Warning: Permanently added '10.128.0.185' (ED25519) to the list of known hosts.
2026/04/10 06:44:09 parsed 1 programs
[ 24.205607][ T28] audit: type=1400 audit(1775803449.316:64): avc: denied { node_bind } for pid=282 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 24.226373][ T28] audit: type=1400 audit(1775803449.326:65): avc: denied { module_request } for pid=282 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 25.077198][ T28] audit: type=1400 audit(1775803450.196:66): avc: denied { mounton } for pid=290 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 25.078134][ T290] cgroup: Unknown subsys name 'net'
[ 25.099904][ T28] audit: type=1400 audit(1775803450.196:67): avc: denied { mount } for pid=290 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 25.127395][ T28] audit: type=1400 audit(1775803450.216:68): avc: denied { unmount } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 25.127554][ T290] cgroup: Unknown subsys name 'devices'
[ 25.267874][ T290] cgroup: Unknown subsys name 'hugetlb'
[ 25.273500][ T290] cgroup: Unknown subsys name 'rlimit'
[ 25.381708][ T28] audit: type=1400 audit(1775803450.496:69): avc: denied { setattr } for pid=290 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 25.404893][ T28] audit: type=1400 audit(1775803450.496:70): avc: denied { create } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 25.425311][ T28] audit: type=1400 audit(1775803450.496:71): avc: denied { write } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 25.434194][ T293] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 25.445691][ T28] audit: type=1400 audit(1775803450.496:72): avc: denied { read } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 25.474330][ T28] audit: type=1400 audit(1775803450.496:73): avc: denied { mounton } for pid=290 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 25.538360][ T290] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 26.405016][ T300] request_module fs-gadgetfs succeeded, but still no fs?
[ 26.905588][ T334] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.912714][ T334] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.920186][ T334] device bridge_slave_0 entered promiscuous mode
[ 26.939336][ T334] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.946440][ T334] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.953751][ T334] device bridge_slave_1 entered promiscuous mode
[ 27.087917][ T334] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.095000][ T334] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.102348][ T334] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.109504][ T334] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.136558][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 27.147108][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 27.166222][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.181778][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 27.190562][ T43] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.197649][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.205555][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 27.213968][ T43] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.221059][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.231197][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 27.240672][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 27.254360][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 27.265544][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 27.273826][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 27.281402][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
2026/04/10 06:44:12 executed programs: 0
[ 27.290408][ T334] device veth0_vlan entered promiscuous mode
[ 27.300582][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 27.309761][ T334] device veth1_macvtap entered promiscuous mode
[ 27.319406][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 27.329351][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 27.600062][ T367] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.607314][ T367] bridge0: port 1(bridge_slave_0) entered disabled state
[ 27.614626][ T367] device bridge_slave_0 entered promiscuous mode
[ 27.623455][ T367] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.630841][ T367] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.638519][ T367] device bridge_slave_1 entered promiscuous mode
[ 27.648525][ T361] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.655575][ T361] bridge0: port 1(bridge_slave_0) entered disabled state
[ 27.663095][ T361] device bridge_slave_0 entered promiscuous mode
[ 27.673303][ T361] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.680519][ T361] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.687955][ T361] device bridge_slave_1 entered promiscuous mode
[ 27.710078][ T364] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.717373][ T364] bridge0: port 1(bridge_slave_0) entered disabled state
[ 27.724748][ T364] device bridge_slave_0 entered promiscuous mode
[ 27.731801][ T364] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.738930][ T364] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.746449][ T364] device bridge_slave_1 entered promiscuous mode
[ 27.771911][ T363] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.779238][ T363] bridge0: port 1(bridge_slave_0) entered disabled state
[ 27.786650][ T363] device bridge_slave_0 entered promiscuous mode
[ 27.813142][ T363] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.820239][ T363] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.827659][ T363] device bridge_slave_1 entered promiscuous mode
[ 27.875152][ T368] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.882372][ T368] bridge0: port 1(bridge_slave_0) entered disabled state
[ 27.890162][ T368] device bridge_slave_0 entered promiscuous mode
[ 27.900360][ T368] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.907651][ T368] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.914955][ T368] device bridge_slave_1 entered promiscuous mode
[ 28.041972][ T361] bridge0: port 2(bridge_slave_1) entered blocking state
[ 28.049048][ T361] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 28.056353][ T361] bridge0: port 1(bridge_slave_0) entered blocking state
[ 28.063374][ T361] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 28.114925][ T364] bridge0: port 2(bridge_slave_1) entered blocking state
[ 28.122010][ T364] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 28.129315][ T364] bridge0: port 1(bridge_slave_0) entered blocking state
[ 28.137332][ T364] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 28.154852][ T368] bridge0: port 2(bridge_slave_1) entered blocking state
[ 28.161959][ T368] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 28.169276][ T368] bridge0: port 1(bridge_slave_0) entered blocking state
[ 28.176340][ T368] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 28.195171][ T367] bridge0: port 2(bridge_slave_1) entered blocking state
[ 28.202353][ T367] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 28.209830][ T367] bridge0: port 1(bridge_slave_0) entered blocking state
[ 28.216880][ T367] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 28.233023][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 28.240929][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 28.249030][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 28.256666][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 28.264037][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 28.271475][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 28.278902][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 28.286520][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 28.293697][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 28.333475][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 28.341765][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 28.350416][ T43] bridge0: port 1(bridge_slave_0) entered blocking state
[ 28.357487][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 28.365391][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 28.374263][ T43] bridge0: port 2(bridge_slave_1) entered blocking state
[ 28.381336][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 28.388825][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 28.397099][ T43] bridge0: port 1(bridge_slave_0) entered blocking state
[ 28.404116][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 28.416375][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 28.453838][ T361] device veth0_vlan entered promiscuous mode
[ 28.462488][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 28.470946][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 28.479395][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 28.488298][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 28.496799][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 28.504157][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 28.512097][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 28.520618][ T43] bridge0: port 2(bridge_slave_1) entered blocking state
[ 28.527659][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 28.535140][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 28.543318][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 28.551581][ T43] bridge0: port 1(bridge_slave_0) entered blocking state
[ 28.558799][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 28.566764][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 28.574943][ T43] bridge0: port 2(bridge_slave_1) entered blocking state
[ 28.581982][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 28.589383][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 28.597655][ T43] bridge0: port 1(bridge_slave_0) entered blocking state
[ 28.604666][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 28.612059][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 28.620321][ T43] bridge0: port 2(bridge_slave_1) entered blocking state
[ 28.627447][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 28.634847][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 28.657845][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 28.665936][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 28.681691][ T361] device veth1_macvtap entered promiscuous mode
[ 28.696878][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 28.705074][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 28.713543][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 28.721819][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 28.729430][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 28.736932][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 28.745157][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 28.753459][ T43] bridge0: port 1(bridge_slave_0) entered blocking state
[ 28.760497][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 28.767898][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 28.776415][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 28.784539][ T43] bridge0: port 2(bridge_slave_1) entered blocking state
[ 28.791594][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 28.799056][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 28.823938][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 28.832166][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 28.840408][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 28.848914][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 28.856929][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 28.865095][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 28.874013][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 28.882322][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 28.890705][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 28.898766][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 28.906858][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 28.914815][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 28.922912][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 28.930980][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 28.945861][ T363] device veth0_vlan entered promiscuous mode
[ 28.970898][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 28.979373][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 28.988460][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 28.998103][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 29.006455][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 29.014577][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 29.023043][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 29.031656][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 29.040129][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 29.048099][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 29.055971][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 29.063834][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 29.071356][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 29.079087][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 29.092329][ T367] device veth0_vlan entered promiscuous mode
[ 29.102487][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 29.110882][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 29.127357][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 29.135629][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 29.144652][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 29.153218][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 29.162078][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 29.169758][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 29.181788][ T363] device veth1_macvtap entered promiscuous mode
[ 29.190841][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 29.199083][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 29.207461][ T364] device veth0_vlan entered promiscuous mode
[ 29.225464][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 29.233917][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 29.245423][ T368] device veth0_vlan entered promiscuous mode
[ 29.252244][ T367] device veth1_macvtap entered promiscuous mode
[ 29.261883][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 29.269655][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 29.277587][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 29.285620][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 29.294491][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 29.302924][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 29.311298][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 29.319781][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 29.327386][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 29.339725][ T364] device veth1_macvtap entered promiscuous mode
[ 29.356492][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 29.364127][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 29.372479][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 29.381236][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 29.389579][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 29.398552][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 29.406900][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 29.421894][ T368] device veth1_macvtap entered promiscuous mode
[ 29.443592][ T316] Bluetooth: hci1: Frame reassembly failed (-84)
[ 29.446259][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 29.469824][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 29.479417][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 29.489589][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 29.497813][ T316] Bluetooth: hci2: Frame reassembly failed (-84)
[ 29.498436][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 29.512678][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 29.521153][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 29.529558][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 29.537985][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 29.576475][ T316] Bluetooth: hci3: Frame reassembly failed (-84)
[ 29.593450][ T316] Bluetooth: hci4: Frame reassembly failed (-84)
[ 29.656780][ T353] device bridge_slave_1 left promiscuous mode
[ 29.662960][ T353] bridge0: port 2(bridge_slave_1) entered disabled state
[ 29.670496][ T353] device bridge_slave_0 left promiscuous mode
[ 29.676716][ T353] bridge0: port 1(bridge_slave_0) entered disabled state
[ 29.684525][ T353] device veth1_macvtap left promiscuous mode
[ 29.690686][ T353] device veth0_vlan left promiscuous mode
[ 31.076146][ T385] Bluetooth: hci0: Opcode 0x0c20 failed: -110
[ 31.083608][ T353] Bluetooth: hci0: Frame reassembly failed (-84)
[ 31.476156][ T387] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 31.476164][ T397] Bluetooth: hci1: command 0x1003 tx timeout
[ 31.556136][ T387] Bluetooth: hci2: command 0x1003 tx timeout
[ 31.566145][ T389] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 31.636154][ T392] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 31.636236][ T395] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 31.642294][ T392] Bluetooth: hci4: command 0x1003 tx timeout
[ 33.156211][ T392] Bluetooth: hci0: command 0x0c20 tx timeout
[ 33.162284][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 33.163248][ T392] Bluetooth: hci0: sending frame failed (-49)
[ 33.174743][ T388] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[ 33.180863][ T391] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[ 33.186862][ T394] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[ 33.193933][ T396] Bluetooth: hci0: Opcode 0x0c20 failed: -4
2026/04/10 06:44:18 executed programs: 15
[ 33.207566][ T353] Bluetooth: hci0: Frame reassembly failed (-84)
[ 33.232127][ T8] Bluetooth: hci1: Frame reassembly failed (-84)
[ 33.266371][ T353] Bluetooth: hci2: Frame reassembly failed (-84)
[ 33.273512][ T8] Bluetooth: hci3: Frame reassembly failed (-84)
[ 33.280078][ T43] Bluetooth: hci4: Frame reassembly failed (-84)
[ 35.236319][ T386] Bluetooth: hci1: command 0x1003 tx timeout
[ 35.238462][ T397] Bluetooth: hci0: command 0x1003 tx timeout
[ 35.242546][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 35.248561][ T392] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 35.256905][ T401] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 35.267008][ T403] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 35.273325][ T404] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 35.279473][ T405] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 35.285953][ T406] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 35.316177][ T395] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 35.316190][ T387] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 35.316236][ T387] Bluetooth: hci3: command 0x1003 tx timeout
[ 35.334533][ T389] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 35.349332][ T353] Bluetooth: hci0: Frame reassembly failed (-84)
[ 35.355248][ T316] Bluetooth: hci1: Frame reassembly failed (-84)
[ 35.375916][ T316] Bluetooth: hci2: Frame reassembly failed (-84)
[ 35.391857][ T8] Bluetooth: hci3: Frame reassembly failed (-84)
[ 35.391918][ T43] Bluetooth: hci4: Frame reassembly failed (-84)
[ 37.396152][ T392] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 37.396152][ T45] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 37.396207][ T45] Bluetooth: hci4: command 0x1003 tx timeout
[ 37.402313][ T395] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 37.408413][ T389] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 37.414388][ T386] Bluetooth: hci3: command 0x1003 tx timeout
[ 37.420458][ T387] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 37.426576][ T408] Bluetooth: hci1: command 0x1003 tx timeout
[ 38.349420][ T409] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[ 38.359588][ T410] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[ 38.379880][ T411] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[ 38.390000][ T413] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[ 38.396082][ T412] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[ 38.410791][ T353] Bluetooth: hci0: Frame reassembly failed (-84)
[ 38.421982][ T43] Bluetooth: hci1: Frame reassembly failed (-84)
2026/04/10 06:44:23 executed programs: 25
[ 38.454033][ T8] Bluetooth: hci3: Frame reassembly failed (-84)
[ 38.455112][ T43] Bluetooth: hci4: Frame reassembly failed (-84)
[ 38.467214][ T353] Bluetooth: hci2: Frame reassembly failed (-84)
[ 40.436124][ T395] Bluetooth: hci0: command 0x1003 tx timeout
[ 40.436162][ T389] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 40.442267][ T395] Bluetooth: hci1: command 0x1003 tx timeout
[ 40.448393][ T392] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 40.454951][ T414] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 40.467063][ T415] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 40.473201][ T416] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 40.479393][ T417] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 40.485490][ T418] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 40.516110][ T408] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 40.516135][ T389] Bluetooth: hci2: command 0x1003 tx timeout
[ 40.516153][ T392] Bluetooth: hci4: command 0x1003 tx timeout
[ 40.522276][ T389] Bluetooth: hci3: command 0x1003 tx timeout
[ 40.534291][ T387] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 40.546483][ T397] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 40.563533][ T43] Bluetooth: hci2: Frame reassembly failed (-84)
[ 40.563632][ T8] Bluetooth: hci0: Frame reassembly failed (-84)
[ 40.576586][ T353] Bluetooth: hci1: Frame reassembly failed (-84)
[ 40.576623][ T316] Bluetooth: hci3: Frame reassembly failed (-84)
[ 40.594142][ T316] Bluetooth: hci3: Frame reassembly failed (-84)
[ 40.603306][ T316] Bluetooth: hci4: Frame reassembly failed (-84)
[ 42.596114][ T387] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 42.596135][ T395] Bluetooth: hci3: command 0x1003 tx timeout
[ 42.596155][ T395] Bluetooth: hci1: command 0x1003 tx timeout
[ 42.602256][ T386] Bluetooth: hci0: command 0x1003 tx timeout
[ 42.608276][ T397] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 42.614730][ T386] Bluetooth: hci2: command 0x1003 tx timeout
[ 42.620228][ T389] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 42.626556][ T408] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 42.632436][ T420] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 42.651352][ T422] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 42.657707][ T421] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 42.663806][ T419] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 42.670343][ T423] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 42.676551][ T424] Bluetooth: hci4: command 0x1003 tx timeout
[ 42.676578][ T392] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 42.702976][ T316] Bluetooth: hci0: Frame reassembly failed (-84)
[ 42.734899][ T8] Bluetooth: hci2: Frame reassembly failed (-84)
[ 42.742022][ T353] Bluetooth: hci1: Frame reassembly failed (-84)
[ 42.749599][ T398] Bluetooth: hci3: Frame reassembly failed (-84)
[ 42.753840][ T10] Bluetooth: hci4: Frame reassembly failed (-84)
[ 44.756097][ T389] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 44.756128][ T395] Bluetooth: hci3: command 0x1003 tx timeout
[ 44.762243][ T392] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 44.768264][ T397] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 44.774422][ T392] Bluetooth: hci4: command 0x1003 tx timeout
[ 44.780485][ T408] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 44.786791][ T392] Bluetooth: hci1: command 0x1003 tx timeout
[ 44.792520][ T424] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 44.798656][ T392] Bluetooth: hci2: command 0x1003 tx timeout
[ 45.701441][ T425] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[ 45.731857][ T428] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[ 45.737956][ T427] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[ 45.744115][ T429] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[ 45.751774][ T426] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[ 45.765783][ T10] Bluetooth: hci1: Frame reassembly failed (-84)
[ 45.779351][ T43] Bluetooth: hci0: Frame reassembly failed (-84)
[ 45.791253][ T353] Bluetooth: hci2: Frame reassembly failed (-84)
2026/04/10 06:44:30 executed programs: 40
[ 45.799841][ T43] Bluetooth: hci3: Frame reassembly failed (-84)
[ 45.806425][ T10] Bluetooth: hci4: Frame reassembly failed (-84)
[ 47.796108][ T395] Bluetooth: hci2: command 0x1003 tx timeout
[ 47.796103][ T392] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 47.796134][ T395] Bluetooth: hci0: command 0x1003 tx timeout
[ 47.802150][ T389] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 47.808272][ T424] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 47.826708][ T386] Bluetooth: hci1: command 0x1003 tx timeout
[ 47.832815][ T431] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 47.840639][ T432] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 47.846985][ T43] Bluetooth: hci1: Frame reassembly failed (-84)
[ 47.853445][ T433] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 47.859906][ T434] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 47.866234][ T435] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 47.876214][ T408] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 47.876774][ T389] Bluetooth: hci4: command 0x1003 tx timeout
[ 47.882573][ T397] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 47.888398][ T386] Bluetooth: hci3: command 0x1003 tx timeout
[ 47.912881][ T353] Bluetooth: hci2: Frame reassembly failed (-84)
[ 47.919398][ T43] Bluetooth: hci0: Frame reassembly failed (-84)
[ 47.932534][ T353] Bluetooth: hci3: Frame reassembly failed (-84)
[ 47.939121][ T10] Bluetooth: hci4: Frame reassembly failed (-84)
[ 47.945682][ T10] Bluetooth: hci4: Frame reassembly failed (-84)
[ 49.876097][ T424] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 49.876104][ T389] Bluetooth: hci1: command 0x1003 tx timeout
[ 49.895296][ T10] Bluetooth: hci1: Frame reassembly failed (-84)
[ 49.956115][ T392] Bluetooth: hci4: command 0x1003 tx timeout
[ 49.956141][ T386] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 49.962146][ T392] Bluetooth: hci3: command 0x1003 tx timeout
[ 49.968281][ T408] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 49.974235][ T397] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 49.980785][ T395] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 49.986469][ T389] Bluetooth: hci0: command 0x1003 tx timeout
[ 49.999199][ T437] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 50.005347][ T353] Bluetooth: hci2: Frame reassembly failed (-84)
[ 50.005375][ T439] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 50.012077][ T353] Bluetooth: hci2: Frame reassembly failed (-84)
[ 50.024820][ T436] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 50.037346][ T440] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 50.043716][ T441] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 50.067644][ T389] ==================================================================
[ 50.075728][ T389] BUG: KASAN: use-after-free in enqueue_timer+0xae/0x480
[ 50.082751][ T389] Write of size 8 at addr ffff88811bf40a00 by task kworker/u5:3/389
[ 50.090722][ T389]
[ 50.093046][ T389] CPU: 1 PID: 389 Comm: kworker/u5:3 Not tainted syzkaller #0
[ 50.100493][ T389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 50.110545][ T389] Workqueue: hci0 hci_cmd_work
[ 50.115315][ T389] Call Trace:
[ 50.118590][ T389]
[ 50.121523][ T389] __dump_stack+0x21/0x24
[ 50.125879][ T389] dump_stack_lvl+0x110/0x170
[ 50.130546][ T389] ? __cfi_dump_stack_lvl+0x8/0x8
[ 50.135559][ T389] ? __cfi__printk+0x8/0x8
[ 50.139964][ T389] ? enqueue_timer+0xae/0x480
[ 50.144631][ T389] print_address_description+0x71/0x200
[ 50.150166][ T389] print_report+0x4a/0x60
[ 50.154485][ T389] kasan_report+0x122/0x150
[ 50.158975][ T389] ? enqueue_timer+0xae/0x480
[ 50.163640][ T389] __asan_report_store8_noabort+0x17/0x20
[ 50.169343][ T389] enqueue_timer+0xae/0x480
[ 50.173835][ T389] __mod_timer+0x84c/0xc00
[ 50.178243][ T389] add_timer+0x68/0x80
[ 50.182317][ T389] __queue_delayed_work+0x173/0x200
[ 50.187536][ T389] queue_delayed_work_on+0xe7/0x160
[ 50.192773][ T389] ? __cfi_queue_delayed_work_on+0x10/0x10
[ 50.198597][ T389] hci_cmd_work+0x2c8/0x320
[ 50.203091][ T389] process_one_work+0x71f/0xc40
[ 50.207927][ T389] worker_thread+0xa29/0x11e0
[ 50.212586][ T389] ? _raw_spin_lock_irqsave+0xc2/0x130
[ 50.218050][ T389] ? __kthread_parkme+0x142/0x180
[ 50.223061][ T389] kthread+0x281/0x320
[ 50.227135][ T389] ? __cfi_worker_thread+0x10/0x10
[ 50.232241][ T389] ? __cfi_kthread+0x10/0x10
[ 50.236822][ T389] ret_from_fork+0x1f/0x30
[ 50.241313][ T389]
[ 50.244321][ T389]
[ 50.246636][ T389] Allocated by task 437:
[ 50.250870][ T389] kasan_set_track+0x4b/0x70
[ 50.255467][ T389] kasan_save_alloc_info+0x25/0x30
[ 50.260620][ T389] __kasan_kmalloc+0x95/0xb0
[ 50.265222][ T389] __kmalloc+0xb1/0x1e0
[ 50.269407][ T389] hci_alloc_dev_priv+0x27/0x1bd0
[ 50.274519][ T389] hci_uart_tty_ioctl+0x3c8/0xa20
[ 50.279541][ T389] tty_ioctl+0x8ef/0xc60
[ 50.283809][ T389] __se_sys_ioctl+0x12f/0x1b0
[ 50.288499][ T389] __x64_sys_ioctl+0x7b/0x90
[ 50.293164][ T389] x64_sys_call+0x58b/0x9a0
[ 50.297662][ T389] do_syscall_64+0x4c/0xa0
[ 50.302084][ T389] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 50.308055][ T389]
[ 50.310377][ T389] Freed by task 441:
[ 50.314252][ T389] kasan_set_track+0x4b/0x70
[ 50.318826][ T389] kasan_save_free_info+0x31/0x50
[ 50.323836][ T389] ____kasan_slab_free+0x132/0x180
[ 50.328933][ T389] __kasan_slab_free+0x11/0x20
[ 50.333681][ T389] slab_free_freelist_hook+0xc2/0x190
[ 50.339039][ T389] __kmem_cache_free+0xb7/0x1b0
[ 50.343889][ T389] kfree+0x6f/0xf0
[ 50.347592][ T389] hci_release_dev+0x12a3/0x13b0
[ 50.352516][ T389] bt_host_release+0x82/0x90
[ 50.357088][ T389] device_release+0xa4/0x1d0
[ 50.361750][ T389] kobject_put+0x19d/0x280
[ 50.366145][ T389] put_device+0x1f/0x30
[ 50.370307][ T389] hci_dev_cmd+0x279/0x740
[ 50.374720][ T389] hci_sock_ioctl+0x41e/0x7f0
[ 50.379380][ T389] sock_do_ioctl+0x114/0x330
[ 50.383957][ T389] sock_ioctl+0x4bd/0x710
[ 50.388266][ T389] __se_sys_ioctl+0x12f/0x1b0
[ 50.392937][ T389] __x64_sys_ioctl+0x7b/0x90
[ 50.397527][ T389] x64_sys_call+0x58b/0x9a0
[ 50.402102][ T389] do_syscall_64+0x4c/0xa0
[ 50.406507][ T389] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 50.412393][ T389]
[ 50.414717][ T389] Last potentially related work creation:
[ 50.420413][ T389] kasan_save_stack+0x3a/0x60
[ 50.425085][ T389] __kasan_record_aux_stack+0xb6/0xc0
[ 50.430466][ T389] kasan_record_aux_stack_noalloc+0xb/0x10
[ 50.436357][ T389] insert_work+0x51/0x300
[ 50.440672][ T389] __queue_work+0x9b1/0xd30
[ 50.445161][ T389] queue_work_on+0xde/0x150
[ 50.449665][ T389] __hci_cmd_sync_sk+0xa7f/0xd30
[ 50.454597][ T389] hci_cmd_sync_status+0x53/0x120
[ 50.459602][ T389] hci_dev_cmd+0x648/0x740
[ 50.464009][ T389] hci_sock_ioctl+0x41e/0x7f0
[ 50.468670][ T389] sock_do_ioctl+0x114/0x330
[ 50.473250][ T389] sock_ioctl+0x4bd/0x710
[ 50.477649][ T389] __se_sys_ioctl+0x12f/0x1b0
[ 50.482322][ T389] __x64_sys_ioctl+0x7b/0x90
[ 50.486907][ T389] x64_sys_call+0x58b/0x9a0
[ 50.491395][ T389] do_syscall_64+0x4c/0xa0
[ 50.495797][ T389] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 50.501694][ T389]
[ 50.504003][ T389] Second to last potentially related work creation:
[ 50.510568][ T389] kasan_save_stack+0x3a/0x60
[ 50.515232][ T389] __kasan_record_aux_stack+0xb6/0xc0
[ 50.520600][ T389] kasan_record_aux_stack_noalloc+0xb/0x10
[ 50.526486][ T389] insert_work+0x51/0x300
[ 50.530796][ T389] __queue_work+0x9b1/0xd30
[ 50.535292][ T389] queue_work_on+0xde/0x150
[ 50.539966][ T389] __hci_cmd_sync_sk+0xa7f/0xd30
[ 50.544891][ T389] hci_cmd_sync_status+0x53/0x120
[ 50.549898][ T389] hci_dev_cmd+0x648/0x740
[ 50.554299][ T389] hci_sock_ioctl+0x41e/0x7f0
[ 50.558970][ T389] sock_do_ioctl+0x114/0x330
[ 50.563562][ T389] sock_ioctl+0x4bd/0x710
[ 50.567881][ T389] __se_sys_ioctl+0x12f/0x1b0
[ 50.572546][ T389] __x64_sys_ioctl+0x7b/0x90
[ 50.577116][ T389] x64_sys_call+0x58b/0x9a0
[ 50.581606][ T389] do_syscall_64+0x4c/0xa0
[ 50.586007][ T389] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 50.591883][ T389]
[ 50.594192][ T389] The buggy address belongs to the object at ffff88811bf40000
[ 50.594192][ T389] which belongs to the cache kmalloc-8k of size 8192
[ 50.608241][ T389] The buggy address is located 2560 bytes inside of
[ 50.608241][ T389] 8192-byte region [ffff88811bf40000, ffff88811bf42000)
[ 50.621673][ T389]
[ 50.623980][ T389] The buggy address belongs to the physical page:
[ 50.630371][ T389] page:ffffea00046fd000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11bf40
[ 50.640599][ T389] head:ffffea00046fd000 order:3 compound_mapcount:0 compound_pincount:0
[ 50.648903][ T389] flags: 0x4000000000010200(slab|head|zone=1)
[ 50.655059][ T389] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043500
[ 50.663652][ T389] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[ 50.672225][ T389] page dumped because: kasan: bad access detected
[ 50.678625][ T389] page_owner tracks the page as allocated
[ 50.684418][ T389] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 435, tgid 435 (syz.1.52), ts 47839666410, free_ts 45773666210
[ 50.706643][ T389] post_alloc_hook+0x1f5/0x210
[ 50.711403][ T389] prep_new_page+0x1c/0x110
[ 50.715901][ T389] get_page_from_freelist+0x2d12/0x2d80
[ 50.721436][ T389] __alloc_pages+0x1fa/0x610
[ 50.726014][ T389] alloc_slab_page+0x6e/0xf0
[ 50.730603][ T389] new_slab+0x98/0x3d0
[ 50.734660][ T389] ___slab_alloc+0x6bd/0xb20
[ 50.739245][ T389] __slab_alloc+0x5e/0xa0
[ 50.743565][ T389] __kmem_cache_alloc_node+0x203/0x2c0
[ 50.749008][ T389] __kmalloc+0xa1/0x1e0
[ 50.753147][ T389] hci_alloc_dev_priv+0x27/0x1bd0
[ 50.758157][ T389] hci_uart_tty_ioctl+0x3c8/0xa20
[ 50.763176][ T389] tty_ioctl+0x8ef/0xc60
[ 50.767402][ T389] __se_sys_ioctl+0x12f/0x1b0
[ 50.772072][ T389] __x64_sys_ioctl+0x7b/0x90
[ 50.776696][ T389] x64_sys_call+0x58b/0x9a0
[ 50.781209][ T389] page last free stack trace:
[ 50.785871][ T389] free_unref_page_prepare+0x742/0x750
[ 50.791317][ T389] free_unref_page+0x95/0x540
[ 50.795983][ T389] __free_pages+0x67/0x100
[ 50.800399][ T389] __free_slab+0xca/0x1a0
[ 50.804720][ T389] __unfreeze_partials+0x160/0x190
[ 50.809825][ T389] put_cpu_partial+0xa9/0x100
[ 50.814496][ T389] __slab_free+0x1c4/0x280
[ 50.818908][ T389] ___cache_free+0xbf/0xd0
[ 50.823378][ T389] qlist_free_all+0xc6/0x140
[ 50.827955][ T389] kasan_quarantine_reduce+0x14a/0x170
[ 50.833490][ T389] __kasan_slab_alloc+0x24/0x80
[ 50.838375][ T389] slab_post_alloc_hook+0x4f/0x2d0
[ 50.843485][ T389] __kmem_cache_alloc_node+0x192/0x2c0
[ 50.848930][ T389] kmalloc_trace+0x29/0xb0
[ 50.853356][ T389] kernfs_iop_get_link+0x65/0x620
[ 50.858365][ T389] vfs_readlink+0x18f/0x410
[ 50.862927][ T389]
[ 50.865255][ T389] Memory state around the buggy address:
[ 50.870881][ T389] ffff88811bf40900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.878941][ T389] ffff88811bf40980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.886995][ T389] >ffff88811bf40a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.895040][ T389] ^
[ 50.899097][ T389] ffff88811bf40a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.907146][ T389] ffff88811bf40b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 50.915186][ T389] ==================================================================
[ 50.923230][ T389] Disabling lock debugging due to kernel taint
[ 50.933506][ T28] kauditd_printk_skb: 32 callbacks suppressed
[ 50.933520][ T28] audit: type=1400 audit(1775803476.046:106): avc: denied { read } for pid=84 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 50.961630][ T10] Bluetooth: hci0: Frame reassembly failed (-84)
[ 50.968505][ T28] audit: type=1400 audit(1775803476.046:107): avc: denied { search } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 50.989908][ T28] audit: type=1400 audit(1775803476.046:108): avc: denied { write } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
2026/04/10 06:44:36 executed programs: 53
[ 51.011276][ T28] audit: type=1400 audit(1775803476.046:109): avc: denied { add_name } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 51.032720][ T28] audit: type=1400 audit(1775803476.046:110): avc: denied { create } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 51.053254][ T28] audit: type=1400 audit(1775803476.046:111): avc: denied { append open } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 51.076221][ T28] audit: type=1400 audit(1775803476.046:112): avc: denied { getattr } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 51.098831][ T28] audit: type=1400 audit(1775803476.156:113): avc: denied { write } for pid=282 comm="syz-execprog" path="pipe:[13781]" dev="pipefs" ino=13781 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 51.122122][ T43] Bluetooth: hci3: Frame reassembly failed (-84)
[ 51.126168][ T10] Bluetooth: hci4: Frame reassembly failed (-84)
[ 51.956101][ T424] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 51.956284][ T408] Bluetooth: hci1: command 0x1003 tx timeout
[ 51.975831][ T353] Bluetooth: hci1: Frame reassembly failed (-84)
[ 52.036072][ T397] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 52.036123][ T424] Bluetooth: hci2: command 0x1003 tx timeout
[ 52.061909][ T10] Bluetooth: hci2: Frame reassembly failed (-84)
[ 52.116089][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 52.116091][ C1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[ 52.116115][ C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 52.142419][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B syzkaller #0
[ 52.150906][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 52.160947][ C1] RIP: 0010:__queue_work+0x575/0xd30
[ 52.166245][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 18 45 29 00 4c 89 ff e8 30 fd b8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 5c a1 6e 00 49 8b 7d 00 e8 c3 f8
[ 52.185928][ C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046
[ 52.192010][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff888100330000
[ 52.199973][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 52.207933][ C1] RBP: ffffc900001b0d08 R08: 0000000000000007 R09: fffffffffffffffb
[ 52.215894][ C1] R10: dffffc0000000000 R11: ffffed10237e8139 R12: dffffc0000000000
[ 52.223876][ C1] R13: 0000000000000000 R14: ffff88811bf409c8 R15: 0000000000000008
[ 52.231836][ C1] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 52.240763][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 52.247335][ C1] CR2: 00003542a3756000 CR3: 000000012bf29000 CR4: 00000000003506a0
[ 52.255297][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 52.263259][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 52.271218][ C1] Call Trace:
[ 52.274489][ C1]
[ 52.277392][ C1] delayed_work_timer_fn+0x61/0x80
[ 52.282497][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10
[ 52.288299][ C1] call_timer_fn+0x46/0x2a0
[ 52.292802][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10
[ 52.298597][ C1] __run_timers+0x689/0x9f0
[ 52.303099][ C1] ? calc_index+0x200/0x200
[ 52.307598][ C1] ? kvm_sched_clock_read+0x18/0x40
[ 52.312808][ C1] run_timer_softirq+0x6a/0xf0
[ 52.317562][ C1] handle_softirqs+0x1d7/0x600
[ 52.322311][ C1] ? irqtime_account_irq+0xc4/0x240
[ 52.327497][ C1] __irq_exit_rcu+0x52/0xf0
[ 52.332008][ C1] irq_exit_rcu+0x9/0x10
[ 52.336242][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 52.341865][ C1]
[ 52.344788][ C1]
[ 52.347714][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 52.353689][ C1] RIP: 0010:default_idle+0xf/0x20
[ 52.358716][ C1] Code: 47 d0 b5 fc e9 3d ff ff ff 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d f3 36 65 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[ 52.378312][ C1] RSP: 0018:ffffc90000147dd8 EFLAGS: 00000257
[ 52.384380][ C1] RAX: ffff8881f6f00000 RBX: ffff888100330000 RCX: e582e924a9837e00
[ 52.392438][ C1] RDX: 0000000000000001 RSI: ffffffff85ca8100 RDI: ffffffff85ca80c0
[ 52.400399][ C1] RBP: ffffc90000147dd8 R08: ffff8881f6f348b3 R09: 1ffff1103ede6916
[ 52.408360][ C1] R10: 0000000000000000 R11: ffffffff8500fc00 R12: 0000000000000000
[ 52.416324][ C1] R13: 0000000000000000 R14: ffff888100330000 R15: dffffc0000000000
[ 52.424282][ C1] ? __cfi_default_idle+0x10/0x10
[ 52.429302][ C1] arch_cpu_idle+0x1c/0x20
[ 52.433723][ C1] default_idle_call+0x71/0x1d0
[ 52.438564][ C1] do_idle+0x1a7/0x560
[ 52.442621][ C1] ? irqentry_exit+0x30/0x40
[ 52.447200][ C1] ? common_interrupt+0x70/0xe0
[ 52.452049][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 52.457231][ C1] cpu_startup_entry+0x43/0x60
[ 52.461981][ C1] start_secondary+0x119/0x120
[ 52.466732][ C1] secondary_startup_64_no_verify+0xce/0xdb
[ 52.472616][ C1]
[ 52.475621][ C1] Modules linked in:
[ 52.479589][ C1] ---[ end trace 0000000000000000 ]---
[ 52.485029][ C1] RIP: 0010:__queue_work+0x575/0xd30
[ 52.490313][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 18 45 29 00 4c 89 ff e8 30 fd b8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 5c a1 6e 00 49 8b 7d 00 e8 c3 f8
[ 52.510426][ C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046
[ 52.516498][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff888100330000
[ 52.524474][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 52.532433][ C1] RBP: ffffc900001b0d08 R08: 0000000000000007 R09: fffffffffffffffb
[ 52.540415][ C1] R10: dffffc0000000000 R11: ffffed10237e8139 R12: dffffc0000000000
[ 52.548384][ C1] R13: 0000000000000000 R14: ffff88811bf409c8 R15: 0000000000000008
[ 52.556345][ C1] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[ 52.565263][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 52.571830][ C1] CR2: 00003542a3756000 CR3: 000000012bf29000 CR4: 00000000003506a0
[ 52.579886][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 52.587844][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 52.595816][ C1] Kernel panic - not syncing: Fatal exception in interrupt
[ 52.603421][ C1] Kernel Offset: disabled
[ 52.607732][ C1] Rebooting in 86400 seconds..