Warning: Permanently added '[localhost]:51536' (ED25519) to the list of known hosts.
2025/05/14 08:27:59 ignoring optional flag "sandboxArg"="0"
2025/05/14 08:28:00 parsed 1 programs
[ 81.464219][ T833] cfg80211: failed to load regulatory.db
[ 82.985238][ T40] audit: type=1400 audit(1747211283.099:122): avc: denied { unlink } for pid=6232 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 83.915932][ T6232] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 85.612842][ T67] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 85.616522][ T67] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 85.619485][ T67] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 85.622649][ T67] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 85.626722][ T67] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 86.234351][ T6268] chnl_net:caif_netlink_parms(): no params data found
[ 86.326591][ T6268] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.328969][ T6268] bridge0: port 1(bridge_slave_0) entered disabled state
[ 86.331261][ T6268] bridge_slave_0: entered allmulticast mode
[ 86.334116][ T6268] bridge_slave_0: entered promiscuous mode
[ 86.340256][ T6268] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.342546][ T6268] bridge0: port 2(bridge_slave_1) entered disabled state
[ 86.345569][ T6268] bridge_slave_1: entered allmulticast mode
[ 86.350925][ T6268] bridge_slave_1: entered promiscuous mode
[ 86.382218][ T6268] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 86.387770][ T6268] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 86.418229][ T6268] team0: Port device team_slave_0 added
[ 86.422037][ T6268] team0: Port device team_slave_1 added
[ 86.469020][ T6268] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 86.471301][ T6268] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 86.479502][ T6268] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 86.487328][ T6268] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 86.489529][ T6268] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 86.497595][ T6268] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 86.536308][ T6268] hsr_slave_0: entered promiscuous mode
[ 86.541664][ T6268] hsr_slave_1: entered promiscuous mode
[ 87.131028][ T6268] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 87.135683][ T6268] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 87.139686][ T6268] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 87.143656][ T6268] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 87.155063][ T6268] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.157470][ T6268] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 87.159848][ T6268] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.162104][ T6268] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 87.188417][ T6268] 8021q: adding VLAN 0 to HW filter on device bond0
[ 87.196947][ T6268] 8021q: adding VLAN 0 to HW filter on device team0
[ 87.206210][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 87.229229][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.231522][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 87.367477][ T6268] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 87.400055][ T6268] veth0_vlan: entered promiscuous mode
[ 87.408907][ T6268] veth1_vlan: entered promiscuous mode
[ 87.434104][ T6268] veth0_macvtap: entered promiscuous mode
[ 87.437827][ T6268] veth1_macvtap: entered promiscuous mode
[ 87.453795][ T6268] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 87.462332][ T6268] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 87.467978][ T6268] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.471555][ T6268] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.475227][ T6268] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.478781][ T6268] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.571725][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 87.626312][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 87.628794][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 87.642355][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 87.662857][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 87.665788][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 87.722696][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 87.808814][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 88.452789][ T40] audit: type=1401 audit(1747211288.559:123): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
2025/05/14 08:28:09 executed programs: 0
[ 88.931228][ T5284] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 88.936074][ T5284] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 88.938818][ T5284] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 88.941957][ T5284] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 88.944823][ T5284] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 89.045650][ T6427] chnl_net:caif_netlink_parms(): no params data found
[ 89.126008][ T6427] bridge0: port 1(bridge_slave_0) entered blocking state
[ 89.129590][ T6427] bridge0: port 1(bridge_slave_0) entered disabled state
[ 89.132330][ T6427] bridge_slave_0: entered allmulticast mode
[ 89.135550][ T6427] bridge_slave_0: entered promiscuous mode
[ 89.138659][ T6427] bridge0: port 2(bridge_slave_1) entered blocking state
[ 89.140947][ T6427] bridge0: port 2(bridge_slave_1) entered disabled state
[ 89.143583][ T6427] bridge_slave_1: entered allmulticast mode
[ 89.147275][ T6427] bridge_slave_1: entered promiscuous mode
[ 89.192250][ T6427] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 89.197231][ T6427] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 89.237975][ T6427] team0: Port device team_slave_0 added
[ 89.242858][ T6427] team0: Port device team_slave_1 added
[ 89.289229][ T6427] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 89.291499][ T6427] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 89.301035][ T6427] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 89.307325][ T6427] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 89.309766][ T6427] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 89.317562][ T6427] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 89.385442][ T6427] hsr_slave_0: entered promiscuous mode
[ 89.388614][ T6427] hsr_slave_1: entered promiscuous mode
[ 89.391557][ T6427] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 89.395000][ T6427] Cannot create hsr debugfs directory
[ 90.962726][ T12] bridge_slave_1: left allmulticast mode
[ 90.964640][ T12] bridge_slave_1: left promiscuous mode
[ 90.966500][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 90.970491][ T12] bridge_slave_0: left allmulticast mode
[ 90.972296][ T12] bridge_slave_0: left promiscuous mode
[ 90.974196][ T67] Bluetooth: hci0: command tx timeout
[ 90.974385][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 91.225873][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 91.231041][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 91.235230][ T12] bond0 (unregistering): Released all slaves
[ 91.388256][ T12] hsr_slave_0: left promiscuous mode
[ 91.390877][ T12] hsr_slave_1: left promiscuous mode
[ 91.393463][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 91.396274][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 91.399530][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 91.402314][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 91.420090][ T12] veth1_macvtap: left promiscuous mode
[ 91.422287][ T12] veth0_macvtap: left promiscuous mode
[ 91.424588][ T12] veth1_vlan: left promiscuous mode
[ 91.426658][ T12] veth0_vlan: left promiscuous mode
[ 91.824131][ T12] team0 (unregistering): Port device team_slave_1 removed
[ 91.864809][ T12] team0 (unregistering): Port device team_slave_0 removed
[ 92.600872][ T6427] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 92.606089][ T6427] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 92.611071][ T6427] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 92.615879][ T6427] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 92.651034][ T6427] 8021q: adding VLAN 0 to HW filter on device bond0
[ 92.665244][ T6427] 8021q: adding VLAN 0 to HW filter on device team0
[ 92.670711][ T66] bridge0: port 1(bridge_slave_0) entered blocking state
[ 92.673086][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 92.680045][ T66] bridge0: port 2(bridge_slave_1) entered blocking state
[ 92.682385][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 92.976053][ T6427] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 92.997723][ T6427] veth0_vlan: entered promiscuous mode
[ 93.002465][ T6427] veth1_vlan: entered promiscuous mode
[ 93.017869][ T6427] veth0_macvtap: entered promiscuous mode
[ 93.022062][ T6427] veth1_macvtap: entered promiscuous mode
[ 93.032272][ T6427] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 93.040332][ T6427] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 93.046216][ T6427] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.049413][ T6427] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.052323][ T6427] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.053141][ T67] Bluetooth: hci0: command tx timeout
[ 93.055343][ T6427] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 93.123746][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 93.126796][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 93.145502][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 93.148316][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 93.194204][ T40] audit: type=1400 audit(1747211293.309:124): avc: denied { map_create } for pid=6502 comm="syz.0.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 93.201956][ T40] audit: type=1400 audit(1747211293.309:125): avc: denied { read } for pid=6502 comm="syz.0.16" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 93.209993][ T40] audit: type=1400 audit(1747211293.309:126): avc: denied { open } for pid=6502 comm="syz.0.16" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 93.217341][ T40] audit: type=1400 audit(1747211293.309:127): avc: denied { ioctl } for pid=6502 comm="syz.0.16" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 93.237915][ T40] audit: type=1400 audit(1747211293.349:128): avc: denied { bind } for pid=6502 comm="syz.0.16" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 93.238082][ T6503] Bluetooth: MGMT ver 1.23
[ 93.244699][ T40] audit: type=1400 audit(1747211293.349:129): avc: denied { write } for pid=6502 comm="syz.0.16" path="socket:[8985]" dev="sockfs" ino=8985 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 93.258976][ T67] ==================================================================
[ 93.262257][ T67] BUG: KASAN: slab-out-of-bounds in hci_cmd_sync_alloc+0x300/0x3a0
[ 93.265468][ T67] Read of size 29542 at addr ffff88804ddd0a66 by task kworker/u33:0/67
[ 93.269933][ T67]
[ 93.270933][ T67] CPU: 2 UID: 0 PID: 67 Comm: kworker/u33:0 Not tainted 6.15.0-rc6-syzkaller-g9f35e33144ae #0 PREEMPT(full)
[ 93.270954][ T67] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 93.270965][ T67] Workqueue: hci0 hci_cmd_sync_work
[ 93.270986][ T67] Call Trace:
[ 93.270992][ T67]
[ 93.270999][ T67] dump_stack_lvl+0x116/0x1f0
[ 93.271022][ T67] print_report+0xc3/0x670
[ 93.271038][ T67] ? __virt_addr_valid+0x5e/0x590
[ 93.271057][ T67] ? __phys_addr+0xc6/0x150
[ 93.271079][ T67] ? hci_cmd_sync_alloc+0x300/0x3a0
[ 93.271095][ T67] kasan_report+0xe0/0x110
[ 93.271112][ T67] ? hci_cmd_sync_alloc+0x300/0x3a0
[ 93.271128][ T67] kasan_check_range+0xef/0x1a0
[ 93.271147][ T67] __asan_memcpy+0x23/0x60
[ 93.271169][ T67] hci_cmd_sync_alloc+0x300/0x3a0
[ 93.271188][ T67] __hci_cmd_sync_sk+0x157/0xc90
[ 93.271206][ T67] ? __pfx___hci_cmd_sync_sk+0x10/0x10
[ 93.271220][ T67] ? __pfx___might_resched+0x10/0x10
[ 93.271241][ T67] ? rcu_is_watching+0x12/0xc0
[ 93.271259][ T67] ? trace_contention_end+0xdd/0x130
[ 93.271277][ T67] ? __pfx___mutex_lock+0x10/0x10
[ 93.271301][ T67] ? __lock_acquire+0xaa4/0x1ba0
[ 93.271324][ T67] __hci_cmd_sync_ev+0x3e/0x50
[ 93.271342][ T67] send_hci_cmd_sync+0x18d/0x3f0
[ 93.271361][ T67] hci_cmd_sync_work+0x1a8/0x430
[ 93.271379][ T67] process_one_work+0x9cf/0x1b70
[ 93.271396][ T67] ? __pfx_process_one_work+0x10/0x10
[ 93.271414][ T67] ? assign_work+0x1a0/0x250
[ 93.271430][ T67] worker_thread+0x6c8/0xf10
[ 93.271450][ T67] ? __pfx_worker_thread+0x10/0x10
[ 93.271467][ T67] kthread+0x3c2/0x780
[ 93.271482][ T67] ? __pfx_kthread+0x10/0x10
[ 93.271491][ T67] ? __pfx_kthread+0x10/0x10
[ 93.271505][ T67] ? __pfx_kthread+0x10/0x10
[ 93.271520][ T67] ? __pfx_kthread+0x10/0x10
[ 93.271533][ T67] ? rcu_is_watching+0x12/0xc0
[ 93.271551][ T67] ? __pfx_kthread+0x10/0x10
[ 93.271566][ T67] ret_from_fork+0x45/0x80
[ 93.271577][ T67] ? __pfx_kthread+0x10/0x10
[ 93.271592][ T67] ret_from_fork_asm+0x1a/0x30
[ 93.271619][ T67]
[ 93.271624][ T67]
[ 93.342457][ T67] Allocated by task 6503:
[ 93.343855][ T67] kasan_save_stack+0x33/0x60
[ 93.345368][ T67] kasan_save_track+0x14/0x30
[ 93.346892][ T67] __kasan_kmalloc+0xaa/0xb0
[ 93.348384][ T67] __kmalloc_node_track_caller_noprof+0x221/0x510
[ 93.350430][ T67] kmemdup_noprof+0x29/0x60
[ 93.351893][ T67] mgmt_pending_new+0x10b/0x290
[ 93.353471][ T67] mgmt_hci_cmd_sync+0x58/0x1c0
[ 93.355035][ T67] hci_sock_sendmsg+0x151f/0x25e0
[ 93.356654][ T67] sock_write_iter+0x4fc/0x5b0
[ 93.358201][ T67] vfs_write+0x5ba/0x1180
[ 93.359601][ T67] ksys_write+0x205/0x240
[ 93.360992][ T67] do_syscall_64+0xcd/0x260
[ 93.362478][ T67] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 93.364375][ T67]
[ 93.365156][ T67] The buggy address belongs to the object at ffff88804ddd0a60
[ 93.365156][ T67] which belongs to the cache kmalloc-8 of size 8
[ 93.369410][ T67] The buggy address is located 6 bytes inside of
[ 93.369410][ T67] allocated 7-byte region [ffff88804ddd0a60, ffff88804ddd0a67)
[ 93.373700][ T67]
[ 93.374482][ T67] The buggy address belongs to the physical page:
[ 93.376523][ T67] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ddd0
[ 93.379276][ T67] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 93.381538][ T67] page_type: f5(slab)
[ 93.382831][ T67] raw: 00fff00000000000 ffff88801b442500 dead000000000122 0000000000000000
[ 93.385519][ T67] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[ 93.388232][ T67] page dumped because: kasan: bad access detected
[ 93.390261][ T67] page_owner tracks the page as allocated
[ 93.392066][ T67] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6427, tgid 6427 (syz-executor), ts 89429062697, free_ts 88739541331
[ 93.397973][ T67] post_alloc_hook+0x181/0x1b0
[ 93.399524][ T67] get_page_from_freelist+0x135c/0x3920
[ 93.401292][ T67] __alloc_frozen_pages_noprof+0x263/0x23a0
[ 93.403185][ T67] alloc_pages_mpol+0x1fb/0x550
[ 93.404755][ T67] new_slab+0x244/0x340
[ 93.406093][ T67] ___slab_alloc+0xd9c/0x1940
[ 93.407638][ T67] __slab_alloc.constprop.0+0x56/0xb0
[ 93.409341][ T67] __kmalloc_node_track_caller_noprof+0x2ee/0x510
[ 93.411376][ T67] kvasprintf+0xbc/0x160
[ 93.412747][ T67] kvasprintf_const+0x66/0x1a0
[ 93.414284][ T67] kobject_set_name_vargs+0x5a/0x140
[ 93.415987][ T67] kobject_init_and_add+0xe7/0x190
[ 93.417604][ T67] net_rx_queue_update_kobjects+0x380/0x770
[ 93.419491][ T67] netdev_register_kobject+0x269/0x3a0
[ 93.421254][ T67] register_netdevice+0x13dc/0x2270
[ 93.422923][ T67] veth_newlink+0x446/0xa00
[ 93.424376][ T67] page last free pid 29 tgid 29 stack trace:
[ 93.426276][ T67] __free_frozen_pages+0x69d/0xff0
[ 93.427886][ T67] kasan_depopulate_vmalloc_pte+0x63/0x80
[ 93.429697][ T67] __apply_to_page_range+0x61a/0xd60
[ 93.431440][ T67] kasan_release_vmalloc+0xd1/0xe0
[ 93.433007][ T67] purge_vmap_node+0x1cb/0xa70
[ 93.434651][ T67] __purge_vmap_area_lazy+0x9d1/0xc90
[ 93.436532][ T67] drain_vmap_area_work+0x27/0x40
[ 93.438439][ T67] process_one_work+0x9cf/0x1b70
[ 93.440174][ T67] worker_thread+0x6c8/0xf10
[ 93.441973][ T67] kthread+0x3c2/0x780
[ 93.443392][ T67] ret_from_fork+0x45/0x80
[ 93.444998][ T67] ret_from_fork_asm+0x1a/0x30
[ 93.446968][ T67]
[ 93.447939][ T67] Memory state around the buggy address:
[ 93.449777][ T67] ffff88804ddd0900: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc
[ 93.452458][ T67] ffff88804ddd0980: fa fc fc fc fa fc fc fc fa fc fc fc 00 fc fc fc
[ 93.455162][ T67] >ffff88804ddd0a00: fa fc fc fc fa fc fc fc fa fc fc fc 07 fc fc fc
[ 93.458122][ T67] ^
[ 93.461182][ T67] ffff88804ddd0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 93.464244][ T67] ffff88804ddd0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 93.467489][ T67] ==================================================================
[ 93.471136][ T67] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 93.473482][ T67] CPU: 2 UID: 0 PID: 67 Comm: kworker/u33:0 Not tainted 6.15.0-rc6-syzkaller-g9f35e33144ae #0 PREEMPT(full)
[ 93.477758][ T67] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 93.481788][ T67] Workqueue: hci0 hci_cmd_sync_work
[ 93.483768][ T67] Call Trace:
[ 93.484895][ T67]
[ 93.485923][ T67] dump_stack_lvl+0x3d/0x1f0
[ 93.487492][ T67] panic+0x71c/0x800
[ 93.488754][ T67] ? __pfx_panic+0x10/0x10
[ 93.490179][ T67] ? irqentry_exit+0x3b/0x90
[ 93.491691][ T67] ? lockdep_hardirqs_on+0x7c/0x110
[ 93.493340][ T67] ? preempt_schedule_thunk+0x16/0x30
[ 93.495054][ T67] ? hci_cmd_sync_alloc+0x300/0x3a0
[ 93.496728][ T67] ? preempt_schedule_common+0x44/0xc0
[ 93.498450][ T67] ? check_panic_on_warn+0x1f/0xb0
[ 93.500083][ T67] ? hci_cmd_sync_alloc+0x300/0x3a0
[ 93.501754][ T67] check_panic_on_warn+0xab/0xb0
[ 93.503338][ T67] end_report+0x107/0x170
[ 93.504719][ T67] kasan_report+0xee/0x110
[ 93.506140][ T67] ? hci_cmd_sync_alloc+0x300/0x3a0
[ 93.507796][ T67] kasan_check_range+0xef/0x1a0
[ 93.509355][ T67] __asan_memcpy+0x23/0x60
[ 93.510799][ T67] hci_cmd_sync_alloc+0x300/0x3a0
[ 93.512402][ T67] __hci_cmd_sync_sk+0x157/0xc90
[ 93.513975][ T67] ? __pfx___hci_cmd_sync_sk+0x10/0x10
[ 93.515754][ T67] ? __pfx___might_resched+0x10/0x10
[ 93.517636][ T67] ? rcu_is_watching+0x12/0xc0
[ 93.519172][ T67] ? trace_contention_end+0xdd/0x130
[ 93.520858][ T67] ? __pfx___mutex_lock+0x10/0x10
[ 93.522471][ T67] ? __lock_acquire+0xaa4/0x1ba0
[ 93.524071][ T67] __hci_cmd_sync_ev+0x3e/0x50
[ 93.525600][ T67] send_hci_cmd_sync+0x18d/0x3f0
[ 93.527201][ T67] hci_cmd_sync_work+0x1a8/0x430
[ 93.528809][ T67] process_one_work+0x9cf/0x1b70
[ 93.530390][ T67] ? __pfx_process_one_work+0x10/0x10
[ 93.532095][ T67] ? assign_work+0x1a0/0x250
[ 93.533555][ T67] worker_thread+0x6c8/0xf10
[ 93.535023][ T67] ? __pfx_worker_thread+0x10/0x10
[ 93.536649][ T67] kthread+0x3c2/0x780
[ 93.537973][ T67] ? __pfx_kthread+0x10/0x10
[ 93.539463][ T67] ? __pfx_kthread+0x10/0x10
[ 93.540966][ T67] ? __pfx_kthread+0x10/0x10
[ 93.542441][ T67] ? __pfx_kthread+0x10/0x10
[ 93.543929][ T67] ? rcu_is_watching+0x12/0xc0
[ 93.545463][ T67] ? __pfx_kthread+0x10/0x10
[ 93.546882][ T67] ret_from_fork+0x45/0x80
[ 93.548137][ T67] ? __pfx_kthread+0x10/0x10
[ 93.549544][ T67] ret_from_fork_asm+0x1a/0x30
[ 93.551100][ T67]
[ 93.552707][ T67] Kernel Offset: disabled
[ 93.554078][ T67] Rebooting in 86400 seconds..