syzkaller login: [ 84.431866][ T28] audit: type=1400 audit(1715117671.039:78): avc: denied { transition } for pid=4941 comm="sshd" path="/bin/sh" dev="sda1" ino=89 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 84.461441][ T28] audit: type=1400 audit(1715117671.039:79): avc: denied { noatsecure } for pid=4941 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 84.494198][ T28] audit: type=1400 audit(1715117671.039:80): avc: denied { write } for pid=4941 comm="sh" path="pipe:[3065]" dev="pipefs" ino=3065 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 84.546748][ T28] audit: type=1400 audit(1715117671.039:81): avc: denied { rlimitinh } for pid=4941 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 84.567484][ T28] audit: type=1400 audit(1715117671.039:82): avc: denied { siginh } for pid=4941 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 85.839834][ T28] audit: type=1400 audit(1715117672.449:83): avc: denied { read } for pid=4509 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 85.862481][ T28] audit: type=1400 audit(1715117672.449:84): avc: denied { append } for pid=4509 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 85.886051][ T28] audit: type=1400 audit(1715117672.449:85): avc: denied { open } for pid=4509 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 85.909214][ T28] audit: type=1400 audit(1715117672.449:86): avc: denied { getattr } for pid=4509 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 102.930084][ T44] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.119' (ED25519) to the list of known hosts.
[ 192.651283][ T28] audit: type=1400 audit(1715117779.259:87): avc: denied { execmem } for pid=5089 comm="syz-executor175" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 192.691074][ T28] audit: type=1400 audit(1715117779.279:88): avc: denied { mounton } for pid=5092 comm="syz-executor175" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[ 192.728324][ T28] audit: type=1400 audit(1715117779.279:89): avc: denied { mount } for pid=5092 comm="syz-executor175" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 192.759527][ T28] audit: type=1400 audit(1715117779.279:90): avc: denied { create } for pid=5092 comm="syz-executor175" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 192.783721][ T28] audit: type=1400 audit(1715117779.279:91): avc: denied { read write } for pid=5092 comm="syz-executor175" name="vhci" dev="devtmpfs" ino=1077 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[ 192.810929][ T28] audit: type=1400 audit(1715117779.279:92): avc: denied { open } for pid=5092 comm="syz-executor175" path="/dev/vhci" dev="devtmpfs" ino=1077 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[ 192.838998][ T5110] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 192.848163][ T28] audit: type=1400 audit(1715117779.319:93): avc: denied { ioctl } for pid=5096 comm="syz-executor175" path="socket:[3644]" dev="sockfs" ino=3644 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 192.848471][ T5112] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 192.876006][ T5110] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 192.883153][ T5113] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 192.890290][ T5110] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 192.899648][ T5113] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 192.905800][ T5112] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 192.911875][ T5114] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 192.920423][ T5110] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 192.928696][ T5113] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 192.935189][ T5112] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 192.944785][ T5113] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 192.948012][ T5110] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 192.954198][ T5114] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 192.962568][ T5112] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 192.968758][ T5113] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 192.980207][ T5112] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 192.984418][ T5114] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 192.990260][ T5110] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 192.997191][ T5114] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 193.005138][ T5110] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 193.016434][ T5114] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 193.019688][ T5110] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 193.026647][ T5114] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 193.033043][ T5110] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 193.046972][ T5110] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 193.054921][ T5110] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 193.056974][ T5115] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 193.067888][ T5110] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 193.078039][ T4471] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 193.089072][ T28] audit: type=1400 audit(1715117779.689:94): avc: denied { mounton } for pid=5099 comm="syz-executor175" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
executing program
[ 193.587119][ T28] audit: type=1400 audit(1715117780.179:95): avc: denied { mounton } for pid=5094 comm="syz-executor175" path="/dev/binderfs" dev="devtmpfs" ino=2322 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
executing program
[ 193.620248][ T28] audit: type=1400 audit(1715117780.189:96): avc: denied { mount } for pid=5094 comm="syz-executor175" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 298.666497][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 298.674462][ C0] rcu: (detected by 0, t=10502 jiffies, g=9585, q=15 ncpus=2)
[ 298.682724][ C0] rcu: All QSes seen, last rcu_preempt kthread activity 10503 (4294966903-4294956400), jiffies_till_next_fqs=1, root ->qsmask 0x0
[ 298.696883][ C0] rcu: rcu_preempt kthread starved for 10505 jiffies! g9585 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[ 298.708958][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 298.719268][ C0] rcu: RCU grace-period kthread stack dump:
[ 298.725718][ C0] task:rcu_preempt state:R running task stack:27664 pid:16 tgid:16 ppid:2 flags:0x00004000
[ 298.738699][ C0] Call Trace:
[ 298.742032][ C0]
[ 298.745095][ C0] __schedule+0xf15/0x5d00
[ 298.749897][ C0] ? __pfx___lock_acquire+0x10/0x10
[ 298.755467][ C0] ? __pfx___schedule+0x10/0x10
[ 298.760507][ C0] ? schedule+0x298/0x350
[ 298.765217][ C0] ? __pfx_lock_release+0x10/0x10
[ 298.770323][ C0] ? __pfx___mod_timer+0x10/0x10
[ 298.775417][ C0] ? lock_acquire+0x1b1/0x560
[ 298.780248][ C0] ? lockdep_init_map_type+0x16d/0x7d0
[ 298.786385][ C0] schedule+0xe7/0x350
[ 298.790536][ C0] schedule_timeout+0x136/0x2a0
[ 298.795509][ C0] ? __pfx_schedule_timeout+0x10/0x10
[ 298.801299][ C0] ? __pfx_process_timeout+0x10/0x10
[ 298.806660][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 298.813143][ C0] ? prepare_to_swait_event+0xf0/0x470
[ 298.818992][ C0] rcu_gp_fqs_loop+0x1eb/0xb00
[ 298.824820][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 298.830865][ C0] ? __pfx_lock_release+0x10/0x10
[ 298.836143][ C0] rcu_gp_kthread+0x271/0x380
[ 298.840897][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10
[ 298.846273][ C0] ? lockdep_hardirqs_on+0x7c/0x110
[ 298.851619][ C0] ? __kthread_parkme+0x148/0x220
[ 298.856851][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10
[ 298.862112][ C0] kthread+0x2c1/0x3a0
[ 298.866263][ C0] ? _raw_spin_unlock_irq+0x23/0x50
[ 298.871620][ C0] ? __pfx_kthread+0x10/0x10
[ 298.876292][ C0] ret_from_fork+0x45/0x80
[ 298.880848][ C0] ? __pfx_kthread+0x10/0x10
[ 298.885504][ C0] ret_from_fork_asm+0x1a/0x30
[ 298.890398][ C0]
[ 298.893451][ C0] rcu: Stack dump where RCU GP kthread last ran:
[ 298.899905][ C0] Sending NMI from CPU 0 to CPUs 1:
[ 298.905155][ C1] NMI backtrace for cpu 1
[ 298.905169][ C1] CPU: 1 PID: 5123 Comm: syz-executor175 Not tainted 6.9.0-rc7-syzkaller-00012-gdccb07f2914c #0
[ 298.905198][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 298.905213][ C1] RIP: 0010:send_sigqueue+0x6/0x850
[ 298.905299][ C1] Code: 00 e9 1d ff ff ff 48 89 ef e8 16 9a 94 00 e9 79 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 41 57 <41> 56 41 55 41 89 d5 41 54 49 bc 00 00 00 00 00 fc ff df 55 48 89
[ 298.905323][ C1] RSP: 0018:ffffc90000a08dd8 EFLAGS: 00000046
[ 298.905343][ C1] RAX: dffffc0000000000 RBX: ffff8880791ce0b0 RCX: 1ffff1100f239c14
[ 298.905361][ C1] RDX: 0000000000000001 RSI: ffff8880773ea640 RDI: ffff888020d68bd0
[ 298.905378][ C1] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
[ 298.905394][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000008
[ 298.905409][ C1] R13: ffff8880791ce020 R14: ffff8880791ce090 R15: ffff8880791ce070
[ 298.905427][ C1] FS: 0000555580a103c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
[ 298.905452][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 298.905471][ C1] CR2: 000000002006b000 CR3: 00000000791ca000 CR4: 00000000003506f0
[ 298.905487][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 298.905502][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 298.905518][ C1] Call Trace:
[ 298.905528][ C1]
[ 298.905537][ C1] ? show_regs+0x8c/0xa0
[ 298.905571][ C1] ? nmi_cpu_backtrace+0x1d8/0x390
[ 298.905643][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20
[ 298.905685][ C1] ? nmi_handle+0x1a9/0x5c0
[ 298.905715][ C1] ? send_sigqueue+0x6/0x850
[ 298.905740][ C1] ? default_do_nmi+0x6a/0x160
[ 298.905774][ C1] ? exc_nmi+0x170/0x1e0
[ 298.905806][ C1] ? end_repeat_nmi+0xf/0x53
[ 298.905877][ C1] ? send_sigqueue+0x6/0x850
[ 298.905902][ C1] ? send_sigqueue+0x6/0x850
[ 298.905928][ C1] ? send_sigqueue+0x6/0x850
[ 298.905953][ C1]
[ 298.905960][ C1]
[ 298.905968][ C1] posix_timer_fn+0x181/0x3e0
[ 298.906030][ C1] ? do_raw_spin_unlock+0x172/0x230
[ 298.906058][ C1] ? __pfx_posix_timer_fn+0x10/0x10
[ 298.906095][ C1] __hrtimer_run_queues+0x20c/0xcc0
[ 298.906127][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 298.906155][ C1] ? ktime_get_update_offsets_now+0x3bd/0x620
[ 298.906197][ C1] hrtimer_interrupt+0x31b/0x800
[ 298.906232][ C1] __sysvec_apic_timer_interrupt+0x10f/0x450
[ 298.906260][ C1] sysvec_apic_timer_interrupt+0x90/0xb0
[ 298.906301][ C1]
[ 298.906309][ C1]
[ 298.906317][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 298.906347][ C1] RIP: 0010:_raw_spin_unlock_irq+0x29/0x50
[ 298.906384][ C1] Code: 90 f3 0f 1e fa 53 48 8b 74 24 08 48 89 fb 48 83 c7 18 e8 6a 98 8c f6 48 89 df e8 c2 14 8d f6 e8 ed 98 b5 f6 fb bf 01 00 00 00 b2 4f 7e f6 65 8b 05 b3 88 24 75 85 c0 74 06 5b c3 cc cc cc cc
[ 298.906408][ C1] RSP: 0018:ffffc9000331fcf0 EFLAGS: 00000202
[ 298.906427][ C1] RAX: 00000000030d03f7 RBX: ffff8880290ba500 RCX: 1ffffffff1f3e279
[ 298.906444][ C1] RDX: 0000000000000000 RSI: ffffffff8b0cae00 RDI: 0000000000000001
[ 298.906460][ C1] RBP: ffff8880290ba900 R08: 0000000000000001 R09: 0000000000000001
[ 298.906476][ C1] R10: ffffffff8f9f5657 R11: 0000000000000000 R12: 0000000000000000
[ 298.906492][ C1] R13: 0000000000000021 R14: ffff8880290ba500 R15: ffff8880290ba500
[ 298.906515][ C1] get_signal+0x1e3e/0x2710
[ 298.906574][ C1] ? __pfx_get_signal+0x10/0x10
[ 298.906606][ C1] ? do_sigaltstack.constprop.0+0x547/0x800
[ 298.906671][ C1] arch_do_signal_or_restart+0x90/0x7e0
[ 298.906712][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 298.906747][ C1] ? _raw_spin_unlock_irq+0x23/0x50
[ 298.906784][ C1] ? __do_sys_rt_sigreturn+0x167/0x230
[ 298.906819][ C1] ? __pfx___do_sys_rt_sigreturn+0x10/0x10
[ 298.906856][ C1] syscall_exit_to_user_mode+0x14a/0x2a0
[ 298.906884][ C1] do_syscall_64+0xdc/0x260
[ 298.906911][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 298.906939][ C1] RIP: 0033:0x7f4aa23afe79
[ 298.906957][ C1] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 298.906980][ C1] RSP: 002b:00007ffc5113f288 EFLAGS: 00000246
[ 298.906998][ C1] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f4aa23afe79
[ 298.907014][ C1] RDX: 000000002006b000 RSI: 0000000000000000 RDI: 0000000000000000
[ 298.907030][ C1] RBP: 00000000000f4240 R08: 0000000000000000 R09: 0000000000000000
[ 298.907046][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000555580a10370
[ 298.907062][ C1] R13: 0000000000000000 R14: 00007ffc5113f300 R15: 00007ffc5113f2f0
[ 298.907088][ C1]
[ 298.907097][ C1] INFO: NMI handler (nmi_cpu_backtrace_handler) took too long to run: 1.942 msecs