last executing test programs: 215.060222ms ago: executing program 2 (id=3): r0 = syz_open_dev$video(&(0x7f0000000040), 0x400, 0x0) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000180)=0xa6) r1 = landlock_create_ruleset(&(0x7f0000000000)={0x8003, 0x2, 0x2}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) r2 = open(&(0x7f0000000280)='.\x00', 0x141080, 0x0) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') exit(0x7) statx(r3, 0x0, 0x1000, 0x10, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_GETDRIVER(r6, 0x41045508, &(0x7f00000003c0)={0x5, "c483233a653375a89899b27a8ad842859ef9edfaca9733ab0d6aa122b3721320c994a780831619b19889ccca3640734a298e30c435872926b6b84da1adf6460be1fd3df07d3dddfb6eb1bc7a3b7e5e4ba714e74d45029a94ab593ec376ecb8c9ecb08a1326bbaf3d60aa90791063a8f3d0c240870a6e35f2bbc866b4c4e7a9d2aea622d386bda5ed07ce053dc505c1a3b87e9d8a6f7d4935a67e770ef81fed243b54cc43774f4b7c419db9484fdeba86283d63b55b29351b510007b58a99db3777440cff5005e356f161b454f77df27191d20c4e4afd3caae38b9081b86347090a3274af1010e77dab1370dd143087d331ba462fb4e9641fb054f234afa46adb"}) fcntl$lock(r5, 0x25, &(0x7f0000000000)={0x1}) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r7, 0x7, &(0x7f00000003c0)={0x1, 0x0, 0xc}) close_range(r4, 0xffffffffffffffff, 0x0) fcntl$notify(r2, 0x402, 0x8000003d) landlock_restrict_self(r1, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x98}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}, 0x80) r8 = socket(0x400000000010, 0x3, 0x0) r9 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c00)=@deltclass={0x24, 0x29, 0x8, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0xb}, {0xe, 0xa}, {0xffe0, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x40088c8}, 0x20004804) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000140)={'ip6tnl0\x00', r10, 0x2f, 0xff, 0x9, 0x6, 0x1, @empty, @mcast1, 0x20, 0x8, 0x2, 0x43ff}}) symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000e40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 202.890405ms ago: executing program 1 (id=2): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff) r0 = gettid() r1 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_int(r1, 0x107, 0x17, 0x0, &(0x7f0000000200)) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x2000000, &(0x7f00000001c0)=ANY=[@ANYBLOB='mpol=prefer=relative:\f\x00']) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') read$FUSE(r2, &(0x7f0000003480)={0x2020}, 0x2020) 81.818278ms ago: executing program 1 (id=5): socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r1 = mq_open(&(0x7f0000000080)='!selin\xdb\xa1\x02\xbf\xd9l\xd7\xcd\xc0uxse\xee\x0e\xcd\xce6\xbf\xfa;\xb9-a\xb8\xef\x8de\x14\xbc\x9ej\xa1q\xa2\xa5\t\x98\x8a\x8f>\xba', 0x6e93ebbbcc088cf2, 0x0, &(0x7f0000000300)={0x0, 0x1, 0xec}) mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x8ef, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) write$sndseq(0xffffffffffffffff, 0x0, 0x0) r2 = fanotify_init(0x8, 0x80000) write$binfmt_elf64(r2, &(0x7f00000006c0)=ANY=[], 0x18) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000040)=0x8, 0x4) r5 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) r6 = syz_clone(0x41000100, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = getpgid(r6) r8 = syz_pidfd_open(r7, 0x0) syz_clone(0x40800000, 0x0, 0x0, 0x0, 0x0, 0x0) pidfd_send_signal(r8, 0x11, 0x0, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_io_uring_setup(0x3778, 0x0, &(0x7f0000000180)=0x0, &(0x7f00000001c0)) r10 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000000, 0x8010, 0xffffffffffffffff, 0x10000000) r11 = open$dir(&(0x7f0000000200)='./file0\x00', 0x200840, 0x80) r12 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r9, r10, &(0x7f0000000280)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, r11, 0x0, &(0x7f0000000240)='./file0\x00', 0xa, 0x0, 0x0, {0x0, r12}}) ioctl$sock_bt_bnep_BNEPCONNADD(r5, 0x400442c8, &(0x7f0000000380)=ANY=[@ANYRES32=r0]) 6.509898ms ago: executing program 3 (id=4): socket$nl_route(0x10, 0x3, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000080)={0x0, 0x7f, 0x700}) syz_usb_connect$uac1(0x3, 0x87, &(0x7f0000000180)={{0x12, 0x1, 0xc2c837444fab22da, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x75, 0x3, 0x1, 0xf5, 0x80, 0x4, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x7, 0xe}, [@extension_unit={0x7, 0x24, 0x8, 0x2, 0x5, 0x98}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0x0, 0x61, 0x2, {0x7, 0x25, 0x1, 0x2, 0x3, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x2, 0x5, 0x2}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x8, 0x4, 0x7, 0xe8}]}, {{0x9, 0x5, 0x82, 0x9, 0x28, 0x1, 0x65, 0xac, {0x7, 0x25, 0x1, 0x80, 0x50, 0x7ff}}}}}}}]}}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0}) syz_usb_connect$cdc_ncm(0x3, 0x7a, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x68, 0x2, 0x1, 0xf4, 0x80, 0x3, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x8, 0x24, 0x6, 0x0, 0x1, "d8bb67"}, {0x5, 0x24, 0x0, 0xcc94}, {0xd, 0x24, 0xf, 0x1, 0xfff, 0x7, 0x0, 0xd}, {0x6, 0x24, 0x1a, 0xfffb, 0xc06245002bb9dd04}, [@call_mgmt={0x5, 0x24, 0x1, 0x1, 0x7}, @acm={0x4, 0x24, 0x2, 0x2}]}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xfd, 0x6, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0xa, 0x10, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0xfb, 0x7, 0x4}}}}}}}]}}, &(0x7f0000000140)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x110, 0x0, 0x3c, 0x4, 0x50, 0x4}, 0xbb, &(0x7f0000000280)={0x5, 0xf, 0xbb, 0x6, [@ssp_cap={0xc, 0x10, 0xa, 0x1, 0x0, 0x36e92a1, 0x11f0f, 0x2}, @ssp_cap={0x14, 0x10, 0xa, 0xf, 0x2, 0x5, 0xf00f, 0x96, [0xf, 0xc0f0]}, @ptm_cap={0x3}, @ssp_cap={0x14, 0x10, 0xa, 0x10, 0x2, 0x0, 0xf0f, 0xb2, [0xffc0cf, 0x5f0f]}, @ssp_cap={0xc, 0x10, 0xa, 0xa, 0x0, 0x5, 0x780, 0x5}, @generic={0x73, 0x10, 0x6, "5de02aeab7b3ba05658821bb1b08dd0c5ae44cee0e8cca970ada8ca53b1768b15ee76704842c9ad2436013af1c8a6e0333a55a1d46063479efd3f5f6d54d0187103c18a4126eb0fb26c71aabe532eb49899ab0a67691934ff109a09538f3ac17069c6695f66f438c1e05c3cd055325b4"}]}, 0x1, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x816}}]}) 0s ago: executing program 0 (id=1): r0 = io_uring_setup(0x516, &(0x7f0000000640)={0x0, 0xddaa, 0x1, 0x503fa, 0x8100014e}) sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, 0x0, 0x4000840) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, 0x0, 0x40) io_uring_setup(0x30db, &(0x7f00000000c0)={0x0, 0xfffffffe, 0x3000, 0xfffffffe, 0xfffffffd}) r1 = socket$nl_route(0x10, 0x3, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0xa40, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0xfffffffffffffffd, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x50a32, 0x10433}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ARP_VALIDATE={0x8, 0x9, 0x800}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x4008000) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0x3, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x20000000, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c1b, 0x1, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0xcc74, 0x80000000, 0x242, 0x5, 0xe, 0x0, 0x80008071, 0x7, 0x6, 0xffffffff, 0x7, 0x5, 0x3e, 0x10008f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x200003ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x5, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e2, 0xc8, 0xf9, 0xe, 0x2bf, 0x1, 0x9, 0xfffffffc, 0x4, 0x10001, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x3, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0x1000b, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x4, 0xd, 0xffff8005, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x5, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x2, 0x83, 0x3, 0x4, 0x2950bfaf, 0x1001, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x4002, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xfffffffd, 0x5, 0x1c, 0x120000, 0x3, 0x3, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0xfffc, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x6, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0xfffffffe, 0x4, 0xc8, 0x1, 0xfffff000, 0x5, 0x1003, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x227, 0x8001, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf44, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff343e, 0x1]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x1c, 0x36, 0x107, 0xfffffffc, 0x810000, {0x1, 0x7c}, [@typed={0x8, 0x4, 0x0, 0x0, @binary="d2634565"}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48010}, 0x8000) r3 = socket$kcm(0x29, 0x0, 0x0) r4 = syz_open_dev$tty20(0xc, 0x4, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) ppoll(&(0x7f0000000000)=[{r0, 0x30}, {r2, 0x8}, {r3, 0x441}, {r4, 0x200}, {r1, 0x410}], 0x5, &(0x7f0000000080)={r5, r6+10000000}, &(0x7f0000000140)={[0xf]}, 0x8) close_range(r0, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): [ 44.041479][ T40] audit: type=1400 audit(1769382533.109:59): avc: denied { write } for pid=5829 comm="sh" path="pipe:[7287]" dev="pipefs" ino=7287 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 44.050162][ T40] audit: type=1400 audit(1769382533.109:60): avc: denied { rlimitinh } for pid=5829 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 44.057770][ T40] audit: type=1400 audit(1769382533.109:61): avc: denied { siginh } for pid=5829 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '[localhost]:43473' (ED25519) to the list of known hosts. [ 44.977699][ T40] audit: type=1400 audit(1769382534.059:62): avc: denied { name_bind } for pid=5836 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 45.013188][ T40] audit: type=1400 audit(1769382534.089:63): avc: denied { execute } for pid=5837 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 45.021096][ T40] audit: type=1400 audit(1769382534.089:64): avc: denied { execute_no_trans } for pid=5837 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 47.289819][ T40] audit: type=1400 audit(1769382536.369:65): avc: denied { mounton } for pid=5837 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 47.298639][ T40] audit: type=1400 audit(1769382536.379:66): avc: denied { mount } for pid=5837 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 47.300818][ T5837] cgroup: Unknown subsys name 'net' [ 47.468348][ T5837] cgroup: Unknown subsys name 'cpuset' [ 47.474897][ T5837] cgroup: Unknown subsys name 'rlimit' [ 47.698713][ T5864] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 48.349336][ T5837] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 51.983441][ T40] kauditd_printk_skb: 18 callbacks suppressed [ 51.983456][ T40] audit: type=1400 audit(1769382541.059:85): avc: denied { execmem } for pid=5919 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 52.144093][ T40] audit: type=1400 audit(1769382541.219:86): avc: denied { create } for pid=5924 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 52.150110][ T40] audit: type=1400 audit(1769382541.219:87): avc: denied { create } for pid=5923 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 52.161498][ T40] audit: type=1400 audit(1769382541.219:89): avc: denied { read write } for pid=5923 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 52.169098][ T40] audit: type=1400 audit(1769382541.219:88): avc: denied { read write } for pid=5924 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 52.176129][ T40] audit: type=1400 audit(1769382541.219:90): avc: denied { open } for pid=5923 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 52.183531][ T40] audit: type=1400 audit(1769382541.219:91): avc: denied { open } for pid=5924 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 52.184973][ T5932] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 52.187914][ T5937] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 52.188671][ T5937] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 52.191094][ T40] audit: type=1400 audit(1769382541.239:93): avc: denied { ioctl } for pid=5924 comm="syz-executor" path="socket:[6528]" dev="sockfs" ino=6528 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 52.191323][ T5939] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 52.194091][ T5940] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 52.194366][ T5939] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 52.194854][ T5939] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 52.195276][ T5939] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 52.195520][ T5939] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 52.195956][ T40] audit: type=1400 audit(1769382541.239:92): avc: denied { ioctl } for pid=5923 comm="syz-executor" path="socket:[3821]" dev="sockfs" ino=3821 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 52.200153][ T5937] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 52.206892][ T5940] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 52.209841][ T5288] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 52.210092][ T5937] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 52.211813][ T40] audit: type=1400 audit(1769382541.289:94): avc: denied { read } for pid=5924 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 52.218206][ T5939] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 52.234227][ T5940] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 52.234713][ T5288] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 52.235391][ T5288] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 52.237777][ T5939] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 52.240996][ T5935] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 52.242608][ T5939] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 52.434176][ T5934] chnl_net:caif_netlink_parms(): no params data found [ 52.442354][ T5924] chnl_net:caif_netlink_parms(): no params data found [ 52.559848][ T5934] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.563064][ T5934] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.565878][ T5934] bridge_slave_0: entered allmulticast mode [ 52.569001][ T5934] bridge_slave_0: entered promiscuous mode [ 52.577583][ T5934] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.579843][ T5934] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.582393][ T5934] bridge_slave_1: entered allmulticast mode [ 52.585168][ T5934] bridge_slave_1: entered promiscuous mode [ 52.592572][ T5924] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.594993][ T5924] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.597372][ T5924] bridge_slave_0: entered allmulticast mode [ 52.599999][ T5924] bridge_slave_0: entered promiscuous mode [ 52.606208][ T5924] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.608546][ T5924] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.611529][ T5924] bridge_slave_1: entered allmulticast mode [ 52.614901][ T5924] bridge_slave_1: entered promiscuous mode [ 52.638951][ T5926] chnl_net:caif_netlink_parms(): no params data found [ 52.653236][ T5924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.672724][ T5934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.677424][ T5924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.699414][ T5934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.715229][ T5924] team0: Port device team_slave_0 added [ 52.730840][ T5924] team0: Port device team_slave_1 added [ 52.740231][ T5923] chnl_net:caif_netlink_parms(): no params data found [ 52.751852][ T5934] team0: Port device team_slave_0 added [ 52.767701][ T5924] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 52.769955][ T5924] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 52.778357][ T5924] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 52.784230][ T5934] team0: Port device team_slave_1 added [ 52.808153][ T5924] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 52.810398][ T5924] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 52.818852][ T5924] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 52.836726][ T5926] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.839093][ T5926] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.841483][ T5926] bridge_slave_0: entered allmulticast mode [ 52.844344][ T5926] bridge_slave_0: entered promiscuous mode [ 52.847830][ T5926] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.850215][ T5926] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.852757][ T5926] bridge_slave_1: entered allmulticast mode [ 52.855669][ T5926] bridge_slave_1: entered promiscuous mode [ 52.859093][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 52.861404][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 52.870088][ T5934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 52.896432][ T5934] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 52.898678][ T5934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 52.908691][ T5934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 52.924567][ T5926] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.936852][ T5924] hsr_slave_0: entered promiscuous mode [ 52.939314][ T5924] hsr_slave_1: entered promiscuous mode [ 52.970212][ T5926] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.989323][ T5934] hsr_slave_0: entered promiscuous mode [ 52.992525][ T5934] hsr_slave_1: entered promiscuous mode [ 52.996054][ T5934] debugfs: 'hsr0' already exists in 'hsr' [ 52.998470][ T5934] Cannot create hsr debugfs directory [ 53.000933][ T5923] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.004196][ T5923] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.006589][ T5923] bridge_slave_0: entered allmulticast mode [ 53.009229][ T5923] bridge_slave_0: entered promiscuous mode [ 53.017149][ T5923] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.019407][ T5923] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.021753][ T5923] bridge_slave_1: entered allmulticast mode [ 53.024483][ T5923] bridge_slave_1: entered promiscuous mode [ 53.040299][ T5926] team0: Port device team_slave_0 added [ 53.044358][ T5926] team0: Port device team_slave_1 added [ 53.068691][ T5923] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.073397][ T5923] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.082135][ T5926] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.086339][ T5926] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.097284][ T5926] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.117331][ T5926] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.119598][ T5926] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.128170][ T5926] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.169052][ T5923] team0: Port device team_slave_0 added [ 53.175446][ T5923] team0: Port device team_slave_1 added [ 53.201343][ T5926] hsr_slave_0: entered promiscuous mode [ 53.204696][ T5926] hsr_slave_1: entered promiscuous mode [ 53.206893][ T5926] debugfs: 'hsr0' already exists in 'hsr' [ 53.208920][ T5926] Cannot create hsr debugfs directory [ 53.240546][ T5923] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.243037][ T5923] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.252101][ T5923] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.264937][ T5923] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.267135][ T5923] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.275561][ T5923] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.357702][ T5923] hsr_slave_0: entered promiscuous mode [ 53.360003][ T5923] hsr_slave_1: entered promiscuous mode [ 53.362053][ T5923] debugfs: 'hsr0' already exists in 'hsr' [ 53.364183][ T5923] Cannot create hsr debugfs directory [ 53.551216][ T5924] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 53.561167][ T5924] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 53.573677][ T5924] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 53.585348][ T5924] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 53.610269][ T5934] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 53.622191][ T5934] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 53.626710][ T5934] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 53.632922][ T5934] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 53.677520][ T5926] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 53.682221][ T5926] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 53.690013][ T5926] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 53.697018][ T5926] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 53.775302][ T5923] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 53.779713][ T5923] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 53.786657][ T5923] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 53.791423][ T5923] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 53.829195][ T5934] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.834974][ T5924] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.858717][ T5924] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.867779][ T5934] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.876225][ T98] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.878739][ T98] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.893817][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.896311][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.901637][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.904096][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.920834][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.923514][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.949814][ T5926] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.985676][ T5926] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.990844][ T5923] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.006705][ T5923] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.021220][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.023599][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.027985][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.030271][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.046999][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.049347][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.052633][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.055027][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.112014][ T5924] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.157036][ T5934] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.186882][ T5924] veth0_vlan: entered promiscuous mode [ 54.201846][ T5924] veth1_vlan: entered promiscuous mode [ 54.215075][ T5934] veth0_vlan: entered promiscuous mode [ 54.236714][ T5934] veth1_vlan: entered promiscuous mode [ 54.248491][ T5924] veth0_macvtap: entered promiscuous mode [ 54.253951][ T5924] veth1_macvtap: entered promiscuous mode [ 54.254887][ T64] Bluetooth: hci3: command tx timeout [ 54.254982][ T5939] Bluetooth: hci0: command tx timeout [ 54.285270][ T5926] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.290304][ T5923] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.301087][ T5934] veth0_macvtap: entered promiscuous mode [ 54.307765][ T5924] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.316825][ T5934] veth1_macvtap: entered promiscuous mode [ 54.324316][ T64] Bluetooth: hci1: command tx timeout [ 54.324903][ T5939] Bluetooth: hci2: command tx timeout [ 54.330731][ T5924] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.348570][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.352521][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.359796][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.376122][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.379864][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.390313][ T5934] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.419844][ T60] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.430789][ T60] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.433731][ T60] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.448913][ T60] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.453242][ T5926] veth0_vlan: entered promiscuous mode [ 54.456749][ T5923] veth0_vlan: entered promiscuous mode [ 54.489295][ T5926] veth1_vlan: entered promiscuous mode [ 54.498174][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.501481][ T5923] veth1_vlan: entered promiscuous mode [ 54.502002][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.554078][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.557000][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.569778][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.574110][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.586087][ T5923] veth0_macvtap: entered promiscuous mode [ 54.589657][ T98] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.592270][ T98] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.598152][ T5923] veth1_macvtap: entered promiscuous mode [ 54.607548][ T5926] veth0_macvtap: entered promiscuous mode [ 54.615445][ T5926] veth1_macvtap: entered promiscuous mode [ 54.632656][ T5934] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 54.632813][ T5926] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.655728][ T5923] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.663675][ T5926] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.670664][ T5923] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.697411][ T1145] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.703241][ T1145] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.723203][ T1145] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.727775][ T1145] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.729504][ T6016] mmap: syz.1.2 (6016) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 54.741423][ T1145] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.747686][ T6016] tmpfs: Bad value for 'mpol' [ 54.757672][ T1145] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.760912][ T1145] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.763863][ T1145] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.781669][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.785448][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.819369][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.821946][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.839222][ T98] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.842233][ T98] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.852043][ T98] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.855264][ T98] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.001267][ T6035] bond1: option arp_validate: invalid value (2048) [ 55.007259][ T6035] bond1 (unregistering): Released all slaves [ 55.029702][ T6029] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 55.032405][ T6029] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 55.046018][ T6029] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 55.055359][ T6029] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 55.057788][ T6029] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 55.065411][ T6029] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 55.073134][ T6029] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 55.075508][ T6029] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 55.080044][ T6029] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 55.087348][ T6029] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 55.089619][ T6029] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 55.097839][ T6029] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN NOPTI [ 55.102231][ T6029] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f] [ 55.105209][ T6029] CPU: 3 UID: 0 PID: 6029 Comm: syz.0.1 Not tainted syzkaller #0 PREEMPT(full) [ 55.108385][ T6029] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 55.111688][ T6029] RIP: 0010:klist_put+0x4d/0x1d0 [ 55.113376][ T6029] Code: c1 ea 03 80 3c 02 00 0f 85 74 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 23 49 83 e4 fe 49 8d 7c 24 58 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 43 01 00 00 4c 89 e7 4d 8b 74 24 58 e8 ac ee 0c [ 55.119626][ T6029] RSP: 0018:ffffc9000406f290 EFLAGS: 00010202 [ 55.121610][ T6029] RAX: dffffc0000000000 RBX: ffff88803dd3a460 RCX: ffffc90007862000 [ 55.124298][ T6029] RDX: 000000000000000b RSI: ffffffff8b6c9225 RDI: 0000000000000058 [ 55.127009][ T6029] RBP: 0000000000000001 R08: 0000000000000000 R09: fffffbfff21350fc [ 55.130226][ T6029] R10: ffffffff909a87e3 R11: 0000000000000001 R12: 0000000000000000 [ 55.133666][ T6029] R13: 0000000000000001 R14: ffffffff909a87a0 R15: dffffc0000000000 [ 55.136971][ T6029] FS: 00007f038c8a46c0(0000) GS:ffff8880d68dc000(0000) knlGS:0000000000000000 [ 55.140594][ T6029] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.143468][ T6029] CR2: 00007ffd0494fd8f CR3: 0000000055f94000 CR4: 0000000000352ef0 [ 55.146839][ T6029] Call Trace: [ 55.148315][ T6029] [ 55.149583][ T6029] klist_remove+0x14c/0x2e0 [ 55.151531][ T6029] ? __pfx_klist_remove+0x10/0x10 [ 55.153702][ T6029] ? kobject_move+0x15d/0x260 [ 55.155732][ T6029] ? kobject_put+0xb9/0x640 [ 55.157690][ T6029] device_move+0x12d/0x1140 [ 55.159631][ T6029] hci_conn_del_sysfs+0x86/0x1a0 [ 55.161749][ T6029] hci_conn_del+0x506/0x1180 [ 55.163773][ T6029] hci_abort_conn_sync+0x7d9/0xb20 [ 55.166018][ T6029] ? __pfx_hci_abort_conn_sync+0x10/0x10 [ 55.168469][ T6029] ? find_held_lock+0x2b/0x80 [ 55.170153][ T6029] ? hci_disconnect_all_sync.constprop.0.isra.0+0xbe/0x430 [ 55.172480][ T6029] ? hci_disconnect_all_sync.constprop.0.isra.0+0xbe/0x430 [ 55.174767][ T6029] ? hci_disconnect_all_sync.constprop.0.isra.0+0xbe/0x430 [ 55.177186][ T6029] hci_disconnect_all_sync.constprop.0.isra.0+0x155/0x430 [ 55.179495][ T6029] ? __pfx_hci_disconnect_all_sync.constprop.0.isra.0+0x10/0x10 [ 55.181973][ T6029] ? __hci_cmd_sync_status_sk+0xe4/0x190 [ 55.183822][ T6029] hci_suspend_sync+0x8b7/0xa70 [ 55.185525][ T6029] ? __pfx_hci_suspend_sync+0x10/0x10 [ 55.187532][ T6029] ? mgmt_pending_find+0x13e/0x1a0 [ 55.189284][ T6029] hci_suspend_dev+0x31d/0x540 [ 55.190799][ T6029] ? __pfx_hci_suspend_dev+0x10/0x10 [ 55.192532][ T6029] ? kobject_get+0xbb/0x150 [ 55.194428][ T6029] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 55.196937][ T6029] hci_suspend_notifier+0x21e/0x330 [ 55.199122][ T6029] notifier_call_chain+0x99/0x3b0 [ 55.201232][ T6029] blocking_notifier_call_chain_robust+0xc8/0x160 [ 55.203532][ T6029] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 55.205869][ T6029] pm_notifier_call_chain_robust+0x27/0x60 [ 55.208026][ T6029] snapshot_open+0x189/0x2a0 [ 55.209685][ T6029] ? __pfx_snapshot_open+0x10/0x10 [ 55.211331][ T6029] misc_open+0x26d/0x450 [ 55.212862][ T6029] ? __pfx_misc_open+0x10/0x10 [ 55.214511][ T6029] chrdev_open+0x234/0x6a0 [ 55.216019][ T6029] ? __pfx_chrdev_open+0x10/0x10 [ 55.217643][ T6029] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 55.219637][ T6029] do_dentry_open+0x73e/0x1570 [ 55.221205][ T6029] ? __pfx_chrdev_open+0x10/0x10 [ 55.222779][ T6029] ? security_inode_permission+0xbf/0x250 [ 55.224669][ T6029] vfs_open+0x82/0x3f0 [ 55.225990][ T6029] path_openat+0x21dc/0x3120 [ 55.227620][ T6029] ? __pfx_path_openat+0x10/0x10 [ 55.229426][ T6029] do_filp_open+0x1f7/0x420 [ 55.230878][ T6029] ? __pfx_do_filp_open+0x10/0x10 [ 55.232491][ T6029] ? _raw_spin_unlock+0x28/0x50 [ 55.234030][ T6029] ? alloc_fd+0x476/0x790 [ 55.235485][ T6029] do_sys_openat2+0x12e/0x220 [ 55.237019][ T6029] ? __pfx_do_sys_openat2+0x10/0x10 [ 55.238668][ T6029] __x64_sys_openat+0x12d/0x210 [ 55.240299][ T6029] ? __pfx___x64_sys_openat+0x10/0x10 [ 55.242117][ T6029] ? xfd_validate_state+0x129/0x190 [ 55.243822][ T6029] do_syscall_64+0xc9/0xf80 [ 55.245373][ T6029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.247404][ T6029] RIP: 0033:0x7f038b99acb9 [ 55.248913][ T6029] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 55.255344][ T6029] RSP: 002b:00007f038c8a4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 55.258131][ T6029] RAX: ffffffffffffffda RBX: 00007f038bc15fa0 RCX: 00007f038b99acb9 [ 55.260726][ T6029] RDX: 0000000000000a40 RSI: 0000200000000200 RDI: ffffffffffffff9c [ 55.263265][ T6029] RBP: 00007f038ba08bf7 R08: 0000000000000000 R09: 0000000000000000 [ 55.266103][ T6029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.269418][ T6029] R13: 00007f038bc16038 R14: 00007f038bc15fa0 R15: 00007ffedd3ba388 [ 55.272550][ T6029] [ 55.273649][ T6029] Modules linked in: [ 55.275690][ T6029] ---[ end trace 0000000000000000 ]--- [ 55.278909][ T6029] RIP: 0010:klist_put+0x4d/0x1d0 [ 55.280562][ T6029] Code: c1 ea 03 80 3c 02 00 0f 85 74 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 23 49 83 e4 fe 49 8d 7c 24 58 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 43 01 00 00 4c 89 e7 4d 8b 74 24 58 e8 ac ee 0c [ 55.287224][ T6029] RSP: 0018:ffffc9000406f290 EFLAGS: 00010202 [ 55.289180][ T6029] RAX: dffffc0000000000 RBX: ffff88803dd3a460 RCX: ffffc90007862000 [ 55.291690][ T6029] RDX: 000000000000000b RSI: ffffffff8b6c9225 RDI: 0000000000000058 [ 55.294396][ T6029] RBP: 0000000000000001 R08: 0000000000000000 R09: fffffbfff21350fc [ 55.297930][ T6029] R10: ffffffff909a87e3 R11: 0000000000000001 R12: 0000000000000000 [ 55.301346][ T6029] R13: 0000000000000001 R14: ffffffff909a87a0 R15: dffffc0000000000 [ 55.305143][ T6029] FS: 00007f038c8a46c0(0000) GS:ffff8880d67dc000(0000) knlGS:0000000000000000 [ 55.308876][ T6029] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.311607][ T6029] CR2: 00007faaee51f130 CR3: 0000000055f94000 CR4: 0000000000352ef0 [ 55.315156][ T6029] Kernel panic - not syncing: Fatal exception [ 55.318390][ T6029] Kernel Offset: disabled [ 55.319826][ T6029] Rebooting in 86400 seconds..