Warning: Permanently added '10.128.1.18' (ED25519) to the list of known hosts.
2025/12/06 14:47:50 parsed 1 programs
[ 22.969647][ T28] audit: type=1400 audit(1765032470.720:64): avc: denied { node_bind } for pid=283 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 22.990475][ T28] audit: type=1400 audit(1765032470.720:65): avc: denied { module_request } for pid=283 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 24.100401][ T28] audit: type=1400 audit(1765032471.850:66): avc: denied { mounton } for pid=292 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 24.101791][ T292] cgroup: Unknown subsys name 'net'
[ 24.128334][ T28] audit: type=1400 audit(1765032471.850:67): avc: denied { mount } for pid=292 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 24.150606][ T28] audit: type=1400 audit(1765032471.890:68): avc: denied { unmount } for pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 24.150986][ T292] cgroup: Unknown subsys name 'devices'
[ 24.297629][ T292] cgroup: Unknown subsys name 'hugetlb'
[ 24.303336][ T292] cgroup: Unknown subsys name 'rlimit'
[ 24.445199][ T28] audit: type=1400 audit(1765032472.190:69): avc: denied { setattr } for pid=292 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 24.468397][ T28] audit: type=1400 audit(1765032472.190:70): avc: denied { create } for pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 24.488951][ T28] audit: type=1400 audit(1765032472.190:71): avc: denied { write } for pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 24.490599][ T294] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 24.509445][ T28] audit: type=1400 audit(1765032472.190:72): avc: denied { read } for pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 24.538014][ T28] audit: type=1400 audit(1765032472.190:73): avc: denied { mounton } for pid=292 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 24.576464][ T292] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 25.180963][ T296] request_module fs-gadgetfs succeeded, but still no fs?
[ 25.846305][ T331] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.853478][ T331] bridge0: port 1(bridge_slave_0) entered disabled state
[ 25.861004][ T331] device bridge_slave_0 entered promiscuous mode
[ 25.868047][ T331] bridge0: port 2(bridge_slave_1) entered blocking state
[ 25.875073][ T331] bridge0: port 2(bridge_slave_1) entered disabled state
[ 25.882553][ T331] device bridge_slave_1 entered promiscuous mode
[ 25.933812][ T331] bridge0: port 2(bridge_slave_1) entered blocking state
[ 25.940900][ T331] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 25.948245][ T331] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.955308][ T331] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 25.975656][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 25.982942][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 25.991599][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 25.999285][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 26.008475][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 26.016824][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.023848][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 26.032630][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 26.041047][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.048101][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 26.060472][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 26.069757][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 26.088043][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 26.099281][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 26.107613][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 26.115046][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 26.127418][ T331] device veth0_vlan entered promiscuous mode
[ 26.137749][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 26.146950][ T331] device veth1_macvtap entered promiscuous mode
[ 26.156818][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 26.166728][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 26.206167][ T331] syz-executor (331) used greatest stack depth: 21600 bytes left
2025/12/06 14:47:54 executed programs: 0
[ 26.538123][ T364] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.545183][ T364] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.552735][ T364] device bridge_slave_0 entered promiscuous mode
[ 26.559705][ T364] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.566771][ T364] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.574146][ T364] device bridge_slave_1 entered promiscuous mode
[ 26.630522][ T364] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.637605][ T364] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 26.644871][ T364] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.651924][ T364] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 26.675810][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 26.683573][ T306] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.691014][ T306] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.700593][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 26.708950][ T306] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.715998][ T306] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 26.724934][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 26.733609][ T306] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.740772][ T306] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 26.755180][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 26.765583][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 26.778372][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 26.790626][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 26.798755][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 26.806316][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 26.814342][ T364] device veth0_vlan entered promiscuous mode
[ 26.824963][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 26.834287][ T364] device veth1_macvtap entered promiscuous mode
[ 26.844150][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 26.854912][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 26.863317][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 27.436298][ T8] device bridge_slave_1 left promiscuous mode
[ 27.442458][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 27.450085][ T8] device bridge_slave_0 left promiscuous mode
[ 27.456323][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 27.464257][ T8] device veth1_macvtap left promiscuous mode
[ 27.470429][ T8] device veth0_vlan left promiscuous mode
[ 28.925377][ T376] Bluetooth: hci0: Opcode 0x0c20 failed: -110
[ 28.940380][ T306] Bluetooth: hci0: Frame reassembly failed (-84)
[ 30.995384][ T378] Bluetooth: hci0: command 0x1003 tx timeout
[ 30.995462][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 31.007710][ T380] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 31.022284][ T8] Bluetooth: hci0: Frame reassembly failed (-84)
2025/12/06 14:48:00 executed programs: 5
[ 33.075391][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 33.075419][ T377] Bluetooth: hci0: command 0x1003 tx timeout
[ 33.087675][ T382] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 33.101742][ T306] Bluetooth: hci0: Frame reassembly failed (-84)
[ 35.155407][ T378] Bluetooth: hci0: command 0x1003 tx timeout
[ 35.155424][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 35.167814][ T384] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 35.182975][ T8] Bluetooth: hci0: Frame reassembly failed (-84)
[ 37.235405][ T377] Bluetooth: hci0: command 0x1003 tx timeout
[ 37.235400][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 37.247663][ T386] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 37.260059][ T45] ==================================================================
[ 37.268154][ T45] BUG: KASAN: use-after-free in enqueue_timer+0xae/0x480
[ 37.275207][ T45] Write of size 8 at addr ffff888116148a00 by task kworker/u5:0/45
[ 37.283082][ T45]
[ 37.285399][ T45] CPU: 1 PID: 45 Comm: kworker/u5:0 Not tainted syzkaller #0
[ 37.292757][ T45] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 37.302800][ T45] Workqueue: hci0 hci_power_on
[ 37.307608][ T45] Call Trace:
[ 37.310877][ T45]
[ 37.313803][ T45] __dump_stack+0x21/0x24
[ 37.318128][ T45] dump_stack_lvl+0xee/0x150
[ 37.322706][ T45] ? __cfi_dump_stack_lvl+0x8/0x8
[ 37.327723][ T45] ? select_task_rq_fair+0x56f/0x3490
[ 37.333106][ T45] ? __sched_clock_gtod_offset+0xd0/0xe0
[ 37.338731][ T45] ? enqueue_timer+0xae/0x480
[ 37.343403][ T45] print_address_description+0x71/0x200
[ 37.349065][ T45] print_report+0x4a/0x60
[ 37.353566][ T45] kasan_report+0x122/0x150
[ 37.358066][ T45] ? enqueue_timer+0xae/0x480
[ 37.362740][ T45] __asan_report_store8_noabort+0x17/0x20
[ 37.368459][ T45] enqueue_timer+0xae/0x480
[ 37.372961][ T45] __mod_timer+0x84a/0xbf0
[ 37.377375][ T45] schedule_timeout+0x127/0x2e0
[ 37.382217][ T45] ? __cfi_schedule_timeout+0x10/0x10
[ 37.387579][ T45] ? queue_work_on+0xf8/0x140
[ 37.392250][ T45] ? __cfi_process_timeout+0x10/0x10
[ 37.397535][ T45] ? prepare_to_wait_event+0x40b/0x440
[ 37.403000][ T45] __hci_cmd_sync_sk+0x396/0xcf0
[ 37.407933][ T45] ? __cfi___hci_cmd_sync_sk+0x10/0x10
[ 37.413387][ T45] ? __cfi_autoremove_wake_function+0x10/0x10
[ 37.419454][ T45] ? __kasan_check_read+0x11/0x20
[ 37.424477][ T45] ? kvm_sched_clock_read+0x18/0x40
[ 37.429672][ T45] hci_dev_open_sync+0x13a7/0x3260
[ 37.434782][ T45] ? __cfi_hci_dev_open_sync+0x10/0x10
[ 37.440230][ T45] ? __kasan_check_write+0x14/0x20
[ 37.445333][ T45] ? __switch_to+0x51f/0xe30
[ 37.449914][ T45] ? psi_group_change+0xb73/0x12b0
[ 37.455046][ T45] ? __kasan_check_write+0x14/0x20
[ 37.460160][ T45] ? mutex_lock+0x8d/0x1a0
[ 37.464569][ T45] ? __cfi_mutex_lock+0x10/0x10
[ 37.469435][ T45] ? kthread_data+0x50/0xc0
[ 37.473928][ T45] ? _raw_spin_unlock+0x4c/0x70
[ 37.478793][ T45] hci_power_on+0x195/0x5c0
[ 37.483287][ T45] ? __cfi_hci_power_on+0x10/0x10
[ 37.488308][ T45] ? __schedule+0xb8f/0x14e0
[ 37.493150][ T45] ? __cfi__raw_spin_lock_irq+0x10/0x10
[ 37.498689][ T45] process_one_work+0x71f/0xc40
[ 37.503530][ T45] worker_thread+0xa29/0x11f0
[ 37.508210][ T45] kthread+0x281/0x320
[ 37.512269][ T45] ? __cfi_worker_thread+0x10/0x10
[ 37.517371][ T45] ? __cfi_kthread+0x10/0x10
[ 37.521960][ T45] ret_from_fork+0x1f/0x30
[ 37.526372][ T45]
[ 37.529380][ T45]
[ 37.531693][ T45] Allocated by task 386:
[ 37.535943][ T45] kasan_set_track+0x4b/0x70
[ 37.540531][ T45] kasan_save_alloc_info+0x25/0x30
[ 37.545638][ T45] __kasan_kmalloc+0x95/0xb0
[ 37.550218][ T45] __kmalloc+0xb1/0x1e0
[ 37.554371][ T45] hci_alloc_dev_priv+0x27/0x1bd0
[ 37.559392][ T45] hci_uart_tty_ioctl+0x3d6/0xa20
[ 37.564423][ T45] tty_ioctl+0x8ef/0xc60
[ 37.568688][ T45] __se_sys_ioctl+0x12f/0x1b0
[ 37.573372][ T45] __x64_sys_ioctl+0x7b/0x90
[ 37.577965][ T45] x64_sys_call+0x58b/0x9a0
[ 37.582487][ T45] do_syscall_64+0x4c/0xa0
[ 37.586903][ T45] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 37.592819][ T45]
[ 37.595135][ T45] Freed by task 386:
[ 37.599020][ T45] kasan_set_track+0x4b/0x70
[ 37.603608][ T45] kasan_save_free_info+0x31/0x50
[ 37.608633][ T45] ____kasan_slab_free+0x132/0x180
[ 37.613740][ T45] __kasan_slab_free+0x11/0x20
[ 37.618498][ T45] slab_free_freelist_hook+0xc2/0x190
[ 37.623867][ T45] __kmem_cache_free+0xb7/0x1b0
[ 37.628714][ T45] kfree+0x6f/0xf0
[ 37.632431][ T45] hci_release_dev+0x12a3/0x13b0
[ 37.637362][ T45] bt_host_release+0x82/0x90
[ 37.641953][ T45] device_release+0xa4/0x1d0
[ 37.646540][ T45] kobject_put+0x19d/0x280
[ 37.650953][ T45] put_device+0x1f/0x30
[ 37.655106][ T45] hci_dev_cmd+0x265/0x720
[ 37.659517][ T45] hci_sock_ioctl+0x41e/0x7f0
[ 37.664188][ T45] sock_do_ioctl+0x101/0x310
[ 37.668778][ T45] sock_ioctl+0x4d8/0x6e0
[ 37.673101][ T45] __se_sys_ioctl+0x12f/0x1b0
[ 37.677765][ T45] __x64_sys_ioctl+0x7b/0x90
[ 37.682343][ T45] x64_sys_call+0x58b/0x9a0
[ 37.686836][ T45] do_syscall_64+0x4c/0xa0
[ 37.691245][ T45] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 37.697137][ T45]
[ 37.699448][ T45] Last potentially related work creation:
[ 37.705250][ T45] kasan_save_stack+0x3a/0x60
[ 37.709920][ T45] __kasan_record_aux_stack+0xb6/0xc0
[ 37.715293][ T45] kasan_record_aux_stack_noalloc+0xb/0x10
[ 37.721095][ T45] insert_work+0x51/0x300
[ 37.725412][ T45] __queue_work+0x9b1/0xd30
[ 37.729910][ T45] queue_work_on+0xd2/0x140
[ 37.734409][ T45] __hci_cmd_sync_sk+0xa3e/0xcf0
[ 37.739341][ T45] hci_cmd_sync_status+0x53/0x120
[ 37.744356][ T45] hci_dev_cmd+0x628/0x720
[ 37.748762][ T45] hci_sock_ioctl+0x41e/0x7f0
[ 37.753433][ T45] sock_do_ioctl+0x101/0x310
[ 37.758017][ T45] sock_ioctl+0x4d8/0x6e0
[ 37.762354][ T45] __se_sys_ioctl+0x12f/0x1b0
[ 37.767021][ T45] __x64_sys_ioctl+0x7b/0x90
[ 37.771601][ T45] x64_sys_call+0x58b/0x9a0
[ 37.776093][ T45] do_syscall_64+0x4c/0xa0
[ 37.780502][ T45] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 37.786390][ T45]
[ 37.788703][ T45] Second to last potentially related work creation:
[ 37.795270][ T45] kasan_save_stack+0x3a/0x60
[ 37.799969][ T45] __kasan_record_aux_stack+0xb6/0xc0
[ 37.805338][ T45] kasan_record_aux_stack_noalloc+0xb/0x10
[ 37.811140][ T45] insert_work+0x51/0x300
[ 37.815458][ T45] __queue_work+0x9b1/0xd30
[ 37.820041][ T45] queue_work_on+0xd2/0x140
[ 37.824534][ T45] hci_cmd_timeout+0x191/0x200
[ 37.829292][ T45] process_one_work+0x71f/0xc40
[ 37.834131][ T45] worker_thread+0xa29/0x11f0
[ 37.838798][ T45] kthread+0x281/0x320
[ 37.842859][ T45] ret_from_fork+0x1f/0x30
[ 37.847266][ T45]
[ 37.849577][ T45] The buggy address belongs to the object at ffff888116148000
[ 37.849577][ T45] which belongs to the cache kmalloc-8k of size 8192
[ 37.863615][ T45] The buggy address is located 2560 bytes inside of
[ 37.863615][ T45] 8192-byte region [ffff888116148000, ffff88811614a000)
[ 37.877138][ T45]
[ 37.879451][ T45] The buggy address belongs to the physical page:
[ 37.885865][ T45] page:ffffea0004585200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x116148
[ 37.896095][ T45] head:ffffea0004585200 order:3 compound_mapcount:0 compound_pincount:0
[ 37.904407][ T45] flags: 0x4000000000010200(slab|head|zone=1)
[ 37.910483][ T45] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043500
[ 37.919075][ T45] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[ 37.927642][ T45] page dumped because: kasan: bad access detected
[ 37.934051][ T45] page_owner tracks the page as allocated
[ 37.939751][ T45] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 386, tgid 385 (syz.2.21), ts 35180576010, free_ts 35179794932
[ 37.962054][ T45] post_alloc_hook+0x1f5/0x210
[ 37.966820][ T45] prep_new_page+0x1c/0x110
[ 37.971318][ T45] get_page_from_freelist+0x2c7b/0x2cf0
[ 37.976856][ T45] __alloc_pages+0x1c3/0x450
[ 37.981437][ T45] alloc_slab_page+0x6e/0xf0
[ 37.986043][ T45] new_slab+0x98/0x3d0
[ 37.990190][ T45] ___slab_alloc+0x6bd/0xb20
[ 37.994770][ T45] __slab_alloc+0x5e/0xa0
[ 37.999094][ T45] __kmem_cache_alloc_node+0x203/0x2c0
[ 38.004545][ T45] __kmalloc+0xa1/0x1e0
[ 38.008697][ T45] hci_alloc_dev_priv+0x27/0x1bd0
[ 38.013717][ T45] hci_uart_tty_ioctl+0x3d6/0xa20
[ 38.018735][ T45] tty_ioctl+0x8ef/0xc60
[ 38.022969][ T45] __se_sys_ioctl+0x12f/0x1b0
[ 38.027631][ T45] __x64_sys_ioctl+0x7b/0x90
[ 38.032209][ T45] x64_sys_call+0x58b/0x9a0
[ 38.036703][ T45] page last free stack trace:
[ 38.041375][ T45] free_unref_page_prepare+0x742/0x750
[ 38.046834][ T45] free_unref_page+0x8f/0x530
[ 38.051550][ T45] __free_pages+0x67/0x100
[ 38.055970][ T45] __free_slab+0xca/0x1a0
[ 38.060296][ T45] __unfreeze_partials+0x160/0x190
[ 38.065408][ T45] put_cpu_partial+0xa9/0x100
[ 38.070085][ T45] __slab_free+0x1c4/0x280
[ 38.074494][ T45] ___cache_free+0xbf/0xd0
[ 38.078904][ T45] qlist_free_all+0xc6/0x140
[ 38.083489][ T45] kasan_quarantine_reduce+0x14a/0x170
[ 38.088974][ T45] __kasan_slab_alloc+0x24/0x80
[ 38.093906][ T45] slab_post_alloc_hook+0x4f/0x2d0
[ 38.099014][ T45] kmem_cache_alloc+0x16e/0x330
[ 38.103855][ T45] vm_area_dup+0x65/0x280
[ 38.108181][ T45] __split_vma+0x1d9/0x980
[ 38.112590][ T45] split_vma+0x7c/0xd0
[ 38.116657][ T45]
[ 38.118970][ T45] Memory state around the buggy address:
[ 38.124585][ T45] ffff888116148900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 38.132637][ T45] ffff888116148980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 38.140703][ T45] >ffff888116148a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 38.148747][ T45] ^
[ 38.152800][ T45] ffff888116148a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 38.160866][ T45] ffff888116148b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 38.168916][ T45] ==================================================================
[ 38.176969][ T45] Disabling lock debugging due to kernel taint
2025/12/06 14:48:05 executed programs: 7
[ 38.185406][ T306] Bluetooth: hci0: Frame reassembly failed (-84)
[ 38.190101][ T28] kauditd_printk_skb: 33 callbacks suppressed
[ 38.190116][ T28] audit: type=1400 audit(1765032485.940:107): avc: denied { read } for pid=84 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 38.219832][ T28] audit: type=1400 audit(1765032485.940:108): avc: denied { search } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 38.241323][ T28] audit: type=1400 audit(1765032485.940:109): avc: denied { write } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 38.262713][ T28] audit: type=1400 audit(1765032485.940:110): avc: denied { add_name } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 38.283325][ T28] audit: type=1400 audit(1765032485.950:111): avc: denied { create } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 38.303775][ T28] audit: type=1400 audit(1765032485.950:112): avc: denied { append open } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 38.326637][ T28] audit: type=1400 audit(1765032485.950:113): avc: denied { getattr } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 39.315389][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 39.315404][ C1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[ 39.333219][ C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 39.341615][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B syzkaller #0
[ 39.350276][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 39.360323][ C1] RIP: 0010:__queue_work+0x575/0xd30
[ 39.365609][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 78 e3 28 00 4c 89 ff e8 00 26 ad 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 dc 5c 6d 00 49 8b 7d 00 e8 e3 21
[ 39.385212][ C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046
[ 39.391268][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff888100330000
[ 39.399249][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 39.407413][ C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007
[ 39.415376][ C1] R10: ffffed1022c29139 R11: 1ffff11022c29139 R12: dffffc0000000000
[ 39.423339][ C1] R13: 0000000000000000 R14: ffff8881161489c8 R15: 0000000000000008
[ 39.431299][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 39.440217][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 39.446796][ C1] CR2: 0000001b33763fff CR3: 000000012108d000 CR4: 00000000003506a0
[ 39.454761][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 39.462741][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 39.470703][ C1] Call Trace:
[ 39.473978][ C1]
[ 39.476847][ C1] delayed_work_timer_fn+0x61/0x80
[ 39.481961][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10
[ 39.487781][ C1] call_timer_fn+0x46/0x2a0
[ 39.492288][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10
[ 39.498090][ C1] __run_timers+0x672/0x9b0
[ 39.502599][ C1] ? calc_index+0x200/0x200
[ 39.507106][ C1] ? kvm_sched_clock_read+0x18/0x40
[ 39.512307][ C1] run_timer_softirq+0x6a/0xf0
[ 39.517074][ C1] handle_softirqs+0x1d7/0x600
[ 39.521831][ C1] ? irqtime_account_irq+0xc4/0x240
[ 39.527032][ C1] __irq_exit_rcu+0x52/0xf0
[ 39.531541][ C1] irq_exit_rcu+0x9/0x10
[ 39.535781][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 39.541411][ C1]
[ 39.544332][ C1]
[ 39.547257][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 39.553237][ C1] RIP: 0010:default_idle+0xf/0x20
[ 39.558254][ C1] Code: e9 47 ff ff ff 00 00 cc cc 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 33 f0 51 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[ 39.577854][ C1] RSP: 0018:ffffc90000147dd8 EFLAGS: 00000257
[ 39.583919][ C1] RAX: ffff8881f7100000 RBX: ffff888100330000 RCX: 70eb1f203b9e3600
[ 39.591884][ C1] RDX: 0000000000000001 RSI: ffffffff85aa1640 RDI: ffffffff85aa1600
[ 39.599851][ C1] RBP: ffffc90000147dd8 R08: dffffc0000000000 R09: ffffed103ee26917
[ 39.607819][ C1] R10: 0000000000000000 R11: ffffffff84f44280 R12: 0000000000000000
[ 39.615783][ C1] R13: 0000000000000000 R14: ffff888100330000 R15: dffffc0000000000
[ 39.623754][ C1] ? __cfi_default_idle+0x10/0x10
[ 39.628782][ C1] arch_cpu_idle+0x1c/0x20
[ 39.633198][ C1] default_idle_call+0x71/0x1d0
[ 39.638042][ C1] do_idle+0x1a7/0x520
[ 39.642108][ C1] ? try_to_wake_up+0x613/0x1220
[ 39.647040][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 39.652231][ C1] ? _raw_spin_unlock_irqrestore+0x5a/0x80
[ 39.658031][ C1] ? complete+0x167/0x1c0
[ 39.662362][ C1] cpu_startup_entry+0x43/0x60
[ 39.667130][ C1] start_secondary+0x119/0x120
[ 39.671898][ C1] secondary_startup_64_no_verify+0xce/0xdb
[ 39.677787][ C1]
[ 39.680798][ C1] Modules linked in:
[ 39.684712][ C1] ---[ end trace 0000000000000000 ]---
[ 39.690157][ C1] RIP: 0010:__queue_work+0x575/0xd30
[ 39.695439][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 78 e3 28 00 4c 89 ff e8 00 26 ad 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 dc 5c 6d 00 49 8b 7d 00 e8 e3 21
[ 39.715038][ C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046
[ 39.721102][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff888100330000
[ 39.729069][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 39.737037][ C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007
[ 39.745006][ C1] R10: ffffed1022c29139 R11: 1ffff11022c29139 R12: dffffc0000000000
[ 39.752981][ C1] R13: 0000000000000000 R14: ffff8881161489c8 R15: 0000000000000008
[ 39.760952][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 39.769880][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 39.776464][ C1] CR2: 0000001b33763fff CR3: 000000012108d000 CR4: 00000000003506a0
[ 39.784443][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 39.792412][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 39.800387][ C1] Kernel panic - not syncing: Fatal exception in interrupt
[ 39.807847][ C1] Kernel Offset: disabled
[ 39.812169][ C1] Rebooting in 86400 seconds..