Warning: Permanently added '[localhost]:38067' (ED25519) to the list of known hosts.
2025/05/14 08:54:11 ignoring optional flag "sandboxArg"="0"
2025/05/14 08:54:12 parsed 1 programs
[   81.384633][   T65] cfg80211: failed to load regulatory.db
[   82.885426][   T40] audit: type=1400 audit(1747212854.653:121): avc:  denied  { unlink } for  pid=6196 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   83.865640][ T6196] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   86.318806][   T40] audit: type=1401 audit(1747212858.083:122): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   86.461662][ T6276] chnl_net:caif_netlink_parms(): no params data found
[   86.655833][ T6276] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.658932][ T6276] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.662028][ T6276] bridge_slave_0: entered allmulticast mode
[   86.667554][ T6276] bridge_slave_0: entered promiscuous mode
[   86.674772][ T6276] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.677873][ T6276] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.680917][ T6276] bridge_slave_1: entered allmulticast mode
[   86.684707][ T6276] bridge_slave_1: entered promiscuous mode
[   86.737879][ T6276] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.745224][ T6276] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.810373][ T6276] team0: Port device team_slave_0 added
[   86.819558][ T6276] team0: Port device team_slave_1 added
[   86.865501][ T6276] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.868474][ T6276] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.880408][ T6276] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.887044][ T6276] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.889949][ T6276] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.900851][ T6276] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   86.940366][ T6276] hsr_slave_0: entered promiscuous mode
[   86.942863][ T6276] hsr_slave_1: entered promiscuous mode
[   87.622162][ T6276] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   87.629233][ T6276] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   87.635335][ T6276] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   87.642345][ T6276] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   87.709431][ T6276] 8021q: adding VLAN 0 to HW filter on device bond0
[   87.724253][ T6276] 8021q: adding VLAN 0 to HW filter on device team0
[   87.728999][   T93] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.731856][   T93] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.745982][ T1142] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.748321][ T1142] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.881303][ T6276] 8021q: adding VLAN 0 to HW filter on device batadv0
[   87.905684][ T6276] veth0_vlan: entered promiscuous mode
[   87.910921][ T6276] veth1_vlan: entered promiscuous mode
[   87.925976][ T6276] veth0_macvtap: entered promiscuous mode
[   87.930274][ T6276] veth1_macvtap: entered promiscuous mode
[   87.945592][ T6276] batman_adv: batadv0: Interface activated: batadv_slave_0
[   87.957068][ T6276] batman_adv: batadv0: Interface activated: batadv_slave_1
[   87.962254][ T6276] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.966313][ T6276] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.969586][ T6276] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.972246][ T6276] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   88.074764][   T66] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.149031][   T66] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.219953][   T66] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.313984][   T66] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   88.468499][   T93] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.470976][   T93] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.487185][   T93] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.489710][   T93] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.857584][ T5288] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   88.861466][ T5288] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   88.865074][ T5288] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   88.868998][ T5288] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   88.872399][ T5288] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2025/05/14 08:54:21 executed programs: 0
[   89.676966][   T68] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   89.679897][   T68] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   89.682479][   T68] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   89.685417][   T68] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   89.687954][   T68] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   89.792333][ T6432] chnl_net:caif_netlink_parms(): no params data found
[   89.902758][ T6432] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.905842][ T6432] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.908851][ T6432] bridge_slave_0: entered allmulticast mode
[   89.912806][ T6432] bridge_slave_0: entered promiscuous mode
[   89.916487][ T6432] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.918755][ T6432] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.921033][ T6432] bridge_slave_1: entered allmulticast mode
[   89.924479][ T6432] bridge_slave_1: entered promiscuous mode
[   89.972351][ T6432] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.978148][ T6432] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.030326][ T6432] team0: Port device team_slave_0 added
[   90.036399][ T6432] team0: Port device team_slave_1 added
[   90.085005][ T6432] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.087851][ T6432] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.097404][ T6432] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.103920][ T6432] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.106273][ T6432] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.114649][ T6432] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.159086][ T6432] hsr_slave_0: entered promiscuous mode
[   90.161846][ T6432] hsr_slave_1: entered promiscuous mode
[   90.164655][ T6432] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   90.167509][ T6432] Cannot create hsr debugfs directory
[   90.883241][   T66] bridge_slave_1: left allmulticast mode
[   90.885517][   T66] bridge_slave_1: left promiscuous mode
[   90.888338][   T66] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.894130][   T66] bridge_slave_0: left allmulticast mode
[   90.896504][   T66] bridge_slave_0: left promiscuous mode
[   90.898932][   T66] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.173961][   T66] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   91.179628][   T66] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   91.184023][   T66] bond0 (unregistering): Released all slaves
[   91.328584][   T66] hsr_slave_0: left promiscuous mode
[   91.332418][   T66] hsr_slave_1: left promiscuous mode
[   91.335673][   T66] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   91.338718][   T66] batman_adv: batadv0: Removing interface: batadv_slave_0
[   91.342091][   T66] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   91.344746][   T66] batman_adv: batadv0: Removing interface: batadv_slave_1
[   91.360478][   T66] veth1_macvtap: left promiscuous mode
[   91.362413][   T66] veth0_macvtap: left promiscuous mode
[   91.364391][   T66] veth1_vlan: left promiscuous mode
[   91.366184][   T66] veth0_vlan: left promiscuous mode
[   91.704542][ T5288] Bluetooth: hci0: command tx timeout
[   91.766370][   T66] team0 (unregistering): Port device team_slave_1 removed
[   91.810790][   T66] team0 (unregistering): Port device team_slave_0 removed
[   92.603960][ T6432] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   92.609325][ T6432] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   92.616211][ T6432] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   92.620201][ T6432] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   92.670999][ T6432] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.681258][ T6432] 8021q: adding VLAN 0 to HW filter on device team0
[   92.688777][   T93] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.691062][   T93] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.698115][ T1142] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.700369][ T1142] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.949999][ T6432] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.983669][ T6432] veth0_vlan: entered promiscuous mode
[   92.991369][ T6432] veth1_vlan: entered promiscuous mode
[   93.009539][ T6432] veth0_macvtap: entered promiscuous mode
[   93.015364][ T6432] veth1_macvtap: entered promiscuous mode
[   93.030577][ T6432] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.036478][ T6432] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.041345][ T6432] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.045555][ T6432] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.048304][ T6432] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.051013][ T6432] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.131651][ T1142] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.134290][ T1142] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.147888][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.150438][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.175382][   T40] audit: type=1400 audit(1747212864.943:123): avc:  denied  { create } for  pid=6509 comm="syz.0.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   93.181753][   T40] audit: type=1400 audit(1747212864.943:124): avc:  denied  { map_create } for  pid=6509 comm="syz.0.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   93.190919][   T40] audit: type=1400 audit(1747212864.943:125): avc:  denied  { read } for  pid=6509 comm="syz.0.16" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   93.199353][   T40] audit: type=1400 audit(1747212864.943:126): avc:  denied  { open } for  pid=6509 comm="syz.0.16" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   93.208791][   T40] audit: type=1400 audit(1747212864.943:127): avc:  denied  { ioctl } for  pid=6509 comm="syz.0.16" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[   93.235982][   T40] audit: type=1400 audit(1747212865.003:128): avc:  denied  { bind } for  pid=6509 comm="syz.0.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   93.242379][ T6510] Bluetooth: MGMT ver 1.23
[   93.242707][   T40] audit: type=1400 audit(1747212865.003:129): avc:  denied  { write } for  pid=6509 comm="syz.0.16" path="socket:[12458]" dev="sockfs" ino=12458 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   93.244762][ T5288] ==================================================================
[   93.255588][ T5288] BUG: KASAN: slab-out-of-bounds in hci_cmd_sync_alloc+0x300/0x3a0
[   93.258005][ T5288] Read of size 29542 at addr ffff888022cde026 by task kworker/u33:1/5288
[   93.262435][ T5288] 
[   93.263443][ T5288] CPU: 0 UID: 0 PID: 5288 Comm: kworker/u33:1 Not tainted 6.15.0-rc6-syzkaller-g9f35e33144ae #0 PREEMPT(full) 
[   93.263458][ T5288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   93.263466][ T5288] Workqueue: hci0 hci_cmd_sync_work
[   93.263481][ T5288] Call Trace:
[   93.263486][ T5288]  <TASK>
[   93.263490][ T5288]  dump_stack_lvl+0x116/0x1f0
[   93.263507][ T5288]  print_report+0xc3/0x670
[   93.263519][ T5288]  ? __virt_addr_valid+0x5e/0x590
[   93.263535][ T5288]  ? __phys_addr+0xc6/0x150
[   93.263550][ T5288]  ? hci_cmd_sync_alloc+0x300/0x3a0
[   93.263562][ T5288]  kasan_report+0xe0/0x110
[   93.263573][ T5288]  ? hci_cmd_sync_alloc+0x300/0x3a0
[   93.263586][ T5288]  kasan_check_range+0xef/0x1a0
[   93.263600][ T5288]  __asan_memcpy+0x23/0x60
[   93.263618][ T5288]  hci_cmd_sync_alloc+0x300/0x3a0
[   93.263631][ T5288]  __hci_cmd_sync_sk+0x157/0xc90
[   93.263644][ T5288]  ? __pfx___hci_cmd_sync_sk+0x10/0x10
[   93.263656][ T5288]  ? __pfx___might_resched+0x10/0x10
[   93.263672][ T5288]  ? rcu_is_watching+0x12/0xc0
[   93.263685][ T5288]  ? trace_contention_end+0xdd/0x130
[   93.263697][ T5288]  ? __pfx___mutex_lock+0x10/0x10
[   93.263713][ T5288]  ? __lock_acquire+0xaa4/0x1ba0
[   93.263731][ T5288]  __hci_cmd_sync_ev+0x3e/0x50
[   93.263744][ T5288]  send_hci_cmd_sync+0x18d/0x3f0
[   93.263756][ T5288]  hci_cmd_sync_work+0x1a8/0x430
[   93.263769][ T5288]  process_one_work+0x9cf/0x1b70
[   93.263783][ T5288]  ? __pfx_process_one_work+0x10/0x10
[   93.263796][ T5288]  ? assign_work+0x1a0/0x250
[   93.263807][ T5288]  worker_thread+0x6c8/0xf10
[   93.263821][ T5288]  ? __pfx_worker_thread+0x10/0x10
[   93.263832][ T5288]  kthread+0x3c2/0x780
[   93.263843][ T5288]  ? __pfx_kthread+0x10/0x10
[   93.263852][ T5288]  ? __pfx_kthread+0x10/0x10
[   93.263867][ T5288]  ? __pfx_kthread+0x10/0x10
[   93.263876][ T5288]  ? __pfx_kthread+0x10/0x10
[   93.263886][ T5288]  ? rcu_is_watching+0x12/0xc0
[   93.263899][ T5288]  ? __pfx_kthread+0x10/0x10
[   93.263909][ T5288]  ret_from_fork+0x45/0x80
[   93.263919][ T5288]  ? __pfx_kthread+0x10/0x10
[   93.263929][ T5288]  ret_from_fork_asm+0x1a/0x30
[   93.263948][ T5288]  </TASK>
[   93.263952][ T5288] 
[   93.331674][ T5288] Allocated by task 6510:
[   93.333075][ T5288]  kasan_save_stack+0x33/0x60
[   93.334588][ T5288]  kasan_save_track+0x14/0x30
[   93.336093][ T5288]  __kasan_kmalloc+0xaa/0xb0
[   93.337597][ T5288]  __kmalloc_node_track_caller_noprof+0x221/0x510
[   93.339620][ T5288]  kmemdup_noprof+0x29/0x60
[   93.341073][ T5288]  mgmt_pending_new+0x10b/0x290
[   93.342923][ T5288]  mgmt_hci_cmd_sync+0x58/0x1c0
[   93.344464][ T5288]  hci_sock_sendmsg+0x151f/0x25e0
[   93.346109][ T5288]  sock_write_iter+0x4fc/0x5b0
[   93.347612][ T5288]  vfs_write+0x5ba/0x1180
[   93.349004][ T5288]  ksys_write+0x205/0x240
[   93.350372][ T5288]  do_syscall_64+0xcd/0x260
[   93.351836][ T5288]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.353698][ T5288] 
[   93.354465][ T5288] The buggy address belongs to the object at ffff888022cde020
[   93.354465][ T5288]  which belongs to the cache kmalloc-8 of size 8
[   93.358639][ T5288] The buggy address is located 6 bytes inside of
[   93.358639][ T5288]  allocated 7-byte region [ffff888022cde020, ffff888022cde027)
[   93.363116][ T5288] 
[   93.363952][ T5288] The buggy address belongs to the physical page:
[   93.365963][ T5288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22cde
[   93.368680][ T5288] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   93.370886][ T5288] page_type: f5(slab)
[   93.372191][ T5288] raw: 00fff00000000000 ffff88801b442500 ffffea0000c7e040 dead000000000002
[   93.374838][ T5288] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   93.377535][ T5288] page dumped because: kasan: bad access detected
[   93.379451][ T5288] page_owner tracks the page as allocated
[   93.381147][ T5288] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 10965224887, free_ts 10733805579
[   93.386821][ T5288]  post_alloc_hook+0x181/0x1b0
[   93.388344][ T5288]  get_page_from_freelist+0x135c/0x3920
[   93.390084][ T5288]  __alloc_frozen_pages_noprof+0x263/0x23a0
[   93.391973][ T5288]  alloc_pages_mpol+0x1fb/0x550
[   93.393554][ T5288]  new_slab+0x244/0x340
[   93.394894][ T5288]  ___slab_alloc+0xd9c/0x1940
[   93.396404][ T5288]  __slab_alloc.constprop.0+0x56/0xb0
[   93.398081][ T5288]  __kmalloc_noprof+0x2f2/0x510
[   93.399624][ T5288]  usb_get_status+0x7a/0x270
[   93.401137][ T5288]  hub_probe+0x1835/0x3340
[   93.402610][ T5288]  usb_probe_interface+0x300/0x9c0
[   93.404220][ T5288]  really_probe+0x23e/0xa90
[   93.405664][ T5288]  __driver_probe_device+0x1de/0x440
[   93.407338][ T5288]  driver_probe_device+0x4c/0x1b0
[   93.408990][ T5288]  __device_attach_driver+0x1df/0x310
[   93.410682][ T5288]  bus_for_each_drv+0x156/0x1e0
[   93.412290][ T5288] page last free pid 29 tgid 29 stack trace:
[   93.414186][ T5288]  __free_frozen_pages+0x69d/0xff0
[   93.415801][ T5288]  vfree+0x176/0x960
[   93.417051][ T5288]  delayed_vfree_work+0x56/0x70
[   93.418577][ T5288]  process_one_work+0x9cf/0x1b70
[   93.420133][ T5288]  worker_thread+0x6c8/0xf10
[   93.421696][ T5288]  kthread+0x3c2/0x780
[   93.423115][ T5288]  ret_from_fork+0x45/0x80
[   93.424757][ T5288]  ret_from_fork_asm+0x1a/0x30
[   93.426521][ T5288] 
[   93.427415][ T5288] Memory state around the buggy address:
[   93.429456][ T5288]  ffff888022cddf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   93.432356][ T5288]  ffff888022cddf80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[   93.435217][ T5288] >ffff888022cde000: fa fc fc fc 07 fc fc fc fa fc fc fc fa fc fc fc
[   93.438409][ T5288]                                ^
[   93.440367][ T5288]  ffff888022cde080: 00 fc fc fc 06 fc fc fc 06 fc fc fc 06 fc fc fc
[   93.443086][ T5288]  ffff888022cde100: 06 fc fc fc fa fc fc fc 00 fc fc fc fa fc fc fc
[   93.445580][ T5288] ==================================================================
[   93.449354][ T5288] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   93.451793][ T5288] CPU: 3 UID: 0 PID: 5288 Comm: kworker/u33:1 Not tainted 6.15.0-rc6-syzkaller-g9f35e33144ae #0 PREEMPT(full) 
[   93.455598][ T5288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   93.459141][ T5288] Workqueue: hci0 hci_cmd_sync_work
[   93.460902][ T5288] Call Trace:
[   93.462082][ T5288]  <TASK>
[   93.463079][ T5288]  dump_stack_lvl+0x3d/0x1f0
[   93.464629][ T5288]  panic+0x71c/0x800
[   93.465989][ T5288]  ? __pfx_panic+0x10/0x10
[   93.467684][ T5288]  ? irqentry_exit+0x3b/0x90
[   93.469668][ T5288]  ? lockdep_hardirqs_on+0x7c/0x110
[   93.471849][ T5288]  ? preempt_schedule_thunk+0x16/0x30
[   93.474053][ T5288]  ? hci_cmd_sync_alloc+0x300/0x3a0
[   93.476281][ T5288]  ? preempt_schedule_common+0x44/0xc0
[   93.478160][ T5288]  ? check_panic_on_warn+0x1f/0xb0
[   93.479768][ T5288]  ? hci_cmd_sync_alloc+0x300/0x3a0
[   93.481444][ T5288]  check_panic_on_warn+0xab/0xb0
[   93.483430][ T5288]  end_report+0x107/0x170
[   93.485271][ T5288]  kasan_report+0xee/0x110
[   93.487179][ T5288]  ? hci_cmd_sync_alloc+0x300/0x3a0
[   93.489165][ T5288]  kasan_check_range+0xef/0x1a0
[   93.490758][ T5288]  __asan_memcpy+0x23/0x60
[   93.492395][ T5288]  hci_cmd_sync_alloc+0x300/0x3a0
[   93.494108][ T5288]  __hci_cmd_sync_sk+0x157/0xc90
[   93.495674][ T5288]  ? __pfx___hci_cmd_sync_sk+0x10/0x10
[   93.497401][ T5288]  ? __pfx___might_resched+0x10/0x10
[   93.499099][ T5288]  ? rcu_is_watching+0x12/0xc0
[   93.500635][ T5288]  ? trace_contention_end+0xdd/0x130
[   93.502355][ T5288]  ? __pfx___mutex_lock+0x10/0x10
[   93.503969][ T5288]  ? __lock_acquire+0xaa4/0x1ba0
[   93.505558][ T5288]  __hci_cmd_sync_ev+0x3e/0x50
[   93.507271][ T5288]  send_hci_cmd_sync+0x18d/0x3f0
[   93.509220][ T5288]  hci_cmd_sync_work+0x1a8/0x430
[   93.510810][ T5288]  process_one_work+0x9cf/0x1b70
[   93.512473][ T5288]  ? __pfx_process_one_work+0x10/0x10
[   93.514230][ T5288]  ? assign_work+0x1a0/0x250
[   93.515906][ T5288]  worker_thread+0x6c8/0xf10
[   93.517487][ T5288]  ? __pfx_worker_thread+0x10/0x10
[   93.519197][ T5288]  kthread+0x3c2/0x780
[   93.520692][ T5288]  ? __pfx_kthread+0x10/0x10
[   93.522281][ T5288]  ? __pfx_kthread+0x10/0x10
[   93.523820][ T5288]  ? __pfx_kthread+0x10/0x10
[   93.525362][ T5288]  ? __pfx_kthread+0x10/0x10
[   93.527035][ T5288]  ? rcu_is_watching+0x12/0xc0
[   93.528775][ T5288]  ? __pfx_kthread+0x10/0x10
[   93.530505][ T5288]  ret_from_fork+0x45/0x80
[   93.532041][ T5288]  ? __pfx_kthread+0x10/0x10
[   93.533566][ T5288]  ret_from_fork_asm+0x1a/0x30
[   93.535125][ T5288]  </TASK>
[   93.536882][ T5288] Kernel Offset: disabled
[   93.538328][ T5288] Rebooting in 86400 seconds..