last executing test programs: 2.449995476s ago: executing program 1 (id=377): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) shutdown(r0, 0x1) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0xf, @loopback, 0x5}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x9, @loopback, 0x1}, 0x1c) connect$inet6(r0, 0x0, 0x0) 1.570132515s ago: executing program 1 (id=409): r0 = landlock_create_ruleset(&(0x7f0000000140)={0x0, 0x2, 0x3}, 0x18, 0x0) r1 = landlock_create_ruleset(&(0x7f0000000000)={0x10, 0x0, 0x3}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r1, 0x2) r2 = landlock_create_ruleset(&(0x7f0000000140)={0x0, 0x3, 0x3}, 0x18, 0x0) landlock_restrict_self(r2, 0x0) landlock_restrict_self(r2, 0x0) landlock_restrict_self(r2, 0x0) landlock_restrict_self(r2, 0x0) landlock_restrict_self(r2, 0x0) landlock_restrict_self(r2, 0x0) r3 = landlock_create_ruleset(&(0x7f0000000000)={0x0, 0x3}, 0x10, 0x0) landlock_restrict_self(r3, 0x0) landlock_restrict_self(r2, 0x0) landlock_restrict_self(r3, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x2) landlock_restrict_self(r0, 0x0) 1.510288389s ago: executing program 1 (id=411): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000009b768405e0483020b9901e40201090227000100000000090400fb015cc7aa00090509"], 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x40) syz_usb_disconnect(r0) 1.144039879s ago: executing program 3 (id=434): unshare(0x68040200) r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000500)={'mangle\x00', 0x0, [0x203, 0x9, 0x0, 0x3, 0x4]}, &(0x7f0000000000)=0x54) 1.040470067s ago: executing program 3 (id=439): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000000)="05000806", 0x4, 0x0, &(0x7f0000000080)={0x11, 0x8100, r1}, 0x14) 1.03725896s ago: executing program 3 (id=442): r0 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @random="a538ae464632", @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x5, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x17, 0x7c, 0x0, @multicast1}}}}}, 0x0) sendmsg(r0, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) 949.597714ms ago: executing program 3 (id=443): syz_usb_connect(0x0, 0x36, &(0x7f00000004c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a8230800090400bc6435fb4d00090503034d00ff99090805", @ANYRES32], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) pwritev2(r0, &(0x7f0000000000)=[{&(0x7f0000000040)="25872a590effa1b48c9cc3bc0ec13cfdc18d1271640b8aebaa13a1f07d8a65fb466be58a9efe758edf0019c2c329a81fffbef9e2490f04ab022b7ff1df4212e70784779ae04c88f616bf666a751cd3f1145a88669e66a47825ff89c6f2e22473dd54e96ab2ec3f7d44cca839248e25cfb2e3bcb3", 0x74}, {&(0x7f0000000180)}, {0x0}, {&(0x7f0000000500)="ff7dd15a7d3565b24bd3307b4568d11ec35ab58a8f0e14a10c6e97455cf8231ee9dc1cce54a0a43d18be98eef98f7677ae6e95c7d7adc37ffedb5e33516925e2e4f93216c0a2f181f7312a768168532ba50609a475989c18e81a8d3c2b5f29af3acd5b4e1150410a124be89a75afcec99db7c3d71dc4e5b69165cf67b70397b5d61d639f83de17b77c002d7e5977d854d57fd84a8f83f9a5670a17220f2f2ee4c44dfabde1bea696bdbe1590ecb98a98c41596383601826f6f863190cf3bf1fb284190b8e876429ef21f4bb393fa520d4ce034578b3054c4c7891e32902178c5cb2b9830eeabc046df827ef23ec67c1461e974fb8d23d674709d81a62ffd08fe9ebcd1d9a092d2f6a4cb808a7319555d9240b5af5742977f819700"/298, 0x12a}], 0x4, 0x81, 0x80, 0x0) 780.38518ms ago: executing program 1 (id=451): getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@private2, 0x0, 0x2, 0x0, 0x2, 0x4101}, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$FS_IOC_GETFSLABEL(r0, 0x400452c8, &(0x7f0000000100)) 743.613228ms ago: executing program 1 (id=454): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) syz_open_dev$MSR(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) socket(0x9, 0x7, 0x2) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b19, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000)) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r1, 0x890b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @bcast, @bpq0, 0x4, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) 705.491536ms ago: executing program 1 (id=456): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) shutdown(r0, 0x1) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e20, 0x0, @loopback, 0x10006}}, 0x0, 0x0, 0x47, 0x0, "09be2271b78506e6dd938d324c415acd403a4480fd1afa34432bcdfa64d957e93efafd27ad06a6f589bb643f167cf0fcd370239aaa93f6ded3c5032c96ead0cdc68474d402ab73e482db7ec1e0a57489"}, 0xd8) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0xf, @loopback, 0x5}, 0x1c) prlimit64(0x0, 0xe, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) add_key(0x0, &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x9, @loopback, 0x1}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0xfffffff1, @empty, 0x2}, 0x1c) 387.128315ms ago: executing program 3 (id=469): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}, {@verity_on}]}) r0 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43) mknodat$loop(r0, 0x0, 0x40, 0x1) chdir(&(0x7f00000003c0)='./bus\x00') renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x2) r1 = syz_create_resource$binfmt(&(0x7f0000000000)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r1, 0x42, 0x1ff) 384.524989ms ago: executing program 3 (id=473): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a0000070800"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_usb_connect(0x1, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="1201000009a65d0860040800dee20102030109021b05000000000009040000f678eaf500090584"], &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) openat$mice(0xffffff9c, &(0x7f0000000140), 0x1ad100) 270.289829ms ago: executing program 0 (id=478): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) shutdown(r0, 0x1) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e20, 0x0, @loopback, 0x10006}}, 0x0, 0x0, 0x47, 0x0, "09be2271b78506e6dd938d324c415acd403a4480fd1afa34432bcdfa64d957e93efafd27ad06a6f589bb643f167cf0fcd370239aaa93f6ded3c5032c96ead0cdc68474d402ab73e482db7ec1e0a57489"}, 0xd8) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0xf, @loopback, 0x5}, 0x1c) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) add_key(0x0, &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x9, @loopback, 0x1}, 0x1c) 220.753142ms ago: executing program 2 (id=479): socket$inet_udp(0x2, 0x2, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000040)=0x8000002, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @empty}, 0x10) 220.340869ms ago: executing program 0 (id=480): openat$drirender128(0xffffffffffffff9c, 0x0, 0x2000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000001c0), 0x841, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, 0x0, 0x4000010) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8080000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x140) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 204.596582ms ago: executing program 2 (id=481): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000340)="07000000010003", 0x7) 140.480205ms ago: executing program 0 (id=482): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48050}, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50) writev(0xffffffffffffffff, &(0x7f0000000100)=[{}], 0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) 140.33148ms ago: executing program 2 (id=483): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x8000, {0x2, 0x0, 0x0, 0x8, 0x78, 0x0, 0x0, 0x3, 0x1001e}}, 0x1c}}, 0x44084) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801, 0x1303}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0) 140.193854ms ago: executing program 0 (id=484): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d00), r0) sendmsg$IEEE802154_LLSEC_ADD_KEY(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000100)={0x28, r1, 0xe29, 0x70bd26, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_KEY_USAGE_FRAME_TYPES={0x5, 0x31, 0x7f}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x60044095}, 0x24040044) 71.366043ms ago: executing program 2 (id=485): r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x9, 0x2, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f00000000c0)=0x2) 68.383535ms ago: executing program 0 (id=486): syz_open_dev$sg(0x0, 0x0, 0x8401) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80}}}, 0xb8}}, 0x0) 526.043µs ago: executing program 2 (id=487): openat$drirender128(0xffffffffffffff9c, 0x0, 0x2000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000001c0), 0x841, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, 0x0, 0x4000010) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8080000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) r3 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x140) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x7, 0x80a0000, 0x0, r3, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 335.302µs ago: executing program 0 (id=488): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x181480, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0x2f, &(0x7f0000000040)=0x8000002, 0x4) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e24, @empty}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x3, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) mmap(&(0x7f000064b000/0x3000)=nil, 0x3000, 0x2, 0x11, r0, 0xf0b48000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00'}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0xe8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x1000007) sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, 0x0, 0x801) 0s ago: executing program 2 (id=489): socket$nl_generic(0x10, 0x3, 0x10) openat$drirender128(0xffffffffffffff9c, 0x0, 0x2000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$kvm(0xffffff9c, 0x0, 0x841, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00\x00\a'], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4000010) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x2, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8080000000000000, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3}) r3 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x140) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x7, 0x80a0000, 0x0, r3, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:49832' (ED25519) to the list of known hosts. [ 54.994549][ T40] audit: type=1400 audit(1767429496.400:62): avc: denied { name_bind } for pid=5920 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 55.026627][ T40] audit: type=1400 audit(1767429496.430:63): avc: denied { execute } for pid=5921 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 55.033719][ T40] audit: type=1400 audit(1767429496.440:64): avc: denied { execute_no_trans } for pid=5921 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 57.554816][ T40] audit: type=1400 audit(1767429498.960:65): avc: denied { mounton } for pid=5921 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 57.564239][ T40] audit: type=1400 audit(1767429498.970:66): avc: denied { mount } for pid=5921 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 57.566132][ T5921] cgroup: Unknown subsys name 'net' [ 57.700487][ T5921] cgroup: Unknown subsys name 'cpuset' [ 57.704614][ T5921] cgroup: Unknown subsys name 'rlimit' [ 57.961477][ T5931] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 57.966112][ T40] kauditd_printk_skb: 11 callbacks suppressed [ 57.966127][ T40] audit: type=1400 audit(1767429499.370:78): avc: denied { relabelto } for pid=5931 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 57.981776][ T40] audit: type=1400 audit(1767429499.370:79): avc: denied { write } for pid=5931 comm="mkswap" path="/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 57.992968][ T40] audit: type=1400 audit(1767429499.400:80): avc: denied { read } for pid=5921 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 58.005226][ T40] audit: type=1400 audit(1767429499.400:81): avc: denied { open } for pid=5921 comm="syz-executor" path="/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 58.902594][ T5921] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 62.632634][ T40] audit: type=1400 audit(1767429504.040:82): avc: denied { execmem } for pid=5935 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 62.807321][ T40] audit: type=1400 audit(1767429504.220:83): avc: denied { create } for pid=5939 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 62.813934][ T40] audit: type=1400 audit(1767429504.220:84): avc: denied { create } for pid=5940 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 62.823913][ T40] audit: type=1400 audit(1767429504.220:85): avc: denied { read write } for pid=5940 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 62.841495][ T5946] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 62.844759][ T5946] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.847393][ T40] audit: type=1400 audit(1767429504.220:86): avc: denied { open } for pid=5940 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 62.857607][ T5947] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 62.858206][ T40] audit: type=1400 audit(1767429504.220:87): avc: denied { ioctl } for pid=5940 comm="syz-executor" path="socket:[7421]" dev="sockfs" ino=7421 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 62.861032][ T5947] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.874657][ T5947] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 62.877690][ T5950] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 62.879318][ T5947] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.883005][ T5953] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 62.884948][ T5947] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 62.889319][ T5953] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 62.892522][ T5947] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 62.897112][ T5944] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 62.899537][ T5947] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 62.903560][ T5953] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 62.903575][ T5944] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 62.904292][ T5947] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.904705][ T5944] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 62.905170][ T5944] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 62.907892][ T5953] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 62.911111][ T5947] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 63.237751][ T40] kauditd_printk_skb: 3 callbacks suppressed [ 63.237763][ T40] audit: type=1400 audit(1767429504.650:91): avc: denied { module_request } for pid=5948 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 63.294896][ T5948] chnl_net:caif_netlink_parms(): no params data found [ 63.354086][ T5951] chnl_net:caif_netlink_parms(): no params data found [ 63.431761][ T5940] chnl_net:caif_netlink_parms(): no params data found [ 63.506014][ T5948] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.509062][ T5948] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.511644][ T5948] bridge_slave_0: entered allmulticast mode [ 63.514729][ T5948] bridge_slave_0: entered promiscuous mode [ 63.519510][ T5939] chnl_net:caif_netlink_parms(): no params data found [ 63.524910][ T5948] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.527379][ T5948] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.530221][ T5948] bridge_slave_1: entered allmulticast mode [ 63.533936][ T5948] bridge_slave_1: entered promiscuous mode [ 63.552277][ T5951] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.554682][ T5951] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.557149][ T5951] bridge_slave_0: entered allmulticast mode [ 63.560130][ T5951] bridge_slave_0: entered promiscuous mode [ 63.563848][ T5951] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.566197][ T5951] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.568757][ T5951] bridge_slave_1: entered allmulticast mode [ 63.571872][ T5951] bridge_slave_1: entered promiscuous mode [ 63.625488][ T5951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.633956][ T5948] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.642873][ T5948] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.647187][ T5951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.759558][ T5939] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.762053][ T5939] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.764760][ T5939] bridge_slave_0: entered allmulticast mode [ 63.768605][ T5939] bridge_slave_0: entered promiscuous mode [ 63.775861][ T5948] team0: Port device team_slave_0 added [ 63.781393][ T5951] team0: Port device team_slave_0 added [ 63.787074][ T5948] team0: Port device team_slave_1 added [ 63.789749][ T5940] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.792846][ T5940] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.795947][ T5940] bridge_slave_0: entered allmulticast mode [ 63.800464][ T5940] bridge_slave_0: entered promiscuous mode [ 63.805411][ T5939] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.809226][ T5939] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.811769][ T5939] bridge_slave_1: entered allmulticast mode [ 63.814639][ T5939] bridge_slave_1: entered promiscuous mode [ 63.819917][ T5951] team0: Port device team_slave_1 added [ 63.831881][ T5940] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.834840][ T5940] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.837796][ T5940] bridge_slave_1: entered allmulticast mode [ 63.840964][ T5940] bridge_slave_1: entered promiscuous mode [ 63.872773][ T5948] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.875674][ T5948] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.887821][ T5948] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.900342][ T5948] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.903327][ T5948] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.914388][ T5948] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.936214][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.938797][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.947487][ T5951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.952663][ T5939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.965259][ T5940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.969179][ T5951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.971523][ T5951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 63.980329][ T5951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.986199][ T5939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.000027][ T5940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.021524][ T5939] team0: Port device team_slave_0 added [ 64.035924][ T5939] team0: Port device team_slave_1 added [ 64.048117][ T5940] team0: Port device team_slave_0 added [ 64.059106][ T5940] team0: Port device team_slave_1 added [ 64.107110][ T5948] hsr_slave_0: entered promiscuous mode [ 64.109491][ T5948] hsr_slave_1: entered promiscuous mode [ 64.128666][ T5951] hsr_slave_0: entered promiscuous mode [ 64.131171][ T5951] hsr_slave_1: entered promiscuous mode [ 64.133459][ T5951] debugfs: 'hsr0' already exists in 'hsr' [ 64.135393][ T5951] Cannot create hsr debugfs directory [ 64.138164][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.140523][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 64.149744][ T5939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.153925][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.156360][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 64.166100][ T5940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.172104][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.174532][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 64.183565][ T5940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.189450][ T5939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.191920][ T5939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 64.200190][ T5939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.304575][ T5939] hsr_slave_0: entered promiscuous mode [ 64.308157][ T5939] hsr_slave_1: entered promiscuous mode [ 64.311835][ T5939] debugfs: 'hsr0' already exists in 'hsr' [ 64.314419][ T5939] Cannot create hsr debugfs directory [ 64.347638][ T5940] hsr_slave_0: entered promiscuous mode [ 64.350091][ T5940] hsr_slave_1: entered promiscuous mode [ 64.352413][ T5940] debugfs: 'hsr0' already exists in 'hsr' [ 64.354653][ T5940] Cannot create hsr debugfs directory [ 64.649577][ T5948] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 64.660596][ T5948] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 64.678940][ T5948] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 64.686240][ T5948] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 64.724310][ T5951] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 64.733294][ T5951] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 64.740310][ T5951] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 64.752522][ T5951] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 64.810886][ T5939] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.820774][ T5939] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.826190][ T5939] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.834074][ T5939] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.902456][ T5940] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 64.908528][ T5940] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 64.918289][ T5940] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 64.928583][ T5294] Bluetooth: hci2: command tx timeout [ 64.932911][ T5940] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 64.955208][ T5948] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.994295][ T5948] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.998043][ T5294] Bluetooth: hci0: command tx timeout [ 64.998116][ T64] Bluetooth: hci1: command tx timeout [ 64.998173][ T5947] Bluetooth: hci3: command tx timeout [ 65.022478][ T97] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.026110][ T97] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.042888][ T97] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.045278][ T97] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.076659][ T5951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.119693][ T5951] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.140329][ T5939] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.152569][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.155731][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.174222][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.177001][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.194517][ T40] audit: type=1400 audit(1767429506.600:92): avc: denied { sys_module } for pid=5948 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 65.198680][ T5939] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.220126][ T5940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.233718][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.237051][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.254427][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.257878][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.276408][ T5940] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.294080][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.297072][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.313815][ T1200] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.317110][ T1200] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.348870][ T5948] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.397739][ T5948] veth0_vlan: entered promiscuous mode [ 65.411977][ T5948] veth1_vlan: entered promiscuous mode [ 65.442045][ T5951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.478942][ T5948] veth0_macvtap: entered promiscuous mode [ 65.492193][ T5951] veth0_vlan: entered promiscuous mode [ 65.498660][ T5951] veth1_vlan: entered promiscuous mode [ 65.503892][ T5948] veth1_macvtap: entered promiscuous mode [ 65.534823][ T5939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.544914][ T5948] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.561658][ T5948] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.566647][ T5951] veth0_macvtap: entered promiscuous mode [ 65.587569][ T5951] veth1_macvtap: entered promiscuous mode [ 65.591493][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.595344][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.603276][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.608599][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.634238][ T5940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.658993][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.666751][ T5939] veth0_vlan: entered promiscuous mode [ 65.682285][ T5951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.712413][ T5939] veth1_vlan: entered promiscuous mode [ 65.713700][ T97] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.719409][ T98] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.722620][ T98] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.725587][ T97] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.731512][ T98] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.735393][ T98] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.770260][ T4874] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.773565][ T4874] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.792034][ T40] audit: type=1400 audit(1767429507.200:93): avc: denied { mount } for pid=5948 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 65.800751][ T40] audit: type=1400 audit(1767429507.200:94): avc: denied { mounton } for pid=5948 comm="syz-executor" path="/syzkaller.wHkVg2/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 65.802765][ T5939] veth0_macvtap: entered promiscuous mode [ 65.810348][ T40] audit: type=1400 audit(1767429507.200:95): avc: denied { mount } for pid=5948 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 65.819605][ T40] audit: type=1400 audit(1767429507.210:96): avc: denied { mounton } for pid=5948 comm="syz-executor" path="/syzkaller.wHkVg2/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 65.819625][ T5940] veth0_vlan: entered promiscuous mode [ 65.828678][ T40] audit: type=1400 audit(1767429507.210:97): avc: denied { mounton } for pid=5948 comm="syz-executor" path="/syzkaller.wHkVg2/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=8736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 65.839123][ T40] audit: type=1400 audit(1767429507.210:98): avc: denied { unmount } for pid=5948 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 65.845617][ T40] audit: type=1400 audit(1767429507.230:99): avc: denied { mounton } for pid=5948 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2837 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 65.847507][ T5939] veth1_macvtap: entered promiscuous mode [ 65.853068][ T40] audit: type=1400 audit(1767429507.230:100): avc: denied { mount } for pid=5948 comm="syz-executor" name="/" dev="gadgetfs" ino=8737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 65.863386][ T5940] veth1_vlan: entered promiscuous mode [ 65.882494][ T5948] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 65.899076][ T98] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.902512][ T98] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.904929][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.920931][ T5939] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.946315][ T4874] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.952028][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.957005][ T4874] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.957064][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.960130][ T4874] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.968908][ T4874] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.985485][ T5940] veth0_macvtap: entered promiscuous mode [ 65.994882][ T5940] veth1_macvtap: entered promiscuous mode [ 66.036134][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.058791][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.079220][ T1144] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.082161][ T1144] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.085362][ T1144] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.094609][ T6034] binder_alloc: 6033: binder_alloc_buf, no vma [ 66.099813][ T1144] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.103775][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.112973][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.153478][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.156358][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.225424][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.232734][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.245772][ T6039] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 66.283868][ T98] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.286855][ T98] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.311695][ T6041] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6'. [ 66.450734][ T6048] faux_driver vkms: [drm] Unknown color mode 256; guessing buffer size. [ 66.509483][ T6045] netlink: 72 bytes leftover after parsing attributes in process `syz.3.7'. [ 66.615567][ T6055] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 66.619058][ T6055] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 66.625810][ T6055] vhci_hcd vhci_hcd.0: Device attached [ 66.631875][ T6055] vhci_hcd vhci_hcd.0: port 0 already used [ 66.891874][ T3245] usb 40-1: SetAddress Request (2) to port 0 [ 66.894803][ T3245] usb 40-1: new SuperSpeed USB device number 2 using vhci_hcd [ 66.998859][ T64] Bluetooth: hci2: command tx timeout [ 67.077852][ T64] Bluetooth: hci1: command tx timeout [ 67.087313][ T64] Bluetooth: hci0: command tx timeout [ 67.087327][ T5294] Bluetooth: hci3: command tx timeout [ 67.429904][ T6057] vhci_hcd: connection reset by peer [ 67.436775][ T1200] vhci_hcd vhci_hcd.1: stop threads [ 67.440797][ T1200] vhci_hcd vhci_hcd.1: release socket [ 67.443675][ T1200] vhci_hcd vhci_hcd.1: disconnect device [ 67.446105][ T6075] netlink: 28 bytes leftover after parsing attributes in process `syz.2.16'. [ 67.456815][ T6075] mkiss: ax0: crc mode is auto. [ 67.599901][ T6077] netlink: 'syz.2.17': attribute type 13 has an invalid length. [ 67.729707][ T6077] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 67.733957][ T6077] syzkaller0: entered promiscuous mode [ 67.738998][ T6077] syzkaller0: entered allmulticast mode [ 67.755519][ T6077] tipc: Started in network mode [ 67.758527][ T6077] tipc: Node identity 12cc3ce69d82, cluster identity 4711 [ 67.762018][ T6077] tipc: Enabled bearer , priority 0 [ 67.769807][ T6076] tipc: Resetting bearer [ 67.818622][ T6076] tipc: Disabling bearer [ 67.951910][ T53] cfg80211: failed to load regulatory.db [ 68.084714][ T6093] netlink: 4 bytes leftover after parsing attributes in process `syz.2.24'. [ 68.089245][ T6093] netlink: 12 bytes leftover after parsing attributes in process `syz.2.24'. [ 68.286364][ T40] kauditd_printk_skb: 54 callbacks suppressed [ 68.286380][ T40] audit: type=1400 audit(1767429509.690:155): avc: denied { read write } for pid=6098 comm="syz.3.26" name="fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 68.316306][ T40] audit: type=1400 audit(1767429509.720:156): avc: denied { open } for pid=6098 comm="syz.3.26" path="/dev/fuse" dev="devtmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 68.339662][ T40] audit: type=1400 audit(1767429509.740:157): avc: denied { map_create } for pid=6096 comm="syz.2.25" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 68.348845][ T40] audit: type=1400 audit(1767429509.740:158): avc: denied { map_read map_write } for pid=6096 comm="syz.2.25" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 68.498222][ T40] audit: type=1400 audit(1767429509.910:159): avc: denied { open } for pid=6104 comm="syz.3.28" path="/dev/ptyqa" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 68.534123][ T40] audit: type=1400 audit(1767429509.940:160): avc: denied { create } for pid=6104 comm="syz.3.28" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 68.611566][ T40] audit: type=1400 audit(1767429510.020:161): avc: denied { allowed } for pid=6107 comm="syz.3.29" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 68.622240][ T40] audit: type=1400 audit(1767429510.040:162): avc: denied { create } for pid=6107 comm="syz.3.29" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 68.650043][ T40] audit: type=1400 audit(1767429510.060:163): avc: denied { bind } for pid=6107 comm="syz.3.29" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 68.660188][ T40] audit: type=1400 audit(1767429510.060:164): avc: denied { listen } for pid=6107 comm="syz.3.29" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 69.047896][ T6118] Zero length message leads to an empty skb [ 69.052013][ T6118] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6118 comm=syz.1.32 [ 69.087438][ T5294] Bluetooth: hci2: command tx timeout [ 69.105921][ T6120] syzkaller0: entered promiscuous mode [ 69.111896][ T6120] syzkaller0: entered allmulticast mode [ 69.158264][ T5294] Bluetooth: hci1: command tx timeout [ 69.268185][ T6125] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 69.271542][ T6125] batadv_slave_0: entered promiscuous mode [ 69.338398][ T6127] syzkaller0: entered promiscuous mode [ 69.341222][ T6127] syzkaller0: entered allmulticast mode [ 69.412414][ T6129] netlink: 'syz.1.37': attribute type 1 has an invalid length. [ 69.487046][ T5294] Bluetooth: hci0: command tx timeout [ 69.609501][ T6135] vlan2: entered promiscuous mode [ 69.611400][ T6135] vlan2: entered allmulticast mode [ 69.613129][ T6135] hsr_slave_1: entered allmulticast mode [ 69.660576][ T6131] netlink: 'syz.3.38': attribute type 13 has an invalid length. [ 69.703983][ T6140] netfs: Couldn't get user pages (rc=-14) [ 69.706393][ T6140] netfs: Zero-sized read [R=1] [ 69.924644][ T6149] sctp: [Deprecated]: syz.0.46 (pid 6149) Use of int in max_burst socket option. [ 69.924644][ T6149] Use struct sctp_assoc_value instead [ 69.969282][ T6147] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.037007][ T5294] Bluetooth: hci3: command tx timeout [ 70.056737][ T6147] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.131714][ T6147] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.228949][ T6147] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 70.251558][ T6161] binder: transaction release 12 bad handle 1, ret = -22 [ 70.305598][ T6163] tipc: Started in network mode [ 70.311420][ T6163] tipc: Node identity be955157fda2, cluster identity 4711 [ 70.314873][ T6163] tipc: Enabled bearer , priority 0 [ 70.339595][ T6163] syzkaller0: entered promiscuous mode [ 70.341665][ T6163] syzkaller0: entered allmulticast mode [ 70.346204][ T3714] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.362197][ T6163] tipc: Resetting bearer [ 70.374279][ T3714] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.381242][ T6162] tipc: Resetting bearer [ 70.413943][ T6162] tipc: Disabling bearer [ 70.432134][ T6166] bridge_slave_0: left allmulticast mode [ 70.434696][ T6166] bridge_slave_0: left promiscuous mode [ 70.441847][ T6166] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.453418][ T6166] bridge_slave_1: left allmulticast mode [ 70.456052][ T6166] bridge_slave_1: left promiscuous mode [ 70.460285][ T6166] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.471017][ T6166] bond0: (slave bond_slave_0): Releasing backup interface [ 70.487584][ T6166] bond0: (slave bond_slave_1): Releasing backup interface [ 70.519846][ T6166] team0: Port device team_slave_0 removed [ 70.531161][ T6166] team0: Port device team_slave_1 removed [ 70.533767][ T6166] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 70.536390][ T6166] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 70.540880][ T6166] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 70.543806][ T6166] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 70.549720][ T6166] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 70.573325][ T6167] team0: Mode changed to "random" [ 70.576028][ T6170] vlan0: entered promiscuous mode [ 70.594666][ T6170] team0: Port device vlan0 added [ 70.599454][ T98] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.615256][ T12] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.157762][ T5294] Bluetooth: hci2: command tx timeout [ 71.247089][ T5294] Bluetooth: hci1: command tx timeout [ 71.528749][ T6174] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 71.532410][ T6174] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 71.541378][ T6174] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 71.547426][ T6174] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 71.549486][ T6174] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 71.555191][ T6174] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 71.558826][ T6174] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 71.561195][ T6174] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 71.564092][ T6174] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 71.568993][ T6174] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 71.571102][ T6174] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 71.574425][ T6174] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 71.752107][ T6197] Bluetooth: MGMT ver 1.23 [ 71.755998][ T6198] netlink: 'syz.0.61': attribute type 13 has an invalid length. [ 71.892772][ T6198] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.896143][ T6198] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.969340][ T3245] usb 40-1: device descriptor read/8, error -110 [ 71.976723][ T6205] kvm_intel: kvm [6204]: vcpu0, guest rIP: 0x29 Unhandled WRMSR(0x1d9) = 0xffff [ 71.988900][ T6205] kvm: kvm [6204]: vcpu0, guest rIP: 0x29 Unhandled WRMSR(0x11e) = 0xffff [ 72.001961][ T6198] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 72.009602][ T6198] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 72.021838][ T6205] kvm: kvm [6204]: vcpu0, guest rIP: 0x29 Unhandled WRMSR(0x187) = 0xffff [ 72.041617][ T6205] kvm: kvm [6204]: vcpu0, guest rIP: 0x29 Unhandled WRMSR(0x186) = 0xffff [ 72.175235][ T12] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.182826][ T12] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.217346][ T6219] syzkaller0: entered promiscuous mode [ 72.220184][ T6219] syzkaller0: entered allmulticast mode [ 72.224772][ T12] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.244688][ T12] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.362448][ T3245] usb usb40-port1: attempt power cycle [ 72.847093][ T5294] Bluetooth: hci0: command 0x0c1a tx timeout [ 72.979158][ T3245] usb usb40-port1: unable to enumerate USB device [ 73.478986][ T6233] tipc: Enabling of bearer rejected, failed to enable media [ 73.483474][ T6240] netlink: 12 bytes leftover after parsing attributes in process `syz.0.69'. [ 73.541727][ T40] kauditd_printk_skb: 45 callbacks suppressed [ 73.541751][ T40] audit: type=1400 audit(1767429514.950:210): avc: denied { connect } for pid=6272 comm="syz.1.75" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 73.557150][ T64] Bluetooth: hci1: command 0x0c1a tx timeout [ 73.628565][ T40] audit: type=1400 audit(1767429515.040:211): avc: denied { relabelfrom } for pid=6275 comm="syz.2.76" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 73.637291][ T64] Bluetooth: hci3: command 0x0c1a tx timeout [ 73.637331][ T5947] Bluetooth: hci2: command 0x0c1a tx timeout [ 73.640776][ T40] audit: type=1400 audit(1767429515.040:212): avc: denied { relabelto } for pid=6275 comm="syz.2.76" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 73.700463][ T6278] kvm: pic: level sensitive irq not supported [ 73.797108][ T6282] syzkaller0: entered promiscuous mode [ 73.802265][ T6282] syzkaller0: entered allmulticast mode [ 73.963207][ T6287] netlink: 16 bytes leftover after parsing attributes in process `syz.0.80'. [ 74.140175][ T6292] syzkaller0: entered promiscuous mode [ 74.142529][ T6292] syzkaller0: entered allmulticast mode [ 74.171087][ T6294] syzkaller0: entered promiscuous mode [ 74.173529][ T6294] syzkaller0: entered allmulticast mode [ 74.187866][ T6294] tipc: Started in network mode [ 74.190145][ T6294] tipc: Node identity 360d94ccaa35, cluster identity 4711 [ 74.194080][ T6294] tipc: Enabled bearer , priority 0 [ 74.201456][ T6294] tipc: Resetting bearer [ 74.203686][ T6294] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 74.206954][ T6294] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 74.213678][ T6293] tipc: Resetting bearer [ 74.229861][ T6293] tipc: Disabling bearer [ 74.381525][ T40] audit: type=1400 audit(1767429515.790:213): avc: denied { map } for pid=6301 comm="syz.0.86" path="socket:[10061]" dev="sockfs" ino=10061 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 74.395348][ T40] audit: type=1400 audit(1767429515.790:214): avc: denied { read accept } for pid=6301 comm="syz.0.86" path="socket:[10061]" dev="sockfs" ino=10061 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 74.406299][ T6302] warning: `syz.0.86' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 74.477916][ T40] audit: type=1400 audit(1767429515.890:215): avc: denied { write } for pid=6305 comm="syz.3.88" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 74.535089][ T40] audit: type=1400 audit(1767429515.940:216): avc: denied { append } for pid=6311 comm="syz.1.91" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 74.562844][ T5294] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 74.697159][ T40] audit: type=1400 audit(1767429516.110:217): avc: denied { map } for pid=6311 comm="syz.1.91" path="socket:[10067]" dev="sockfs" ino=10067 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 74.904228][ T6328] netlink: 36 bytes leftover after parsing attributes in process `syz.2.95'. [ 74.917155][ T5294] Bluetooth: hci0: command 0x0c1a tx timeout [ 74.996945][ T40] audit: type=1400 audit(1767429516.400:218): avc: denied { read write } for pid=6331 comm="syz.1.97" name="uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 75.008360][ T40] audit: type=1400 audit(1767429516.400:219): avc: denied { open } for pid=6331 comm="syz.1.97" path="/dev/uinput" dev="devtmpfs" ino=943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 75.647055][ T5294] Bluetooth: hci1: command 0x0c1a tx timeout [ 75.717096][ T5294] Bluetooth: hci3: command 0x0c1a tx timeout [ 75.717123][ T5947] Bluetooth: hci2: command 0x0c1a tx timeout [ 75.787475][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 76.014523][ T53] IPVS: starting estimator thread 0... [ 76.097501][ T6365] IPVS: using max 45 ests per chain, 108000 per kthread [ 76.219603][ T6377] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6377 comm=syz.0.109 [ 76.258360][ T6378] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 76.523439][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.523522][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.543120][ T6387] netlink: 16 bytes leftover after parsing attributes in process `syz.1.115'. [ 76.922877][ T6406] binder: Unknown parameter '18446744073709551615' [ 76.997430][ T5947] Bluetooth: hci0: command 0x0c1a tx timeout [ 77.110056][ T6412] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.253652][ T6412] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.282278][ T6418] netlink: 'syz.3.123': attribute type 10 has an invalid length. [ 77.291706][ T6418] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 77.366281][ T6419] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 77.386317][ T6412] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.456318][ T6421] loop3: detected capacity change from 0 to 7 [ 77.464254][ T6421] Dev loop3: unable to read RDB block 7 [ 77.467084][ T6421] loop3: unable to read partition table [ 77.470700][ T6421] loop3: partition table beyond EOD, truncated [ 77.473964][ T6421] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5) [ 77.491562][ T5343] Dev loop3: unable to read RDB block 7 [ 77.493427][ T5343] loop3: unable to read partition table [ 77.495915][ T5343] loop3: partition table beyond EOD, truncated [ 77.501816][ T6412] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.600301][ T46] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.612647][ T46] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.621169][ T46] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.632728][ T4430] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.718846][ T5947] Bluetooth: hci1: command 0x0c1a tx timeout [ 77.798552][ T5947] Bluetooth: hci3: command 0x0c1a tx timeout [ 77.800836][ T5294] Bluetooth: hci2: command 0x0c1a tx timeout [ 78.372761][ T6453] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 78.444746][ T6459] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 78.447604][ T6459] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 78.457244][ T6459] vhci_hcd vhci_hcd.0: Device attached [ 78.737216][ T55] usb 44-1: SetAddress Request (2) to port 0 [ 78.740239][ T55] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd [ 79.154722][ T6460] vhci_hcd: connection reset by peer [ 79.167275][ T1144] vhci_hcd vhci_hcd.3: stop threads [ 79.171449][ T1144] vhci_hcd vhci_hcd.3: release socket [ 79.173703][ T6481] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 79.175065][ T1144] vhci_hcd vhci_hcd.3: disconnect device [ 79.316308][ T40] kauditd_printk_skb: 14 callbacks suppressed [ 79.316321][ T40] audit: type=1400 audit(1767429520.720:234): avc: denied { shutdown } for pid=6488 comm="syz.2.146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 79.326696][ T40] audit: type=1400 audit(1767429520.720:235): avc: denied { create } for pid=6488 comm="syz.2.146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 79.329386][ T6489] binder: 6488:6489 ioctl c0306201 200000000640 returned -22 [ 79.334681][ T40] audit: type=1400 audit(1767429520.740:236): avc: denied { create } for pid=6488 comm="syz.2.146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 79.344767][ T40] audit: type=1404 audit(1767429520.760:237): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1 [ 79.362285][ T40] audit: type=1400 audit(1767429520.770:238): avc: denied { read write } for pid=5939 comm="syz-executor" name="loop0" dev="devtmpfs" ino=658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 79.386156][ T40] audit: type=1400 audit(1767429520.790:239): avc: denied { getopt } for pid=6488 comm="syz.2.146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=0 [ 79.394682][ T40] audit: type=1400 audit(1767429520.800:240): avc: denied { prog_load } for pid=6490 comm="syz.0.147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=0 [ 79.403150][ T40] audit: type=1400 audit(1767429520.800:241): avc: denied { create } for pid=6488 comm="syz.2.146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=0 [ 79.411738][ T40] audit: type=1400 audit(1767429520.800:242): avc: denied { setopt } for pid=6488 comm="syz.2.146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=0 [ 79.421279][ T40] audit: type=1400 audit(1767429520.810:243): avc: denied { execmem } for pid=6490 comm="syz.0.147" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=0 [ 79.449342][ T6493] netlink: 'syz.2.148': attribute type 1 has an invalid length. [ 79.473483][ T6493] 8021q: adding VLAN 0 to HW filter on device bond1 [ 79.500822][ T6493] bond1: (slave gretap1): making interface the new active one [ 79.507836][ T6493] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 79.526925][ T6493] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=6493 comm=syz.2.148 [ 79.536658][ T6493] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=33304 sclass=netlink_route_socket pid=6493 comm=syz.2.148 [ 79.769713][ T6517] netlink: 8 bytes leftover after parsing attributes in process `syz.1.159'. [ 79.775731][ T6514] bond0: Caught tx_queue_len zero misconfig [ 79.779016][ T6514] netlink: 8 bytes leftover after parsing attributes in process `syz.2.157'. [ 79.887757][ T5294] Bluetooth: hci3: command 0x0c1a tx timeout [ 80.069794][ T6546] vxcan1: entered allmulticast mode [ 80.079059][ T5294] Bluetooth: hci0: unexpected event for opcode 0x0803 [ 80.147289][ T6556] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60 sclass=netlink_route_socket pid=6556 comm=syz.2.176 [ 80.189981][ T5294] Bluetooth: hci0: ACL packet too small [ 80.284364][ T5294] Bluetooth: hci2: unexpected event for opcode 0x080d [ 80.335213][ T5294] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 80.376270][ T5294] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 80.448380][ T5947] Bluetooth: hci1: unexpected event for opcode 0x2042 [ 80.495902][ T5947] Bluetooth: hci0: unexpected event for opcode 0x2029 [ 80.501351][ T5947] Bluetooth: hci1: adv larger than maximum supported [ 80.768204][ T5947] Bluetooth: hci2: unexpected event for opcode 0x2003 [ 80.922883][ T5947] Bluetooth: hci1: unexpected event for opcode 0x0c14 [ 80.951841][ T6641] 8021q: adding VLAN 0 to HW filter on device bond1 [ 80.979404][ T6641] bond_slave_0: entered promiscuous mode [ 80.981589][ T6641] bond_slave_1: entered promiscuous mode [ 80.984159][ T6641] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 80.989677][ T6641] bond1: (slave macvlan2): Enslaving as a backup interface with an up link [ 81.016427][ T5947] Bluetooth: hci1: unexpected event for opcode 0x041b [ 81.288574][ T5947] Bluetooth: hci1: unexpected event for opcode 0x2035 [ 81.334770][ T5947] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 81.401552][ T5947] Bluetooth: hci0: unexpected event 0x08 length: 5 > 4 [ 81.423882][ T5947] Bluetooth: hci1: unexpected event for opcode 0x0809 [ 81.563420][ T5947] Bluetooth: hci0: unexpected event for opcode 0x0c26 [ 81.615028][ T6719] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 81.617234][ T6719] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 81.623414][ T6719] vhci_hcd vhci_hcd.0: Device attached [ 81.628791][ T6719] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(5) [ 81.630984][ T6719] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 81.634332][ T6719] vhci_hcd vhci_hcd.0: Device attached [ 81.643274][ T6722] vhci_hcd: connection closed [ 81.643469][ T6720] vhci_hcd: connection closed [ 81.646569][ T4430] vhci_hcd vhci_hcd.1: stop threads [ 81.652112][ T4430] vhci_hcd vhci_hcd.1: release socket [ 81.654617][ T4430] vhci_hcd vhci_hcd.1: disconnect device [ 81.658024][ T4430] vhci_hcd vhci_hcd.1: stop threads [ 81.660012][ T4430] vhci_hcd vhci_hcd.1: release socket [ 81.662327][ T4430] vhci_hcd vhci_hcd.1: disconnect device [ 82.064508][ C0] sr 2:0:0:0: [sr0] tag#13 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 82.068527][ C0] sr 2:0:0:0: [sr0] tag#13 CDB: opcode=0xde (vendor) de 89 0b b6 4d c9 [ 82.652301][ T5947] Bluetooth: hci1: unexpected subevent 0x03 length: 244 > 9 [ 82.711544][ T6797] netlink: 'syz.3.291': attribute type 2 has an invalid length. [ 82.786092][ T6803] netlink: 24 bytes leftover after parsing attributes in process `syz.1.294'. [ 82.789030][ T5947] Bluetooth: hci0: unexpected event for opcode 0x0402 [ 82.851912][ T6811] netlink: 'syz.2.298': attribute type 10 has an invalid length. [ 82.872695][ T6811] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 83.103089][ T6835] cdrom: dropping to single frame dma [ 83.344046][ T6865] IPv6: NLM_F_REPLACE set, but no existing node found! [ 83.645456][ T6911] netlink: 'syz.1.347': attribute type 10 has an invalid length. [ 83.653016][ T6911] netlink: 40 bytes leftover after parsing attributes in process `syz.1.347'. [ 83.695271][ T6911] team0: Port device geneve0 added [ 83.807061][ T55] usb 44-1: device descriptor read/8, error -110 [ 83.980080][ T5947] Bluetooth: hci2: Unable to find connection for big 0x00 [ 84.198098][ T55] usb usb44-port1: attempt power cycle [ 84.400415][ T40] kauditd_printk_skb: 691 callbacks suppressed [ 84.400432][ T40] audit: type=1400 audit(1767429525.811:935): avc: denied { read write } for pid=5939 comm="syz-executor" name="loop0" dev="devtmpfs" ino=658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 84.416597][ T40] audit: type=1400 audit(1767429525.831:936): avc: denied { create } for pid=6989 comm="syz.0.385" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=0 [ 84.441895][ T40] audit: type=1400 audit(1767429525.851:937): avc: denied { read write } for pid=5939 comm="syz-executor" name="loop0" dev="devtmpfs" ino=658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 84.459763][ T40] audit: type=1400 audit(1767429525.871:938): avc: denied { create } for pid=6991 comm="syz.0.386" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=0 [ 84.467389][ T40] audit: type=1400 audit(1767429525.871:939): avc: denied { read } for pid=6991 comm="syz.0.386" dev="nsfs" ino=4026533039 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=0 [ 84.474692][ T40] audit: type=1400 audit(1767429525.871:940): avc: denied { read } for pid=6991 comm="syz.0.386" dev="nsfs" ino=4026533039 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=0 [ 84.483201][ T40] audit: type=1400 audit(1767429525.881:941): avc: denied { read write } for pid=5939 comm="syz-executor" name="loop0" dev="devtmpfs" ino=658 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 84.501349][ T40] audit: type=1400 audit(1767429525.911:942): avc: denied { read write } for pid=5940 comm="syz-executor" name="loop2" dev="devtmpfs" ino=660 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 84.525942][ T40] audit: type=1400 audit(1767429525.931:943): avc: denied { create } for pid=6995 comm="syz.2.388" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=0 [ 84.536121][ T40] audit: type=1400 audit(1767429525.931:944): avc: denied { read } for pid=6995 comm="syz.2.388" dev="nsfs" ino=4026533298 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=0 [ 84.603864][ T7006] ip6gre0: entered promiscuous mode [ 84.609514][ T7006] team0: Device ip6gre0 is of different type [ 84.777080][ T55] usb usb44-port1: unable to enumerate USB device [ 85.096443][ T7050] macsec1: entered promiscuous mode [ 85.099737][ T7050] macsec1: entered allmulticast mode [ 85.592527][ T7111] netlink: 8 bytes leftover after parsing attributes in process `syz.0.444'. [ 85.710018][ T7122] netlink: 'syz.0.448': attribute type 10 has an invalid length. [ 85.714098][ T7122] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.731183][ T7122] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 86.221869][ T7175] wg2: Caught tx_queue_len zero misconfig [ 86.607054][ T5947] Bluetooth: hci0: command 0x0c1a tx timeout [ 86.607175][ T5294] ================================================================== [ 86.612818][ T5294] BUG: KASAN: slab-use-after-free in le_read_features_complete+0x5b/0x390 [ 86.615779][ T5294] Write of size 4 at addr ffff88802c454010 by task kworker/u33:1/5294 [ 86.622222][ T5294] [ 86.623469][ T5294] CPU: 3 UID: 0 PID: 5294 Comm: kworker/u33:1 Not tainted syzkaller #0 PREEMPT(full) [ 86.623496][ T5294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.623510][ T5294] Workqueue: hci0 hci_cmd_sync_work [ 86.623539][ T5294] Call Trace: [ 86.623546][ T5294] [ 86.623554][ T5294] dump_stack_lvl+0x116/0x1f0 [ 86.623580][ T5294] print_report+0xcd/0x630 [ 86.623616][ T5294] ? __virt_addr_valid+0x81/0x610 [ 86.623633][ T5294] ? __phys_addr+0xe8/0x180 [ 86.623658][ T5294] ? le_read_features_complete+0x5b/0x390 [ 86.623683][ T5294] kasan_report+0xe0/0x110 [ 86.623707][ T5294] ? le_read_features_complete+0x5b/0x390 [ 86.623735][ T5294] kasan_check_range+0x100/0x1b0 [ 86.623762][ T5294] le_read_features_complete+0x5b/0x390 [ 86.623788][ T5294] hci_cmd_sync_work+0x1ff/0x470 [ 86.623812][ T5294] ? __pfx_le_read_features_complete+0x10/0x10 [ 86.623839][ T5294] process_one_work+0x9ba/0x1b20 [ 86.623867][ T5294] ? __pfx_process_one_work+0x10/0x10 [ 86.623893][ T5294] ? assign_work+0x1a0/0x250 [ 86.623915][ T5294] worker_thread+0x6c8/0xf10 [ 86.623942][ T5294] ? __pfx_worker_thread+0x10/0x10 [ 86.623964][ T5294] kthread+0x3c5/0x780 [ 86.623985][ T5294] ? __pfx_kthread+0x10/0x10 [ 86.624006][ T5294] ? rcu_is_watching+0x12/0xc0 [ 86.624023][ T5294] ? __pfx_kthread+0x10/0x10 [ 86.624044][ T5294] ret_from_fork+0x983/0xb10 [ 86.624063][ T5294] ? __pfx_ret_from_fork+0x10/0x10 [ 86.624083][ T5294] ? __switch_to+0x7af/0x10d0 [ 86.624106][ T5294] ? __pfx_kthread+0x10/0x10 [ 86.624127][ T5294] ret_from_fork_asm+0x1a/0x30 [ 86.624160][ T5294] [ 86.624166][ T5294] [ 86.693717][ T5294] Allocated by task 5947: [ 86.695444][ T5294] kasan_save_stack+0x33/0x60 [ 86.697557][ T5294] kasan_save_track+0x14/0x30 [ 86.700100][ T5294] __kasan_kmalloc+0xaa/0xb0 [ 86.702508][ T5294] __hci_conn_add+0xf8/0x1cc0 [ 86.704752][ T5294] hci_conn_add_unset+0x76/0x130 [ 86.706857][ T5294] le_conn_complete_evt+0x639/0x1fa0 [ 86.709075][ T5294] hci_le_enh_conn_complete_evt+0x23d/0x3b0 [ 86.711439][ T5294] hci_le_meta_evt+0x357/0x610 [ 86.713360][ T5294] hci_event_packet+0x685/0x1210 [ 86.715396][ T5294] hci_rx_work+0x2c9/0x1020 [ 86.717237][ T5294] process_one_work+0x9ba/0x1b20 [ 86.719230][ T5294] worker_thread+0x6c8/0xf10 [ 86.721141][ T5294] kthread+0x3c5/0x780 [ 86.722918][ T5294] ret_from_fork+0x983/0xb10 [ 86.724944][ T5294] ret_from_fork_asm+0x1a/0x30 [ 86.727389][ T5294] [ 86.728543][ T5294] Freed by task 5947: [ 86.730304][ T5294] kasan_save_stack+0x33/0x60 [ 86.732205][ T5294] kasan_save_track+0x14/0x30 [ 86.734010][ T5294] kasan_save_free_info+0x3b/0x60 [ 86.736012][ T5294] __kasan_slab_free+0x5f/0x80 [ 86.737956][ T5294] kfree+0x2f8/0x6e0 [ 86.739646][ T5294] device_release+0xa4/0x240 [ 86.741430][ T5294] kobject_put+0x1ef/0x6f0 [ 86.743222][ T5294] device_unregister+0x2f/0xe0 [ 86.745226][ T5294] hci_conn_del_sysfs+0xdd/0x1a0 [ 86.747371][ T5294] hci_conn_del+0x680/0x11d0 [ 86.749244][ T5294] hci_disconn_complete_evt+0x410/0xa30 [ 86.751360][ T5294] hci_event_packet+0xa39/0x1210 [ 86.753216][ T5294] hci_rx_work+0x2c9/0x1020 [ 86.754857][ T5294] process_one_work+0x9ba/0x1b20 [ 86.756604][ T5294] worker_thread+0x6c8/0xf10 [ 86.758205][ T5294] kthread+0x3c5/0x780 [ 86.759564][ T5294] ret_from_fork+0x983/0xb10 [ 86.761021][ T5294] ret_from_fork_asm+0x1a/0x30 [ 86.762448][ T5294] [ 86.763220][ T5294] The buggy address belongs to the object at ffff88802c454000 [ 86.763220][ T5294] which belongs to the cache kmalloc-8k of size 8192 [ 86.768346][ T5294] The buggy address is located 16 bytes inside of [ 86.768346][ T5294] freed 8192-byte region [ffff88802c454000, ffff88802c456000) [ 86.772989][ T5294] [ 86.773985][ T5294] The buggy address belongs to the physical page: [ 86.776326][ T5294] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2c450 [ 86.780204][ T5294] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 86.783727][ T5294] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 86.786750][ T5294] page_type: f5(slab) [ 86.788372][ T5294] raw: 00fff00000000040 ffff88801b443180 dead000000000122 0000000000000000 [ 86.791921][ T5294] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 86.795861][ T5294] head: 00fff00000000040 ffff88801b443180 dead000000000122 0000000000000000 [ 86.799564][ T5294] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 86.802264][ T5294] head: 00fff00000000003 ffffea0000b11401 00000000ffffffff 00000000ffffffff [ 86.805037][ T5294] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 86.807866][ T5294] page dumped because: kasan: bad access detected [ 86.809893][ T5294] page_owner tracks the page as allocated [ 86.811696][ T5294] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6986, tgid 6985 (syz.0.383), ts 84286236045, free_ts 78753499725 [ 86.817879][ T5294] post_alloc_hook+0x1af/0x220 [ 86.819641][ T5294] get_page_from_freelist+0xd0b/0x31a0 [ 86.821369][ T5294] __alloc_frozen_pages_noprof+0x25f/0x2430 [ 86.823266][ T5294] alloc_pages_mpol+0x1fb/0x550 [ 86.825290][ T5294] new_slab+0x2c3/0x430 [ 86.827149][ T5294] ___slab_alloc+0xe18/0x1c90 [ 86.829192][ T5294] __slab_alloc.constprop.0+0x63/0x110 [ 86.831592][ T5294] __kmalloc_cache_noprof+0x485/0x800 [ 86.833991][ T5294] audit_log_d_path+0xed/0x200 [ 86.836302][ T5294] audit_log_lsm_data+0xf87/0x1fe0 [ 86.838819][ T5294] common_lsm_audit+0x238/0x300 [ 86.841136][ T5294] slow_avc_audit+0x186/0x210 [ 86.843152][ T5294] avc_has_perm+0x1b5/0x1f0 [ 86.845081][ T5294] inode_has_perm+0x166/0x1d0 [ 86.847167][ T5294] selinux_mount+0x381/0x460 [ 86.849175][ T5294] security_sb_mount+0xc8/0x260 [ 86.851172][ T5294] page last free pid 6468 tgid 6464 stack trace: [ 86.853942][ T5294] __free_frozen_pages+0x7df/0x1170 [ 86.856466][ T5294] __folio_put+0x329/0x450 [ 86.858840][ T5294] skb_release_data+0x81a/0x9e0 [ 86.861180][ T5294] __kfree_skb+0x4f/0x70 [ 86.863011][ T5294] tcp_ack+0x1d41/0x6150 [ 86.864868][ T5294] tcp_rcv_established+0x10b6/0x36e0 [ 86.867014][ T5294] tcp_v4_do_rcv+0xc65/0x10a0 [ 86.868631][ T5294] __release_sock+0x361/0x450 [ 86.870494][ T5294] release_sock+0x5a/0x220 [ 86.872363][ T5294] sk_wait_data+0x1aa/0x510 [ 86.874280][ T5294] tcp_recvmsg_locked+0x7de/0x2910 [ 86.876866][ T5294] tcp_recvmsg+0x12f/0x680 [ 86.879030][ T5294] inet_recvmsg+0x129/0x6a0 [ 86.881443][ T5294] sock_recvmsg+0x1b2/0x250 [ 86.883771][ T5294] __sys_recvfrom+0x203/0x310 [ 86.886083][ T5294] __x64_sys_recvfrom+0xe0/0x1c0 [ 86.888007][ T5294] [ 86.889040][ T5294] Memory state around the buggy address: [ 86.891368][ T5294] ffff88802c453f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 86.894628][ T5294] ffff88802c453f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 86.898581][ T5294] >ffff88802c454000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.902548][ T5294] ^ [ 86.904679][ T5294] ffff88802c454080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.908086][ T5294] ffff88802c454100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 86.911447][ T5294] ================================================================== [ 86.916385][ T5294] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 86.919998][ T5294] CPU: 3 UID: 0 PID: 5294 Comm: kworker/u33:1 Not tainted syzkaller #0 PREEMPT(full) [ 86.924513][ T5294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.929455][ T5294] Workqueue: hci0 hci_cmd_sync_work [ 86.932013][ T5294] Call Trace: [ 86.933566][ T5294] [ 86.934995][ T5294] dump_stack_lvl+0x3d/0x1f0 [ 86.937221][ T5294] vpanic+0x640/0x6f0 [ 86.939108][ T5294] panic+0xca/0xd0 [ 86.940826][ T5294] ? __pfx_panic+0x10/0x10 [ 86.942737][ T5294] ? le_read_features_complete+0x5b/0x390 [ 86.945179][ T5294] ? preempt_schedule_common+0x44/0xc0 [ 86.947630][ T5294] ? preempt_schedule_thunk+0x16/0x30 [ 86.949876][ T5294] ? check_panic_on_warn+0x1f/0xb0 [ 86.952052][ T5294] check_panic_on_warn+0xab/0xb0 [ 86.954130][ T5294] end_report+0x107/0x160 [ 86.956071][ T5294] kasan_report+0xee/0x110 [ 86.957984][ T5294] ? le_read_features_complete+0x5b/0x390 [ 86.960683][ T5294] kasan_check_range+0x100/0x1b0 [ 86.962954][ T5294] le_read_features_complete+0x5b/0x390 [ 86.965777][ T5294] hci_cmd_sync_work+0x1ff/0x470 [ 86.968104][ T5294] ? __pfx_le_read_features_complete+0x10/0x10 [ 86.970923][ T5294] process_one_work+0x9ba/0x1b20 [ 86.973049][ T5294] ? __pfx_process_one_work+0x10/0x10 [ 86.975332][ T5294] ? assign_work+0x1a0/0x250 [ 86.977284][ T5294] worker_thread+0x6c8/0xf10 [ 86.979687][ T5294] ? __pfx_worker_thread+0x10/0x10 [ 86.981847][ T5294] kthread+0x3c5/0x780 [ 86.983670][ T5294] ? __pfx_kthread+0x10/0x10 [ 86.985452][ T5294] ? rcu_is_watching+0x12/0xc0 [ 86.987287][ T5294] ? __pfx_kthread+0x10/0x10 [ 86.989125][ T5294] ret_from_fork+0x983/0xb10 [ 86.990831][ T5294] ? __pfx_ret_from_fork+0x10/0x10 [ 86.992546][ T5294] ? __switch_to+0x7af/0x10d0 [ 86.994558][ T5294] ? __pfx_kthread+0x10/0x10 [ 86.996525][ T5294] ret_from_fork_asm+0x1a/0x30 [ 86.998895][ T5294] [ 87.001325][ T5294] Kernel Offset: disabled [ 87.003594][ T5294] Rebooting in 86400 seconds.. VM DIAGNOSIS: 08:38:48 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=ffffffff8e3c95e0 RCX=ffffffff8234f76a RDX=ffff8880358e4980 RSI=ffffffff8234f0b8 RDI=ffffffff8e3c95e0 RBP=0000000000000000 RSP=ffffc900034676f8 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=ffff8880358e54b0 R12=ffffffff8234f0b8 R13=0000000000000001 R14=0000000000000008 R15=0000000000000001 RIP=ffffffff81a311ad RFL=00000287 [--S--PC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d68f5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000110c326e38 CR3=000000002d965000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=fe9d6a41a380b1d8 493393191bc4467f fe9d6a41a380b1d8 493393191bc4467f fe9d6a41a380b1d8 493393191bc4467f fe9d6a41a380b1d8 493393191bc4467f ZMM18=3934a94bcd496099 b9d49f7c4fcd9fdf 3934a94bcd496099 b9d49f7c4fcd9fdf 3934a94bcd496099 b9d49f7c4fcd9fdf 3934a94bcd496099 b9d49f7c4fcd9fdf ZMM19=ef06000000000000 0000000000000005 ef06000000000000 0000000000000004 ef06000000000000 0000000000000003 ef06000000000000 0000000000000002 ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0803020800000300 0400218208000780 041ffffffeb81000 080049f4006d766b ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2f7665642f01ffff ffffffffffffed08 0780030010000180 0401c70800060141 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 aa0030656c69662f 2e01ffffffffffff ffffef0801800300 040001808008000f ZMM24=4fcd9fdf4fcd9fdf 4fcd9fdf4fcd9fdf 4fcd9fdf4fcd9fdf 4fcd9fdf4fcd9fdf 4fcd9fdf4fcd9fdf 4fcd9fdf4fcd9fdf 4fcd9fdf4fcd9fdf 4fcd9fdf4fcd9fdf ZMM25=b9d49f7cb9d49f7c b9d49f7cb9d49f7c b9d49f7cb9d49f7c b9d49f7cb9d49f7c b9d49f7cb9d49f7c b9d49f7cb9d49f7c b9d49f7cb9d49f7c b9d49f7cb9d49f7c ZMM26=cd496099cd496099 cd496099cd496099 cd496099cd496099 cd496099cd496099 cd496099cd496099 cd496099cd496099 cd496099cd496099 cd496099cd496099 ZMM27=3934a94b3934a94b 3934a94b3934a94b 3934a94b3934a94b 3934a94b3934a94b 3934a94b3934a94b 3934a94b3934a94b 3934a94b3934a94b 3934a94b3934a94b ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=ee060000ee060000 ee060000ee060000 ee060000ee060000 ee060000ee060000 ee060000ee060000 ee060000ee060000 ee060000ee060000 ee060000ee060000 info registers vcpu 1 CPU#1 RAX=0000000000090c7d RBX=0000000000000001 RCX=ffffffff8b7816d9 RDX=0000000000000000 RSI=ffffffff8dace4f3 RDI=ffffffff8bf2b480 RBP=ffffed1003bd4498 RSP=ffffc90000177de8 R8 =0000000000000001 R9 =ffffed100d4a673d R10=ffff88806a5339eb R11=ffff88801dea2ff0 R12=0000000000000001 R13=ffff88801dea24c0 R14=ffffffff9088b9d0 R15=0000000000000000 RIP=ffffffff8b77fdcf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d69f5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f5b4f57ff98 CR3=000000002fd29000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000001 Opmask01=0000000000000001 Opmask02=0000000060000000 Opmask03=0000000000000000 Opmask04=00000000ffffffff Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcd8e2d3fb 00007ffcd8e2d3fb ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcd8e2d900 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffcd8e2d900 0000003000000018 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 733a746f6f723d74 7865746e6f637320 3839323333353632 30343d6f6e692000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7330746565723774 7265746465637320 3233323333353632 3034376564632000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3463323038383866 6666662072646461 207461203420657a 697320666f206574 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 303d657669737369 6d72657020656c69 663d7373616c6374 20745f7366736e3a ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 725f7463656a626f 3a755f6d65747379 733d747865746e6f 637420745f6d6461 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7379733a725f6d64 617379733a746f6f 723d747865746e6f 6373203839323333 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 35363230343d6f6e 6920227366736e22 3d76656420223838 332e322e7a797322 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6f723d747865746e 6f6373203036363d 6f6e692022736670 6d74766564223d76 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffffc900033879e0 RCX=ffffc90003386efc RDX=0000000000000000 RSI=ffffffff8daa845f RDI=ffffffff8bf2b480 RBP=0000000000000001 RSP=ffffc90003386f30 R8 =0000000000000001 R9 =00000000ffffffff R10=0000000000000002 R11=00000000000144ac R12=ffffc90003386ff8 R13=ffffc90003386fa8 R14=ffffc900033879e0 R15=ffffc90003386fdc RIP=ffffffff81a44060 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6af5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f79627dcf70 CR3=000000000e184000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7961a15050 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7961a1505d ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7961a15057 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7961a1506b ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7961a150f1 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7961a151cf ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7961bba4a8 00007f7961bba4a0 00007f7961bba498 00007f7961bba470 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f796271d100 00007f7961bba460 00007f7961bba478 00007f7961bba4c0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7961bba4b8 00007f7961bba4b0 00007f7961bba4a8 00007f7961bba4a0 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000065 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff853265b5 RDI=ffffffff9aeedc40 RBP=ffffffff9aeedc00 RSP=ffffc900229d7588 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=3463323038387257 R12=0000000000000000 R13=0000000000000065 R14=ffffffff9aeedc00 R15=ffffffff85326550 RIP=ffffffff853265df RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d6bf5000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00005555951b9808 CR3=0000000032421000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffd5bc852a0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f84c4e15050 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f84c4e1505d ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f84c4e15057 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f84c4e1506b ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f84c4e150f1 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f84c4e151cf ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000