Warning: Permanently added '10.128.0.183' (ED25519) to the list of known hosts.
2025/08/25 02:39:03 parsed 1 programs
[ 64.018620][ T4189] cgroup: Unknown subsys name 'net'
[ 64.117489][ T4189] cgroup: Unknown subsys name 'rlimit'
[ 65.705278][ T4189] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 67.729458][ T4216] chnl_net:caif_netlink_parms(): no params data found
[ 67.799477][ T4216] bridge0: port 1(bridge_slave_0) entered blocking state
[ 67.808568][ T4216] bridge0: port 1(bridge_slave_0) entered disabled state
[ 67.816980][ T4216] device bridge_slave_0 entered promiscuous mode
[ 67.828173][ T4216] bridge0: port 2(bridge_slave_1) entered blocking state
[ 67.835400][ T4216] bridge0: port 2(bridge_slave_1) entered disabled state
[ 67.845455][ T4216] device bridge_slave_1 entered promiscuous mode
[ 67.876784][ T4216] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 67.888690][ T4216] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 67.923767][ T4216] team0: Port device team_slave_0 added
[ 67.931983][ T4216] team0: Port device team_slave_1 added
[ 67.958889][ T4216] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 67.967251][ T4216] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 67.994819][ T4216] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 68.008060][ T4216] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 68.016377][ T4216] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 68.043803][ T4216] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 68.086105][ T4216] device hsr_slave_0 entered promiscuous mode
[ 68.094504][ T4216] device hsr_slave_1 entered promiscuous mode
[ 68.233411][ T4216] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 68.246462][ T4216] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 68.259609][ T4216] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 68.270730][ T4216] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 68.307536][ T4216] bridge0: port 2(bridge_slave_1) entered blocking state
[ 68.314798][ T4216] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 68.322934][ T4216] bridge0: port 1(bridge_slave_0) entered blocking state
[ 68.330020][ T4216] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 68.400094][ T4216] 8021q: adding VLAN 0 to HW filter on device bond0
[ 68.415823][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 68.441045][ T144] bridge0: port 1(bridge_slave_0) entered disabled state
[ 68.451592][ T144] bridge0: port 2(bridge_slave_1) entered disabled state
[ 68.460394][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 68.477292][ T4216] 8021q: adding VLAN 0 to HW filter on device team0
[ 68.490441][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 68.499563][ T9] bridge0: port 1(bridge_slave_0) entered blocking state
[ 68.506712][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 68.523626][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 68.533569][ T144] bridge0: port 2(bridge_slave_1) entered blocking state
[ 68.540683][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 68.562704][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 68.573873][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 68.592720][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 68.606827][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 68.621737][ T4216] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 68.635423][ T4216] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 68.644804][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 68.775492][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 68.785242][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 68.802689][ T4216] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 68.825208][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 68.834908][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 68.863764][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 68.873972][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 68.888650][ T4216] device veth0_vlan entered promiscuous mode
[ 68.896733][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 68.905815][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 68.919368][ T4216] device veth1_vlan entered promiscuous mode
[ 68.944962][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 68.953811][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 68.962629][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 68.971325][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 68.984937][ T4216] device veth0_macvtap entered promiscuous mode
[ 68.998204][ T4216] device veth1_macvtap entered promiscuous mode
[ 69.035715][ T4216] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 69.044836][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 69.054612][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 69.063666][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 69.072785][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 69.098254][ T4216] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 69.107734][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 69.117640][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 69.139421][ T4216] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 69.148453][ T4216] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 69.157498][ T4216] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 69.166522][ T4216] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 69.249808][ T4216] syz-executor (4216) used greatest stack depth: 20512 bytes left
[ 70.723147][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 70.741002][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 70.752873][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 70.784594][ T1407] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 70.794283][ T1407] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 70.805030][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2025/08/25 02:39:12 executed programs: 0
[ 71.324476][ T1427] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.331141][ T1427] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.463075][ T4287] chnl_net:caif_netlink_parms(): no params data found
[ 71.511854][ T3092] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 71.545749][ T4287] bridge0: port 1(bridge_slave_0) entered blocking state
[ 71.553270][ T4287] bridge0: port 1(bridge_slave_0) entered disabled state
[ 71.561686][ T4287] device bridge_slave_0 entered promiscuous mode
[ 71.570250][ T4287] bridge0: port 2(bridge_slave_1) entered blocking state
[ 71.578295][ T4287] bridge0: port 2(bridge_slave_1) entered disabled state
[ 71.586257][ T4287] device bridge_slave_1 entered promiscuous mode
[ 71.607588][ T4287] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 71.620369][ T4287] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 71.644966][ T4287] team0: Port device team_slave_0 added
[ 71.653777][ T4287] team0: Port device team_slave_1 added
[ 71.672831][ T4287] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 71.679827][ T4287] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 71.706099][ T4287] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 71.718783][ T4287] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 71.726677][ T4287] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 71.753011][ T4287] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 71.789368][ T4287] device hsr_slave_0 entered promiscuous mode
[ 71.796619][ T4287] device hsr_slave_1 entered promiscuous mode
[ 71.805131][ T4287] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 71.813761][ T4287] Cannot create hsr debugfs directory
[ 73.331763][ T4238] Bluetooth: hci0: command 0x0409 tx timeout
[ 74.437685][ T3092] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 74.486469][ T3092] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 74.559418][ T3092] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 75.400733][ T4315] Bluetooth: hci0: command 0x041b tx timeout
[ 75.458052][ T4287] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 75.470439][ T4287] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 75.503201][ T4287] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 75.512685][ T4287] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 75.618409][ T4287] 8021q: adding VLAN 0 to HW filter on device bond0
[ 75.631317][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 75.639287][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 75.651768][ T4287] 8021q: adding VLAN 0 to HW filter on device team0
[ 75.663171][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 75.673454][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 75.682517][ T1407] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.689602][ T1407] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 75.700024][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 75.718123][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 75.726979][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 75.735881][ T1407] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.743013][ T1407] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 75.781425][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 75.793373][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 75.803196][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 75.813046][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 75.821812][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 75.836206][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 75.845083][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 75.853816][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 75.863235][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 75.875718][ T4287] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 75.887790][ T4287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 75.897767][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 75.907150][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 76.063426][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 76.071148][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 76.083615][ T4287] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 76.119463][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 76.131891][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 76.152333][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 76.161247][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 76.169640][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 76.177841][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 76.186701][ T4287] device veth0_vlan entered promiscuous mode
[ 76.217110][ T4287] device veth1_vlan entered promiscuous mode
[ 76.245418][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 76.254812][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 76.263748][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 76.273141][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 76.293689][ T4287] device veth0_macvtap entered promiscuous mode
[ 76.303145][ T4287] device veth1_macvtap entered promiscuous mode
[ 76.318268][ T4287] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 76.330079][ T4287] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 76.343815][ T4287] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 76.352384][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 76.360869][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 76.368913][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 76.377915][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 76.393708][ T4287] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 76.404815][ T4287] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 76.417194][ T4287] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 76.432815][ T3092] device hsr_slave_0 left promiscuous mode
[ 76.439627][ T3092] device hsr_slave_1 left promiscuous mode
[ 76.446545][ T3092] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 76.455688][ T3092] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 76.464215][ T3092] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 76.471713][ T3092] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 76.479396][ T3092] device bridge_slave_1 left promiscuous mode
[ 76.486553][ T3092] bridge0: port 2(bridge_slave_1) entered disabled state
[ 76.500402][ T3092] device bridge_slave_0 left promiscuous mode
[ 76.507993][ T3092] bridge0: port 1(bridge_slave_0) entered disabled state
[ 76.528157][ T3092] device veth1_macvtap left promiscuous mode
[ 76.534611][ T3092] device veth0_macvtap left promiscuous mode
[ 76.541464][ T3092] device veth1_vlan left promiscuous mode
[ 76.547406][ T3092] device veth0_vlan left promiscuous mode
[ 76.729388][ T3092] team0 (unregistering): Port device team_slave_1 removed
[ 76.743627][ T3092] team0 (unregistering): Port device team_slave_0 removed
[ 76.758283][ T3092] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 76.774567][ T3092] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 76.838609][ T3092] bond0 (unregistering): Released all slaves
[ 76.884946][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 76.894547][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 76.904868][ T4287] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.914313][ T4287] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.923236][ T4287] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 76.932078][ T4287] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 77.038955][ T405] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 77.047180][ T405] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 77.062004][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 77.095631][ T1407] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 77.104419][ T1407] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 77.114312][ T1407] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 77.154945][ T4272] ==================================================================
[ 77.163387][ T4272] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0x12db/0x3b80
[ 77.171277][ T4272] Read of size 1 at addr ffff888079c07e04 by task kworker/u5:1/4272
[ 77.179372][ T4272]
[ 77.181740][ T4272] CPU: 0 PID: 4272 Comm: kworker/u5:1 Not tainted 5.15.189-syzkaller #0
[ 77.190122][ T4272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 77.200200][ T4272] Workqueue: hci0 hci_rx_work
[ 77.204917][ T4272] Call Trace:
[ 77.208206][ T4272]
[ 77.211143][ T4272] dump_stack_lvl+0x168/0x230
[ 77.215836][ T4272] ? show_regs_print_info+0x20/0x20
[ 77.221042][ T4272] ? load_image+0x3b0/0x3b0
[ 77.225551][ T4272] ? _raw_spin_lock_irqsave+0xb0/0xf0
[ 77.230934][ T4272] print_address_description+0x60/0x2d0
[ 77.236485][ T4272] ? hci_le_meta_evt+0x12db/0x3b80
[ 77.241690][ T4272] kasan_report+0xdf/0x130
[ 77.246116][ T4272] ? hci_le_meta_evt+0x12db/0x3b80
[ 77.251236][ T4272] hci_le_meta_evt+0x12db/0x3b80
[ 77.256185][ T4272] ? hci_event_packet+0x1f0/0x12f0
[ 77.261315][ T4272] ? hci_remote_host_features_evt+0x280/0x280
[ 77.267386][ T4272] ? __mutex_unlock_slowpath+0x19e/0x6a0
[ 77.273026][ T4272] ? mark_lock+0x94/0x320
[ 77.277358][ T4272] ? mutex_unlock+0x10/0x10
[ 77.281864][ T4272] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 77.287853][ T4272] ? lock_chain_count+0x20/0x20
[ 77.292709][ T4272] ? __rwlock_init+0x140/0x140
[ 77.297749][ T4272] hci_event_packet+0xe05/0x12f0
[ 77.302691][ T4272] ? lockdep_hardirqs_on+0x94/0x140
[ 77.307902][ T4272] ? rcu_lock_release+0x20/0x20
[ 77.312762][ T4272] ? hci_send_to_monitor+0x9c/0x4a0
[ 77.317967][ T4272] hci_rx_work+0x255/0xa10
[ 77.322398][ T4272] process_one_work+0x863/0x1000
[ 77.327357][ T4272] ? worker_detach_from_pool+0x240/0x240
[ 77.332996][ T4272] ? lockdep_hardirqs_off+0x70/0x100
[ 77.338297][ T4272] ? _raw_spin_lock_irq+0xab/0xe0
[ 77.343327][ T4272] ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 77.348709][ T4272] ? wq_worker_running+0x97/0x170
[ 77.353737][ T4272] worker_thread+0xaa8/0x12a0
[ 77.358439][ T4272] kthread+0x436/0x520
[ 77.362510][ T4272] ? rcu_lock_release+0x20/0x20
[ 77.367398][ T4272] ? kthread_blkcg+0xd0/0xd0
[ 77.371994][ T4272] ret_from_fork+0x1f/0x30
[ 77.376428][ T4272]
[ 77.379451][ T4272]
[ 77.381779][ T4272] Allocated by task 4347:
[ 77.386105][ T4272] __kasan_kmalloc+0xb5/0xf0
[ 77.390800][ T4272] __alloc_skb+0x22c/0x750
[ 77.395222][ T4272] vhci_write+0xbc/0x450
[ 77.399467][ T4272] vfs_write+0x712/0xd00
[ 77.403711][ T4272] ksys_write+0x14d/0x250
[ 77.408046][ T4272] do_syscall_64+0x4c/0xa0
[ 77.412473][ T4272] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 77.418374][ T4272]
[ 77.420699][ T4272] The buggy address belongs to the object at ffff888079c07c00
[ 77.420699][ T4272] which belongs to the cache kmalloc-512 of size 512
[ 77.434749][ T4272] The buggy address is located 4 bytes to the right of
[ 77.434749][ T4272] 512-byte region [ffff888079c07c00, ffff888079c07e00)
[ 77.448372][ T4272] The buggy address belongs to the page:
[ 77.454000][ T4272] page:ffffea0001e70100 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79c04
[ 77.464147][ T4272] head:ffffea0001e70100 order:2 compound_mapcount:0 compound_pincount:0
[ 77.472468][ T4272] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 77.480460][ T4272] raw: 00fff00000010200 ffffea0001e7b500 0000000600000006 ffff888016841c80
[ 77.489043][ T4272] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[ 77.497621][ T4272] page dumped because: kasan: bad access detected
[ 77.504038][ T4272] page_owner tracks the page as allocated
[ 77.509744][ T4272] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 14, ts 50988441557, free_ts 26924371538
[ 77.528052][ T4272] get_page_from_freelist+0x1b77/0x1c60
[ 77.533605][ T4272] __alloc_pages+0x1e1/0x470
[ 77.538193][ T4272] new_slab+0xc0/0x4b0
[ 77.542272][ T4272] ___slab_alloc+0x81e/0xdf0
[ 77.546858][ T4272] __kmalloc_node_track_caller+0x1fc/0x3a0
[ 77.552654][ T4272] __alloc_skb+0x22c/0x750
[ 77.557065][ T4272] __napi_alloc_skb+0x151/0x2d0
[ 77.561911][ T4272] page_to_skb+0x26a/0xcf0
[ 77.566323][ T4272] receive_buf+0x141b/0x5770
[ 77.570912][ T4272] virtnet_poll+0x546/0xef0
[ 77.575417][ T4272] __napi_poll+0xc0/0x430
[ 77.579745][ T4272] net_rx_action+0x4a8/0x9c0
[ 77.584427][ T4272] handle_softirqs+0x328/0x820
[ 77.589191][ T4272] run_ksoftirqd+0x98/0xf0
[ 77.593614][ T4272] smpboot_thread_fn+0x4f6/0x970
[ 77.598556][ T4272] kthread+0x436/0x520
[ 77.602627][ T4272] page last free stack trace:
[ 77.607296][ T4272] free_unref_page_prepare+0x637/0x6c0
[ 77.612755][ T4272] free_unref_page+0x94/0x280
[ 77.617423][ T4272] qlist_free_all+0x35/0x90
[ 77.621922][ T4272] kasan_quarantine_reduce+0x150/0x160
[ 77.627380][ T4272] __kasan_slab_alloc+0x2f/0xd0
[ 77.632234][ T4272] slab_post_alloc_hook+0x4c/0x380
[ 77.637355][ T4272] __kmalloc+0x127/0x330
[ 77.641595][ T4272] tomoyo_encode+0x27e/0x540
[ 77.646192][ T4272] tomoyo_path_perm+0x2fc/0x510
[ 77.651037][ T4272] tomoyo_path_symlink+0xa0/0xe0
[ 77.655982][ T4272] security_path_symlink+0xdc/0x130
[ 77.661179][ T4272] do_symlinkat+0xff/0x6c0
[ 77.665597][ T4272] __x64_sys_symlink+0x7a/0x90
[ 77.670367][ T4272] do_syscall_64+0x4c/0xa0
[ 77.674790][ T4272] entry_SYSCALL_64_after_hwframe+0x66/0xd0
[ 77.680696][ T4272]
[ 77.683021][ T4272] Memory state around the buggy address:
[ 77.688659][ T4272] ffff888079c07d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 77.696728][ T4272] ffff888079c07d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 77.704789][ T4272] >ffff888079c07e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 77.712848][ T4272] ^
[ 77.716922][ T4272] ffff888079c07e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 77.724999][ T4272] ffff888079c07f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 77.733076][ T4272] ==================================================================
[ 77.741140][ T4272] Disabling lock debugging due to kernel taint
[ 77.749046][ T4316] Bluetooth: hci0: command 0x040f tx timeout
[ 77.758854][ T4272] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 77.766118][ T4272] CPU: 1 PID: 4272 Comm: kworker/u5:1 Tainted: G B 5.15.189-syzkaller #0
[ 77.775860][ T4272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 77.785946][ T4272] Workqueue: hci0 hci_rx_work
[ 77.790665][ T4272] Call Trace:
[ 77.794028][ T4272]
[ 77.796984][ T4272] dump_stack_lvl+0x168/0x230
[ 77.801707][ T4272] ? show_regs_print_info+0x20/0x20
[ 77.806955][ T4272] ? load_image+0x3b0/0x3b0
[ 77.811531][ T4272] panic+0x2c9/0x7f0
[ 77.815467][ T4272] ? bpf_jit_dump+0xd0/0xd0
[ 77.820001][ T4272] ? _raw_spin_unlock_irqrestore+0xf6/0x100
[ 77.825926][ T4272] ? _raw_spin_unlock+0x40/0x40
[ 77.830826][ T4272] ? hci_le_meta_evt+0x12db/0x3b80
[ 77.835976][ T4272] check_panic_on_warn+0x80/0xa0
[ 77.840946][ T4272] ? hci_le_meta_evt+0x12db/0x3b80
[ 77.846092][ T4272] end_report+0x6d/0xf0
[ 77.850281][ T4272] kasan_report+0x102/0x130
[ 77.854817][ T4272] ? hci_le_meta_evt+0x12db/0x3b80
[ 77.859977][ T4272] hci_le_meta_evt+0x12db/0x3b80
[ 77.864953][ T4272] ? hci_event_packet+0x1f0/0x12f0
[ 77.870101][ T4272] ? hci_remote_host_features_evt+0x280/0x280
[ 77.876199][ T4272] ? __mutex_unlock_slowpath+0x19e/0x6a0
[ 77.881872][ T4272] ? mark_lock+0x94/0x320
[ 77.886247][ T4272] ? mutex_unlock+0x10/0x10
[ 77.890781][ T4272] ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[ 77.896790][ T4272] ? lock_chain_count+0x20/0x20
[ 77.901684][ T4272] ? __rwlock_init+0x140/0x140
[ 77.906492][ T4272] hci_event_packet+0xe05/0x12f0
[ 77.911461][ T4272] ? lockdep_hardirqs_on+0x94/0x140
[ 77.916700][ T4272] ? rcu_lock_release+0x20/0x20
[ 77.921583][ T4272] ? hci_send_to_monitor+0x9c/0x4a0
[ 77.926804][ T4272] hci_rx_work+0x255/0xa10
[ 77.931249][ T4272] process_one_work+0x863/0x1000
[ 77.936217][ T4272] ? worker_detach_from_pool+0x240/0x240
[ 77.941870][ T4272] ? lockdep_hardirqs_off+0x70/0x100
[ 77.947171][ T4272] ? _raw_spin_lock_irq+0xab/0xe0
[ 77.952219][ T4272] ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 77.957733][ T4272] ? wq_worker_running+0x97/0x170
[ 77.962784][ T4272] worker_thread+0xaa8/0x12a0
[ 77.967490][ T4272] kthread+0x436/0x520
[ 77.971574][ T4272] ? rcu_lock_release+0x20/0x20
[ 77.976445][ T4272] ? kthread_blkcg+0xd0/0xd0
[ 77.981039][ T4272] ret_from_fork+0x1f/0x30
[ 77.985471][ T4272]
[ 77.988600][ T4272] Kernel Offset: disabled
[ 77.992932][ T4272] Rebooting in 86400 seconds..