Warning: Permanently added '10.128.0.69' (ED25519) to the list of known hosts.
2025/11/14 10:08:01 parsed 1 programs
[  116.081008][ T6243] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  119.740006][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.753959][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.946727][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.984573][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.363827][ T5145] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  120.372806][ T5145] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  120.382538][ T5145] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  120.397585][ T5145] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  120.411566][ T5145] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  121.985707][ T6300] chnl_net:caif_netlink_parms(): no params data found
[  122.180861][ T6300] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.195343][ T6300] bridge0: port 1(bridge_slave_0) entered disabled state
[  122.204622][ T6300] bridge_slave_0: entered allmulticast mode
[  122.213018][ T6300] bridge_slave_0: entered promiscuous mode
[  122.232549][ T6300] bridge0: port 2(bridge_slave_1) entered blocking state
[  122.239828][ T6300] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.251760][ T6300] bridge_slave_1: entered allmulticast mode
[  122.281789][ T6300] bridge_slave_1: entered promiscuous mode
[  122.377535][ T6300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  122.391411][ T6300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  122.436984][ T6300] team0: Port device team_slave_0 added
[  122.445275][ T6300] team0: Port device team_slave_1 added
[  122.472722][ T6300] batman_adv: batadv0: Adding interface: batadv_slave_0
[  122.479683][ T6300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  122.506719][ T6300] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  122.519343][ T6300] batman_adv: batadv0: Adding interface: batadv_slave_1
[  122.527536][ T6300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  122.553741][ T6300] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  122.592719][ T6300] hsr_slave_0: entered promiscuous mode
[  122.599098][ T6300] hsr_slave_1: entered promiscuous mode
[  123.025916][ T6300] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  123.037517][ T6300] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  123.049427][ T6300] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  123.060891][ T6300] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  123.103658][ T6300] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.110874][ T6300] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.118440][ T6300] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.125797][ T6300] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.146609][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.156025][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.240538][ T6300] 8021q: adding VLAN 0 to HW filter on device bond0
[  123.266091][ T6300] 8021q: adding VLAN 0 to HW filter on device team0
[  123.287880][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.295195][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.310624][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.317855][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.580133][ T6300] 8021q: adding VLAN 0 to HW filter on device batadv0
[  123.640430][ T6300] veth0_vlan: entered promiscuous mode
[  123.653971][ T6300] veth1_vlan: entered promiscuous mode
[  123.697306][ T6300] veth0_macvtap: entered promiscuous mode
[  123.708568][ T6300] veth1_macvtap: entered promiscuous mode
[  123.736267][ T6300] batman_adv: batadv0: Interface activated: batadv_slave_0
[  123.760370][ T6300] batman_adv: batadv0: Interface activated: batadv_slave_1
[  123.781730][ T3473] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  123.790744][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  123.810828][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  123.823507][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/11/14 10:08:13 executed programs: 0
[  124.075315][ T5145] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  124.089957][ T5145] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  124.116757][ T5145] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  124.153662][ T6390] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  124.163835][ T6390] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  124.175751][ T6390] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  124.183673][ T6390] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  124.192318][ T6390] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  124.200231][ T6390] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  124.207942][ T6390] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  124.212998][ T6397] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  124.215468][ T6390] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  124.224384][ T6397] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  124.238842][ T6398] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  124.242737][ T6399] ==================================================================
[  124.246814][ T6397] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  124.253859][ T6399] BUG: KASAN: slab-use-after-free in hci_cmd_work+0x5d0/0x7b0
[  124.253901][ T6399] Read of size 2 at addr ffff888054ff7038 by task kworker/u9:7/6399
[  124.253915][ T6399] 
[  124.253939][ T6399] CPU: 1 UID: 0 PID: 6399 Comm: kworker/u9:7 Not tainted syzkaller #0 PREEMPT(full) 
[  124.253958][ T6399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  124.253968][ T6399] Workqueue: hci0 hci_cmd_work
[  124.253997][ T6399] Call Trace:
[  124.254007][ T6399]  <TASK>
[  124.254014][ T6399]  dump_stack_lvl+0x189/0x250
[  124.254033][ T6399]  ? __virt_addr_valid+0x1c8/0x5c0
[  124.254054][ T6399]  ? rcu_is_watching+0x15/0xb0
[  124.254074][ T6399]  ? __pfx_dump_stack_lvl+0x10/0x10
[  124.254092][ T6399]  ? rcu_is_watching+0x15/0xb0
[  124.254110][ T6399]  ? lock_release+0x4b/0x3d0
[  124.254126][ T6399]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  124.254145][ T6399]  ? __virt_addr_valid+0x1c8/0x5c0
[  124.254165][ T6399]  ? __virt_addr_valid+0x4a5/0x5c0
[  124.254186][ T6399]  print_report+0xca/0x240
[  124.254206][ T6399]  ? hci_cmd_work+0x5d0/0x7b0
[  124.254224][ T6399]  kasan_report+0x118/0x150
[  124.254242][ T6399]  ? hci_cmd_work+0x5d0/0x7b0
[  124.254265][ T6399]  hci_cmd_work+0x5d0/0x7b0
[  124.254285][ T6399]  ? process_one_work+0x868/0x15e0
[  124.254302][ T6399]  process_one_work+0x93a/0x15e0
[  124.254316][ T6399]  ? __lock_acquire+0xab9/0xd20
[  124.254340][ T6399]  ? __pfx_process_one_work+0x10/0x10
[  124.254366][ T6399]  ? assign_work+0x3a1/0x410
[  124.254384][ T6399]  worker_thread+0x9b0/0xee0
[  124.254410][ T6399]  kthread+0x711/0x8a0
[  124.254431][ T6399]  ? __pfx_worker_thread+0x10/0x10
[  124.254447][ T6399]  ? __pfx_kthread+0x10/0x10
[  124.254467][ T6399]  ? _raw_spin_unlock_irq+0x23/0x50
[  124.254483][ T6399]  ? lockdep_hardirqs_on+0x9c/0x150
[  124.254501][ T6399]  ? __pfx_kthread+0x10/0x10
[  124.254520][ T6399]  ret_from_fork+0x599/0xb30
[  124.254537][ T6399]  ? __pfx_ret_from_fork+0x10/0x10
[  124.254557][ T6399]  ? __switch_to_asm+0x39/0x70
[  124.254577][ T6399]  ? __switch_to_asm+0x33/0x70
[  124.254595][ T6399]  ? __pfx_kthread+0x10/0x10
[  124.254614][ T6399]  ret_from_fork_asm+0x1a/0x30
[  124.254640][ T6399]  </TASK>
[  124.254647][ T6399] 
[  124.262647][ T6397] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  124.268358][ T6399] Allocated by task 6382:
[  124.268374][ T6399]  kasan_save_track+0x3e/0x80
[  124.277196][ T6397] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  124.278636][ T6399]  __kasan_slab_alloc+0x6c/0x80
[  124.291639][ T6397] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  124.298101][ T6399]  kmem_cache_alloc_node_noprof+0x43c/0x710
[  124.303934][ T6397] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  124.306192][ T6399]  __alloc_skb+0x112/0x2d0
[  124.520056][ T6399]  hci_cmd_sync_alloc+0x3d/0x3b0
[  124.524983][ T6399]  __hci_cmd_sync_sk+0x1a7/0xc70
[  124.529908][ T6399]  hci_cmd_sync_status+0x4d/0x150
[  124.534918][ T6399]  hci_dev_cmd+0x431/0x7d0
[  124.539312][ T6399]  sock_do_ioctl+0xdc/0x300
[  124.543797][ T6399]  sock_ioctl+0x576/0x790
[  124.548282][ T6399]  __se_sys_ioctl+0xfc/0x170
[  124.552854][ T6399]  do_syscall_64+0xfa/0xfa0
[  124.557339][ T6399]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.563220][ T6399] 
[  124.565529][ T6399] Freed by task 6386:
[  124.569496][ T6399]  kasan_save_track+0x3e/0x80
[  124.574155][ T6399]  kasan_save_free_info+0x46/0x50
[  124.579255][ T6399]  __kasan_slab_free+0x5c/0x80
[  124.584002][ T6399]  kmem_cache_free+0x197/0x640
[  124.588749][ T6399]  vhci_read+0x49a/0x5b0
[  124.592985][ T6399]  vfs_read+0x200/0xa30
[  124.597145][ T6399]  ksys_read+0x145/0x250
[  124.601371][ T6399]  do_syscall_64+0xfa/0xfa0
[  124.605859][ T6399]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.611830][ T6399] 
[  124.614137][ T6399] The buggy address belongs to the object at ffff888054ff7000
[  124.614137][ T6399]  which belongs to the cache skbuff_head_cache of size 240
[  124.628698][ T6399] The buggy address is located 56 bytes inside of
[  124.628698][ T6399]  freed 240-byte region [ffff888054ff7000, ffff888054ff70f0)
[  124.642400][ T6399] 
[  124.644714][ T6399] The buggy address belongs to the physical page:
[  124.651114][ T6399] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54ff7
[  124.659855][ T6399] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  124.666953][ T6399] page_type: f5(slab)
[  124.670916][ T6399] raw: 00fff00000000000 ffff88801eae5000 dead000000000122 0000000000000000
[  124.679484][ T6399] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000
[  124.688042][ T6399] page dumped because: kasan: bad access detected
[  124.694441][ T6399] page_owner tracks the page as allocated
[  124.700135][ T6399] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6382, tgid 6382 (syz-executor), ts 124240779717, free_ts 124173791488
[  124.719565][ T6399]  post_alloc_hook+0x240/0x2a0
[  124.724328][ T6399]  get_page_from_freelist+0x2365/0x2440
[  124.729855][ T6399]  __alloc_frozen_pages_noprof+0x181/0x370
[  124.735640][ T6399]  alloc_pages_mpol+0x232/0x4a0
[  124.740484][ T6399]  allocate_slab+0x86/0x3b0
[  124.745061][ T6399]  ___slab_alloc+0xf56/0x1990
[  124.749723][ T6399]  __slab_alloc+0x65/0x100
[  124.754127][ T6399]  kmem_cache_alloc_node_noprof+0x4ce/0x710
[  124.760004][ T6399]  __alloc_skb+0x112/0x2d0
[  124.764398][ T6399]  hci_cmd_sync_alloc+0x3d/0x3b0
[  124.769318][ T6399]  __hci_cmd_sync_sk+0x1a7/0xc70
[  124.774237][ T6399]  hci_cmd_sync_status+0x4d/0x150
[  124.779259][ T6399]  hci_dev_cmd+0x431/0x7d0
[  124.783674][ T6399]  sock_do_ioctl+0xdc/0x300
[  124.788261][ T6399]  sock_ioctl+0x576/0x790
[  124.792595][ T6399]  __se_sys_ioctl+0xfc/0x170
[  124.797174][ T6399] page last free pid 36 tgid 36 stack trace:
[  124.803129][ T6399]  __free_frozen_pages+0xbc8/0xd30
[  124.808224][ T6399]  rcu_core+0xcab/0x1770
[  124.812451][ T6399]  handle_softirqs+0x27d/0x880
[  124.817195][ T6399]  do_softirq+0xec/0x180
[  124.821420][ T6399]  __local_bh_enable_ip+0x17d/0x1c0
[  124.826612][ T6399]  nsim_dev_trap_report_work+0x7c7/0xb80
[  124.832238][ T6399]  process_one_work+0x93a/0x15e0
[  124.837154][ T6399]  worker_thread+0x9b0/0xee0
[  124.841813][ T6399]  kthread+0x711/0x8a0
[  124.845870][ T6399]  ret_from_fork+0x599/0xb30
[  124.850436][ T6399]  ret_from_fork_asm+0x1a/0x30
[  124.855182][ T6399] 
[  124.857491][ T6399] Memory state around the buggy address:
[  124.863096][ T6399]  ffff888054ff6f00: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[  124.871243][ T6399]  ffff888054ff6f80: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[  124.879466][ T6399] >ffff888054ff7000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  124.887502][ T6399]                                         ^
[  124.893372][ T6399]  ffff888054ff7080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  124.901588][ T6399]  ffff888054ff7100: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  124.909714][ T6399] ==================================================================
[  124.922238][ T6399] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  124.929471][ T6399] CPU: 1 UID: 0 PID: 6399 Comm: kworker/u9:7 Not tainted syzkaller #0 PREEMPT(full) 
[  124.938928][ T6399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  124.949151][ T6399] Workqueue: hci0 hci_cmd_work
[  124.953910][ T6399] Call Trace:
[  124.957170][ T6399]  <TASK>
[  124.960080][ T6399]  dump_stack_lvl+0x99/0x250
[  124.964655][ T6399]  ? __asan_memcpy+0x40/0x70
[  124.969230][ T6399]  ? __pfx_dump_stack_lvl+0x10/0x10
[  124.974422][ T6399]  ? __pfx__printk+0x10/0x10
[  124.979002][ T6399]  vpanic+0x237/0x6d0
[  124.982985][ T6399]  ? __pfx_vpanic+0x10/0x10
[  124.987565][ T6399]  ? preempt_schedule+0xae/0xc0
[  124.992403][ T6399]  ? __pfx_preempt_schedule+0x10/0x10
[  124.997758][ T6399]  panic+0xb9/0xc0
[  125.001468][ T6399]  ? __pfx_panic+0x10/0x10
[  125.005869][ T6399]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  125.011743][ T6399]  ? is_module_address+0x17/0xf0
[  125.016665][ T6399]  ? hci_cmd_work+0x5d0/0x7b0
[  125.021324][ T6399]  check_panic_on_warn+0x89/0xb0
[  125.026262][ T6399]  ? hci_cmd_work+0x5d0/0x7b0
[  125.030925][ T6399]  end_report+0x6f/0x160
[  125.035150][ T6399]  kasan_report+0x129/0x150
[  125.039641][ T6399]  ? hci_cmd_work+0x5d0/0x7b0
[  125.044305][ T6399]  hci_cmd_work+0x5d0/0x7b0
[  125.048793][ T6399]  ? process_one_work+0x868/0x15e0
[  125.053887][ T6399]  process_one_work+0x93a/0x15e0
[  125.058805][ T6399]  ? __lock_acquire+0xab9/0xd20
[  125.063658][ T6399]  ? __pfx_process_one_work+0x10/0x10
[  125.069019][ T6399]  ? assign_work+0x3a1/0x410
[  125.073591][ T6399]  worker_thread+0x9b0/0xee0
[  125.078177][ T6399]  kthread+0x711/0x8a0
[  125.082406][ T6399]  ? __pfx_worker_thread+0x10/0x10
[  125.087516][ T6399]  ? __pfx_kthread+0x10/0x10
[  125.092095][ T6399]  ? _raw_spin_unlock_irq+0x23/0x50
[  125.097279][ T6399]  ? lockdep_hardirqs_on+0x9c/0x150
[  125.102460][ T6399]  ? __pfx_kthread+0x10/0x10
[  125.107038][ T6399]  ret_from_fork+0x599/0xb30
[  125.111669][ T6399]  ? __pfx_ret_from_fork+0x10/0x10
[  125.116765][ T6399]  ? __switch_to_asm+0x39/0x70
[  125.121539][ T6399]  ? __switch_to_asm+0x33/0x70
[  125.126289][ T6399]  ? __pfx_kthread+0x10/0x10
[  125.130861][ T6399]  ret_from_fork_asm+0x1a/0x30
[  125.135613][ T6399]  </TASK>
[  125.138914][ T6399] Kernel Offset: disabled
[  125.143226][ T6399] Rebooting in 86400 seconds..