last executing test programs: 485.821469ms ago: executing program 3 (id=4): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000880)={'bridge_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001c000701080000000000000007000000", @ANYRES32=r1, @ANYBLOB="e04f00000a000200aaaaaaaaaa0c"], 0x28}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x12000000, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c00000010000304000000000000000000007400", @ANYRES32=r3, @ANYBLOB="08000000000000000a000100"], 0x2c}}, 0x0) 366.200768ms ago: executing program 3 (id=6): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000640)={{r0}, &(0x7f00000005c0), &(0x7f0000000600)='%pI4 \x00'}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r1}, 0x10) setitimer(0x0, 0x0, 0x0) 71.163564ms ago: executing program 3 (id=7): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x40046207, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f00000003c0)=[@increfs], 0x0, 0x0, 0x0}) dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x10, 0x0, &(0x7f00000002c0)=[@request_death={0x400c6313}], 0x0, 0x0, 0x0}) 51.784636ms ago: executing program 4 (id=5): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="0200000020"], 0xfe44, 0x0) 0s ago: executing program 4 (id=8): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x5, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b70300000000ffff850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0}, &(0x7f00000002c0), &(0x7f0000000300)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r2, &(0x7f0000004440)={&(0x7f0000000ec0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10, &(0x7f0000004340)=[{&(0x7f0000000f00)="34cbf9c55466da0eadc249236ab3cbf316717306be4c08c8c7da1f1ee04ab4b4eac14995ebdf620ff778a4e3452587e42a3c6aa1bd35dfd99f23b525893bc3b5f9f3bed1986bf8d0dddd7c5cdada611f9bf641e421ed71a842d84fa289a542f941d6e06b2b14e2a706ce30acf7d82f224f3e30cadd9d15f3dddbb29dbeb9f68fb68bedb91e0b1ef48832778fe36699c7ebf101659a8f476c4a065eac71d6d1e7fafc6f25ec2c9a8f431fe347a2d30e912c5b2397613ce784637ec71e37566eb0548b461f71028459c6f137c18737d58b56949d022bf1eaf486692bb76836a233c7879d740ad0beaf5159d3380442824f536a41bb22d08fe53952b9c6fed2605d53311c71b455655f96ea6a87e41e9211e90170b0a2b1a2098175ebcd33d517085d224122264cddadd82a3d11bc4a33ce66108b22b1abc6243d306d8f6b8a2ddb5373c190d8f859a3174a200936b079f85edcac7fc03fb993ec0ff8b83f1fd3f1b888d192d99c7ede5d381784d25410cccf1b0bf26a54f065e1e3ec59cc5704fb658fc980a0ac4287ef884ee82007554be3f1e163c81468d0c26c95e3e12393776e32800bb4f086f19080c4fca3d72e8569a5627ce98f2ae0bdb3ec42c23847d47e10b1c58da7e9cea990da842d96e3a51ed7d892f7b28a10486424a69a9109ebd4d7d5a3768400ac000a6d7556ca192e5cd45efb82001ac7b53e03036b6019a07ffb545cd3853e077f08a015f6232488c1139a9409c95ed005261e36b307406ba5714ef395129345866109341feb6c7c458ce08c147a983b46375ddb3621cee0312ba1a434bcd6081e1a8ae8b6d518988b9965faf9aff86df8173b93342cceaec357a100e59b4d66553633626b0b12e9622b8f8fdfe26545b87c57f8ce8609fb8e19b0f6d1cd64e8de85c7327f543b2f38cf3086b57f85e1aaa4add723e4bc4e3ea2c27acec1e545ae3fc870bd42422f6eaf17a1f82699c9cadf224ea1e5d1705b49118d91cc3731aeed60e41bf15a9613aeda8e63a29bc7a95b2d993d23269a310b91f69d16a71243c0f4080d3359f5ddd63c7032bef14ab25eb7df4b28b2132bcbf94a281c8f5de79885a6d679f145fca292b599bb09a1864726d86b65d4781408320b968e2224c23ce7a56d8892970043737ae47f071aaeb219716bc21e3304e301eb5cd32aea951a70621eb870214a72e6c474c3a20f5bd8e089ba16326cc9a80a1a4f5f0e8f58629e20b1c73eb8af330744b187a5cfdb410466378313700ca44eb6dcbc8f3d70f58e134202546f0b1a3b61a298f2a1184b1533bdad308fa2f960087e0f239d2ccbaee3889ddc1a2bea2183b98854d255a6f708909134fab83f42f13e7604f602e264f4a3b2b2a08c673c7ce2813218159b472d3b20ecbf26dd2f7b3ba5298a4ff7444ea0936e098c126f590b05e7697ed8a3d52ba1abc7285de2f160b9b081cb775a5ab77aad1bb98d47e3da53fc4c11d4db47de1e4e6f56ad671f5d8389b33260cc546e4f0bf34fec9b2abd209e6b89e6e381367774676ed6e6eaffe42b07241c276f3c84f17a0762de83eb769bdf28991ddbc23758f01c9ecfba4ab2ca2118fcedd7adde9ff47f643c13e3ad2f13b576985128f233e329fe269d5745cd2b30e5762452a4ff58fdec30623175f8d575ced1c43411e2869aadbe6f1e79a010bca334cb08d545bc2808f359b7777d1bb5675ee210574b9f72cdeb071e07eeaa0988086213a37a972647cf21d3a3bcbd7359da327bacad41b93c5e0e494669109dddcec781774f248f5663e4fac187d42ffccf68335de2adac4f8d3e1bf04b95a9464960186ed019773ffeda18f9827a61edc5fc4088eb0965cb1bd8af1185aa3972b8f73839b4611e303bcbc1f84a330f60fa0a7795ea3cffe0e338406533e12c7deef0b5906c513eab4619a8f02fdd65dcfb7297ef971c4601ad079f7ad38278ae3ff455b37d5492af546975535450693fd4593c8157b3fdb16fd3a106d2f1509d1c06dabb8933269d790a1c5e5f7bdd4a57e1e670d7043cfed88c365b5f8eefe530ef7da5322df981723332c088fce89c2ceee23b420f64332243b9c606d67d538810a94e0ffbd37a119d8fc4d6caec0def40e62613873c74feabde63e12cb2016c1d35cf1bb95bf59e01a63be8825cb3118b74b106f21eef5ee2f41e5fb39fdde058050f780d98ced247c66fc3a03ba04edaf14d698859ba303d511cf0845dc5e269aef2287770a247fd5ae1299b45819ff41725f9da3e4dab7770eb83992b53ae9a9de69e764f6e3aee3e27cfb1bacf531a91605894ae209da6d25872fb54bf36b2ed450b51aa8ee4875b9bc7e55753f61e12a323d301faceb2ecff0686b1359343a94774a6a098dc2df440725cd8331f527d4e22f8090d8879ef4765849705b99465d7ebdf661b81c303d13b87270dc1f227d5954fcbc93bbce6fde2a1f8d573d9cd8130c173a14706f1e9dabc4d16a5b003dd3239faf91769e25cf007b0623141e4e57f11746cd62f20d73956fa84c6a12e1756b6671a64bd7a474ba425907e1a61ba6d2ffa1149165a713a141bfec0f1af51afebdb84d5f14eb51acc284403627d6ce48fd028dc04e00ed963de37f85d155c33e2b4ceb09044c4f1c7791348216b674a8831a232a638f8bfb396fabbe1f880944bc5dcac55df8abc78f804306c88617acfd4adfbb5a055d3d3e91abb763ad84e701cc5679498e04600570f4b2e57c70542043dc590ab363215e6ab3f0bd89383748783d01c9227229edac723d4e2eaa061a44f2630691f25ca6093775183fdf432e01322203dd654b336670116a6a52a27ff2032b1103a4e4be0cc2fb05b24352d72e374e90cc3db2a5a691c7f6b8d1058d7730433c742d8ce52074318b1bce9bb104cf90c8b7f65293c2b74434661444f38d94d977e03433440517f6155a3cad2621c5502dd6148b867a40e6a40be4c8265ec2164b5257f06da1784e98991f42003ced4ba67c23b8c654b542d2d31168fd853cf56cc2c464d7a8a9fbcd2715968788f8527c597ab5f917753c1f1708d2c19972373c5a22af71847de22b9f1e9d38a04ea4dd291da3099cb836a696350bf1263c3c275c27b8b82f604625451a24490b0b5367c2fd05e699546ddf17709d2e2c2710f4361d9dd6e2de2b4353b7f4f8141f6f989dc1a798a974565978e4f9ec0c59a7dbc04bcab072c8513b9ca782c22cdd31fb116c10081740fd8f7d0cbd5c54f1069297f20b45d79bb9ace8e851a655fedf47b2dc76fd30b9ba9f09c9b50d6910ffcdec7078c36fe1e9b19dbb110197496349560a43c0ab42b4ce286643e73a92246ecb71e95ce0d54114772f8477c7d5604c1a52d2f680c5868cf08a2688dd9fef492a01836112cec824483e77da93d104a9e18d06bddf9a4007740a0537ac1a5e09900acc65d52680212a15b68b0ef887228e06f533c1ca95b8f9d81b9fc6608cb5bacf4b867922999c69d46048ec3f408866789f49fcb176fc99ed9d3e6c357ed2e3ce2665925773e5d86c2ceaf8f18519a00d9d2e19e9a6b16af0a53fd7df6974f5db00494460e7f3de6ff6b642859335e020513bb525adddabf0d7d6ae85e7e56e32ca8acc07fe86b7b445358966ba3914c1dfa7b814d9e846ff02a6a8c8f5713a0f727024b5d1ea7e4ce7c64f9b24dd3337a3df33714c5404403b0304b25a66fe3ac85083965877117b3d721e7922f0ac7e278feeb8dc09f58cbcfbb81b11d4699737f37ac240a24b9c4b2b587e68974f7ca5561856f32e389d32056f7d58e4de24c11bd5c5afaa441120370d0c48341e1b8146a6bbca8c15f23c155d2533e97a8e6496bc00533ec83be8488d020708d97385a03bcbf57cadc2c1e575e1ac134cdb5047f3f88eae0230751626cea1c85da9b74ddace668afebb2dc66d302ddf3c5f8f21ac0c0535d00839457e7cac9282a8e49d018b077e38ea512cf28eacff5d98e880abfb5af2e7c039d2e1f1edaad2642963ef29d715f754e2715caa6af046a298b285e3582d903be726b608619332e1a82be48b0f5adf6838f41ff776e5290de8269794bce8fb971267d036bd6bd30e42df918125d573ced78263251bcae2b7b40f1ba855b4f2472312ea8752c4a0e09468bd25615a6c00a9b44c484c5507b8400537f20890e9499ec94ed2b6aeff21e57c6e8a93d80097f85ac9316b03a5f768721bf7d041bb9a6a03eabd615e3c4d74f56c429d53b8fec4b5e86c5b311a6cd4a86f03e04dab25ad65b68a8b8d9053993fd2440ff2b81768213084c831d31a0f8c646aff9090b5463cbee452abd6318340ec41b50f1deba7ffb60b326751de3f6dbf9b17714299233d5c43071367ece2e53212e7f4e084fea60850d4d16908d9bbbb531fbf72143fdb62d1b40afde3d0b2ac2c94c32e456bbef62f8d677e332aec8ccc8eedbac61e7b89b32d57157a39ad5c456258d9c36db0edc82c2baead990ee78007ed89c8f450e92d5e209cc25f7c13f5909ca404fddbdbeff89cc42350c91e9f1fdf9753c6e95f71257f8cbb97838684461cd1244c938b9939a4e9c7727902b6f1a5434e0a06d3fc221771dd87572ae801c5ce6886122f0c91dae57440ffc7ace4e8e0041a1d245103aaadbfc2ecff622228daed2b0cd30f7f59b2617f6f0571ee4403d84e652d78b8e64d5450b6483ef70582dcda9351f2dddd3a4ac84f514f708d3af6242501bd041beae78e6b29b517b534148ea91ef85653fec824d6ddb0c0fa2555ab2564ba29227b1046b48a11ee0e6aafda9d0b80b0f05a8d057cbeb16264cb579aea3ba2b2000052d03c77844ab7c81be3110a36a27aeffe0ad5a8a7385a1913a64fb2db630e8fc8017828cea60f327c3a510b441d94d32584e55f7c2320d89b2ba3d44d832b8e7c5f45442de9ef37d057e6d0c6664e8d74e23f18336d41a3e38c2cda49050cb32ca7040a388c75741ac07d3befc714df35dc92ff70ad041cf17b70a971c142bb89ecfe25290750e989c8666560a61b62fdc4fadef7f30b6269a669ef99be7e7ba7ddddf99949fedc0c331796988c6eedb5c66cbe2870a2affce0b550c3411a2aaf302481ee93398c0fbc0c815cfe1e78bf8fed7f19f2c2dae17a4533aa85f6b787f8072adda379118d76dbba3cebfc4c8aacbb1f79a28ec3a0ec99816e3c8721ddcde1ce73b0704063474", 0xe24}, {0x0, 0x4000}, {0x0}, {0x0}, {&(0x7f00000020c0), 0x500}], 0x5}, 0x0) kernel console output (not intermixed with test programs): [ 3.338645][ T30] audit: type=1400 audit(1728682113.233:10): avc: denied { getattr } for pid=83 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3.538699][ T100] udevd[100]: starting version 3.2.11 [ 3.594545][ T101] udevd[101]: starting eudev-3.2.11 [ 7.233041][ T112] udevd (112) used greatest stack depth: 22544 bytes left [ 11.306320][ T30] kauditd_printk_skb: 50 callbacks suppressed [ 11.306333][ T30] audit: type=1400 audit(1728682121.213:61): avc: denied { transition } for pid=224 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.310128][ T30] audit: type=1400 audit(1728682121.213:62): avc: denied { noatsecure } for pid=224 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.312665][ T30] audit: type=1400 audit(1728682121.213:63): avc: denied { write } for pid=224 comm="sh" path="pipe:[13472]" dev="pipefs" ino=13472 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 11.315762][ T30] audit: type=1400 audit(1728682121.213:64): avc: denied { rlimitinh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.318468][ T30] audit: type=1400 audit(1728682121.213:65): avc: denied { siginh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.46' (ED25519) to the list of known hosts. [ 17.892833][ T30] audit: type=1400 audit(1728682127.793:66): avc: denied { integrity } for pid=278 comm="syz-executor" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [ 17.897049][ T30] audit: type=1400 audit(1728682127.803:67): avc: denied { mounton } for pid=278 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 17.898046][ T278] cgroup: Unknown subsys name 'net' [ 17.900316][ T30] audit: type=1400 audit(1728682127.803:68): avc: denied { mount } for pid=278 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 17.903842][ T30] audit: type=1400 audit(1728682127.803:69): avc: denied { unmount } for pid=278 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 17.903984][ T278] cgroup: Unknown subsys name 'devices' [ 18.028210][ T278] cgroup: Unknown subsys name 'hugetlb' [ 18.033603][ T278] cgroup: Unknown subsys name 'rlimit' [ 18.174121][ T30] audit: type=1400 audit(1728682128.073:70): avc: denied { setattr } for pid=278 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 18.197050][ T30] audit: type=1400 audit(1728682128.073:71): avc: denied { mounton } for pid=278 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 18.221678][ T30] audit: type=1400 audit(1728682128.073:72): avc: denied { mount } for pid=278 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 18.245615][ T281] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 18.254281][ T30] audit: type=1400 audit(1728682128.163:73): avc: denied { relabelto } for pid=281 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 18.279462][ T30] audit: type=1400 audit(1728682128.163:74): avc: denied { write } for pid=281 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 18.310678][ T30] audit: type=1400 audit(1728682128.213:75): avc: denied { read } for pid=278 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 18.311032][ T278] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 18.743400][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 18.750285][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 18.757673][ T287] device bridge_slave_0 entered promiscuous mode [ 18.771577][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 18.778431][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 18.785643][ T287] device bridge_slave_1 entered promiscuous mode [ 18.805585][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 18.812464][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 18.819828][ T288] device bridge_slave_0 entered promiscuous mode [ 18.836416][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 18.843249][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 18.850541][ T288] device bridge_slave_1 entered promiscuous mode [ 18.885317][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 18.892385][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 18.899623][ T290] device bridge_slave_0 entered promiscuous mode [ 18.912796][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 18.919646][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 18.926841][ T290] device bridge_slave_1 entered promiscuous mode [ 18.959787][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 18.966639][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 18.973840][ T291] device bridge_slave_0 entered promiscuous mode [ 18.991514][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 18.998390][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.005554][ T291] device bridge_slave_1 entered promiscuous mode [ 19.046109][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.052945][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.060207][ T289] device bridge_slave_0 entered promiscuous mode [ 19.066898][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.073729][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.080995][ T289] device bridge_slave_1 entered promiscuous mode [ 19.184813][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.191844][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.198960][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.205716][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.250024][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.256881][ T287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.263966][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.270772][ T287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.282370][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.289228][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.296317][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.303095][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.315145][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 19.322732][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.330007][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.337250][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.344178][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.351432][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.358429][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.399527][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 19.408111][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 19.416391][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 19.424060][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 19.431499][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 19.438783][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 19.446864][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.453682][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.460916][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 19.468849][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.475670][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.482957][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 19.490931][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.497775][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.504894][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 19.512603][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 19.520345][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 19.533012][ T288] device veth0_vlan entered promiscuous mode [ 19.547260][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 19.555160][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.561924][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.569399][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 19.588763][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 19.600550][ T288] device veth1_macvtap entered promiscuous mode [ 19.616102][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 19.624151][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 19.631523][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 19.638711][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 19.646750][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.653572][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.661096][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 19.669143][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.675989][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.694312][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 19.702598][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 19.711011][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 19.719496][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 19.730040][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 19.737828][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 19.749830][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 19.757153][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 19.764307][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 19.772348][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 19.784795][ T290] device veth0_vlan entered promiscuous mode [ 19.791810][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 19.799145][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 19.816000][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 19.824330][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 19.832390][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.839229][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.846543][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 19.853920][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 19.861311][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 19.869510][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 19.877551][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 19.884366][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 19.891892][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 19.900014][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 19.908023][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 19.914855][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 19.922317][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 19.945487][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 19.953912][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 19.962062][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 19.970345][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 19.978805][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 19.986751][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 19.994408][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 20.002289][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.011261][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 20.018992][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 20.035565][ T291] device veth0_vlan entered promiscuous mode [ 20.042340][ T290] device veth1_macvtap entered promiscuous mode [ 20.052559][ T287] device veth0_vlan entered promiscuous mode [ 20.059034][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 20.067969][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 20.075226][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 20.082665][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 20.091072][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 20.099121][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 20.105968][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 20.113171][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 20.121298][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 20.129263][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 20.135935][ T316] syz.3.6 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 20.137181][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 20.154539][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 20.162680][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 20.170798][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 20.178567][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 20.186392][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 20.194397][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 20.202830][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 20.211060][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 20.233444][ T287] device veth1_macvtap entered promiscuous mode [ 20.242919][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 20.251833][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 20.260205][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 20.268505][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 20.277119][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 20.285038][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 20.293194][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 20.301017][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 20.309152][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 20.319382][ T291] device veth1_macvtap entered promiscuous mode [ 20.328517][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 20.336261][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 20.344291][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 20.379739][ T289] device veth0_vlan entered promiscuous mode [ 20.387662][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 20.395682][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 20.406019][ T321] ================================================================== [ 20.410804][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 20.413885][ T321] BUG: KASAN: use-after-free in __list_del_entry_valid+0x2f/0x120 [ 20.427461][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 20.429331][ T321] Read of size 8 at addr ffff88810a057d08 by task kworker/1:3/321 [ 20.438374][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 20.444867][ T321] [ 20.444873][ T321] CPU: 1 PID: 321 Comm: kworker/1:3 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0 [ 20.462258][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 20.464570][ T321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 20.464581][ T321] Workqueue: events binder_deferred_func [ 20.473033][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 20.482362][ T321] [ 20.482379][ T321] Call Trace: [ 20.482388][ T321] [ 20.482395][ T321] dump_stack_lvl+0x151/0x1c0 [ 20.482417][ T321] ? io_uring_drop_tctx_refs+0x190/0x190 [ 20.488697][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 20.495295][ T321] ? panic+0x760/0x760 [ 20.499965][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 20.500590][ T321] ? kasan_quarantine_put+0x34/0x1a0 [ 20.503607][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 20.507880][ T321] print_address_description+0x87/0x3b0 [ 20.507901][ T321] kasan_report+0x179/0x1c0 [ 20.507914][ T321] ? _raw_spin_lock+0xa4/0x1b0 [ 20.507932][ T321] ? __list_del_entry_valid+0x2f/0x120 [ 20.563605][ T321] ? __list_del_entry_valid+0x2f/0x120 [ 20.568895][ T321] __asan_report_load8_noabort+0x14/0x20 [ 20.574363][ T321] __list_del_entry_valid+0x2f/0x120 [ 20.579497][ T321] binder_release_work+0xcd/0x680 [ 20.584344][ T321] binder_deferred_func+0x1847/0x1bc0 [ 20.589557][ T321] ? read_word_at_a_time+0x12/0x20 [ 20.594501][ T321] process_one_work+0x6bb/0xc10 [ 20.599186][ T321] worker_thread+0xad5/0x12a0 [ 20.603698][ T321] ? _raw_spin_lock+0x1b0/0x1b0 [ 20.608387][ T321] kthread+0x421/0x510 [ 20.612289][ T321] ? worker_clr_flags+0x180/0x180 [ 20.617151][ T321] ? kthread_blkcg+0xd0/0xd0 [ 20.621577][ T321] ret_from_fork+0x1f/0x30 [ 20.625833][ T321] [ 20.628694][ T321] [ 20.630865][ T321] Allocated by task 319: [ 20.634941][ T321] ____kasan_kmalloc+0xdb/0x110 [ 20.639628][ T321] __kasan_kmalloc+0x9/0x10 [ 20.643974][ T321] kmem_cache_alloc_trace+0x115/0x210 [ 20.649176][ T321] binder_thread_write+0x9f5/0x6ec0 [ 20.654210][ T321] binder_ioctl_write_read+0x205/0x7300 [ 20.659592][ T321] binder_ioctl+0x371/0x2640 [ 20.664017][ T321] __se_sys_ioctl+0x114/0x190 [ 20.668530][ T321] __x64_sys_ioctl+0x7b/0x90 [ 20.672957][ T321] x64_sys_call+0x98/0x9a0 [ 20.677207][ T321] do_syscall_64+0x3b/0xb0 [ 20.681462][ T321] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 20.687190][ T321] [ 20.689360][ T321] Freed by task 321: [ 20.693092][ T321] kasan_set_track+0x4b/0x70 [ 20.697518][ T321] kasan_set_free_info+0x23/0x40 [ 20.702292][ T321] ____kasan_slab_free+0x126/0x160 [ 20.707239][ T321] __kasan_slab_free+0x11/0x20 [ 20.711839][ T321] slab_free_freelist_hook+0xbd/0x190 [ 20.717047][ T321] kfree+0xc8/0x220 [ 20.720690][ T321] binder_free_ref+0x128/0x260 [ 20.725290][ T321] binder_deferred_func+0x171c/0x1bc0 [ 20.730505][ T321] process_one_work+0x6bb/0xc10 [ 20.735184][ T321] worker_thread+0xad5/0x12a0 [ 20.739699][ T321] kthread+0x421/0x510 [ 20.743605][ T321] ret_from_fork+0x1f/0x30 [ 20.747856][ T321] [ 20.750026][ T321] Last potentially related work creation: [ 20.755581][ T321] kasan_save_stack+0x3b/0x60 [ 20.760268][ T321] __kasan_record_aux_stack+0xd3/0xf0 [ 20.765475][ T321] kasan_record_aux_stack_noalloc+0xb/0x10 [ 20.771118][ T321] call_rcu+0x123/0x10b0 [ 20.775316][ T321] __percpu_ref_switch_mode+0x342/0x620 [ 20.780691][ T321] percpu_ref_kill_and_confirm+0xa3/0x220 [ 20.786242][ T321] blkg_destroy+0x594/0x5f0 [ 20.790582][ T321] blkg_destroy_all+0xd2/0x440 [ 20.795183][ T321] blkcg_exit_queue+0x15/0x20 [ 20.799697][ T321] blk_release_queue+0x148/0x270 [ 20.804468][ T321] kobject_put+0x178/0x260 [ 20.808720][ T321] blk_put_queue+0x19/0x20 [ 20.812976][ T321] scsi_device_dev_release_usercontext+0x58e/0x840 [ 20.819310][ T321] execute_in_process_context+0x1af/0x240 [ 20.824864][ T321] scsi_device_dev_release+0xf8/0x110 [ 20.830070][ T321] device_release+0x95/0x1c0 [ 20.834502][ T321] kobject_put+0x178/0x260 [ 20.838787][ T321] put_device+0x1f/0x30 [ 20.842741][ T321] __scsi_remove_device+0x307/0x370 [ 20.847777][ T321] scsi_probe_and_add_lun+0x2360/0x4320 [ 20.853156][ T321] __scsi_scan_target+0x1ed/0xe30 [ 20.858018][ T321] scsi_scan_host_selected+0x334/0x5f0 [ 20.863312][ T321] scsi_scan_host+0x3a8/0x670 [ 20.867826][ T321] virtscsi_probe+0x930/0xc30 [ 20.872337][ T321] virtio_dev_probe+0x891/0xae0 [ 20.877026][ T321] really_probe+0x28d/0x970 [ 20.881367][ T321] __driver_probe_device+0x1a0/0x310 [ 20.886485][ T321] driver_probe_device+0x54/0x3d0 [ 20.891345][ T321] __driver_attach+0x446/0x590 [ 20.895947][ T321] bus_for_each_dev+0x17b/0x1f0 [ 20.900632][ T321] driver_attach+0x42/0x50 [ 20.904885][ T321] bus_add_driver+0x33f/0x590 [ 20.909403][ T321] driver_register+0x2e2/0x3e0 [ 20.913999][ T321] register_virtio_driver+0x97/0xc0 [ 20.919033][ T321] init+0x66/0xe0 [ 20.922503][ T321] do_one_initcall+0x182/0x610 [ 20.927103][ T321] do_initcall_level+0x186/0x310 [ 20.931877][ T321] do_initcalls+0x4e/0x90 [ 20.936043][ T321] do_basic_setup+0x81/0x90 [ 20.940382][ T321] kernel_init_freeable+0x2c1/0x400 [ 20.945416][ T321] kernel_init+0x1d/0x290 [ 20.949582][ T321] ret_from_fork+0x1f/0x30 [ 20.953835][ T321] [ 20.956005][ T321] The buggy address belongs to the object at ffff88810a057d00 [ 20.956005][ T321] which belongs to the cache kmalloc-64 of size 64 [ 20.969720][ T321] The buggy address is located 8 bytes inside of [ 20.969720][ T321] 64-byte region [ffff88810a057d00, ffff88810a057d40) [ 20.982566][ T321] The buggy address belongs to the page: [ 20.988045][ T321] page:ffffea00042815c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a057 [ 20.998099][ T321] flags: 0x4000000000000200(slab|zone=1) [ 21.003578][ T321] raw: 4000000000000200 ffffea0004281200 0000000500000005 ffff888100042780 [ 21.011990][ T321] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 21.020404][ T321] page dumped because: kasan: bad access detected [ 21.026662][ T321] page_owner tracks the page as allocated [ 21.032208][ T321] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 1826367192, free_ts 0 [ 21.046875][ T321] post_alloc_hook+0x1a3/0x1b0 [ 21.051475][ T321] prep_new_page+0x1b/0x110 [ 21.055813][ T321] get_page_from_freelist+0x3550/0x35d0 [ 21.061197][ T321] __alloc_pages+0x27e/0x8f0 [ 21.065639][ T321] new_slab+0x9a/0x4e0 [ 21.069527][ T321] ___slab_alloc+0x39e/0x830 [ 21.073953][ T321] __slab_alloc+0x4a/0x90 [ 21.078119][ T321] kmem_cache_alloc_trace+0x142/0x210 [ 21.083329][ T321] percpu_ref_init+0xc8/0x340 [ 21.087840][ T321] blk_alloc_queue+0x3cb/0x570 [ 21.092439][ T321] blk_mq_init_queue+0x36/0xd0 [ 21.097040][ T321] scsi_alloc_sdev+0x674/0xa10 [ 21.101639][ T321] scsi_probe_and_add_lun+0x199/0x4320 [ 21.106936][ T321] __scsi_scan_target+0x1ed/0xe30 [ 21.111793][ T321] scsi_scan_host_selected+0x334/0x5f0 [ 21.117088][ T321] scsi_scan_host+0x3a8/0x670 [ 21.121603][ T321] page_owner free stack trace missing [ 21.126811][ T321] [ 21.128978][ T321] Memory state around the buggy address: [ 21.134453][ T321] ffff88810a057c00: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 21.142348][ T321] ffff88810a057c80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.150332][ T321] >ffff88810a057d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.158237][ T321] ^ [ 21.162405][ T321] ffff88810a057d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.170294][ T321] ffff88810a057e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.178191][ T321] ================================================================== [ 21.186091][ T321] Disabling lock debugging due to kernel taint [ 21.192493][ T321] general protection fault, probably for non-canonical address 0xfed3fc25c0000028: 0000 [#1] PREEMPT SMP KASAN [ 21.204011][ T321] KASAN: maybe wild-memory-access in range [0xf6a0012e00000140-0xf6a0012e00000147] [ 21.213118][ T321] CPU: 1 PID: 321 Comm: kworker/1:3 Tainted: G B 5.15.167-syzkaller-02003-g5e4635681cf1 #0 [ 21.224224][ T321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 21.234123][ T321] Workqueue: events binder_deferred_func [ 21.239588][ T321] RIP: 0010:__list_del_entry_valid+0x75/0x120 [ 21.245490][ T321] Code: 1e 48 85 db 74 68 4d 85 ff 74 74 48 ba 00 01 00 00 00 00 ad de 48 39 d3 74 76 48 83 c2 22 49 39 d7 74 7e 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 cc 90 48 ff 49 8b 17 4c 39 f2 75 [ 21.264932][ T321] RSP: 0018:ffffc90000b87c00 EFLAGS: 00010a06 [ 21.270833][ T321] RAX: 1ed40025c0000028 RBX: ffff88810b327400 RCX: ffffffff826a1859 [ 21.278643][ T321] RDX: dead000000000122 RSI: 0000000000000282 RDI: ffff88810a057d00 [ 21.286457][ T321] RBP: ffffc90000b87c20 R08: ffffffff8141997b R09: 0000000000000003 [ 21.294270][ T321] R10: fffffbfff0e9a04c R11: dffffc0000000001 R12: dffffc0000000000 [ 21.302082][ T321] R13: ffff88810a057d00 R14: ffff88810a057d00 R15: f6a0012e00000141 [ 21.309889][ T321] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 21.318659][ T321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.325075][ T321] CR2: 0000001b2df1cff8 CR3: 0000000006a0f000 CR4: 00000000003506a0 [ 21.332893][ T321] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 21.340702][ T321] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 21.348511][ T321] Call Trace: [ 21.351634][ T321] [ 21.354414][ T321] ? __die_body+0x62/0xb0 [ 21.358578][ T321] ? die_addr+0x9f/0xd0 [ 21.362572][ T321] ? exc_general_protection+0x311/0x4b0 [ 21.367953][ T321] ? check_panic_on_warn+0x65/0xb0 [ 21.372898][ T321] ? asm_exc_general_protection+0x27/0x30 [ 21.378549][ T321] ? check_panic_on_warn+0x5b/0xb0 [ 21.383507][ T321] ? __list_del_entry_valid+0x49/0x120 [ 21.388884][ T321] ? __list_del_entry_valid+0x75/0x120 [ 21.394170][ T321] binder_release_work+0xcd/0x680 [ 21.399035][ T321] binder_deferred_func+0x1847/0x1bc0 [ 21.404237][ T321] ? read_word_at_a_time+0x12/0x20 [ 21.409184][ T321] process_one_work+0x6bb/0xc10 [ 21.413875][ T321] worker_thread+0xad5/0x12a0 [ 21.418386][ T321] ? _raw_spin_lock+0x1b0/0x1b0 [ 21.423076][ T321] kthread+0x421/0x510 [ 21.426977][ T321] ? worker_clr_flags+0x180/0x180 [ 21.431837][ T321] ? kthread_blkcg+0xd0/0xd0 [ 21.436263][ T321] ret_from_fork+0x1f/0x30 [ 21.440518][ T321] [ 21.443380][ T321] Modules linked in: [ 21.447275][ T321] ---[ end trace fb8fd2c213f3d652 ]--- [ 21.452530][ T321] RIP: 0010:__list_del_entry_valid+0x75/0x120 [ 21.458451][ T321] Code: 1e 48 85 db 74 68 4d 85 ff 74 74 48 ba 00 01 00 00 00 00 ad de 48 39 d3 74 76 48 83 c2 22 49 39 d7 74 7e 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 cc 90 48 ff 49 8b 17 4c 39 f2 75 [ 21.477891][ T321] RSP: 0018:ffffc90000b87c00 EFLAGS: 00010a06 [ 21.483772][ T321] RAX: 1ed40025c0000028 RBX: ffff88810b327400 RCX: ffffffff826a1859 [ 21.491608][ T321] RDX: dead000000000122 RSI: 0000000000000282 RDI: ffff88810a057d00 [ 21.499418][ T321] RBP: ffffc90000b87c20 R08: ffffffff8141997b R09: 0000000000000003 [ 21.501773][ T327] syz.4.8 (327) used greatest stack depth: 22144 bytes left [ 21.507253][ T321] R10: fffffbfff0e9a04c R11: dffffc0000000001 R12: dffffc0000000000 [ 21.522412][ T321] R13: ffff88810a057d00 R14: ffff88810a057d00 R15: f6a0012e00000141 [ 21.530228][ T321] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 21.539165][ T321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.545558][ T321] CR2: 0000001b2df1cff8 CR3: 0000000006a0f000 CR4: 00000000003506a0 [ 21.553394][ T321] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 21.561194][ T321] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 21.569024][ T321] Kernel panic - not syncing: Fatal exception [ 21.575076][ T321] Kernel Offset: disabled [ 21.579197][ T321] Rebooting in 86400 seconds..