last executing test programs: 452.245822ms ago: executing program 3 (id=4): openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000340), 0x20000) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r2, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000001100)={0x10, 0x1407, 0x1, 0x70bd27, 0x25dfdbff}, 0x10}, 0x1, 0x0, 0x0, 0x40}, 0x40844) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_DEL(r3, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, 0x2, 0x9, 0x3, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x13}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000049}, 0x100) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="2700000014000707030e0000120f0a0011", 0x11) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5], 0x14}, 0x1, 0x0, 0x0, 0x20000054}, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup/syz0\x00', 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000380), 0x482, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000180), 0x78, 0x802) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r7, 0x100000000) mremap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f00003eb000/0x1000)=nil) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x3, 0x2}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x0, 0x0, 0x8, 0x2}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x44}, 0x28) 0s ago: executing program 1 (id=2): r0 = socket$packet(0x11, 0x2, 0x300) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0x5c, r3, 0x2, 0x70bd27, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40}, 0x800) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) (async) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async) r7 = socket$alg(0x26, 0x5, 0x0) r8 = accept4(r7, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x20040000) r9 = socket$alg(0x26, 0x5, 0x0) bind$alg(r9, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) r10 = accept4(r9, 0x0, 0x0, 0x80000) r11 = accept4(r10, 0x0, 0x0, 0x0) geteuid() (async) sendmmsg$inet6(r11, &(0x7f0000003b80)=[{{0x0, 0xd, &(0x7f00000003c0)=[{&(0x7f00000000c0)="e6", 0x1}], 0x1, 0x0, 0x0, 0x7000300}}, {{0x0, 0x500, &(0x7f0000000740)=[{&(0x7f0000000440)='&', 0x23fff}], 0x1}, 0xff03}], 0x4000070, 0x8000) (async) sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)={0x30, 0x3, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x1}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0x0) (async) sendmmsg$sock(r0, &(0x7f0000000840)=[{{&(0x7f0000000640)=@tipc=@name={0x1e, 0x2, 0x2, {{0x42}}}, 0x80, 0x0, 0x0, &(0x7f0000000a80)=[@mark={{0x14, 0x1, 0x24, 0x4}}], 0x18}}], 0x1, 0x4) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.240' (ED25519) to the list of known hosts. [ 55.201391][ T30] audit: type=1400 audit(1759665052.612:62): avc: denied { mounton } for pid=5808 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 55.224819][ T30] audit: type=1400 audit(1759665052.632:63): avc: denied { mount } for pid=5808 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 55.227036][ T5808] cgroup: Unknown subsys name 'net' [ 55.254305][ T30] audit: type=1400 audit(1759665052.662:64): avc: denied { unmount } for pid=5808 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 55.402686][ T5808] cgroup: Unknown subsys name 'cpuset' [ 55.410108][ T5808] cgroup: Unknown subsys name 'rlimit' [ 55.595000][ T30] audit: type=1400 audit(1759665053.002:65): avc: denied { setattr } for pid=5808 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=819 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 55.627070][ T30] audit: type=1400 audit(1759665053.002:66): avc: denied { create } for pid=5808 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 55.649965][ T30] audit: type=1400 audit(1759665053.002:67): avc: denied { write } for pid=5808 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 55.671508][ T30] audit: type=1400 audit(1759665053.002:68): avc: denied { read } for pid=5808 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 55.692348][ T5810] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 55.693552][ T30] audit: type=1400 audit(1759665053.012:69): avc: denied { mounton } for pid=5808 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 55.725817][ T30] audit: type=1400 audit(1759665053.012:70): avc: denied { mount } for pid=5808 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 55.749105][ T30] audit: type=1400 audit(1759665053.042:71): avc: denied { read } for pid=5490 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 56.656752][ T5808] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 58.761819][ T5825] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 58.781772][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 58.790974][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 58.797559][ T5831] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 58.798749][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 58.805537][ T5831] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 58.813245][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 58.820058][ T5831] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 58.826733][ T5834] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 58.833900][ T5831] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 58.840866][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 58.848197][ T5831] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 58.855181][ T5834] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 58.861523][ T5831] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 58.874705][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 58.882296][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 58.894677][ T5826] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 58.901829][ T5834] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 58.902696][ T5826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 58.909033][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 58.923402][ T5826] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 58.924419][ T5834] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 58.938071][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 58.950655][ T5834] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 58.958361][ T5826] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 59.370709][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 59.434613][ T5819] chnl_net:caif_netlink_parms(): no params data found [ 59.481529][ T5818] chnl_net:caif_netlink_parms(): no params data found [ 59.491735][ T5820] chnl_net:caif_netlink_parms(): no params data found [ 59.589854][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 59.664651][ T5818] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.672220][ T5818] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.679466][ T5818] bridge_slave_0: entered allmulticast mode [ 59.686304][ T5818] bridge_slave_0: entered promiscuous mode [ 59.699698][ T5818] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.706849][ T5818] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.713986][ T5818] bridge_slave_1: entered allmulticast mode [ 59.721048][ T5818] bridge_slave_1: entered promiscuous mode [ 59.728191][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.735398][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.742619][ T5827] bridge_slave_0: entered allmulticast mode [ 59.749279][ T5827] bridge_slave_0: entered promiscuous mode [ 59.755979][ T5819] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.763217][ T5819] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.770288][ T5819] bridge_slave_0: entered allmulticast mode [ 59.777150][ T5819] bridge_slave_0: entered promiscuous mode [ 59.784172][ T5819] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.791318][ T5819] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.798396][ T5819] bridge_slave_1: entered allmulticast mode [ 59.805162][ T5819] bridge_slave_1: entered promiscuous mode [ 59.829453][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.836769][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.843944][ T5827] bridge_slave_1: entered allmulticast mode [ 59.850768][ T5827] bridge_slave_1: entered promiscuous mode [ 59.892080][ T5818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.926525][ T5818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.937956][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.949282][ T5819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.958883][ T5820] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.966191][ T5820] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.973702][ T5820] bridge_slave_0: entered allmulticast mode [ 59.980269][ T5820] bridge_slave_0: entered promiscuous mode [ 59.997602][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.016659][ T5819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.034372][ T5820] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.041586][ T5820] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.048633][ T5820] bridge_slave_1: entered allmulticast mode [ 60.055471][ T5820] bridge_slave_1: entered promiscuous mode [ 60.104047][ T5818] team0: Port device team_slave_0 added [ 60.109959][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.117100][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.124684][ T5837] bridge_slave_0: entered allmulticast mode [ 60.131328][ T5837] bridge_slave_0: entered promiscuous mode [ 60.138982][ T5827] team0: Port device team_slave_0 added [ 60.145987][ T5819] team0: Port device team_slave_0 added [ 60.159927][ T5818] team0: Port device team_slave_1 added [ 60.165843][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.173040][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.180107][ T5837] bridge_slave_1: entered allmulticast mode [ 60.186981][ T5837] bridge_slave_1: entered promiscuous mode [ 60.194584][ T5827] team0: Port device team_slave_1 added [ 60.209274][ T5819] team0: Port device team_slave_1 added [ 60.216608][ T5820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.255636][ T5820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.279734][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.287260][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.313144][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.338578][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.345629][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.371792][ T5818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.384502][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.394297][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.401306][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.427332][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.438781][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.445908][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.471782][ T5819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.496075][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.503039][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.529004][ T5818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.541891][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.557418][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.564529][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.590971][ T5819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.607322][ T5820] team0: Port device team_slave_0 added [ 60.634742][ T5837] team0: Port device team_slave_0 added [ 60.641656][ T5820] team0: Port device team_slave_1 added [ 60.667830][ T5827] hsr_slave_0: entered promiscuous mode [ 60.674748][ T5827] hsr_slave_1: entered promiscuous mode [ 60.682134][ T5837] team0: Port device team_slave_1 added [ 60.741322][ T5818] hsr_slave_0: entered promiscuous mode [ 60.747304][ T5818] hsr_slave_1: entered promiscuous mode [ 60.753780][ T5818] debugfs: 'hsr0' already exists in 'hsr' [ 60.759541][ T5818] Cannot create hsr debugfs directory [ 60.768443][ T5819] hsr_slave_0: entered promiscuous mode [ 60.774634][ T5819] hsr_slave_1: entered promiscuous mode [ 60.780607][ T5819] debugfs: 'hsr0' already exists in 'hsr' [ 60.786308][ T5819] Cannot create hsr debugfs directory [ 60.798728][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.805717][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.831796][ T5820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.872154][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.879092][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.905100][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.917059][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.924206][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 60.950559][ T5820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.971020][ T51] Bluetooth: hci3: command tx timeout [ 60.971024][ T5826] Bluetooth: hci1: command tx timeout [ 60.971193][ T5826] Bluetooth: hci0: command tx timeout [ 60.976623][ T5831] Bluetooth: hci2: command tx timeout [ 60.997889][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.005050][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 61.031873][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.050444][ T5831] Bluetooth: hci4: command tx timeout [ 61.171606][ T5820] hsr_slave_0: entered promiscuous mode [ 61.177595][ T5820] hsr_slave_1: entered promiscuous mode [ 61.183669][ T5820] debugfs: 'hsr0' already exists in 'hsr' [ 61.189373][ T5820] Cannot create hsr debugfs directory [ 61.217394][ T5837] hsr_slave_0: entered promiscuous mode [ 61.224280][ T5837] hsr_slave_1: entered promiscuous mode [ 61.230099][ T5837] debugfs: 'hsr0' already exists in 'hsr' [ 61.235872][ T5837] Cannot create hsr debugfs directory [ 61.383513][ T5827] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 61.397263][ T5827] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 61.418263][ T5827] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 61.443064][ T5827] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 61.499771][ T5819] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 61.509180][ T5819] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 61.535553][ T5819] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 61.546322][ T5819] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 61.592160][ T5818] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 61.610265][ T5818] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 61.624073][ T5818] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 61.633122][ T5818] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 61.723814][ T5820] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 61.743001][ T5820] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 61.753040][ T5820] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 61.773815][ T5820] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 61.818487][ T5837] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 61.835640][ T5837] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 61.852179][ T5819] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.863060][ T5837] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 61.871977][ T5837] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 61.898811][ T5819] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.928865][ T5818] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.942765][ T1107] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.949856][ T1107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.969232][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.992600][ T1107] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.999642][ T1107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.020291][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.029522][ T5818] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.052077][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.059116][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.092129][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.103028][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.110073][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.118821][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.125904][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.145757][ T5819] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 62.167139][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.174209][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.190266][ T5820] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.217161][ T1098] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.224295][ T1098] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.253847][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 62.253859][ T30] audit: type=1400 audit(1759665059.662:86): avc: denied { sys_module } for pid=5819 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 62.266833][ T5818] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 62.291718][ T5818] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 62.323202][ T1098] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.330341][ T1098] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.429115][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.478757][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.502975][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.510085][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.534889][ T1098] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.541987][ T1098] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.574125][ T5819] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.709359][ T5819] veth0_vlan: entered promiscuous mode [ 62.758416][ T5819] veth1_vlan: entered promiscuous mode [ 62.787890][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.800193][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.877485][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.888223][ T5819] veth0_macvtap: entered promiscuous mode [ 62.922239][ T5819] veth1_macvtap: entered promiscuous mode [ 62.936326][ T5818] veth0_vlan: entered promiscuous mode [ 62.945781][ T5827] veth0_vlan: entered promiscuous mode [ 62.975145][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.984308][ T5818] veth1_vlan: entered promiscuous mode [ 63.005201][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.015916][ T5827] veth1_vlan: entered promiscuous mode [ 63.026618][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.051014][ T5831] Bluetooth: hci0: command tx timeout [ 63.051534][ T5826] Bluetooth: hci3: command tx timeout [ 63.056402][ T51] Bluetooth: hci1: command tx timeout [ 63.062044][ T5834] Bluetooth: hci2: command tx timeout [ 63.076048][ T1107] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.088160][ T1107] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.110979][ T1107] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.131043][ T5834] Bluetooth: hci4: command tx timeout [ 63.133936][ T1107] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.189251][ T5827] veth0_macvtap: entered promiscuous mode [ 63.217276][ T5818] veth0_macvtap: entered promiscuous mode [ 63.228144][ T5818] veth1_macvtap: entered promiscuous mode [ 63.245743][ T5827] veth1_macvtap: entered promiscuous mode [ 63.275685][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.290006][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.304817][ T5837] veth0_vlan: entered promiscuous mode [ 63.317254][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.319213][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.338977][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.347636][ T5837] veth1_vlan: entered promiscuous mode [ 63.386736][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.398427][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.407088][ T1098] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.411663][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.424661][ T5820] veth0_vlan: entered promiscuous mode [ 63.441884][ T1098] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.460095][ T30] audit: type=1400 audit(1759665060.862:87): avc: denied { mounton } for pid=5819 comm="syz-executor" path="/root/syzkaller.p6hKBY/syz-tmp" dev="sda1" ino=2041 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 63.486758][ T30] audit: type=1400 audit(1759665060.882:88): avc: denied { mount } for pid=5819 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 63.486838][ T1098] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.509140][ T30] audit: type=1400 audit(1759665060.882:89): avc: denied { mounton } for pid=5819 comm="syz-executor" path="/root/syzkaller.p6hKBY/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 63.523473][ T1098] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.552441][ T30] audit: type=1400 audit(1759665060.882:90): avc: denied { mount } for pid=5819 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 63.575250][ T30] audit: type=1400 audit(1759665060.882:91): avc: denied { mounton } for pid=5819 comm="syz-executor" path="/root/syzkaller.p6hKBY/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 63.602206][ T30] audit: type=1400 audit(1759665060.882:92): avc: denied { mounton } for pid=5819 comm="syz-executor" path="/root/syzkaller.p6hKBY/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=6707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 63.636079][ T30] audit: type=1400 audit(1759665060.932:93): avc: denied { unmount } for pid=5819 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 63.638987][ T5820] veth1_vlan: entered promiscuous mode [ 63.662467][ T30] audit: type=1400 audit(1759665060.962:94): avc: denied { mounton } for pid=5819 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2782 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 63.685790][ T30] audit: type=1400 audit(1759665060.962:95): avc: denied { mount } for pid=5819 comm="syz-executor" name="/" dev="gadgetfs" ino=6709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 63.692970][ T5837] veth0_macvtap: entered promiscuous mode [ 63.717736][ T5819] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 63.739412][ T1098] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.754855][ T1098] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.807531][ T5837] veth1_macvtap: entered promiscuous mode [ 63.819326][ T1098] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.829036][ T1098] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.866589][ T5820] veth0_macvtap: entered promiscuous mode [ 63.901786][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.909612][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.995032][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.997551][ T5820] veth1_macvtap: entered promiscuous mode [ 64.004378][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.026302][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.049334][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.060717][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.078154][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.093127][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.116766][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.139353][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.151120][ T1098] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.168949][ T1098] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.178423][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.199375][ T1098] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.315954][ T5936] ================================================================== [ 64.324030][ T5936] BUG: KASAN: slab-out-of-bounds in __cpa_addr+0x1d3/0x220 [ 64.331205][ T5936] Read of size 8 at addr ffff88803021e288 by task syz.3.4/5936 [ 64.338713][ T5936] [ 64.341010][ T5936] CPU: 1 UID: 0 PID: 5936 Comm: syz.3.4 Not tainted syzkaller #0 PREEMPT(full) [ 64.341023][ T5936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 64.341030][ T5936] Call Trace: [ 64.341034][ T5936] [ 64.341038][ T5936] dump_stack_lvl+0x116/0x1f0 [ 64.341056][ T5936] print_report+0xcd/0x630 [ 64.341070][ T5936] ? __virt_addr_valid+0x81/0x610 [ 64.341087][ T5936] ? __phys_addr+0xe8/0x180 [ 64.341105][ T5936] ? __cpa_addr+0x1d3/0x220 [ 64.341116][ T5936] kasan_report+0xe0/0x110 [ 64.341131][ T5936] ? __cpa_addr+0x1d3/0x220 [ 64.341144][ T5936] __cpa_addr+0x1d3/0x220 [ 64.341156][ T5936] cpa_flush+0x28b/0x8a0 [ 64.341169][ T5936] ? __pfx_cpa_flush+0x10/0x10 [ 64.341182][ T5936] ? pgprot2cachemode+0x9a/0x130 [ 64.341199][ T5936] ? __pfx_pgprot2cachemode+0x10/0x10 [ 64.341216][ T5936] ? drm_gem_get_pages+0x6a0/0xa10 [ 64.341230][ T5936] change_page_attr_set_clr+0x34e/0x4a0 [ 64.341245][ T5936] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 64.341264][ T5936] _set_pages_array+0x1ab/0x2c0 [ 64.341278][ T5936] drm_gem_shmem_get_pages_locked+0x384/0x490 [ 64.341291][ T5936] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 64.341302][ T5936] ? __pfx___might_resched+0x10/0x10 [ 64.341320][ T5936] drm_gem_shmem_mmap+0xc9/0x550 [ 64.341332][ T5936] ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10 [ 64.341344][ T5936] drm_gem_mmap_obj+0x1b5/0x560 [ 64.341357][ T5936] drm_gem_mmap+0x40b/0x620 [ 64.341370][ T5936] ? __pfx_drm_gem_mmap+0x10/0x10 [ 64.341382][ T5936] ? vm_area_alloc+0x1f/0x160 [ 64.341398][ T5936] ? lockdep_init_map_type+0x5c/0x280 [ 64.341411][ T5936] __mmap_region+0x1306/0x27a0 [ 64.341422][ T5936] ? __pfx___mmap_region+0x10/0x10 [ 64.341432][ T5936] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 64.341447][ T5936] ? audit_log_end+0x1f/0x30 [ 64.341459][ T5936] ? audit_log_end+0x1f/0x30 [ 64.341469][ T5936] ? common_lsm_audit+0x260/0x300 [ 64.341493][ T5936] ? __lock_acquire+0xb97/0x1ce0 [ 64.341509][ T5936] mmap_region+0x32b/0x3f0 [ 64.341520][ T5936] do_mmap+0xa3e/0x1210 [ 64.341534][ T5936] ? __pfx_do_mmap+0x10/0x10 [ 64.341546][ T5936] ? __pfx_down_write_killable+0x10/0x10 [ 64.341563][ T5936] vm_mmap_pgoff+0x29e/0x470 [ 64.341577][ T5936] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 64.341592][ T5936] ? __fget_files+0x20e/0x3c0 [ 64.341605][ T5936] ksys_mmap_pgoff+0x32c/0x5c0 [ 64.341618][ T5936] __x64_sys_mmap+0x125/0x190 [ 64.341630][ T5936] do_syscall_64+0xcd/0x4e0 [ 64.341644][ T5936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.341655][ T5936] RIP: 0033:0x7fdbf618eec9 [ 64.341664][ T5936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 64.341675][ T5936] RSP: 002b:00007fdbf6f61038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 64.341685][ T5936] RAX: ffffffffffffffda RBX: 00007fdbf63e6180 RCX: 00007fdbf618eec9 [ 64.341692][ T5936] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 64.341699][ T5936] RBP: 00007fdbf6211f91 R08: 000000000000000b R09: 0000000100000000 [ 64.341705][ T5936] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 64.341712][ T5936] R13: 00007fdbf63e6218 R14: 00007fdbf63e6180 R15: 00007fff4b26f048 [ 64.341721][ T5936] [ 64.341725][ T5936] [ 64.562415][ T1098] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.564144][ T5936] Allocated by task 5936: [ 64.564158][ T5936] kasan_save_stack+0x33/0x60 [ 64.568987][ T1098] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.573540][ T5936] kasan_save_track+0x14/0x30 [ 64.573559][ T5936] __kasan_kmalloc+0xaa/0xb0 [ 64.573575][ T5936] __kvmalloc_node_noprof+0x3a3/0x9c0 [ 64.573593][ T5936] drm_gem_get_pages+0x144/0xa10 [ 64.573612][ T5936] drm_gem_shmem_get_pages_locked+0x1e6/0x490 [ 64.573629][ T5936] drm_gem_shmem_mmap+0xc9/0x550 [ 64.573645][ T5936] drm_gem_mmap_obj+0x1b5/0x560 [ 64.573664][ T5936] drm_gem_mmap+0x40b/0x620 [ 64.573681][ T5936] __mmap_region+0x1306/0x27a0 [ 64.573695][ T5936] mmap_region+0x32b/0x3f0 [ 64.573709][ T5936] do_mmap+0xa3e/0x1210 [ 64.573727][ T5936] vm_mmap_pgoff+0x29e/0x470 [ 64.573746][ T5936] ksys_mmap_pgoff+0x32c/0x5c0 [ 64.573765][ T5936] __x64_sys_mmap+0x125/0x190 [ 64.573782][ T5936] do_syscall_64+0xcd/0x4e0 [ 64.573803][ T5936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 64.573819][ T5936] [ 64.573824][ T5936] The buggy address belongs to the object at ffff88803021e200 [ 64.573824][ T5936] which belongs to the cache kmalloc-192 of size 192 [ 64.573838][ T5936] The buggy address is located 0 bytes to the right of [ 64.573838][ T5936] allocated 136-byte region [ffff88803021e200, ffff88803021e288) [ 64.573855][ T5936] [ 64.573860][ T5936] The buggy address belongs to the physical page: [ 64.573868][ T5936] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3021e [ 64.573885][ T5936] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 64.573900][ T5936] page_type: f5(slab) [ 64.573916][ T5936] raw: 00fff00000000000 ffff88801b0263c0 dead000000000122 0000000000000000 [ 64.573932][ T5936] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 64.573942][ T5936] page dumped because: kasan: bad access detected [ 64.573950][ T5936] page_owner tracks the page as allocated [ 64.573956][ T5936] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5936, tgid 5933 (syz.3.4), ts 64305206672, free_ts 64302776061 [ 64.573985][ T5936] post_alloc_hook+0x1c0/0x230 [ 64.574010][ T5936] get_page_from_freelist+0x10a3/0x3a30 [ 64.574036][ T5936] __alloc_frozen_pages_noprof+0x25f/0x2470 [ 64.580084][ T1098] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.584369][ T5936] new_slab+0xa5/0x360 [ 64.584396][ T5936] ___slab_alloc+0xdc4/0x1ae0 [ 64.905702][ T5936] __slab_alloc.constprop.0+0x63/0x110 [ 64.911148][ T5936] __kmalloc_node_noprof+0x4dd/0x8a0 [ 64.916426][ T5936] alloc_slab_obj_exts+0x3a/0xd0 [ 64.921347][ T5936] __memcg_slab_post_alloc_hook+0x251/0x940 [ 64.927212][ T5936] kmem_cache_alloc_lru_noprof+0x556/0x6e0 [ 64.933000][ T5936] shmem_alloc_inode+0x25/0x50 [ 64.937735][ T5936] alloc_inode+0x61/0x240 [ 64.942039][ T5936] new_inode+0x22/0x1c0 [ 64.946168][ T5936] shmem_get_inode+0x19a/0xfb0 [ 64.950906][ T5936] __shmem_file_setup+0x107/0x330 [ 64.955929][ T5936] drm_gem_object_init_with_mnt+0xbb/0xe0 [ 64.961636][ T5936] page last free pid 5936 tgid 5933 stack trace: [ 64.967934][ T5936] __free_frozen_pages+0x7df/0x1160 [ 64.973119][ T5936] inode_doinit_with_dentry+0xacb/0x12e0 [ 64.978750][ T5936] selinux_d_instantiate+0x26/0x30 [ 64.983834][ T5936] security_d_instantiate+0x142/0x1a0 [ 64.989186][ T5936] d_instantiate+0x5c/0x90 [ 64.993596][ T5936] __debugfs_create_file+0x286/0x6b0 [ 64.998852][ T5936] debugfs_create_file_full+0x41/0x60 [ 65.004195][ T5936] drm_debugfs_clients_add+0xd9/0x200 [ 65.009541][ T5936] drm_file_alloc+0x5c6/0xb40 [ 65.014197][ T5936] drm_open_helper+0x204/0x550 [ 65.018941][ T5936] drm_open+0x1a0/0x3e0 [ 65.023070][ T5936] drm_stub_open+0x20f/0x380 [ 65.027632][ T5936] chrdev_open+0x234/0x6a0 [ 65.032020][ T5936] do_dentry_open+0x982/0x1530 [ 65.036753][ T5936] vfs_open+0x82/0x3f0 [ 65.040794][ T5936] path_openat+0x1de4/0x2cb0 [ 65.045356][ T5936] [ 65.047652][ T5936] Memory state around the buggy address: [ 65.053255][ T5936] ffff88803021e180: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 65.061305][ T5936] ffff88803021e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 65.069447][ T5936] >ffff88803021e280: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.077488][ T5936] ^ [ 65.081783][ T5936] ffff88803021e300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 65.089814][ T5936] ffff88803021e380: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc [ 65.097843][ T5936] ================================================================== [ 65.116509][ T5936] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 65.123712][ T5936] CPU: 1 UID: 0 PID: 5936 Comm: syz.3.4 Not tainted syzkaller #0 PREEMPT(full) [ 65.132727][ T5936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 65.142771][ T5936] Call Trace: [ 65.146029][ T5936] [ 65.148948][ T5936] dump_stack_lvl+0x3d/0x1f0 [ 65.153538][ T5936] vpanic+0x640/0x6f0 [ 65.157511][ T5936] panic+0xca/0xd0 [ 65.161223][ T5936] ? __pfx_panic+0x10/0x10 [ 65.165630][ T5936] ? __cpa_addr+0x1d3/0x220 [ 65.170129][ T5936] ? preempt_schedule_common+0x44/0xc0 [ 65.175583][ T5936] ? preempt_schedule_thunk+0x16/0x30 [ 65.180957][ T5936] check_panic_on_warn+0xab/0xb0 [ 65.185885][ T5936] end_report+0x107/0x170 [ 65.190211][ T5936] kasan_report+0xee/0x110 [ 65.194626][ T5936] ? __cpa_addr+0x1d3/0x220 [ 65.199126][ T5936] __cpa_addr+0x1d3/0x220 [ 65.203448][ T5936] cpa_flush+0x28b/0x8a0 [ 65.207683][ T5936] ? __pfx_cpa_flush+0x10/0x10 [ 65.212438][ T5936] ? pgprot2cachemode+0x9a/0x130 [ 65.217375][ T5936] ? __pfx_pgprot2cachemode+0x10/0x10 [ 65.222745][ T5936] ? drm_gem_get_pages+0x6a0/0xa10 [ 65.227853][ T5936] change_page_attr_set_clr+0x34e/0x4a0 [ 65.233395][ T5936] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 65.239466][ T5936] _set_pages_array+0x1ab/0x2c0 [ 65.244314][ T5936] drm_gem_shmem_get_pages_locked+0x384/0x490 [ 65.250377][ T5936] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 65.256954][ T5936] ? __pfx___might_resched+0x10/0x10 [ 65.262244][ T5936] drm_gem_shmem_mmap+0xc9/0x550 [ 65.267188][ T5936] ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10 [ 65.273339][ T5936] drm_gem_mmap_obj+0x1b5/0x560 [ 65.278199][ T5936] drm_gem_mmap+0x40b/0x620 [ 65.282712][ T5936] ? __pfx_drm_gem_mmap+0x10/0x10 [ 65.287735][ T5936] ? vm_area_alloc+0x1f/0x160 [ 65.292415][ T5936] ? lockdep_init_map_type+0x5c/0x280 [ 65.297783][ T5936] __mmap_region+0x1306/0x27a0 [ 65.302530][ T5936] ? __pfx___mmap_region+0x10/0x10 [ 65.307619][ T5936] ? __pfx_avc_audit_post_callback+0x10/0x10 [ 65.313582][ T5936] ? audit_log_end+0x1f/0x30 [ 65.318153][ T5936] ? audit_log_end+0x1f/0x30 [ 65.322723][ T5936] ? common_lsm_audit+0x260/0x300 [ 65.327749][ T5936] ? __lock_acquire+0xb97/0x1ce0 [ 65.332673][ T5936] mmap_region+0x32b/0x3f0 [ 65.337074][ T5936] do_mmap+0xa3e/0x1210 [ 65.341220][ T5936] ? __pfx_do_mmap+0x10/0x10 [ 65.345797][ T5936] ? __pfx_down_write_killable+0x10/0x10 [ 65.351424][ T5936] vm_mmap_pgoff+0x29e/0x470 [ 65.356005][ T5936] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 65.361100][ T5936] ? __fget_files+0x20e/0x3c0 [ 65.365757][ T5936] ksys_mmap_pgoff+0x32c/0x5c0 [ 65.370506][ T5936] __x64_sys_mmap+0x125/0x190 [ 65.375170][ T5936] do_syscall_64+0xcd/0x4e0 [ 65.379656][ T5936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 65.385529][ T5936] RIP: 0033:0x7fdbf618eec9 [ 65.389921][ T5936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.409513][ T5936] RSP: 002b:00007fdbf6f61038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 65.417906][ T5936] RAX: ffffffffffffffda RBX: 00007fdbf63e6180 RCX: 00007fdbf618eec9 [ 65.425855][ T5936] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000 [ 65.433802][ T5936] RBP: 00007fdbf6211f91 R08: 000000000000000b R09: 0000000100000000 [ 65.441749][ T5936] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 65.449696][ T5936] R13: 00007fdbf63e6218 R14: 00007fdbf63e6180 R15: 00007fff4b26f048 [ 65.457651][ T5936] [ 65.460836][ T5936] Kernel Offset: disabled [ 65.465130][ T5936] Rebooting in 86400 seconds..