last executing test programs: 219.266838ms ago: executing program 4 (id=5): syz_emit_ethernet(0x1af, &(0x7f0000000000)={@local, @random="467b5543f090", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x179, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, [{0x0, 0x1, "000000050000"}, {0x3, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x13, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ec"}]}}}}}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x7, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) iopl(0x3) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = socket$inet6(0xa, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$EVIOCGBITSND(0xffffffffffffffff, 0x40044583, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) r5 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000000)=0x1, 0xfef2) connect$inet(r5, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x9, &(0x7f0000000040), 0x4) listen(r4, 0x3) accept4(r4, &(0x7f0000000140)=@generic, &(0x7f0000000040)=0x80, 0x800) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) setsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14) 0s ago: executing program 2 (id=3): openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaafffffffffdff86dd6016000000182b00fc01000000000000000000000000000000000000aa870000000000000000000000001090780200140000000000"], 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0xa}, 0x20) socket(0x23, 0x5, 0x0) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000f2d07c40501d89601dd0000000010902120001000000000904"], 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000002a00090000000000000000000400002c08000c8002"], 0x1c}, 0x1, 0x0, 0x0, 0x4000840}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x44, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000280)) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000300)={0x34, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.59' (ED25519) to the list of known hosts. [ 49.401253][ T29] audit: type=1400 audit(1731676620.455:88): avc: denied { mounton } for pid=5815 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 49.404874][ T5815] cgroup: Unknown subsys name 'net' [ 49.424038][ T29] audit: type=1400 audit(1731676620.455:89): avc: denied { mount } for pid=5815 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 49.451519][ T29] audit: type=1400 audit(1731676620.485:90): avc: denied { unmount } for pid=5815 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 49.612377][ T5815] cgroup: Unknown subsys name 'cpuset' [ 49.619275][ T5815] cgroup: Unknown subsys name 'rlimit' [ 49.764462][ T29] audit: type=1400 audit(1731676620.815:91): avc: denied { setattr } for pid=5815 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 49.794231][ T29] audit: type=1400 audit(1731676620.815:92): avc: denied { create } for pid=5815 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 49.815487][ T29] audit: type=1400 audit(1731676620.815:93): avc: denied { write } for pid=5815 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 49.836354][ T29] audit: type=1400 audit(1731676620.815:94): avc: denied { read } for pid=5815 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 49.858784][ T29] audit: type=1400 audit(1731676620.815:95): avc: denied { mounton } for pid=5815 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 49.874083][ T5817] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 49.884035][ T29] audit: type=1400 audit(1731676620.815:96): avc: denied { mount } for pid=5815 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 49.915657][ T29] audit: type=1400 audit(1731676620.845:97): avc: denied { read } for pid=5497 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 50.765168][ T5815] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.622939][ T5827] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 52.640246][ T5831] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 52.648073][ T5831] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 52.656423][ T5831] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 52.664034][ T5831] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 52.673251][ T5831] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 52.680748][ T5831] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 52.688968][ T5831] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 52.696879][ T5831] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 52.704833][ T5831] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 52.711217][ T5837] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 52.712677][ T5831] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 52.724915][ T5829] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 52.726575][ T5831] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 52.732697][ T5837] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 52.747491][ T5829] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 52.753175][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 52.757908][ T5829] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 52.763556][ T5837] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 52.769424][ T5829] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 52.776382][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 52.782962][ T5829] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 52.802698][ T5827] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 52.814565][ T5829] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 52.824056][ T5829] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 52.831475][ T5827] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 52.841083][ T5829] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 52.859753][ T5827] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 52.867434][ T5827] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 52.880820][ T5827] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 53.043847][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 53.066823][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 53.233989][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 53.248892][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 53.264590][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.271770][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.279011][ T5825] bridge_slave_0: entered allmulticast mode [ 53.286139][ T5825] bridge_slave_0: entered promiscuous mode [ 53.295680][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.302831][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.309920][ T5828] bridge_slave_0: entered allmulticast mode [ 53.316679][ T5828] bridge_slave_0: entered promiscuous mode [ 53.324137][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.331398][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.338529][ T5828] bridge_slave_1: entered allmulticast mode [ 53.345058][ T5828] bridge_slave_1: entered promiscuous mode [ 53.354025][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 53.365083][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.372250][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.379335][ T5825] bridge_slave_1: entered allmulticast mode [ 53.386104][ T5825] bridge_slave_1: entered promiscuous mode [ 53.445829][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.461142][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.472011][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.499029][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.552314][ T5828] team0: Port device team_slave_0 added [ 53.559576][ T5825] team0: Port device team_slave_0 added [ 53.574274][ T5828] team0: Port device team_slave_1 added [ 53.586762][ T5825] team0: Port device team_slave_1 added [ 53.592796][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.599835][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.607210][ T5832] bridge_slave_0: entered allmulticast mode [ 53.613729][ T5832] bridge_slave_0: entered promiscuous mode [ 53.620720][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.627770][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.634897][ T5832] bridge_slave_1: entered allmulticast mode [ 53.641628][ T5832] bridge_slave_1: entered promiscuous mode [ 53.690373][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.697444][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.704733][ T5841] bridge_slave_0: entered allmulticast mode [ 53.711425][ T5841] bridge_slave_0: entered promiscuous mode [ 53.718147][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.725269][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.732612][ T5841] bridge_slave_1: entered allmulticast mode [ 53.738925][ T5841] bridge_slave_1: entered promiscuous mode [ 53.746237][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.753325][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.779771][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.791733][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.798673][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.825271][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.839530][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.846709][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 53.872760][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.885117][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.896099][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.905449][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.912643][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.919740][ T5836] bridge_slave_0: entered allmulticast mode [ 53.926272][ T5836] bridge_slave_0: entered promiscuous mode [ 53.933801][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.940937][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.948026][ T5836] bridge_slave_1: entered allmulticast mode [ 53.954538][ T5836] bridge_slave_1: entered promiscuous mode [ 53.973601][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.983009][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.990792][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.016839][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.040237][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.064890][ T5832] team0: Port device team_slave_0 added [ 54.092140][ T5832] team0: Port device team_slave_1 added [ 54.099201][ T5841] team0: Port device team_slave_0 added [ 54.106544][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 54.117960][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 54.134301][ T5828] hsr_slave_0: entered promiscuous mode [ 54.140648][ T5828] hsr_slave_1: entered promiscuous mode [ 54.159175][ T5841] team0: Port device team_slave_1 added [ 54.192812][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.199752][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.225962][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.238151][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.245101][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.270986][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.284472][ T5825] hsr_slave_0: entered promiscuous mode [ 54.290617][ T5825] hsr_slave_1: entered promiscuous mode [ 54.296434][ T5825] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.306480][ T5825] Cannot create hsr debugfs directory [ 54.312403][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.319342][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.345741][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.358310][ T5836] team0: Port device team_slave_0 added [ 54.365897][ T5836] team0: Port device team_slave_1 added [ 54.384888][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.392023][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.418352][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.459186][ T5832] hsr_slave_0: entered promiscuous mode [ 54.465296][ T5832] hsr_slave_1: entered promiscuous mode [ 54.472890][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.480489][ T5832] Cannot create hsr debugfs directory [ 54.491706][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 54.498649][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.524825][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 54.553687][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 54.560685][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 54.586633][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 54.613340][ T5841] hsr_slave_0: entered promiscuous mode [ 54.619380][ T5841] hsr_slave_1: entered promiscuous mode [ 54.625326][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.632970][ T5841] Cannot create hsr debugfs directory [ 54.694251][ T5836] hsr_slave_0: entered promiscuous mode [ 54.701177][ T5836] hsr_slave_1: entered promiscuous mode [ 54.707094][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 54.714922][ T5836] Cannot create hsr debugfs directory [ 54.859645][ T5828] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 54.870639][ T5831] Bluetooth: hci2: command tx timeout [ 54.876125][ T5831] Bluetooth: hci3: command tx timeout [ 54.881773][ T5827] Bluetooth: hci0: command tx timeout [ 54.887291][ T5827] Bluetooth: hci1: command tx timeout [ 54.893068][ T5828] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 54.907661][ T5828] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 54.918331][ T5828] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 54.937182][ T5825] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.950529][ T5827] Bluetooth: hci4: command tx timeout [ 54.957308][ T5825] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.975340][ T5825] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.987367][ T5825] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 55.019209][ T5832] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 55.029515][ T5832] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 55.043223][ T5832] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 55.052875][ T5832] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 55.095101][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.107470][ T5841] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 55.133576][ T5841] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 55.142948][ T5841] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 55.156726][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.171675][ T3507] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.178847][ T3507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.188456][ T5841] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 55.215426][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.222522][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.278148][ T5836] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 55.295164][ T5836] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 55.305786][ T5836] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 55.315269][ T5836] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 55.385550][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.394099][ T29] kauditd_printk_skb: 14 callbacks suppressed [ 55.394111][ T29] audit: type=1400 audit(1731676626.445:112): avc: denied { sys_module } for pid=5828 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 55.395251][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.467500][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.491617][ T3507] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.498711][ T3507] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.517106][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.528781][ T3507] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.535875][ T3507] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.557756][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.564837][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.573710][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.580783][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.593154][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.609463][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 55.619470][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.681871][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.704479][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.711613][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.738922][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 55.760523][ T3769] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.767617][ T3769] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.788279][ T5832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.815342][ T954] bridge0: port 1(bridge_slave_0) entered blocking state [ 55.822536][ T954] bridge0: port 1(bridge_slave_0) entered forwarding state [ 55.861742][ T5828] veth0_vlan: entered promiscuous mode [ 55.873998][ T5836] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 55.884773][ T5836] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 55.907177][ T954] bridge0: port 2(bridge_slave_1) entered blocking state [ 55.914327][ T954] bridge0: port 2(bridge_slave_1) entered forwarding state [ 55.969666][ T5828] veth1_vlan: entered promiscuous mode [ 55.995649][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.049319][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.075262][ T5828] veth0_macvtap: entered promiscuous mode [ 56.113617][ T5828] veth1_macvtap: entered promiscuous mode [ 56.122868][ T5825] veth0_vlan: entered promiscuous mode [ 56.146513][ T5832] veth0_vlan: entered promiscuous mode [ 56.171983][ T5825] veth1_vlan: entered promiscuous mode [ 56.181266][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.193308][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.203856][ T5832] veth1_vlan: entered promiscuous mode [ 56.215833][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.249079][ T5828] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.258488][ T5828] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.267650][ T5828] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.277319][ T5828] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.298074][ T5825] veth0_macvtap: entered promiscuous mode [ 56.307729][ T5825] veth1_macvtap: entered promiscuous mode [ 56.346330][ T5836] veth0_vlan: entered promiscuous mode [ 56.356766][ T5836] veth1_vlan: entered promiscuous mode [ 56.364707][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 56.377687][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.388973][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.401819][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.431882][ T5832] veth0_macvtap: entered promiscuous mode [ 56.438270][ T5825] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.449322][ T5825] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.460949][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.482432][ T5832] veth1_macvtap: entered promiscuous mode [ 56.502571][ T5836] veth0_macvtap: entered promiscuous mode [ 56.516048][ T5825] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.525040][ T5825] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.534194][ T5825] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.543126][ T5825] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.557134][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.568153][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.578614][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.589172][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.600455][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.609501][ T5836] veth1_macvtap: entered promiscuous mode [ 56.619195][ T5841] veth0_vlan: entered promiscuous mode [ 56.628692][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.639787][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.651618][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.662267][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.673354][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.683531][ T5832] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.692547][ T5832] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.702206][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 56.702427][ T5832] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.719079][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 56.726141][ T5832] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.750398][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.761342][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.771387][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.782013][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.792624][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 56.803608][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.814536][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 56.824298][ T5841] veth1_vlan: entered promiscuous mode [ 56.856761][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.872290][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.883180][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.893864][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.903899][ T5836] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 56.914598][ T5836] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 56.925762][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 56.935461][ T5836] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.944585][ T5836] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.952550][ T5827] Bluetooth: hci1: command tx timeout [ 56.954236][ T5836] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 56.958639][ T5835] Bluetooth: hci3: command tx timeout [ 56.967432][ T5831] Bluetooth: hci0: command tx timeout [ 56.972818][ T5835] Bluetooth: hci2: command tx timeout [ 56.982473][ T5836] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 57.008357][ T3769] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.018035][ T3769] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.030768][ T5835] Bluetooth: hci4: command tx timeout [ 57.051529][ T29] audit: type=1400 audit(1731676628.105:113): avc: denied { mounton } for pid=5828 comm="syz-executor" path="/root/syzkaller.xqlS8Q/syz-tmp" dev="sda1" ino=1944 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 57.067432][ T3769] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.087507][ T3769] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.106481][ T29] audit: type=1400 audit(1731676628.105:114): avc: denied { mount } for pid=5828 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 57.121817][ T5841] veth0_macvtap: entered promiscuous mode [ 57.133813][ T29] audit: type=1400 audit(1731676628.105:115): avc: denied { mounton } for pid=5828 comm="syz-executor" path="/root/syzkaller.xqlS8Q/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 57.160343][ T29] audit: type=1400 audit(1731676628.105:116): avc: denied { mount } for pid=5828 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 57.183800][ T29] audit: type=1400 audit(1731676628.105:117): avc: denied { mounton } for pid=5828 comm="syz-executor" path="/root/syzkaller.xqlS8Q/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 57.211600][ T29] audit: type=1400 audit(1731676628.105:118): avc: denied { mounton } for pid=5828 comm="syz-executor" path="/root/syzkaller.xqlS8Q/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=7043 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 57.255719][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.255931][ T29] audit: type=1400 audit(1731676628.105:119): avc: denied { unmount } for pid=5828 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 57.287335][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.297787][ T5828] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 57.317567][ T29] audit: type=1400 audit(1731676628.135:120): avc: denied { mounton } for pid=5828 comm="syz-executor" path="/dev/binderfs" dev="devtmpfs" ino=2724 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 57.343940][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.348553][ T29] audit: type=1400 audit(1731676628.135:121): avc: denied { mount } for pid=5828 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 57.354823][ T5841] veth1_macvtap: entered promiscuous mode [ 57.387246][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.453270][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.463845][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.475530][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.487039][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.497566][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.511038][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.525792][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 57.536905][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.553161][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.579668][ T3769] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.606066][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 57.622937][ T3769] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.644564][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 57.671965][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.687341][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.698498][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 57.828099][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 57.925911][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.048508][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.073834][ T5835] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 58.087818][ T5835] CPU: 1 UID: 0 PID: 5835 Comm: kworker/u9:5 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 58.098698][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 58.108935][ T5835] Workqueue: hci1 hci_rx_work [ 58.113644][ T5835] Call Trace: [ 58.116923][ T5835] [ 58.119858][ T5835] dump_stack_lvl+0x16c/0x1f0 [ 58.124540][ T5835] sysfs_warn_dup+0x7f/0xa0 [ 58.129061][ T5835] sysfs_create_dir_ns+0x24d/0x2b0 [ 58.133512][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 58.134172][ T5835] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 58.150217][ T5835] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 58.155690][ T5835] ? kobject_add_internal+0x12d/0x990 [ 58.161062][ T5835] ? do_raw_spin_unlock+0x172/0x230 [ 58.166262][ T5835] kobject_add_internal+0x2c8/0x990 [ 58.171460][ T5835] kobject_add+0x16f/0x240 [ 58.175866][ T5835] ? __pfx_kobject_add+0x10/0x10 [ 58.180795][ T5835] ? kobject_put+0xab/0x5a0 [ 58.185295][ T5835] device_add+0x289/0x1a70 [ 58.189704][ T5835] ? __pfx_dev_set_name+0x10/0x10 [ 58.194719][ T5835] ? __pfx_device_add+0x10/0x10 [ 58.199562][ T5835] ? mgmt_send_event_skb+0x2f2/0x460 [ 58.204862][ T5835] hci_conn_add_sysfs+0x17e/0x230 [ 58.209879][ T5835] le_conn_complete_evt+0x1078/0x1d80 [ 58.215245][ T5835] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 58.220960][ T5835] ? __mutex_lock+0x2cc/0x9c0 [ 58.225628][ T5835] hci_le_conn_complete_evt+0x23c/0x370 [ 58.231183][ T5835] hci_le_meta_evt+0x2e2/0x5d0 [ 58.235951][ T5835] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 58.242013][ T5835] hci_event_packet+0x666/0x1180 [ 58.246949][ T5835] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 58.252227][ T5835] ? __pfx_hci_event_packet+0x10/0x10 [ 58.257594][ T5835] ? kcov_remote_start+0x3df/0x6e0 [ 58.262695][ T5835] hci_rx_work+0x2c6/0x1610 [ 58.267195][ T5835] ? lock_acquire+0x2f/0xb0 [ 58.271688][ T5835] ? process_one_work+0x921/0x1ba0 [ 58.276788][ T5835] process_one_work+0x9c5/0x1ba0 [ 58.281720][ T5835] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 58.287343][ T5835] ? __pfx_process_one_work+0x10/0x10 [ 58.292708][ T5835] ? assign_work+0x1a0/0x250 [ 58.297296][ T5835] worker_thread+0x6c8/0xf00 [ 58.301881][ T5835] ? __kthread_parkme+0x148/0x220 [ 58.306894][ T5835] ? __pfx_worker_thread+0x10/0x10 [ 58.311994][ T5835] kthread+0x2c1/0x3a0 [ 58.316048][ T5835] ? _raw_spin_unlock_irq+0x23/0x50 [ 58.321239][ T5835] ? __pfx_kthread+0x10/0x10 [ 58.325823][ T5835] ret_from_fork+0x45/0x80 [ 58.330225][ T5835] ? __pfx_kthread+0x10/0x10 [ 58.334803][ T5835] ret_from_fork_asm+0x1a/0x30 [ 58.339568][ T5835] [ 58.345339][ T5835] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 58.359516][ T5835] Bluetooth: hci1: failed to register connection device [ 58.369776][ T5835] ================================================================== [ 58.377845][ T5835] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0xdbe/0xf80 [ 58.385745][ T5835] Read of size 8 at addr ffff888021362480 by task kworker/u9:5/5835 [ 58.389590][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 58.393700][ T5835] [ 58.393707][ T5835] CPU: 1 UID: 0 PID: 5835 Comm: kworker/u9:5 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 58.393727][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 58.393739][ T5835] Workqueue: hci1 hci_rx_work [ 58.393766][ T5835] Call Trace: [ 58.393772][ T5835] [ 58.393779][ T5835] dump_stack_lvl+0x116/0x1f0 [ 58.393800][ T5835] print_report+0xc3/0x620 [ 58.393823][ T5835] ? __virt_addr_valid+0x5e/0x590 [ 58.393846][ T5835] ? __phys_addr+0xc6/0x150 [ 58.393869][ T5835] kasan_report+0xd9/0x110 [ 58.393889][ T5835] ? l2cap_connect_cfm+0xdbe/0xf80 [ 58.393913][ T5835] ? l2cap_connect_cfm+0xdbe/0xf80 [ 58.393936][ T5835] l2cap_connect_cfm+0xdbe/0xf80 [ 58.393961][ T5835] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 58.393986][ T5835] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 58.394007][ T5835] le_conn_complete_evt+0x1662/0x1d80 [ 58.394032][ T5835] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 58.405717][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 58.406144][ T5835] ? __mutex_lock+0x2cc/0x9c0 [ 58.420183][ T5841] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.426990][ T5835] hci_le_conn_complete_evt+0x23c/0x370 [ 58.432254][ T5841] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.434913][ T5835] hci_le_meta_evt+0x2e2/0x5d0 [ 58.437827][ T5841] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.442472][ T5835] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 58.442504][ T5835] hci_event_packet+0x666/0x1180 [ 58.442525][ T5835] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 58.442549][ T5835] ? __pfx_hci_event_packet+0x10/0x10 [ 58.442570][ T5835] ? kcov_remote_start+0x3df/0x6e0 [ 58.442587][ T5835] hci_rx_work+0x2c6/0x1610 [ 58.442610][ T5835] ? lock_acquire+0x2f/0xb0 [ 58.442625][ T5835] ? process_one_work+0x921/0x1ba0 [ 58.442649][ T5835] process_one_work+0x9c5/0x1ba0 [ 58.442669][ T5835] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 58.442686][ T5835] ? __pfx_process_one_work+0x10/0x10 [ 58.442705][ T5835] ? assign_work+0x1a0/0x250 [ 58.442733][ T5835] worker_thread+0x6c8/0xf00 [ 58.442753][ T5835] ? __kthread_parkme+0x148/0x220 [ 58.442776][ T5835] ? __pfx_worker_thread+0x10/0x10 [ 58.442793][ T5835] kthread+0x2c1/0x3a0 [ 58.442813][ T5835] ? _raw_spin_unlock_irq+0x23/0x50 [ 58.451589][ T5841] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.452209][ T5835] ? __pfx_kthread+0x10/0x10 [ 58.479826][ T954] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.481773][ T5835] ret_from_fork+0x45/0x80 [ 58.481797][ T5835] ? __pfx_kthread+0x10/0x10 [ 58.481819][ T5835] ret_from_fork_asm+0x1a/0x30 [ 58.481848][ T5835] [ 58.481855][ T5835] [ 58.481859][ T5835] Allocated by task 5835: [ 58.481868][ T5835] kasan_save_stack+0x33/0x60 [ 58.481887][ T5835] kasan_save_track+0x14/0x30 [ 58.481904][ T5835] __kasan_kmalloc+0xaa/0xb0 [ 58.481921][ T5835] l2cap_chan_create+0x44/0x920 [ 58.487706][ T954] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.492697][ T5835] l2cap_sock_alloc.constprop.0+0xf3/0x180 [ 58.492725][ T5835] l2cap_sock_new_connection_cb+0x101/0x240 [ 58.492748][ T5835] l2cap_connect_cfm+0x4c9/0xf80 [ 58.492768][ T5835] le_conn_complete_evt+0x1662/0x1d80 [ 58.504375][ T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 58.505797][ T5835] hci_le_conn_complete_evt+0x23c/0x370 [ 58.737024][ T5835] hci_le_meta_evt+0x2e2/0x5d0 [ 58.741781][ T5835] hci_event_packet+0x666/0x1180 [ 58.746701][ T5835] hci_rx_work+0x2c6/0x1610 [ 58.751190][ T5835] process_one_work+0x9c5/0x1ba0 [ 58.756106][ T5835] worker_thread+0x6c8/0xf00 [ 58.760675][ T5835] kthread+0x2c1/0x3a0 [ 58.764728][ T5835] ret_from_fork+0x45/0x80 [ 58.769121][ T5835] ret_from_fork_asm+0x1a/0x30 [ 58.773868][ T5835] [ 58.776169][ T5835] Freed by task 5913: [ 58.780124][ T5835] kasan_save_stack+0x33/0x60 [ 58.784780][ T5835] kasan_save_track+0x14/0x30 [ 58.789435][ T5835] kasan_save_free_info+0x3b/0x60 [ 58.794444][ T5835] __kasan_slab_free+0x51/0x70 [ 58.799188][ T5835] kfree+0x14f/0x4b0 [ 58.803061][ T5835] l2cap_chan_put+0x216/0x2c0 [ 58.807716][ T5835] l2cap_sock_cleanup_listen+0x4d/0x2a0 [ 58.813247][ T5835] l2cap_sock_release+0x5c/0x210 [ 58.818175][ T5835] __sock_release+0xb0/0x270 [ 58.822764][ T5835] sock_close+0x1c/0x30 [ 58.826912][ T5835] __fput+0x3f6/0xb60 [ 58.830881][ T5835] task_work_run+0x14e/0x250 [ 58.835451][ T5835] get_signal+0x1ca/0x2770 [ 58.839850][ T5835] arch_do_signal_or_restart+0x90/0x7e0 [ 58.845399][ T5835] syscall_exit_to_user_mode+0x150/0x2a0 [ 58.851027][ T5835] do_syscall_64+0xda/0x250 [ 58.855514][ T5835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.861396][ T5835] [ 58.863698][ T5835] The buggy address belongs to the object at ffff888021362000 [ 58.863698][ T5835] which belongs to the cache kmalloc-2k of size 2048 [ 58.877729][ T5835] The buggy address is located 1152 bytes inside of [ 58.877729][ T5835] freed 2048-byte region [ffff888021362000, ffff888021362800) [ 58.891677][ T5835] [ 58.893979][ T5835] The buggy address belongs to the physical page: [ 58.900365][ T5835] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21360 [ 58.909116][ T5835] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 58.917593][ T5835] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 58.925113][ T5835] page_type: f5(slab) [ 58.929072][ T5835] raw: 00fff00000000040 ffff88801b042000 ffffea00007ab400 0000000000000002 [ 58.937634][ T5835] raw: 0000000000000000 0000000080080008 00000001f5000000 0000000000000000 [ 58.946198][ T5835] head: 00fff00000000040 ffff88801b042000 ffffea00007ab400 0000000000000002 [ 58.954851][ T5835] head: 0000000000000000 0000000080080008 00000001f5000000 0000000000000000 [ 58.963503][ T5835] head: 00fff00000000003 ffffea000084d801 ffffffffffffffff 0000000000000000 [ 58.972153][ T5835] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 58.980807][ T5835] page dumped because: kasan: bad access detected [ 58.987214][ T5835] page_owner tracks the page as allocated [ 58.992914][ T5835] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5668, tgid 5668 (dhcpcd-run-hook), ts 33999753867, free_ts 33998680691 [ 59.013751][ T5835] post_alloc_hook+0x2d1/0x350 [ 59.018506][ T5835] get_page_from_freelist+0xfce/0x2f80 [ 59.023947][ T5835] __alloc_pages_noprof+0x223/0x25a0 [ 59.029213][ T5835] alloc_pages_mpol_noprof+0x2c9/0x610 [ 59.034662][ T5835] new_slab+0x2c9/0x410 [ 59.038801][ T5835] ___slab_alloc+0xdac/0x1880 [ 59.043470][ T5835] __slab_alloc.constprop.0+0x56/0xb0 [ 59.048829][ T5835] __kmalloc_noprof+0x367/0x400 [ 59.053671][ T5835] tomoyo_init_log+0x13c7/0x2170 [ 59.058605][ T5835] tomoyo_supervisor+0x30c/0xea0 [ 59.063536][ T5835] tomoyo_env_perm+0x193/0x210 [ 59.068295][ T5835] tomoyo_find_next_domain+0xe8e/0x2070 [ 59.073827][ T5835] tomoyo_bprm_check_security+0x12b/0x1d0 [ 59.079528][ T5835] security_bprm_check+0x1b9/0x1e0 [ 59.084616][ T5835] bprm_execve+0x642/0x1960 [ 59.089107][ T5835] do_execveat_common.isra.0+0x4f1/0x630 [ 59.094729][ T5835] page last free pid 5668 tgid 5668 stack trace: [ 59.101033][ T5835] free_unref_page+0x661/0x1080 [ 59.105863][ T5835] __put_partials+0x14c/0x170 [ 59.110521][ T5835] qlist_free_all+0x4e/0x120 [ 59.115096][ T5835] kasan_quarantine_reduce+0x192/0x1e0 [ 59.120532][ T5835] __kasan_slab_alloc+0x69/0x90 [ 59.125367][ T5835] __kmalloc_noprof+0x199/0x400 [ 59.130200][ T5835] tomoyo_supervisor+0x43d/0xea0 [ 59.135117][ T5835] tomoyo_env_perm+0x193/0x210 [ 59.139861][ T5835] tomoyo_find_next_domain+0xe8e/0x2070 [ 59.145392][ T5835] tomoyo_bprm_check_security+0x12b/0x1d0 [ 59.151093][ T5835] security_bprm_check+0x1b9/0x1e0 [ 59.156184][ T5835] bprm_execve+0x642/0x1960 [ 59.160672][ T5835] do_execveat_common.isra.0+0x4f1/0x630 [ 59.166288][ T5835] __x64_sys_execve+0x8c/0xb0 [ 59.170945][ T5835] do_syscall_64+0xcd/0x250 [ 59.175425][ T5835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.181307][ T5835] [ 59.183608][ T5835] Memory state around the buggy address: [ 59.189218][ T5835] ffff888021362380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.197254][ T5835] ffff888021362400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.205291][ T5835] >ffff888021362480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.213329][ T5835] ^ [ 59.217368][ T5835] ffff888021362500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.225404][ T5835] ffff888021362580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.233439][ T5835] ================================================================== [ 59.245794][ T5827] Bluetooth: hci2: command tx timeout [ 59.251702][ T5827] Bluetooth: hci4: command tx timeout [ 59.257255][ T5827] Bluetooth: hci0: command tx timeout [ 59.263226][ T5827] Bluetooth: hci3: command tx timeout [ 59.269540][ T5835] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 59.276740][ T5835] CPU: 1 UID: 0 PID: 5835 Comm: kworker/u9:5 Not tainted 6.12.0-rc7-syzkaller-00125-gcfaaa7d010d1 #0 [ 59.287588][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 [ 59.297651][ T5835] Workqueue: hci1 hci_rx_work [ 59.302352][ T5835] Call Trace: [ 59.305628][ T5835] [ 59.308560][ T5835] dump_stack_lvl+0x3d/0x1f0 [ 59.313161][ T5835] panic+0x71d/0x800 [ 59.317071][ T5835] ? __pfx_panic+0x10/0x10 [ 59.321498][ T5835] ? preempt_schedule_thunk+0x1a/0x30 [ 59.326872][ T5835] ? preempt_schedule_common+0x44/0xc0 [ 59.332349][ T5835] check_panic_on_warn+0xab/0xb0 [ 59.337295][ T5835] end_report+0x117/0x180 [ 59.341636][ T5835] kasan_report+0xe9/0x110 [ 59.346062][ T5835] ? l2cap_connect_cfm+0xdbe/0xf80 [ 59.351183][ T5835] ? l2cap_connect_cfm+0xdbe/0xf80 [ 59.356288][ T5835] l2cap_connect_cfm+0xdbe/0xf80 [ 59.361219][ T5835] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 59.366673][ T5835] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 59.372138][ T5835] le_conn_complete_evt+0x1662/0x1d80 [ 59.377502][ T5835] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 59.383206][ T5835] ? __mutex_lock+0x2cc/0x9c0 [ 59.387869][ T5835] hci_le_conn_complete_evt+0x23c/0x370 [ 59.393402][ T5835] hci_le_meta_evt+0x2e2/0x5d0 [ 59.398328][ T5835] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 59.404399][ T5835] hci_event_packet+0x666/0x1180 [ 59.409320][ T5835] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 59.414590][ T5835] ? __pfx_hci_event_packet+0x10/0x10 [ 59.419946][ T5835] ? kcov_remote_start+0x3df/0x6e0 [ 59.425041][ T5835] hci_rx_work+0x2c6/0x1610 [ 59.429532][ T5835] ? lock_acquire+0x2f/0xb0 [ 59.434014][ T5835] ? process_one_work+0x921/0x1ba0 [ 59.439105][ T5835] process_one_work+0x9c5/0x1ba0 [ 59.444022][ T5835] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 59.449638][ T5835] ? __pfx_process_one_work+0x10/0x10 [ 59.454992][ T5835] ? assign_work+0x1a0/0x250 [ 59.459568][ T5835] worker_thread+0x6c8/0xf00 [ 59.464145][ T5835] ? __kthread_parkme+0x148/0x220 [ 59.469151][ T5835] ? __pfx_worker_thread+0x10/0x10 [ 59.474257][ T5835] kthread+0x2c1/0x3a0 [ 59.478310][ T5835] ? _raw_spin_unlock_irq+0x23/0x50 [ 59.483495][ T5835] ? __pfx_kthread+0x10/0x10 [ 59.488071][ T5835] ret_from_fork+0x45/0x80 [ 59.492467][ T5835] ? __pfx_kthread+0x10/0x10 [ 59.497040][ T5835] ret_from_fork_asm+0x1a/0x30 [ 59.501795][ T5835] [ 59.504983][ T5835] Kernel Offset: disabled [ 59.509286][ T5835] Rebooting in 86400 seconds..