[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts.
2021/10/09 23:49:23 parsed 1 programs
2021/10/09 23:49:24 executed programs: 0
syzkaller login: [ 1581.294488][   T26] audit: type=1400 audit(1633823364.041:8): avc:  denied  { execmem } for  pid=6566 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[ 1582.654178][ T6567] chnl_net:caif_netlink_parms(): no params data found
[ 1582.750622][ T6567] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1582.758211][ T6567] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1582.767982][ T6567] device bridge_slave_0 entered promiscuous mode
[ 1582.778839][ T6567] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1582.786432][ T6567] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1582.794582][ T6567] device bridge_slave_1 entered promiscuous mode
[ 1582.826834][ T6567] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1582.838603][ T6567] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1582.874465][ T6567] team0: Port device team_slave_0 added
[ 1582.882079][ T6567] team0: Port device team_slave_1 added
[ 1582.907745][ T6567] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1582.914731][ T6567] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1582.941328][ T6567] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1582.954524][ T6567] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1582.961531][ T6567] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1582.987766][ T6567] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1583.027417][ T6567] device hsr_slave_0 entered promiscuous mode
[ 1583.034686][ T6567] device hsr_slave_1 entered promiscuous mode
[ 1583.168209][ T6567] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1583.181168][ T6567] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1583.191800][ T6567] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1583.202700][ T6567] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1583.227098][ T6567] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1583.234330][ T6567] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1583.242236][ T6567] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1583.249368][ T6567] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1583.299981][ T6567] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1583.313007][ T6543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1583.325142][ T6543] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1583.334350][ T6543] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1583.343270][ T6543] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 1583.356229][ T6567] 8021q: adding VLAN 0 to HW filter on device team0
[ 1583.367523][ T1913] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1583.376177][ T1913] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1583.383290][ T1913] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1583.401595][ T6904] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1583.410322][ T6904] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1583.417347][ T6904] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1583.439833][ T6904] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1583.448532][ T6904] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1583.457465][ T6904] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1583.466129][ T6904] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1583.478800][ T6901] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1583.490682][ T6567] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1583.507474][ T6543] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1583.516690][ T6543] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1583.529686][ T6567] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1583.547574][ T6904] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1583.569490][ T6904] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1583.577849][ T6904] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1583.586762][ T6904] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1583.596350][ T6567] device veth0_vlan entered promiscuous mode
[ 1583.611132][ T6567] device veth1_vlan entered promiscuous mode
[ 1583.629821][ T6904] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1583.637811][ T6904] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1583.653263][ T6567] device veth0_macvtap entered promiscuous mode
[ 1583.660959][ T6904] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1583.671233][ T6904] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1583.682361][ T6567] device veth1_macvtap entered promiscuous mode
[ 1583.691885][ T6904] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1583.700357][ T6904] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1583.717381][ T6567] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1583.729164][ T6543] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1583.742676][ T6543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1583.752829][ T6567] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1583.760578][ T6904] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1583.769647][ T6904] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1583.781454][ T6567] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1583.790413][ T6567] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1583.800875][ T6567] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1583.810357][ T6567] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1583.926065][   T10] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1583.937745][   T10] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1583.964899][ T6904] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1583.991530][   T10] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1584.000383][   T10] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1584.009462][ T6904] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1584.440326][ T6904] Bluetooth: hci0: command 0x0409 tx timeout
2021/10/09 23:49:29 executed programs: 61
[ 1586.519501][ T6905] Bluetooth: hci0: command 0x041b tx timeout
[ 1588.598853][ T6904] Bluetooth: hci0: command 0x040f tx timeout
[ 1590.678475][ T6904] Bluetooth: hci0: command 0x0419 tx timeout
2021/10/09 23:49:34 executed programs: 203
[ 1592.760225][ T6904] Bluetooth: hci0: command 0x0405 tx timeout
2021/10/09 23:49:39 executed programs: 353
2021/10/09 23:49:44 executed programs: 494
2021/10/09 23:49:49 executed programs: 634
[ 1606.848889][ T1358] ieee802154 phy0 wpan0: encryption failed: -22
[ 1606.855514][ T1358] ieee802154 phy1 wpan1: encryption failed: -22
2021/10/09 23:49:54 executed programs: 769
2021/10/09 23:49:59 executed programs: 903
2021/10/09 23:50:04 executed programs: 1041
2021/10/09 23:50:09 executed programs: 1185
2021/10/09 23:50:14 executed programs: 1331
2021/10/09 23:50:19 executed programs: 1475
2021/10/09 23:50:24 executed programs: 1620
2021/10/09 23:50:29 executed programs: 1757
2021/10/09 23:50:34 executed programs: 1892
2021/10/09 23:50:39 executed programs: 2034
[ 1658.684624][ T6543] ==================================================================
[ 1658.692705][ T6543] BUG: KASAN: use-after-free in __lock_acquire+0x3d86/0x54a0
[ 1658.700155][ T6543] Read of size 8 at addr ffff888012bd9120 by task kworker/0:0/6543
[ 1658.708047][ T6543] 
[ 1658.710364][ T6543] CPU: 0 PID: 6543 Comm: kworker/0:0 Not tainted 5.15.0-rc4-syzkaller #0
[ 1658.718774][ T6543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1658.728826][ T6543] Workqueue: events l2cap_chan_timeout
[ 1658.734378][ T6543] Call Trace:
[ 1658.737651][ T6543]  dump_stack_lvl+0xcd/0x134
[ 1658.742293][ T6543]  print_address_description.constprop.0.cold+0x6c/0x2d6
[ 1658.749361][ T6543]  ? __lock_acquire+0x3d86/0x54a0
[ 1658.754391][ T6543]  ? __lock_acquire+0x3d86/0x54a0
[ 1658.759421][ T6543]  kasan_report.cold+0x83/0xdf
[ 1658.764189][ T6543]  ? __lock_acquire+0x3d86/0x54a0
[ 1658.769217][ T6543]  __lock_acquire+0x3d86/0x54a0
[ 1658.774075][ T6543]  ? mark_lock+0xef/0x17b0
[ 1658.778497][ T6543]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 1658.784357][ T6543]  ? debug_object_assert_init+0x246/0x2e0
[ 1658.790120][ T6543]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 1658.796096][ T6543]  lock_acquire+0x1ab/0x510
[ 1658.800614][ T6543]  ? l2cap_sock_teardown_cb+0xa1/0x660
[ 1658.806076][ T6543]  ? lock_release+0x720/0x720
[ 1658.810749][ T6543]  ? mark_held_locks+0x9f/0xe0
[ 1658.815505][ T6543]  ? cancel_delayed_work+0x2bd/0x340
[ 1658.820809][ T6543]  lock_sock_nested+0x2f/0xf0
[ 1658.825524][ T6543]  ? l2cap_sock_teardown_cb+0xa1/0x660
[ 1658.830982][ T6543]  l2cap_sock_teardown_cb+0xa1/0x660
[ 1658.836264][ T6543]  ? __mutex_lock+0x21c/0x12f0
[ 1658.841019][ T6543]  l2cap_chan_del+0xbc/0xa80
[ 1658.845603][ T6543]  l2cap_chan_close+0x1b9/0xaf0
[ 1658.850453][ T6543]  ? l2cap_rx+0x1fb0/0x1fb0
[ 1658.854962][ T6543]  ? lock_release+0x720/0x720
[ 1658.859634][ T6543]  ? lock_downgrade+0x6e0/0x6e0
[ 1658.864477][ T6543]  ? do_raw_spin_lock+0x120/0x2b0
[ 1658.869497][ T6543]  l2cap_chan_timeout+0x17e/0x2f0
[ 1658.874519][ T6543]  process_one_work+0x9bf/0x16b0
[ 1658.879492][ T6543]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 1658.884863][ T6543]  ? rwlock_bug.part.0+0x90/0x90
[ 1658.889795][ T6543]  ? _raw_spin_lock_irq+0x41/0x50
[ 1658.894817][ T6543]  worker_thread+0x658/0x11f0
[ 1658.899494][ T6543]  ? process_one_work+0x16b0/0x16b0
[ 1658.904691][ T6543]  kthread+0x3e5/0x4d0
[ 1658.908786][ T6543]  ? set_kthread_struct+0x130/0x130
[ 1658.913980][ T6543]  ret_from_fork+0x1f/0x30
[ 1658.918421][ T6543] 
[ 1658.920736][ T6543] Allocated by task 13996:
[ 1658.925131][ T6543]  kasan_save_stack+0x1b/0x40
[ 1658.929847][ T6543]  __kasan_kmalloc+0xa1/0xd0
[ 1658.934434][ T6543]  __kmalloc+0x214/0x4d0
[ 1658.938668][ T6543]  sk_prot_alloc+0x110/0x290
[ 1658.943248][ T6543]  sk_alloc+0x30/0xa60
[ 1658.947306][ T6543]  l2cap_sock_alloc.constprop.0+0x31/0x230
[ 1658.953111][ T6543]  l2cap_sock_create+0x123/0x1f0
[ 1658.958044][ T6543]  bt_sock_create+0x17c/0x340
[ 1658.962770][ T6543]  __sock_create+0x353/0x790
[ 1658.967384][ T6543]  __sys_socket+0xef/0x200
[ 1658.971794][ T6543]  __x64_sys_socket+0x6f/0xb0
[ 1658.976464][ T6543]  do_syscall_64+0x35/0xb0
[ 1658.980878][ T6543]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1658.986765][ T6543] 
[ 1658.989071][ T6543] Freed by task 13995:
[ 1658.993120][ T6543]  kasan_save_stack+0x1b/0x40
[ 1658.997791][ T6543]  kasan_set_track+0x1c/0x30
[ 1659.002374][ T6543]  kasan_set_free_info+0x20/0x30
[ 1659.007307][ T6543]  __kasan_slab_free+0xd1/0x110
[ 1659.012151][ T6543]  kfree+0x10a/0x2c0
[ 1659.016034][ T6543]  __sk_destruct+0x6a8/0x900
[ 1659.020614][ T6543]  sk_destruct+0xbd/0xe0
[ 1659.024851][ T6543]  __sk_free+0xef/0x3d0
[ 1659.028999][ T6543]  sk_free+0x78/0xa0
[ 1659.032885][ T6543]  l2cap_sock_kill+0x203/0x240
[ 1659.037644][ T6543]  l2cap_sock_release+0x184/0x200
[ 1659.042659][ T6543]  __sock_release+0xcd/0x280
[ 1659.047245][ T6543]  sock_close+0x18/0x20
[ 1659.051390][ T6543]  __fput+0x288/0x9f0
[ 1659.055404][ T6543]  task_work_run+0xdd/0x1a0
[ 1659.059898][ T6543]  exit_to_user_mode_prepare+0x27e/0x290
[ 1659.065547][ T6543]  syscall_exit_to_user_mode+0x19/0x60
[ 1659.071001][ T6543]  do_syscall_64+0x42/0xb0
[ 1659.075404][ T6543]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1659.081292][ T6543] 
[ 1659.083602][ T6543] Last potentially related work creation:
[ 1659.089297][ T6543]  kasan_save_stack+0x1b/0x40
[ 1659.093968][ T6543]  kasan_record_aux_stack+0xa7/0xd0
[ 1659.099160][ T6543]  insert_work+0x48/0x370
[ 1659.103491][ T6543]  __queue_work+0x5ca/0xee0
[ 1659.108004][ T6543]  queue_work_on+0xee/0x110
[ 1659.112504][ T6543]  release_tty+0x4e9/0x610
[ 1659.116978][ T6543]  tty_release_struct+0xb4/0xe0
[ 1659.121819][ T6543]  tty_release+0xc70/0x1200
[ 1659.126314][ T6543]  __fput+0x288/0x9f0
[ 1659.130292][ T6543]  task_work_run+0xdd/0x1a0
[ 1659.134790][ T6543]  exit_to_user_mode_prepare+0x27e/0x290
[ 1659.140415][ T6543]  syscall_exit_to_user_mode+0x19/0x60
[ 1659.145869][ T6543]  do_syscall_64+0x42/0xb0
[ 1659.150274][ T6543]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1659.156168][ T6543] 
[ 1659.158482][ T6543] Second to last potentially related work creation:
[ 1659.165052][ T6543]  kasan_save_stack+0x1b/0x40
[ 1659.169729][ T6543]  kasan_record_aux_stack+0xa7/0xd0
[ 1659.174924][ T6543]  call_rcu+0xb1/0x750
[ 1659.179027][ T6543]  netlink_release+0xdd4/0x1dd0
[ 1659.183900][ T6543]  __sock_release+0xcd/0x280
[ 1659.188484][ T6543]  sock_close+0x18/0x20
[ 1659.192636][ T6543]  __fput+0x288/0x9f0
[ 1659.196613][ T6543]  task_work_run+0xdd/0x1a0
[ 1659.201118][ T6543]  do_exit+0xbae/0x2a30
[ 1659.205308][ T6543]  do_group_exit+0x125/0x310
[ 1659.209893][ T6543]  __x64_sys_exit_group+0x3a/0x50
[ 1659.214911][ T6543]  do_syscall_64+0x35/0xb0
[ 1659.219321][ T6543]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 1659.225211][ T6543] 
[ 1659.227521][ T6543] The buggy address belongs to the object at ffff888012bd9000
[ 1659.227521][ T6543]  which belongs to the cache kmalloc-2k of size 2048
[ 1659.241560][ T6543] The buggy address is located 288 bytes inside of
[ 1659.241560][ T6543]  2048-byte region [ffff888012bd9000, ffff888012bd9800)
[ 1659.254999][ T6543] The buggy address belongs to the page:
[ 1659.260616][ T6543] page:ffffea00004af640 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12bd9
[ 1659.270769][ T6543] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 1659.278311][ T6543] raw: 00fff00000000200 ffffea00004b7ec8 ffffea00004af148 ffff888010c40800
[ 1659.286891][ T6543] raw: 0000000000000000 ffff888012bd9000 0000000100000001 0000000000000000
[ 1659.295464][ T6543] page dumped because: kasan: bad access detected
[ 1659.301877][ T6543] page_owner tracks the page as allocated
[ 1659.307577][ T6543] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 1, ts 2267341060, free_ts 2222951440
[ 1659.324938][ T6543]  get_page_from_freelist+0xa72/0x2f80
[ 1659.330480][ T6543]  __alloc_pages+0x1b2/0x500
[ 1659.335071][ T6543]  cache_grow_begin+0x75/0x460
[ 1659.339835][ T6543]  cache_alloc_refill+0x27f/0x380
[ 1659.344854][ T6543]  kmem_cache_alloc_trace+0x38c/0x480
[ 1659.350220][ T6543]  acpi_ds_create_walk_state+0x88/0x1ff
[ 1659.355827][ T6543]  acpi_ps_execute_method+0x19d/0x61c
[ 1659.361220][ T6543]  acpi_ns_evaluate+0x6c7/0x966
[ 1659.366073][ T6543]  acpi_evaluate_object+0x3db/0x7f5
[ 1659.371271][ T6543]  acpi_evaluate_integer+0xbf/0x1e0
[ 1659.376523][ T6543]  acpi_bus_get_status+0x18c/0x370
[ 1659.381634][ T6543]  acpi_add_single_object+0x11c/0x1a10
[ 1659.387091][ T6543]  acpi_bus_check_add+0x1ad/0x5d0
[ 1659.392107][ T6543]  acpi_ns_walk_namespace+0x23d/0x41f
[ 1659.397477][ T6543]  acpi_walk_namespace+0xee/0x127
[ 1659.402495][ T6543]  acpi_bus_scan+0x171/0x1c0
[ 1659.407073][ T6543] page last free stack trace:
[ 1659.411730][ T6543]  free_pcp_prepare+0x2c5/0x780
[ 1659.416572][ T6543]  free_unref_page+0x19/0x690
[ 1659.421240][ T6543]  slabs_destroy+0x89/0xc0
[ 1659.425651][ T6543]  __kmem_cache_shrink+0xd3/0x180
[ 1659.430672][ T6543]  acpi_os_purge_cache+0x11/0x20
[ 1659.435611][ T6543]  acpi_purge_cached_objects+0x37/0xd0
[ 1659.441105][ T6543]  acpi_initialize_objects+0x2b/0x95
[ 1659.446428][ T6543]  acpi_init+0x1cd/0x971
[ 1659.450659][ T6543]  do_one_initcall+0x103/0x650
[ 1659.455420][ T6543]  kernel_init_freeable+0x6b1/0x73a
[ 1659.460625][ T6543]  kernel_init+0x1a/0x1d0
[ 1659.464950][ T6543]  ret_from_fork+0x1f/0x30
[ 1659.469359][ T6543] 
[ 1659.471668][ T6543] Memory state around the buggy address:
[ 1659.477285][ T6543]  ffff888012bd9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1659.485332][ T6543]  ffff888012bd9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1659.493380][ T6543] >ffff888012bd9100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1659.501424][ T6543]                                ^
[ 1659.506518][ T6543]  ffff888012bd9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1659.514567][ T6543]  ffff888012bd9200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1659.522609][ T6543] ==================================================================
[ 1659.530650][ T6543] Disabling lock debugging due to kernel taint
[ 1659.536782][ T6543] Kernel panic - not syncing: panic_on_warn set ...
[ 1659.543350][ T6543] CPU: 0 PID: 6543 Comm: kworker/0:0 Tainted: G    B             5.15.0-rc4-syzkaller #0
[ 1659.553142][ T6543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1659.563185][ T6543] Workqueue: events l2cap_chan_timeout
[ 1659.568643][ T6543] Call Trace:
[ 1659.571913][ T6543]  dump_stack_lvl+0xcd/0x134
[ 1659.576495][ T6543]  panic+0x2b0/0x6dd
[ 1659.580403][ T6543]  ? __warn_printk+0xf3/0xf3
[ 1659.584994][ T6543]  ? __lock_acquire+0x3d86/0x54a0
[ 1659.590012][ T6543]  ? __lock_acquire+0x3d86/0x54a0
[ 1659.595027][ T6543]  ? __lock_acquire+0x3d86/0x54a0
[ 1659.600043][ T6543]  end_report.cold+0x63/0x6f
[ 1659.604647][ T6543]  kasan_report.cold+0x71/0xdf
[ 1659.609401][ T6543]  ? __lock_acquire+0x3d86/0x54a0
[ 1659.614418][ T6543]  __lock_acquire+0x3d86/0x54a0
[ 1659.619262][ T6543]  ? mark_lock+0xef/0x17b0
[ 1659.623680][ T6543]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[ 1659.629491][ T6543]  ? debug_object_assert_init+0x246/0x2e0
[ 1659.635217][ T6543]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 1659.641191][ T6543]  lock_acquire+0x1ab/0x510
[ 1659.645694][ T6543]  ? l2cap_sock_teardown_cb+0xa1/0x660
[ 1659.651153][ T6543]  ? lock_release+0x720/0x720
[ 1659.655820][ T6543]  ? mark_held_locks+0x9f/0xe0
[ 1659.660573][ T6543]  ? cancel_delayed_work+0x2bd/0x340
[ 1659.666022][ T6543]  lock_sock_nested+0x2f/0xf0
[ 1659.670690][ T6543]  ? l2cap_sock_teardown_cb+0xa1/0x660
[ 1659.676155][ T6543]  l2cap_sock_teardown_cb+0xa1/0x660
[ 1659.681435][ T6543]  ? __mutex_lock+0x21c/0x12f0
[ 1659.686190][ T6543]  l2cap_chan_del+0xbc/0xa80
[ 1659.690774][ T6543]  l2cap_chan_close+0x1b9/0xaf0
[ 1659.695619][ T6543]  ? l2cap_rx+0x1fb0/0x1fb0
[ 1659.700117][ T6543]  ? lock_release+0x720/0x720
[ 1659.704784][ T6543]  ? lock_downgrade+0x6e0/0x6e0
[ 1659.709625][ T6543]  ? do_raw_spin_lock+0x120/0x2b0
[ 1659.714643][ T6543]  l2cap_chan_timeout+0x17e/0x2f0
[ 1659.719661][ T6543]  process_one_work+0x9bf/0x16b0
[ 1659.724603][ T6543]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 1659.729971][ T6543]  ? rwlock_bug.part.0+0x90/0x90
[ 1659.734898][ T6543]  ? _raw_spin_lock_irq+0x41/0x50
[ 1659.739916][ T6543]  worker_thread+0x658/0x11f0
[ 1659.744588][ T6543]  ? process_one_work+0x16b0/0x16b0
[ 1659.749782][ T6543]  kthread+0x3e5/0x4d0
[ 1659.753844][ T6543]  ? set_kthread_struct+0x130/0x130
[ 1659.759035][ T6543]  ret_from_fork+0x1f/0x30
[ 1659.763670][ T6543] Kernel Offset: disabled
[ 1659.767981][ T6543] Rebooting in 86400 seconds..