T28] audit: type=1400 audit(1771166959.920:62): avc: denied { rlimitinh } for pid=254 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 17.331501][ T28] audit: type=1400 audit(1771166959.920:63): avc: denied { siginh } for pid=254 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.0.195' (ED25519) to the list of known hosts.
2026/02/15 14:49:29 parsed 1 programs
[ 26.521256][ T28] audit: type=1400 audit(1771166969.130:64): avc: denied { node_bind } for pid=284 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 26.542960][ T28] audit: type=1400 audit(1771166969.130:65): avc: denied { module_request } for pid=284 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 27.344232][ T28] audit: type=1400 audit(1771166969.950:66): avc: denied { mounton } for pid=290 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 27.345278][ T290] cgroup: Unknown subsys name 'net'
[ 27.367282][ T28] audit: type=1400 audit(1771166969.950:67): avc: denied { mount } for pid=290 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 27.394933][ T28] audit: type=1400 audit(1771166969.980:68): avc: denied { unmount } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 27.395112][ T290] cgroup: Unknown subsys name 'devices'
[ 27.536606][ T290] cgroup: Unknown subsys name 'hugetlb'
[ 27.542323][ T290] cgroup: Unknown subsys name 'rlimit'
[ 27.651064][ T28] audit: type=1400 audit(1771166970.260:69): avc: denied { setattr } for pid=290 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 27.674581][ T28] audit: type=1400 audit(1771166970.260:70): avc: denied { create } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 27.683297][ T294] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 27.695300][ T28] audit: type=1400 audit(1771166970.260:71): avc: denied { write } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 27.724244][ T28] audit: type=1400 audit(1771166970.260:72): avc: denied { read } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 27.744675][ T28] audit: type=1400 audit(1771166970.260:73): avc: denied { mounton } for pid=290 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 27.795095][ T290] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 28.605712][ T301] request_module fs-gadgetfs succeeded, but still no fs?
[ 28.938678][ T317] bridge0: port 1(bridge_slave_0) entered blocking state
[ 28.951571][ T317] bridge0: port 1(bridge_slave_0) entered disabled state
[ 28.972308][ T317] device bridge_slave_0 entered promiscuous mode
[ 28.986240][ T317] bridge0: port 2(bridge_slave_1) entered blocking state
[ 28.993556][ T317] bridge0: port 2(bridge_slave_1) entered disabled state
[ 29.001180][ T317] device bridge_slave_1 entered promiscuous mode
[ 29.233411][ T317] bridge0: port 2(bridge_slave_1) entered blocking state
[ 29.240869][ T317] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 29.248460][ T317] bridge0: port 1(bridge_slave_0) entered blocking state
[ 29.255705][ T317] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 29.288439][ T349] bridge0: port 1(bridge_slave_0) entered disabled state
[ 29.296105][ T349] bridge0: port 2(bridge_slave_1) entered disabled state
[ 29.304009][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 29.312592][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 29.335750][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 29.344113][ T349] bridge0: port 1(bridge_slave_0) entered blocking state
[ 29.351207][ T349] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 29.359024][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 29.367943][ T349] bridge0: port 2(bridge_slave_1) entered blocking state
[ 29.375284][ T349] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 29.395552][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 29.404027][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 29.419173][ T317] device veth0_vlan entered promiscuous mode
[ 29.427332][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 29.436368][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 29.444020][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 29.452075][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 29.467803][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 29.476680][ T317] device veth1_macvtap entered promiscuous mode
2026/02/15 14:49:32 executed programs: 0
[ 29.488259][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 29.506038][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 29.551450][ T317] syz-executor (317) used greatest stack depth: 20864 bytes left
[ 29.670224][ T365] bridge0: port 1(bridge_slave_0) entered blocking state
[ 29.677460][ T365] bridge0: port 1(bridge_slave_0) entered disabled state
[ 29.685176][ T365] device bridge_slave_0 entered promiscuous mode
[ 29.693444][ T365] bridge0: port 2(bridge_slave_1) entered blocking state
[ 29.700783][ T365] bridge0: port 2(bridge_slave_1) entered disabled state
[ 29.708239][ T365] device bridge_slave_1 entered promiscuous mode
[ 29.763740][ T370] bridge0: port 1(bridge_slave_0) entered blocking state
[ 29.770902][ T370] bridge0: port 1(bridge_slave_0) entered disabled state
[ 29.778448][ T370] device bridge_slave_0 entered promiscuous mode
[ 29.815846][ T370] bridge0: port 2(bridge_slave_1) entered blocking state
[ 29.823002][ T370] bridge0: port 2(bridge_slave_1) entered disabled state
[ 29.830538][ T370] device bridge_slave_1 entered promiscuous mode
[ 29.877041][ T371] bridge0: port 1(bridge_slave_0) entered blocking state
[ 29.884208][ T371] bridge0: port 1(bridge_slave_0) entered disabled state
[ 29.892029][ T371] device bridge_slave_0 entered promiscuous mode
[ 29.902147][ T371] bridge0: port 2(bridge_slave_1) entered blocking state
[ 29.909588][ T371] bridge0: port 2(bridge_slave_1) entered disabled state
[ 29.917287][ T371] device bridge_slave_1 entered promiscuous mode
[ 29.968918][ T367] bridge0: port 1(bridge_slave_0) entered blocking state
[ 29.976150][ T367] bridge0: port 1(bridge_slave_0) entered disabled state
[ 29.983711][ T367] device bridge_slave_0 entered promiscuous mode
[ 29.991621][ T367] bridge0: port 2(bridge_slave_1) entered blocking state
[ 29.998974][ T367] bridge0: port 2(bridge_slave_1) entered disabled state
[ 30.006537][ T367] device bridge_slave_1 entered promiscuous mode
[ 30.051059][ T373] bridge0: port 1(bridge_slave_0) entered blocking state
[ 30.058248][ T373] bridge0: port 1(bridge_slave_0) entered disabled state
[ 30.066090][ T373] device bridge_slave_0 entered promiscuous mode
[ 30.095779][ T373] bridge0: port 2(bridge_slave_1) entered blocking state
[ 30.102844][ T373] bridge0: port 2(bridge_slave_1) entered disabled state
[ 30.110540][ T373] device bridge_slave_1 entered promiscuous mode
[ 30.123504][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 30.131083][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 30.193518][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 30.201903][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 30.210674][ T349] bridge0: port 1(bridge_slave_0) entered blocking state
[ 30.217740][ T349] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 30.249913][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 30.258038][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 30.266684][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 30.275589][ T349] bridge0: port 2(bridge_slave_1) entered blocking state
[ 30.282721][ T349] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 30.337571][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 30.345758][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 30.382872][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 30.391291][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 30.418466][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 30.426278][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 30.445962][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 30.454713][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 30.463155][ T349] bridge0: port 1(bridge_slave_0) entered blocking state
[ 30.470442][ T349] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 30.485468][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 30.494083][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 30.525404][ T365] device veth0_vlan entered promiscuous mode
[ 30.533029][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 30.542191][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 30.550066][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 30.558057][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 30.566949][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 30.575297][ T349] bridge0: port 2(bridge_slave_1) entered blocking state
[ 30.582948][ T349] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 30.590925][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 30.598644][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 30.626979][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 30.635315][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 30.643599][ T349] bridge0: port 1(bridge_slave_0) entered blocking state
[ 30.650653][ T349] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 30.658773][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 30.667368][ T349] bridge0: port 2(bridge_slave_1) entered blocking state
[ 30.674586][ T349] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 30.682628][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 30.690915][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 30.699181][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 30.719830][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 30.728107][ T349] bridge0: port 1(bridge_slave_0) entered blocking state
[ 30.735341][ T349] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 30.743281][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 30.751462][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 30.759464][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 30.768029][ T349] bridge0: port 2(bridge_slave_1) entered blocking state
[ 30.775255][ T349] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 30.782874][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 30.791687][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 30.799909][ T349] bridge0: port 1(bridge_slave_0) entered blocking state
[ 30.806977][ T349] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 30.814657][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 30.822965][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 30.830890][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 30.840562][ T365] device veth1_macvtap entered promiscuous mode
[ 30.867818][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 30.876165][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 30.884188][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 30.892966][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 30.901615][ T349] bridge0: port 2(bridge_slave_1) entered blocking state
[ 30.908876][ T349] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 30.916555][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 30.925123][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 30.933153][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 30.941304][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 30.970554][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 30.979090][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 30.987717][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 30.996508][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 31.004969][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 31.013216][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 31.042053][ T370] device veth0_vlan entered promiscuous mode
[ 31.052039][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 31.061511][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 31.070181][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 31.078866][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 31.087139][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 31.095758][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 31.104016][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 31.112238][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 31.120465][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 31.128904][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 31.137612][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 31.145343][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 31.152989][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 31.160708][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 31.169267][ T373] device veth0_vlan entered promiscuous mode
[ 31.178568][ T371] device veth0_vlan entered promiscuous mode
[ 31.195503][ T367] device veth0_vlan entered promiscuous mode
[ 31.208096][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 31.216416][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 31.226307][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 31.234326][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 31.242856][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 31.250469][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 31.258406][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 31.266101][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 31.277123][ T370] device veth1_macvtap entered promiscuous mode
[ 31.286820][ T373] device veth1_macvtap entered promiscuous mode
[ 31.300792][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 31.309284][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 31.317917][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 31.326096][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 31.334351][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 31.342683][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 31.357203][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 31.365976][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 31.379812][ T367] device veth1_macvtap entered promiscuous mode
[ 31.386897][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 31.395381][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 31.403820][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 31.412940][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 31.421229][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 31.439011][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 31.447599][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 31.456512][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 31.465859][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 31.474174][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 31.482723][ T222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 31.497525][ T371] device veth1_macvtap entered promiscuous mode
[ 31.528071][ T222] Bluetooth: hci1: Frame reassembly failed (-84)
[ 31.539350][ T425] Bluetooth: hci2: Frame reassembly failed (-84)
[ 31.539435][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 31.553626][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 31.562557][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 31.571420][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 31.580538][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 31.605399][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 31.613951][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 31.622557][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 31.631832][ T349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 31.635363][ T222] Bluetooth: hci3: Frame reassembly failed (-84)
[ 31.666890][ T222] Bluetooth: hci4: Frame reassembly failed (-84)
[ 31.745536][ T8] device bridge_slave_1 left promiscuous mode
[ 31.751765][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 31.759331][ T8] device bridge_slave_0 left promiscuous mode
[ 31.765770][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 31.773702][ T8] device veth1_macvtap left promiscuous mode
[ 31.780339][ T8] device veth0_vlan left promiscuous mode
[ 33.124712][ T419] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[ 33.131060][ T8] Bluetooth: hci0: Frame reassembly failed (-84)
[ 33.524819][ T421] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 33.604695][ T423] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 33.604894][ T421] Bluetooth: hci2: command 0x1003 tx timeout
[ 33.684632][ T429] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 33.684667][ T426] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 33.690948][ T429] Bluetooth: hci3: command 0x1003 tx timeout
[ 35.204990][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 35.205001][ T426] Bluetooth: hci0: command 0x0c1a tx timeout
[ 35.217574][ T422] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 35.223810][ T424] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 35.229964][ T428] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 35.238948][ T430] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 35.254041][ T8] Bluetooth: hci1: Frame reassembly failed (-84)
2026/02/15 14:49:37 executed programs: 15
[ 35.279463][ T8] Bluetooth: hci0: Frame reassembly failed (-84)
[ 35.306053][ T222] Bluetooth: hci2: Frame reassembly failed (-84)
[ 35.324912][ T349] Bluetooth: hci4: Frame reassembly failed (-84)
[ 35.325875][ T222] Bluetooth: hci3: Frame reassembly failed (-84)
[ 35.331418][ T349] Bluetooth: hci4: Frame reassembly failed (-84)
[ 37.284694][ T421] Bluetooth: hci1: command 0x1003 tx timeout
[ 37.284758][ T423] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 37.290754][ T421] Bluetooth: hci0: command 0x1003 tx timeout
[ 37.290788][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 37.290915][ T438] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 37.316039][ T439] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 37.318152][ T349] Bluetooth: hci1: Frame reassembly failed (-84)
[ 37.322143][ T440] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 37.334737][ T441] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 37.340886][ T442] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 37.364689][ T429] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 37.364738][ T420] Bluetooth: hci4: command 0x1003 tx timeout
[ 37.370900][ T45] Bluetooth: hci2: command 0x1003 tx timeout
[ 37.374614][ T421] Bluetooth: hci3: command 0x1003 tx timeout
[ 37.377249][ T431] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 37.383340][ T426] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 37.412773][ T222] Bluetooth: hci2: Frame reassembly failed (-84)
[ 37.419716][ T425] Bluetooth: hci0: Frame reassembly failed (-84)
[ 37.426570][ T349] Bluetooth: hci3: Frame reassembly failed (-84)
[ 37.433106][ T222] Bluetooth: hci4: Frame reassembly failed (-84)
[ 39.364612][ T423] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 39.365795][ T45] Bluetooth: hci1: command 0x1003 tx timeout
[ 39.384083][ T222] Bluetooth: hci1: Frame reassembly failed (-84)
[ 39.444645][ T421] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 39.444670][ T420] Bluetooth: hci4: command 0x1003 tx timeout
[ 39.450854][ T420] Bluetooth: hci3: command 0x1003 tx timeout
[ 39.450873][ T420] Bluetooth: hci2: command 0x1003 tx timeout
[ 39.457224][ T45] Bluetooth: hci0: command 0x1003 tx timeout
[ 39.463169][ T431] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 39.469428][ T429] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 39.475254][ T426] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 39.493687][ T444] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 39.499802][ T443] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 39.505984][ T445] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 39.512063][ T446] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 39.518637][ T447] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 39.551496][ T425] Bluetooth: hci0: Frame reassembly failed (-84)
[ 39.577226][ T222] Bluetooth: hci2: Frame reassembly failed (-84)
[ 39.590907][ T43] Bluetooth: hci4: Frame reassembly failed (-84)
[ 39.592546][ T425] Bluetooth: hci3: Frame reassembly failed (-84)
2026/02/15 14:49:44 executed programs: 30
[ 41.444653][ T423] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 41.444653][ T429] Bluetooth: hci1: command 0x1003 tx timeout
[ 41.465038][ T425] Bluetooth: hci1: Frame reassembly failed (-84)
[ 41.604644][ T420] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 41.604641][ T426] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 41.604695][ T420] Bluetooth: hci0: command 0x1003 tx timeout
[ 41.610887][ T426] Bluetooth: hci4: command 0x1003 tx timeout
[ 41.617055][ T448] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 41.629128][ T431] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 41.641368][ T449] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 41.647530][ T450] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 41.653730][ T451] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 41.659900][ T452] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 41.666492][ T453] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 41.719012][ T425] Bluetooth: hci0: Frame reassembly failed (-84)
[ 41.725891][ T349] Bluetooth: hci2: Frame reassembly failed (-84)
[ 41.725928][ T43] Bluetooth: hci3: Frame reassembly failed (-84)
[ 41.739277][ T222] Bluetooth: hci4: Frame reassembly failed (-84)
[ 43.524659][ T45] Bluetooth: hci1: command 0x1003 tx timeout
[ 43.530935][ T423] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 43.544389][ T222] Bluetooth: hci1: Frame reassembly failed (-84)
[ 43.764684][ T431] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 43.764987][ T429] Bluetooth: hci4: command 0x1003 tx timeout
[ 43.770832][ T431] Bluetooth: hci0: command 0x1003 tx timeout
[ 43.776914][ T420] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 43.782912][ T45] Bluetooth: hci3: command 0x1003 tx timeout
[ 43.789198][ T448] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 43.795516][ T426] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 43.807826][ T454] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 43.814158][ T455] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 43.820616][ T456] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 43.826953][ T457] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 43.833034][ T458] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 43.889367][ T222] Bluetooth: hci2: Frame reassembly failed (-84)
[ 43.895790][ T43] Bluetooth: hci0: Frame reassembly failed (-84)
[ 43.906447][ T8] Bluetooth: hci3: Frame reassembly failed (-84)
[ 43.913696][ T349] Bluetooth: hci4: Frame reassembly failed (-84)
[ 45.604626][ T423] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 45.604665][ T448] Bluetooth: hci1: command 0x1003 tx timeout
[ 45.625198][ T425] Bluetooth: hci1: Frame reassembly failed (-84)
[ 45.631743][ T425] Bluetooth: hci1: Frame reassembly failed (-84)
[ 45.924626][ T426] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 45.924666][ T45] Bluetooth: hci4: command 0x1003 tx timeout
[ 45.930852][ T426] Bluetooth: hci3: command 0x1003 tx timeout
[ 45.936887][ T420] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 45.943251][ T426] Bluetooth: hci0: command 0x1003 tx timeout
[ 45.949064][ T429] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 45.955679][ T431] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 45.968104][ T460] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 45.974343][ T461] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 45.980774][ T459] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 45.987056][ T462] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 45.993259][ T463] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 46.036360][ T425] Bluetooth: hci0: Frame reassembly failed (-84)
[ 46.043002][ T349] Bluetooth: hci2: Frame reassembly failed (-84)
[ 46.058410][ T425] Bluetooth: hci3: Frame reassembly failed (-84)
[ 46.058410][ T8] Bluetooth: hci4: Frame reassembly failed (-84)
2026/02/15 14:49:50 executed programs: 45
[ 47.684672][ T448] Bluetooth: hci1: command 0x1003 tx timeout
[ 47.684671][ T423] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 47.704357][ T43] Bluetooth: hci1: Frame reassembly failed (-84)
[ 48.084634][ T431] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 48.084668][ T426] Bluetooth: hci4: command 0x1003 tx timeout
[ 48.090815][ T431] Bluetooth: hci3: command 0x1003 tx timeout
[ 48.096886][ T45] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 48.103110][ T431] Bluetooth: hci2: command 0x1003 tx timeout
[ 48.109061][ T420] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 48.115616][ T429] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 49.032521][ T464] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 49.048765][ T466] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 49.058922][ T467] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 49.064988][ T465] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 49.100864][ T43] Bluetooth: hci2: Frame reassembly failed (-84)
[ 49.764671][ T423] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 49.764685][ T426] Bluetooth: hci1: command 0x1003 tx timeout
[ 50.705598][ T468] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 50.718634][ T349] Bluetooth: hci0: Frame reassembly failed (-84)
[ 50.771120][ T43] Bluetooth: hci1: Frame reassembly failed (-84)
[ 51.124628][ T426] Bluetooth: hci4: command 0x1003 tx timeout
[ 51.124628][ T45] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 51.124663][ T420] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 51.130702][ T45] Bluetooth: hci3: command 0x1003 tx timeout
[ 51.136861][ T429] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 51.143085][ T431] Bluetooth: hci2: command 0x1003 tx timeout
[ 51.168550][ T349] Bluetooth: hci2: Frame reassembly failed (-84)
[ 51.175699][ T8] Bluetooth: hci4: Frame reassembly failed (-84)
[ 51.182622][ T8] Bluetooth: hci4: Frame reassembly failed (-84)
[ 51.188256][ T43] Bluetooth: hci3: Frame reassembly failed (-84)
[ 52.724622][ T420] Bluetooth: hci0: command 0x1003 tx timeout
[ 52.724638][ T423] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 52.737454][ T472] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 52.744008][ T473] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 52.750471][ T475] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 52.756819][ T477] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[ 52.763121][ T476] Bluetooth: hci0: Opcode 0x0c1a failed: -22
2026/02/15 14:49:55 executed programs: 54
[ 52.804665][ T448] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 52.804677][ T426] Bluetooth: hci1: command 0x1003 tx timeout
[ 52.823508][ T8] Bluetooth: hci0: Frame reassembly failed (-84)
[ 52.830540][ T425] Bluetooth: hci1: Frame reassembly failed (-84)
[ 52.837049][ T425] Bluetooth: hci1: Frame reassembly failed (-84)
[ 53.204626][ T431] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 53.204857][ T45] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 53.210917][ T431] Bluetooth: hci4: command 0x1003 tx timeout
[ 53.216985][ T429] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 53.223738][ T426] Bluetooth: hci2: command 0x1003 tx timeout
[ 53.249398][ T349] Bluetooth: hci3: Frame reassembly failed (-84)
[ 53.249397][ T425] Bluetooth: hci2: Frame reassembly failed (-84)
[ 53.262861][ T43] Bluetooth: hci4: Frame reassembly failed (-84)
[ 54.804574][ C0] ==================================================================
[ 54.812659][ C0] BUG: KASAN: use-after-free in __run_timers+0x340/0x9f0
[ 54.819769][ C0] Write of size 8 at addr ffff88811c7b0a00 by task swapper/0/0
[ 54.827308][ C0]
[ 54.829721][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0
[ 54.836728][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 54.847035][ C0] Call Trace:
[ 54.850301][ C0]
[ 54.853136][ C0] __dump_stack+0x21/0x24
[ 54.857479][ C0] dump_stack_lvl+0x110/0x170
[ 54.862174][ C0] ? __cfi_dump_stack_lvl+0x8/0x8
[ 54.867185][ C0] ? update_rq_clock+0x536/0x5c0
[ 54.872121][ C0] ? __run_timers+0x340/0x9f0
[ 54.876807][ C0] print_address_description+0x71/0x200
[ 54.882526][ C0] print_report+0x4a/0x60
[ 54.886844][ C0] kasan_report+0x122/0x150
[ 54.891425][ C0] ? __run_timers+0x340/0x9f0
[ 54.896090][ C0] __asan_report_store8_noabort+0x17/0x20
[ 54.901815][ C0] __run_timers+0x340/0x9f0
[ 54.906316][ C0] ? sched_clock+0x9/0x10
[ 54.910945][ C0] ? sched_clock_cpu+0x6e/0x260
[ 54.915796][ C0] ? calc_index+0x200/0x200
[ 54.920457][ C0] ? kvm_sched_clock_read+0x18/0x40
[ 54.925734][ C0] run_timer_softirq+0x6a/0xf0
[ 54.930495][ C0] handle_softirqs+0x1d7/0x600
[ 54.934576][ T448] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 54.935261][ C0] ? irqtime_account_irq+0xc4/0x240
[ 54.946836][ C0] __irq_exit_rcu+0x52/0xf0
[ 54.951328][ C0] irq_exit_rcu+0x9/0x10
[ 54.955653][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 54.961498][ C0]
[ 54.964431][ C0]
[ 54.967449][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 54.973607][ C0] RIP: 0010:default_idle+0xf/0x20
[ 54.978725][ C0] Code: d7 6f b6 fc e9 3d ff ff ff 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 03 08 66 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[ 54.998414][ C0] RSP: 0018:ffffffff87007d58 EFLAGS: 00000257
[ 55.004582][ C0] RAX: ffff8881f6e00000 RBX: ffffffff8701c680 RCX: 0fd297ab96db9e00
[ 55.012691][ C0] RDX: 0000000000000001 RSI: ffffffff85ca6e20 RDI: ffffffff85ca6de0
[ 55.020845][ C0] RBP: ffffffff87007d58 R08: ffff8881f6e348b3 R09: 1ffff1103edc6916
[ 55.028818][ C0] R10: 0000000000000000 R11: ffffffff85002af0 R12: 0000000000000000
[ 55.036799][ C0] R13: 0000000000000000 R14: ffffffff8701c680 R15: dffffc0000000000
[ 55.044785][ C0] ? __cfi_default_idle+0x10/0x10
[ 55.049993][ C0] arch_cpu_idle+0x1c/0x20
[ 55.054510][ C0] default_idle_call+0x71/0x1d0
[ 55.059649][ C0] do_idle+0x1a7/0x560
[ 55.063859][ C0] ? idle_inject_timer_fn+0x60/0x60
[ 55.069164][ C0] ? debug_smp_processor_id+0x17/0x20
[ 55.074592][ C0] cpu_startup_entry+0x43/0x60
[ 55.079482][ C0] rest_init+0x10a/0x130
[ 55.084263][ C0] ? __cfi_x86_late_time_init+0x8/0x8
[ 55.089736][ C0] arch_call_rest_init+0xe/0x10
[ 55.094596][ C0] start_kernel+0x47e/0x4ec
[ 55.099100][ C0] x86_64_start_reservations+0x2a/0x2c
[ 55.104723][ C0] x86_64_start_kernel+0x7c/0x81
[ 55.109909][ C0] secondary_startup_64_no_verify+0xce/0xdb
[ 55.116182][ C0]
[ 55.119276][ C0]
[ 55.121588][ C0] Allocated by task 472:
[ 55.125836][ C0] kasan_set_track+0x4b/0x70
[ 55.130426][ C0] kasan_save_alloc_info+0x25/0x30
[ 55.135644][ C0] __kasan_kmalloc+0x95/0xb0
[ 55.140243][ C0] __kmalloc+0xb1/0x1e0
[ 55.144474][ C0] hci_alloc_dev_priv+0x27/0x1bd0
[ 55.149500][ C0] hci_uart_tty_ioctl+0x3d6/0xa20
[ 55.154530][ C0] tty_ioctl+0x8ef/0xc60
[ 55.158759][ C0] __se_sys_ioctl+0x12f/0x1b0
[ 55.163424][ C0] __x64_sys_ioctl+0x7b/0x90
[ 55.167998][ C0] x64_sys_call+0x58b/0x9a0
[ 55.172575][ C0] do_syscall_64+0x4c/0xa0
[ 55.176980][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 55.182890][ C0]
[ 55.185324][ C0] Freed by task 476:
[ 55.189200][ C0] kasan_set_track+0x4b/0x70
[ 55.193864][ C0] kasan_save_free_info+0x31/0x50
[ 55.198878][ C0] ____kasan_slab_free+0x132/0x180
[ 55.203975][ C0] __kasan_slab_free+0x11/0x20
[ 55.208740][ C0] slab_free_freelist_hook+0xc2/0x190
[ 55.214102][ C0] __kmem_cache_free+0xb7/0x1b0
[ 55.218939][ C0] kfree+0x6f/0xf0
[ 55.222827][ C0] hci_release_dev+0x12a3/0x13b0
[ 55.228013][ C0] bt_host_release+0x82/0x90
[ 55.232687][ C0] device_release+0xa4/0x1d0
[ 55.237270][ C0] kobject_put+0x19d/0x280
[ 55.241760][ C0] put_device+0x1f/0x30
[ 55.245920][ C0] hci_dev_cmd+0x279/0x740
[ 55.250412][ C0] hci_sock_ioctl+0x41e/0x7f0
[ 55.255703][ C0] sock_do_ioctl+0x114/0x330
[ 55.260284][ C0] sock_ioctl+0x4ca/0x720
[ 55.264772][ C0] __se_sys_ioctl+0x12f/0x1b0
[ 55.269434][ C0] __x64_sys_ioctl+0x7b/0x90
[ 55.274097][ C0] x64_sys_call+0x58b/0x9a0
[ 55.278671][ C0] do_syscall_64+0x4c/0xa0
[ 55.283087][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 55.289234][ C0]
[ 55.291544][ C0] Last potentially related work creation:
[ 55.297240][ C0] kasan_save_stack+0x3a/0x60
[ 55.301920][ C0] __kasan_record_aux_stack+0xb6/0xc0
[ 55.307367][ C0] kasan_record_aux_stack_noalloc+0xb/0x10
[ 55.313332][ C0] insert_work+0x51/0x300
[ 55.318086][ C0] __queue_work+0x9b1/0xd30
[ 55.322672][ C0] queue_work_on+0xde/0x150
[ 55.327315][ C0] __hci_cmd_sync_sk+0xa7f/0xd30
[ 55.332346][ C0] hci_cmd_sync_status+0x53/0x120
[ 55.337371][ C0] hci_dev_cmd+0x35b/0x740
[ 55.341896][ C0] hci_sock_ioctl+0x41e/0x7f0
[ 55.346794][ C0] sock_do_ioctl+0x114/0x330
[ 55.351392][ C0] sock_ioctl+0x4ca/0x720
[ 55.355714][ C0] __se_sys_ioctl+0x12f/0x1b0
[ 55.360469][ C0] __x64_sys_ioctl+0x7b/0x90
[ 55.365480][ C0] x64_sys_call+0x58b/0x9a0
[ 55.369990][ C0] do_syscall_64+0x4c/0xa0
[ 55.374397][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 55.380285][ C0]
[ 55.382792][ C0] Second to last potentially related work creation:
[ 55.389529][ C0] kasan_save_stack+0x3a/0x60
[ 55.394283][ C0] __kasan_record_aux_stack+0xb6/0xc0
[ 55.399784][ C0] kasan_record_aux_stack_noalloc+0xb/0x10
[ 55.405575][ C0] insert_work+0x51/0x300
[ 55.409885][ C0] __queue_work+0x9b1/0xd30
[ 55.414372][ C0] queue_work_on+0xde/0x150
[ 55.418858][ C0] __hci_cmd_sync_sk+0xa7f/0xd30
[ 55.423782][ C0] hci_cmd_sync_status+0x53/0x120
[ 55.428889][ C0] hci_dev_cmd+0x35b/0x740
[ 55.433472][ C0] hci_sock_ioctl+0x41e/0x7f0
[ 55.438159][ C0] sock_do_ioctl+0x114/0x330
[ 55.442756][ C0] sock_ioctl+0x4ca/0x720
[ 55.447084][ C0] __se_sys_ioctl+0x12f/0x1b0
[ 55.452723][ C0] __x64_sys_ioctl+0x7b/0x90
[ 55.457303][ C0] x64_sys_call+0x58b/0x9a0
[ 55.461830][ C0] do_syscall_64+0x4c/0xa0
[ 55.466580][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 55.472729][ C0]
[ 55.475040][ C0] The buggy address belongs to the object at ffff88811c7b0000
[ 55.475040][ C0] which belongs to the cache kmalloc-8k of size 8192
[ 55.489422][ C0] The buggy address is located 2560 bytes inside of
[ 55.489422][ C0] 8192-byte region [ffff88811c7b0000, ffff88811c7b2000)
[ 55.502937][ C0]
[ 55.505248][ C0] The buggy address belongs to the physical page:
[ 55.511813][ C0] page:ffffea000471ec00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c7b0
[ 55.522121][ C0] head:ffffea000471ec00 order:3 compound_mapcount:0 compound_pincount:0
[ 55.530429][ C0] flags: 0x4000000000010200(slab|head|zone=1)
[ 55.536754][ C0] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043500
[ 55.545683][ C0] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[ 55.554341][ C0] page dumped because: kasan: bad access detected
[ 55.560740][ C0] page_owner tracks the page as allocated
[ 55.566524][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 472, tgid 472 (syz.6.56), ts 50717815193, free_ts 50717247962
[ 55.589446][ C0] post_alloc_hook+0x1f5/0x210
[ 55.594290][ C0] prep_new_page+0x1c/0x110
[ 55.598792][ C0] get_page_from_freelist+0x2d12/0x2d80
[ 55.604325][ C0] __alloc_pages+0x1d9/0x480
[ 55.608994][ C0] alloc_slab_page+0x6e/0xf0
[ 55.613761][ C0] new_slab+0x98/0x3d0
[ 55.617820][ C0] ___slab_alloc+0x6bd/0xb20
[ 55.622397][ C0] __slab_alloc+0x5e/0xa0
[ 55.626803][ C0] __kmem_cache_alloc_node+0x203/0x2c0
[ 55.632253][ C0] __kmalloc+0xa1/0x1e0
[ 55.636560][ C0] hci_alloc_dev_priv+0x27/0x1bd0
[ 55.641571][ C0] hci_uart_tty_ioctl+0x3d6/0xa20
[ 55.646669][ C0] tty_ioctl+0x8ef/0xc60
[ 55.651175][ C0] __se_sys_ioctl+0x12f/0x1b0
[ 55.655922][ C0] __x64_sys_ioctl+0x7b/0x90
[ 55.660493][ C0] x64_sys_call+0x58b/0x9a0
[ 55.664981][ C0] page last free stack trace:
[ 55.670504][ C0] free_unref_page_prepare+0x742/0x750
[ 55.676038][ C0] free_unref_page+0x95/0x540
[ 55.680981][ C0] __free_pages+0x67/0x100
[ 55.685468][ C0] __free_slab+0xca/0x1a0
[ 55.689788][ C0] __unfreeze_partials+0x160/0x190
[ 55.695082][ C0] put_cpu_partial+0xa9/0x100
[ 55.699782][ C0] __slab_free+0x1c4/0x280
[ 55.704222][ C0] ___cache_free+0xbf/0xd0
[ 55.708719][ C0] qlist_free_all+0xc6/0x140
[ 55.713333][ C0] kasan_quarantine_reduce+0x14a/0x170
[ 55.719039][ C0] __kasan_slab_alloc+0x24/0x80
[ 55.723927][ C0] slab_post_alloc_hook+0x4f/0x2d0
[ 55.729444][ C0] kmem_cache_alloc+0x16e/0x330
[ 55.734389][ C0] security_inode_alloc+0x33/0x120
[ 55.739770][ C0] inode_init_always+0x6fc/0x960
[ 55.744982][ C0] new_inode_pseudo+0xa2/0x1f0
[ 55.749742][ C0]
[ 55.752140][ C0] Memory state around the buggy address:
[ 55.757960][ C0] ffff88811c7b0900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.766100][ C0] ffff88811c7b0980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.774854][ C0] >ffff88811c7b0a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.783156][ C0] ^
[ 55.787294][ C0] ffff88811c7b0a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.795335][ C0] ffff88811c7b0b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 55.803377][ C0] ==================================================================
[ 55.811419][ C0] Disabling lock debugging due to kernel taint
[ 55.817784][ C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[ 55.829937][ C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 55.838511][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B syzkaller #0
[ 55.847084][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 55.855942][ T429] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 55.857232][ C0] RIP: 0010:__queue_work+0x575/0xd30
[ 55.863384][ T429] Bluetooth: hci4: command 0x1003 tx timeout
[ 55.868950][ C0] Code: 39 2b 0f 84 b9 00 00 00 e8 18 47 29 00 4c 89 ff e8 10 31 b8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 cc 74 6e 00 49 8b 7d 00 e8 a3 2c
[ 55.868975][ C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00010046
[ 55.868994][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff8701c680
[ 55.869009][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 55.875009][ T431] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 55.895015][ C0] RBP: ffffc90000007d08 R08: 0000000000000007 R09: fffffffffffffffb
[ 55.895032][ C0] R10: dffffc0000000000 R11: ffffed10238f6139 R12: dffffc0000000000
[ 55.895046][ C0] R13: 0000000000000000 R14: ffff88811c7b09c8 R15: 0000000000000008
[ 55.901260][ T429] Bluetooth: hci2: command 0x1003 tx timeout
[ 55.909722][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 55.909739][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 55.970701][ C0] CR2: 0000200000000000 CR3: 0000000131b91000 CR4: 00000000003506b0
[ 55.978688][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 55.986838][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 55.994907][ C0] Call Trace:
[ 55.998214][ C0]
[ 56.001069][ C0] delayed_work_timer_fn+0x61/0x80
[ 56.006272][ C0] ? __cfi_delayed_work_timer_fn+0x10/0x10
[ 56.012101][ C0] call_timer_fn+0x46/0x2a0
[ 56.016644][ C0] ? __cfi_delayed_work_timer_fn+0x10/0x10
[ 56.022515][ C0] __run_timers+0x689/0x9f0
[ 56.027014][ C0] ? calc_index+0x200/0x200
[ 56.031550][ C0] ? kvm_sched_clock_read+0x18/0x40
[ 56.036829][ C0] run_timer_softirq+0x6a/0xf0
[ 56.041678][ C0] handle_softirqs+0x1d7/0x600
[ 56.046653][ C0] ? irqtime_account_irq+0xc4/0x240
[ 56.052035][ C0] __irq_exit_rcu+0x52/0xf0
[ 56.056882][ C0] irq_exit_rcu+0x9/0x10
[ 56.061573][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 56.067296][ C0]
[ 56.070402][ C0]
[ 56.073326][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 56.079389][ C0] RIP: 0010:default_idle+0xf/0x20
[ 56.084407][ C0] Code: d7 6f b6 fc e9 3d ff ff ff 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 03 08 66 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[ 56.104618][ C0] RSP: 0018:ffffffff87007d58 EFLAGS: 00000257
[ 56.110703][ C0] RAX: ffff8881f6e00000 RBX: ffffffff8701c680 RCX: 0fd297ab96db9e00
[ 56.118769][ C0] RDX: 0000000000000001 RSI: ffffffff85ca6e20 RDI: ffffffff85ca6de0
[ 56.126831][ C0] RBP: ffffffff87007d58 R08: ffff8881f6e348b3 R09: 1ffff1103edc6916
[ 56.134801][ C0] R10: 0000000000000000 R11: ffffffff85002af0 R12: 0000000000000000
[ 56.142866][ C0] R13: 0000000000000000 R14: ffffffff8701c680 R15: dffffc0000000000
[ 56.151192][ C0] ? __cfi_default_idle+0x10/0x10
[ 56.156229][ C0] arch_cpu_idle+0x1c/0x20
[ 56.160810][ C0] default_idle_call+0x71/0x1d0
[ 56.165748][ C0] do_idle+0x1a7/0x560
[ 56.169904][ C0] ? idle_inject_timer_fn+0x60/0x60
[ 56.175103][ C0] ? debug_smp_processor_id+0x17/0x20
[ 56.180573][ C0] cpu_startup_entry+0x43/0x60
[ 56.185779][ C0] rest_init+0x10a/0x130
[ 56.190035][ C0] ? __cfi_x86_late_time_init+0x8/0x8
[ 56.195564][ C0] arch_call_rest_init+0xe/0x10
[ 56.200406][ C0] start_kernel+0x47e/0x4ec
[ 56.204895][ C0] x86_64_start_reservations+0x2a/0x2c
[ 56.210453][ C0] x86_64_start_kernel+0x7c/0x81
[ 56.215647][ C0] secondary_startup_64_no_verify+0xce/0xdb
[ 56.221696][ C0]
[ 56.224721][ C0] Modules linked in:
[ 56.228622][ C0] ---[ end trace 0000000000000000 ]---
[ 56.234234][ C0] RIP: 0010:__queue_work+0x575/0xd30
[ 56.239885][ C0] Code: 39 2b 0f 84 b9 00 00 00 e8 18 47 29 00 4c 89 ff e8 10 31 b8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 cc 74 6e 00 49 8b 7d 00 e8 a3 2c
[ 56.260102][ C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00010046
[ 56.266184][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff8701c680
[ 56.274454][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 56.282639][ C0] RBP: ffffc90000007d08 R08: 0000000000000007 R09: fffffffffffffffb
[ 56.290616][ C0] R10: dffffc0000000000 R11: ffffed10238f6139 R12: dffffc0000000000
[ 56.298668][ C0] R13: 0000000000000000 R14: ffff88811c7b09c8 R15: 0000000000000008
[ 56.306703][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 56.315806][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 56.322681][ C0] CR2: 0000200000000000 CR3: 0000000131b91000 CR4: 00000000003506b0
[ 56.330743][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 56.338817][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 56.346997][ C0] Kernel panic - not syncing: Fatal exception in interrupt
[ 56.354610][ C0] Kernel Offset: disabled
[ 56.359114][ C0] Rebooting in 86400 seconds..