Warning: Permanently added '10.128.0.204' (ED25519) to the list of known hosts.
2025/10/18 07:08:00 parsed 1 programs
[  116.669765][ T6172] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  119.816577][ T5913] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  119.824590][ T5913] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  119.834671][ T5913] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  119.844928][ T5913] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  119.852897][ T5913] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  120.154558][ T1342] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.164007][ T1342] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.196870][ T3562] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.204896][ T3562] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.109635][ T6233] chnl_net:caif_netlink_parms(): no params data found
[  122.186203][ T6233] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.193415][ T6233] bridge0: port 1(bridge_slave_0) entered disabled state
[  122.200674][ T6233] bridge_slave_0: entered allmulticast mode
[  122.208172][ T6233] bridge_slave_0: entered promiscuous mode
[  122.216029][ T6233] bridge0: port 2(bridge_slave_1) entered blocking state
[  122.223113][ T6233] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.230493][ T6233] bridge_slave_1: entered allmulticast mode
[  122.238020][ T6233] bridge_slave_1: entered promiscuous mode
[  122.272642][ T6233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  122.284675][ T6233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  122.314207][ T6233] team0: Port device team_slave_0 added
[  122.322558][ T6233] team0: Port device team_slave_1 added
[  122.347318][ T6233] batman_adv: batadv0: Adding interface: batadv_slave_0
[  122.354294][ T6233] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  122.380838][ T6233] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  122.392630][ T6233] batman_adv: batadv0: Adding interface: batadv_slave_1
[  122.399646][ T6233] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  122.425734][ T6233] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  122.466266][ T6233] hsr_slave_0: entered promiscuous mode
[  122.472436][ T6233] hsr_slave_1: entered promiscuous mode
[  122.933937][ T6233] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  122.943652][ T6233] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  122.954987][ T6233] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  122.966165][ T6233] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  123.005912][ T6233] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.013086][ T6233] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.020651][ T6233] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.027871][ T6233] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.098840][ T3562] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.107526][ T3562] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.130335][ T6233] 8021q: adding VLAN 0 to HW filter on device bond0
[  123.153450][ T6233] 8021q: adding VLAN 0 to HW filter on device team0
[  123.167626][ T3562] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.174876][ T3562] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.200678][ T3562] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.207897][ T3562] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.459482][ T6233] 8021q: adding VLAN 0 to HW filter on device batadv0
[  123.518092][ T6233] veth0_vlan: entered promiscuous mode
[  123.532861][ T6233] veth1_vlan: entered promiscuous mode
[  123.576014][ T6233] veth0_macvtap: entered promiscuous mode
[  123.587068][ T6233] veth1_macvtap: entered promiscuous mode
[  123.607723][ T6233] batman_adv: batadv0: Interface activated: batadv_slave_0
[  123.621872][ T6233] batman_adv: batadv0: Interface activated: batadv_slave_1
[  123.638620][ T3562] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  123.659684][ T3562] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  123.680479][ T3562] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  123.705660][ T3562] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  123.882257][ T1342] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.966556][ T1342] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.069054][ T1342] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  124.167076][ T1342] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/10/18 07:08:12 executed programs: 0
[  125.241913][ T5148] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  125.250356][ T5148] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  125.267849][ T5148] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  125.276033][ T5148] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  125.284088][ T5148] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  125.542810][ T6338] chnl_net:caif_netlink_parms(): no params data found
[  125.677529][ T6338] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.684830][ T6338] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.692271][ T6338] bridge_slave_0: entered allmulticast mode
[  125.704483][ T6338] bridge_slave_0: entered promiscuous mode
[  125.713626][ T6338] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.721104][ T6338] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.728748][ T6338] bridge_slave_1: entered allmulticast mode
[  125.737199][ T6338] bridge_slave_1: entered promiscuous mode
[  125.778189][ T6338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  125.790714][ T6338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  125.835487][ T6338] team0: Port device team_slave_0 added
[  125.844307][ T6338] team0: Port device team_slave_1 added
[  125.893377][ T6338] batman_adv: batadv0: Adding interface: batadv_slave_0
[  125.901516][ T6338] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  125.927828][ T6338] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  125.944391][ T6338] batman_adv: batadv0: Adding interface: batadv_slave_1
[  125.951668][ T6338] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  125.978188][ T6338] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  126.034191][ T6338] hsr_slave_0: entered promiscuous mode
[  126.042871][ T6338] hsr_slave_1: entered promiscuous mode
[  126.049178][ T6338] debugfs: 'hsr0' already exists in 'hsr'
[  126.054980][ T6338] Cannot create hsr debugfs directory
[  126.281323][ T1342] bridge_slave_1: left allmulticast mode
[  126.287794][ T1342] bridge_slave_1: left promiscuous mode
[  126.293534][ T1342] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.310881][ T1342] bridge_slave_0: left allmulticast mode
[  126.317005][ T1342] bridge_slave_0: left promiscuous mode
[  126.322804][ T1342] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.633963][ T1342] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  126.645892][ T1342] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  126.656538][ T1342] bond0 (unregistering): Released all slaves
[  126.766717][ T1342] hsr_slave_0: left promiscuous mode
[  126.773369][ T1342] hsr_slave_1: left promiscuous mode
[  126.784902][ T1342] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  126.794095][ T1342] batman_adv: batadv0: Removing interface: batadv_slave_0
[  126.803226][ T1342] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  126.813865][ T1342] batman_adv: batadv0: Removing interface: batadv_slave_1
[  126.843369][ T1342] veth1_macvtap: left promiscuous mode
[  126.851701][ T1342] veth0_macvtap: left promiscuous mode
[  126.857948][ T1342] veth1_vlan: left promiscuous mode
[  126.863297][ T1342] veth0_vlan: left promiscuous mode
[  127.337780][ T5913] Bluetooth: hci0: command tx timeout
[  127.349979][ T1342] team0 (unregistering): Port device team_slave_1 removed
[  127.386272][ T1342] team0 (unregistering): Port device team_slave_0 removed
[  127.967724][ T6338] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  127.983120][ T6338] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  127.996920][ T6338] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  128.026142][ T6338] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  128.272483][ T6338] 8021q: adding VLAN 0 to HW filter on device bond0
[  128.309116][ T6338] 8021q: adding VLAN 0 to HW filter on device team0
[  128.346966][ T3562] bridge0: port 1(bridge_slave_0) entered blocking state
[  128.354167][ T3562] bridge0: port 1(bridge_slave_0) entered forwarding state
[  128.376841][ T3562] bridge0: port 2(bridge_slave_1) entered blocking state
[  128.384012][ T3562] bridge0: port 2(bridge_slave_1) entered forwarding state
[  128.712720][ T6338] 8021q: adding VLAN 0 to HW filter on device batadv0
[  128.774161][ T6338] veth0_vlan: entered promiscuous mode
[  128.788573][ T6338] veth1_vlan: entered promiscuous mode
[  128.831067][ T6338] veth0_macvtap: entered promiscuous mode
[  128.842113][ T6338] veth1_macvtap: entered promiscuous mode
[  128.866785][ T6338] batman_adv: batadv0: Interface activated: batadv_slave_0
[  128.886080][ T6338] batman_adv: batadv0: Interface activated: batadv_slave_1
[  128.902752][   T61] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  128.922106][ T1320] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  128.947604][ T1320] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  128.970486][ T1320] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  129.014079][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.030590][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.073177][ T1320] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.082113][ T1320] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.416084][ T5913] Bluetooth: hci0: command tx timeout
2025/10/18 07:08:17 executed programs: 30
[  130.228888][ T5876] hid-generic 0005:699E:5505.0001: unknown main item tag 0x0
[  130.246710][ T5876] hid-generic 0005:699E:5505.0001: unknown main item tag 0x0
[  130.257859][ T5876] hid-generic 0005:699E:5505.0001: unknown main item tag 0x0
[  130.275950][ T5876] hid-generic 0005:699E:5505.0001: unknown main item tag 0x0
[  130.283787][ T5876] hid-generic 0005:699E:5505.0001: unknown main item tag 0x0
[  130.291965][ T5876] hid-generic 0005:699E:5505.0001: unknown main item tag 0x0
[  130.299925][ T5876] hid-generic 0005:699E:5505.0001: unknown main item tag 0x1
[  130.319878][ T5876] hid-generic 0005:699E:5505.0001: unknown main item tag 0x0
[  130.329255][ T5876] hid-generic 0005:699E:5505.0001: unknown main item tag 0x0
[  130.336923][ T5876] hid-generic 0005:699E:5505.0001: unknown main item tag 0x0
[  131.396050][ T5876] hid-generic 0005:699E:5505.0001: hidraw0: BLUETOOTH HID v0.8b Device [syz1] on aa:aa:aa:aa:aa:aa
[  131.495615][ T5913] Bluetooth: hci0: command tx timeout
[  132.779798][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  132.787214][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  133.576676][ T5913] Bluetooth: hci0: command tx timeout
2025/10/18 07:08:22 executed programs: 248
2025/10/18 07:08:27 executed programs: 497
[  142.370795][ T5148] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  142.381715][ T5148] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  142.389841][ T5148] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  142.401503][ T5148] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  142.404121][ T6456] ==================================================================
[  142.413747][ T5148] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  142.416509][ T6456] BUG: KASAN: slab-use-after-free in __mutex_lock+0x801/0x1350
[  142.416540][ T6456] Read of size 8 at addr ffff888064ae40a0 by task khidpd_699e5505/6456
[  142.416554][ T6456] 
[  142.416578][ T6456] CPU: 0 UID: 0 PID: 6456 Comm: khidpd_699e5505 Not tainted syzkaller #0 PREEMPT(full) 
[  142.416609][ T6456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  142.416629][ T6456] Call Trace:
[  142.416636][ T6456]  <TASK>
[  142.416644][ T6456]  dump_stack_lvl+0x189/0x250
[  142.416663][ T6456]  ? __kasan_check_byte+0x12/0x40
[  142.416684][ T6456]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.416701][ T6456]  ? lock_release+0x4b/0x3e0
[  142.416723][ T6456]  ? __virt_addr_valid+0x4a5/0x5c0
[  142.416741][ T6456]  print_report+0xca/0x240
[  142.416761][ T6456]  ? __mutex_lock+0x801/0x1350
[  142.416776][ T6456]  kasan_report+0x118/0x150
[  142.416796][ T6456]  ? __mutex_lock+0x801/0x1350
[  142.416815][ T6456]  __mutex_lock+0x801/0x1350
[  142.416834][ T6456]  ? __mutex_lock+0x5bb/0x1350
[  142.416852][ T6456]  ? l2cap_unregister_user+0x6a/0x1b0
[  142.416876][ T6456]  ? __pfx___mutex_lock+0x10/0x10
[  142.416892][ T6456]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  142.416922][ T6456]  l2cap_unregister_user+0x6a/0x1b0
[  142.416946][ T6456]  hidp_session_thread+0x3c9/0x410
[  142.416970][ T6456]  ? __pfx_hidp_session_thread+0x10/0x10
[  142.416992][ T6456]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  142.417015][ T6456]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  142.417041][ T6456]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  142.417065][ T6456]  ? __kthread_parkme+0x7b/0x200
[  142.417087][ T6456]  ? __kthread_parkme+0x1a1/0x200
[  142.417111][ T6456]  kthread+0x711/0x8a0
[  142.417128][ T6456]  ? __pfx_hidp_session_thread+0x10/0x10
[  142.417151][ T6456]  ? __pfx_kthread+0x10/0x10
[  142.417167][ T6456]  ? _raw_spin_unlock_irq+0x23/0x50
[  142.417189][ T6456]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.417204][ T6456]  ? __pfx_kthread+0x10/0x10
[  142.417227][ T6456]  ret_from_fork+0x4bc/0x870
[  142.417249][ T6456]  ? __pfx_ret_from_fork+0x10/0x10
[  142.417272][ T6456]  ? __switch_to_asm+0x39/0x70
[  142.417289][ T6456]  ? __switch_to_asm+0x33/0x70
[  142.417307][ T6456]  ? __pfx_kthread+0x10/0x10
[  142.417323][ T6456]  ret_from_fork_asm+0x1a/0x30
[  142.417348][ T6456]  </TASK>
[  142.417354][ T6456] 
[  142.642691][ T6456] Allocated by task 6338:
[  142.647027][ T6456]  kasan_save_track+0x3e/0x80
[  142.651727][ T6456]  __kasan_kmalloc+0x93/0xb0
[  142.656308][ T6456]  __kmalloc_noprof+0x411/0x7f0
[  142.661145][ T6456]  hci_alloc_dev_priv+0x28/0x2060
[  142.666158][ T6456]  vhci_create_device+0x120/0x650
[  142.671173][ T6456]  vhci_write+0x3ce/0x4a0
[  142.675507][ T6456]  vfs_write+0x5c9/0xb30
[  142.679744][ T6456]  ksys_write+0x145/0x250
[  142.684053][ T6456]  do_syscall_64+0xfa/0xfa0
[  142.688537][ T6456]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.694428][ T6456] 
[  142.696732][ T6456] Freed by task 6338:
[  142.700692][ T6456]  kasan_save_track+0x3e/0x80
[  142.705354][ T6456]  __kasan_save_free_info+0x46/0x50
[  142.710546][ T6456]  __kasan_slab_free+0x5c/0x80
[  142.715291][ T6456]  kfree+0x19a/0x6d0
[  142.719168][ T6456]  bt_host_release+0x82/0x90
[  142.723742][ T6456]  device_release+0x9c/0x1c0
[  142.728322][ T6456]  kobject_put+0x22b/0x480
[  142.732721][ T6456]  vhci_release+0x15a/0x1a0
[  142.737213][ T6456]  __fput+0x44c/0xa70
[  142.741184][ T6456]  task_work_run+0x1d4/0x260
[  142.745758][ T6456]  do_exit+0x6b5/0x2300
[  142.749897][ T6456]  do_group_exit+0x21c/0x2d0
[  142.754465][ T6456]  get_signal+0x1285/0x1340
[  142.758953][ T6456]  arch_do_signal_or_restart+0xa0/0x790
[  142.764578][ T6456]  exit_to_user_mode_loop+0x72/0x130
[  142.769876][ T6456]  do_syscall_64+0x2bd/0xfa0
[  142.774457][ T6456]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.780349][ T6456] 
[  142.782664][ T6456] Last potentially related work creation:
[  142.788370][ T6456]  kasan_save_stack+0x3e/0x60
[  142.793044][ T6456]  kasan_record_aux_stack+0xbd/0xd0
[  142.798232][ T6456]  insert_work+0x3d/0x330
[  142.802548][ T6456]  __queue_work+0xbaf/0xfb0
[  142.807042][ T6456]  queue_work_on+0x181/0x270
[  142.811710][ T6456]  process_scheduled_works+0xae1/0x17b0
[  142.817240][ T6456]  worker_thread+0x8a0/0xda0
[  142.821821][ T6456]  kthread+0x711/0x8a0
[  142.825868][ T6456]  ret_from_fork+0x4bc/0x870
[  142.830442][ T6456]  ret_from_fork_asm+0x1a/0x30
[  142.835196][ T6456] 
[  142.837511][ T6456] Second to last potentially related work creation:
[  142.844095][ T6456]  kasan_save_stack+0x3e/0x60
[  142.848762][ T6456]  kasan_record_aux_stack+0xbd/0xd0
[  142.853950][ T6456]  insert_work+0x3d/0x330
[  142.858263][ T6456]  __queue_work+0xcd2/0xfb0
[  142.862753][ T6456]  call_timer_fn+0x17e/0x5f0
[  142.867331][ T6456]  __run_timer_base+0x646/0x860
[  142.872166][ T6456]  run_timer_softirq+0xb7/0x180
[  142.877003][ T6456]  handle_softirqs+0x286/0x870
[  142.881764][ T6456]  __irq_exit_rcu+0xca/0x1f0
[  142.886362][ T6456]  irq_exit_rcu+0x9/0x30
[  142.890614][ T6456]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  142.896258][ T6456]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  142.902236][ T6456] 
[  142.904549][ T6456] The buggy address belongs to the object at ffff888064ae4000
[  142.904549][ T6456]  which belongs to the cache kmalloc-8k of size 8192
[  142.918595][ T6456] The buggy address is located 160 bytes inside of
[  142.918595][ T6456]  freed 8192-byte region [ffff888064ae4000, ffff888064ae6000)
[  142.932488][ T6456] 
[  142.934809][ T6456] The buggy address belongs to the physical page:
[  142.941229][ T6456] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888064ae0000 pfn:0x64ae0
[  142.951332][ T6456] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  142.959820][ T6456] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  142.968315][ T6456] page_type: f5(slab)
[  142.972315][ T6456] raw: 00fff00000000240 ffff88813ffa7280 ffff88813ffa5ac8 ffffea0001f20c10
[  142.980893][ T6456] raw: ffff888064ae0000 0000000000020001 00000000f5000000 0000000000000000
[  142.989468][ T6456] head: 00fff00000000240 ffff88813ffa7280 ffff88813ffa5ac8 ffffea0001f20c10
[  142.998125][ T6456] head: ffff888064ae0000 0000000000020001 00000000f5000000 0000000000000000
[  143.006783][ T6456] head: 00fff00000000003 ffffea000192b801 00000000ffffffff 00000000ffffffff
[  143.015448][ T6456] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  143.024111][ T6456] page dumped because: kasan: bad access detected
[  143.030520][ T6456] page_owner tracks the page as allocated
[  143.036222][ T6456] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6321, tgid 6321 (syz-executor), ts 124693471522, free_ts 120751365981
[  143.057748][ T6456]  post_alloc_hook+0x240/0x2a0
[  143.062505][ T6456]  get_page_from_freelist+0x2365/0x2440
[  143.068036][ T6456]  __alloc_frozen_pages_noprof+0x181/0x370
[  143.073828][ T6456]  alloc_pages_mpol+0x232/0x4a0
[  143.078661][ T6456]  allocate_slab+0x96/0x3a0
[  143.083152][ T6456]  ___slab_alloc+0xe94/0x18a0
[  143.087816][ T6456]  __slab_alloc+0x65/0x100
[  143.092216][ T6456]  __kmalloc_noprof+0x471/0x7f0
[  143.097050][ T6456]  cache_create_net+0x92/0x260
[  143.101803][ T6456]  gss_svc_init_net+0x58/0x570
[  143.106555][ T6456]  ops_init+0x35c/0x5c0
[  143.110699][ T6456]  setup_net+0xfe/0x320
[  143.114843][ T6456]  copy_net_ns+0x34e/0x4e0
[  143.119252][ T6456]  create_new_namespaces+0x3f3/0x720
[  143.124525][ T6456]  unshare_nsproxy_namespaces+0x11c/0x170
[  143.130230][ T6456]  ksys_unshare+0x4c8/0x8c0
[  143.134720][ T6456] page last free pid 6211 tgid 6211 stack trace:
[  143.141030][ T6456]  __free_frozen_pages+0xbc4/0xd30
[  143.146127][ T6456]  vfree+0x25a/0x400
[  143.150008][ T6456]  kcov_close+0x28/0x50
[  143.154147][ T6456]  __fput+0x44c/0xa70
[  143.158124][ T6456]  task_work_run+0x1d4/0x260
[  143.162700][ T6456]  do_exit+0x6b5/0x2300
[  143.166841][ T6456]  do_group_exit+0x21c/0x2d0
[  143.171414][ T6456]  get_signal+0x1285/0x1340
[  143.175916][ T6456]  arch_do_signal_or_restart+0xa0/0x790
[  143.181535][ T6456]  exit_to_user_mode_loop+0x72/0x130
[  143.186810][ T6456]  do_syscall_64+0x2bd/0xfa0
[  143.191380][ T6456]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.197265][ T6456] 
[  143.199572][ T6456] Memory state around the buggy address:
[  143.205182][ T6456]  ffff888064ae3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  143.213225][ T6456]  ffff888064ae4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  143.221271][ T6456] >ffff888064ae4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  143.229331][ T6456]                                ^
[  143.234420][ T6456]  ffff888064ae4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  143.242461][ T6456]  ffff888064ae4180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  143.250500][ T6456] ==================================================================
[  143.259463][ T6456] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  143.266664][ T6456] CPU: 0 UID: 0 PID: 6456 Comm: khidpd_699e5505 Not tainted syzkaller #0 PREEMPT(full) 
[  143.276364][ T6456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  143.286403][ T6456] Call Trace:
[  143.289672][ T6456]  <TASK>
[  143.292588][ T6456]  dump_stack_lvl+0x99/0x250
[  143.297171][ T6456]  ? __asan_memcpy+0x40/0x70
[  143.301747][ T6456]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.306943][ T6456]  ? __pfx__printk+0x10/0x10
[  143.311517][ T6456]  vpanic+0x237/0x6d0
[  143.315502][ T6456]  ? __pfx_vpanic+0x10/0x10
[  143.319998][ T6456]  panic+0xb9/0xc0
[  143.323713][ T6456]  ? __pfx_panic+0x10/0x10
[  143.328119][ T6456]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  143.334010][ T6456]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  143.339894][ T6456]  ? __mutex_lock+0x801/0x1350
[  143.344643][ T6456]  check_panic_on_warn+0x89/0xb0
[  143.349567][ T6456]  ? __mutex_lock+0x801/0x1350
[  143.354314][ T6456]  end_report+0x78/0x160
[  143.358544][ T6456]  kasan_report+0x129/0x150
[  143.363033][ T6456]  ? __mutex_lock+0x801/0x1350
[  143.367783][ T6456]  __mutex_lock+0x801/0x1350
[  143.372357][ T6456]  ? __mutex_lock+0x5bb/0x1350
[  143.377106][ T6456]  ? l2cap_unregister_user+0x6a/0x1b0
[  143.382472][ T6456]  ? __pfx___mutex_lock+0x10/0x10
[  143.387480][ T6456]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  143.393365][ T6456]  l2cap_unregister_user+0x6a/0x1b0
[  143.398552][ T6456]  hidp_session_thread+0x3c9/0x410
[  143.403655][ T6456]  ? __pfx_hidp_session_thread+0x10/0x10
[  143.409278][ T6456]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  143.415180][ T6456]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  143.421412][ T6456]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  143.427644][ T6456]  ? __kthread_parkme+0x7b/0x200
[  143.432574][ T6456]  ? __kthread_parkme+0x1a1/0x200
[  143.437588][ T6456]  kthread+0x711/0x8a0
[  143.441641][ T6456]  ? __pfx_hidp_session_thread+0x10/0x10
[  143.447263][ T6456]  ? __pfx_kthread+0x10/0x10
[  143.451836][ T6456]  ? _raw_spin_unlock_irq+0x23/0x50
[  143.457022][ T6456]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.462202][ T6456]  ? __pfx_kthread+0x10/0x10
[  143.466808][ T6456]  ret_from_fork+0x4bc/0x870
[  143.471386][ T6456]  ? __pfx_ret_from_fork+0x10/0x10
[  143.476484][ T6456]  ? __switch_to_asm+0x39/0x70
[  143.481249][ T6456]  ? __switch_to_asm+0x33/0x70
[  143.486082][ T6456]  ? __pfx_kthread+0x10/0x10
[  143.490656][ T6456]  ret_from_fork_asm+0x1a/0x30
[  143.495409][ T6456]  </TASK>
[  143.498673][ T6456] Kernel Offset: disabled
[  143.502981][ T6456] Rebooting in 86400 seconds..