Warning: Permanently added '10.128.0.168' (ED25519) to the list of known hosts. 1970/01/01 00:01:02 ignoring optional flag "type"="gce" 1970/01/01 00:01:03 parsed 1 programs [ 64.373716][ T4418] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 69.011282][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.012559][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.015709][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.021483][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.022762][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.024435][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 69.150418][ T4536] chnl_net:caif_netlink_parms(): no params data found [ 69.168419][ T4536] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.169695][ T4536] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.171333][ T4536] device bridge_slave_0 entered promiscuous mode [ 69.173291][ T4536] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.174623][ T4536] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.176089][ T4536] device bridge_slave_1 entered promiscuous mode [ 69.183588][ T4536] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.186213][ T4536] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.194337][ T4536] team0: Port device team_slave_0 added [ 69.196178][ T4536] team0: Port device team_slave_1 added [ 69.202428][ T4536] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.204250][ T4536] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.208671][ T4536] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.212537][ T4536] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.213780][ T4536] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.218210][ T4536] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.254456][ T4536] device hsr_slave_0 entered promiscuous mode [ 69.293602][ T4536] device hsr_slave_1 entered promiscuous mode [ 69.624599][ T2064] ieee802154 phy0 wpan0: encryption failed: -22 [ 69.625801][ T2064] ieee802154 phy1 wpan1: encryption failed: -22 [ 69.644173][ T3341] cfg80211: failed to load regulatory.db [ 69.921373][ T4536] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 69.945557][ T4536] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 69.994651][ T4536] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.050417][ T4536] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.122134][ T4536] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.132307][ T4536] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.135643][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 70.137160][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 70.139491][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 70.141067][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 70.142848][ T1682] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.144149][ T1682] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.156469][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 70.158163][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 70.159734][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 70.161304][ T1682] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.162518][ T1682] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.166349][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 70.168298][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 70.170036][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 70.172115][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 70.174566][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 70.176434][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 70.181026][ T4536] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 70.182761][ T4536] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 70.192382][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 70.211743][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 70.221433][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 70.223252][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 70.238791][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 70.250163][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 70.278967][ T4536] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.284718][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 70.286058][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 70.288624][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 70.290285][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 70.297646][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 70.299234][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 70.300827][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 70.302137][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 70.305663][ T4536] device veth0_vlan entered promiscuous mode [ 70.310038][ T4536] device veth1_vlan entered promiscuous mode [ 70.317321][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 70.318956][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 70.320480][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 70.322044][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 70.325050][ T4536] device veth0_macvtap entered promiscuous mode [ 70.327291][ T4536] device veth1_macvtap entered promiscuous mode [ 70.332096][ T4536] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.333378][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 70.335638][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 70.337196][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 70.338759][ T1643] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 70.342062][ T4536] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.345282][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 70.346869][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 70.349543][ T4536] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.350972][ T4536] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.352521][ T4536] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.354497][ T4536] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 1970/01/01 00:01:10 executed programs: 0 [ 70.457851][ T4654] chnl_net:caif_netlink_parms(): no params data found [ 70.475709][ T4654] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.476975][ T4654] bridge0: port 1(bridge_slave_0) entered disabled state [ 70.478560][ T4654] device bridge_slave_0 entered promiscuous mode [ 70.480571][ T4654] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.481792][ T4654] bridge0: port 2(bridge_slave_1) entered disabled state [ 70.483260][ T4654] device bridge_slave_1 entered promiscuous mode [ 70.491846][ T4654] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 70.496084][ T4654] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 70.504151][ T4654] team0: Port device team_slave_0 added [ 70.506329][ T4654] team0: Port device team_slave_1 added [ 70.512924][ T4654] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.515647][ T4654] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.519988][ T4654] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.522512][ T4654] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.523962][ T4654] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.528244][ T4654] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.564554][ T4654] device hsr_slave_0 entered promiscuous mode [ 70.603745][ T4654] device hsr_slave_1 entered promiscuous mode [ 70.633731][ T4654] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.635080][ T4654] Cannot create hsr debugfs directory [ 70.668720][ T4654] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.423897][ T3341] Bluetooth: hci0: command 0x0409 tx timeout [ 73.716423][ T4654] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.503946][ T3341] Bluetooth: hci0: command 0x041b tx timeout [ 76.027068][ T4654] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.067466][ T4654] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.212939][ T4654] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 76.255050][ T4654] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.294817][ T4654] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 76.334482][ T4654] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 76.395400][ T4654] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.399130][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 76.400679][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.403155][ T4654] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.406097][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.407759][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.409362][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.410544][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.412413][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 76.416805][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 76.418414][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.419946][ T1682] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.421070][ T1682] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.430651][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 76.432251][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 76.434427][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 76.436133][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.437714][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 76.439338][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 76.440849][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 76.442368][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.444578][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 76.446078][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.447653][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 76.450281][ T4654] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.489152][ T4654] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.494402][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 76.495761][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 76.498301][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 76.500084][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 76.507639][ T4654] device veth0_vlan entered promiscuous mode [ 76.511230][ T4654] device veth1_vlan entered promiscuous mode [ 76.516403][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 76.518000][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.519669][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 76.521029][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 76.522508][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 76.524288][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 76.529466][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 76.531132][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.533410][ T4654] device veth0_macvtap entered promiscuous mode [ 76.536254][ T4654] device veth1_macvtap entered promiscuous mode [ 76.541149][ T4654] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.542940][ T4654] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.545264][ T4654] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.546732][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 76.548351][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.549941][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.551525][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.556614][ T4654] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.558328][ T4654] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.560476][ T4654] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.562690][ T4654] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.564694][ T4654] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.566228][ T4654] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.567682][ T4654] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.570449][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 76.572066][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 76.583675][ T4159] Bluetooth: hci0: command 0x040f tx timeout [ 76.599953][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.601318][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.602672][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 76.615860][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.617106][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.618473][ T1682] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:16 executed programs: 2 [ 76.639028][ T4109] BUG: sleeping function called from invalid context at net/core/sock.c:3261 [ 76.640587][ T4109] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4109, name: kworker/u5:2 [ 76.642191][ T4109] 6 locks held by kworker/u5:2/4109: [ 76.643055][ T4109] #0: ffff0000ccb14938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x678/0x1138 [ 76.644987][ T4109] #1: ffff80001bc87c00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6b8/0x1138 [ 76.647053][ T4109] #2: ffff0000c9054078 (&hdev->lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0xb0/0x894 [ 76.648873][ T4109] #3: ffff80001650bc48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0x400/0x894 [ 76.650705][ T4109] #4: ffff0000c181c020 (&conn->lock#2){+.+.}-{2:2}, at: sco_connect_cfm+0x254/0x8c0 [ 76.652383][ T4109] #5: ffff0000e66bd120 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x3e4/0x8c0 [ 76.654422][ T4109] Preemption disabled at: [ 76.654429][ T4109] [] sco_connect_cfm+0x254/0x8c0 [ 76.656298][ T4109] CPU: 0 PID: 4109 Comm: kworker/u5:2 Not tainted syzkaller #0 [ 76.657546][ T4109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 76.659124][ T4109] Workqueue: hci0 hci_rx_work [ 76.659935][ T4109] Call trace: [ 76.660490][ T4109] dump_backtrace+0x0/0x458 [ 76.661291][ T4109] show_stack+0x2c/0x3c [ 76.661990][ T4109] __dump_stack+0x30/0x40 [ 76.662721][ T4109] dump_stack_lvl+0xf4/0x15c [ 76.663508][ T4109] dump_stack+0x1c/0x5c [ 76.664189][ T4109] ___might_sleep+0x358/0x4d4 [ 76.664979][ T4109] __might_sleep+0x98/0x124 [ 76.665723][ T4109] lock_sock_nested+0xec/0x1d4 [ 76.666587][ T4109] sco_connect_cfm+0x3e4/0x8c0 [ 76.667355][ T4109] hci_sync_conn_complete_evt+0x468/0x894 [ 76.668346][ T4109] hci_event_packet+0xa34/0x1208 [ 76.669205][ T4109] hci_rx_work+0x1cc/0x868 [ 76.669988][ T4109] process_one_work+0x79c/0x1138 [ 76.670768][ T4109] worker_thread+0x8f4/0x1034 [ 76.671570][ T4109] kthread+0x374/0x454 [ 76.672273][ T4109] ret_from_fork+0x10/0x20 [ 76.673125][ T4109] ================================================================== [ 76.674435][ T4109] BUG: KASAN: use-after-free in __lock_acquire+0x104/0x67ec [ 76.675653][ T4109] Read of size 8 at addr ffff0000e66bd0a0 by task kworker/u5:2/4109 [ 76.677017][ T4109] [ 76.677397][ T4109] CPU: 0 PID: 4109 Comm: kworker/u5:2 Tainted: G W syzkaller #0 [ 76.678917][ T4109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 76.680683][ T4109] Workqueue: hci0 hci_rx_work [ 76.681447][ T4109] Call trace: [ 76.682020][ T4109] dump_backtrace+0x0/0x458 [ 76.682797][ T4109] show_stack+0x2c/0x3c [ 76.683513][ T4109] __dump_stack+0x30/0x40 [ 76.684234][ T4109] dump_stack_lvl+0xf4/0x15c [ 76.684996][ T4109] print_address_description+0x78/0x30c [ 76.685945][ T4109] kasan_report+0xec/0x158 [ 76.686708][ T4109] __asan_report_load8_noabort+0x44/0x50 [ 76.687664][ T4109] __lock_acquire+0x104/0x67ec [ 76.688443][ T4109] lock_acquire+0x1f4/0x618 [ 76.689171][ T4109] _raw_spin_lock_bh+0x114/0x1b4 [ 76.689968][ T4109] lock_sock_nested+0xf4/0x1d4 [ 76.690766][ T4109] sco_connect_cfm+0x3e4/0x8c0 [ 76.691515][ T4109] hci_sync_conn_complete_evt+0x468/0x894 [ 76.692474][ T4109] hci_event_packet+0xa34/0x1208 [ 76.693292][ T4109] hci_rx_work+0x1cc/0x868 [ 76.694060][ T4109] process_one_work+0x79c/0x1138 [ 76.694837][ T4109] worker_thread+0x8f4/0x1034 [ 76.695656][ T4109] kthread+0x374/0x454 [ 76.696398][ T4109] ret_from_fork+0x10/0x20 [ 76.697150][ T4109] [ 76.697526][ T4109] Allocated by task 4907: [ 76.698291][ T4109] __kasan_kmalloc+0xb0/0xf0 [ 76.699005][ T4109] __kmalloc+0x290/0x43c [ 76.699747][ T4109] sk_prot_alloc+0xc4/0x1ec [ 76.700541][ T4109] sk_alloc+0x40/0x384 [ 76.701232][ T4109] sco_sock_create+0xb8/0x2cc [ 76.702027][ T4109] bt_sock_create+0x14c/0x24c [ 76.702801][ T4109] __sock_create+0x4b0/0x8b4 [ 76.703583][ T4109] __sys_socket+0xf0/0x18c [ 76.704320][ T4109] __arm64_sys_socket+0x7c/0x94 [ 76.705107][ T4109] invoke_syscall+0x98/0x2b0 [ 76.705874][ T4109] el0_svc_common+0x138/0x258 [ 76.706653][ T4109] do_el0_svc+0x58/0x13c [ 76.707386][ T4109] el0_svc+0x78/0x1d0 [ 76.708104][ T4109] el0t_64_sync_handler+0xcc/0xe4 [ 76.708938][ T4109] el0t_64_sync+0x1a0/0x1a4 [ 76.709677][ T4109] [ 76.710077][ T4109] Freed by task 4906: [ 76.710749][ T4109] kasan_set_track+0x4c/0x84 [ 76.711532][ T4109] kasan_set_free_info+0x28/0x4c [ 76.712354][ T4109] ____kasan_slab_free+0x118/0x164 [ 76.713179][ T4109] __kasan_slab_free+0x18/0x28 [ 76.713964][ T4109] slab_free_freelist_hook+0x128/0x1e4 [ 76.714872][ T4109] kfree+0x16c/0x400 [ 76.715511][ T4109] __sk_destruct+0x43c/0x610 [ 76.716258][ T4109] __sk_free+0x320/0x430 [ 76.716993][ T4109] sk_free+0x68/0xd4 [ 76.717621][ T4109] sco_sock_kill+0x178/0x234 [ 76.718447][ T4109] sco_sock_release+0x1f8/0x2bc [ 76.719252][ T4109] sock_close+0xb4/0x1f8 [ 76.719927][ T4109] __fput+0x1c0/0x7e8 [ 76.720571][ T4109] ____fput+0x20/0x30 [ 76.721276][ T4109] task_work_run+0x12c/0x1d8 [ 76.722072][ T4109] do_notify_resume+0x2450/0x309c [ 76.722985][ T4109] el0_svc+0xf0/0x1d0 [ 76.723678][ T4109] el0t_64_sync_handler+0xcc/0xe4 [ 76.724552][ T4109] el0t_64_sync+0x1a0/0x1a4 [ 76.725328][ T4109] [ 76.725717][ T4109] The buggy address belongs to the object at ffff0000e66bd000 [ 76.725717][ T4109] which belongs to the cache kmalloc-2k of size 2048 [ 76.728161][ T4109] The buggy address is located 160 bytes inside of [ 76.728161][ T4109] 2048-byte region [ffff0000e66bd000, ffff0000e66bd800) [ 76.730317][ T4109] The buggy address belongs to the page: [ 76.731258][ T4109] page:000000001fa8d3c6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1266b8 [ 76.733023][ T4109] head:000000001fa8d3c6 order:3 compound_mapcount:0 compound_pincount:0 [ 76.734457][ T4109] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 76.735803][ T4109] raw: 05ffc00000010200 0000000000000000 0000000100000001 ffff0000c0002900 [ 76.737334][ T4109] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 76.738860][ T4109] page dumped because: kasan: bad access detected [ 76.739963][ T4109] [ 76.740363][ T4109] Memory state around the buggy address: [ 76.741276][ T4109] ffff0000e66bcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.742590][ T4109] ffff0000e66bd000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.743918][ T4109] >ffff0000e66bd080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.745261][ T4109] ^ [ 76.746128][ T4109] ffff0000e66bd100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.747491][ T4109] ffff0000e66bd180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.748908][ T4109] ================================================================== [ 76.750293][ T4109] Disabling lock debugging due to kernel taint [ 76.751551][ T4109] Unable to handle kernel paging request at virtual address dfff800000000000 [ 76.752933][ T4109] Mem abort info: [ 76.753588][ T4109] ESR = 0x0000000096000006 [ 76.754320][ T4109] EC = 0x25: DABT (current EL), IL = 32 bits [ 76.755321][ T4109] SET = 0, FnV = 0 [ 76.755985][ T4109] EA = 0, S1PTW = 0 [ 76.756691][ T4109] FSC = 0x06: level 2 translation fault [ 76.757664][ T4109] Data abort info: [ 76.758301][ T4109] ISV = 0, ISS = 0x00000006 [ 76.759132][ T4109] CM = 0, WnR = 0 [ 76.759840][ T4109] [dfff800000000000] address between user and kernel address ranges [ 76.761088][ T4109] Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP [ 76.762171][ T4109] Modules linked in: [ 76.762835][ T4109] CPU: 0 PID: 4109 Comm: kworker/u5:2 Tainted: G B W syzkaller #0 [ 76.764383][ T4109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 76.766073][ T4109] Workqueue: hci0 hci_rx_work [ 76.766906][ T4109] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 76.768352][ T4109] pc : apparmor_sk_clone_security+0xf4/0x3c0 [ 76.769411][ T4109] lr : apparmor_sk_clone_security+0xd4/0x3c0 [ 76.770452][ T4109] sp : ffff80001bc87780 [ 76.771136][ T4109] x29: ffff80001bc87780 x28: dfff800000000000 x27: ffff700003790f04 [ 76.772514][ T4109] x26: 1fffe00018303809 x25: ffff0000e66be3aa x24: 1fffe0001d3d0a20 [ 76.773775][ T4109] x23: dfff800000000000 x22: dfff800000000000 x21: 0000000000000000 [ 76.775178][ T4109] x20: 0000000000000000 x19: ffff0000e9e85100 x18: 0000000000000102 [ 76.776631][ T4109] x17: ffff800010565b70 x16: ffff8000082d9484 x15: ffff80000f6fc294 [ 76.778057][ T4109] x14: 0000000000000001 x13: 1ffff00002ca4e2d x12: 0000000000ff0100 [ 76.779569][ T4109] x11: 0000000000000001 x10: 0000000000000000 x9 : ffff80000a44c500 [ 76.781002][ T4109] x8 : 0000000000000000 x7 : ffffffffffffffff x6 : ffff80001052ab18 [ 76.782454][ T4109] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80000a44c474 [ 76.783927][ T4109] x2 : 0000000000000000 x1 : 0000000000000008 x0 : 0000000000000000 [ 76.785403][ T4109] Call trace: [ 76.785956][ T4109] apparmor_sk_clone_security+0xf4/0x3c0 [ 76.786918][ T4109] security_sk_clone+0x58/0x9c [ 76.787744][ T4109] sco_connect_cfm+0x590/0x8c0 [ 76.788555][ T4109] hci_sync_conn_complete_evt+0x468/0x894 [ 76.789513][ T4109] hci_event_packet+0xa34/0x1208 [ 76.790344][ T4109] hci_rx_work+0x1cc/0x868 [ 76.791040][ T4109] process_one_work+0x79c/0x1138 [ 76.791826][ T4109] worker_thread+0x8f4/0x1034 [ 76.792569][ T4109] kthread+0x374/0x454 [ 76.793232][ T4109] ret_from_fork+0x10/0x20 [ 76.793996][ T4109] Code: 710006df 540010cb 9780c662 d343fe88 (38776908) [ 76.795135][ T4109] ---[ end trace 22bbc87dd59a009d ]--- [ 77.017656][ T4109] Kernel panic - not syncing: Oops: Fatal exception [ 77.018614][ T4109] SMP: stopping secondary CPUs [ 77.019315][ T4109] Kernel Offset: disabled [ 77.019928][ T4109] CPU features: 0x8,000003c1,7d33ffd9 [ 77.020820][ T4109] Memory Limit: none [ 77.255138][ T4109] Rebooting in 86400 seconds..