Warning: Permanently added '[localhost]:6321' (ED25519) to the list of known hosts.
2025/11/15 11:11:13 ignoring optional flag "type"="qemu"
2025/11/15 11:11:13 parsed 1 programs
[ 75.299552][ T40] kauditd_printk_skb: 28 callbacks suppressed
[ 75.299564][ T40] audit: type=1400 audit(1763205073.560:102): avc: denied { getattr } for pid=6038 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 75.396903][ T40] audit: type=1400 audit(1763205073.660:103): avc: denied { unlink } for pid=6045 comm="syz-executor" name="swap-file" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 76.330853][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[ 76.333567][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[ 76.605809][ T6045] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
2025/11/15 11:11:14 executed programs: 0
[ 76.640448][ T40] audit: type=1400 audit(1763205074.900:104): avc: denied { search } for pid=6051 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 76.651898][ T40] audit: type=1400 audit(1763205074.910:105): avc: denied { search } for pid=6051 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=1897 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 76.661581][ T40] audit: type=1400 audit(1763205074.910:106): avc: denied { search } for pid=6051 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1901 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 76.682827][ T40] audit: type=1400 audit(1763205074.910:107): avc: denied { search } for pid=6051 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1902 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 76.683059][ T5294] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 76.695594][ T40] audit: type=1400 audit(1763205074.920:108): avc: denied { read open } for pid=6057 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1902 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 76.704118][ T40] audit: type=1400 audit(1763205074.920:109): avc: denied { getattr } for pid=6057 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1902 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 76.712196][ T40] audit: type=1400 audit(1763205074.930:110): avc: denied { create } for pid=6059 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 76.715575][ T64] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 76.718898][ T40] audit: type=1400 audit(1763205074.930:111): avc: denied { add_name } for pid=6051 comm="dhcpcd-run-hook" name="resolv.conf.eth4.ipv4ll" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 76.730893][ T6066] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 76.734844][ T6066] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 76.735524][ T6072] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 76.738381][ T6066] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 76.740202][ T6072] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 76.744724][ T6066] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 76.749283][ T6066] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 76.749661][ T6072] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 76.752234][ T6075] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 76.752756][ T6066] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 76.753479][ T6066] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 76.753949][ T6066] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 76.755439][ T6072] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 76.764415][ T6075] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 76.768498][ T6072] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 76.771281][ T6075] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 76.775820][ T5953] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 76.785817][ T6071] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 77.129249][ T6059] chnl_net:caif_netlink_parms(): no params data found
[ 77.168234][ T6065] chnl_net:caif_netlink_parms(): no params data found
[ 77.209060][ T6063] chnl_net:caif_netlink_parms(): no params data found
[ 77.233899][ T6068] chnl_net:caif_netlink_parms(): no params data found
[ 77.420202][ T6059] bridge0: port 1(bridge_slave_0) entered blocking state
[ 77.423216][ T6059] bridge0: port 1(bridge_slave_0) entered disabled state
[ 77.426528][ T6059] bridge_slave_0: entered allmulticast mode
[ 77.430206][ T6059] bridge_slave_0: entered promiscuous mode
[ 77.474452][ T6059] bridge0: port 2(bridge_slave_1) entered blocking state
[ 77.481023][ T6059] bridge0: port 2(bridge_slave_1) entered disabled state
[ 77.483884][ T6059] bridge_slave_1: entered allmulticast mode
[ 77.486560][ T6059] bridge_slave_1: entered promiscuous mode
[ 77.577131][ T6065] bridge0: port 1(bridge_slave_0) entered blocking state
[ 77.579867][ T6065] bridge0: port 1(bridge_slave_0) entered disabled state
[ 77.582390][ T6065] bridge_slave_0: entered allmulticast mode
[ 77.585869][ T6065] bridge_slave_0: entered promiscuous mode
[ 77.589810][ T6063] bridge0: port 1(bridge_slave_0) entered blocking state
[ 77.592646][ T6063] bridge0: port 1(bridge_slave_0) entered disabled state
[ 77.596959][ T6063] bridge_slave_0: entered allmulticast mode
[ 77.600441][ T6063] bridge_slave_0: entered promiscuous mode
[ 77.606143][ T6059] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 77.624246][ T6065] bridge0: port 2(bridge_slave_1) entered blocking state
[ 77.627722][ T6065] bridge0: port 2(bridge_slave_1) entered disabled state
[ 77.631458][ T6065] bridge_slave_1: entered allmulticast mode
[ 77.635614][ T6065] bridge_slave_1: entered promiscuous mode
[ 77.659640][ T6063] bridge0: port 2(bridge_slave_1) entered blocking state
[ 77.663084][ T6063] bridge0: port 2(bridge_slave_1) entered disabled state
[ 77.666445][ T6063] bridge_slave_1: entered allmulticast mode
[ 77.669669][ T6063] bridge_slave_1: entered promiscuous mode
[ 77.674911][ T6059] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 77.716720][ T6065] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 77.789349][ T6068] bridge0: port 1(bridge_slave_0) entered blocking state
[ 77.792331][ T6068] bridge0: port 1(bridge_slave_0) entered disabled state
[ 77.795573][ T6068] bridge_slave_0: entered allmulticast mode
[ 77.799356][ T6068] bridge_slave_0: entered promiscuous mode
[ 77.805584][ T6065] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 77.836462][ T6059] team0: Port device team_slave_0 added
[ 77.839327][ T6068] bridge0: port 2(bridge_slave_1) entered blocking state
[ 77.842392][ T6068] bridge0: port 2(bridge_slave_1) entered disabled state
[ 77.845644][ T6068] bridge_slave_1: entered allmulticast mode
[ 77.849786][ T6068] bridge_slave_1: entered promiscuous mode
[ 77.883872][ T6063] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 77.888754][ T6059] team0: Port device team_slave_1 added
[ 77.962969][ T6063] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 78.019033][ T6065] team0: Port device team_slave_0 added
[ 78.037655][ T6059] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 78.040630][ T6059] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 78.051504][ T6059] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 78.060429][ T6068] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 78.066187][ T6065] team0: Port device team_slave_1 added
[ 78.070733][ T6063] team0: Port device team_slave_0 added
[ 78.073999][ T6059] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 78.077056][ T6059] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 78.087703][ T6059] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 78.094941][ T6068] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 78.124377][ T6063] team0: Port device team_slave_1 added
[ 78.185514][ T6065] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 78.188400][ T6065] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 78.199012][ T6065] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 78.248110][ T6065] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 78.250512][ T6065] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 78.259606][ T6065] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 78.270773][ T6063] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 78.273669][ T6063] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 78.284233][ T6063] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 78.290724][ T6068] team0: Port device team_slave_0 added
[ 78.346469][ T6063] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 78.349317][ T6063] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 78.361117][ T6063] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 78.367719][ T6068] team0: Port device team_slave_1 added
[ 78.375555][ T6059] hsr_slave_0: entered promiscuous mode
[ 78.379035][ T6059] hsr_slave_1: entered promiscuous mode
[ 78.490262][ T6065] hsr_slave_0: entered promiscuous mode
[ 78.493277][ T6065] hsr_slave_1: entered promiscuous mode
[ 78.495749][ T6065] debugfs: 'hsr0' already exists in 'hsr'
[ 78.497653][ T6065] Cannot create hsr debugfs directory
[ 78.551605][ T6068] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 78.554380][ T6068] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 78.563569][ T6068] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 78.569424][ T6068] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 78.572079][ T6068] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 78.582676][ T6068] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 78.624370][ T6063] hsr_slave_0: entered promiscuous mode
[ 78.627657][ T6063] hsr_slave_1: entered promiscuous mode
[ 78.630688][ T6063] debugfs: 'hsr0' already exists in 'hsr'
[ 78.632783][ T6063] Cannot create hsr debugfs directory
[ 78.761665][ T6068] hsr_slave_0: entered promiscuous mode
[ 78.764313][ T6068] hsr_slave_1: entered promiscuous mode
[ 78.767306][ T6068] debugfs: 'hsr0' already exists in 'hsr'
[ 78.769540][ T6068] Cannot create hsr debugfs directory
[ 78.806053][ T6071] Bluetooth: hci3: command tx timeout
[ 78.806427][ T6075] Bluetooth: hci0: command tx timeout
[ 78.808405][ T5953] Bluetooth: hci1: command tx timeout
[ 78.808537][ T5294] Bluetooth: hci2: command tx timeout
[ 79.157032][ T6065] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 79.165174][ T6065] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 79.171232][ T6065] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 79.185333][ T6065] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 79.233926][ T6059] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 79.240489][ T6059] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 79.269093][ T6059] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 79.277420][ T6059] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 79.385699][ T6065] 8021q: adding VLAN 0 to HW filter on device bond0
[ 79.425440][ T6065] 8021q: adding VLAN 0 to HW filter on device team0
[ 79.433328][ T1253] bridge0: port 1(bridge_slave_0) entered blocking state
[ 79.436113][ T1253] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 79.447331][ T1253] bridge0: port 2(bridge_slave_1) entered blocking state
[ 79.450445][ T1253] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 79.461467][ T6059] 8021q: adding VLAN 0 to HW filter on device bond0
[ 79.494854][ T6059] 8021q: adding VLAN 0 to HW filter on device team0
[ 79.506328][ T80] bridge0: port 1(bridge_slave_0) entered blocking state
[ 79.509171][ T80] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 79.529945][ T1177] bridge0: port 2(bridge_slave_1) entered blocking state
[ 79.533002][ T1177] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 79.641035][ T6065] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 79.716340][ T6065] veth0_vlan: entered promiscuous mode
[ 79.732289][ T6065] veth1_vlan: entered promiscuous mode
[ 79.740370][ T6068] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 79.747947][ T6068] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 79.756827][ T6059] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 79.772950][ T6068] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 79.778032][ T6068] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 79.833637][ T6063] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 79.842223][ T6063] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 79.851403][ T6063] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 79.863171][ T6063] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 79.873113][ T6065] veth0_macvtap: entered promiscuous mode
[ 79.880509][ T6065] veth1_macvtap: entered promiscuous mode
[ 79.919880][ T6068] 8021q: adding VLAN 0 to HW filter on device bond0
[ 79.944368][ T6059] veth0_vlan: entered promiscuous mode
[ 79.958013][ T6065] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 79.971204][ T6059] veth1_vlan: entered promiscuous mode
[ 79.980928][ T6065] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 79.988037][ T6068] 8021q: adding VLAN 0 to HW filter on device team0
[ 80.009927][ T80] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.015082][ T80] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.022167][ T1177] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.024811][ T1177] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 80.031799][ T80] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.035636][ T80] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.052448][ T80] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.055547][ T80] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 80.082060][ T6059] veth0_macvtap: entered promiscuous mode
[ 80.112613][ T6059] veth1_macvtap: entered promiscuous mode
[ 80.149823][ T6059] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 80.159606][ T6063] 8021q: adding VLAN 0 to HW filter on device bond0
[ 80.168026][ T6059] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 80.190423][ T1189] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.193313][ T1189] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.223073][ T1189] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.227455][ T1189] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.249576][ T6063] 8021q: adding VLAN 0 to HW filter on device team0
[ 80.261994][ T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.264710][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 80.289713][ T1177] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.292767][ T1177] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 80.362414][ T6068] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 80.432515][ T6068] veth0_vlan: entered promiscuous mode
[ 80.441353][ T6068] veth1_vlan: entered promiscuous mode
[ 80.469154][ T6068] veth0_macvtap: entered promiscuous mode
[ 80.479537][ T6068] veth1_macvtap: entered promiscuous mode
[ 80.498422][ T6068] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 80.511361][ T6068] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 80.522747][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.527444][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.536871][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.540563][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.549124][ T6063] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 80.599451][ T6063] veth0_vlan: entered promiscuous mode
[ 80.610344][ T6063] veth1_vlan: entered promiscuous mode
[ 80.642934][ T6063] veth0_macvtap: entered promiscuous mode
[ 80.648538][ T6063] veth1_macvtap: entered promiscuous mode
[ 80.658778][ T6063] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 80.668725][ T6063] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 80.677054][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.681808][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.685998][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.690192][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.887446][ T5953] Bluetooth: hci2: command tx timeout
[ 80.887950][ T6075] Bluetooth: hci3: command tx timeout
[ 80.887976][ T5294] Bluetooth: hci0: command tx timeout
[ 80.897127][ T6075] Bluetooth: hci1: command tx timeout
2025/11/15 11:11:19 executed programs: 73
[ 82.964821][ T6075] Bluetooth: hci3: command tx timeout
[ 82.964907][ T5953] Bluetooth: hci0: command tx timeout
[ 82.965048][ T5294] Bluetooth: hci2: command tx timeout
[ 82.975299][ T5953] Bluetooth: hci1: command tx timeout
[ 85.045050][ T5953] Bluetooth: hci1: command tx timeout
[ 85.045088][ T6071] Bluetooth: hci0: command tx timeout
[ 85.048573][ T5294] Bluetooth: hci3: command tx timeout
[ 85.055591][ T5294] Bluetooth: hci2: command tx timeout
[ 86.567781][ T24] cfg80211: failed to load regulatory.db
2025/11/15 11:11:24 executed programs: 554
2025/11/15 11:11:29 executed programs: 1053
[ 92.255497][ T5294] Bluetooth: hci3: command 0x0405 tx timeout
[ 93.014736][ T840] ==================================================================
[ 93.018307][ T840] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x3a/0x60
[ 93.022108][ T840] Read of size 1 at addr ffff888035c962f0 by task kworker/1:2/840
[ 93.028289][ T840]
[ 93.029334][ T840] CPU: 1 UID: 0 PID: 840 Comm: kworker/1:2 Not tainted syzkaller #0 PREEMPT(full)
[ 93.029356][ T840] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 93.029369][ T840] Workqueue: events l2cap_chan_timeout
[ 93.029397][ T840] Call Trace:
[ 93.029404][ T840]
[ 93.029410][ T840] dump_stack_lvl+0x116/0x1f0
[ 93.029428][ T840] print_report+0xcd/0x630
[ 93.029447][ T840] ? __virt_addr_valid+0x81/0x610
[ 93.029470][ T840] ? __phys_addr+0xe8/0x180
[ 93.029493][ T840] ? _raw_spin_lock_irqsave+0x3a/0x60
[ 93.029515][ T840] kasan_report+0xe0/0x110
[ 93.029533][ T840] ? _raw_spin_lock_irqsave+0x3a/0x60
[ 93.029556][ T840] ? _raw_spin_lock_irqsave+0x3a/0x60
[ 93.029581][ T840] __kasan_check_byte+0x36/0x50
[ 93.029599][ T840] lock_acquire+0xfc/0x350
[ 93.029614][ T840] ? osq_lock+0x211/0x6c0
[ 93.029633][ T840] ? __mutex_lock+0xcc7/0x1060
[ 93.029652][ T840] ? l2cap_chan_timeout+0x6d/0x310
[ 93.029676][ T840] _raw_spin_lock_irqsave+0x3a/0x60
[ 93.029700][ T840] ? __mutex_lock+0x289/0x1060
[ 93.029717][ T840] __mutex_lock+0x289/0x1060
[ 93.029736][ T840] ? __pfx___mutex_lock+0x10/0x10
[ 93.029753][ T840] ? debug_object_deactivate+0x1ec/0x3a0
[ 93.029784][ T840] ? l2cap_chan_timeout+0x6d/0x310
[ 93.029808][ T840] l2cap_chan_timeout+0x6d/0x310
[ 93.029832][ T840] process_one_work+0x9cf/0x1b70
[ 93.029855][ T840] ? __pfx_process_one_work+0x10/0x10
[ 93.029876][ T840] ? assign_work+0x1a0/0x250
[ 93.029892][ T840] worker_thread+0x6c8/0xf10
[ 93.029912][ T840] ? __kthread_parkme+0x19e/0x250
[ 93.029936][ T840] ? __pfx_worker_thread+0x10/0x10
[ 93.029954][ T840] kthread+0x3c5/0x780
[ 93.029970][ T840] ? __pfx_kthread+0x10/0x10
[ 93.029987][ T840] ? rcu_is_watching+0x12/0xc0
[ 93.030007][ T840] ? __pfx_kthread+0x10/0x10
[ 93.030022][ T840] ret_from_fork+0x675/0x7d0
[ 93.030038][ T840] ? __pfx_kthread+0x10/0x10
[ 93.030054][ T840] ret_from_fork_asm+0x1a/0x30
[ 93.030082][ T840]
[ 93.030088][ T840]
[ 93.112074][ T840] Allocated by task 8584:
[ 93.114291][ T840] kasan_save_stack+0x33/0x60
[ 93.116793][ T840] kasan_save_track+0x14/0x30
[ 93.119183][ T840] __kasan_kmalloc+0xaa/0xb0
[ 93.120836][ T840] l2cap_conn_add.part.0+0x60/0xa60
[ 93.122422][ T840] l2cap_chan_connect+0x15e5/0x2020
[ 93.124238][ T840] l2cap_sock_connect+0x3ba/0x740
[ 93.126389][ T840] __sys_connect_file+0x141/0x1a0
[ 93.128560][ T840] __sys_connect+0x13b/0x160
[ 93.130503][ T840] __x64_sys_connect+0x72/0xb0
[ 93.132456][ T840] do_syscall_64+0xcd/0xfa0
[ 93.134284][ T840] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 93.136631][ T840]
[ 93.137678][ T840] Freed by task 5294:
[ 93.139386][ T840] kasan_save_stack+0x33/0x60
[ 93.141375][ T840] kasan_save_track+0x14/0x30
[ 93.143151][ T840] __kasan_save_free_info+0x3b/0x60
[ 93.145138][ T840] __kasan_slab_free+0x5f/0x80
[ 93.147003][ T840] kfree+0x2b8/0x6d0
[ 93.148666][ T840] l2cap_conn_del+0x59c/0x730
[ 93.150689][ T840] l2cap_connect_cfm+0x9e1/0xf80
[ 93.152838][ T840] hci_conn_failed+0x1bd/0x330
[ 93.154868][ T840] hci_abort_conn_sync+0x76a/0xb20
[ 93.157031][ T840] abort_conn_sync+0x197/0x360
[ 93.158858][ T840] hci_cmd_sync_work+0x1ab/0x430
[ 93.176628][ T840] process_one_work+0x9cf/0x1b70
[ 93.178318][ T840] worker_thread+0x6c8/0xf10
[ 93.180101][ T840] kthread+0x3c5/0x780
[ 93.181907][ T840] ret_from_fork+0x675/0x7d0
[ 93.184185][ T840] ret_from_fork_asm+0x1a/0x30
[ 93.186797][ T840]
[ 93.188159][ T840] The buggy address belongs to the object at ffff888035c96000
[ 93.188159][ T840] which belongs to the cache kmalloc-1k of size 1024
[ 93.194138][ T840] The buggy address is located 752 bytes inside of
[ 93.194138][ T840] freed 1024-byte region [ffff888035c96000, ffff888035c96400)
[ 93.197980][ T840]
[ 93.198812][ T840] The buggy address belongs to the physical page:
[ 93.201273][ T840] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35c90
[ 93.204899][ T840] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 93.208201][ T840] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 93.211243][ T840] page_type: f5(slab)
[ 93.212742][ T840] raw: 00fff00000000040 ffff88801b442dc0 dead000000000100 dead000000000122
[ 93.215244][ T840] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 93.218709][ T840] head: 00fff00000000040 ffff88801b442dc0 dead000000000100 dead000000000122
[ 93.222739][ T840] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[ 93.226589][ T840] head: 00fff00000000003 ffffea0000d72401 00000000ffffffff 00000000ffffffff
[ 93.230477][ T840] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 93.234202][ T840] page dumped because: kasan: bad access detected
[ 93.236927][ T840] page_owner tracks the page as allocated
[ 93.238818][ T840] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6059, tgid 6059 (syz-executor.2), ts 79478211908, free_ts 79395806442
[ 93.246276][ T840] post_alloc_hook+0x1c0/0x230
[ 93.248048][ T840] get_page_from_freelist+0x10a3/0x3a30
[ 93.249941][ T840] __alloc_frozen_pages_noprof+0x25f/0x2470
[ 93.252287][ T840] alloc_pages_mpol+0x1fb/0x550
[ 93.254044][ T840] new_slab+0x24a/0x360
[ 93.255569][ T840] ___slab_alloc+0xd79/0x1a50
[ 93.257343][ T840] __slab_alloc.constprop.0+0x63/0x110
[ 93.259304][ T840] __kmalloc_node_noprof+0x4dd/0x8a0
[ 93.261718][ T840] qdisc_alloc+0xbb/0xc50
[ 93.263121][ T840] qdisc_create_dflt+0x94/0x490
[ 93.264789][ T840] dev_activate+0x63f/0x12d0
[ 93.266678][ T840] __dev_open+0x432/0x7c0
[ 93.268520][ T840] __dev_change_flags+0x55d/0x720
[ 93.270601][ T840] netif_change_flags+0x8d/0x160
[ 93.272725][ T840] do_setlink.constprop.0+0xb53/0x4380
[ 93.275027][ T840] rtnl_newlink+0x1446/0x2000
[ 93.277054][ T840] page last free pid 6059 tgid 6059 stack trace:
[ 93.279691][ T840] __free_frozen_pages+0x7df/0x1160
[ 93.281701][ T840] __put_partials+0x130/0x170
[ 93.283181][ T840] qlist_free_all+0x4d/0x120
[ 93.284492][ T840] kasan_quarantine_reduce+0x195/0x1e0
[ 93.286248][ T840] __kasan_slab_alloc+0x69/0x90
[ 93.288058][ T840] kmem_cache_alloc_node_noprof+0x28a/0x770
[ 93.289980][ T840] __alloc_skb+0x2b2/0x380
[ 93.291276][ T840] netlink_ack+0x15d/0xb80
[ 93.292928][ T840] netlink_rcv_skb+0x332/0x420
[ 93.294581][ T840] netlink_unicast+0x5aa/0x870
[ 93.296361][ T840] netlink_sendmsg+0x8c8/0xdd0
[ 93.298386][ T840] __sys_sendto+0x4a3/0x520
[ 93.300392][ T840] __x64_sys_sendto+0xe0/0x1c0
[ 93.302598][ T840] do_syscall_64+0xcd/0xfa0
[ 93.304651][ T840] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 93.307094][ T840]
[ 93.308124][ T840] Memory state around the buggy address:
[ 93.310322][ T840] ffff888035c96180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 93.313611][ T840] ffff888035c96200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 93.316932][ T840] >ffff888035c96280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 93.320345][ T840] ^
[ 93.323588][ T840] ffff888035c96300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 93.326681][ T840] ffff888035c96380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 93.329692][ T840] ==================================================================
[ 93.333004][ T840] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 93.335963][ T840] CPU: 1 UID: 0 PID: 840 Comm: kworker/1:2 Not tainted syzkaller #0 PREEMPT(full)
[ 93.339875][ T840] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 93.344346][ T840] Workqueue: events l2cap_chan_timeout
[ 93.346896][ T840] Call Trace:
[ 93.348601][ T840]
[ 93.349944][ T840] dump_stack_lvl+0x3d/0x1f0
[ 93.351902][ T840] vpanic+0x640/0x6f0
[ 93.353597][ T840] panic+0xca/0xd0
[ 93.355156][ T840] ? __pfx_panic+0x10/0x10
[ 93.357063][ T840] ? end_report+0x4c/0x170
[ 93.358949][ T840] ? rcu_is_watching+0x12/0xc0
[ 93.361020][ T840] ? lock_release+0x201/0x2f0
[ 93.362972][ T840] ? check_panic_on_warn+0x1f/0xb0
[ 93.365108][ T840] check_panic_on_warn+0xab/0xb0
[ 93.367069][ T840] end_report+0x107/0x170
[ 93.369373][ T840] kasan_report+0xee/0x110
[ 93.371418][ T840] ? _raw_spin_lock_irqsave+0x3a/0x60
[ 93.373694][ T840] ? _raw_spin_lock_irqsave+0x3a/0x60
[ 93.375642][ T840] __kasan_check_byte+0x36/0x50
[ 93.377444][ T840] lock_acquire+0xfc/0x350
[ 93.379077][ T840] ? osq_lock+0x211/0x6c0
[ 93.380969][ T840] ? __mutex_lock+0xcc7/0x1060
[ 93.382978][ T840] ? l2cap_chan_timeout+0x6d/0x310
[ 93.385135][ T840] _raw_spin_lock_irqsave+0x3a/0x60
[ 93.387306][ T840] ? __mutex_lock+0x289/0x1060
[ 93.388988][ T840] __mutex_lock+0x289/0x1060
[ 93.391057][ T840] ? __pfx___mutex_lock+0x10/0x10
[ 93.393092][ T840] ? debug_object_deactivate+0x1ec/0x3a0
[ 93.395596][ T840] ? l2cap_chan_timeout+0x6d/0x310
[ 93.397837][ T840] l2cap_chan_timeout+0x6d/0x310
[ 93.399947][ T840] process_one_work+0x9cf/0x1b70
[ 93.402056][ T840] ? __pfx_process_one_work+0x10/0x10
[ 93.404345][ T840] ? assign_work+0x1a0/0x250
[ 93.406293][ T840] worker_thread+0x6c8/0xf10
[ 93.408157][ T840] ? __kthread_parkme+0x19e/0x250
[ 93.410039][ T840] ? __pfx_worker_thread+0x10/0x10
[ 93.412023][ T840] kthread+0x3c5/0x780
[ 93.413735][ T840] ? __pfx_kthread+0x10/0x10
[ 93.415684][ T840] ? rcu_is_watching+0x12/0xc0
[ 93.417705][ T840] ? __pfx_kthread+0x10/0x10
[ 93.419745][ T840] ret_from_fork+0x675/0x7d0
[ 93.421575][ T840] ? __pfx_kthread+0x10/0x10
[ 93.423530][ T840] ret_from_fork_asm+0x1a/0x30
[ 93.425548][ T840]
[ 93.427552][ T840] Kernel Offset: disabled
[ 93.429237][ T840] Rebooting in 86400 seconds..