Warning: Permanently added '10.128.1.164' (ED25519) to the list of known hosts.
1970/01/01 00:01:22 ignoring optional flag "sandboxArg"="0"
1970/01/01 00:01:22 ignoring optional flag "type"="gce"
1970/01/01 00:01:23 parsed 1 programs
[   85.840082][ T4450] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   92.513257][ T4482] chnl_net:caif_netlink_parms(): no params data found
[   92.547786][ T4482] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.548919][ T4482] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.550964][ T4482] device bridge_slave_0 entered promiscuous mode
[   92.553972][ T4482] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.555120][ T4482] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.556837][ T4482] device bridge_slave_1 entered promiscuous mode
[   92.571772][ T4482] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   92.576860][ T4482] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   92.589492][ T4482] team0: Port device team_slave_0 added
[   92.591998][ T4482] team0: Port device team_slave_1 added
[   92.603791][ T4482] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.604823][ T4482] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.608595][ T4482] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.612036][ T4482] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.613152][ T4482] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.616932][ T4482] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.671268][ T4482] device hsr_slave_0 entered promiscuous mode
[   92.719672][ T4482] device hsr_slave_1 entered promiscuous mode
[   93.508310][ T4482] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   93.555577][ T4482] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   93.591080][ T4482] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   93.641857][ T4482] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   93.805649][ T4482] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.814161][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   93.815644][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   93.821891][ T4482] 8021q: adding VLAN 0 to HW filter on device team0
[   93.827526][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   93.829059][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   93.832225][ T1600] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.833400][ T1600] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.835049][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   93.839000][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   93.841610][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   93.843668][ T1600] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.844847][ T1600] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.851102][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   93.856304][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   93.862160][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   93.864879][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   93.873114][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   93.875167][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   93.876921][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   93.884466][ T4482] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   93.886184][ T4482] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   93.888691][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   93.892741][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   93.900962][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   93.904494][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   93.906440][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   94.020371][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   94.021634][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   94.025943][ T4482] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.040783][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   94.042511][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   94.053520][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   94.055102][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   94.056960][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   94.058501][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   94.065771][ T4482] device veth0_vlan entered promiscuous mode
[   94.073655][ T4482] device veth1_vlan entered promiscuous mode
[   94.087689][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   94.089591][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   94.091286][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   94.093115][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   94.098178][ T4482] device veth0_macvtap entered promiscuous mode
[   94.103527][ T4482] device veth1_macvtap entered promiscuous mode
[   94.113165][ T4482] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.114348][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   94.116568][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   94.118023][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   94.120682][  T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   94.125210][ T4482] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.127689][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   94.130799][ T1600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   94.134893][ T4482] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.136122][ T4482] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.137520][ T4482] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.138937][ T4482] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.592010][  T148] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   95.366211][  T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.367361][  T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.369154][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   95.388328][  T340] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.389957][  T340] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.393081][  T340] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:01:35 executed programs: 0
[   95.578216][ T4671] chnl_net:caif_netlink_parms(): no params data found
[   95.611229][ T4671] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.612417][ T4671] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.614113][ T4671] device bridge_slave_0 entered promiscuous mode
[   95.616419][ T4671] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.617554][ T4671] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.622996][ T4671] device bridge_slave_1 entered promiscuous mode
[   95.646852][ T4671] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.651092][ T4671] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.666119][ T4671] team0: Port device team_slave_0 added
[   95.668900][ T4671] team0: Port device team_slave_1 added
[   95.683832][ T4671] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.685130][ T4671] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.688771][ T4671] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.699574][ T4671] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.700669][ T4671] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.704447][ T4671] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.761229][ T4671] device hsr_slave_0 entered promiscuous mode
[   95.792385][ T4671] device hsr_slave_1 entered promiscuous mode
[   95.839491][ T4671] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   95.840650][ T4671] Cannot create hsr debugfs directory
[   97.477641][  T148] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   97.540155][ T4131] Bluetooth: hci1: command 0x0409 tx timeout
[   99.620181][ T4132] Bluetooth: hci1: command 0x041b tx timeout
[   99.934910][  T148] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.976010][  T148] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  100.873355][ T4671] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  100.931233][ T4671] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  100.961797][ T4671] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  101.011502][ T4671] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  101.111523][ T4671] 8021q: adding VLAN 0 to HW filter on device bond0
[  101.133293][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  101.135058][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  101.138718][ T4671] 8021q: adding VLAN 0 to HW filter on device team0
[  101.144428][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  101.146357][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  101.148081][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.149169][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  101.154341][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  101.167797][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  101.170518][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  101.172128][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.173328][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  101.174835][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  101.178924][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  101.185704][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  101.188334][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  101.190649][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  101.195122][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  101.197205][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  101.202074][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  101.203733][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  101.207759][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  101.211385][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  101.226432][ T4671] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  101.298801][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  101.300839][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  101.306491][ T4671] 8021q: adding VLAN 0 to HW filter on device batadv0
[  101.316747][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  101.318422][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  101.328747][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  101.330639][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  101.332599][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  101.334106][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  101.337798][ T4671] device veth0_vlan entered promiscuous mode
[  101.344542][ T4671] device veth1_vlan entered promiscuous mode
[  101.357269][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  101.359184][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  101.361577][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  101.363251][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  101.366832][ T4671] device veth0_macvtap entered promiscuous mode
[  101.370832][ T4671] device veth1_macvtap entered promiscuous mode
[  101.380078][ T4671] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  101.381627][ T4671] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  101.384092][ T4671] batman_adv: batadv0: Interface activated: batadv_slave_0
[  101.385346][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  101.387113][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  101.388725][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  101.391694][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  101.395007][ T4671] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  101.396795][ T4671] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  101.400409][ T4671] batman_adv: batadv0: Interface activated: batadv_slave_1
[  101.401959][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  101.403829][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  101.407796][ T4671] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  101.409396][ T4671] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  101.410509][ T4671] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  101.411775][ T4671] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.447915][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.452140][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.455530][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  101.467026][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  101.468209][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  101.471069][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:01:41 executed programs: 2
[  101.517420][  T144] BUG: sleeping function called from invalid context at net/core/sock.c:3253
[  101.518756][  T144] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 144, name: kworker/u5:0
[  101.520190][  T144] 6 locks held by kworker/u5:0/144:
[  101.520996][  T144]  #0: ffff0000cad6b938 ((wq_completion)hci1#2){+.+.}-{0:0}, at: process_one_work+0x678/0x1140
[  101.522432][  T144]  #1: ffff80001bda7c00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6b8/0x1140
[  101.524155][  T144]  #2: ffff0000ecd80078 (&hdev->lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0xb0/0x89c
[  101.525676][  T144]  #3: ffff8000163dce48 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0x400/0x89c
[  101.527369][  T144]  #4: ffff0000d2c03020 (&conn->lock#2){+.+.}-{2:2}, at: sco_connect_cfm+0x25c/0x8c0
[  101.528763][  T144]  #5: ffff0000cf83b120 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x3cc/0x8c0
[  101.530650][  T144] Preemption disabled at:
[  101.530662][  T144] [<ffff80001059ba80>] sco_connect_cfm+0x25c/0x8c0
[  101.532269][  T144] CPU: 1 PID: 144 Comm: kworker/u5:0 Not tainted 5.15.189-syzkaller #0
[  101.533450][  T144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  101.535060][  T144] Workqueue: hci1 hci_rx_work
[  101.535778][  T144] Call trace:
[  101.536309][  T144]  dump_backtrace+0x0/0x43c
[  101.537091][  T144]  show_stack+0x2c/0x3c
[  101.537709][  T144]  __dump_stack+0x30/0x40
[  101.538300][  T144]  dump_stack_lvl+0xf8/0x160
[  101.539028][  T144]  dump_stack+0x1c/0x5c
[  101.539638][  T144]  ___might_sleep+0x358/0x4d4
[  101.540450][  T144]  __might_sleep+0x98/0x124
[  101.541141][  T144]  lock_sock_nested+0xec/0x1d4
[  101.541881][  T144]  sco_connect_cfm+0x3cc/0x8c0
[  101.542507][  T144]  hci_sync_conn_complete_evt+0x468/0x89c
[  101.543342][  T144]  hci_event_packet+0xa24/0x11bc
[  101.544154][  T144]  hci_rx_work+0x1cc/0x880
[  101.544766][  T144]  process_one_work+0x79c/0x1140
[  101.545738][  T144]  worker_thread+0x8f4/0x101c
[  101.546541][  T144]  kthread+0x374/0x454
[  101.547157][  T144]  ret_from_fork+0x10/0x20
[  101.547900][  T144] ==================================================================
[  101.549050][  T144] BUG: KASAN: use-after-free in __lock_acquire+0xf0/0x651c
[  101.550228][  T144] Read of size 8 at addr ffff0000cf83b0a0 by task kworker/u5:0/144
[  101.551586][  T144] 
[  101.551997][  T144] CPU: 1 PID: 144 Comm: kworker/u5:0 Tainted: G        W         5.15.189-syzkaller #0
[  101.553410][  T144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  101.554870][  T144] Workqueue: hci1 hci_rx_work
[  101.555615][  T144] Call trace:
[  101.556151][  T144]  dump_backtrace+0x0/0x43c
[  101.556975][  T144]  show_stack+0x2c/0x3c
[  101.557608][  T144]  __dump_stack+0x30/0x40
[  101.558247][  T144]  dump_stack_lvl+0xf8/0x160
[  101.559021][  T144]  print_address_description+0x78/0x30c
[  101.559826][  T144]  kasan_report+0xec/0x15c
[  101.560443][  T144]  __asan_report_load8_noabort+0x44/0x50
[  101.561429][  T144]  __lock_acquire+0xf0/0x651c
[  101.562137][  T144]  lock_acquire+0x1f4/0x620
[  101.562900][  T144]  _raw_spin_lock_bh+0x114/0x1b4
[  101.563660][  T144]  lock_sock_nested+0xf4/0x1d4
[  101.564352][  T144]  sco_connect_cfm+0x3cc/0x8c0
[  101.565054][  T144]  hci_sync_conn_complete_evt+0x468/0x89c
[  101.565951][  T144]  hci_event_packet+0xa24/0x11bc
[  101.566713][  T144]  hci_rx_work+0x1cc/0x880
[  101.567465][  T144]  process_one_work+0x79c/0x1140
[  101.568273][  T144]  worker_thread+0x8f4/0x101c
[  101.568989][  T144]  kthread+0x374/0x454
[  101.569578][  T144]  ret_from_fork+0x10/0x20
[  101.570320][  T144] 
[  101.570701][  T144] Allocated by task 4924:
[  101.571291][  T144]  __kasan_kmalloc+0xb0/0xf0
[  101.572067][  T144]  __kmalloc+0x298/0x44c
[  101.572765][  T144]  sk_prot_alloc+0xc4/0x1f0
[  101.573428][  T144]  sk_alloc+0x40/0x388
[  101.574225][  T144]  sco_sock_create+0xb8/0x2d4
[  101.574974][  T144]  bt_sock_create+0x14c/0x24c
[  101.575687][  T144]  __sock_create+0x4b0/0x8b4
[  101.576411][  T144]  __sys_socket+0xf0/0x18c
[  101.577063][  T144]  __arm64_sys_socket+0x7c/0x94
[  101.577833][  T144]  invoke_syscall+0x98/0x2b8
[  101.578599][  T144]  el0_svc_common+0x138/0x258
[  101.579383][  T144]  do_el0_svc+0x58/0x14c
[  101.580050][  T144]  el0_svc+0x78/0x1e0
[  101.580733][  T144]  el0t_64_sync_handler+0xcc/0xe4
[  101.581591][  T144]  el0t_64_sync+0x1a0/0x1a4
[  101.582368][  T144] 
[  101.582737][  T144] Freed by task 4923:
[  101.583333][  T144]  kasan_set_track+0x4c/0x84
[  101.584082][  T144]  kasan_set_free_info+0x28/0x4c
[  101.584835][  T144]  ____kasan_slab_free+0x118/0x164
[  101.585682][  T144]  __kasan_slab_free+0x18/0x28
[  101.586461][  T144]  slab_free_freelist_hook+0x128/0x1e8
[  101.587265][  T144]  kfree+0x170/0x40c
[  101.587827][  T144]  __sk_destruct+0x41c/0x604
[  101.588623][  T144]  __sk_free+0x320/0x430
[  101.589284][  T144]  sk_free+0x68/0xdc
[  101.590014][  T144]  sco_sock_kill+0x104/0x1c8
[  101.590814][  T144]  sco_sock_release+0x1f8/0x2c4
[  101.591537][  T144]  sock_close+0xb4/0x1f8
[  101.592324][  T144]  __fput+0x1c0/0x7f8
[  101.592998][  T144]  ____fput+0x20/0x30
[  101.593658][  T144]  task_work_run+0x12c/0x1e0
[  101.594453][  T144]  do_notify_resume+0x24b4/0x3128
[  101.595378][  T144]  el0_svc+0xf0/0x1e0
[  101.596003][  T144]  el0t_64_sync_handler+0xcc/0xe4
[  101.596842][  T144]  el0t_64_sync+0x1a0/0x1a4
[  101.597586][  T144] 
[  101.597966][  T144] The buggy address belongs to the object at ffff0000cf83b000
[  101.597966][  T144]  which belongs to the cache kmalloc-2k of size 2048
[  101.600338][  T144] The buggy address is located 160 bytes inside of
[  101.600338][  T144]  2048-byte region [ffff0000cf83b000, ffff0000cf83b800)
[  101.602389][  T144] The buggy address belongs to the page:
[  101.603475][  T144] page:00000000b72a07e7 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f838
[  101.605101][  T144] head:00000000b72a07e7 order:3 compound_mapcount:0 compound_pincount:0
[  101.606461][  T144] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[  101.607738][  T144] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002900
[  101.609180][  T144] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[  101.610500][  T144] page dumped because: kasan: bad access detected
[  101.611597][  T144] 
[  101.611939][  T144] Memory state around the buggy address:
[  101.612757][  T144]  ffff0000cf83af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  101.613846][  T144]  ffff0000cf83b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  101.615274][  T144] >ffff0000cf83b080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  101.616654][  T144]                                ^
[  101.617461][  T144]  ffff0000cf83b100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  101.618744][  T144]  ffff0000cf83b180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  101.620048][  T144] ==================================================================
[  101.621279][  T144] Disabling lock debugging due to kernel taint
[  101.622312][  T144] Unable to handle kernel paging request at virtual address dfff800000000000
[  101.623533][  T144] Mem abort info:
[  101.623973][  T144]   ESR = 0x0000000096000006
[  101.624720][  T144]   EC = 0x25: DABT (current EL), IL = 32 bits
[  101.625598][  T144]   SET = 0, FnV = 0
[  101.626109][  T144]   EA = 0, S1PTW = 0
[  101.626756][  T144]   FSC = 0x06: level 2 translation fault
[  101.627529][  T144] Data abort info:
[  101.628170][  T144]   ISV = 0, ISS = 0x00000006
[  101.628926][  T144]   CM = 0, WnR = 0
[  101.629519][  T144] [dfff800000000000] address between user and kernel address ranges
[  101.630598][  T144] Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
[  101.631695][  T144] Modules linked in:
[  101.632207][  T144] CPU: 1 PID: 144 Comm: kworker/u5:0 Tainted: G    B   W         5.15.189-syzkaller #0
[  101.633674][  T144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  101.635078][  T144] Workqueue: hci1 hci_rx_work
[  101.635783][  T144] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[  101.637139][  T144] pc : apparmor_sk_clone_security+0xf4/0x3e0
[  101.637961][  T144] lr : apparmor_sk_clone_security+0xd4/0x3e0
[  101.638771][  T144] sp : ffff80001bda7780
[  101.639430][  T144] x29: ffff80001bda7780 x28: 1ffff000037b4f04 x27: dfff800000000000
[  101.640603][  T144] x26: 1fffe0001a580609 x25: ffff0000cf6be3aa x24: 1fffe0001a5e8b00
[  101.641678][  T144] x23: dfff800000000000 x22: dfff800000000000 x21: 0000000000000000
[  101.642920][  T144] x20: 0000000000000000 x19: ffff0000d2f45800 x18: 0000000000000204
[  101.644097][  T144] x17: ffff8000104e09e4 x16: ffff8000082d6ecc x15: ffff80000f6945b0
[  101.645252][  T144] x14: ffff80000f6949d8 x13: ffff80000802cae0 x12: 0000000000ff0100
[  101.646482][  T144] x11: 0000000000000001 x10: 0000000000000000 x9 : ffff80000a414ed0
[  101.647597][  T144] x8 : 0000000000000000 x7 : ffffffffffffffff x6 : ffff8000104a5c44
[  101.648785][  T144] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80000a414e44
[  101.649940][  T144] x2 : 0000000000000000 x1 : 0000000000000008 x0 : 0000000000000000
[  101.651246][  T144] Call trace:
[  101.651690][  T144]  apparmor_sk_clone_security+0xf4/0x3e0
[  101.652503][  T144]  security_sk_clone+0x58/0x9c
[  101.653180][  T144]  sco_connect_cfm+0x578/0x8c0
[  101.653880][  T144]  hci_sync_conn_complete_evt+0x468/0x89c
[  101.654701][  T144]  hci_event_packet+0xa24/0x11bc
[  101.655400][  T144]  hci_rx_work+0x1cc/0x880
[  101.656120][  T144]  process_one_work+0x79c/0x1140
[  101.656979][  T144]  worker_thread+0x8f4/0x101c
[  101.657633][  T144]  kthread+0x374/0x454
[  101.658378][  T144]  ret_from_fork+0x10/0x20
[  101.659099][  T144] Code: 710006df 540010cb 97819146 d343fe88 (38776908) 
[  101.660222][  T144] ---[ end trace 1d8ae6fda5a78b21 ]---
[  103.155571][  T144] Kernel panic - not syncing: Oops: Fatal exception
[  103.156615][  T144] SMP: stopping secondary CPUs
[  103.157397][  T144] Kernel Offset: disabled
[  103.158120][  T144] CPU features: 0x8,000081c1,21302e40
[  103.158938][  T144] Memory Limit: none
[  103.530815][  T144] Rebooting in 86400 seconds..