Warning: Permanently added '10.128.1.13' (ED25519) to the list of known hosts. [ 227.088231][ T28] audit: type=1400 audit(1713678861.342:87): avc: denied { execmem } for pid=5085 comm="syz-executor324" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 227.123566][ T28] audit: type=1400 audit(1713678861.362:88): avc: denied { mounton } for pid=5088 comm="syz-executor324" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 227.170010][ T28] audit: type=1400 audit(1713678861.362:89): avc: denied { mount } for pid=5088 comm="syz-executor324" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 227.195411][ T28] audit: type=1400 audit(1713678861.362:90): avc: denied { create } for pid=5088 comm="syz-executor324" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 227.219813][ T28] audit: type=1400 audit(1713678861.362:91): avc: denied { read write } for pid=5088 comm="syz-executor324" name="vhci" dev="devtmpfs" ino=1077 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 227.247197][ T28] audit: type=1400 audit(1713678861.372:92): avc: denied { open } for pid=5091 comm="syz-executor324" path="/dev/vhci" dev="devtmpfs" ino=1077 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 227.265844][ T5108] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 227.271542][ T28] audit: type=1400 audit(1713678861.412:93): avc: denied { ioctl } for pid=5093 comm="syz-executor324" path="socket:[3627]" dev="sockfs" ino=3627 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 227.280573][ T5108] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 227.306260][ T5110] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 227.312558][ T5108] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 227.319143][ T5110] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 227.327867][ T5108] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 227.334965][ T5110] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 227.341312][ T5108] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 227.347834][ T5109] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 227.354893][ T5108] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 227.361997][ T5110] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 227.369113][ T5108] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 227.376080][ T5109] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 227.384300][ T5108] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 227.389059][ T5110] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 227.396554][ T5108] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 227.403561][ T5110] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 227.410312][ T5108] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 227.418448][ T5109] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 227.432405][ T5108] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 227.433159][ T5109] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 227.448810][ T5109] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 227.452893][ T28] audit: type=1400 audit(1713678861.692:94): avc: denied { mounton } for pid=5093 comm="syz-executor324" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 227.484489][ T5109] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 227.504353][ T5109] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 227.506566][ T5111] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 227.519281][ T5109] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 227.520239][ T5111] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 227.534524][ T5111] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 227.542484][ T5109] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 227.558824][ T5109] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 227.813421][ T28] audit: type=1400 audit(1713678862.062:95): avc: denied { mounton } for pid=5091 comm="syz-executor324" path="/dev/binderfs" dev="devtmpfs" ino=2322 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 227.888666][ T28] audit: type=1400 audit(1713678862.072:96): avc: denied { mount } for pid=5091 comm="syz-executor324" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 332.933764][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 332.940827][ C0] rcu: (detected by 0, t=10502 jiffies, g=7789, q=17 ncpus=2) [ 332.948394][ C0] rcu: All QSes seen, last rcu_preempt kthread activity 10501 (4294970340-4294959839), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 332.961794][ C0] rcu: rcu_preempt kthread starved for 10502 jiffies! g7789 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 332.973029][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 332.983017][ C0] rcu: RCU grace-period kthread stack dump: [ 332.988920][ C0] task:rcu_preempt state:R running task stack:27664 pid:16 tgid:16 ppid:2 flags:0x00004000 [ 333.000678][ C0] Call Trace: [ 333.003983][ C0] [ 333.006933][ C0] __schedule+0xf15/0x5d00 [ 333.011507][ C0] ? __pfx___lock_acquire+0x10/0x10 [ 333.016806][ C0] ? __pfx___schedule+0x10/0x10 [ 333.021678][ C0] ? schedule+0x298/0x350 [ 333.026050][ C0] ? __pfx_lock_release+0x10/0x10 [ 333.031124][ C0] ? __pfx___mod_timer+0x10/0x10 [ 333.036198][ C0] ? lock_acquire+0x1b1/0x560 [ 333.040918][ C0] ? lockdep_init_map_type+0x16d/0x7d0 [ 333.046418][ C0] schedule+0xe7/0x350 [ 333.050619][ C0] schedule_timeout+0x136/0x2a0 [ 333.055672][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 333.061077][ C0] ? __pfx_process_timeout+0x10/0x10 [ 333.066398][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 333.072227][ C0] ? prepare_to_swait_event+0xf0/0x470 [ 333.077783][ C0] rcu_gp_fqs_loop+0x1eb/0xb00 [ 333.082634][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 333.087959][ C0] ? __pfx_lock_release+0x10/0x10 [ 333.093036][ C0] rcu_gp_kthread+0x271/0x380 [ 333.097920][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 333.103170][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 333.108470][ C0] ? __kthread_parkme+0x148/0x220 [ 333.113570][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 333.118792][ C0] kthread+0x2c1/0x3a0 [ 333.122916][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 333.128177][ C0] ? __pfx_kthread+0x10/0x10 [ 333.132790][ C0] ret_from_fork+0x45/0x80 [ 333.137242][ C0] ? __pfx_kthread+0x10/0x10 [ 333.141854][ C0] ret_from_fork_asm+0x1a/0x30 [ 333.146679][ C0] [ 333.149707][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 333.156053][ C0] Sending NMI from CPU 0 to CPUs 1: [ 333.161277][ C1] NMI backtrace for cpu 1 [ 333.161288][ C1] CPU: 1 PID: 5115 Comm: syz-executor324 Not tainted 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0 [ 333.161311][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 333.161322][ C1] RIP: 0010:__lock_acquire+0xc4c/0x3b30 [ 333.161355][ C1] Code: 14 02 48 c7 c0 94 64 9f 8f 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 31 2c 00 00 8b 1d 01 be 33 0e 85 db 75 40 44 8b 5c 24 10 <45> 85 db 0f 85 11 07 00 00 4c 89 f7 e8 23 4e ff ff 48 ba 00 00 00 [ 333.161374][ C1] RSP: 0018:ffffc90000a08a88 EFLAGS: 00000046 [ 333.161454][ C1] RAX: 0000000000000007 RBX: 0000000000000000 RCX: ffffffff816ba90a [ 333.161467][ C1] RDX: 0000000000000000 RSI: ffff888077948ad8 RDI: 00000000dab347d6 [ 333.161480][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff27bb032 [ 333.161493][ C1] R10: ffffffff93dd8197 R11: 0000000000000003 R12: ffffed100ef2915a [ 333.161507][ C1] R13: 00000000000000b2 R14: ffff888077948b50 R15: 0000000000000002 [ 333.161526][ C1] FS: 0000555576a7a3c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 333.161551][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 333.161565][ C1] CR2: 00007f67af00d4c0 CR3: 0000000078200000 CR4: 00000000003506f0 [ 333.161586][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 333.161605][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 333.161620][ C1] Call Trace: [ 333.161629][ C1] [ 333.161645][ C1] ? show_regs+0x8c/0xa0 [ 333.161676][ C1] ? nmi_cpu_backtrace+0x1d8/0x390 [ 333.161738][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 333.161772][ C1] ? nmi_handle+0x1a9/0x5c0 [ 333.161792][ C1] ? __lock_acquire+0xc4c/0x3b30 [ 333.161819][ C1] ? default_do_nmi+0x6a/0x160 [ 333.161844][ C1] ? exc_nmi+0x170/0x1e0 [ 333.161866][ C1] ? end_repeat_nmi+0xf/0x53 [ 333.161927][ C1] ? __lock_acquire+0xeba/0x3b30 [ 333.161954][ C1] ? __lock_acquire+0xc4c/0x3b30 [ 333.161986][ C1] ? __lock_acquire+0xc4c/0x3b30 [ 333.162014][ C1] ? __lock_acquire+0xc4c/0x3b30 [ 333.162040][ C1] [ 333.162046][ C1] [ 333.162056][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 333.162083][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 333.162110][ C1] lock_acquire+0x1b1/0x560 [ 333.162138][ C1] ? __lock_task_sighand+0xc2/0x340 [ 333.162198][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 333.162225][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 333.162258][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 333.162285][ C1] ? debug_object_deactivate+0x1f0/0x370 [ 333.162361][ C1] _raw_spin_lock_irqsave+0x3a/0x60 [ 333.162387][ C1] ? __lock_task_sighand+0xc2/0x340 [ 333.162408][ C1] __lock_task_sighand+0xc2/0x340 [ 333.162429][ C1] send_sigqueue+0x1d4/0x850 [ 333.162450][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 333.162471][ C1] ? __pfx_send_sigqueue+0x10/0x10 [ 333.162493][ C1] posix_timer_fn+0x181/0x3e0 [ 333.162551][ C1] ? do_raw_spin_unlock+0x172/0x230 [ 333.162587][ C1] ? __pfx_posix_timer_fn+0x10/0x10 [ 333.162614][ C1] __hrtimer_run_queues+0x20c/0xcc0 [ 333.162639][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 333.162660][ C1] ? ktime_get_update_offsets_now+0x3bd/0x620 [ 333.162691][ C1] hrtimer_interrupt+0x31b/0x800 [ 333.162717][ C1] __sysvec_apic_timer_interrupt+0x10f/0x450 [ 333.162740][ C1] sysvec_apic_timer_interrupt+0x90/0xb0 [ 333.162768][ C1] [ 333.162775][ C1] [ 333.162781][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 333.162803][ C1] RIP: 0010:_raw_spin_unlock_irq+0x29/0x50 [ 333.162830][ C1] Code: 90 f3 0f 1e fa 53 48 8b 74 24 08 48 89 fb 48 83 c7 18 e8 ba 2f 8d f6 48 89 df e8 12 ac 8d f6 e8 5d 32 b6 f6 fb bf 01 00 00 00 e2 e9 7e f6 65 8b 05 c3 2c 25 75 85 c0 74 06 5b c3 cc cc cc cc [ 333.162849][ C1] RSP: 0018:ffffc900032efcf0 EFLAGS: 00000202 [ 333.162865][ C1] RAX: 0000000003951489 RBX: ffff888021c38940 RCX: 1ffffffff1f3ddc9 [ 333.162880][ C1] RDX: 0000000000000000 RSI: ffffffff8b0cae00 RDI: 0000000000000001 [ 333.162894][ C1] RBP: ffff888021c38d40 R08: 0000000000000001 R09: 0000000000000001 [ 333.162908][ C1] R10: ffffffff8f9f30d7 R11: 0000000000000000 R12: 0000000000000000 [ 333.162921][ C1] R13: 0000000000000021 R14: ffff888021c38940 R15: ffff888021c38940 [ 333.162940][ C1] get_signal+0x1e3e/0x2710 [ 333.162966][ C1] ? __pfx_get_signal+0x10/0x10 [ 333.162995][ C1] ? do_sigaltstack.constprop.0+0x547/0x800 [ 333.163024][ C1] arch_do_signal_or_restart+0x90/0x7e0 [ 333.163051][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 333.163076][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 333.163102][ C1] ? __do_sys_rt_sigreturn+0x167/0x230 [ 333.163128][ C1] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 333.163155][ C1] syscall_exit_to_user_mode+0x14a/0x2a0 [ 333.163184][ C1] do_syscall_64+0xdc/0x260 [ 333.163205][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.163251][ C1] RIP: 0033:0x7f67aeff5e79 [ 333.163266][ C1] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 333.163285][ C1] RSP: 002b:00007ffc18bb60a8 EFLAGS: 00000246 [ 333.163301][ C1] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f67aeff5e79 [ 333.163315][ C1] RDX: 000000002006b000 RSI: 0000000000000000 RDI: 0000000000000000 [ 333.163328][ C1] RBP: 00000000000f4240 R08: 0000000000000000 R09: 0000000000000000 [ 333.163341][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000555576a7a370 [ 333.163355][ C1] R13: 0000000000000000 R14: 00007ffc18bb6120 R15: 00007ffc18bb6110 [ 333.163372][ C1] [ 333.163380][ C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 2.102 msecs