[ 76.867755][ T7] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.144' (ED25519) to the list of known hosts.
2024/05/06 20:50:11 ignoring optional flag "sandboxArg"="0"
2024/05/06 20:50:11 parsed 1 programs
2024/05/06 20:50:13 executed programs: 0
[ 83.613504][ T5428] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 83.667313][ T4483] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 83.675016][ T4483] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 83.682789][ T4483] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 83.690808][ T4483] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 83.699326][ T4483] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 83.707299][ T4483] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 83.819518][ T5434] chnl_net:caif_netlink_parms(): no params data found
[ 83.872204][ T5434] bridge0: port 1(bridge_slave_0) entered blocking state
[ 83.879538][ T5434] bridge0: port 1(bridge_slave_0) entered disabled state
[ 83.886769][ T5434] bridge_slave_0: entered allmulticast mode
[ 83.893461][ T5434] bridge_slave_0: entered promiscuous mode
[ 83.901913][ T5434] bridge0: port 2(bridge_slave_1) entered blocking state
[ 83.909309][ T5434] bridge0: port 2(bridge_slave_1) entered disabled state
[ 83.916913][ T5434] bridge_slave_1: entered allmulticast mode
[ 83.923687][ T5434] bridge_slave_1: entered promiscuous mode
[ 83.947886][ T5434] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 83.959446][ T5434] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 83.985156][ T5434] team0: Port device team_slave_0 added
[ 83.994168][ T5434] team0: Port device team_slave_1 added
[ 84.015192][ T5434] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 84.022203][ T5434] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 84.049191][ T5434] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 84.061637][ T5434] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 84.069726][ T5434] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 84.095771][ T5434] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 84.129736][ T5434] hsr_slave_0: entered promiscuous mode
[ 84.136184][ T5434] hsr_slave_1: entered promiscuous mode
[ 84.672253][ T5434] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 84.682840][ T5434] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 84.695170][ T5434] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 84.707645][ T5434] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 84.739811][ T5434] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.747029][ T5434] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 84.754508][ T5434] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.761723][ T5434] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 84.843565][ T5434] 8021q: adding VLAN 0 to HW filter on device bond0
[ 84.870520][ T5098] bridge0: port 1(bridge_slave_0) entered disabled state
[ 84.879568][ T5098] bridge0: port 2(bridge_slave_1) entered disabled state
[ 84.899745][ T5434] 8021q: adding VLAN 0 to HW filter on device team0
[ 84.914375][ T5098] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.921594][ T5098] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 84.957023][ T5098] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.964195][ T5098] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 85.163500][ T5434] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 85.223502][ T5434] veth0_vlan: entered promiscuous mode
[ 85.239587][ T5434] veth1_vlan: entered promiscuous mode
[ 85.283018][ T5434] veth0_macvtap: entered promiscuous mode
[ 85.294562][ T5434] veth1_macvtap: entered promiscuous mode
[ 85.321313][ T5434] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 85.340170][ T5434] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 85.354274][ T5434] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.367711][ T5434] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.379586][ T5434] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.390043][ T5434] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 85.483047][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.507493][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.538779][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.549961][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.601361][ T4483] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
[ 85.612540][ T4483] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4483, name: kworker/u9:1
[ 85.622048][ T4483] preempt_count: 0, expected: 0
[ 85.627138][ T4483] RCU nest depth: 1, expected: 0
[ 85.632102][ T4483] 4 locks held by kworker/u9:1/4483:
[ 85.637644][ T4483] #0: ffff88807cbc8948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x8e0/0x17c0
[ 85.649062][ T4483] #1: ffffc9000dd6fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x91b/0x17c0
[ 85.665742][ T4483] #2: ffff888024524078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[ 85.676619][ T4483] #3: ffffffff8e334da0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[ 85.687638][ T4483] CPU: 1 PID: 4483 Comm: kworker/u9:1 Not tainted 6.9.0-rc7-syzkaller-gee5b455b0ada #0
[ 85.697295][ T4483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 85.707395][ T4483] Workqueue: hci0 hci_rx_work
[ 85.712107][ T4483] Call Trace:
[ 85.715404][ T4483]
[ 85.718354][ T4483] dump_stack_lvl+0x241/0x360
[ 85.723066][ T4483] ? __pfx_dump_stack_lvl+0x10/0x10
[ 85.728313][ T4483] ? __pfx__printk+0x10/0x10
[ 85.732944][ T4483] __might_resched+0x5d4/0x780
[ 85.737737][ T4483] ? __mutex_lock+0x112/0xd70
[ 85.742437][ T4483] ? __pfx___might_resched+0x10/0x10
[ 85.747765][ T4483] __mutex_lock+0xc1/0xd70
[ 85.752195][ T4483] ? __pfx_lock_acquire+0x10/0x10
[ 85.757217][ T4483] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 85.763453][ T4483] ? __pfx_lock_release+0x10/0x10
[ 85.768475][ T4483] ? __pfx___mutex_lock+0x10/0x10
[ 85.773498][ T4483] ? trace_contention_end+0x3c/0x120
[ 85.778782][ T4483] ? skb_pull_data+0x112/0x230
[ 85.783541][ T4483] ? hci_conn_set_handle+0x19a/0x270
[ 85.788831][ T4483] hci_le_create_big_complete_evt+0x3d9/0xae0
[ 85.794891][ T4483] ? __copy_skb_header+0x437/0x5b0
[ 85.800000][ T4483] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 85.806153][ T4483] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 85.812738][ T4483] ? hci_le_meta_evt+0x366/0x580
[ 85.817676][ T4483] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 85.824257][ T4483] hci_event_packet+0xa53/0x1540
[ 85.829198][ T4483] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 85.834488][ T4483] ? __pfx_hci_event_packet+0x10/0x10
[ 85.839854][ T4483] ? do_raw_spin_unlock+0x13c/0x8b0
[ 85.845053][ T4483] ? kcov_remote_start+0x9e/0x7e0
[ 85.850080][ T4483] ? hci_send_to_monitor+0xd8/0x7f0
[ 85.855272][ T4483] ? skb_dequeue+0x113/0x150
[ 85.859866][ T4483] hci_rx_work+0x3e8/0xca0
[ 85.864287][ T4483] ? process_scheduled_works+0x91b/0x17c0
[ 85.870002][ T4483] process_scheduled_works+0xa10/0x17c0
[ 85.875569][ T4483] ? __pfx_process_scheduled_works+0x10/0x10
[ 85.881563][ T4483] ? assign_work+0x364/0x3d0
[ 85.886161][ T4483] worker_thread+0x86d/0xd70
[ 85.890752][ T4483] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 85.896646][ T4483] ? __kthread_parkme+0x169/0x1d0
[ 85.901676][ T4483] ? __pfx_worker_thread+0x10/0x10
[ 85.906788][ T4483] kthread+0x2f0/0x390
[ 85.910857][ T4483] ? __pfx_worker_thread+0x10/0x10
[ 85.915963][ T4483] ? __pfx_kthread+0x10/0x10
[ 85.920554][ T4483] ret_from_fork+0x4b/0x80
[ 85.924989][ T4483] ? __pfx_kthread+0x10/0x10
[ 85.929586][ T4483] ret_from_fork_asm+0x1a/0x30
[ 85.934367][ T4483]
[ 85.945636][ T4483]
[ 85.947978][ T4483] =============================
[ 85.952914][ T4483] [ BUG: Invalid wait context ]
[ 85.957762][ T4483] 6.9.0-rc7-syzkaller-gee5b455b0ada #0 Tainted: G W
[ 85.965738][ T4483] -----------------------------
[ 85.970593][ T4483] kworker/u9:1/4483 is trying to lock:
[ 85.976055][ T4483] ffffffff8f70faa8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0
[ 85.986689][ T4483] other info that might help us debug this:
[ 85.992577][ T4483] context-{4:4}
[ 85.996035][ T4483] 4 locks held by kworker/u9:1/4483:
[ 86.001348][ T4483] #0: ffff88807cbc8948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x8e0/0x17c0
[ 86.012347][ T4483] #1: ffffc9000dd6fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x91b/0x17c0
[ 86.024373][ T4483] #2: ffff888024524078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[ 86.034925][ T4483] #3: ffffffff8e334da0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[ 86.045651][ T4483] stack backtrace:
[ 86.049377][ T4483] CPU: 1 PID: 4483 Comm: kworker/u9:1 Tainted: G W 6.9.0-rc7-syzkaller-gee5b455b0ada #0
[ 86.060577][ T4483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 86.070653][ T4483] Workqueue: hci0 hci_rx_work
[ 86.075355][ T4483] Call Trace:
[ 86.078643][ T4483]
[ 86.081581][ T4483] dump_stack_lvl+0x241/0x360
[ 86.086279][ T4483] ? __pfx_dump_stack_lvl+0x10/0x10
[ 86.091497][ T4483] ? __pfx__printk+0x10/0x10
[ 86.096114][ T4483] __lock_acquire+0x1507/0x1fd0
[ 86.100993][ T4483] lock_acquire+0x1ed/0x550
[ 86.105508][ T4483] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 86.111774][ T4483] ? __pfx_lock_acquire+0x10/0x10
[ 86.116984][ T4483] ? __mutex_lock+0x112/0xd70
[ 86.121676][ T4483] ? __pfx___might_resched+0x10/0x10
[ 86.126980][ T4483] __mutex_lock+0x136/0xd70
[ 86.131502][ T4483] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 86.137865][ T4483] ? __pfx_lock_acquire+0x10/0x10
[ 86.142914][ T4483] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 86.149263][ T4483] ? __pfx_lock_release+0x10/0x10
[ 86.154306][ T4483] ? __pfx___mutex_lock+0x10/0x10
[ 86.159348][ T4483] ? trace_contention_end+0x3c/0x120
[ 86.164654][ T4483] ? skb_pull_data+0x112/0x230
[ 86.169438][ T4483] ? hci_conn_set_handle+0x19a/0x270
[ 86.174739][ T4483] hci_le_create_big_complete_evt+0x3d9/0xae0
[ 86.180817][ T4483] ? __copy_skb_header+0x437/0x5b0
[ 86.185945][ T4483] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 86.192119][ T4483] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 86.198811][ T4483] ? hci_le_meta_evt+0x366/0x580
[ 86.203770][ T4483] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 86.210375][ T4483] hci_event_packet+0xa53/0x1540
[ 86.215333][ T4483] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 86.220646][ T4483] ? __pfx_hci_event_packet+0x10/0x10
[ 86.226030][ T4483] ? do_raw_spin_unlock+0x13c/0x8b0
[ 86.231259][ T4483] ? kcov_remote_start+0x9e/0x7e0
[ 86.236302][ T4483] ? hci_send_to_monitor+0xd8/0x7f0
[ 86.241593][ T4483] ? skb_dequeue+0x113/0x150
[ 86.246201][ T4483] hci_rx_work+0x3e8/0xca0
[ 86.250645][ T4483] ? process_scheduled_works+0x91b/0x17c0
[ 86.256381][ T4483] process_scheduled_works+0xa10/0x17c0
[ 86.261959][ T4483] ? __pfx_process_scheduled_works+0x10/0x10
[ 86.267959][ T4483] ? assign_work+0x364/0x3d0
[ 86.272555][ T4483] worker_thread+0x86d/0xd70
[ 86.277142][ T4483] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 86.283208][ T4483] ? __kthread_parkme+0x169/0x1d0
[ 86.288232][ T4483] ? __pfx_worker_thread+0x10/0x10
[ 86.293334][ T4483] kthread+0x2f0/0x390
[ 86.297396][ T4483] ? __pfx_worker_thread+0x10/0x10
[ 86.302497][ T4483] ? __pfx_kthread+0x10/0x10
[ 86.307081][ T4483] ret_from_fork+0x4b/0x80
[ 86.311494][ T4483] ? __pfx_kthread+0x10/0x10
[ 86.316078][ T4483] ret_from_fork_asm+0x1a/0x30
[ 86.320844][ T4483]
[ 86.344720][ T4483] ==================================================================
[ 86.352823][ T4483] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0
[ 86.361851][ T4483] Read of size 8 at addr ffff888046404000 by task kworker/u9:1/4483
[ 86.369816][ T4483]
[ 86.372132][ T4483] CPU: 1 PID: 4483 Comm: kworker/u9:1 Tainted: G W 6.9.0-rc7-syzkaller-gee5b455b0ada #0
[ 86.383226][ T4483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 86.393285][ T4483] Workqueue: hci0 hci_rx_work
[ 86.397973][ T4483] Call Trace:
[ 86.401255][ T4483]
[ 86.404181][ T4483] dump_stack_lvl+0x241/0x360
[ 86.408863][ T4483] ? __pfx_dump_stack_lvl+0x10/0x10
[ 86.414060][ T4483] ? __pfx__printk+0x10/0x10
[ 86.418648][ T4483] ? _printk+0xd5/0x120
[ 86.422885][ T4483] ? __virt_addr_valid+0x183/0x520
[ 86.428003][ T4483] ? __virt_addr_valid+0x183/0x520
[ 86.433129][ T4483] print_report+0x169/0x550
[ 86.437638][ T4483] ? __virt_addr_valid+0x183/0x520
[ 86.442744][ T4483] ? __virt_addr_valid+0x183/0x520
[ 86.447848][ T4483] ? __virt_addr_valid+0x44e/0x520
[ 86.452953][ T4483] ? __phys_addr+0xba/0x170
[ 86.457452][ T4483] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 86.463683][ T4483] kasan_report+0x143/0x180
[ 86.468188][ T4483] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 86.474421][ T4483] hci_le_create_big_complete_evt+0x383/0xae0
[ 86.480479][ T4483] ? __copy_skb_header+0x437/0x5b0
[ 86.485586][ T4483] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 86.491760][ T4483] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 86.498377][ T4483] ? hci_le_meta_evt+0x366/0x580
[ 86.503312][ T4483] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 86.509891][ T4483] hci_event_packet+0xa53/0x1540
[ 86.514826][ T4483] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 86.520112][ T4483] ? __pfx_hci_event_packet+0x10/0x10
[ 86.525476][ T4483] ? do_raw_spin_unlock+0x13c/0x8b0
[ 86.530670][ T4483] ? kcov_remote_start+0x9e/0x7e0
[ 86.535691][ T4483] ? hci_send_to_monitor+0xd8/0x7f0
[ 86.540879][ T4483] ? skb_dequeue+0x113/0x150
[ 86.545461][ T4483] hci_rx_work+0x3e8/0xca0
[ 86.549876][ T4483] ? process_scheduled_works+0x91b/0x17c0
[ 86.555588][ T4483] process_scheduled_works+0xa10/0x17c0
[ 86.561136][ T4483] ? __pfx_process_scheduled_works+0x10/0x10
[ 86.567109][ T4483] ? assign_work+0x364/0x3d0
[ 86.571695][ T4483] worker_thread+0x86d/0xd70
[ 86.576280][ T4483] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 86.582167][ T4483] ? __kthread_parkme+0x169/0x1d0
[ 86.587195][ T4483] ? __pfx_worker_thread+0x10/0x10
[ 86.592297][ T4483] kthread+0x2f0/0x390
[ 86.596356][ T4483] ? __pfx_worker_thread+0x10/0x10
[ 86.601454][ T4483] ? __pfx_kthread+0x10/0x10
[ 86.606038][ T4483] ret_from_fork+0x4b/0x80
[ 86.610446][ T4483] ? __pfx_kthread+0x10/0x10
[ 86.615027][ T4483] ret_from_fork_asm+0x1a/0x30
[ 86.619791][ T4483]
[ 86.622800][ T4483]
[ 86.625111][ T4483] Allocated by task 4483:
[ 86.629421][ T4483] kasan_save_track+0x3f/0x80
[ 86.634091][ T4483] __kasan_kmalloc+0x98/0xb0
[ 86.638672][ T4483] kmalloc_trace+0x1db/0x370
[ 86.643254][ T4483] hci_conn_add+0xc7/0x13a0
[ 86.647746][ T4483] hci_le_big_sync_established_evt+0x1cf/0xb90
[ 86.653885][ T4483] hci_event_packet+0xa53/0x1540
[ 86.658815][ T4483] hci_rx_work+0x3e8/0xca0
[ 86.663310][ T4483] process_scheduled_works+0xa10/0x17c0
[ 86.668844][ T4483] worker_thread+0x86d/0xd70
[ 86.673419][ T4483] kthread+0x2f0/0x390
[ 86.677477][ T4483] ret_from_fork+0x4b/0x80
[ 86.681887][ T4483] ret_from_fork_asm+0x1a/0x30
[ 86.686647][ T4483]
[ 86.688956][ T4483] Freed by task 4483:
[ 86.692924][ T4483] kasan_save_track+0x3f/0x80
[ 86.697591][ T4483] kasan_save_free_info+0x40/0x50
[ 86.702605][ T4483] poison_slab_object+0xa6/0xe0
[ 86.707450][ T4483] __kasan_slab_free+0x37/0x60
[ 86.712203][ T4483] kfree+0x153/0x3b0
[ 86.716084][ T4483] device_release+0x99/0x1c0
[ 86.720661][ T4483] kobject_put+0x22f/0x480
[ 86.725079][ T4483] hci_conn_del+0x900/0xc80
[ 86.729580][ T4483] hci_le_create_big_complete_evt+0x619/0xae0
[ 86.735636][ T4483] hci_event_packet+0xa53/0x1540
[ 86.740563][ T4483] hci_rx_work+0x3e8/0xca0
[ 86.744974][ T4483] process_scheduled_works+0xa10/0x17c0
[ 86.750507][ T4483] worker_thread+0x86d/0xd70
[ 86.755083][ T4483] kthread+0x2f0/0x390
[ 86.759141][ T4483] ret_from_fork+0x4b/0x80
[ 86.763546][ T4483] ret_from_fork_asm+0x1a/0x30
[ 86.768301][ T4483]
[ 86.770610][ T4483] The buggy address belongs to the object at ffff888046404000
[ 86.770610][ T4483] which belongs to the cache kmalloc-8k of size 8192
[ 86.784909][ T4483] The buggy address is located 0 bytes inside of
[ 86.784909][ T4483] freed 8192-byte region [ffff888046404000, ffff888046406000)
[ 86.798603][ T4483]
[ 86.800914][ T4483] The buggy address belongs to the physical page:
[ 86.807312][ T4483] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x46400
[ 86.816064][ T4483] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 86.823597][ T4483] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 86.831563][ T4483] page_type: 0xffffffff()
[ 86.835889][ T4483] raw: 00fff00000000840 ffff888015042280 dead000000000122 0000000000000000
[ 86.844461][ T4483] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[ 86.853034][ T4483] head: 00fff00000000840 ffff888015042280 dead000000000122 0000000000000000
[ 86.861691][ T4483] head: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
[ 86.870347][ T4483] head: 00fff00000000003 ffffea0001190001 dead000000000122 00000000ffffffff
[ 86.879003][ T4483] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000
[ 86.887657][ T4483] page dumped because: kasan: bad access detected
[ 86.894053][ T4483] page_owner tracks the page as allocated
[ 86.899752][ T4483] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5434, tgid -1708760628 (syz-executor.0), ts 5434, free_ts 55015176077
[ 86.922662][ T4483] post_alloc_hook+0x1ea/0x210
[ 86.927436][ T4483] get_page_from_freelist+0x3410/0x35b0
[ 86.932980][ T4483] __alloc_pages+0x256/0x6c0
[ 86.937556][ T4483] alloc_slab_page+0x5f/0x160
[ 86.942228][ T4483] new_slab+0x84/0x2f0
[ 86.946287][ T4483] ___slab_alloc+0xc73/0x1260
[ 86.950955][ T4483] kmalloc_trace+0x269/0x370
[ 86.955531][ T4483] macvlan_common_newlink+0x49f/0x1930
[ 86.960976][ T4483] macvtap_newlink+0x154/0x1d0
[ 86.965726][ T4483] rtnl_newlink+0x158f/0x20a0
[ 86.970389][ T4483] rtnetlink_rcv_msg+0x89b/0x10d0
[ 86.975401][ T4483] netlink_rcv_skb+0x1e3/0x430
[ 86.980151][ T4483] netlink_unicast+0x7ea/0x980
[ 86.984906][ T4483] netlink_sendmsg+0x8e1/0xcb0
[ 86.989663][ T4483] __sock_sendmsg+0x221/0x270
[ 86.994328][ T4483] __sys_sendto+0x3a4/0x4f0
[ 86.998815][ T4483] page last free pid 5089 tgid 5089 stack trace:
[ 87.005124][ T4483] free_unref_page_prepare+0x986/0xab0
[ 87.010568][ T4483] free_unref_page+0x37/0x3f0
[ 87.015232][ T4483] vfree+0x186/0x2e0
[ 87.019118][ T4483] kcov_close+0x2b/0x50
[ 87.023270][ T4483] __fput+0x429/0x8a0
[ 87.027251][ T4483] task_work_run+0x24f/0x310
[ 87.031831][ T4483] do_exit+0xa1b/0x27e0
[ 87.035977][ T4483] do_group_exit+0x207/0x2c0
[ 87.040559][ T4483] get_signal+0x16a1/0x1740
[ 87.045046][ T4483] arch_do_signal_or_restart+0x96/0x860
[ 87.050583][ T4483] syscall_exit_to_user_mode+0xc9/0x370
[ 87.056122][ T4483] do_syscall_64+0x102/0x240
[ 87.060705][ T4483] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.066587][ T4483]
[ 87.068897][ T4483] Memory state around the buggy address:
[ 87.074508][ T4483] ffff888046403f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 87.082555][ T4483] ffff888046403f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 87.090621][ T4483] >ffff888046404000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.098677][ T4483] ^
[ 87.102738][ T4483] ffff888046404080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.110792][ T4483] ffff888046404100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 87.118841][ T4483] ==================================================================
[ 87.128089][ T4483] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 87.135305][ T4483] CPU: 1 PID: 4483 Comm: kworker/u9:1 Tainted: G W 6.9.0-rc7-syzkaller-gee5b455b0ada #0
[ 87.146424][ T4483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 87.156514][ T4483] Workqueue: hci0 hci_rx_work
[ 87.161205][ T4483] Call Trace:
[ 87.164508][ T4483]
[ 87.167429][ T4483] dump_stack_lvl+0x241/0x360
[ 87.172105][ T4483] ? __pfx_dump_stack_lvl+0x10/0x10
[ 87.177298][ T4483] ? __pfx__printk+0x10/0x10
[ 87.181879][ T4483] ? rcu_is_watching+0x15/0xb0
[ 87.186639][ T4483] ? preempt_schedule+0xe1/0xf0
[ 87.191486][ T4483] ? vscnprintf+0x5d/0x90
[ 87.195805][ T4483] panic+0x349/0x860
[ 87.199692][ T4483] ? check_panic_on_warn+0x21/0xb0
[ 87.204804][ T4483] ? __pfx_panic+0x10/0x10
[ 87.209215][ T4483] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 87.215282][ T4483] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 87.221600][ T4483] ? print_report+0x502/0x550
[ 87.226273][ T4483] check_panic_on_warn+0x86/0xb0
[ 87.231220][ T4483] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 87.237453][ T4483] end_report+0x77/0x160
[ 87.241692][ T4483] kasan_report+0x154/0x180
[ 87.246191][ T4483] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 87.252425][ T4483] hci_le_create_big_complete_evt+0x383/0xae0
[ 87.258481][ T4483] ? __copy_skb_header+0x437/0x5b0
[ 87.263582][ T4483] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 87.269724][ T4483] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 87.276300][ T4483] ? hci_le_meta_evt+0x366/0x580
[ 87.281232][ T4483] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 87.287828][ T4483] hci_event_packet+0xa53/0x1540
[ 87.292774][ T4483] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 87.298067][ T4483] ? __pfx_hci_event_packet+0x10/0x10
[ 87.303434][ T4483] ? do_raw_spin_unlock+0x13c/0x8b0
[ 87.308635][ T4483] ? kcov_remote_start+0x9e/0x7e0
[ 87.313656][ T4483] ? hci_send_to_monitor+0xd8/0x7f0
[ 87.318845][ T4483] ? skb_dequeue+0x113/0x150
[ 87.323431][ T4483] hci_rx_work+0x3e8/0xca0
[ 87.327846][ T4483] ? process_scheduled_works+0x91b/0x17c0
[ 87.333557][ T4483] process_scheduled_works+0xa10/0x17c0
[ 87.339104][ T4483] ? __pfx_process_scheduled_works+0x10/0x10
[ 87.345078][ T4483] ? assign_work+0x364/0x3d0
[ 87.349659][ T4483] worker_thread+0x86d/0xd70
[ 87.354241][ T4483] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 87.360191][ T4483] ? __kthread_parkme+0x169/0x1d0
[ 87.365221][ T4483] ? __pfx_worker_thread+0x10/0x10
[ 87.370322][ T4483] kthread+0x2f0/0x390
[ 87.374380][ T4483] ? __pfx_worker_thread+0x10/0x10
[ 87.379478][ T4483] ? __pfx_kthread+0x10/0x10
[ 87.384066][ T4483] ret_from_fork+0x4b/0x80
[ 87.388478][ T4483] ? __pfx_kthread+0x10/0x10
[ 87.393058][ T4483] ret_from_fork_asm+0x1a/0x30
[ 87.397818][ T4483]
[ 87.401081][ T4483] Kernel Offset: disabled
[ 87.405390][ T4483] Rebooting in 86400 seconds..