ T1149] vhci_hcd: disconnect device [ 398.409942][T23826] binder: 23824:23826 unknown command 0 [ 398.411809][T23826] binder: 23824:23826 ioctl c0306201 200000000080 returned -22 [ 398.467304][ T29] e1000 0000:00:06.0 eth0: Reset adapter [ 399.126856][ T40] audit: type=1400 audit(1763508133.875:28942): avc: denied { search } for pid=23829 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 399.134184][ T40] audit: type=1400 audit(1763508133.895:28943): avc: denied { search } for pid=23829 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=1897 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 399.969731][ C3] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 400.609717][ T34] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX [ 401.641831][ T40] kauditd_printk_skb: 12 callbacks suppressed [ 401.641848][ T40] audit: type=1400 audit(1763508136.394:28956): avc: denied { recv } for pid=0 comm="swapper/1" saddr=10.0.2.2 src=67 daddr=255.255.255.255 dest=68 netif=eth0 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1 [ 402.999325][ T6018] vhci_hcd: vhci_device speed not set [ 416.662208][ T40] audit: type=1400 audit(1763508151.406:28957): avc: denied { getopt } for pid=23865 comm="syz.1.6998" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 416.678880][T23873] 9pnet_virtio: no channels available for device syz [ 416.783930][T23868] __nla_validate_parse: 13 callbacks suppressed [ 416.783942][T23868] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6998'. [ 416.875454][T23897] binder: 23895:23897 unknown command 0 [ 416.877463][T23897] binder: 23895:23897 ioctl c0306201 200000000080 returned -22 [ 417.105362][T23922] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.7018'. [ 417.106763][T23924] 9pnet_virtio: no channels available for device syz [ 417.143076][T23928] netlink: 830 bytes leftover after parsing attributes in process `syz.5.7022'. [ 417.216507][ T71] usb 8-1: new high-speed USB device number 37 using dummy_hcd [ 417.264017][T23942] Attempt to restore checkpoint with obsolete wellknown handles [ 417.361713][T23953] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7030'. [ 417.376598][ T71] usb 8-1: Using ep0 maxpacket: 8 [ 417.380190][ T71] usb 8-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 417.384695][ T71] usb 8-1: config 0 interface 0 has no altsetting 0 [ 417.387515][ T71] usb 8-1: New USB device found, idVendor=0c70, idProduct=f014, bcdDevice= 0.00 [ 417.390825][ T71] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 417.395735][ T71] usb 8-1: config 0 descriptor?? [ 417.548374][T23963] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 417.551405][T23963] CPU: 2 UID: 0 PID: 23963 Comm: syz.1.7035 Not tainted syzkaller #0 PREEMPT(full) [ 417.551421][T23963] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 417.551428][T23963] Call Trace: [ 417.551439][T23963] [ 417.551444][T23963] dump_stack_lvl+0x16c/0x1f0 [ 417.551479][T23963] sysfs_warn_dup+0x7f/0xa0 [ 417.551495][T23963] sysfs_do_create_link_sd+0x124/0x140 [ 417.551512][T23963] sysfs_create_link+0x61/0xc0 [ 417.551527][T23963] device_add+0x62c/0x1aa0 [ 417.551547][T23963] ? __pfx_device_add+0x10/0x10 [ 417.551560][T23963] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 417.551576][T23963] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 417.551598][T23963] wiphy_register+0x1eb0/0x2b20 [ 417.551611][T23963] ? netdev_run_todo+0x864/0x1320 [ 417.551632][T23963] ? __pfx_wiphy_register+0x10/0x10 [ 417.551651][T23963] ieee80211_register_hw+0x253d/0x4120 [ 417.551670][T23963] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 417.551682][T23963] ? __pfx___debug_object_init+0x10/0x10 [ 417.551705][T23963] ? find_held_lock+0x2b/0x80 [ 417.551719][T23963] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 417.551734][T23963] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 417.551745][T23963] ? __hrtimer_setup+0x176/0x280 [ 417.551759][T23963] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 417.551784][T23963] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 417.551801][T23963] ? __asan_memcpy+0x3c/0x60 [ 417.551819][T23963] hwsim_new_radio_nl+0xba2/0x1330 [ 417.551836][T23963] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 417.551856][T23963] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 417.551868][T23963] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 417.551882][T23963] genl_family_rcv_msg_doit+0x209/0x2f0 [ 417.551895][T23963] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 417.551911][T23963] ? bpf_lsm_capable+0x9/0x10 [ 417.551923][T23963] ? security_capable+0x7e/0x260 [ 417.551940][T23963] ? ns_capable+0xd7/0x110 [ 417.551954][T23963] genl_rcv_msg+0x55c/0x800 [ 417.551967][T23963] ? __pfx_genl_rcv_msg+0x10/0x10 [ 417.551978][T23963] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 417.551996][T23963] ? __lock_acquire+0x622/0x1c90 [ 417.552015][T23963] netlink_rcv_skb+0x158/0x420 [ 417.552031][T23963] ? __pfx_genl_rcv_msg+0x10/0x10 [ 417.552043][T23963] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 417.552065][T23963] ? netlink_deliver_tap+0x1ae/0xd30 [ 417.552082][T23963] genl_rcv+0x28/0x40 [ 417.552098][T23963] netlink_unicast+0x5aa/0x870 [ 417.552123][T23963] ? __pfx_netlink_unicast+0x10/0x10 [ 417.552147][T23963] netlink_sendmsg+0x8c8/0xdd0 [ 417.552166][T23963] ? __pfx_netlink_sendmsg+0x10/0x10 [ 417.552189][T23963] ____sys_sendmsg+0xa98/0xc70 [ 417.552202][T23963] ? copy_msghdr_from_user+0x10a/0x160 [ 417.552217][T23963] ? __pfx_____sys_sendmsg+0x10/0x10 [ 417.552232][T23963] ? __pfx_futex_wake_mark+0x10/0x10 [ 417.552247][T23963] ___sys_sendmsg+0x134/0x1d0 [ 417.552261][T23963] ? futex_private_hash_put+0x176/0x300 [ 417.552278][T23963] ? __pfx____sys_sendmsg+0x10/0x10 [ 417.552292][T23963] ? __lock_acquire+0x622/0x1c90 [ 417.552327][T23963] __sys_sendmsg+0x16d/0x220 [ 417.552341][T23963] ? __pfx___sys_sendmsg+0x10/0x10 [ 417.552355][T23963] ? __x64_sys_futex+0x1e0/0x4c0 [ 417.552374][T23963] do_syscall_64+0xcd/0xfa0 [ 417.552386][T23963] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.552397][T23963] RIP: 0033:0x7f6c2738f6c9 [ 417.552408][T23963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 417.552419][T23963] RSP: 002b:00007f6c28187038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 417.552430][T23963] RAX: ffffffffffffffda RBX: 00007f6c275e5fa0 RCX: 00007f6c2738f6c9 [ 417.552437][T23963] RDX: 0000000000000500 RSI: 0000200000000100 RDI: 0000000000000003 [ 417.552443][T23963] RBP: 00007f6c27411f91 R08: 0000000000000000 R09: 0000000000000000 [ 417.552449][T23963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 417.552456][T23963] R13: 00007f6c275e6038 R14: 00007f6c275e5fa0 R15: 00007ffdff85f5d8 [ 417.552471][T23963] [ 417.829438][ T40] audit: type=1400 audit(1763508152.576:28958): avc: denied { connect } for pid=23965 comm="syz.1.7036" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 417.905343][ T71] usb 8-1: string descriptor 0 read error: -71 [ 417.911818][ T71] usbhid 8-1:0.0: can't add hid device: -71 [ 417.914338][ T71] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 417.919804][ T71] usb 8-1: USB disconnect, device number 37 [ 418.113808][T23992] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7045'. [ 418.142446][ T40] audit: type=1400 audit(1763508152.886:28959): avc: denied { mount } for pid=23993 comm="syz.5.7046" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 418.233402][T24003] tipc: Started in network mode [ 418.235160][T24003] tipc: Node identity aaaaaaaaaa38, cluster identity 4711 [ 418.238386][T24003] tipc: Enabled bearer , priority 21 [ 418.244854][T24003] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 418.323975][T24013] Attempt to restore checkpoint with obsolete wellknown handles [ 418.438113][T24022] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.7058'. [ 418.438122][T24021] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.7058'. [ 418.453272][T24021] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 418.530157][T24037] Attempt to restore checkpoint with obsolete wellknown handles [ 418.564198][T24042] netlink: 'syz.1.7065': attribute type 10 has an invalid length. [ 418.567490][T24041] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 418.624932][T24051] 9pnet_virtio: no channels available for device syz [ 418.794746][T24053] mkiss: ax0: crc mode is auto. [ 418.812382][T24056] gfs2: not a GFS2 filesystem [ 418.848856][T24054] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7070'. [ 418.869168][T24062] binder: 24061:24062 unknown command 0 [ 418.871689][T24062] binder: 24061:24062 ioctl c0306201 200000000080 returned -22 [ 418.952842][T24054] team0: Port device team_slave_0 removed [ 419.045463][T24069] Attempt to restore checkpoint with obsolete wellknown handles [ 419.102199][T24076] Failed to initialize the IGMP autojoin socket (err -2) [ 419.103839][T24077] netlink: 40 bytes leftover after parsing attributes in process `syz.3.7079'. [ 419.112867][T24079] loop8: detected capacity change from 0 to 7 [ 419.115955][T24079] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 419.118669][T24079] loop8: partition table partially beyond EOD, truncated [ 419.121004][T24079] loop8: p1 size 3651402975 extends beyond EOD, truncated [ 419.124067][T24079] loop8: p2 start 956478 is beyond EOD, truncated [ 419.161997][T24083] netlink: 116 bytes leftover after parsing attributes in process `syz.1.7082'. [ 419.166251][T24083] netlink: 'syz.1.7082': attribute type 1 has an invalid length. [ 419.166254][T24082] netlink: 'syz.1.7082': attribute type 1 has an invalid length. [ 419.181094][T24082] 8021q: adding VLAN 0 to HW filter on device bond3 [ 419.249494][ T842] tipc: Node number set to 9611946 [ 419.251677][ T40] audit: type=1400 audit(1763508153.995:28960): avc: denied { connect } for pid=24088 comm="syz.1.7084" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 419.301389][ T40] audit: type=1400 audit(1763508154.045:28961): avc: denied { write } for pid=24088 comm="syz.1.7084" path="socket:[150784]" dev="sockfs" ino=150784 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 419.303394][T24095] afs: Unknown parameter 'dynhspeed [ 419.303394][T24095] ' [ 419.512732][T24116] netlink: 'syz.1.7094': attribute type 10 has an invalid length. [ 419.516665][T24115] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 419.625605][T24134] rdma_rxe: rxe_newlink: failed to add lo [ 419.629448][T24134] netlink: 'syz.5.7101': attribute type 4 has an invalid length. [ 419.636651][T24134] netlink: 'syz.5.7101': attribute type 4 has an invalid length. [ 419.791213][ T5936] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 419.795186][ T5936] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 419.800277][ T5936] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 419.804344][ T5936] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 419.814997][ T5936] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 419.832298][T24152] Failed to initialize the IGMP autojoin socket (err -2) [ 419.877489][T24157] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 420.024611][T24152] chnl_net:caif_netlink_parms(): no params data found [ 420.031864][T24172] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 420.034395][T24172] CPU: 0 UID: 0 PID: 24172 Comm: syz.4.7115 Not tainted syzkaller #0 PREEMPT(full) [ 420.034410][T24172] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 420.034417][T24172] Call Trace: [ 420.034422][T24172] [ 420.034427][T24172] dump_stack_lvl+0x16c/0x1f0 [ 420.034448][T24172] sysfs_warn_dup+0x7f/0xa0 [ 420.034465][T24172] sysfs_do_create_link_sd+0x124/0x140 [ 420.034481][T24172] sysfs_create_link+0x61/0xc0 [ 420.034496][T24172] device_add+0x62c/0x1aa0 [ 420.034512][T24172] ? __pfx_device_add+0x10/0x10 [ 420.034525][T24172] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 420.034541][T24172] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 420.034562][T24172] wiphy_register+0x1eb0/0x2b20 [ 420.034574][T24172] ? netdev_run_todo+0x864/0x1320 [ 420.034594][T24172] ? __pfx_wiphy_register+0x10/0x10 [ 420.034614][T24172] ieee80211_register_hw+0x253d/0x4120 [ 420.034632][T24172] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 420.034645][T24172] ? __pfx___debug_object_init+0x10/0x10 [ 420.034666][T24172] ? find_held_lock+0x2b/0x80 [ 420.034680][T24172] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 420.034695][T24172] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 420.034706][T24172] ? __hrtimer_setup+0x176/0x280 [ 420.034719][T24172] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 420.034744][T24172] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 420.034760][T24172] ? __asan_memcpy+0x3c/0x60 [ 420.034779][T24172] hwsim_new_radio_nl+0xba2/0x1330 [ 420.034796][T24172] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 420.034815][T24172] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 420.034827][T24172] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 420.034842][T24172] genl_family_rcv_msg_doit+0x209/0x2f0 [ 420.034854][T24172] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 420.034870][T24172] ? bpf_lsm_capable+0x9/0x10 [ 420.034882][T24172] ? security_capable+0x7e/0x260 [ 420.034899][T24172] ? ns_capable+0xd7/0x110 [ 420.034913][T24172] genl_rcv_msg+0x55c/0x800 [ 420.034926][T24172] ? __pfx_genl_rcv_msg+0x10/0x10 [ 420.034937][T24172] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 420.034957][T24172] netlink_rcv_skb+0x158/0x420 [ 420.034974][T24172] ? __pfx_genl_rcv_msg+0x10/0x10 [ 420.034985][T24172] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 420.035007][T24172] ? netlink_deliver_tap+0x1ae/0xd30 [ 420.035024][T24172] genl_rcv+0x28/0x40 [ 420.035040][T24172] netlink_unicast+0x5aa/0x870 [ 420.035058][T24172] ? __pfx_netlink_unicast+0x10/0x10 [ 420.035080][T24172] netlink_sendmsg+0x8c8/0xdd0 [ 420.035098][T24172] ? __pfx_netlink_sendmsg+0x10/0x10 [ 420.035120][T24172] ____sys_sendmsg+0xa98/0xc70 [ 420.035131][T24172] ? copy_msghdr_from_user+0x10a/0x160 [ 420.035145][T24172] ? __pfx_____sys_sendmsg+0x10/0x10 [ 420.035159][T24172] ? __pfx_futex_wake_mark+0x10/0x10 [ 420.035175][T24172] ___sys_sendmsg+0x134/0x1d0 [ 420.035188][T24172] ? futex_private_hash_put+0x176/0x300 [ 420.035206][T24172] ? __pfx____sys_sendmsg+0x10/0x10 [ 420.035219][T24172] ? __lock_acquire+0x622/0x1c90 [ 420.035255][T24172] __sys_sendmsg+0x16d/0x220 [ 420.035270][T24172] ? __pfx___sys_sendmsg+0x10/0x10 [ 420.035285][T24172] ? __x64_sys_futex+0x1e0/0x4c0 [ 420.035306][T24172] do_syscall_64+0xcd/0xfa0 [ 420.035317][T24172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.035328][T24172] RIP: 0033:0x7efe64d8f6c9 [ 420.035339][T24172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.035357][T24172] RSP: 002b:00007efe62ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 420.035368][T24172] RAX: ffffffffffffffda RBX: 00007efe64fe5fa0 RCX: 00007efe64d8f6c9 [ 420.035376][T24172] RDX: 000000000e000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 420.035383][T24172] RBP: 00007efe64e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 420.035390][T24172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 420.035397][T24172] R13: 00007efe64fe6038 R14: 00007efe64fe5fa0 R15: 00007ffebc504378 [ 420.035413][T24172] [ 420.206084][T24181] Failed to initialize the IGMP autojoin socket (err -2) [ 420.255716][T24152] bridge0: port 1(bridge_slave_0) entered blocking state [ 420.258978][T24152] bridge0: port 1(bridge_slave_0) entered disabled state [ 420.262036][T24152] bridge_slave_0: entered allmulticast mode [ 420.266081][T24152] bridge_slave_0: entered promiscuous mode [ 420.270765][T24152] bridge0: port 2(bridge_slave_1) entered blocking state [ 420.273060][T24152] bridge0: port 2(bridge_slave_1) entered disabled state [ 420.275543][T24152] bridge_slave_1: entered allmulticast mode [ 420.278916][T24152] bridge_slave_1: entered promiscuous mode [ 420.320665][T24152] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 420.336680][T24152] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 420.412827][T24152] team0: Port device team_slave_0 added [ 420.424664][T24152] team0: Port device team_slave_1 added [ 420.426845][T24196] rdma_rxe: rxe_newlink: failed to add lo [ 420.432445][T24196] netlink: 'syz.4.7121': attribute type 4 has an invalid length. [ 420.482856][T24152] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 420.482985][T24196] netlink: 'syz.4.7121': attribute type 4 has an invalid length. [ 420.485675][T24152] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 420.497466][T24152] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 420.506359][T24152] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 420.510319][T24152] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 420.519615][T24152] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 420.580114][T24152] hsr_slave_0: entered promiscuous mode [ 420.583472][T24152] hsr_slave_1: entered promiscuous mode [ 420.586601][T24203] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 420.590628][T24203] CPU: 1 UID: 0 PID: 24203 Comm: syz.4.7124 Not tainted syzkaller #0 PREEMPT(full) [ 420.590652][T24203] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 420.590663][T24203] Call Trace: [ 420.590670][T24203] [ 420.590677][T24203] dump_stack_lvl+0x16c/0x1f0 [ 420.590708][T24203] sysfs_warn_dup+0x7f/0xa0 [ 420.590732][T24203] sysfs_do_create_link_sd+0x124/0x140 [ 420.590755][T24203] sysfs_create_link+0x61/0xc0 [ 420.590776][T24203] device_add+0x62c/0x1aa0 [ 420.590801][T24203] ? __pfx_device_add+0x10/0x10 [ 420.590821][T24203] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 420.590845][T24203] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 420.590878][T24203] wiphy_register+0x1eb0/0x2b20 [ 420.590896][T24203] ? netdev_run_todo+0x864/0x1320 [ 420.590927][T24203] ? __pfx_wiphy_register+0x10/0x10 [ 420.590960][T24203] ieee80211_register_hw+0x253d/0x4120 [ 420.590991][T24203] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 420.591010][T24203] ? __pfx___debug_object_init+0x10/0x10 [ 420.591042][T24203] ? find_held_lock+0x2b/0x80 [ 420.591066][T24203] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 420.591088][T24203] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 420.591106][T24203] ? __hrtimer_setup+0x176/0x280 [ 420.591128][T24203] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 420.591168][T24203] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 420.591194][T24203] ? __asan_memcpy+0x3c/0x60 [ 420.591224][T24203] hwsim_new_radio_nl+0xba2/0x1330 [ 420.591250][T24203] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 420.591287][T24203] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 420.591308][T24203] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 420.591333][T24203] genl_family_rcv_msg_doit+0x209/0x2f0 [ 420.591353][T24203] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 420.591379][T24203] ? bpf_lsm_capable+0x9/0x10 [ 420.591399][T24203] ? security_capable+0x7e/0x260 [ 420.591425][T24203] ? ns_capable+0xd7/0x110 [ 420.591448][T24203] genl_rcv_msg+0x55c/0x800 [ 420.591468][T24203] ? __pfx_genl_rcv_msg+0x10/0x10 [ 420.591485][T24203] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 420.591519][T24203] netlink_rcv_skb+0x158/0x420 [ 420.591543][T24203] ? __pfx_genl_rcv_msg+0x10/0x10 [ 420.591562][T24203] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 420.591598][T24203] ? netlink_deliver_tap+0x1ae/0xd30 [ 420.591626][T24203] genl_rcv+0x28/0x40 [ 420.591650][T24203] netlink_unicast+0x5aa/0x870 [ 420.591677][T24203] ? __pfx_netlink_unicast+0x10/0x10 [ 420.591711][T24203] netlink_sendmsg+0x8c8/0xdd0 [ 420.591740][T24203] ? __pfx_netlink_sendmsg+0x10/0x10 [ 420.591775][T24203] ____sys_sendmsg+0xa98/0xc70 [ 420.591794][T24203] ? copy_msghdr_from_user+0x10a/0x160 [ 420.591816][T24203] ? __pfx_____sys_sendmsg+0x10/0x10 [ 420.591840][T24203] ? __pfx_futex_wake_mark+0x10/0x10 [ 420.591864][T24203] ___sys_sendmsg+0x134/0x1d0 [ 420.591884][T24203] ? futex_private_hash_put+0x176/0x300 [ 420.591911][T24203] ? __pfx____sys_sendmsg+0x10/0x10 [ 420.591931][T24203] ? __lock_acquire+0x622/0x1c90 [ 420.591990][T24203] __sys_sendmsg+0x16d/0x220 [ 420.592013][T24203] ? __pfx___sys_sendmsg+0x10/0x10 [ 420.592034][T24203] ? __x64_sys_futex+0x1e0/0x4c0 [ 420.592067][T24203] do_syscall_64+0xcd/0xfa0 [ 420.592087][T24203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.592106][T24203] RIP: 0033:0x7efe64d8f6c9 [ 420.592122][T24203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.592140][T24203] RSP: 002b:00007efe62ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 420.592157][T24203] RAX: ffffffffffffffda RBX: 00007efe64fe5fa0 RCX: 00007efe64d8f6c9 [ 420.592169][T24203] RDX: 0000000040000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 420.592180][T24203] RBP: 00007efe64e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 420.592190][T24203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 420.592200][T24203] R13: 00007efe64fe6038 R14: 00007efe64fe5fa0 R15: 00007ffebc504378 [ 420.592226][T24203] [ 420.750468][ C1] vkms_vblank_simulate: vblank timer overrun [ 420.867562][T24152] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 420.870908][T24152] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.887252][T24219] Attempt to restore checkpoint with obsolete wellknown handles [ 420.947259][T24152] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 420.950963][T24152] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 421.060760][T24152] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 421.063874][T24152] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 421.097518][T24235] binder: 24234:24235 unknown command 0 [ 421.098937][ T9] usb 9-1: new high-speed USB device number 23 using dummy_hcd [ 421.100222][T24235] binder: 24234:24235 ioctl c0306201 200000000080 returned -22 [ 421.135729][T24152] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 421.142693][T24152] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 421.259875][ T9] usb 9-1: Using ep0 maxpacket: 8 [ 421.263454][ T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 421.267669][ T9] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 421.273996][ T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.288975][ T9] usb 9-1: config 0 descriptor?? [ 421.300087][T24152] netdevsim netdevsim3 netdevsim0: renamed from eth10 [ 421.307679][T24152] netdevsim netdevsim3 netdevsim1: renamed from eth11 [ 421.315872][T24152] netdevsim netdevsim3 netdevsim2: renamed from eth12 [ 421.326314][T24152] netdevsim netdevsim3 netdevsim3: renamed from eth13 [ 421.498179][ T9] iowarrior 9-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 421.505419][T24152] 8021q: adding VLAN 0 to HW filter on device team0 [ 421.529234][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state [ 421.531525][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 421.548334][T22688] bridge0: port 2(bridge_slave_1) entered blocking state [ 421.551501][T22688] bridge0: port 2(bridge_slave_1) entered forwarding state [ 421.743783][T24152] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 421.844746][ T40] audit: type=1400 audit(1763508156.584:28962): avc: denied { listen } for pid=24315 comm="syz.1.7165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 421.879428][T24152] veth0_vlan: entered promiscuous mode [ 421.887875][T24152] veth1_vlan: entered promiscuous mode [ 421.898784][ T5293] Bluetooth: hci2: command tx timeout [ 421.938227][T24152] veth0_macvtap: entered promiscuous mode [ 421.953071][T24152] veth1_macvtap: entered promiscuous mode [ 421.975838][T24325] netlink: 'syz.1.7168': attribute type 1 has an invalid length. [ 421.979968][T24326] netlink: 'syz.1.7168': attribute type 1 has an invalid length. [ 422.000915][T24325] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address [ 422.005684][T24325] bond4: (slave vxcan3): Error -95 calling set_mac_address [ 422.033574][T24152] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 422.049963][T24152] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 422.057883][T24326] gretap1: entered promiscuous mode [ 422.061382][T24326] bond4: (slave gretap1): making interface the new active one [ 422.063963][T24326] bond4: (slave gretap1): Enslaving as an active interface with an up link [ 422.071615][T24326] macvlan2: entered promiscuous mode [ 422.073243][T24326] macvlan2: entered allmulticast mode [ 422.075341][T24326] bond4: entered promiscuous mode [ 422.077399][T24326] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 422.083141][T24326] bond4: (slave macvlan2): the slave hw address is in use by the bond; giving it the hw address of gretap1 [ 422.090138][T24326] bond4: left promiscuous mode [ 422.109533][T24152] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 422.118352][T24152] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 422.129993][T24152] wireguard: wg0: Could not create IPv4 socket [ 422.133078][T24325] __nla_validate_parse: 8 callbacks suppressed [ 422.133090][T24325] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7168'. [ 422.135156][T24152] wireguard: wg1: Could not create IPv4 socket [ 422.146924][T24152] wireguard: wg2: Could not create IPv4 socket [ 422.260582][T24345] rdma_rxe: rxe_newlink: failed to add lo [ 422.307597][ T40] audit: type=1400 audit(1763508157.044:28963): avc: denied { setopt } for pid=24348 comm="syz.1.7178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 422.388275][T24361] netlink: 4 bytes leftover after parsing attributes in process `syz.5.7183'. [ 422.583597][T24385] sit0: entered promiscuous mode [ 422.590602][T24385] netlink: 1 bytes leftover after parsing attributes in process `syz.5.7191'. [ 422.776747][T24391] SELinux: failed to load policy [ 422.877382][T24403] veth1_macvtap: left promiscuous mode [ 422.879247][T24403] macsec0: entered promiscuous mode [ 422.887838][T24406] Device name not specified. [ 422.887838][T24406] [ 422.909954][T24409] rdma_rxe: rxe_newlink: failed to add lo [ 423.049947][T24414] befs: (nullb0): No write support. Marking filesystem read-only [ 423.054660][T24414] befs: (nullb0): invalid magic header [ 423.794315][ T6023] usb 9-1: USB disconnect, device number 23 [ 423.865251][T24440] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 423.902482][ T40] audit: type=1400 audit(1763508158.643:28964): avc: denied { write } for pid=24441 comm="syz.4.7212" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 423.926736][ T40] audit: type=1400 audit(1763508158.663:28965): avc: denied { getopt } for pid=24446 comm="syz.4.7214" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 423.977386][ T40] audit: type=1400 audit(1763508158.713:28966): avc: denied { write } for pid=24456 comm="syz.1.7218" name="file0" dev="tmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 423.985878][ T40] audit: type=1400 audit(1763508158.713:28967): avc: denied { open } for pid=24456 comm="syz.1.7218" path="/637/file1/file0" dev="tmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 424.023573][T24465] sch_tbf: burst 32852 is lower than device lo mtu (11337746) ! [ 424.081554][T24471] can: request_module (can-proto-4) failed. [ 424.148386][T24481] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 424.169493][T24483] binder: 24482:24483 unknown command 0 [ 424.175209][T24483] binder: 24482:24483 ioctl c0306201 200000000080 returned -22 [ 424.208228][T24487] netlink: 40 bytes leftover after parsing attributes in process `syz.5.7228'. [ 424.234815][T24489] loop8: detected capacity change from 0 to 7 [ 424.237870][T24489] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 424.240825][T24489] loop8: partition table partially beyond EOD, truncated [ 424.243016][T24489] loop8: p1 size 3651402975 extends beyond EOD, truncated [ 424.246032][T24489] loop8: p2 start 956478 is beyond EOD, truncated [ 424.656320][T24507] loop8: detected capacity change from 0 to 7 [ 424.659340][T24507] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 424.662803][T24507] loop8: partition table partially beyond EOD, truncated [ 424.665897][T24507] loop8: p1 size 3651402975 extends beyond EOD, truncated [ 424.673892][T24507] loop8: p2 start 956478 is beyond EOD, truncated [ 424.833905][T24533] loop8: detected capacity change from 0 to 7 [ 424.837232][T24533] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 424.841213][T24533] loop8: partition table partially beyond EOD, truncated [ 424.844164][T24533] loop8: p1 size 3651402975 extends beyond EOD, truncated [ 424.848264][T24533] loop8: p2 start 956478 is beyond EOD, truncated [ 424.916093][T24539] Failed to initialize the IGMP autojoin socket (err -2) [ 424.946323][T24545] Attempt to restore checkpoint with obsolete wellknown handles [ 425.020461][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 425.194239][T24569] binder: 24566:24569 unknown command 0 [ 425.196571][T24569] binder: 24566:24569 ioctl c0306201 200000000080 returned -22 [ 425.242825][T24575] netlink: 36 bytes leftover after parsing attributes in process `syz.1.7265'. [ 425.607021][ T5936] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 425.616011][ T5936] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 425.631984][ T5936] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 425.637473][ T5936] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 425.641222][ T5936] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 425.662878][T24584] Failed to initialize the IGMP autojoin socket (err -2) [ 425.710890][ T5293] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 425.715421][ T5293] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 425.718249][ T5293] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 425.721483][ T5293] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 425.724564][ T5293] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 425.745148][T24586] Failed to initialize the IGMP autojoin socket (err -2) [ 425.923227][T24584] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.030870][T24584] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.134387][T24584] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.139536][T24595] loop8: detected capacity change from 0 to 7 [ 426.145925][T24595] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 426.148885][T24595] loop8: partition table partially beyond EOD, truncated [ 426.151924][T24595] loop8: p1 size 3651402975 extends beyond EOD, truncated [ 426.156317][T24595] loop8: p2 start 956478 is beyond EOD, truncated [ 426.163026][T24594] validate_nla: 6 callbacks suppressed [ 426.163040][T24594] netlink: 'syz.1.7269': attribute type 1 has an invalid length. [ 426.168190][ T5293] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 426.174720][T24594] netlink: 68 bytes leftover after parsing attributes in process `syz.1.7269'. [ 426.175045][ T5293] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 426.182492][ T5293] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 426.186395][ T5293] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 426.190141][ T5293] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 426.307056][T24584] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.321843][T24597] Failed to initialize the IGMP autojoin socket (err -2) [ 426.387890][T24607] binder: 24606:24607 unknown command 0 [ 426.389618][T24607] binder: 24606:24607 ioctl c0306201 200000000080 returned -22 [ 426.455931][ T60] bridge0: port 3(batadv0) entered disabled state [ 426.462932][ T60] bridge_slave_1: left allmulticast mode [ 426.465144][ T60] bridge_slave_1: left promiscuous mode [ 426.466953][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 426.470348][ T60] bridge_slave_0: left allmulticast mode [ 426.472973][ T60] bridge_slave_0: left promiscuous mode [ 426.474824][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 426.531083][ T844] SELinux: failure in sel_netif_sid_slow(), invalid network interface (13) [ 426.638899][T24625] rdma_rxe: rxe_newlink: failed to add lo [ 426.645461][T24627] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7281'. [ 426.651673][T24625] netlink: 'syz.4.7280': attribute type 4 has an invalid length. [ 426.662381][ T60] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 426.677947][ T5936] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 426.683431][ T5936] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 426.688092][ T5936] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 426.692586][ T5936] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 426.695950][ T5936] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 426.704149][T24631] netlink: 'syz.4.7280': attribute type 4 has an invalid length. [ 426.926618][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 426.932580][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 426.938550][ T60] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 426.944385][ T60] bond0 (unregistering): Released all slaves [ 426.950858][ T60] bond1 (unregistering): Released all slaves [ 426.957551][ T60] bond2 (unregistering): Released all slaves [ 426.997705][T24630] sch_tbf: burst 88 is lower than device veth11 mtu (1514) ! [ 427.048355][T24628] Failed to initialize the IGMP autojoin socket (err -2) [ 427.074131][ T60] tipc: Left network mode [ 427.088428][ T40] audit: type=1400 audit(1763508161.821:28968): avc: denied { ioctl } for pid=24636 comm="syz.4.7282" path="socket:[154710]" dev="sockfs" ino=154710 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 427.092653][T24642] loop8: detected capacity change from 0 to 7 [ 427.103923][T24642] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 427.106974][T24642] loop8: partition table partially beyond EOD, truncated [ 427.109870][T24642] loop8: p1 size 3651402975 extends beyond EOD, truncated [ 427.114408][T24642] loop8: p2 start 956478 is beyond EOD, truncated [ 427.163268][T24644] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7285'. [ 427.465375][T24584] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 427.473538][T24584] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 427.480957][T24584] wireguard: wg0: Could not create IPv4 socket [ 427.484918][T24584] wireguard: wg1: Could not create IPv4 socket [ 427.488598][T24584] wireguard: wg2: Could not create IPv4 socket [ 427.821800][T24662] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7288'. [ 427.829643][T24662] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7288'. [ 427.832665][T24663] netlink: 16 bytes leftover after parsing attributes in process `syz.1.7288'. [ 427.835950][T24662] netlink: 92 bytes leftover after parsing attributes in process `syz.1.7288'. [ 427.836282][T24663] netlink: 92 bytes leftover after parsing attributes in process `syz.1.7288'. [ 427.875703][ T5936] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 427.880414][ T5936] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 427.885150][ T5936] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 427.888705][T24669] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 427.890731][ T5936] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 427.892271][T24669] CPU: 1 UID: 0 PID: 24669 Comm: syz.1.7289 Not tainted syzkaller #0 PREEMPT(full) [ 427.892296][T24669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 427.892310][T24669] Call Trace: [ 427.892317][T24669] [ 427.892325][T24669] dump_stack_lvl+0x16c/0x1f0 [ 427.892360][T24669] sysfs_warn_dup+0x7f/0xa0 [ 427.892385][T24669] sysfs_do_create_link_sd+0x124/0x140 [ 427.892412][T24669] sysfs_create_link+0x61/0xc0 [ 427.892436][T24669] device_add+0x62c/0x1aa0 [ 427.892466][T24669] ? __pfx_device_add+0x10/0x10 [ 427.892487][T24669] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 427.892514][T24669] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 427.892548][T24669] wiphy_register+0x1eb0/0x2b20 [ 427.892569][T24669] ? netdev_run_todo+0x864/0x1320 [ 427.892606][T24669] ? __pfx_wiphy_register+0x10/0x10 [ 427.892643][T24669] ieee80211_register_hw+0x253d/0x4120 [ 427.892674][T24669] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 427.892696][T24669] ? __pfx___debug_object_init+0x10/0x10 [ 427.892729][T24669] ? find_held_lock+0x2b/0x80 [ 427.892755][T24669] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 427.892780][T24669] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 427.892801][T24669] ? __hrtimer_setup+0x176/0x280 [ 427.892826][T24669] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 427.892869][T24669] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 427.892898][T24669] ? __asan_memcpy+0x3c/0x60 [ 427.892928][T24669] hwsim_new_radio_nl+0xba2/0x1330 [ 427.892956][T24669] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 427.892988][T24669] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 427.893010][T24669] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 427.893036][T24669] genl_family_rcv_msg_doit+0x209/0x2f0 [ 427.893081][T24669] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 427.893110][T24669] ? bpf_lsm_capable+0x9/0x10 [ 427.893133][T24669] ? security_capable+0x7e/0x260 [ 427.893166][T24669] ? ns_capable+0xd7/0x110 [ 427.893189][T24669] genl_rcv_msg+0x55c/0x800 [ 427.893218][T24669] ? __pfx_genl_rcv_msg+0x10/0x10 [ 427.893237][T24669] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 427.893269][T24669] ? __lock_acquire+0x622/0x1c90 [ 427.893303][T24669] netlink_rcv_skb+0x158/0x420 [ 427.893330][T24669] ? __pfx_genl_rcv_msg+0x10/0x10 [ 427.893348][T24669] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 427.893386][T24669] ? netlink_deliver_tap+0x1ae/0xd30 [ 427.893416][T24669] genl_rcv+0x28/0x40 [ 427.893442][T24669] netlink_unicast+0x5aa/0x870 [ 427.893475][T24669] ? __pfx_netlink_unicast+0x10/0x10 [ 427.893511][T24669] netlink_sendmsg+0x8c8/0xdd0 [ 427.893543][T24669] ? __pfx_netlink_sendmsg+0x10/0x10 [ 427.893582][T24669] ____sys_sendmsg+0xa98/0xc70 [ 427.893601][T24669] ? copy_msghdr_from_user+0x10a/0x160 [ 427.893625][T24669] ? __pfx_____sys_sendmsg+0x10/0x10 [ 427.893651][T24669] ? __pfx_futex_wake_mark+0x10/0x10 [ 427.893680][T24669] ___sys_sendmsg+0x134/0x1d0 [ 427.893701][T24669] ? futex_private_hash_put+0x176/0x300 [ 427.893732][T24669] ? __pfx____sys_sendmsg+0x10/0x10 [ 427.893755][T24669] ? __lock_acquire+0x622/0x1c90 [ 427.893818][T24669] __sys_sendmsg+0x16d/0x220 [ 427.893844][T24669] ? __pfx___sys_sendmsg+0x10/0x10 [ 427.893869][T24669] ? __x64_sys_futex+0x1e0/0x4c0 [ 427.893907][T24669] do_syscall_64+0xcd/0xfa0 [ 427.893929][T24669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.893945][T24669] RIP: 0033:0x7f6c2738f6c9 [ 427.893961][T24669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 427.893979][T24669] RSP: 002b:00007f6c28187038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 427.893998][T24669] RAX: ffffffffffffffda RBX: 00007f6c275e5fa0 RCX: 00007f6c2738f6c9 [ 427.894010][T24669] RDX: 0400000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 427.894022][T24669] RBP: 00007f6c27411f91 R08: 0000000000000000 R09: 0000000000000000 [ 427.894035][T24669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 427.894046][T24669] R13: 00007f6c275e6038 R14: 00007f6c275e5fa0 R15: 00007ffdff85f5d8 [ 427.894072][T24669] [ 428.075742][ T5936] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 428.094968][T24665] Failed to initialize the IGMP autojoin socket (err -2) [ 428.115232][T24683] binder: 24682:24683 unknown command 0 [ 428.117065][T24683] binder: 24682:24683 ioctl c0306201 200000000080 returned -22 [ 428.120783][T24683] binder: 24682:24683 ioctl c0306201 200000000180 returned -14 [ 428.149859][T24686] loop8: detected capacity change from 0 to 7 [ 428.152494][T24686] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 428.155376][T24686] loop8: partition table partially beyond EOD, truncated [ 428.157639][T24686] loop8: p1 size 3651402975 extends beyond EOD, truncated [ 428.162435][T24686] loop8: p2 start 956478 is beyond EOD, truncated [ 428.166945][T24687] fuse: root generation should be zero [ 428.171365][ T40] audit: type=1400 audit(1763508162.901:28969): avc: denied { listen } for pid=24672 comm="syz.1.7291" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 428.549213][T24694] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 428.552917][T24694] CPU: 0 UID: 0 PID: 24694 Comm: syz.4.7299 Not tainted syzkaller #0 PREEMPT(full) [ 428.552941][T24694] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 428.552953][T24694] Call Trace: [ 428.552960][T24694] [ 428.552968][T24694] dump_stack_lvl+0x16c/0x1f0 [ 428.553007][T24694] sysfs_warn_dup+0x7f/0xa0 [ 428.553032][T24694] sysfs_do_create_link_sd+0x124/0x140 [ 428.553079][T24694] sysfs_create_link+0x61/0xc0 [ 428.553103][T24694] device_add+0x62c/0x1aa0 [ 428.553128][T24694] ? __pfx_device_add+0x10/0x10 [ 428.553148][T24694] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 428.553173][T24694] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 428.553206][T24694] wiphy_register+0x1eb0/0x2b20 [ 428.553223][T24694] ? netdev_run_todo+0x864/0x1320 [ 428.553255][T24694] ? __pfx_wiphy_register+0x10/0x10 [ 428.553290][T24694] ieee80211_register_hw+0x253d/0x4120 [ 428.553322][T24694] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 428.553342][T24694] ? __pfx___debug_object_init+0x10/0x10 [ 428.553373][T24694] ? find_held_lock+0x2b/0x80 [ 428.553394][T24694] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 428.553416][T24694] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 428.553432][T24694] ? __hrtimer_setup+0x176/0x280 [ 428.553455][T24694] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 428.553500][T24694] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 428.553531][T24694] ? __asan_memcpy+0x3c/0x60 [ 428.553564][T24694] hwsim_new_radio_nl+0xba2/0x1330 [ 428.553592][T24694] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 428.553628][T24694] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 428.553648][T24694] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 428.553675][T24694] genl_family_rcv_msg_doit+0x209/0x2f0 [ 428.553696][T24694] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 428.553725][T24694] ? bpf_lsm_capable+0x9/0x10 [ 428.553746][T24694] ? security_capable+0x7e/0x260 [ 428.553777][T24694] ? ns_capable+0xd7/0x110 [ 428.553802][T24694] genl_rcv_msg+0x55c/0x800 [ 428.553824][T24694] ? __pfx_genl_rcv_msg+0x10/0x10 [ 428.553843][T24694] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 428.553878][T24694] netlink_rcv_skb+0x158/0x420 [ 428.554013][T24694] ? __pfx_genl_rcv_msg+0x10/0x10 [ 428.554035][T24694] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 428.554075][T24694] ? netlink_deliver_tap+0x1ae/0xd30 [ 428.554104][T24694] genl_rcv+0x28/0x40 [ 428.554128][T24694] netlink_unicast+0x5aa/0x870 [ 428.554156][T24694] ? __pfx_netlink_unicast+0x10/0x10 [ 428.554192][T24694] netlink_sendmsg+0x8c8/0xdd0 [ 428.554222][T24694] ? __pfx_netlink_sendmsg+0x10/0x10 [ 428.554260][T24694] ____sys_sendmsg+0xa98/0xc70 [ 428.554279][T24694] ? copy_msghdr_from_user+0x10a/0x160 [ 428.554304][T24694] ? __pfx_____sys_sendmsg+0x10/0x10 [ 428.554329][T24694] ? __pfx_futex_wake_mark+0x10/0x10 [ 428.554357][T24694] ___sys_sendmsg+0x134/0x1d0 [ 428.554379][T24694] ? futex_private_hash_put+0x176/0x300 [ 428.554407][T24694] ? __pfx____sys_sendmsg+0x10/0x10 [ 428.554429][T24694] ? __lock_acquire+0x622/0x1c90 [ 428.554496][T24694] __sys_sendmsg+0x16d/0x220 [ 428.554521][T24694] ? __pfx___sys_sendmsg+0x10/0x10 [ 428.554544][T24694] ? __x64_sys_futex+0x1e0/0x4c0 [ 428.554580][T24694] do_syscall_64+0xcd/0xfa0 [ 428.554601][T24694] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.554619][T24694] RIP: 0033:0x7efe64d8f6c9 [ 428.554633][T24694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 428.554653][T24694] RSP: 002b:00007efe62ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 428.554671][T24694] RAX: ffffffffffffffda RBX: 00007efe64fe5fa0 RCX: 00007efe64d8f6c9 [ 428.554683][T24694] RDX: 0500000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 428.554696][T24694] RBP: 00007efe64e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 428.554708][T24694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 428.554718][T24694] R13: 00007efe64fe6038 R14: 00007efe64fe5fa0 R15: 00007ffebc504378 [ 428.554747][T24694] [ 428.974970][T24701] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7302'. [ 429.024768][T24705] binder: 24704:24705 unknown command 0 [ 429.026568][T24705] binder: 24704:24705 ioctl c0306201 200000000080 returned -22 [ 429.030186][T24705] binder: 24704:24705 ioctl c0306201 200000000180 returned -14 [ 429.057724][ T40] audit: type=1400 audit(1763508163.790:28970): avc: denied { mounton } for pid=24706 comm="syz.4.7305" path="/577/file1/file0" dev="autofs" ino=154075 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1 [ 429.065292][ T40] audit: type=1400 audit(1763508163.790:28971): avc: denied { watch watch_reads } for pid=24706 comm="syz.4.7305" path="/577/file1" dev="autofs" ino=154074 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1 [ 429.258796][T24714] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7308'. [ 429.801069][T24724] loop8: detected capacity change from 0 to 7 [ 429.804746][T24724] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 429.807845][T24724] loop8: partition table partially beyond EOD, truncated [ 429.810975][T24724] loop8: p1 size 3651402975 extends beyond EOD, truncated [ 429.815795][T24724] loop8: p2 start 956478 is beyond EOD, truncated [ 429.936132][ T60] hsr_slave_0: left promiscuous mode [ 429.942917][ T60] hsr_slave_1: left promiscuous mode [ 429.945805][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 429.948888][ T60] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 429.953162][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 429.956299][ T60] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 429.959174][ T60] batman_adv: batadv0: Interface deactivated: macsec2 [ 429.961299][ T60] batman_adv: batadv0: Removing interface: macsec2 [ 429.989191][ T60] batadv_slave_0: left promiscuous mode [ 429.992247][ T60] veth0_macvtap: left promiscuous mode [ 429.994294][ T60] veth1_vlan: left promiscuous mode [ 429.995985][ T60] veth0_vlan: left promiscuous mode [ 430.145771][ T5293] Bluetooth: hci0: command tx timeout [ 430.711653][ T60] team0 (unregistering): Port device team_slave_1 removed [ 430.799260][ T60] team0 (unregistering): Port device team_slave_0 removed [ 432.223967][ T5293] Bluetooth: hci0: command tx timeout [ 432.624315][ C3] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 432.748948][T24744] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 432.751509][T24744] CPU: 0 UID: 0 PID: 24744 Comm: syz.1.7319 Not tainted syzkaller #0 PREEMPT(full) [ 432.751524][T24744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 432.751531][T24744] Call Trace: [ 432.751536][T24744] [ 432.751541][T24744] dump_stack_lvl+0x16c/0x1f0 [ 432.751564][T24744] sysfs_warn_dup+0x7f/0xa0 [ 432.751579][T24744] sysfs_do_create_link_sd+0x124/0x140 [ 432.751596][T24744] sysfs_create_link+0x61/0xc0 [ 432.751611][T24744] device_add+0x62c/0x1aa0 [ 432.751629][T24744] ? __pfx_device_add+0x10/0x10 [ 432.751641][T24744] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 432.751657][T24744] ? ieee80211_set_bitrate_flags+0x243/0x6b0 [ 432.751678][T24744] wiphy_register+0x1eb0/0x2b20 [ 432.751690][T24744] ? netdev_run_todo+0x864/0x1320 [ 432.751711][T24744] ? __pfx_wiphy_register+0x10/0x10 [ 432.751731][T24744] ieee80211_register_hw+0x253d/0x4120 [ 432.751749][T24744] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 432.751761][T24744] ? __pfx___debug_object_init+0x10/0x10 [ 432.751782][T24744] ? find_held_lock+0x2b/0x80 [ 432.751797][T24744] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 432.751811][T24744] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 432.751823][T24744] ? __hrtimer_setup+0x176/0x280 [ 432.751837][T24744] mac80211_hwsim_new_radio+0x32d8/0x50b0 [ 432.751861][T24744] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 432.751877][T24744] ? __asan_memcpy+0x3c/0x60 [ 432.751896][T24744] hwsim_new_radio_nl+0xba2/0x1330 [ 432.751913][T24744] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 432.751932][T24744] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 432.751944][T24744] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 432.751959][T24744] genl_family_rcv_msg_doit+0x209/0x2f0 [ 432.751971][T24744] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 432.751989][T24744] ? bpf_lsm_capable+0x9/0x10 [ 432.752002][T24744] ? security_capable+0x7e/0x260 [ 432.752019][T24744] ? ns_capable+0xd7/0x110 [ 432.752034][T24744] genl_rcv_msg+0x55c/0x800 [ 432.752047][T24744] ? __pfx_genl_rcv_msg+0x10/0x10 [ 432.752058][T24744] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 432.752075][T24744] ? __lock_acquire+0x622/0x1c90 [ 432.752094][T24744] netlink_rcv_skb+0x158/0x420 [ 432.752110][T24744] ? __pfx_genl_rcv_msg+0x10/0x10 [ 432.752121][T24744] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 432.752143][T24744] ? netlink_deliver_tap+0x1ae/0xd30 [ 432.752161][T24744] genl_rcv+0x28/0x40 [ 432.752176][T24744] netlink_unicast+0x5aa/0x870 [ 432.752193][T24744] ? __pfx_netlink_unicast+0x10/0x10 [ 432.752215][T24744] netlink_sendmsg+0x8c8/0xdd0 [ 432.752240][T24744] ? __pfx_netlink_sendmsg+0x10/0x10 [ 432.752264][T24744] ____sys_sendmsg+0xa98/0xc70 [ 432.752276][T24744] ? copy_msghdr_from_user+0x10a/0x160 [ 432.752292][T24744] ? __pfx_____sys_sendmsg+0x10/0x10 [ 432.752307][T24744] ? __pfx_futex_wake_mark+0x10/0x10 [ 432.752324][T24744] ___sys_sendmsg+0x134/0x1d0 [ 432.752338][T24744] ? futex_private_hash_put+0x176/0x300 [ 432.752356][T24744] ? __pfx____sys_sendmsg+0x10/0x10 [ 432.752369][T24744] ? __lock_acquire+0x622/0x1c90 [ 432.752405][T24744] __sys_sendmsg+0x16d/0x220 [ 432.752420][T24744] ? __pfx___sys_sendmsg+0x10/0x10 [ 432.752434][T24744] ? __x64_sys_futex+0x1e0/0x4c0 [ 432.752453][T24744] do_syscall_64+0xcd/0xfa0 [ 432.752465][T24744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.752476][T24744] RIP: 0033:0x7f6c2738f6c9 [ 432.752486][T24744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 432.752497][T24744] RSP: 002b:00007f6c28187038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 432.752508][T24744] RAX: ffffffffffffffda RBX: 00007f6c275e5fa0 RCX: 00007f6c2738f6c9 [ 432.752516][T24744] RDX: 0e00000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 432.752523][T24744] RBP: 00007f6c27411f91 R08: 0000000000000000 R09: 0000000000000000 [ 432.752529][T24744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 432.752537][T24744] R13: 00007f6c275e6038 R14: 00007f6c275e5fa0 R15: 00007ffdff85f5d8 [ 432.752553][T24744] [ 432.791205][T24746] netlink: 'syz.1.7320': attribute type 10 has an invalid length. [ 432.901991][T24745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 433.435543][T24749] Attempt to restore checkpoint with obsolete wellknown handles [ 433.500687][ T5936] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 433.504286][ T5936] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 433.508120][ T5936] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 433.511457][ T5936] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 433.514011][ T5936] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 433.519334][T24758] rdma_rxe: rxe_newlink: failed to add lo [ 433.521824][T24758] netlink: 'syz.1.7324': attribute type 4 has an invalid length. [ 433.528375][T24758] netlink: 'syz.1.7324': attribute type 4 has an invalid length. [ 433.529633][T24755] Failed to initialize the IGMP autojoin socket (err -2) [ 433.610724][T24665] netdevsim netdevsim3 netdevsim0: renamed from eth14 [ 433.619976][T24665] netdevsim netdevsim3 netdevsim1: renamed from eth15 [ 433.645366][T24665] netdevsim netdevsim3 netdevsim2: renamed from eth16 [ 433.659128][T24665] netdevsim netdevsim3 netdevsim3: renamed from eth17 [ 433.881225][ T5936] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 433.896665][ T5936] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 433.900792][T24665] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 433.904906][ T5936] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 433.909606][T24665] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 433.909765][ T5936] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 433.916449][T24665] wireguard: wg0: Could not create IPv4 socket [ 433.918870][ T5936] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 433.920401][T24665] wireguard: wg1: Could not create IPv4 socket [ 433.925584][T24665] wireguard: wg2: Could not create IPv4 socket [ 433.928811][T24792] netlink: 'syz.1.7330': attribute type 10 has an invalid length. [ 433.950972][T24791] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 433.964022][T24788] Failed to initialize the IGMP autojoin socket (err -2) [ 434.795152][ T844] usb 6-1: new high-speed USB device number 45 using dummy_hcd [ 434.949208][T24788] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 434.957003][T24788] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 434.959015][ T844] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 434.964365][T24788] wireguard: wg0: Could not create IPv4 socket [ 434.966450][ T844] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.971182][T24788] wireguard: wg1: Could not create IPv4 socket [ 434.971945][ T844] usb 6-1: Product: syz [ 434.975980][T24788] wireguard: wg2: Could not create IPv4 socket [ 434.976498][ T844] usb 6-1: Manufacturer: syz [ 434.980529][ T844] usb 6-1: SerialNumber: syz [ 434.984663][ T844] usb 6-1: config 0 descriptor?? [ 435.190246][T24795] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7331'. [ 435.218715][ T5935] usb 6-1: USB disconnect, device number 45 [ 435.781433][T24810] Attempt to restore checkpoint with obsolete wellknown handles [ 435.832275][T24812] overlayfs: failed lookup in lower (newroot/701, name='file0', err=-40): overlapping layers [ 435.841423][T24812] [ 435.842230][T24812] ====================================================== [ 435.844734][T24812] WARNING: possible circular locking dependency detected [ 435.846919][T24812] syzkaller #0 Not tainted [ 435.848396][T24812] ------------------------------------------------------ SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 435.848401][ T40] audit: type=1400 audit(1763508170.587:28972): avc: denied { write } for pid=5880 comm="syz-executor" path="pipe:[5995]" dev="pipefs" ino=5995 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 435.853002][T24812] syz.1.7334/24812 is trying to acquire lock: [ 435.853018][T24812] ffff888059226858 (&ovl_i_mutex_dir_key[depth]){++++}-{4:4}, at: walk_component+0x345/0x5b0 [ 435.865679][T24812] [ 435.865679][T24812] but task is already holding lock: [ 435.867872][T24812] ffff888032e11888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 435.870646][T24812] [ 435.870646][T24812] which lock already depends on the new lock. [ 435.870646][T24812] [ 435.874187][T24812] [ 435.874187][T24812] the existing dependency chain (in reverse order) is: [ 435.877018][T24812] [ 435.877018][T24812] -> #4 (&of->mutex){+.+.}-{4:4}: [ 435.879239][T24812] __mutex_lock+0x193/0x1060 [ 435.880958][T24812] kernfs_seq_start+0x4f/0x2a0 [ 435.883075][T24812] traverse.part.0.constprop.0+0xaf/0x650 [ 435.885546][T24812] seq_read_iter+0x93c/0x12d0 [ 435.887708][T24812] kernfs_fop_read_iter+0x46c/0x610 [ 435.890094][T24812] copy_splice_read+0x618/0xc20 [ 435.892345][T24812] do_splice_read+0x285/0x370 [ 435.894481][T24812] splice_direct_to_actor+0x2a1/0xa30 [ 435.896889][T24812] do_splice_direct+0x174/0x240 [ 435.899107][T24812] do_sendfile+0xb06/0xe50 [ 435.901175][T24812] __x64_sys_sendfile64+0x1d8/0x220 [ 435.903482][T24812] do_syscall_64+0xcd/0xfa0 [ 435.905536][T24812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.908102][T24812] [ 435.908102][T24812] -> #3 (&p->lock){+.+.}-{4:4}: [ 435.911017][T24812] __mutex_lock+0x193/0x1060 [ 435.913166][T24812] seq_read_iter+0xe1/0x12d0 [ 435.915310][T24812] kernfs_fop_read_iter+0x46c/0x610 [ 435.917661][T24812] copy_splice_read+0x618/0xc20 [ 435.919837][T24812] do_splice_read+0x285/0x370 [ 435.921971][T24812] splice_file_to_pipe+0x109/0x120 [ 435.924285][T24812] do_sendfile+0x400/0xe50 [ 435.926341][T24812] __x64_sys_sendfile64+0x1d8/0x220 [ 435.928714][T24812] do_syscall_64+0xcd/0xfa0 [ 435.930842][T24812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.933400][T24812] [ 435.933400][T24812] -> #2 (&pipe->mutex){+.+.}-{4:4}: [ 435.936386][T24812] __mutex_lock+0x193/0x1060 [ 435.938501][T24812] pipe_lock+0x64/0x80 [ 435.940380][T24812] iter_file_splice_write+0x1ea/0x12e0 [ 435.942880][T24812] do_splice+0x1478/0x1fc0 [ 435.944964][T24812] __do_splice+0x32a/0x360 [ 435.947066][T24812] __x64_sys_splice+0x187/0x250 [ 435.949167][T24812] do_syscall_64+0xcd/0xfa0 [ 435.950764][T24812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.952953][T24812] [ 435.952953][T24812] -> #1 (sb_writers#6){.+.+}-{0:0}: [ 435.955552][T24812] mnt_want_write+0x6f/0x450 [ 435.957114][T24812] ovl_xattr_set+0x137/0x550 [ 435.958853][T24812] ovl_own_xattr_set+0x86/0xd0 [ 435.960512][T24812] __vfs_setxattr+0x175/0x1e0 [ 435.962520][T24812] __vfs_setxattr_noperm+0x127/0x660 [ 435.964400][T24812] __vfs_setxattr_locked+0x182/0x260 [ 435.966426][T24812] vfs_setxattr+0x145/0x360 [ 435.968158][T24812] do_setxattr+0x145/0x180 [ 435.969913][T24812] filename_setxattr+0x16b/0x1d0 [ 435.971905][T24812] path_setxattrat+0x1de/0x2a0 [ 435.973773][T24812] __x64_sys_lsetxattr+0xc9/0x140 [ 435.975558][T24812] do_syscall_64+0xcd/0xfa0 [ 435.977421][T24812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.979439][T24812] [ 435.979439][T24812] -> #0 (&ovl_i_mutex_dir_key[depth]){++++}-{4:4}: [ 435.982476][T24812] __lock_acquire+0x126f/0x1c90 [ 435.984280][T24812] lock_acquire+0x179/0x350 [ 435.986025][T24812] down_read+0x9b/0x480 [ 435.987670][T24812] walk_component+0x345/0x5b0 [ 435.989399][T24812] path_lookupat+0x142/0x6d0 [ 435.991273][T24812] filename_lookup+0x224/0x5f0 [ 435.992927][T24812] kern_path+0x35/0x50 [ 435.994660][T24812] lookup_bdev+0xd8/0x280 [ 435.996188][T24812] resume_store+0x1d6/0x460 [ 435.998042][T24812] kobj_attr_store+0x58/0x80 [ 435.999675][T24812] sysfs_kf_write+0xf2/0x150 [ 436.001603][T24812] kernfs_fop_write_iter+0x3af/0x570 [ 436.003615][T24812] vfs_write+0x7d3/0x11d0 [ 436.005240][T24812] ksys_write+0x12a/0x250 [ 436.007032][T24812] do_syscall_64+0xcd/0xfa0 [ 436.008614][T24812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.010909][T24812] [ 436.010909][T24812] other info that might help us debug this: [ 436.010909][T24812] [ 436.014326][T24812] Chain exists of: [ 436.014326][T24812] &ovl_i_mutex_dir_key[depth] --> &p->lock --> &of->mutex [ 436.014326][T24812] [ 436.018588][T24812] Possible unsafe locking scenario: [ 436.018588][T24812] [ 436.021227][T24812] CPU0 CPU1 [ 436.023170][T24812] ---- ---- [ 436.024830][T24812] lock(&of->mutex); [ 436.026368][T24812] lock(&p->lock); [ 436.028489][T24812] lock(&of->mutex); [ 436.030758][T24812] rlock(&ovl_i_mutex_dir_key[depth]); [ 436.032794][T24812] [ 436.032794][T24812] *** DEADLOCK *** [ 436.032794][T24812] [ 436.035573][T24812] 4 locks held by syz.1.7334/24812: [ 436.037199][T24812] #0: ffff8880249162b8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 436.040297][T24812] #1: ffff88802ca90420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 436.043373][T24812] #2: ffff888032e11888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x570 [ 436.046643][T24812] #3: ffff88801ee880f8 (kn->active#68){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2ff/0x570 [ 436.050067][T24812] [ 436.050067][T24812] stack backtrace: [ 436.052400][T24812] CPU: 0 UID: 0 PID: 24812 Comm: syz.1.7334 Not tainted syzkaller #0 PREEMPT(full) [ 436.052423][T24812] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 436.052435][T24812] Call Trace: [ 436.052444][T24812] [ 436.052453][T24812] dump_stack_lvl+0x116/0x1f0 [ 436.052482][T24812] print_circular_bug+0x275/0x350 [ 436.052507][T24812] check_noncircular+0x14c/0x170 [ 436.052525][T24812] __lock_acquire+0x126f/0x1c90 [ 436.052544][T24812] lock_acquire+0x179/0x350 [ 436.052553][T24812] ? walk_component+0x345/0x5b0 [ 436.052571][T24812] ? __pfx___might_resched+0x10/0x10 [ 436.052584][T24812] ? try_to_unlazy+0x24e/0x660 [ 436.052600][T24812] down_read+0x9b/0x480 [ 436.052611][T24812] ? walk_component+0x345/0x5b0 [ 436.052627][T24812] ? __pfx_down_read+0x10/0x10 [ 436.052638][T24812] ? lookup_fast+0x156/0x610 [ 436.052654][T24812] walk_component+0x345/0x5b0 [ 436.052670][T24812] path_lookupat+0x142/0x6d0 [ 436.052681][T24812] filename_lookup+0x224/0x5f0 [ 436.052691][T24812] ? __pfx_filename_lookup+0x10/0x10 [ 436.052706][T24812] ? getname_kernel+0x52/0x370 [ 436.052719][T24812] ? __asan_memcpy+0x3c/0x60 [ 436.052735][T24812] kern_path+0x35/0x50 [ 436.052745][T24812] lookup_bdev+0xd8/0x280 [ 436.052758][T24812] ? __pfx_lookup_bdev+0x10/0x10 [ 436.052770][T24812] ? __asan_memcpy+0x3c/0x60 [ 436.052786][T24812] resume_store+0x1d6/0x460 [ 436.052798][T24812] ? __pfx_resume_store+0x10/0x10 [ 436.052812][T24812] ? find_held_lock+0x2b/0x80 [ 436.052825][T24812] ? __pfx_resume_store+0x10/0x10 [ 436.052837][T24812] kobj_attr_store+0x58/0x80 [ 436.052847][T24812] ? __pfx_kobj_attr_store+0x10/0x10 [ 436.052856][T24812] sysfs_kf_write+0xf2/0x150 [ 436.052869][T24812] kernfs_fop_write_iter+0x3af/0x570 [ 436.052879][T24812] ? __pfx_sysfs_kf_write+0x10/0x10 [ 436.052891][T24812] vfs_write+0x7d3/0x11d0 [ 436.052901][T24812] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 436.052911][T24812] ? __pfx___mutex_lock+0x10/0x10 [ 436.052926][T24812] ? __pfx_vfs_write+0x10/0x10 [ 436.052939][T24812] ksys_write+0x12a/0x250 [ 436.052948][T24812] ? __pfx_ksys_write+0x10/0x10 [ 436.052959][T24812] do_syscall_64+0xcd/0xfa0 [ 436.052990][T24812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.053005][T24812] RIP: 0033:0x7f6c2738f6c9 [ 436.053015][T24812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 436.053026][T24812] RSP: 002b:00007f6c28187038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 436.053036][T24812] RAX: ffffffffffffffda RBX: 00007f6c275e5fa0 RCX: 00007f6c2738f6c9 [ 436.053042][T24812] RDX: 0000000000000012 RSI: 00002000000000c0 RDI: 0000000000000006 [ 436.053049][T24812] RBP: 00007f6c27411f91 R08: 0000000000000000 R09: 0000000000000000 [ 436.053055][T24812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 436.053061][T24812] R13: 00007f6c275e6038 R14: 00007f6c275e5fa0 R15: 00007ffdff85f5d8 [ 436.053071][T24812] [ 436.186701][T24812] PM: Image not found (code -6) [ 436.910836][T22685] bridge_slave_1: left allmulticast mode [ 436.912456][T22685] bridge_slave_1: left promiscuous mode [ 436.914380][T22685] bridge0: port 2(bridge_slave_1) entered disabled state [ 436.917384][T22685] bridge_slave_0: left allmulticast mode [ 436.919230][T22685] bridge_slave_0: left promiscuous mode [ 436.920911][T22685] bridge0: port 1(bridge_slave_0) entered disabled state [ 437.008395][T22685] bond4 (unregistering): (slave gretap1): Releasing active interface [ 437.572735][T22685] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 437.575960][T22685] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 437.579377][T22685] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 437.582188][T22685] bond0 (unregistering): Released all slaves [ 437.651592][T22685] bond1 (unregistering): (slave veth5): Releasing active interface [ 437.654074][T22685] vlan3: entered promiscuous mode [ 437.656318][T22685] bond1 (unregistering): (slave vlan3): Releasing active interface [ 437.659267][T22685] bond1 (unregistering): Released all slaves [ 437.727788][T22685] bond2 (unregistering): Released all slaves [ 437.796214][T22685] bond3 (unregistering): Released all slaves [ 437.800054][T22685] bond4 (unregistering): Released all slaves [ 437.857970][T22685] tipc: Disabling bearer [ 437.864600][T22685] tipc: Left network mode [ 439.571414][T22685] hsr_slave_0: left promiscuous mode [ 439.574245][T22685] hsr_slave_1: left promiscuous mode [ 439.576849][T22685] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 439.580427][T22685] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 440.269236][T22685] team0 (unregistering): Port device team_slave_1 removed [ 440.338672][T22685] team0 (unregistering): Port device team_slave_0 removed [ 441.174498][T22685] IPVS: stop unused estimator thread 0... VM DIAGNOSIS: 19:53:47 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000038 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85296435 RDI=ffffffff9add8780 RBP=ffffffff9add8740 RSP=ffffc90006ea70d8 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=0000000000000038 R14=ffffffff9add8740 R15=ffffffff852963d0 RIP=ffffffff8529645f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f6c281876c0 ffffffff 00c00000 GS =0000 ffff8880d6a08000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c3014fd CR3=00000000121ce000 CR4=00352ef0 DR0=ffffffffffffffff DR1=00000000000001f8 DR2=0000000000000083 DR3=ffffffffefffff15 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000ffffff80 Opmask01=0000000001000001 Opmask02=0000000002fefcfe Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c27413050 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c2741305d ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c27413057 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c2741306b ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c274130f1 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c274131cf ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c275b74a8 00007f6c275b74a0 00007f6c275b7498 00007f6c275b7470 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c2811d100 00007f6c275b7460 00007f6c275b7478 00007f6c275b74c0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c275b74b8 00007f6c275b74b0 00007f6c275b74a8 00007f6c275b74a0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000080 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=ffff88806a7426e0 RCX=ffffffff81b100e1 RDX=ffff88802ba32480 RSI=ffffffff81b100bb RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc90003c7f4c0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=dffffc0000000000 R13=ffffed100d4e84dd R14=0000000000000001 R15=0000000000000003 RIP=ffffffff81b100bd RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6b08000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fd00c517d60 CR3=000000000e182000 CR4=00352ef0 DR0=ffffffffffffffff DR1=00000000000001f8 DR2=0000000000000083 DR3=ffffffffefffff15 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000002020004 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd00b9b76c3 00007fd00b9b76c3 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffce048c170 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555588525c58 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fd00b9b7d20 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555588538ef2 0000555588538a50 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555588527ed8 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1000408010000eaa c08004060141c602 f410000004010800 06017cf87a39033a ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0100100040801000 0eaac08004060141 c602f41000000401 080006017cf87a39 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 033a8380daf1d941 7ebec7fc47b88cf2 f8547a81211ffec3 9a27ea89e592ef21 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 583926f71e5bc136 0faae69d75627187 5c8fa196ec0ad2e7 379c1627ab3d875e ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 94c27f3fa0acd204 0c00000000000000 04c7847c8c39a677 2cf62bdddda3e39f ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000024333c RBX=0000000000000002 RCX=ffffffff8b60a2a9 RDX=ffffed100d4c6656 RSI=ffffffff8bf06fc0 RDI=ffffffff8192579d RBP=ffffed1003bd4920 RSP=ffffc90000187de8 R8 =0000000000000000 R9 =ffffed100d4c6655 R10=ffff88806a6332ab R11=0000000000000000 R12=0000000000000002 R13=ffff88801dea4900 R14=ffffffff90820cd0 R15=0000000000000000 RIP=ffffffff8b608d5f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6c08000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055555a084808 CR3=000000004e033000 CR4=00352ef0 DR0=ffffffffffffffff DR1=00000000000001f8 DR2=0000000000000083 DR3=ffffffffefffff15 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000080040001 Opmask01=0000000001000001 Opmask02=0000000002fefcfe Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdff85f960 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c27413050 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c2741305d ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c27413057 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c2741306b ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c274130f1 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c274131cf ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0063696e61703d73 726f727265006f72 2d746e756f6d6572 3d73726f72726500 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00464c4b44551856 574a575740004a57 08514b504a484057 1856574a57574000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000080 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=00000000000000f0 RCX=ffffffff819bf1c1 RDX=ffff88801d338000 RSI=ffffffff819bf1af RDI=0000000000000001 RBP=0000000000000001 RSP=ffffc9000078fb88 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=1ffff920000f1f73 R13=0000000000000200 R14=ffff88804d77a480 R15=ffffc9000078fc50 RIP=ffffffff819bf1b8 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6d08000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f6c28186f98 CR3=00000000121ce000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000001000001 Opmask02=0000000002fefcfe Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c27413050 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c2741305d ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c27413057 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c2741306b ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c274130f1 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c274131cf ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c275b74a8 00007f6c275b74a0 00007f6c275b7498 00007f6c275b7470 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c2811d100 00007f6c275b7460 00007f6c275b7478 00007f6c275b74c0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f6c275b74b8 00007f6c275b74b0 00007f6c275b74a8 00007f6c275b74a0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 0000000000000080 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000