Warning: Permanently added '10.128.1.62' (ED25519) to the list of known hosts.
2026/01/22 21:18:25 parsed 1 programs
[ 61.559376][ T30] audit: type=1400 audit(1769116705.490:62): avc: denied { node_bind } for pid=5808 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[ 63.636449][ T30] audit: type=1400 audit(1769116707.570:63): avc: denied { mounton } for pid=5815 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[ 63.659839][ T30] audit: type=1400 audit(1769116707.590:64): avc: denied { mount } for pid=5815 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 63.662344][ T5815] cgroup: Unknown subsys name 'net'
[ 63.688736][ T30] audit: type=1400 audit(1769116707.620:65): avc: denied { unmount } for pid=5815 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[ 63.872442][ T5815] cgroup: Unknown subsys name 'cpuset'
[ 63.880727][ T5815] cgroup: Unknown subsys name 'rlimit'
[ 64.051312][ T30] audit: type=1400 audit(1769116707.990:66): avc: denied { setattr } for pid=5815 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 64.085876][ T30] audit: type=1400 audit(1769116707.990:67): avc: denied { create } for pid=5815 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 64.120091][ T30] audit: type=1400 audit(1769116707.990:68): avc: denied { write } for pid=5815 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 64.142444][ T5819] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped).
[ 64.151063][ T30] audit: type=1400 audit(1769116707.990:69): avc: denied { read } for pid=5815 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 64.171505][ T30] audit: type=1400 audit(1769116707.990:70): avc: denied { mounton } for pid=5815 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[ 64.197506][ T30] audit: type=1400 audit(1769116707.990:71): avc: denied { mount } for pid=5815 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 65.089314][ T5815] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 66.674842][ T30] kauditd_printk_skb: 4 callbacks suppressed
[ 66.674857][ T30] audit: type=1400 audit(1769116710.610:76): avc: denied { execmem } for pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 66.700502][ T30] audit: type=1400 audit(1769116710.610:77): avc: denied { create } for pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[ 66.720682][ T30] audit: type=1400 audit(1769116710.610:78): avc: denied { sys_admin } for pid=5824 comm="syz-executor" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[ 66.742277][ T30] audit: type=1400 audit(1769116710.620:79): avc: denied { read } for pid=5825 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 66.763543][ T30] audit: type=1400 audit(1769116710.620:80): avc: denied { open } for pid=5825 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 66.786809][ T30] audit: type=1400 audit(1769116710.620:81): avc: denied { mounton } for pid=5825 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 66.808786][ T30] audit: type=1400 audit(1769116710.680:82): avc: denied { mounton } for pid=5825 comm="syz-executor" path="/root/syzkaller.0Tn5Ra/syz-tmp" dev="sda1" ino=2030 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 66.833186][ T30] audit: type=1400 audit(1769116710.680:83): avc: denied { mount } for pid=5825 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 66.837105][ T5825] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 66.855833][ T30] audit: type=1400 audit(1769116710.680:84): avc: denied { mounton } for pid=5825 comm="syz-executor" path="/root/syzkaller.0Tn5Ra/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 66.855874][ T30] audit: type=1400 audit(1769116710.680:85): avc: denied { mount } for pid=5825 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 67.847617][ T5139] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 67.856448][ T5139] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 67.865032][ T5139] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 67.873522][ T5139] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 67.882139][ T5139] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 68.107072][ T3898] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 68.121628][ T3898] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 68.152525][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 68.161182][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.225927][ T5896] chnl_net:caif_netlink_parms(): no params data found
[ 69.293096][ T5896] bridge0: port 1(bridge_slave_0) entered blocking state
[ 69.300713][ T5896] bridge0: port 1(bridge_slave_0) entered disabled state
[ 69.307824][ T5896] bridge_slave_0: entered allmulticast mode
[ 69.314657][ T5896] bridge_slave_0: entered promiscuous mode
[ 69.322468][ T5896] bridge0: port 2(bridge_slave_1) entered blocking state
[ 69.329589][ T5896] bridge0: port 2(bridge_slave_1) entered disabled state
[ 69.336793][ T5896] bridge_slave_1: entered allmulticast mode
[ 69.344381][ T5896] bridge_slave_1: entered promiscuous mode
[ 69.377698][ T5896] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 69.388317][ T5896] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 69.409678][ T5896] team0: Port device team_slave_0 added
[ 69.417829][ T5896] team0: Port device team_slave_1 added
[ 69.441036][ T5896] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 69.447967][ T5896] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 69.473857][ T5896] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 69.489217][ T5896] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 69.496181][ T5896] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 69.522227][ T5896] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 69.551293][ T5896] hsr_slave_0: entered promiscuous mode
[ 69.557299][ T5896] hsr_slave_1: entered promiscuous mode
[ 69.657601][ T5896] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 69.667989][ T5896] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 69.678351][ T5896] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 69.687552][ T5896] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 69.709618][ T5896] bridge0: port 2(bridge_slave_1) entered blocking state
[ 69.716793][ T5896] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 69.724562][ T5896] bridge0: port 1(bridge_slave_0) entered blocking state
[ 69.731641][ T5896] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 69.752645][ T50] bridge0: port 1(bridge_slave_0) entered disabled state
[ 69.760760][ T50] bridge0: port 2(bridge_slave_1) entered disabled state
[ 69.789287][ T5896] 8021q: adding VLAN 0 to HW filter on device bond0
[ 69.805245][ T5896] 8021q: adding VLAN 0 to HW filter on device team0
[ 69.817053][ T60] bridge0: port 1(bridge_slave_0) entered blocking state
[ 69.824384][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 69.835493][ T60] bridge0: port 2(bridge_slave_1) entered blocking state
[ 69.842588][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 69.955755][ T5896] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 69.985597][ T5896] veth0_vlan: entered promiscuous mode
[ 69.995423][ T5896] veth1_vlan: entered promiscuous mode
[ 70.016065][ T5896] veth0_macvtap: entered promiscuous mode
[ 70.024697][ T5896] veth1_macvtap: entered promiscuous mode
[ 70.037428][ T5896] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 70.049533][ T5896] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 70.063722][ T3898] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 70.074562][ T3898] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 70.084864][ T3898] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 70.094166][ T3898] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 70.205035][ T60] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 70.262749][ T60] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 70.330429][ T60] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 70.381820][ T60] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2026/01/22 21:18:34 executed programs: 0
[ 70.484131][ T5139] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 70.491772][ T5139] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 70.499073][ T5139] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 70.507130][ T5139] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 70.516461][ T5139] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 70.612279][ T5924] chnl_net:caif_netlink_parms(): no params data found
[ 70.661141][ T5924] bridge0: port 1(bridge_slave_0) entered blocking state
[ 70.668243][ T5924] bridge0: port 1(bridge_slave_0) entered disabled state
[ 70.675574][ T5924] bridge_slave_0: entered allmulticast mode
[ 70.682467][ T5924] bridge_slave_0: entered promiscuous mode
[ 70.690379][ T5924] bridge0: port 2(bridge_slave_1) entered blocking state
[ 70.697469][ T5924] bridge0: port 2(bridge_slave_1) entered disabled state
[ 70.704838][ T5924] bridge_slave_1: entered allmulticast mode
[ 70.711965][ T5924] bridge_slave_1: entered promiscuous mode
[ 70.733130][ T5924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 70.744210][ T5924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 70.768616][ T5924] team0: Port device team_slave_0 added
[ 70.775609][ T5924] team0: Port device team_slave_1 added
[ 70.793079][ T5924] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 70.801191][ T5924] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 70.827118][ T5924] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 70.841613][ T5924] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 70.848558][ T5924] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 70.875139][ T5924] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 70.909006][ T5924] hsr_slave_0: entered promiscuous mode
[ 70.915771][ T5924] hsr_slave_1: entered promiscuous mode
[ 70.921777][ T5924] debugfs: 'hsr0' already exists in 'hsr'
[ 70.927540][ T5924] Cannot create hsr debugfs directory
[ 70.954480][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 70.960863][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 72.550716][ T52] Bluetooth: hci0: command tx timeout
[ 73.255033][ T60] bridge_slave_1: left allmulticast mode
[ 73.261924][ T60] bridge_slave_1: left promiscuous mode
[ 73.268871][ T60] bridge0: port 2(bridge_slave_1) entered disabled state
[ 73.279325][ T60] bridge_slave_0: left allmulticast mode
[ 73.285794][ T60] bridge_slave_0: left promiscuous mode
[ 73.291619][ T60] bridge0: port 1(bridge_slave_0) entered disabled state
[ 73.477034][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 73.487462][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 73.496882][ T60] bond0 (unregistering): Released all slaves
[ 73.569761][ T60] hsr_slave_0: left promiscuous mode
[ 73.576149][ T60] hsr_slave_1: left promiscuous mode
[ 73.584188][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 73.595058][ T60] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 73.603488][ T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 73.611244][ T60] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 73.628174][ T60] veth1_macvtap: left promiscuous mode
[ 73.634966][ T60] veth0_macvtap: left promiscuous mode
[ 73.640918][ T60] veth1_vlan: left promiscuous mode
[ 73.646315][ T60] veth0_vlan: left promiscuous mode
[ 73.939856][ T60] team0 (unregistering): Port device team_slave_1 removed
[ 73.966042][ T60] team0 (unregistering): Port device team_slave_0 removed
[ 74.322026][ T5924] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 74.332871][ T5924] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 74.347037][ T5924] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 74.370722][ T5924] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 74.509901][ T5924] 8021q: adding VLAN 0 to HW filter on device bond0
[ 74.534988][ T5924] 8021q: adding VLAN 0 to HW filter on device team0
[ 74.547200][ T1329] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.554343][ T1329] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 74.576246][ T1329] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.583413][ T1329] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 74.632127][ T52] Bluetooth: hci0: command tx timeout
[ 74.792292][ T5924] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 74.841202][ T5924] veth0_vlan: entered promiscuous mode
[ 74.854510][ T5924] veth1_vlan: entered promiscuous mode
[ 74.880884][ T5924] veth0_macvtap: entered promiscuous mode
[ 74.888596][ T5924] veth1_macvtap: entered promiscuous mode
[ 74.902088][ T5924] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 74.914378][ T5924] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 74.925842][ T50] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.936888][ T50] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.946624][ T50] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.958616][ T50] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 74.999822][ T3898] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.011157][ T3898] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 75.032575][ T1329] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.041549][ T1329] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 75.086585][ T30] kauditd_printk_skb: 19 callbacks suppressed
[ 75.086601][ T30] audit: type=1400 audit(1769116719.020:105): avc: denied { read } for pid=5984 comm="syz.0.17" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[ 75.116587][ T30] audit: type=1400 audit(1769116719.030:106): avc: denied { open } for pid=5984 comm="syz.0.17" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[ 75.168667][ T30] audit: type=1400 audit(1769116719.100:107): avc: denied { map_create } for pid=5984 comm="syz.0.17" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 76.710828][ T5139] Bluetooth: hci0: command tx timeout
[ 77.270101][ T52] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 77.270107][ T5139] Bluetooth: hci1: command 0x1003 tx timeout
2026/01/22 21:18:41 executed programs: 3
[ 77.331316][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[ 77.386839][ T118] ==================================================================
[ 77.394939][ T118] BUG: KASAN: slab-use-after-free in hci_uart_write_work+0x81c/0x950
[ 77.402989][ T118] Read of size 4 at addr ffff888073b0e2f0 by task kworker/0:2/118
[ 77.410759][ T118]
[ 77.413058][ T118] CPU: 0 UID: 0 PID: 118 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(full)
[ 77.413071][ T118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 77.413079][ T118] Workqueue: events hci_uart_write_work
[ 77.413101][ T118] Call Trace:
[ 77.413105][ T118]
[ 77.413110][ T118] dump_stack_lvl+0x100/0x190
[ 77.413125][ T118] print_report+0x156/0x4c9
[ 77.413140][ T118] ? __virt_addr_valid+0x81/0x620
[ 77.413151][ T118] ? __phys_addr+0xe8/0x180
[ 77.413161][ T118] ? hci_uart_write_work+0x81c/0x950
[ 77.413177][ T118] kasan_report+0xdf/0x1a0
[ 77.413192][ T118] ? hci_uart_write_work+0x81c/0x950
[ 77.413209][ T118] hci_uart_write_work+0x81c/0x950
[ 77.413224][ T118] ? __pfx_pty_write+0x10/0x10
[ 77.413237][ T118] process_one_work+0x9c2/0x1840
[ 77.413252][ T118] ? __pfx_process_one_work+0x10/0x10
[ 77.413266][ T118] ? assign_work+0x19c/0x250
[ 77.413278][ T118] worker_thread+0x5da/0xe40
[ 77.413292][ T118] ? kthread+0x17d/0x730
[ 77.413302][ T118] ? __pfx_worker_thread+0x10/0x10
[ 77.413314][ T118] kthread+0x3b3/0x730
[ 77.413325][ T118] ? __pfx_kthread+0x10/0x10
[ 77.413336][ T118] ? ret_from_fork+0x79/0xaf0
[ 77.413348][ T118] ? ret_from_fork+0x79/0xaf0
[ 77.413359][ T118] ? rcu_is_watching+0x12/0xc0
[ 77.413374][ T118] ? __pfx_kthread+0x10/0x10
[ 77.413385][ T118] ret_from_fork+0x754/0xaf0
[ 77.413397][ T118] ? __pfx_ret_from_fork+0x10/0x10
[ 77.413410][ T118] ? __switch_to+0x7b9/0x10c0
[ 77.413425][ T118] ? __pfx_kthread+0x10/0x10
[ 77.413436][ T118] ret_from_fork_asm+0x1a/0x30
[ 77.413449][ T118]
[ 77.413452][ T118]
[ 77.572045][ T118] Allocated by task 118:
[ 77.576261][ T118] kasan_save_stack+0x30/0x50
[ 77.580910][ T118] kasan_save_track+0x14/0x30
[ 77.585567][ T118] __kasan_slab_alloc+0x89/0x90
[ 77.590387][ T118] kmem_cache_alloc_node_noprof+0x303/0x880
[ 77.596248][ T118] __alloc_skb+0x156/0x410
[ 77.600632][ T118] bcsp_prepare_pkt+0xe0/0xa90
[ 77.605373][ T118] bcsp_dequeue+0x237/0x4b0
[ 77.609855][ T118] hci_uart_write_work+0x4d9/0x950
[ 77.614944][ T118] process_one_work+0x9c2/0x1840
[ 77.619868][ T118] worker_thread+0x5da/0xe40
[ 77.624442][ T118] kthread+0x3b3/0x730
[ 77.628480][ T118] ret_from_fork+0x754/0xaf0
[ 77.633054][ T118] ret_from_fork_asm+0x1a/0x30
[ 77.637788][ T118]
[ 77.640086][ T118] The buggy address belongs to the object at ffff888073b0e280
[ 77.640086][ T118] which belongs to the cache skbuff_head_cache of size 240
[ 77.654625][ T118] The buggy address is located 112 bytes inside of
[ 77.654625][ T118] freed 240-byte region [ffff888073b0e280, ffff888073b0e370)
[ 77.668399][ T118]
[ 77.670692][ T118] The buggy address belongs to the physical page:
[ 77.677070][ T118] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x73b0e
[ 77.685798][ T118] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 77.693221][ T118] page_type: f5(slab)
[ 77.697185][ T118] raw: 00fff00000000000 ffff88801e6ac8c0 ffffea0001ceccc0 0000000000000003
[ 77.705748][ T118] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000
[ 77.714294][ T118] page dumped because: kasan: bad access detected
[ 77.720672][ T118] page_owner tracks the page as allocated
[ 77.726367][ T118] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5742, tgid 5742 (sshd-session), ts 52751848685, free_ts 52648047880
[ 77.745615][ T118] post_alloc_hook+0x1e1/0x250
[ 77.750351][ T118] get_page_from_freelist+0xe3d/0x2e10
[ 77.755777][ T118] __alloc_frozen_pages_noprof+0x26c/0x2410
[ 77.761637][ T118] alloc_pages_mpol+0x1fb/0x550
[ 77.766463][ T118] new_slab+0x2c4/0x440
[ 77.770590][ T118] ___slab_alloc+0xda3/0x1ca0
[ 77.775232][ T118] __slab_alloc.isra.0+0x63/0x110
[ 77.780225][ T118] kmem_cache_alloc_noprof+0x4ec/0x780
[ 77.785653][ T118] skb_clone+0x190/0x400
[ 77.789867][ T118] dev_queue_xmit_nit+0x255/0xa60
[ 77.794864][ T118] dev_hard_start_xmit+0x2fb/0x6c0
[ 77.799943][ T118] sch_direct_xmit+0x1b2/0xc60
[ 77.804677][ T118] __dev_queue_xmit+0x24bd/0x46f0
[ 77.809669][ T118] ip_finish_output2+0xf34/0x24b0
[ 77.814668][ T118] __ip_finish_output.part.0+0x444/0x6f0
[ 77.820285][ T118] ip_output+0x39b/0xec0
[ 77.824512][ T118] page last free pid 5746 tgid 5746 stack trace:
[ 77.830811][ T118] __free_frozen_pages+0x822/0x1130
[ 77.835983][ T118] __folio_put+0x3b4/0x540
[ 77.840369][ T118] anon_pipe_buf_release+0x40c/0x530
[ 77.845623][ T118] anon_pipe_read+0x5cd/0x1200
[ 77.850356][ T118] vfs_read+0x957/0xb30
[ 77.854480][ T118] ksys_read+0x1f8/0x250
[ 77.858690][ T118] do_syscall_64+0xc9/0xf80
[ 77.863171][ T118] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.869032][ T118]
[ 77.871327][ T118] Memory state around the buggy address:
[ 77.876934][ T118] ffff888073b0e180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 77.884963][ T118] ffff888073b0e200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[ 77.892999][ T118] >ffff888073b0e280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 77.901024][ T118] ^
[ 77.908702][ T118] ffff888073b0e300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 77.916741][ T118] ffff888073b0e380: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[ 77.924766][ T118] ==================================================================
[ 77.935177][ T118] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 77.942397][ T118] CPU: 0 UID: 0 PID: 118 Comm: kworker/0:2 Not tainted syzkaller #0 PREEMPT(full)
[ 77.951673][ T118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[ 77.961711][ T118] Workqueue: events hci_uart_write_work
[ 77.967243][ T118] Call Trace:
[ 77.970495][ T118]
[ 77.973400][ T118] dump_stack_lvl+0x100/0x190
[ 77.978068][ T118] vpanic+0x20d/0x630
[ 77.982019][ T118] panic+0xd1/0xd1
[ 77.985719][ T118] ? __pfx_panic+0x10/0x10
[ 77.990110][ T118] ? hci_uart_write_work+0x81c/0x950
[ 77.995369][ T118] ? preempt_schedule_common+0x42/0xc0
[ 78.000797][ T118] ? check_panic_on_warn+0x1f/0x90
[ 78.005880][ T118] check_panic_on_warn.cold+0x19/0x34
[ 78.011237][ T118] end_report.part.0+0x3a/0x90
[ 78.015975][ T118] kasan_report.cold+0xe/0x18
[ 78.020625][ T118] ? hci_uart_write_work+0x81c/0x950
[ 78.025885][ T118] hci_uart_write_work+0x81c/0x950
[ 78.030979][ T118] ? __pfx_pty_write+0x10/0x10
[ 78.035806][ T118] process_one_work+0x9c2/0x1840
[ 78.040739][ T118] ? __pfx_process_one_work+0x10/0x10
[ 78.046098][ T118] ? assign_work+0x19c/0x250
[ 78.050659][ T118] worker_thread+0x5da/0xe40
[ 78.055236][ T118] ? kthread+0x17d/0x730
[ 78.059447][ T118] ? __pfx_worker_thread+0x10/0x10
[ 78.064540][ T118] kthread+0x3b3/0x730
[ 78.068586][ T118] ? __pfx_kthread+0x10/0x10
[ 78.073143][ T118] ? ret_from_fork+0x79/0xaf0
[ 78.077788][ T118] ? ret_from_fork+0x79/0xaf0
[ 78.082441][ T118] ? rcu_is_watching+0x12/0xc0
[ 78.087188][ T118] ? __pfx_kthread+0x10/0x10
[ 78.091747][ T118] ret_from_fork+0x754/0xaf0
[ 78.096316][ T118] ? __pfx_ret_from_fork+0x10/0x10
[ 78.101397][ T118] ? __switch_to+0x7b9/0x10c0
[ 78.106047][ T118] ? __pfx_kthread+0x10/0x10
[ 78.110603][ T118] ret_from_fork_asm+0x1a/0x30
[ 78.115337][ T118]
[ 78.118662][ T118] Kernel Offset: disabled
[ 78.122958][ T118] Rebooting in 86400 seconds..