Warning: Permanently added '10.128.0.14' (ED25519) to the list of known hosts.
1970/01/01 00:00:31 parsed 1 programs
[   32.510303][ T4324] cgroup: Unknown subsys name 'net'
[   32.763723][ T4324] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   33.065143][ T4324] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SSFS
[   38.992157][ T4353] chnl_net:caif_netlink_parms(): no params data found
[   39.009611][ T4353] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.010867][ T4353] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.013331][ T4353] device bridge_slave_0 entered promiscuous mode
[   39.017125][ T4353] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.018235][ T4353] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.019668][ T4353] device bridge_slave_1 entered promiscuous mode
[   39.027047][ T4353] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   39.029346][ T4353] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   39.036158][ T4353] team0: Port device team_slave_0 added
[   39.037755][ T4353] team0: Port device team_slave_1 added
[   39.044415][ T4353] batman_adv: batadv0: Adding interface: batadv_slave_0
[   39.045439][ T4353] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.049142][ T4353] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   39.052978][ T4353] batman_adv: batadv0: Adding interface: batadv_slave_1
[   39.053988][ T4353] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   39.057654][ T4353] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   39.112586][ T4353] device hsr_slave_0 entered promiscuous mode
[   39.161195][ T4353] device hsr_slave_1 entered promiscuous mode
[   39.235506][ T4353] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   39.283733][ T4353] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   39.323961][ T4353] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   39.373226][ T4353] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   39.421574][ T4353] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.422650][ T4353] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.423940][ T4353] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.425023][ T4353] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.442015][ T4353] 8021q: adding VLAN 0 to HW filter on device bond0
[   39.445918][  T249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   39.448348][  T249] bridge0: port 1(bridge_slave_0) entered disabled state
[   39.450045][  T249] bridge0: port 2(bridge_slave_1) entered disabled state
[   39.482363][ T4353] 8021q: adding VLAN 0 to HW filter on device team0
[   39.486669][ T1074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   39.488246][ T1074] bridge0: port 1(bridge_slave_0) entered blocking state
[   39.489290][ T1074] bridge0: port 1(bridge_slave_0) entered forwarding state
[   39.493303][ T1074] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   39.495061][ T1074] bridge0: port 2(bridge_slave_1) entered blocking state
[   39.496204][ T1074] bridge0: port 2(bridge_slave_1) entered forwarding state
[   39.502091][  T249] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   39.503983][  T249] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   39.509020][ T1074] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   39.510711][ T1074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   39.513834][ T1074] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   39.516410][ T4353] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   39.569129][  T249] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   39.570350][  T249] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   39.574969][ T4353] 8021q: adding VLAN 0 to HW filter on device batadv0
[   39.580504][  T249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   39.589172][  T249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   39.592941][  T249] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   39.594398][  T249] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   39.597207][ T4353] device veth0_vlan entered promiscuous mode
[   39.600065][ T4353] device veth1_vlan entered promiscuous mode
[   39.606316][  T249] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   39.607939][  T249] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   39.609363][  T249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   39.615000][ T4353] device veth0_macvtap entered promiscuous mode
[   39.617677][ T4353] device veth1_macvtap entered promiscuous mode
[   39.627942][ T4353] batman_adv: batadv0: Interface activated: batadv_slave_0
[   39.629216][  T249] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   39.632076][  T249] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   39.634964][ T4353] batman_adv: batadv0: Interface activated: batadv_slave_1
[   39.636207][  T249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   39.638619][ T4353] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   39.639949][ T4353] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   39.642635][ T4353] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   39.644035][ T4353] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   39.742380][ T4380] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   39.743844][ T4380] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   39.745060][ T4380] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   39.746724][ T4380] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   39.748082][ T4380] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   39.749509][ T4380] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   40.753561][   T39] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   40.845699][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   40.846944][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   40.848119][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   40.856127][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   40.857344][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   40.859043][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
1970/01/01 00:00:41 executed programs: 0
[   41.093431][ T4380] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   41.095269][ T4380] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   41.096569][ T4380] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   41.098015][ T4380] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   41.099239][ T4380] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   41.100655][ T4380] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   41.152398][ T4425] chnl_net:caif_netlink_parms(): no params data found
[   41.167561][ T4425] bridge0: port 1(bridge_slave_0) entered blocking state
[   41.168703][ T4425] bridge0: port 1(bridge_slave_0) entered disabled state
[   41.170280][ T4425] device bridge_slave_0 entered promiscuous mode
[   41.172737][ T4425] bridge0: port 2(bridge_slave_1) entered blocking state
[   41.173821][ T4425] bridge0: port 2(bridge_slave_1) entered disabled state
[   41.175223][ T4425] device bridge_slave_1 entered promiscuous mode
[   41.183735][ T4425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   41.186158][ T4425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   41.194015][ T4425] team0: Port device team_slave_0 added
[   41.195950][ T4425] team0: Port device team_slave_1 added
[   41.202888][ T4425] batman_adv: batadv0: Adding interface: batadv_slave_0
[   41.203938][ T4425] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   41.207877][ T4425] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   41.210790][ T4425] batman_adv: batadv0: Adding interface: batadv_slave_1
[   41.212054][ T4425] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   41.215808][ T4425] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   41.282092][ T4425] device hsr_slave_0 entered promiscuous mode
[   41.321342][ T4425] device hsr_slave_1 entered promiscuous mode
[   41.361161][ T4425] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   41.362341][ T4425] Cannot create hsr debugfs directory
[   42.982255][   T39] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   43.131380][ T4380] Bluetooth: hci0: command 0x0409 tx timeout
[   45.211166][ T4380] Bluetooth: hci0: command 0x041b tx timeout
[   45.352664][   T39] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   45.432979][   T39] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   46.462181][ T4425] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   46.512182][ T4425] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   46.592840][ T4425] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   46.632259][ T4425] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   46.743800][ T4425] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.747041][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   46.748594][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   46.752017][ T4425] 8021q: adding VLAN 0 to HW filter on device team0
[   46.784166][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   46.785729][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   46.787519][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.788545][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.790164][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   46.793186][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   46.794754][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   46.796130][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.797178][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.799369][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   46.802218][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   46.804727][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   46.806701][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   46.808340][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   46.811662][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   46.813228][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   46.815992][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   46.817442][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   46.819900][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   46.822566][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   46.874078][ T4425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   46.965333][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   46.966625][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   46.970385][ T4425] 8021q: adding VLAN 0 to HW filter on device batadv0
[   46.975854][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   46.977495][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   46.983114][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   46.984591][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   46.986207][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   46.987617][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   46.989614][ T4425] device veth0_vlan entered promiscuous mode
[   46.992884][ T4425] device veth1_vlan entered promiscuous mode
[   46.999505][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   47.000914][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   47.002695][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   47.004064][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   47.073806][ T4425] device veth0_macvtap entered promiscuous mode
[   47.076098][ T4425] device veth1_macvtap entered promiscuous mode
[   47.081789][ T4425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   47.083370][ T4425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   47.085247][ T4425] batman_adv: batadv0: Interface activated: batadv_slave_0
[   47.086289][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   47.087779][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   47.089111][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   47.090516][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   47.093241][ T4425] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   47.094870][ T4425] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   47.096697][ T4425] batman_adv: batadv0: Interface activated: batadv_slave_1
[   47.098307][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   47.099813][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   47.103132][ T4425] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   47.104524][ T4425] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   47.105867][ T4425] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   47.107157][ T4425] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   47.125625][ T4423] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.126968][ T4423] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.130740][ T4423] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   47.185359][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   47.186656][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.188321][ T4423] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   47.224235][   T39] device hsr_slave_0 left promiscuous mode
[   47.244665][ T4380] BUG: sleeping function called from invalid context at net/core/sock.c:3498
[   47.246016][ T4380] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 4380, name: kworker/u5:1
[   47.247295][ T4380] preempt_count: 1, expected: 0
[   47.247978][ T4380] RCU nest depth: 0, expected: 0
[   47.248731][ T4380] 6 locks held by kworker/u5:1/4380:
[   47.249535][ T4380]  #0: ffff0000c30dc938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x6b4/0x13a8
[   47.251132][ T4380]  #1: ffff800021137c20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6f8/0x13a8
[   47.252850][ T4380]  #2: ffff0000efe2c078 (&hdev->lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0x98/0x90c
[   47.254354][ T4380]  #3: ffff8000178102a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_sync_conn_complete_evt+0x3f8/0x90c
[   47.255943][ T4380]  #4: ffff0000d4c03620 (&conn->lock#2){+.+.}-{2:2}, at: sco_connect_cfm+0x25c/0x8fc
[   47.257291][ T4380]  #5: ffff0000dc49e130 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x3cc/0x8fc
[   47.258854][ T4380] Preemption disabled at:
[   47.258871][ T4380] [<ffff800010bfaf10>] sco_connect_cfm+0x25c/0x8fc
[   47.260333][ T4380] CPU: 1 PID: 4380 Comm: kworker/u5:1 Not tainted syzkaller #0
[   47.261312][ T4380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
[   47.262749][ T4380] Workqueue: hci0 hci_rx_work
[   47.263445][ T4380] Call trace:
[   47.263905][ T4380]  dump_backtrace+0x1c8/0x1f4
[   47.264600][ T4380]  show_stack+0x2c/0x3c
[   47.265202][ T4380]  __dump_stack+0x30/0x40
[   47.265883][ T4380]  dump_stack_lvl+0xf8/0x160
[   47.266559][ T4380]  dump_stack+0x1c/0x5c
[   47.267171][ T4380]  __might_resched+0x350/0x4cc
[   47.267894][ T4380]  __might_sleep+0x94/0x110
[   47.268579][ T4380]  lock_sock_nested+0x80/0x130
[   47.269282][ T4380]  sco_connect_cfm+0x3cc/0x8fc
[   47.269952][ T4380]  hci_sync_conn_complete_evt+0x460/0x90c
[   47.270751][ T4380]  hci_event_packet+0x6f4/0xf08
[   47.271447][ T4380]  hci_rx_work+0x324/0xaa0
[   47.272072][ T4380]  process_one_work+0x7f4/0x13a8
[   47.272795][ T4380]  worker_thread+0x8c8/0xfbc
[   47.273520][ T4380]  kthread+0x250/0x2d8
[   47.274109][ T4380]  ret_from_fork+0x10/0x20
[   47.274951][ T4380] ==================================================================
[   47.276078][ T4380] BUG: KASAN: use-after-free in __lock_acquire+0xf0/0x6544
[   47.277068][ T4380] Read of size 8 at addr ffff0000dc49e0b0 by task kworker/u5:1/4380
[   47.278139][ T4380] 
[   47.278467][ T4380] CPU: 1 PID: 4380 Comm: kworker/u5:1 Tainted: G        W          syzkaller #0
[   47.279734][ T4380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
[   47.281080][ T4380] Workqueue: hci0 hci_rx_work
[   47.281805][ T4380] Call trace:
[   47.282304][ T4380]  dump_backtrace+0x1c8/0x1f4
[   47.282955][ T4380]  show_stack+0x2c/0x3c
[   47.283568][ T4380]  __dump_stack+0x30/0x40
[   47.284218][ T4380]  dump_stack_lvl+0xf8/0x160
[   47.284859][ T4380]  print_address_description+0x88/0x218
[   47.285720][ T4380]  print_report+0x50/0x68
[   47.286338][ T4380]  kasan_report+0xa8/0x100
[   47.286974][ T4380]  __asan_report_load8_noabort+0x2c/0x38
[   47.287832][ T4380]  __lock_acquire+0xf0/0x6544
[   47.288515][ T4380]  lock_acquire+0x20c/0x644
[   47.289206][ T4380]  _raw_spin_lock_bh+0x54/0x6c
[   47.289889][ T4380]  lock_sock_nested+0x88/0x130
[   47.290554][ T4380]  sco_connect_cfm+0x3cc/0x8fc
[   47.291243][ T4380]  hci_sync_conn_complete_evt+0x460/0x90c
[   47.292098][ T4380]  hci_event_packet+0x6f4/0xf08
[   47.292859][ T4380]  hci_rx_work+0x324/0xaa0
[   47.293519][ T4380]  process_one_work+0x7f4/0x13a8
[   47.294225][ T4380]  worker_thread+0x8c8/0xfbc
[   47.294923][ T4380]  kthread+0x250/0x2d8
[   47.295520][ T4380]  ret_from_fork+0x10/0x20
[   47.296169][ T4380] 
[   47.296514][ T4380] Allocated by task 4526:
[   47.297161][ T4380]  kasan_set_track+0x4c/0x80
[   47.297805][ T4380]  kasan_save_alloc_info+0x28/0x34
[   47.298547][ T4380]  __kasan_kmalloc+0xa0/0xb8
[   47.299251][ T4380]  __kmalloc+0xec/0x178
[   47.299859][ T4380]  sk_prot_alloc+0xc4/0x1f0
[   47.300515][ T4380]  sk_alloc+0x44/0x390
[   47.301113][ T4380]  bt_sock_alloc+0x4c/0x140
[   47.301793][ T4380]  sco_sock_create+0xbc/0x338
[   47.302473][ T4380]  bt_sock_create+0x14c/0x24c
[   47.303144][ T4380]  __sock_create+0x4b0/0x8b4
[   47.303829][ T4380]  __sys_socket+0xc0/0x1ac
[   47.304504][ T4380]  __arm64_sys_socket+0x7c/0x94
[   47.305261][ T4380]  invoke_syscall+0x98/0x2bc
[   47.305940][ T4380]  el0_svc_common+0x138/0x258
[   47.306545][ T4380]  do_el0_svc+0x58/0x13c
[   47.307232][ T4380]  el0_svc+0x58/0x138
[   47.307878][ T4380]  el0t_64_sync_handler+0x84/0xf0
[   47.308718][ T4380]  el0t_64_sync+0x18c/0x190
[   47.309426][ T4380] 
[   47.309770][ T4380] Freed by task 4526:
[   47.310342][ T4380]  kasan_set_track+0x4c/0x80
[   47.311014][ T4380]  kasan_save_free_info+0x3c/0x60
[   47.311731][ T4380]  ____kasan_slab_free+0x148/0x1b0
[   47.312499][ T4380]  __kasan_slab_free+0x18/0x28
[   47.313158][ T4380]  slab_free_freelist_hook+0x16c/0x1ec
[   47.313949][ T4380]  __kmem_cache_free+0xc0/0x224
[   47.314618][ T4380]  kfree+0xd0/0x1ac
[   47.315186][ T4380]  __sk_destruct+0x4dc/0x780
[   47.315825][ T4380]  __sk_free+0x320/0x430
[   47.316472][ T4380]  sk_free+0x60/0xc8
[   47.317051][ T4380]  sco_sock_kill+0x170/0x22c
[   47.317710][ T4380]  sco_sock_release+0x1f8/0x2c4
[   47.318435][ T4380]  sock_close+0xb4/0x1f8
[   47.319028][ T4380]  __fput+0x1bc/0x7c0
[   47.319586][ T4380]  ____fput+0x20/0x30
[   47.320159][ T4380]  task_work_run+0x1ec/0x270
[   47.320814][ T4380]  do_notify_resume+0x2038/0x2b28
[   47.321525][ T4380]  el0_svc+0x98/0x138
[   47.322098][ T4380]  el0t_64_sync_handler+0x84/0xf0
[   47.322814][ T4380]  el0t_64_sync+0x18c/0x190
[   47.323497][ T4380] 
[   47.323844][ T4380] The buggy address belongs to the object at ffff0000dc49e000
[   47.323844][ T4380]  which belongs to the cache kmalloc-2k of size 2048
[   47.325900][ T4380] The buggy address is located 176 bytes inside of
[   47.325900][ T4380]  2048-byte region [ffff0000dc49e000, ffff0000dc49e800)
[   47.327723][ T4380] 
[   47.328064][ T4380] The buggy address belongs to the physical page:
[   47.328982][ T4380] page:000000004b96dbe5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c498
[   47.330414][ T4380] head:000000004b96dbe5 order:3 compound_mapcount:0 compound_pincount:0
[   47.331604][ T4380] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   47.332816][ T4380] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002900
[   47.334044][ T4380] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000
[   47.335239][ T4380] page dumped because: kasan: bad access detected
[   47.336146][ T4380] 
[   47.336471][ T4380] Memory state around the buggy address:
[   47.337267][ T4380]  ffff0000dc49df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   47.338415][ T4380]  ffff0000dc49e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   47.339595][ T4380] >ffff0000dc49e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   47.340653][ T4380]                                      ^
[   47.341460][ T4380]  ffff0000dc49e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   47.342533][ T4380]  ffff0000dc49e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   47.343627][ T4380] ==================================================================
[   47.344731][ T4380] Disabling lock debugging due to kernel taint
[   47.345649][ T4380] Unable to handle kernel paging request at virtual address dfff800000000000
[   47.346860][ T4380] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[   47.348084][ T4380] Mem abort info:
[   47.348641][ T4380]   ESR = 0x0000000096000006
[   47.349340][ T4380]   EC = 0x25: DABT (current EL), IL = 32 bits
[   47.350261][ T4380]   SET = 0, FnV = 0
[   47.350826][ T4380]   EA = 0, S1PTW = 0
[   47.351448][ T4380]   FSC = 0x06: level 2 translation fault
[   47.352278][ T4380] Data abort info:
[   47.352880][ T4380]   ISV = 0, ISS = 0x00000006
[   47.353505][ T4380]   CM = 0, WnR = 0
[   47.354081][ T4380] [dfff800000000000] address between user and kernel address ranges
[   47.355242][ T4380] Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
[   47.356343][ T4380] Modules linked in:
[   47.356922][ T4380] CPU: 1 PID: 4380 Comm: kworker/u5:1 Tainted: G    B   W          syzkaller #0
[   47.358263][ T4380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/03/2025
[   47.359672][ T4380] Workqueue: hci0 hci_rx_work
[   47.360441][ T4380] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
[   47.361605][ T4380] pc : apparmor_sk_clone_security+0xec/0x398
[   47.362434][ T4380] lr : apparmor_sk_clone_security+0xcc/0x398
[   47.363317][ T4380] sp : ffff800021137780
[   47.363965][ T4380] x29: ffff800021137780 x28: 1fffe0001a9806c9 x27: 1ffff00004226f04
[   47.365102][ T4380] x26: dfff800000000000 x25: 0000000000000005 x24: 1fffe000188bbba0
[   47.366265][ T4380] x23: dfff800000000000 x22: dfff800000000000 x21: 0000000000000000
[   47.367470][ T4380] x20: 0000000000000000 x19: ffff0000c45ddd00 x18: 0000000000000000
[   47.368653][ T4380] x17: ffff800008207378 x16: ffff8000082e9ca4 x15: ffff800010af18a4
[   47.369794][ T4380] x14: ffff800010b0ea28 x13: ffff80000802a690 x12: 0000000000ff0100
[   47.370922][ T4380] x11: ff0080000a513bb8 x10: 0000000000000000 x9 : ffff80000a513bb8
[   47.372089][ T4380] x8 : 0000000000000000 x7 : ffffffffffffffff x6 : ffff800010adee18
[   47.373244][ T4380] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80000a513b34
[   47.374448][ T4380] x2 : 0000000000000000 x1 : 0000000000000008 x0 : 0000000000000000
[   47.375659][ T4380] Call trace:
[   47.376116][ T4380]  apparmor_sk_clone_security+0xec/0x398
[   47.376914][ T4380]  security_sk_clone+0x58/0x9c
[   47.377563][ T4380]  sco_connect_cfm+0x564/0x8fc
[   47.378259][ T4380]  hci_sync_conn_complete_evt+0x460/0x90c
[   47.379121][ T4380]  hci_event_packet+0x6f4/0xf08
[   47.379950][ T4380]  hci_rx_work+0x324/0xaa0
[   47.380644][ T4380]  process_one_work+0x7f4/0x13a8
[   47.381378][ T4380]  worker_thread+0x8c8/0xfbc
[   47.382068][ T4380]  kthread+0x250/0x2d8
[   47.382642][ T4380]  ret_from_fork+0x10/0x20
[   47.383250][ T4380] Code: 710006df 5400104b 977e3d4c d343fe88 (38776908) 
[   47.384302][ T4380] ---[ end trace 0000000000000000 ]---
[   47.556071][ T4380] Kernel panic - not syncing: Oops: Fatal exception
[   47.556992][ T4380] SMP: stopping secondary CPUs
[   47.557649][ T4380] Kernel Offset: disabled
[   47.558205][ T4380] CPU features: 0x080000,000f0097,a65bfea7
[   47.559037][ T4380] Memory Limit: none
[   47.727417][ T4380] Rebooting in 86400 seconds..