last executing test programs: 307.94603ms ago: executing program 1 (id=2): socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getresuid(&(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000340)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) fallocate(r1, 0x0, 0xf797, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10) r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009e173610ef171e7206de01020301090212000100000000090400"], 0x0) syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0) syz_usb_control_io$uac1(r4, 0x0, &(0x7f0000000700)={0x44, &(0x7f00000004c0)={0x20, 0x10}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendto$inet(r3, &(0x7f00000002c0)="01a4acc7", 0x4, 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 0s ago: executing program 0 (id=1): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x892, &(0x7f0000000140)={0x0, 0x6de6, 0x1000, 0x7, 0xbfe00000}, &(0x7f0000000000)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000140)={0xbf48ce7, "1803c80980000000080000000003000000d600", 0xffffffffffffffff}) r8 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r8, 0xc0285700, &(0x7f0000000200)={0x40000002, "fa02791d2a69a2610f02000000000000001100010000000800", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r9, 0xc0303e03, &(0x7f0000000080)={"6739a34dd06472f036ebf314e262816800", r7, 0xffffffffffffffff}) r11 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000180), 0x28d00, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r8, 0xc0285700, &(0x7f0000000240)={0x1b, "8a6035ceeae3ecc42317afad010000000000000400", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r11, 0xc0285700, &(0x7f00000004c0)={0x9, "34e6498c270e0000b56a000005000000000000000000000000000100", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r10, 0xc0303e03, &(0x7f00000000c0)={"0e337b42cc00d331ff0007000000000000001a00", r13, 0xffffffffffffffff}) close(0x3) ioctl$SYNC_IOC_MERGE(r12, 0xc0303e03, &(0x7f0000000040)={"130f2672af9ee0452321864922cd3bebd7f9cec5064e58445f1268334b4900", r14}) io_uring_enter(r3, 0x4907, 0x48d2, 0x44, 0x0, 0x0) 0s ago: executing program 0 (id=3): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'8255\x00', [0x8001, 0x0, 0x1, 0x0, 0x1, 0x1, 0x4, 0xb, 0x5c, 0xfd, 0x1002, 0x8, 0xb, 0x800, 0x6, 0xffffffff, 0x3, 0x400, 0x2, 0x40000003, 0x89, 0x2, 0xf27, 0x6, 0x7, 0x10000008, 0xf, 0x8, 0x4, 0xfffe, 0xfffffff8]}) kernel console output (not intermixed with test programs): [ 54.532726][ T28] audit: type=1400 audit(54.460:56): avc: denied { read write } for pid=3076 comm="sftp-server" name="null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 54.535463][ T28] audit: type=1400 audit(54.460:57): avc: denied { open } for pid=3076 comm="sftp-server" path="/dev/null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 Warning: Permanently added '[localhost]:8477' (ED25519) to the list of known hosts. [ 72.809843][ T28] audit: type=1400 audit(72.730:58): avc: denied { name_bind } for pid=3080 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 74.692085][ T28] audit: type=1400 audit(74.610:59): avc: denied { execute } for pid=3081 comm="sh" name="syz-executor" dev="vda" ino=805 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 74.696341][ T28] audit: type=1400 audit(74.620:60): avc: denied { execute_no_trans } for pid=3081 comm="sh" path="/syz-executor" dev="vda" ino=805 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 79.450104][ T28] audit: type=1400 audit(79.370:61): avc: denied { mounton } for pid=3081 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=806 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 79.462057][ T28] audit: type=1400 audit(79.390:62): avc: denied { mount } for pid=3081 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 79.480877][ T3081] cgroup: Unknown subsys name 'net' [ 79.491760][ T28] audit: type=1400 audit(79.420:63): avc: denied { unmount } for pid=3081 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 79.655351][ T3081] cgroup: Unknown subsys name 'cpuset' [ 79.663751][ T3081] cgroup: Unknown subsys name 'hugetlb' [ 79.664743][ T3081] cgroup: Unknown subsys name 'rlimit' [ 79.918305][ T28] audit: type=1400 audit(79.840:64): avc: denied { setattr } for pid=3081 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 79.923151][ T28] audit: type=1400 audit(79.850:65): avc: denied { mounton } for pid=3081 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 79.927335][ T28] audit: type=1400 audit(79.850:66): avc: denied { mount } for pid=3081 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 80.162627][ T3083] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 80.165951][ T28] audit: type=1400 audit(80.090:67): avc: denied { relabelto } for pid=3083 comm="mkswap" name="swap-file" dev="vda" ino=809 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 80.172929][ T28] audit: type=1400 audit(80.100:68): avc: denied { write } for pid=3083 comm="mkswap" path="/swap-file" dev="vda" ino=809 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 80.215206][ T28] audit: type=1400 audit(80.140:69): avc: denied { read } for pid=3081 comm="syz-executor" name="swap-file" dev="vda" ino=809 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 80.219557][ T28] audit: type=1400 audit(80.140:70): avc: denied { open } for pid=3081 comm="syz-executor" path="/swap-file" dev="vda" ino=809 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 87.487962][ T3081] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.824749][ T28] audit: type=1400 audit(89.750:71): avc: denied { execmem } for pid=3084 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 89.898766][ T28] audit: type=1400 audit(89.820:72): avc: denied { read } for pid=3086 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 89.900930][ T28] audit: type=1400 audit(89.830:73): avc: denied { open } for pid=3086 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 89.913005][ T28] audit: type=1400 audit(89.830:74): avc: denied { mounton } for pid=3086 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 89.939469][ T28] audit: type=1400 audit(89.860:75): avc: denied { module_request } for pid=3086 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 90.017833][ T28] audit: type=1400 audit(89.940:76): avc: denied { sys_module } for pid=3086 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 90.714021][ T28] audit: type=1400 audit(90.640:77): avc: denied { ioctl } for pid=3086 comm="syz-executor" path="/dev/net/tun" dev="devtmpfs" ino=677 ioctlcmd=0x54ca scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 91.796395][ T3087] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.814142][ T3087] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.944474][ T3086] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.955350][ T3086] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.676250][ T3087] hsr_slave_0: entered promiscuous mode [ 92.684417][ T3087] hsr_slave_1: entered promiscuous mode [ 92.794276][ T3086] hsr_slave_0: entered promiscuous mode [ 92.797225][ T3086] hsr_slave_1: entered promiscuous mode [ 92.802665][ T3086] debugfs: 'hsr0' already exists in 'hsr' [ 92.806906][ T3086] Cannot create hsr debugfs directory [ 93.243343][ T28] audit: type=1400 audit(93.170:78): avc: denied { create } for pid=3087 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 93.248387][ T28] audit: type=1400 audit(93.170:79): avc: denied { write } for pid=3087 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 93.257916][ T28] audit: type=1400 audit(93.180:80): avc: denied { read } for pid=3087 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 93.283891][ T3087] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.295706][ T3086] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.305231][ T3087] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.312975][ T3087] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.321190][ T3086] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.325387][ T3087] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.334094][ T3086] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.343495][ T3086] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.272389][ T3086] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.406477][ T3087] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.086414][ T3087] veth0_vlan: entered promiscuous mode [ 97.122384][ T3087] veth1_vlan: entered promiscuous mode [ 97.208243][ T3087] veth0_macvtap: entered promiscuous mode [ 97.224605][ T3087] veth1_macvtap: entered promiscuous mode [ 97.326262][ T37] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.327419][ T37] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.331012][ T37] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.332850][ T37] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.462955][ T28] audit: type=1400 audit(97.390:81): avc: denied { mount } for pid=3087 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 97.486935][ T28] audit: type=1400 audit(97.410:82): avc: denied { mounton } for pid=3087 comm="syz-executor" path="/syzkaller.EtiOVc/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 97.497393][ T28] audit: type=1400 audit(97.420:83): avc: denied { mount } for pid=3087 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 97.512357][ T28] audit: type=1400 audit(97.440:84): avc: denied { mounton } for pid=3087 comm="syz-executor" path="/syzkaller.EtiOVc/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 97.516332][ T28] audit: type=1400 audit(97.440:85): avc: denied { mounton } for pid=3087 comm="syz-executor" path="/syzkaller.EtiOVc/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 97.544366][ T28] audit: type=1400 audit(97.470:86): avc: denied { unmount } for pid=3087 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 97.557370][ T28] audit: type=1400 audit(97.480:87): avc: denied { mounton } for pid=3087 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=772 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 97.565893][ T28] audit: type=1400 audit(97.490:88): avc: denied { mount } for pid=3087 comm="syz-executor" name="/" dev="gadgetfs" ino=922 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 97.578293][ T28] audit: type=1400 audit(97.500:89): avc: denied { mount } for pid=3087 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 97.585526][ T28] audit: type=1400 audit(97.510:90): avc: denied { mounton } for pid=3087 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 97.625552][ T3086] veth0_vlan: entered promiscuous mode [ 97.685418][ T3087] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 97.706020][ T3086] veth1_vlan: entered promiscuous mode [ 97.875499][ T3086] veth0_macvtap: entered promiscuous mode [ 97.906015][ T3086] veth1_macvtap: entered promiscuous mode [ 97.952275][ T37] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.953214][ T37] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.955665][ T37] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.960928][ T37] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.843146][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 100.000095][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 100.022579][ T9] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 100.022904][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.023277][ T9] usb 2-1: Product: syz [ 100.023367][ T9] usb 2-1: Manufacturer: syz [ 100.023468][ T9] usb 2-1: SerialNumber: syz [ 100.037328][ T9] r8152-cfgselector 2-1: Unknown version 0x0000 [ 100.042725][ T9] r8152-cfgselector 2-1: config 0 descriptor?? [ 109.276543][ T28] kauditd_printk_skb: 13 callbacks suppressed [ 109.280918][ T28] audit: type=1400 audit(109.200:104): avc: denied { append } for pid=3709 comm="syz.0.3" name="comedi3" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 109.298483][ T3710] 8<--- cut here --- [ 109.309697][ T3710] Unable to handle kernel paging request at virtual address fee08004 when write [ 109.316697][ T3710] [fee08004] *pgd=80000080007003, *pmd=00000000 [ 109.322535][ T3710] Internal error: Oops: a06 [#1] SMP ARM [ 109.324360][ T3710] Modules linked in: [ 109.325670][ T3710] CPU: 0 UID: 0 PID: 3710 Comm: syz.0.3 Tainted: G L syzkaller #0 PREEMPT [ 109.326468][ T3710] Tainted: [L]=SOFTLOCKUP [ 109.326718][ T3710] Hardware name: ARM-Versatile Express [ 109.327219][ T3710] PC is at subdev_8255_io+0x60/0x6c [ 109.328190][ T3710] LR is at subdev_8255_io+0x4c/0x6c [ 109.328454][ T3710] pc : [<81436b38>] lr : [<81436b24>] psr: 60000013 [ 109.328768][ T3710] sp : dfe21cb8 ip : dfe21cb8 fp : dfe21cd4 [ 109.329303][ T3710] r10: 00000000 r9 : 00000084 r8 : dfe21da4 [ 109.329657][ T3710] r7 : 00008001 r6 : 0000009b r5 : 8473d780 r4 : 00008004 [ 109.330048][ T3710] r3 : 0000009b r2 : fee08004 r1 : 00000001 r0 : 8473d780 [ 109.330574][ T3710] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user [ 109.331096][ T3710] Control: 30c5387d Table: 86372e80 DAC: fffffffd [ 109.331567][ T3710] Register r0 information: slab kmalloc-192 start 8473d780 pointer offset 0 size 192 [ 109.333057][ T3710] Register r1 information: non-paged memory [ 109.333672][ T3710] Register r2 information: 0-page vmalloc region starting at 0xfee00000 allocated at pci_reserve_io+0x0/0x38 [ 109.334349][ T3710] Register r3 information: non-paged memory [ 109.334643][ T3710] Register r4 information: non-paged memory [ 109.334946][ T3710] Register r5 information: slab kmalloc-192 start 8473d780 pointer offset 0 size 192 [ 109.335510][ T3710] Register r6 information: non-paged memory [ 109.335843][ T3710] Register r7 information: non-paged memory [ 109.336164][ T3710] Register r8 information: 2-page vmalloc region starting at 0xdfe20000 allocated at kernel_clone+0xac/0x428 [ 109.336700][ T3710] Register r9 information: non-paged memory [ 109.337025][ T3710] Register r10 information: NULL pointer [ 109.337354][ T3710] Register r11 information: 2-page vmalloc region starting at 0xdfe20000 allocated at kernel_clone+0xac/0x428 [ 109.337837][ T3710] Register r12 information: 2-page vmalloc region starting at 0xdfe20000 allocated at kernel_clone+0xac/0x428 [ 109.338447][ T3710] Process syz.0.3 (pid: 3710, stack limit = 0xdfe20000) [ 109.339022][ T3710] Stack: (0xdfe21cb8 to 0xdfe22000) [ 109.339558][ T3710] 1ca0: 81436ad8 00008001 [ 109.339960][ T3710] 1cc0: 8473d780 00008001 dfe21cf4 dfe21cd8 81436814 81436ae4 00008001 805223ec [ 109.340374][ T3710] 1ce0: 8536eb40 8536eb40 dfe21d14 dfe21cf8 81436bcc 814367c8 8473d780 00000000 [ 109.340819][ T3710] 1d00: 8536eb40 00008001 dfe21d54 dfe21d18 81436d7c 81436b50 82b12eec 84606400 [ 109.341184][ T3710] 1d20: 82821780 00000000 00000000 829d6504 8473d780 00000000 dfe21d90 8473d780 [ 109.341526][ T3710] 1d40: 00000000 82b2df9c dfe21d8c dfe21d58 81425768 81436d14 40946400 00000000 [ 109.341876][ T3710] 1d60: dfe21d7c 200000c0 8473d780 b5403587 40946400 850b8000 00000003 8473d7b0 [ 109.342306][ T3710] 1d80: dfe21e4c dfe21d90 814210a0 81425668 35353238 00000000 00000000 00000000 [ 109.343038][ T3710] 1da0: 00000000 00008001 00000000 00000001 00000000 00000001 00000001 00000004 [ 109.343703][ T3710] 1dc0: 0000000b 0000005c 000000fd 00001002 00000008 0000000b 00000800 00000006 [ 109.344132][ T3710] 1de0: ffffffff 00000003 00000400 00000002 40000003 00000089 00000002 00000f27 [ 109.344592][ T3710] 1e00: 00000006 00000007 10000008 0000000f 00000008 00000004 0000fffe fffffff8 [ 109.345030][ T3710] 1e20: 00000000 d3d6c2bd 00000000 852eee40 8473d780 200000c0 40946400 850b8000 [ 109.345485][ T3710] 1e40: dfe21f14 dfe21e50 81421c20 81420fd8 00000000 d3d6c2bd 00000000 00000000 [ 109.345941][ T3710] 1e60: 824b557c dfe21ea4 0000005f 844e6e20 00000064 843e3444 dfe21ee4 dfe21e88 [ 109.346348][ T3710] 1e80: 807cb7cc 807c1ba4 00000064 00000001 00000000 dfe21ea4 833b16d0 834e9bb0 [ 109.346711][ T3710] 1ea0: 00006400 0000000b dfe21e98 00000000 00000000 d3d6c2bd 00000000 852eee40 [ 109.347092][ T3710] 1ec0: 40946400 200000c0 200000c0 852eee40 00000003 850b8000 dfe21ef4 dfe21ee8 [ 109.347487][ T3710] 1ee0: 807cb8fc d3d6c2bd dfe21f14 00000000 852eee41 40946400 200000c0 852eee40 [ 109.347953][ T3710] 1f00: 00000003 850b8000 dfe21fa4 dfe21f18 8058f558 81421b28 ecac8b10 850b8000 [ 109.348365][ T3710] 1f20: dfe21f3c dfe21f30 81ad9c34 81ad9b00 dfe21f54 dfe21f40 8025a85c 8028bff0 [ 109.348738][ T3710] 1f40: dfe21fb0 40000000 dfe21f84 dfe21f58 80220bf8 8025a818 00000000 8281d27c [ 109.350672][ T3710] 1f60: dfe21fb0 0013ddc0 ecac8b10 80220b4c 00000000 d3d6c2bd dfe21fac 00000000 [ 109.351366][ T3710] 1f80: 00000000 00346310 00000036 8020029c 850b8000 00000036 00000000 dfe21fa8 [ 109.351773][ T3710] 1fa0: 80200060 8058f320 00000000 00000000 00000003 40946400 200000c0 00000000 [ 109.352097][ T3710] 1fc0: 00000000 00000000 00346310 00000036 003462d8 00000000 00000001 76f1c0dc [ 109.352430][ T3710] 1fe0: 76f1be88 76f1be78 00018734 0012fc20 60000010 00000003 00000000 00000000 [ 109.352881][ T3710] Call trace: [ 109.353238][ T3710] [<81436ad8>] (subdev_8255_io) from [<81436814>] (subdev_8255_do_config+0x58/0x60) [ 109.353819][ T3710] r7:00008001 r6:8473d780 r5:00008001 r4:81436ad8 [ 109.354135][ T3710] [<814367bc>] (subdev_8255_do_config) from [<81436bcc>] (subdev_8255_io_init+0x88/0x98) [ 109.357415][ T3710] r4:8536eb40 [ 109.357579][ T3710] [<81436b44>] (subdev_8255_io_init) from [<81436d7c>] (dev_8255_attach+0x74/0x120) [ 109.357981][ T3710] r7:00008001 r6:8536eb40 r5:00000000 r4:8473d780 [ 109.358330][ T3710] [<81436d08>] (dev_8255_attach) from [<81425768>] (comedi_device_attach+0x10c/0x248) [ 109.358686][ T3710] r10:82b2df9c r9:00000000 r8:8473d780 r7:dfe21d90 r6:00000000 r5:8473d780 [ 109.359152][ T3710] r4:829d6504 [ 109.359387][ T3710] [<8142565c>] (comedi_device_attach) from [<814210a0>] (do_devconfig_ioctl+0xd4/0x21c) [ 109.359738][ T3710] r10:8473d7b0 r9:00000003 r8:850b8000 r7:40946400 r6:b5403587 r5:8473d780 [ 109.360127][ T3710] r4:200000c0 [ 109.360340][ T3710] [<81420fcc>] (do_devconfig_ioctl) from [<81421c20>] (comedi_unlocked_ioctl+0x104/0x1c80) [ 109.360780][ T3710] r8:850b8000 r7:40946400 r6:200000c0 r5:8473d780 r4:852eee40 [ 109.361098][ T3710] [<81421b1c>] (comedi_unlocked_ioctl) from [<8058f558>] (sys_ioctl+0x244/0xb5c) [ 109.361600][ T3710] r10:850b8000 r9:00000003 r8:852eee40 r7:200000c0 r6:40946400 r5:852eee41 [ 109.361880][ T3710] r4:00000000 [ 109.362032][ T3710] [<8058f314>] (sys_ioctl) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 109.362997][ T3710] Exception stack(0xdfe21fa8 to 0xdfe21ff0) [ 109.363469][ T3710] 1fa0: 00000000 00000000 00000003 40946400 200000c0 00000000 [ 109.364026][ T3710] 1fc0: 00000000 00000000 00346310 00000036 003462d8 00000000 00000001 76f1c0dc [ 109.364432][ T3710] 1fe0: 76f1be88 76f1be78 00018734 0012fc20 [ 109.364748][ T3710] r10:00000036 r9:850b8000 r8:8020029c r7:00000036 r6:00346310 r5:00000000 [ 109.365154][ T3710] r4:00000000 [ 109.365869][ T3710] Code: e6ef3076 e0842002 e7f32052 e2422612 (e5c23000) [ 109.370504][ T3710] ---[ end trace 0000000000000000 ]--- [ 109.380564][ T3710] Kernel panic - not syncing: Fatal exception [ 109.383362][ T3710] Rebooting in 86400 seconds.. VM DIAGNOSIS: 01:35:34 Registers: info registers vcpu 0 CPU#0 R00=00000000 R01=7e943a7c R02=40000001 R03=00000000 R04=00000000 R05=00000000 R06=40000001 R07=00000072 R08=00002328 R09=cccccccd R10=00000000 R11=7e943ad0 R12=00000001 R13=df971ff8 R14=0010af44 R15=0010af44 PSR=40000093 -Z-- A S svc32 s00=34303038 s01=65687720 d00=6568772034303038 s02=54205b5d s03=30313733 d01=3031373354205b5d s04=6e55205d s05=656c6261 d02=656c62616e55205d s06=206f7420 s07=646e6168 d03=646e6168206f7420 s08=6b20656c s09=656e7265 d04=656e72656b20656c s10=6170206c s11=676e6967 d05=676e69676170206c s12=71657220 s13=74736575 d06=7473657571657220 s14=20746120 s15=74726976 d07=7472697620746120 s16=00000000 s17=00000000 d08=0000000000000000 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=00000000 s33=00000000 d16=0000000000000000 s34=00000000 s35=00000000 d17=0000000000000000 s36=00000000 s37=00000000 d18=0000000000000000 s38=00000000 s39=00000000 d19=0000000000000000 s40=00000000 s41=00000000 d20=0000000000000000 s42=00000000 s43=00000000 d21=0000000000000000 s44=00000000 s45=00000000 d22=0000000000000000 s46=00000000 s47=00000000 d23=0000000000000000 s48=00000000 s49=00000000 d24=0000000000000000 s50=00000000 s51=00000000 d25=0000000000000000 s52=00000000 s53=00000000 d26=0000000000000000 s54=00000000 s55=00000000 d27=0000000000000000 s56=00000000 s57=00000000 d28=0000000000000000 s58=00000000 s59=00000000 d29=0000000000000000 s60=00000000 s61=00000000 d30=0000000000000000 s62=00000000 s63=00000000 d31=0000000000000000 FPSCR: 00000000 info registers vcpu 1 CPU#1 R00=00000001 R01=00000000 R02=00000004 R03=81ada500 R04=00000006 R05=828f8348 R06=8404b000 R07=828f8340 R08=8404b000 R09=828f8348 R10=00000000 R11=dfdb1ad4 R12=dfdb1ad8 R13=dfdb1ac8 R14=80341078 R15=81ada510 PSR=60000093 -ZC- A S svc32 s00=00260000 s01=00000000 d00=0000000000260000 s02=00000100 s03=fe6e0000 d01=fe6e000000000100 s04=f80410ed s05=436ba0fd d02=436ba0fdf80410ed s06=b14ccd44 s07=376e08f1 d03=376e08f1b14ccd44 s08=533b53b0 s09=129ce942 d04=129ce942533b53b0 s10=5cc6b85d s11=ba6eaa17 d05=ba6eaa175cc6b85d s12=00000009 s13=00000000 d06=0000000000000009 s14=00000000 s15=f0000000 d07=f000000000000000 s16=00000000 s17=00000000 d08=0000000000000000 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=f9844ec9 s33=e270283e d16=e270283ef9844ec9 s34=ff3523dc s35=9ff22f2a d17=9ff22f2aff3523dc s36=232c1b36 s37=489d43a2 d18=489d43a2232c1b36 s38=80152cb4 s39=5d07e977 d19=5d07e97780152cb4 s40=12c41b98 s41=215e58ee d20=215e58ee12c41b98 s42=1a0a4b28 s43=e14dc683 d21=e14dc6831a0a4b28 s44=710a892a s45=01f7f2e9 d22=01f7f2e9710a892a s46=3727760d s47=9eb5c45f d23=9eb5c45f3727760d s48=00000001 s49=00000000 d24=0000000000000001 s50=00000000 s51=00000000 d25=0000000000000000 s52=0008ffff s53=00000000 d26=000000000008ffff s54=00000300 s55=ff420000 d27=ff42000000000300 s56=0008ffff s57=00000000 d28=000000000008ffff s58=00000300 s59=ff520000 d29=ff52000000000300 s60=0008ffff s61=00000000 d30=000000000008ffff s62=00000300 s63=ff620000 d31=ff62000000000300 FPSCR: 00000000