Warning: Permanently added '10.128.1.7' (ED25519) to the list of known hosts.
2025/11/01 19:35:14 parsed 1 programs
syzkaller login: [ 64.883246][ T5791] cgroup: Unknown subsys name 'net'
[ 65.043434][ T5791] cgroup: Unknown subsys name 'rlimit'
[ 66.363189][ T5791] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 68.894426][ T5816] chnl_net:caif_netlink_parms(): no params data found
[ 69.187561][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.215402][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.309544][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state
[ 69.327789][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state
[ 69.335021][ T5816] bridge_slave_0: entered allmulticast mode
[ 69.359203][ T5816] bridge_slave_0: entered promiscuous mode
[ 69.411461][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state
[ 69.429634][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state
[ 69.436837][ T5816] bridge_slave_1: entered allmulticast mode
[ 69.458807][ T5816] bridge_slave_1: entered promiscuous mode
[ 69.549876][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 69.564200][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 69.566786][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 69.604021][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 69.727704][ T5816] team0: Port device team_slave_0 added
[ 69.736842][ T5816] team0: Port device team_slave_1 added
[ 69.841976][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 69.849236][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 69.881047][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 69.897031][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 69.904054][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 69.930792][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 70.032891][ T5816] hsr_slave_0: entered promiscuous mode
[ 70.049384][ T5816] hsr_slave_1: entered promiscuous mode
[ 70.365488][ T5867] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 70.377255][ T5867] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 70.385282][ T5867] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 70.394940][ T5867] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 70.412498][ T5867] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 70.419971][ T5867] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 71.050328][ T5816] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 71.065027][ T5816] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 71.090014][ T5816] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 71.134991][ T5816] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 71.442443][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0
[ 71.472796][ T5816] 8021q: adding VLAN 0 to HW filter on device team0
[ 71.517718][ T2976] bridge0: port 1(bridge_slave_0) entered blocking state
[ 71.525116][ T2976] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 71.543147][ T2976] bridge0: port 2(bridge_slave_1) entered blocking state
[ 71.550696][ T2976] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 71.621816][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.632810][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.981837][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 72.036682][ T5816] veth0_vlan: entered promiscuous mode
[ 72.051592][ T5816] veth1_vlan: entered promiscuous mode
[ 72.110387][ T5816] veth0_macvtap: entered promiscuous mode
[ 72.126167][ T5816] veth1_macvtap: entered promiscuous mode
[ 72.146335][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 72.160371][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 72.178202][ T5816] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.187064][ T5816] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.198464][ T5816] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 72.207151][ T5816] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/11/01 19:35:23 executed programs: 0
[ 72.418122][ T5107] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 72.435870][ T5107] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 72.449564][ T5911] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 72.470093][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 72.479199][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 72.490149][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 72.499209][ T5912] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 72.506889][ T5912] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 72.508819][ T5914] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 72.515155][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 72.530128][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 72.531095][ T5914] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 72.538532][ T5912] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 72.546921][ T5914] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 72.552279][ T51] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 72.568824][ T5914] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 72.570808][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 72.583182][ T5914] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 72.629639][ T5911] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 72.648945][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 72.659046][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 72.684555][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 72.702077][ T51] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 72.709838][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 73.126672][ T5905] chnl_net:caif_netlink_parms(): no params data found
[ 73.346341][ T5905] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.353789][ T5905] bridge0: port 1(bridge_slave_0) entered disabled state
[ 73.363340][ T5905] bridge_slave_0: entered allmulticast mode
[ 73.373885][ T5905] bridge_slave_0: entered promiscuous mode
[ 73.402250][ T5906] chnl_net:caif_netlink_parms(): no params data found
[ 73.434276][ T5905] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.441536][ T5905] bridge0: port 2(bridge_slave_1) entered disabled state
[ 73.449050][ T5905] bridge_slave_1: entered allmulticast mode
[ 73.455718][ T5905] bridge_slave_1: entered promiscuous mode
[ 73.463106][ T5916] chnl_net:caif_netlink_parms(): no params data found
[ 73.547951][ T5905] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 73.572435][ T5910] chnl_net:caif_netlink_parms(): no params data found
[ 73.594756][ T5905] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 73.665973][ T5905] team0: Port device team_slave_0 added
[ 73.710547][ T5906] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.718403][ T5906] bridge0: port 1(bridge_slave_0) entered disabled state
[ 73.725555][ T5906] bridge_slave_0: entered allmulticast mode
[ 73.733507][ T5906] bridge_slave_0: entered promiscuous mode
[ 73.742089][ T5905] team0: Port device team_slave_1 added
[ 73.800109][ T5916] bridge0: port 1(bridge_slave_0) entered blocking state
[ 73.807224][ T5916] bridge0: port 1(bridge_slave_0) entered disabled state
[ 73.814724][ T5916] bridge_slave_0: entered allmulticast mode
[ 73.822819][ T5916] bridge_slave_0: entered promiscuous mode
[ 73.832333][ T5916] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.839754][ T5916] bridge0: port 2(bridge_slave_1) entered disabled state
[ 73.846903][ T5916] bridge_slave_1: entered allmulticast mode
[ 73.853816][ T5916] bridge_slave_1: entered promiscuous mode
[ 73.872933][ T5906] bridge0: port 2(bridge_slave_1) entered blocking state
[ 73.880259][ T5906] bridge0: port 2(bridge_slave_1) entered disabled state
[ 73.887420][ T5906] bridge_slave_1: entered allmulticast mode
[ 73.894201][ T5906] bridge_slave_1: entered promiscuous mode
[ 73.901351][ T5905] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 73.908376][ T5905] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 73.937211][ T5905] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 73.950005][ T5905] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 73.956970][ T5905] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 73.983146][ T5905] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 74.033253][ T5916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 74.078124][ T5910] bridge0: port 1(bridge_slave_0) entered blocking state
[ 74.085252][ T5910] bridge0: port 1(bridge_slave_0) entered disabled state
[ 74.094727][ T5910] bridge_slave_0: entered allmulticast mode
[ 74.101844][ T5910] bridge_slave_0: entered promiscuous mode
[ 74.110588][ T5910] bridge0: port 2(bridge_slave_1) entered blocking state
[ 74.117809][ T5910] bridge0: port 2(bridge_slave_1) entered disabled state
[ 74.124955][ T5910] bridge_slave_1: entered allmulticast mode
[ 74.133114][ T5910] bridge_slave_1: entered promiscuous mode
[ 74.142082][ T5916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 74.166125][ T5906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 74.189764][ T5905] hsr_slave_0: entered promiscuous mode
[ 74.196239][ T5905] hsr_slave_1: entered promiscuous mode
[ 74.202506][ T5905] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 74.211484][ T5905] Cannot create hsr debugfs directory
[ 74.270929][ T5906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 74.329601][ T5916] team0: Port device team_slave_0 added
[ 74.337996][ T5910] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 74.353699][ T5916] team0: Port device team_slave_1 added
[ 74.364776][ T5906] team0: Port device team_slave_0 added
[ 74.379714][ T5910] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 74.424204][ T5906] team0: Port device team_slave_1 added
[ 74.471400][ T2969] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 74.486821][ T5916] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 74.493946][ T5916] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.523216][ T5916] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 74.547089][ T5906] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 74.554211][ T5906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.580625][ T5906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 74.596850][ T5906] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 74.603911][ T5906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.629894][ T5906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 74.644135][ T5910] team0: Port device team_slave_0 added
[ 74.654189][ T51] Bluetooth: hci1: command tx timeout
[ 74.655403][ T5910] team0: Port device team_slave_1 added
[ 74.660432][ T5911] Bluetooth: hci0: command tx timeout
[ 74.677264][ T5914] Bluetooth: hci2: command tx timeout
[ 74.687268][ T5916] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 74.694674][ T5916] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.721257][ T5916] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 74.731935][ T5914] Bluetooth: hci3: command tx timeout
[ 74.763295][ T5910] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 74.770519][ T5910] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.796715][ T5910] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 74.835425][ T5910] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 74.842523][ T5910] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 74.868618][ T5910] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 74.901375][ T5916] hsr_slave_0: entered promiscuous mode
[ 74.908186][ T5916] hsr_slave_1: entered promiscuous mode
[ 74.915249][ T5916] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 74.923754][ T5916] Cannot create hsr debugfs directory
[ 75.031651][ T5910] hsr_slave_0: entered promiscuous mode
[ 75.038222][ T5910] hsr_slave_1: entered promiscuous mode
[ 75.044735][ T5910] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 75.052624][ T5910] Cannot create hsr debugfs directory
[ 75.072191][ T5906] hsr_slave_0: entered promiscuous mode
[ 75.079311][ T5906] hsr_slave_1: entered promiscuous mode
[ 75.085388][ T5906] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 75.093340][ T5906] Cannot create hsr debugfs directory
[ 75.162306][ T5905] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 75.173592][ T5905] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 75.215312][ T5905] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 75.226785][ T5905] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 75.439707][ T5905] 8021q: adding VLAN 0 to HW filter on device bond0
[ 75.457245][ T5905] 8021q: adding VLAN 0 to HW filter on device team0
[ 75.470647][ T2936] bridge0: port 1(bridge_slave_0) entered blocking state
[ 75.477851][ T2936] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 75.493756][ T2976] bridge0: port 2(bridge_slave_1) entered blocking state
[ 75.500913][ T2976] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 75.661214][ T5905] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 75.697161][ T5905] veth0_vlan: entered promiscuous mode
[ 75.707144][ T5905] veth1_vlan: entered promiscuous mode
[ 75.734765][ T5905] veth0_macvtap: entered promiscuous mode
[ 75.744006][ T5905] veth1_macvtap: entered promiscuous mode
[ 75.760378][ T5905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 75.771434][ T5905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 75.783966][ T5905] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 75.796452][ T5905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 75.807212][ T5905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 75.818963][ T5905] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 75.833056][ T5905] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.841926][ T5905] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.850817][ T5905] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.859929][ T5905] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 75.920891][ T130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.930278][ T130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 75.959937][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 75.968622][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 76.032019][ T5914] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[ 76.042202][ T5914] CPU: 0 PID: 5914 Comm: kworker/u5:5 Not tainted syzkaller #0
[ 76.049760][ T5914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 76.059818][ T5914] Workqueue: hci0 hci_rx_work
[ 76.064519][ T5914] Call Trace:
[ 76.067787][ T5914]
[ 76.070703][ T5914] dump_stack_lvl+0x16c/0x230
[ 76.075403][ T5914] ? show_regs_print_info+0x20/0x20
[ 76.080586][ T5914] ? load_image+0x3b0/0x3b0
[ 76.085096][ T5914] sysfs_create_dir_ns+0x256/0x280
[ 76.090196][ T5914] ? hci_rx_work+0x43a/0xd80
[ 76.094860][ T5914] ? sysfs_warn_dup+0xa0/0xa0
[ 76.099540][ T5914] ? do_raw_spin_unlock+0x121/0x230
[ 76.104762][ T5914] kobject_add_internal+0x6b8/0xc70
[ 76.109967][ T5914] kobject_add+0x156/0x220
[ 76.114371][ T5914] ? __rwlock_init+0x150/0x150
[ 76.119128][ T5914] ? kobject_init+0x1e0/0x1e0
[ 76.123785][ T5914] ? _raw_spin_unlock+0x28/0x40
[ 76.128643][ T5914] ? get_device_parent+0x366/0x390
[ 76.133749][ T5914] device_add+0x408/0xc20
[ 76.138067][ T5914] hci_conn_add_sysfs+0xd5/0x1e0
[ 76.142995][ T5914] le_conn_complete_evt+0xf36/0x1500
[ 76.148280][ T5914] ? hci_event_packet+0x4a7/0x1210
[ 76.153409][ T5914] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0
[ 76.159658][ T5914] ? __copy_skb_header+0xa7/0x550
[ 76.164687][ T5914] ? __mutex_unlock_slowpath+0x1a2/0x6a0
[ 76.170316][ T5914] ? skb_pull_data+0xfb/0x200
[ 76.174988][ T5914] hci_le_conn_complete_evt+0x187/0x440
[ 76.180535][ T5914] ? hci_remote_host_features_evt+0x160/0x160
[ 76.186590][ T5914] hci_event_packet+0x795/0x1210
[ 76.191521][ T5914] ? bis_list+0x290/0x290
[ 76.195838][ T5914] ? lockdep_hardirqs_on+0x98/0x150
[ 76.201026][ T5914] ? hci_send_to_monitor+0xd7/0x4f0
[ 76.206221][ T5914] hci_rx_work+0x43a/0xd80
[ 76.210640][ T5914] ? process_scheduled_works+0x957/0x15b0
[ 76.216351][ T5914] process_scheduled_works+0xa45/0x15b0
[ 76.221911][ T5914] ? assign_work+0x400/0x400
[ 76.226493][ T5914] ? assign_work+0x39e/0x400
[ 76.231085][ T5914] worker_thread+0xa55/0xfc0
[ 76.235689][ T5914] kthread+0x2fa/0x390
[ 76.239754][ T5914] ? pr_cont_work+0x560/0x560
[ 76.244420][ T5914] ? kthread_blkcg+0xd0/0xd0
[ 76.248996][ T5914] ret_from_fork+0x48/0x80
[ 76.253403][ T5914] ? kthread_blkcg+0xd0/0xd0
[ 76.257986][ T5914] ret_from_fork_asm+0x11/0x20
[ 76.262747][ T5914]
[ 76.270284][ T5914] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 76.284453][ T5914] Bluetooth: hci0: failed to register connection device
[ 76.319591][ T5914] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 76.727903][ T5911] Bluetooth: hci2: command tx timeout
[ 76.728404][ T5914] Bluetooth: hci0: command tx timeout
[ 76.733394][ T51] Bluetooth: hci1: command tx timeout
[ 76.807703][ T5914] Bluetooth: hci3: command tx timeout
[ 76.905751][ T2969] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 76.993669][ T2969] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 77.057064][ T2969] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 77.259291][ T5914] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
2025/11/01 19:35:28 executed programs: 11
[ 78.111354][ T5911] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 78.204071][ T2969] hsr_slave_0: left promiscuous mode
[ 78.212600][ T2969] hsr_slave_1: left promiscuous mode
[ 78.222096][ T2969] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 78.229898][ T2969] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 78.240837][ T2969] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 78.248755][ T2969] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 78.256993][ T2969] bridge_slave_1: left allmulticast mode
[ 78.263292][ T2969] bridge_slave_1: left promiscuous mode
[ 78.269941][ T2969] bridge0: port 2(bridge_slave_1) entered disabled state
[ 78.281940][ T2969] bridge_slave_0: left allmulticast mode
[ 78.288551][ T2969] bridge_slave_0: left promiscuous mode
[ 78.294283][ T2969] bridge0: port 1(bridge_slave_0) entered disabled state
[ 78.318607][ T2969] veth1_macvtap: left promiscuous mode
[ 78.324355][ T2969] veth0_macvtap: left promiscuous mode
[ 78.331345][ T2969] veth1_vlan: left promiscuous mode
[ 78.336833][ T2969] veth0_vlan: left promiscuous mode
[ 78.691712][ T2969] team0 (unregistering): Port device team_slave_1 removed
[ 78.725240][ T2969] team0 (unregistering): Port device team_slave_0 removed
[ 78.759868][ T2969] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 78.793299][ T2969] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 78.809773][ T51] Bluetooth: hci1: command tx timeout
[ 78.810843][ T5911] Bluetooth: hci0: command tx timeout
[ 78.815939][ T5914] Bluetooth: hci2: command tx timeout
[ 78.887655][ T5914] Bluetooth: hci3: command tx timeout
[ 78.963506][ T5914] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 79.127384][ T2969] bond0 (unregistering): Released all slaves
[ 79.212708][ T5916] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 79.225733][ T5916] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 79.234999][ T5916] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 79.248479][ T5916] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 79.329846][ T5910] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 79.340982][ T5910] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 79.364214][ T5910] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 79.378507][ T5910] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 79.506891][ T5906] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 79.540284][ T5906] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 79.551106][ T5906] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 79.570759][ T5906] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 79.687067][ T5916] 8021q: adding VLAN 0 to HW filter on device bond0
[ 79.766626][ T5916] 8021q: adding VLAN 0 to HW filter on device team0
[ 79.831026][ T2976] bridge0: port 1(bridge_slave_0) entered blocking state
[ 79.838213][ T2976] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 79.851744][ T5911] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 79.852640][ T2976] bridge0: port 2(bridge_slave_1) entered blocking state
[ 79.867658][ T2976] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 79.886920][ T5910] 8021q: adding VLAN 0 to HW filter on device bond0
[ 79.936857][ T5910] 8021q: adding VLAN 0 to HW filter on device team0
[ 79.967061][ T2936] bridge0: port 1(bridge_slave_0) entered blocking state
[ 79.974220][ T2936] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 79.993625][ T5916] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 80.014860][ T59] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.021976][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 80.101410][ T5906] 8021q: adding VLAN 0 to HW filter on device bond0
[ 80.145600][ T5906] 8021q: adding VLAN 0 to HW filter on device team0
[ 80.170621][ T59] bridge0: port 1(bridge_slave_0) entered blocking state
[ 80.177844][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 80.209233][ T59] bridge0: port 2(bridge_slave_1) entered blocking state
[ 80.216389][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 80.312694][ T5916] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 80.436849][ T5916] veth0_vlan: entered promiscuous mode
[ 80.449490][ T5910] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 80.465437][ T5916] veth1_vlan: entered promiscuous mode
[ 80.541382][ T5916] veth0_macvtap: entered promiscuous mode
[ 80.565072][ T5916] veth1_macvtap: entered promiscuous mode
[ 80.586593][ T5910] veth0_vlan: entered promiscuous mode
[ 80.602631][ T5910] veth1_vlan: entered promiscuous mode
[ 80.623455][ T5916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 80.634474][ T5916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 80.648969][ T5916] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 80.669762][ T5916] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 80.680853][ T5916] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 80.692275][ T5916] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 80.721461][ T5916] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.731193][ T5916] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.743127][ T5916] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.753349][ T5916] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 80.763035][ T5914] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 80.780803][ T5906] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 80.793630][ T5910] veth0_macvtap: entered promiscuous mode
[ 80.833276][ T5910] veth1_macvtap: entered promiscuous mode
[ 80.884051][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 80.890002][ T5914] Bluetooth: hci2: command tx timeout
[ 80.897371][ T5107] Bluetooth: hci0: command tx timeout
[ 80.902704][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 80.905524][ T5910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 80.923363][ T51] Bluetooth: hci1: command tx timeout
[ 80.927031][ T5910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 80.940359][ T5910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 80.950982][ T5910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 80.962089][ T5910] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 80.969604][ T51] Bluetooth: hci3: command tx timeout
[ 81.002928][ T5906] veth0_vlan: entered promiscuous mode
[ 81.009808][ T5910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 81.020925][ T5910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 81.031041][ T5910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 81.041885][ T5910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 81.054299][ T5910] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 81.076025][ T5910] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.085080][ T5910] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.094016][ T5910] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.103989][ T5910] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.118128][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 81.131192][ T5906] veth1_vlan: entered promiscuous mode
[ 81.134878][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 81.247034][ T51] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[ 81.251642][ T5906] veth0_macvtap: entered promiscuous mode
[ 81.263535][ T51] CPU: 1 PID: 51 Comm: kworker/u5:0 Not tainted syzkaller #0
[ 81.270934][ T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 81.281008][ T51] Workqueue: hci3 hci_rx_work
[ 81.283193][ T5906] veth1_macvtap: entered promiscuous mode
[ 81.285686][ T51] Call Trace:
[ 81.294712][ T51]
[ 81.297664][ T51] dump_stack_lvl+0x16c/0x230
[ 81.302357][ T51] ? show_regs_print_info+0x20/0x20
[ 81.307559][ T51] ? load_image+0x3b0/0x3b0
[ 81.312058][ T51] sysfs_create_dir_ns+0x256/0x280
[ 81.317162][ T51] ? hci_rx_work+0x43a/0xd80
[ 81.321743][ T51] ? sysfs_warn_dup+0xa0/0xa0
[ 81.326414][ T51] ? do_raw_spin_unlock+0x121/0x230
[ 81.331635][ T51] kobject_add_internal+0x6b8/0xc70
[ 81.336829][ T51] kobject_add+0x156/0x220
[ 81.341232][ T51] ? __rwlock_init+0x150/0x150
[ 81.345987][ T51] ? kobject_init+0x1e0/0x1e0
[ 81.350655][ T51] ? _raw_spin_unlock+0x28/0x40
[ 81.355507][ T51] ? get_device_parent+0x366/0x390
[ 81.360615][ T51] device_add+0x408/0xc20
[ 81.364942][ T51] hci_conn_add_sysfs+0xd5/0x1e0
[ 81.369875][ T51] le_conn_complete_evt+0xf36/0x1500
[ 81.375157][ T51] ? hci_event_packet+0x4a7/0x1210
[ 81.380264][ T51] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0
[ 81.386494][ T51] ? __copy_skb_header+0xa7/0x550
[ 81.391513][ T51] ? __mutex_unlock_slowpath+0x1a2/0x6a0
[ 81.397137][ T51] ? skb_pull_data+0xfb/0x200
[ 81.401811][ T51] hci_le_conn_complete_evt+0x187/0x440
[ 81.407351][ T51] ? hci_remote_host_features_evt+0x160/0x160
[ 81.413406][ T51] hci_event_packet+0x795/0x1210
[ 81.418341][ T51] ? bis_list+0x290/0x290
[ 81.422661][ T51] ? lockdep_hardirqs_on+0x98/0x150
[ 81.427852][ T51] ? hci_send_to_monitor+0xd7/0x4f0
[ 81.433047][ T51] hci_rx_work+0x43a/0xd80
[ 81.437467][ T51] ? process_scheduled_works+0x957/0x15b0
[ 81.443180][ T51] process_scheduled_works+0xa45/0x15b0
[ 81.448738][ T51] ? assign_work+0x400/0x400
[ 81.453418][ T51] ? assign_work+0x39e/0x400
[ 81.458087][ T51] worker_thread+0xa55/0xfc0
[ 81.462683][ T51] kthread+0x2fa/0x390
[ 81.466760][ T51] ? pr_cont_work+0x560/0x560
[ 81.471463][ T51] ? kthread_blkcg+0xd0/0xd0
[ 81.476039][ T51] ret_from_fork+0x48/0x80
[ 81.480446][ T51] ? kthread_blkcg+0xd0/0xd0
[ 81.485022][ T51] ret_from_fork_asm+0x11/0x20
[ 81.489787][ T51]
[ 81.498469][ T51] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 81.513070][ T51] Bluetooth: hci3: failed to register connection device
[ 81.606558][ T5906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 81.621246][ T51] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[ 81.636903][ T5906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 81.648904][ T5914] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 81.657917][ T5906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 81.668414][ T5906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 81.678625][ T5906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 81.690014][ T5906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 81.702245][ T5906] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 81.712727][ T2936] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 81.725837][ T2936] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 81.744172][ T5906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 81.754763][ T5906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 81.766200][ T5906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 81.777405][ T5906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 81.787309][ T5906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 81.798052][ T5906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 81.809552][ T5906] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 81.833949][ T2936] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 81.835880][ T5906] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.851721][ T5906] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.857615][ T8] cfg80211: failed to load regulatory.db
[ 81.861284][ T5906] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.870456][ T2936] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 81.877903][ T5906] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 81.995426][ T5914] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[ 82.005819][ T5914] CPU: 1 PID: 5914 Comm: kworker/u5:5 Not tainted syzkaller #0
[ 82.013398][ T5914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 82.023467][ T5914] Workqueue: hci2 hci_rx_work
[ 82.028173][ T5914] Call Trace:
[ 82.031477][ T5914]
[ 82.034433][ T5914] dump_stack_lvl+0x16c/0x230
[ 82.038733][ T2976] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 82.039113][ T5914] ? show_regs_print_info+0x20/0x20
[ 82.039159][ T5914] ? load_image+0x3b0/0x3b0
[ 82.039188][ T5914] sysfs_create_dir_ns+0x256/0x280
[ 82.039211][ T5914] ? hci_rx_work+0x43a/0xd80
[ 82.039233][ T5914] ? sysfs_warn_dup+0xa0/0xa0
[ 82.039257][ T5914] ? do_raw_spin_unlock+0x121/0x230
[ 82.039281][ T5914] kobject_add_internal+0x6b8/0xc70
[ 82.039306][ T5914] kobject_add+0x156/0x220
[ 82.039322][ T5914] ? __rwlock_init+0x150/0x150
[ 82.039345][ T5914] ? kobject_init+0x1e0/0x1e0
[ 82.039362][ T5914] ? _raw_spin_unlock+0x28/0x40
[ 82.039384][ T5914] ? get_device_parent+0x366/0x390
[ 82.039410][ T5914] device_add+0x408/0xc20
[ 82.056894][ T5914] hci_conn_add_sysfs+0xd5/0x1e0
[ 82.074483][ T2976] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 82.076480][ T5914] le_conn_complete_evt+0xf36/0x1500
[ 82.127279][ T5914] ? hci_event_packet+0x4a7/0x1210
[ 82.130596][ T2936] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 82.132392][ T5914] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0
[ 82.143331][ T2936] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 82.146400][ T5914] ? __copy_skb_header+0xa7/0x550
[ 82.146432][ T5914] ? __mutex_unlock_slowpath+0x1a2/0x6a0
[ 82.164375][ T5914] ? skb_pull_data+0xfb/0x200
[ 82.169067][ T5914] hci_le_conn_complete_evt+0x187/0x440
[ 82.174636][ T5914] ? hci_remote_host_features_evt+0x160/0x160
[ 82.180725][ T5914] hci_event_packet+0x795/0x1210
[ 82.185688][ T5914] ? bis_list+0x290/0x290
[ 82.190039][ T5914] ? lockdep_hardirqs_on+0x98/0x150
[ 82.195240][ T5914] ? hci_send_to_monitor+0xd7/0x4f0
[ 82.200434][ T5914] hci_rx_work+0x43a/0xd80
[ 82.204843][ T5914] ? process_scheduled_works+0x957/0x15b0
[ 82.210564][ T5914] process_scheduled_works+0xa45/0x15b0
[ 82.216111][ T5914] ? assign_work+0x400/0x400
[ 82.220700][ T5914] ? assign_work+0x39e/0x400
[ 82.225292][ T5914] worker_thread+0xa55/0xfc0
[ 82.229880][ T5914] kthread+0x2fa/0x390
[ 82.233931][ T5914] ? pr_cont_work+0x560/0x560
[ 82.238602][ T5914] ? kthread_blkcg+0xd0/0xd0
[ 82.243199][ T5914] ret_from_fork+0x48/0x80
[ 82.247619][ T5914] ? kthread_blkcg+0xd0/0xd0
[ 82.252223][ T5914] ret_from_fork_asm+0x11/0x20
[ 82.257020][ T5914]
[ 82.272699][ T5914] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 82.288889][ T5914] Bluetooth: hci2: failed to register connection device
[ 82.347107][ T51] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[ 82.371160][ T5914] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[ 82.381664][ T5914] CPU: 1 PID: 5914 Comm: kworker/u5:5 Not tainted syzkaller #0
[ 82.389238][ T5914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 82.399286][ T5914] Workqueue: hci1 hci_rx_work
[ 82.403972][ T5914] Call Trace:
[ 82.407336][ T5914]
[ 82.410260][ T5914] dump_stack_lvl+0x16c/0x230
[ 82.414935][ T5914] ? show_regs_print_info+0x20/0x20
[ 82.420126][ T5914] ? load_image+0x3b0/0x3b0
[ 82.424625][ T5914] sysfs_create_dir_ns+0x256/0x280
[ 82.429748][ T5914] ? sysfs_warn_dup+0xa0/0xa0
[ 82.434423][ T5914] ? do_raw_spin_unlock+0x121/0x230
[ 82.439618][ T5914] kobject_add_internal+0x6b8/0xc70
[ 82.444812][ T5914] kobject_add+0x156/0x220
[ 82.449229][ T5914] ? kobject_init+0x1e0/0x1e0
[ 82.453904][ T5914] ? _raw_spin_unlock+0x3a/0x40
[ 82.458746][ T5914] ? get_device_parent+0x366/0x390
[ 82.463857][ T5914] device_add+0x408/0xc20
[ 82.468187][ T5914] hci_conn_add_sysfs+0xd5/0x1e0
[ 82.473121][ T5914] le_conn_complete_evt+0xf36/0x1500
[ 82.478398][ T5914] ? hci_event_packet+0x4a7/0x1210
[ 82.483592][ T5914] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0
[ 82.489827][ T5914] ? __copy_skb_header+0xa7/0x550
[ 82.494845][ T5914] ? __mutex_unlock_slowpath+0x1a2/0x6a0
[ 82.500469][ T5914] ? skb_pull_data+0xfb/0x200
[ 82.505141][ T5914] hci_le_conn_complete_evt+0x187/0x440
[ 82.510678][ T5914] ? hci_remote_host_features_evt+0x160/0x160
[ 82.516737][ T5914] hci_event_packet+0x795/0x1210
[ 82.521677][ T5914] ? bis_list+0x290/0x290
[ 82.526028][ T5914] ? lockdep_hardirqs_on+0x98/0x150
[ 82.531218][ T5914] ? hci_send_to_monitor+0xd7/0x4f0
[ 82.536410][ T5914] hci_rx_work+0x43a/0xd80
[ 82.540829][ T5914] ? process_scheduled_works+0x957/0x15b0
[ 82.546539][ T5914] process_scheduled_works+0xa45/0x15b0
[ 82.552092][ T5914] ? assign_work+0x400/0x400
[ 82.556674][ T5914] ? assign_work+0x39e/0x400
[ 82.561255][ T5914] worker_thread+0xa55/0xfc0
[ 82.565851][ T5914] kthread+0x2fa/0x390
[ 82.569902][ T5914] ? pr_cont_work+0x560/0x560
[ 82.574573][ T5914] ? kthread_blkcg+0xd0/0xd0
[ 82.579149][ T5914] ret_from_fork+0x48/0x80
[ 82.583560][ T5914] ? kthread_blkcg+0xd0/0xd0
[ 82.588141][ T5914] ret_from_fork_asm+0x11/0x20
[ 82.592903][ T5914]
[ 82.603664][ T5914] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 82.618122][ T5914] Bluetooth: hci1: failed to register connection device
[ 82.633709][ T5914] ==================================================================
[ 82.641810][ T5914] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x6df/0x1030
[ 82.649802][ T5914] Read of size 8 at addr ffff88801c6bc480 by task kworker/u5:5/5914
[ 82.657788][ T5914]
[ 82.660113][ T5914] CPU: 1 PID: 5914 Comm: kworker/u5:5 Not tainted syzkaller #0
[ 82.667665][ T5914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 82.677727][ T5914] Workqueue: hci1 hci_rx_work
[ 82.682424][ T5914] Call Trace:
[ 82.685722][ T5914]
[ 82.688670][ T5914] dump_stack_lvl+0x16c/0x230
[ 82.693361][ T5914] ? __lock_acquire+0x7c80/0x7c80
[ 82.698399][ T5914] ? show_regs_print_info+0x20/0x20
[ 82.703613][ T5914] ? load_image+0x3b0/0x3b0
[ 82.708130][ T5914] ? __virt_addr_valid+0x469/0x540
[ 82.713255][ T5914] print_report+0xac/0x220
[ 82.717683][ T5914] ? l2cap_connect_cfm+0x6df/0x1030
[ 82.722890][ T5914] kasan_report+0x117/0x150
[ 82.727405][ T5914] ? l2cap_connect_cfm+0x6df/0x1030
[ 82.732616][ T5914] l2cap_connect_cfm+0x6df/0x1030
[ 82.737659][ T5914] ? l2cap_ertm_resend+0xff0/0xff0
[ 82.742787][ T5914] ? l2cap_ertm_resend+0xff0/0xff0
[ 82.747905][ T5914] hci_connect_cfm+0x8f/0x130
[ 82.752586][ T5914] le_conn_complete_evt+0xfb5/0x1500
[ 82.757884][ T5914] ? hci_event_packet+0x4a7/0x1210
[ 82.762998][ T5914] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0
[ 82.769248][ T5914] ? __copy_skb_header+0xa7/0x550
[ 82.774291][ T5914] ? __mutex_unlock_slowpath+0x1a2/0x6a0
[ 82.775121][ T5911] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[ 82.779931][ T5914] ? skb_pull_data+0xfb/0x200
[ 82.779954][ T5914] hci_le_conn_complete_evt+0x187/0x440
[ 82.779975][ T5914] ? hci_remote_host_features_evt+0x160/0x160
[ 82.779990][ T5914] hci_event_packet+0x795/0x1210
[ 82.780007][ T5914] ? bis_list+0x290/0x290
[ 82.780020][ T5914] ? lockdep_hardirqs_on+0x98/0x150
[ 82.780035][ T5914] ? hci_send_to_monitor+0xd7/0x4f0
[ 82.780056][ T5914] hci_rx_work+0x43a/0xd80
[ 82.780078][ T5914] ? process_scheduled_works+0x957/0x15b0
[ 82.780095][ T5914] process_scheduled_works+0xa45/0x15b0
[ 82.780123][ T5914] ? assign_work+0x400/0x400
[ 82.780139][ T5914] ? assign_work+0x39e/0x400
[ 82.780154][ T5914] worker_thread+0xa55/0xfc0
[ 82.780176][ T5914] kthread+0x2fa/0x390
[ 82.780188][ T5914] ? pr_cont_work+0x560/0x560
[ 82.780203][ T5914] ? kthread_blkcg+0xd0/0xd0
[ 82.780216][ T5914] ret_from_fork+0x48/0x80
[ 82.780232][ T5914] ? kthread_blkcg+0xd0/0xd0
[ 82.780245][ T5914] ret_from_fork_asm+0x11/0x20
[ 82.780268][ T5914]
[ 82.883913][ T5914]
[ 82.886233][ T5914] Allocated by task 5914:
[ 82.890545][ T5914] kasan_set_track+0x4e/0x70
[ 82.895121][ T5914] __kasan_kmalloc+0x8f/0xa0
[ 82.899692][ T5914] l2cap_chan_create+0x50/0x760
[ 82.904530][ T5914] l2cap_sock_new_connection_cb+0x182/0x2b0
[ 82.910406][ T5914] l2cap_connect_cfm+0x375/0x1030
[ 82.915422][ T5914] hci_connect_cfm+0x8f/0x130
[ 82.920084][ T5914] le_conn_complete_evt+0xfb5/0x1500
[ 82.925355][ T5914] hci_le_conn_complete_evt+0x187/0x440
[ 82.930884][ T5914] hci_event_packet+0x795/0x1210
[ 82.935803][ T5914] hci_rx_work+0x43a/0xd80
[ 82.940202][ T5914] process_scheduled_works+0xa45/0x15b0
[ 82.945840][ T5914] worker_thread+0xa55/0xfc0
[ 82.950410][ T5914] kthread+0x2fa/0x390
[ 82.954495][ T5914] ret_from_fork+0x48/0x80
[ 82.958899][ T5914] ret_from_fork_asm+0x11/0x20
[ 82.963646][ T5914]
[ 82.965952][ T5914] Freed by task 6040:
[ 82.969917][ T5914] kasan_set_track+0x4e/0x70
[ 82.974493][ T5914] kasan_save_free_info+0x2e/0x50
[ 82.979499][ T5914] ____kasan_slab_free+0x126/0x1e0
[ 82.984592][ T5914] slab_free_freelist_hook+0x130/0x1b0
[ 82.990035][ T5914] __kmem_cache_free+0xba/0x1f0
[ 82.994869][ T5914] l2cap_sock_cleanup_listen+0xea/0x3e0
[ 83.000405][ T5914] l2cap_sock_release+0x6a/0x1e0
[ 83.005329][ T5914] sock_close+0xbd/0x230
[ 83.009556][ T5914] __fput+0x234/0x970
[ 83.013521][ T5914] task_work_run+0x1ce/0x250
[ 83.018099][ T5914] exit_to_user_mode_loop+0xe6/0x110
[ 83.023367][ T5914] exit_to_user_mode_prepare+0xf6/0x180
[ 83.028895][ T5914] syscall_exit_to_user_mode+0x1a/0x50
[ 83.034331][ T5914] do_syscall_64+0x61/0xb0
[ 83.038730][ T5914] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 83.044609][ T5914]
[ 83.046911][ T5914] The buggy address belongs to the object at ffff88801c6bc000
[ 83.046911][ T5914] which belongs to the cache kmalloc-2k of size 2048
[ 83.060945][ T5914] The buggy address is located 1152 bytes inside of
[ 83.060945][ T5914] freed 2048-byte region [ffff88801c6bc000, ffff88801c6bc800)
[ 83.074902][ T5914]
[ 83.077218][ T5914] The buggy address belongs to the physical page:
[ 83.083616][ T5914] page:ffffea000071ae00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c6b8
[ 83.093753][ T5914] head:ffffea000071ae00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 83.102664][ T5914] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 83.111061][ T5914] page_type: 0xffffffff()
[ 83.115374][ T5914] raw: 00fff00000000840 ffff888017842000 0000000000000000 0000000000000001
[ 83.123942][ T5914] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[ 83.132500][ T5914] page dumped because: kasan: bad access detected
[ 83.138898][ T5914] page_owner tracks the page as allocated
[ 83.144589][ T5914] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 2969, tgid 2969 (kworker/u4:9), ts 71102737145, free_ts 71028703403
[ 83.167493][ T5914] post_alloc_hook+0x1cd/0x210
[ 83.172261][ T5914] get_page_from_freelist+0x195c/0x19f0
[ 83.177794][ T5914] __alloc_pages+0x1e3/0x460
[ 83.182369][ T5914] alloc_slab_page+0x5d/0x170
[ 83.187031][ T5914] new_slab+0x87/0x2e0
[ 83.191088][ T5914] ___slab_alloc+0xc6d/0x1300
[ 83.195748][ T5914] __kmem_cache_alloc_node+0x1a2/0x260
[ 83.201191][ T5914] __kmalloc_node_track_caller+0xa2/0x230
[ 83.206897][ T5914] kmalloc_reserve+0x117/0x260
[ 83.211648][ T5914] __alloc_skb+0x138/0x2c0
[ 83.216048][ T5914] rtmsg_ifinfo_build_skb+0x8c/0x260
[ 83.221319][ T5914] unregister_netdevice_many_notify+0xfd9/0x1810
[ 83.227631][ T5914] ip_tunnel_delete_nets+0x31c/0x360
[ 83.232898][ T5914] cleanup_net+0x77f/0xb90
[ 83.237298][ T5914] process_scheduled_works+0xa45/0x15b0
[ 83.242829][ T5914] worker_thread+0xa55/0xfc0
[ 83.247403][ T5914] page last free stack trace:
[ 83.252072][ T5914] free_unref_page_prepare+0x7ce/0x8e0
[ 83.257532][ T5914] free_unref_page+0x32/0x2e0
[ 83.262209][ T5914] __slab_free+0x35e/0x410
[ 83.266615][ T5914] qlist_free_all+0x75/0xe0
[ 83.271107][ T5914] kasan_quarantine_reduce+0x143/0x160
[ 83.276550][ T5914] __kasan_slab_alloc+0x22/0x80
[ 83.281381][ T5914] slab_post_alloc_hook+0x6e/0x4d0
[ 83.286480][ T5914] kmem_cache_alloc_node+0x150/0x330
[ 83.291749][ T5914] __alloc_skb+0x108/0x2c0
[ 83.296155][ T5914] mpls_netconf_notify_devconf+0x46/0xf0
[ 83.301764][ T5914] mpls_dev_notify+0x533/0x7a0
[ 83.306527][ T5914] notifier_call_chain+0x197/0x390
[ 83.311635][ T5914] unregister_netdevice_many_notify+0xf36/0x1810
[ 83.317948][ T5914] ip_tunnel_delete_nets+0x31c/0x360
[ 83.323226][ T5914] cleanup_net+0x77f/0xb90
[ 83.327651][ T5914] process_scheduled_works+0xa45/0x15b0
[ 83.333215][ T5914]
[ 83.335524][ T5914] Memory state around the buggy address:
[ 83.341158][ T5914] ffff88801c6bc380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 83.349307][ T5914] ffff88801c6bc400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 83.357356][ T5914] >ffff88801c6bc480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 83.365418][ T5914] ^
[ 83.369489][ T5914] ffff88801c6bc500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 83.377546][ T5914] ffff88801c6bc580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 83.385639][ T5914] ==================================================================
[ 83.396691][ T51] Bluetooth: hci0: command 0x0406 tx timeout
[ 83.412852][ T5914] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 83.420084][ T5914] CPU: 1 PID: 5914 Comm: kworker/u5:5 Not tainted syzkaller #0
[ 83.427648][ T5914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 83.437709][ T5914] Workqueue: hci1 hci_rx_work
[ 83.442408][ T5914] Call Trace:
[ 83.445693][ T5914]
[ 83.448639][ T5914] dump_stack_lvl+0x16c/0x230
[ 83.453333][ T5914] ? show_regs_print_info+0x20/0x20
[ 83.458544][ T5914] ? load_image+0x3b0/0x3b0
2025/11/01 19:35:34 executed programs: 24
[ 83.462898][ T51] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[ 83.471719][ T5914] panic+0x2c0/0x710
[ 83.475641][ T5914] ? bpf_jit_dump+0xd0/0xd0
[ 83.480157][ T5914] ? _raw_spin_unlock_irqrestore+0xfa/0x110
[ 83.486060][ T5914] ? _raw_spin_unlock+0x40/0x40
[ 83.490935][ T5914] ? print_memory_metadata+0x314/0x400
[ 83.496419][ T5914] ? l2cap_connect_cfm+0x6df/0x1030
[ 83.501640][ T5914] check_panic_on_warn+0x84/0xa0
[ 83.506609][ T5914] ? l2cap_connect_cfm+0x6df/0x1030
[ 83.511818][ T5914] end_report+0x6f/0x140
[ 83.516064][ T5914] kasan_report+0x128/0x150
[ 83.520564][ T5914] ? l2cap_connect_cfm+0x6df/0x1030
[ 83.525755][ T5914] l2cap_connect_cfm+0x6df/0x1030
[ 83.530781][ T5914] ? l2cap_ertm_resend+0xff0/0xff0
[ 83.535889][ T5914] ? l2cap_ertm_resend+0xff0/0xff0
[ 83.541003][ T5914] hci_connect_cfm+0x8f/0x130
[ 83.545672][ T5914] le_conn_complete_evt+0xfb5/0x1500
[ 83.550947][ T5914] ? hci_event_packet+0x4a7/0x1210
[ 83.556045][ T5914] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0
[ 83.562270][ T5914] ? __copy_skb_header+0xa7/0x550
[ 83.567281][ T5914] ? __mutex_unlock_slowpath+0x1a2/0x6a0
[ 83.572986][ T5914] ? skb_pull_data+0xfb/0x200
[ 83.577649][ T5914] hci_le_conn_complete_evt+0x187/0x440
[ 83.583190][ T5914] ? hci_remote_host_features_evt+0x160/0x160
[ 83.589237][ T5914] hci_event_packet+0x795/0x1210
[ 83.594162][ T5914] ? bis_list+0x290/0x290
[ 83.598471][ T5914] ? lockdep_hardirqs_on+0x98/0x150
[ 83.603652][ T5914] ? hci_send_to_monitor+0xd7/0x4f0
[ 83.608850][ T5914] hci_rx_work+0x43a/0xd80
[ 83.613259][ T5914] ? process_scheduled_works+0x957/0x15b0
[ 83.618962][ T5914] process_scheduled_works+0xa45/0x15b0
[ 83.624504][ T5914] ? assign_work+0x400/0x400
[ 83.629093][ T5914] ? assign_work+0x39e/0x400
[ 83.633688][ T5914] worker_thread+0xa55/0xfc0
[ 83.638281][ T5914] kthread+0x2fa/0x390
[ 83.642333][ T5914] ? pr_cont_work+0x560/0x560
[ 83.646999][ T5914] ? kthread_blkcg+0xd0/0xd0
[ 83.651571][ T5914] ret_from_fork+0x48/0x80
[ 83.655981][ T5914] ? kthread_blkcg+0xd0/0xd0
[ 83.660589][ T5914] ret_from_fork_asm+0x11/0x20
[ 83.665340][ T5914]
[ 83.668608][ T5914] Kernel Offset: disabled
[ 83.673002][ T5914] Rebooting in 86400 seconds..