Warning: Permanently added '10.128.1.100' (ED25519) to the list of known hosts.
2025/11/12 22:26:09 parsed 1 programs
[   74.246144][ T5833] cgroup: Unknown subsys name 'net'
[   74.355240][ T5833] cgroup: Unknown subsys name 'cpuset'
[   74.364399][ T5833] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   75.811910][ T5833] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   78.612948][ T5843] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   78.880594][   T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   78.890207][   T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   78.898030][   T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   78.906628][   T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   78.917675][   T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   79.245184][ T1098] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.260861][ T1098] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.298215][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.306357][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.249986][ T5899] chnl_net:caif_netlink_parms(): no params data found
[   81.338471][ T5899] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.346973][ T5899] bridge0: port 1(bridge_slave_0) entered disabled state
[   81.354878][ T5899] bridge_slave_0: entered allmulticast mode
[   81.363028][ T5899] bridge_slave_0: entered promiscuous mode
[   81.374467][ T5899] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.381607][ T5899] bridge0: port 2(bridge_slave_1) entered disabled state
[   81.389036][ T5899] bridge_slave_1: entered allmulticast mode
[   81.396236][ T5899] bridge_slave_1: entered promiscuous mode
[   81.428283][ T5899] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   81.444525][ T5899] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   81.479000][ T5899] team0: Port device team_slave_0 added
[   81.487561][ T5899] team0: Port device team_slave_1 added
[   81.511593][ T5899] batman_adv: batadv0: Adding interface: batadv_slave_0
[   81.518849][ T5899] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   81.544861][ T5899] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   81.557654][ T5899] batman_adv: batadv0: Adding interface: batadv_slave_1
[   81.564658][ T5899] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   81.590668][ T5899] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   81.629563][ T5899] hsr_slave_0: entered promiscuous mode
[   81.636652][ T5899] hsr_slave_1: entered promiscuous mode
[   81.811698][ T5899] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   81.828317][ T5899] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   81.840713][ T5899] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   81.857544][ T5899] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   81.902053][ T5899] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.909438][ T5899] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.985798][ T5899] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.004806][ T1113] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.033223][ T5899] 8021q: adding VLAN 0 to HW filter on device team0
[   82.047700][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.054840][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.068704][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.075920][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.230108][ T5899] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.274503][ T5899] veth0_vlan: entered promiscuous mode
[   82.285878][ T5899] veth1_vlan: entered promiscuous mode
[   82.313809][ T5899] veth0_macvtap: entered promiscuous mode
[   82.323923][ T5899] veth1_macvtap: entered promiscuous mode
[   82.344387][ T5899] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.356689][ T5899] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.372923][ T1343] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.383550][ T1343] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.393562][ T1343] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.403764][ T1343] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.544130][ T1113] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.605778][ T1113] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.669873][ T1113] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   82.745479][ T1113] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/11/12 22:26:20 executed programs: 0
[   83.391664][ T5857] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   83.400715][ T5857] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   83.409239][ T5857] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   83.418180][ T5857] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   83.426964][ T5857] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   83.569666][ T5940] chnl_net:caif_netlink_parms(): no params data found
[   83.640025][ T5940] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.647307][ T5940] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.654715][ T5940] bridge_slave_0: entered allmulticast mode
[   83.661820][ T5940] bridge_slave_0: entered promiscuous mode
[   83.670020][ T5940] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.677488][ T5940] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.684798][ T5940] bridge_slave_1: entered allmulticast mode
[   83.692439][ T5940] bridge_slave_1: entered promiscuous mode
[   83.730912][ T5940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   83.744196][ T5940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   83.780790][ T5940] team0: Port device team_slave_0 added
[   83.789578][ T5940] team0: Port device team_slave_1 added
[   83.821589][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_0
[   83.828855][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   83.855449][ T5940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   83.869240][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_1
[   83.876547][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   83.902782][ T5940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   83.956169][ T5940] hsr_slave_0: entered promiscuous mode
[   83.962883][ T5940] hsr_slave_1: entered promiscuous mode
[   83.969041][ T5940] debugfs: 'hsr0' already exists in 'hsr'
[   83.975621][ T5940] Cannot create hsr debugfs directory
[   85.462767][ T5857] Bluetooth: hci0: command tx timeout
[   85.740890][ T1113] bridge_slave_1: left allmulticast mode
[   85.746965][ T1113] bridge_slave_1: left promiscuous mode
[   85.754738][ T1113] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.765765][ T1113] bridge_slave_0: left allmulticast mode
[   85.771429][ T1113] bridge_slave_0: left promiscuous mode
[   85.777817][ T1113] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.984035][ T1113] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   85.994643][ T1113] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   86.004651][ T1113] bond0 (unregistering): Released all slaves
[   86.110119][ T1113] hsr_slave_0: left promiscuous mode
[   86.116471][ T1113] hsr_slave_1: left promiscuous mode
[   86.132982][ T1113] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   86.140429][ T1113] batman_adv: batadv0: Removing interface: batadv_slave_0
[   86.148776][ T1113] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   86.156288][ T1113] batman_adv: batadv0: Removing interface: batadv_slave_1
[   86.177624][ T1113] veth1_macvtap: left promiscuous mode
[   86.183745][ T1113] veth0_macvtap: left promiscuous mode
[   86.189478][ T1113] veth1_vlan: left promiscuous mode
[   86.195547][ T1113] veth0_vlan: left promiscuous mode
[   86.607121][ T1113] team0 (unregistering): Port device team_slave_1 removed
[   86.633524][ T1113] team0 (unregistering): Port device team_slave_0 removed
[   86.827288][   T10] cfg80211: failed to load regulatory.db
[   87.033393][ T5940] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   87.046379][ T5940] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   87.058363][ T5940] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   87.069634][ T5940] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   87.430990][ T5940] 8021q: adding VLAN 0 to HW filter on device bond0
[   87.478045][ T5940] 8021q: adding VLAN 0 to HW filter on device team0
[   87.490809][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.497986][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.515586][ T1098] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.522767][ T1098] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.559946][ T5857] Bluetooth: hci0: command tx timeout
[   87.740500][ T5940] 8021q: adding VLAN 0 to HW filter on device batadv0
[   87.779926][ T5940] veth0_vlan: entered promiscuous mode
[   87.790706][ T5940] veth1_vlan: entered promiscuous mode
[   87.819719][ T5940] veth0_macvtap: entered promiscuous mode
[   87.828421][ T5940] veth1_macvtap: entered promiscuous mode
[   87.846256][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_0
[   87.859357][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_1
[   87.872618][ T1098] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.883682][ T1113] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.893001][ T1113] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.901709][ T1113] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.956242][ T1343] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.964388][ T1343] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.996377][ T1098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.005218][ T1098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.049312][ T5989] Bluetooth: MGMT ver 1.23
[   88.055184][ T5989] FAULT_INJECTION: forcing a failure.
[   88.055184][ T5989] name failslab, interval 1, probability 0, space 0, times 1
[   88.069998][ T5989] CPU: 1 UID: 0 PID: 5989 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[   88.070019][ T5989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   88.070035][ T5989] Call Trace:
[   88.070042][ T5989]  <TASK>
[   88.070050][ T5989]  dump_stack_lvl+0x189/0x250
[   88.070085][ T5989]  ? __pfx____ratelimit+0x10/0x10
[   88.070109][ T5989]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.070131][ T5989]  ? __pfx__printk+0x10/0x10
[   88.070148][ T5989]  ? rcu_is_watching+0x15/0xb0
[   88.070176][ T5989]  ? trace_contention_end+0x39/0x120
[   88.070204][ T5989]  should_fail_ex+0x414/0x560
[   88.070234][ T5989]  should_failslab+0xa8/0x100
[   88.070254][ T5989]  kmem_cache_alloc_node_noprof+0x77/0x710
[   88.070277][ T5989]  ? __alloc_skb+0x112/0x2d0
[   88.070300][ T5989]  __alloc_skb+0x112/0x2d0
[   88.070321][ T5989]  hci_cmd_sync_alloc+0x3d/0x380
[   88.070347][ T5989]  hci_send_cmd+0x46/0x180
[   88.070374][ T5989]  set_link_security+0x588/0x710
[   88.070402][ T5989]  ? __pfx_set_link_security+0x10/0x10
[   88.070425][ T5989]  ? timer_init_key+0x81/0x2d0
[   88.070457][ T5989]  hci_mgmt_cmd+0x9c9/0xef0
[   88.070489][ T5989]  hci_sock_sendmsg+0x6ca/0xef0
[   88.070514][ T5989]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[   88.070532][ T5989]  ? aa_sock_msg_perm+0xf1/0x1d0
[   88.070557][ T5989]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   88.070573][ T5989]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[   88.070592][ T5989]  __sock_sendmsg+0x21c/0x270
[   88.070618][ T5989]  sock_write_iter+0x279/0x360
[   88.070642][ T5989]  ? __pfx_sock_write_iter+0x10/0x10
[   88.070675][ T5989]  ? bpf_lsm_file_permission+0x9/0x20
[   88.070692][ T5989]  ? security_file_permission+0x75/0x290
[   88.070721][ T5989]  vfs_write+0x5c9/0xb30
[   88.070748][ T5989]  ? __pfx_sock_write_iter+0x10/0x10
[   88.070770][ T5989]  ? __pfx_vfs_write+0x10/0x10
[   88.070803][ T5989]  ? __fget_files+0x2a/0x420
[   88.070830][ T5989]  ksys_write+0x145/0x250
[   88.070855][ T5989]  ? __pfx_ksys_write+0x10/0x10
[   88.070881][ T5989]  ? do_syscall_64+0xbe/0xfa0
[   88.070902][ T5989]  do_syscall_64+0xfa/0xfa0
[   88.070917][ T5989]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.070933][ T5989]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.070950][ T5989]  ? clear_bhb_loop+0x60/0xb0
[   88.070971][ T5989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.070987][ T5989] RIP: 0033:0x7f5543d8f6c9
[   88.071009][ T5989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.071023][ T5989] RSP: 002b:00007f5544b69038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   88.071041][ T5989] RAX: ffffffffffffffda RBX: 00007f5543fe5fa0 RCX: 00007f5543d8f6c9
[   88.071054][ T5989] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 0000000000000005
[   88.071064][ T5989] RBP: 00007f5544b69090 R08: 0000000000000000 R09: 0000000000000000
[   88.071074][ T5989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   88.071084][ T5989] R13: 00007f5543fe6038 R14: 00007f5543fe5fa0 R15: 00007ffe72e0a568
[   88.071115][ T5989]  </TASK>
[   88.071123][ T5989] Bluetooth: hci0: no memory for command
[   88.373437][ T5989] ==================================================================
[   88.381498][ T5989] BUG: KASAN: slab-use-after-free in mgmt_pending_remove+0x3b/0x210
[   88.389471][ T5989] Read of size 8 at addr ffff888077164818 by task syz.0.17/5989
[   88.397171][ T5989] 
[   88.399486][ T5989] CPU: 0 UID: 0 PID: 5989 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[   88.399501][ T5989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   88.399509][ T5989] Call Trace:
[   88.399516][ T5989]  <TASK>
[   88.399522][ T5989]  dump_stack_lvl+0x189/0x250
[   88.399540][ T5989]  ? rcu_is_watching+0x15/0xb0
[   88.399554][ T5989]  ? __kasan_check_byte+0x12/0x40
[   88.399568][ T5989]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.399583][ T5989]  ? rcu_is_watching+0x15/0xb0
[   88.399596][ T5989]  ? lock_release+0x4b/0x3e0
[   88.399610][ T5989]  ? __virt_addr_valid+0x1c8/0x5c0
[   88.399628][ T5989]  ? __virt_addr_valid+0x4a5/0x5c0
[   88.399644][ T5989]  print_report+0xca/0x240
[   88.399659][ T5989]  ? mgmt_pending_remove+0x3b/0x210
[   88.399672][ T5989]  kasan_report+0x118/0x150
[   88.399684][ T5989]  ? mgmt_pending_remove+0x3b/0x210
[   88.399700][ T5989]  mgmt_pending_remove+0x3b/0x210
[   88.399713][ T5989]  set_link_security+0x5c2/0x710
[   88.399731][ T5989]  ? __pfx_set_link_security+0x10/0x10
[   88.399747][ T5989]  ? timer_init_key+0x81/0x2d0
[   88.399766][ T5989]  hci_mgmt_cmd+0x9c9/0xef0
[   88.399784][ T5989]  hci_sock_sendmsg+0x6ca/0xef0
[   88.399799][ T5989]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[   88.399812][ T5989]  ? aa_sock_msg_perm+0xf1/0x1d0
[   88.399831][ T5989]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   88.399843][ T5989]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[   88.399856][ T5989]  __sock_sendmsg+0x21c/0x270
[   88.399875][ T5989]  sock_write_iter+0x279/0x360
[   88.399891][ T5989]  ? __pfx_sock_write_iter+0x10/0x10
[   88.399910][ T5989]  ? bpf_lsm_file_permission+0x9/0x20
[   88.399924][ T5989]  ? security_file_permission+0x75/0x290
[   88.399942][ T5989]  vfs_write+0x5c9/0xb30
[   88.399960][ T5989]  ? __pfx_sock_write_iter+0x10/0x10
[   88.399976][ T5989]  ? __pfx_vfs_write+0x10/0x10
[   88.399995][ T5989]  ? __fget_files+0x2a/0x420
[   88.400010][ T5989]  ksys_write+0x145/0x250
[   88.400026][ T5989]  ? __pfx_ksys_write+0x10/0x10
[   88.400043][ T5989]  ? do_syscall_64+0xbe/0xfa0
[   88.400057][ T5989]  do_syscall_64+0xfa/0xfa0
[   88.400068][ T5989]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.400080][ T5989]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.400093][ T5989]  ? clear_bhb_loop+0x60/0xb0
[   88.400107][ T5989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.400119][ T5989] RIP: 0033:0x7f5543d8f6c9
[   88.400132][ T5989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   88.400143][ T5989] RSP: 002b:00007f5544b69038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   88.400158][ T5989] RAX: ffffffffffffffda RBX: 00007f5543fe5fa0 RCX: 00007f5543d8f6c9
[   88.400167][ T5989] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 0000000000000005
[   88.400176][ T5989] RBP: 00007f5544b69090 R08: 0000000000000000 R09: 0000000000000000
[   88.400203][ T5989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   88.400210][ T5989] R13: 00007f5543fe6038 R14: 00007f5543fe5fa0 R15: 00007ffe72e0a568
[   88.400225][ T5989]  </TASK>
[   88.400230][ T5989] 
[   88.696283][ T5989] Allocated by task 5989:
[   88.700589][ T5989]  kasan_save_track+0x3e/0x80
[   88.705252][ T5989]  __kasan_kmalloc+0x93/0xb0
[   88.709825][ T5989]  __kmalloc_cache_noprof+0x3d5/0x6f0
[   88.715181][ T5989]  mgmt_pending_new+0x65/0x1e0
[   88.719941][ T5989]  mgmt_pending_add+0x35/0x140
[   88.724687][ T5989]  set_link_security+0x557/0x710
[   88.729607][ T5989]  hci_mgmt_cmd+0x9c9/0xef0
[   88.734178][ T5989]  hci_sock_sendmsg+0x6ca/0xef0
[   88.739006][ T5989]  __sock_sendmsg+0x21c/0x270
[   88.743665][ T5989]  sock_write_iter+0x279/0x360
[   88.748420][ T5989]  vfs_write+0x5c9/0xb30
[   88.752647][ T5989]  ksys_write+0x145/0x250
[   88.756971][ T5989]  do_syscall_64+0xfa/0xfa0
[   88.761452][ T5989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.767675][ T5989] 
[   88.769981][ T5989] Freed by task 5991:
[   88.773935][ T5989]  kasan_save_track+0x3e/0x80
[   88.778598][ T5989]  __kasan_save_free_info+0x46/0x50
[   88.783788][ T5989]  __kasan_slab_free+0x5c/0x80
[   88.788534][ T5989]  kfree+0x19a/0x6d0
[   88.792410][ T5989]  mgmt_pending_foreach+0x30d/0x380
[   88.797675][ T5989]  mgmt_index_removed+0x112/0x2f0
[   88.802677][ T5989]  hci_sock_bind+0xbe9/0x1000
[   88.807333][ T5989]  __sys_bind+0x2c6/0x3e0
[   88.811643][ T5989]  __x64_sys_bind+0x7a/0x90
[   88.816130][ T5989]  do_syscall_64+0xfa/0xfa0
[   88.820610][ T5989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.826657][ T5989] 
[   88.828962][ T5989] The buggy address belongs to the object at ffff888077164800
[   88.828962][ T5989]  which belongs to the cache kmalloc-96 of size 96
[   88.842828][ T5989] The buggy address is located 24 bytes inside of
[   88.842828][ T5989]  freed 96-byte region [ffff888077164800, ffff888077164860)
[   88.856449][ T5989] 
[   88.858774][ T5989] The buggy address belongs to the physical page:
[   88.865200][ T5989] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77164
[   88.873940][ T5989] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   88.881033][ T5989] page_type: f5(slab)
[   88.884996][ T5989] raw: 00fff00000000000 ffff88801a026280 dead000000000122 0000000000000000
[   88.893558][ T5989] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[   88.902117][ T5989] page dumped because: kasan: bad access detected
[   88.908510][ T5989] page_owner tracks the page as allocated
[   88.914198][ T5989] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1098, tgid 1098 (kworker/u8:6), ts 87994876358, free_ts 87976357652
[   88.933450][ T5989]  post_alloc_hook+0x240/0x2a0
[   88.938205][ T5989]  get_page_from_freelist+0x2365/0x2440
[   88.943730][ T5989]  __alloc_frozen_pages_noprof+0x181/0x370
[   88.949517][ T5989]  alloc_pages_mpol+0x232/0x4a0
[   88.954344][ T5989]  allocate_slab+0x96/0x350
[   88.958832][ T5989]  ___slab_alloc+0xe94/0x18a0
[   88.963487][ T5989]  __slab_alloc+0x65/0x100
[   88.968317][ T5989]  __kmalloc_cache_noprof+0x411/0x6f0
[   88.973674][ T5989]  dst_cow_metrics_generic+0x56/0x1c0
[   88.979034][ T5989]  icmp6_dst_alloc+0x264/0x420
[   88.983788][ T5989]  ndisc_send_skb+0x3f1/0x1510
[   88.988540][ T5989]  ndisc_send_ns+0xcb/0x150
[   88.993024][ T5989]  addrconf_dad_work+0xaae/0x14b0
[   88.998042][ T5989]  process_scheduled_works+0xae1/0x17b0
[   89.003659][ T5989]  worker_thread+0x8a0/0xda0
[   89.008240][ T5989]  kthread+0x711/0x8a0
[   89.012289][ T5989] page last free pid 1113 tgid 1113 stack trace:
[   89.018590][ T5989]  __free_frozen_pages+0xbc4/0xd30
[   89.023692][ T5989]  __slab_free+0x2e7/0x390
[   89.028098][ T5989]  qlist_free_all+0x97/0x140
[   89.032671][ T5989]  kasan_quarantine_reduce+0x148/0x160
[   89.038198][ T5989]  __kasan_slab_alloc+0x22/0x80
[   89.043132][ T5989]  kmem_cache_alloc_node_noprof+0x433/0x710
[   89.049010][ T5989]  __alloc_skb+0x112/0x2d0
[   89.053446][ T5989]  nl80211_send_ibss_bssid+0x8d/0x430
[   89.058798][ T5989]  __cfg80211_ibss_joined+0x34a/0x440
[   89.064159][ T5989]  cfg80211_process_wdev_events+0x38a/0x4f0
[   89.070093][ T5989]  cfg80211_process_rdev_events+0xa1/0x110
[   89.075898][ T5989]  cfg80211_event_work+0x31/0x70
[   89.080838][ T5989]  process_scheduled_works+0xae1/0x17b0
[   89.086366][ T5989]  worker_thread+0x8a0/0xda0
[   89.090946][ T5989]  kthread+0x711/0x8a0
[   89.095001][ T5989]  ret_from_fork+0x4bc/0x870
[   89.099572][ T5989] 
[   89.101874][ T5989] Memory state around the buggy address:
[   89.107482][ T5989]  ffff888077164700: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   89.115528][ T5989]  ffff888077164780: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[   89.123568][ T5989] >ffff888077164800: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[   89.131613][ T5989]                             ^
[   89.136452][ T5989]  ffff888077164880: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   89.144579][ T5989]  ffff888077164900: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[   89.152967][ T5989] ==================================================================
[   89.171555][ T5989] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   89.178784][ T5989] CPU: 1 UID: 0 PID: 5989 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) 
[   89.187899][ T5989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[   89.197965][ T5989] Call Trace:
[   89.201260][ T5989]  <TASK>
[   89.204272][ T5989]  dump_stack_lvl+0x99/0x250
[   89.208872][ T5989]  ? __asan_memcpy+0x40/0x70
[   89.213469][ T5989]  ? __pfx_dump_stack_lvl+0x10/0x10
[   89.218675][ T5989]  ? __pfx__printk+0x10/0x10
[   89.223273][ T5989]  vpanic+0x237/0x6d0
[   89.227265][ T5989]  ? __pfx_vpanic+0x10/0x10
[   89.231790][ T5989]  ? preempt_schedule+0xae/0xc0
[   89.236652][ T5989]  ? __pfx_preempt_schedule+0x10/0x10
[   89.242004][ T5989]  panic+0xb9/0xc0
[   89.245716][ T5989]  ? __pfx_panic+0x10/0x10
[   89.250107][ T5989]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   89.255977][ T5989]  ? mgmt_pending_remove+0x3b/0x210
[   89.261153][ T5989]  check_panic_on_warn+0x89/0xb0
[   89.266084][ T5989]  ? mgmt_pending_remove+0x3b/0x210
[   89.271294][ T5989]  end_report+0x78/0x160
[   89.275542][ T5989]  kasan_report+0x129/0x150
[   89.280044][ T5989]  ? mgmt_pending_remove+0x3b/0x210
[   89.285246][ T5989]  mgmt_pending_remove+0x3b/0x210
[   89.290444][ T5989]  set_link_security+0x5c2/0x710
[   89.295373][ T5989]  ? __pfx_set_link_security+0x10/0x10
[   89.300815][ T5989]  ? timer_init_key+0x81/0x2d0
[   89.305566][ T5989]  hci_mgmt_cmd+0x9c9/0xef0
[   89.310055][ T5989]  hci_sock_sendmsg+0x6ca/0xef0
[   89.314891][ T5989]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[   89.320264][ T5989]  ? aa_sock_msg_perm+0xf1/0x1d0
[   89.325194][ T5989]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   89.330464][ T5989]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[   89.335820][ T5989]  __sock_sendmsg+0x21c/0x270
[   89.340488][ T5989]  sock_write_iter+0x279/0x360
[   89.345232][ T5989]  ? __pfx_sock_write_iter+0x10/0x10
[   89.350508][ T5989]  ? bpf_lsm_file_permission+0x9/0x20
[   89.355869][ T5989]  ? security_file_permission+0x75/0x290
[   89.361485][ T5989]  vfs_write+0x5c9/0xb30
[   89.365716][ T5989]  ? __pfx_sock_write_iter+0x10/0x10
[   89.370985][ T5989]  ? __pfx_vfs_write+0x10/0x10
[   89.375736][ T5989]  ? __fget_files+0x2a/0x420
[   89.380397][ T5989]  ksys_write+0x145/0x250
[   89.384712][ T5989]  ? __pfx_ksys_write+0x10/0x10
[   89.389545][ T5989]  ? do_syscall_64+0xbe/0xfa0
[   89.394211][ T5989]  do_syscall_64+0xfa/0xfa0
[   89.398695][ T5989]  ? lockdep_hardirqs_on+0x9c/0x150
[   89.403879][ T5989]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.409927][ T5989]  ? clear_bhb_loop+0x60/0xb0
[   89.414588][ T5989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   89.420462][ T5989] RIP: 0033:0x7f5543d8f6c9
[   89.424875][ T5989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   89.444554][ T5989] RSP: 002b:00007f5544b69038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   89.452956][ T5989] RAX: ffffffffffffffda RBX: 00007f5543fe5fa0 RCX: 00007f5543d8f6c9
[   89.460910][ T5989] RDX: 0000000000000007 RSI: 0000200000000000 RDI: 0000000000000005
[   89.468864][ T5989] RBP: 00007f5544b69090 R08: 0000000000000000 R09: 0000000000000000
[   89.476823][ T5989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   89.484779][ T5989] R13: 00007f5543fe6038 R14: 00007f5543fe5fa0 R15: 00007ffe72e0a568
[   89.492741][ T5989]  </TASK>
[   89.495882][ T5989] Kernel Offset: disabled
[   89.500195][ T5989] Rebooting in 86400 seconds..