last executing test programs: 226.132217ms ago: executing program 0 (id=1): r0 = syz_open_dev$usbfs(0x0, 0xe, 0x141341) ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f0000000140)={{{0x1, 0x1}}, 0x0, 0x200, 0x0}) r1 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50) fchown(r1, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(0xffffffffffffffff, 0x80045530, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r3 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x2, 0x5, 0x7, 0x3, 0x1, {0x400000080001, 0xff, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x6}}, {0x0, 0x13}}}, 0xa0) sendfile(r3, r3, &(0x7f0000000080), 0x7f03) pipe2$watch_queue(0x0, 0x80) 223.811752ms ago: executing program 1 (id=2): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000004, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) ftruncate(r2, 0x796c) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x10100}, 0x0) 148.717853ms ago: executing program 1 (id=5): r0 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0) ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000000)={0x9, {0xffffffff, 0x300, 0x300, 0x300}}) 73.641386ms ago: executing program 3 (id=4): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendto$inet6(r0, &(0x7f0000000280)="3ee1caaa091440bd86a67bc730c4b51e75395f347cd65a2d3590ae6f298e450539ce42b0adfd1e448b2a557efeafd810570f41f669de766d0c4959c1323b7de953ad9dc8b5f43f0e50a2af835053c90a91adb2ba44381beab3d746ea8cb5d1eeb6cf57a295090dd4639669f9249ce3ae6a4b9ab4c055142231ee0505a3044b96bba4bb2ec48fe878a18a6c3e12efbcbeb7da9c7568d8b9e4974392351a363143b7e39d40f57805e1aa45cc4be0775de383b1210c1da3d1e887f1c6af0f36d558af504e8b11b6a87541848bb10c0d6f48ed208abb4b8fd6b0192a3cd6912bf1b6045c8c22476d156f519267c776d2c513cfd4f9077386541f48d3c9709d53a004eee2851e8f43ea61ffbcb402339e4540a0412b5361fce0c41e9bbefdf3f1a36f7039432b1909fd64b93ce82d23012c11b53cfd2d0d8a467bf4665d4e470c04ffad4c86abee4f5c50a95bc376db98ab115c98c25b52654842583cb55a0a62e76be2791a4ea931e95aea49f370f82d4a96aaa525a463fc43ba007b87c73aa7615f9f6957e398441f41999a832f903beddad3c1ff7d58dd5407a8dc2d3f2aa258a51d5ca562582cd1b7e3ff423389e44b5f459be0d81457821a57dd83a120982c35cd4556177f6791d918ef1f15909a0ab96c65ddd015af018567eecf4eba9f8893df8f23098ea3262091f563bbd9e77fc967b1ee516864b2918827b6428220ee05f74a66576552ecc20f7e4b32e2567b5bd87dfe70ac3297e5251e15b28abbb9f773b6e81e6ce30894862a2ecbb3147a89865129e70d85410a59f72f0ca543a4458070675a4f344e9874f3e799bf5e2f5c925d9914afaecc2d1340c76ff882c2e9f22742cb6f9322cee9d304e61fbf815ca541ad9624035f1eea99b91cff3d338465ed56d2a28140cee556f9857613b8b96ee15fc0c10eb12b8af25cb56b0d2540887089b47298eba5a9585f7e92f3ace952cf17ea9b7317858f2ae9cfe85ad3012e9d3e75e2222ce5b0c1d6a73e0347968167fa176d9389c2c81ef5c31adc30c55d2793a15ffe27a30fd42ce23d775e3f6e7c058ce14887bd64232b7ef10b2b37ad05f2e3ca6d465dd7557396b9df0371b6185783fa373a74b3d62e5b68b8ae2bac2608102754a8d86ab1d021bffa03a617fe7233ae439422bfc300c0f6a4cb7fe61374715422f4939dc0bea6df6b5773197978dbe0a453976b3d6484ec5f631e3e187c28579910cceac742fa0d3ec3632b1e7aa4c84f58406aa7d1f7d7c22ef295e86dc7a02167185bd3c7dc1d2b4fe9c0621a635de8fd343442a441927b136506f48c4e101d5f5b874e69374d171e81d94accdc1abada44e15fb26ae17a5f8e636d1ec01b84ce02cf829ae1fd33f17da75441a17125dc2c613788114e9f63e7ffd94a925b8cd4235d4b4e85fe07b603865da5eb7fb405d0803d135784961c7b9c13df5db9b3ff6bbda756b4623d6a70d38ddd063b4c889e3a5af6942fe515d0b70d30d6eb8c105363d3ebbef573711b9089f61ebf28d90fc63aff8ac1488de3353b0700d6d4632517227edaa8756e3331d465dcd607b47dba540341c6cd704ebe80d0dd2ecd666315b76f46db68bb3b9b3d88285bef7f36ea007acdb6c635371a133ce688d1e4de6a9872850c524bb543bfcf7a4ce12cc10f8be06d20c170cf5928bd6a97ac8171271bdc64a0c2d8a6c29f093bfcdc4b729b4ebd62ba100110a81c153b6f3c88c318e645d12962d704d0100442c37aa3b89c889e991f30b7566afd26e423b1f3c1825bbdff250758d1c85f9a0ba10cb75e16b900b99223483e74101117836b59af28dfbca64a31806f4ab3fd7ad0d0398e95a6763f0f353f990d1103bf286732385f11023497767c9738b1249d69754ed9725997069b2538cf42232b561de7cce9e3f31c3d011f87fb603ac7e9495e92c84943a170e5d3ac1b3824b82f4a1c648bd22eebbc20c93f27671504cb1469421a394313d8ff89936761a34db07c03c7e9e7bb213ac8ba6d4d358c46eb29", 0x595, 0x40, &(0x7f0000000000)={0xa, 0x4e22, 0xffff, @local, 0x3}, 0x1c) syz_emit_ethernet(0x46, &(0x7f00000000c0)=ANY=[@ANYBLOB="aabcda677c7d613717c6572803aaaaaaaaaaaaaaaaec5221b5f9165e56f6842656aaaabb08e5442e0038006a000008019001457f0501006607f24884ffe064010102ac141421b78d517332101a052241a7aac5a9f3e2a4511cfdbc119bf439c4075732f5d18656265bff77ad37d43de0543cb54a47459e66a8e00809b19dab51e039360f718bb7248c698e69f42950058608ef23d662be27b6a57e613afb8eaf5028934636a13edef1ceac63bff30860ba684a9c7b988a213608729a104ab89be7edd54e82a7418b7c982e06d40d43946f275c2a6e22d4130661b485a8a0152b70251c7066a9020b7d1c9d5474835de295e9785f561524fab767079e9282fe5587b0c16fb34429b5343d8974b07e470479a77ddec3badbcc26d0d0b999fc2b3b0c68b999ec20023f"], 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000100)="1c", 0x1, 0x0, 0x0, 0x0) r1 = socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x7, [@struct={0x5, 0x1, 0x0, 0x4, 0x0, 0x1ff, [{0x7, 0x5, 0x9}]}]}, {0x0, [0x5f, 0x30, 0x5f, 0x30, 0x2e]}}, &(0x7f0000000f40)=""/4089, 0x37, 0xff9, 0x8}, 0x28) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r4 = syz_open_dev$mouse(&(0x7f0000000180), 0x0, 0x2) readv(r4, &(0x7f0000000980)=[{&(0x7f0000000000)=""/58, 0x3a}], 0x1) write$cgroup_int(r4, &(0x7f0000000100)=0x4, 0x12) fsetxattr$security_capability(r3, 0x0, 0x0, 0xfffffe04, 0x1) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x141, 0x0, 0x4}, 0x18) r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000040)={0xf0f002, 0x4}) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000003c0)={@cgroup=r4, r4, 0x35, 0x2008, 0x0, @value=r4}, 0x20) mknod$loop(&(0x7f0000000200)='./file0\x00', 0x85c68e8ab9c77084, 0x0) openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) gettid() setsockopt$MRT6_INIT(r1, 0x29, 0xc8, &(0x7f0000000340), 0x4) 0s ago: executing program 1 (id=6): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa08, 0x0) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) listen(r0, 0x90004) socket$inet6_tcp(0xa, 0x1, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) ppoll(&(0x7f00000000c0)=[{r0, 0x60}], 0x1, &(0x7f0000000140)={0x77359400}, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:9079' (ED25519) to the list of known hosts. [ 45.695414][ T40] audit: type=1400 audit(1758245829.518:62): avc: denied { name_bind } for pid=5888 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 45.721569][ T40] audit: type=1400 audit(1758245829.538:63): avc: denied { write } for pid=5889 comm="sh" path="pipe:[3989]" dev="pipefs" ino=3989 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 45.742887][ T40] audit: type=1400 audit(1758245829.568:64): avc: denied { execute } for pid=5889 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 45.749553][ T40] audit: type=1400 audit(1758245829.568:65): avc: denied { execute_no_trans } for pid=5889 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 48.025587][ T40] audit: type=1400 audit(1758245831.848:66): avc: denied { mounton } for pid=5889 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 48.028013][ T5889] cgroup: Unknown subsys name 'net' [ 48.194781][ T5889] cgroup: Unknown subsys name 'cpuset' [ 48.198989][ T5889] cgroup: Unknown subsys name 'rlimit' [ 48.390861][ T5948] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 49.040902][ T5889] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.196954][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 52.196965][ T40] audit: type=1400 audit(1758245836.018:80): avc: denied { execmem } for pid=5957 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 52.415566][ T40] audit: type=1400 audit(1758245836.238:81): avc: denied { create } for pid=5961 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 52.424044][ T40] audit: type=1400 audit(1758245836.238:82): avc: denied { read write } for pid=5962 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 52.431300][ T40] audit: type=1400 audit(1758245836.238:83): avc: denied { open } for pid=5962 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 52.438610][ T40] audit: type=1400 audit(1758245836.248:84): avc: denied { ioctl } for pid=5962 comm="syz-executor" path="socket:[6715]" dev="sockfs" ino=6715 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 52.467473][ T5972] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 52.469344][ T5974] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 52.472673][ T5975] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 52.475829][ T5973] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 52.477539][ T5974] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 52.477676][ T5975] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 52.477901][ T5975] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 52.478367][ T5975] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 52.478984][ T5973] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 52.479203][ T5973] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 52.479606][ T5973] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 52.480776][ T5973] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 52.481012][ T5974] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 52.481393][ T5974] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 52.483595][ T5975] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 52.490677][ T40] audit: type=1400 audit(1758245836.308:85): avc: denied { read } for pid=5962 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 52.498014][ T5977] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 52.499943][ T40] audit: type=1400 audit(1758245836.308:86): avc: denied { open } for pid=5962 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 52.503901][ T5977] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 52.508688][ T40] audit: type=1400 audit(1758245836.308:87): avc: denied { mounton } for pid=5962 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 52.515592][ T5977] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 52.532502][ T5977] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 52.536120][ T5977] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 52.742787][ T40] audit: type=1400 audit(1758245836.568:88): avc: denied { module_request } for pid=5961 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 52.827094][ T5962] chnl_net:caif_netlink_parms(): no params data found [ 52.835523][ T5961] chnl_net:caif_netlink_parms(): no params data found [ 52.899886][ T5976] chnl_net:caif_netlink_parms(): no params data found [ 52.928516][ T5963] chnl_net:caif_netlink_parms(): no params data found [ 53.049602][ T5961] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.052999][ T5961] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.056675][ T5961] bridge_slave_0: entered allmulticast mode [ 53.060522][ T5961] bridge_slave_0: entered promiscuous mode [ 53.065838][ T5962] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.068872][ T5962] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.071832][ T5962] bridge_slave_0: entered allmulticast mode [ 53.075745][ T5962] bridge_slave_0: entered promiscuous mode [ 53.083163][ T5962] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.086161][ T5962] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.089079][ T5962] bridge_slave_1: entered allmulticast mode [ 53.091673][ T5962] bridge_slave_1: entered promiscuous mode [ 53.104503][ T5961] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.106796][ T5961] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.109029][ T5961] bridge_slave_1: entered allmulticast mode [ 53.112004][ T5961] bridge_slave_1: entered promiscuous mode [ 53.235602][ T5961] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.263688][ T5962] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.266696][ T5976] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.269471][ T5976] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.271872][ T5976] bridge_slave_0: entered allmulticast mode [ 53.274945][ T5976] bridge_slave_0: entered promiscuous mode [ 53.279104][ T5961] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.287000][ T5962] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.290034][ T5976] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.292639][ T5976] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.295168][ T5976] bridge_slave_1: entered allmulticast mode [ 53.297910][ T5976] bridge_slave_1: entered promiscuous mode [ 53.375412][ T5976] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.379387][ T5961] team0: Port device team_slave_0 added [ 53.415700][ T5962] team0: Port device team_slave_0 added [ 53.419419][ T5976] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.437721][ T5961] team0: Port device team_slave_1 added [ 53.455396][ T5963] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.457718][ T5963] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.460195][ T5963] bridge_slave_0: entered allmulticast mode [ 53.464317][ T5963] bridge_slave_0: entered promiscuous mode [ 53.467957][ T5962] team0: Port device team_slave_1 added [ 53.505366][ T5963] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.507711][ T5963] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.509971][ T5963] bridge_slave_1: entered allmulticast mode [ 53.512850][ T5963] bridge_slave_1: entered promiscuous mode [ 53.543137][ T5976] team0: Port device team_slave_0 added [ 53.604703][ T5976] team0: Port device team_slave_1 added [ 53.630794][ T5961] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.633458][ T5961] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.643096][ T5961] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.661907][ T5962] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.667420][ T5962] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.677940][ T5962] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.683776][ T5962] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.686700][ T5962] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.698640][ T5962] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.726654][ T5961] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.728974][ T5961] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.737458][ T5961] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.742510][ T5963] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.751012][ T5963] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.754975][ T5976] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.757150][ T5976] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.765180][ T5976] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.795956][ T5976] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.798938][ T5976] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.809600][ T5976] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.837411][ T5963] team0: Port device team_slave_0 added [ 53.840665][ T5963] team0: Port device team_slave_1 added [ 53.984811][ T5962] hsr_slave_0: entered promiscuous mode [ 53.987942][ T5962] hsr_slave_1: entered promiscuous mode [ 54.007499][ T5963] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.010417][ T5963] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.022324][ T5963] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.055245][ T5961] hsr_slave_0: entered promiscuous mode [ 54.057438][ T5961] hsr_slave_1: entered promiscuous mode [ 54.059493][ T5961] debugfs: 'hsr0' already exists in 'hsr' [ 54.061304][ T5961] Cannot create hsr debugfs directory [ 54.063684][ T5963] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.065845][ T5963] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.073945][ T5963] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.081492][ T5976] hsr_slave_0: entered promiscuous mode [ 54.084707][ T5976] hsr_slave_1: entered promiscuous mode [ 54.087559][ T5976] debugfs: 'hsr0' already exists in 'hsr' [ 54.089971][ T5976] Cannot create hsr debugfs directory [ 54.244623][ T5963] hsr_slave_0: entered promiscuous mode [ 54.246949][ T5963] hsr_slave_1: entered promiscuous mode [ 54.249124][ T5963] debugfs: 'hsr0' already exists in 'hsr' [ 54.251481][ T5963] Cannot create hsr debugfs directory [ 54.523884][ T5962] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 54.531454][ T5962] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 54.538564][ T5962] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 54.542591][ T5972] Bluetooth: hci1: command tx timeout [ 54.552866][ T5972] Bluetooth: hci3: command tx timeout [ 54.553126][ T5977] Bluetooth: hci0: command tx timeout [ 54.555256][ T5972] Bluetooth: hci2: command tx timeout [ 54.555516][ T5962] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 54.595763][ T5976] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.602408][ T5976] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.623831][ T5976] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.627899][ T5976] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.663755][ T5961] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 54.669000][ T5961] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 54.673416][ T5961] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 54.677938][ T5961] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 54.733462][ T5963] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 54.739016][ T5963] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 54.752421][ T5963] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 54.756840][ T5963] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 54.809416][ T5962] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.841404][ T5962] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.855665][ T226] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.858777][ T226] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.878257][ T5961] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.892947][ T5961] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.897197][ T5976] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.901577][ T66] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.904392][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.932329][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.935331][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.940166][ T66] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.943239][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.962895][ T5976] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.979233][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.982267][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.999828][ T66] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.002855][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.012074][ T5963] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.046641][ T5963] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.065509][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.068548][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.088864][ T66] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.091897][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.103223][ T40] audit: type=1400 audit(1758245838.928:89): avc: denied { sys_module } for pid=5962 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 55.128481][ T5976] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.211545][ T5962] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.221239][ T5961] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.247752][ T5962] veth0_vlan: entered promiscuous mode [ 55.255272][ T5962] veth1_vlan: entered promiscuous mode [ 55.284987][ T5961] veth0_vlan: entered promiscuous mode [ 55.288712][ T5976] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.296577][ T5961] veth1_vlan: entered promiscuous mode [ 55.311322][ T5962] veth0_macvtap: entered promiscuous mode [ 55.318807][ T5963] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.324150][ T5962] veth1_macvtap: entered promiscuous mode [ 55.338864][ T5962] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.348704][ T5962] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.356602][ T5961] veth0_macvtap: entered promiscuous mode [ 55.364111][ T5961] veth1_macvtap: entered promiscuous mode [ 55.372795][ T88] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.382645][ T88] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.385373][ T88] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.391942][ T88] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.395896][ T5976] veth0_vlan: entered promiscuous mode [ 55.405941][ T5961] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.414794][ T5976] veth1_vlan: entered promiscuous mode [ 55.429258][ T5961] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.433337][ T5963] veth0_vlan: entered promiscuous mode [ 55.443758][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.447427][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.454603][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.457881][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.473683][ T5963] veth1_vlan: entered promiscuous mode [ 55.494918][ T1249] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.500016][ T1249] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.520922][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.522641][ T5963] veth0_macvtap: entered promiscuous mode [ 55.523736][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.534902][ T5963] veth1_macvtap: entered promiscuous mode [ 55.538272][ T5976] veth0_macvtap: entered promiscuous mode [ 55.554192][ T226] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.556645][ T226] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.563073][ T5976] veth1_macvtap: entered promiscuous mode [ 55.571979][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.573457][ T5963] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.575122][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.580989][ T5963] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.591172][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.594183][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.600121][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.604142][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.615741][ T5961] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 55.617261][ T5976] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.631036][ T5976] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.664449][ T226] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.667879][ T226] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.683097][ T226] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.685889][ T226] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.689897][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.693854][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.722658][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.725804][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.734213][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 55.736763][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 55.739241][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 55.746523][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.749618][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.845175][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.851310][ T6064] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 55.860474][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.866820][ T5972] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 55.870673][ T5972] CPU: 1 UID: 0 PID: 5972 Comm: kworker/u33:3 Not tainted syzkaller #0 PREEMPT(full) [ 55.870696][ T5972] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 55.870707][ T5972] Workqueue: hci0 hci_rx_work [ 55.870733][ T5972] Call Trace: [ 55.870739][ T5972] [ 55.870747][ T5972] dump_stack_lvl+0x16c/0x1f0 [ 55.870772][ T5972] sysfs_warn_dup+0x7f/0xa0 [ 55.870797][ T5972] sysfs_create_dir_ns+0x24b/0x2b0 [ 55.870819][ T5972] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 55.870838][ T5972] ? find_held_lock+0x2b/0x80 [ 55.870864][ T5972] ? do_raw_spin_unlock+0x172/0x230 [ 55.870886][ T5972] kobject_add_internal+0x2c4/0x9b0 [ 55.870916][ T5972] kobject_add+0x16e/0x240 [ 55.870939][ T5972] ? __pfx_kobject_add+0x10/0x10 [ 55.870964][ T5972] ? do_raw_spin_unlock+0x172/0x230 [ 55.870985][ T5972] ? kobject_put+0xab/0x5a0 [ 55.871019][ T5972] device_add+0x288/0x1aa0 [ 55.871045][ T5972] ? __pfx_dev_set_name+0x10/0x10 [ 55.871061][ T5972] ? __pfx_device_add+0x10/0x10 [ 55.871088][ T5972] ? mgmt_send_event_skb+0x2fb/0x460 [ 55.871114][ T5972] hci_conn_add_sysfs+0x17e/0x230 [ 55.871136][ T5972] le_conn_complete_evt+0x1075/0x1d70 [ 55.871154][ T5972] ? preempt_count_sub+0xb0/0x160 [ 55.871180][ T5972] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 55.871198][ T5972] ? hci_event_packet+0x459/0x11c0 [ 55.871221][ T5972] hci_le_conn_complete_evt+0x23c/0x370 [ 55.871246][ T5972] hci_le_meta_evt+0x354/0x5e0 [ 55.871266][ T5972] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 55.871286][ T5972] hci_event_packet+0x682/0x11c0 [ 55.871305][ T5972] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 55.871326][ T5972] ? __pfx_hci_event_packet+0x10/0x10 [ 55.871345][ T5972] ? kcov_remote_start+0x3c9/0x6d0 [ 55.871365][ T5972] ? lockdep_hardirqs_on+0x7c/0x110 [ 55.871391][ T5972] hci_rx_work+0x2c5/0x16b0 [ 55.871411][ T5972] ? rcu_is_watching+0x12/0xc0 [ 55.871435][ T5972] process_one_work+0x9cc/0x1b70 [ 55.871464][ T5972] ? __pfx_process_one_work+0x10/0x10 [ 55.871489][ T5972] ? assign_work+0x1a0/0x250 [ 55.871508][ T5972] worker_thread+0x6c8/0xf10 [ 55.871537][ T5972] ? __pfx_worker_thread+0x10/0x10 [ 55.871556][ T5972] kthread+0x3c2/0x780 [ 55.871573][ T5972] ? __pfx_kthread+0x10/0x10 [ 55.871592][ T5972] ? rcu_is_watching+0x12/0xc0 [ 55.871611][ T5972] ? __pfx_kthread+0x10/0x10 [ 55.871629][ T5972] ret_from_fork+0x56a/0x730 [ 55.871645][ T5972] ? __pfx_kthread+0x10/0x10 [ 55.871662][ T5972] ret_from_fork_asm+0x1a/0x30 [ 55.871694][ T5972] [ 55.871716][ T5972] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 55.922515][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 55.923789][ T5972] Bluetooth: hci0: failed to register connection device [ 55.938995][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 55.946756][ T5972] ================================================================== [ 55.965514][ T5972] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0xdb9/0xf80 [ 55.968022][ T5972] Read of size 8 at addr ffff888029ebd480 by task kworker/u33:3/5972 [ 55.971813][ T5972] [ 55.972845][ T5972] CPU: 1 UID: 0 PID: 5972 Comm: kworker/u33:3 Not tainted syzkaller #0 PREEMPT(full) [ 55.972871][ T5972] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 55.972886][ T5972] Workqueue: hci0 hci_rx_work [ 55.972912][ T5972] Call Trace: [ 55.972920][ T5972] [ 55.972928][ T5972] dump_stack_lvl+0x116/0x1f0 [ 55.972954][ T5972] print_report+0xcd/0x630 [ 55.972975][ T5972] ? __virt_addr_valid+0x81/0x610 [ 55.973006][ T5972] ? __phys_addr+0xe8/0x180 [ 55.973031][ T5972] ? l2cap_connect_cfm+0xdb9/0xf80 [ 55.973049][ T5972] kasan_report+0xe0/0x110 [ 55.973070][ T5972] ? l2cap_connect_cfm+0xdb9/0xf80 [ 55.973091][ T5972] l2cap_connect_cfm+0xdb9/0xf80 [ 55.973113][ T5972] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 55.973134][ T5972] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 55.973153][ T5972] le_conn_complete_evt+0x1662/0x1d70 [ 55.973175][ T5972] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 55.973192][ T5972] ? hci_event_packet+0x459/0x11c0 [ 55.973218][ T5972] hci_le_conn_complete_evt+0x23c/0x370 [ 55.973238][ T5972] hci_le_meta_evt+0x354/0x5e0 [ 55.973258][ T5972] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 55.973277][ T5972] hci_event_packet+0x682/0x11c0 [ 55.973294][ T5972] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 55.973314][ T5972] ? __pfx_hci_event_packet+0x10/0x10 [ 55.973332][ T5972] ? kcov_remote_start+0x3c9/0x6d0 [ 55.973352][ T5972] ? lockdep_hardirqs_on+0x7c/0x110 [ 55.973377][ T5972] hci_rx_work+0x2c5/0x16b0 [ 55.973397][ T5972] ? rcu_is_watching+0x12/0xc0 [ 55.973419][ T5972] process_one_work+0x9cc/0x1b70 [ 55.973442][ T5972] ? __pfx_process_one_work+0x10/0x10 [ 55.973463][ T5972] ? assign_work+0x1a0/0x250 [ 55.973482][ T5972] worker_thread+0x6c8/0xf10 [ 55.973506][ T5972] ? __pfx_worker_thread+0x10/0x10 [ 55.973525][ T5972] kthread+0x3c2/0x780 [ 55.973543][ T5972] ? __pfx_kthread+0x10/0x10 [ 55.973561][ T5972] ? rcu_is_watching+0x12/0xc0 [ 55.973583][ T5972] ? __pfx_kthread+0x10/0x10 [ 55.973601][ T5972] ret_from_fork+0x56a/0x730 [ 55.973618][ T5972] ? __pfx_kthread+0x10/0x10 [ 55.973635][ T5972] ret_from_fork_asm+0x1a/0x30 [ 55.973662][ T5972] [ 55.973669][ T5972] [ 56.049084][ T5972] Allocated by task 5972: [ 56.050449][ T5972] kasan_save_stack+0x33/0x60 [ 56.051924][ T5972] kasan_save_track+0x14/0x30 [ 56.053392][ T5972] __kasan_kmalloc+0xaa/0xb0 [ 56.054848][ T5972] l2cap_chan_create+0x44/0x920 [ 56.056560][ T5972] l2cap_sock_alloc.constprop.0+0xf5/0x1d0 [ 56.058532][ T5972] l2cap_sock_new_connection_cb+0x101/0x240 [ 56.060339][ T5972] l2cap_connect_cfm+0x4c7/0xf80 [ 56.061863][ T5972] le_conn_complete_evt+0x1662/0x1d70 [ 56.063546][ T5972] hci_le_conn_complete_evt+0x23c/0x370 [ 56.065232][ T5972] hci_le_meta_evt+0x354/0x5e0 [ 56.067019][ T5972] hci_event_packet+0x682/0x11c0 [ 56.068770][ T5972] hci_rx_work+0x2c5/0x16b0 [ 56.070182][ T5972] process_one_work+0x9cc/0x1b70 [ 56.071708][ T5972] worker_thread+0x6c8/0xf10 [ 56.073126][ T5972] kthread+0x3c2/0x780 [ 56.074404][ T5972] ret_from_fork+0x56a/0x730 [ 56.075871][ T5972] ret_from_fork_asm+0x1a/0x30 [ 56.077797][ T5972] [ 56.078586][ T5972] Freed by task 6062: [ 56.080193][ T5972] kasan_save_stack+0x33/0x60 [ 56.082129][ T5972] kasan_save_track+0x14/0x30 [ 56.083857][ T5972] kasan_save_free_info+0x3b/0x60 [ 56.085595][ T5972] __kasan_slab_free+0x60/0x70 [ 56.087558][ T5972] kfree+0x2b4/0x4d0 [ 56.089096][ T5972] l2cap_chan_put+0x216/0x2c0 [ 56.090584][ T5972] l2cap_sock_cleanup_listen+0x4d/0x2a0 [ 56.092290][ T5972] l2cap_sock_release+0x69/0x250 [ 56.093876][ T5972] __sock_release+0xb0/0x270 [ 56.095342][ T5972] sock_close+0x1c/0x30 [ 56.096915][ T5972] __fput+0x3ff/0xb70 [ 56.098191][ T5972] task_work_run+0x150/0x240 [ 56.099661][ T5972] exit_to_user_mode_loop+0xeb/0x110 [ 56.101306][ T5972] do_syscall_64+0x41c/0x4e0 [ 56.102763][ T5972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.104625][ T5972] [ 56.105385][ T5972] The buggy address belongs to the object at ffff888029ebd000 [ 56.105385][ T5972] which belongs to the cache kmalloc-2k of size 2048 [ 56.110110][ T5972] The buggy address is located 1152 bytes inside of [ 56.110110][ T5972] freed 2048-byte region [ffff888029ebd000, ffff888029ebd800) [ 56.114344][ T5972] [ 56.115140][ T5972] The buggy address belongs to the physical page: [ 56.117330][ T5972] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29eb8 [ 56.119984][ T5972] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 56.122597][ T5972] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 56.124940][ T5972] page_type: f5(slab) [ 56.126312][ T5972] raw: 00fff00000000040 ffff88801b842f00 ffffea0000aa2e00 dead000000000002 [ 56.129037][ T5972] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 56.131698][ T5972] head: 00fff00000000040 ffff88801b842f00 ffffea0000aa2e00 dead000000000002 [ 56.134411][ T5972] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 56.137055][ T5972] head: 00fff00000000003 ffffea0000a7ae01 00000000ffffffff 00000000ffffffff [ 56.139738][ T5972] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 56.142395][ T5972] page dumped because: kasan: bad access detected [ 56.144394][ T5972] page_owner tracks the page as allocated [ 56.146221][ T5972] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5962, tgid 5962 (syz-executor), ts 52847714185, free_ts 34227537045 [ 56.152674][ T5972] post_alloc_hook+0x1c0/0x230 [ 56.154218][ T5972] get_page_from_freelist+0x132b/0x38e0 [ 56.155964][ T5972] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 56.158140][ T5972] alloc_pages_mpol+0x1fb/0x550 [ 56.159678][ T5972] new_slab+0x247/0x330 [ 56.160983][ T5972] ___slab_alloc+0xcf2/0x1750 [ 56.162465][ T5972] __slab_alloc.constprop.0+0x56/0xb0 [ 56.164177][ T5972] __kmalloc_cache_noprof+0xfb/0x3e0 [ 56.165867][ T5972] rtnl_newlink+0x11b/0x2000 [ 56.167541][ T5972] rtnetlink_rcv_msg+0x95e/0xe90 [ 56.169168][ T5972] netlink_rcv_skb+0x155/0x420 [ 56.170772][ T5972] netlink_unicast+0x5aa/0x870 [ 56.172359][ T5972] netlink_sendmsg+0x8d1/0xdd0 [ 56.173913][ T5972] __sys_sendto+0x4a0/0x520 [ 56.175470][ T5972] __x64_sys_sendto+0xe0/0x1c0 [ 56.177066][ T5972] do_syscall_64+0xcd/0x4e0 [ 56.178546][ T5972] page last free pid 5777 tgid 5777 stack trace: [ 56.180561][ T5972] __free_frozen_pages+0x7d5/0x10f0 [ 56.182244][ T5972] __put_partials+0x165/0x1c0 [ 56.183763][ T5972] qlist_free_all+0x4d/0x120 [ 56.185258][ T5972] kasan_quarantine_reduce+0x195/0x1e0 [ 56.187125][ T5972] __kasan_slab_alloc+0x69/0x90 [ 56.188705][ T5972] __kmalloc_noprof+0x1d4/0x510 [ 56.190303][ T5972] tomoyo_realpath_from_path+0xc2/0x6e0 [ 56.192121][ T5972] tomoyo_path_perm+0x274/0x460 [ 56.193678][ T5972] security_inode_getattr+0x116/0x290 [ 56.195447][ T5972] vfs_fstat+0x4b/0xe0 [ 56.196891][ T5972] __do_sys_newfstat+0x87/0x100 [ 56.198770][ T5972] do_syscall_64+0xcd/0x4e0 [ 56.200684][ T5972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.203164][ T5972] [ 56.204200][ T5972] Memory state around the buggy address: [ 56.206533][ T5972] ffff888029ebd380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.209821][ T5972] ffff888029ebd400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.212823][ T5972] >ffff888029ebd480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.215423][ T5972] ^ [ 56.216775][ T5972] ffff888029ebd500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.220055][ T5972] ffff888029ebd580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.223359][ T5972] ================================================================== [ 56.229809][ T5972] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 56.232179][ T5972] CPU: 1 UID: 0 PID: 5972 Comm: kworker/u33:3 Not tainted syzkaller #0 PREEMPT(full) [ 56.235210][ T5972] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 56.238791][ T5972] Workqueue: hci0 hci_rx_work [ 56.240339][ T5972] Call Trace: [ 56.241453][ T5972] [ 56.242463][ T5972] dump_stack_lvl+0x3d/0x1f0 [ 56.243990][ T5972] vpanic+0x6e8/0x7a0 [ 56.245383][ T5972] ? __pfx_vpanic+0x10/0x10 [ 56.247144][ T5972] ? l2cap_connect_cfm+0xdb9/0xf80 [ 56.249223][ T5972] panic+0xca/0xd0 [ 56.250443][ T5972] ? __pfx_panic+0x10/0x10 [ 56.251894][ T5972] ? l2cap_connect_cfm+0xdb9/0xf80 [ 56.253549][ T5972] ? preempt_schedule_common+0x44/0xc0 [ 56.255310][ T5972] ? preempt_schedule_thunk+0x16/0x30 [ 56.257176][ T5972] check_panic_on_warn+0xab/0xb0 [ 56.258808][ T5972] end_report+0x107/0x170 [ 56.260271][ T5972] kasan_report+0xee/0x110 [ 56.261748][ T5972] ? l2cap_connect_cfm+0xdb9/0xf80 [ 56.263422][ T5972] l2cap_connect_cfm+0xdb9/0xf80 [ 56.265022][ T5972] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 56.266889][ T5972] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 56.268642][ T5972] le_conn_complete_evt+0x1662/0x1d70 [ 56.270394][ T5972] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 56.272229][ T5972] ? hci_event_packet+0x459/0x11c0 [ 56.273892][ T5972] hci_le_conn_complete_evt+0x23c/0x370 [ 56.275710][ T5972] hci_le_meta_evt+0x354/0x5e0 [ 56.277318][ T5972] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 56.279300][ T5972] hci_event_packet+0x682/0x11c0 [ 56.280875][ T5972] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 56.282621][ T5972] ? __pfx_hci_event_packet+0x10/0x10 [ 56.284324][ T5972] ? kcov_remote_start+0x3c9/0x6d0 [ 56.286029][ T5972] ? lockdep_hardirqs_on+0x7c/0x110 [ 56.287721][ T5972] hci_rx_work+0x2c5/0x16b0 [ 56.289217][ T5972] ? rcu_is_watching+0x12/0xc0 [ 56.290772][ T5972] process_one_work+0x9cc/0x1b70 [ 56.292392][ T5972] ? __pfx_process_one_work+0x10/0x10 [ 56.294111][ T5972] ? assign_work+0x1a0/0x250 [ 56.295631][ T5972] worker_thread+0x6c8/0xf10 [ 56.297261][ T5972] ? __pfx_worker_thread+0x10/0x10 [ 56.298957][ T5972] kthread+0x3c2/0x780 [ 56.300306][ T5972] ? __pfx_kthread+0x10/0x10 [ 56.301925][ T5972] ? rcu_is_watching+0x12/0xc0 [ 56.303503][ T5972] ? __pfx_kthread+0x10/0x10 [ 56.305016][ T5972] ret_from_fork+0x56a/0x730 [ 56.306758][ T5972] ? __pfx_kthread+0x10/0x10 [ 56.308386][ T5972] ret_from_fork_asm+0x1a/0x30 [ 56.310128][ T5972] [ 56.311885][ T5972] Kernel Offset: disabled [ 56.313287][ T5972] Rebooting in 86400 seconds.. VM DIAGNOSIS: 01:37:19 Registers: info registers vcpu 0 CPU#0 RAX=00000000000a01a1 RBX=0000000000000000 RCX=ffffffff8b94cb49 RDX=0000000000000000 RSI=ffffffff8de52d31 RDI=ffffffff8c163380 RBP=fffffbfff1c52ef8 RSP=ffffffff8e207e08 R8 =0000000000000001 R9 =ffffed100d486655 R10=ffff88806a4332ab R11=0000000000000000 R12=0000000000000000 R13=ffffffff8e2977c0 R14=ffffffff90ab7490 R15=0000000000000000 RIP=ffffffff8b94b68f RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d66b2000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000000000000 CR3=00000000566fe000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe4eeb8790 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe4eeb8916 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe4eeb8916 00007ffe4eeb891c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9ca8a12e46 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9ca8a12e53 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9ca8a12e4d ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9ca8a12e61 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9ca8a12ee7 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9ca8a12fc5 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000065 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8564c115 RDI=ffffffff9b118160 RBP=ffffffff9b118120 RSP=ffffc9000366f288 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=6539323038386552 R12=0000000000000000 R13=0000000000000065 R14=ffffffff9b118120 R15=ffffffff8564c0b0 RIP=ffffffff8564c13f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d67b2000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b31812ff8 CR3=000000005656e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=0000000000000fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff8160b383 ffffffff816e528d ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff816e528d ffffffff8160b383 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff8160b383 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe73fc4246 00007ffe73fc424c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3020412e46 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3020412e53 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3020412e4d ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3020412e61 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3020412ee7 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3020412fc5 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff823d75d3 ffffffff823d758d ffffffff82341251 ffffffff8234104a ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff823d7766 ffffffff823d7749 ffffffff00040008 0000000f0010000c ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff823d758d ffffffff82341251 ffffffff8234104a ffffffff8160ba6e ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff88806a541e80 RCX=ffffffff81af9d91 RDX=ffff888021a1a440 RSI=ffffffff81af9d6b RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc9000169f888 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=1ffff11004c6099a R12=dffffc0000000000 R13=ffffed100d4a83d1 R14=0000000000000001 R15=0000000000000001 RIP=ffffffff81af9d6d RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880d68b2000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000001b316f4ff8 CR3=000000000e380000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000008001 Opmask01=0000000000000000 Opmask02=0000000000000fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff812c7503 ffffffff812c7503 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff812c7503 ffffffff812c7503 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff812c7503 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffe4eeb8916 00007ffe4eeb891c ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9ca8a12e46 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9ca8a12e53 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9ca8a12e4d ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9ca8a12e61 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9ca8a12ee7 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9ca8a12fc5 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff816cc628 ffffffff8160ba45 ffffffff8160b9f3 ffffffff8160b38f ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff823d7a17 ffffffff823d7819 ffffffff00040008 000c00130014000c ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff823d7749 ffffffff823d7604 ffffffff823d75d3 ffffffff823d758d ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=ffffffff89384a40 RBX=ffffffff8cd8c540 RCX=ffffc900046a1000 RDX=1ffffffff19b18aa RSI=0000000000000001 RDI=ffff88810a385b00 RBP=0000000000000000 RSP=ffffc900033efaa0 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=0000000000000000 R13=000000000000c04a R14=dffffc0000000000 R15=ffff88810a385b00 RIP=ffffffff89384a40 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f9ca98966c0 ffffffff 00c00000 GS =0000 ffff8880d69b2000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000200000003000 CR3=00000000550ac000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000fffe0000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000561e22053600 0000561e22053600 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffb2fbcaa0 0000003000000010 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 2323232323232323 2323232323232323 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000030 4432436964696d2f 646e732f7665642f ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000013 4411434a474a4e0c 474d500c5546470c ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000