last executing test programs: 518.95543ms ago: executing program 1 (id=2): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) close(0x5) close(0x4) 434.889044ms ago: executing program 4 (id=5): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2003, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_TSC_KHZ_vm(r1, 0xaea2, 0x3) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000140)="0f30c402fd3eecae660f38800a66b80c010f00d0662e3646d87213460f09b98c0900000f32b8010000000f01c12e644c0fc72f", 0x33}], 0x1, 0x41, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000280)={[0x9, 0x12740b12, 0x0, 0x5, 0xe, 0x4, 0xc9, 0x5, 0x82, 0x2, 0x401, 0x7, 0x3, 0xea, 0x8, 0xfffffffffffff9], 0x8000000, 0x285f40}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 368.183679ms ago: executing program 1 (id=8): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x161200, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x14) syz_usb_connect(0x5, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100004106cd40cd060f011bd5000000010902"], 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0x1) 315.261331ms ago: executing program 4 (id=10): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x901800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0x3000, 0x1000, &(0x7f0000feb000/0x1000)=nil}) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="7b87f20f", @ANYRESDEC], &(0x7f0000000200)='GPL\x00', 0x20000000, 0x0, 0x0, 0x40f00, 0x12, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 216.255267ms ago: executing program 0 (id=11): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r0, 0x800448d2, &(0x7f0000000000)={0x2, &(0x7f0000001800)=[{@fixed}, {@none}]}) 216.109177ms ago: executing program 0 (id=12): open(&(0x7f00000001c0)='./file1\x00', 0x14927e, 0x20) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c7) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f00000001c0), 0x8, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) rmdir(&(0x7f0000000080)='./file0\x00') chdir(&(0x7f00000003c0)='./bus\x00') lsetxattr$trusted_overlay_origin(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x0, 0x0, 0x2) 215.992987ms ago: executing program 2 (id=3): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB="00fd00000000003c77146c00000000000000000000000000000000000000000096"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c25"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x18, 0x0}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 215.749077ms ago: executing program 4 (id=13): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd5b9247a915378e6492e5b94073dcdc87e7c794fb262a7e9ee0b9432f", 0xc6}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000800)="cc5a4dba", 0x4}], 0x1}}], 0x2, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 215.609717ms ago: executing program 3 (id=4): r0 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000380)={0x0, 0x1, 0x7, 0x17, 0x200, &(0x7f0000001780)="1ae19327aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a730900000000fdfd000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000005000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c536689a4a62f872f9ca3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d228186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f91ffffffffd51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6ece06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a2a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0600000000000000a1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe021c773a6664b66ae04aa62c564d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000004000000000f800"}) 201.243078ms ago: executing program 3 (id=14): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) syz_emit_ethernet(0x36, &(0x7f0000000340)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x3, 0x28, 0x67, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2d53dd0688184eee, 0x6071, 0x0, 0xe6}}}}}}, 0x0) 168.968511ms ago: executing program 0 (id=15): prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80b00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) dup(0xffffffffffffffff) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, 0x0}], 0x2d8, 0x20, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 104.267654ms ago: executing program 4 (id=16): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xd, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=@newqdisc={0x48, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r3, {0x3}, {0x3}, {0xfff1, 0x1}}, [@qdisc_kind_options=@q_cbq={{0x8}, {0x1c, 0x2, [@TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x6, 0xfffffff0, 0xb, 0x1}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x48098}, 0x240001a0) 104.083984ms ago: executing program 3 (id=17): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x3e000, 0x2) chown(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) umount2(&(0x7f00000001c0)='./file0\x00', 0x1) setxattr$incfs_id(&(0x7f0000000180)='./file0\x00', &(0x7f0000000340), &(0x7f0000000380)={'0000000000000000000000000000000', 0x31}, 0x20, 0x2) 103.992974ms ago: executing program 3 (id=18): socket$pppl2tp(0x18, 0x1, 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000040)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x2, &(0x7f0000000180)=0x6}) 90.034275ms ago: executing program 0 (id=19): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r0, &(0x7f0000000140)={0x24, @long={0x3, 0xffff, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r0, &(0x7f00000002c0)={0x24, @short={0x2, 0xffff, 0xaaa0}}, 0x14) 71.163845ms ago: executing program 0 (id=20): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0x40000073, 0x0, 0x81}]}) 337.72µs ago: executing program 4 (id=21): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r0, &(0x7f00000000c0)={0x2, 0xfffa, @empty}, 0x10) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3}, @random="ea6576681159", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @multicast1, @loopback}}}}}}, 0x0) 72.03µs ago: executing program 4 (id=22): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x100, 0xe}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0xfff5, 0x4}, {}, {0x8, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x2c, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x6, 0x80, 0x1, 0xfffffffc, 0x8}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) 0s ago: executing program 0 (id=23): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000005ec0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x24, r1, 0x1, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0xc0}]}, 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x4040804) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.2' (ED25519) to the list of known hosts. [ 28.317272][ T24] audit: type=1400 audit(1769738071.460:64): avc: denied { mounton } for pid=267 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 28.318235][ T267] cgroup: Unknown subsys name 'net' [ 28.340517][ T24] audit: type=1400 audit(1769738071.460:65): avc: denied { mount } for pid=267 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 28.369212][ T24] audit: type=1400 audit(1769738071.490:66): avc: denied { unmount } for pid=267 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 28.369426][ T267] cgroup: Unknown subsys name 'devices' [ 28.546706][ T267] cgroup: Unknown subsys name 'hugetlb' [ 28.552540][ T267] cgroup: Unknown subsys name 'rlimit' [ 28.750080][ T24] audit: type=1400 audit(1769738071.890:67): avc: denied { setattr } for pid=267 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=253 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 28.773942][ T24] audit: type=1400 audit(1769738071.890:68): avc: denied { mounton } for pid=267 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 28.779811][ T269] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 28.799436][ T24] audit: type=1400 audit(1769738071.890:69): avc: denied { mount } for pid=267 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 28.833259][ T24] audit: type=1400 audit(1769738071.950:70): avc: denied { relabelto } for pid=269 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 28.859125][ T24] audit: type=1400 audit(1769738071.950:71): avc: denied { write } for pid=269 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 28.888331][ T24] audit: type=1400 audit(1769738072.030:72): avc: denied { read } for pid=267 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 28.914510][ T24] audit: type=1400 audit(1769738072.030:73): avc: denied { open } for pid=267 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 28.941095][ T267] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 29.435132][ T275] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.442182][ T275] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.449972][ T275] device bridge_slave_0 entered promiscuous mode [ 29.458281][ T275] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.465537][ T275] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.473243][ T275] device bridge_slave_1 entered promiscuous mode [ 29.506162][ T276] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.513578][ T276] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.520982][ T276] device bridge_slave_0 entered promiscuous mode [ 29.528886][ T276] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.536155][ T276] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.543545][ T276] device bridge_slave_1 entered promiscuous mode [ 29.639715][ T275] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.647227][ T275] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.654616][ T275] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.661947][ T275] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.674821][ T279] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.682355][ T279] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.689872][ T279] device bridge_slave_0 entered promiscuous mode [ 29.698968][ T279] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.706454][ T279] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.713849][ T279] device bridge_slave_1 entered promiscuous mode [ 29.772731][ T277] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.780088][ T277] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.787838][ T277] device bridge_slave_0 entered promiscuous mode [ 29.795013][ T277] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.802149][ T277] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.809682][ T277] device bridge_slave_1 entered promiscuous mode [ 29.821891][ T278] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.829211][ T278] bridge0: port 1(bridge_slave_0) entered disabled state [ 29.836910][ T278] device bridge_slave_0 entered promiscuous mode [ 29.843906][ T278] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.851080][ T278] bridge0: port 2(bridge_slave_1) entered disabled state [ 29.858487][ T278] device bridge_slave_1 entered promiscuous mode [ 29.878736][ T276] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.886070][ T276] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.893592][ T276] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.900855][ T276] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.994059][ T279] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.001261][ T279] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.008650][ T279] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.016130][ T279] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.027074][ T278] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.034579][ T278] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.041888][ T278] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.049480][ T278] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.059180][ T277] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.066446][ T277] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.074121][ T277] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.081372][ T277] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.092632][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.100169][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.107639][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.114940][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.122708][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.130430][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.137807][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.145177][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 30.152621][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.160180][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 30.167873][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 30.176030][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.193736][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.227413][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.235861][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.244468][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.251786][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.259561][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.267946][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.275011][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.282500][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 30.290615][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.298818][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.307542][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.314767][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.322900][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.331189][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.338232][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.360666][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.369871][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.379098][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.386161][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.393853][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.403026][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.410744][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.418306][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 30.427207][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.438980][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 30.447290][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.470803][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.478784][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.487741][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 30.496458][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 30.505331][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 30.513857][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.522078][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 30.530815][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.539615][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 30.547765][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.557075][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.564683][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.575237][ T275] device veth0_vlan entered promiscuous mode [ 30.581781][ T279] device veth0_vlan entered promiscuous mode [ 30.588075][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 30.595775][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.603115][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 30.610864][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 30.625246][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 30.634133][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.643192][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.650602][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.658379][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 30.667681][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.676969][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.684080][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.691937][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 30.700524][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 30.719671][ T276] device veth0_vlan entered promiscuous mode [ 30.727657][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 30.736258][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.745711][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 30.754250][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.763051][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 30.771320][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 30.779728][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 30.788441][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 30.797114][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 30.804493][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 30.813497][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 30.821257][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 30.830558][ T275] device veth1_macvtap entered promiscuous mode [ 30.843270][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 30.851500][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 30.860584][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 30.869197][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 30.876814][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 30.884773][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 30.893006][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 30.909283][ T276] device veth1_macvtap entered promiscuous mode [ 30.917549][ T279] device veth1_macvtap entered promiscuous mode [ 30.925772][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 30.934213][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 30.943730][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 30.952939][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 30.961256][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 30.969726][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 30.979307][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 30.988125][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 31.018264][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 31.028409][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 31.037461][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 31.046848][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 31.055056][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 31.063477][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 31.072282][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.080996][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 31.090269][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 31.099015][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 31.108087][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.116888][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 31.126861][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 31.142131][ T278] device veth0_vlan entered promiscuous mode [ 31.150321][ T279] request_module fs-gadgetfs succeeded, but still no fs? [ 31.168051][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 31.176504][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 31.185681][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 31.194703][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 31.202500][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 31.210633][ T279] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 31.233493][ T277] device veth0_vlan entered promiscuous mode [ 31.247414][ T300] Zero length message leads to an empty skb [ 31.248453][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 31.273477][ T303] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 31.279900][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 31.298817][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 31.307627][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 31.315712][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 31.328456][ T277] device veth1_macvtap entered promiscuous mode [ 31.336741][ T278] device veth1_macvtap entered promiscuous mode [ 31.361331][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 31.399082][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 31.430169][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 31.439324][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.449163][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 31.458808][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 31.468049][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 31.477228][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 31.487326][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 31.496091][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 31.654493][ T344] 9pnet_virtio: no channels available for device syz [ 31.665528][ T297] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 31.768776][ T357] ================================================================== [ 31.777182][ T357] BUG: KASAN: slab-out-of-bounds in tc_setup_flow_action+0x842/0x3280 [ 31.785494][ T357] Read of size 8 at addr ffff88810fa7b6c0 by task syz.4.22/357 [ 31.793208][ T357] [ 31.795540][ T357] CPU: 1 PID: 357 Comm: syz.4.22 Not tainted syzkaller #0 [ 31.802736][ T357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 31.813130][ T357] Call Trace: [ 31.816516][ T357] __dump_stack+0x21/0x24 [ 31.820845][ T357] dump_stack_lvl+0x1a7/0x208 [ 31.825854][ T357] ? show_regs_print_info+0x18/0x18 [ 31.831491][ T357] ? thaw_kernel_threads+0x220/0x220 [ 31.837285][ T357] print_address_description+0x7f/0x2c0 [ 31.842938][ T357] ? tc_setup_flow_action+0x842/0x3280 [ 31.848479][ T357] kasan_report+0xe2/0x130 [ 31.852889][ T357] ? _raw_spin_lock_irq+0xf0/0xf0 [ 31.857905][ T357] ? tc_setup_flow_action+0x842/0x3280 [ 31.863357][ T357] __asan_report_load8_noabort+0x14/0x20 [ 31.869075][ T357] tc_setup_flow_action+0x842/0x3280 [ 31.874633][ T357] ? __kmalloc+0x1a4/0x330 [ 31.879043][ T357] ? flow_rule_alloc+0x32/0x2c0 [ 31.883978][ T357] mall_replace_hw_filter+0x2cc/0x8a0 [ 31.889613][ T357] ? pcpu_block_update_hint_alloc+0x8bf/0xc50 [ 31.895773][ T357] ? mall_set_parms+0x410/0x410 [ 31.900790][ T357] ? tcf_exts_destroy+0xb0/0xb0 [ 31.905737][ T357] ? pcpu_alloc+0xf9b/0x16b0 [ 31.910336][ T357] ? mall_set_parms+0x19d/0x410 [ 31.915176][ T357] mall_change+0x546/0x760 [ 31.919767][ T357] ? __kasan_check_write+0x14/0x20 [ 31.925134][ T357] ? mall_get+0xa0/0xa0 [ 31.929748][ T357] ? tcf_chain_tp_insert_unique+0xac1/0xc10 [ 31.935808][ T357] ? nla_strcmp+0xf4/0x140 [ 31.940342][ T357] tc_new_tfilter+0x1452/0x1a90 [ 31.945184][ T357] ? mall_get+0xa0/0xa0 [ 31.949356][ T357] ? tcf_gate_entry_destructor+0x20/0x20 [ 31.954978][ T357] ? security_capable+0x87/0xb0 [ 31.959931][ T357] ? ns_capable+0x8c/0xf0 [ 31.964255][ T357] ? netlink_net_capable+0x125/0x160 [ 31.969722][ T357] ? tcf_gate_entry_destructor+0x20/0x20 [ 31.975351][ T357] rtnetlink_rcv_msg+0x845/0xcc0 [ 31.980285][ T357] ? rtnetlink_bind+0x80/0x80 [ 31.984953][ T357] ? arch_stack_walk+0xee/0x140 [ 31.989797][ T357] ? stack_trace_save+0xa6/0xf0 [ 31.994936][ T357] ? stack_trace_snprint+0xf0/0xf0 [ 32.000226][ T357] ? do_syscall_64+0x31/0x40 [ 32.005266][ T357] ? avc_has_perm+0x168/0x3d0 [ 32.010106][ T357] ? memcpy+0x56/0x70 [ 32.014084][ T357] ? avc_has_perm+0x27f/0x3d0 [ 32.018843][ T357] ? __kasan_slab_alloc+0xbd/0xf0 [ 32.023890][ T357] ? slab_post_alloc_hook+0x5d/0x2f0 [ 32.029188][ T357] ? avc_has_perm_noaudit+0x260/0x260 [ 32.034840][ T357] ? selinux_nlmsg_lookup+0x3fb/0x4a0 [ 32.040204][ T357] netlink_rcv_skb+0x1f5/0x440 [ 32.045060][ T357] ? rtnetlink_bind+0x80/0x80 [ 32.049738][ T357] ? netlink_ack+0xb70/0xb70 [ 32.054334][ T357] ? __netlink_lookup+0x387/0x3b0 [ 32.059490][ T357] rtnetlink_rcv+0x1c/0x20 [ 32.063916][ T357] netlink_unicast+0x876/0xa40 [ 32.068875][ T357] netlink_sendmsg+0x89c/0xb50 [ 32.073893][ T357] ? __kasan_check_read+0x11/0x20 [ 32.079040][ T357] ? netlink_getsockopt+0x530/0x530 [ 32.084329][ T357] ? security_socket_sendmsg+0x82/0xa0 [ 32.089780][ T357] ? netlink_getsockopt+0x530/0x530 [ 32.095237][ T357] ____sys_sendmsg+0x5b7/0x8f0 [ 32.100165][ T357] ? __sys_sendmsg_sock+0x40/0x40 [ 32.105183][ T357] ? import_iovec+0x7c/0xb0 [ 32.109699][ T357] ___sys_sendmsg+0x236/0x2e0 [ 32.114535][ T357] ? __sys_sendmsg+0x280/0x280 [ 32.119335][ T357] ? alloc_file+0x82/0x540 [ 32.123849][ T357] ? __fdget+0x1a1/0x230 [ 32.128181][ T357] __x64_sys_sendmsg+0x1f9/0x2c0 [ 32.133127][ T357] ? __kasan_check_write+0x14/0x20 [ 32.138837][ T357] ? ___sys_sendmsg+0x2e0/0x2e0 [ 32.143780][ T357] ? __kasan_check_read+0x11/0x20 [ 32.149173][ T357] ? exit_to_user_mode_prepare+0x9a/0xa0 [ 32.155148][ T357] do_syscall_64+0x31/0x40 [ 32.159595][ T357] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 32.165677][ T357] RIP: 0033:0x7f0c9b10eeb9 [ 32.170484][ T357] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 32.190631][ T357] RSP: 002b:00007f0c99b6b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 32.199286][ T357] RAX: ffffffffffffffda RBX: 00007f0c9b389fa0 RCX: 00007f0c9b10eeb9 [ 32.207322][ T357] RDX: 0000000020000000 RSI: 0000200000000580 RDI: 0000000000000004 [ 32.215568][ T357] RBP: 00007f0c9b17cc1f R08: 0000000000000000 R09: 0000000000000000 [ 32.223799][ T357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 32.231761][ T357] R13: 00007f0c9b38a038 R14: 00007f0c9b389fa0 R15: 00007ffdc1714f58 [ 32.239756][ T357] [ 32.242116][ T357] Allocated by task 357: [ 32.246617][ T357] __kasan_kmalloc+0xda/0x110 [ 32.251511][ T357] __kmalloc+0x1a4/0x330 [ 32.255856][ T357] tcf_idr_create+0x5f/0x790 [ 32.260623][ T357] tcf_idr_create_from_flags+0x61/0x70 [ 32.266252][ T357] tcf_gact_init+0x2e6/0x560 [ 32.270931][ T357] tcf_action_init_1+0x443/0x6e0 [ 32.276049][ T357] tcf_action_init+0x227/0x780 [ 32.280892][ T357] tcf_exts_validate+0x248/0x570 [ 32.285820][ T357] mall_set_parms+0x4b/0x410 [ 32.290580][ T357] mall_change+0x47a/0x760 [ 32.294997][ T357] tc_new_tfilter+0x1452/0x1a90 [ 32.300193][ T357] rtnetlink_rcv_msg+0x845/0xcc0 [ 32.305120][ T357] netlink_rcv_skb+0x1f5/0x440 [ 32.309964][ T357] rtnetlink_rcv+0x1c/0x20 [ 32.314541][ T357] netlink_unicast+0x876/0xa40 [ 32.319380][ T357] netlink_sendmsg+0x89c/0xb50 [ 32.324131][ T357] ____sys_sendmsg+0x5b7/0x8f0 [ 32.328979][ T357] ___sys_sendmsg+0x236/0x2e0 [ 32.333652][ T357] __x64_sys_sendmsg+0x1f9/0x2c0 [ 32.338774][ T357] do_syscall_64+0x31/0x40 [ 32.343198][ T357] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 32.349365][ T357] [ 32.351774][ T357] The buggy address belongs to the object at ffff88810fa7b600 [ 32.351774][ T357] which belongs to the cache kmalloc-192 of size 192 [ 32.366003][ T357] The buggy address is located 0 bytes to the right of [ 32.366003][ T357] 192-byte region [ffff88810fa7b600, ffff88810fa7b6c0) [ 32.379795][ T357] The buggy address belongs to the page: [ 32.385509][ T357] page:ffffea00043e9ec0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10fa7b [ 32.395816][ T357] flags: 0x4000000000000200(slab) [ 32.400836][ T357] raw: 4000000000000200 0000000000000000 0000000100000001 ffff888100043380 [ 32.409588][ T357] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 32.418358][ T357] page dumped because: kasan: bad access detected [ 32.424758][ T357] page_owner tracks the page as allocated [ 32.430472][ T357] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 96, ts 4961824929, free_ts 4961795522 [ 32.446524][ T357] prep_new_page+0x179/0x180 [ 32.451192][ T357] get_page_from_freelist+0x223b/0x23d0 [ 32.456812][ T357] __alloc_pages_nodemask+0x290/0x620 [ 32.462184][ T357] new_slab+0x84/0x3f0 [ 32.466330][ T357] ___slab_alloc+0x2a6/0x450 [ 32.470905][ T357] __slab_alloc+0x63/0xa0 [ 32.475232][ T357] kmem_cache_alloc_trace+0x1b0/0x2e0 [ 32.480621][ T357] kernfs_fop_open+0x343/0xb30 [ 32.485406][ T357] do_dentry_open+0x793/0x1090 [ 32.490450][ T357] vfs_open+0x73/0x80 [ 32.494424][ T357] path_openat+0x280f/0x31c0 [ 32.499135][ T357] do_filp_open+0x1e2/0x410 [ 32.503633][ T357] do_sys_openat2+0x19f/0x750 [ 32.508673][ T357] __x64_sys_openat+0x136/0x160 [ 32.513730][ T357] do_syscall_64+0x31/0x40 [ 32.518136][ T357] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 32.524095][ T357] page last free stack trace: [ 32.528854][ T357] free_unref_page_prepare+0x2b7/0x2d0 [ 32.534451][ T357] __free_pages+0x146/0x3b0 [ 32.538953][ T357] free_pages+0x82/0x90 [ 32.543470][ T357] selinux_genfs_get_sid+0x20b/0x250 [ 32.548751][ T357] inode_doinit_with_dentry+0x879/0xd70 [ 32.554285][ T357] selinux_d_instantiate+0x27/0x40 [ 32.559384][ T357] security_d_instantiate+0x9e/0xf0 [ 32.564681][ T357] d_splice_alias+0x6d/0x390 [ 32.569259][ T357] kernfs_iop_lookup+0x2c5/0x310 [ 32.574459][ T357] path_openat+0x1140/0x31c0 [ 32.579039][ T357] do_filp_open+0x1e2/0x410 [ 32.583532][ T357] do_sys_openat2+0x19f/0x750 [ 32.588195][ T357] __x64_sys_openat+0x136/0x160 [ 32.593123][ T357] do_syscall_64+0x31/0x40 [ 32.597540][ T357] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 32.603423][ T357] [ 32.605744][ T357] Memory state around the buggy address: [ 32.611513][ T357] ffff88810fa7b580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 32.619681][ T357] ffff88810fa7b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.628106][ T357] >ffff88810fa7b680: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 32.636404][ T357] ^ [ 32.642596][ T357] ffff88810fa7b700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.650826][ T357] ffff88810fa7b780: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 32.658875][ T357] ================================================================== [ 32.666920][ T357] Disabling lock debugging due to kernel taint [ 32.925143][ T297] usb 2-1: config 0 has no interfaces? [ 32.930907][ T297] usb 2-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 32.940358][ T297] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 32.949585][ T297] usb 2-1: config 0 descriptor?? [ 33.196385][ T285] usb 2-1: USB disconnect, device number 2