T28] audit: type=1400 audit(1755133292.268:62): avc: denied { rlimitinh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 13.781165][ T28] audit: type=1400 audit(1755133292.268:63): avc: denied { siginh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '10.128.1.161' (ED25519) to the list of known hosts.
2025/08/14 01:01:40 ignoring optional flag "sandboxArg"="0"
2025/08/14 01:01:41 parsed 1 programs
[ 23.028603][ T28] audit: type=1400 audit(1755133301.528:64): avc: denied { node_bind } for pid=283 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 23.049265][ T28] audit: type=1400 audit(1755133301.528:65): avc: denied { module_request } for pid=283 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 23.774688][ T28] audit: type=1400 audit(1755133302.278:66): avc: denied { mounton } for pid=292 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 23.775689][ T292] cgroup: Unknown subsys name 'net'
[ 23.797331][ T28] audit: type=1400 audit(1755133302.278:67): avc: denied { mount } for pid=292 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 23.824608][ T28] audit: type=1400 audit(1755133302.308:68): avc: denied { unmount } for pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 23.824794][ T292] cgroup: Unknown subsys name 'devices'
[ 23.934125][ T292] cgroup: Unknown subsys name 'hugetlb'
[ 23.939730][ T292] cgroup: Unknown subsys name 'rlimit'
[ 24.076824][ T28] audit: type=1400 audit(1755133302.578:69): avc: denied { setattr } for pid=292 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 24.097541][ T295] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 24.100289][ T28] audit: type=1400 audit(1755133302.578:70): avc: denied { create } for pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 24.120587][ T292] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 24.129148][ T28] audit: type=1400 audit(1755133302.578:71): avc: denied { write } for pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 24.158126][ T28] audit: type=1400 audit(1755133302.578:72): avc: denied { read } for pid=292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 24.178425][ T28] audit: type=1400 audit(1755133302.578:73): avc: denied { mounton } for pid=292 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 24.912627][ T301] request_module fs-gadgetfs succeeded, but still no fs?
[ 25.400831][ T337] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.410449][ T337] bridge0: port 1(bridge_slave_0) entered disabled state
[ 25.418100][ T337] device bridge_slave_0 entered promiscuous mode
[ 25.426558][ T337] bridge0: port 2(bridge_slave_1) entered blocking state
[ 25.433630][ T337] bridge0: port 2(bridge_slave_1) entered disabled state
[ 25.440906][ T337] device bridge_slave_1 entered promiscuous mode
[ 25.517413][ T337] bridge0: port 2(bridge_slave_1) entered blocking state
[ 25.524491][ T337] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 25.531776][ T337] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.538833][ T337] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 25.563632][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 25.571352][ T312] bridge0: port 1(bridge_slave_0) entered disabled state
[ 25.578849][ T312] bridge0: port 2(bridge_slave_1) entered disabled state
[ 25.593203][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 25.601414][ T312] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.608479][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 25.616958][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 25.625243][ T312] bridge0: port 2(bridge_slave_1) entered blocking state
[ 25.632559][ T312] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 25.652994][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 25.662256][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 25.670338][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 25.679754][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 25.698072][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 25.718180][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 25.728958][ T337] device veth0_vlan entered promiscuous mode
[ 25.744284][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 25.753227][ T337] device veth1_macvtap entered promiscuous mode
2025/08/14 01:01:44 executed programs: 0
[ 25.761781][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 25.771834][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 25.942929][ T367] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.949985][ T367] bridge0: port 1(bridge_slave_0) entered disabled state
[ 25.957522][ T367] device bridge_slave_0 entered promiscuous mode
[ 25.964317][ T368] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.971343][ T368] bridge0: port 1(bridge_slave_0) entered disabled state
[ 25.978724][ T368] device bridge_slave_0 entered promiscuous mode
[ 25.985802][ T368] bridge0: port 2(bridge_slave_1) entered blocking state
[ 25.992904][ T368] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.000188][ T368] device bridge_slave_1 entered promiscuous mode
[ 26.013757][ T367] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.020787][ T367] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.028243][ T367] device bridge_slave_1 entered promiscuous mode
[ 26.117780][ T371] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.124913][ T371] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.132471][ T371] device bridge_slave_0 entered promiscuous mode
[ 26.144822][ T373] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.151852][ T373] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.159438][ T373] device bridge_slave_0 entered promiscuous mode
[ 26.176549][ T371] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.183636][ T371] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.190905][ T371] device bridge_slave_1 entered promiscuous mode
[ 26.206618][ T373] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.213770][ T373] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.221222][ T373] device bridge_slave_1 entered promiscuous mode
[ 26.254654][ T372] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.261680][ T372] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.269380][ T372] device bridge_slave_0 entered promiscuous mode
[ 26.293009][ T372] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.300048][ T372] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.307508][ T372] device bridge_slave_1 entered promiscuous mode
[ 26.479510][ T371] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.486594][ T371] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 26.494595][ T371] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.501609][ T371] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 26.517965][ T373] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.525032][ T373] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 26.532303][ T373] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.539312][ T373] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 26.556258][ T372] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.563315][ T372] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 26.570540][ T372] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.577564][ T372] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 26.631270][ T312] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.639180][ T312] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.647606][ T312] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.655027][ T312] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.662453][ T312] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.669631][ T312] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.677973][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 26.685402][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 26.718557][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 26.726617][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 26.735224][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 26.743595][ T312] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.750606][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 26.758138][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 26.766648][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 26.774832][ T312] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.781834][ T312] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 26.789197][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 26.797481][ T312] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.804542][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 26.812058][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 26.820348][ T312] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.827385][ T312] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 26.834761][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 26.842752][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 26.850161][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 26.857741][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 26.866088][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 26.874438][ T312] bridge0: port 1(bridge_slave_0) entered blocking state
[ 26.881480][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 26.889112][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 26.897458][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 26.905656][ T312] bridge0: port 2(bridge_slave_1) entered blocking state
[ 26.912672][ T312] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 26.920034][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 26.927796][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 26.957306][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 26.965730][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 26.973805][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 26.981748][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 26.989997][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 26.998222][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 27.005775][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 27.014075][ T312] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.021089][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.028500][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 27.036723][ T312] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.043759][ T312] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.065898][ T371] device veth0_vlan entered promiscuous mode
[ 27.077399][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 27.084992][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 27.092632][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 27.100992][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 27.109393][ T312] bridge0: port 1(bridge_slave_0) entered blocking state
[ 27.116464][ T312] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 27.123957][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 27.132846][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 27.140941][ T312] bridge0: port 2(bridge_slave_1) entered blocking state
[ 27.147975][ T312] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 27.155360][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 27.163725][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 27.171660][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 27.179813][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 27.187852][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 27.196307][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 27.204639][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 27.212519][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 27.220361][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 27.228743][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 27.237164][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 27.244647][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 27.261579][ T371] device veth1_macvtap entered promiscuous mode
[ 27.268613][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 27.276516][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 27.284728][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 27.292958][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 27.300950][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 27.316607][ T368] device veth0_vlan entered promiscuous mode
[ 27.331481][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 27.340158][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 27.348696][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 27.356914][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 27.365288][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 27.373628][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 27.381898][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 27.390376][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 27.398837][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 27.407424][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 27.415844][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 27.423311][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 27.437031][ T373] device veth0_vlan entered promiscuous mode
[ 27.449068][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 27.457537][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 27.466222][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 27.474363][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 27.482951][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 27.490785][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 27.498798][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 27.506349][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 27.513968][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 27.521353][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 27.529646][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 27.538274][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 27.547895][ T367] device veth0_vlan entered promiscuous mode
[ 27.557397][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 27.565856][ T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 27.579319][ T420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 27.587964][ T420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 27.597759][ T373] device veth1_macvtap entered promiscuous mode
[ 27.613622][ T368] device veth1_macvtap entered promiscuous mode
[ 27.626432][ T372] device veth0_vlan entered promiscuous mode
[ 27.639295][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 27.647140][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 27.654988][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 27.663618][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 27.671734][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 27.679775][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 27.687928][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 27.696351][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 27.705052][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 27.713474][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 27.721747][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 27.730129][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 27.738636][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 27.746915][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 27.755243][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 27.762737][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 27.771871][ T367] device veth1_macvtap entered promiscuous mode
[ 27.801379][ T372] device veth1_macvtap entered promiscuous mode
[ 27.810464][ T43] Bluetooth: hci1: Frame reassembly failed (-84)
[ 27.818643][ T420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 27.827305][ T420] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 27.837992][ T420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 27.840750][ T312] Bluetooth: hci2: Frame reassembly failed (-84)
[ 27.856267][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 27.864704][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 27.883499][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 27.891786][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 27.900370][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 27.908882][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 27.917390][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 27.925861][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 27.956483][ T43] Bluetooth: hci3: Frame reassembly failed (-84)
[ 27.960635][ T312] Bluetooth: hci4: Frame reassembly failed (-84)
[ 28.302584][ T8] device bridge_slave_1 left promiscuous mode
[ 28.308752][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 28.316361][ T8] device bridge_slave_0 left promiscuous mode
[ 28.322566][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 28.330451][ T8] device veth1_macvtap left promiscuous mode
[ 28.336695][ T8] device veth0_vlan left promiscuous mode
[ 29.691994][ T421] Bluetooth: hci0: Opcode 0x0c20 failed: -110
[ 29.852007][ T432] Bluetooth: hci2: command 0x1003 tx timeout
[ 29.852026][ T426] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 29.862029][ T423] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 29.864173][ T426] Bluetooth: hci1: command 0x1003 tx timeout
[ 30.012019][ T430] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 30.012048][ T428] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 30.018150][ T430] Bluetooth: hci3: command 0x1003 tx timeout
2025/08/14 01:01:50 executed programs: 15
[ 31.772100][ T430] Bluetooth: hci0: command 0x0c20 tx timeout
[ 31.772283][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 31.778473][ T430] Bluetooth: hci0: sending frame failed (-49)
[ 31.790511][ T425] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[ 31.796483][ T427] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[ 31.806013][ T429] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[ 31.812154][ T431] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[ 31.846933][ T312] Bluetooth: hci0: Frame reassembly failed (-84)
[ 31.901396][ T420] Bluetooth: hci2: Frame reassembly failed (-84)
[ 31.901623][ T312] Bluetooth: hci1: Frame reassembly failed (-84)
[ 31.914538][ T8] Bluetooth: hci3: Frame reassembly failed (-84)
[ 33.851987][ T426] Bluetooth: hci0: command 0x1003 tx timeout
[ 33.851993][ T430] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 33.852016][ T426] Bluetooth: hci5: command 0x1003 tx timeout
[ 33.858004][ T45] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 33.864549][ T437] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 33.884112][ T420] Bluetooth: hci4: Frame reassembly failed (-84)
[ 33.932009][ T432] Bluetooth: hci2: command 0x1003 tx timeout
[ 33.932021][ T422] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 33.932057][ T422] Bluetooth: hci1: command 0x1003 tx timeout
[ 33.941975][ T423] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 33.944474][ T428] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 34.905716][ T438] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[ 34.911848][ T440] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 34.918383][ T439] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 34.935082][ T8] Bluetooth: hci0: Frame reassembly failed (-84)
[ 34.977760][ T420] Bluetooth: hci1: Frame reassembly failed (-84)
[ 35.007387][ T420] Bluetooth: hci3: Frame reassembly failed (-84)
[ 35.007622][ T8] Bluetooth: hci2: Frame reassembly failed (-84)
[ 35.931990][ T45] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 35.932009][ T432] Bluetooth: hci4: command 0x1003 tx timeout
[ 35.950213][ T420] Bluetooth: hci4: Frame reassembly failed (-84)
[ 36.972036][ T430] Bluetooth: hci0: command 0x1003 tx timeout
[ 36.972162][ T428] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 36.984295][ T442] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 36.990470][ T443] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 37.051988][ T422] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 37.051988][ T426] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 37.052038][ T422] Bluetooth: hci2: command 0x1003 tx timeout
[ 37.058191][ T423] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 37.064505][ T428] Bluetooth: hci1: command 0x1003 tx timeout
[ 37.088136][ T420] Bluetooth: hci1: Frame reassembly failed (-84)
2025/08/14 01:01:55 executed programs: 26
[ 38.010006][ T444] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[ 38.012003][ T423] Bluetooth: hci4: command 0x1003 tx timeout
[ 38.015963][ T45] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 38.028212][ T445] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 38.034321][ T446] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 38.046731][ T8] Bluetooth: hci0: Frame reassembly failed (-84)
[ 38.091837][ T420] Bluetooth: hci3: Frame reassembly failed (-84)
[ 38.098975][ T312] Bluetooth: hci2: Frame reassembly failed (-84)
[ 38.105214][ T420] Bluetooth: hci4: Frame reassembly failed (-84)
[ 39.132030][ T430] Bluetooth: hci1: command 0x1003 tx timeout
[ 39.132047][ T422] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 39.150225][ T43] Bluetooth: hci1: Frame reassembly failed (-84)
[ 40.092002][ T432] Bluetooth: hci3: command 0x1003 tx timeout
[ 40.092002][ T428] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 40.092042][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 40.098064][ T432] Bluetooth: hci0: command 0x1003 tx timeout
[ 40.116329][ T448] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 40.122506][ T449] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 40.128788][ T450] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 40.134975][ T451] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 40.141337][ T453] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 40.172021][ T426] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 40.172039][ T423] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 40.172077][ T423] Bluetooth: hci4: command 0x1003 tx timeout
[ 40.197480][ T43] Bluetooth: hci0: Frame reassembly failed (-84)
[ 40.204832][ T420] Bluetooth: hci2: Frame reassembly failed (-84)
[ 40.208260][ T8] Bluetooth: hci3: Frame reassembly failed (-84)
[ 40.229820][ T43] Bluetooth: hci4: Frame reassembly failed (-84)
[ 41.211983][ T432] Bluetooth: hci1: command 0x1003 tx timeout
[ 41.211979][ T452] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 41.231486][ T8] Bluetooth: hci1: Frame reassembly failed (-84)
[ 42.171962][ C1] ==================================================================
[ 42.180130][ C1] BUG: KASAN: use-after-free in __run_timers+0x32b/0x9a0
[ 42.187161][ C1] Write of size 8 at addr ffff88811c708a00 by task swapper/1/0
[ 42.194707][ C1]
[ 42.197020][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.1.145-syzkaller-00002-gc750dc582629 #0
[ 42.206451][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 42.216616][ C1] Call Trace:
[ 42.219906][ C1]
[ 42.222736][ C1] __dump_stack+0x21/0x24
[ 42.227055][ C1] dump_stack_lvl+0xee/0x150
[ 42.231637][ C1] ? __cfi_dump_stack_lvl+0x8/0x8
[ 42.236671][ C1] ? update_rq_clock+0x536/0x5c0
[ 42.241590][ C1] ? __run_timers+0x32b/0x9a0
[ 42.246246][ C1] print_address_description+0x71/0x210
[ 42.251771][ C1] print_report+0x4a/0x60
[ 42.256078][ C1] kasan_report+0x122/0x150
[ 42.260563][ C1] ? __run_timers+0x32b/0x9a0
[ 42.265216][ C1] __asan_report_store8_noabort+0x17/0x20
[ 42.270916][ C1] __run_timers+0x32b/0x9a0
[ 42.275406][ C1] ? sched_clock+0x9/0x10
[ 42.279715][ C1] ? sched_clock_cpu+0x6e/0x250
[ 42.284689][ C1] ? calc_index+0x200/0x200
[ 42.289179][ C1] ? kvm_sched_clock_read+0x18/0x40
[ 42.294355][ C1] run_timer_softirq+0x6a/0xf0
[ 42.299097][ C1] handle_softirqs+0x1d7/0x600
[ 42.302782][ T432] Bluetooth: hci4: command 0x1003 tx timeout
[ 42.303923][ C1] ? irqtime_account_irq+0xc4/0x240
[ 42.303948][ C1] __irq_exit_rcu+0x52/0xf0
[ 42.303962][ C1] irq_exit_rcu+0x9/0x10
[ 42.303974][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 42.303994][ C1]
[ 42.303999][ C1]
[ 42.304003][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 42.304022][ C1] RIP: 0010:default_idle+0xf/0x20
[ 42.304042][ C1] Code: e9 47 ff ff ff 00 00 cc cc 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 53 d2 52 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[ 42.304055][ C1] RSP: 0018:ffffc90000147dd8 EFLAGS: 00000257
[ 42.304072][ C1] RAX: ffff8881f7100000 RBX: ffff8881003b6540 RCX: e2f16561acccac00
[ 42.304085][ C1] RDX: 0000000000000001 RSI: ffffffff85aa0bc0 RDI: ffffffff85aa0b80
[ 42.304094][ C1] RBP: ffffc90000147dd8 R08: dffffc0000000000 R09: ffffed103ee26917
[ 42.304105][ C1] R10: 0000000000000000 R11: ffffffff84f36120 R12: 0000000000000000
[ 42.304116][ C1] R13: 0000000000000000 R14: ffff8881003b6540 R15: dffffc0000000000
[ 42.304129][ C1] ? __cfi_default_idle+0x10/0x10
[ 42.304153][ C1] arch_cpu_idle+0x1c/0x20
[ 42.304168][ C1] default_idle_call+0x71/0x1d0
[ 42.304188][ C1] do_idle+0x1a7/0x520
[ 42.304204][ C1] ? try_to_wake_up+0x613/0x1220
[ 42.304224][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 42.304242][ C1] ? _raw_spin_unlock_irqrestore+0x5a/0x80
[ 42.304268][ C1] ? complete+0x167/0x1c0
[ 42.304290][ C1] cpu_startup_entry+0x43/0x60
[ 42.310265][ T432] Bluetooth: hci3: command 0x1003 tx timeout
[ 42.315429][ C1] start_secondary+0x119/0x120
[ 42.315448][ C1] secondary_startup_64_no_verify+0xce/0xdb
[ 42.315466][ C1]
[ 42.315472][ C1]
[ 42.315475][ C1] Allocated by task 448:
[ 42.315481][ C1] kasan_set_track+0x4b/0x70
[ 42.319990][ T45] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 42.324547][ C1] kasan_save_alloc_info+0x25/0x30
[ 42.324569][ C1] __kasan_kmalloc+0x95/0xb0
[ 42.330271][ T423] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 42.333171][ C1] __kmalloc+0xb1/0x1e0
[ 42.333192][ C1] hci_alloc_dev_priv+0x27/0x1bd0
[ 42.517782][ C1] hci_uart_tty_ioctl+0x3d6/0xa20
[ 42.522789][ C1] tty_ioctl+0x8ef/0xc60
[ 42.527005][ C1] __se_sys_ioctl+0x12f/0x1b0
[ 42.531657][ C1] __x64_sys_ioctl+0x7b/0x90
[ 42.536219][ C1] x64_sys_call+0x58b/0x9a0
[ 42.540696][ C1] do_syscall_64+0x4c/0xa0
[ 42.545117][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 42.551004][ C1]
[ 42.553318][ C1] Freed by task 453:
[ 42.557182][ C1] kasan_set_track+0x4b/0x70
[ 42.561769][ C1] kasan_save_free_info+0x31/0x50
[ 42.566788][ C1] ____kasan_slab_free+0x132/0x180
[ 42.571881][ C1] __kasan_slab_free+0x11/0x20
[ 42.576616][ C1] slab_free_freelist_hook+0xc2/0x190
[ 42.581962][ C1] __kmem_cache_free+0xb7/0x1b0
[ 42.586809][ C1] kfree+0x6f/0xf0
[ 42.590621][ C1] hci_release_dev+0x12a3/0x13b0
[ 42.595556][ C1] bt_host_release+0x82/0x90
[ 42.600130][ C1] device_release+0xa4/0x1d0
[ 42.604761][ C1] kobject_put+0x19d/0x280
[ 42.609238][ C1] put_device+0x1f/0x30
[ 42.613372][ C1] hci_dev_cmd+0x265/0x720
[ 42.617775][ C1] hci_sock_ioctl+0x41e/0x7f0
[ 42.622509][ C1] sock_do_ioctl+0x101/0x310
[ 42.627072][ C1] sock_ioctl+0x4d8/0x6e0
[ 42.631374][ C1] __se_sys_ioctl+0x12f/0x1b0
[ 42.636018][ C1] __x64_sys_ioctl+0x7b/0x90
[ 42.640577][ C1] x64_sys_call+0x58b/0x9a0
[ 42.645140][ C1] do_syscall_64+0x4c/0xa0
[ 42.649531][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 42.655396][ C1]
[ 42.657695][ C1] Last potentially related work creation:
[ 42.663386][ C1] kasan_save_stack+0x3a/0x60
[ 42.668051][ C1] __kasan_record_aux_stack+0xb6/0xc0
[ 42.673418][ C1] kasan_record_aux_stack_noalloc+0xb/0x10
[ 42.679287][ C1] insert_work+0x51/0x300
[ 42.683612][ C1] __queue_work+0x9b1/0xd30
[ 42.688092][ C1] queue_work_on+0xd2/0x140
[ 42.692602][ C1] __hci_cmd_sync_sk+0xa3e/0xcf0
[ 42.697528][ C1] hci_cmd_sync_status+0x53/0x120
[ 42.702547][ C1] hci_dev_cmd+0x628/0x720
[ 42.706952][ C1] hci_sock_ioctl+0x41e/0x7f0
[ 42.711602][ C1] sock_do_ioctl+0x101/0x310
[ 42.716171][ C1] sock_ioctl+0x4d8/0x6e0
[ 42.720476][ C1] __se_sys_ioctl+0x12f/0x1b0
[ 42.725142][ C1] __x64_sys_ioctl+0x7b/0x90
[ 42.729724][ C1] x64_sys_call+0x58b/0x9a0
[ 42.734203][ C1] do_syscall_64+0x4c/0xa0
[ 42.738712][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 42.744593][ C1]
[ 42.746898][ C1] Second to last potentially related work creation:
[ 42.753900][ C1] kasan_save_stack+0x3a/0x60
[ 42.758582][ C1] __kasan_record_aux_stack+0xb6/0xc0
[ 42.763933][ C1] kasan_record_aux_stack_noalloc+0xb/0x10
[ 42.769730][ C1] insert_work+0x51/0x300
[ 42.774037][ C1] __queue_work+0x9b1/0xd30
[ 42.778515][ C1] queue_work_on+0xd2/0x140
[ 42.783002][ C1] __hci_cmd_sync_sk+0xa3e/0xcf0
[ 42.787935][ C1] hci_cmd_sync_status+0x53/0x120
[ 42.792928][ C1] hci_dev_cmd+0x628/0x720
[ 42.797319][ C1] hci_sock_ioctl+0x41e/0x7f0
[ 42.802053][ C1] sock_do_ioctl+0x101/0x310
[ 42.806615][ C1] sock_ioctl+0x4d8/0x6e0
[ 42.810920][ C1] __se_sys_ioctl+0x12f/0x1b0
[ 42.815575][ C1] __x64_sys_ioctl+0x7b/0x90
[ 42.820136][ C1] x64_sys_call+0x58b/0x9a0
[ 42.824616][ C1] do_syscall_64+0x4c/0xa0
[ 42.829102][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 42.834968][ C1]
[ 42.837267][ C1] The buggy address belongs to the object at ffff88811c708000
[ 42.837267][ C1] which belongs to the cache kmalloc-8k of size 8192
[ 42.851404][ C1] The buggy address is located 2560 bytes inside of
[ 42.851404][ C1] 8192-byte region [ffff88811c708000, ffff88811c70a000)
[ 42.864840][ C1]
[ 42.867146][ C1] The buggy address belongs to the physical page:
[ 42.873529][ C1] page:ffffea000471c200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c708
[ 42.883769][ C1] head:ffffea000471c200 order:3 compound_mapcount:0 compound_pincount:0
[ 42.892067][ C1] flags: 0x4000000000010200(slab|head|zone=1)
[ 42.898231][ C1] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043500
[ 42.906873][ C1] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[ 42.915429][ C1] page dumped because: kasan: bad access detected
[ 42.921860][ C1] page_owner tracks the page as allocated
[ 42.927666][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 446, tgid 446 (syz.3.32), ts 35949020863, free_ts 35023226823
[ 42.949884][ C1] post_alloc_hook+0x1f5/0x210
[ 42.954651][ C1] prep_new_page+0x1c/0x110
[ 42.959134][ C1] get_page_from_freelist+0x2c7b/0x2cf0
[ 42.964662][ C1] __alloc_pages+0x1c3/0x450
[ 42.969235][ C1] alloc_slab_page+0x6e/0xf0
[ 42.973805][ C1] new_slab+0x98/0x3d0
[ 42.977854][ C1] ___slab_alloc+0x6f6/0xb50
[ 42.982428][ C1] __slab_alloc+0x5e/0xa0
[ 42.986745][ C1] __kmem_cache_alloc_node+0x203/0x2c0
[ 42.992185][ C1] __kmalloc+0xa1/0x1e0
[ 42.996320][ C1] hci_alloc_dev_priv+0x27/0x1bd0
[ 43.001324][ C1] hci_uart_tty_ioctl+0x3d6/0xa20
[ 43.006337][ C1] tty_ioctl+0x8ef/0xc60
[ 43.010557][ C1] __se_sys_ioctl+0x12f/0x1b0
[ 43.015218][ C1] __x64_sys_ioctl+0x7b/0x90
[ 43.019795][ C1] x64_sys_call+0x58b/0x9a0
[ 43.024274][ C1] page last free stack trace:
[ 43.028915][ C1] free_unref_page_prepare+0x742/0x750
[ 43.034348][ C1] free_unref_page+0x8f/0x530
[ 43.039008][ C1] __free_pages+0x67/0x100
[ 43.043394][ C1] __free_slab+0xca/0x1a0
[ 43.047696][ C1] __unfreeze_partials+0x160/0x190
[ 43.052779][ C1] put_cpu_partial+0xa9/0x100
[ 43.057431][ C1] __slab_free+0x1c4/0x280
[ 43.061825][ C1] ___cache_free+0xbf/0xd0
[ 43.066218][ C1] qlist_free_all+0xc6/0x140
[ 43.070777][ C1] kasan_quarantine_reduce+0x14a/0x170
[ 43.076209][ C1] __kasan_slab_alloc+0x24/0x80
[ 43.081029][ C1] slab_post_alloc_hook+0x4f/0x2d0
[ 43.086114][ C1] kmem_cache_alloc+0x16e/0x330
[ 43.091024][ C1] getname_flags+0xb9/0x500
[ 43.095514][ C1] __se_sys_newfstatat+0xdf/0x380
[ 43.100517][ C1] __x64_sys_newfstatat+0x9b/0xb0
[ 43.105534][ C1]
[ 43.107834][ C1] Memory state around the buggy address:
[ 43.113593][ C1] ffff88811c708900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.121644][ C1] ffff88811c708980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.129684][ C1] >ffff88811c708a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.137825][ C1] ^
[ 43.141861][ C1] ffff88811c708a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.149893][ C1] ffff88811c708b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 43.157922][ C1] ==================================================================
[ 43.165974][ C1] Disabling lock debugging due to kernel taint
[ 43.172160][ C1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[ 43.172785][ T432] Bluetooth: hci0: command 0x1003 tx timeout
[ 43.183862][ C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 43.183876][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 6.1.145-syzkaller-00002-gc750dc582629 #0
[ 43.183893][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 43.183901][ C1] RIP: 0010:__queue_work+0x575/0xd30
[ 43.183926][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 28 d7 28 00 4c 89 ff e8 50 60 ac 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 4c 3a 6d 00 49 8b 7d 00 e8 33 5c
[ 43.183938][ C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046
[ 43.183953][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881003b6540
[ 43.183964][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 43.183974][ C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007
[ 43.183986][ C1] R10: ffffed10238e1139 R11: 1ffff110238e1139 R12: dffffc0000000000
[ 43.183997][ C1] R13: 0000000000000000 R14: ffff88811c7089c8 R15: 0000000000000008
[ 43.184005][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 43.184017][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 43.184027][ C1] CR2: 00007efe2b515492 CR3: 0000000122ac9000 CR4: 00000000003506a0
[ 43.184041][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 43.184051][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 43.184062][ C1] Call Trace:
[ 43.184067][ C1]
[ 43.184075][ C1] delayed_work_timer_fn+0x61/0x80
[ 43.184097][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10
[ 43.184117][ C1] call_timer_fn+0x46/0x2a0
[ 43.184135][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10
[ 43.184155][ C1] __run_timers+0x667/0x9a0
[ 43.195802][ T28] kauditd_printk_skb: 32 callbacks suppressed
[ 43.195816][ T28] audit: type=1400 audit(1755133321.698:106): avc: denied { read } for pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 43.198497][ C1] ? calc_index+0x200/0x200
[ 43.393222][ C1] ? kvm_sched_clock_read+0x18/0x40
[ 43.398417][ C1] run_timer_softirq+0x6a/0xf0
[ 43.403168][ C1] handle_softirqs+0x1d7/0x600
[ 43.407920][ C1] ? irqtime_account_irq+0xc4/0x240
[ 43.413104][ C1] __irq_exit_rcu+0x52/0xf0
[ 43.417590][ C1] irq_exit_rcu+0x9/0x10
[ 43.421819][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 43.427432][ C1]
[ 43.430343][ C1]
[ 43.433254][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 43.439218][ C1] RIP: 0010:default_idle+0xf/0x20
[ 43.444229][ C1] Code: e9 47 ff ff ff 00 00 cc cc 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 53 d2 52 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[ 43.463907][ C1] RSP: 0018:ffffc90000147dd8 EFLAGS: 00000257
[ 43.469963][ C1] RAX: ffff8881f7100000 RBX: ffff8881003b6540 RCX: e2f16561acccac00
[ 43.477924][ C1] RDX: 0000000000000001 RSI: ffffffff85aa0bc0 RDI: ffffffff85aa0b80
[ 43.485884][ C1] RBP: ffffc90000147dd8 R08: dffffc0000000000 R09: ffffed103ee26917
[ 43.493837][ C1] R10: 0000000000000000 R11: ffffffff84f36120 R12: 0000000000000000
[ 43.501789][ C1] R13: 0000000000000000 R14: ffff8881003b6540 R15: dffffc0000000000
[ 43.509754][ C1] ? __cfi_default_idle+0x10/0x10
[ 43.514774][ C1] arch_cpu_idle+0x1c/0x20
[ 43.519168][ C1] default_idle_call+0x71/0x1d0
[ 43.524002][ C1] do_idle+0x1a7/0x520
[ 43.528049][ C1] ? try_to_wake_up+0x613/0x1220
[ 43.532967][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 43.538146][ C1] ? _raw_spin_unlock_irqrestore+0x5a/0x80
[ 43.543940][ C1] ? complete+0x167/0x1c0
[ 43.548257][ C1] cpu_startup_entry+0x43/0x60
[ 43.553000][ C1] start_secondary+0x119/0x120
[ 43.557742][ C1] secondary_startup_64_no_verify+0xce/0xdb
[ 43.563626][ C1]
[ 43.574749][ C1] Modules linked in:
[ 43.578657][ C1] ---[ end trace 0000000000000000 ]---
[ 43.584094][ C1] RIP: 0010:__queue_work+0x575/0xd30
[ 43.589372][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 28 d7 28 00 4c 89 ff e8 50 60 ac 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 4c 3a 6d 00 49 8b 7d 00 e8 33 5c
[ 43.608961][ C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046
[ 43.615012][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881003b6540
[ 43.622963][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 43.630926][ C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007
[ 43.638886][ C1] R10: ffffed10238e1139 R11: 1ffff110238e1139 R12: dffffc0000000000
[ 43.646959][ C1] R13: 0000000000000000 R14: ffff88811c7089c8 R15: 0000000000000008
[ 43.654926][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 43.663853][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 43.670421][ C1] CR2: 00007efe2b515492 CR3: 0000000122ac9000 CR4: 00000000003506a0
[ 43.678462][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 43.686431][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 43.694394][ C1] Kernel panic - not syncing: Fatal exception in interrupt
[ 43.701784][ C1] Kernel Offset: disabled
[ 43.706102][ C1] Rebooting in 86400 seconds..