last executing test programs: 2.660231729s ago: executing program 3 (id=4): socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) utimensat(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) io_setup(0x3, &(0x7f0000000180)) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000003c0)=0x14) ioctl$TIOCVHANGUP(r4, 0x5437, 0x2) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) syz_usb_connect$cdc_ecm(0x2, 0x53, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x41, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x16, 0x2, 0x2, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x3}, [@country_functional={0x6}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0xff, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x240}}}}}]}}]}}, 0x0) 2.139960878s ago: executing program 1 (id=2): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) recvmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) connect$packet(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) socket$alg(0x26, 0x5, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r4 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r4, &(0x7f0000000080)={0x1d, r3, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, 0x1412, 0x8, 0x70bd26, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x3}]}, 0x20}, 0x1, 0x0, 0x0, 0x8851}, 0x40000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace00000000000000002100000002ff02000000000000000000000000000104004e200023b0"], 0x0) 1.868321027s ago: executing program 2 (id=7): r0 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$6lowpan_control(r0, 0x0, 0x0) 1.735539307s ago: executing program 2 (id=8): capset(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x16, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x7, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x6}, 0x94) r0 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$MEDIA_IOC_DEVICE_INFO(r0, 0xc1007c00, &(0x7f0000000080)) 1.638411702s ago: executing program 1 (id=9): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20) copy_file_range(r0, 0x0, r0, 0x0, 0xb51, 0x0) 1.372704774s ago: executing program 2 (id=10): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0x0, 0x1, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0x0, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x55}, 0x4000) 1.353455094s ago: executing program 1 (id=11): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'vlan1\x00', 0x0}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) ioctl$KDGKBSENT(0xffffffffffffffff, 0x5602, &(0x7f0000000000)={0x0, "96d3e9659db3f50cb3c4e683f4fae026a3b284dd56630882be4bc0f34042227a71f06b95d73e34c8ecf3325e43f75f16f13d8905d3bdce627dc6ae0b14840f4c8bebc40872293c61ddd293631a22c6d5c8c9b16b987f4326874ddc5e2610c5505cea115e51bf6feb3e93cf89b8f44394fa2ac7f6cf757a9416c7545c5e5caa34450f0397d179f2225b57f644ce8ad31b15547b9364daef8e784f2036a75c3c5cfd124cdd424a558ea90d054d36c0d1d0db92e5e7f668dadcbfaed92c7cf3204be0c4904d308feba3447d7f41a58bc2fd4682e306a592696e4de9427d87c008d3e172cf162cc35f00915fe9fc9ea84e28838940e4bb2fda4c55a34abdf6db63d547c91a17211a1ce43a2933f8227e8b6767ab70bc9223e62a2d3ad9b13f74e2000961e62eaea005088d6d74a19eb0c56ce314323143fcfe27e410e10bd21a2140783385bdb1a7d33038427e336829ccfb63c04e537ca51ddae5fdf29505fca04fc4b2a13d6dad7db2eace60e9589712719a49a2d2d44587465037851b1fe93a0ed46822294671098fd53e79fe428bf6ae3846299ab1d238ad07be6cc01b5fcaacfce829c209e67d5548a38b637f3b44905b8be24dfba30e1b6d074b43e53fcded14a4190a585949baa43fef6c70ce7b1612299d734c07feed23252886a1317358cf5ecaf0186d2dbdb3eab8a9c3c21d4828ef8a9dd89207f2884a57679fcd495a"}) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) set_mempolicy(0x2002, 0x0, 0x89) shmget$private(0x0, 0x1000, 0x78000a42, &(0x7f0000ff2000/0x1000)=nil) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x4) mount(&(0x7f0000000000)=@nullb, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='erofs\x00', 0x8002, 0x0) 1.027473817s ago: executing program 2 (id=12): r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x800) readv(r0, &(0x7f0000000240)=[{0x0}], 0x1) 982.72801ms ago: executing program 0 (id=1): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r4, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6}, 0x20) recvmmsg(0xffffffffffffffff, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000500)=""/65, 0x41}], 0x1}}], 0x1, 0x0, 0x0) 692.767179ms ago: executing program 2 (id=13): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r0, 0xffffffffffffffff, 0x0) 202.979644ms ago: executing program 1 (id=14): r0 = socket(0x10, 0x80002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc491c6170000501d0000be7ba9bd"], 0x1c}}, 0x0) 130.240921ms ago: executing program 4 (id=5): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) sendmmsg(r0, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000200)='$', 0x1}], 0x1, &(0x7f0000000000)=ANY=[], 0x10}}], 0x1, 0x4004804) 93.091915ms ago: executing program 2 (id=15): syz_open_dev$hiddev(0x0, 0xffffffffffffffff, 0x8601) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000540)={@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046, r1}) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', 0x0}) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000540)={@empty, @rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, r3}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c0002800800010001000000140007000000000000000005"], 0x74}}, 0x0) 0s ago: executing program 0 (id=16): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$KDFONTOP_SET(r5, 0x4b6a, &(0x7f0000000000)={0x200e, 0x200c, 0x3, 0x1d, 0x200b, 0x0}) syz_open_dev$tty1(0xc, 0x4, 0x1) setresuid(0x0, 0xffffffffffffffff, 0xee01) setreuid(0xee01, 0xee01) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x4044800}, 0x10) sendmmsg$alg(r6, &(0x7f0000000140), 0x4924b68, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.139' (ED25519) to the list of known hosts. [ 56.551272][ T30] audit: type=1400 audit(1750900404.286:62): avc: denied { mounton } for pid=5799 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 56.554705][ T5799] cgroup: Unknown subsys name 'net' [ 56.574026][ T30] audit: type=1400 audit(1750900404.286:63): avc: denied { mount } for pid=5799 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 56.603764][ T30] audit: type=1400 audit(1750900404.346:64): avc: denied { unmount } for pid=5799 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 56.769086][ T5799] cgroup: Unknown subsys name 'cpuset' [ 56.776735][ T5799] cgroup: Unknown subsys name 'rlimit' [ 56.921306][ T30] audit: type=1400 audit(1750900404.656:65): avc: denied { setattr } for pid=5799 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 56.953356][ T30] audit: type=1400 audit(1750900404.656:66): avc: denied { create } for pid=5799 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 56.978034][ T30] audit: type=1400 audit(1750900404.656:67): avc: denied { write } for pid=5799 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 57.003036][ T30] audit: type=1400 audit(1750900404.656:68): avc: denied { read } for pid=5799 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 57.023596][ T30] audit: type=1400 audit(1750900404.666:69): avc: denied { mounton } for pid=5799 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 57.028590][ T5801] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 57.049033][ T30] audit: type=1400 audit(1750900404.666:70): avc: denied { mount } for pid=5799 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 57.080762][ T30] audit: type=1400 audit(1750900404.706:71): avc: denied { read } for pid=5481 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 57.969570][ T5799] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 62.176131][ T30] kauditd_printk_skb: 6 callbacks suppressed [ 62.176151][ T30] audit: type=1400 audit(1750900409.916:78): avc: denied { create } for pid=5809 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 62.280685][ T5820] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.286894][ T5821] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 62.288478][ T5820] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 62.295884][ T5821] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.302839][ T5820] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 62.316315][ T5821] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.317057][ T5820] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 62.332386][ T5820] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 62.336274][ T5821] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.349651][ T5820] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 62.356040][ T5821] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.363386][ T30] audit: type=1400 audit(1750900409.916:79): avc: denied { read write } for pid=5810 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 62.364254][ T5822] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 62.395110][ T5821] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 62.403293][ T5825] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 62.404442][ T30] audit: type=1400 audit(1750900409.916:80): avc: denied { open } for pid=5810 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 62.414037][ T5822] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 62.435785][ T5829] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 62.449383][ T5829] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 62.452702][ T5822] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 62.458087][ T5829] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 62.463864][ T5822] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 62.471200][ T5829] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 62.486448][ T5829] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 62.494185][ T5829] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 62.503439][ T5822] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 62.520280][ T5823] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 62.559673][ T30] audit: type=1400 audit(1750900409.926:81): avc: denied { ioctl } for pid=5810 comm="syz-executor" path="socket:[3871]" dev="sockfs" ino=3871 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 62.589220][ T30] audit: type=1400 audit(1750900410.176:82): avc: denied { read } for pid=5809 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 62.611004][ T30] audit: type=1400 audit(1750900410.176:83): avc: denied { open } for pid=5809 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 62.634474][ T30] audit: type=1400 audit(1750900410.176:84): avc: denied { mounton } for pid=5809 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 62.803870][ T30] audit: type=1400 audit(1750900410.536:85): avc: denied { module_request } for pid=5809 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 62.905110][ T5809] chnl_net:caif_netlink_parms(): no params data found [ 63.002879][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 63.112019][ T5810] chnl_net:caif_netlink_parms(): no params data found [ 63.122470][ T5809] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.129695][ T5809] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.137075][ T5809] bridge_slave_0: entered allmulticast mode [ 63.143782][ T5809] bridge_slave_0: entered promiscuous mode [ 63.152727][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 63.178934][ T5809] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.186225][ T5809] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.193408][ T5809] bridge_slave_1: entered allmulticast mode [ 63.200602][ T5809] bridge_slave_1: entered promiscuous mode [ 63.251618][ T5812] chnl_net:caif_netlink_parms(): no params data found [ 63.264414][ T5809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.285791][ T5809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.360786][ T5809] team0: Port device team_slave_0 added [ 63.368761][ T5809] team0: Port device team_slave_1 added [ 63.374628][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.382628][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.389891][ T5827] bridge_slave_0: entered allmulticast mode [ 63.397021][ T5827] bridge_slave_0: entered promiscuous mode [ 63.427671][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.434779][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.442083][ T5824] bridge_slave_0: entered allmulticast mode [ 63.449624][ T5824] bridge_slave_0: entered promiscuous mode [ 63.466066][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.473523][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.480797][ T5827] bridge_slave_1: entered allmulticast mode [ 63.487898][ T5827] bridge_slave_1: entered promiscuous mode [ 63.494385][ T5810] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.502120][ T5810] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.509546][ T5810] bridge_slave_0: entered allmulticast mode [ 63.516425][ T5810] bridge_slave_0: entered promiscuous mode [ 63.523385][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.530573][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.537811][ T5824] bridge_slave_1: entered allmulticast mode [ 63.544417][ T5824] bridge_slave_1: entered promiscuous mode [ 63.562410][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.569486][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.595599][ T5809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.614917][ T5810] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.622158][ T5810] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.629667][ T5810] bridge_slave_1: entered allmulticast mode [ 63.636913][ T5810] bridge_slave_1: entered promiscuous mode [ 63.653944][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.661119][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.687329][ T5809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.743556][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.754695][ T5810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.767182][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.778876][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.794356][ T5812] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.802184][ T5812] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.809732][ T5812] bridge_slave_0: entered allmulticast mode [ 63.817269][ T5812] bridge_slave_0: entered promiscuous mode [ 63.824639][ T5812] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.832308][ T5812] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.839867][ T5812] bridge_slave_1: entered allmulticast mode [ 63.846899][ T5812] bridge_slave_1: entered promiscuous mode [ 63.864536][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.875095][ T5810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.943760][ T5812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.963585][ T5810] team0: Port device team_slave_0 added [ 63.971190][ T5810] team0: Port device team_slave_1 added [ 63.979325][ T5824] team0: Port device team_slave_0 added [ 63.997596][ T5809] hsr_slave_0: entered promiscuous mode [ 64.003694][ T5809] hsr_slave_1: entered promiscuous mode [ 64.012623][ T5812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.031768][ T5827] team0: Port device team_slave_0 added [ 64.040660][ T5827] team0: Port device team_slave_1 added [ 64.054882][ T5824] team0: Port device team_slave_1 added [ 64.103716][ T5812] team0: Port device team_slave_0 added [ 64.119510][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.126593][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.152758][ T5810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.171750][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.178838][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.205092][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.218186][ T5812] team0: Port device team_slave_1 added [ 64.224407][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.231634][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.258076][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.269616][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.276908][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.303223][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.314666][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.321994][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.348090][ T5810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.375060][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.382029][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.408035][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.441748][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.449079][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.476121][ T5812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.476162][ T5823] Bluetooth: hci1: command tx timeout [ 64.516798][ T5812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.523754][ T5812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.550368][ T5812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.561001][ T5820] Bluetooth: hci4: command tx timeout [ 64.561183][ T5820] Bluetooth: hci2: command tx timeout [ 64.566715][ T5822] Bluetooth: hci3: command tx timeout [ 64.578191][ T5823] Bluetooth: hci0: command tx timeout [ 64.595133][ T5810] hsr_slave_0: entered promiscuous mode [ 64.601244][ T5810] hsr_slave_1: entered promiscuous mode [ 64.607276][ T5810] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.614954][ T5810] Cannot create hsr debugfs directory [ 64.639830][ T5824] hsr_slave_0: entered promiscuous mode [ 64.646010][ T5824] hsr_slave_1: entered promiscuous mode [ 64.651864][ T5824] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.659607][ T5824] Cannot create hsr debugfs directory [ 64.694175][ T5827] hsr_slave_0: entered promiscuous mode [ 64.701255][ T5827] hsr_slave_1: entered promiscuous mode [ 64.707601][ T5827] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.715142][ T5827] Cannot create hsr debugfs directory [ 64.829595][ T5812] hsr_slave_0: entered promiscuous mode [ 64.837711][ T5812] hsr_slave_1: entered promiscuous mode [ 64.843682][ T5812] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.851475][ T5812] Cannot create hsr debugfs directory [ 65.076616][ T5809] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 65.098590][ T5809] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 65.112497][ T5809] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 65.130266][ T5809] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 65.197920][ T5810] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 65.211229][ T5810] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 65.224888][ T5810] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 65.236799][ T5810] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 65.275246][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.308737][ T5809] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.315940][ T5827] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 65.341316][ T5827] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 65.353459][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.360787][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.370438][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.377522][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.394365][ T5827] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 65.419695][ T5827] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 65.469722][ T5812] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 65.481740][ T5812] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 65.507079][ T5812] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 65.540635][ T5812] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 65.575926][ T30] audit: type=1400 audit(1750900413.316:86): avc: denied { sys_module } for pid=5809 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 65.640622][ T5810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.650092][ T5824] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 65.680767][ T5824] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.692147][ T5824] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.703596][ T5824] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.740043][ T5810] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.754590][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.761723][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.773234][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.780373][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.818939][ T5809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.861741][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.939851][ T5812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.953161][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.978226][ T5809] veth0_vlan: entered promiscuous mode [ 66.011463][ T5809] veth1_vlan: entered promiscuous mode [ 66.029662][ T5812] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.040498][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.047630][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.072213][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.079390][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.110956][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.118133][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.129855][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.137051][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.192794][ T5809] veth0_macvtap: entered promiscuous mode [ 66.218525][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 66.237574][ T5809] veth1_macvtap: entered promiscuous mode [ 66.262602][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 66.282726][ T5810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.302246][ T4533] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.309383][ T4533] bridge0: port 1(bridge_slave_0) entered forwarding state [ 66.376400][ T4533] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.383549][ T4533] bridge0: port 2(bridge_slave_1) entered forwarding state [ 66.404443][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.434164][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.460286][ T5810] veth0_vlan: entered promiscuous mode [ 66.479241][ T5809] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.494484][ T5809] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.509971][ T5809] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.520738][ T5809] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.543064][ T5810] veth1_vlan: entered promiscuous mode [ 66.558714][ T5823] Bluetooth: hci1: command tx timeout [ 66.622735][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.637204][ T5823] Bluetooth: hci2: command tx timeout [ 66.639060][ T5820] Bluetooth: hci3: command tx timeout [ 66.642633][ T5829] Bluetooth: hci4: command tx timeout [ 66.648312][ T5822] Bluetooth: hci0: command tx timeout [ 66.677304][ T5812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.724684][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.736760][ T5810] veth0_macvtap: entered promiscuous mode [ 66.758032][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.802611][ T5810] veth1_macvtap: entered promiscuous mode [ 66.838678][ T4533] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.865531][ T4533] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.898575][ T30] audit: type=1400 audit(1750900414.626:87): avc: denied { mounton } for pid=5809 comm="syz-executor" path="/root/syzkaller.TZPmyp/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 66.927923][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.960658][ T5812] veth0_vlan: entered promiscuous mode [ 66.973522][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.995290][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.007844][ T5809] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 67.009483][ T5812] veth1_vlan: entered promiscuous mode [ 67.043364][ T5810] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.057120][ T5810] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.068435][ T5810] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.090699][ T5810] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.227793][ T5812] veth0_macvtap: entered promiscuous mode [ 67.266708][ T5812] veth1_macvtap: entered promiscuous mode [ 67.331049][ T30] kauditd_printk_skb: 17 callbacks suppressed [ 67.331064][ T30] audit: type=1400 audit(1750900415.066:105): avc: denied { create } for pid=5921 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 67.359275][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.362986][ T30] audit: type=1400 audit(1750900415.096:106): avc: denied { write } for pid=5921 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 67.370114][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.398842][ T5824] veth0_vlan: entered promiscuous mode [ 67.431799][ T1153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.437994][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.448848][ T1153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.458165][ T5824] veth1_vlan: entered promiscuous mode [ 67.469797][ T5827] veth0_vlan: entered promiscuous mode [ 67.493593][ T5812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.520457][ T5812] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.533709][ T5812] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.544216][ T5812] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.553645][ T5812] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.576201][ T5827] veth1_vlan: entered promiscuous mode [ 67.681785][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.711899][ T5824] veth0_macvtap: entered promiscuous mode [ 67.724433][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.765568][ T5824] veth1_macvtap: entered promiscuous mode [ 67.785112][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.790195][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.800830][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.829750][ T5930] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 67.839610][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.884416][ T30] audit: type=1400 audit(1750900415.616:107): avc: denied { read write } for pid=5927 comm="syz.3.4" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 67.905918][ T5827] veth0_macvtap: entered promiscuous mode [ 67.909103][ T30] audit: type=1400 audit(1750900415.616:108): avc: denied { open } for pid=5927 comm="syz.3.4" path="/dev/raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 67.939615][ T5827] veth1_macvtap: entered promiscuous mode [ 67.948298][ T30] audit: type=1400 audit(1750900415.616:109): avc: denied { ioctl } for pid=5927 comm="syz.3.4" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 67.959309][ T5824] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.986752][ T5824] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.000791][ T5824] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.010208][ T5824] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.113116][ T5934] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 68.127745][ T30] audit: type=1400 audit(1750900415.846:110): avc: denied { create } for pid=5933 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 68.148031][ T30] audit: type=1400 audit(1750900415.866:111): avc: denied { bind } for pid=5933 comm="syz.1.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 68.150724][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.175751][ T30] audit: type=1400 audit(1750900415.866:112): avc: denied { name_bind } for pid=5933 comm="syz.1.2" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 68.211549][ T30] audit: type=1400 audit(1750900415.866:113): avc: denied { node_bind } for pid=5933 comm="syz.1.2" saddr=ff02::1 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 68.239937][ T1207] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 68.247572][ T30] audit: type=1400 audit(1750900415.866:114): avc: denied { setopt } for pid=5933 comm="syz.1.2" laddr=ff02::1 lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 68.351059][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.382799][ T5827] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.409455][ T5827] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.418245][ T5827] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.445241][ T5827] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.490170][ T1207] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 68.513688][ T1207] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64 [ 68.525802][ T1207] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 22 [ 68.572483][ T1207] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 68.597394][ T1207] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 68.616686][ T1207] usb 4-1: SerialNumber: syz [ 68.625994][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.636108][ T5829] Bluetooth: hci1: command tx timeout [ 68.645440][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.658198][ T5931] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 68.666179][ T5931] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 68.676226][ T1207] cdc_acm 4-1:1.0: Control and data interfaces are not separated! [ 68.688460][ T1207] cdc_acm 4-1:1.0: This needs exactly 3 endpoints [ 68.696519][ T1207] cdc_acm 4-1:1.0: probe with driver cdc_acm failed with error -22 [ 68.717136][ T5829] Bluetooth: hci3: command tx timeout [ 68.722579][ T5829] Bluetooth: hci0: command tx timeout [ 68.728133][ T5823] Bluetooth: hci4: command tx timeout [ 68.728246][ T5820] Bluetooth: hci2: command tx timeout [ 69.026614][ T5952] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 69.079031][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.088312][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.117777][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.140034][ T5961] erofs (device nullb0): cannot find valid erofs superblock [ 69.150176][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.248518][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.284143][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.559411][ T5987] Zero length message leads to an empty skb [ 70.735625][ T5820] Bluetooth: hci1: command tx timeout [ 70.795753][ T5829] Bluetooth: hci4: command tx timeout [ 70.801776][ T5823] Bluetooth: hci2: command tx timeout [ 70.805833][ T5822] Bluetooth: hci3: command tx timeout [ 70.811222][ T5820] Bluetooth: hci0: command tx timeout [ 70.871308][ T5993] netlink: 8 bytes leftover after parsing attributes in process `syz.2.15'. [ 70.895721][ T5993] netlink: 28 bytes leftover after parsing attributes in process `syz.2.15'. [ 70.986888][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.988326][ T5876] usb 4-1: USB disconnect, device number 2 [ 71.015397][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.025025][ T1299] ================================================================== [ 71.033105][ T1299] BUG: KASAN: slab-use-after-free in tty_write_room+0x7d/0x90 [ 71.040576][ T1299] Read of size 8 at addr ffff88802ad3f020 by task aoe_tx0/1299 [ 71.048122][ T1299] [ 71.050451][ T1299] CPU: 0 UID: 0 PID: 1299 Comm: aoe_tx0 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 71.050473][ T1299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 71.050482][ T1299] Call Trace: [ 71.050488][ T1299] [ 71.050493][ T1299] dump_stack_lvl+0x116/0x1f0 [ 71.050519][ T1299] print_report+0xcd/0x680 [ 71.050542][ T1299] ? __virt_addr_valid+0x81/0x610 [ 71.050561][ T1299] ? __phys_addr+0xe8/0x180 [ 71.050579][ T1299] ? tty_write_room+0x7d/0x90 [ 71.050594][ T1299] kasan_report+0xe0/0x110 [ 71.050616][ T1299] ? tty_write_room+0x7d/0x90 [ 71.050634][ T1299] tty_write_room+0x7d/0x90 [ 71.050649][ T1299] handle_tx+0x14f/0x630 [ 71.050673][ T1299] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 71.050697][ T1299] dev_hard_start_xmit+0x97/0x740 [ 71.050719][ T1299] __dev_queue_xmit+0x7eb/0x43e0 [ 71.050741][ T1299] ? finish_task_switch.isra.0+0x89b/0xc10 [ 71.050768][ T1299] ? rcu_is_watching+0x12/0xc0 [ 71.050789][ T1299] ? __pfx___dev_queue_xmit+0x10/0x10 [ 71.050810][ T1299] ? __lock_acquire+0xb8a/0x1c90 [ 71.050834][ T1299] ? __lock_acquire+0xb8a/0x1c90 [ 71.050859][ T1299] ? do_raw_spin_lock+0x12c/0x2b0 [ 71.050876][ T1299] ? find_held_lock+0x2b/0x80 [ 71.050896][ T1299] ? skb_dequeue+0x126/0x180 [ 71.050913][ T1299] ? find_held_lock+0x2b/0x80 [ 71.050933][ T1299] ? rcu_is_watching+0x12/0xc0 [ 71.050955][ T1299] tx+0xcc/0x190 [ 71.050970][ T1299] ? __pfx_tx+0x10/0x10 [ 71.050983][ T1299] kthread+0x1e1/0x3e0 [ 71.051005][ T1299] ? find_held_lock+0x2b/0x80 [ 71.051022][ T1299] ? __pfx_kthread+0x10/0x10 [ 71.051041][ T1299] ? __pfx_default_wake_function+0x10/0x10 [ 71.051056][ T1299] ? lockdep_hardirqs_on+0x7c/0x110 [ 71.051075][ T1299] ? __kthread_parkme+0x19e/0x250 [ 71.051092][ T1299] ? __pfx_kthread+0x10/0x10 [ 71.051108][ T1299] kthread+0x3c2/0x780 [ 71.051119][ T1299] ? __pfx_kthread+0x10/0x10 [ 71.051131][ T1299] ? rcu_is_watching+0x12/0xc0 [ 71.051145][ T1299] ? __pfx_kthread+0x10/0x10 [ 71.051157][ T1299] ret_from_fork+0x5d4/0x6f0 [ 71.051174][ T1299] ? __pfx_kthread+0x10/0x10 [ 71.051185][ T1299] ret_from_fork_asm+0x1a/0x30 [ 71.051204][ T1299] [ 71.051208][ T1299] [ 71.263876][ T1299] Allocated by task 5930: [ 71.268192][ T1299] kasan_save_stack+0x33/0x60 [ 71.272862][ T1299] kasan_save_track+0x14/0x30 [ 71.277960][ T1299] __kasan_kmalloc+0xaa/0xb0 [ 71.282532][ T1299] alloc_tty_struct+0x96/0x8c0 [ 71.287298][ T1299] tty_init_dev.part.0+0x1e/0x500 [ 71.292305][ T1299] tty_open+0xa50/0xf90 [ 71.296523][ T1299] chrdev_open+0x231/0x6a0 [ 71.300933][ T1299] do_dentry_open+0x741/0x1c10 [ 71.305678][ T1299] vfs_open+0x82/0x3f0 [ 71.309733][ T1299] path_openat+0x1de4/0x2cb0 [ 71.314330][ T1299] do_filp_open+0x20b/0x470 [ 71.318816][ T1299] do_sys_openat2+0x11b/0x1d0 [ 71.323470][ T1299] __x64_sys_openat+0x174/0x210 [ 71.328313][ T1299] do_syscall_64+0xcd/0x4c0 [ 71.332805][ T1299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.338679][ T1299] [ 71.340983][ T1299] Freed by task 5861: [ 71.344939][ T1299] kasan_save_stack+0x33/0x60 [ 71.349605][ T1299] kasan_save_track+0x14/0x30 [ 71.354262][ T1299] kasan_save_free_info+0x3b/0x60 [ 71.359275][ T1299] __kasan_slab_free+0x51/0x70 [ 71.364029][ T1299] kfree+0x2b4/0x4d0 [ 71.367906][ T1299] process_one_work+0x9cc/0x1b70 [ 71.372825][ T1299] worker_thread+0x6c8/0xf10 [ 71.377393][ T1299] kthread+0x3c2/0x780 [ 71.381439][ T1299] ret_from_fork+0x5d4/0x6f0 [ 71.386104][ T1299] ret_from_fork_asm+0x1a/0x30 [ 71.390847][ T1299] [ 71.393151][ T1299] Last potentially related work creation: [ 71.398852][ T1299] kasan_save_stack+0x33/0x60 [ 71.403508][ T1299] kasan_record_aux_stack+0xa7/0xc0 [ 71.408685][ T1299] insert_work+0x36/0x230 [ 71.412993][ T1299] __queue_work+0x97e/0x10f0 [ 71.417564][ T1299] queue_work_on+0x1a4/0x1f0 [ 71.422133][ T1299] release_tty+0x4de/0x5d0 [ 71.426533][ T1299] tty_release_struct+0xb7/0xe0 [ 71.431366][ T1299] tty_release+0xe2d/0x1430 [ 71.435858][ T1299] __fput+0x3ff/0xb70 [ 71.439839][ T1299] task_work_run+0x150/0x240 [ 71.444423][ T1299] do_exit+0x86c/0x2bd0 [ 71.448583][ T1299] do_group_exit+0xd3/0x2a0 [ 71.453082][ T1299] get_signal+0x2673/0x26d0 [ 71.457570][ T1299] arch_do_signal_or_restart+0x8f/0x7d0 [ 71.463098][ T1299] exit_to_user_mode_loop+0x84/0x110 [ 71.468363][ T1299] do_syscall_64+0x3f6/0x4c0 [ 71.472952][ T1299] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 71.478824][ T1299] [ 71.481128][ T1299] The buggy address belongs to the object at ffff88802ad3f000 [ 71.481128][ T1299] which belongs to the cache kmalloc-cg-2k of size 2048 [ 71.495418][ T1299] The buggy address is located 32 bytes inside of [ 71.495418][ T1299] freed 2048-byte region [ffff88802ad3f000, ffff88802ad3f800) [ 71.509190][ T1299] [ 71.511491][ T1299] The buggy address belongs to the physical page: [ 71.517874][ T1299] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ad38 [ 71.526608][ T1299] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 71.535081][ T1299] memcg:ffff888024eb8581 [ 71.539298][ T1299] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 71.546820][ T1299] page_type: f5(slab) [ 71.550784][ T1299] raw: 00fff00000000040 ffff88801b84b3c0 dead000000000122 0000000000000000 [ 71.559347][ T1299] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff888024eb8581 [ 71.567910][ T1299] head: 00fff00000000040 ffff88801b84b3c0 dead000000000122 0000000000000000 [ 71.576559][ T1299] head: 0000000000000000 0000000000080008 00000000f5000000 ffff888024eb8581 [ 71.585205][ T1299] head: 00fff00000000003 ffffea0000ab4e01 00000000ffffffff 00000000ffffffff [ 71.593854][ T1299] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 71.602500][ T1299] page dumped because: kasan: bad access detected [ 71.608889][ T1299] page_owner tracks the page as allocated [ 71.614581][ T1299] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5809, tgid 5809 (syz-executor), ts 66783543083, free_ts 66770918551 [ 71.635923][ T1299] post_alloc_hook+0x1c0/0x230 [ 71.640673][ T1299] get_page_from_freelist+0x1321/0x3890 [ 71.646201][ T1299] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 71.652076][ T1299] alloc_pages_mpol+0x1fb/0x550 [ 71.656911][ T1299] new_slab+0x23b/0x330 [ 71.661049][ T1299] ___slab_alloc+0xd9c/0x1940 [ 71.665705][ T1299] __slab_alloc.constprop.0+0x56/0xb0 [ 71.671057][ T1299] __kmalloc_cache_noprof+0xfb/0x3e0 [ 71.676336][ T1299] ipv6_add_dev+0x1c9/0x15f0 [ 71.680916][ T1299] addrconf_notify+0x53e/0x19e0 [ 71.685774][ T1299] notifier_call_chain+0xb9/0x410 [ 71.690801][ T1299] call_netdevice_notifiers_info+0xbe/0x140 [ 71.696681][ T1299] register_netdevice+0x182e/0x2270 [ 71.701885][ T1299] cfg80211_register_netdevice+0x149/0x340 [ 71.707717][ T1299] ieee80211_if_add+0xca7/0x1a40 [ 71.712643][ T1299] ieee80211_register_hw+0x3943/0x4140 [ 71.718085][ T1299] page last free pid 5809 tgid 5809 stack trace: [ 71.724398][ T1299] __free_frozen_pages+0x7fe/0x1180 [ 71.729585][ T1299] __put_partials+0x16d/0x1c0 [ 71.734249][ T1299] qlist_free_all+0x4d/0x120 [ 71.738849][ T1299] kasan_quarantine_reduce+0x195/0x1e0 [ 71.744289][ T1299] __kasan_slab_alloc+0x69/0x90 [ 71.749123][ T1299] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 71.754564][ T1299] __kernfs_new_node+0xd2/0x8e0 [ 71.759416][ T1299] kernfs_new_node+0x13c/0x1e0 [ 71.764170][ T1299] __kernfs_create_file+0x53/0x350 [ 71.769271][ T1299] sysfs_add_file_mode_ns+0x207/0x3c0 [ 71.774630][ T1299] internal_create_group+0x578/0xf30 [ 71.779900][ T1299] internal_create_groups+0x9d/0x150 [ 71.785169][ T1299] device_add+0x6d1/0x1a70 [ 71.789570][ T1299] rfkill_register+0x1ad/0xb40 [ 71.794315][ T1299] wiphy_register+0x2239/0x2850 [ 71.799148][ T1299] ieee80211_register_hw+0x24ac/0x4140 [ 71.804585][ T1299] [ 71.806891][ T1299] Memory state around the buggy address: [ 71.812496][ T1299] ffff88802ad3ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 71.820536][ T1299] ffff88802ad3ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 71.828575][ T1299] >ffff88802ad3f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.836617][ T1299] ^ [ 71.841712][ T1299] ffff88802ad3f080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.849754][ T1299] ffff88802ad3f100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.857792][ T1299] ================================================================== [ 71.865870][ T1299] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 71.873065][ T1299] CPU: 0 UID: 0 PID: 1299 Comm: aoe_tx0 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 71.884783][ T1299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 71.894824][ T1299] Call Trace: [ 71.898087][ T1299] [ 71.901001][ T1299] dump_stack_lvl+0x3d/0x1f0 [ 71.905583][ T1299] panic+0x71c/0x800 [ 71.909465][ T1299] ? __pfx_panic+0x10/0x10 [ 71.913867][ T1299] ? irqentry_exit+0x3b/0x90 [ 71.918452][ T1299] ? lockdep_hardirqs_on+0x7c/0x110 [ 71.923642][ T1299] ? tty_write_room+0x7d/0x90 [ 71.928304][ T1299] ? check_panic_on_warn+0x1f/0xb0 [ 71.933405][ T1299] ? tty_write_room+0x7d/0x90 [ 71.938071][ T1299] check_panic_on_warn+0xab/0xb0 [ 71.942998][ T1299] end_report+0x107/0x170 [ 71.947343][ T1299] kasan_report+0xee/0x110 [ 71.951750][ T1299] ? tty_write_room+0x7d/0x90 [ 71.956420][ T1299] tty_write_room+0x7d/0x90 [ 71.960904][ T1299] handle_tx+0x14f/0x630 [ 71.965156][ T1299] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 71.970955][ T1299] dev_hard_start_xmit+0x97/0x740 [ 71.975968][ T1299] __dev_queue_xmit+0x7eb/0x43e0 [ 71.980900][ T1299] ? finish_task_switch.isra.0+0x89b/0xc10 [ 71.986695][ T1299] ? rcu_is_watching+0x12/0xc0 [ 71.991444][ T1299] ? __pfx___dev_queue_xmit+0x10/0x10 [ 71.996804][ T1299] ? __lock_acquire+0xb8a/0x1c90 [ 72.001731][ T1299] ? __lock_acquire+0xb8a/0x1c90 [ 72.006667][ T1299] ? do_raw_spin_lock+0x12c/0x2b0 [ 72.011672][ T1299] ? find_held_lock+0x2b/0x80 [ 72.016334][ T1299] ? skb_dequeue+0x126/0x180 [ 72.020908][ T1299] ? find_held_lock+0x2b/0x80 [ 72.025569][ T1299] ? rcu_is_watching+0x12/0xc0 [ 72.030327][ T1299] tx+0xcc/0x190 [ 72.033855][ T1299] ? __pfx_tx+0x10/0x10 [ 72.037992][ T1299] kthread+0x1e1/0x3e0 [ 72.042055][ T1299] ? find_held_lock+0x2b/0x80 [ 72.046718][ T1299] ? __pfx_kthread+0x10/0x10 [ 72.051296][ T1299] ? __pfx_default_wake_function+0x10/0x10 [ 72.057100][ T1299] ? lockdep_hardirqs_on+0x7c/0x110 [ 72.062288][ T1299] ? __kthread_parkme+0x19e/0x250 [ 72.067301][ T1299] ? __pfx_kthread+0x10/0x10 [ 72.071875][ T1299] kthread+0x3c2/0x780 [ 72.075930][ T1299] ? __pfx_kthread+0x10/0x10 [ 72.080512][ T1299] ? rcu_is_watching+0x12/0xc0 [ 72.085292][ T1299] ? __pfx_kthread+0x10/0x10 [ 72.089888][ T1299] ret_from_fork+0x5d4/0x6f0 [ 72.094476][ T1299] ? __pfx_kthread+0x10/0x10 [ 72.099049][ T1299] ret_from_fork_asm+0x1a/0x30 [ 72.103806][ T1299] [ 72.107006][ T1299] Kernel Offset: disabled [ 72.111313][ T1299] Rebooting in 86400 seconds..