syzkaller
syzkaller login: [ 14.993705][ T28] kauditd_printk_skb: 31 callbacks suppressed
[ 14.993725][ T28] audit: type=1400 audit(1770839640.467:59): avc: denied { transition } for pid=224 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 15.001176][ T28] audit: type=1400 audit(1770839640.467:60): avc: denied { noatsecure } for pid=224 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 15.006326][ T28] audit: type=1400 audit(1770839640.467:61): avc: denied { write } for pid=224 comm="sh" path="pipe:[7927]" dev="pipefs" ino=7927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 15.019384][ T28] audit: type=1400 audit(1770839640.467:62): avc: denied { rlimitinh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 15.046306][ T28] audit: type=1400 audit(1770839640.467:63): avc: denied { siginh } for pid=224 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 17.198438][ T227] sshd-session (227) used greatest stack depth: 21408 bytes left
Warning: Permanently added '10.128.1.13' (ED25519) to the list of known hosts.
2026/02/11 19:54:10 parsed 1 programs
[ 25.121633][ T28] audit: type=1400 audit(1770839650.597:64): avc: denied { node_bind } for pid=282 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 25.154267][ T28] audit: type=1400 audit(1770839650.597:65): avc: denied { module_request } for pid=282 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 26.033417][ T28] audit: type=1400 audit(1770839651.507:66): avc: denied { mounton } for pid=288 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 26.034441][ T288] cgroup: Unknown subsys name 'net'
[ 26.065857][ T28] audit: type=1400 audit(1770839651.507:67): avc: denied { mount } for pid=288 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 26.112783][ T28] audit: type=1400 audit(1770839651.557:68): avc: denied { unmount } for pid=288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 26.112850][ T288] cgroup: Unknown subsys name 'devices'
[ 26.272523][ T288] cgroup: Unknown subsys name 'hugetlb'
[ 26.281868][ T288] cgroup: Unknown subsys name 'rlimit'
[ 26.397090][ T28] audit: type=1400 audit(1770839651.867:69): avc: denied { setattr } for pid=288 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 26.433762][ T28] audit: type=1400 audit(1770839651.867:70): avc: denied { create } for pid=288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 26.444351][ T292] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 26.462253][ T28] audit: type=1400 audit(1770839651.867:71): avc: denied { write } for pid=288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 26.497567][ T28] audit: type=1400 audit(1770839651.867:72): avc: denied { read } for pid=288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 26.530636][ T28] audit: type=1400 audit(1770839651.867:73): avc: denied { mounton } for pid=288 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 26.619585][ T288] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 27.511805][ T299] request_module fs-gadgetfs succeeded, but still no fs?
[ 27.630836][ T300] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.663559][ T300] bridge0: port 1(bridge_slave_0) entered disabled state
[ 27.681751][ T300] device bridge_slave_0 entered promiscuous mode
[ 27.696968][ T300] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.705684][ T300] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.715652][ T300] device bridge_slave_1 entered promiscuous mode
[ 28.098328][ T300] bridge0: port 2(bridge_slave_1) entered blocking state
[ 28.107880][ T300] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 28.118024][ T300] bridge0: port 1(bridge_slave_0) entered blocking state
[ 28.128492][ T300] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 28.328131][ T341] bridge0: port 1(bridge_slave_0) entered disabled state
[ 28.350252][ T341] bridge0: port 2(bridge_slave_1) entered disabled state
[ 28.363060][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 28.375877][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 28.416836][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 28.431438][ T341] bridge0: port 1(bridge_slave_0) entered blocking state
[ 28.444882][ T341] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 28.456250][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 28.467842][ T341] bridge0: port 2(bridge_slave_1) entered blocking state
[ 28.479182][ T341] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 28.524685][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 28.535138][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 28.590175][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 28.611747][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 28.642474][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 28.652957][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 28.666048][ T300] device veth0_vlan entered promiscuous mode
[ 28.676467][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 28.687350][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 28.706551][ T300] device veth1_macvtap entered promiscuous mode
[ 28.715592][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 28.725453][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 28.735382][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 28.764819][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 28.774277][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 28.790962][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 28.801664][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2026/02/11 19:54:14 executed programs: 0
[ 29.080303][ T371] bridge0: port 1(bridge_slave_0) entered blocking state
[ 29.087810][ T371] bridge0: port 1(bridge_slave_0) entered disabled state
[ 29.096021][ T371] device bridge_slave_0 entered promiscuous mode
[ 29.124154][ T371] bridge0: port 2(bridge_slave_1) entered blocking state
[ 29.131834][ T371] bridge0: port 2(bridge_slave_1) entered disabled state
[ 29.139493][ T371] device bridge_slave_1 entered promiscuous mode
[ 29.180814][ T369] bridge0: port 1(bridge_slave_0) entered blocking state
[ 29.188256][ T369] bridge0: port 1(bridge_slave_0) entered disabled state
[ 29.196598][ T369] device bridge_slave_0 entered promiscuous mode
[ 29.212973][ T369] bridge0: port 2(bridge_slave_1) entered blocking state
[ 29.220516][ T369] bridge0: port 2(bridge_slave_1) entered disabled state
[ 29.228273][ T369] device bridge_slave_1 entered promiscuous mode
[ 29.253034][ T375] bridge0: port 1(bridge_slave_0) entered blocking state
[ 29.261389][ T375] bridge0: port 1(bridge_slave_0) entered disabled state
[ 29.269682][ T375] device bridge_slave_0 entered promiscuous mode
[ 29.277548][ T374] bridge0: port 1(bridge_slave_0) entered blocking state
[ 29.285531][ T374] bridge0: port 1(bridge_slave_0) entered disabled state
[ 29.293959][ T374] device bridge_slave_0 entered promiscuous mode
[ 29.308084][ T374] bridge0: port 2(bridge_slave_1) entered blocking state
[ 29.315941][ T374] bridge0: port 2(bridge_slave_1) entered disabled state
[ 29.323568][ T374] device bridge_slave_1 entered promiscuous mode
[ 29.331095][ T375] bridge0: port 2(bridge_slave_1) entered blocking state
[ 29.338788][ T375] bridge0: port 2(bridge_slave_1) entered disabled state
[ 29.347002][ T375] device bridge_slave_1 entered promiscuous mode
[ 29.394592][ T373] bridge0: port 1(bridge_slave_0) entered blocking state
[ 29.402681][ T373] bridge0: port 1(bridge_slave_0) entered disabled state
[ 29.411062][ T373] device bridge_slave_0 entered promiscuous mode
[ 29.444222][ T373] bridge0: port 2(bridge_slave_1) entered blocking state
[ 29.451852][ T373] bridge0: port 2(bridge_slave_1) entered disabled state
[ 29.459711][ T373] device bridge_slave_1 entered promiscuous mode
[ 29.679522][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 29.690658][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 29.741296][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 29.754332][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 29.765499][ T358] bridge0: port 1(bridge_slave_0) entered blocking state
[ 29.773433][ T358] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 29.794277][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 29.831546][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 29.840920][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 29.849502][ T358] bridge0: port 2(bridge_slave_1) entered blocking state
[ 29.857199][ T358] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 29.866604][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 29.876051][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 29.885977][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 29.894504][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 29.906966][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 29.916182][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 29.928193][ T358] bridge0: port 1(bridge_slave_0) entered blocking state
[ 29.936142][ T358] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 29.944165][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 29.953295][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 29.962179][ T358] bridge0: port 2(bridge_slave_1) entered blocking state
[ 29.969695][ T358] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 29.977552][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 29.986278][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 29.995009][ T358] bridge0: port 1(bridge_slave_0) entered blocking state
[ 30.002058][ T358] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 30.009796][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 30.018624][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 30.027413][ T358] bridge0: port 2(bridge_slave_1) entered blocking state
[ 30.034795][ T358] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 30.070624][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 30.081223][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 30.091610][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 30.100746][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 30.108742][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 30.118750][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 30.128676][ T358] bridge0: port 1(bridge_slave_0) entered blocking state
[ 30.137158][ T358] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 30.145650][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 30.155406][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 30.165246][ T358] bridge0: port 2(bridge_slave_1) entered blocking state
[ 30.173385][ T358] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 30.183459][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 30.193572][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 30.203869][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 30.212487][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 30.221030][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 30.229265][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 30.238279][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 30.246644][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 30.255988][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 30.265217][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 30.304801][ T369] device veth0_vlan entered promiscuous mode
[ 30.316386][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 30.329637][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 30.341774][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 30.353526][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 30.366235][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 30.378427][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 30.389239][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 30.400614][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 30.413020][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 30.424552][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 30.440523][ T375] device veth0_vlan entered promiscuous mode
[ 30.457717][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 30.468170][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 30.482183][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 30.493760][ T358] bridge0: port 1(bridge_slave_0) entered blocking state
[ 30.502468][ T358] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 30.515456][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 30.528738][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 30.540420][ T358] bridge0: port 2(bridge_slave_1) entered blocking state
[ 30.548686][ T358] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 30.563627][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 30.595052][ T369] device veth1_macvtap entered promiscuous mode
[ 30.606782][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 30.622040][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 30.634209][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 30.653775][ T375] device veth1_macvtap entered promiscuous mode
[ 30.675246][ T374] device veth0_vlan entered promiscuous mode
[ 30.686569][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 30.700838][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 30.713811][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 30.726904][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 30.739220][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 30.750095][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 30.762271][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 30.775589][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 30.785964][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 30.797553][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 30.809781][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 30.825095][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 30.836607][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 30.859576][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 30.872625][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 30.884956][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 30.897978][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 30.911413][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 30.921688][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 30.951006][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 30.961401][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 30.986628][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 30.996121][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 31.012313][ T373] device veth0_vlan entered promiscuous mode
[ 31.036152][ T373] device veth1_macvtap entered promiscuous mode
[ 31.044730][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 31.050209][ T28] kauditd_printk_skb: 31 callbacks suppressed
[ 31.050226][ T28] audit: type=1400 audit(1770839656.517:105): avc: denied { ioctl } for pid=422 comm="syz.6.21" path="socket:[16785]" dev="sockfs" ino=16785 ioctlcmd=0x48e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 31.054444][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 31.107490][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 31.119157][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 31.130396][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 31.140157][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 31.151227][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 31.161602][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 31.173464][ T358] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 31.188858][ T374] device veth1_macvtap entered promiscuous mode
[ 31.208700][ T358] Bluetooth: hci1: Frame reassembly failed (-84)
[ 31.224137][ T371] device veth0_vlan entered promiscuous mode
[ 31.235538][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 31.244832][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 31.254504][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 31.265426][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 31.278106][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 31.289776][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 31.298982][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 31.314921][ T41] device bridge_slave_1 left promiscuous mode
[ 31.321999][ T41] bridge0: port 2(bridge_slave_1) entered disabled state
[ 31.330793][ T41] device bridge_slave_0 left promiscuous mode
[ 31.337600][ T41] bridge0: port 1(bridge_slave_0) entered disabled state
[ 31.346437][ T41] device veth1_macvtap left promiscuous mode
[ 31.353256][ T41] device veth0_vlan left promiscuous mode
[ 31.410511][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 31.419549][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 31.429742][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 31.439762][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 31.449101][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 31.457733][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 31.477070][ T371] device veth1_macvtap entered promiscuous mode
[ 31.484714][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 31.493333][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 31.502533][ T341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 31.523548][ T358] Bluetooth: hci2: Frame reassembly failed (-84)
[ 31.532842][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 31.542335][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 31.552225][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 31.564034][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 31.605656][ T341] Bluetooth: hci3: Frame reassembly failed (-84)
[ 31.610122][ T10] Bluetooth: hci4: Frame reassembly failed (-84)
[ 33.100064][ T422] Bluetooth: hci0: Opcode 0x080f failed: -110
[ 33.107810][ T41] Bluetooth: hci0: Frame reassembly failed (-84)
[ 33.260006][ T432] Bluetooth: hci1: command 0x1003 tx timeout
[ 33.260122][ T424] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 33.579988][ T424] Bluetooth: hci2: command 0x1003 tx timeout
[ 33.580241][ T426] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 33.660263][ T426] Bluetooth: hci4: command 0x1003 tx timeout
[ 33.660403][ T430] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 33.667286][ T426] Bluetooth: hci3: command 0x1003 tx timeout
[ 33.674989][ T428] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 35.180038][ T428] Bluetooth: hci0: command 0x080f tx timeout
[ 35.180352][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 35.186931][ T428] Bluetooth: hci0: sending frame failed (-49)
[ 35.200214][ T425] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 35.206378][ T427] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 35.213953][ T429] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 35.220136][ T431] Bluetooth: hci0: Opcode 0x080f failed: -4
2026/02/11 19:54:20 executed programs: 15
[ 35.236292][ T41] Bluetooth: hci0: Frame reassembly failed (-84)
[ 35.267042][ T41] Bluetooth: hci1: Frame reassembly failed (-84)
[ 35.310631][ T41] Bluetooth: hci3: Frame reassembly failed (-84)
[ 35.317625][ T341] Bluetooth: hci2: Frame reassembly failed (-84)
[ 35.325209][ T10] Bluetooth: hci4: Frame reassembly failed (-84)
[ 37.260026][ T423] Bluetooth: hci0: command 0x1003 tx timeout
[ 37.260040][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 37.273708][ T436] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 37.281235][ T438] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 37.288767][ T440] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 37.296608][ T439] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 37.303069][ T441] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 37.340184][ T45] Bluetooth: hci4: command 0x1003 tx timeout
[ 37.340289][ T426] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 37.346443][ T45] Bluetooth: hci2: command 0x1003 tx timeout
[ 37.346462][ T45] Bluetooth: hci3: command 0x1003 tx timeout
[ 37.346512][ T428] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 37.353373][ T424] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 37.359717][ T430] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 37.379965][ T45] Bluetooth: hci1: command 0x1003 tx timeout
[ 37.397986][ T358] Bluetooth: hci0: Frame reassembly failed (-84)
[ 37.404992][ T41] Bluetooth: hci1: Frame reassembly failed (-84)
[ 37.425025][ T41] Bluetooth: hci3: Frame reassembly failed (-84)
[ 37.426664][ T358] Bluetooth: hci2: Frame reassembly failed (-84)
[ 37.441918][ T358] Bluetooth: hci4: Frame reassembly failed (-84)
[ 39.420006][ T423] Bluetooth: hci1: command 0x1003 tx timeout
[ 39.419999][ T428] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 39.420062][ T430] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 39.426539][ T423] Bluetooth: hci0: command 0x1003 tx timeout
[ 39.446423][ T442] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 39.452754][ T443] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 39.459571][ T444] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 39.466597][ T445] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 39.473217][ T446] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 39.500064][ T426] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 39.500124][ T424] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 39.506958][ T426] Bluetooth: hci2: command 0x1003 tx timeout
[ 39.513395][ T45] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 39.532366][ T41] Bluetooth: hci0: Frame reassembly failed (-84)
[ 39.543859][ T10] Bluetooth: hci1: Frame reassembly failed (-84)
[ 39.574819][ T341] Bluetooth: hci3: Frame reassembly failed (-84)
[ 39.589019][ T10] Bluetooth: hci2: Frame reassembly failed (-84)
[ 39.591337][ T341] Bluetooth: hci3: Frame reassembly failed (-84)
[ 39.596443][ T10] Bluetooth: hci4: Frame reassembly failed (-84)
[ 41.499959][ C0] ==================================================================
[ 41.508151][ C0] BUG: KASAN: use-after-free in __run_timers+0x340/0x9f0
[ 41.515634][ C0] Write of size 8 at addr ffff888119d64a00 by task swapper/0/0
[ 41.524406][ C0]
[ 41.528640][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0
[ 41.536546][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 41.547484][ C0] Call Trace:
[ 41.551048][ C0]
[ 41.554035][ C0] __dump_stack+0x21/0x24
[ 41.558664][ C0] dump_stack_lvl+0x110/0x170
[ 41.563728][ C0] ? __cfi_dump_stack_lvl+0x8/0x8
[ 41.569474][ C0] ? update_rq_clock+0x536/0x5c0
[ 41.574696][ C0] ? __run_timers+0x340/0x9f0
[ 41.579857][ C0] print_address_description+0x71/0x200
[ 41.586154][ C0] print_report+0x4a/0x60
[ 41.590607][ C0] kasan_report+0x122/0x150
[ 41.595129][ C0] ? __run_timers+0x340/0x9f0
[ 41.600427][ C0] __asan_report_store8_noabort+0x17/0x20
[ 41.607312][ C0] __run_timers+0x340/0x9f0
[ 41.612846][ C0] ? sched_clock+0x9/0x10
[ 41.617546][ C0] ? sched_clock_cpu+0x6e/0x260
[ 41.622657][ C0] ? calc_index+0x200/0x200
[ 41.627687][ C0] ? kvm_sched_clock_read+0x18/0x40
[ 41.630078][ T423] Bluetooth: hci3: command 0x1003 tx timeout
[ 41.633518][ C0] run_timer_softirq+0x6a/0xf0
[ 41.639692][ T423] Bluetooth: hci0: command 0x1003 tx timeout
[ 41.644751][ C0] handle_softirqs+0x1d7/0x600
[ 41.644794][ C0] ? irqtime_account_irq+0xc4/0x240
[ 41.644819][ C0] __irq_exit_rcu+0x52/0xf0
[ 41.644835][ C0] irq_exit_rcu+0x9/0x10
[ 41.644852][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 41.651712][ T430] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 41.656586][ C0]
[ 41.656603][ C0]
[ 41.662234][ T424] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 41.667608][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 41.705592][ C0] RIP: 0010:default_idle+0xf/0x20
[ 41.711063][ C0] Code: d7 6f b6 fc e9 3d ff ff ff 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 03 08 66 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[ 41.732921][ C0] RSP: 0018:ffffffff87007d58 EFLAGS: 00000257
[ 41.739445][ C0] RAX: ffff8881f6e00000 RBX: ffffffff8701c680 RCX: 477fd10e785e3300
[ 41.747798][ C0] RDX: 0000000000000001 RSI: ffffffff85ca6e20 RDI: ffffffff85ca6de0
[ 41.756414][ C0] RBP: ffffffff87007d58 R08: ffff8881f6e348b3 R09: 1ffff1103edc6916
[ 41.765657][ C0] R10: 0000000000000000 R11: ffffffff85002af0 R12: 0000000000000000
[ 41.775218][ C0] R13: 0000000000000000 R14: ffffffff8701c680 R15: dffffc0000000000
[ 41.784344][ C0] ? __cfi_default_idle+0x10/0x10
[ 41.789582][ C0] arch_cpu_idle+0x1c/0x20
[ 41.794303][ C0] default_idle_call+0x71/0x1d0
[ 41.799449][ C0] do_idle+0x1a7/0x560
[ 41.803715][ C0] ? ct_irq_exit+0x9/0x10
[ 41.808852][ C0] ? idle_inject_timer_fn+0x60/0x60
[ 41.814265][ C0] cpu_startup_entry+0x43/0x60
[ 41.819439][ C0] rest_init+0x10a/0x130
[ 41.823967][ C0] ? __cfi_x86_late_time_init+0x8/0x8
[ 41.829613][ C0] arch_call_rest_init+0xe/0x10
[ 41.834484][ C0] start_kernel+0x47e/0x4ec
[ 41.839354][ C0] x86_64_start_reservations+0x2a/0x2c
[ 41.845191][ C0] x86_64_start_kernel+0x7c/0x81
[ 41.850250][ C0] secondary_startup_64_no_verify+0xce/0xdb
[ 41.856528][ C0]
[ 41.859670][ C0]
[ 41.862269][ C0] Allocated by task 442:
[ 41.866972][ C0] kasan_set_track+0x4b/0x70
[ 41.872546][ C0] kasan_save_alloc_info+0x25/0x30
[ 41.877939][ C0] __kasan_kmalloc+0x95/0xb0
[ 41.882742][ C0] __kmalloc+0xb1/0x1e0
[ 41.887273][ C0] hci_alloc_dev_priv+0x27/0x1bd0
[ 41.893157][ C0] hci_uart_tty_ioctl+0x3d6/0xa20
[ 41.898970][ C0] tty_ioctl+0x8ef/0xc60
[ 41.904219][ C0] __se_sys_ioctl+0x12f/0x1b0
[ 41.909595][ C0] __x64_sys_ioctl+0x7b/0x90
[ 41.914288][ C0] x64_sys_call+0x58b/0x9a0
[ 41.919174][ C0] do_syscall_64+0x4c/0xa0
[ 41.924391][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 41.930825][ C0]
[ 41.933165][ C0] Freed by task 446:
[ 41.938007][ C0] kasan_set_track+0x4b/0x70
[ 41.942620][ C0] kasan_save_free_info+0x31/0x50
[ 41.947711][ C0] ____kasan_slab_free+0x132/0x180
[ 41.952936][ C0] __kasan_slab_free+0x11/0x20
[ 41.958182][ C0] slab_free_freelist_hook+0xc2/0x190
[ 41.966093][ C0] __kmem_cache_free+0xb7/0x1b0
[ 41.971304][ C0] kfree+0x6f/0xf0
[ 41.975141][ C0] hci_release_dev+0x12a3/0x13b0
[ 41.980471][ C0] bt_host_release+0x82/0x90
[ 41.985347][ C0] device_release+0xa4/0x1d0
[ 41.990037][ C0] kobject_put+0x19d/0x280
[ 41.994862][ C0] put_device+0x1f/0x30
[ 41.999376][ C0] hci_dev_cmd+0x279/0x740
[ 42.004422][ C0] hci_sock_ioctl+0x41e/0x7f0
[ 42.009374][ C0] sock_do_ioctl+0x114/0x330
[ 42.014385][ C0] sock_ioctl+0x4ca/0x720
[ 42.019565][ C0] __se_sys_ioctl+0x12f/0x1b0
[ 42.024581][ C0] __x64_sys_ioctl+0x7b/0x90
[ 42.029691][ C0] x64_sys_call+0x58b/0x9a0
[ 42.034413][ C0] do_syscall_64+0x4c/0xa0
[ 42.039298][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 42.045793][ C0]
[ 42.048230][ C0] Last potentially related work creation:
[ 42.054835][ C0] kasan_save_stack+0x3a/0x60
[ 42.060182][ C0] __kasan_record_aux_stack+0xb6/0xc0
[ 42.066197][ C0] kasan_record_aux_stack_noalloc+0xb/0x10
[ 42.072724][ C0] insert_work+0x51/0x300
[ 42.077529][ C0] __queue_work+0x9b1/0xd30
[ 42.082494][ C0] queue_work_on+0xde/0x150
[ 42.087110][ C0] __hci_cmd_sync_sk+0xa7f/0xd30
[ 42.092133][ C0] hci_cmd_sync_status+0x53/0x120
[ 42.098380][ C0] hci_dev_cmd+0x648/0x740
[ 42.103628][ C0] hci_sock_ioctl+0x41e/0x7f0
[ 42.108668][ C0] sock_do_ioctl+0x114/0x330
[ 42.113742][ C0] sock_ioctl+0x4ca/0x720
[ 42.118520][ C0] __se_sys_ioctl+0x12f/0x1b0
[ 42.123341][ C0] __x64_sys_ioctl+0x7b/0x90
[ 42.128262][ C0] x64_sys_call+0x58b/0x9a0
[ 42.134030][ C0] do_syscall_64+0x4c/0xa0
[ 42.139149][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 42.145909][ C0]
[ 42.148247][ C0] Second to last potentially related work creation:
[ 42.154924][ C0] kasan_save_stack+0x3a/0x60
[ 42.159920][ C0] __kasan_record_aux_stack+0xb6/0xc0
[ 42.165482][ C0] kasan_record_aux_stack_noalloc+0xb/0x10
[ 42.171932][ C0] insert_work+0x51/0x300
[ 42.176461][ C0] __queue_work+0x9b1/0xd30
[ 42.181232][ C0] queue_work_on+0xde/0x150
[ 42.186653][ C0] __hci_cmd_sync_sk+0xa7f/0xd30
[ 42.191792][ C0] hci_cmd_sync_status+0x53/0x120
[ 42.196896][ C0] hci_dev_cmd+0x648/0x740
[ 42.201632][ C0] hci_sock_ioctl+0x41e/0x7f0
[ 42.206733][ C0] sock_do_ioctl+0x114/0x330
[ 42.211735][ C0] sock_ioctl+0x4ca/0x720
[ 42.216329][ C0] __se_sys_ioctl+0x12f/0x1b0
[ 42.221372][ C0] __x64_sys_ioctl+0x7b/0x90
[ 42.226453][ C0] x64_sys_call+0x58b/0x9a0
[ 42.230961][ C0] do_syscall_64+0x4c/0xa0
[ 42.235765][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 42.241655][ C0]
[ 42.244343][ C0] The buggy address belongs to the object at ffff888119d64000
[ 42.244343][ C0] which belongs to the cache kmalloc-8k of size 8192
[ 42.259407][ C0] The buggy address is located 2560 bytes inside of
[ 42.259407][ C0] 8192-byte region [ffff888119d64000, ffff888119d66000)
[ 42.276195][ C0]
[ 42.278632][ C0] The buggy address belongs to the physical page:
[ 42.286025][ C0] page:ffffea0004675800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x119d60
[ 42.297591][ C0] head:ffffea0004675800 order:3 compound_mapcount:0 compound_pincount:0
[ 42.306365][ C0] flags: 0x4000000000010200(slab|head|zone=1)
[ 42.313229][ C0] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043500
[ 42.322428][ C0] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[ 42.331543][ C0] page dumped because: kasan: bad access detected
[ 42.338477][ C0] page_owner tracks the page as allocated
[ 42.344549][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 440, tgid 440 (syz.5.24), ts 35309676107, free_ts 35307349808
[ 42.368993][ C0] post_alloc_hook+0x1f5/0x210
[ 42.374239][ C0] prep_new_page+0x1c/0x110
[ 42.379177][ C0] get_page_from_freelist+0x2d12/0x2d80
[ 42.385098][ C0] __alloc_pages+0x1d9/0x480
[ 42.389978][ C0] alloc_slab_page+0x6e/0xf0
[ 42.395220][ C0] new_slab+0x98/0x3d0
[ 42.400370][ C0] ___slab_alloc+0x6bd/0xb20
[ 42.405152][ C0] __slab_alloc+0x5e/0xa0
[ 42.409929][ C0] __kmem_cache_alloc_node+0x203/0x2c0
[ 42.415773][ C0] __kmalloc+0xa1/0x1e0
[ 42.420310][ C0] hci_alloc_dev_priv+0x27/0x1bd0
[ 42.425822][ C0] hci_uart_tty_ioctl+0x3d6/0xa20
[ 42.431301][ C0] tty_ioctl+0x8ef/0xc60
[ 42.436070][ C0] __se_sys_ioctl+0x12f/0x1b0
[ 42.441257][ C0] __x64_sys_ioctl+0x7b/0x90
[ 42.446068][ C0] x64_sys_call+0x58b/0x9a0
[ 42.451025][ C0] page last free stack trace:
[ 42.455776][ C0] free_unref_page_prepare+0x742/0x750
[ 42.461416][ C0] free_unref_page+0x95/0x540
[ 42.466695][ C0] __free_pages+0x67/0x100
[ 42.472492][ C0] __free_slab+0xca/0x1a0
[ 42.477086][ C0] __unfreeze_partials+0x160/0x190
[ 42.482367][ C0] put_cpu_partial+0xa9/0x100
[ 42.487378][ C0] __slab_free+0x1c4/0x280
[ 42.492013][ C0] ___cache_free+0xbf/0xd0
[ 42.496419][ C0] qlist_free_all+0xc6/0x140
[ 42.500994][ C0] kasan_quarantine_reduce+0x14a/0x170
[ 42.506524][ C0] __kasan_slab_alloc+0x24/0x80
[ 42.511375][ C0] slab_post_alloc_hook+0x4f/0x2d0
[ 42.517012][ C0] kmem_cache_alloc+0x16e/0x330
[ 42.522545][ C0] getname_flags+0xb9/0x500
[ 42.528032][ C0] getname+0x19/0x20
[ 42.532279][ C0] do_sys_openat2+0xeb/0x810
[ 42.537326][ C0]
[ 42.539735][ C0] Memory state around the buggy address:
[ 42.545633][ C0] ffff888119d64900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 42.554482][ C0] ffff888119d64980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 42.562995][ C0] >ffff888119d64a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 42.572016][ C0] ^
[ 42.576734][ C0] ffff888119d64a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 42.585499][ C0] ffff888119d64b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 42.594266][ C0] ==================================================================
[ 42.602858][ C0] Disabling lock debugging due to kernel taint
[ 42.609402][ C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[ 42.610760][ T45] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 42.621660][ C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 42.621686][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B syzkaller #0
[ 42.621705][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[ 42.621715][ C0] RIP: 0010:__queue_work+0x575/0xd30
[ 42.621753][ C0] Code: 39 2b 0f 84 b9 00 00 00 e8 18 47 29 00 4c 89 ff e8 10 31 b8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 cc 74 6e 00 49 8b 7d 00 e8 a3 2c
[ 42.621768][ C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00010046
[ 42.690272][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff8701c680
[ 42.700046][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 42.708401][ C0] RBP: ffffc90000007d08 R08: 0000000000000007 R09: fffffffffffffffb
[ 42.716734][ C0] R10: dffffc0000000000 R11: ffffed10233ac939 R12: dffffc0000000000
[ 42.725362][ C0] R13: 0000000000000000 R14: ffff888119d649c8 R15: 0000000000000008
[ 42.733704][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 42.742894][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 42.750205][ C0] CR2: 0000200000000000 CR3: 000000010b77e000 CR4: 00000000003506b0
[ 42.758741][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 42.767434][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 42.776563][ C0] Call Trace:
[ 42.780481][ C0]
[ 42.783353][ C0] delayed_work_timer_fn+0x61/0x80
[ 42.788909][ C0] ? __cfi_delayed_work_timer_fn+0x10/0x10
[ 42.795236][ C0] call_timer_fn+0x46/0x2a0
[ 42.799944][ C0] ? __cfi_delayed_work_timer_fn+0x10/0x10
[ 42.805868][ C0] __run_timers+0x689/0x9f0
[ 42.810790][ C0] ? calc_index+0x200/0x200
[ 42.815753][ C0] ? kvm_sched_clock_read+0x18/0x40
[ 42.821343][ C0] run_timer_softirq+0x6a/0xf0
[ 42.826326][ C0] handle_softirqs+0x1d7/0x600
[ 42.831127][ C0] ? irqtime_account_irq+0xc4/0x240
[ 42.836613][ C0] __irq_exit_rcu+0x52/0xf0
[ 42.841384][ C0] irq_exit_rcu+0x9/0x10
[ 42.845788][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 42.851638][ C0]
[ 42.854748][ C0]
[ 42.857898][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 42.864351][ C0] RIP: 0010:default_idle+0xf/0x20
[ 42.869752][ C0] Code: d7 6f b6 fc e9 3d ff ff ff 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 03 08 66 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[ 42.891289][ C0] RSP: 0018:ffffffff87007d58 EFLAGS: 00000257
[ 42.898197][ C0] RAX: ffff8881f6e00000 RBX: ffffffff8701c680 RCX: 477fd10e785e3300
[ 42.906886][ C0] RDX: 0000000000000001 RSI: ffffffff85ca6e20 RDI: ffffffff85ca6de0
[ 42.915325][ C0] RBP: ffffffff87007d58 R08: ffff8881f6e348b3 R09: 1ffff1103edc6916
[ 42.924183][ C0] R10: 0000000000000000 R11: ffffffff85002af0 R12: 0000000000000000
[ 42.933117][ C0] R13: 0000000000000000 R14: ffffffff8701c680 R15: dffffc0000000000
[ 42.941548][ C0] ? __cfi_default_idle+0x10/0x10
[ 42.946968][ C0] arch_cpu_idle+0x1c/0x20
[ 42.951857][ C0] default_idle_call+0x71/0x1d0
[ 42.957112][ C0] do_idle+0x1a7/0x560
[ 42.961373][ C0] ? ct_irq_exit+0x9/0x10
[ 42.965885][ C0] ? idle_inject_timer_fn+0x60/0x60
[ 42.971195][ C0] cpu_startup_entry+0x43/0x60
[ 42.976525][ C0] rest_init+0x10a/0x130
[ 42.981155][ C0] ? __cfi_x86_late_time_init+0x8/0x8
[ 42.987058][ C0] arch_call_rest_init+0xe/0x10
[ 42.992296][ C0] start_kernel+0x47e/0x4ec
[ 42.997429][ C0] x86_64_start_reservations+0x2a/0x2c
[ 43.004716][ C0] x86_64_start_kernel+0x7c/0x81
[ 43.010257][ C0] secondary_startup_64_no_verify+0xce/0xdb
[ 43.016923][ C0]
[ 43.020179][ C0] Modules linked in:
[ 43.024279][ C0] ---[ end trace 0000000000000000 ]---
[ 43.030013][ C0] RIP: 0010:__queue_work+0x575/0xd30
[ 43.036291][ C0] Code: 39 2b 0f 84 b9 00 00 00 e8 18 47 29 00 4c 89 ff e8 10 31 b8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 cc 74 6e 00 49 8b 7d 00 e8 a3 2c
[ 43.058083][ C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00010046
[ 43.064875][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff8701c680
[ 43.073131][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 43.082172][ C0] RBP: ffffc90000007d08 R08: 0000000000000007 R09: fffffffffffffffb
[ 43.091469][ C0] R10: dffffc0000000000 R11: ffffed10233ac939 R12: dffffc0000000000
[ 43.100330][ C0] R13: 0000000000000000 R14: ffff888119d649c8 R15: 0000000000000008
[ 43.110136][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 43.119283][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 43.126230][ C0] CR2: 0000200000000000 CR3: 000000010b77e000 CR4: 00000000003506b0
[ 43.135187][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 43.144273][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 43.152571][ C0] Kernel panic - not syncing: Fatal exception in interrupt
[ 43.160688][ C0] Kernel Offset: disabled
[ 43.165288][ C0] Rebooting in 86400 seconds..