Warning: Permanently added '10.128.10.15' (ED25519) to the list of known hosts. Setting up swapspace version 1, size = 127995904 bytes [ 35.284838][ T6436] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 35.297035][ T6442] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 35.299870][ T6442] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 35.302285][ T6442] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 35.305060][ T6442] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 35.307393][ T6442] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 35.309422][ T6442] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 35.371158][ T6441] chnl_net:caif_netlink_parms(): no params data found [ 35.401454][ T6441] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.403314][ T6441] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.405623][ T6441] bridge_slave_0: entered allmulticast mode [ 35.407678][ T6441] bridge_slave_0: entered promiscuous mode [ 35.410802][ T6441] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.412577][ T6441] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.414631][ T6441] bridge_slave_1: entered allmulticast mode [ 35.416590][ T6441] bridge_slave_1: entered promiscuous mode [ 35.428288][ T6441] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 35.431838][ T6441] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 35.444945][ T6441] team0: Port device team_slave_0 added [ 35.447652][ T6441] team0: Port device team_slave_1 added [ 35.458255][ T6441] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.459966][ T6441] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.466589][ T6441] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.470562][ T6441] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.472263][ T6441] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.478842][ T6441] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.495325][ T6441] hsr_slave_0: entered promiscuous mode [ 35.497190][ T6441] hsr_slave_1: entered promiscuous mode [ 35.553541][ T6441] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 35.557450][ T6441] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 35.560459][ T6441] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 35.563711][ T6441] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 35.579143][ T6441] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.580872][ T6441] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.582932][ T6441] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.584715][ T6441] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.607743][ T6441] 8021q: adding VLAN 0 to HW filter on device bond0 [ 35.617308][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.620098][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.629416][ T6441] 8021q: adding VLAN 0 to HW filter on device team0 [ 35.635113][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.636946][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.641274][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.643112][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.668677][ T6441] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 35.687902][ T6441] veth0_vlan: entered promiscuous mode [ 35.691807][ T6441] veth1_vlan: entered promiscuous mode [ 35.704072][ T6441] veth0_macvtap: entered promiscuous mode [ 35.710050][ T6441] veth1_macvtap: entered promiscuous mode [ 35.718541][ T6441] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 35.723839][ T6441] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 35.728343][ T6441] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.730533][ T6441] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.732735][ T6441] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 35.734963][ T6441] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 35.786248][ T6442] BUG: sleeping function called from invalid context at net/core/sock.c:3664 [ 35.788546][ T6442] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6442, name: kworker/u9:2 [ 35.790738][ T6442] preempt_count: 1, expected: 0 [ 35.791926][ T6442] RCU nest depth: 0, expected: 0 [ 35.793119][ T6442] 5 locks held by kworker/u9:2/6442: [ 35.794627][ T6442] #0: ffff0000c68e3148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x674/0x1638 [ 35.797201][ T6442] #1: ffff8000a3c27ba0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x708/0x1638 executing program [ 35.800053][ T6442] #2: ffff0000c6ea8078 (&hdev->lock){+.+.}-{4:4}, at: hci_sync_conn_complete_evt+0xe4/0x90c [ 35.802459][ T6442] #3: ffff0000d5f72a20 (&conn->lock#3){+.+.}-{3:3}, at: sco_connect_cfm+0x24c/0x8f4 [ 35.804929][ T6442] #4: ffff0000c8648258 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x3d8/0x8f4 [ 35.807670][ T6442] Preemption disabled at: [ 35.807682][ T6442] [] sco_connect_cfm+0x24c/0x8f4 executing program [ 35.810299][ T6442] CPU: 1 UID: 0 PID: 6442 Comm: kworker/u9:2 Not tainted 6.14.0-rc5-syzkaller-g77c95b8c7a16 #0 [ 35.810313][ T6442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 35.810321][ T6442] Workqueue: hci0 hci_rx_work [ 35.810337][ T6442] Call trace: [ 35.810340][ T6442] show_stack+0x2c/0x3c (C) [ 35.810357][ T6442] dump_stack_lvl+0xe4/0x150 [ 35.810370][ T6442] dump_stack+0x1c/0x28 [ 35.810383][ T6442] __might_resched+0x374/0x4d0 [ 35.810395][ T6442] __might_sleep+0x90/0xe4 [ 35.810405][ T6442] lock_sock_nested+0x6c/0x11c [ 35.810417][ T6442] sco_connect_cfm+0x3d8/0x8f4 executing program [ 35.810430][ T6442] hci_sync_conn_complete_evt+0x4cc/0x90c [ 35.810442][ T6442] hci_event_packet+0x8d0/0x1060 [ 35.810452][ T6442] hci_rx_work+0x31c/0xb04 [ 35.810464][ T6442] process_one_work+0x810/0x1638 [ 35.810476][ T6442] worker_thread+0x97c/0xeec [ 35.810488][ T6442] kthread+0x65c/0x7b0 [ 35.810498][ T6442] ret_from_fork+0x10/0x20 [ 35.810512][ T6442] ================================================================== [ 35.835234][ T6442] BUG: KASAN: slab-use-after-free in __lock_acquire+0x10c/0x7904 [ 35.837064][ T6442] Read of size 8 at addr ffff0000c86481d8 by task kworker/u9:2/6442 executing program [ 35.839113][ T6442] [ 35.839695][ T6442] CPU: 1 UID: 0 PID: 6442 Comm: kworker/u9:2 Tainted: G W 6.14.0-rc5-syzkaller-g77c95b8c7a16 #0 [ 35.839716][ T6442] Tainted: [W]=WARN [ 35.839720][ T6442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 35.839733][ T6442] Workqueue: hci0 hci_rx_work [ 35.839749][ T6442] Call trace: [ 35.839753][ T6442] show_stack+0x2c/0x3c (C) [ 35.839770][ T6442] dump_stack_lvl+0xe4/0x150 [ 35.839784][ T6442] print_report+0x198/0x550 [ 35.839797][ T6442] kasan_report+0xd8/0x138 [ 35.839808][ T6442] __asan_report_load8_noabort+0x20/0x2c [ 35.839822][ T6442] __lock_acquire+0x10c/0x7904 [ 35.839833][ T6442] lock_acquire+0x23c/0x724 [ 35.839844][ T6442] _raw_spin_lock_bh+0x48/0x60 executing program [ 35.839855][ T6442] lock_sock_nested+0x74/0x11c [ 35.839867][ T6442] sco_connect_cfm+0x3d8/0x8f4 [ 35.839882][ T6442] hci_sync_conn_complete_evt+0x4cc/0x90c [ 35.839893][ T6442] hci_event_packet+0x8d0/0x1060 [ 35.839904][ T6442] hci_rx_work+0x31c/0xb04 [ 35.839916][ T6442] process_one_work+0x810/0x1638 [ 35.839928][ T6442] worker_thread+0x97c/0xeec [ 35.839940][ T6442] kthread+0x65c/0x7b0 [ 35.839951][ T6442] ret_from_fork+0x10/0x20 [ 35.839962][ T6442] [ 35.868001][ T6442] Allocated by task 6453: executing program [ 35.869001][ T6442] kasan_save_track+0x40/0x78 [ 35.870215][ T6442] kasan_save_alloc_info+0x40/0x50 [ 35.871384][ T6442] __kasan_kmalloc+0xac/0xc4 [ 35.872419][ T6442] __kmalloc_noprof+0x32c/0x54c [ 35.873575][ T6442] sk_prot_alloc+0xc4/0x1f0 [ 35.874664][ T6442] sk_alloc+0x44/0x3fc [ 35.875653][ T6442] bt_sock_alloc+0x4c/0x304 [ 35.876756][ T6442] sco_sock_create+0xbc/0x31c [ 35.877894][ T6442] bt_sock_create+0x14c/0x248 [ 35.879084][ T6442] __sock_create+0x448/0x908 [ 35.880297][ T6442] __sys_socket+0x134/0x340 [ 35.881314][ T6442] __arm64_sys_socket+0x7c/0x94 [ 35.882517][ T6442] invoke_syscall+0x98/0x2b8 [ 35.883687][ T6442] el0_svc_common+0x130/0x23c executing program [ 35.884884][ T6442] do_el0_svc+0x48/0x58 [ 35.885814][ T6442] el0_svc+0x54/0x168 [ 35.886765][ T6442] el0t_64_sync_handler+0x84/0x108 [ 35.887927][ T6442] el0t_64_sync+0x198/0x19c [ 35.888949][ T6442] [ 35.889427][ T6442] Freed by task 6453: [ 35.890340][ T6442] kasan_save_track+0x40/0x78 [ 35.891414][ T6442] kasan_save_free_info+0x54/0x6c [ 35.892584][ T6442] __kasan_slab_free+0x64/0x8c [ 35.893629][ T6442] kfree+0x180/0x478 [ 35.894560][ T6442] __sk_destruct+0x4b8/0x758 [ 35.895665][ T6442] __sk_free+0x388/0x4f4 [ 35.896782][ T6442] sk_free+0x60/0xc8 [ 35.897782][ T6442] sco_sock_kill+0xfc/0x1b4 executing program [ 35.898826][ T6442] sco_sock_release+0x1fc/0x2c0 [ 35.900103][ T6442] sock_close+0xa4/0x1e8 [ 35.901125][ T6442] __fput+0x340/0x760 [ 35.902164][ T6442] __fput_sync+0xc8/0x118 [ 35.903210][ T6442] __arm64_sys_close+0x80/0xd8 [ 35.904407][ T6442] invoke_syscall+0x98/0x2b8 [ 35.905523][ T6442] el0_svc_common+0x130/0x23c [ 35.906679][ T6442] do_el0_svc+0x48/0x58 [ 35.907757][ T6442] el0_svc+0x54/0x168 [ 35.908825][ T6442] el0t_64_sync_handler+0x84/0x108 [ 35.910197][ T6442] el0t_64_sync+0x198/0x19c [ 35.911354][ T6442] [ 35.911951][ T6442] The buggy address belongs to the object at ffff0000c8648000 [ 35.911951][ T6442] which belongs to the cache kmalloc-2k of size 2048 [ 35.915461][ T6442] The buggy address is located 472 bytes inside of executing program [ 35.915461][ T6442] freed 2048-byte region [ffff0000c8648000, ffff0000c8648800) [ 35.918880][ T6442] [ 35.919437][ T6442] The buggy address belongs to the physical page: [ 35.921050][ T6442] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108648 [ 35.923195][ T6442] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 executing program [ 35.925270][ T6442] flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) [ 35.927335][ T6442] page_type: f5(slab) [ 35.928391][ T6442] raw: 05ffc00000000040 ffff0000c0002000 dead000000000122 0000000000000000 [ 35.930582][ T6442] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 executing program [ 35.932786][ T6442] head: 05ffc00000000040 ffff0000c0002000 dead000000000122 0000000000000000 [ 35.934838][ T6442] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 35.937038][ T6442] head: 05ffc00000000003 fffffdffc3219201 ffffffffffffffff 0000000000000000 [ 35.939128][ T6442] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 35.941327][ T6442] page dumped because: kasan: bad access detected [ 35.943029][ T6442] [ 35.943652][ T6442] Memory state around the buggy address: [ 35.944997][ T6442] ffff0000c8648080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.946840][ T6442] ffff0000c8648100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.948683][ T6442] >ffff0000c8648180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.950602][ T6442] ^ [ 35.952179][ T6442] ffff0000c8648200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.953971][ T6442] ffff0000c8648280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.955921][ T6442] ================================================================== executing program [ 35.957823][ T6442] Disabling lock debugging due to kernel taint [ 35.959502][ T6442] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 35.961883][ T6442] Mem abort info: [ 35.962787][ T6442] ESR = 0x0000000096000004 [ 35.963781][ T6442] EC = 0x25: DABT (current EL), IL = 32 bits [ 35.965322][ T6442] SET = 0, FnV = 0 [ 35.966281][ T6442] EA = 0, S1PTW = 0 [ 35.967249][ T6442] FSC = 0x04: level 0 translation fault [ 35.968555][ T6442] Data abort info: [ 35.969453][ T6442] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 executing program [ 35.970958][ T6442] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 35.972371][ T6442] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 35.973783][ T6442] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000117fb4000 [ 35.975654][ T6442] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 [ 35.977405][ T6442] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 35.979013][ T6442] Modules linked in: [ 35.979916][ T6442] CPU: 1 UID: 0 PID: 6442 Comm: kworker/u9:2 Tainted: G B W 6.14.0-rc5-syzkaller-g77c95b8c7a16 #0 [ 35.982631][ T6442] Tainted: [B]=BAD_PAGE, [W]=WARN executing program [ 35.983820][ T6442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 35.986207][ T6442] Workqueue: hci0 hci_rx_work [ 35.987313][ T6442] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 35.989141][ T6442] pc : __pi_memcpy_generic+0x24/0x22c [ 35.990540][ T6442] lr : __asan_memcpy+0x68/0x84 [ 35.991638][ T6442] sp : ffff8000a3c27600 [ 35.992667][ T6442] x29: ffff8000a3c27600 x28: 1ffff00014784ed4 x27: dfff800000000000 [ 35.994597][ T6442] x26: 1fffe000190c90ad x25: ffff0000c86493c4 x24: ffff0000c8648568 executing program [ 35.996668][ T6442] x23: ffff0000c8649000 x22: ffff800082e7f710 x21: ffff0000d07e5cc0 [ 35.998600][ T6442] x20: 0000000000000000 x19: 0000000000000020 x18: ffff800080017b48 [ 36.000589][ T6442] x17: ffff800080380858 x16: ffff80008b72ce6c x15: 0000000000000004 [ 36.002557][ T6442] x14: 1fffe0001a0fcb98 x13: 0000000000000000 x12: 0000000000000000 [ 36.004608][ T6442] x11: ffff60001a0fcb9c x10: 1fffe0001a0fcb9b x9 : dfff800000000000 [ 36.006543][ T6442] x8 : 0000000000000001 x7 : 0000000000000000 x6 : ffff80008a8b0d3c [ 36.008483][ T6442] x5 : ffff0000d07e5ce0 x4 : 0000000000000020 x3 : ffff800082e7f710 executing program [ 36.010457][ T6442] x2 : 0000000000000020 x1 : 0000000000000000 x0 : ffff0000d07e5cc0 [ 36.012307][ T6442] Call trace: [ 36.013094][ T6442] __pi_memcpy_generic+0x24/0x22c (P) [ 36.014441][ T6442] smack_sk_clone_security+0x7c/0x90 [ 36.015743][ T6442] security_sk_clone+0x90/0x194 executing program [ 36.016928][ T6442] sco_connect_cfm+0x56c/0x8f4 [ 36.018081][ T6442] hci_sync_conn_complete_evt+0x4cc/0x90c [ 36.019446][ T6442] hci_event_packet+0x8d0/0x1060 [ 36.020627][ T6442] hci_rx_work+0x31c/0xb04 executing program [ 36.021713][ T6442] process_one_work+0x810/0x1638 [ 36.022906][ T6442] worker_thread+0x97c/0xeec [ 36.024036][ T6442] kthread+0x65c/0x7b0 [ 36.024986][ T6442] ret_from_fork+0x10/0x20 [ 36.026092][ T6442] Code: f100805f 540003c8 f100405f 540000c3 (a9401c26) [ 36.027829][ T6442] ---[ end trace 0000000000000000 ]--- executing program executing program [ 36.342677][ T6442] Kernel panic - not syncing: Oops: Fatal exception [ 36.344430][ T6442] SMP: stopping secondary CPUs [ 36.345660][ T6442] Kernel Offset: disabled [ 36.346720][ T6442] CPU features: 0x200,00002070,00800250,82017203 [ 36.348241][ T6442] Memory Limit: none [ 36.658199][ T6442] Rebooting in 86400 seconds..