Warning: Permanently added '[localhost]:16129' (ED25519) to the list of known hosts. 2025/06/28 00:26:10 ignoring optional flag "sandboxArg"="0" 2025/06/28 00:26:10 ignoring optional flag "type"="qemu" 2025/06/28 00:26:11 parsed 1 programs [ 63.974862][ T40] kauditd_printk_skb: 13 callbacks suppressed [ 63.974874][ T40] audit: type=1400 audit(1751070371.071:98): avc: denied { getattr } for pid=6063 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 2025/06/28 00:26:11 executed programs: 0 [ 64.051076][ T40] audit: type=1400 audit(1751070371.151:99): avc: denied { create } for pid=6075 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 64.056301][ T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 64.059377][ T40] audit: type=1400 audit(1751070371.151:100): avc: denied { ioctl } for pid=6075 comm="syz-executor.0" path="socket:[7407]" dev="sockfs" ino=7407 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 64.062882][ T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 64.075278][ T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 64.079408][ T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 64.082577][ T63] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 64.237520][ T6075] chnl_net:caif_netlink_parms(): no params data found [ 64.359190][ T6075] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.362294][ T6075] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.365337][ T6075] bridge_slave_0: entered allmulticast mode [ 64.369322][ T6075] bridge_slave_0: entered promiscuous mode [ 64.374076][ T6075] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.377247][ T6075] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.380601][ T6075] bridge_slave_1: entered allmulticast mode [ 64.384542][ T6075] bridge_slave_1: entered promiscuous mode [ 64.443868][ T6075] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.450854][ T6075] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.511273][ T6075] team0: Port device team_slave_0 added [ 64.516513][ T6075] team0: Port device team_slave_1 added [ 64.572225][ T6075] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.575308][ T6075] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.586260][ T6075] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.595221][ T6075] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.598404][ T6075] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.611416][ T6075] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.676729][ T6075] hsr_slave_0: entered promiscuous mode [ 64.680158][ T6075] hsr_slave_1: entered promiscuous mode [ 64.852173][ T40] audit: type=1400 audit(1751070371.951:101): avc: denied { search } for pid=6085 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 64.859273][ T40] audit: type=1400 audit(1751070371.951:102): avc: denied { search } for pid=6085 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=1898 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 64.867965][ T40] audit: type=1400 audit(1751070371.951:103): avc: denied { search } for pid=6085 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1902 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 64.876246][ T40] audit: type=1400 audit(1751070371.951:104): avc: denied { search } for pid=6085 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1903 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 64.885106][ T40] audit: type=1400 audit(1751070371.961:105): avc: denied { read open } for pid=6087 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1903 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 64.895299][ T40] audit: type=1400 audit(1751070371.961:106): avc: denied { getattr } for pid=6087 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1903 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 64.903773][ T40] audit: type=1400 audit(1751070371.971:107): avc: denied { add_name } for pid=6085 comm="dhcpcd-run-hook" name="resolv.conf.lapb10.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 65.360261][ T6075] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 65.366591][ T6075] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.371995][ T6075] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.376009][ T6075] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.444041][ T6075] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.460163][ T6075] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.469895][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.472849][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.488330][ T102] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.491676][ T102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.645819][ T6075] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.683180][ T6075] veth0_vlan: entered promiscuous mode [ 65.691119][ T6075] veth1_vlan: entered promiscuous mode [ 65.713169][ T6075] veth0_macvtap: entered promiscuous mode [ 65.718430][ T6075] veth1_macvtap: entered promiscuous mode [ 65.732683][ T6075] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.742816][ T6075] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.749237][ T6075] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.752947][ T6075] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.756678][ T6075] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.761028][ T6075] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.803104][ T1180] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.806564][ T1180] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.830765][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.834129][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.099905][ T63] Bluetooth: hci0: command tx timeout [ 66.117144][ T5956] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 66.289501][ T5956] usb 5-1: config 0 has an invalid interface number: 237 but max is 0 [ 66.292137][ T5956] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 66.295324][ T5956] usb 5-1: config 0 has no interface number 0 [ 66.297529][ T5956] usb 5-1: config 0 interface 237 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 66.300948][ T5956] usb 5-1: New USB device found, idVendor=2040, idProduct=826d, bcdDevice=98.19 [ 66.304362][ T5956] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 66.313269][ T5956] usb 5-1: config 0 descriptor?? [ 66.322038][ T5956] em28xx 5-1:0.237: New device @ 480 Mbps (2040:826d, interface 237, class 237) [ 66.325683][ T5956] em28xx 5-1:0.237: Audio interface 237 found (Vendor Class) [ 66.577604][ T5956] em28xx 5-1:0.237: unknown em28xx chip ID (0) [ 66.587285][ T5956] em28xx 5-1:0.237: Config register raw data: 0xfffffffb [ 66.590282][ T5956] em28xx 5-1:0.237: AC97 chip type couldn't be determined [ 66.592707][ T5956] em28xx 5-1:0.237: No AC97 audio processor [ 66.594869][ T5956] em28xx 5-1:0.237: We currently don't support analog TV or stream capture on dual tuners. [ 66.658332][ T5956] em28xx 5-1:0.237: unknown em28xx chip ID (0) [ 66.660570][ T5956] em28xx 5-1:0.237: Config register raw data: 0xfffffffb [ 66.663755][ T5956] em28xx 5-1:0.237: AC97 chip type couldn't be determined [ 66.665988][ T5956] em28xx 5-1:0.237: No AC97 audio processor [ 66.875811][ T5956] usb 5-1: USB disconnect, device number 2 [ 66.878443][ T5956] em28xx 5-1:0.237: Disconnecting em28xx #1 [ 66.880353][ T5956] em28xx 5-1:0.237: Disconnecting em28xx [ 66.884545][ T5956] em28xx 5-1:0.237: Freeing device [ 66.886315][ T5956] em28xx 5-1:0.237: Freeing device [ 67.377371][ T5956] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 67.529242][ T5956] usb 5-1: config 0 has an invalid interface number: 237 but max is 0 [ 67.532763][ T5956] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 67.536824][ T5956] usb 5-1: config 0 has no interface number 0 [ 67.540578][ T5956] usb 5-1: config 0 interface 237 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 67.545115][ T5956] usb 5-1: New USB device found, idVendor=2040, idProduct=826d, bcdDevice=98.19 [ 67.549127][ T5956] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.555035][ T5956] usb 5-1: config 0 descriptor?? [ 67.561339][ T5956] em28xx 5-1:0.237: New device @ 480 Mbps (2040:826d, interface 237, class 237) [ 67.565162][ T5956] em28xx 5-1:0.237: Audio interface 237 found (Vendor Class) [ 67.817374][ T5956] em28xx 5-1:0.237: unknown em28xx chip ID (0) [ 67.819582][ T5956] em28xx 5-1:0.237: Config register raw data: 0xfffffffb [ 67.821987][ T5956] em28xx 5-1:0.237: AC97 chip type couldn't be determined [ 67.824203][ T5956] em28xx 5-1:0.237: No AC97 audio processor [ 67.826391][ T5956] non-slab/vmalloc memory [ 67.828551][ T5956] list_add corruption. prev->next should be next (ffffffff8fdc12c0), but was ffffffff82160b41. (prev=ffff88803af88250). [ 67.833887][ T5956] ------------[ cut here ]------------ [ 67.836193][ T5956] kernel BUG at lib/list_debug.c:32! [ 67.838539][ T5956] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 67.842216][ T5956] CPU: 1 UID: 0 PID: 5956 Comm: kworker/1:3 Not tainted 6.16.0-rc3-syzkaller-g35e261cd95dd #0 PREEMPT(full) [ 67.847165][ T5956] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 67.851114][ T5956] Workqueue: usb_hub_wq hub_event [ 67.852713][ T5956] RIP: 0010:__list_add_valid_or_report+0x12b/0x190 [ 67.855110][ T5956] Code: 00 00 00 00 fc ff df 48 89 f2 48 c1 ea 03 80 3c 02 00 75 5a 48 8b 16 48 89 f1 48 c7 c7 e0 80 15 8c 48 89 ee e8 f6 ea b8 fc 90 <0f> 0b 48 89 f2 48 89 e9 4c 89 e6 48 c7 c7 60 81 15 8c e8 de ea b8 [ 67.862960][ T5956] RSP: 0018:ffffc900041aee88 EFLAGS: 00010282 [ 67.865481][ T5956] RAX: 0000000000000075 RBX: ffff88802a8fc000 RCX: ffffffff819b00b9 [ 67.868740][ T5956] RDX: 0000000000000000 RSI: ffffffff819b7f46 RDI: 0000000000000005 [ 67.872034][ T5956] RBP: ffffffff8fdc12c0 R08: 0000000000000005 R09: 0000000000000000 [ 67.875301][ T5956] R10: 0000000080000000 R11: 0000000000000001 R12: ffff88802a8fc250 [ 67.878332][ T5956] R13: ffffffff8fdc12c8 R14: ffff88802a8fc1a8 R15: ffff88802a8fda14 [ 67.881087][ T5956] FS: 0000000000000000(0000) GS:ffff8880d6852000(0000) knlGS:0000000000000000 [ 67.884281][ T5956] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 67.887029][ T5956] CR2: 00007fe9a5f98000 CR3: 0000000028008000 CR4: 0000000000352ef0 [ 67.890313][ T5956] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 67.892912][ T5956] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 67.895528][ T5956] Call Trace: [ 67.896931][ T5956] [ 67.898206][ T5956] em28xx_init_extension+0x48/0x200 [ 67.900461][ T5956] em28xx_init_dev.constprop.0+0x1a10/0x3170 [ 67.903013][ T5956] ? __pfx_em28xx_init_dev.constprop.0+0x10/0x10 [ 67.905648][ T5956] ? rcu_is_watching+0x12/0xc0 [ 67.907686][ T5956] ? lockdep_init_map_type+0x5c/0x280 [ 67.909955][ T5956] ? lockdep_init_map_type+0x5c/0x280 [ 67.912203][ T5956] em28xx_usb_probe+0x1285/0x3770 [ 67.914328][ T5956] usb_probe_interface+0x300/0x9c0 [ 67.916495][ T5956] ? __pfx_usb_probe_interface+0x10/0x10 [ 67.918875][ T5956] really_probe+0x241/0xa90 [ 67.920792][ T5956] __driver_probe_device+0x1de/0x440 [ 67.922784][ T5956] driver_probe_device+0x4c/0x1b0 [ 67.924384][ T5956] __device_attach_driver+0x1df/0x310 [ 67.926074][ T5956] ? __pfx___device_attach_driver+0x10/0x10 [ 67.927922][ T5956] bus_for_each_drv+0x159/0x1e0 [ 67.929456][ T5956] ? __pfx_bus_for_each_drv+0x10/0x10 [ 67.931139][ T5956] ? lockdep_hardirqs_on+0x7c/0x110 [ 67.932769][ T5956] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 67.934602][ T5956] __device_attach+0x1e4/0x4b0 [ 67.936086][ T5956] ? __pfx___device_attach+0x10/0x10 [ 67.937738][ T5956] ? do_raw_spin_unlock+0x172/0x230 [ 67.939380][ T5956] bus_probe_device+0x17f/0x1c0 [ 67.940914][ T5956] device_add+0x1148/0x1a70 [ 67.942375][ T5956] ? __pfx_device_add+0x10/0x10 [ 67.943912][ T5956] ? preempt_schedule_thunk+0x16/0x30 [ 67.945589][ T5956] usb_set_configuration+0x1187/0x1e20 [ 67.947304][ T5956] ? __pfx_usb_generic_driver_probe+0x10/0x10 [ 67.949211][ T5956] usb_generic_driver_probe+0xb1/0x110 [ 67.950936][ T5956] usb_probe_device+0xec/0x3e0 [ 67.952449][ T5956] ? __pfx_usb_probe_device+0x10/0x10 [ 67.954129][ T5956] really_probe+0x241/0xa90 [ 67.955565][ T5956] __driver_probe_device+0x1de/0x440 [ 67.957216][ T5956] ? usb_driver_applicable+0x1c7/0x220 [ 67.958920][ T5956] driver_probe_device+0x4c/0x1b0 [ 67.960504][ T5956] __device_attach_driver+0x1df/0x310 [ 67.962195][ T5956] ? __pfx___device_attach_driver+0x10/0x10 [ 67.964052][ T5956] bus_for_each_drv+0x159/0x1e0 [ 67.965584][ T5956] ? __pfx_bus_for_each_drv+0x10/0x10 [ 67.967272][ T5956] ? lockdep_hardirqs_on+0x7c/0x110 [ 67.968933][ T5956] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 67.970765][ T5956] __device_attach+0x1e4/0x4b0 [ 67.972305][ T5956] ? __pfx___device_attach+0x10/0x10 [ 67.973987][ T5956] ? do_raw_spin_unlock+0x172/0x230 [ 67.975621][ T5956] bus_probe_device+0x17f/0x1c0 [ 67.977157][ T5956] device_add+0x1148/0x1a70 [ 67.978602][ T5956] ? __pfx_device_add+0x10/0x10 [ 67.980136][ T5956] ? usb_detect_static_quirks+0x335/0x3e0 [ 67.981909][ T5956] ? __usb_get_extra_descriptor+0x158/0x1c0 [ 67.983797][ T5956] usb_new_device+0xd07/0x1a20 [ 67.985307][ T5956] ? do_raw_spin_lock+0x12c/0x2b0 [ 67.986892][ T5956] ? __pfx_usb_new_device+0x10/0x10 [ 67.988515][ T5956] ? mark_held_locks+0x49/0x80 [ 67.989995][ T5956] hub_event+0x2eb7/0x4fa0 [ 67.991372][ T5956] ? __pfx_hub_event+0x10/0x10 [ 67.992863][ T5956] ? assoc_array_gc+0x1240/0x15b0 [ 67.994425][ T5956] ? rcu_is_watching+0x12/0xc0 [ 67.995901][ T5956] process_one_work+0x9cc/0x1b70 [ 67.997412][ T5956] ? __pfx_hub_event+0x10/0x10 [ 67.998896][ T5956] ? __pfx_process_one_work+0x10/0x10 [ 68.000532][ T5956] ? assign_work+0x1a0/0x250 [ 68.001957][ T5956] worker_thread+0x6c8/0xf10 [ 68.003422][ T5956] ? __kthread_parkme+0x19e/0x250 [ 68.004934][ T5956] ? __pfx_worker_thread+0x10/0x10 [ 68.006491][ T5956] kthread+0x3c2/0x780 [ 68.007757][ T5956] ? __pfx_kthread+0x10/0x10 [ 68.009215][ T5956] ? rcu_is_watching+0x12/0xc0 [ 68.010702][ T5956] ? __pfx_kthread+0x10/0x10 [ 68.012121][ T5956] ret_from_fork+0x5d4/0x6f0 [ 68.013631][ T5956] ? __pfx_kthread+0x10/0x10 [ 68.015085][ T5956] ret_from_fork_asm+0x1a/0x30 [ 68.016572][ T5956] [ 68.017533][ T5956] Modules linked in: [ 68.018965][ T5956] ---[ end trace 0000000000000000 ]--- [ 68.020775][ T5956] RIP: 0010:__list_add_valid_or_report+0x12b/0x190 [ 68.022890][ T5956] Code: 00 00 00 00 fc ff df 48 89 f2 48 c1 ea 03 80 3c 02 00 75 5a 48 8b 16 48 89 f1 48 c7 c7 e0 80 15 8c 48 89 ee e8 f6 ea b8 fc 90 <0f> 0b 48 89 f2 48 89 e9 4c 89 e6 48 c7 c7 60 81 15 8c e8 de ea b8 [ 68.029108][ T5956] RSP: 0018:ffffc900041aee88 EFLAGS: 00010282 [ 68.031022][ T5956] RAX: 0000000000000075 RBX: ffff88802a8fc000 RCX: ffffffff819b00b9 [ 68.033511][ T5956] RDX: 0000000000000000 RSI: ffffffff819b7f46 RDI: 0000000000000005 [ 68.035975][ T5956] RBP: ffffffff8fdc12c0 R08: 0000000000000005 R09: 0000000000000000 [ 68.038530][ T5956] R10: 0000000080000000 R11: 0000000000000001 R12: ffff88802a8fc250 [ 68.040984][ T5956] R13: ffffffff8fdc12c8 R14: ffff88802a8fc1a8 R15: ffff88802a8fda14 [ 68.043483][ T5956] FS: 0000000000000000(0000) GS:ffff8880d6852000(0000) knlGS:0000000000000000 [ 68.046247][ T5956] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.048382][ T5956] CR2: 00007fe9a5f98000 CR3: 0000000028008000 CR4: 0000000000352ef0 [ 68.050861][ T5956] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.053356][ T5956] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.055819][ T5956] Kernel panic - not syncing: Fatal exception [ 68.058420][ T5956] Kernel Offset: disabled [ 68.059784][ T5956] Rebooting in 86400 seconds..