last executing test programs: 4.270726927s ago: executing program 1 (id=2): r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100)) ioctl$SNDCTL_DSP_GETODELAY(0xffffffffffffffff, 0x80045017, 0x0) syz_usb_connect(0x0, 0x36, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8906, 0x0) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r5, &(0x7f0000002a00)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f00000000c0)=""/43, 0x2b}}, 0x120) readv(r5, &(0x7f0000002980)=[{&(0x7f0000000700)=""/163, 0xa3}], 0x1) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x48, 0x0, 0x0) r6 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r6, 0xc0884113, &(0x7f0000000240)={0x1, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x2}) 3.204331677s ago: executing program 2 (id=3): syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902"], 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000013140), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000640), 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000100)={'bond_slave_0\x00', 0x0}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x2, 0x0) setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xc8, &(0x7f00000001c0), 0xc) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000040)) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000080)={[{0x5}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, &(0x7f00000000c0)={0xa0002006}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2.414970511s ago: executing program 3 (id=4): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0x3, &(0x7f0000000080)=0x90e, 0x4) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000001100)={0x2, 0x0, @private}, 0x10) 2.011846643s ago: executing program 3 (id=6): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(r0, 0x0) io_uring_setup(0x0, &(0x7f0000000180)={0x0, 0xfffffffc}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0xa, 0x0, 0x0, @mcast2}, r5}}, 0x48) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r6, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000000)=0x1, r7, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @loopback}, {0xa, 0x0, 0x0, @remote}, r7}}, 0x48) close_range(r3, 0xffffffffffffffff, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) set_mempolicy(0x0, 0x0, 0x0) syz_usbip_server_init(0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r8 = io_uring_setup(0x53d, &(0x7f0000000080)={0x0, 0x57fb, 0x1, 0xfffffffd, 0x170}) io_uring_register$IORING_REGISTER_BUFFERS(r8, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) 446.801045ms ago: executing program 3 (id=7): fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3) r0 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0xffffffffffffffff, r1) setgroups(0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) fstat(r2, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xee01, r3, 0x0) mknodat$null(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1408, 0x103) 226.955375ms ago: executing program 1 (id=8): syz_usb_connect$cdc_ecm(0x6, 0x4d, &(0x7f0000000040)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x7, 0x10, 0x3, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x2, 0x6, 0x0, 0x8, {{0x5}, {0x5, 0x24, 0x0, 0xa6a}, {0xd, 0x24, 0xf, 0x1, 0xf8, 0x4, 0x0, 0x3}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x10, 0x9, 0x3, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x4f, 0xfb, 0x3}}}}}]}}]}}, 0x0) sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0xfdef) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f1b"], 0x22) 75.618934ms ago: executing program 0 (id=1): fanotify_init(0x200, 0x0) r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000000040)) dup(r0) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="12010000a3b370086d04ae0858110102030109021b0001000000000904000601096e7e00000000000000"], 0x0) syz_usb_disconnect(r1) syz_open_dev$dri(0x0, 0x1, 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0, 0x8}) r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0xc4c85513, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x7ff]}) 0s ago: executing program 3 (id=9): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) clock_nanosleep(0x0, 0x0, &(0x7f0000000000)={0xffffffffffff1af1}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) r3 = socket$kcm(0x10, 0x2, 0x4) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300010004000600eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) kernel console output (not intermixed with test programs): syzkaller login: [ 86.364918][ T29] audit: type=1400 audit(1725590436.082:78): avc: denied { transition } for pid=5178 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 86.411663][ T29] audit: type=1400 audit(1725590436.102:79): avc: denied { noatsecure } for pid=5178 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 86.451907][ T29] audit: type=1400 audit(1725590436.122:80): avc: denied { write } for pid=5178 comm="sh" path="pipe:[3338]" dev="pipefs" ino=3338 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 86.500938][ T29] audit: type=1400 audit(1725590436.122:81): avc: denied { rlimitinh } for pid=5178 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 86.551588][ T29] audit: type=1400 audit(1725590436.122:82): avc: denied { siginh } for pid=5178 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 87.391179][ T29] audit: type=1400 audit(1725590437.102:83): avc: denied { read } for pid=4660 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 87.417312][ T29] audit: type=1400 audit(1725590437.132:84): avc: denied { write } for pid=5207 comm="sftp-server" path="pipe:[4423]" dev="pipefs" ino=4423 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 88.798063][ T29] audit: type=1400 audit(1725590438.512:85): avc: denied { append } for pid=4660 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 88.820333][ T29] audit: type=1400 audit(1725590438.512:86): avc: denied { open } for pid=4660 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 88.843384][ T29] audit: type=1400 audit(1725590438.512:87): avc: denied { getattr } for pid=4660 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 Warning: Permanently added '10.128.0.178' (ED25519) to the list of known hosts. [ 97.504768][ T8] cfg80211: failed to load regulatory.db [ 101.169885][ T29] audit: type=1400 audit(1725590450.882:88): avc: denied { mounton } for pid=5214 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 101.180922][ T5214] cgroup: Unknown subsys name 'net' [ 101.192894][ T29] audit: type=1400 audit(1725590450.892:89): avc: denied { mount } for pid=5214 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 101.220430][ T29] audit: type=1400 audit(1725590450.922:90): avc: denied { unmount } for pid=5214 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 101.377255][ T5214] cgroup: Unknown subsys name 'rlimit' [ 101.524292][ T29] audit: type=1400 audit(1725590451.242:91): avc: denied { setattr } for pid=5214 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=734 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 101.579894][ T29] audit: type=1400 audit(1725590451.242:92): avc: denied { create } for pid=5214 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 101.612281][ T29] audit: type=1400 audit(1725590451.242:93): avc: denied { write } for pid=5214 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 101.633598][ T29] audit: type=1400 audit(1725590451.242:94): avc: denied { read } for pid=5214 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 101.654472][ T29] audit: type=1400 audit(1725590451.262:95): avc: denied { mounton } for pid=5214 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 101.679843][ T29] audit: type=1400 audit(1725590451.262:96): avc: denied { mount } for pid=5214 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 101.686445][ T5218] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 101.703763][ T29] audit: type=1400 audit(1725590451.272:97): avc: denied { read } for pid=4892 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 103.547730][ T5214] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 106.436488][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 106.436510][ T29] audit: type=1400 audit(1725590456.152:102): avc: denied { execmem } for pid=5220 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 107.831581][ T29] audit: type=1400 audit(1725590457.532:103): avc: denied { mounton } for pid=5226 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 107.901604][ T29] audit: type=1400 audit(1725590457.532:104): avc: denied { mount } for pid=5226 comm="syz-executor" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 107.971598][ T5227] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 107.974864][ T29] audit: type=1400 audit(1725590457.532:105): avc: denied { create } for pid=5226 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 108.021095][ T29] audit: type=1400 audit(1725590457.532:106): avc: denied { read write } for pid=5226 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1078 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 108.045816][ T29] audit: type=1400 audit(1725590457.532:107): avc: denied { open } for pid=5226 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1078 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 108.069817][ T5237] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 108.070387][ T29] audit: type=1400 audit(1725590457.602:108): avc: denied { ioctl } for pid=5226 comm="syz-executor" path="socket:[3402]" dev="sockfs" ino=3402 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 108.103596][ T5240] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 108.111177][ T5240] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 108.121113][ T5240] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 108.128890][ T5240] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 108.137033][ T5240] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 108.145102][ T5240] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 108.152859][ T5240] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 108.161255][ T5240] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 108.168899][ T5240] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 108.178164][ T5240] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 108.186810][ T5240] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 108.194416][ T5240] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 108.202760][ T5240] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 108.211185][ T5240] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 108.221988][ T5244] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 108.230991][ T5244] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 108.235026][ T5241] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 108.252284][ T5244] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 108.272837][ T5242] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 108.282812][ T5241] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 108.291175][ T5241] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 108.298962][ T5241] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 108.310731][ T5241] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 108.318685][ T5241] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 108.319355][ T5240] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 108.327586][ T5241] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 108.347605][ T54] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 108.359334][ T29] audit: type=1400 audit(1725590458.062:109): avc: denied { read } for pid=5229 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 108.361013][ T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 108.441572][ T29] audit: type=1400 audit(1725590458.102:110): avc: denied { open } for pid=5229 comm="syz-executor" path="net:[4026531840]" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 108.465752][ T29] audit: type=1400 audit(1725590458.102:111): avc: denied { read } for pid=5226 comm="syz-executor" dev="nsfs" ino=4026531840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 109.365969][ T5229] chnl_net:caif_netlink_parms(): no params data found [ 109.423056][ T5230] chnl_net:caif_netlink_parms(): no params data found [ 109.451180][ T5226] chnl_net:caif_netlink_parms(): no params data found [ 109.655000][ T5236] chnl_net:caif_netlink_parms(): no params data found [ 109.720066][ T5231] chnl_net:caif_netlink_parms(): no params data found [ 109.843142][ T5229] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.850340][ T5229] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.858179][ T5229] bridge_slave_0: entered allmulticast mode [ 109.869545][ T5229] bridge_slave_0: entered promiscuous mode [ 109.926864][ T5226] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.934369][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.942012][ T5226] bridge_slave_0: entered allmulticast mode [ 109.949667][ T5226] bridge_slave_0: entered promiscuous mode [ 109.961233][ T5226] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.969132][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.976702][ T5226] bridge_slave_1: entered allmulticast mode [ 109.986086][ T5226] bridge_slave_1: entered promiscuous mode [ 109.993874][ T5229] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.001085][ T5229] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.008702][ T5229] bridge_slave_1: entered allmulticast mode [ 110.016383][ T5229] bridge_slave_1: entered promiscuous mode [ 110.119326][ T5230] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.126945][ T5230] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.134206][ T5230] bridge_slave_0: entered allmulticast mode [ 110.143783][ T5230] bridge_slave_0: entered promiscuous mode [ 110.211102][ T5229] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.234439][ T5230] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.241908][ T5230] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.249106][ T5230] bridge_slave_1: entered allmulticast mode [ 110.257148][ T5230] bridge_slave_1: entered promiscuous mode [ 110.287109][ T5226] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.302293][ T5226] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.315140][ T5229] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.372582][ T5236] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.379807][ T5236] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.382680][ T5240] Bluetooth: hci0: command tx timeout [ 110.392552][ T5241] Bluetooth: hci1: command tx timeout [ 110.394441][ T5236] bridge_slave_0: entered allmulticast mode [ 110.407119][ T5236] bridge_slave_0: entered promiscuous mode [ 110.462428][ T5240] Bluetooth: hci4: command tx timeout [ 110.462465][ T5241] Bluetooth: hci3: command tx timeout [ 110.462761][ T5241] Bluetooth: hci2: command tx timeout [ 110.523550][ T5236] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.530752][ T5236] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.538356][ T5236] bridge_slave_1: entered allmulticast mode [ 110.547418][ T5236] bridge_slave_1: entered promiscuous mode [ 110.564579][ T5226] team0: Port device team_slave_0 added [ 110.578788][ T5229] team0: Port device team_slave_0 added [ 110.606871][ T5230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.621300][ T5230] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.651277][ T5226] team0: Port device team_slave_1 added [ 110.678554][ T5229] team0: Port device team_slave_1 added [ 110.702301][ T5231] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.709483][ T5231] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.721619][ T5231] bridge_slave_0: entered allmulticast mode [ 110.729278][ T5231] bridge_slave_0: entered promiscuous mode [ 110.813454][ T5231] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.820846][ T5231] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.829607][ T5231] bridge_slave_1: entered allmulticast mode [ 110.837401][ T5231] bridge_slave_1: entered promiscuous mode [ 110.866968][ T5236] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.881886][ T5236] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.893520][ T5226] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 110.900478][ T5226] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.926694][ T5226] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 110.939443][ T5229] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 110.947051][ T5229] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.973051][ T5229] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 111.008127][ T5230] team0: Port device team_slave_0 added [ 111.033028][ T5226] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.040071][ T5226] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.066667][ T5226] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.079097][ T5229] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.087074][ T5229] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.113534][ T5229] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.144168][ T5230] team0: Port device team_slave_1 added [ 111.156201][ T5231] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 111.198965][ T5236] team0: Port device team_slave_0 added [ 111.237526][ T5231] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 111.256809][ T5236] team0: Port device team_slave_1 added [ 111.398868][ T5230] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 111.406398][ T5230] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.433409][ T5230] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 111.448046][ T5230] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.455428][ T5230] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.481916][ T5230] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.498056][ T5231] team0: Port device team_slave_0 added [ 111.544528][ T5236] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 111.552060][ T5236] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.578603][ T5236] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 111.593648][ T5236] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.600618][ T5236] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.627088][ T5236] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.650786][ T5231] team0: Port device team_slave_1 added [ 111.665394][ T5226] hsr_slave_0: entered promiscuous mode [ 111.672499][ T5226] hsr_slave_1: entered promiscuous mode [ 111.783749][ T5229] hsr_slave_0: entered promiscuous mode [ 111.790645][ T5229] hsr_slave_1: entered promiscuous mode [ 111.797954][ T5229] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 111.806933][ T5229] Cannot create hsr debugfs directory [ 111.873176][ T5231] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 111.880152][ T5231] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.906129][ T5231] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 111.919087][ T5231] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.926685][ T5231] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.953117][ T5231] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.997394][ T5230] hsr_slave_0: entered promiscuous mode [ 112.004200][ T5230] hsr_slave_1: entered promiscuous mode [ 112.010758][ T5230] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 112.018452][ T5230] Cannot create hsr debugfs directory [ 112.053639][ T5236] hsr_slave_0: entered promiscuous mode [ 112.060394][ T5236] hsr_slave_1: entered promiscuous mode [ 112.067789][ T5236] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 112.075499][ T5236] Cannot create hsr debugfs directory [ 112.314494][ T5231] hsr_slave_0: entered promiscuous mode [ 112.321871][ T5231] hsr_slave_1: entered promiscuous mode [ 112.328957][ T5231] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 112.336701][ T5231] Cannot create hsr debugfs directory [ 112.462364][ T5234] Bluetooth: hci1: command tx timeout [ 112.467895][ T5241] Bluetooth: hci0: command tx timeout [ 112.541871][ T5234] Bluetooth: hci4: command tx timeout [ 112.547332][ T5234] Bluetooth: hci3: command tx timeout [ 112.553527][ T5241] Bluetooth: hci2: command tx timeout [ 113.016699][ T5229] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 113.035926][ T5229] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 113.050864][ T5229] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 113.063998][ T5229] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 113.166708][ T5226] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 113.199024][ T5226] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 113.217770][ T5226] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 113.251116][ T5226] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 113.336667][ T5236] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 113.354528][ T5236] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 113.368704][ T5236] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 113.401547][ T5236] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 113.583825][ T5230] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 113.607829][ T5230] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 113.637720][ T5230] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 113.677949][ T5230] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 113.769311][ T5229] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.829100][ T5231] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 113.873728][ T5231] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 113.918331][ T5229] 8021q: adding VLAN 0 to HW filter on device team0 [ 113.933737][ T5231] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 113.947706][ T5231] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 114.025195][ T137] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.032834][ T137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.058844][ T5226] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.129178][ T5236] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.165685][ T5226] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.175996][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.183205][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.259377][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.266635][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.325688][ T5236] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.373806][ T137] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.381029][ T137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.392843][ T137] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.400016][ T137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.412652][ T137] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.419878][ T137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.536774][ T5230] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.553335][ T5234] Bluetooth: hci0: command tx timeout [ 114.553550][ T5241] Bluetooth: hci1: command tx timeout [ 114.608822][ T5229] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 114.622344][ T5241] Bluetooth: hci4: command tx timeout [ 114.622907][ T5240] Bluetooth: hci2: command tx timeout [ 114.633383][ T5234] Bluetooth: hci3: command tx timeout [ 114.684726][ T5230] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.756997][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 114.757019][ T29] audit: type=1400 audit(1725590464.472:115): avc: denied { sys_module } for pid=5229 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 114.795993][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.803254][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 114.903493][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.910849][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.969663][ T5231] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.134160][ T5231] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.220233][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.227450][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.295357][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.302737][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.448161][ T5229] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.720767][ T5226] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.776488][ T5236] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.867969][ T5229] veth0_vlan: entered promiscuous mode [ 115.913819][ T5230] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.999022][ T5229] veth1_vlan: entered promiscuous mode [ 116.089678][ T5226] veth0_vlan: entered promiscuous mode [ 116.174760][ T5236] veth0_vlan: entered promiscuous mode [ 116.248120][ T5226] veth1_vlan: entered promiscuous mode [ 116.329298][ T5229] veth0_macvtap: entered promiscuous mode [ 116.361419][ T5231] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.378761][ T5229] veth1_macvtap: entered promiscuous mode [ 116.399289][ T5236] veth1_vlan: entered promiscuous mode [ 116.454538][ T5226] veth0_macvtap: entered promiscuous mode [ 116.496766][ T5226] veth1_macvtap: entered promiscuous mode [ 116.518905][ T5229] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.567123][ T5229] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.615927][ T5236] veth0_macvtap: entered promiscuous mode [ 116.623937][ T5234] Bluetooth: hci0: command tx timeout [ 116.629378][ T5234] Bluetooth: hci1: command tx timeout [ 116.643804][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 116.657087][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.669726][ T5226] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.683730][ T5236] veth1_macvtap: entered promiscuous mode [ 116.692842][ T5229] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.702436][ T5240] Bluetooth: hci2: command tx timeout [ 116.702827][ T5241] Bluetooth: hci4: command tx timeout [ 116.707897][ T5234] Bluetooth: hci3: command tx timeout [ 116.722088][ T5229] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.730827][ T5229] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.740143][ T5229] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.784957][ T5226] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 116.796686][ T5226] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 116.810741][ T5226] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.827332][ T5226] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.838438][ T5226] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.862856][ T5226] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.874384][ T5226] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.060528][ T5231] veth0_vlan: entered promiscuous mode [ 117.069839][ T5236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.081854][ T5236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.092149][ T5236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 117.103996][ T5236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.116563][ T5236] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 117.139916][ T5230] veth0_vlan: entered promiscuous mode [ 117.200951][ T5236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.212666][ T5236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.223249][ T5236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 117.234444][ T5236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 117.246883][ T5236] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 117.273362][ T2978] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.284833][ T2978] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.300656][ T5236] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.310704][ T5236] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.320159][ T5236] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.329261][ T5236] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.344534][ T5231] veth1_vlan: entered promiscuous mode [ 117.366423][ T5230] veth1_vlan: entered promiscuous mode [ 117.485007][ T4495] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.505951][ T4495] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.552060][ T29] audit: type=1400 audit(1725590467.262:116): avc: denied { mounton } for pid=5229 comm="syz-executor" path="/root/syzkaller.rfzAln/syz-tmp" dev="sda1" ino=1944 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 117.606291][ T137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.618881][ T137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.638534][ T29] audit: type=1400 audit(1725590467.262:117): avc: denied { mount } for pid=5229 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 117.676372][ T29] audit: type=1400 audit(1725590467.262:118): avc: denied { mounton } for pid=5229 comm="syz-executor" path="/root/syzkaller.rfzAln/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 117.702280][ T5231] veth0_macvtap: entered promiscuous mode [ 117.710455][ T5231] veth1_macvtap: entered promiscuous mode [ 117.720661][ T29] audit: type=1400 audit(1725590467.292:119): avc: denied { mount } for pid=5229 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 117.749182][ T29] audit: type=1400 audit(1725590467.302:120): avc: denied { unmount } for pid=5229 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 117.800098][ T29] audit: type=1400 audit(1725590467.322:121): avc: denied { mounton } for pid=5229 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=2325 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 117.816240][ T5230] veth0_macvtap: entered promiscuous mode [ 117.850329][ T29] audit: type=1400 audit(1725590467.382:122): avc: denied { mount } for pid=5229 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 117.937130][ T5230] veth1_macvtap: entered promiscuous mode [ 117.961681][ T29] audit: type=1400 audit(1725590467.642:123): avc: denied { read write } for pid=5229 comm="syz-executor" name="loop1" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 117.994025][ T5231] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.004766][ T5231] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.014695][ T5231] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.031544][ T29] audit: type=1400 audit(1725590467.662:124): avc: denied { open } for pid=5229 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 118.060460][ T5231] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.080536][ T5231] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.091272][ T5231] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.105714][ T5231] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.140021][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.148160][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 118.209692][ T5231] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.228133][ T5231] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.240343][ T5231] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.251691][ T5231] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.258834][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.278532][ T5231] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.290999][ T5231] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.301131][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.319476][ T5231] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.328064][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.337868][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.345969][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.354125][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.361999][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.369566][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.380300][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.430731][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.448411][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.459756][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.468801][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.479902][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.488251][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.499158][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.515488][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.523519][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.534194][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.545370][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.560203][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.567704][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.577286][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.590481][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.598353][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.609123][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.609622][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.617339][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.640667][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.647093][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 118.659085][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.665256][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.682423][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.697532][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.698280][ T5230] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.713335][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.722183][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.746859][ T5231] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.755360][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.759009][ T5231] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.772891][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.778226][ T5231] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.795119][ T5231] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.829802][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.838941][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.869165][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.869338][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.877482][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.877519][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.877559][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.877593][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.877628][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.877662][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.877697][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.877731][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.877763][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 118.960483][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 118.971560][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 118.995340][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.005496][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.016380][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.027319][ T5278] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 119.034902][ T5230] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.060205][ T5230] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.077487][ T5230] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.087827][ T5278] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz0] on syz0 [ 119.178932][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.205102][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.311348][ T5230] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.331568][ T5230] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.341654][ T5230] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.350730][ T5230] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.430937][ T2993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.449284][ T2993] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.467529][ T5278] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 119.694649][ T2993] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.730680][ T2993] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.737462][ T5278] usb 3-1: config 0 has no interfaces? [ 119.756492][ T5278] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 119.795873][ T5278] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.878333][ T5278] usb 3-1: config 0 descriptor?? [ 119.952727][ T29] kauditd_printk_skb: 8 callbacks suppressed [ 119.952746][ T29] audit: type=1400 audit(1725590469.662:133): avc: denied { create } for pid=5320 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 120.035309][ T29] audit: type=1400 audit(1725590469.752:134): avc: denied { setopt } for pid=5320 comm="syz.3.4" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 120.089442][ T29] audit: type=1400 audit(1725590469.772:135): avc: denied { write } for pid=5320 comm="syz.3.4" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 120.118129][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.172467][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.287057][ T29] audit: type=1400 audit(1725590470.002:136): avc: denied { read } for pid=5317 comm="syz.2.3" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 120.320799][ T5318] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 120.349835][ T5318] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 120.367093][ T29] audit: type=1400 audit(1725590470.032:137): avc: denied { open } for pid=5317 comm="syz.2.3" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 120.436232][ T29] audit: type=1400 audit(1725590470.052:138): avc: denied { mounton } for pid=5231 comm="syz-executor" path="/root/syzkaller.mwhAya/syz-tmp/newroot/selinux" dev="tmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 120.587773][ T5326] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 121.814670][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.850429][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.909221][ T29] audit: type=1400 audit(1725590470.062:139): avc: denied { ioctl } for pid=5317 comm="syz.2.3" path="socket:[6015]" dev="sockfs" ino=6015 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 122.032098][ T29] audit: type=1400 audit(1725590470.062:140): avc: denied { ioctl } for pid=5317 comm="syz.2.3" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 122.100953][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.160129][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.174530][ T29] audit: type=1400 audit(1725590470.282:141): avc: denied { prog_load } for pid=5323 comm="syz.3.6" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 122.263220][ T29] audit: type=1400 audit(1725590470.292:142): avc: denied { bpf } for pid=5323 comm="syz.3.6" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 122.371001][ T5234] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585 [ 122.381359][ T5234] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5234, name: kworker/u9:3 [ 122.392323][ T5234] preempt_count: 0, expected: 0 [ 122.397221][ T5234] RCU nest depth: 1, expected: 0 [ 122.402588][ T5234] 4 locks held by kworker/u9:3/5234: [ 122.407934][ T5234] #0: ffff8880318f0148 ((wq_completion)hci1#2){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 [ 122.422768][ T5234] #1: ffffc90003ed7d80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 [ 122.434423][ T5234] #2: ffff8880334d0078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xb30 [ 122.452043][ T5234] #3: ffffffff8ddb9fe0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xb30 [ 122.464420][ T5234] CPU: 1 UID: 0 PID: 5234 Comm: kworker/u9:3 Not tainted 6.11.0-rc6-syzkaller-00070-gc763c4339688 #0 [ 122.475336][ T5234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 122.485447][ T5234] Workqueue: hci1 hci_rx_work [ 122.490203][ T5234] Call Trace: [ 122.493612][ T5234] [ 122.496603][ T5234] dump_stack_lvl+0x16c/0x1f0 [ 122.501365][ T5234] __might_resched+0x3c0/0x5e0 [ 122.506184][ T5234] ? __pfx___might_resched+0x10/0x10 [ 122.511516][ T5234] ? __pfx___lock_acquire+0x10/0x10 [ 122.516775][ T5234] ? rcu_is_watching+0x12/0xc0 [ 122.521599][ T5234] __mutex_lock+0xe2/0x9c0 [ 122.526074][ T5234] ? hci_le_create_big_complete_evt+0x387/0xb30 [ 122.532382][ T5234] ? __pfx___mutex_lock+0x10/0x10 [ 122.537460][ T5234] ? __pfx_lock_acquire+0x10/0x10 [ 122.542542][ T5234] ? find_held_lock+0x2d/0x110 [ 122.547361][ T5234] ? hci_event_packet+0x438/0x1180 [ 122.552535][ T5234] ? __pfx_lock_release+0x10/0x10 [ 122.557620][ T5234] ? hci_le_create_big_complete_evt+0x387/0xb30 [ 122.563920][ T5234] hci_le_create_big_complete_evt+0x387/0xb30 [ 122.570070][ T5234] ? __mutex_unlock_slowpath+0x164/0x650 [ 122.575772][ T5234] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 122.582427][ T5234] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 122.588467][ T5234] ? skb_pull_data+0x166/0x210 [ 122.593308][ T5234] hci_le_meta_evt+0x2e2/0x5d0 [ 122.598140][ T5234] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 122.604788][ T5234] hci_event_packet+0x666/0x1180 [ 122.609778][ T5234] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 122.615143][ T5234] ? __pfx_hci_event_packet+0x10/0x10 [ 122.620568][ T5234] ? mark_held_locks+0x9f/0xe0 [ 122.625427][ T5234] ? kcov_remote_start+0x3cf/0x6e0 [ 122.630669][ T5234] ? lockdep_hardirqs_on+0x7c/0x110 [ 122.635939][ T5234] hci_rx_work+0x2c6/0x1610 [ 122.640539][ T5234] process_one_work+0x9c5/0x1b40 [ 122.645575][ T5234] ? __pfx_lock_acquire+0x10/0x10 [ 122.650670][ T5234] ? __pfx_process_one_work+0x10/0x10 [ 122.656132][ T5234] ? assign_work+0x1a0/0x250 [ 122.660799][ T5234] worker_thread+0x6c8/0xed0 [ 122.665499][ T5234] ? __pfx_worker_thread+0x10/0x10 [ 122.670683][ T5234] kthread+0x2c1/0x3a0 [ 122.674813][ T5234] ? _raw_spin_unlock_irq+0x23/0x50 [ 122.680076][ T5234] ? __pfx_kthread+0x10/0x10 [ 122.684725][ T5234] ret_from_fork+0x45/0x80 [ 122.689211][ T5234] ? __pfx_kthread+0x10/0x10 [ 122.693860][ T5234] ret_from_fork_asm+0x1a/0x30 [ 122.698717][ T5234] [ 122.722145][ T5234] [ 122.724517][ T5234] ============================= [ 122.729381][ T5234] [ BUG: Invalid wait context ] [ 122.734256][ T5234] 6.11.0-rc6-syzkaller-00070-gc763c4339688 #0 Tainted: G W [ 122.742871][ T5234] ----------------------------- [ 122.747739][ T5234] kworker/u9:3/5234 is trying to lock: [ 122.753218][ T5234] ffffffff8fc9c1a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x387/0xb30 [ 122.763908][ T5234] other info that might help us debug this: [ 122.769829][ T5234] context-{4:4} [ 122.773294][ T5234] 4 locks held by kworker/u9:3/5234: [ 122.778582][ T5234] #0: ffff8880318f0148 ((wq_completion)hci1#2){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 [ 122.789098][ T5234] #1: ffffc90003ed7d80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 [ 122.800552][ T5234] #2: ffff8880334d0078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xb30 [ 122.811132][ T5234] #3: ffffffff8ddb9fe0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xb30 [ 122.821967][ T5234] stack backtrace: [ 122.825691][ T5234] CPU: 1 UID: 0 PID: 5234 Comm: kworker/u9:3 Tainted: G W 6.11.0-rc6-syzkaller-00070-gc763c4339688 #0 [ 122.838058][ T5234] Tainted: [W]=WARN [ 122.841870][ T5234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 122.852023][ T5234] Workqueue: hci1 hci_rx_work [ 122.856820][ T5234] Call Trace: [ 122.860110][ T5234] [ 122.863054][ T5234] dump_stack_lvl+0x116/0x1f0 [ 122.867754][ T5234] __lock_acquire+0x13cc/0x3cb0 [ 122.872648][ T5234] ? __pfx___lock_acquire+0x10/0x10 [ 122.878233][ T5234] ? irqentry_exit+0x3b/0x90 [ 122.882874][ T5234] ? lockdep_hardirqs_on+0x7c/0x110 [ 122.888128][ T5234] lock_acquire+0x1b1/0x560 [ 122.892761][ T5234] ? hci_le_create_big_complete_evt+0x387/0xb30 [ 122.899128][ T5234] ? __pfx_lock_acquire+0x10/0x10 [ 122.904185][ T5234] ? dump_stack_lvl+0x1a3/0x1f0 [ 122.909053][ T5234] ? add_taint+0x5f/0xd0 [ 122.913322][ T5234] ? __might_resched+0x3cc/0x5e0 [ 122.918276][ T5234] ? __pfx___might_resched+0x10/0x10 [ 122.923575][ T5234] ? __pfx___lock_acquire+0x10/0x10 [ 122.928804][ T5234] __mutex_lock+0x175/0x9c0 [ 122.933336][ T5234] ? hci_le_create_big_complete_evt+0x387/0xb30 [ 122.939598][ T5234] ? hci_le_create_big_complete_evt+0x387/0xb30 [ 122.945871][ T5234] ? __pfx___mutex_lock+0x10/0x10 [ 122.950999][ T5234] ? __pfx_lock_acquire+0x10/0x10 [ 122.956311][ T5234] ? find_held_lock+0x2d/0x110 [ 122.961095][ T5234] ? hci_event_packet+0x438/0x1180 [ 122.966229][ T5234] ? __pfx_lock_release+0x10/0x10 [ 122.971285][ T5234] ? hci_le_create_big_complete_evt+0x387/0xb30 [ 122.977555][ T5234] hci_le_create_big_complete_evt+0x387/0xb30 [ 122.983652][ T5234] ? __mutex_unlock_slowpath+0x164/0x650 [ 122.989311][ T5234] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 122.995918][ T5234] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 123.001946][ T5234] ? skb_pull_data+0x166/0x210 [ 123.006737][ T5234] hci_le_meta_evt+0x2e2/0x5d0 [ 123.011531][ T5234] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 123.018163][ T5234] hci_event_packet+0x666/0x1180 [ 123.023125][ T5234] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 123.028441][ T5234] ? __pfx_hci_event_packet+0x10/0x10 [ 123.033836][ T5234] ? mark_held_locks+0x9f/0xe0 [ 123.038626][ T5234] ? kcov_remote_start+0x3cf/0x6e0 [ 123.043746][ T5234] ? lockdep_hardirqs_on+0x7c/0x110 [ 123.048969][ T5234] hci_rx_work+0x2c6/0x1610 [ 123.053505][ T5234] process_one_work+0x9c5/0x1b40 [ 123.058476][ T5234] ? __pfx_lock_acquire+0x10/0x10 [ 123.063527][ T5234] ? __pfx_process_one_work+0x10/0x10 [ 123.068949][ T5234] ? assign_work+0x1a0/0x250 [ 123.073571][ T5234] worker_thread+0x6c8/0xed0 [ 123.078217][ T5234] ? __pfx_worker_thread+0x10/0x10 [ 123.083366][ T5234] kthread+0x2c1/0x3a0 [ 123.087464][ T5234] ? _raw_spin_unlock_irq+0x23/0x50 [ 123.092683][ T5234] ? __pfx_kthread+0x10/0x10 [ 123.097305][ T5234] ret_from_fork+0x45/0x80 [ 123.101759][ T5234] ? __pfx_kthread+0x10/0x10 [ 123.106364][ T5234] ret_from_fork_asm+0x1a/0x30 [ 123.111158][ T5234] [ 123.152769][ T5234] ================================================================== [ 123.160869][ T5234] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0xa62/0xb30 [ 123.169938][ T5234] Read of size 8 at addr ffff88807c91c000 by task kworker/u9:3/5234 [ 123.177946][ T5234] [ 123.180303][ T5234] CPU: 0 UID: 0 PID: 5234 Comm: kworker/u9:3 Tainted: G W 6.11.0-rc6-syzkaller-00070-gc763c4339688 #0 [ 123.192672][ T5234] Tainted: [W]=WARN [ 123.196493][ T5234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 123.206577][ T5234] Workqueue: hci1 hci_rx_work [ 123.211319][ T5234] Call Trace: [ 123.214627][ T5234] [ 123.217591][ T5234] dump_stack_lvl+0x116/0x1f0 [ 123.222321][ T5234] print_report+0xc3/0x620 [ 123.226778][ T5234] ? __virt_addr_valid+0x5e/0x590 [ 123.231842][ T5234] ? __phys_addr+0xc6/0x150 [ 123.236384][ T5234] kasan_report+0xd9/0x110 [ 123.240844][ T5234] ? hci_le_create_big_complete_evt+0xa62/0xb30 [ 123.247131][ T5234] ? hci_le_create_big_complete_evt+0xa62/0xb30 [ 123.253407][ T5234] hci_le_create_big_complete_evt+0xa62/0xb30 [ 123.259502][ T5234] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 123.266132][ T5234] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 123.272141][ T5234] ? skb_pull_data+0x166/0x210 [ 123.276952][ T5234] hci_le_meta_evt+0x2e2/0x5d0 [ 123.281752][ T5234] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 123.288391][ T5234] hci_event_packet+0x666/0x1180 [ 123.293382][ T5234] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 123.298698][ T5234] ? __pfx_hci_event_packet+0x10/0x10 [ 123.304127][ T5234] ? mark_held_locks+0x9f/0xe0 [ 123.308923][ T5234] ? kcov_remote_start+0x3cf/0x6e0 [ 123.314045][ T5234] ? lockdep_hardirqs_on+0x7c/0x110 [ 123.319271][ T5234] hci_rx_work+0x2c6/0x1610 [ 123.323806][ T5234] process_one_work+0x9c5/0x1b40 [ 123.328778][ T5234] ? __pfx_lock_acquire+0x10/0x10 [ 123.333831][ T5234] ? __pfx_process_one_work+0x10/0x10 [ 123.339235][ T5234] ? assign_work+0x1a0/0x250 [ 123.343852][ T5234] worker_thread+0x6c8/0xed0 [ 123.348482][ T5234] ? __pfx_worker_thread+0x10/0x10 [ 123.353627][ T5234] kthread+0x2c1/0x3a0 [ 123.357714][ T5234] ? _raw_spin_unlock_irq+0x23/0x50 [ 123.362940][ T5234] ? __pfx_kthread+0x10/0x10 [ 123.367546][ T5234] ret_from_fork+0x45/0x80 [ 123.371991][ T5234] ? __pfx_kthread+0x10/0x10 [ 123.376597][ T5234] ret_from_fork_asm+0x1a/0x30 [ 123.381397][ T5234] [ 123.384424][ T5234] [ 123.386748][ T5234] Allocated by task 5234: [ 123.391090][ T5234] kasan_save_stack+0x33/0x60 [ 123.395827][ T5234] kasan_save_track+0x14/0x30 [ 123.400531][ T5234] __kasan_kmalloc+0xaa/0xb0 [ 123.405146][ T5234] __hci_conn_add+0x131/0x1a50 [ 123.409938][ T5234] hci_conn_add+0x56/0x70 [ 123.414275][ T5234] hci_le_big_sync_established_evt+0x73f/0xad0 [ 123.420443][ T5234] hci_le_meta_evt+0x2e2/0x5d0 [ 123.425235][ T5234] hci_event_packet+0x666/0x1180 [ 123.430218][ T5234] hci_rx_work+0x2c6/0x1610 [ 123.434754][ T5234] process_one_work+0x9c5/0x1b40 [ 123.439717][ T5234] worker_thread+0x6c8/0xed0 [ 123.444333][ T5234] kthread+0x2c1/0x3a0 [ 123.448414][ T5234] ret_from_fork+0x45/0x80 [ 123.452854][ T5234] ret_from_fork_asm+0x1a/0x30 [ 123.457650][ T5234] [ 123.459995][ T5234] Freed by task 5234: [ 123.463978][ T5234] kasan_save_stack+0x33/0x60 [ 123.468685][ T5234] kasan_save_track+0x14/0x30 [ 123.473398][ T5234] kasan_save_free_info+0x3b/0x60 [ 123.478441][ T5234] poison_slab_object+0xf7/0x160 [ 123.483399][ T5234] __kasan_slab_free+0x32/0x50 [ 123.488193][ T5234] kfree+0x12a/0x3b0 [ 123.492105][ T5234] device_release+0xa1/0x240 [ 123.496725][ T5234] kobject_put+0x1e4/0x5a0 [ 123.501156][ T5234] put_device+0x1f/0x30 [ 123.505339][ T5234] hci_conn_del_sysfs+0x151/0x180 [ 123.510391][ T5234] hci_conn_del+0x54e/0xdb0 [ 123.514911][ T5234] hci_le_create_big_complete_evt+0x4ba/0xb30 [ 123.521002][ T5234] hci_le_meta_evt+0x2e2/0x5d0 [ 123.525876][ T5234] hci_event_packet+0x666/0x1180 [ 123.530836][ T5234] hci_rx_work+0x2c6/0x1610 [ 123.535374][ T5234] process_one_work+0x9c5/0x1b40 [ 123.540335][ T5234] worker_thread+0x6c8/0xed0 [ 123.544947][ T5234] kthread+0x2c1/0x3a0 [ 123.549042][ T5234] ret_from_fork+0x45/0x80 [ 123.553481][ T5234] ret_from_fork_asm+0x1a/0x30 [ 123.558267][ T5234] [ 123.560591][ T5234] The buggy address belongs to the object at ffff88807c91c000 [ 123.560591][ T5234] which belongs to the cache kmalloc-8k of size 8192 [ 123.574667][ T5234] The buggy address is located 0 bytes inside of [ 123.574667][ T5234] freed 8192-byte region [ffff88807c91c000, ffff88807c91e000) [ 123.588383][ T5234] [ 123.590706][ T5234] The buggy address belongs to the physical page: [ 123.597125][ T5234] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7c918 [ 123.605899][ T5234] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 123.614406][ T5234] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 123.622405][ T5234] page_type: 0xfdffffff(slab) [ 123.627086][ T5234] raw: 00fff00000000040 ffff88801ac42280 0000000000000000 dead000000000001 [ 123.635672][ T5234] raw: 0000000000000000 0000000080020002 00000001fdffffff 0000000000000000 [ 123.644263][ T5234] head: 00fff00000000040 ffff88801ac42280 0000000000000000 dead000000000001 [ 123.652950][ T5234] head: 0000000000000000 0000000080020002 00000001fdffffff 0000000000000000 [ 123.661642][ T5234] head: 00fff00000000003 ffffea0001f24601 ffffffffffffffff 0000000000000000 [ 123.670334][ T5234] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 123.679187][ T5234] page dumped because: kasan: bad access detected [ 123.685614][ T5234] page_owner tracks the page as allocated [ 123.691331][ T5234] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4968, tgid 4968 (ssh-keygen), ts 70783599515, free_ts 70769431604 [ 123.710460][ T5234] post_alloc_hook+0x2d1/0x350 [ 123.715350][ T5234] get_page_from_freelist+0x1351/0x2e50 [ 123.720914][ T5234] __alloc_pages_noprof+0x22b/0x2460 [ 123.726216][ T5234] alloc_slab_page+0x4e/0xf0 [ 123.730828][ T5234] new_slab+0x84/0x260 [ 123.734929][ T5234] ___slab_alloc+0xdac/0x1870 [ 123.739631][ T5234] __slab_alloc.constprop.0+0x56/0xb0 [ 123.745034][ T5234] __kmalloc_cache_noprof+0x2b4/0x300 [ 123.750439][ T5234] audit_log_d_path+0xce/0x1e0 [ 123.755239][ T5234] common_lsm_audit+0x3d3/0x2220 [ 123.760196][ T5234] slow_avc_audit+0x17d/0x210 [ 123.764895][ T5234] avc_has_perm+0x18d/0x1c0 [ 123.769417][ T5234] file_has_perm+0x1d0/0x360 [ 123.774028][ T5234] match_file+0xdd/0x150 [ 123.778286][ T5234] iterate_fd+0x119/0x390 [ 123.782647][ T5234] selinux_bprm_committing_creds+0x295/0x730 [ 123.788642][ T5234] page last free pid 4892 tgid 4892 stack trace: [ 123.794974][ T5234] free_unref_page+0x64a/0xe40 [ 123.799775][ T5234] __put_partials+0x14c/0x170 [ 123.804491][ T5234] qlist_free_all+0x4e/0x140 [ 123.809112][ T5234] kasan_quarantine_reduce+0x192/0x1e0 [ 123.814603][ T5234] __kasan_slab_alloc+0x69/0x90 [ 123.819483][ T5234] __kmalloc_noprof+0x199/0x400 [ 123.824363][ T5234] tomoyo_realpath_from_path+0xb9/0x720 [ 123.829930][ T5234] tomoyo_path_number_perm+0x245/0x590 [ 123.835423][ T5234] security_file_ioctl+0x75/0xc0 [ 123.840380][ T5234] __x64_sys_ioctl+0xbb/0x220 [ 123.845087][ T5234] do_syscall_64+0xcd/0x250 [ 123.849621][ T5234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.855529][ T5234] [ 123.857862][ T5234] Memory state around the buggy address: [ 123.863514][ T5234] ffff88807c91bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 123.871587][ T5234] ffff88807c91bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 123.879658][ T5234] >ffff88807c91c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 123.887723][ T5234] ^ [ 123.891799][ T5234] ffff88807c91c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 123.899887][ T5234] ffff88807c91c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 123.907960][ T5234] ================================================================== [ 124.101847][ T5234] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 124.109103][ T5234] CPU: 1 UID: 0 PID: 5234 Comm: kworker/u9:3 Tainted: G W 6.11.0-rc6-syzkaller-00070-gc763c4339688 #0 [ 124.121942][ T5234] Tainted: [W]=WARN [ 124.125794][ T5234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 124.135871][ T5234] Workqueue: hci1 hci_rx_work [ 124.140592][ T5234] Call Trace: [ 124.143893][ T5234] [ 124.146837][ T5234] dump_stack_lvl+0x3d/0x1f0 [ 124.151456][ T5234] panic+0x6dc/0x7c0 [ 124.155411][ T5234] ? __pfx_panic+0x10/0x10 [ 124.159862][ T5234] ? trace_irq_enable.constprop.0+0xe4/0x130 [ 124.165973][ T5234] ? preempt_schedule_thunk+0x1a/0x30 [ 124.171377][ T5234] ? preempt_schedule_common+0x44/0xc0 [ 124.176877][ T5234] check_panic_on_warn+0xab/0xb0 [ 124.181852][ T5234] end_report+0x117/0x180 [ 124.186202][ T5234] kasan_report+0xe9/0x110 [ 124.190638][ T5234] ? hci_le_create_big_complete_evt+0xa62/0xb30 [ 124.196912][ T5234] ? hci_le_create_big_complete_evt+0xa62/0xb30 [ 124.203191][ T5234] hci_le_create_big_complete_evt+0xa62/0xb30 [ 124.209294][ T5234] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 124.215951][ T5234] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 124.222082][ T5234] ? skb_pull_data+0x166/0x210 [ 124.226883][ T5234] hci_le_meta_evt+0x2e2/0x5d0 [ 124.231686][ T5234] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10 [ 124.238312][ T5234] hci_event_packet+0x666/0x1180 [ 124.243283][ T5234] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 124.248606][ T5234] ? __pfx_hci_event_packet+0x10/0x10 [ 124.254104][ T5234] ? mark_held_locks+0x9f/0xe0 [ 124.258922][ T5234] ? kcov_remote_start+0x3cf/0x6e0 [ 124.264050][ T5234] ? lockdep_hardirqs_on+0x7c/0x110 [ 124.269284][ T5234] hci_rx_work+0x2c6/0x1610 [ 124.273829][ T5234] process_one_work+0x9c5/0x1b40 [ 124.278834][ T5234] ? __pfx_lock_acquire+0x10/0x10 [ 124.283898][ T5234] ? __pfx_process_one_work+0x10/0x10 [ 124.289329][ T5234] ? assign_work+0x1a0/0x250 [ 124.293959][ T5234] worker_thread+0x6c8/0xed0 [ 124.298611][ T5234] ? __pfx_worker_thread+0x10/0x10 [ 124.303760][ T5234] kthread+0x2c1/0x3a0 [ 124.307853][ T5234] ? _raw_spin_unlock_irq+0x23/0x50 [ 124.313173][ T5234] ? __pfx_kthread+0x10/0x10 [ 124.317792][ T5234] ret_from_fork+0x45/0x80 [ 124.322247][ T5234] ? __pfx_kthread+0x10/0x10 [ 124.326870][ T5234] ret_from_fork_asm+0x1a/0x30 [ 124.331671][ T5234] [ 124.335024][ T5234] Kernel Offset: disabled [ 124.339378][ T5234] Rebooting in 86400 seconds..