last executing test programs: 20.733283314s ago: executing program 1 (id=2921): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) r4 = landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0) landlock_restrict_self(r4, 0x0) r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = landlock_create_ruleset(&(0x7f0000000140)={0x0, 0x0, 0x2}, 0xfffffffffffffe3f, 0x1) r7 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000000)=0xd) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r7, r8, 0x0, 0x2000fb) ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000300)=0x11) landlock_restrict_self(r6, 0x0) ptrace(0x10, r5) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010100000000fbdbdf252b00000008000300", @ANYRES32=r3, @ANYBLOB="0a0034000101ea019dea0000080026006c090000040008010500cc00"], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x20004800) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000640)="d8000000180081054e81f783db4cb9040a1d080006007c09e8fc55a10a0015000600142603600e1208000f0000000401a800080008000c4004000000035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d93337568b26948fc700870ec38edc9761fdc", 0xd8}], 0x1}, 0x0) 20.221712084s ago: executing program 1 (id=2932): mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000000)='rpc_pipefs\x00', 0x7, &(0x7f0000000100)='barrier') 20.217337426s ago: executing program 1 (id=2935): r0 = socket$inet6(0xa, 0x800, 0x8) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffff, 0x2}, 0x6) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff8000}]}) close_range(r2, 0xffffffffffffffff, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000240)=0x5, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0xfffe, 0x8, @mcast2, 0x9}, 0x1c) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="780000001000010400"/20, @ANYRES32=r5, @ANYBLOB="60300300001400005800128009000100626f6e6400000000480002802c0008"], 0x78}}, 0x0) r6 = socket$inet6(0xa, 0x3, 0xff) setsockopt$sock_int(r6, 0x1, 0xd, &(0x7f0000000040)=0x1, 0x4) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 13.762565865s ago: executing program 1 (id=2941): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x404c000}, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000d00)={0x0, 0x0, 0x0}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000440)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x5, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x37}, {[@generic={0x83, 0x2}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x0, 0x1}}}}}}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480b0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) r4 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) bind$netlink(r6, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r6, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x1, 0x803, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r9, @ANYBLOB="3faf4dcad8e59ea7af47cdeefa4993fd7669022721986e292266fa51b6b7884d3b1cbcc20d657616f112d5b6a1afe068a180f248c284266d7d05d75203d620bd5e230fdf59c426bec941eb3979c3194c8db3b811f4ac12e03fca5344f4557dbd2c4309340dcc140f553b5913552ac88b4df06dbf894b4de6ada2505a4bc3a2d443ec4499df572696e327f1a4a50aabea049313844a3e9181eaf2bb1f7598a640f129da00de96923b61d1351776a956174d5aeb22b1f0074d71948798"], 0x44}}, 0x0) 6.453597304s ago: executing program 1 (id=2941): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x404c000}, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000d00)={0x0, 0x0, 0x0}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000440)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x5, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x37}, {[@generic={0x83, 0x2}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x0, 0x1}}}}}}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480b0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) r4 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) bind$netlink(r6, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r6, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x1, 0x803, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r9, @ANYBLOB="3faf4dcad8e59ea7af47cdeefa4993fd7669022721986e292266fa51b6b7884d3b1cbcc20d657616f112d5b6a1afe068a180f248c284266d7d05d75203d620bd5e230fdf59c426bec941eb3979c3194c8db3b811f4ac12e03fca5344f4557dbd2c4309340dcc140f553b5913552ac88b4df06dbf894b4de6ada2505a4bc3a2d443ec4499df572696e327f1a4a50aabea049313844a3e9181eaf2bb1f7598a640f129da00de96923b61d1351776a956174d5aeb22b1f0074d71948798"], 0x44}}, 0x0) 2.592893976s ago: executing program 0 (id=3191): syz_80211_inject_frame(0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506333f8000009effffffffffff080211000001"], 0x6f4}}, 0x0) 2.590251812s ago: executing program 2 (id=3193): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a80)=@newsa={0x164, 0x10, 0x713, 0x70bd26, 0x0, {{@in=@rand_addr=0x64010101, @in=@dev={0xac, 0x14, 0x14, 0x13}, 0x4e22, 0x0, 0x4e23, 0x3, 0x2, 0x0, 0x0, 0x3a, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x0, 0x32}, @in6=@local, {0x0, 0x0, 0x8, 0xa, 0x6, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x2, 0xfffffffffffffff8}, {0xc, 0x0, 0x2}, 0x70bd29, 0x6000000, 0x2, 0x1, 0x0, 0x28}, [@algo_aead={0x68, 0x12, {{'rfc4543(gcm(aes))\x00'}, 0xe0, 0x80, "316f74ee01053deb73fc018493cc120927a9bca207831b9a720000aa"}}, @offload={0xc, 0x1c, {0x0, 0x1}}]}, 0x164}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 2.518746474s ago: executing program 2 (id=3194): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000002feffff720af0fff8ffffff71a4f0ff00000000711000ffe40000001d400500000000004704000001ed00000f030000000000001d44000000000000620a00fe040026ca7203000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350844ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0xffffffffffffffb9}, 0x48) 2.516930098s ago: executing program 2 (id=3195): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x500, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x42, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) ptrace(0x4210, r4) sched_setscheduler(r4, 0x6, &(0x7f0000000200)=0x9) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1200000009000000040000000200000000000000", @ANYRESHEX=r2, @ANYRESOCT=r4, @ANYRES32=0x0, @ANYRES32, @ANYRES16=r3], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r5}, &(0x7f0000000040), &(0x7f0000000140)=r3}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r5}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r3}, 0x20) close_range(r1, 0xffffffffffffffff, 0x0) r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r7 = dup(r6) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r7, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, 0x0}], 0x1, 0x72, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r9, 0x4018620d, &(0x7f0000000100)) r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r11 = dup3(r10, r9, 0x0) r12 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r12, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r12, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r11, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r11, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r12, 0xc0306201, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000a40)="376e5cf9"}) ioctl$KVM_RUN(r8, 0xae80, 0x0) 2.311941147s ago: executing program 2 (id=3197): r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'geneve1\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="5800000010000300"/20, @ANYRES32=r2, @ANYBLOB="00000000000000001c0012800b00200067656e65766500000c00028005000400010000001c001a8018000a80140007"], 0x58}, 0x1, 0x2}, 0x80) 2.310935364s ago: executing program 2 (id=3198): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r2], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0) r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000400)={r1, r1, 0x1, 0x6c, &(0x7f0000000140)="cd53f753a3fe187d2c2511457ad7e41dfaeb92cf6540fd0c2a51dbe144c48d9527c1a89c05de86a655daceac36ad2cffb78115931bcaef583cec02ca3df82dc5bcf02243a855fc91788622f103a9fa9afc77efd7ff7986ab37cdc718fb5e280590f7f6e673506a5142ff64b5", 0xd, 0x81, 0x8, 0x1, 0x0, 0x2, 0x5, 'syz1\x00'}) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000200)=ANY=[@ANYBLOB="5801000010000100030000000000000000000000000000ac1414bb0000000000000000000000000000000000000000000000001600"/64, @ANYBLOB="c92a3fbe48415a66c13a2345b02d42e028d08ecf4d2a4ca555a7f1afef6773f3482e16aacee7d4f1dbfa30ea4844f4e5f9d93d58d73206994d9cff9b9bf8510b99b40429ad839d7238152f732fd17b371b9b3c20fb533a94f80df130422e7bd74ee710f6ae5b97806ccbfc1e3365181597fcf9dab9e9eddc609ead39ac6e1e8aae0cddd9c92cfdadbeef3388", @ANYRESHEX=0x0, @ANYBLOB="fc0100000000000000000000000000000400000033000000ac1414bb00000000000000000000000000000000000000000000000000000000030000000000000004000000000000005700000000000000fdffffffffffffff000000000000010000000000000000007b00000000000000000080000000000000200000000000000000000000000000000000005cfd00000000000000000000000000000a000000aa0000000000000048000100686d61632873686131290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020001700010000002bbd70002bbd70002bbd700026bd700004"], 0x158}, 0x1, 0x0, 0x0, 0x8004}, 0x0) 2.152368828s ago: executing program 2 (id=3204): syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[], 0x0) r0 = syz_open_dev$rtc(&(0x7f0000000080), 0x0, 0x400) ioctl$RTC_WKALM_RD(r0, 0x40187013, &(0x7f00000000c0)) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x5, 0x3}]}) close_range(r1, 0xffffffffffffffff, 0x0) 2.04442283s ago: executing program 0 (id=3206): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x400000000000247, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000ec0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e, 0x0}, 0xc03e}], 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xcfa4) 1.91349717s ago: executing program 0 (id=3210): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd010000000000140000006012000001282f00fe88a43de1a400000000000000027d01ff0200000000000028000000000000010000883e"], 0xfdef) 1.753612205s ago: executing program 0 (id=3212): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x3, 0x3800, 0x7, 0x11}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0xfff8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.753498822s ago: executing program 0 (id=3213): socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300020000000000fedbdf25fc0000000000000000f1000000000000ac1414bb00000000000000ecffffffffffffff04000000000a0060"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000010000ac1e0001000000f1000000000000000000000000000000000a0040"], 0xb8}}, 0x0) 1.68242445s ago: executing program 0 (id=3215): r0 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000280)={0x3, 0x2000000, 0x2}) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='smaps_rollup\x00') ioctl$VIDIOC_G_INPUT(r1, 0x80045626, &(0x7f0000000040)) mmap(&(0x7f00001f1000/0x3000)=nil, 0x3000, 0x2, 0x8031, 0xffffffffffffffff, 0xa6426000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r4, r4, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x60, 0x0, 0x0) mremap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000ffd000/0x3000)=nil) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000500)={0x26, 'aead\x00', 0x0, 0x0, 'ccm(camellia-generic)\x00'}, 0x58) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) ioctl$VIDIOC_QUERYMENU(r1, 0xc02c5625, &(0x7f0000000180)={0x1, 0xfbc, @value=0x80000001}) mlock(&(0x7f000030a000/0x3000)=nil, 0x3000) r6 = syz_usb_connect(0x2, 0x3f, &(0x7f0000000340)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f5cf337e40009050502000000001009058b1e20bb2add819f9382656abbfa1b875bc73d6300060713554c8f029193643899a65bd06641e5bce93ca79f"], 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r6, 0x0, &(0x7f0000000700)={0x44, &(0x7f00000003c0)={0x44, 0x15, 0x1, 'P'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYBLOB="b0000000", @ANYRES16, @ANYBLOB="01"], 0xb0}}, 0x0) r8 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000280)={0xfffffffc}, 0x9) sendmsg$nl_generic(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="1460bb0012000000"], 0x14}}, 0x10) ioctl$FS_IOC_GETVERSION(r7, 0xc0105b08, &(0x7f0000000040)) read$FUSE(r4, &(0x7f0000001800)={0x2020}, 0x2020) move_mount(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000580)='./file1\x00', 0x42) ioctl$VIDIOC_QUERYMENU(r0, 0xc008561c, &(0x7f0000000000)={0x980900, 0x3, @name="51da06bc7338e17dfebb1580e15b95473b09f0d1fb8aa1e9959ef9dc00"}) 1.132962401s ago: executing program 3 (id=3222): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000b3b000/0x400000)=nil) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000700)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000000)={0x0, @remote, @local}, &(0x7f00000001c0)=0xc) r5 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'veth0_to_batadv\x00', 0x0}) sendmsg$can_raw(r5, &(0x7f0000000140)={&(0x7f0000000100)={0x1d, r6}, 0x10, &(0x7f00000005c0)={&(0x7f0000000180)=@can={{0x2, 0x1, 0x1}, 0x4, 0x1, 0x0, 0x0, "52b8a3a57624ffdc"}, 0x10}}, 0x28000050) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x8, 0x0, 0x6, 0x4, 0x100, r3, 0x3f800000, '\x00', r4, 0xffffffffffffffff, 0x3, 0x2, 0x3}, 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r7, 0x0, 0x14, 0x0, &(0x7f0000000440)="f6f4e9a100000000002a8ba478bbb7dbfc007024", 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r8 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000040)={0x0, &(0x7f0000000140)=[@rdmsr={0x66, 0x18, {0x40000082}}], 0x18}) ioctl$KVM_SET_CPUID2(r8, 0x4008ae90, &(0x7f0000000080)={0xe, 0x0, [{0x40000001, 0x6, 0x5, 0x31237648, 0x6, 0x2, 0x2}]}) r9 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x40000) ioctl$SG_IO(r9, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffffffffffb, 0x10, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)="8f7d0a01007d79710600060000000000", 0x0, 0x10, 0x1001a, 0x0, 0x0}) 983.410327ms ago: executing program 3 (id=3223): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x3, 0x3800, 0x7, 0x11}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 983.085935ms ago: executing program 3 (id=3224): socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300020000000000fedbdf25fc0000000000000000f1000000000000ac1414bb00000000000000ecffffffffffffff04000000000a0060"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc0000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000010000ac1e0001000080ff000000000000000000000000000000000a0040"], 0xb8}}, 0x0) 903.671382ms ago: executing program 3 (id=3225): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000000940)=0x707987cd) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001100)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmsg(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000001c40)=""/4096, 0x8ec0}], 0x1}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000020000000000000006129662d000000950000fd3ac0c2d7fa1b33fd"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x11}, 0x90) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'pimreg1\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newlink={0x5c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x3f}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ip6vti={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_VTI_REMOTE={0x14, 0x5, @local}, @IFLA_VTI_REMOTE={0x14, 0x5, @local}]}}}]}, 0x5c}}, 0x0) 371.285769ms ago: executing program 1 (id=2941): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x404c000}, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000d00)={0x0, 0x0, 0x0}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000440)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x5, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x37}, {[@generic={0x83, 0x2}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x0, 0x1}}}}}}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480b0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) r4 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) bind$netlink(r6, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r6, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x1, 0x803, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r9, @ANYBLOB="3faf4dcad8e59ea7af47cdeefa4993fd7669022721986e292266fa51b6b7884d3b1cbcc20d657616f112d5b6a1afe068a180f248c284266d7d05d75203d620bd5e230fdf59c426bec941eb3979c3194c8db3b811f4ac12e03fca5344f4557dbd2c4309340dcc140f553b5913552ac88b4df06dbf894b4de6ada2505a4bc3a2d443ec4499df572696e327f1a4a50aabea049313844a3e9181eaf2bb1f7598a640f129da00de96923b61d1351776a956174d5aeb22b1f0074d71948798"], 0x44}}, 0x0) 87.124858ms ago: executing program 3 (id=3226): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="a0010000100001000000000000000000fc010000000000000000000000000000000000000000000000000000000000000100ecdf00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff0000000000000000000000000000000032000000fc01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000cd000000000000004800020063626328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c001700000000002abd7000000000000000000000000000000000004c001400686d61632873686132353629"], 0x1a0}}, 0x0) 0s ago: executing program 3 (id=3227): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) timer_create(0x0, &(0x7f0000000080)={0x0, 0x15, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) setpgid(0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSBRK(r1, 0x5427) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) (async) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) (async) timer_create(0x0, &(0x7f0000000080)={0x0, 0x15, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) (async) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) (async) setpgid(0x0, 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) (async) chdir(&(0x7f0000000100)='./file0\x00') (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) (async) syz_open_dev$tty20(0xc, 0x4, 0x0) (async) ioctl$TIOCSBRK(r1, 0x5427) (async) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) (async) kernel console output (not intermixed with test programs): e=1400 audit(1773941398.077:891): avc: denied { write } for pid=13602 comm="syz.2.2615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 176.401004][T13603] __nla_validate_parse: 69 callbacks suppressed [ 176.401016][T13603] netlink: 228 bytes leftover after parsing attributes in process `syz.2.2615'. [ 176.410461][ T40] audit: type=1400 audit(1773941398.077:892): avc: denied { setopt } for pid=13602 comm="syz.2.2615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 176.427669][T13603] EXT4-fs (nbd2): unable to read superblock [ 176.431329][ T40] audit: type=1400 audit(1773941398.097:893): avc: denied { read } for pid=13602 comm="syz.2.2615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 176.482084][T13603] binder: BINDER_SET_CONTEXT_MGR already set [ 176.484731][T13603] binder: 13602:13603 ioctl 4018620d 200000000040 returned -16 [ 176.488514][T13603] binder: 13602:13603 ioctl c0306201 2000000003c0 returned -14 [ 176.501902][T13612] set match dimension is over the limit! [ 176.514131][ T40] audit: type=1400 audit(1773941398.207:894): avc: denied { link } for pid=13611 comm="syz.1.2619" name="file1" dev="tmpfs" ino=2696 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 176.527093][ T40] audit: type=1400 audit(1773941398.217:895): avc: denied { setattr } for pid=13611 comm="syz.1.2619" name="#f" dev="tmpfs" ino=2697 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 176.540639][ T40] audit: type=1400 audit(1773941398.217:896): avc: denied { rename } for pid=13611 comm="syz.1.2619" name="#f" dev="tmpfs" ino=2697 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 176.632178][T13626] io-wq is not configured for unbound workers [ 176.639547][T13626] sysfs: cannot create duplicate filename '/class/ieee80211/4π!' [ 176.642748][T13626] CPU: 0 UID: 0 PID: 13626 Comm: syz.0.2625 Tainted: G L syzkaller #0 PREEMPT(full) [ 176.642782][T13626] Tainted: [L]=SOFTLOCKUP [ 176.642789][T13626] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 176.642800][T13626] Call Trace: [ 176.642807][T13626] [ 176.642814][T13626] dump_stack_lvl+0x100/0x190 [ 176.642854][T13626] sysfs_warn_dup.cold+0x1c/0x28 [ 176.642878][T13626] sysfs_do_create_link_sd+0x113/0x140 [ 176.642905][T13626] sysfs_create_link+0x61/0xc0 [ 176.642931][T13626] device_add+0x675/0x1950 [ 176.642957][T13626] ? __pfx_device_add+0x10/0x10 [ 176.642974][T13626] ? __sanitizer_cov_trace_const_cmp1+0x8/0x20 [ 176.642999][T13626] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 176.643033][T13626] wiphy_register+0x1e5b/0x2d30 [ 176.643057][T13626] ? __rtnl_unlock+0xb9/0xf0 [ 176.643079][T13626] ? netdev_run_todo+0x7b0/0x12c0 [ 176.643105][T13626] ? __pfx_wiphy_register+0x10/0x10 [ 176.643129][T13626] ? __asan_memset+0x23/0x50 [ 176.643151][T13626] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 176.643184][T13626] ieee80211_register_hw+0x2cfd/0x4140 [ 176.643219][T13626] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 176.643242][T13626] ? __pfx___debug_object_init+0x10/0x10 [ 176.643270][T13626] ? find_held_lock+0x2b/0x80 [ 176.643292][T13626] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 176.643316][T13626] ? __hrtimer_setup+0x178/0x280 [ 176.643336][T13626] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 176.643377][T13626] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 176.643402][T13626] ? __asan_memcpy+0x3c/0x60 [ 176.643426][T13626] hwsim_new_radio_nl+0xc1f/0x1340 [ 176.643452][T13626] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 176.643483][T13626] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 176.643508][T13626] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 176.643539][T13626] genl_family_rcv_msg_doit+0x214/0x300 [ 176.643579][T13626] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 176.643614][T13626] ? bpf_lsm_capable+0x9/0x10 [ 176.643630][T13626] ? security_capable+0x80/0x260 [ 176.643650][T13626] ? ns_capable+0xd2/0xf0 [ 176.643672][T13626] genl_rcv_msg+0x560/0x800 [ 176.643699][T13626] ? __pfx_genl_rcv_msg+0x10/0x10 [ 176.643724][T13626] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 176.643749][T13626] ? __lock_acquire+0x4a5/0x2630 [ 176.643787][T13626] netlink_rcv_skb+0x159/0x420 [ 176.643809][T13626] ? __pfx_genl_rcv_msg+0x10/0x10 [ 176.643826][T13626] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 176.643849][T13626] ? netlink_deliver_tap+0x1ae/0xcc0 [ 176.643865][T13626] genl_rcv+0x28/0x40 [ 176.643880][T13626] netlink_unicast+0x5aa/0x870 [ 176.643898][T13626] ? __pfx_netlink_unicast+0x10/0x10 [ 176.643920][T13626] netlink_sendmsg+0x8b0/0xda0 [ 176.643938][T13626] ? __pfx_netlink_sendmsg+0x10/0x10 [ 176.643952][T13626] ? __might_fault+0xc0/0x140 [ 176.643973][T13626] ____sys_sendmsg+0x9e1/0xb70 [ 176.643989][T13626] ? __pfx_netlink_sendmsg+0x10/0x10 [ 176.644005][T13626] ? __pfx_____sys_sendmsg+0x10/0x10 [ 176.644024][T13626] ? try_to_wake_up+0x644/0x1a80 [ 176.644042][T13626] ___sys_sendmsg+0x190/0x1e0 [ 176.644060][T13626] ? __pfx____sys_sendmsg+0x10/0x10 [ 176.644078][T13626] ? futex_private_hash_put+0x107/0x1c0 [ 176.644111][T13626] __sys_sendmsg+0x170/0x220 [ 176.644126][T13626] ? __pfx___sys_sendmsg+0x10/0x10 [ 176.644140][T13626] ? __x64_sys_futex+0x34f/0x4d0 [ 176.644160][T13626] do_syscall_64+0x106/0xf80 [ 176.644173][T13626] ? clear_bhb_loop+0x40/0x90 [ 176.644188][T13626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 176.644199][T13626] RIP: 0033:0x7f8fe899c799 [ 176.644210][T13626] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 176.644222][T13626] RSP: 002b:00007f8fe98a1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 176.644232][T13626] RAX: ffffffffffffffda RBX: 00007f8fe8c15fa0 RCX: 00007f8fe899c799 [ 176.644240][T13626] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 176.644246][T13626] RBP: 00007f8fe8a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 176.644253][T13626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 176.644261][T13626] R13: 00007f8fe8c16038 R14: 00007f8fe8c15fa0 R15: 00007ffe328f5138 [ 176.644277][T13626] [ 176.896766][T13633] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 176.986028][T13646] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.2634'. [ 177.021372][T13648] FAULT_INJECTION: forcing a failure. [ 177.021372][T13648] name failslab, interval 1, probability 0, space 0, times 0 [ 177.026687][T13648] CPU: 2 UID: 0 PID: 13648 Comm: syz.0.2635 Tainted: G L syzkaller #0 PREEMPT(full) [ 177.026726][T13648] Tainted: [L]=SOFTLOCKUP [ 177.026733][T13648] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 177.026743][T13648] Call Trace: [ 177.026749][T13648] [ 177.026757][T13648] dump_stack_lvl+0x100/0x190 [ 177.026801][T13648] should_fail_ex.cold+0x5/0xa [ 177.026825][T13648] should_failslab+0xc2/0x120 [ 177.026844][T13648] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 177.026866][T13648] ? __kernfs_new_node+0xd2/0x960 [ 177.026894][T13648] ? kstrdup+0xb3/0xe0 [ 177.026933][T13648] __kernfs_new_node+0xd2/0x960 [ 177.026964][T13648] ? __pfx___kernfs_new_node+0x10/0x10 [ 177.026997][T13648] ? find_held_lock+0x2b/0x80 [ 177.027019][T13648] ? kernfs_root+0xee/0x2a0 [ 177.027044][T13648] ? kernfs_root+0xee/0x2a0 [ 177.027086][T13648] kernfs_new_node+0x11b/0x1a0 [ 177.027116][T13648] kernfs_create_link+0xcc/0x240 [ 177.027148][T13648] sysfs_do_create_link_sd+0x90/0x140 [ 177.027175][T13648] sysfs_create_link+0x61/0xc0 [ 177.027200][T13648] device_add+0x675/0x1950 [ 177.027226][T13648] ? kfree_const+0x5a/0x70 [ 177.027250][T13648] ? __pfx_device_add+0x10/0x10 [ 177.027272][T13648] ? kfree_const+0x5a/0x70 [ 177.027293][T13648] ? kfree+0x2ec/0x6b0 [ 177.027323][T13648] device_create_groups_vargs+0x1f8/0x270 [ 177.027345][T13648] device_create+0xed/0x130 [ 177.027364][T13648] ? __pfx_device_create+0x10/0x10 [ 177.027386][T13648] ? lockdep_init_map_type+0x5c/0x250 [ 177.027408][T13648] ? timer_init_key+0x150/0x340 [ 177.027453][T13648] ? ieee80211_roc_setup+0x136/0x270 [ 177.027489][T13648] ? ieee80211_alloc_hw_nm+0x19c3/0x22a0 [ 177.027538][T13648] mac80211_hwsim_new_radio+0x37f/0x57d0 [ 177.027586][T13648] ? rcu_is_watching+0x12/0xc0 [ 177.027610][T13648] ? trace_kmalloc+0x101/0x130 [ 177.027636][T13648] ? __kasan_kmalloc+0xaa/0xb0 [ 177.027674][T13648] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 177.027711][T13648] ? __asan_memcpy+0x3c/0x60 [ 177.027749][T13648] hwsim_new_radio_nl+0xc1f/0x1340 [ 177.027783][T13648] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 177.027825][T13648] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 177.027869][T13648] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 177.027914][T13648] genl_family_rcv_msg_doit+0x214/0x300 [ 177.027944][T13648] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 177.027992][T13648] ? bpf_lsm_capable+0x9/0x10 [ 177.028012][T13648] ? security_capable+0x80/0x260 [ 177.028039][T13648] ? ns_capable+0xd2/0xf0 [ 177.028065][T13648] genl_rcv_msg+0x560/0x800 [ 177.028098][T13648] ? __pfx_genl_rcv_msg+0x10/0x10 [ 177.028123][T13648] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 177.028146][T13648] ? __lock_acquire+0x4a5/0x2630 [ 177.028171][T13648] netlink_rcv_skb+0x159/0x420 [ 177.028193][T13648] ? __pfx_genl_rcv_msg+0x10/0x10 [ 177.028211][T13648] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 177.028232][T13648] ? netlink_deliver_tap+0x1ae/0xcc0 [ 177.028262][T13648] genl_rcv+0x28/0x40 [ 177.028296][T13648] netlink_unicast+0x5aa/0x870 [ 177.028324][T13648] ? __pfx_netlink_unicast+0x10/0x10 [ 177.028365][T13648] netlink_sendmsg+0x8b0/0xda0 [ 177.028429][T13648] ? __pfx_netlink_sendmsg+0x10/0x10 [ 177.028451][T13648] ? __might_fault+0xc0/0x140 [ 177.028484][T13648] ____sys_sendmsg+0x9e1/0xb70 [ 177.028507][T13648] ? __pfx_netlink_sendmsg+0x10/0x10 [ 177.028532][T13648] ? __pfx_____sys_sendmsg+0x10/0x10 [ 177.028567][T13648] ___sys_sendmsg+0x190/0x1e0 [ 177.028598][T13648] ? __pfx____sys_sendmsg+0x10/0x10 [ 177.028650][T13648] __sys_sendmsg+0x170/0x220 [ 177.028665][T13648] ? __pfx___sys_sendmsg+0x10/0x10 [ 177.028687][T13648] do_syscall_64+0x106/0xf80 [ 177.028701][T13648] ? clear_bhb_loop+0x40/0x90 [ 177.028716][T13648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.028728][T13648] RIP: 0033:0x7f8fe899c799 [ 177.028739][T13648] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 177.028749][T13648] RSP: 002b:00007f8fe98a1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 177.028760][T13648] RAX: ffffffffffffffda RBX: 00007f8fe8c15fa0 RCX: 00007f8fe899c799 [ 177.028767][T13648] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 177.028773][T13648] RBP: 00007f8fe98a1090 R08: 0000000000000000 R09: 0000000000000000 [ 177.028780][T13648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 177.028786][T13648] R13: 00007f8fe8c16038 R14: 00007f8fe8c15fa0 R15: 00007ffe328f5138 [ 177.028800][T13648] [ 177.099901][ T1328] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 177.219057][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 177.501159][T13683] validate_nla: 8 callbacks suppressed [ 177.501170][T13683] netlink: 'syz.0.2647': attribute type 10 has an invalid length. [ 177.521304][ T40] audit: type=1400 audit(1773941399.217:897): avc: denied { ioctl } for pid=13687 comm="syz.2.2649" path="/dev/fuse" dev="devtmpfs" ino=105 ioctlcmd=0xf50a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 177.542878][T13685] syzkaller0: entered promiscuous mode [ 177.545137][T13685] syzkaller0: entered allmulticast mode [ 177.592259][T13696] netlink: 'syz.0.2652': attribute type 10 has an invalid length. [ 177.623222][T13698] netlink: 'syz.2.2650': attribute type 10 has an invalid length. [ 177.627717][T13698] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2650'. [ 177.839727][ T1328] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 177.955570][T13727] QAT: Stopping all acceleration devices. [ 177.962312][T13727] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 177.990079][T13729] netlink: 'syz.3.2665': attribute type 10 has an invalid length. [ 178.077387][T13736] FAULT_INJECTION: forcing a failure. [ 178.077387][T13736] name failslab, interval 1, probability 0, space 0, times 0 [ 178.082737][T13736] CPU: 0 UID: 0 PID: 13736 Comm: syz.1.2669 Tainted: G L syzkaller #0 PREEMPT(full) [ 178.082755][T13736] Tainted: [L]=SOFTLOCKUP [ 178.082758][T13736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 178.082765][T13736] Call Trace: [ 178.082770][T13736] [ 178.082774][T13736] dump_stack_lvl+0x100/0x190 [ 178.082796][T13736] should_fail_ex.cold+0x5/0xa [ 178.082811][T13736] should_failslab+0xc2/0x120 [ 178.082823][T13736] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 178.082837][T13736] ? __kernfs_new_node+0xd2/0x960 [ 178.082858][T13736] __kernfs_new_node+0xd2/0x960 [ 178.082877][T13736] ? __pfx___kernfs_new_node+0x10/0x10 [ 178.082898][T13736] ? find_held_lock+0x2b/0x80 [ 178.082911][T13736] ? kernfs_root+0xee/0x2a0 [ 178.082928][T13736] ? kernfs_root+0xee/0x2a0 [ 178.082948][T13736] kernfs_new_node+0x11b/0x1a0 [ 178.082961][T13736] __kernfs_create_file+0x53/0x350 [ 178.082978][T13736] sysfs_add_file_mode_ns+0x207/0x3c0 [ 178.082998][T13736] sysfs_merge_group+0x194/0x340 [ 178.083009][T13736] ? __pfx_sysfs_merge_group+0x10/0x10 [ 178.083021][T13736] ? __pfx_dev_add_physical_location+0x10/0x10 [ 178.083039][T13736] ? bus_to_subsys+0x114/0x150 [ 178.083054][T13736] dpm_sysfs_add+0x237/0x280 [ 178.083071][T13736] device_add+0x9ef/0x1950 [ 178.083083][T13736] ? __pfx_device_add+0x10/0x10 [ 178.083092][T13736] ? kfree_const+0x5a/0x70 [ 178.083107][T13736] ? kfree+0x2ec/0x6b0 [ 178.083124][T13736] device_create_groups_vargs+0x1f8/0x270 [ 178.083137][T13736] device_create+0xed/0x130 [ 178.083148][T13736] ? __pfx_device_create+0x10/0x10 [ 178.083158][T13736] ? lockdep_init_map_type+0x5c/0x250 [ 178.083169][T13736] ? timer_init_key+0x150/0x340 [ 178.083187][T13736] ? ieee80211_roc_setup+0x136/0x270 [ 178.083199][T13736] ? ieee80211_alloc_hw_nm+0x19c3/0x22a0 [ 178.083223][T13736] mac80211_hwsim_new_radio+0x37f/0x57d0 [ 178.083244][T13736] ? rcu_is_watching+0x12/0xc0 [ 178.083257][T13736] ? trace_kmalloc+0x101/0x130 [ 178.083267][T13736] ? __kasan_kmalloc+0xaa/0xb0 [ 178.083284][T13736] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 178.083301][T13736] ? __asan_memcpy+0x3c/0x60 [ 178.083317][T13736] hwsim_new_radio_nl+0xc1f/0x1340 [ 178.083333][T13736] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 178.083353][T13736] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 178.083371][T13736] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 178.083390][T13736] genl_family_rcv_msg_doit+0x214/0x300 [ 178.083423][T13736] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 178.083446][T13736] ? bpf_lsm_capable+0x9/0x10 [ 178.083457][T13736] ? security_capable+0x80/0x260 [ 178.083470][T13736] ? ns_capable+0xd2/0xf0 [ 178.083484][T13736] genl_rcv_msg+0x560/0x800 [ 178.083502][T13736] ? __pfx_genl_rcv_msg+0x10/0x10 [ 178.083521][T13736] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 178.083538][T13736] ? __lock_acquire+0x4a5/0x2630 [ 178.083558][T13736] netlink_rcv_skb+0x159/0x420 [ 178.083572][T13736] ? __pfx_genl_rcv_msg+0x10/0x10 [ 178.083591][T13736] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 178.083612][T13736] ? netlink_deliver_tap+0x1ae/0xcc0 [ 178.083629][T13736] genl_rcv+0x28/0x40 [ 178.083644][T13736] netlink_unicast+0x5aa/0x870 [ 178.083661][T13736] ? __pfx_netlink_unicast+0x10/0x10 [ 178.083682][T13736] netlink_sendmsg+0x8b0/0xda0 [ 178.083699][T13736] ? __pfx_netlink_sendmsg+0x10/0x10 [ 178.083714][T13736] ? __might_fault+0xc0/0x140 [ 178.083733][T13736] ____sys_sendmsg+0x9e1/0xb70 [ 178.083749][T13736] ? __pfx_netlink_sendmsg+0x10/0x10 [ 178.083764][T13736] ? __pfx_____sys_sendmsg+0x10/0x10 [ 178.083788][T13736] ___sys_sendmsg+0x190/0x1e0 [ 178.083805][T13736] ? __pfx____sys_sendmsg+0x10/0x10 [ 178.083840][T13736] __sys_sendmsg+0x170/0x220 [ 178.083854][T13736] ? __pfx___sys_sendmsg+0x10/0x10 [ 178.083877][T13736] do_syscall_64+0x106/0xf80 [ 178.083890][T13736] ? clear_bhb_loop+0x40/0x90 [ 178.083904][T13736] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.083915][T13736] RIP: 0033:0x7f695f39c799 [ 178.083924][T13736] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 178.083935][T13736] RSP: 002b:00007f69601d1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 178.083946][T13736] RAX: ffffffffffffffda RBX: 00007f695f615fa0 RCX: 00007f695f39c799 [ 178.083953][T13736] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 178.083959][T13736] RBP: 00007f69601d1090 R08: 0000000000000000 R09: 0000000000000000 [ 178.083965][T13736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 178.083971][T13736] R13: 00007f695f616038 R14: 00007f695f615fa0 R15: 00007ffe113edb98 [ 178.083985][T13736] [ 178.114376][T13740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2670'. [ 178.143316][T13742] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.2672'. [ 178.144057][T13740] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2670'. [ 178.182483][T13748] binder: 13739:13748 ioctl c0306201 2000000003c0 returned -14 [ 178.183673][ T1328] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.420539][T13766] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.2680'. [ 178.445680][T13768] bond3: option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 178.449979][T13768] bond3 (unregistering): Released all slaves [ 178.719552][ T1328] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 178.870998][ T1328] usb 7-1: config index 0 descriptor too short (expected 39, got 27) [ 178.874724][ T1328] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 178.879195][ T1328] usb 7-1: config 0 interface 0 has no altsetting 0 [ 178.884350][ T1328] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 178.888367][ T1328] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 178.892126][ T1328] usb 7-1: Product: syz [ 178.894073][ T1328] usb 7-1: Manufacturer: syz [ 178.896182][ T1328] usb 7-1: SerialNumber: syz [ 178.909753][ T1328] usb 7-1: config 0 descriptor?? [ 178.913703][ T1328] hub 7-1:0.0: bad descriptor, ignoring hub [ 178.916464][ T1328] hub 7-1:0.0: probe with driver hub failed with error -5 [ 178.922337][ T1328] usb 7-1: selecting invalid altsetting 0 [ 178.991727][T13774] binder: 13773:13774 ioctl c0306201 2000000003c0 returned -14 [ 179.026309][T13776] sysfs: cannot create duplicate filename '/class/ieee80211/4π!' [ 179.029056][T13776] CPU: 0 UID: 0 PID: 13776 Comm: syz.0.2685 Tainted: G L syzkaller #0 PREEMPT(full) [ 179.029074][T13776] Tainted: [L]=SOFTLOCKUP [ 179.029078][T13776] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 179.029084][T13776] Call Trace: [ 179.029089][T13776] [ 179.029094][T13776] dump_stack_lvl+0x100/0x190 [ 179.029116][T13776] sysfs_warn_dup.cold+0x1c/0x28 [ 179.029132][T13776] sysfs_do_create_link_sd+0x113/0x140 [ 179.029151][T13776] sysfs_create_link+0x61/0xc0 [ 179.029168][T13776] device_add+0x675/0x1950 [ 179.029181][T13776] ? __pfx_device_add+0x10/0x10 [ 179.029191][T13776] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 179.029208][T13776] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 179.029225][T13776] wiphy_register+0x1e5b/0x2d30 [ 179.029241][T13776] ? __rtnl_unlock+0xb9/0xf0 [ 179.029256][T13776] ? netdev_run_todo+0x7b0/0x12c0 [ 179.029274][T13776] ? __pfx_wiphy_register+0x10/0x10 [ 179.029290][T13776] ? __asan_memset+0x23/0x50 [ 179.029305][T13776] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 179.029327][T13776] ieee80211_register_hw+0x2cfd/0x4140 [ 179.029361][T13776] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 179.029380][T13776] ? __pfx___debug_object_init+0x10/0x10 [ 179.029399][T13776] ? find_held_lock+0x2b/0x80 [ 179.029418][T13776] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 179.029434][T13776] ? __hrtimer_setup+0x178/0x280 [ 179.029447][T13776] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 179.029472][T13776] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 179.029489][T13776] ? __asan_memcpy+0x3c/0x60 [ 179.029505][T13776] hwsim_new_radio_nl+0xc1f/0x1340 [ 179.029522][T13776] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 179.029542][T13776] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 179.029560][T13776] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 179.029580][T13776] genl_family_rcv_msg_doit+0x214/0x300 [ 179.029600][T13776] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 179.029622][T13776] ? bpf_lsm_capable+0x9/0x10 [ 179.029633][T13776] ? security_capable+0x80/0x260 [ 179.029647][T13776] ? ns_capable+0xd2/0xf0 [ 179.029661][T13776] genl_rcv_msg+0x560/0x800 [ 179.029680][T13776] ? __pfx_genl_rcv_msg+0x10/0x10 [ 179.029698][T13776] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 179.029715][T13776] ? __lock_acquire+0x4a5/0x2630 [ 179.029734][T13776] netlink_rcv_skb+0x159/0x420 [ 179.029749][T13776] ? __pfx_genl_rcv_msg+0x10/0x10 [ 179.029767][T13776] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 179.029788][T13776] ? netlink_deliver_tap+0x1ae/0xcc0 [ 179.029805][T13776] genl_rcv+0x28/0x40 [ 179.029821][T13776] netlink_unicast+0x5aa/0x870 [ 179.029838][T13776] ? __pfx_netlink_unicast+0x10/0x10 [ 179.029859][T13776] netlink_sendmsg+0x8b0/0xda0 [ 179.029878][T13776] ? __pfx_netlink_sendmsg+0x10/0x10 [ 179.029892][T13776] ? __might_fault+0xc0/0x140 [ 179.029913][T13776] ____sys_sendmsg+0x9e1/0xb70 [ 179.029928][T13776] ? __pfx_netlink_sendmsg+0x10/0x10 [ 179.029945][T13776] ? __pfx_____sys_sendmsg+0x10/0x10 [ 179.029968][T13776] ___sys_sendmsg+0x190/0x1e0 [ 179.029986][T13776] ? __pfx____sys_sendmsg+0x10/0x10 [ 179.030022][T13776] __sys_sendmsg+0x170/0x220 [ 179.030036][T13776] ? __pfx___sys_sendmsg+0x10/0x10 [ 179.030059][T13776] do_syscall_64+0x106/0xf80 [ 179.030072][T13776] ? clear_bhb_loop+0x40/0x90 [ 179.030086][T13776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.030097][T13776] RIP: 0033:0x7f8fe899c799 [ 179.030109][T13776] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 179.030120][T13776] RSP: 002b:00007f8fe98a1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 179.030130][T13776] RAX: ffffffffffffffda RBX: 00007f8fe8c15fa0 RCX: 00007f8fe899c799 [ 179.030137][T13776] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 179.030143][T13776] RBP: 00007f8fe98a1090 R08: 0000000000000000 R09: 0000000000000000 [ 179.030150][T13776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 179.030156][T13776] R13: 00007f8fe8c16038 R14: 00007f8fe8c15fa0 R15: 00007ffe328f5138 [ 179.030170][T13776] [ 179.105073][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 179.154394][T13779] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2686'. [ 179.174584][T13780] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 179.213912][T13783] netlink: 'syz.0.2687': attribute type 10 has an invalid length. [ 179.222886][ T1328] usb 7-1: USB disconnect, device number 13 [ 179.241695][T13787] netlink: 'syz.2.2688': attribute type 1 has an invalid length. [ 179.257632][T13787] 8021q: adding VLAN 0 to HW filter on device bond3 [ 179.264435][ T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 179.270895][T13791] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 179.295808][T13787] bond3: (slave veth3): Enslaving as an active interface with a down link [ 179.301619][T13791] lo: Caught tx_queue_len zero misconfig [ 179.309993][T13787] vlan2: entered allmulticast mode [ 179.311693][T13787] bond3: entered allmulticast mode [ 179.314736][T13787] bond3: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 179.355591][T13794] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27664 sclass=netlink_route_socket pid=13794 comm=syz.2.2688 [ 179.417159][T13803] netlink: 100 bytes leftover after parsing attributes in process `syz.2.2695'. [ 179.591544][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 179.824716][T13836] netlink: 'syz.2.2706': attribute type 10 has an invalid length. [ 180.069387][T13844] capability: warning: `syz.1.2709' uses 32-bit capabilities (legacy support in use) [ 180.299785][ T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 180.359005][T13863] netlink: 'syz.1.2718': attribute type 10 has an invalid length. [ 180.755630][T13890] tun0: tun_chr_ioctl cmd 1074025676 [ 180.757971][T13890] tun0: owner set to 0 [ 180.830680][T13894] macsec0: entered promiscuous mode [ 180.833353][T13894] macsec0: entered allmulticast mode [ 180.835333][T13894] veth1_macvtap: entered allmulticast mode [ 180.842928][T13894] lo speed is unknown, defaulting to 1000 [ 180.847233][T13894] lo speed is unknown, defaulting to 1000 [ 180.850749][T13894] lo speed is unknown, defaulting to 1000 [ 180.920121][T13898] netlink: 'syz.1.2733': attribute type 10 has an invalid length. [ 180.947350][T13894] infiniband syz0: set active [ 180.949966][T13894] infiniband syz0: added lo [ 180.955880][ T1328] lo speed is unknown, defaulting to 1000 [ 180.981022][T13894] RDS/IB: syz0: added [ 180.983004][T13894] smc: adding ib device syz0 with port count 1 [ 180.985251][T13894] smc: ib device syz0 port 1 has no pnetid [ 180.988881][ T1328] lo speed is unknown, defaulting to 1000 [ 180.994298][T13894] lo speed is unknown, defaulting to 1000 [ 181.090198][T13894] lo speed is unknown, defaulting to 1000 [ 181.178647][T13894] lo speed is unknown, defaulting to 1000 [ 181.266393][T13894] lo speed is unknown, defaulting to 1000 [ 181.339865][ T1328] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 181.340598][T13904] netlink: 'syz.3.2735': attribute type 10 has an invalid length. [ 181.398735][T13907] binder: 13906:13907 ioctl c0306201 2000000003c0 returned -14 [ 181.407696][T13894] lo speed is unknown, defaulting to 1000 [ 181.451254][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 181.451271][ T40] audit: type=1400 audit(1773941403.157:901): avc: denied { mount } for pid=13908 comm="syz.3.2737" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 181.452319][T13909] max out of range [ 181.454853][ T40] audit: type=1400 audit(1773941403.157:902): avc: denied { remount } for pid=13908 comm="syz.3.2737" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 181.474510][ T40] audit: type=1400 audit(1773941403.177:903): avc: denied { unmount } for pid=12047 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 181.518874][T13911] FAULT_INJECTION: forcing a failure. [ 181.518874][T13911] name failslab, interval 1, probability 0, space 0, times 0 [ 181.524498][T13911] CPU: 2 UID: 0 PID: 13911 Comm: syz.3.2738 Tainted: G L syzkaller #0 PREEMPT(full) [ 181.524526][T13911] Tainted: [L]=SOFTLOCKUP [ 181.524533][T13911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 181.524544][T13911] Call Trace: [ 181.524552][T13911] [ 181.524559][T13911] dump_stack_lvl+0x100/0x190 [ 181.524601][T13911] should_fail_ex.cold+0x5/0xa [ 181.524626][T13911] should_failslab+0xc2/0x120 [ 181.524646][T13911] __kmalloc_cache_noprof+0x7a/0x6f0 [ 181.524668][T13911] ? kobject_uevent_env+0x263/0x18b0 [ 181.524702][T13911] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 181.524732][T13911] kobject_uevent_env+0x263/0x18b0 [ 181.524766][T13911] ? bus_to_subsys+0x114/0x150 [ 181.524796][T13911] device_add+0x116e/0x1950 [ 181.524817][T13911] ? __pfx_device_add+0x10/0x10 [ 181.524833][T13911] ? kfree_const+0x5a/0x70 [ 181.524865][T13911] ? kfree+0x2ec/0x6b0 [ 181.524895][T13911] device_create_groups_vargs+0x1f8/0x270 [ 181.524919][T13911] device_create+0xed/0x130 [ 181.524938][T13911] ? __pfx_device_create+0x10/0x10 [ 181.524955][T13911] ? lockdep_init_map_type+0x5c/0x250 [ 181.524975][T13911] ? timer_init_key+0x150/0x340 [ 181.525006][T13911] ? ieee80211_roc_setup+0x136/0x270 [ 181.525026][T13911] ? ieee80211_alloc_hw_nm+0x19c3/0x22a0 [ 181.525057][T13911] mac80211_hwsim_new_radio+0x37f/0x57d0 [ 181.525093][T13911] ? rcu_is_watching+0x12/0xc0 [ 181.525115][T13911] ? trace_kmalloc+0x101/0x130 [ 181.525133][T13911] ? __kasan_kmalloc+0xaa/0xb0 [ 181.525162][T13911] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 181.525191][T13911] ? __asan_memcpy+0x3c/0x60 [ 181.525218][T13911] hwsim_new_radio_nl+0xc1f/0x1340 [ 181.525247][T13911] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 181.525280][T13911] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 181.525311][T13911] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 181.525344][T13911] genl_family_rcv_msg_doit+0x214/0x300 [ 181.525376][T13911] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 181.525414][T13911] ? bpf_lsm_capable+0x9/0x10 [ 181.525432][T13911] ? security_capable+0x80/0x260 [ 181.525454][T13911] ? ns_capable+0xd2/0xf0 [ 181.525478][T13911] genl_rcv_msg+0x560/0x800 [ 181.525510][T13911] ? __pfx_genl_rcv_msg+0x10/0x10 [ 181.525539][T13911] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 181.525567][T13911] ? __lock_acquire+0x4a5/0x2630 [ 181.525600][T13911] netlink_rcv_skb+0x159/0x420 [ 181.525626][T13911] ? __pfx_genl_rcv_msg+0x10/0x10 [ 181.525655][T13911] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 181.525692][T13911] ? netlink_deliver_tap+0x1ae/0xcc0 [ 181.525721][T13911] genl_rcv+0x28/0x40 [ 181.525746][T13911] netlink_unicast+0x5aa/0x870 [ 181.525775][T13911] ? __pfx_netlink_unicast+0x10/0x10 [ 181.525811][T13911] netlink_sendmsg+0x8b0/0xda0 [ 181.525844][T13911] ? __pfx_netlink_sendmsg+0x10/0x10 [ 181.525868][T13911] ? __might_fault+0xc0/0x140 [ 181.525902][T13911] ____sys_sendmsg+0x9e1/0xb70 [ 181.525928][T13911] ? __pfx_netlink_sendmsg+0x10/0x10 [ 181.525955][T13911] ? __pfx_____sys_sendmsg+0x10/0x10 [ 181.525996][T13911] ___sys_sendmsg+0x190/0x1e0 [ 181.526026][T13911] ? __pfx____sys_sendmsg+0x10/0x10 [ 181.526088][T13911] __sys_sendmsg+0x170/0x220 [ 181.526111][T13911] ? __pfx___sys_sendmsg+0x10/0x10 [ 181.526151][T13911] do_syscall_64+0x106/0xf80 [ 181.526174][T13911] ? clear_bhb_loop+0x40/0x90 [ 181.526197][T13911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.526215][T13911] RIP: 0033:0x7f176a39c799 [ 181.526231][T13911] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 181.526248][T13911] RSP: 002b:00007f176b16e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 181.526266][T13911] RAX: ffffffffffffffda RBX: 00007f176a615fa0 RCX: 00007f176a39c799 [ 181.526277][T13911] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 181.526288][T13911] RBP: 00007f176b16e090 R08: 0000000000000000 R09: 0000000000000000 [ 181.526298][T13911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 181.526309][T13911] R13: 00007f176a616038 R14: 00007f176a615fa0 R15: 00007ffdd78ae478 [ 181.526335][T13911] [ 181.692137][T13911] sysfs: cannot create duplicate filename '/class/ieee80211/4π!' [ 181.694944][T13911] CPU: 3 UID: 0 PID: 13911 Comm: syz.3.2738 Tainted: G L syzkaller #0 PREEMPT(full) [ 181.694962][T13911] Tainted: [L]=SOFTLOCKUP [ 181.694966][T13911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 181.694973][T13911] Call Trace: [ 181.694977][T13911] [ 181.694982][T13911] dump_stack_lvl+0x100/0x190 [ 181.695003][T13911] sysfs_warn_dup.cold+0x1c/0x28 [ 181.695020][T13911] sysfs_do_create_link_sd+0x113/0x140 [ 181.695039][T13911] sysfs_create_link+0x61/0xc0 [ 181.695055][T13911] device_add+0x675/0x1950 [ 181.695068][T13911] ? __pfx_device_add+0x10/0x10 [ 181.695078][T13911] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 181.695095][T13911] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 181.695112][T13911] wiphy_register+0x1e5b/0x2d30 [ 181.695127][T13911] ? __rtnl_unlock+0xb9/0xf0 [ 181.695143][T13911] ? netdev_run_todo+0x7b0/0x12c0 [ 181.695160][T13911] ? __pfx_wiphy_register+0x10/0x10 [ 181.695176][T13911] ? __asan_memset+0x23/0x50 [ 181.695192][T13911] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 181.695213][T13911] ieee80211_register_hw+0x2cfd/0x4140 [ 181.695235][T13911] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 181.695251][T13911] ? __pfx___debug_object_init+0x10/0x10 [ 181.695275][T13911] ? find_held_lock+0x2b/0x80 [ 181.695289][T13911] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 181.695305][T13911] ? __hrtimer_setup+0x178/0x280 [ 181.695318][T13911] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 181.695343][T13911] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 181.695359][T13911] ? __asan_memcpy+0x3c/0x60 [ 181.695376][T13911] hwsim_new_radio_nl+0xc1f/0x1340 [ 181.695392][T13911] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 181.695412][T13911] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 181.695430][T13911] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 181.695450][T13911] genl_family_rcv_msg_doit+0x214/0x300 [ 181.695469][T13911] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 181.695511][T13911] ? bpf_lsm_capable+0x9/0x10 [ 181.695522][T13911] ? security_capable+0x80/0x260 [ 181.695536][T13911] ? ns_capable+0xd2/0xf0 [ 181.695550][T13911] genl_rcv_msg+0x560/0x800 [ 181.695569][T13911] ? __pfx_genl_rcv_msg+0x10/0x10 [ 181.695586][T13911] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 181.695603][T13911] ? __lock_acquire+0x4a5/0x2630 [ 181.695623][T13911] netlink_rcv_skb+0x159/0x420 [ 181.695639][T13911] ? __pfx_genl_rcv_msg+0x10/0x10 [ 181.695656][T13911] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 181.695677][T13911] ? netlink_deliver_tap+0x1ae/0xcc0 [ 181.695694][T13911] genl_rcv+0x28/0x40 [ 181.695710][T13911] netlink_unicast+0x5aa/0x870 [ 181.695727][T13911] ? __pfx_netlink_unicast+0x10/0x10 [ 181.695748][T13911] netlink_sendmsg+0x8b0/0xda0 [ 181.695769][T13911] ? __pfx_netlink_sendmsg+0x10/0x10 [ 181.695784][T13911] ? __might_fault+0xc0/0x140 [ 181.695804][T13911] ____sys_sendmsg+0x9e1/0xb70 [ 181.695820][T13911] ? __pfx_netlink_sendmsg+0x10/0x10 [ 181.695836][T13911] ? __pfx_____sys_sendmsg+0x10/0x10 [ 181.695859][T13911] ___sys_sendmsg+0x190/0x1e0 [ 181.695878][T13911] ? __pfx____sys_sendmsg+0x10/0x10 [ 181.695913][T13911] __sys_sendmsg+0x170/0x220 [ 181.695927][T13911] ? __pfx___sys_sendmsg+0x10/0x10 [ 181.695950][T13911] do_syscall_64+0x106/0xf80 [ 181.695963][T13911] ? clear_bhb_loop+0x40/0x90 [ 181.695976][T13911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.695987][T13911] RIP: 0033:0x7f176a39c799 [ 181.695998][T13911] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 181.696008][T13911] RSP: 002b:00007f176b16e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 181.696018][T13911] RAX: ffffffffffffffda RBX: 00007f176a615fa0 RCX: 00007f176a39c799 [ 181.696025][T13911] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 181.696032][T13911] RBP: 00007f176b16e090 R08: 0000000000000000 R09: 0000000000000000 [ 181.696038][T13911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 181.696044][T13911] R13: 00007f176a616038 R14: 00007f176a615fa0 R15: 00007ffdd78ae478 [ 181.696059][T13911] [ 181.953661][T13927] lo speed is unknown, defaulting to 1000 [ 182.021952][T13941] fuse: Unknown parameter 'C[lrֆ5s骁Ρ?䟚\fA$#R' [ 182.059815][ T40] audit: type=1326 audit(1773941403.747:904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13939 comm="syz.3.2749" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f176a39c799 code=0x40000000 [ 182.109956][ T1328] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.142356][ T6017] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.183809][T13957] SELinux: policydb table sizes (0,4096) do not match mine (8,7) [ 182.188095][T13957] SELinux: failed to load policy [ 182.194437][ T40] audit: type=1400 audit(1773941403.896:905): avc: denied { listen } for pid=13956 comm="syz.2.2756" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 182.206273][T13957] netlink: 384 bytes leftover after parsing attributes in process `syz.2.2756'. [ 182.206285][T13958] netlink: 384 bytes leftover after parsing attributes in process `syz.2.2756'. [ 182.229822][ T1328] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.276939][ T40] audit: type=1400 audit(1773941403.976:906): avc: denied { read } for pid=13965 comm="syz.1.2760" laddr=127.0.0.1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 182.290628][ T1328] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.343795][ T1328] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.385750][ T1328] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.439867][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.530427][ T29] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 182.692903][ T40] audit: type=1400 audit(1773941404.396:907): avc: denied { map } for pid=13987 comm="syz.2.2768" path="/dev/video4" dev="devtmpfs" ino=961 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1 [ 182.792930][T13998] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2771'. [ 182.855006][ T40] audit: type=1400 audit(1773941404.556:908): avc: denied { create } for pid=13992 comm="syz.2.2771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 183.059368][T14017] validate_nla: 4 callbacks suppressed [ 183.059392][T14017] netlink: 'syz.0.2778': attribute type 10 has an invalid length. [ 183.612403][T14037] netlink: 'syz.2.2785': attribute type 10 has an invalid length. [ 183.673292][T14043] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 183.840040][T14060] binder: 14059:14060 ioctl c0306201 2000000003c0 returned -14 [ 183.843019][T14060] binder: 14059:14060 ioctl c0306201 2000000001c0 returned -14 [ 183.845854][T14062] netlink: 'syz.0.2796': attribute type 10 has an invalid length. [ 183.890200][T14067] netlink: 45 bytes leftover after parsing attributes in process `syz.0.2798'. [ 183.933354][ T40] audit: type=1400 audit(1773941405.636:909): avc: denied { mounton } for pid=14070 comm="syz.0.2800" path="/488/file0" dev="9p" ino=72614123 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 183.978014][T14077] netlink: 'syz.3.2803': attribute type 10 has an invalid length. [ 184.343531][T14093] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2810'. [ 184.470166][T14098] binder: 14097:14098 ioctl c0306201 2000000003c0 returned -14 [ 184.473329][T14098] binder: 14097:14098 ioctl c0306201 2000000001c0 returned -14 [ 184.629803][ T60] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 184.675116][T14105] netlink: 'syz.2.2813': attribute type 10 has an invalid length. [ 184.703631][ T40] audit: type=1400 audit(1773941406.406:910): avc: denied { setopt } for pid=14104 comm="syz.2.2813" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 184.966685][T14115] netlink: 'syz.2.2818': attribute type 10 has an invalid length. [ 185.904003][T14127] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2822'. [ 185.927978][T14127] syzkaller0: entered promiscuous mode [ 185.932422][T14127] syzkaller0: entered allmulticast mode [ 185.977087][T14131] netlink: 'syz.2.2824': attribute type 10 has an invalid length. [ 186.269304][T14145] binder: 14144:14145 ioctl c0306201 2000000003c0 returned -14 [ 186.272684][T14145] binder: 14144:14145 ioctl c0306201 2000000001c0 returned -14 [ 186.466626][T14153] kvm: kvm [14152]: vcpu2, guest rIP: 0x9130 Unhandled WRMSR(0xc1) = 0x87 [ 186.470284][T14153] kvm: kvm [14152]: vcpu2, guest rIP: 0x9130 Unhandled WRMSR(0xc2) = 0x87 [ 186.487867][T14153] kvm: kvm [14152]: vcpu2, guest rIP: 0x9130 Unhandled WRMSR(0x11e) = 0x87 [ 186.507309][T14153] kvm: kvm [14152]: vcpu2, guest rIP: 0x9130 Unhandled WRMSR(0x186) = 0x87 [ 186.511238][T14153] kvm: kvm [14152]: vcpu2, guest rIP: 0x9130 Unhandled WRMSR(0x187) = 0x87 [ 186.527367][T14153] kvm_intel: kvm [14152]: vcpu2, guest rIP: 0x9130 Unhandled WRMSR(0x1d9) = 0x87 [ 186.802330][T14165] lo speed is unknown, defaulting to 1000 [ 187.024991][T14181] netlink: 'syz.2.2845': attribute type 10 has an invalid length. [ 187.140412][ T40] kauditd_printk_skb: 4 callbacks suppressed [ 187.140424][ T40] audit: type=1400 audit(1773941408.836:915): avc: denied { write } for pid=14178 comm="syz.0.2844" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 187.436192][T14208] lo speed is unknown, defaulting to 1000 [ 187.625773][ T40] audit: type=1400 audit(1773941409.326:916): avc: denied { read } for pid=14213 comm="syz.0.2854" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 187.640962][T14217] netlink: 'syz.1.2855': attribute type 21 has an invalid length. [ 187.640980][T14216] netlink: 'syz.1.2855': attribute type 21 has an invalid length. [ 187.644259][T14217] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2855'. [ 187.647735][T14216] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2855'. [ 187.647804][T14216] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2855'. [ 187.663507][T14217] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2855'. [ 187.742888][ T40] audit: type=1400 audit(1773941409.446:917): avc: denied { bind } for pid=14222 comm="syz.0.2858" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 187.826423][T14227] exFAT-fs (nbd0): unable to read boot sector [ 187.832359][T14227] exFAT-fs (nbd0): failed to read boot sector [ 187.835267][T14227] exFAT-fs (nbd0): failed to recognize exfat type [ 187.887592][T14233] lo speed is unknown, defaulting to 1000 [ 188.128023][ T40] audit: type=1400 audit(1773941409.826:918): avc: denied { getopt } for pid=14247 comm="syz.1.2869" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 188.186314][T14248] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2869'. [ 188.304786][T14258] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2869'. [ 188.307763][T14258] nbd: nbd64 already in use [ 188.389000][T14284] sysfs: cannot create duplicate filename '/class/ieee80211/4π!' [ 188.394255][T14284] CPU: 0 UID: 0 PID: 14284 Comm: syz.1.2879 Tainted: G L syzkaller #0 PREEMPT(full) [ 188.394274][T14284] Tainted: [L]=SOFTLOCKUP [ 188.394279][T14284] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 188.394288][T14284] Call Trace: [ 188.394292][T14284] [ 188.394297][T14284] dump_stack_lvl+0x100/0x190 [ 188.394328][T14284] sysfs_warn_dup.cold+0x1c/0x28 [ 188.394351][T14284] sysfs_do_create_link_sd+0x113/0x140 [ 188.394398][T14284] sysfs_create_link+0x61/0xc0 [ 188.394429][T14284] device_add+0x675/0x1950 [ 188.394460][T14284] ? __pfx_device_add+0x10/0x10 [ 188.394479][T14284] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 188.394498][T14284] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 188.394521][T14284] wiphy_register+0x1e5b/0x2d30 [ 188.394536][T14284] ? __rtnl_unlock+0xb9/0xf0 [ 188.394553][T14284] ? netdev_run_todo+0x7b0/0x12c0 [ 188.394572][T14284] ? __pfx_wiphy_register+0x10/0x10 [ 188.394588][T14284] ? __asan_memset+0x23/0x50 [ 188.394604][T14284] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 188.394625][T14284] ieee80211_register_hw+0x2cfd/0x4140 [ 188.394648][T14284] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 188.394664][T14284] ? __pfx___debug_object_init+0x10/0x10 [ 188.394683][T14284] ? find_held_lock+0x2b/0x80 [ 188.394698][T14284] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 188.394714][T14284] ? __hrtimer_setup+0x178/0x280 [ 188.394727][T14284] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 188.394753][T14284] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 188.394772][T14284] ? __asan_memcpy+0x3c/0x60 [ 188.394793][T14284] hwsim_new_radio_nl+0xc1f/0x1340 [ 188.394810][T14284] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 188.394831][T14284] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 188.394850][T14284] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 188.394871][T14284] genl_family_rcv_msg_doit+0x214/0x300 [ 188.394891][T14284] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 188.394915][T14284] ? bpf_lsm_capable+0x9/0x10 [ 188.394926][T14284] ? security_capable+0x80/0x260 [ 188.394939][T14284] ? ns_capable+0xd2/0xf0 [ 188.394953][T14284] genl_rcv_msg+0x560/0x800 [ 188.394972][T14284] ? __pfx_genl_rcv_msg+0x10/0x10 [ 188.394990][T14284] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 188.395007][T14284] ? __lock_acquire+0x4a5/0x2630 [ 188.395028][T14284] netlink_rcv_skb+0x159/0x420 [ 188.395043][T14284] ? __pfx_genl_rcv_msg+0x10/0x10 [ 188.395061][T14284] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 188.395083][T14284] ? netlink_deliver_tap+0x1ae/0xcc0 [ 188.395100][T14284] genl_rcv+0x28/0x40 [ 188.395115][T14284] netlink_unicast+0x5aa/0x870 [ 188.395133][T14284] ? __pfx_netlink_unicast+0x10/0x10 [ 188.395154][T14284] netlink_sendmsg+0x8b0/0xda0 [ 188.395172][T14284] ? __pfx_netlink_sendmsg+0x10/0x10 [ 188.395186][T14284] ? __might_fault+0xc0/0x140 [ 188.395207][T14284] ____sys_sendmsg+0x9e1/0xb70 [ 188.395222][T14284] ? __pfx_netlink_sendmsg+0x10/0x10 [ 188.395239][T14284] ? __pfx_____sys_sendmsg+0x10/0x10 [ 188.395259][T14284] ? __pfx_futex_wake_mark+0x10/0x10 [ 188.395276][T14284] ___sys_sendmsg+0x190/0x1e0 [ 188.395297][T14284] ? __pfx____sys_sendmsg+0x10/0x10 [ 188.395332][T14284] __sys_sendmsg+0x170/0x220 [ 188.395346][T14284] ? __pfx___sys_sendmsg+0x10/0x10 [ 188.395359][T14284] ? __x64_sys_futex+0x34f/0x4d0 [ 188.395379][T14284] do_syscall_64+0x106/0xf80 [ 188.395393][T14284] ? clear_bhb_loop+0x40/0x90 [ 188.395407][T14284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.395419][T14284] RIP: 0033:0x7f695f39c799 [ 188.395429][T14284] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 188.395441][T14284] RSP: 002b:00007f69601d1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 188.395453][T14284] RAX: ffffffffffffffda RBX: 00007f695f615fa0 RCX: 00007f695f39c799 [ 188.395461][T14284] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 188.395468][T14284] RBP: 00007f695f432c99 R08: 0000000000000000 R09: 0000000000000000 [ 188.395475][T14284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 188.395482][T14284] R13: 00007f695f616038 R14: 00007f695f615fa0 R15: 00007ffe113edb98 [ 188.395505][T14284] [ 188.430195][ T5934] udevd[5934]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 188.557034][T14300] validate_nla: 4 callbacks suppressed [ 188.557046][T14300] netlink: 'syz.0.2888': attribute type 10 has an invalid length. [ 188.637032][T14304] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2889'. [ 188.696808][ T40] audit: type=1400 audit(1773941410.396:919): avc: denied { ioctl } for pid=14313 comm="syz.2.2893" path="socket:[57860]" dev="sockfs" ino=57860 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 188.927300][T14345] FAULT_INJECTION: forcing a failure. [ 188.927300][T14345] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 188.932202][T14345] CPU: 1 UID: 0 PID: 14345 Comm: syz.2.2904 Tainted: G L syzkaller #0 PREEMPT(full) [ 188.932231][T14345] Tainted: [L]=SOFTLOCKUP [ 188.932238][T14345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 188.932248][T14345] Call Trace: [ 188.932255][T14345] [ 188.932263][T14345] dump_stack_lvl+0x100/0x190 [ 188.932297][T14345] should_fail_ex.cold+0x5/0xa [ 188.932343][T14345] _copy_to_user+0x32/0xd0 [ 188.932376][T14345] simple_read_from_buffer+0xcb/0x170 [ 188.932407][T14345] proc_fail_nth_read+0x1af/0x230 [ 188.932436][T14345] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 188.932463][T14345] ? rw_verify_area+0xce/0x6d0 [ 188.932486][T14345] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 188.932510][T14345] vfs_read+0x1e4/0xb30 [ 188.932540][T14345] ? __pfx_vfs_read+0x10/0x10 [ 188.932565][T14345] ? __fget_files+0x215/0x3d0 [ 188.932590][T14345] ? __fget_files+0x21f/0x3d0 [ 188.932617][T14345] ksys_read+0x12a/0x250 [ 188.932650][T14345] ? __pfx_ksys_read+0x10/0x10 [ 188.932685][T14345] do_syscall_64+0x106/0xf80 [ 188.932707][T14345] ? clear_bhb_loop+0x40/0x90 [ 188.932729][T14345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.932747][T14345] RIP: 0033:0x7f4f92b5cfce [ 188.932764][T14345] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 188.932780][T14345] RSP: 002b:00007f4f93af5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 188.932797][T14345] RAX: ffffffffffffffda RBX: 00007f4f93af66c0 RCX: 00007f4f92b5cfce [ 188.932808][T14345] RDX: 000000000000000f RSI: 00007f4f93af60a0 RDI: 0000000000000003 [ 188.932818][T14345] RBP: 00007f4f93af6090 R08: 0000000000000000 R09: 0000000000000000 [ 188.932827][T14345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 188.932838][T14345] R13: 00007f4f92e16038 R14: 00007f4f92e15fa0 R15: 00007fff002a1ea8 [ 188.932863][T14345] [ 189.073895][T14354] netlink: 'syz.2.2908': attribute type 10 has an invalid length. [ 189.231587][T14386] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2919'. [ 189.240212][T14385] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2919'. [ 189.244633][T14385] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2919'. [ 189.398880][T14394] can0: slcan on pty22. [ 189.401883][T14391] netlink: 'syz.1.2921': attribute type 21 has an invalid length. [ 189.421812][T14398] sysfs: cannot create duplicate filename '/class/ieee80211/4π!' [ 189.424613][T14398] CPU: 2 UID: 0 PID: 14398 Comm: syz.0.2923 Tainted: G L syzkaller #0 PREEMPT(full) [ 189.424632][T14398] Tainted: [L]=SOFTLOCKUP [ 189.424637][T14398] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 189.424647][T14398] Call Trace: [ 189.424658][T14398] [ 189.424664][T14398] dump_stack_lvl+0x100/0x190 [ 189.424690][T14398] sysfs_warn_dup.cold+0x1c/0x28 [ 189.424708][T14398] sysfs_do_create_link_sd+0x113/0x140 [ 189.424726][T14398] sysfs_create_link+0x61/0xc0 [ 189.424743][T14398] device_add+0x675/0x1950 [ 189.424761][T14398] ? __pfx_device_add+0x10/0x10 [ 189.424776][T14398] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 189.424793][T14398] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 189.424815][T14398] wiphy_register+0x1e5b/0x2d30 [ 189.424833][T14398] ? __rtnl_unlock+0xb9/0xf0 [ 189.424849][T14398] ? netdev_run_todo+0x7b0/0x12c0 [ 189.424868][T14398] ? __pfx_wiphy_register+0x10/0x10 [ 189.424885][T14398] ? __asan_memset+0x23/0x50 [ 189.424901][T14398] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 189.424922][T14398] ieee80211_register_hw+0x2cfd/0x4140 [ 189.424946][T14398] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 189.424967][T14398] ? __pfx___debug_object_init+0x10/0x10 [ 189.424996][T14398] ? find_held_lock+0x2b/0x80 [ 189.425023][T14398] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 189.425051][T14398] ? __hrtimer_setup+0x178/0x280 [ 189.425073][T14398] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 189.425114][T14398] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 189.425132][T14398] ? __asan_memcpy+0x3c/0x60 [ 189.425148][T14398] hwsim_new_radio_nl+0xc1f/0x1340 [ 189.425165][T14398] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 189.425185][T14398] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 189.425203][T14398] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 189.425223][T14398] genl_family_rcv_msg_doit+0x214/0x300 [ 189.425242][T14398] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 189.425264][T14398] ? bpf_lsm_capable+0x9/0x10 [ 189.425277][T14398] ? security_capable+0x80/0x260 [ 189.425291][T14398] ? ns_capable+0xd2/0xf0 [ 189.425305][T14398] genl_rcv_msg+0x560/0x800 [ 189.425324][T14398] ? __pfx_genl_rcv_msg+0x10/0x10 [ 189.425342][T14398] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 189.425359][T14398] ? __lock_acquire+0x4a5/0x2630 [ 189.425379][T14398] netlink_rcv_skb+0x159/0x420 [ 189.425395][T14398] ? __pfx_genl_rcv_msg+0x10/0x10 [ 189.425413][T14398] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 189.425435][T14398] ? netlink_deliver_tap+0x1ae/0xcc0 [ 189.425456][T14398] genl_rcv+0x28/0x40 [ 189.425471][T14398] netlink_unicast+0x5aa/0x870 [ 189.425489][T14398] ? __pfx_netlink_unicast+0x10/0x10 [ 189.425510][T14398] netlink_sendmsg+0x8b0/0xda0 [ 189.425528][T14398] ? __pfx_netlink_sendmsg+0x10/0x10 [ 189.425543][T14398] ? __might_fault+0xc0/0x140 [ 189.425563][T14398] ____sys_sendmsg+0x9e1/0xb70 [ 189.425580][T14398] ? __pfx_netlink_sendmsg+0x10/0x10 [ 189.425598][T14398] ? __pfx_____sys_sendmsg+0x10/0x10 [ 189.425617][T14398] ? __pfx_futex_wake_mark+0x10/0x10 [ 189.425633][T14398] ___sys_sendmsg+0x190/0x1e0 [ 189.425651][T14398] ? __pfx____sys_sendmsg+0x10/0x10 [ 189.425686][T14398] __sys_sendmsg+0x170/0x220 [ 189.425700][T14398] ? __pfx___sys_sendmsg+0x10/0x10 [ 189.425714][T14398] ? __x64_sys_futex+0x34f/0x4d0 [ 189.425734][T14398] do_syscall_64+0x106/0xf80 [ 189.425747][T14398] ? clear_bhb_loop+0x40/0x90 [ 189.425765][T14398] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.425781][T14398] RIP: 0033:0x7f8fe899c799 [ 189.425792][T14398] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 189.425803][T14398] RSP: 002b:00007f8fe98a1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 189.425815][T14398] RAX: ffffffffffffffda RBX: 00007f8fe8c15fa0 RCX: 00007f8fe899c799 [ 189.425823][T14398] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 189.425830][T14398] RBP: 00007f8fe8a32c99 R08: 0000000000000000 R09: 0000000000000000 [ 189.425837][T14398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 189.425844][T14398] R13: 00007f8fe8c16038 R14: 00007f8fe8c15fa0 R15: 00007ffe328f5138 [ 189.425860][T14398] [ 189.588193][T14401] binder: BINDER_SET_CONTEXT_MGR already set [ 189.590445][ T40] audit: type=1400 audit(1773941411.286:920): avc: denied { create } for pid=14400 comm="syz.3.2924" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 189.599074][T14401] binder: 14399:14401 ioctl 4018620d 200000000040 returned -16 [ 189.602288][T14401] binder: 14399:14401 ioctl c0306201 2000000003c0 returned -14 [ 189.604985][T14401] binder: 14399:14401 ioctl c0306201 2000000001c0 returned -14 [ 189.642541][T14390] can0 (unregistered): slcan off pty22. [ 189.700105][T14421] rpc_pipefs: Unknown parameter 'barrier' [ 189.855962][T14437] binder: 14434:14437 ioctl c0306201 2000000003c0 returned -14 [ 189.964776][ T5288] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 189.971858][ T5288] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 189.979535][ T5288] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 189.984641][ T5288] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 189.994703][ T5288] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 190.013329][T14451] Failed to initialize the IGMP autojoin socket (err -2) [ 190.161465][T14469] binder: 14468:14469 ioctl c0306201 2000000003c0 returned -14 [ 190.173893][T12136] bond0: (slave syz_tun): Releasing backup interface [ 190.180225][T12136] bond0: (slave syz_tun): the permanent HWaddr of slave - aa:aa:aa:aa:aa:aa - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 190.242488][T14480] netlink: 'syz.2.2953': attribute type 10 has an invalid length. [ 190.282306][T14451] chnl_net:caif_netlink_parms(): no params data found [ 190.384590][ T156] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.445886][T14451] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.448294][T14451] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.451434][T14451] bridge_slave_0: entered allmulticast mode [ 190.454415][T14451] bridge_slave_0: entered promiscuous mode [ 190.457641][T14451] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.460145][T14451] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.462551][T14451] bridge_slave_1: entered allmulticast mode [ 190.475244][T14451] bridge_slave_1: entered promiscuous mode [ 190.542337][ T156] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.564442][T14451] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 190.599907][T14451] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 190.639275][T14451] team0: Port device team_slave_0 added [ 190.673305][ T156] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.694106][T14451] team0: Port device team_slave_1 added [ 190.737734][T14451] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 190.740567][T14451] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 190.749892][T14451] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 190.762134][ T156] bond0: (slave netdevsim0): Releasing backup interface [ 190.769471][ T156] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.779022][T14451] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 190.782461][T14451] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 190.792455][T14451] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.884179][T14451] hsr_slave_0: entered promiscuous mode [ 190.886612][T14451] hsr_slave_1: entered promiscuous mode [ 190.890790][T14451] debugfs: 'hsr0' already exists in 'hsr' [ 190.892628][T14451] Cannot create hsr debugfs directory [ 191.063497][T14515] netlink: 'syz.3.2957': attribute type 10 has an invalid length. [ 191.158829][ T156] dummy0: left promiscuous mode [ 191.178173][ T156] bridge0: port 1(vlan2) entered disabled state [ 191.192575][T14495] overlayfs: statfs failed on './file0' [ 191.243407][ T40] audit: type=1400 audit(1773941412.946:921): avc: denied { accept } for pid=14525 comm="syz.3.2961" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 191.278158][ T156] bond1 (unregistering): (slave ip6gretap1): Releasing active interface [ 191.322344][T14533] netlink: 'syz.2.2964': attribute type 1 has an invalid length. [ 191.348121][ T5288] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 191.351719][ T5288] CPU: 0 UID: 0 PID: 5288 Comm: kworker/u33:1 Tainted: G L syzkaller #0 PREEMPT(full) [ 191.351738][ T5288] Tainted: [L]=SOFTLOCKUP [ 191.351743][ T5288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 191.351755][ T5288] Workqueue: hci4 hci_rx_work [ 191.351782][ T5288] Call Trace: [ 191.351787][ T5288] [ 191.351793][ T5288] dump_stack_lvl+0x100/0x190 [ 191.351814][ T5288] sysfs_warn_dup.cold+0x1c/0x28 [ 191.351829][ T5288] sysfs_create_dir_ns+0x24b/0x2b0 [ 191.351848][ T5288] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 191.351864][ T5288] ? find_held_lock+0x2b/0x80 [ 191.351879][ T5288] ? kobject_add_internal+0x25f/0x930 [ 191.351896][ T5288] ? kobject_add_internal+0x25f/0x930 [ 191.351915][ T5288] ? do_raw_spin_unlock+0x145/0x1e0 [ 191.351929][ T5288] kobject_add_internal+0x2c8/0x930 [ 191.351947][ T5288] kobject_add+0x16a/0x1e0 [ 191.351963][ T5288] ? __pfx_kobject_add+0x10/0x10 [ 191.351977][ T5288] ? class_to_subsys+0x10f/0x150 [ 191.352003][ T5288] ? kobject_put+0xb9/0x640 [ 191.352023][ T5288] ? _raw_spin_unlock+0x28/0x50 [ 191.352049][ T5288] device_add+0x294/0x1950 [ 191.352063][ T5288] ? __pfx_dev_set_name+0x10/0x10 [ 191.352076][ T5288] ? __pfx_device_add+0x10/0x10 [ 191.352086][ T5288] ? mgmt_send_event_skb+0x2fb/0x460 [ 191.352103][ T5288] hci_conn_add_sysfs+0x1a3/0x260 [ 191.352121][ T5288] le_conn_complete_evt+0x11cb/0x1f40 [ 191.352147][ T5288] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 191.352174][ T5288] hci_le_conn_complete_evt+0x23c/0x3a0 [ 191.352191][ T5288] ? skb_pull_data+0x15f/0x1e0 [ 191.352211][ T5288] hci_le_meta_evt+0x34a/0x5f0 [ 191.352224][ T5288] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 191.352239][ T5288] hci_event_packet+0x682/0x11c0 [ 191.352254][ T5288] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 191.352268][ T5288] ? __pfx_hci_event_packet+0x10/0x10 [ 191.352283][ T5288] ? kcov_remote_start+0x374/0x660 [ 191.352298][ T5288] ? lockdep_hardirqs_on+0x78/0x100 [ 191.352340][ T5288] hci_rx_work+0x451/0xfc0 [ 191.352356][ T5288] process_one_work+0x9d7/0x1920 [ 191.352377][ T5288] ? __pfx_process_one_work+0x10/0x10 [ 191.352401][ T5288] ? __pfx_hci_rx_work+0x10/0x10 [ 191.352421][ T5288] worker_thread+0x5da/0xe40 [ 191.352448][ T5288] ? kthread+0x13a/0x450 [ 191.352458][ T5288] ? __pfx_worker_thread+0x10/0x10 [ 191.352469][ T5288] kthread+0x370/0x450 [ 191.352479][ T5288] ? __pfx_kthread+0x10/0x10 [ 191.352491][ T5288] ret_from_fork+0x754/0xd80 [ 191.352503][ T5288] ? __pfx_ret_from_fork+0x10/0x10 [ 191.352516][ T5288] ? __switch_to+0x7b4/0x1120 [ 191.352529][ T5288] ? __pfx_kthread+0x10/0x10 [ 191.352541][ T5288] ret_from_fork_asm+0x1a/0x30 [ 191.352562][ T5288] [ 191.352578][ T5288] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 191.448003][ T5288] Bluetooth: hci4: failed to register connection device [ 191.561840][ T156] bond0 (unregistering): Released all slaves [ 191.566839][ T156] bond1 (unregistering): Released all slaves [ 191.573437][ T156] bond2 (unregistering): Released all slaves [ 191.583339][T14534] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 191.777385][ T156] : left promiscuous mode [ 191.941259][ T40] audit: type=1400 audit(1773941413.646:922): avc: denied { bind } for pid=14562 comm="syz.2.2972" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 191.956499][ T156] tipc: Disabling bearer [ 191.959572][ T156] tipc: Left network mode [ 191.973443][T14565] sysfs: cannot create duplicate filename '/class/ieee80211/4π!' [ 191.976543][T14565] CPU: 3 UID: 0 PID: 14565 Comm: syz.3.2973 Tainted: G L syzkaller #0 PREEMPT(full) [ 191.976561][T14565] Tainted: [L]=SOFTLOCKUP [ 191.976565][T14565] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 191.976573][T14565] Call Trace: [ 191.976577][T14565] [ 191.976582][T14565] dump_stack_lvl+0x100/0x190 [ 191.976622][T14565] sysfs_warn_dup.cold+0x1c/0x28 [ 191.976640][T14565] sysfs_do_create_link_sd+0x113/0x140 [ 191.976660][T14565] sysfs_create_link+0x61/0xc0 [ 191.976677][T14565] device_add+0x675/0x1950 [ 191.976696][T14565] ? __pfx_device_add+0x10/0x10 [ 191.976706][T14565] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 191.976725][T14565] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 191.976748][T14565] wiphy_register+0x1e5b/0x2d30 [ 191.976764][T14565] ? __rtnl_unlock+0xb9/0xf0 [ 191.976797][T14565] ? netdev_run_todo+0x7b0/0x12c0 [ 191.976816][T14565] ? __pfx_wiphy_register+0x10/0x10 [ 191.976834][T14565] ? __asan_memset+0x23/0x50 [ 191.976850][T14565] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 191.976873][T14565] ieee80211_register_hw+0x2cfd/0x4140 [ 191.976897][T14565] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 191.976913][T14565] ? __pfx___debug_object_init+0x10/0x10 [ 191.976932][T14565] ? find_held_lock+0x2b/0x80 [ 191.976948][T14565] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 191.976965][T14565] ? __hrtimer_setup+0x178/0x280 [ 191.976978][T14565] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 191.977004][T14565] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 191.977023][T14565] ? __asan_memcpy+0x3c/0x60 [ 191.977040][T14565] hwsim_new_radio_nl+0xc1f/0x1340 [ 191.977058][T14565] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 191.977078][T14565] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 191.977096][T14565] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 191.977116][T14565] genl_family_rcv_msg_doit+0x214/0x300 [ 191.977136][T14565] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 191.977158][T14565] ? bpf_lsm_capable+0x9/0x10 [ 191.977169][T14565] ? security_capable+0x80/0x260 [ 191.977183][T14565] ? ns_capable+0xd2/0xf0 [ 191.977197][T14565] genl_rcv_msg+0x560/0x800 [ 191.977216][T14565] ? __pfx_genl_rcv_msg+0x10/0x10 [ 191.977233][T14565] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 191.977250][T14565] ? __lock_acquire+0x4a5/0x2630 [ 191.977270][T14565] netlink_rcv_skb+0x159/0x420 [ 191.977285][T14565] ? __pfx_genl_rcv_msg+0x10/0x10 [ 191.977303][T14565] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 191.977331][T14565] ? netlink_deliver_tap+0x1ae/0xcc0 [ 191.977350][T14565] genl_rcv+0x28/0x40 [ 191.977366][T14565] netlink_unicast+0x5aa/0x870 [ 191.977385][T14565] ? __pfx_netlink_unicast+0x10/0x10 [ 191.977408][T14565] netlink_sendmsg+0x8b0/0xda0 [ 191.977428][T14565] ? __pfx_netlink_sendmsg+0x10/0x10 [ 191.977443][T14565] ? __might_fault+0xc0/0x140 [ 191.977465][T14565] ____sys_sendmsg+0x9e1/0xb70 [ 191.977481][T14565] ? __pfx_netlink_sendmsg+0x10/0x10 [ 191.977502][T14565] ? __pfx_____sys_sendmsg+0x10/0x10 [ 191.977521][T14565] ? __pfx_futex_wake_mark+0x10/0x10 [ 191.977538][T14565] ___sys_sendmsg+0x190/0x1e0 [ 191.977556][T14565] ? __pfx____sys_sendmsg+0x10/0x10 [ 191.977591][T14565] __sys_sendmsg+0x170/0x220 [ 191.977605][T14565] ? __pfx___sys_sendmsg+0x10/0x10 [ 191.977619][T14565] ? __x64_sys_futex+0x34f/0x4d0 [ 191.977639][T14565] do_syscall_64+0x106/0xf80 [ 191.977653][T14565] ? clear_bhb_loop+0x40/0x90 [ 191.977667][T14565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.977679][T14565] RIP: 0033:0x7f176a39c799 [ 191.977689][T14565] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 191.977701][T14565] RSP: 002b:00007f176b16e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 191.977712][T14565] RAX: ffffffffffffffda RBX: 00007f176a615fa0 RCX: 00007f176a39c799 [ 191.977719][T14565] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 191.977727][T14565] RBP: 00007f176a432c99 R08: 0000000000000000 R09: 0000000000000000 [ 191.977734][T14565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 191.977742][T14565] R13: 00007f176a616038 R14: 00007f176a615fa0 R15: 00007ffdd78ae478 [ 191.977757][T14565] [ 191.979043][ T156] IPVS: stopping backup sync thread 8053 ... [ 192.060757][ T5288] Bluetooth: hci1: command tx timeout [ 192.179171][T14580] Failed to initialize the IGMP autojoin socket (err -2) [ 192.235037][T14451] netdevsim netdevsim1 netdevsim0: renamed from eth2 [ 192.241206][T14451] netdevsim netdevsim1 netdevsim1: renamed from eth3 [ 192.247291][T14451] netdevsim netdevsim1 netdevsim2: renamed from eth4 [ 192.253629][T14451] netdevsim netdevsim1 netdevsim3: renamed from eth5 [ 192.341981][T14596] binder: 14595:14596 ioctl c0306201 2000000003c0 returned -14 [ 192.428733][T14606] netlink: 'syz.2.2988': attribute type 10 has an invalid length. [ 192.519946][T14451] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.591179][ T156] hsr_slave_0: left promiscuous mode [ 192.593870][ T156] hsr_slave_1: left promiscuous mode [ 192.606260][ T156] veth1_macvtap: left promiscuous mode [ 192.608645][ T156] veth0_macvtap: left promiscuous mode [ 192.611846][ T156] veth1_vlan: left promiscuous mode [ 192.614419][ T156] veth0_vlan: left promiscuous mode [ 192.618952][ T40] audit: type=1400 audit(1773941414.316:923): avc: denied { execute } for pid=14614 comm="syz.3.2990" dev="hugetlbfs" ino=59921 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 192.628280][ T40] audit: type=1400 audit(1773941414.316:924): avc: denied { execute_no_trans } for pid=14614 comm="syz.3.2990" path=2F6D656D66643AA39F6EB4645204693502ACCEE1889D5B4038D7CE1F2039497F151D933DB5E75C274CE6D28EBC294A7454447181CF81BAE531F522C8103EC95C85174CBFCF91DF4DF3025E542A202864656C6574656429 dev="hugetlbfs" ino=59921 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 192.660442][T14621] netlink: 'syz.3.2993': attribute type 1 has an invalid length. [ 192.778363][T14631] binder: BC_ATTEMPT_ACQUIRE not supported [ 192.781371][T14631] binder: 14620:14631 ioctl c0306201 2000000003c0 returned -22 [ 192.787856][T14631] __nla_validate_parse: 32 callbacks suppressed [ 192.787874][T14631] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2993'. [ 192.847515][ T156] team0 (unregistering): Port device dummy0 removed [ 192.865508][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.868825][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.912086][T14621] bond1: entered promiscuous mode [ 192.913988][T14621] 8021q: adding VLAN 0 to HW filter on device bond1 [ 192.929132][T14623] bond1: (slave bridge1): making interface the new active one [ 192.932268][T14623] bridge1: entered promiscuous mode [ 192.935641][T14623] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 192.944975][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.947382][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.042366][T14645] sysfs: cannot create duplicate filename '/class/ieee80211/4π!' [ 193.045649][T14645] CPU: 0 UID: 0 PID: 14645 Comm: syz.2.2999 Tainted: G L syzkaller #0 PREEMPT(full) [ 193.045675][T14645] Tainted: [L]=SOFTLOCKUP [ 193.045682][T14645] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 193.045691][T14645] Call Trace: [ 193.045697][T14645] [ 193.045705][T14645] dump_stack_lvl+0x100/0x190 [ 193.045739][T14645] sysfs_warn_dup.cold+0x1c/0x28 [ 193.045762][T14645] sysfs_do_create_link_sd+0x113/0x140 [ 193.045787][T14645] sysfs_create_link+0x61/0xc0 [ 193.045814][T14645] device_add+0x675/0x1950 [ 193.045834][T14645] ? __pfx_device_add+0x10/0x10 [ 193.045851][T14645] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 193.045879][T14645] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 193.045908][T14645] wiphy_register+0x1e5b/0x2d30 [ 193.045933][T14645] ? __rtnl_unlock+0xb9/0xf0 [ 193.045958][T14645] ? netdev_run_todo+0x7b0/0x12c0 [ 193.045987][T14645] ? __pfx_wiphy_register+0x10/0x10 [ 193.046012][T14645] ? __asan_memset+0x23/0x50 [ 193.046038][T14645] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 193.046074][T14645] ieee80211_register_hw+0x2cfd/0x4140 [ 193.046115][T14645] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 193.046145][T14645] ? __pfx___debug_object_init+0x10/0x10 [ 193.046177][T14645] ? find_held_lock+0x2b/0x80 [ 193.046202][T14645] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 193.046231][T14645] ? __hrtimer_setup+0x178/0x280 [ 193.046251][T14645] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 193.046292][T14645] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 193.046321][T14645] ? __asan_memcpy+0x3c/0x60 [ 193.046350][T14645] hwsim_new_radio_nl+0xc1f/0x1340 [ 193.046380][T14645] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 193.046416][T14645] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 193.046445][T14645] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 193.046481][T14645] genl_family_rcv_msg_doit+0x214/0x300 [ 193.046512][T14645] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 193.046547][T14645] ? bpf_lsm_capable+0x9/0x10 [ 193.046565][T14645] ? security_capable+0x80/0x260 [ 193.046586][T14645] ? ns_capable+0xd2/0xf0 [ 193.046610][T14645] genl_rcv_msg+0x560/0x800 [ 193.046636][T14645] ? __pfx_genl_rcv_msg+0x10/0x10 [ 193.046661][T14645] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 193.046687][T14645] ? __lock_acquire+0x4a5/0x2630 [ 193.046718][T14645] netlink_rcv_skb+0x159/0x420 [ 193.046740][T14645] ? __pfx_genl_rcv_msg+0x10/0x10 [ 193.046768][T14645] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 193.046805][T14645] ? netlink_deliver_tap+0x1ae/0xcc0 [ 193.046834][T14645] genl_rcv+0x28/0x40 [ 193.046858][T14645] netlink_unicast+0x5aa/0x870 [ 193.046910][T14645] ? __pfx_netlink_unicast+0x10/0x10 [ 193.046949][T14645] netlink_sendmsg+0x8b0/0xda0 [ 193.046982][T14645] ? __pfx_netlink_sendmsg+0x10/0x10 [ 193.047007][T14645] ? __might_fault+0xc0/0x140 [ 193.047045][T14645] ____sys_sendmsg+0x9e1/0xb70 [ 193.047071][T14645] ? __pfx_netlink_sendmsg+0x10/0x10 [ 193.047099][T14645] ? __pfx_____sys_sendmsg+0x10/0x10 [ 193.047132][T14645] ? __pfx_futex_wake_mark+0x10/0x10 [ 193.047166][T14645] ___sys_sendmsg+0x190/0x1e0 [ 193.047199][T14645] ? __pfx____sys_sendmsg+0x10/0x10 [ 193.047264][T14645] __sys_sendmsg+0x170/0x220 [ 193.047286][T14645] ? __pfx___sys_sendmsg+0x10/0x10 [ 193.047307][T14645] ? __x64_sys_futex+0x34f/0x4d0 [ 193.047341][T14645] do_syscall_64+0x106/0xf80 [ 193.047365][T14645] ? clear_bhb_loop+0x40/0x90 [ 193.047388][T14645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.047407][T14645] RIP: 0033:0x7f4f92b9c799 [ 193.047424][T14645] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 193.047441][T14645] RSP: 002b:00007f4f93af6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 193.047460][T14645] RAX: ffffffffffffffda RBX: 00007f4f92e15fa0 RCX: 00007f4f92b9c799 [ 193.047473][T14645] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 193.047485][T14645] RBP: 00007f4f92c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 193.047497][T14645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 193.047507][T14645] R13: 00007f4f92e16038 R14: 00007f4f92e15fa0 R15: 00007fff002a1ea8 [ 193.047532][T14645] [ 193.227193][T14451] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.280702][ T5994] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 193.346686][T14451] veth0_vlan: entered promiscuous mode [ 193.358639][T14451] veth1_vlan: entered promiscuous mode [ 193.432793][ T156] IPVS: stop unused estimator thread 0... [ 193.437624][T14451] veth0_macvtap: entered promiscuous mode [ 193.443712][ T5994] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 193.447633][ T5994] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.453825][T14451] veth1_macvtap: entered promiscuous mode [ 193.456670][ T5994] usb 5-1: Product: syz [ 193.458569][ T5994] usb 5-1: Manufacturer: syz [ 193.460818][ T5994] usb 5-1: SerialNumber: syz [ 193.488095][ T5994] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 193.502529][ T7885] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 193.535180][T14451] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 193.556515][T14451] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 193.564896][T14451] net_ratelimit: 16 callbacks suppressed [ 193.564912][T14451] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 193.583237][T14451] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 193.592563][T14451] wireguard: wg0: Could not create IPv4 socket [ 193.597391][T14451] wireguard: wg1: Could not create IPv4 socket [ 193.602625][T14451] wireguard: wg2: Could not create IPv4 socket [ 193.750622][ T40] audit: type=1400 audit(1773941415.456:925): avc: denied { listen } for pid=14661 comm="syz.3.3003" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 193.758850][ T40] audit: type=1400 audit(1773941415.456:926): avc: denied { read } for pid=14661 comm="syz.3.3003" name="nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 193.768839][ T40] audit: type=1400 audit(1773941415.456:927): avc: denied { open } for pid=14661 comm="syz.3.3003" path="/dev/nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 193.906097][T14676] 9pnet_virtio: no channels available for device syz [ 193.924359][T14676] tipc: Started in network mode [ 193.926993][T14676] tipc: Node identity 4, cluster identity 4711 [ 193.930162][T14676] tipc: Node number set to 4 [ 194.540471][ T7885] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 194.542808][ T7885] ath9k_htc: Failed to initialize the device [ 194.574356][ T7885] usb 5-1: ath9k_htc: USB layer deinitialized [ 194.585177][T14701] erspan1: entered promiscuous mode [ 194.656321][T14708] netlink: 'syz.3.3013': attribute type 10 has an invalid length. [ 194.670655][T14710] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.674770][T14710] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.680033][T14710] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 194.684658][T14710] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.731798][T14714] ptrace attach of "/syz-executor exec"[14716] was attempted by "/syz-executor exec"[14714] [ 194.736274][T14714] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3014'. [ 194.823733][T14725] binder: 14724:14725 ioctl c0306201 2000000003c0 returned -14 [ 194.997893][T14757] FAULT_INJECTION: forcing a failure. [ 194.997893][T14757] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 195.002641][T14757] CPU: 0 UID: 0 PID: 14757 Comm: syz.2.3025 Tainted: G L syzkaller #0 PREEMPT(full) [ 195.002659][T14757] Tainted: [L]=SOFTLOCKUP [ 195.002663][T14757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 195.002674][T14757] Call Trace: [ 195.002679][T14757] [ 195.002685][T14757] dump_stack_lvl+0x100/0x190 [ 195.002722][T14757] should_fail_ex.cold+0x5/0xa [ 195.002745][T14757] _copy_from_user+0x2e/0xd0 [ 195.002780][T14757] copy_msghdr_from_user+0x9f/0x4f0 [ 195.002806][T14757] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 195.002830][T14757] ___sys_sendmsg+0x106/0x1e0 [ 195.002848][T14757] ? __pfx____sys_sendmsg+0x10/0x10 [ 195.002882][T14757] __sys_sendmsg+0x170/0x220 [ 195.002895][T14757] ? __pfx___sys_sendmsg+0x10/0x10 [ 195.002918][T14757] do_syscall_64+0x106/0xf80 [ 195.002932][T14757] ? clear_bhb_loop+0x40/0x90 [ 195.002945][T14757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.002956][T14757] RIP: 0033:0x7f4f92b9c799 [ 195.002966][T14757] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 195.002976][T14757] RSP: 002b:00007f4f93af6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 195.002987][T14757] RAX: ffffffffffffffda RBX: 00007f4f92e15fa0 RCX: 00007f4f92b9c799 [ 195.002994][T14757] RDX: 0000000000048000 RSI: 0000200000002780 RDI: 0000000000000004 [ 195.003001][T14757] RBP: 00007f4f93af6090 R08: 0000000000000000 R09: 0000000000000000 [ 195.003007][T14757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 195.003014][T14757] R13: 00007f4f92e16038 R14: 00007f4f92e15fa0 R15: 00007fff002a1ea8 [ 195.003027][T14757] [ 195.116116][ T40] audit: type=1400 audit(1773941416.816:928): avc: denied { getopt } for pid=14767 comm="syz.2.3027" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 195.155572][ T40] audit: type=1400 audit(1773941416.856:929): avc: denied { read } for pid=14774 comm="syz.2.3029" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 195.208685][T14781] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3029'. [ 195.214208][ T40] audit: type=1400 audit(1773941416.916:930): avc: denied { setopt } for pid=14774 comm="syz.2.3029" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 195.385262][ T5934] udevd[5934]: inotify_add_watch(7, /dev/nbd0, 10) failed: No such file or directory [ 195.460072][T14810] netlink: 'syz.3.3038': attribute type 10 has an invalid length. [ 195.640178][ T6017] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 195.790267][ T6017] usb 7-1: Using ep0 maxpacket: 32 [ 195.802101][ T6017] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 195.805326][ T6017] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 195.808121][ T6017] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 195.811217][ T6017] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 195.814380][ T6017] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 195.817490][ T6017] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 102 [ 195.820818][ T6017] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 195.824932][ T6017] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 195.827848][ T6017] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.837461][ T6017] usb 7-1: config 0 descriptor?? [ 195.839740][T14799] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 196.046619][ T6017] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 14 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 196.132854][ T6017] usb 5-1: USB disconnect, device number 13 [ 196.227902][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.231269][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.233809][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.236455][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.239130][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.244422][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.248420][ T40] audit: type=1400 audit(1773941417.946:931): avc: denied { read write } for pid=14798 comm="syz.2.3036" name="lp0" dev="devtmpfs" ino=3235 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 196.255679][ C2] usblp0: nonzero read bulk status received: -71 [ 196.257121][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.262224][ T40] audit: type=1400 audit(1773941417.946:932): avc: denied { open } for pid=14798 comm="syz.2.3036" path="/dev/usb/lp0" dev="devtmpfs" ino=3235 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 196.270659][ T6906] usb 7-1: USB disconnect, device number 14 [ 196.274242][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.276886][ T6906] usblp0: removed [ 196.280886][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.281648][T14849] overlay: filesystem on ./bus not supported as upperdir [ 196.288244][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.296165][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.299720][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.303693][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.307481][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.311988][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.315699][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.318650][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.322089][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.325913][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.329005][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.333389][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.336222][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.338929][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.344840][T14854] overlay: filesystem on ./bus not supported as upperdir [ 196.401598][ T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 196.405866][ T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 196.409414][ T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 196.413547][ T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 196.416977][ T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 196.437849][T14862] Failed to initialize the IGMP autojoin socket (err -2) [ 196.813826][T14882] Failed to initialize the IGMP autojoin socket (err -2) [ 196.966696][T14895] FAULT_INJECTION: forcing a failure. [ 196.966696][T14895] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 196.971187][T14895] CPU: 2 UID: 0 PID: 14895 Comm: syz.2.3047 Tainted: G L syzkaller #0 PREEMPT(full) [ 196.971205][T14895] Tainted: [L]=SOFTLOCKUP [ 196.971209][T14895] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 196.971216][T14895] Call Trace: [ 196.971220][T14895] [ 196.971225][T14895] dump_stack_lvl+0x100/0x190 [ 196.971247][T14895] should_fail_ex.cold+0x5/0xa [ 196.971261][T14895] _copy_from_iter+0x1f4/0x1690 [ 196.971274][T14895] ? __asan_memset+0x23/0x50 [ 196.971289][T14895] ? __pfx__copy_from_iter+0x10/0x10 [ 196.971306][T14895] ? __pfx___alloc_skb+0x10/0x10 [ 196.971317][T14895] ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10 [ 196.971337][T14895] netlink_sendmsg+0x808/0xda0 [ 196.971355][T14895] ? __pfx_netlink_sendmsg+0x10/0x10 [ 196.971369][T14895] ? __might_fault+0xc0/0x140 [ 196.971388][T14895] ____sys_sendmsg+0x9e1/0xb70 [ 196.971404][T14895] ? __pfx_netlink_sendmsg+0x10/0x10 [ 196.971420][T14895] ? __pfx_____sys_sendmsg+0x10/0x10 [ 196.971442][T14895] ___sys_sendmsg+0x190/0x1e0 [ 196.971460][T14895] ? __pfx____sys_sendmsg+0x10/0x10 [ 196.971505][T14895] __sys_sendmsg+0x170/0x220 [ 196.971523][T14895] ? __pfx___sys_sendmsg+0x10/0x10 [ 196.971545][T14895] do_syscall_64+0x106/0xf80 [ 196.971559][T14895] ? clear_bhb_loop+0x40/0x90 [ 196.971572][T14895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.971583][T14895] RIP: 0033:0x7f4f92b9c799 [ 196.971593][T14895] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 196.971606][T14895] RSP: 002b:00007f4f93af6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 196.971623][T14895] RAX: ffffffffffffffda RBX: 00007f4f92e15fa0 RCX: 00007f4f92b9c799 [ 196.971634][T14895] RDX: 0000000000048000 RSI: 0000200000002780 RDI: 0000000000000004 [ 196.971643][T14895] RBP: 00007f4f93af6090 R08: 0000000000000000 R09: 0000000000000000 [ 196.971649][T14895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 196.971655][T14895] R13: 00007f4f92e16038 R14: 00007f4f92e15fa0 R15: 00007fff002a1ea8 [ 196.971670][T14895] [ 197.126934][T14913] sysfs: cannot create duplicate filename '/class/ieee80211/4π!' [ 197.129975][T14913] CPU: 0 UID: 0 PID: 14913 Comm: syz.2.3052 Tainted: G L syzkaller #0 PREEMPT(full) [ 197.130007][T14913] Tainted: [L]=SOFTLOCKUP [ 197.130015][T14913] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 197.130027][T14913] Call Trace: [ 197.130036][T14913] [ 197.130044][T14913] dump_stack_lvl+0x100/0x190 [ 197.130079][T14913] sysfs_warn_dup.cold+0x1c/0x28 [ 197.130106][T14913] sysfs_do_create_link_sd+0x113/0x140 [ 197.130157][T14913] sysfs_create_link+0x61/0xc0 [ 197.130186][T14913] device_add+0x675/0x1950 [ 197.130209][T14913] ? __pfx_device_add+0x10/0x10 [ 197.130228][T14913] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 197.130259][T14913] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 197.130288][T14913] wiphy_register+0x1e5b/0x2d30 [ 197.130314][T14913] ? __rtnl_unlock+0xb9/0xf0 [ 197.130341][T14913] ? netdev_run_todo+0x7b0/0x12c0 [ 197.130372][T14913] ? __pfx_wiphy_register+0x10/0x10 [ 197.130400][T14913] ? __asan_memset+0x23/0x50 [ 197.130426][T14913] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 197.130464][T14913] ieee80211_register_hw+0x2cfd/0x4140 [ 197.130505][T14913] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 197.130532][T14913] ? __pfx___debug_object_init+0x10/0x10 [ 197.130565][T14913] ? find_held_lock+0x2b/0x80 [ 197.130590][T14913] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 197.130615][T14913] ? __hrtimer_setup+0x178/0x280 [ 197.130638][T14913] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 197.130685][T14913] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 197.130715][T14913] ? __asan_memcpy+0x3c/0x60 [ 197.130741][T14913] hwsim_new_radio_nl+0xc1f/0x1340 [ 197.130767][T14913] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 197.130807][T14913] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 197.130835][T14913] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 197.130864][T14913] genl_family_rcv_msg_doit+0x214/0x300 [ 197.130890][T14913] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 197.130922][T14913] ? bpf_lsm_capable+0x9/0x10 [ 197.130940][T14913] ? security_capable+0x80/0x260 [ 197.130963][T14913] ? ns_capable+0xd2/0xf0 [ 197.130987][T14913] genl_rcv_msg+0x560/0x800 [ 197.131016][T14913] ? __pfx_genl_rcv_msg+0x10/0x10 [ 197.131040][T14913] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 197.131070][T14913] netlink_rcv_skb+0x159/0x420 [ 197.131092][T14913] ? __pfx_genl_rcv_msg+0x10/0x10 [ 197.131118][T14913] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 197.131152][T14913] ? netlink_deliver_tap+0x1ae/0xcc0 [ 197.131177][T14913] genl_rcv+0x28/0x40 [ 197.131198][T14913] netlink_unicast+0x5aa/0x870 [ 197.131223][T14913] ? __pfx_netlink_unicast+0x10/0x10 [ 197.131256][T14913] netlink_sendmsg+0x8b0/0xda0 [ 197.131283][T14913] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.131302][T14913] ? __might_fault+0xc0/0x140 [ 197.131334][T14913] ____sys_sendmsg+0x9e1/0xb70 [ 197.131359][T14913] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.131385][T14913] ? __pfx_____sys_sendmsg+0x10/0x10 [ 197.131413][T14913] ? try_to_wake_up+0x644/0x1a80 [ 197.131431][T14913] ___sys_sendmsg+0x190/0x1e0 [ 197.131450][T14913] ? __pfx____sys_sendmsg+0x10/0x10 [ 197.131468][T14913] ? futex_private_hash_put+0x107/0x1c0 [ 197.131503][T14913] __sys_sendmsg+0x170/0x220 [ 197.131517][T14913] ? __pfx___sys_sendmsg+0x10/0x10 [ 197.131531][T14913] ? __x64_sys_futex+0x34f/0x4d0 [ 197.131552][T14913] do_syscall_64+0x106/0xf80 [ 197.131565][T14913] ? clear_bhb_loop+0x40/0x90 [ 197.131579][T14913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.131591][T14913] RIP: 0033:0x7f4f92b9c799 [ 197.131602][T14913] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 197.131613][T14913] RSP: 002b:00007f4f93af6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 197.131625][T14913] RAX: ffffffffffffffda RBX: 00007f4f92e15fa0 RCX: 00007f4f92b9c799 [ 197.131632][T14913] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 197.131640][T14913] RBP: 00007f4f92c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 197.131647][T14913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 197.131654][T14913] R13: 00007f4f92e16038 R14: 00007f4f92e15fa0 R15: 00007fff002a1ea8 [ 197.131670][T14913] [ 197.402735][T14930] netlink: 'syz.2.3056': attribute type 10 has an invalid length. [ 197.530645][T14924] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3055'. [ 197.580858][ T5288] Bluetooth: hci4: command 0x0406 tx timeout [ 197.586218][T14936] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3055'. [ 197.601740][T14924] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3055'. [ 197.634691][T14948] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3059'. [ 197.637691][T14948] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3059'. [ 197.655108][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 197.655119][ T40] audit: type=1400 audit(1773941419.356:934): avc: denied { unmount } for pid=12811 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 197.672250][T14936] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3055'. [ 197.682184][T14952] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3060'. [ 197.712105][T14955] netlink: 'syz.2.3061': attribute type 30 has an invalid length. [ 197.768009][T14957] netlink: 'syz.2.3061': attribute type 30 has an invalid length. [ 197.992587][ T40] audit: type=1400 audit(1773941419.696:935): avc: denied { remount } for pid=14972 comm="syz.2.3064" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 198.125589][ T40] audit: type=1400 audit(1773941419.826:936): avc: denied { ioctl } for pid=14979 comm="syz.2.3066" path="/212/file0/file0" dev="fuse" ino=64 ioctlcmd=0x4d0b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 198.179139][T14862] netdevsim netdevsim1 netdevsim0: renamed from eth2 [ 198.187245][T14862] netdevsim netdevsim1 netdevsim1: renamed from eth3 [ 198.192417][T14862] netdevsim netdevsim1 netdevsim2: renamed from eth4 [ 198.201604][T14862] netdevsim netdevsim1 netdevsim3: renamed from eth5 [ 198.407805][T14862] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 198.417422][T14862] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 198.428948][T14862] wireguard: wg0: Could not create IPv4 socket [ 198.432936][T14862] wireguard: wg1: Could not create IPv4 socket [ 198.436299][T14862] wireguard: wg2: Could not create IPv4 socket [ 198.470534][ T5288] Bluetooth: hci0: command tx timeout [ 198.536293][T15026] __nla_validate_parse: 2 callbacks suppressed [ 198.536312][T15026] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3076'. [ 198.546664][T15026] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3076'. [ 198.606223][T15034] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3080'. [ 198.639958][T15036] ip6gre1: entered promiscuous mode [ 198.642791][T15036] ip6gre1: entered allmulticast mode [ 198.647096][ T13] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 198.648893][ T40] audit: type=1400 audit(1773941420.346:937): avc: denied { write } for pid=15035 comm="syz.0.3081" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 198.656871][ T13] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 198.670772][ T6906] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 198.713340][ T40] audit: type=1400 audit(1773941420.416:938): avc: denied { getopt } for pid=15035 comm="syz.0.3081" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 198.832410][T15048] Failed to initialize the IGMP autojoin socket (err -2) [ 198.967268][ T40] audit: type=1400 audit(1773941420.666:939): avc: denied { nlmsg_read } for pid=15055 comm="syz.3.3084" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 199.059444][T15065] binder: BINDER_SET_CONTEXT_MGR already set [ 199.061842][T15065] binder: 15064:15065 ioctl 4018620d 200000000040 returned -16 [ 199.064742][T15065] binder: 15064:15065 ioctl c0306201 2000000003c0 returned -14 [ 199.092123][ T6906] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 199.229771][T15086] fuse: Bad value for 'rootmode' [ 199.234443][ T40] audit: type=1400 audit(1773941420.936:940): avc: denied { connect } for pid=15085 comm="syz.2.3091" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 199.235501][T15086] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 199.246058][T15086] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3091'. [ 199.288676][T15093] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3093'. [ 199.289030][ T40] audit: type=1400 audit(1773941420.986:941): avc: denied { kexec_image_load } for pid=15092 comm="syz.2.3094" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1 [ 199.299310][ T40] audit: type=1400 audit(1773941420.986:942): avc: denied { write } for pid=15092 comm="syz.2.3094" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 199.317083][T15097] netlink: 'syz.0.3095': attribute type 10 has an invalid length. [ 199.587190][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.590103][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.703996][T15146] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3105'. [ 199.712050][ T40] audit: type=1400 audit(1773941421.416:943): avc: denied { bind } for pid=15143 comm="syz.2.3105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 199.740568][ T6906] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 199.803438][T15153] sysfs: cannot create duplicate filename '/class/ieee80211/4π!' [ 199.806998][T15153] CPU: 0 UID: 0 PID: 15153 Comm: syz.2.3106 Tainted: G L syzkaller #0 PREEMPT(full) [ 199.807025][T15153] Tainted: [L]=SOFTLOCKUP [ 199.807032][T15153] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 199.807045][T15153] Call Trace: [ 199.807052][T15153] [ 199.807060][T15153] dump_stack_lvl+0x100/0x190 [ 199.807093][T15153] sysfs_warn_dup.cold+0x1c/0x28 [ 199.807121][T15153] sysfs_do_create_link_sd+0x113/0x140 [ 199.807152][T15153] sysfs_create_link+0x61/0xc0 [ 199.807179][T15153] device_add+0x675/0x1950 [ 199.807200][T15153] ? __pfx_device_add+0x10/0x10 [ 199.807218][T15153] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 199.807249][T15153] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 199.807280][T15153] wiphy_register+0x1e5b/0x2d30 [ 199.807307][T15153] ? __rtnl_unlock+0xb9/0xf0 [ 199.807334][T15153] ? netdev_run_todo+0x7b0/0x12c0 [ 199.807367][T15153] ? __pfx_wiphy_register+0x10/0x10 [ 199.807395][T15153] ? __asan_memset+0x23/0x50 [ 199.807423][T15153] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 199.807462][T15153] ieee80211_register_hw+0x2cfd/0x4140 [ 199.807506][T15153] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 199.807533][T15153] ? __pfx___debug_object_init+0x10/0x10 [ 199.807567][T15153] ? find_held_lock+0x2b/0x80 [ 199.807594][T15153] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 199.807623][T15153] ? __hrtimer_setup+0x178/0x280 [ 199.807647][T15153] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 199.807693][T15153] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 199.807724][T15153] ? __asan_memcpy+0x3c/0x60 [ 199.807759][T15153] hwsim_new_radio_nl+0xc1f/0x1340 [ 199.807789][T15153] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 199.807827][T15153] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 199.807861][T15153] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 199.807899][T15153] genl_family_rcv_msg_doit+0x214/0x300 [ 199.807935][T15153] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 199.807975][T15153] ? bpf_lsm_capable+0x9/0x10 [ 199.807994][T15153] ? security_capable+0x80/0x260 [ 199.808018][T15153] ? ns_capable+0xd2/0xf0 [ 199.808044][T15153] genl_rcv_msg+0x560/0x800 [ 199.808077][T15153] ? __pfx_genl_rcv_msg+0x10/0x10 [ 199.808108][T15153] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 199.808144][T15153] netlink_rcv_skb+0x159/0x420 [ 199.808168][T15153] ? __pfx_genl_rcv_msg+0x10/0x10 [ 199.808197][T15153] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 199.808233][T15153] ? netlink_deliver_tap+0x1ae/0xcc0 [ 199.808290][T15153] genl_rcv+0x28/0x40 [ 199.808317][T15153] netlink_unicast+0x5aa/0x870 [ 199.808350][T15153] ? __pfx_netlink_unicast+0x10/0x10 [ 199.808389][T15153] netlink_sendmsg+0x8b0/0xda0 [ 199.808423][T15153] ? __pfx_netlink_sendmsg+0x10/0x10 [ 199.808449][T15153] ? __might_fault+0xc0/0x140 [ 199.808488][T15153] ____sys_sendmsg+0x9e1/0xb70 [ 199.808518][T15153] ? __pfx_netlink_sendmsg+0x10/0x10 [ 199.808547][T15153] ? __pfx_____sys_sendmsg+0x10/0x10 [ 199.808583][T15153] ? __pfx_futex_wake_mark+0x10/0x10 [ 199.808612][T15153] ___sys_sendmsg+0x190/0x1e0 [ 199.808645][T15153] ? __pfx____sys_sendmsg+0x10/0x10 [ 199.808712][T15153] __sys_sendmsg+0x170/0x220 [ 199.808743][T15153] ? __pfx___sys_sendmsg+0x10/0x10 [ 199.808766][T15153] ? __x64_sys_futex+0x34f/0x4d0 [ 199.808804][T15153] do_syscall_64+0x106/0xf80 [ 199.808828][T15153] ? clear_bhb_loop+0x40/0x90 [ 199.808854][T15153] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.808876][T15153] RIP: 0033:0x7f4f92b9c799 [ 199.808894][T15153] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 199.808912][T15153] RSP: 002b:00007f4f93af6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 199.808931][T15153] RAX: ffffffffffffffda RBX: 00007f4f92e15fa0 RCX: 00007f4f92b9c799 [ 199.808943][T15153] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 199.808955][T15153] RBP: 00007f4f92c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 199.808967][T15153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 199.808978][T15153] R13: 00007f4f92e16038 R14: 00007f4f92e15fa0 R15: 00007fff002a1ea8 [ 199.809007][T15153] [ 200.437126][T15194] Failed to initialize the IGMP autojoin socket (err -2) [ 200.460586][ T2297] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 200.616610][ T2297] usb 5-1: config 0 has no interfaces? [ 200.619025][ T2297] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 200.624601][ T2297] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.634741][ T2297] usb 5-1: config 0 descriptor?? [ 200.748496][T15211] iommufd_mock iommufd_mock0: Adding to iommu group 9 [ 200.840110][ T2297] usb 5-1: USB disconnect, device number 14 [ 200.915900][T15221] kAFS: unparsable volume name [ 201.160464][ T2297] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 201.310295][ T2297] usb 5-1: Using ep0 maxpacket: 8 [ 201.314433][ T2297] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 201.318143][ T2297] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 201.324912][ T2297] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 201.329237][ T2297] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 201.333827][ T2297] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 201.339563][ T2297] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 201.345540][ T2297] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.380465][T15257] netlink: 'syz.2.3127': attribute type 10 has an invalid length. [ 201.383806][T15257] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3127'. [ 201.387775][T15257] team0: entered promiscuous mode [ 201.390030][T15257] team_slave_0: entered promiscuous mode [ 201.392754][T15257] team_slave_1: entered promiscuous mode [ 201.395408][T15257] team0: entered allmulticast mode [ 201.398113][T15257] team_slave_0: entered allmulticast mode [ 201.401123][T15257] team_slave_1: entered allmulticast mode [ 201.404387][T15257] bridge0: port 3(team0) entered blocking state [ 201.407233][T15257] bridge0: port 3(team0) entered disabled state [ 201.413330][T15257] bridge0: port 3(team0) entered blocking state [ 201.416152][T15257] bridge0: port 3(team0) entered forwarding state [ 201.563541][ T2297] usb 5-1: GET_CAPABILITIES returned 0 [ 201.566263][ T2297] usbtmc 5-1:16.0: can't read capabilities [ 201.583081][T15273] Failed to initialize the IGMP autojoin socket (err -2) [ 201.670123][T15279] openvswitch: netlink: Message has 4 unknown bytes. [ 201.672821][T15279] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 201.733631][T15286] mkiss: ax0: crc mode is auto. [ 201.762004][T15172] usb 5-1: usbtmc_ioctl_clear_out_halt returned -32 [ 202.279441][ T24] usb 5-1: USB disconnect, device number 15 [ 202.361995][T15327] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3142'. [ 202.379399][T15327] bond2: entered promiscuous mode [ 202.383866][T15327] 8021q: adding VLAN 0 to HW filter on device bond2 [ 202.397467][T15327] 8021q: adding VLAN 0 to HW filter on device bond2 [ 202.399882][T15327] bond2: (slave sit1): The slave device specified does not support setting the MAC address [ 202.404037][T15327] bond2: (slave sit1): Error -95 calling set_mac_address [ 202.755084][T15367] netlink: 7 bytes leftover after parsing attributes in process `syz.3.3151'. [ 202.796575][T15374] binder: 15373:15374 ioctl c0306201 2000000003c0 returned -14 [ 202.800476][ T6906] usb 7-1: new full-speed USB device number 15 using dummy_hcd [ 202.844230][T15378] netlink: 'syz.3.3154': attribute type 10 has an invalid length. [ 202.950443][ T6906] usb 7-1: device descriptor read/64, error -71 [ 202.963226][ T40] kauditd_printk_skb: 1 callbacks suppressed [ 202.963239][ T40] audit: type=1400 audit(1773941424.666:945): avc: denied { append } for pid=15391 comm="syz.0.3158" name="001" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 203.030458][ C3] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 203.190471][ T6906] usb 7-1: new full-speed USB device number 16 using dummy_hcd [ 203.320350][ T6906] usb 7-1: device descriptor read/64, error -71 [ 203.450380][ T6906] usb usb7-port1: attempt power cycle [ 203.694232][ T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 203.698655][ T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 203.703826][ T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 203.708783][ T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 203.712877][ T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 203.739351][T15423] Failed to initialize the IGMP autojoin socket (err -2) [ 203.791570][ T6906] usb 7-1: new full-speed USB device number 17 using dummy_hcd [ 203.820813][ T6906] usb 7-1: device descriptor read/8, error -71 [ 203.942768][T15439] binder: 15434:15439 ioctl 942e 0 returned -22 [ 204.071362][ T6906] usb 7-1: new full-speed USB device number 18 using dummy_hcd [ 204.091510][ T6906] usb 7-1: device descriptor read/8, error -71 [ 204.200562][ T6906] usb usb7-port1: unable to enumerate USB device [ 204.340610][ T7885] usb 7-1: new full-speed USB device number 19 using dummy_hcd [ 204.352899][T15423] netdevsim netdevsim1 netdevsim0: renamed from eth2 [ 204.360959][T15423] netdevsim netdevsim1 netdevsim1: renamed from eth3 [ 204.372802][T15423] netdevsim netdevsim1 netdevsim2: renamed from eth4 [ 204.383036][T15423] netdevsim netdevsim1 netdevsim3: renamed from eth5 [ 204.480344][ T7885] usb 7-1: device descriptor read/64, error -71 [ 204.537710][T15423] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 204.546379][T15423] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 204.556571][T15423] wireguard: wg0: Could not create IPv4 socket [ 204.559752][T15423] wireguard: wg1: Could not create IPv4 socket [ 204.563707][T15423] wireguard: wg2: Could not create IPv4 socket [ 204.730391][ T7885] usb 7-1: new full-speed USB device number 20 using dummy_hcd [ 204.778163][T15451] netlink: 344 bytes leftover after parsing attributes in process `syz.3.3162'. [ 204.860436][ T7885] usb 7-1: device descriptor read/64, error -71 [ 204.936350][T15458] binder: 15457:15458 ioctl c0306201 2000000003c0 returned -14 [ 204.970589][ T7885] usb usb7-port1: attempt power cycle [ 204.978053][T15460] sysfs: cannot create duplicate filename '/class/ieee80211/4π!' [ 204.981629][T15460] CPU: 2 UID: 0 PID: 15460 Comm: syz.3.3165 Tainted: G L syzkaller #0 PREEMPT(full) [ 204.981665][T15460] Tainted: [L]=SOFTLOCKUP [ 204.981673][T15460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 204.981692][T15460] Call Trace: [ 204.981699][T15460] [ 204.981707][T15460] dump_stack_lvl+0x100/0x190 [ 204.981745][T15460] sysfs_warn_dup.cold+0x1c/0x28 [ 204.981773][T15460] sysfs_do_create_link_sd+0x113/0x140 [ 204.981804][T15460] sysfs_create_link+0x61/0xc0 [ 204.981834][T15460] device_add+0x675/0x1950 [ 204.981856][T15460] ? __pfx_device_add+0x10/0x10 [ 204.981874][T15460] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 204.981903][T15460] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 204.981933][T15460] wiphy_register+0x1e5b/0x2d30 [ 204.981959][T15460] ? __rtnl_unlock+0xb9/0xf0 [ 204.981986][T15460] ? netdev_run_todo+0x7b0/0x12c0 [ 204.982017][T15460] ? __pfx_wiphy_register+0x10/0x10 [ 204.982044][T15460] ? __asan_memset+0x23/0x50 [ 204.982070][T15460] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 204.982108][T15460] ieee80211_register_hw+0x2cfd/0x4140 [ 204.982148][T15460] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 204.982175][T15460] ? __pfx___debug_object_init+0x10/0x10 [ 204.982206][T15460] ? find_held_lock+0x2b/0x80 [ 204.982233][T15460] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 204.982261][T15460] ? __hrtimer_setup+0x178/0x280 [ 204.982284][T15460] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 204.982330][T15460] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 204.982360][T15460] ? __asan_memcpy+0x3c/0x60 [ 204.982389][T15460] hwsim_new_radio_nl+0xc1f/0x1340 [ 204.982419][T15460] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 204.982451][T15460] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 204.982478][T15460] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 204.982513][T15460] genl_family_rcv_msg_doit+0x214/0x300 [ 204.982547][T15460] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 204.982587][T15460] ? bpf_lsm_capable+0x9/0x10 [ 204.982605][T15460] ? security_capable+0x80/0x260 [ 204.982629][T15460] ? ns_capable+0xd2/0xf0 [ 204.982655][T15460] genl_rcv_msg+0x560/0x800 [ 204.982696][T15460] ? __pfx_genl_rcv_msg+0x10/0x10 [ 204.982727][T15460] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 204.982767][T15460] netlink_rcv_skb+0x159/0x420 [ 204.982797][T15460] ? __pfx_genl_rcv_msg+0x10/0x10 [ 204.982827][T15460] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 204.982865][T15460] ? netlink_deliver_tap+0x1ae/0xcc0 [ 204.982897][T15460] genl_rcv+0x28/0x40 [ 204.982923][T15460] netlink_unicast+0x5aa/0x870 [ 204.982954][T15460] ? __pfx_netlink_unicast+0x10/0x10 [ 204.982993][T15460] netlink_sendmsg+0x8b0/0xda0 [ 204.983025][T15460] ? __pfx_netlink_sendmsg+0x10/0x10 [ 204.983051][T15460] ? __might_fault+0xc0/0x140 [ 204.983089][T15460] ____sys_sendmsg+0x9e1/0xb70 [ 204.983117][T15460] ? __pfx_netlink_sendmsg+0x10/0x10 [ 204.983145][T15460] ? __pfx_____sys_sendmsg+0x10/0x10 [ 204.983181][T15460] ? __pfx_futex_wake_mark+0x10/0x10 [ 204.983211][T15460] ___sys_sendmsg+0x190/0x1e0 [ 204.983244][T15460] ? __pfx____sys_sendmsg+0x10/0x10 [ 204.983309][T15460] __sys_sendmsg+0x170/0x220 [ 204.983335][T15460] ? __pfx___sys_sendmsg+0x10/0x10 [ 204.983358][T15460] ? __x64_sys_futex+0x34f/0x4d0 [ 204.983396][T15460] do_syscall_64+0x106/0xf80 [ 204.983421][T15460] ? clear_bhb_loop+0x40/0x90 [ 204.983446][T15460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.983467][T15460] RIP: 0033:0x7f176a39c799 [ 204.983485][T15460] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 204.983504][T15460] RSP: 002b:00007f176b16e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 204.983524][T15460] RAX: ffffffffffffffda RBX: 00007f176a615fa0 RCX: 00007f176a39c799 [ 204.983538][T15460] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 204.983548][T15460] RBP: 00007f176a432c99 R08: 0000000000000000 R09: 0000000000000000 [ 204.983559][T15460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 204.983570][T15460] R13: 00007f176a616038 R14: 00007f176a615fa0 R15: 00007ffdd78ae478 [ 204.983595][T15460] [ 205.185087][T15464] netlink: 'syz.3.3166': attribute type 10 has an invalid length. [ 205.330453][ T7885] usb 7-1: new full-speed USB device number 21 using dummy_hcd [ 205.353442][ T7885] usb 7-1: device descriptor read/8, error -71 [ 205.524877][T15475] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3169'. [ 205.621605][ T7885] usb 7-1: new full-speed USB device number 22 using dummy_hcd [ 205.681905][T15485] netlink: 'syz.3.3171': attribute type 23 has an invalid length. [ 205.689130][ T40] audit: type=1400 audit(1773941427.386:946): avc: denied { write } for pid=15484 comm="syz.3.3171" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 205.761557][T15494] binder: 15493:15494 ioctl c0306201 2000000003c0 returned -14 [ 205.799292][T15499] sysfs: cannot create duplicate filename '/class/ieee80211/4π!' [ 205.804249][T15499] CPU: 0 UID: 0 PID: 15499 Comm: syz.2.3175 Tainted: G L syzkaller #0 PREEMPT(full) [ 205.804276][T15499] Tainted: [L]=SOFTLOCKUP [ 205.804283][T15499] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 205.804292][T15499] Call Trace: [ 205.804298][T15499] [ 205.804304][T15499] dump_stack_lvl+0x100/0x190 [ 205.804341][T15499] sysfs_warn_dup.cold+0x1c/0x28 [ 205.804364][T15499] sysfs_do_create_link_sd+0x113/0x140 [ 205.804389][T15499] sysfs_create_link+0x61/0xc0 [ 205.804406][T15499] device_add+0x675/0x1950 [ 205.804425][T15499] ? __pfx_device_add+0x10/0x10 [ 205.804436][T15499] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 205.804453][T15499] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 205.804475][T15499] wiphy_register+0x1e5b/0x2d30 [ 205.804491][T15499] ? __rtnl_unlock+0xb9/0xf0 [ 205.804507][T15499] ? netdev_run_todo+0x7b0/0x12c0 [ 205.804524][T15499] ? __pfx_wiphy_register+0x10/0x10 [ 205.804543][T15499] ? __asan_memset+0x23/0x50 [ 205.804558][T15499] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 205.804581][T15499] ieee80211_register_hw+0x2cfd/0x4140 [ 205.804606][T15499] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 205.804623][T15499] ? __pfx___debug_object_init+0x10/0x10 [ 205.804641][T15499] ? find_held_lock+0x2b/0x80 [ 205.804657][T15499] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 205.804673][T15499] ? __hrtimer_setup+0x178/0x280 [ 205.804686][T15499] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 205.804711][T15499] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 205.804729][T15499] ? __asan_memcpy+0x3c/0x60 [ 205.804745][T15499] hwsim_new_radio_nl+0xc1f/0x1340 [ 205.804762][T15499] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 205.804782][T15499] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 205.804800][T15499] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 205.804820][T15499] genl_family_rcv_msg_doit+0x214/0x300 [ 205.804839][T15499] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 205.804862][T15499] ? bpf_lsm_capable+0x9/0x10 [ 205.804873][T15499] ? security_capable+0x80/0x260 [ 205.804886][T15499] ? ns_capable+0xd2/0xf0 [ 205.804900][T15499] genl_rcv_msg+0x560/0x800 [ 205.804919][T15499] ? __pfx_genl_rcv_msg+0x10/0x10 [ 205.804936][T15499] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 205.804956][T15499] netlink_rcv_skb+0x159/0x420 [ 205.804972][T15499] ? __pfx_genl_rcv_msg+0x10/0x10 [ 205.804990][T15499] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 205.805011][T15499] ? netlink_deliver_tap+0x1ae/0xcc0 [ 205.805028][T15499] genl_rcv+0x28/0x40 [ 205.805043][T15499] netlink_unicast+0x5aa/0x870 [ 205.805061][T15499] ? __pfx_netlink_unicast+0x10/0x10 [ 205.805082][T15499] netlink_sendmsg+0x8b0/0xda0 [ 205.805100][T15499] ? __pfx_netlink_sendmsg+0x10/0x10 [ 205.805114][T15499] ? __might_fault+0xc0/0x140 [ 205.805134][T15499] ____sys_sendmsg+0x9e1/0xb70 [ 205.805150][T15499] ? __pfx_netlink_sendmsg+0x10/0x10 [ 205.805166][T15499] ? __pfx_____sys_sendmsg+0x10/0x10 [ 205.805186][T15499] ? __pfx_futex_wake_mark+0x10/0x10 [ 205.805203][T15499] ___sys_sendmsg+0x190/0x1e0 [ 205.805221][T15499] ? __pfx____sys_sendmsg+0x10/0x10 [ 205.805265][T15499] __sys_sendmsg+0x170/0x220 [ 205.805281][T15499] ? __pfx___sys_sendmsg+0x10/0x10 [ 205.805296][T15499] ? __x64_sys_futex+0x34f/0x4d0 [ 205.805318][T15499] do_syscall_64+0x106/0xf80 [ 205.805332][T15499] ? clear_bhb_loop+0x40/0x90 [ 205.805346][T15499] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.805358][T15499] RIP: 0033:0x7f4f92b9c799 [ 205.805369][T15499] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 205.805380][T15499] RSP: 002b:00007f4f93af6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 205.805391][T15499] RAX: ffffffffffffffda RBX: 00007f4f92e15fa0 RCX: 00007f4f92b9c799 [ 205.805398][T15499] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 205.805405][T15499] RBP: 00007f4f92c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 205.805413][T15499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 205.805420][T15499] R13: 00007f4f92e16038 R14: 00007f4f92e15fa0 R15: 00007fff002a1ea8 [ 205.805436][T15499] [ 205.859027][T15503] netlink: 'syz.2.3177': attribute type 10 has an invalid length. [ 205.862694][ T7885] usb 7-1: device not accepting address 22, error -71 [ 205.982708][ T7885] usb usb7-port1: unable to enumerate USB device [ 206.148156][T15518] syzkaller0: entered promiscuous mode [ 206.151050][T15518] syzkaller0: entered allmulticast mode [ 206.155783][ T46] syzkaller0: tun_net_xmit 48 [ 206.162577][T15518] syzkaller0: create flow: hash 729695911 index 1 [ 206.180735][T15518] syzkaller0: delete flow: hash 729695911 index 1 [ 206.747439][ T40] audit: type=1400 audit(1773941428.446:947): avc: denied { setopt } for pid=15535 comm="syz.2.3185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 207.313362][T15546] netlink: 108 bytes leftover after parsing attributes in process `syz.2.3186'. [ 207.323744][T15548] netlink: 'syz.3.3188': attribute type 10 has an invalid length. [ 207.576859][T15576] Failed to initialize the IGMP autojoin socket (err -2) [ 207.658853][T15583] bridge0: port 3(team0) entered disabled state [ 207.668930][T15583] bridge0: port 3(team0) entered disabled state [ 207.675911][T15583] team_slave_0: left promiscuous mode [ 207.678269][T15583] team_slave_0: left allmulticast mode [ 207.684090][T15583] team0 (unregistering): Failed to send options change via netlink (err -105) [ 207.687424][T15583] team0 (unregistering): Failed to send port change of device team_slave_0 via netlink (err -105) [ 207.692047][T15583] team0 (unregistering): Port device team_slave_0 removed [ 207.696349][T15583] team_slave_1: left promiscuous mode [ 207.698507][T15583] team_slave_1: left allmulticast mode [ 207.704537][T15583] team0 (unregistering): Failed to send options change via netlink (err -105) [ 207.707408][T15583] team0 (unregistering): Failed to send port change of device team_slave_1 via netlink (err -105) [ 207.707571][T15590] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3198'. [ 207.711535][T15583] team0 (unregistering): Port device team_slave_1 removed [ 207.737292][T15594] netlink: 'syz.3.3201': attribute type 10 has an invalid length. [ 207.830810][T15602] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3203'. [ 207.835682][T15602] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3203'. [ 207.894595][ T40] audit: type=1400 audit(1773941429.596:948): avc: denied { watch } for pid=15611 comm="syz.3.3205" path="/274/file0" dev="tmpfs" ino=1415 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 207.897400][T15612] veth1_to_batadv: entered promiscuous mode [ 207.997415][T15624] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3208'. [ 208.000986][ T40] audit: type=1326 audit(1773941429.696:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15605 comm="syz.2.3204" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4f92b9c799 code=0x0 [ 208.027496][T15628] Failed to initialize the IGMP autojoin socket (err -2) [ 208.110406][ T24] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 208.261133][T15646] usb usb8: usbfs: process 15646 (syz.3.3214) did not claim interface 0 before use [ 208.540515][T15675] Failed to initialize the IGMP autojoin socket (err -2) [ 208.610511][ T6017] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 208.683825][T15681] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3221'. [ 208.692402][T15681] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.697177][T15681] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.762989][ T6017] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 208.766374][ T6017] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 47904, setting to 64 [ 208.769917][ T6017] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 208.774938][ T6017] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 208.777870][ T6017] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.985854][ T6017] usb 5-1: usb_control_msg returned -32 [ 208.988054][ T6017] usbtmc 5-1:16.0: can't read capabilities [ 209.554740][ T1028] usb 5-1: USB disconnect, device number 16 [ 209.748069][ T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 209.753413][ T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 209.757047][ T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 209.762112][ T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 209.765075][ T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 209.786230][T15737] Failed to initialize the IGMP autojoin socket (err -2) [ 209.936295][ T40] audit: type=1400 audit(1773941431.636:950): avc: denied { add_name } for pid=15748 comm="syz.3.3227" name="cpuset.memory_pressure_enabled" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 209.946767][ T40] audit: type=1400 audit(1773941431.636:951): avc: denied { create } for pid=15748 comm="syz.3.3227" name="cpuset.memory_pressure_enabled" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 209.954263][ T40] audit: type=1400 audit(1773941431.636:952): avc: denied { associate } for pid=15748 comm="syz.3.3227" name="cpuset.memory_pressure_enabled" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 209.955633][T15749] netfs: Couldn't get user pages (rc=-14) [ 209.962468][ T40] audit: type=1400 audit(1773941431.636:953): avc: denied { read append } for pid=15748 comm="syz.3.3227" name="cpuset.memory_pressure_enabled" dev="9p" ino=72614155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 209.972376][ T40] audit: type=1400 audit(1773941431.636:954): avc: denied { open } for pid=15748 comm="syz.3.3227" path="/291/file0/cpuset.memory_pressure_enabled" dev="9p" ino=72614155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 209.981371][ T40] audit: type=1400 audit(1773941431.646:955): avc: denied { write } for pid=15748 comm="syz.3.3227" name="cpuset.memory_pressure_enabled" dev="9p" ino=72614155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 210.006528][T15749] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 210.009131][T15749] #PF: supervisor instruction fetch in kernel mode [ 210.011156][ T40] audit: type=1400 audit(1773941431.706:956): avc: denied { write } for pid=5888 comm="syz-executor" path="pipe:[1746]" dev="pipefs" ino=1746 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 210.011315][T15749] #PF: error_code(0x0010) - not-present page [ 210.021492][ T40] audit: type=1400 audit(1773941431.706:957): avc: denied { read } for pid=5318 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 210.021702][T15749] PGD 51126067 P4D 51126067 PUD 0 [ 210.028601][ T40] audit: type=1400 audit(1773941431.706:958): avc: denied { search } for pid=5318 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 210.030287][T15749] Oops: Oops: 0010 [#1] SMP KASAN NOPTI SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 210.030303][T15749] CPU: 2 UID: 0 PID: 15749 Comm: syz.3.3227 Tainted: G L syzkaller #0 PREEMPT(full) [ 210.030318][T15749] Tainted: [L]=SOFTLOCKUP [ 210.030322][T15749] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 210.030329][T15749] RIP: 0010:0x0 [ 210.030344][T15749] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 210.052203][T15749] RSP: 0018:ffffc90004f0fb90 EFLAGS: 00010246 [ 210.054170][T15749] RAX: 0000000000000000 RBX: ffff88801c377870 RCX: ffffffff82c4a72a [ 210.056748][T15749] RDX: ffff88805c440000 RSI: ffffffff82c4a5bc RDI: ffff88801c3777c0 [ 210.059312][T15749] RBP: 00000000001adfc0 R08: 0000000000000001 R09: 0000000000000000 [ 210.061857][T15749] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801c377858 [ 210.064396][T15749] R13: dffffc0000000000 R14: ffff88801c3777c0 R15: ffff88803efbbc00 [ 210.066945][T15749] FS: 00007f176b16e6c0(0000) GS:ffff8880d6545000(0000) knlGS:0000000000000000 [ 210.069833][T15749] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 210.071968][T15749] CR2: ffffffffffffffd6 CR3: 000000004e1ed000 CR4: 0000000000352ef0 [ 210.074544][T15749] Call Trace: [ 210.075645][T15749] [ 210.076628][T15749] netfs_unbuffered_write+0xae5/0x2080 [ 210.078412][T15749] netfs_unbuffered_write_iter_locked+0x801/0xab0 [ 210.080476][T15749] netfs_unbuffered_write_iter+0x40c/0x710 [ 210.082403][T15749] v9fs_file_write_iter+0xbf/0x100 [ 210.084080][T15749] vfs_write+0x6ac/0x1070 [ 210.085512][T15749] ? __pfx_v9fs_file_write_iter+0x10/0x10 [ 210.087363][T15749] ? __pfx_vfs_write+0x10/0x10 [ 210.088947][T15749] ksys_write+0x12a/0x250 [ 210.090370][T15749] ? __pfx_ksys_write+0x10/0x10 [ 210.091986][T15749] do_syscall_64+0x106/0xf80 [ 210.093533][T15749] ? clear_bhb_loop+0x40/0x90 [ 210.095089][T15749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.097015][T15749] RIP: 0033:0x7f176a39c799 [ 210.098477][T15749] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 210.104671][T15749] RSP: 002b:00007f176b16e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 210.107361][T15749] RAX: ffffffffffffffda RBX: 00007f176a615fa0 RCX: 00007f176a39c799 [ 210.109908][T15749] RDX: 000000000208e24b RSI: 0000200000000040 RDI: 0000000000000003 [ 210.112479][T15749] RBP: 00007f176a432c99 R08: 0000000000000000 R09: 0000000000000000 [ 210.115032][T15749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 210.117582][T15749] R13: 00007f176a616038 R14: 00007f176a615fa0 R15: 00007ffdd78ae478 [ 210.120136][T15749] [ 210.121179][T15749] Modules linked in: [ 210.122458][T15749] CR2: 0000000000000000 [ 210.123820][T15749] ---[ end trace 0000000000000000 ]--- [ 210.125622][T15749] RIP: 0010:0x0 [ 210.126784][T15749] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 210.129159][T15749] RSP: 0018:ffffc90004f0fb90 EFLAGS: 00010246 [ 210.131136][T15749] RAX: 0000000000000000 RBX: ffff88801c377870 RCX: ffffffff82c4a72a [ 210.133698][T15749] RDX: ffff88805c440000 RSI: ffffffff82c4a5bc RDI: ffff88801c3777c0 [ 210.136274][T15749] RBP: 00000000001adfc0 R08: 0000000000000001 R09: 0000000000000000 [ 210.138789][T15749] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801c377858 [ 210.141373][T15749] R13: dffffc0000000000 R14: ffff88801c3777c0 R15: ffff88803efbbc00 [ 210.143949][T15749] FS: 00007f176b16e6c0(0000) GS:ffff8880d6545000(0000) knlGS:0000000000000000 [ 210.146840][T15749] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 210.148987][T15749] CR2: ffffffffffffffd6 CR3: 000000004e1ed000 CR4: 0000000000352ef0 [ 210.151582][T15749] Kernel panic - not syncing: Fatal exception [ 210.154257][T15749] Kernel Offset: disabled [ 210.155675][T15749] Rebooting in 86400 seconds.. VM DIAGNOSIS: 15:52:24 Registers: info registers vcpu 0 CPU#0 RAX=1ffff11007189799 RBX=ffff888038c4bcb0 RCX=0000000000000202 RDX=ffffffff9b3db3c0 RSI=0000000000000004 RDI=ffff888038c4bcc8 RBP=ffffc90000127c28 RSP=ffffc90000127b50 R8 =0000000000000001 R9 =fffff52000024f58 R10=0000000000000003 R11=000000000000760b R12=0000000000000006 R13=dffffc0000000000 R14=ffff888022185e80 R15=1ffff92000024f6c RIP=ffffffff84fe9230 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6345000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fb22ed27000 CR3=000000004979f000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb22ec6db28 00007fb22ed2a0c0 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb22ec6db28 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5f6362696c5f5f00 6e69616d5f687361 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000005f0065 7261706572705f62 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 006e6f697461636f 6c5f6f6e7272655f ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000030 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000c0 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fb22ed2ab20 00007fb22ed2b050 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000080000000 RBX=0000000000000009 RCX=ffffffff8282271c RDX=ffff888029ec0000 RSI=ffffffff8281f3cf RDI=0000000000000009 RBP=0000000000000001 RSP=ffffc90003187210 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=000000000000761c R12=0000000000000000 R13=ffffea0001272d80 R14=ffffea0001272db4 R15=dffffc0000000000 RIP=ffffffff8208b7af RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6445000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f9cc9b47e20 CR3=0000000027258000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000002020004 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc77828e00 00007ffc77828e00 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9cc8fec823 00007f9cc8fec823 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9cc8fece80 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000003bf12 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055557d1d3f88 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 474553474953006c 616e676973206e77 6f6e6b6e75000a29 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5355424749530056 4745534749530049 444b424c56054b52 4a4b4e4b50000a0c ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c1080a8003048004 020103c200020007 0030656c69662f2e 01ffffffffffffff ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5f65727573736572 705f79726f6d656d 2e74657375706301 ffffffffffffffff ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0120c78996100001 8004010000000806 06017f8600020007 1402000186032021 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2301ffffffffffff fffff90801800302 d0ce080001000002 0806040129ae0002 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0007284080808090 0008100018100006 0177f20002000700 0400019db408000a ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 800401c708000801 4bc0000200070064 656c62616e655f65 727573736572705f ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=000000000000002a RCX=ffffffff81e7a6de RDX=ffff88805c440000 RSI=ffffffff81e7a6cc RDI=ffff88805c440000 RBP=0000000000000001 RSP=ffffc90004f0f760 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=707573203a465023 R12=1ffff920009e1eee R13=0000000000000000 R14=ffff88801cf54980 R15=ffffc90004f0f828 RIP=ffffffff81e7a6ce RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f176b16e6c0 ffffffff 00c00000 GS =0000 ffff8880d6545000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=000000004e1ed000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000010001 Opmask01=00000000000000ff Opmask02=000000000000003f Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 203a6b6361747320 6461657268747020 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdd78ae966 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdd78ae966 00007ffdd78ae96c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f176a43327c ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f176a4332bc ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f176a433420 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f176a4332ae ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 657a6973203c2065 7a69736565726600 632e6b6361747365 7461636f6c6c6100 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 405f4c5605190540 5f4c564040574300 460b4e4644515640 5144464a49494400 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f176a5ec5f8 00007f176a5ec5c8 00007f176a5ec600 00007f176a5ec5e0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000000006e RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8579cd95 RDI=ffffffff9b4a0a80 RBP=ffffffff9b4a0a40 RSP=ffffc9000078f830 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=74203a7469647561 R12=0000000000000000 R13=000000000000006e R14=0000000000000010 R15=ffffffff8579cd30 RIP=ffffffff8579cdbf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6645000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fe9c4293286 CR3=0000000050f4e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000080040001 Opmask01=0000000000000000 Opmask02=00000000fc02fefc Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 737570635f657669 7463656666652e74 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe328f5626 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe328f5626 00007ffe328f562c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8fe8a3327c ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8fe8a332bc ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8fe8a33420 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f8fe8a332ae ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0063696e61703d73 726f727265006f72 2d746e756f6d6572 3d73726f72726500 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00464c4b44551856 574a575740004a57 08514b504a484057 1856574a57574000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000