[  453.834263][   T48] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  453.882875][   T48] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  453.922274][   T48] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  453.976218][   T48] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  454.796870][   T48] hsr_slave_0: left promiscuous mode
[  454.803109][   T48] hsr_slave_1: left promiscuous mode
[  454.810506][   T48] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  454.818028][   T48] batman_adv: batadv0: Removing interface: batadv_slave_0
[  454.827264][   T48] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  454.839179][   T48] batman_adv: batadv0: Removing interface: batadv_slave_1
[  454.847837][   T48] bridge_slave_1: left allmulticast mode
[  454.853508][   T48] bridge_slave_1: left promiscuous mode
[  454.860027][   T48] bridge0: port 2(bridge_slave_1) entered disabled state
[  454.869691][   T48] bridge_slave_0: left allmulticast mode
[  454.875360][   T48] bridge_slave_0: left promiscuous mode
[  454.882012][   T48] bridge0: port 1(bridge_slave_0) entered disabled state
[  454.895185][   T48] veth1_macvtap: left promiscuous mode
[  454.901292][   T48] veth0_macvtap: left promiscuous mode
[  454.907074][   T48] veth1_vlan: left promiscuous mode
[  454.913181][   T48] veth0_vlan: left promiscuous mode
[  455.071831][   T48] team0 (unregistering): Port device team_slave_1 removed
[  455.083971][   T48] team0 (unregistering): Port device team_slave_0 removed
[  455.098855][   T48] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  455.116860][   T48] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  455.175796][   T48] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.0.97' (ED25519) to the list of known hosts.
[  457.491216][ T5049] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  457.499129][ T5049] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  457.506456][ T5049] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  457.514529][ T5049] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  457.522336][ T5049] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  457.529660][ T5049] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  459.068392][   T48] ==================================================================
[  459.076494][   T48] BUG: KASAN: use-after-free in hci_cmd_sync_queue+0x31/0xa0
[  459.084020][   T48] Read of size 8 at addr ffff88806a2f00a8 by task kworker/u4:3/48
[  459.091822][   T48] 
[  459.094152][   T48] CPU: 0 PID: 48 Comm: kworker/u4:3 Not tainted 6.5.0-rc6-next-20230818-syzkaller-dirty #0
[  459.104137][   T48] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[  459.114201][   T48] Workqueue: events_unbound hci_conn_timeout
[  459.120257][   T48] Call Trace:
[  459.123558][   T48]  <TASK>
[  459.126494][   T48]  dump_stack_lvl+0xd9/0x1b0
[  459.131238][   T48]  print_report+0xc4/0x620
[  459.135794][   T48]  ? __virt_addr_valid+0x5e/0x2d0
[  459.140833][   T48]  ? __phys_addr+0xc6/0x140
[  459.145339][   T48]  kasan_report+0xda/0x110
[  459.149759][   T48]  ? hci_cmd_sync_queue+0x31/0xa0
[  459.154797][   T48]  ? hci_cmd_sync_queue+0x31/0xa0
[  459.159852][   T48]  ? hci_get_route+0x510/0x510
[  459.164822][   T48]  kasan_check_range+0xef/0x190
[  459.169691][   T48]  ? hci_get_route+0x510/0x510
[  459.174560][   T48]  hci_cmd_sync_queue+0x31/0xa0
[  459.179440][   T48]  hci_abort_conn+0x15b/0x330
[  459.184133][   T48]  hci_conn_timeout+0x1a9/0x210
[  459.188989][   T48]  process_one_work+0x887/0x15d0
[  459.193971][   T48]  ? lock_sync+0x190/0x190
[  459.198441][   T48]  ? init_worker_pool+0x770/0x770
[  459.203578][   T48]  ? assign_work+0x1a0/0x240
[  459.208194][   T48]  worker_thread+0x8bb/0x1290
[  459.212897][   T48]  ? process_one_work+0x15d0/0x15d0
[  459.218195][   T48]  kthread+0x33a/0x430
[  459.222270][   T48]  ? kthread_complete_and_exit+0x40/0x40
[  459.227904][   T48]  ret_from_fork+0x45/0x80
[  459.232348][   T48]  ? kthread_complete_and_exit+0x40/0x40
[  459.237990][   T48]  ret_from_fork_asm+0x11/0x20
[  459.242961][   T48]  </TASK>
[  459.246502][   T48] 
[  459.248819][   T48] The buggy address belongs to the physical page:
[  459.255650][   T48] page:ffffea0001a8bc00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6a2f0
[  459.265909][   T48] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  459.273447][   T48] page_type: 0xffffffff()
[  459.277777][   T48] raw: 00fff00000000000 ffffea0001957c08 ffffea0001a25708 0000000000000000
[  459.286363][   T48] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  459.294937][   T48] page dumped because: kasan: bad access detected
[  459.301364][   T48] page_owner tracks the page as freed
[  459.306721][   T48] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x5c2cc0(GFP_USER|__GFP_NOWARN|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_ACCOUNT), pid 4708, tgid 4708 (dhcpcd), ts 454062019777, free_ts 454066820991
[  459.327123][   T48]  post_alloc_hook+0x2cf/0x340
[  459.331906][   T48]  get_page_from_freelist+0x10d7/0x31b0
[  459.337444][   T48]  __alloc_pages+0x1d0/0x4a0
[  459.342030][   T48]  __kmalloc_large_node+0x87/0x1c0
[  459.347233][   T48]  __kmalloc_node_track_caller.cold+0x5/0xdd
[  459.353235][   T48]  kmalloc_reserve+0xef/0x270
[  459.357999][   T48]  __alloc_skb+0x12b/0x330
[  459.362411][   T48]  alloc_skb_with_frags+0xe4/0x710
[  459.367547][   T48]  sock_alloc_send_pskb+0x7c8/0x950
[  459.372841][   T48]  unix_dgram_sendmsg+0x455/0x1c30
[  459.378043][   T48]  sock_sendmsg+0xd9/0x180
[  459.382494][   T48]  sock_write_iter+0x29b/0x3d0
[  459.387263][   T48]  do_iter_readv_writev+0x21e/0x3c0
[  459.392486][   T48]  do_iter_write+0x17f/0x830
[  459.397072][   T48]  vfs_writev+0x221/0x700
[  459.401419][   T48]  do_writev+0x285/0x370
[  459.405680][   T48] page last free stack trace:
[  459.410428][   T48]  free_unref_page_prepare+0x476/0xa40
[  459.415902][   T48]  free_unref_page+0x33/0x3b0
[  459.420595][   T48]  skb_free_head+0x110/0x1b0
[  459.425188][   T48]  skb_release_data+0x5ba/0x870
[  459.430129][   T48]  consume_skb+0xd2/0x170
[  459.434462][   T48]  __unix_dgram_recvmsg+0x814/0xe50
[  459.439676][   T48]  unix_dgram_recvmsg+0xc3/0xf0
[  459.444938][   T48]  sock_recvmsg+0xe2/0x170
[  459.449364][   T48]  sock_read_iter+0x2c3/0x3c0
[  459.454146][   T48]  do_iter_readv_writev+0x2f2/0x3c0
[  459.459439][   T48]  do_iter_read+0x315/0x870
[  459.463938][   T48]  vfs_readv+0x12d/0x1a0
[  459.468177][   T48]  do_readv+0x285/0x370
[  459.472335][   T48]  do_syscall_64+0x38/0xb0
[  459.476863][   T48]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  459.482800][   T48] 
[  459.485113][   T48] Memory state around the buggy address:
[  459.490730][   T48]  ffff88806a2eff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  459.498783][   T48]  ffff88806a2f0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  459.507034][   T48] >ffff88806a2f0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  459.515179][   T48]                                   ^
[  459.520547][   T48]  ffff88806a2f0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  459.528611][   T48]  ffff88806a2f0180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  459.536663][   T48] ==================================================================
[  459.557578][ T7447] Bluetooth: hci0: command 0x0409 tx timeout
[  459.563707][   T48] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  459.570912][   T48] CPU: 0 PID: 48 Comm: kworker/u4:3 Not tainted 6.5.0-rc6-next-20230818-syzkaller-dirty #0
[  459.580910][   T48] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[  459.590993][   T48] Workqueue: events_unbound hci_conn_timeout
[  459.597011][   T48] Call Trace:
[  459.600570][   T48]  <TASK>
[  459.603512][   T48]  dump_stack_lvl+0xd9/0x1b0
[  459.608130][   T48]  panic+0x6a6/0x750
[  459.612052][   T48]  ? panic_smp_self_stop+0xa0/0xa0
[  459.617197][   T48]  ? preempt_schedule_thunk+0x1a/0x30
[  459.622605][   T48]  ? preempt_schedule_common+0x45/0xc0
[  459.628266][   T48]  check_panic_on_warn+0xab/0xb0
[  459.633324][   T48]  end_report+0x108/0x150
[  459.637691][   T48]  kasan_report+0xea/0x110
[  459.642130][   T48]  ? hci_cmd_sync_queue+0x31/0xa0
[  459.647175][   T48]  ? hci_cmd_sync_queue+0x31/0xa0
[  459.652228][   T48]  ? hci_get_route+0x510/0x510
[  459.657126][   T48]  kasan_check_range+0xef/0x190
[  459.662003][   T48]  ? hci_get_route+0x510/0x510
[  459.666917][   T48]  hci_cmd_sync_queue+0x31/0xa0
[  459.671787][   T48]  hci_abort_conn+0x15b/0x330
[  459.676468][   T48]  hci_conn_timeout+0x1a9/0x210
[  459.681324][   T48]  process_one_work+0x887/0x15d0
[  459.686270][   T48]  ? lock_sync+0x190/0x190
[  459.690799][   T48]  ? init_worker_pool+0x770/0x770
[  459.695826][   T48]  ? assign_work+0x1a0/0x240
[  459.700506][   T48]  worker_thread+0x8bb/0x1290
[  459.705187][   T48]  ? process_one_work+0x15d0/0x15d0
[  459.710390][   T48]  kthread+0x33a/0x430
[  459.714575][   T48]  ? kthread_complete_and_exit+0x40/0x40
[  459.720334][   T48]  ret_from_fork+0x45/0x80
[  459.724765][   T48]  ? kthread_complete_and_exit+0x40/0x40
[  459.730419][   T48]  ret_from_fork_asm+0x11/0x20
[  459.735296][   T48]  </TASK>
[  459.738598][   T48] Kernel Offset: disabled
[  459.742916][   T48] Rebooting in 86400 seconds..