[  423.057834][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  423.116813][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  423.176167][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  423.238545][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  424.618004][   T13] hsr_slave_0: left promiscuous mode
[  424.650827][   T13] hsr_slave_1: left promiscuous mode
[  424.730441][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  424.732379][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  424.736271][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  424.738164][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  424.742077][   T13] bridge_slave_1: left allmulticast mode
[  424.743490][   T13] bridge_slave_1: left promiscuous mode
[  424.744913][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  424.781306][   T13] bridge_slave_0: left allmulticast mode
[  424.782615][   T13] bridge_slave_0: left promiscuous mode
[  424.784045][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  424.910662][   T13] veth1_macvtap: left promiscuous mode
[  424.912255][   T13] veth0_macvtap: left promiscuous mode
[  424.913765][   T13] veth1_vlan: left promiscuous mode
[  424.915075][   T13] veth0_vlan: left promiscuous mode
[  425.048856][   T13] team0 (unregistering): Port device team_slave_1 removed
[  425.059110][   T13] team0 (unregistering): Port device team_slave_0 removed
[  425.066532][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  425.095025][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  425.216213][   T13] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.1.17' (ED25519) to the list of known hosts.
[  426.911477][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  426.914175][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  426.916417][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  426.919108][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  426.921696][   T51] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  426.923733][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  426.973254][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  426.975137][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  426.988009][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  426.989988][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  427.005393][ T8221] hd: 00000000515eb3ca, hcd: 00000000a9f87624
[  427.056602][ T8222] hd: 00000000515eb3ca, hcd: 000000003d55da66
[  427.460838][ T8224] hd: 00000000515eb3ca, hcd: 000000006293ec3e
[  427.462487][ T8226] hd: 00000000515eb3ca, hcd: 000000002cfa3994
[  427.700557][ T8230] hd: 00000000515eb3ca, hcd: 000000009eb03711
[  427.702500][ T8231] hd: 00000000515eb3ca, hcd: 00000000a2c9d0e4
[  427.941546][ T8233] hd: 00000000515eb3ca, hcd: 00000000102a7085
[  428.020535][ T8234] hd: 00000000515eb3ca, hcd: 000000006a0cfc08
[  428.180482][ T8236] hd: 00000000515eb3ca, hcd: 00000000c1ea1155
[  428.182298][ T8237] hd: 00000000515eb3ca, hcd: 000000002db4b121
[  428.246729][   T51] ==================================================================
[  428.248779][   T51] BUG: KASAN: slab-use-after-free in __lock_acquire+0x114/0x75e8
[  428.250915][   T51] Read of size 8 at addr ffff0000ce5ce0b0 by task kworker/u5:0/51
[  428.252822][   T51] 
[  428.253436][   T51] CPU: 1 PID: 51 Comm: kworker/u5:0 Not tainted 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c-dirty #0
[  428.256107][   T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[  428.258773][   T51] Workqueue: hci1 hci_cmd_sync_work
[  428.260148][   T51] Call trace:
[  428.260983][   T51]  dump_backtrace+0x1b8/0x1e4
[  428.262209][   T51]  show_stack+0x2c/0x44
[  428.263275][   T51]  dump_stack_lvl+0xd0/0x124
[  428.264464][   T51]  print_report+0x174/0x514
[  428.265590][   T51]  kasan_report+0xd8/0x138
[  428.266683][   T51]  __asan_report_load8_noabort+0x20/0x2c
[  428.268078][   T51]  __lock_acquire+0x114/0x75e8
[  428.269312][   T51]  lock_acquire+0x23c/0x71c
[  428.270490][   T51]  _raw_spin_lock_bh+0x48/0x60
[  428.271706][   T51]  __lock_sock+0x170/0x2d4
[  428.272766][   T51]  lock_sock_nested+0xa4/0x11c
[  428.273992][   T51]  sco_connect_cfm+0x140/0x948
[  428.275167][   T51]  hci_conn_failed+0x17c/0x2c0
[  428.276401][   T51]  hci_abort_conn_sync+0x688/0xe38
[  428.277648][   T51]  abort_conn_sync+0x5c/0x8c
[  428.278927][   T51]  hci_cmd_sync_work+0x1cc/0x34c
[  428.280228][   T51]  process_one_work+0x694/0x1204
[  428.281517][   T51]  worker_thread+0x938/0xef4
[  428.282635][   T51]  kthread+0x288/0x310
[  428.283673][   T51]  ret_from_fork+0x10/0x20
[  428.284872][   T51] 
[  428.285440][   T51] Allocated by task 8236:
[  428.286504][   T51]  kasan_set_track+0x4c/0x7c
[  428.287641][   T51]  kasan_save_alloc_info+0x24/0x30
[  428.288959][   T51]  __kasan_kmalloc+0xac/0xc4
[  428.290183][   T51]  __kmalloc+0xcc/0x1b8
[  428.291251][   T51]  sk_prot_alloc+0xc4/0x1f0
[  428.292432][   T51]  sk_alloc+0x44/0x3f4
[  428.293496][   T51]  bt_sock_alloc+0x4c/0x32c
[  428.294663][   T51]  sco_sock_create+0xbc/0x31c
[  428.295883][   T51]  bt_sock_create+0x14c/0x248
[  428.297059][   T51]  __sock_create+0x43c/0x884
[  428.298183][   T51]  __sys_socket+0x134/0x340
[  428.299484][   T51]  __arm64_sys_socket+0x7c/0x94
[  428.300721][   T51]  invoke_syscall+0x98/0x2b8
[  428.301956][   T51]  el0_svc_common+0x130/0x23c
[  428.303096][   T51]  do_el0_svc+0x48/0x58
[  428.304133][   T51]  el0_svc+0x54/0x158
[  428.305113][   T51]  el0t_64_sync_handler+0x84/0xfc
[  428.306375][   T51]  el0t_64_sync+0x190/0x194
[  428.307499][   T51] 
[  428.308080][   T51] Freed by task 8236:
[  428.309119][   T51]  kasan_set_track+0x4c/0x7c
[  428.310361][   T51]  kasan_save_free_info+0x38/0x5c
[  428.311667][   T51]  ____kasan_slab_free+0x144/0x1c0
[  428.312976][   T51]  __kasan_slab_free+0x18/0x28
[  428.314187][   T51]  __kmem_cache_free+0x2ac/0x480
[  428.315497][   T51]  kfree+0xb8/0x19c
[  428.316501][   T51]  __sk_destruct+0x4c0/0x770
[  428.317641][   T51]  __sk_free+0x37c/0x4e8
[  428.318716][   T51]  sk_free+0x60/0xc8
[  428.319725][   T51]  sco_sock_kill+0xfc/0x1b4
[  428.320918][   T51]  sco_sock_release+0x1fc/0x2c0
[  428.322192][   T51]  sock_close+0xa4/0x1e8
[  428.323336][   T51]  __fput+0x324/0x7f8
[  428.324329][   T51]  ____fput+0x20/0x30
[  428.325338][   T51]  task_work_run+0x230/0x2e0
[  428.326489][   T51]  get_signal+0x13f4/0x15ec
[  428.327633][   T51]  do_notify_resume+0x3bc/0x393c
[  428.328908][   T51]  el0_svc+0x9c/0x158
[  428.329971][   T51]  el0t_64_sync_handler+0x84/0xfc
[  428.331378][   T51]  el0t_64_sync+0x190/0x194
[  428.332592][   T51] 
[  428.333146][   T51] The buggy address belongs to the object at ffff0000ce5ce000
[  428.333146][   T51]  which belongs to the cache kmalloc-2k of size 2048
[  428.336688][   T51] The buggy address is located 176 bytes inside of
[  428.336688][   T51]  freed 2048-byte region [ffff0000ce5ce000, ffff0000ce5ce800)
[  428.340189][   T51] 
[  428.340785][   T51] The buggy address belongs to the physical page:
[  428.342447][   T51] page:00000000b6dddcc6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10e5c8
[  428.345086][   T51] head:00000000b6dddcc6 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  428.347485][   T51] flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[  428.349524][   T51] page_type: 0xffffffff()
[  428.350627][   T51] raw: 05ffc00000000840 ffff0000c0002000 dead000000000122 0000000000000000
[  428.352798][   T51] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[  428.355026][   T51] page dumped because: kasan: bad access detected
[  428.356566][   T51] 
[  428.357142][   T51] Memory state around the buggy address:
[  428.358616][   T51]  ffff0000ce5cdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  428.360773][   T51]  ffff0000ce5ce000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  428.362791][   T51] >ffff0000ce5ce080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  428.364861][   T51]                                      ^
[  428.366341][   T51]  ffff0000ce5ce100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  428.368442][   T51]  ffff0000ce5ce180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  428.370376][   T51] ==================================================================
[  428.372434][   T51] Disabling lock debugging due to kernel taint
[  428.670554][ T8239] hd: 00000000515eb3ca, hcd: 0000000099cab503
[  428.672309][ T8240] hd: 00000000515eb3ca, hcd: 000000009fe970f1
[  428.950551][ T8242] hd: 00000000515eb3ca, hcd: 0000000072dfb474
[  428.952393][ T8243] hd: 00000000515eb3ca, hcd: 0000000011ac2379
[  428.980328][   T51] Bluetooth: hci1: command 0x0409 tx timeout
[  429.220479][ T8245] hd: 00000000515eb3ca, hcd: 00000000bbe1fbc9
[  429.222081][ T8246] hd: 00000000515eb3ca, hcd: 0000000097d30653
[  429.480432][ T8248] hd: 00000000515eb3ca, hcd: 000000003892b601
[  429.560457][ T8249] hd: 00000000515eb3ca, hcd: 00000000ab74690c
[  429.720435][ T8251] hd: 00000000515eb3ca, hcd: 00000000b4e12567
[  429.722712][ T8252] hd: 00000000515eb3ca, hcd: 0000000046f8e2b5
[  430.040677][ T8254] hd: 00000000515eb3ca, hcd: 0000000060643c33
[  430.141023][ T8255] hd: 00000000515eb3ca, hcd: 00000000e98496a7
[  430.330436][ T8257] hd: 00000000515eb3ca, hcd: 000000007f5debc2
[  430.332103][ T8258] hd: 00000000515eb3ca, hcd: 00000000691ce0e0
[  430.600546][ T8260] hd: 00000000515eb3ca, hcd: 00000000e7497d03
[  430.602163][ T8261] hd: 00000000515eb3ca, hcd: 000000007e9cd6f0
[  430.840532][ T8263] hd: 00000000515eb3ca, hcd: 00000000d3ca5dcc
[  430.842223][ T8264] hd: 00000000515eb3ca, hcd: 000000005e1fb0df
[  431.070414][ T5663] Bluetooth: hci1: command 0x041b tx timeout
[  431.070677][ T8266] hd: 00000000515eb3ca, hcd: 00000000a60f7493
[  431.073798][ T8268] hd: 00000000515eb3ca, hcd: 00000000d4e8ce61
[  431.330405][ T8271] hd: 00000000515eb3ca, hcd: 00000000733baf49
[  431.331993][ T8273] hd: 00000000515eb3ca, hcd: 000000000ae41062
[  431.560425][ T8276] hd: 00000000515eb3ca, hcd: 0000000061871927
[  431.640480][ T8277] hd: 00000000515eb3ca, hcd: 000000006ea576c4
[  431.810469][ T8279] hd: 00000000515eb3ca, hcd: 000000009dc8d68c
[  431.812380][ T8280] hd: 00000000515eb3ca, hcd: 000000002881c6f9
[  432.140421][ T8283] hd: 00000000515eb3ca, hcd: 0000000077f561a4
[  432.142108][ T8284] hd: 00000000515eb3ca, hcd: 00000000c74e6427
[  432.410455][ T8286] hd: 00000000515eb3ca, hcd: 0000000040a49bac
[  432.470786][ T8287] hd: 00000000515eb3ca, hcd: 00000000d37098aa
[  432.670528][ T8292] hd: 00000000515eb3ca, hcd: 00000000f0f99eed
[  432.672165][ T8293] hd: 00000000515eb3ca, hcd: 000000001a869384
[  432.930485][ T8295] hd: 00000000515eb3ca, hcd: 00000000d48c3a07
[  432.932076][ T8296] hd: 00000000515eb3ca, hcd: 000000002bf57bad
[  433.140687][   T51] Bluetooth: hci1: command 0x040f tx timeout
[  433.140748][ T2214] ieee802154 phy0 wpan0: encryption failed: -22
[  433.143960][ T2214] ieee802154 phy1 wpan1: encryption failed: -22
[  433.190496][ T8298] hd: 00000000515eb3ca, hcd: 00000000379df590
[  433.192337][ T8299] hd: 00000000515eb3ca, hcd: 000000009767501e
[  433.450824][ T8301] hd: 00000000515eb3ca, hcd: 00000000d154b5b0
[  433.452527][ T8302] hd: 00000000515eb3ca, hcd: 000000005b3dce11
[  433.680499][ T8304] hd: 00000000515eb3ca, hcd: 00000000c58e1b61
[  433.780542][ T8305] hd: 00000000515eb3ca, hcd: 000000001229881d
[  433.930465][ T8307] hd: 00000000515eb3ca, hcd: 0000000018744fa9
[  433.932122][ T8308] hd: 00000000515eb3ca, hcd: 0000000009ac7858
[  434.280502][ T8310] hd: 00000000515eb3ca, hcd: 00000000f8db0c28
[  434.282159][ T8311] hd: 00000000515eb3ca, hcd: 0000000087515512
[  434.530585][ T8313] hd: 00000000515eb3ca, hcd: 000000001610062b
[  434.620482][ T8314] hd: 00000000515eb3ca, hcd: 000000008029c7f2
[  434.800430][ T8316] hd: 00000000515eb3ca, hcd: 00000000831b2b2a
[  434.802006][ T8317] hd: 00000000515eb3ca, hcd: 00000000b05bdbe6
[  435.080528][ T8319] hd: 00000000515eb3ca, hcd: 00000000eab7b3e0
[  435.160458][ T8320] hd: 00000000515eb3ca, hcd: 00000000a2082442
[  435.230458][ T5663] Bluetooth: hci1: command 0x0419 tx timeout
[  435.350444][ T8322] hd: 00000000515eb3ca, hcd: 000000007babaf03
[  435.352318][ T8323] hd: 00000000515eb3ca, hcd: 00000000bc111174
[  435.450518][ T8337] hd: 00000000515eb3ca, hcd: 0000000083d85fcb
[  435.452290][ T8340] hd: 00000000515eb3ca, hcd: 00000000bc111174
[  435.730375][ T8346] hd: 00000000515eb3ca, hcd: 0000000083d85fcb
[  435.732218][ T8355] hd: 00000000515eb3ca, hcd: 00000000e5772dc0
[  435.900422][ T8359] hd: 00000000515eb3ca, hcd: 000000005cc74954
[  435.902086][ T8360] hd: 00000000515eb3ca, hcd: 00000000e5772dc0
[  436.180361][ T8362] hd: 00000000515eb3ca, hcd: 000000005cc74954
[  436.182096][ T8363] hd: 00000000515eb3ca, hcd: 0000000090c8de6d
[  436.320528][ T8365] hd: 00000000515eb3ca, hcd: 0000000015490c20
[  436.322150][ T8375] hd: 00000000515eb3ca, hcd: 0000000090c8de6d
[  436.650424][ T8396] hd: 00000000515eb3ca, hcd: 0000000015490c20
[  436.652086][ T8397] hd: 00000000515eb3ca, hcd: 00000000ebe79f72
[  436.760447][ T8399] hd: 00000000515eb3ca, hcd: 000000003e8e5ae2
[  436.762003][ T8400] hd: 00000000515eb3ca, hcd: 00000000ebe79f72
[  437.080508][ T8402] hd: 00000000515eb3ca, hcd: 000000003e8e5ae2
[  437.082178][ T8403] hd: 00000000515eb3ca, hcd: 00000000c0f3be34
[  437.191367][ T8409] hd: 00000000515eb3ca, hcd: 000000009d205060
[  437.193018][ T8418] hd: 00000000515eb3ca, hcd: 00000000c0f3be34
[  437.300426][ T5663] Bluetooth: hci1: command 0x0407 tx timeout
[  437.490490][ T8445] hd: 00000000515eb3ca, hcd: 000000009d205060
[  437.493649][ T8453] hd: 00000000515eb3ca, hcd: 0000000056c9ff1f
[  437.640464][ T8455] hd: 00000000515eb3ca, hcd: 00000000ebf354f0
[  437.641957][ T8456] hd: 00000000515eb3ca, hcd: 0000000056c9ff1f
[  437.941339][ T8458] hd: 00000000515eb3ca, hcd: 00000000ebf354f0
[  437.943057][ T8461] hd: 00000000515eb3ca, hcd: 000000005402da93
[  438.090519][ T8476] hd: 00000000515eb3ca, hcd: 00000000b0d861fa
[  438.091970][ T8477] hd: 00000000515eb3ca, hcd: 000000005402da93