last executing test programs: 1.113259054s ago: executing program 3 (id=443): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r0) sendmsg$TIPC_NL_KEY_FLUSH(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) 1.074002197s ago: executing program 3 (id=445): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_HYPERV_SYNIC2(r2, 0x4068aea3, &(0x7f0000000140)) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x400000b1, 0x0, 0xfffffffffffffff7}]}) 1.073656368s ago: executing program 3 (id=446): sched_setaffinity(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x7, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x10001, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x6, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x5, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x401, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x5, 0xfffffff8, 0x1ff, 0x81, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x77, 0x9, 0x99, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x4, 0xfffffffe, 0xffff, 0x637b, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x800008d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x5, 0x9, 0xa, 0x3, 0x9, 0x1, 0xc7, 0xfff, 0x10000a, 0x10000002, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x3436, 0x3, 0xd, 0x3, 0x601, 0x0, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x2, 0x7a, 0x9, 0x6, 0x10000, 0xfffffffd, 0x8, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x6300, 0x40, 0xfb, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x100009, 0x8, 0x32d, 0x0, 0x1ff, 0x2000803, 0xfffffffc, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x7, 0xc, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0x2, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="5500000018007fd500fe01b2a4", 0xd}], 0x1}, 0x48000) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x5, 0xf5, 0xf, 0x5, 0x6, 0x7, 0x1, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x100400}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 1.02248449s ago: executing program 3 (id=448): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00') r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00'}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="800037bbfa", 0x5, 0x4044090, 0x0, 0x52) bpf$MAP_CREATE(0x0, 0x0, 0x48) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="24000000200001ffffff02000004000000e8f9ed52c039ea4ec0b832b7cc4b58df3dae1ffd90c790e92845d312e8000000"], 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x8080) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0x8, 0x9, 0x7f, 0x2, 0x1, 0x7f, 0x6, 0xfffffff9, 0xfffffff2, 0x5f, 0xa, 0x3, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x5, 0x24, 0xffffffff, 0xfffffffe, 0x1f461e2c, 0x0, 0xe661, 0x4, 0x9, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x0, 0x103, 0x5, 0x5, 0x3c, 0x91, 0x6, 0xfffffffd, 0x5, 0x5, 0x0, 0x8, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x8, 0x12f, 0x8000, 0x10, 0x8, 0x129432e2, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffe, 0x7, 0x0, 0x7, 0x4, 0x2f, 0xe, 0x312, 0x78, 0x82, 0xa, 0x4, 0x4000, 0x8000, 0x5, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x7ff, 0x5f31, 0x4, 0x0, 0x6, 0x2, 0x9, 0x4, 0x9, 0x10000008, 0x9, 0x6, 0x5, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x7f, 0x2, 0x5, 0x10003, 0x4, 0x1, 0x7, 0xb, 0x9, 0x48c93690, 0x3, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8ce, 0x9, 0x1, 0x8003, 0x0, 0x5, 0xe, 0x4, 0x5, 0x5, 0x0, 0x4, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x6, 0x3, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2, 0x0, 0xa2, 0x7, 0x53cf697b, 0x5, 0x3f, 0x54fe12d6, 0x80000001, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x6, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x3], [0x9, 0xbb2b, 0x3, 0x7, 0x5, 0x938, 0x6, 0x6, 0x2, 0x5, 0xce7, 0x1ff, 0x6, 0x8ad, 0x3, 0x3, 0x101, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x80, 0x14c, 0x60a7, 0x6, 0x5, 0xffffffff, 0x7ffffffe, 0x5, 0x8, 0xc8, 0x3, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xd, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa22, 0x8, 0x9, 0x1, 0x6c1b, 0x0, 0x5, 0x5, 0xb1c, 0x1, 0x200, 0xffff3442, 0xfff]}, 0x45c) io_submit(0x0, 0x0, 0x0) syz_clone(0x80, 0x0, 0x0, 0x0, 0x0, 0x0) 800.770793ms ago: executing program 1 (id=454): r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d0102030109021200"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000500)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000300)={0x2c, &(0x7f0000000140)={0x20, 0xb66c32b63972d1cc}, 0x0, 0x0, 0x0, 0x0}) 609.873394ms ago: executing program 0 (id=459): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0x0, 0x0, 0x0}) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) 566.454297ms ago: executing program 0 (id=462): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) ioctl$FITRIM(r0, 0xc0185879, 0x0) 566.352757ms ago: executing program 0 (id=463): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000140)='freezer.parent_freezing\x00', 0x0, 0x0) readv(r1, &(0x7f0000000040)=[{&(0x7f0000001640)=""/244, 0xf4}], 0x1) 552.816208ms ago: executing program 0 (id=464): r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0}) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x46, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, 0x0, 0x12000040) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, &(0x7f0000000380)={0x1c, &(0x7f0000000300)={0x40}, 0x0, &(0x7f0000000180)}) 392.573517ms ago: executing program 2 (id=465): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)={0x2c, r1, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8}}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400c2}, 0x20000800) 362.145008ms ago: executing program 2 (id=466): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xfffb, 0x3}, 0x6) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) accept4$nfc_llcp(0xffffffffffffffff, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f00000002c0), 0x8) setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000800)=ANY=[@ANYBLOB="b33859811d7960f06407cb8110a6"], 0x8) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000700)={{{@in=@remote, @in6=@private2, 0x4e24, 0x0, 0x4e22, 0x0, 0x2, 0x80, 0xa0, 0x1}, {0x2, 0x100000001, 0xffffffffffffffff, 0x7, 0x3, 0xc67d, 0x6, 0x32e}, {0x7fffffff, 0x4, 0x7, 0x2}, 0x7, 0x0, 0x2, 0x0, 0x0, 0x1}, {{@in6=@empty, 0x4d5}, 0x2, @in=@multicast1, 0x3501, 0x1, 0x1, 0x3b, 0x1c000, 0xd596, 0x4}}, 0xe8) r2 = socket(0x10, 0x803, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0xc000) sendmsg$nl_route_sched(r2, 0x0, 0x24040084) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x42, 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000880)={'bridge_slave_0\x00', 0x0}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@bridge_delneigh={0x28, 0x1e, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r5, 0x0, 0x4}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}]}, 0x28}}, 0x0) bind$xdp(r3, &(0x7f0000000080)={0x2c, 0x2, r5, 0x32, r2}, 0x10) write$cgroup_int(r3, &(0x7f0000000040)=0x1f00, 0x12) 361.418059ms ago: executing program 2 (id=467): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r4 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4) ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f00000002c0)={0x1, r4}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000800)=""/90}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000340)=0x1) 306.920872ms ago: executing program 4 (id=468): r0 = socket$igmp(0x2, 0x3, 0x2) sendmsg$inet(r0, &(0x7f0000001ec0)={&(0x7f0000000c00)={0x2, 0x4e22, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000001dc0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xf}, @loopback}}}], 0x20}, 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) read(r0, &(0x7f0000000200)=""/44, 0x2c) 306.761432ms ago: executing program 4 (id=469): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021140011800c000100636f756e74657200500000000c0a01018c00000000000000070000000900020073797a31000000000900010073797a300000000024000380200000a00800034000000002140007800c000100636f756e746572"], 0xe4}, 0x1, 0x0, 0x0, 0xc800}, 0x0) 306.654072ms ago: executing program 4 (id=470): r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x430}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) 297.000982ms ago: executing program 4 (id=471): r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) bind$802154_raw(r0, &(0x7f0000000180)={0x24, @long={0x3, 0xffff, {0xaaaaaaaaaaaa0002}}}, 0x14) 284.159013ms ago: executing program 1 (id=472): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)={0x20, 0x3, 0x7, 0x101, 0x0, 0x0, {0xa, 0x0, 0x8}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80) 235.015926ms ago: executing program 4 (id=473): r0 = syz_open_dev$evdev(&(0x7f0000001900), 0x0, 0xc80) read$hidraw(r0, 0x0, 0x0) 234.908926ms ago: executing program 1 (id=474): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000140)='freezer.parent_freezing\x00', 0x0, 0x0) readv(r1, &(0x7f0000000040)=[{&(0x7f0000001640)=""/244, 0xf4}], 0x1) 234.759357ms ago: executing program 4 (id=475): r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xb, 0xf, 0x90, 0x20, 0x41e, 0x401d, 0x5770, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xed, 0x0, 0x0, 0x2b, 0x5b, 0x57}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, 0x0, 0x48810) 234.572356ms ago: executing program 1 (id=476): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x405}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x68, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x58, 0x2, 0x0, 0x1, [@NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0x1a}, @NFTA_INNER_EXPR={0x34, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0x92}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x2c}, @NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0xf}]}}}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_NUM={0x8}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xc0}, 0x1, 0x0, 0x0, 0x8890}, 0x24008080) 232.665846ms ago: executing program 1 (id=477): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000000)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000880)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100fdffffff000000001d00000008000300", @ANYRES32=r2, @ANYBLOB="24002f80080001"], 0x40}}, 0x4000050) 219.923717ms ago: executing program 1 (id=478): socket(0x2, 0x3, 0xff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf27, 0x500}, 0x48) mmap(&(0x7f0000fa2000/0x3000)=nil, 0x60000, 0x3, 0x13, r3, 0x0) 185.059639ms ago: executing program 3 (id=479): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r0, 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000001cc0)) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, 0x0) getpid() stat(0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1d8) close(0x3) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(0x3) socket$netlink(0x10, 0x3, 0x2) r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) writev(r2, &(0x7f0000000480)=[{&(0x7f0000000100)='\f7', 0x2}], 0x1) connect$unix(0xffffffffffffffff, 0x0, 0x0) connect$inet6(r1, 0x0, 0x0) 118.861183ms ago: executing program 3 (id=480): mkdirat(0xffffffffffffff9c, 0x0, 0x1c8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) r2 = socket(0x1e, 0x4, 0x0) connect$tipc(r2, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) sendmmsg$unix(r2, &(0x7f0000004400), 0x400000000000203, 0x0) 60.877216ms ago: executing program 2 (id=481): r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000001540)="94", 0xffe3}], 0x1}}], 0x1, 0x4000800) 37.913997ms ago: executing program 2 (id=482): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0xe, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r0, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20) 498.95µs ago: executing program 0 (id=483): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, 0x0) ioctl$KVM_CAP_HYPERV_SYNIC2(r2, 0x4068aea3, &(0x7f0000000540)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 233.16µs ago: executing program 2 (id=484): bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x0, 0xe}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0xff, 0x6, 0x5, 0xffffffff}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) 0s ago: executing program 0 (id=485): bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000540)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) ptrace$ARCH_FORCE_TAGGED_SVA(0x1e, r0, 0x0, 0x4004) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000600)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x2f, 0xfd, 0x4, 0xb753, 0x20, @loopback, @mcast2={0xff, 0x3}, 0x8000, 0xba08, 0x0, 0x1004}}) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="000000000081000000000000000000007b8af8ff00000000000007020000f8", @ANYRES32, @ANYRESHEX=0x0, @ANYRES32, @ANYRESOCT=r2], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = ioctl$LOOP_CTL_GET_FREE(r4, 0x4c82) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r5) socket(0x29, 0xa, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.8' (ED25519) to the list of known hosts. [ 26.627232][ T30] audit: type=1400 audit(1769734250.265:64): avc: denied { mounton } for pid=273 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 26.631019][ T273] cgroup: Unknown subsys name 'net' [ 26.650291][ T30] audit: type=1400 audit(1769734250.265:65): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.677507][ T30] audit: type=1400 audit(1769734250.295:66): avc: denied { unmount } for pid=273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.677944][ T273] cgroup: Unknown subsys name 'devices' [ 26.910621][ T273] cgroup: Unknown subsys name 'hugetlb' [ 26.916270][ T273] cgroup: Unknown subsys name 'rlimit' [ 27.087197][ T30] audit: type=1400 audit(1769734250.725:67): avc: denied { setattr } for pid=273 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=254 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.110905][ T30] audit: type=1400 audit(1769734250.725:68): avc: denied { mounton } for pid=273 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 27.129280][ T275] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 27.136438][ T30] audit: type=1400 audit(1769734250.725:69): avc: denied { mount } for pid=273 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 27.167456][ T30] audit: type=1400 audit(1769734250.795:70): avc: denied { relabelto } for pid=275 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.193062][ T30] audit: type=1400 audit(1769734250.795:71): avc: denied { write } for pid=275 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.222407][ T30] audit: type=1400 audit(1769734250.865:72): avc: denied { read } for pid=273 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.247971][ T30] audit: type=1400 audit(1769734250.865:73): avc: denied { open } for pid=273 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.248109][ T273] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 27.786450][ T281] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.793691][ T281] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.801422][ T281] device bridge_slave_0 entered promiscuous mode [ 27.816604][ T281] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.823719][ T281] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.831245][ T281] device bridge_slave_1 entered promiscuous mode [ 27.859884][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.867099][ T282] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.874653][ T282] device bridge_slave_0 entered promiscuous mode [ 27.882834][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.890024][ T282] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.897478][ T282] device bridge_slave_1 entered promiscuous mode [ 28.003209][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.010414][ T283] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.017980][ T283] device bridge_slave_0 entered promiscuous mode [ 28.047036][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.054252][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.061792][ T283] device bridge_slave_1 entered promiscuous mode [ 28.078631][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.085740][ T286] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.093352][ T286] device bridge_slave_0 entered promiscuous mode [ 28.103161][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.110294][ T286] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.117789][ T286] device bridge_slave_1 entered promiscuous mode [ 28.155316][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.162441][ T284] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.169936][ T284] device bridge_slave_0 entered promiscuous mode [ 28.191452][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.198528][ T284] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.206147][ T284] device bridge_slave_1 entered promiscuous mode [ 28.308423][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.315512][ T282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.322864][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.330075][ T282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.355780][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.362908][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.370229][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.377263][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.395184][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.402273][ T284] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.409575][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.416616][ T284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.440377][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.447533][ T286] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.454841][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.461985][ T286] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.481967][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.490289][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.497539][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.505349][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.512692][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.520285][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.527481][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.534928][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.542248][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.554897][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.574377][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.582496][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 28.590259][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.597687][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.606092][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.613192][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.620681][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 28.629319][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.637453][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.644544][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.652192][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.660581][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.667608][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.675039][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.683254][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.690349][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.697830][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 28.706261][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.714745][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.721864][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.729674][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 28.745105][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.753466][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.760532][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.767942][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.776351][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.783457][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.791922][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.800366][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.807394][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.842652][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 28.850974][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.859435][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 28.867478][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.875793][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 28.884096][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.892307][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 28.900498][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.908429][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 28.916829][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.925216][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 28.933572][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.941785][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 28.949448][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 28.959880][ T281] device veth0_vlan entered promiscuous mode [ 28.972824][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 28.981499][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.990105][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 28.998129][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.011332][ T284] device veth0_vlan entered promiscuous mode [ 29.025738][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.034438][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.042317][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.050599][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 29.058984][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.066948][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 29.075141][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.083418][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 29.091609][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.099609][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 29.107016][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.120581][ T281] device veth1_macvtap entered promiscuous mode [ 29.131152][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 29.139625][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.148043][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 29.156585][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.165078][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 29.173368][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 29.181893][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.190119][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.197144][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.204648][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 29.213594][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.221915][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.228967][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.242708][ T282] device veth0_vlan entered promiscuous mode [ 29.252813][ T284] device veth1_macvtap entered promiscuous mode [ 29.263732][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.272562][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 29.281279][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.290266][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 29.298102][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.306332][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 29.314315][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.322355][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.330746][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.339510][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.347054][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.354773][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.362395][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.375476][ T282] device veth1_macvtap entered promiscuous mode [ 29.385061][ T283] device veth0_vlan entered promiscuous mode [ 29.391699][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 29.399922][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.408022][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 29.415872][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 29.424231][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.432910][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.441606][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.455088][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.464010][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.472559][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.481044][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.506248][ T283] device veth1_macvtap entered promiscuous mode [ 29.514525][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.523378][ T281] request_module fs-gadgetfs succeeded, but still no fs? [ 29.526396][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.540010][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.548861][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.557465][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.566175][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 29.574374][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.612619][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.625210][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.627692][ T335] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 29.634130][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.656863][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.664404][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.672790][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.681572][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.690409][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.701989][ T286] device veth0_vlan entered promiscuous mode [ 29.758421][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.776213][ T286] device veth1_macvtap entered promiscuous mode [ 29.909623][ T349] netlink: 'syz.4.5': attribute type 27 has an invalid length. [ 29.940002][ T349] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.947294][ T349] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.298330][ T344] loop2: detected capacity change from 0 to 512 [ 30.395813][ T354] loop0: detected capacity change from 0 to 128 [ 30.429695][ T354] ======================================================= [ 30.429695][ T354] WARNING: The mand mount option has been deprecated and [ 30.429695][ T354] and is ignored by this kernel. Remove the mand [ 30.429695][ T354] option from the mount to silence this warning. [ 30.429695][ T354] ======================================================= [ 30.582333][ T344] EXT4-fs (loop2): mounted filesystem without journal. Opts: usrquota,grpjquota=,lazytime,,errors=continue. Quota mode: writeback. [ 30.596165][ T344] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 30.707184][ T364] netlink: 'syz.2.7': attribute type 27 has an invalid length. [ 30.799161][ T342] loop3: detected capacity change from 0 to 40427 [ 30.813114][ T364] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.820371][ T364] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.829078][ T349] syz.4.5 (349) used greatest stack depth: 19976 bytes left [ 30.853593][ T371] Zero length message leads to an empty skb [ 30.859686][ T342] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 30.870842][ T342] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 30.881186][ T342] F2FS-fs (loop3): invalid crc value [ 30.904550][ T342] F2FS-fs (loop3): Found nat_bits in checkpoint [ 30.976143][ T367] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.983288][ T367] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.011250][ T367] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.018360][ T367] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.018673][ T342] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 31.037736][ T367] device veth0_vlan left promiscuous mode [ 31.044266][ T367] device veth0_vlan entered promiscuous mode [ 31.058670][ T342] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 31.079392][ T367] device veth1_macvtap left promiscuous mode [ 31.105328][ T367] device veth1_macvtap entered promiscuous mode [ 31.115571][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 31.139625][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 31.153012][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 31.162653][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 31.180559][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.200016][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 31.214660][ T359] loop1: detected capacity change from 0 to 40427 [ 31.221226][ T381] loop0: detected capacity change from 0 to 1024 [ 31.229739][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 31.246682][ T381] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 31.255821][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 31.264626][ T381] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 31.278008][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 31.288202][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 31.298940][ T381] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 31.313006][ T359] F2FS-fs (loop1): fault_injection options not supported [ 31.320230][ T359] F2FS-fs (loop1): fault_type options not supported [ 31.327812][ T359] F2FS-fs (loop1): invalid crc value [ 31.334006][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 31.342541][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 31.351398][ T359] F2FS-fs (loop1): Found nat_bits in checkpoint [ 31.358739][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 31.361129][ T381] System zones: [ 31.377270][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 31.389097][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 31.397684][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 31.405976][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 31.407183][ T381] 0-1 [ 31.414304][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 31.425519][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 31.448868][ T381] , 3-36 [ 31.477174][ T381] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,debug,dioread_nolock,bsddf,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 31.529973][ T359] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 31.739538][ T391] netlink: 'syz.3.12': attribute type 27 has an invalid length. [ 31.798815][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 31.798830][ T30] audit: type=1400 audit(1769734255.445:132): avc: denied { unmount } for pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 31.841147][ T391] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.848473][ T391] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.878325][ T30] audit: type=1400 audit(1769734255.515:133): avc: denied { read write } for pid=393 comm="syz.0.14" name="event0" dev="devtmpfs" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 31.902373][ T338] attempt to access beyond end of device [ 31.902373][ T338] loop1: rw=2049, want=45104, limit=40427 [ 31.963111][ T30] audit: type=1400 audit(1769734255.515:134): avc: denied { open } for pid=393 comm="syz.0.14" path="/dev/input/event0" dev="devtmpfs" ino=256 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 32.023786][ T392] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.030902][ T392] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.057328][ T30] audit: type=1400 audit(1769734255.695:135): avc: denied { write } for pid=397 comm="syz.2.17" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 32.097879][ T392] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.105101][ T392] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.151926][ T392] device veth0_vlan left promiscuous mode [ 32.158317][ T392] device veth0_vlan entered promiscuous mode [ 32.166000][ T392] device veth1_macvtap left promiscuous mode [ 32.173335][ T392] device veth1_macvtap entered promiscuous mode [ 32.180603][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 32.188428][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 32.196081][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 32.219259][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 32.237715][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 32.277949][ T30] audit: type=1400 audit(1769734255.905:136): avc: denied { write } for pid=395 comm="syz.0.15" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 32.313827][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 32.328149][ T400] loop0: detected capacity change from 0 to 1024 [ 32.353672][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 32.364206][ T30] audit: type=1400 audit(1769734255.905:137): avc: denied { open } for pid=395 comm="syz.0.15" path="/dev/snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 32.399026][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 32.412694][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 32.426755][ T30] audit: type=1400 audit(1769734255.955:138): avc: denied { create } for pid=395 comm="syz.0.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 32.457065][ T400] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 32.465735][ T400] EXT4-fs (loop0): orphan cleanup on readonly fs [ 32.472410][ T400] Quota error (device loop0): v2_read_file_info: Can't read info structure [ 32.481291][ T400] EXT4-fs warning (device loop0): ext4_enable_quotas:6453: Failed to enable quota tracking (type=0, err=-5, ino=3). Please run e2fsck to fix. [ 32.495776][ T400] EXT4-fs (loop0): Cannot turn on quotas: error -5 [ 32.500092][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 32.519149][ T400] EXT4-fs (loop0): 1 truncate cleaned up [ 32.524874][ T400] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodelalloc,resgid=0x000000000000ee00,init_itable,,errors=continue. Quota mode: writeback. [ 32.548830][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 32.557285][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 32.565644][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 32.574073][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 32.582627][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 32.591034][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 32.599344][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 32.607591][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 32.616044][ T355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 32.624195][ T30] audit: type=1400 audit(1769734255.965:139): avc: denied { setopt } for pid=395 comm="syz.0.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 32.669941][ T30] audit: type=1400 audit(1769734255.965:140): avc: denied { create } for pid=395 comm="syz.0.15" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 32.841734][ T413] loop1: detected capacity change from 0 to 512 [ 33.087919][ T413] EXT4-fs (loop1): mounted filesystem without journal. Opts: usrquota,grpjquota=,lazytime,,errors=continue. Quota mode: writeback. [ 33.101645][ T413] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 33.291688][ T403] loop2: detected capacity change from 0 to 1024 [ 33.340867][ T403] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 33.449229][ T403] EXT4-fs (loop2): orphan cleanup on readonly fs [ 33.478719][ T403] EXT4-fs warning (device loop2): ext4_enable_quotas:6453: Failed to enable quota tracking (type=0, err=-5, ino=3). Please run e2fsck to fix. [ 33.567200][ T423] loop0: detected capacity change from 0 to 512 [ 33.679109][ T403] EXT4-fs (loop2): Cannot turn on quotas: error -5 [ 33.746819][ T423] EXT4-fs (loop0): mounted filesystem without journal. Opts: usrquota,grpjquota=,lazytime,,errors=continue. Quota mode: writeback. [ 33.760800][ T423] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 33.832762][ T403] EXT4-fs (loop2): 1 truncate cleaned up [ 33.838469][ T403] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodelalloc,resgid=0x000000000000ee00,init_itable,,errors=continue. Quota mode: writeback. [ 34.110834][ T418] loop1: detected capacity change from 0 to 40427 [ 34.268037][ T418] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 34.288526][ T418] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 34.630749][ T418] F2FS-fs (loop1): invalid crc value [ 34.684335][ T418] F2FS-fs (loop1): Found nat_bits in checkpoint [ 34.892074][ T418] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 34.910483][ T418] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 35.103990][ T445] netlink: 'syz.3.27': attribute type 27 has an invalid length. [ 35.172226][ T445] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.179537][ T445] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.230135][ T449] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 35.237513][ T449] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 35.250163][ T441] F2FS-fs (loop2): fault_injection options not supported [ 35.257530][ T441] F2FS-fs (loop2): fault_type options not supported [ 35.293986][ T449] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 35.302512][ T449] System zones: 0-1, 3-36 [ 35.309098][ T441] F2FS-fs (loop2): invalid crc value [ 35.344841][ T449] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,debug,dioread_nolock,bsddf,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 35.347823][ T441] F2FS-fs (loop2): Found nat_bits in checkpoint [ 35.393569][ T448] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.400673][ T448] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.430145][ T448] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.437227][ T448] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.452256][ T448] device veth0_vlan left promiscuous mode [ 35.458889][ T448] device veth0_vlan entered promiscuous mode [ 35.466385][ T448] device veth1_macvtap left promiscuous mode [ 35.473464][ T448] device veth1_macvtap entered promiscuous mode [ 35.480341][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 35.488058][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 35.497619][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 35.507014][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 35.516079][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 35.524481][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 35.533005][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 35.542759][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 35.551109][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 35.559689][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 35.569059][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 35.577492][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 35.597686][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 35.606394][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 35.619456][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 35.657745][ T441] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 35.812402][ T463] attempt to access beyond end of device [ 35.812402][ T463] loop2: rw=2049, want=45104, limit=40427 [ 35.945920][ T466] set_capacity_and_notify: 3 callbacks suppressed [ 35.945947][ T466] loop3: detected capacity change from 0 to 512 [ 36.192713][ T466] EXT4-fs (loop3): mounted filesystem without journal. Opts: usrquota,grpjquota=,lazytime,,errors=continue. Quota mode: writeback. [ 36.206684][ T466] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 36.295215][ T460] loop1: detected capacity change from 0 to 1024 [ 36.342553][ T472] netlink: 'syz.4.31': attribute type 27 has an invalid length. [ 36.359747][ T460] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 36.367206][ T460] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 36.407101][ T476] loop0: detected capacity change from 0 to 512 [ 36.417656][ T460] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 36.434736][ T460] System zones: 0-1, 3-36 [ 36.440103][ T476] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities [ 36.467827][ T460] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,debug,dioread_nolock,bsddf,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 36.505519][ T472] device veth0_vlan left promiscuous mode [ 36.519603][ T472] device veth0_vlan entered promiscuous mode [ 36.539780][ T472] device veth1_macvtap left promiscuous mode [ 36.546791][ T472] device veth1_macvtap entered promiscuous mode [ 36.553736][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 36.581627][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 36.614717][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 36.628821][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.636085][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.648989][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 36.667603][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 36.675913][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.683001][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.690461][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 36.699009][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 36.707479][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 36.716085][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 36.728222][ T20] hid (null): unknown global tag 0xc [ 36.731473][ T470] loop3: detected capacity change from 0 to 40427 [ 36.735045][ T20] hid (null): unknown global tag 0xe [ 36.745591][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 36.753743][ T470] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 36.754481][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 36.772683][ T470] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 36.779090][ T20] hid (null): unknown global tag 0xe [ 36.786881][ T20] hid (null): report_id 26407 is invalid [ 36.792784][ T20] hid (null): report_id 0 is invalid [ 36.798448][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 36.803611][ T470] F2FS-fs (loop3): invalid crc value [ 36.807317][ T20] hid (null): unknown global tag 0xc [ 36.814282][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 36.817776][ T20] hid (null): unknown global tag 0xd [ 36.827209][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 36.831176][ T20] hid (null): unknown global tag 0xc [ 36.841936][ T470] F2FS-fs (loop3): Found nat_bits in checkpoint [ 36.844272][ T20] hid (null): unknown global tag 0xe [ 36.850597][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 36.855882][ T20] hid (null): unknown global tag 0x25 [ 36.868989][ T20] hid (null): unknown global tag 0xe [ 36.874389][ T20] hid (null): unknown global tag 0xe [ 36.880058][ T20] hid (null): invalid report_count 59055 [ 36.884763][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 36.885991][ T20] hid (null): unknown global tag 0xd [ 36.899334][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 36.901415][ T20] hid (null): unknown global tag 0xd4 [ 36.913055][ T20] hid (null): invalid report_size 26643 [ 36.918561][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 36.919228][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 36.927906][ T20] hid (null): invalid report_count 63541 [ 36.940382][ T20] hid (null): global environment stack overflow [ 36.945631][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 36.947029][ T20] hid (null): invalid report_size 1448743908 [ 36.961018][ T20] hid (null): unknown global tag 0xc [ 36.966077][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 36.966467][ T20] hid (null): invalid report_count 31017 [ 36.980386][ T20] hid (null): unknown global tag 0x77 [ 36.985947][ T20] hid (null): unknown global tag 0x28 [ 36.986277][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 36.996784][ T20] hid (null): global environment stack overflow [ 37.005725][ T20] hid (null): unknown global tag 0xe [ 37.010257][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 37.011705][ T20] hid (null): invalid report_count 39804 [ 37.025260][ T20] hid (null): report_id 0 is invalid [ 37.025701][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 37.031403][ T20] hid (null): unknown global tag 0xc8 [ 37.039369][ T470] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 37.045157][ T20] hid (null): invalid report_size 1743948918 [ 37.051795][ T470] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 37.058518][ T20] hid (null): global environment stack overflow [ 37.066610][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 37.072267][ T20] hid (null): unknown global tag 0x29 [ 37.080278][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 37.088800][ T20] hid-generic FF7F:0005:FFFF.0001: unknown main item tag 0x0 [ 37.099770][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 37.107306][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 37.109788][ T20] hid-generic FF7F:0005:FFFF.0001: unknown main item tag 0xd [ 37.122396][ T20] hid-generic FF7F:0005:FFFF.0001: unknown main item tag 0x2 [ 37.129727][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 37.130632][ T20] hid-generic FF7F:0005:FFFF.0001: unexpected long global item [ 37.139376][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 37.147443][ T20] hid-generic: probe of FF7F:0005:FFFF.0001 failed with error -22 [ 37.162322][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 37.170552][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 37.193626][ T480] netlink: 'syz.4.35': attribute type 27 has an invalid length. [ 37.212861][ T480] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.220182][ T480] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.235904][ T470] overlayfs: missing 'lowerdir' [ 37.309415][ T441] IPv6: NLM_F_CREATE should be specified when creating new route [ 37.343024][ T481] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.350147][ T481] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.380722][ T481] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.387816][ T481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.399070][ T489] loop0: detected capacity change from 0 to 40427 [ 37.408032][ T481] device veth0_vlan left promiscuous mode [ 37.409212][ T489] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 37.417422][ T481] device veth0_vlan entered promiscuous mode [ 37.429745][ T481] device veth1_macvtap left promiscuous mode [ 37.436682][ T481] device veth1_macvtap entered promiscuous mode [ 37.447108][ T489] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 37.459811][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 37.477750][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 37.492591][ T489] F2FS-fs (loop0): invalid crc value [ 37.504208][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 37.529590][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 37.538757][ T489] F2FS-fs (loop0): Found nat_bits in checkpoint [ 37.548360][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 37.571229][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 37.579840][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 37.594176][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 37.602821][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 37.611495][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 37.629423][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 37.644180][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 37.656081][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 37.664803][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 37.673720][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 37.684867][ T489] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 37.692183][ T489] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 37.744171][ T489] overlayfs: missing 'lowerdir' [ 37.866576][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 37.866591][ T30] audit: type=1400 audit(1769734261.505:153): avc: denied { create } for pid=495 comm="syz.3.37" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 37.933705][ T355] Bluetooth: hci0: Frame reassembly failed (-84) [ 38.382393][ T30] audit: type=1400 audit(1769734262.025:154): avc: denied { setopt } for pid=513 comm="syz.0.42" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 38.416893][ T30] audit: type=1400 audit(1769734262.045:155): avc: denied { connect } for pid=513 comm="syz.0.42" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 38.486446][ T30] audit: type=1400 audit(1769734262.045:156): avc: denied { write } for pid=513 comm="syz.0.42" path="socket:[15947]" dev="sockfs" ino=15947 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 38.732944][ T30] audit: type=1400 audit(1769734262.375:157): avc: denied { watch watch_reads } for pid=517 comm="syz.0.44" path="/bus" dev="sysfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 40.420266][ T20] Bluetooth: hci0: command 0x1003 tx timeout [ 40.426553][ T504] Bluetooth: hci0: sending frame failed (-49) [ 40.684857][ T30] audit: type=1400 audit(1769734264.325:158): avc: denied { unmount } for pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 40.759353][ T532] loop1: detected capacity change from 0 to 40427 [ 40.833837][ T30] audit: type=1400 audit(1769734264.475:159): avc: denied { mounton } for pid=550 comm="syz.0.54" path="/syzcgroup/unified/syz0" dev="cgroup2" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 40.857601][ T551] proc: Unknown parameter '/proc/self' [ 40.867894][ T532] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 40.884231][ T532] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 40.912712][ T532] F2FS-fs (loop1): invalid crc value [ 40.932852][ T559] process 'syz.2.57' launched './file0' with NULL argv: empty string added [ 40.942466][ T532] F2FS-fs (loop1): Found nat_bits in checkpoint [ 41.007440][ T532] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 41.014592][ T532] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 41.047175][ T30] audit: type=1400 audit(1769734264.685:160): avc: denied { read } for pid=573 comm="syz.0.63" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 41.109143][ T30] audit: type=1400 audit(1769734264.745:161): avc: denied { ioctl } for pid=577 comm="syz.0.65" path="socket:[16786]" dev="sockfs" ino=16786 ioctlcmd=0x8902 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 41.148258][ T30] audit: type=1400 audit(1769734264.785:162): avc: denied { block_suspend } for pid=578 comm="syz.4.67" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 42.211053][ T649] netlink: 8 bytes leftover after parsing attributes in process `syz.1.96'. [ 42.219856][ T649] netlink: 4 bytes leftover after parsing attributes in process `syz.1.96'. [ 42.228916][ T649] netlink: 8 bytes leftover after parsing attributes in process `syz.1.96'. [ 42.237701][ T649] netlink: 4 bytes leftover after parsing attributes in process `syz.1.96'. [ 42.371217][ T661] 9pnet_virtio: no channels available for device syz [ 42.417495][ T664] input: syz0 as /devices/virtual/input/input4 [ 42.508623][ T337] Bluetooth: hci0: command 0x1001 tx timeout [ 42.514860][ T504] Bluetooth: hci0: sending frame failed (-49) [ 42.909879][ T693] kvm: emulating exchange as write [ 42.969979][ T696] tmpfs: Unknown parameter 'grpquota' [ 43.088722][ T60] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 43.305738][ T30] kauditd_printk_skb: 23 callbacks suppressed [ 43.305755][ T30] audit: type=1400 audit(1769734266.945:186): avc: denied { append } for pid=705 comm="syz.2.120" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 43.364775][ T30] audit: type=1400 audit(1769734267.005:187): avc: denied { sys_module } for pid=708 comm="syz.4.121" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 43.478693][ T60] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 43.487351][ T60] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 43.514598][ T60] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 43.524824][ T30] audit: type=1400 audit(1769734267.175:188): avc: denied { create } for pid=716 comm="syz.4.124" dev="anon_inodefs" ino=17492 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 43.553594][ T60] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 43.568686][ T337] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 43.577292][ T60] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 43.583259][ T30] audit: type=1400 audit(1769734267.195:189): avc: denied { ioctl } for pid=716 comm="syz.4.124" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=17492 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 43.617595][ T30] audit: type=1400 audit(1769734267.255:190): avc: denied { unlink } for pid=720 comm="syz.2.126" name="#1" dev="tmpfs" ino=215 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 43.640997][ T30] audit: type=1400 audit(1769734267.265:191): avc: denied { mount } for pid=720 comm="syz.2.126" name="/" dev="overlay" ino=210 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 43.669964][ T30] audit: type=1400 audit(1769734267.285:192): avc: denied { unmount } for pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 43.720701][ T30] audit: type=1400 audit(1769734267.365:193): avc: denied { create } for pid=726 comm="syz.2.128" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 43.729022][ T60] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 43.763464][ T60] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 43.772613][ T60] usb 1-1: Product: syz [ 43.777458][ T60] usb 1-1: Manufacturer: syz [ 43.804742][ T733] netlink: 12 bytes leftover after parsing attributes in process `syz.2.131'. [ 43.815717][ T735] netlink: 36 bytes leftover after parsing attributes in process `syz.4.132'. [ 43.825128][ T735] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.830292][ T60] cdc_wdm 1-1:1.0: skipping garbage [ 43.832635][ T735] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.840075][ T60] cdc_wdm 1-1:1.0: skipping garbage [ 43.855177][ T60] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 43.861800][ T337] usb 2-1: Using ep0 maxpacket: 32 [ 43.901010][ T30] audit: type=1400 audit(1769734267.545:194): avc: denied { write } for pid=732 comm="syz.2.131" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 43.928019][ T30] audit: type=1400 audit(1769734267.565:195): avc: denied { ioctl } for pid=740 comm="syz.4.134" path="/dev/binderfs/binder0" dev="binder" ino=16 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 43.988716][ T337] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 43.997169][ T337] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 44.005860][ T337] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 44.015195][ T337] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 44.024886][ T337] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 44.034833][ T337] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 44.048627][ T337] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 44.048986][ T60] usb 1-1: USB disconnect, device number 2 [ 44.057704][ T337] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.060607][ T337] usb 2-1: config 0 descriptor?? [ 44.329850][ T337] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 44.341884][ T337] usb 2-1: USB disconnect, device number 2 [ 44.348985][ T337] usblp0: removed [ 44.578636][ T530] Bluetooth: hci0: command 0x1009 tx timeout [ 44.780645][ T771] netlink: 64 bytes leftover after parsing attributes in process `syz.0.148'. [ 44.803747][ T773] capability: warning: `syz.0.149' uses deprecated v2 capabilities in a way that may be insecure [ 44.856345][ T780] device gretap1 entered promiscuous mode [ 44.899628][ T337] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 44.932675][ T787] 9pnet: Could not find request transport: rdma [ 44.938821][ T60] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 45.148665][ T337] usb 2-1: Using ep0 maxpacket: 32 [ 45.178654][ T60] usb 3-1: Using ep0 maxpacket: 8 [ 45.268666][ T337] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 45.277115][ T337] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 45.285778][ T337] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 45.294871][ T337] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 45.304556][ T337] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 45.308793][ T60] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 45.314464][ T337] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 45.323030][ T60] usb 3-1: config 0 has no interface number 0 [ 45.335528][ T337] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 45.342142][ T60] usb 3-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 45.350791][ T337] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.362136][ T60] usb 3-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping [ 45.380429][ T60] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 45.381504][ T337] usb 2-1: config 0 descriptor?? [ 45.393742][ T60] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 45.407651][ T60] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.416692][ T60] usb 3-1: config 0 descriptor?? [ 45.662384][ T337] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 45.665092][ T60] usb 3-1: USB disconnect, device number 2 [ 46.298630][ T337] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 46.538657][ T337] usb 1-1: Using ep0 maxpacket: 8 [ 46.658665][ T337] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 46.666937][ T337] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 46.676725][ T337] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 46.686558][ T337] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 46.696422][ T337] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 46.706400][ T337] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 46.719553][ T337] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 46.728699][ T337] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 46.783098][ T849] binder: 848:849 ioctl c0306201 200000000480 returned -22 [ 47.017045][ T20] usb 2-1: USB disconnect, device number 3 [ 47.033638][ T20] usblp0: removed [ 47.109431][ T864] binder: BINDER_SET_CONTEXT_MGR already set [ 47.115489][ T864] binder: 863:864 ioctl 4018620d 200000004a80 returned -16 [ 47.123668][ T864] binder: 863:864 ioctl c0306201 0 returned -14 [ 47.139882][ T337] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 47.378668][ T337] usb 5-1: Using ep0 maxpacket: 8 [ 47.388629][ T20] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 47.498829][ T337] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 47.509967][ T337] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 47.519374][ T337] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 47.528028][ T337] usb 5-1: config 0 descriptor?? [ 47.550766][ T889] 9pnet_virtio: no channels available for device syz [ 47.638675][ T20] usb 2-1: Using ep0 maxpacket: 32 [ 47.758740][ T20] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 47.928704][ T20] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 47.938084][ T20] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 47.946326][ T20] usb 2-1: Product: syz [ 47.950548][ T20] usb 2-1: Manufacturer: syz [ 47.955167][ T20] usb 2-1: SerialNumber: syz [ 47.960468][ T20] usb 2-1: config 0 descriptor?? [ 47.978659][ T860] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 47.998994][ T20] hub 2-1:0.0: bad descriptor, ignoring hub [ 48.004986][ T20] hub: probe of 2-1:0.0 failed with error -5 [ 48.129632][ T337] usb 5-1: USB disconnect, device number 2 [ 48.327532][ T530] usb 2-1: USB disconnect, device number 4 [ 48.428620][ T26] usb 4-1: new low-speed USB device number 2 using dummy_hcd [ 48.688704][ T337] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 48.788761][ T26] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 48.796393][ T26] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 48.807174][ T26] usb 4-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 48.808678][ T20] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 48.888703][ T26] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 48.896187][ T26] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 48.906996][ T26] usb 4-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 48.988667][ T26] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 48.996205][ T26] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 49.007170][ T26] usb 4-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 49.049436][ T337] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 49.066307][ T30] kauditd_printk_skb: 31 callbacks suppressed [ 49.066343][ T30] audit: type=1400 audit(1769734272.715:227): avc: denied { setopt } for pid=937 comm="syz.0.220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 49.078870][ T337] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 49.098710][ T20] usb 3-1: Using ep0 maxpacket: 8 [ 49.110103][ T39] usb 1-1: USB disconnect, device number 3 [ 49.125552][ T30] audit: type=1400 audit(1769734272.715:228): avc: denied { read } for pid=937 comm="syz.0.220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 49.139144][ T337] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 49.222196][ T944] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3901428352 (7802856704 ns) > initial count (110847878 ns). Using initial count to start timer. [ 49.248675][ T20] usb 3-1: config 0 has no interfaces? [ 49.258828][ T26] usb 4-1: string descriptor 0 read error: -22 [ 49.265229][ T26] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 49.274519][ T26] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 49.322253][ T337] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 49.336276][ T337] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 49.338990][ T20] usb 3-1: config 0 has no interfaces? [ 49.346664][ T337] usb 5-1: Product: syz [ 49.354486][ T337] usb 5-1: Manufacturer: syz [ 49.359657][ T337] usb 5-1: SerialNumber: syz [ 49.368398][ T337] usb 5-1: config 0 descriptor?? [ 49.438729][ T20] usb 3-1: config 0 has no interfaces? [ 49.518709][ T20] usb 3-1: config 0 has no interfaces? [ 49.527740][ T20] usb 3-1: New USB device found, idVendor=046d, idProduct=08b3, bcdDevice=6d.2a [ 49.536904][ T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 49.548430][ T20] usb 3-1: config 0 descriptor?? [ 49.583900][ T60] usb 4-1: USB disconnect, device number 2 [ 49.682753][ T970] APIC base relocation is unsupported by KVM [ 49.808956][ T980] binder: 979:980 ioctl c0306201 200000000540 returned -14 [ 49.864380][ T984] netlink: 8 bytes leftover after parsing attributes in process `syz.3.239'. [ 49.874526][ T984] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.386124][ T1004] device team_slave_0 entered promiscuous mode [ 50.403482][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.415030][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 50.536228][ T1012] netlink: 4 bytes leftover after parsing attributes in process `syz.1.250'. [ 50.808612][ T39] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 50.955457][ T1052] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.964211][ T1052] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.971295][ T1052] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.002865][ T30] audit: type=1400 audit(1769734274.645:229): avc: denied { setopt } for pid=1053 comm="syz.3.270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 51.048618][ T39] usb 1-1: Using ep0 maxpacket: 32 [ 51.055083][ T30] audit: type=1400 audit(1769734274.695:230): avc: denied { read } for pid=1059 comm="syz.3.274" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 51.169031][ T39] usb 1-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 51.185909][ T39] usb 1-1: config 155 interface 0 altsetting 0 has an invalid endpoint with address 0xE2, skipping [ 51.210641][ T39] usb 1-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 51.258699][ T30] audit: type=1400 audit(1769734274.895:231): avc: denied { write } for pid=1092 comm="syz.3.290" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 51.308299][ T60] usb 5-1: USB disconnect, device number 3 [ 51.378747][ T39] usb 1-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 51.395587][ T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 51.413962][ T39] usb 1-1: Product: syz [ 51.420974][ T39] usb 1-1: Manufacturer: syz [ 51.430487][ T39] usb 1-1: SerialNumber: syz [ 51.497016][ T20] usb 3-1: USB disconnect, device number 3 [ 51.507588][ T1127] tap0: tun_chr_ioctl cmd 1074025677 [ 51.519905][ T1127] tap0: linktype set to 825 [ 51.629331][ T1149] netlink: 'syz.4.318': attribute type 46 has an invalid length. [ 51.788736][ T1189] netlink: 16 bytes leftover after parsing attributes in process `syz.2.337'. [ 52.278617][ T20] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 52.411835][ T1215] input: syz1 as /devices/virtual/input/input5 [ 52.518603][ T20] usb 5-1: Using ep0 maxpacket: 8 [ 52.538662][ T6] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 52.648676][ T20] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 52.657183][ T20] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 52.667494][ T20] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 52.677719][ T20] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 52.689070][ T20] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 52.702686][ T20] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 52.712127][ T20] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.958664][ T6] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 52.968947][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 52.980153][ T6] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 52.993200][ T6] usb 2-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 53.002420][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 53.011334][ T6] usb 2-1: config 0 descriptor?? [ 53.249958][ T20] usb 2-1: USB disconnect, device number 5 [ 53.267062][ T30] audit: type=1400 audit(1769734276.905:232): avc: denied { validate_trans } for pid=1223 comm="syz.2.349" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 53.311009][ T30] audit: type=1400 audit(1769734276.955:233): avc: denied { read } for pid=1227 comm="syz.2.351" name="msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 53.334409][ T30] audit: type=1400 audit(1769734276.955:234): avc: denied { open } for pid=1227 comm="syz.2.351" path="/dev/cpu/0/msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 53.597620][ T337] usb 1-1: USB disconnect, device number 4 [ 53.621550][ T1232] input: syz1 as /devices/virtual/input/input6 [ 53.711849][ T1243] netlink: 56 bytes leftover after parsing attributes in process `syz.3.357'. [ 53.811076][ T1255] binder: 1254:1255 ioctl c0306201 2000000002c0 returned -14 [ 53.866296][ T1263] futex_wake_op: syz.3.367 tries to shift op by -1; fix this program [ 53.939346][ T30] audit: type=1400 audit(1769734277.585:235): avc: denied { ioctl } for pid=1260 comm="syz.2.365" path="/dev/snapshot" dev="devtmpfs" ino=90 ioctlcmd=0x3313 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 54.128636][ T337] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 54.508651][ T337] usb 1-1: config 0 has an invalid interface number: 237 but max is 0 [ 54.516906][ T337] usb 1-1: config 0 has no interface number 0 [ 54.528628][ T6] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 54.698888][ T337] usb 1-1: New USB device found, idVendor=041e, idProduct=401d, bcdDevice=57.70 [ 54.708247][ T337] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 54.716378][ T337] usb 1-1: Product: syz [ 54.720683][ T337] usb 1-1: Manufacturer: syz [ 54.725375][ T337] usb 1-1: SerialNumber: syz [ 54.736095][ T337] usb 1-1: config 0 descriptor?? [ 54.768631][ T6] usb 2-1: Using ep0 maxpacket: 32 [ 54.834363][ T1280] usb 5-1: USB disconnect, device number 4 [ 54.918712][ T6] usb 2-1: config 0 has an invalid interface number: 39 but max is 0 [ 54.929292][ T6] usb 2-1: config 0 has no interface number 0 [ 54.935422][ T6] usb 2-1: config 0 interface 39 has no altsetting 0 [ 54.942709][ T1290] tipc: Started in network mode [ 54.947609][ T1290] tipc: Node identity 8a243d81db4d, cluster identity 4711 [ 54.955187][ T1290] tipc: Enabled bearer , priority 0 [ 54.976767][ T1290] device syzkaller0 entered promiscuous mode [ 54.986241][ T527] usb 1-1: USB disconnect, device number 5 [ 55.001539][ T1289] tipc: Resetting bearer [ 55.015479][ T1289] tipc: Disabling bearer [ 55.098777][ T6] usb 2-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=c2.68 [ 55.108384][ T6] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 55.119049][ T6] usb 2-1: Product: syz [ 55.123313][ T6] usb 2-1: Manufacturer: syz [ 55.127986][ T6] usb 2-1: SerialNumber: syz [ 55.148173][ T6] usb 2-1: config 0 descriptor?? [ 55.168746][ T333] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 55.398382][ T30] audit: type=1400 audit(1769734279.035:236): avc: denied { bind } for pid=1299 comm="syz.3.379" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 55.418948][ T333] usb 3-1: Using ep0 maxpacket: 8 [ 55.451850][ T1302] binder: 1301:1302 ioctl c0306201 2000000001c0 returned -14 [ 55.483336][ T30] audit: type=1400 audit(1769734279.125:237): avc: denied { write } for pid=1305 comm="syz.3.382" name="001" dev="devtmpfs" ino=175 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 55.500506][ T1306] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 55.508405][ T30] audit: type=1400 audit(1769734279.145:238): avc: denied { map } for pid=1305 comm="syz.3.382" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=175 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 55.559150][ T333] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 55.613633][ T30] audit: type=1400 audit(1769734279.255:239): avc: denied { create } for pid=1311 comm="syz.3.385" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 55.738956][ T333] usb 3-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 55.748287][ T333] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 55.756830][ T333] usb 3-1: Product: syz [ 55.762569][ T333] usb 3-1: Manufacturer: syz [ 55.767234][ T333] usb 3-1: SerialNumber: syz [ 55.774986][ T333] usb 3-1: config 0 descriptor?? [ 55.908682][ T527] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 56.198650][ T527] usb 4-1: Using ep0 maxpacket: 16 [ 56.328852][ T527] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 56.339532][ T527] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 56.350405][ T527] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 56.360116][ T285] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 56.369595][ T527] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 56.395598][ T527] usb 4-1: config 0 descriptor?? [ 56.438662][ T1280] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 56.650937][ T527] usb 4-1: USB disconnect, device number 3 [ 56.748694][ T285] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 56.758703][ T285] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 56.768435][ T285] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 56.778154][ T285] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 56.818723][ T1280] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 56.894422][ T333] usb 2-1: USB disconnect, device number 6 [ 56.909114][ T1280] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 56.918561][ T1280] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 56.931664][ T1280] usb 5-1: SerialNumber: syz [ 56.948867][ T285] usb 1-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 56.958137][ T285] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 56.966304][ T285] usb 1-1: Product: syz [ 56.971063][ T285] usb 1-1: Manufacturer: syz [ 56.975665][ T285] usb 1-1: SerialNumber: syz [ 56.981018][ T285] usb 1-1: config 0 descriptor?? [ 57.002408][ T30] audit: type=1400 audit(1769734280.645:240): avc: denied { audit_write } for pid=1329 comm="syz.1.391" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 57.024133][ T285] ums-isd200 1-1:0.0: USB Mass Storage device detected [ 57.312367][ T285] scsi host1: usb-storage 1-1:0.0 [ 57.348631][ T285] usb 1-1: USB disconnect, device number 6 [ 57.483976][ T30] audit: type=1400 audit(1769734281.125:241): avc: denied { bind } for pid=1346 comm="syz.1.397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 57.653030][ T30] audit: type=1400 audit(1769734281.295:242): avc: denied { checkpoint_restore } for pid=1350 comm="syz.3.398" capability=40 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 57.848755][ T1280] cdc_ether: probe of 5-1:1.0 failed with error -71 [ 57.868998][ T1280] usb 5-1: USB disconnect, device number 5 [ 57.926586][ T285] usb 3-1: USB disconnect, device number 4 [ 58.531578][ T30] audit: type=1400 audit(1769734282.175:243): avc: denied { execute_no_trans } for pid=1358 comm="syz.0.401" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 59.039633][ T1364] loop4: detected capacity change from 0 to 7 [ 60.328651][ T1280] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 60.588727][ T1280] usb 3-1: Using ep0 maxpacket: 16 [ 60.738709][ T1280] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 60.746999][ T1280] usb 3-1: config 0 has no interface number 0 [ 60.753629][ T1280] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 60.765404][ T1280] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 60.775635][ T1280] usb 3-1: New USB device found, idVendor=04d9, idProduct=a081, bcdDevice= 0.00 [ 60.792284][ T1280] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.810677][ T1280] usb 3-1: config 0 descriptor?? [ 60.828500][ T30] audit: type=1400 audit(1769734284.465:244): avc: denied { create } for pid=1424 comm="syz.1.425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 60.889721][ T30] audit: type=1400 audit(1769734284.505:245): avc: denied { write } for pid=1424 comm="syz.1.425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 60.962456][ T30] audit: type=1400 audit(1769734284.505:246): avc: denied { read } for pid=1424 comm="syz.1.425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 60.995939][ T30] audit: type=1404 audit(1769734284.635:247): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1 [ 61.012164][ T30] audit: type=1400 audit(1769734284.655:248): avc: denied { shutdown } for pid=1435 comm="syz.1.430" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=0 [ 61.043080][ T1437] netlink: 12 bytes leftover after parsing attributes in process `syz.4.429'. [ 61.053140][ T30] audit: type=1400 audit(1769734284.655:249): avc: denied { execute } for pid=1414 comm="syz.3.422" dev="tmpfs" ino=1067 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=0 [ 61.074536][ T1437] netlink: 12 bytes leftover after parsing attributes in process `syz.4.429'. [ 61.091815][ T30] audit: type=1400 audit(1769734284.685:250): avc: denied { create } for pid=1433 comm="syz.4.429" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=0 [ 61.116863][ T30] audit: type=1400 audit(1769734284.685:251): avc: denied { module_request } for pid=1433 comm="syz.4.429" kmod="net-pf-2-proto-0-type-5" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=0 [ 61.140812][ T30] audit: type=1400 audit(1769734284.685:252): avc: denied { module_request } for pid=1433 comm="syz.4.429" kmod="net-pf-2-proto-0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=0 [ 61.173546][ T30] audit: type=1400 audit(1769734284.705:253): avc: denied { read write } for pid=281 comm="syz-executor" name="loop1" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=0 [ 61.215343][ T1443] mmap: syz.1.433 (1443) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 61.237495][ T1280] usbhid 3-1:0.1: can't add hid device: -71 [ 61.244137][ T1280] usbhid: probe of 3-1:0.1 failed with error -71 [ 61.255898][ T1280] usb 3-1: USB disconnect, device number 5 [ 62.455075][ T1557] ================================================================== [ 62.463214][ T1557] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0x870/0x3240 [ 62.471408][ T1557] Read of size 8 at addr ffff88810ada0fc0 by task syz.2.484/1557 [ 62.479169][ T1557] [ 62.481525][ T1557] CPU: 0 PID: 1557 Comm: syz.2.484 Not tainted syzkaller #0 [ 62.488837][ T1557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 62.498949][ T1557] Call Trace: [ 62.502349][ T1557] [ 62.505304][ T1557] __dump_stack+0x21/0x30 [ 62.509669][ T1557] dump_stack_lvl+0x110/0x170 [ 62.514497][ T1557] ? show_regs_print_info+0x20/0x20 [ 62.519726][ T1557] ? load_image+0x3e0/0x3e0 [ 62.524271][ T1557] print_address_description+0x7f/0x2c0 [ 62.529855][ T1557] ? tc_setup_flow_action+0x870/0x3240 [ 62.535348][ T1557] kasan_report+0xf1/0x140 [ 62.539815][ T1557] ? tc_setup_flow_action+0x870/0x3240 [ 62.545305][ T1557] __asan_report_load8_noabort+0x14/0x20 [ 62.550967][ T1557] tc_setup_flow_action+0x870/0x3240 [ 62.556285][ T1557] mall_replace_hw_filter+0x2cc/0x8b0 [ 62.561699][ T1557] ? pcpu_block_update_hint_alloc+0x8c4/0xc50 [ 62.567833][ T1557] ? mall_set_parms+0x520/0x520 [ 62.572720][ T1557] ? tcf_exts_destroy+0xb0/0xb0 [ 62.577602][ T1557] ? pcpu_alloc+0x1170/0x16e0 [ 62.582314][ T1557] ? mall_set_parms+0x1e8/0x520 [ 62.587203][ T1557] mall_change+0x544/0x760 [ 62.591651][ T1557] ? __kasan_check_write+0x14/0x20 [ 62.596795][ T1557] ? mall_get+0xa0/0xa0 [ 62.600987][ T1557] ? tcf_chain_tp_insert_unique+0xac1/0xc10 [ 62.606911][ T1557] tc_new_tfilter+0x12e5/0x18e0 [ 62.611812][ T1557] ? tcf_gate_entry_destructor+0x20/0x20 [ 62.617478][ T1557] ? security_capable+0x87/0xb0 [ 62.622440][ T1557] ? ns_capable+0x8c/0xf0 [ 62.626904][ T1557] ? netlink_net_capable+0x125/0x160 [ 62.632230][ T1557] ? tcf_gate_entry_destructor+0x20/0x20 [ 62.637895][ T1557] rtnetlink_rcv_msg+0x871/0xce0 [ 62.642887][ T1557] ? rtnetlink_bind+0x80/0x80 [ 62.647601][ T1557] ? avc_has_perm_noaudit+0x391/0x490 [ 62.653001][ T1557] ? memcpy+0x56/0x70 [ 62.657017][ T1557] ? avc_has_perm_noaudit+0x30b/0x490 [ 62.662414][ T1557] ? arch_stack_walk+0xee/0x140 [ 62.667298][ T1557] ? avc_denied+0x1b0/0x1b0 [ 62.671824][ T1557] ? stack_trace_save+0xa6/0xf0 [ 62.676697][ T1557] ? avc_has_perm+0x163/0x250 [ 62.681408][ T1557] ? avc_has_perm_noaudit+0x490/0x490 [ 62.686799][ T1557] ? x64_sys_call+0x4b/0x9a0 [ 62.691425][ T1557] ? selinux_nlmsg_lookup+0x416/0x4c0 [ 62.696823][ T1557] netlink_rcv_skb+0x1f5/0x440 [ 62.701612][ T1557] ? rtnetlink_bind+0x80/0x80 [ 62.706313][ T1557] ? netlink_ack+0xb50/0xb50 [ 62.710952][ T1557] ? __netlink_lookup+0x387/0x3b0 [ 62.716016][ T1557] rtnetlink_rcv+0x1c/0x20 [ 62.720457][ T1557] netlink_unicast+0x876/0xa40 [ 62.725247][ T1557] netlink_sendmsg+0x879/0xb80 [ 62.730036][ T1557] ? netlink_getsockopt+0x530/0x530 [ 62.735264][ T1557] ? do_futex+0xde8/0x2800 [ 62.739712][ T1557] ? security_socket_sendmsg+0x82/0xa0 [ 62.745322][ T1557] ? netlink_getsockopt+0x530/0x530 [ 62.750680][ T1557] ____sys_sendmsg+0x5b7/0x8f0 [ 62.755488][ T1557] ? __sys_sendmsg_sock+0x40/0x40 [ 62.760547][ T1557] ? import_iovec+0x7c/0xb0 [ 62.765089][ T1557] ___sys_sendmsg+0x236/0x2e0 [ 62.769914][ T1557] ? __sys_sendmsg+0x280/0x280 [ 62.774717][ T1557] ? sock_show_fdinfo+0xa0/0xa0 [ 62.779607][ T1557] ? __fdget+0x1a1/0x230 [ 62.783885][ T1557] __x64_sys_sendmsg+0x206/0x2f0 [ 62.788883][ T1557] ? ___sys_sendmsg+0x2e0/0x2e0 [ 62.793777][ T1557] ? __kasan_check_write+0x14/0x20 [ 62.798923][ T1557] ? switch_fpu_return+0x15d/0x2c0 [ 62.804073][ T1557] x64_sys_call+0x4b/0x9a0 [ 62.808521][ T1557] do_syscall_64+0x4c/0xa0 [ 62.812969][ T1557] ? clear_bhb_loop+0x50/0xa0 [ 62.817666][ T1557] ? clear_bhb_loop+0x50/0xa0 [ 62.822351][ T1557] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 62.828272][ T1557] RIP: 0033:0x7f31976e1eb9 [ 62.832706][ T1557] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 62.852342][ T1557] RSP: 002b:00007f319613e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 62.860792][ T1557] RAX: ffffffffffffffda RBX: 00007f319795cfa0 RCX: 00007f31976e1eb9 [ 62.868787][ T1557] RDX: 0000000020000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 62.876787][ T1557] RBP: 00007f319774fc1f R08: 0000000000000000 R09: 0000000000000000 [ 62.884770][ T1557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 62.892779][ T1557] R13: 00007f319795d038 R14: 00007f319795cfa0 R15: 00007ffc0414db38 [ 62.900770][ T1557] [ 62.903916][ T1557] [ 62.906251][ T1557] Allocated by task 1557: [ 62.910738][ T1557] __kasan_kmalloc+0xda/0x110 [ 62.915436][ T1557] __kmalloc+0x13d/0x2c0 [ 62.919697][ T1557] tcf_idr_create+0x5f/0x790 [ 62.924297][ T1557] tcf_idr_create_from_flags+0x61/0x70 [ 62.929764][ T1557] tcf_gact_init+0x342/0x570 [ 62.934392][ T1557] tcf_action_init_1+0x3ff/0x6b0 [ 62.939350][ T1557] tcf_action_init+0x233/0x7a0 [ 62.944126][ T1557] tcf_exts_validate+0x24a/0x580 [ 62.949077][ T1557] mall_set_parms+0x48/0x520 [ 62.953674][ T1557] mall_change+0x478/0x760 [ 62.958184][ T1557] tc_new_tfilter+0x12e5/0x18e0 [ 62.963042][ T1557] rtnetlink_rcv_msg+0x871/0xce0 [ 62.967990][ T1557] netlink_rcv_skb+0x1f5/0x440 [ 62.972763][ T1557] rtnetlink_rcv+0x1c/0x20 [ 62.977206][ T1557] netlink_unicast+0x876/0xa40 [ 62.981994][ T1557] netlink_sendmsg+0x879/0xb80 [ 62.986785][ T1557] ____sys_sendmsg+0x5b7/0x8f0 [ 62.991567][ T1557] ___sys_sendmsg+0x236/0x2e0 [ 62.996275][ T1557] __x64_sys_sendmsg+0x206/0x2f0 [ 63.001221][ T1557] x64_sys_call+0x4b/0x9a0 [ 63.005645][ T1557] do_syscall_64+0x4c/0xa0 [ 63.010070][ T1557] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 63.015978][ T1557] [ 63.018307][ T1557] Last potentially related work creation: [ 63.024028][ T1557] kasan_save_stack+0x3a/0x60 [ 63.028719][ T1557] __kasan_record_aux_stack+0xd2/0x100 [ 63.034211][ T1557] kasan_record_aux_stack_noalloc+0xb/0x10 [ 63.040073][ T1557] kvfree_call_rcu+0xb6/0x840 [ 63.044777][ T1557] ip_ma_put+0xf7/0x140 [ 63.048961][ T1557] __ip_mc_dec_group+0x44e/0x520 [ 63.053912][ T1557] ip_mc_down+0x1b0/0x240 [ 63.058256][ T1557] inetdev_event+0x2c6/0x10a0 [ 63.062941][ T1557] raw_notifier_call_chain+0x90/0x100 [ 63.068324][ T1557] __dev_notify_flags+0x241/0x560 [ 63.073362][ T1557] dev_change_flags+0xe8/0x1a0 [ 63.078146][ T1557] do_setlink+0xcd6/0x3d50 [ 63.082683][ T1557] rtnl_newlink+0xf71/0x1a30 [ 63.087278][ T1557] rtnetlink_rcv_msg+0xa4b/0xce0 [ 63.092232][ T1557] netlink_rcv_skb+0x1f5/0x440 [ 63.097013][ T1557] rtnetlink_rcv+0x1c/0x20 [ 63.101446][ T1557] netlink_unicast+0x876/0xa40 [ 63.106238][ T1557] netlink_sendmsg+0x879/0xb80 [ 63.111033][ T1557] ____sys_sendmsg+0x5b7/0x8f0 [ 63.115820][ T1557] ___sys_sendmsg+0x236/0x2e0 [ 63.120731][ T1557] __x64_sys_sendmsg+0x206/0x2f0 [ 63.125691][ T1557] x64_sys_call+0x4b/0x9a0 [ 63.130120][ T1557] do_syscall_64+0x4c/0xa0 [ 63.134549][ T1557] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 63.140466][ T1557] [ 63.142797][ T1557] The buggy address belongs to the object at ffff88810ada0f00 [ 63.142797][ T1557] which belongs to the cache kmalloc-192 of size 192 [ 63.156850][ T1557] The buggy address is located 0 bytes to the right of [ 63.156850][ T1557] 192-byte region [ffff88810ada0f00, ffff88810ada0fc0) [ 63.170477][ T1557] The buggy address belongs to the page: [ 63.176121][ T1557] page:ffffea00042b6800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ada0 [ 63.186380][ T1557] flags: 0x4000000000000200(slab|zone=1) [ 63.192050][ T1557] raw: 4000000000000200 ffffea00049ca680 0000000600000006 ffff888100042c00 [ 63.200651][ T1557] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 63.209251][ T1557] page dumped because: kasan: bad access detected [ 63.215682][ T1557] page_owner tracks the page as allocated [ 63.221398][ T1557] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 2607685841, free_ts 0 [ 63.236108][ T1557] post_alloc_hook+0x192/0x1b0 [ 63.240884][ T1557] prep_new_page+0x1c/0x110 [ 63.245402][ T1557] get_page_from_freelist+0x2d3a/0x2dc0 [ 63.250979][ T1557] __alloc_pages+0x1a2/0x460 [ 63.255576][ T1557] new_slab+0xa1/0x4d0 [ 63.259658][ T1557] ___slab_alloc+0x381/0x810 [ 63.264264][ T1557] __slab_alloc+0x49/0x90 [ 63.268606][ T1557] __kmalloc+0x16a/0x2c0 [ 63.272862][ T1557] bio_kmalloc+0x52/0x240 [ 63.277205][ T1557] blk_rq_map_kern+0x1e0/0x870 [ 63.281979][ T1557] __scsi_execute+0xe4/0x5a0 [ 63.286574][ T1557] scsi_probe_and_add_lun+0x40f/0x3650 [ 63.292046][ T1557] __scsi_scan_target+0x1d2/0xb70 [ 63.297138][ T1557] scsi_scan_host_selected+0x343/0x5f0 [ 63.302617][ T1557] scsi_scan_host+0x39e/0x660 [ 63.307310][ T1557] virtscsi_probe+0x8ba/0xa30 [ 63.311992][ T1557] page_owner free stack trace missing [ 63.317378][ T1557] [ 63.319711][ T1557] Memory state around the buggy address: [ 63.325357][ T1557] ffff88810ada0e80: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 63.333427][ T1557] ffff88810ada0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.341496][ T1557] >ffff88810ada0f80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 63.349565][ T1557] ^ [ 63.355724][ T1557] ffff88810ada1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.363885][ T1557] ffff88810ada1080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.371954][ T1557] ================================================================== [ 63.380020][ T1557] Disabling lock debugging due to kernel taint Jan 30 00:51:27 syzkaller kern.alert kernel: [ 63.215682][ T1557] page_owner tracks the page as allocated Jan 30 00:51:27 syzkaller kern.alert kernel: [ 63.221398][ T1557] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 2607685841, free_ts 0 Jan 30 00:51:27 syzkaller kern.alert kernel: [ 63.311992][ T1557] page_owner free stack trace missing