last executing test programs: 3.198684644s ago: executing program 3 (id=4): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040000}, 0x100) 2.592868001s ago: executing program 3 (id=6): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000000730000400000000081"]) 2.418530946s ago: executing program 1 (id=2): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000002a80)={0x0, 0x380, 0x80, 0x0}) 2.342081554s ago: executing program 3 (id=7): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.swap.current\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f0000000080)=0x10000049, 0x12) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4000003, 0x13, r0, 0x0) ioctl(r0, 0x1, &(0x7f0000000080)) 2.29006939s ago: executing program 2 (id=3): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x6, 0x15, &(0x7f0000000680)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x33}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r2, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 2.228541414s ago: executing program 3 (id=8): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x2, &(0x7f0000000000)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) sysinfo(0x0) 1.611643465s ago: executing program 3 (id=9): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$VHOST_SET_VRING_NUM(r2, 0x8008af83, &(0x7f0000000040)={0x2}) 1.301501039s ago: executing program 2 (id=10): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x33eb4000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) getitimer(0x1, 0x0) 1.300013574s ago: executing program 3 (id=11): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="00000800000008048263d1cb392ee6262d168b33aca6c4419e26a06d31c66505701b7d6df7375f4272f4ec7f1f4c718875e08cb6005f8d89f22f"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000040)='P') 1.23386523s ago: executing program 1 (id=12): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x84, &(0x7f00000002c0)={0x0, 0x8, 0x1, "12"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.009883572s ago: executing program 0 (id=1): r0 = syz_io_uring_setup(0x189, &(0x7f0000000080)={0x0, 0x0, 0x11000, 0x10}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x5, &(0x7f0000000200)={0x77359400}, 0x1, 0x4}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000140)={0x5, r0, 0x1c, {0x9, 0x1}, 0x6}, 0x1) 812.917668ms ago: executing program 0 (id=13): r0 = openat$kvm(0x0, &(0x7f0000000240), 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1) ioctl$KVM_IOEVENTFD(r2, 0x40a0ae49, &(0x7f0000000080)={0x5, 0x0, 0x0, r1}) 713.874169ms ago: executing program 4 (id=5): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0x48}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="b00000000002010400000000000000000700000608000940ffffffff080004400000008108000840000000032000"], 0xb0}, 0x1, 0x0, 0x0, 0x8004}, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c000b8018"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) 442.02833ms ago: executing program 4 (id=14): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) syslog(0x3, &(0x7f0000001940)=""/79, 0x4f) 353.439241ms ago: executing program 0 (id=15): r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) 291.393015ms ago: executing program 2 (id=16): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) set_mempolicy_home_node(&(0x7f0000334000/0x3000)=nil, 0x3000, 0x2, 0x0) 0s ago: executing program 4 (id=17): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c00)=@delchain={0x198, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x15c, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x144, 0x1, [@m_simple={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_simple={0x64, 0x1e, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, 'bpf\x00'}]}, {0x2d, 0x6, "9787c29d6ac649e7ec160dfef7c4cea330102e688fe12213d2bf7dae04880a34e7bf775010128401ec"}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_connmark={0xac, 0x15, 0x0, 0x0, {{0xd}, {0x4}, {0x79, 0x6, "0ef6a460a5bbda16e826eafe044d3376872c48b74ae60f057b238fb15e2207986c5639bfbc3d91ee00b5a433e95b6b3527d9711d16abc0abaea927bcdffe4d3ec14fb6fca0407429934982873a3f054bcbf1e53f85fe7aee4ccd90229e6ba2b45bd165ebd7929c21abcdf0b8d47ff6a950009bf4b1"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}]}, 0x198}, 0x1, 0x0, 0x0, 0x81}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.218' (ED25519) to the list of known hosts. [ 67.496388][ T30] audit: type=1400 audit(1757449079.427:62): avc: denied { mounton } for pid=5838 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 67.501350][ T5838] cgroup: Unknown subsys name 'net' [ 67.519148][ T30] audit: type=1400 audit(1757449079.427:63): avc: denied { mount } for pid=5838 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 67.549369][ T30] audit: type=1400 audit(1757449079.477:64): avc: denied { unmount } for pid=5838 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 67.684698][ T5838] cgroup: Unknown subsys name 'cpuset' [ 67.693721][ T5838] cgroup: Unknown subsys name 'rlimit' [ 67.873156][ T30] audit: type=1400 audit(1757449079.807:65): avc: denied { setattr } for pid=5838 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 67.908324][ T30] audit: type=1400 audit(1757449079.807:66): avc: denied { create } for pid=5838 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 67.943134][ T30] audit: type=1400 audit(1757449079.807:67): avc: denied { write } for pid=5838 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 67.964554][ T30] audit: type=1400 audit(1757449079.807:68): avc: denied { read } for pid=5838 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 67.986551][ T30] audit: type=1400 audit(1757449079.817:69): avc: denied { mounton } for pid=5838 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 68.011636][ T30] audit: type=1400 audit(1757449079.817:70): avc: denied { mount } for pid=5838 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 68.035234][ T30] audit: type=1400 audit(1757449079.867:71): avc: denied { read } for pid=5517 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 68.041697][ T5840] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 69.053503][ T5838] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 71.199168][ T5858] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 71.222228][ T5864] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 71.233045][ T5862] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 71.236091][ T5867] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 71.240879][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.254194][ T5862] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 71.263501][ T5867] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 71.263921][ T5862] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 71.278682][ T5867] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 71.280513][ T5862] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 71.294389][ T5867] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 71.295323][ T5862] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 71.305771][ T5864] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 71.310524][ T5862] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 71.316997][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.324853][ T5862] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 71.328869][ T5864] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 71.344813][ T5864] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 71.345591][ T5862] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 71.356596][ T5864] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 71.362071][ T5855] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 71.371670][ T5864] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 71.378896][ T5855] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 71.385621][ T5864] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 71.392577][ T5855] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 71.397442][ T5864] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 71.411734][ T5855] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 71.922627][ T5863] chnl_net:caif_netlink_parms(): no params data found [ 72.044283][ T5850] chnl_net:caif_netlink_parms(): no params data found [ 72.062207][ T5857] chnl_net:caif_netlink_parms(): no params data found [ 72.109835][ T5849] chnl_net:caif_netlink_parms(): no params data found [ 72.220362][ T5863] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.228737][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.236552][ T5863] bridge_slave_0: entered allmulticast mode [ 72.243800][ T5863] bridge_slave_0: entered promiscuous mode [ 72.279036][ T5863] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.286323][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.293711][ T5863] bridge_slave_1: entered allmulticast mode [ 72.300483][ T5863] bridge_slave_1: entered promiscuous mode [ 72.311532][ T5848] chnl_net:caif_netlink_parms(): no params data found [ 72.376513][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.383903][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.391044][ T5857] bridge_slave_0: entered allmulticast mode [ 72.398442][ T5857] bridge_slave_0: entered promiscuous mode [ 72.452235][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.459394][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.467393][ T5857] bridge_slave_1: entered allmulticast mode [ 72.475566][ T5857] bridge_slave_1: entered promiscuous mode [ 72.484794][ T5863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.497547][ T5863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.518878][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.526195][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.533518][ T5850] bridge_slave_0: entered allmulticast mode [ 72.540299][ T5850] bridge_slave_0: entered promiscuous mode [ 72.547409][ T5849] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.554772][ T5849] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.562423][ T5849] bridge_slave_0: entered allmulticast mode [ 72.569262][ T5849] bridge_slave_0: entered promiscuous mode [ 72.605986][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.613651][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.620811][ T5850] bridge_slave_1: entered allmulticast mode [ 72.627945][ T5850] bridge_slave_1: entered promiscuous mode [ 72.645325][ T5849] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.652709][ T5849] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.659855][ T5849] bridge_slave_1: entered allmulticast mode [ 72.666977][ T5849] bridge_slave_1: entered promiscuous mode [ 72.695569][ T5863] team0: Port device team_slave_0 added [ 72.753314][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.764162][ T5863] team0: Port device team_slave_1 added [ 72.772546][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.781936][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.789035][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.796859][ T5848] bridge_slave_0: entered allmulticast mode [ 72.803975][ T5848] bridge_slave_0: entered promiscuous mode [ 72.814044][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.825893][ T5849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.858529][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.865757][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.873338][ T5848] bridge_slave_1: entered allmulticast mode [ 72.880243][ T5848] bridge_slave_1: entered promiscuous mode [ 72.889335][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.915836][ T5849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.974500][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.981824][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.007904][ T5863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.020617][ T5857] team0: Port device team_slave_0 added [ 73.029304][ T5857] team0: Port device team_slave_1 added [ 73.047856][ T5850] team0: Port device team_slave_0 added [ 73.065131][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.072183][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.098536][ T5863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.132794][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.143582][ T5850] team0: Port device team_slave_1 added [ 73.150909][ T5849] team0: Port device team_slave_0 added [ 73.159721][ T5849] team0: Port device team_slave_1 added [ 73.186825][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.193988][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.219984][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.233516][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.279329][ T5863] hsr_slave_0: entered promiscuous mode [ 73.285943][ T5863] hsr_slave_1: entered promiscuous mode [ 73.293009][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.299975][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.326642][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.379334][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.386778][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.413009][ T5849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.431529][ T5848] team0: Port device team_slave_0 added [ 73.437967][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.445337][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.471657][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.472616][ T5855] Bluetooth: hci2: command tx timeout [ 73.482686][ T5172] Bluetooth: hci1: command tx timeout [ 73.488257][ T5864] Bluetooth: hci0: command tx timeout [ 73.493888][ T5858] Bluetooth: hci4: command tx timeout [ 73.499456][ T5860] Bluetooth: hci3: command tx timeout [ 73.517824][ T5849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.524870][ T5849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.550987][ T5849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.569473][ T5848] team0: Port device team_slave_1 added [ 73.576006][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.583098][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.609206][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.648696][ T5857] hsr_slave_0: entered promiscuous mode [ 73.655801][ T5857] hsr_slave_1: entered promiscuous mode [ 73.662147][ T5857] debugfs: 'hsr0' already exists in 'hsr' [ 73.667977][ T5857] Cannot create hsr debugfs directory [ 73.728699][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.735688][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.762545][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.796168][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.803434][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.831662][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.899061][ T5849] hsr_slave_0: entered promiscuous mode [ 73.905741][ T5849] hsr_slave_1: entered promiscuous mode [ 73.912311][ T5849] debugfs: 'hsr0' already exists in 'hsr' [ 73.918042][ T5849] Cannot create hsr debugfs directory [ 73.947945][ T5850] hsr_slave_0: entered promiscuous mode [ 73.954717][ T5850] hsr_slave_1: entered promiscuous mode [ 73.960752][ T5850] debugfs: 'hsr0' already exists in 'hsr' [ 73.966731][ T5850] Cannot create hsr debugfs directory [ 73.999786][ T5848] hsr_slave_0: entered promiscuous mode [ 74.006186][ T5848] hsr_slave_1: entered promiscuous mode [ 74.012510][ T5848] debugfs: 'hsr0' already exists in 'hsr' [ 74.018240][ T5848] Cannot create hsr debugfs directory [ 74.385924][ T5863] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 74.398336][ T5863] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 74.428642][ T5863] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 74.452968][ T5863] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 74.496867][ T5857] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 74.508136][ T5857] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 74.527465][ T5857] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 74.537592][ T5857] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 74.593348][ T5850] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 74.608792][ T5850] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 74.618877][ T5850] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 74.651139][ T5850] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 74.753400][ T5849] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 74.764921][ T5849] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.784941][ T5849] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.796850][ T5849] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 74.887894][ T5848] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 74.907035][ T5848] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 74.918838][ T5848] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 74.930950][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.950962][ T5863] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.963341][ T5848] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 74.986963][ T5857] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.015688][ T2963] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.022920][ T2963] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.033992][ T2963] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.041086][ T2963] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.084656][ T5863] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.135718][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.147498][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.154609][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.190426][ T2963] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.197578][ T2963] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.266006][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.278299][ T5850] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.306761][ T2963] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.313932][ T2963] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.332718][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 75.332732][ T30] audit: type=1400 audit(1757449087.267:86): avc: denied { sys_module } for pid=5863 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 75.388352][ T5849] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.400469][ T1339] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.407688][ T1339] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.447744][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.455032][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.520670][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.527852][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.554975][ T5860] Bluetooth: hci4: command tx timeout [ 75.560400][ T5860] Bluetooth: hci3: command tx timeout [ 75.565658][ T5863] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.571649][ T5864] Bluetooth: hci1: command tx timeout [ 75.577889][ T5864] Bluetooth: hci0: command tx timeout [ 75.583436][ T5855] Bluetooth: hci2: command tx timeout [ 75.600573][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.690196][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.717993][ T5863] veth0_vlan: entered promiscuous mode [ 75.778367][ T5863] veth1_vlan: entered promiscuous mode [ 75.798302][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.805484][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.845552][ T1339] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.852811][ T1339] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.947451][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.987751][ T5863] veth0_macvtap: entered promiscuous mode [ 75.998005][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.028687][ T5863] veth1_macvtap: entered promiscuous mode [ 76.073769][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.110343][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.135437][ T5857] veth0_vlan: entered promiscuous mode [ 76.163804][ T49] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.183244][ T5850] veth0_vlan: entered promiscuous mode [ 76.213125][ T49] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.225957][ T49] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.254681][ T49] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.268839][ T5857] veth1_vlan: entered promiscuous mode [ 76.286710][ T5850] veth1_vlan: entered promiscuous mode [ 76.295775][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.411756][ T5850] veth0_macvtap: entered promiscuous mode [ 76.420007][ T5857] veth0_macvtap: entered promiscuous mode [ 76.459642][ T5857] veth1_macvtap: entered promiscuous mode [ 76.468807][ T5850] veth1_macvtap: entered promiscuous mode [ 76.480602][ T2963] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.497355][ T2963] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.539586][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.564240][ T995] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.572761][ T995] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.578512][ T5849] veth0_vlan: entered promiscuous mode [ 76.590173][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.610680][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.624851][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.633111][ T30] audit: type=1400 audit(1757449088.557:87): avc: denied { mounton } for pid=5863 comm="syz-executor" path="/root/syzkaller.JUohWB/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 76.670019][ T30] audit: type=1400 audit(1757449088.587:88): avc: denied { mount } for pid=5863 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 76.672334][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.705781][ T30] audit: type=1400 audit(1757449088.587:89): avc: denied { mounton } for pid=5863 comm="syz-executor" path="/root/syzkaller.JUohWB/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 76.755877][ T5849] veth1_vlan: entered promiscuous mode [ 76.757771][ T5863] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 76.771497][ T995] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.793802][ T30] audit: type=1400 audit(1757449088.597:90): avc: denied { mount } for pid=5863 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 76.815856][ T30] audit: type=1400 audit(1757449088.597:91): avc: denied { mounton } for pid=5863 comm="syz-executor" path="/root/syzkaller.JUohWB/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 76.843249][ T30] audit: type=1400 audit(1757449088.597:92): avc: denied { mounton } for pid=5863 comm="syz-executor" path="/root/syzkaller.JUohWB/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=6664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 76.880622][ T30] audit: type=1400 audit(1757449088.637:93): avc: denied { unmount } for pid=5863 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 76.881495][ T995] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.906320][ T30] audit: type=1400 audit(1757449088.637:94): avc: denied { mounton } for pid=5863 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 76.939019][ T30] audit: type=1400 audit(1757449088.637:95): avc: denied { mount } for pid=5863 comm="syz-executor" name="/" dev="gadgetfs" ino=6665 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 76.940814][ T995] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.058819][ T995] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.070698][ T5849] veth0_macvtap: entered promiscuous mode [ 77.086550][ T5849] veth1_macvtap: entered promiscuous mode [ 77.098418][ T995] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.122762][ T49] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.175147][ T49] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.220029][ T49] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.240251][ T5962] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 77.261288][ T1339] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.275046][ T1339] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.283027][ T5962] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 77.309994][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.361854][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.394094][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.419658][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.473654][ T1339] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.502697][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.503184][ T1339] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.519546][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.530258][ T1339] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.560281][ T5848] veth0_vlan: entered promiscuous mode [ 77.573234][ T1339] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.609387][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.620952][ T5848] veth1_vlan: entered promiscuous mode [ 77.634262][ T5864] Bluetooth: hci4: command tx timeout [ 77.639686][ T5864] Bluetooth: hci1: command tx timeout [ 77.646640][ T5860] Bluetooth: hci0: command tx timeout [ 77.652137][ T5855] Bluetooth: hci3: command tx timeout [ 77.655195][ T5858] Bluetooth: hci2: command tx timeout [ 77.670039][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.820780][ T5848] veth0_macvtap: entered promiscuous mode [ 77.887382][ T5848] veth1_macvtap: entered promiscuous mode [ 77.984174][ T1339] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.017173][ T1339] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.039153][ T5976] Driver unsupported XDP return value 0 on prog (id 2) dev N/A, expect packet loss! [ 78.065041][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.383742][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.851280][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.867044][ T1339] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.916910][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.916913][ T1339] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.916951][ T1339] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.019956][ T1339] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.204960][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.218424][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.228381][ T5953] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 79.293260][ T5935] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 79.323292][ T1339] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.336273][ T1339] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.411825][ T5953] usb 4-1: Using ep0 maxpacket: 16 [ 79.442323][ T5953] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 79.459177][ T5935] usb 2-1: Using ep0 maxpacket: 16 [ 79.488683][ T5935] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 79.511191][ T5953] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 79.538556][ T5935] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 79.557372][ T5953] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.574893][ T5935] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 79.587386][ T5953] usb 4-1: config 0 descriptor?? [ 79.595258][ T5935] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 79.619058][ T5935] usb 2-1: Product: syz [ 79.626188][ T6002] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 79.641574][ T5935] usb 2-1: Manufacturer: syz [ 79.646749][ T5935] usb 2-1: SerialNumber: syz [ 79.673391][ T5935] usb 2-1: config 0 descriptor?? [ 79.696045][ T5935] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 79.711987][ T5858] Bluetooth: hci2: command tx timeout [ 79.717548][ T5172] Bluetooth: hci1: command tx timeout [ 79.717582][ T5860] Bluetooth: hci3: command tx timeout [ 79.717634][ T5860] Bluetooth: hci4: command tx timeout [ 79.727456][ T5935] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 79.734112][ T5864] Bluetooth: hci0: command tx timeout [ 80.153614][ T5953] mcp2221 0003:04D8:00DD.0001: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0 [ 80.253302][ C1] ================================================================== [ 80.261387][ C1] BUG: KASAN: slab-out-of-bounds in mcp2221_raw_event+0x1070/0x10a0 [ 80.269390][ C1] Read of size 1 at addr ffff8880555d7fff by task kworker/1:5/5953 [ 80.277542][ C1] [ 80.279893][ C1] CPU: 1 UID: 0 PID: 5953 Comm: kworker/1:5 Not tainted syzkaller #0 PREEMPT(full) [ 80.279924][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 80.279941][ C1] Workqueue: usb_hub_wq hub_event [ 80.279983][ C1] Call Trace: [ 80.279990][ C1] [ 80.280000][ C1] dump_stack_lvl+0x116/0x1f0 [ 80.280035][ C1] print_report+0xcd/0x630 [ 80.280061][ C1] ? __virt_addr_valid+0x81/0x610 [ 80.280094][ C1] ? __phys_addr+0xe8/0x180 [ 80.280126][ C1] ? mcp2221_raw_event+0x1070/0x10a0 [ 80.280164][ C1] kasan_report+0xe0/0x110 [ 80.280189][ C1] ? mcp2221_raw_event+0x1070/0x10a0 [ 80.280229][ C1] mcp2221_raw_event+0x1070/0x10a0 [ 80.280279][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 80.280308][ C1] __hid_input_report.constprop.0+0x311/0x450 [ 80.280335][ C1] ? __pfx_mcp2221_raw_event+0x10/0x10 [ 80.280372][ C1] hid_irq_in+0x35e/0x870 [ 80.280408][ C1] __usb_hcd_giveback_urb+0x388/0x610 [ 80.280432][ C1] usb_hcd_giveback_urb+0x39b/0x450 [ 80.280455][ C1] dummy_timer+0x1814/0x3a30 [ 80.280499][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 80.280524][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 80.280549][ C1] ? mark_held_locks+0x49/0x80 [ 80.280585][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 80.280612][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 80.280643][ C1] __hrtimer_run_queues+0x1ff/0xad0 [ 80.280675][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 80.280703][ C1] ? read_tsc+0x9/0x20 [ 80.280738][ C1] hrtimer_run_softirq+0x17d/0x350 [ 80.280768][ C1] handle_softirqs+0x219/0x8e0 [ 80.280799][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 80.280831][ C1] __irq_exit_rcu+0x109/0x170 [ 80.280858][ C1] irq_exit_rcu+0x9/0x30 [ 80.280886][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 80.280914][ C1] [ 80.280921][ C1] [ 80.280929][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 80.280954][ C1] RIP: 0010:lock_release+0x183/0x2f0 [ 80.280990][ C1] Code: 0f c1 05 f8 2d 3f 12 83 f8 01 0f 85 1d 01 00 00 9c 58 f6 c4 02 0f 85 08 01 00 00 41 f7 c5 00 02 00 00 74 01 fb 48 8b 44 24 10 <65> 48 2b 05 0d ec 3e 12 0f 85 58 01 00 00 48 83 c4 18 5b 41 5c 41 [ 80.281017][ C1] RSP: 0018:ffffc900044ee358 EFLAGS: 00000206 [ 80.281035][ C1] RAX: 2c4bb1eec29b6700 RBX: ffffffff8e5c1260 RCX: ffffc900044ee364 [ 80.281050][ C1] RDX: 0000000000000007 RSI: ffffffff8de2cdc0 RDI: ffffffff8c162d80 [ 80.281066][ C1] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 80.281080][ C1] R10: 0000000000000007 R11: 000000000006d15d R12: ffffffff816ae8a4 [ 80.281095][ C1] R13: 0000000000000202 R14: ffff88806110c880 R15: 0000000000000008 [ 80.281111][ C1] ? unwind_next_frame+0x3f4/0x20a0 [ 80.281146][ C1] unwind_next_frame+0x3f9/0x20a0 [ 80.281171][ C1] ? i2cdev_attach_adapter+0x359/0x4c0 [ 80.281197][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 80.281231][ C1] arch_stack_walk+0x94/0x100 [ 80.281259][ C1] ? i2cdev_notifier_call+0x65/0x80 [ 80.281285][ C1] stack_trace_save+0x8e/0xc0 [ 80.281316][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 80.281350][ C1] ? do_raw_spin_lock+0x12c/0x2b0 [ 80.281375][ C1] kasan_save_stack+0x33/0x60 [ 80.281395][ C1] ? kasan_save_stack+0x33/0x60 [ 80.281414][ C1] ? kasan_save_track+0x14/0x30 [ 80.281435][ C1] ? __kasan_kmalloc+0xaa/0xb0 [ 80.281457][ C1] ? kobject_uevent_env+0x265/0x1870 [ 80.281494][ C1] ? device_add+0x10dd/0x1aa0 [ 80.281527][ C1] ? cdev_device_add+0xc2/0x1e0 [ 80.281555][ C1] ? i2cdev_attach_adapter+0x359/0x4c0 [ 80.281598][ C1] kasan_save_track+0x14/0x30 [ 80.281619][ C1] __kasan_kmalloc+0xaa/0xb0 [ 80.281647][ C1] kobject_uevent_env+0x265/0x1870 [ 80.281684][ C1] ? __pfx_dev_uevent_name+0x10/0x10 [ 80.281709][ C1] ? kernfs_put+0x35/0x60 [ 80.281742][ C1] ? sysfs_do_create_link_sd+0xbb/0x140 [ 80.281772][ C1] ? bus_to_subsys+0x131/0x160 [ 80.281794][ C1] device_add+0x10dd/0x1aa0 [ 80.281828][ C1] ? __pfx_device_add+0x10/0x10 [ 80.281861][ C1] ? __pfx_exact_lock+0x10/0x10 [ 80.281889][ C1] ? kobject_get+0xbb/0x150 [ 80.281920][ C1] cdev_device_add+0xc2/0x1e0 [ 80.281949][ C1] i2cdev_attach_adapter+0x359/0x4c0 [ 80.281989][ C1] i2cdev_notifier_call+0x65/0x80 [ 80.282012][ C1] notifier_call_chain+0xb9/0x410 [ 80.282047][ C1] ? __pfx_i2cdev_notifier_call+0x10/0x10 [ 80.282073][ C1] blocking_notifier_call_chain+0x69/0xa0 [ 80.282111][ C1] bus_notify+0x56/0x70 [ 80.282135][ C1] device_add+0x10d3/0x1aa0 [ 80.282169][ C1] ? __pfx_device_add+0x10/0x10 [ 80.282201][ C1] ? find_held_lock+0x2b/0x80 [ 80.282229][ C1] ? mark_held_locks+0x49/0x80 [ 80.282263][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 80.282292][ C1] i2c_register_adapter+0x39e/0x1370 [ 80.282322][ C1] i2c_add_adapter+0x10a/0x1b0 [ 80.282347][ C1] devm_i2c_add_adapter+0x1b/0x90 [ 80.282373][ C1] mcp2221_probe+0x5f1/0xc50 [ 80.282408][ C1] ? __pfx_mcp2221_probe+0x10/0x10 [ 80.282441][ C1] hid_device_probe+0x360/0x720 [ 80.282468][ C1] ? __pfx_hid_device_probe+0x10/0x10 [ 80.282495][ C1] really_probe+0x241/0xa90 [ 80.282524][ C1] __driver_probe_device+0x1de/0x440 [ 80.282554][ C1] driver_probe_device+0x4c/0x1b0 [ 80.282587][ C1] __device_attach_driver+0x1df/0x310 [ 80.282619][ C1] ? __pfx___device_attach_driver+0x10/0x10 [ 80.282654][ C1] bus_for_each_drv+0x159/0x1e0 [ 80.282679][ C1] ? __pfx_bus_for_each_drv+0x10/0x10 [ 80.282703][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 80.282732][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 80.282761][ C1] __device_attach+0x1e4/0x4b0 [ 80.282792][ C1] ? __pfx___device_attach+0x10/0x10 [ 80.282823][ C1] ? do_raw_spin_unlock+0x172/0x230 [ 80.282852][ C1] bus_probe_device+0x17f/0x1c0 [ 80.282879][ C1] device_add+0x1148/0x1aa0 [ 80.282915][ C1] ? __pfx_device_add+0x10/0x10 [ 80.282951][ C1] ? debugfs_create_file_full+0x41/0x60 [ 80.282986][ C1] hid_add_device+0x373/0xa60 [ 80.283012][ C1] ? __pfx_hid_add_device+0x10/0x10 [ 80.283035][ C1] ? lockdep_init_map_type+0x5c/0x280 [ 80.283057][ C1] ? lockdep_init_map_type+0x5c/0x280 [ 80.283081][ C1] usbhid_probe+0xd38/0x13f0 [ 80.283120][ C1] usb_probe_interface+0x303/0xa40 [ 80.283145][ C1] ? __pfx_usb_probe_interface+0x10/0x10 [ 80.283168][ C1] really_probe+0x241/0xa90 [ 80.283199][ C1] __driver_probe_device+0x1de/0x440 [ 80.283230][ C1] driver_probe_device+0x4c/0x1b0 [ 80.283261][ C1] __device_attach_driver+0x1df/0x310 [ 80.283292][ C1] ? __pfx___device_attach_driver+0x10/0x10 [ 80.283323][ C1] bus_for_each_drv+0x159/0x1e0 [ 80.283347][ C1] ? __pfx_bus_for_each_drv+0x10/0x10 [ 80.283371][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 80.283399][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 80.283429][ C1] __device_attach+0x1e4/0x4b0 [ 80.283459][ C1] ? __pfx___device_attach+0x10/0x10 [ 80.283490][ C1] ? do_raw_spin_unlock+0x172/0x230 [ 80.283519][ C1] bus_probe_device+0x17f/0x1c0 [ 80.283546][ C1] device_add+0x1148/0x1aa0 [ 80.283582][ C1] ? __pfx_device_add+0x10/0x10 [ 80.283618][ C1] ? usb_enable_ltm+0x10/0x360 [ 80.283649][ C1] ? usb_enable_ltm+0x4f/0x360 [ 80.283677][ C1] usb_set_configuration+0x1187/0x1e20 [ 80.283721][ C1] ? __pfx_usb_generic_driver_probe+0x10/0x10 [ 80.283752][ C1] usb_generic_driver_probe+0xb1/0x110 [ 80.283782][ C1] usb_probe_device+0xec/0x3e0 [ 80.283816][ C1] ? __pfx_usb_probe_device+0x10/0x10 [ 80.283851][ C1] really_probe+0x241/0xa90 [ 80.283882][ C1] __driver_probe_device+0x1de/0x440 [ 80.283911][ C1] ? usb_driver_applicable+0x1c7/0x220 [ 80.283934][ C1] driver_probe_device+0x4c/0x1b0 [ 80.283965][ C1] __device_attach_driver+0x1df/0x310 [ 80.283996][ C1] ? __pfx___device_attach_driver+0x10/0x10 [ 80.284027][ C1] bus_for_each_drv+0x159/0x1e0 [ 80.284050][ C1] ? __pfx_bus_for_each_drv+0x10/0x10 [ 80.284074][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 80.284103][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 80.284132][ C1] __device_attach+0x1e4/0x4b0 [ 80.284162][ C1] ? __pfx___device_attach+0x10/0x10 [ 80.284193][ C1] ? do_raw_spin_unlock+0x172/0x230 [ 80.284222][ C1] bus_probe_device+0x17f/0x1c0 [ 80.284249][ C1] device_add+0x1148/0x1aa0 [ 80.284285][ C1] ? __pfx_device_add+0x10/0x10 [ 80.284319][ C1] ? usb_detect_static_quirks+0x335/0x3e0 [ 80.284351][ C1] ? __usb_get_extra_descriptor+0x158/0x1c0 [ 80.284394][ C1] usb_new_device+0xd07/0x1a60 [ 80.284430][ C1] ? do_raw_spin_lock+0x12c/0x2b0 [ 80.284455][ C1] ? __pfx_usb_new_device+0x10/0x10 [ 80.284489][ C1] ? mark_held_locks+0x49/0x80 [ 80.284527][ C1] hub_event+0x2f34/0x4fe0 [ 80.284574][ C1] ? __pfx_hub_event+0x10/0x10 [ 80.284606][ C1] ? pool_move_batch+0x290/0x290 [ 80.284655][ C1] ? rcu_is_watching+0x12/0xc0 [ 80.284688][ C1] process_one_work+0x9cc/0x1b70 [ 80.284719][ C1] ? __pfx_nsim_dev_hwstats_traffic_work+0x10/0x10 [ 80.284751][ C1] ? __pfx_process_one_work+0x10/0x10 [ 80.284782][ C1] ? assign_work+0x1a0/0x250 [ 80.284806][ C1] worker_thread+0x6c8/0xf10 [ 80.284837][ C1] ? __kthread_parkme+0x19e/0x250 [ 80.284872][ C1] ? __pfx_worker_thread+0x10/0x10 [ 80.284898][ C1] kthread+0x3c2/0x780 [ 80.284921][ C1] ? __pfx_kthread+0x10/0x10 [ 80.284945][ C1] ? rcu_is_watching+0x12/0xc0 [ 80.284974][ C1] ? __pfx_kthread+0x10/0x10 [ 80.284998][ C1] ret_from_fork+0x5d4/0x6f0 [ 80.285021][ C1] ? __pfx_kthread+0x10/0x10 [ 80.285044][ C1] ret_from_fork_asm+0x1a/0x30 [ 80.285080][ C1] [ 80.285089][ C1] [ 81.216371][ C1] Allocated by task 5953: [ 81.220687][ C1] kasan_save_stack+0x33/0x60 [ 81.225361][ C1] kasan_save_track+0x14/0x30 [ 81.230036][ C1] __kasan_slab_alloc+0x89/0x90 [ 81.234887][ C1] kmem_cache_alloc_node_noprof+0x1d5/0x3b0 [ 81.240775][ C1] kmalloc_reserve+0x18b/0x2c0 [ 81.245554][ C1] __alloc_skb+0x166/0x380 [ 81.249992][ C1] skb_copy+0x1c9/0x3a0 [ 81.254142][ C1] mac80211_hwsim_tx_frame_no_nl.isra.0+0xb6e/0x13c0 [ 81.260853][ C1] mac80211_hwsim_tx_frame+0x1f1/0x2a0 [ 81.266317][ C1] mac80211_hwsim_beacon_tx+0x592/0xa40 [ 81.271889][ C1] __iterate_interfaces+0x2e2/0x650 [ 81.277085][ C1] ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 [ 81.284289][ C1] mac80211_hwsim_beacon+0x105/0x200 [ 81.289577][ C1] __hrtimer_run_queues+0x1ff/0xad0 [ 81.294784][ C1] hrtimer_run_softirq+0x17d/0x350 [ 81.299909][ C1] handle_softirqs+0x219/0x8e0 [ 81.304678][ C1] __irq_exit_rcu+0x109/0x170 [ 81.309358][ C1] irq_exit_rcu+0x9/0x30 [ 81.313635][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 81.319356][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 81.325335][ C1] [ 81.327646][ C1] Freed by task 1339: [ 81.331609][ C1] kasan_save_stack+0x33/0x60 [ 81.336285][ C1] kasan_save_track+0x14/0x30 [ 81.340958][ C1] kasan_save_free_info+0x3b/0x60 [ 81.346073][ C1] __kasan_slab_free+0x60/0x70 [ 81.350828][ C1] kmem_cache_free+0x2d1/0x4d0 [ 81.355584][ C1] skb_free_head+0x1b7/0x210 [ 81.360171][ C1] skb_release_data+0x795/0x9e0 [ 81.365073][ C1] sk_skb_reason_drop+0x129/0x1a0 [ 81.370569][ C1] ieee80211_iface_work+0x435/0x1360 [ 81.375846][ C1] cfg80211_wiphy_work+0x2c7/0x580 [ 81.380965][ C1] process_one_work+0x9cc/0x1b70 [ 81.385912][ C1] worker_thread+0x6c8/0xf10 [ 81.390569][ C1] kthread+0x3c2/0x780 [ 81.394740][ C1] ret_from_fork+0x5d4/0x6f0 [ 81.399333][ C1] ret_from_fork_asm+0x1a/0x30 [ 81.404097][ C1] [ 81.406406][ C1] The buggy address belongs to the object at ffff8880555d7a80 [ 81.406406][ C1] which belongs to the cache skbuff_small_head of size 704 [ 81.421069][ C1] The buggy address is located 703 bytes to the right of [ 81.421069][ C1] allocated 704-byte region [ffff8880555d7a80, ffff8880555d7d40) [ 81.435731][ C1] [ 81.438045][ C1] The buggy address belongs to the physical page: [ 81.444796][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x555d4 [ 81.453546][ C1] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 81.462034][ C1] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 81.469587][ C1] page_type: f5(slab) [ 81.473586][ C1] raw: 00fff00000000040 ffff88801fac8b40 dead000000000122 0000000000000000 [ 81.482173][ C1] raw: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000 [ 81.490768][ C1] head: 00fff00000000040 ffff88801fac8b40 dead000000000122 0000000000000000 [ 81.499445][ C1] head: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000 [ 81.508140][ C1] head: 00fff00000000002 ffffea0001557501 00000000ffffffff 00000000ffffffff [ 81.517163][ C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 81.525854][ C1] page dumped because: kasan: bad access detected [ 81.532273][ C1] page_owner tracks the page as allocated [ 81.538189][ C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6009, tgid 6005 (syz.0.15), ts 80131442321, free_ts 20352038586 [ 81.558891][ C1] post_alloc_hook+0x1c0/0x230 [ 81.563694][ C1] get_page_from_freelist+0x132b/0x38e0 [ 81.569342][ C1] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 81.575336][ C1] alloc_pages_mpol+0x1fb/0x550 [ 81.580253][ C1] new_slab+0x247/0x330 [ 81.584446][ C1] ___slab_alloc+0xcf2/0x1750 [ 81.589142][ C1] __slab_alloc.constprop.0+0x56/0xb0 [ 81.594624][ C1] kmem_cache_alloc_node_noprof+0xf5/0x3b0 [ 81.600433][ C1] kmalloc_reserve+0x18b/0x2c0 [ 81.605206][ C1] __alloc_skb+0x166/0x380 [ 81.609627][ C1] sctp_ulpevent_notify_peer_addr_change+0x1f3/0xc00 [ 81.616323][ C1] sctp_assoc_control_transport+0x51e/0xd80 [ 81.622287][ C1] sctp_do_sm+0x566b/0x5c80 [ 81.626857][ C1] sctp_assoc_bh_rcv+0x392/0x6f0 [ 81.631987][ C1] sctp_inq_push+0x1db/0x270 [ 81.636683][ C1] sctp_backlog_rcv+0x169/0x590 [ 81.641536][ C1] page last free pid 1 tgid 1 stack trace: [ 81.647333][ C1] __free_frozen_pages+0x7d5/0x10f0 [ 81.652624][ C1] free_contig_range+0x183/0x4b0 [ 81.657581][ C1] destroy_args+0x794/0xc10 [ 81.662167][ C1] debug_vm_pgtable+0x1a32/0x3640 [ 81.667183][ C1] do_one_initcall+0x120/0x6e0 [ 81.671968][ C1] kernel_init_freeable+0x5c2/0x910 [ 81.677274][ C1] kernel_init+0x1c/0x2b0 [ 81.681807][ C1] ret_from_fork+0x5d4/0x6f0 [ 81.686389][ C1] ret_from_fork_asm+0x1a/0x30 [ 81.691181][ C1] [ 81.693496][ C1] Memory state around the buggy address: [ 81.699113][ C1] ffff8880555d7e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.707289][ C1] ffff8880555d7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.715349][ C1] >ffff8880555d7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.723413][ C1] ^ [ 81.731387][ C1] ffff8880555d8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 81.739440][ C1] ffff8880555d8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 81.747490][ C1] ================================================================== [ 81.755542][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 81.762737][ C1] CPU: 1 UID: 0 PID: 5953 Comm: kworker/1:5 Not tainted syzkaller #0 PREEMPT(full) [ 81.772110][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 81.782248][ C1] Workqueue: usb_hub_wq hub_event [ 81.787287][ C1] Call Trace: [ 81.790559][ C1] [ 81.793435][ C1] dump_stack_lvl+0x3d/0x1f0 [ 81.798037][ C1] vpanic+0x6e8/0x7a0 [ 81.802035][ C1] ? __pfx_vpanic+0x10/0x10 [ 81.806561][ C1] ? __pfx_vprintk_emit+0x10/0x10 [ 81.811765][ C1] ? mcp2221_raw_event+0x1070/0x10a0 [ 81.817059][ C1] panic+0xca/0xd0 [ 81.820791][ C1] ? __pfx_panic+0x10/0x10 [ 81.825221][ C1] ? end_report+0x4c/0x170 [ 81.829634][ C1] ? rcu_is_watching+0x12/0xc0 [ 81.834688][ C1] ? lock_release+0x201/0x2f0 [ 81.839386][ C1] check_panic_on_warn+0xab/0xb0 [ 81.844334][ C1] end_report+0x107/0x170 [ 81.848674][ C1] kasan_report+0xee/0x110 [ 81.853097][ C1] ? mcp2221_raw_event+0x1070/0x10a0 [ 81.858402][ C1] mcp2221_raw_event+0x1070/0x10a0 [ 81.863527][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 81.869347][ C1] __hid_input_report.constprop.0+0x311/0x450 [ 81.875420][ C1] ? __pfx_mcp2221_raw_event+0x10/0x10 [ 81.880896][ C1] hid_irq_in+0x35e/0x870 [ 81.885243][ C1] __usb_hcd_giveback_urb+0x388/0x610 [ 81.890627][ C1] usb_hcd_giveback_urb+0x39b/0x450 [ 81.895925][ C1] dummy_timer+0x1814/0x3a30 [ 81.900563][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 81.905638][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 81.910584][ C1] ? mark_held_locks+0x49/0x80 [ 81.915813][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 81.921622][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 81.926578][ C1] __hrtimer_run_queues+0x1ff/0xad0 [ 81.931781][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 81.937497][ C1] ? read_tsc+0x9/0x20 [ 81.941571][ C1] hrtimer_run_softirq+0x17d/0x350 [ 81.946680][ C1] handle_softirqs+0x219/0x8e0 [ 81.951452][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 81.956742][ C1] __irq_exit_rcu+0x109/0x170 [ 81.961420][ C1] irq_exit_rcu+0x9/0x30 [ 81.965690][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 81.971332][ C1] [ 81.974253][ C1] [ 81.977169][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 81.983145][ C1] RIP: 0010:lock_release+0x183/0x2f0 [ 81.988559][ C1] Code: 0f c1 05 f8 2d 3f 12 83 f8 01 0f 85 1d 01 00 00 9c 58 f6 c4 02 0f 85 08 01 00 00 41 f7 c5 00 02 00 00 74 01 fb 48 8b 44 24 10 <65> 48 2b 05 0d ec 3e 12 0f 85 58 01 00 00 48 83 c4 18 5b 41 5c 41 [ 82.008356][ C1] RSP: 0018:ffffc900044ee358 EFLAGS: 00000206 [ 82.014430][ C1] RAX: 2c4bb1eec29b6700 RBX: ffffffff8e5c1260 RCX: ffffc900044ee364 [ 82.022399][ C1] RDX: 0000000000000007 RSI: ffffffff8de2cdc0 RDI: ffffffff8c162d80 [ 82.030369][ C1] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 82.038353][ C1] R10: 0000000000000007 R11: 000000000006d15d R12: ffffffff816ae8a4 [ 82.046334][ C1] R13: 0000000000000202 R14: ffff88806110c880 R15: 0000000000000008 [ 82.054339][ C1] ? unwind_next_frame+0x3f4/0x20a0 [ 82.059555][ C1] unwind_next_frame+0x3f9/0x20a0 [ 82.064581][ C1] ? i2cdev_attach_adapter+0x359/0x4c0 [ 82.070043][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 82.076213][ C1] arch_stack_walk+0x94/0x100 [ 82.080930][ C1] ? i2cdev_notifier_call+0x65/0x80 [ 82.086128][ C1] stack_trace_save+0x8e/0xc0 [ 82.090810][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 82.096210][ C1] ? do_raw_spin_lock+0x12c/0x2b0 [ 82.101235][ C1] kasan_save_stack+0x33/0x60 [ 82.105909][ C1] ? kasan_save_stack+0x33/0x60 [ 82.110758][ C1] ? kasan_save_track+0x14/0x30 [ 82.115603][ C1] ? __kasan_kmalloc+0xaa/0xb0 [ 82.120365][ C1] ? kobject_uevent_env+0x265/0x1870 [ 82.125664][ C1] ? device_add+0x10dd/0x1aa0 [ 82.130374][ C1] ? cdev_device_add+0xc2/0x1e0 [ 82.135238][ C1] ? i2cdev_attach_adapter+0x359/0x4c0 [ 82.140716][ C1] kasan_save_track+0x14/0x30 [ 82.145418][ C1] __kasan_kmalloc+0xaa/0xb0 [ 82.150001][ C1] kobject_uevent_env+0x265/0x1870 [ 82.155119][ C1] ? __pfx_dev_uevent_name+0x10/0x10 [ 82.160404][ C1] ? kernfs_put+0x35/0x60 [ 82.164741][ C1] ? sysfs_do_create_link_sd+0xbb/0x140 [ 82.170287][ C1] ? bus_to_subsys+0x131/0x160 [ 82.175130][ C1] device_add+0x10dd/0x1aa0 [ 82.179640][ C1] ? __pfx_device_add+0x10/0x10 [ 82.184498][ C1] ? __pfx_exact_lock+0x10/0x10 [ 82.189348][ C1] ? kobject_get+0xbb/0x150 [ 82.193859][ C1] cdev_device_add+0xc2/0x1e0 [ 82.198603][ C1] i2cdev_attach_adapter+0x359/0x4c0 [ 82.203915][ C1] i2cdev_notifier_call+0x65/0x80 [ 82.208938][ C1] notifier_call_chain+0xb9/0x410 [ 82.213978][ C1] ? __pfx_i2cdev_notifier_call+0x10/0x10 [ 82.219706][ C1] blocking_notifier_call_chain+0x69/0xa0 [ 82.225444][ C1] bus_notify+0x56/0x70 [ 82.229622][ C1] device_add+0x10d3/0x1aa0 [ 82.234138][ C1] ? __pfx_device_add+0x10/0x10 [ 82.238995][ C1] ? find_held_lock+0x2b/0x80 [ 82.243672][ C1] ? mark_held_locks+0x49/0x80 [ 82.248452][ C1] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 82.254259][ C1] i2c_register_adapter+0x39e/0x1370 [ 82.259576][ C1] i2c_add_adapter+0x10a/0x1b0 [ 82.264337][ C1] devm_i2c_add_adapter+0x1b/0x90 [ 82.269365][ C1] mcp2221_probe+0x5f1/0xc50 [ 82.273969][ C1] ? __pfx_mcp2221_probe+0x10/0x10 [ 82.279109][ C1] hid_device_probe+0x360/0x720 [ 82.283962][ C1] ? __pfx_hid_device_probe+0x10/0x10 [ 82.289330][ C1] really_probe+0x241/0xa90 [ 82.293854][ C1] __driver_probe_device+0x1de/0x440 [ 82.299141][ C1] driver_probe_device+0x4c/0x1b0 [ 82.304174][ C1] __device_attach_driver+0x1df/0x310 [ 82.309546][ C1] ? __pfx___device_attach_driver+0x10/0x10 [ 82.315451][ C1] bus_for_each_drv+0x159/0x1e0 [ 82.320305][ C1] ? __pfx_bus_for_each_drv+0x10/0x10 [ 82.325672][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 82.330875][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 82.336684][ C1] __device_attach+0x1e4/0x4b0 [ 82.341451][ C1] ? __pfx___device_attach+0x10/0x10 [ 82.346735][ C1] ? do_raw_spin_unlock+0x172/0x230 [ 82.351934][ C1] bus_probe_device+0x17f/0x1c0 [ 82.356782][ C1] device_add+0x1148/0x1aa0 [ 82.361290][ C1] ? __pfx_device_add+0x10/0x10 [ 82.366144][ C1] ? debugfs_create_file_full+0x41/0x60 [ 82.371715][ C1] hid_add_device+0x373/0xa60 [ 82.376390][ C1] ? __pfx_hid_add_device+0x10/0x10 [ 82.381585][ C1] ? lockdep_init_map_type+0x5c/0x280 [ 82.386950][ C1] ? lockdep_init_map_type+0x5c/0x280 [ 82.392320][ C1] usbhid_probe+0xd38/0x13f0 [ 82.396944][ C1] usb_probe_interface+0x303/0xa40 [ 82.402185][ C1] ? __pfx_usb_probe_interface+0x10/0x10 [ 82.407813][ C1] really_probe+0x241/0xa90 [ 82.412323][ C1] __driver_probe_device+0x1de/0x440 [ 82.417622][ C1] driver_probe_device+0x4c/0x1b0 [ 82.422693][ C1] __device_attach_driver+0x1df/0x310 [ 82.428069][ C1] ? __pfx___device_attach_driver+0x10/0x10 [ 82.433965][ C1] bus_for_each_drv+0x159/0x1e0 [ 82.438814][ C1] ? __pfx_bus_for_each_drv+0x10/0x10 [ 82.444183][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 82.449386][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 82.455193][ C1] __device_attach+0x1e4/0x4b0 [ 82.459957][ C1] ? __pfx___device_attach+0x10/0x10 [ 82.465240][ C1] ? do_raw_spin_unlock+0x172/0x230 [ 82.470439][ C1] bus_probe_device+0x17f/0x1c0 [ 82.475289][ C1] device_add+0x1148/0x1aa0 [ 82.479802][ C1] ? __pfx_device_add+0x10/0x10 [ 82.484662][ C1] ? usb_enable_ltm+0x10/0x360 [ 82.489424][ C1] ? usb_enable_ltm+0x4f/0x360 [ 82.494187][ C1] usb_set_configuration+0x1187/0x1e20 [ 82.499756][ C1] ? __pfx_usb_generic_driver_probe+0x10/0x10 [ 82.505825][ C1] usb_generic_driver_probe+0xb1/0x110 [ 82.511287][ C1] usb_probe_device+0xec/0x3e0 [ 82.516058][ C1] ? __pfx_usb_probe_device+0x10/0x10 [ 82.521439][ C1] really_probe+0x241/0xa90 [ 82.525953][ C1] __driver_probe_device+0x1de/0x440 [ 82.531236][ C1] ? usb_driver_applicable+0x1c7/0x220 [ 82.536690][ C1] driver_probe_device+0x4c/0x1b0 [ 82.541715][ C1] __device_attach_driver+0x1df/0x310 [ 82.547087][ C1] ? __pfx___device_attach_driver+0x10/0x10 [ 82.552982][ C1] bus_for_each_drv+0x159/0x1e0 [ 82.557833][ C1] ? __pfx_bus_for_each_drv+0x10/0x10 [ 82.563206][ C1] ? lockdep_hardirqs_on+0x7c/0x110 [ 82.568404][ C1] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 82.574237][ C1] __device_attach+0x1e4/0x4b0 [ 82.579003][ C1] ? __pfx___device_attach+0x10/0x10 [ 82.584289][ C1] ? do_raw_spin_unlock+0x172/0x230 [ 82.589493][ C1] bus_probe_device+0x17f/0x1c0 [ 82.594349][ C1] device_add+0x1148/0x1aa0 [ 82.598865][ C1] ? __pfx_device_add+0x10/0x10 [ 82.603722][ C1] ? usb_detect_static_quirks+0x335/0x3e0 [ 82.609445][ C1] ? __usb_get_extra_descriptor+0x158/0x1c0 [ 82.615352][ C1] usb_new_device+0xd07/0x1a60 [ 82.620129][ C1] ? do_raw_spin_lock+0x12c/0x2b0 [ 82.625158][ C1] ? __pfx_usb_new_device+0x10/0x10 [ 82.630359][ C1] ? mark_held_locks+0x49/0x80 [ 82.635149][ C1] hub_event+0x2f34/0x4fe0 [ 82.639584][ C1] ? __pfx_hub_event+0x10/0x10 [ 82.644352][ C1] ? pool_move_batch+0x290/0x290 [ 82.649402][ C1] ? rcu_is_watching+0x12/0xc0 [ 82.654210][ C1] process_one_work+0x9cc/0x1b70 [ 82.659180][ C1] ? __pfx_nsim_dev_hwstats_traffic_work+0x10/0x10 [ 82.665706][ C1] ? __pfx_process_one_work+0x10/0x10 [ 82.671098][ C1] ? assign_work+0x1a0/0x250 [ 82.675690][ C1] worker_thread+0x6c8/0xf10 [ 82.680285][ C1] ? __kthread_parkme+0x19e/0x250 [ 82.685319][ C1] ? __pfx_worker_thread+0x10/0x10 [ 82.690456][ C1] kthread+0x3c2/0x780 [ 82.694519][ C1] ? __pfx_kthread+0x10/0x10 [ 82.699124][ C1] ? rcu_is_watching+0x12/0xc0 [ 82.703916][ C1] ? __pfx_kthread+0x10/0x10 [ 82.708529][ C1] ret_from_fork+0x5d4/0x6f0 [ 82.713121][ C1] ? __pfx_kthread+0x10/0x10 [ 82.717809][ C1] ret_from_fork_asm+0x1a/0x30 [ 82.722585][ C1] [ 82.725856][ C1] Kernel Offset: disabled [ 82.730168][ C1] Rebooting in 86400 seconds..