Warning: Permanently added '10.128.1.94' (ED25519) to the list of known hosts. 2025/03/24 15:33:15 ignoring optional flag "sandboxArg"="0" 2025/03/24 15:33:16 parsed 1 programs [ 74.983784][ T30] audit: type=1400 audit(1742830396.480:88): avc: denied { node_bind } for pid=5812 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 76.174410][ T9] cfg80211: failed to load regulatory.db [ 76.836027][ T30] audit: type=1400 audit(1742830398.330:89): avc: denied { mounton } for pid=5819 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 76.839502][ T5819] cgroup: Unknown subsys name 'net' [ 76.858784][ T30] audit: type=1400 audit(1742830398.330:90): avc: denied { mount } for pid=5819 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 76.888235][ T30] audit: type=1400 audit(1742830398.390:91): avc: denied { unmount } for pid=5819 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 77.025668][ T5819] cgroup: Unknown subsys name 'cpuset' [ 77.032733][ T5819] cgroup: Unknown subsys name 'rlimit' [ 77.217511][ T30] audit: type=1400 audit(1742830398.710:92): avc: denied { setattr } for pid=5819 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 77.240871][ T30] audit: type=1400 audit(1742830398.710:93): avc: denied { create } for pid=5819 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 77.271662][ T30] audit: type=1400 audit(1742830398.710:94): avc: denied { write } for pid=5819 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 77.292567][ T30] audit: type=1400 audit(1742830398.710:95): avc: denied { read } for pid=5819 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 77.312530][ T5825] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 77.312876][ T30] audit: type=1400 audit(1742830398.740:96): avc: denied { mounton } for pid=5819 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 77.346965][ T30] audit: type=1400 audit(1742830398.740:97): avc: denied { mount } for pid=5819 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 78.172744][ T5819] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 79.647184][ T5828] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 80.308337][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 80.308352][ T30] audit: type=1400 audit(1742830401.800:126): avc: denied { create } for pid=5858 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 80.335266][ T30] audit: type=1400 audit(1742830401.800:127): avc: denied { read write } for pid=5858 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 80.337116][ T5860] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.359851][ T30] audit: type=1400 audit(1742830401.800:128): avc: denied { open } for pid=5858 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 80.366740][ T5860] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.390479][ T30] audit: type=1400 audit(1742830401.810:129): avc: denied { ioctl } for pid=5858 comm="syz-executor" path="socket:[5234]" dev="sockfs" ino=5234 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 80.397774][ T5860] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.431210][ T5860] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.439381][ T5860] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 80.446594][ T5860] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.906422][ T30] audit: type=1401 audit(1742830402.400:130): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 81.435570][ T5887] chnl_net:caif_netlink_parms(): no params data found [ 81.474081][ T5887] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.481410][ T5887] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.488570][ T5887] bridge_slave_0: entered allmulticast mode [ 81.495033][ T5887] bridge_slave_0: entered promiscuous mode [ 81.502583][ T5887] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.510991][ T5887] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.518325][ T5887] bridge_slave_1: entered allmulticast mode [ 81.524726][ T5887] bridge_slave_1: entered promiscuous mode [ 81.547496][ T5887] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.558384][ T5887] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.580655][ T5887] team0: Port device team_slave_0 added [ 81.587849][ T5887] team0: Port device team_slave_1 added [ 81.602735][ T5887] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.610065][ T5887] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.636375][ T5887] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.648574][ T5887] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.655559][ T5887] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.681515][ T5887] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.705253][ T5887] hsr_slave_0: entered promiscuous mode [ 81.711190][ T5887] hsr_slave_1: entered promiscuous mode [ 81.775498][ T5887] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 81.784578][ T5887] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 81.792880][ T5887] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 81.801978][ T5887] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 81.820002][ T5887] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.827264][ T5887] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.835081][ T5887] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.842111][ T5887] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.872318][ T5887] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.886481][ T5887] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.897476][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.906540][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.920068][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.927180][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.938548][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.945626][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.988924][ T30] audit: type=1400 audit(1742830403.480:131): avc: denied { sys_module } for pid=5887 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 82.041710][ T5887] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.065816][ T5887] veth0_vlan: entered promiscuous mode [ 82.075151][ T5887] veth1_vlan: entered promiscuous mode [ 82.091236][ T5887] veth0_macvtap: entered promiscuous mode [ 82.100334][ T5887] veth1_macvtap: entered promiscuous mode [ 82.112291][ T5887] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.124258][ T5887] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.134080][ T5887] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.142836][ T5887] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.151949][ T5887] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.160876][ T5887] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.188919][ T30] audit: type=1400 audit(1742830403.680:132): avc: denied { mounton } for pid=5887 comm="syz-executor" path="/root/syzkaller.iQ6448/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 82.283592][ T37] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.332660][ T1150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.340776][ T1150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.365212][ T37] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.380736][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.389579][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.414248][ T37] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 82.475707][ T37] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 2025/03/24 15:33:24 executed programs: 0 [ 83.052679][ T5860] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 83.061003][ T5860] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 83.069919][ T5860] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 83.078021][ T5860] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 83.085646][ T5860] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 83.092779][ T5860] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 83.168142][ T5925] chnl_net:caif_netlink_parms(): no params data found [ 83.199906][ T5925] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.207570][ T5925] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.214836][ T5925] bridge_slave_0: entered allmulticast mode [ 83.221409][ T5925] bridge_slave_0: entered promiscuous mode [ 83.228921][ T5925] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.236971][ T5925] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.244156][ T5925] bridge_slave_1: entered allmulticast mode [ 83.250498][ T5925] bridge_slave_1: entered promiscuous mode [ 83.268350][ T5925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.278776][ T5925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.298613][ T5925] team0: Port device team_slave_0 added [ 83.306892][ T5925] team0: Port device team_slave_1 added [ 83.322697][ T5925] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.329999][ T5925] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.356230][ T5925] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.368765][ T5925] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.375825][ T5925] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.401768][ T5925] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.428903][ T5925] hsr_slave_0: entered promiscuous mode [ 83.434832][ T5925] hsr_slave_1: entered promiscuous mode [ 83.440548][ T5925] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.448324][ T5925] Cannot create hsr debugfs directory [ 85.133928][ T5133] Bluetooth: hci0: command tx timeout [ 85.471557][ T37] bridge_slave_1: left allmulticast mode [ 85.482761][ T37] bridge_slave_1: left promiscuous mode [ 85.490565][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.500137][ T37] bridge_slave_0: left allmulticast mode [ 85.507282][ T37] bridge_slave_0: left promiscuous mode [ 85.513192][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.678737][ T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 85.688814][ T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 85.699524][ T37] bond0 (unregistering): Released all slaves [ 85.712009][ T30] audit: type=1400 audit(1742830407.210:133): avc: denied { search } for pid=5488 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 85.771525][ T30] audit: type=1400 audit(1742830407.260:134): avc: denied { read } for pid=5938 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1708 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 85.795006][ T30] audit: type=1400 audit(1742830407.260:135): avc: denied { open } for pid=5938 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1708 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 85.826512][ T30] audit: type=1400 audit(1742830407.260:136): avc: denied { getattr } for pid=5938 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1708 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 85.888247][ T37] hsr_slave_0: left promiscuous mode [ 85.894878][ T37] hsr_slave_1: left promiscuous mode [ 85.900644][ T37] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 85.911590][ T37] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 85.919963][ T37] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 85.934383][ T30] audit: type=1400 audit(1742830407.420:137): avc: denied { write } for pid=5937 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1707 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 85.958264][ T37] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 85.963809][ T30] audit: type=1400 audit(1742830407.420:138): avc: denied { add_name } for pid=5937 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 85.989816][ T30] audit: type=1400 audit(1742830407.460:139): avc: denied { remove_name } for pid=5948 comm="rm" name="resolv.conf.eth1.link" dev="tmpfs" ino=1905 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 86.016130][ T37] veth1_macvtap: left promiscuous mode [ 86.021731][ T37] veth0_macvtap: left promiscuous mode [ 86.028767][ T37] veth1_vlan: left promiscuous mode [ 86.034638][ T37] veth0_vlan: left promiscuous mode [ 86.202562][ T37] team0 (unregistering): Port device team_slave_1 removed [ 86.225429][ T37] team0 (unregistering): Port device team_slave_0 removed [ 86.504070][ T5925] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.520728][ T5925] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.529940][ T5925] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 86.548349][ T5925] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 86.611751][ T5925] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.638410][ T5925] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.658293][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.665360][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.678822][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.685926][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.830244][ T5925] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.864503][ T5925] veth0_vlan: entered promiscuous mode [ 86.880858][ T5925] veth1_vlan: entered promiscuous mode [ 86.918242][ T5925] veth0_macvtap: entered promiscuous mode [ 86.925826][ T5925] veth1_macvtap: entered promiscuous mode [ 86.937236][ T5925] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.948384][ T5925] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.961313][ T5925] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.970879][ T5925] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.979759][ T5925] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.990660][ T5925] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.041117][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.055434][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.086462][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.099390][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.122064][ T30] audit: type=1400 audit(1742830408.610:140): avc: denied { mount } for pid=5925 comm="syz-executor" name="/" dev="gadgetfs" ino=7675 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 87.192241][ T5968] netlink: 'syz.0.16': attribute type 10 has an invalid length. [ 87.208949][ T5968] team0: Port device wlan1 added [ 87.213086][ T5133] Bluetooth: hci0: command tx timeout [ 87.232361][ T5969] netlink: 'syz.0.17': attribute type 10 has an invalid length. [ 87.257305][ T5970] netlink: 'syz.0.18': attribute type 10 has an invalid length. [ 87.285189][ T5971] netlink: 'syz.0.19': attribute type 10 has an invalid length. [ 87.306176][ T5972] netlink: 'syz.0.20': attribute type 10 has an invalid length. [ 87.327847][ T5973] netlink: 'syz.0.21': attribute type 10 has an invalid length. [ 87.348858][ T5974] netlink: 'syz.0.22': attribute type 10 has an invalid length. [ 87.375387][ T5975] netlink: 'syz.0.23': attribute type 10 has an invalid length. [ 87.396761][ T5976] netlink: 'syz.0.24': attribute type 10 has an invalid length. [ 87.415877][ T5977] netlink: 'syz.0.25': attribute type 10 has an invalid length. 2025/03/24 15:33:29 executed programs: 43 [ 89.293406][ T5133] Bluetooth: hci0: command tx timeout [ 91.373856][ T5133] Bluetooth: hci0: command tx timeout [ 92.197886][ T6264] validate_nla: 279 callbacks suppressed [ 92.197897][ T6264] netlink: 'syz.0.305': attribute type 10 has an invalid length. [ 92.221152][ T6265] netlink: 'syz.0.306': attribute type 10 has an invalid length. [ 92.236460][ T6266] netlink: 'syz.0.307': attribute type 10 has an invalid length. [ 92.268618][ T6267] netlink: 'syz.0.308': attribute type 10 has an invalid length. [ 92.284394][ T6268] netlink: 'syz.0.309': attribute type 10 has an invalid length. [ 92.300043][ T6269] netlink: 'syz.0.310': attribute type 10 has an invalid length. [ 92.337410][ T6270] netlink: 'syz.0.311': attribute type 10 has an invalid length. [ 92.352626][ T6271] netlink: 'syz.0.312': attribute type 10 has an invalid length. [ 92.368207][ T6272] netlink: 'syz.0.313': attribute type 10 has an invalid length. [ 92.398091][ T6273] netlink: 'syz.0.314': attribute type 10 has an invalid length. 2025/03/24 15:33:34 executed programs: 334 [ 97.218448][ T6548] validate_nla: 272 callbacks suppressed [ 97.218459][ T6548] netlink: 'syz.0.587': attribute type 10 has an invalid length. [ 97.239722][ T6549] netlink: 'syz.0.588': attribute type 10 has an invalid length. [ 97.255036][ T6550] netlink: 'syz.0.589': attribute type 10 has an invalid length. [ 97.288258][ T6551] netlink: 'syz.0.590': attribute type 10 has an invalid length. [ 97.304610][ T6552] netlink: 'syz.0.591': attribute type 10 has an invalid length. [ 97.319828][ T6553] netlink: 'syz.0.592': attribute type 10 has an invalid length. [ 97.347460][ T6554] netlink: 'syz.0.593': attribute type 10 has an invalid length. [ 97.363298][ T6555] netlink: 'syz.0.594': attribute type 10 has an invalid length. [ 97.379875][ T6556] netlink: 'syz.0.595': attribute type 10 has an invalid length. [ 97.407657][ T6557] netlink: 'syz.0.596': attribute type 10 has an invalid length. [ 97.792777][ T5860] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.801780][ T5860] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.810154][ T5860] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.819725][ T5860] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.827545][ T5860] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 97.835147][ T5860] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.913767][ T6579] chnl_net:caif_netlink_parms(): no params data found [ 97.945717][ T6579] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.952813][ T6579] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.960240][ T6579] bridge_slave_0: entered allmulticast mode [ 97.966966][ T6579] bridge_slave_0: entered promiscuous mode [ 97.974925][ T6579] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.981976][ T6579] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.989550][ T6579] bridge_slave_1: entered allmulticast mode [ 97.997377][ T6579] bridge_slave_1: entered promiscuous mode [ 98.018638][ T37] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.038163][ T6579] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.048860][ T6579] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.068445][ T6579] team0: Port device team_slave_0 added [ 98.076007][ T6579] team0: Port device team_slave_1 added [ 98.087955][ T37] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.111381][ T6579] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.118719][ T6579] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.144652][ T6579] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.157178][ T6579] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.164206][ T6579] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.190185][ T6579] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.210450][ T37] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.235056][ T6579] hsr_slave_0: entered promiscuous mode [ 98.241019][ T6579] hsr_slave_1: entered promiscuous mode [ 98.290742][ T37] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.372121][ T37] bridge_slave_1: left allmulticast mode [ 98.379505][ T37] bridge_slave_1: left promiscuous mode [ 98.393210][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.401639][ T37] bridge_slave_0: left allmulticast mode [ 98.407565][ T37] bridge_slave_0: left promiscuous mode [ 98.413970][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.570469][ T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 98.580913][ T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 98.591043][ T37] bond0 (unregistering): Released all slaves [ 98.698613][ T37] [ 98.700964][ T37] ====================================================== [ 98.707969][ T37] WARNING: possible circular locking dependency detected [ 98.714973][ T37] 6.14.0-rc7-syzkaller-00205-g586de92313fc #0 Not tainted [ 98.722063][ T37] ------------------------------------------------------ [ 98.729065][ T37] kworker/u8:3/37 is trying to acquire lock: [ 98.735023][ T37] ffff888076214e00 (team->team_lock_key#2){+.+.}-{4:4}, at: team_del_slave+0x31/0x1b0 [ 98.744580][ T37] [ 98.744580][ T37] but task is already holding lock: [ 98.751916][ T37] ffff88807d5c8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf1/0x720 [ 98.762154][ T37] [ 98.762154][ T37] which lock already depends on the new lock. [ 98.762154][ T37] [ 98.772532][ T37] [ 98.772532][ T37] the existing dependency chain (in reverse order) is: [ 98.781525][ T37] [ 98.781525][ T37] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 98.789231][ T37] __mutex_lock+0x19b/0xb10 [ 98.794240][ T37] ieee80211_open+0x132/0x210 [ 98.799631][ T37] __dev_open+0x2d4/0x540 [ 98.804464][ T37] dev_open+0xf4/0x160 [ 98.809057][ T37] team_add_slave+0xaf6/0x2190 [ 98.814329][ T37] do_set_master+0x1bc/0x230 [ 98.819428][ T37] do_setlink.constprop.0+0xb5b/0x3f80 [ 98.825401][ T37] rtnl_newlink+0x1306/0x1d60 [ 98.830590][ T37] rtnetlink_rcv_msg+0x95b/0xea0 [ 98.836034][ T37] netlink_rcv_skb+0x16b/0x440 [ 98.841301][ T37] netlink_unicast+0x53c/0x7f0 [ 98.846581][ T37] netlink_sendmsg+0x8b8/0xd70 [ 98.851871][ T37] ____sys_sendmsg+0xaaf/0xc90 [ 98.857147][ T37] ___sys_sendmsg+0x135/0x1e0 [ 98.862331][ T37] __sys_sendmsg+0x16e/0x220 [ 98.867425][ T37] do_syscall_64+0xcd/0x250 [ 98.872433][ T37] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.878834][ T37] [ 98.878834][ T37] -> #0 (team->team_lock_key#2){+.+.}-{4:4}: [ 98.886982][ T37] __lock_acquire+0x249e/0x3c40 [ 98.892340][ T37] lock_acquire.part.0+0x11b/0x380 [ 98.897955][ T37] __mutex_lock+0x19b/0xb10 [ 98.902962][ T37] team_del_slave+0x31/0x1b0 [ 98.908052][ T37] team_device_event+0xd0/0x770 [ 98.913398][ T37] notifier_call_chain+0xb7/0x410 [ 98.918923][ T37] call_netdevice_notifiers_info+0xbe/0x140 [ 98.925325][ T37] unregister_netdevice_many_notify+0xc8a/0x1f30 [ 98.932151][ T37] unregister_netdevice_queue+0x307/0x3f0 [ 98.938365][ T37] _cfg80211_unregister_wdev+0x64b/0x830 [ 98.944504][ T37] ieee80211_remove_interfaces+0x34f/0x720 [ 98.950810][ T37] ieee80211_unregister_hw+0x55/0x3a0 [ 98.956683][ T37] hwsim_exit_net+0x3ad/0x7d0 [ 98.961881][ T37] ops_exit_list+0xb0/0x180 [ 98.966899][ T37] cleanup_net+0x5c6/0xb30 [ 98.971817][ T37] process_one_work+0x9c5/0x1ba0 [ 98.977261][ T37] worker_thread+0x6c8/0xf00 [ 98.982358][ T37] kthread+0x3af/0x750 [ 98.986930][ T37] ret_from_fork+0x45/0x80 [ 98.991849][ T37] ret_from_fork_asm+0x1a/0x30 [ 98.997114][ T37] [ 98.997114][ T37] other info that might help us debug this: [ 98.997114][ T37] [ 99.007316][ T37] Possible unsafe locking scenario: [ 99.007316][ T37] [ 99.014740][ T37] CPU0 CPU1 [ 99.020079][ T37] ---- ---- [ 99.025430][ T37] lock(&rdev->wiphy.mtx); [ 99.030014][ T37] lock(team->team_lock_key#2); [ 99.037466][ T37] lock(&rdev->wiphy.mtx); [ 99.044479][ T37] lock(team->team_lock_key#2); [ 99.049410][ T37] [ 99.049410][ T37] *** DEADLOCK *** [ 99.049410][ T37] [ 99.057539][ T37] 5 locks held by kworker/u8:3/37: [ 99.062627][ T37] #0: ffff88801beeb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0 [ 99.072966][ T37] #1: ffffc90000ad7d18 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 [ 99.082864][ T37] #2: ffffffff8fee2890 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xca/0xb30 [ 99.092155][ T37] #3: ffffffff8fef85a8 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_unregister_hw+0x4d/0x3a0 [ 99.101965][ T37] #4: ffff88807d5c8768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf1/0x720 [ 99.112643][ T37] [ 99.112643][ T37] stack backtrace: [ 99.118504][ T37] CPU: 0 UID: 0 PID: 37 Comm: kworker/u8:3 Not tainted 6.14.0-rc7-syzkaller-00205-g586de92313fc #0 [ 99.118519][ T37] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 99.118528][ T37] Workqueue: netns cleanup_net [ 99.118542][ T37] Call Trace: [ 99.118546][ T37] [ 99.118552][ T37] dump_stack_lvl+0x116/0x1f0 [ 99.118571][ T37] print_circular_bug+0x490/0x760 [ 99.118590][ T37] check_noncircular+0x31a/0x400 [ 99.118607][ T37] ? __pfx_check_noncircular+0x10/0x10 [ 99.118624][ T37] ? mark_lock+0xb5/0xc60 [ 99.118640][ T37] ? __pfx___lock_acquire+0x10/0x10 [ 99.118658][ T37] ? lockdep_lock+0xc6/0x200 [ 99.118672][ T37] ? __pfx_lockdep_lock+0x10/0x10 [ 99.118686][ T37] ? lock_acquire.part.0+0x11b/0x380 [ 99.118705][ T37] __lock_acquire+0x249e/0x3c40 [ 99.118725][ T37] ? __pfx___lock_acquire+0x10/0x10 [ 99.118742][ T37] ? __pfx___lock_acquire+0x10/0x10 [ 99.118759][ T37] ? skb_dequeue+0x126/0x180 [ 99.118775][ T37] lock_acquire.part.0+0x11b/0x380 [ 99.118793][ T37] ? team_del_slave+0x31/0x1b0 [ 99.118806][ T37] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 99.118830][ T37] ? rcu_is_watching+0x12/0xc0 [ 99.118844][ T37] ? trace_lock_acquire+0x14e/0x1f0 [ 99.118858][ T37] ? team_del_slave+0x31/0x1b0 [ 99.118870][ T37] ? lock_acquire+0x2f/0xb0 [ 99.118886][ T37] ? team_del_slave+0x31/0x1b0 [ 99.118899][ T37] __mutex_lock+0x19b/0xb10 [ 99.118916][ T37] ? team_del_slave+0x31/0x1b0 [ 99.118928][ T37] ? __mutex_lock+0x1cc/0xb10 [ 99.118945][ T37] ? team_del_slave+0x31/0x1b0 [ 99.118957][ T37] ? __pfx___mutex_lock+0x10/0x10 [ 99.118974][ T37] ? __mutex_unlock_slowpath+0x164/0x6a0 [ 99.118994][ T37] ? lockdep_hardirqs_on+0x7c/0x110 [ 99.119010][ T37] ? rt_flush_dev+0x479/0x620 [ 99.119027][ T37] ? team_del_slave+0x31/0x1b0 [ 99.119039][ T37] team_del_slave+0x31/0x1b0 [ 99.119052][ T37] team_device_event+0xd0/0x770 [ 99.119065][ T37] notifier_call_chain+0xb7/0x410 [ 99.119079][ T37] ? __pfx_team_device_event+0x10/0x10 [ 99.119093][ T37] call_netdevice_notifiers_info+0xbe/0x140 [ 99.119108][ T37] unregister_netdevice_many_notify+0xc8a/0x1f30 [ 99.119124][ T37] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 99.119138][ T37] ? find_held_lock+0x2d/0x110 [ 99.119152][ T37] ? kernfs_remove_by_name_ns+0xc4/0x130 [ 99.119168][ T37] ? __pfx_lock_release+0x10/0x10 [ 99.119185][ T37] ? __call_rcu_common.constprop.0+0x3ea/0x870 [ 99.119205][ T37] unregister_netdevice_queue+0x307/0x3f0 [ 99.119218][ T37] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 99.119233][ T37] _cfg80211_unregister_wdev+0x64b/0x830 [ 99.119255][ T37] ieee80211_remove_interfaces+0x34f/0x720 [ 99.119272][ T37] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 99.119290][ T37] ieee80211_unregister_hw+0x55/0x3a0 [ 99.119308][ T37] hwsim_exit_net+0x3ad/0x7d0 [ 99.119324][ T37] ? __pfx_hwsim_exit_net+0x10/0x10 [ 99.119340][ T37] ? ip_vs_sync_net_cleanup+0x72/0xb0 [ 99.119357][ T37] ? __ip_vs_dev_cleanup_batch+0xb1/0x290 [ 99.119373][ T37] ? __pfx_hwsim_exit_net+0x10/0x10 [ 99.119388][ T37] ops_exit_list+0xb0/0x180 [ 99.119408][ T37] cleanup_net+0x5c6/0xb30 [ 99.119421][ T37] ? __pfx_cleanup_net+0x10/0x10 [ 99.119435][ T37] ? lock_acquire+0x2f/0xb0 [ 99.119451][ T37] ? process_one_work+0x921/0x1ba0 [ 99.119469][ T37] process_one_work+0x9c5/0x1ba0 [ 99.119487][ T37] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 99.119505][ T37] ? __pfx_process_one_work+0x10/0x10 [ 99.119524][ T37] ? assign_work+0x1a0/0x250 [ 99.119540][ T37] worker_thread+0x6c8/0xf00 [ 99.119559][ T37] ? __pfx_worker_thread+0x10/0x10 [ 99.119576][ T37] kthread+0x3af/0x750 [ 99.119591][ T37] ? __pfx_kthread+0x10/0x10 [ 99.119606][ T37] ? lock_acquire+0x2f/0xb0 [ 99.119623][ T37] ? __pfx_kthread+0x10/0x10 [ 99.119638][ T37] ret_from_fork+0x45/0x80 [ 99.119656][ T37] ? __pfx_kthread+0x10/0x10 [ 99.119671][ T37] ret_from_fork_asm+0x1a/0x30 [ 99.119689][ T37] [ 99.517612][ T37] team0: Port device wlan1 removed [ 99.668755][ T37] hsr_slave_0: left promiscuous mode [ 99.678259][ T37] hsr_slave_1: left promiscuous mode [ 99.684566][ T37] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 99.692377][ T37] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 99.709657][ T37] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 99.717114][ T37] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 99.728737][ T37] veth1_macvtap: left promiscuous mode [ 99.734403][ T37] veth0_macvtap: left promiscuous mode [ 99.739927][ T37] veth1_vlan: left promiscuous mode [ 99.745762][ T37] veth0_vlan: left promiscuous mode [ 99.854235][ T5860] Bluetooth: hci0: command tx timeout [ 99.878560][ T37] team0 (unregistering): Port device team_slave_1 removed [ 99.896827][ T37] team0 (unregistering): Port device team_slave_0 removed [ 99.979669][ T6579] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 99.988446][ T6579] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 99.997049][ T6579] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.008992][ T6579] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 100.042182][ T6579] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.052656][ T6579] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.062368][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.069455][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.083393][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.090443][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.159184][ T6579] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.179274][ T6579] veth0_vlan: entered promiscuous mode [ 100.194957][ T6579] veth1_vlan: entered promiscuous mode [ 100.209753][ T6579] veth0_macvtap: entered promiscuous mode [ 100.216639][ T6579] veth1_macvtap: entered promiscuous mode [ 100.226150][ T6579] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.235462][ T6579] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.245542][ T6579] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.254362][ T6579] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.263486][ T6579] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.272152][ T6579] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.291213][ T6579] ieee80211 phy7: Selected rate control algorithm 'minstrel_ht' 2025/03/24 15:33:41 executed programs: 602 [ 100.307039][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.307871][ T6579] ieee80211 phy8: Selected rate control algorithm 'minstrel_ht' [ 100.316123][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.339752][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.347936][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.376701][ T6635] team0: Port device wlan1 added [ 101.933750][ T5860] Bluetooth: hci0: command tx timeout [ 102.266879][ T6746] validate_nla: 130 callbacks suppressed [ 102.266890][ T6746] netlink: 'syz.0.727': attribute type 10 has an invalid length. [ 102.285714][ T6747] netlink: 'syz.0.728': attribute type 10 has an invalid length. [ 102.298055][ T6748] netlink: 'syz.0.729': attribute type 10 has an invalid length. [ 102.326018][ T6749] netlink: 'syz.0.730': attribute type 10 has an invalid length. [ 102.338772][ T6750] netlink: 'syz.0.731': attribute type 10 has an invalid length. [ 102.351558][ T6751] netlink: 'syz.0.732': attribute type 10 has an invalid length. [ 102.386170][ T6752] netlink: 'syz.0.733': attribute type 10 has an invalid length. [ 102.398930][ T6753] netlink: 'syz.0.734': attribute type 10 has an invalid length. [ 102.411320][ T6754] netlink: 'syz.0.735': attribute type 10 has an invalid length. [ 102.445760][ T6755] netlink: 'syz.0.736': attribute type 10 has an invalid length. [ 104.012935][ T5860] Bluetooth: hci0: command tx timeout 2025/03/24 15:33:46 executed programs: 894 [ 106.093419][ T5860] Bluetooth: hci0: command tx timeout [ 107.316062][ T7044] validate_nla: 287 callbacks suppressed [ 107.316073][ T7044] netlink: 'syz.0.1024': attribute type 10 has an invalid length. [ 107.334349][ T7045] netlink: 'syz.0.1025': attribute type 10 has an invalid length. [ 107.346624][ T7046] netlink: 'syz.0.1026': attribute type 10 has an invalid length. [ 107.376083][ T7047] netlink: 'syz.0.1027': attribute type 10 has an invalid length. [ 107.388824][ T7048] netlink: 'syz.0.1028': attribute type 10 has an invalid length. [ 107.401388][ T7049] netlink: 'syz.0.1029': attribute type 10 has an invalid length. [ 107.436280][ T7050] netlink: 'syz.0.1030': attribute type 10 has an invalid length. [ 107.448715][ T7051] netlink: 'syz.0.1031': attribute type 10 has an invalid length. [ 107.461019][ T7052] netlink: 'syz.0.1032': attribute type 10 has an invalid length. [ 107.496493][ T7053] netlink: 'syz.0.1033': attribute type 10 has an invalid length.