Warning: Permanently added '10.128.0.62' (ED25519) to the list of known hosts.
2025/09/24 05:43:49 parsed 1 programs
[ 125.543239][ T5882] cgroup: Unknown subsys name 'net'
[ 125.639706][ T5882] cgroup: Unknown subsys name 'cpuset'
[ 125.649206][ T5882] cgroup: Unknown subsys name 'rlimit'
[ 127.452975][ T5882] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 130.876428][ T5895] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[ 131.076891][ T5901] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 131.089034][ T5901] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 131.099168][ T5901] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 131.108299][ T5901] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 131.116722][ T5901] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 131.540239][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 131.550831][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 131.586151][ T773] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 131.594138][ T773] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 133.075203][ T5933] chnl_net:caif_netlink_parms(): no params data found
[ 133.171692][ T5933] bridge0: port 1(bridge_slave_0) entered blocking state
[ 133.179486][ T5933] bridge0: port 1(bridge_slave_0) entered disabled state
[ 133.186915][ T5933] bridge_slave_0: entered allmulticast mode
[ 133.194679][ T5933] bridge_slave_0: entered promiscuous mode
[ 133.206449][ T5933] bridge0: port 2(bridge_slave_1) entered blocking state
[ 133.213896][ T5933] bridge0: port 2(bridge_slave_1) entered disabled state
[ 133.221296][ T5933] bridge_slave_1: entered allmulticast mode
[ 133.229233][ T5933] bridge_slave_1: entered promiscuous mode
[ 133.268377][ T5933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 133.281075][ T5933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 133.320229][ T5933] team0: Port device team_slave_0 added
[ 133.328779][ T5933] team0: Port device team_slave_1 added
[ 133.362230][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 133.369308][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 133.395580][ T5933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 133.409841][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 133.416946][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 133.443136][ T5933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 133.495620][ T5933] hsr_slave_0: entered promiscuous mode
[ 133.502592][ T5933] hsr_slave_1: entered promiscuous mode
[ 133.687358][ T5933] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 133.702953][ T5933] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 133.716492][ T5933] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 133.728328][ T5933] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 133.831366][ T5933] 8021q: adding VLAN 0 to HW filter on device bond0
[ 133.855844][ T5933] 8021q: adding VLAN 0 to HW filter on device team0
[ 133.871612][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 133.878983][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 133.898082][ T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 133.905310][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 134.123377][ T5933] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 134.183401][ T5933] veth0_vlan: entered promiscuous mode
[ 134.198689][ T5933] veth1_vlan: entered promiscuous mode
[ 134.232963][ T5933] veth0_macvtap: entered promiscuous mode
[ 134.243493][ T5933] veth1_macvtap: entered promiscuous mode
[ 134.268163][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 134.285341][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 134.303910][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 134.313754][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 134.326547][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 134.337178][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 134.489430][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 134.587618][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 134.668549][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 134.771667][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2025/09/24 05:44:04 executed programs: 0
[ 136.546135][ T5901] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 136.556038][ T5901] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 136.566712][ T5901] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 136.576305][ T5901] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 136.585242][ T5901] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 136.768101][ T5990] chnl_net:caif_netlink_parms(): no params data found
[ 136.897056][ T5990] bridge0: port 1(bridge_slave_0) entered blocking state
[ 136.904604][ T5990] bridge0: port 1(bridge_slave_0) entered disabled state
[ 136.911953][ T5990] bridge_slave_0: entered allmulticast mode
[ 136.920234][ T5990] bridge_slave_0: entered promiscuous mode
[ 136.943881][ T5990] bridge0: port 2(bridge_slave_1) entered blocking state
[ 136.952480][ T5990] bridge0: port 2(bridge_slave_1) entered disabled state
[ 136.960370][ T5990] bridge_slave_1: entered allmulticast mode
[ 136.968421][ T5990] bridge_slave_1: entered promiscuous mode
[ 137.037471][ T12] bridge_slave_1: left allmulticast mode
[ 137.043332][ T12] bridge_slave_1: left promiscuous mode
[ 137.050089][ T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 137.063778][ T12] bridge_slave_0: left allmulticast mode
[ 137.070163][ T12] bridge_slave_0: left promiscuous mode
[ 137.076250][ T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 137.361942][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 137.373750][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 137.384549][ T12] bond0 (unregistering): Released all slaves
[ 137.402248][ T5990] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 137.419283][ T5990] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 137.477317][ T5990] team0: Port device team_slave_0 added
[ 137.487531][ T5990] team0: Port device team_slave_1 added
[ 137.528240][ T5990] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 137.535460][ T5990] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 137.562775][ T5990] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 137.576425][ T5990] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 137.583720][ T5990] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 137.610805][ T5990] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 137.630687][ T12] hsr_slave_0: left promiscuous mode
[ 137.637340][ T12] hsr_slave_1: left promiscuous mode
[ 137.643787][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 137.651387][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 137.660548][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 137.669033][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 137.691731][ T12] veth1_macvtap: left promiscuous mode
[ 137.697776][ T12] veth0_macvtap: left promiscuous mode
[ 137.703636][ T12] veth1_vlan: left promiscuous mode
[ 137.710872][ T12] veth0_vlan: left promiscuous mode
[ 138.234627][ T12] team0 (unregistering): Port device team_slave_1 removed
[ 138.262303][ T12] team0 (unregistering): Port device team_slave_0 removed
[ 138.570248][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 138.579041][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 138.619346][ T5990] hsr_slave_0: entered promiscuous mode
[ 138.631321][ T5990] hsr_slave_1: entered promiscuous mode
[ 138.635531][ T53] Bluetooth: hci0: command tx timeout
[ 139.789733][ T5990] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 139.820010][ T5990] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 139.843225][ T5990] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 139.860438][ T5990] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 140.010886][ T5990] 8021q: adding VLAN 0 to HW filter on device bond0
[ 140.040516][ T5990] 8021q: adding VLAN 0 to HW filter on device team0
[ 140.056223][ T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 140.063456][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 140.086050][ T1167] bridge0: port 2(bridge_slave_1) entered blocking state
[ 140.093274][ T1167] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 140.393836][ T5990] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 140.473281][ T5990] veth0_vlan: entered promiscuous mode
[ 140.491843][ T5990] veth1_vlan: entered promiscuous mode
[ 140.536794][ T5990] veth0_macvtap: entered promiscuous mode
[ 140.549583][ T5990] veth1_macvtap: entered promiscuous mode
[ 140.579645][ T5990] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 140.600224][ T5990] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 140.624085][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 140.644915][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 140.653824][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 140.665103][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 140.715388][ T53] Bluetooth: hci0: command tx timeout
[ 140.761249][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 140.779362][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 140.823631][ T1167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 140.831800][ T1167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 140.890071][ T53] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[ 140.900456][ T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full)
[ 140.900497][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 140.900511][ T53] Workqueue: hci0 hci_rx_work
[ 140.900562][ T53] Call Trace:
[ 140.900572][ T53]
[ 140.900583][ T53] dump_stack_lvl+0x189/0x250
[ 140.900618][ T53] ? __pfx_dump_stack_lvl+0x10/0x10
[ 140.900643][ T53] ? __pfx__printk+0x10/0x10
[ 140.900679][ T53] ? kernfs_path_from_node+0x250/0x290
[ 140.900711][ T53] ? kernfs_path_from_node+0x2f/0x290
[ 140.900749][ T53] sysfs_create_dir_ns+0x259/0x280
[ 140.900782][ T53] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 140.900816][ T53] ? do_raw_spin_unlock+0x122/0x240
[ 140.900846][ T53] kobject_add_internal+0x59f/0xb40
[ 140.900887][ T53] kobject_add+0x155/0x220
[ 140.900922][ T53] ? __pfx_kobject_add+0x10/0x10
[ 140.900952][ T53] ? _raw_spin_unlock+0x28/0x50
[ 140.900982][ T53] ? get_device_parent+0x366/0x3a0
[ 140.901020][ T53] device_add+0x408/0xb50
[ 140.901058][ T53] hci_conn_add_sysfs+0xd5/0x1e0
[ 140.901087][ T53] le_conn_complete_evt+0xf39/0x1500
[ 140.901135][ T53] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 140.901170][ T53] ? __mutex_unlock_slowpath+0x1a1/0x740
[ 140.901200][ T53] ? __asan_memcpy+0x40/0x70
[ 140.901240][ T53] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 140.901271][ T53] ? skb_pull_data+0xfb/0x200
[ 140.901299][ T53] hci_le_conn_complete_evt+0x187/0x450
[ 140.901339][ T53] hci_event_packet+0x78f/0x1200
[ 140.901370][ T53] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 140.901404][ T53] ? __pfx_hci_event_packet+0x10/0x10
[ 140.901432][ T53] ? kcov_remote_start+0x18e/0x7f0
[ 140.901460][ T53] ? local_clock_noinstr+0xe0/0xe0
[ 140.901500][ T53] ? hci_send_to_monitor+0xe2/0x570
[ 140.901536][ T53] hci_rx_work+0x46a/0xe80
[ 140.901571][ T53] ? process_scheduled_works+0x9ef/0x17b0
[ 140.901607][ T53] process_scheduled_works+0xae1/0x17b0
[ 140.901670][ T53] ? __pfx_process_scheduled_works+0x10/0x10
[ 140.901724][ T53] worker_thread+0x8a0/0xda0
[ 140.901784][ T53] kthread+0x711/0x8a0
[ 140.901813][ T53] ? __pfx_worker_thread+0x10/0x10
[ 140.901846][ T53] ? __pfx_kthread+0x10/0x10
[ 140.901874][ T53] ? _raw_spin_unlock_irq+0x23/0x50
[ 140.901900][ T53] ? lockdep_hardirqs_on+0x9c/0x150
[ 140.901926][ T53] ? __pfx_kthread+0x10/0x10
[ 140.901953][ T53] ret_from_fork+0x4bc/0x870
[ 140.901989][ T53] ? __pfx_ret_from_fork+0x10/0x10
[ 140.902037][ T53] ? __switch_to_asm+0x39/0x70
[ 140.902065][ T53] ? __switch_to_asm+0x33/0x70
[ 140.902091][ T53] ? __pfx_kthread+0x10/0x10
[ 140.902118][ T53] ret_from_fork_asm+0x1a/0x30
[ 140.902165][ T53]
[ 140.902199][ T53] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 141.194145][ T53] Bluetooth: hci0: failed to register connection device
[ 141.205020][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[ 141.210983][ T53] ==================================================================
[ 141.221467][ T53] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x6e4/0x1040
[ 141.229523][ T53] Read of size 8 at addr ffff888076428480 by task kworker/u9:0/53
[ 141.237389][ T53]
[ 141.239747][ T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full)
[ 141.239774][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 141.239789][ T53] Workqueue: hci0 hci_rx_work
[ 141.239819][ T53] Call Trace:
[ 141.239828][ T53]
[ 141.239837][ T53] dump_stack_lvl+0x189/0x250
[ 141.239864][ T53] ? __kasan_check_byte+0x12/0x40
[ 141.239891][ T53] ? __pfx_dump_stack_lvl+0x10/0x10
[ 141.239914][ T53] ? lock_release+0x4b/0x3e0
[ 141.239948][ T53] ? __virt_addr_valid+0x4a5/0x5c0
[ 141.239975][ T53] print_report+0xca/0x240
[ 141.240008][ T53] ? l2cap_connect_cfm+0x6e4/0x1040
[ 141.240042][ T53] kasan_report+0x118/0x150
[ 141.240081][ T53] ? l2cap_connect_cfm+0x6e4/0x1040
[ 141.240120][ T53] l2cap_connect_cfm+0x6e4/0x1040
[ 141.240160][ T53] ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 141.240198][ T53] ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 141.240233][ T53] hci_connect_cfm+0x95/0x140
[ 141.240266][ T53] le_conn_complete_evt+0xfb8/0x1500
[ 141.240306][ T53] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 141.240338][ T53] ? __mutex_unlock_slowpath+0x1a1/0x740
[ 141.240370][ T53] ? __asan_memcpy+0x40/0x70
[ 141.240417][ T53] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 141.240449][ T53] ? skb_pull_data+0xfb/0x200
[ 141.240474][ T53] hci_le_conn_complete_evt+0x187/0x450
[ 141.240509][ T53] hci_event_packet+0x78f/0x1200
[ 141.240536][ T53] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 141.240567][ T53] ? __pfx_hci_event_packet+0x10/0x10
[ 141.240594][ T53] ? kcov_remote_start+0x18e/0x7f0
[ 141.240623][ T53] ? local_clock_noinstr+0xe0/0xe0
[ 141.240652][ T53] ? hci_send_to_monitor+0xe2/0x570
[ 141.240687][ T53] hci_rx_work+0x46a/0xe80
[ 141.240718][ T53] ? process_scheduled_works+0x9ef/0x17b0
[ 141.240753][ T53] process_scheduled_works+0xae1/0x17b0
[ 141.240802][ T53] ? __pfx_process_scheduled_works+0x10/0x10
[ 141.240845][ T53] worker_thread+0x8a0/0xda0
[ 141.240892][ T53] kthread+0x711/0x8a0
[ 141.240918][ T53] ? __pfx_worker_thread+0x10/0x10
[ 141.240951][ T53] ? __pfx_kthread+0x10/0x10
[ 141.240976][ T53] ? _raw_spin_unlock_irq+0x23/0x50
[ 141.241003][ T53] ? lockdep_hardirqs_on+0x9c/0x150
[ 141.241030][ T53] ? __pfx_kthread+0x10/0x10
[ 141.241053][ T53] ret_from_fork+0x4bc/0x870
[ 141.241086][ T53] ? __pfx_ret_from_fork+0x10/0x10
[ 141.241121][ T53] ? __switch_to_asm+0x39/0x70
[ 141.241149][ T53] ? __switch_to_asm+0x33/0x70
[ 141.241175][ T53] ? __pfx_kthread+0x10/0x10
[ 141.241198][ T53] ret_from_fork_asm+0x1a/0x30
[ 141.241236][ T53]
[ 141.241245][ T53]
[ 141.494676][ T53] Allocated by task 53:
[ 141.498837][ T53] kasan_save_track+0x3e/0x80
[ 141.503551][ T53] __kasan_kmalloc+0x93/0xb0
[ 141.508158][ T53] __kmalloc_cache_noprof+0x3d5/0x6f0
[ 141.513552][ T53] l2cap_chan_create+0x50/0x760
[ 141.518506][ T53] l2cap_sock_new_connection_cb+0x182/0x2b0
[ 141.524422][ T53] l2cap_connect_cfm+0x37a/0x1040
[ 141.529682][ T53] hci_connect_cfm+0x95/0x140
[ 141.534382][ T53] le_conn_complete_evt+0xfb8/0x1500
[ 141.539712][ T53] hci_le_conn_complete_evt+0x187/0x450
[ 141.545277][ T53] hci_event_packet+0x78f/0x1200
[ 141.550333][ T53] hci_rx_work+0x46a/0xe80
[ 141.554782][ T53] process_scheduled_works+0xae1/0x17b0
[ 141.560367][ T53] worker_thread+0x8a0/0xda0
[ 141.564988][ T53] kthread+0x711/0x8a0
[ 141.569074][ T53] ret_from_fork+0x4bc/0x870
[ 141.573690][ T53] ret_from_fork_asm+0x1a/0x30
[ 141.578480][ T53]
[ 141.580849][ T53] Freed by task 6064:
[ 141.585016][ T53] kasan_save_track+0x3e/0x80
[ 141.589832][ T53] __kasan_save_free_info+0x46/0x50
[ 141.595486][ T53] __kasan_slab_free+0x5c/0x80
[ 141.600295][ T53] kfree+0x19a/0x6d0
[ 141.604219][ T53] l2cap_sock_cleanup_listen+0xea/0x3e0
[ 141.609797][ T53] l2cap_sock_release+0x6a/0x210
[ 141.614753][ T53] sock_close+0xc3/0x240
[ 141.619007][ T53] __fput+0x44c/0xa70
[ 141.623002][ T53] task_work_run+0x1d4/0x260
[ 141.627610][ T53] exit_to_user_mode_loop+0xe9/0x130
[ 141.632936][ T53] do_syscall_64+0x2bd/0xfa0
[ 141.637581][ T53] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 141.643547][ T53]
[ 141.645978][ T53] The buggy address belongs to the object at ffff888076428000
[ 141.645978][ T53] which belongs to the cache kmalloc-2k of size 2048
[ 141.660149][ T53] The buggy address is located 1152 bytes inside of
[ 141.660149][ T53] freed 2048-byte region [ffff888076428000, ffff888076428800)
[ 141.674406][ T53]
[ 141.676757][ T53] The buggy address belongs to the physical page:
[ 141.683194][ T53] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x76428
[ 141.691982][ T53] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 141.700496][ T53] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 141.708070][ T53] page_type: f5(slab)
[ 141.712070][ T53] raw: 00fff00000000040 ffff88813fe27000 dead000000000122 0000000000000000
[ 141.720673][ T53] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[ 141.729309][ T53] head: 00fff00000000040 ffff88813fe27000 dead000000000122 0000000000000000
[ 141.738078][ T53] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[ 141.746851][ T53] head: 00fff00000000003 ffffea0001d90a01 00000000ffffffff 00000000ffffffff
[ 141.755537][ T53] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 141.764244][ T53] page dumped because: kasan: bad access detected
[ 141.770703][ T53] page_owner tracks the page as allocated
[ 141.776429][ T53] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 53, tgid 53 (kworker/u9:0), ts 141201948379, free_ts 139381305461
[ 141.795587][ T53] post_alloc_hook+0x240/0x2a0
[ 141.800574][ T53] get_page_from_freelist+0x2365/0x2440
[ 141.806145][ T53] __alloc_frozen_pages_noprof+0x181/0x370
[ 141.811969][ T53] alloc_pages_mpol+0x232/0x4a0
[ 141.816852][ T53] allocate_slab+0x96/0x3a0
[ 141.821375][ T53] ___slab_alloc+0xe94/0x1920
[ 141.826073][ T53] __slab_alloc+0x65/0x100
[ 141.830644][ T53] __kmalloc_cache_noprof+0x411/0x6f0
[ 141.836115][ T53] l2cap_chan_create+0x50/0x760
[ 141.841066][ T53] l2cap_sock_new_connection_cb+0x182/0x2b0
[ 141.846972][ T53] l2cap_connect_cfm+0x37a/0x1040
[ 141.852123][ T53] hci_connect_cfm+0x95/0x140
[ 141.856819][ T53] le_conn_complete_evt+0xfb8/0x1500
[ 141.862127][ T53] hci_le_conn_complete_evt+0x187/0x450
[ 141.867697][ T53] hci_event_packet+0x78f/0x1200
[ 141.872663][ T53] hci_rx_work+0x46a/0xe80
[ 141.877097][ T53] page last free pid 12 tgid 12 stack trace:
[ 141.883088][ T53] __free_frozen_pages+0xbc4/0xd30
[ 141.888259][ T53] __slab_free+0x2e7/0x390
[ 141.892716][ T53] qlist_free_all+0x97/0x140
[ 141.897324][ T53] kasan_quarantine_reduce+0x148/0x160
[ 141.902800][ T53] __kasan_slab_alloc+0x22/0x80
[ 141.907666][ T53] __kmalloc_cache_noprof+0x36f/0x6f0
[ 141.913052][ T53] gro_cells_destroy+0x357/0x430
[ 141.918019][ T53] ip_tunnel_dev_free+0x19/0x30
[ 141.922888][ T53] netdev_run_todo+0xe53/0x1020
[ 141.927752][ T53] ops_undo_list+0x3e1/0x990
[ 141.932356][ T53] cleanup_net+0x4d8/0x820
[ 141.936785][ T53] process_scheduled_works+0xae1/0x17b0
[ 141.942351][ T53] worker_thread+0x8a0/0xda0
[ 141.946967][ T53] kthread+0x711/0x8a0
[ 141.951049][ T53] ret_from_fork+0x4bc/0x870
[ 141.955668][ T53] ret_from_fork_asm+0x1a/0x30
[ 141.960454][ T53]
[ 141.962877][ T53] Memory state around the buggy address:
[ 141.968517][ T53] ffff888076428380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 141.976589][ T53] ffff888076428400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 141.984697][ T53] >ffff888076428480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 141.992769][ T53] ^
[ 141.996848][ T53] ffff888076428500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 142.004919][ T53] ffff888076428580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 142.012986][ T53] ==================================================================
[ 142.031655][ T53] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 142.038936][ T53] CPU: 0 UID: 0 PID: 53 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT(full)
[ 142.048270][ T53] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 142.058498][ T53] Workqueue: hci0 hci_rx_work
[ 142.063227][ T53] Call Trace:
[ 142.066532][ T53]
[ 142.069490][ T53] dump_stack_lvl+0x99/0x250
[ 142.074115][ T53] ? __asan_memcpy+0x40/0x70
[ 142.078758][ T53] ? __pfx_dump_stack_lvl+0x10/0x10
[ 142.084000][ T53] ? __pfx__printk+0x10/0x10
[ 142.088645][ T53] vpanic+0x237/0x6d0
[ 142.092680][ T53] ? __pfx_vpanic+0x10/0x10
[ 142.097319][ T53] ? preempt_schedule+0xae/0xc0
[ 142.102246][ T53] ? __pfx_preempt_schedule+0x10/0x10
[ 142.107674][ T53] panic+0xb9/0xc0
[ 142.111444][ T53] ? __pfx_panic+0x10/0x10
[ 142.115902][ T53] ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 142.121842][ T53] ? l2cap_connect_cfm+0x6e4/0x1040
[ 142.127344][ T53] check_panic_on_warn+0x89/0xb0
[ 142.132351][ T53] ? l2cap_connect_cfm+0x6e4/0x1040
[ 142.137755][ T53] end_report+0x78/0x160
[ 142.142054][ T53] kasan_report+0x129/0x150
[ 142.146819][ T53] ? l2cap_connect_cfm+0x6e4/0x1040
[ 142.152066][ T53] l2cap_connect_cfm+0x6e4/0x1040
[ 142.157155][ T53] ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 142.162681][ T53] ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 142.168168][ T53] hci_connect_cfm+0x95/0x140
[ 142.172938][ T53] le_conn_complete_evt+0xfb8/0x1500
[ 142.178294][ T53] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 142.184054][ T53] ? __mutex_unlock_slowpath+0x1a1/0x740
[ 142.189723][ T53] ? __asan_memcpy+0x40/0x70
[ 142.194375][ T53] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 142.200400][ T53] ? skb_pull_data+0xfb/0x200
[ 142.205289][ T53] hci_le_conn_complete_evt+0x187/0x450
[ 142.210908][ T53] hci_event_packet+0x78f/0x1200
[ 142.215948][ T53] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 142.221289][ T53] ? __pfx_hci_event_packet+0x10/0x10
[ 142.226722][ T53] ? kcov_remote_start+0x18e/0x7f0
[ 142.231859][ T53] ? local_clock_noinstr+0xe0/0xe0
[ 142.237083][ T53] ? hci_send_to_monitor+0xe2/0x570
[ 142.242311][ T53] hci_rx_work+0x46a/0xe80
[ 142.246758][ T53] ? process_scheduled_works+0x9ef/0x17b0
[ 142.252530][ T53] process_scheduled_works+0xae1/0x17b0
[ 142.258199][ T53] ? __pfx_process_scheduled_works+0x10/0x10
[ 142.264279][ T53] worker_thread+0x8a0/0xda0
[ 142.268950][ T53] kthread+0x711/0x8a0
[ 142.273068][ T53] ? __pfx_worker_thread+0x10/0x10
[ 142.278244][ T53] ? __pfx_kthread+0x10/0x10
[ 142.282853][ T53] ? _raw_spin_unlock_irq+0x23/0x50
[ 142.288069][ T53] ? lockdep_hardirqs_on+0x9c/0x150
[ 142.293290][ T53] ? __pfx_kthread+0x10/0x10
[ 142.297899][ T53] ret_from_fork+0x4bc/0x870
[ 142.302513][ T53] ? __pfx_ret_from_fork+0x10/0x10
[ 142.307650][ T53] ? __switch_to_asm+0x39/0x70
[ 142.312433][ T53] ? __switch_to_asm+0x33/0x70
[ 142.317222][ T53] ? __pfx_kthread+0x10/0x10
[ 142.321829][ T53] ret_from_fork_asm+0x1a/0x30
[ 142.326631][ T53]
[ 142.330016][ T53] Kernel Offset: disabled
[ 142.334362][ T53] Rebooting in 86400 seconds..