Warning: Permanently added '10.128.0.60' (ED25519) to the list of known hosts.
2025/11/22 02:39:52 parsed 1 programs
[ 22.216611][ T28] audit: type=1400 audit(1763779192.954:64): avc: denied { node_bind } for pid=283 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 22.237524][ T28] audit: type=1400 audit(1763779192.954:65): avc: denied { module_request } for pid=283 comm="syz-execprog" kmod="net-pf-2-proto-262-type-1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 23.020048][ T28] audit: type=1400 audit(1763779193.764:66): avc: denied { mounton } for pid=290 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 23.021016][ T290] cgroup: Unknown subsys name 'net'
[ 23.042750][ T28] audit: type=1400 audit(1763779193.764:67): avc: denied { mount } for pid=290 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 23.070126][ T28] audit: type=1400 audit(1763779193.794:68): avc: denied { unmount } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 23.070282][ T290] cgroup: Unknown subsys name 'devices'
[ 23.179080][ T290] cgroup: Unknown subsys name 'hugetlb'
[ 23.184696][ T290] cgroup: Unknown subsys name 'rlimit'
[ 23.322391][ T28] audit: type=1400 audit(1763779194.064:69): avc: denied { setattr } for pid=290 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 23.345602][ T28] audit: type=1400 audit(1763779194.064:70): avc: denied { create } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 23.355179][ T293] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 23.366260][ T28] audit: type=1400 audit(1763779194.064:71): avc: denied { write } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 23.394928][ T28] audit: type=1400 audit(1763779194.064:72): avc: denied { read } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 23.406272][ T290] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 23.415136][ T28] audit: type=1400 audit(1763779194.064:73): avc: denied { mounton } for pid=290 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 24.175757][ T295] request_module fs-gadgetfs succeeded, but still no fs?
[ 24.594432][ T327] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.601532][ T327] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.608972][ T327] device bridge_slave_0 entered promiscuous mode
[ 24.616482][ T327] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.623572][ T327] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.630897][ T327] device bridge_slave_1 entered promiscuous mode
[ 24.679239][ T327] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.686300][ T327] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.693586][ T327] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.700628][ T327] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.719143][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 24.726817][ T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 24.734205][ T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 24.745693][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 24.753945][ T43] bridge0: port 1(bridge_slave_0) entered blocking state
[ 24.760976][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 24.769197][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 24.777593][ T43] bridge0: port 2(bridge_slave_1) entered blocking state
[ 24.784623][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 24.796004][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 24.806213][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 24.819867][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 24.830766][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 24.839071][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 24.846466][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 24.854588][ T327] device veth0_vlan entered promiscuous mode
[ 24.864638][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 24.873675][ T327] device veth1_macvtap entered promiscuous mode
[ 24.882587][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 24.892365][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/11/22 02:39:56 executed programs: 0
[ 25.386667][ T364] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.393951][ T364] bridge0: port 1(bridge_slave_0) entered disabled state
[ 25.401558][ T364] device bridge_slave_0 entered promiscuous mode
[ 25.408501][ T364] bridge0: port 2(bridge_slave_1) entered blocking state
[ 25.415522][ T364] bridge0: port 2(bridge_slave_1) entered disabled state
[ 25.423158][ T364] device bridge_slave_1 entered promiscuous mode
[ 25.491602][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 25.500013][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 25.508590][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 25.516915][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 25.525164][ T43] bridge0: port 1(bridge_slave_0) entered blocking state
[ 25.532343][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 25.539859][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 25.551383][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 25.559837][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 25.568032][ T43] bridge0: port 2(bridge_slave_1) entered blocking state
[ 25.575057][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 25.586621][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 25.596255][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 25.610276][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 25.621171][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 25.629570][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 25.637068][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 25.645289][ T364] device veth0_vlan entered promiscuous mode
[ 25.655353][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 25.664529][ T364] device veth1_macvtap entered promiscuous mode
[ 25.674100][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 25.684191][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 26.198242][ T8] device bridge_slave_1 left promiscuous mode
[ 26.204376][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 26.211981][ T8] device bridge_slave_0 left promiscuous mode
[ 26.218137][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 26.226463][ T8] device veth1_macvtap left promiscuous mode
[ 26.232736][ T8] device veth0_vlan left promiscuous mode
[ 27.787510][ T376] Bluetooth: hci0: Opcode 0x0c20 failed: -110
[ 27.801741][ T43] Bluetooth: hci0: Frame reassembly failed (-84)
[ 27.808151][ T43] Bluetooth: hci0: Frame reassembly failed (-84)
[ 29.867623][ T378] Bluetooth: hci0: command 0x1003 tx timeout
[ 29.867689][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 29.879897][ T380] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 29.895014][ T43] Bluetooth: hci0: Frame reassembly failed (-84)
2025/11/22 02:40:02 executed programs: 5
[ 31.947536][ T378] Bluetooth: hci0: command 0x1003 tx timeout
[ 31.947535][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 31.959766][ T382] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 31.973706][ T43] Bluetooth: hci0: Frame reassembly failed (-84)
[ 34.027540][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 34.027588][ T377] Bluetooth: hci0: command 0x1003 tx timeout
[ 34.039919][ T384] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 36.107629][ T387] Bluetooth: hci0: Opcode 0x0c20 failed: -110
[ 36.121382][ T43] Bluetooth: hci0: Frame reassembly failed (-84)
2025/11/22 02:40:09 executed programs: 8
[ 38.187506][ T378] Bluetooth: hci0: command 0x1003 tx timeout
[ 38.187543][ T385] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 38.199820][ T389] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 38.214670][ T43] Bluetooth: hci0: Frame reassembly failed (-84)
[ 40.267505][ T378] Bluetooth: hci0: command 0x1003 tx timeout
[ 40.267654][ T385] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 40.279780][ T391] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[ 40.292517][ T385] ==================================================================
[ 40.292593][ T43] Bluetooth: hci0: Frame reassembly failed (-84)
[ 40.300611][ T385] BUG: KASAN: use-after-free in enqueue_timer+0xae/0x480
[ 40.300642][ T385] Write of size 8 at addr ffff888114fa0a00 by task kworker/u5:3/385
[ 40.300656][ T385]
[ 40.324266][ T385] CPU: 0 PID: 385 Comm: kworker/u5:3 Not tainted syzkaller #0
[ 40.331709][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 40.341750][ T385] Workqueue: hci0 hci_power_on
[ 40.346511][ T385] Call Trace:
[ 40.349805][ T385]
[ 40.352725][ T385] __dump_stack+0x21/0x24
[ 40.357046][ T385] dump_stack_lvl+0xee/0x150
[ 40.361624][ T385] ? __cfi_dump_stack_lvl+0x8/0x8
[ 40.366635][ T385] ? select_task_rq_fair+0x56f/0x3490
[ 40.371994][ T385] ? enqueue_timer+0xae/0x480
[ 40.376664][ T385] print_address_description+0x71/0x200
[ 40.382197][ T385] print_report+0x4a/0x60
[ 40.386514][ T385] kasan_report+0x122/0x150
[ 40.391006][ T385] ? enqueue_timer+0xae/0x480
[ 40.395672][ T385] ? try_to_wake_up+0x613/0x1220
[ 40.400600][ T385] __asan_report_store8_noabort+0x17/0x20
[ 40.406311][ T385] enqueue_timer+0xae/0x480
[ 40.410806][ T385] __mod_timer+0x79f/0xb30
[ 40.415214][ T385] schedule_timeout+0x127/0x2e0
[ 40.420052][ T385] ? __cfi_schedule_timeout+0x10/0x10
[ 40.425408][ T385] ? queue_work_on+0xf8/0x140
[ 40.430081][ T385] ? __cfi_process_timeout+0x10/0x10
[ 40.435359][ T385] ? prepare_to_wait_event+0x40b/0x440
[ 40.440832][ T385] __hci_cmd_sync_sk+0x396/0xcf0
[ 40.445770][ T385] ? __cfi___hci_cmd_sync_sk+0x10/0x10
[ 40.451479][ T385] ? __cfi_autoremove_wake_function+0x10/0x10
[ 40.457564][ T385] ? __kasan_check_read+0x11/0x20
[ 40.462577][ T385] ? kvm_sched_clock_read+0x18/0x40
[ 40.467786][ T385] hci_dev_open_sync+0x13a7/0x3260
[ 40.472883][ T385] ? xfd_validate_state+0x70/0x150
[ 40.478000][ T385] ? save_fpregs_to_fpstate+0x192/0x220
[ 40.483538][ T385] ? __cfi_hci_dev_open_sync+0x10/0x10
[ 40.488999][ T385] ? __kasan_check_write+0x14/0x20
[ 40.494099][ T385] ? __switch_to+0x51f/0xe30
[ 40.498676][ T385] ? psi_group_change+0xb73/0x12b0
[ 40.503793][ T385] ? __kasan_check_write+0x14/0x20
[ 40.508891][ T385] ? mutex_lock+0x8d/0x1a0
[ 40.513298][ T385] ? __cfi_mutex_lock+0x10/0x10
[ 40.518162][ T385] ? kthread_data+0x50/0xc0
[ 40.522680][ T385] ? _raw_spin_unlock+0x4c/0x70
[ 40.527527][ T385] hci_power_on+0x195/0x5c0
[ 40.532024][ T385] ? __cfi_hci_power_on+0x10/0x10
[ 40.537062][ T385] ? __schedule+0xb8f/0x14e0
[ 40.541640][ T385] ? __cfi__raw_spin_lock_irq+0x10/0x10
[ 40.547178][ T385] process_one_work+0x71f/0xc40
[ 40.552036][ T385] worker_thread+0xa29/0x11f0
[ 40.556702][ T385] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 40.562151][ T385] ? __kthread_parkme+0x142/0x180
[ 40.567165][ T385] kthread+0x281/0x320
[ 40.571221][ T385] ? __cfi_worker_thread+0x10/0x10
[ 40.576320][ T385] ? __cfi_kthread+0x10/0x10
[ 40.581076][ T385] ret_from_fork+0x1f/0x30
[ 40.585483][ T385]
[ 40.588497][ T385]
[ 40.590825][ T385] Allocated by task 391:
[ 40.595065][ T385] kasan_set_track+0x4b/0x70
[ 40.599644][ T385] kasan_save_alloc_info+0x25/0x30
[ 40.604748][ T385] __kasan_kmalloc+0x95/0xb0
[ 40.609323][ T385] __kmalloc+0xb1/0x1e0
[ 40.613468][ T385] hci_alloc_dev_priv+0x27/0x1bd0
[ 40.618506][ T385] hci_uart_tty_ioctl+0x3d6/0xa20
[ 40.623519][ T385] tty_ioctl+0x8ef/0xc60
[ 40.627764][ T385] __se_sys_ioctl+0x12f/0x1b0
[ 40.632427][ T385] __x64_sys_ioctl+0x7b/0x90
[ 40.637001][ T385] x64_sys_call+0x58b/0x9a0
[ 40.641513][ T385] do_syscall_64+0x4c/0xa0
[ 40.645917][ T385] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 40.651803][ T385]
[ 40.654130][ T385] Freed by task 391:
[ 40.658016][ T385] kasan_set_track+0x4b/0x70
[ 40.663036][ T385] kasan_save_free_info+0x31/0x50
[ 40.668072][ T385] ____kasan_slab_free+0x132/0x180
[ 40.673172][ T385] __kasan_slab_free+0x11/0x20
[ 40.677955][ T385] slab_free_freelist_hook+0xc2/0x190
[ 40.683335][ T385] __kmem_cache_free+0xb7/0x1b0
[ 40.688217][ T385] kfree+0x6f/0xf0
[ 40.691927][ T385] hci_release_dev+0x12a3/0x13b0
[ 40.696860][ T385] bt_host_release+0x82/0x90
[ 40.701437][ T385] device_release+0xa4/0x1d0
[ 40.706014][ T385] kobject_put+0x19d/0x280
[ 40.710437][ T385] put_device+0x1f/0x30
[ 40.714598][ T385] hci_dev_cmd+0x265/0x720
[ 40.719041][ T385] hci_sock_ioctl+0x41e/0x7f0
[ 40.723711][ T385] sock_do_ioctl+0x101/0x310
[ 40.728295][ T385] sock_ioctl+0x4d8/0x6e0
[ 40.732634][ T385] __se_sys_ioctl+0x12f/0x1b0
[ 40.737301][ T385] __x64_sys_ioctl+0x7b/0x90
[ 40.741878][ T385] x64_sys_call+0x58b/0x9a0
[ 40.746371][ T385] do_syscall_64+0x4c/0xa0
[ 40.750772][ T385] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 40.756694][ T385]
[ 40.759005][ T385] Last potentially related work creation:
[ 40.764718][ T385] kasan_save_stack+0x3a/0x60
[ 40.769396][ T385] __kasan_record_aux_stack+0xb6/0xc0
[ 40.774763][ T385] kasan_record_aux_stack_noalloc+0xb/0x10
[ 40.780570][ T385] insert_work+0x51/0x300
[ 40.784885][ T385] __queue_work+0x9b1/0xd30
[ 40.789388][ T385] queue_work_on+0xd2/0x140
[ 40.793880][ T385] __hci_cmd_sync_sk+0xa3e/0xcf0
[ 40.798809][ T385] hci_cmd_sync_status+0x53/0x120
[ 40.803827][ T385] hci_dev_cmd+0x628/0x720
[ 40.808227][ T385] hci_sock_ioctl+0x41e/0x7f0
[ 40.812991][ T385] sock_do_ioctl+0x101/0x310
[ 40.817571][ T385] sock_ioctl+0x4d8/0x6e0
[ 40.821892][ T385] __se_sys_ioctl+0x12f/0x1b0
[ 40.826658][ T385] __x64_sys_ioctl+0x7b/0x90
[ 40.831251][ T385] x64_sys_call+0x58b/0x9a0
[ 40.835750][ T385] do_syscall_64+0x4c/0xa0
[ 40.840174][ T385] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 40.846054][ T385]
[ 40.848371][ T385] Second to last potentially related work creation:
[ 40.854936][ T385] kasan_save_stack+0x3a/0x60
[ 40.859600][ T385] __kasan_record_aux_stack+0xb6/0xc0
[ 40.864963][ T385] kasan_record_aux_stack_noalloc+0xb/0x10
[ 40.870781][ T385] insert_work+0x51/0x300
[ 40.875117][ T385] __queue_work+0x9b1/0xd30
[ 40.879610][ T385] queue_work_on+0xd2/0x140
[ 40.884111][ T385] hci_cmd_timeout+0x191/0x200
[ 40.888864][ T385] process_one_work+0x71f/0xc40
[ 40.893698][ T385] worker_thread+0xa29/0x11f0
[ 40.898369][ T385] kthread+0x281/0x320
[ 40.902423][ T385] ret_from_fork+0x1f/0x30
[ 40.906828][ T385]
[ 40.909135][ T385] The buggy address belongs to the object at ffff888114fa0000
[ 40.909135][ T385] which belongs to the cache kmalloc-8k of size 8192
[ 40.923177][ T385] The buggy address is located 2560 bytes inside of
[ 40.923177][ T385] 8192-byte region [ffff888114fa0000, ffff888114fa2000)
[ 40.936607][ T385]
[ 40.938920][ T385] The buggy address belongs to the physical page:
[ 40.946013][ T385] page:ffffea000453e800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x114fa0
[ 40.956320][ T385] head:ffffea000453e800 order:3 compound_mapcount:0 compound_pincount:0
[ 40.964627][ T385] flags: 0x4000000000010200(slab|head|zone=1)
[ 40.970701][ T385] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043500
[ 40.979291][ T385] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[ 40.987864][ T385] page dumped because: kasan: bad access detected
[ 40.994260][ T385] page_owner tracks the page as allocated
[ 40.999976][ T385] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 380, tgid 379 (syz.2.18), ts 27800815288, free_ts 26248351842
[ 41.022186][ T385] post_alloc_hook+0x1f5/0x210
[ 41.026948][ T385] prep_new_page+0x1c/0x110
[ 41.031441][ T385] get_page_from_freelist+0x2c7b/0x2cf0
[ 41.036990][ T385] __alloc_pages+0x1c3/0x450
[ 41.041569][ T385] alloc_slab_page+0x6e/0xf0
[ 41.046147][ T385] new_slab+0x98/0x3d0
[ 41.050205][ T385] ___slab_alloc+0x6bd/0xb20
[ 41.054786][ T385] __slab_alloc+0x5e/0xa0
[ 41.059200][ T385] __kmem_cache_alloc_node+0x203/0x2c0
[ 41.064644][ T385] __kmalloc+0xa1/0x1e0
[ 41.068799][ T385] hci_alloc_dev_priv+0x27/0x1bd0
[ 41.073823][ T385] hci_uart_tty_ioctl+0x3d6/0xa20
[ 41.078833][ T385] tty_ioctl+0x8ef/0xc60
[ 41.083063][ T385] __se_sys_ioctl+0x12f/0x1b0
[ 41.087727][ T385] __x64_sys_ioctl+0x7b/0x90
[ 41.092300][ T385] x64_sys_call+0x58b/0x9a0
[ 41.096791][ T385] page last free stack trace:
[ 41.101467][ T385] free_unref_page_prepare+0x742/0x750
[ 41.106915][ T385] free_unref_page+0x8f/0x530
[ 41.111578][ T385] __free_pages+0x67/0x100
[ 41.115996][ T385] __free_slab+0xca/0x1a0
[ 41.120394][ T385] __unfreeze_partials+0x160/0x190
[ 41.125494][ T385] put_cpu_partial+0xa9/0x100
[ 41.130161][ T385] __slab_free+0x1c4/0x280
[ 41.134566][ T385] ___cache_free+0xbf/0xd0
[ 41.138983][ T385] qlist_free_all+0xc6/0x140
[ 41.143556][ T385] kasan_quarantine_reduce+0x14a/0x170
[ 41.148997][ T385] __kasan_slab_alloc+0x24/0x80
[ 41.153855][ T385] slab_post_alloc_hook+0x4f/0x2d0
[ 41.158957][ T385] kmem_cache_alloc_node+0x181/0x340
[ 41.164230][ T385] __alloc_skb+0xea/0x4b0
[ 41.168548][ T385] inet_netconf_notify_devconf+0x169/0x220
[ 41.174365][ T385] inetdev_event+0x831/0x10e0
[ 41.179065][ T385]
[ 41.181373][ T385] Memory state around the buggy address:
[ 41.186982][ T385] ffff888114fa0900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.195041][ T385] ffff888114fa0980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.203177][ T385] >ffff888114fa0a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.211220][ T385] ^
[ 41.215275][ T385] ffff888114fa0a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.223319][ T385] ffff888114fa0b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 41.231364][ T385] ==================================================================
[ 41.239407][ T385] Disabling lock debugging due to kernel taint
[ 41.249773][ T28] kauditd_printk_skb: 32 callbacks suppressed
[ 41.249787][ T28] audit: type=1400 audit(1763779211.994:106): avc: denied { read } for pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 41.277616][ T28] audit: type=1400 audit(1763779211.994:107): avc: denied { search } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 41.299089][ T28] audit: type=1400 audit(1763779211.994:108): avc: denied { write } for pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 41.320427][ T28] audit: type=1400 audit(1763779211.994:109): avc: denied { add_name } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 41.341061][ T28] audit: type=1400 audit(1763779211.994:110): avc: denied { create } for pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 41.361555][ T28] audit: type=1400 audit(1763779211.994:111): avc: denied { append open } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 41.384504][ T28] audit: type=1400 audit(1763779211.994:112): avc: denied { getattr } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 42.347494][ C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[ 42.347559][ T45] Bluetooth: hci0: command 0x1003 tx timeout
[ 42.359254][ C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 42.359276][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B syzkaller #0
[ 42.359293][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 42.359303][ C0] RIP: 0010:__queue_work+0x575/0xd30
[ 42.397546][ C0] Code: 39 2b 0f 84 b9 00 00 00 e8 18 e0 28 00 4c 89 ff e8 b0 09 ad 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 fc 54 6d 00 49 8b 7d 00 e8 93 05
[ 42.417155][ C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00010046
[ 42.423217][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff86e1c500
[ 42.431187][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 42.439155][ C0] RBP: ffffc90000007d08 R08: fffffffffffffffb R09: 0000000000000007
[ 42.447137][ C0] R10: ffffed10229f4139 R11: 1ffff110229f4139 R12: dffffc0000000000
[ 42.455198][ C0] R13: 0000000000000000 R14: ffff888114fa09c8 R15: 0000000000000008
[ 42.463165][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 42.472090][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 42.478676][ C0] CR2: 000000c006ff4000 CR3: 0000000122bc3000 CR4: 00000000003506b0
[ 42.486647][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 42.494618][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 42.502583][ C0] Call Trace:
[ 42.505854][ C0]
[ 42.508693][ C0] delayed_work_timer_fn+0x61/0x80
[ 42.513812][ C0] ? __cfi_delayed_work_timer_fn+0x10/0x10
[ 42.519633][ C0] call_timer_fn+0x46/0x2a0
[ 42.524136][ C0] ? __cfi_delayed_work_timer_fn+0x10/0x10
[ 42.530029][ C0] __run_timers+0x667/0x9a0
[ 42.534540][ C0] ? calc_index+0x200/0x200
[ 42.539131][ C0] ? kvm_sched_clock_read+0x18/0x40
[ 42.544334][ C0] run_timer_softirq+0x6a/0xf0
[ 42.549094][ C0] handle_softirqs+0x1d7/0x600
[ 42.553853][ C0] ? irqtime_account_irq+0xc4/0x240
[ 42.559074][ C0] __irq_exit_rcu+0x52/0xf0
[ 42.563573][ C0] irq_exit_rcu+0x9/0x10
[ 42.567809][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 42.573443][ C0]
[ 42.576378][ C0]
[ 42.579303][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 42.585298][ C0] RIP: 0010:default_idle+0xf/0x20
[ 42.590347][ C0] Code: e9 47 ff ff ff 00 00 cc cc 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d b3 0f 52 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[ 42.609957][ C0] RSP: 0018:ffffffff86e07d58 EFLAGS: 00000257
[ 42.616031][ C0] RAX: ffff8881f7000000 RBX: ffffffff86e1c500 RCX: 9787e3a4513c6b00
[ 42.623998][ C0] RDX: 0000000000000001 RSI: ffffffff85aa15c0 RDI: ffffffff85aa1580
[ 42.631975][ C0] RBP: ffffffff86e07d58 R08: dffffc0000000000 R09: ffffed103ee06917
[ 42.639948][ C0] R10: 0000000000000000 R11: ffffffff84f42280 R12: 0000000000000000
[ 42.647915][ C0] R13: 0000000000000000 R14: ffffffff86e1c500 R15: dffffc0000000000
[ 42.655882][ C0] ? __cfi_default_idle+0x10/0x10
[ 42.660908][ C0] arch_cpu_idle+0x1c/0x20
[ 42.665325][ C0] default_idle_call+0x71/0x1d0
[ 42.670170][ C0] do_idle+0x1a7/0x520
[ 42.674236][ C0] ? idle_inject_timer_fn+0x60/0x60
[ 42.679464][ C0] ? debug_smp_processor_id+0x17/0x20
[ 42.684916][ C0] cpu_startup_entry+0x43/0x60
[ 42.689675][ C0] rest_init+0x10a/0x130
[ 42.693911][ C0] ? __cfi_x86_late_time_init+0x8/0x8
[ 42.699279][ C0] arch_call_rest_init+0xe/0x10
[ 42.704129][ C0] start_kernel+0x482/0x4f0
[ 42.708626][ C0] x86_64_start_reservations+0x2a/0x2c
[ 42.714077][ C0] x86_64_start_kernel+0x7c/0x81
[ 42.719006][ C0] secondary_startup_64_no_verify+0xce/0xdb
[ 42.724896][ C0]
[ 42.727909][ C0] Modules linked in:
[ 42.731797][ C0] ---[ end trace 0000000000000000 ]---
[ 42.737298][ C0] RIP: 0010:__queue_work+0x575/0xd30
[ 42.742585][ C0] Code: 39 2b 0f 84 b9 00 00 00 e8 18 e0 28 00 4c 89 ff e8 b0 09 ad 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 fc 54 6d 00 49 8b 7d 00 e8 93 05
[ 42.762274][ C0] RSP: 0018:ffffc90000007c70 EFLAGS: 00010046
[ 42.768345][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff86e1c500
[ 42.776314][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 42.784281][ C0] RBP: ffffc90000007d08 R08: fffffffffffffffb R09: 0000000000000007
[ 42.792252][ C0] R10: ffffed10229f4139 R11: 1ffff110229f4139 R12: dffffc0000000000
[ 42.800229][ C0] R13: 0000000000000000 R14: ffff888114fa09c8 R15: 0000000000000008
[ 42.808196][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 42.817141][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 42.823721][ C0] CR2: 000000c006ff4000 CR3: 0000000122bc3000 CR4: 00000000003506b0
[ 42.831699][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 42.839751][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 42.847746][ C0] Kernel panic - not syncing: Fatal exception in interrupt
[ 42.855230][ C0] Kernel Offset: disabled
[ 42.859627][ C0] Rebooting in 86400 seconds..