Warning: Permanently added '[localhost]:56665' (ED25519) to the list of known hosts.
2025/05/14 08:41:03 ignoring optional flag "sandboxArg"="0"
2025/05/14 08:41:04 parsed 1 programs
[ 81.479048][ T834] cfg80211: failed to load regulatory.db
[ 82.307826][ T40] kauditd_printk_skb: 26 callbacks suppressed
[ 82.307840][ T40] audit: type=1400 audit(1747212066.137:120): avc: denied { unlink } for pid=6223 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 83.234981][ T6223] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 85.144507][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.147037][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.160010][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 85.162538][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 85.554066][ T40] audit: type=1401 audit(1747212069.387:121): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[ 86.722979][ T6298] chnl_net:caif_netlink_parms(): no params data found
[ 86.796181][ T6298] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.800266][ T6298] bridge0: port 1(bridge_slave_0) entered disabled state
[ 86.802650][ T6298] bridge_slave_0: entered allmulticast mode
[ 86.805351][ T6298] bridge_slave_0: entered promiscuous mode
[ 86.809469][ T6298] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.811770][ T6298] bridge0: port 2(bridge_slave_1) entered disabled state
[ 86.814192][ T6298] bridge_slave_1: entered allmulticast mode
[ 86.816844][ T6298] bridge_slave_1: entered promiscuous mode
[ 86.853990][ T6298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 86.859222][ T6298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 86.911931][ T6298] team0: Port device team_slave_0 added
[ 86.915454][ T6298] team0: Port device team_slave_1 added
[ 86.944999][ T6298] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 86.947178][ T6298] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 86.955448][ T6298] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 86.961422][ T6298] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 86.963594][ T6298] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 86.971655][ T6298] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 87.026104][ T6298] hsr_slave_0: entered promiscuous mode
[ 87.030033][ T6298] hsr_slave_1: entered promiscuous mode
[ 87.674430][ T6298] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 87.679088][ T6298] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 87.684785][ T6298] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 87.693854][ T6298] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 87.746753][ T6298] 8021q: adding VLAN 0 to HW filter on device bond0
[ 87.756616][ T6298] 8021q: adding VLAN 0 to HW filter on device team0
[ 87.761911][ T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.764431][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 87.770443][ T216] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.772767][ T216] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 87.877515][ T6298] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 87.903704][ T6298] veth0_vlan: entered promiscuous mode
[ 87.909474][ T6298] veth1_vlan: entered promiscuous mode
[ 87.925250][ T6298] veth0_macvtap: entered promiscuous mode
[ 87.929537][ T6298] veth1_macvtap: entered promiscuous mode
[ 87.938218][ T6298] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 87.944939][ T6298] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 87.953280][ T6298] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.955993][ T6298] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.958892][ T6298] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.961582][ T6298] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.029869][ T67] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 88.036019][ T67] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 88.037254][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 88.046160][ T67] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 88.050881][ T67] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 88.054076][ T67] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 88.106583][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 88.181803][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 88.285160][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/05/14 08:41:12 executed programs: 0
[ 88.581640][ T67] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 88.584864][ T67] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 88.591879][ T67] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 88.595333][ T67] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 88.598461][ T67] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 88.702702][ T6384] chnl_net:caif_netlink_parms(): no params data found
[ 88.788306][ T6384] bridge0: port 1(bridge_slave_0) entered blocking state
[ 88.790627][ T6384] bridge0: port 1(bridge_slave_0) entered disabled state
[ 88.792920][ T6384] bridge_slave_0: entered allmulticast mode
[ 88.795630][ T6384] bridge_slave_0: entered promiscuous mode
[ 88.798883][ T6384] bridge0: port 2(bridge_slave_1) entered blocking state
[ 88.801236][ T6384] bridge0: port 2(bridge_slave_1) entered disabled state
[ 88.803536][ T6384] bridge_slave_1: entered allmulticast mode
[ 88.806547][ T6384] bridge_slave_1: entered promiscuous mode
[ 88.850938][ T6384] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 88.856261][ T6384] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 88.891725][ T6384] team0: Port device team_slave_0 added
[ 88.895174][ T6384] team0: Port device team_slave_1 added
[ 88.926589][ T6384] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 88.928993][ T6384] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 88.936893][ T6384] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 88.944107][ T6384] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 88.946295][ T6384] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 88.957149][ T6384] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 89.020595][ T6384] hsr_slave_0: entered promiscuous mode
[ 89.023596][ T6384] hsr_slave_1: entered promiscuous mode
[ 89.026444][ T6384] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 89.030200][ T6384] Cannot create hsr debugfs directory
[ 90.677795][ T67] Bluetooth: hci0: command tx timeout
[ 91.011456][ T13] bridge_slave_1: left allmulticast mode
[ 91.013914][ T13] bridge_slave_1: left promiscuous mode
[ 91.016948][ T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 91.022243][ T13] bridge_slave_0: left allmulticast mode
[ 91.024658][ T13] bridge_slave_0: left promiscuous mode
[ 91.027262][ T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 91.267410][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 91.271597][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 91.275187][ T13] bond0 (unregistering): Released all slaves
[ 91.392878][ T13] hsr_slave_0: left promiscuous mode
[ 91.395167][ T13] hsr_slave_1: left promiscuous mode
[ 91.397537][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 91.399943][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 91.403410][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 91.406248][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 91.426949][ T13] veth1_macvtap: left promiscuous mode
[ 91.429510][ T13] veth0_macvtap: left promiscuous mode
[ 91.431954][ T13] veth1_vlan: left promiscuous mode
[ 91.434840][ T13] veth0_vlan: left promiscuous mode
[ 91.850246][ T13] team0 (unregistering): Port device team_slave_1 removed
[ 91.892601][ T13] team0 (unregistering): Port device team_slave_0 removed
[ 92.496231][ T6384] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 92.502639][ T6384] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 92.521020][ T6384] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 92.525583][ T6384] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 92.581646][ T6384] 8021q: adding VLAN 0 to HW filter on device bond0
[ 92.595105][ T6384] 8021q: adding VLAN 0 to HW filter on device team0
[ 92.600919][ T65] bridge0: port 1(bridge_slave_0) entered blocking state
[ 92.603955][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 92.612432][ T65] bridge0: port 2(bridge_slave_1) entered blocking state
[ 92.615254][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 92.768908][ T67] Bluetooth: hci0: command tx timeout
[ 92.804509][ T6384] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 92.830394][ T6384] veth0_vlan: entered promiscuous mode
[ 92.835180][ T6384] veth1_vlan: entered promiscuous mode
[ 92.849527][ T6384] veth0_macvtap: entered promiscuous mode
[ 92.853742][ T6384] veth1_macvtap: entered promiscuous mode
[ 92.865308][ T6384] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 92.876027][ T6384] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 92.881882][ T6384] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.884647][ T6384] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.887388][ T6384] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.890337][ T6384] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 92.924720][ T216] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.927247][ T216] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 92.942643][ T216] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.945110][ T216] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 92.970917][ T40] audit: type=1400 audit(1747212076.807:122): avc: denied { map_create } for pid=6490 comm="syz.0.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 92.978235][ T40] audit: type=1400 audit(1747212076.807:123): avc: denied { read } for pid=6490 comm="syz.0.16" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 92.985964][ T40] audit: type=1400 audit(1747212076.807:124): avc: denied { open } for pid=6490 comm="syz.0.16" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 92.993943][ T40] audit: type=1400 audit(1747212076.807:125): avc: denied { ioctl } for pid=6490 comm="syz.0.16" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 93.011477][ T40] audit: type=1400 audit(1747212076.847:126): avc: denied { bind } for pid=6490 comm="syz.0.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 93.011671][ T6491] Bluetooth: MGMT ver 1.23
[ 93.017923][ T40] audit: type=1400 audit(1747212076.847:127): avc: denied { write } for pid=6490 comm="syz.0.16" path="socket:[11021]" dev="sockfs" ino=11021 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 93.023923][ T67] ==================================================================
[ 93.029438][ T67] BUG: KASAN: slab-out-of-bounds in hci_cmd_sync_alloc+0x300/0x3a0
[ 93.031964][ T67] Read of size 29542 at addr ffff88802826a706 by task kworker/u33:0/67
[ 93.036149][ T67]
[ 93.036945][ T67] CPU: 3 UID: 0 PID: 67 Comm: kworker/u33:0 Not tainted 6.15.0-rc6-syzkaller-g9f35e33144ae #0 PREEMPT(full)
[ 93.036960][ T67] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 93.036969][ T67] Workqueue: hci0 hci_cmd_sync_work
[ 93.036985][ T67] Call Trace:
[ 93.036993][ T67]
[ 93.036998][ T67] dump_stack_lvl+0x116/0x1f0
[ 93.037014][ T67] print_report+0xc3/0x670
[ 93.037027][ T67] ? __virt_addr_valid+0x5e/0x590
[ 93.037042][ T67] ? __phys_addr+0xc6/0x150
[ 93.037057][ T67] ? hci_cmd_sync_alloc+0x300/0x3a0
[ 93.037069][ T67] kasan_report+0xe0/0x110
[ 93.037080][ T67] ? hci_cmd_sync_alloc+0x300/0x3a0
[ 93.037093][ T67] kasan_check_range+0xef/0x1a0
[ 93.037107][ T67] __asan_memcpy+0x23/0x60
[ 93.037123][ T67] hci_cmd_sync_alloc+0x300/0x3a0
[ 93.037136][ T67] __hci_cmd_sync_sk+0x157/0xc90
[ 93.037149][ T67] ? __pfx___hci_cmd_sync_sk+0x10/0x10
[ 93.037161][ T67] ? __pfx___might_resched+0x10/0x10
[ 93.037176][ T67] ? rcu_is_watching+0x12/0xc0
[ 93.037189][ T67] ? trace_contention_end+0xdd/0x130
[ 93.037202][ T67] ? __pfx___mutex_lock+0x10/0x10
[ 93.037218][ T67] ? __lock_acquire+0xaa4/0x1ba0
[ 93.037235][ T67] __hci_cmd_sync_ev+0x3e/0x50
[ 93.037249][ T67] send_hci_cmd_sync+0x18d/0x3f0
[ 93.037261][ T67] hci_cmd_sync_work+0x1a8/0x430
[ 93.037274][ T67] process_one_work+0x9cf/0x1b70
[ 93.037288][ T67] ? __pfx_process_one_work+0x10/0x10
[ 93.037302][ T67] ? assign_work+0x1a0/0x250
[ 93.037312][ T67] worker_thread+0x6c8/0xf10
[ 93.037326][ T67] ? __pfx_worker_thread+0x10/0x10
[ 93.037338][ T67] kthread+0x3c2/0x780
[ 93.037348][ T67] ? __pfx_kthread+0x10/0x10
[ 93.037358][ T67] ? __pfx_kthread+0x10/0x10
[ 93.037367][ T67] ? __pfx_kthread+0x10/0x10
[ 93.037377][ T67] ? __pfx_kthread+0x10/0x10
[ 93.037386][ T67] ? rcu_is_watching+0x12/0xc0
[ 93.037399][ T67] ? __pfx_kthread+0x10/0x10
[ 93.037409][ T67] ret_from_fork+0x45/0x80
[ 93.037419][ T67] ? __pfx_kthread+0x10/0x10
[ 93.037429][ T67] ret_from_fork_asm+0x1a/0x30
[ 93.037448][ T67]
[ 93.037452][ T67]
[ 93.106016][ T67] Allocated by task 6491:
[ 93.107329][ T67] kasan_save_stack+0x33/0x60
[ 93.108852][ T67] kasan_save_track+0x14/0x30
[ 93.110332][ T67] __kasan_kmalloc+0xaa/0xb0
[ 93.111872][ T67] __kmalloc_node_track_caller_noprof+0x221/0x510
[ 93.113884][ T67] kmemdup_noprof+0x29/0x60
[ 93.115658][ T67] mgmt_pending_new+0x10b/0x290
[ 93.117698][ T67] mgmt_hci_cmd_sync+0x58/0x1c0
[ 93.119697][ T67] hci_sock_sendmsg+0x151f/0x25e0
[ 93.121781][ T67] sock_write_iter+0x4fc/0x5b0
[ 93.123525][ T67] vfs_write+0x5ba/0x1180
[ 93.125176][ T67] ksys_write+0x205/0x240
[ 93.126964][ T67] do_syscall_64+0xcd/0x260
[ 93.128827][ T67] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 93.130972][ T67]
[ 93.131852][ T67] The buggy address belongs to the object at ffff88802826a700
[ 93.131852][ T67] which belongs to the cache kmalloc-8 of size 8
[ 93.137015][ T67] The buggy address is located 6 bytes inside of
[ 93.137015][ T67] allocated 7-byte region [ffff88802826a700, ffff88802826a707)
[ 93.142441][ T67]
[ 93.143442][ T67] The buggy address belongs to the physical page:
[ 93.146020][ T67] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802826ac20 pfn:0x2826a
[ 93.150096][ T67] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 93.153054][ T67] page_type: f5(slab)
[ 93.154715][ T67] raw: 00fff00000000000 ffff88801b442500 ffffea0000a81200 dead000000000002
[ 93.157452][ T67] raw: ffff88802826ac20 0000000080800060 00000000f5000000 0000000000000000
[ 93.160093][ T67] page dumped because: kasan: bad access detected
[ 93.162105][ T67] page_owner tracks the page as allocated
[ 93.163865][ T67] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5948, tgid 5948 (syz-executor), ts 57027182518, free_ts 57004648307
[ 93.169873][ T67] post_alloc_hook+0x181/0x1b0
[ 93.171424][ T67] get_page_from_freelist+0x135c/0x3920
[ 93.173156][ T67] __alloc_frozen_pages_noprof+0x263/0x23a0
[ 93.175051][ T67] alloc_pages_mpol+0x1fb/0x550
[ 93.176574][ T67] new_slab+0x244/0x340
[ 93.177899][ T67] ___slab_alloc+0xd9c/0x1940
[ 93.179378][ T67] __slab_alloc.constprop.0+0x56/0xb0
[ 93.181068][ T67] __kmalloc_node_track_caller_noprof+0x2ee/0x510
[ 93.183059][ T67] kstrdup+0x53/0x100
[ 93.184328][ T67] kstrdup_const+0x63/0x80
[ 93.185754][ T67] __kernfs_new_node+0x9b/0x8a0
[ 93.187279][ T67] kernfs_new_node+0x13c/0x1e0
[ 93.188782][ T67] kernfs_create_dir_ns+0x4c/0x1a0
[ 93.190379][ T67] sysfs_create_dir_ns+0x13a/0x2b0
[ 93.192018][ T67] kobject_add_internal+0x2c4/0x9b0
[ 93.193672][ T67] kobject_init_and_add+0x11b/0x190
[ 93.195376][ T67] page last free pid 5948 tgid 5948 stack trace:
[ 93.197496][ T67] __free_frozen_pages+0x69d/0xff0
[ 93.199179][ T67] qlist_free_all+0x4e/0x120
[ 93.200645][ T67] kasan_quarantine_reduce+0x195/0x1e0
[ 93.202323][ T67] __kasan_slab_alloc+0x69/0x90
[ 93.203815][ T67] __kmalloc_cache_noprof+0x1f1/0x3e0
[ 93.205720][ T67] ref_tracker_alloc+0x18e/0x5b0
[ 93.207240][ T67] net_rx_queue_update_kobjects+0x32e/0x770
[ 93.209068][ T67] netdev_register_kobject+0x269/0x3a0
[ 93.210775][ T67] register_netdevice+0x13dc/0x2270
[ 93.212333][ T67] veth_newlink+0x30f/0xa00
[ 93.213746][ T67] rtnl_newlink+0xc45/0x2000
[ 93.215261][ T67] rtnetlink_rcv_msg+0x95b/0xe90
[ 93.216851][ T67] netlink_rcv_skb+0x16a/0x440
[ 93.218351][ T67] netlink_unicast+0x53d/0x7f0
[ 93.219855][ T67] netlink_sendmsg+0x8d1/0xdd0
[ 93.221375][ T67] __sys_sendto+0x495/0x510
[ 93.222805][ T67]
[ 93.223576][ T67] Memory state around the buggy address:
[ 93.225371][ T67] ffff88802826a600: fa fc fc fc 05 fc fc fc fa fc fc fc fa fc fc fc
[ 93.227758][ T67] ffff88802826a680: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[ 93.230173][ T67] >ffff88802826a700: 07 fc fc fc 05 fc fc fc fa fc fc fc fa fc fc fc
[ 93.232637][ T67] ^
[ 93.233930][ T67] ffff88802826a780: fa fc fc fc fa fc fc fc 07 fc fc fc fa fc fc fc
[ 93.236413][ T67] ffff88802826a800: 05 fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[ 93.238891][ T67] ==================================================================
[ 93.243765][ T67] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 93.246274][ T67] CPU: 2 UID: 0 PID: 67 Comm: kworker/u33:0 Not tainted 6.15.0-rc6-syzkaller-g9f35e33144ae #0 PREEMPT(full)
[ 93.250349][ T67] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 93.254080][ T67] Workqueue: hci0 hci_cmd_sync_work
[ 93.255772][ T67] Call Trace:
[ 93.256875][ T67]
[ 93.257822][ T67] dump_stack_lvl+0x3d/0x1f0
[ 93.259329][ T67] panic+0x71c/0x800
[ 93.260690][ T67] ? __pfx_panic+0x10/0x10
[ 93.262548][ T67] ? irqentry_exit+0x3b/0x90
[ 93.264175][ T67] ? lockdep_hardirqs_on+0x7c/0x110
[ 93.265790][ T67] ? preempt_schedule_thunk+0x16/0x30
[ 93.267442][ T67] ? hci_cmd_sync_alloc+0x300/0x3a0
[ 93.269082][ T67] ? preempt_schedule_common+0x44/0xc0
[ 93.270855][ T67] ? check_panic_on_warn+0x1f/0xb0
[ 93.272453][ T67] ? hci_cmd_sync_alloc+0x300/0x3a0
[ 93.274143][ T67] check_panic_on_warn+0xab/0xb0
[ 93.275821][ T67] end_report+0x107/0x170
[ 93.277204][ T67] kasan_report+0xee/0x110
[ 93.278764][ T67] ? hci_cmd_sync_alloc+0x300/0x3a0
[ 93.280761][ T67] kasan_check_range+0xef/0x1a0
[ 93.282706][ T67] __asan_memcpy+0x23/0x60
[ 93.284273][ T67] hci_cmd_sync_alloc+0x300/0x3a0
[ 93.286140][ T67] __hci_cmd_sync_sk+0x157/0xc90
[ 93.287739][ T67] ? __pfx___hci_cmd_sync_sk+0x10/0x10
[ 93.289655][ T67] ? __pfx___might_resched+0x10/0x10
[ 93.291491][ T67] ? rcu_is_watching+0x12/0xc0
[ 93.293013][ T67] ? trace_contention_end+0xdd/0x130
[ 93.294763][ T67] ? __pfx___mutex_lock+0x10/0x10
[ 93.296491][ T67] ? __lock_acquire+0xaa4/0x1ba0
[ 93.298154][ T67] __hci_cmd_sync_ev+0x3e/0x50
[ 93.299759][ T67] send_hci_cmd_sync+0x18d/0x3f0
[ 93.301818][ T67] hci_cmd_sync_work+0x1a8/0x430
[ 93.303887][ T67] process_one_work+0x9cf/0x1b70
[ 93.305964][ T67] ? __pfx_process_one_work+0x10/0x10
[ 93.308173][ T67] ? assign_work+0x1a0/0x250
[ 93.310091][ T67] worker_thread+0x6c8/0xf10
[ 93.312031][ T67] ? __pfx_worker_thread+0x10/0x10
[ 93.314155][ T67] kthread+0x3c2/0x780
[ 93.315836][ T67] ? __pfx_kthread+0x10/0x10
[ 93.317749][ T67] ? __pfx_kthread+0x10/0x10
[ 93.319667][ T67] ? __pfx_kthread+0x10/0x10
[ 93.321622][ T67] ? __pfx_kthread+0x10/0x10
[ 93.323431][ T67] ? rcu_is_watching+0x12/0xc0
[ 93.325404][ T67] ? __pfx_kthread+0x10/0x10
[ 93.327333][ T67] ret_from_fork+0x45/0x80
[ 93.329254][ T67] ? __pfx_kthread+0x10/0x10
[ 93.331102][ T67] ret_from_fork_asm+0x1a/0x30
[ 93.333090][ T67]
[ 93.335141][ T67] Kernel Offset: disabled
[ 93.336996][ T67] Rebooting in 86400 seconds..