Warning: Permanently added '[localhost]:48048' (ED25519) to the list of known hosts.
2025/12/10 08:22:56 parsed 1 programs
[  143.130314][ T1314] ieee802154 phy0 wpan0: encryption failed: -22
[  143.133451][ T1314] ieee802154 phy1 wpan1: encryption failed: -22
[  144.480097][ T5596] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  148.130391][ T5611] chnl_net:caif_netlink_parms(): no params data found
[  148.194648][ T5611] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.198188][ T5611] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.201556][ T5611] bridge_slave_0: entered allmulticast mode
[  148.206068][ T5611] bridge_slave_0: entered promiscuous mode
[  148.210712][ T5611] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.214081][ T5611] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.217949][ T5611] bridge_slave_1: entered allmulticast mode
[  148.221888][ T5611] bridge_slave_1: entered promiscuous mode
[  148.246274][ T5611] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  148.252461][ T5611] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  148.278336][ T5611] team0: Port device team_slave_0 added
[  148.282615][ T5611] team0: Port device team_slave_1 added
[  148.302827][ T5611] batman_adv: batadv0: Adding interface: batadv_slave_0
[  148.306502][ T5611] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  148.318255][ T5611] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  148.324494][ T5611] batman_adv: batadv0: Adding interface: batadv_slave_1
[  148.328238][ T5611] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  148.339915][ T5611] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  148.371235][ T5611] hsr_slave_0: entered promiscuous mode
[  148.374675][ T5611] hsr_slave_1: entered promiscuous mode
[  148.851096][ T5611] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  148.860379][ T5611] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  148.878400][ T5611] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  148.890015][ T5611] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  148.947408][ T5611] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.950944][ T5611] bridge0: port 2(bridge_slave_1) entered forwarding state
[  148.954318][ T5611] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.958017][ T5611] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.987188][ T1038] bridge0: port 1(bridge_slave_0) entered disabled state
[  148.991059][ T1038] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.082604][ T5611] 8021q: adding VLAN 0 to HW filter on device bond0
[  149.116811][ T5611] 8021q: adding VLAN 0 to HW filter on device team0
[  149.129710][ T3395] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.133076][ T3395] bridge0: port 1(bridge_slave_0) entered forwarding state
[  149.160592][ T1038] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.164079][ T1038] bridge0: port 2(bridge_slave_1) entered forwarding state
[  149.543588][ T5611] 8021q: adding VLAN 0 to HW filter on device batadv0
[  149.614302][ T5611] veth0_vlan: entered promiscuous mode
[  149.638756][ T5611] veth1_vlan: entered promiscuous mode
[  149.681165][ T5611] veth0_macvtap: entered promiscuous mode
[  149.704818][ T5611] veth1_macvtap: entered promiscuous mode
[  149.746683][ T5611] batman_adv: batadv0: Interface activated: batadv_slave_0
[  149.753472][ T5611] batman_adv: batadv0: Interface activated: batadv_slave_1
[  149.779626][ T1038] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  149.800386][ T1038] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  149.819807][ T1038] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  149.823746][ T1038] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  150.078116][ T1038] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.158377][ T1038] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.268518][ T1038] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.377564][ T1038] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.746321][ T4684] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  150.751395][ T4684] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  150.755262][ T4684] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  150.759615][ T4684] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  150.763461][ T4684] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  152.096406][ T1038] bridge_slave_1: left allmulticast mode
[  152.099055][ T1038] bridge_slave_1: left promiscuous mode
[  152.135848][ T1038] bridge0: port 2(bridge_slave_1) entered disabled state
[  152.147401][ T1038] bridge_slave_0: left allmulticast mode
[  152.150152][ T1038] bridge_slave_0: left promiscuous mode
[  152.152900][ T1038] bridge0: port 1(bridge_slave_0) entered disabled state
[  152.785698][ T1038] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  152.791422][ T1038] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  152.796659][ T1038] bond0 (unregistering): Released all slaves
[  152.978545][ T1038] hsr_slave_0: left promiscuous mode
[  152.991219][ T1038] hsr_slave_1: left promiscuous mode
[  153.015832][ T1038] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  153.019345][ T1038] batman_adv: batadv0: Removing interface: batadv_slave_0
[  153.023255][ T1038] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  153.037703][ T1038] batman_adv: batadv0: Removing interface: batadv_slave_1
[  153.071623][ T1038] veth1_macvtap: left promiscuous mode
[  153.074177][ T1038] veth0_macvtap: left promiscuous mode
[  153.096690][ T1038] veth1_vlan: left promiscuous mode
[  153.099210][ T1038] veth0_vlan: left promiscuous mode
[  153.968250][ T1038] team0 (unregistering): Port device team_slave_1 removed
[  153.996565][ T1038] team0 (unregistering): Port device team_slave_0 removed
[  157.728560][ T1045] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  157.732086][ T1045] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  157.816842][ T1038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  157.821932][ T1038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2025/12/10 08:23:17 executed programs: 0
[  158.643108][   T46] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  158.649695][   T46] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  158.653462][   T46] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  158.666056][   T46] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  158.669731][   T46] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  158.869167][ T5785] chnl_net:caif_netlink_parms(): no params data found
[  158.933423][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.937542][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.940808][ T5785] bridge_slave_0: entered allmulticast mode
[  158.944804][ T5785] bridge_slave_0: entered promiscuous mode
[  158.950179][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.953512][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.958537][ T5785] bridge_slave_1: entered allmulticast mode
[  158.963050][ T5785] bridge_slave_1: entered promiscuous mode
[  158.988137][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  158.995068][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  159.036473][ T5785] team0: Port device team_slave_0 added
[  159.047782][ T5785] team0: Port device team_slave_1 added
[  159.069907][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0
[  159.073086][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  159.084818][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  159.091236][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1
[  159.094347][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  159.106374][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  159.142587][ T5785] hsr_slave_0: entered promiscuous mode
[  159.147025][ T5785] hsr_slave_1: entered promiscuous mode
[  159.620403][ T5785] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  159.638775][ T5785] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  159.648889][ T5785] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  159.667877][ T5785] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  159.716617][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state
[  159.719846][ T5785] bridge0: port 2(bridge_slave_1) entered forwarding state
[  159.723333][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state
[  159.726692][ T5785] bridge0: port 1(bridge_slave_0) entered forwarding state
[  159.772650][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  159.786914][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  159.875936][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0
[  159.901310][ T5785] 8021q: adding VLAN 0 to HW filter on device team0
[  159.934324][ T1038] bridge0: port 1(bridge_slave_0) entered blocking state
[  159.937718][ T1038] bridge0: port 1(bridge_slave_0) entered forwarding state
[  159.950897][ T1038] bridge0: port 2(bridge_slave_1) entered blocking state
[  159.954136][ T1038] bridge0: port 2(bridge_slave_1) entered forwarding state
[  160.299344][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0
[  160.373728][ T5785] veth0_vlan: entered promiscuous mode
[  160.391723][ T5785] veth1_vlan: entered promiscuous mode
[  160.456509][ T5785] veth0_macvtap: entered promiscuous mode
[  160.462282][ T5785] veth1_macvtap: entered promiscuous mode
[  160.491594][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0
[  160.516673][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1
[  160.536404][ T1045] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  160.547098][ T1045] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  160.551101][ T1045] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  160.554985][ T1045] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  160.679662][ T1045] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  160.683239][ T1045] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  160.726081][   T46] Bluetooth: hci0: command tx timeout
[  160.758874][ T1045] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  160.764198][ T1045] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  162.811620][   T46] Bluetooth: hci0: command tx timeout
[  163.018115][ T5125] hid-generic 0005:000D:2F19.0002: unknown main item tag 0x2
[  163.021624][ T5125] hid-generic 0005:000D:2F19.0002: unknown main item tag 0x0
[  163.024941][ T5125] hid-generic 0005:000D:2F19.0002: unknown main item tag 0x0
[  163.049219][ T5125] hid-generic 0005:000D:2F19.0002: unknown main item tag 0x0
[  163.052541][ T5125] hid-generic 0005:000D:2F19.0002: unknown main item tag 0x0
[  163.067276][ T5125] hid-generic 0005:000D:2F19.0002: unknown main item tag 0x0
[  163.075090][ T5125] hid-generic 0005:000D:2F19.0002: unknown main item tag 0x0
[  163.082095][ T5125] hid-generic 0005:000D:2F19.0002: unknown main item tag 0x0
[  163.091247][ T5125] hid-generic 0005:000D:2F19.0002: unknown main item tag 0x0
[  163.098031][ T5125] hid-generic 0005:000D:2F19.0002: unknown main item tag 0x0
[  163.736505][ T5125] hid-generic 0005:000D:2F19.0002: hidraw1: BLUETOOTH HID vb5.14 Device [syz0] on aa:aa:aa:aa:aa:aa
2025/12/10 08:23:22 executed programs: 30
[  163.874871][ T5909] fido_id[5909]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory
[  164.888249][   T46] Bluetooth: hci0: command tx timeout
[  166.238538][ T5125] hid-generic 0005:000D:2F19.0003: hidraw1: BLUETOOTH HID vb5.14 Device [syz0] on aa:aa:aa:aa:aa:aa
[  166.332728][ T5988] fido_id[5988]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory
[  166.965718][   T46] Bluetooth: hci0: command tx timeout
[  168.035022][ T1381] hid_parser_main: 135904 callbacks suppressed
[  168.035096][ T1381] hid-generic 0005:000D:2F19.0004: unknown main item tag 0x0
[  168.042320][ T1381] hid-generic 0005:000D:2F19.0004: unknown main item tag 0x0
[  168.050559][ T1381] hid-generic 0005:000D:2F19.0004: unknown main item tag 0x0
[  168.054331][ T1381] hid-generic 0005:000D:2F19.0004: unknown main item tag 0x0
[  168.080275][ T1381] hid-generic 0005:000D:2F19.0004: unknown main item tag 0x0
[  168.083978][ T1381] hid-generic 0005:000D:2F19.0004: unknown main item tag 0x0
[  168.098714][ T1381] hid-generic 0005:000D:2F19.0004: unknown main item tag 0x0
[  168.102206][ T1381] hid-generic 0005:000D:2F19.0004: unknown main item tag 0x0
[  168.129958][ T1381] hid-generic 0005:000D:2F19.0004: unknown main item tag 0x0
[  168.133474][ T1381] hid-generic 0005:000D:2F19.0004: unknown main item tag 0x0
[  168.766595][ T1381] hid-generic 0005:000D:2F19.0004: hidraw1: BLUETOOTH HID vb5.14 Device [syz0] on aa:aa:aa:aa:aa:aa
2025/12/10 08:23:27 executed programs: 108
[  168.878596][ T6071] fido_id[6071]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory
[  170.936293][ T1381] hid-generic 0005:000D:2F19.0005: hidraw1: BLUETOOTH HID vb5.14 Device [syz0] on aa:aa:aa:aa:aa:aa
[  171.043584][ T6195] fido_id[6195]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory
[  172.963173][ T1381] hid-generic 0005:000D:2F19.0006: hidraw1: BLUETOOTH HID vb5.14 Device [syz0] on aa:aa:aa:aa:aa:aa
[  173.069542][ T6319] fido_id[6319]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory
2025/12/10 08:23:32 executed programs: 256
[  173.983649][ T1381] hid_parser_main: 190006 callbacks suppressed
[  173.983666][ T1381] hid-generic 0005:000D:2F19.0007: unknown main item tag 0x2
[  173.994773][ T1381] hid-generic 0005:000D:2F19.0007: unknown main item tag 0x0
[  174.004266][ T1381] hid-generic 0005:000D:2F19.0007: unknown main item tag 0x0
[  174.015229][ T1381] hid-generic 0005:000D:2F19.0007: unknown main item tag 0x0
[  174.019689][ T1381] hid-generic 0005:000D:2F19.0007: unknown main item tag 0x0
[  174.022928][ T1381] hid-generic 0005:000D:2F19.0007: unknown main item tag 0x0
[  174.036227][ T1381] hid-generic 0005:000D:2F19.0007: unknown main item tag 0x0
[  174.039596][ T1381] hid-generic 0005:000D:2F19.0007: unknown main item tag 0x0
[  174.051935][ T1381] hid-generic 0005:000D:2F19.0007: unknown main item tag 0x0
[  174.058959][ T1381] hid-generic 0005:000D:2F19.0007: unknown main item tag 0x0
[  175.086455][ T1381] hid-generic 0005:000D:2F19.0007: hidraw1: BLUETOOTH HID vb5.14 Device [syz0] on aa:aa:aa:aa:aa:aa
[  175.214006][ T6451] fido_id[6451]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory
[  177.166785][ T1381] hid-generic 0005:000D:2F19.0008: hidraw1: BLUETOOTH HID vb5.14 Device [syz0] on aa:aa:aa:aa:aa:aa
[  177.284979][ T6577] fido_id[6577]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory
2025/12/10 08:23:37 executed programs: 407
[  178.994376][ T1381] hid_parser_main: 180864 callbacks suppressed
[  178.994407][ T1381] hid-generic 0005:000D:2F19.0009: unknown main item tag 0x0
[  179.006442][ T1381] hid-generic 0005:000D:2F19.0009: unknown main item tag 0x0
[  179.009902][ T1381] hid-generic 0005:000D:2F19.0009: unknown main item tag 0x0
[  179.013209][ T1381] hid-generic 0005:000D:2F19.0009: unknown main item tag 0x0
[  179.027896][ T1381] hid-generic 0005:000D:2F19.0009: unknown main item tag 0x0
[  179.035909][ T1381] hid-generic 0005:000D:2F19.0009: unknown main item tag 0x0
[  179.039379][ T1381] hid-generic 0005:000D:2F19.0009: unknown main item tag 0x0
[  179.042818][ T1381] hid-generic 0005:000D:2F19.0009: unknown main item tag 0x0
[  179.062467][ T1381] hid-generic 0005:000D:2F19.0009: unknown main item tag 0x0
[  179.073531][ T1381] hid-generic 0005:000D:2F19.0009: unknown main item tag 0x0
[  179.269315][ T1381] hid-generic 0005:000D:2F19.0009: hidraw1: BLUETOOTH HID vb5.14 Device [syz0] on aa:aa:aa:aa:aa:aa
[  179.372531][ T6704] fido_id[6704]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci0/hci0:200/report_descriptor': No such file or directory
[  181.265955][ T1381] hid-generic 0005:000D:2F19.000A: hidraw1: BLUETOOTH HID vb5.14 Device [syz0] on aa:aa:aa:aa:aa:aa
[  183.328427][ T1381] hid-generic 0005:000D:2F19.000B: hidraw1: BLUETOOTH HID vb5.14 Device [syz0] on aa:aa:aa:aa:aa:aa
2025/12/10 08:23:42 executed programs: 560
[  184.401415][ T5396] hid_parser_main: 145046 callbacks suppressed
[  184.401480][ T5396] hid-generic 0005:000D:2F19.000C: unknown main item tag 0x2
[  184.414844][ T5396] hid-generic 0005:000D:2F19.000C: unknown main item tag 0x0
[  184.422431][ T5396] hid-generic 0005:000D:2F19.000C: unknown main item tag 0x0
[  184.431213][ T5396] hid-generic 0005:000D:2F19.000C: unknown main item tag 0x0
[  184.442328][ T5396] hid-generic 0005:000D:2F19.000C: unknown main item tag 0x0
[  184.449280][ T5396] hid-generic 0005:000D:2F19.000C: unknown main item tag 0x0
[  184.456504][ T5396] hid-generic 0005:000D:2F19.000C: unknown main item tag 0x0
[  184.459990][ T5396] hid-generic 0005:000D:2F19.000C: unknown main item tag 0x0
[  184.463273][ T5396] hid-generic 0005:000D:2F19.000C: unknown main item tag 0x0
[  184.479385][ T5396] hid-generic 0005:000D:2F19.000C: unknown main item tag 0x0
[  185.241829][ T4684] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  185.248734][ T4684] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  185.252449][ T4684] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  185.257292][ T4684] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  185.260885][ T4684] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  185.484647][ T5396] hid-generic 0005:000D:2F19.000C: hidraw1: BLUETOOTH HID vb5.14 Device [syz0] on aa:aa:aa:aa:aa:aa
[  185.559848][ T6965] ==================================================================
[  185.563433][ T6965] BUG: KASAN: use-after-free in __mutex_lock+0x801/0x1350
[  185.566632][ T6965] Read of size 8 at addr ffff8880337140a8 by task khidpd_000d2f19/6965
[  185.571225][ T6965] 
[  185.572304][ T6965] CPU: 0 UID: 0 PID: 6965 Comm: khidpd_000d2f19 Not tainted syzkaller #0 PREEMPT(full) 
[  185.572318][ T6965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  185.572323][ T6965] Call Trace:
[  185.572327][ T6965]  <TASK>
[  185.572333][ T6965]  dump_stack_lvl+0x189/0x250
[  185.572349][ T6965]  ? __kasan_check_byte+0x12/0x40
[  185.572407][ T6965]  ? __pfx_dump_stack_lvl+0x10/0x10
[  185.572419][ T6965]  ? lock_release+0x4b/0x3b0
[  185.572430][ T6965]  ? __virt_addr_valid+0x4a5/0x5c0
[  185.572445][ T6965]  print_report+0xca/0x240
[  185.572456][ T6965]  ? __mutex_lock+0x801/0x1350
[  185.572470][ T6965]  kasan_report+0x118/0x150
[  185.572481][ T6965]  ? __mutex_lock+0x801/0x1350
[  185.572491][ T6965]  __mutex_lock+0x801/0x1350
[  185.572503][ T6965]  ? __mutex_lock+0x5bb/0x1350
[  185.572512][ T6965]  ? l2cap_unregister_user+0x6a/0x1b0
[  185.572549][ T6965]  ? __pfx___mutex_lock+0x10/0x10
[  185.572563][ T6965]  ? __pfx___timer_delete_sync+0x10/0x10
[  185.572575][ T6965]  l2cap_unregister_user+0x6a/0x1b0
[  185.572589][ T6965]  hidp_session_thread+0x3a1/0x420
[  185.572602][ T6965]  ? __pfx_hidp_session_thread+0x10/0x10
[  185.572611][ T6965]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  185.572623][ T6965]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  185.572635][ T6965]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  185.572645][ T6965]  ? __kthread_parkme+0x7b/0x200
[  185.572656][ T6965]  ? __kthread_parkme+0x1a1/0x200
[  185.572668][ T6965]  kthread+0x711/0x8a0
[  185.572681][ T6965]  ? __pfx_hidp_session_thread+0x10/0x10
[  185.572691][ T6965]  ? __pfx_kthread+0x10/0x10
[  185.572703][ T6965]  ? _raw_spin_unlock_irq+0x23/0x50
[  185.572714][ T6965]  ? lockdep_hardirqs_on+0x98/0x140
[  185.572728][ T6965]  ? __pfx_kthread+0x10/0x10
[  185.572740][ T6965]  ret_from_fork+0x599/0xb30
[  185.572757][ T6965]  ? __pfx_ret_from_fork+0x10/0x10
[  185.572770][ T6965]  ? __pfx_kthread+0x10/0x10
[  185.572782][ T6965]  ret_from_fork_asm+0x1a/0x30
[  185.572798][ T6965]  </TASK>
[  185.572802][ T6965] 
[  185.660479][ T6965] The buggy address belongs to the physical page:
[  185.664319][ T6965] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888033715a00 pfn:0x33714
[  185.669113][ T6965] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[  185.673097][ T6965] raw: 04fff00000000000 ffffea00010a4508 ffff88801fc40d80 0000000000000000
[  185.677141][ T6965] raw: ffff888033715a00 0000000000000000 00000000ffffffff 0000000000000000
[  185.681449][ T6965] page dumped because: kasan: bad access detected
[  185.684300][ T6965] page_owner tracks the page as freed
[  185.686683][ T6965] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 5785, tgid 5785 (syz-executor), ts 158630812401, free_ts 185559698757
[  185.694606][ T6965]  post_alloc_hook+0x234/0x290
[  185.696798][ T6965]  get_page_from_freelist+0x2365/0x2440
[  185.699338][ T6965]  __alloc_frozen_pages_noprof+0x181/0x370
[  185.701773][ T6965]  alloc_pages_mpol+0x232/0x4a0
[  185.704116][ T6965]  ___kmalloc_large_node+0x4e/0x150
[  185.706509][ T6965]  __kmalloc_large_node_noprof+0x18/0x90
[  185.709125][ T6965]  __kmalloc_noprof+0x4c9/0x800
[  185.711383][ T6965]  hci_alloc_dev_priv+0x28/0x2060
[  185.713710][ T6965]  vhci_create_device+0x120/0x650
[  185.716109][ T6965]  vhci_write+0x3ce/0x4a0
[  185.718078][ T6965]  vfs_write+0x5c9/0xb30
[  185.720197][ T6965]  ksys_write+0x145/0x250
[  185.722514][ T6965]  do_syscall_64+0xfa/0xf80
[  185.724658][ T6965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.727356][ T6965] page last free pid 5785 tgid 5785 stack trace:
[  185.730274][ T6965]  __free_frozen_pages+0xbc8/0xd30
[  185.732678][ T6965]  bt_host_release+0x82/0x90
[  185.734819][ T6965]  device_release+0x9e/0x1d0
[  185.736945][ T6965]  kobject_put+0x228/0x570
[  185.739051][ T6965]  vhci_release+0x15a/0x1a0
[  185.741142][ T6965]  __fput+0x44c/0xa70
[  185.743012][ T6965]  task_work_run+0x1d4/0x260
[  185.745147][ T6965]  do_exit+0x6c5/0x2310
[  185.747443][ T6965]  do_group_exit+0x21c/0x2d0
[  185.749781][ T6965]  get_signal+0x1285/0x1340
[  185.751756][ T6965]  arch_do_signal_or_restart+0x9a/0x7a0
[  185.754261][ T6965]  exit_to_user_mode_loop+0x87/0x4f0
[  185.756832][ T6965]  do_syscall_64+0x2e3/0xf80
[  185.759014][ T6965]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  185.761744][ T6965] 
[  185.762984][ T6965] Memory state around the buggy address:
[  185.765490][ T6965]  ffff888033713f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  185.769132][ T6965]  ffff888033714000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  185.772394][ T6965] >ffff888033714080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  185.775880][ T6965]                                   ^
[  185.778322][ T6965]  ffff888033714100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  185.782045][ T6965]  ffff888033714180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  185.785706][ T6965] ==================================================================
[  185.789590][    C0] 
[  185.790751][    C0] =========================
[  185.792764][    C0] WARNING: held lock freed!
[  185.794803][    C0] syzkaller #0 Not tainted
[  185.796779][    C0] -------------------------
[  185.798825][    C0] khidpd_000d2f19/6965 is freeing memory ffff888033714000-ffff8880337142bf, with a lock still held there!
[  185.803768][    C0] ffff8880337140c0 (&hdev->lock){+.+.}-{4:4}, at: l2cap_unregister_user+0x6a/0x1b0
[  185.807818][    C0] 1 lock held by khidpd_000d2f19/6965:
[  185.810318][    C0]  #0: ffff8880337140c0 (&hdev->lock){+.+.}-{4:4}, at: l2cap_unregister_user+0x6a/0x1b0
[  185.814722][    C0] 
[  185.814722][    C0] stack backtrace:
[  185.817405][    C0] CPU: 0 UID: 0 PID: 6965 Comm: khidpd_000d2f19 Not tainted syzkaller #0 PREEMPT(full) 
[  185.817420][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  185.817427][    C0] Call Trace:
[  185.817435][    C0]  <IRQ>
[  185.817441][    C0]  dump_stack_lvl+0x189/0x250
[  185.817459][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  185.817471][    C0]  ? __pfx__printk+0x10/0x10
[  185.817483][    C0]  ? mac80211_hwsim_tx_frame_no_nl+0xf4a/0x11c0
[  185.817495][    C0]  ? print_lock_name+0xde/0x100
[  185.817507][    C0]  debug_check_no_locks_freed+0x18b/0x1c0
[  185.817526][    C0]  kmem_cache_free+0xfd/0x620
[  185.817541][    C0]  ? skb_release_data+0x62d/0x7c0
[  185.817555][    C0]  skb_release_data+0x62d/0x7c0
[  185.817569][    C0]  consume_skb+0x9e/0xf0
[  185.817582][    C0]  mac80211_hwsim_beacon_tx+0x3e8/0x870
[  185.817595][    C0]  ? lock_acquire+0x84/0x340
[  185.817605][    C0]  __iterate_interfaces+0x2ab/0x590
[  185.817619][    C0]  ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10
[  185.817629][    C0]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  185.817642][    C0]  ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10
[  185.817652][    C0]  ieee80211_iterate_active_interfaces_atomic+0xdb/0x180
[  185.817667][    C0]  mac80211_hwsim_beacon+0xbb/0x180
[  185.817682][    C0]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  185.817695][    C0]  __hrtimer_run_queues+0x51c/0xc30
[  185.817709][    C0]  ? ktime_get_update_offsets_now+0x67/0x3d0
[  185.817723][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  185.817736][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  185.817750][    C0]  handle_softirqs+0x27d/0x850
[  185.817762][    C0]  ? __irq_exit_rcu+0xca/0x1f0
[  185.817772][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  185.817783][    C0]  ? irqtime_account_irq+0x18/0x1c0
[  185.817797][    C0]  __irq_exit_rcu+0xca/0x1f0
[  185.817808][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[  185.817820][    C0]  irq_exit_rcu+0x9/0x30
[  185.817829][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  185.817844][    C0]  </IRQ>
[  185.817847][    C0]  <TASK>
[  185.817851][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  185.817863][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110
[  185.817877][    C0] Code: 74 05 e8 1b f9 69 f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 93 6d 31 f6 65 8b 05 4c 71 3f 07 85 c0 74 40 48 c7 04 24 0e 36
[  185.817886][    C0] RSP: 0018:ffffc90009dbf8c0 EFLAGS: 00000206
[  185.817897][    C0] RAX: d43ed3f97a844e00 RBX: 0000000000000a06 RCX: d43ed3f97a844e00
[  185.817905][    C0] RDX: 0000000000000006 RSI: ffffffff8d996402 RDI: 0000000000000001
[  185.817912][    C0] RBP: ffffc90009dbf950 R08: ffffffff8fa21977 R09: 1ffffffff1f4432e
[  185.817919][    C0] R10: dffffc0000000000 R11: fffffbfff1f4432f R12: dffffc0000000000
[  185.817926][    C0] R13: ffffc90009dbf988 R14: ffffffff8e26a120 R15: 1ffff920013b7f18
[  185.817939][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  185.817948][    C0]  ? print_memory_metadata+0x314/0x400
[  185.817956][    C0]  ? __mutex_lock+0x801/0x1350
[  185.817964][    C0]  end_report+0x56/0x140
[  185.817971][    C0]  kasan_report+0x129/0x150
[  185.817978][    C0]  ? __mutex_lock+0x801/0x1350
[  185.817992][    C0]  __mutex_lock+0x801/0x1350
[  185.818005][    C0]  ? __mutex_lock+0x5bb/0x1350
[  185.818019][    C0]  ? l2cap_unregister_user+0x6a/0x1b0
[  185.818033][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  185.818048][    C0]  ? __pfx___timer_delete_sync+0x10/0x10
[  185.818059][    C0]  l2cap_unregister_user+0x6a/0x1b0
[  185.818073][    C0]  hidp_session_thread+0x3a1/0x420
[  185.818084][    C0]  ? __pfx_hidp_session_thread+0x10/0x10
[  185.818094][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  185.818106][    C0]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  185.818117][    C0]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  185.818128][    C0]  ? __kthread_parkme+0x7b/0x200
[  185.818138][    C0]  ? __kthread_parkme+0x1a1/0x200
[  185.818146][    C0]  kthread+0x711/0x8a0
[  185.818153][    C0]  ? __pfx_hidp_session_thread+0x10/0x10
[  185.818159][    C0]  ? __pfx_kthread+0x10/0x10
[  185.818171][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  185.818181][    C0]  ? lockdep_hardirqs_on+0x98/0x140
[  185.818193][    C0]  ? __pfx_kthread+0x10/0x10
[  185.818205][    C0]  ret_from_fork+0x599/0xb30
[  185.818216][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  185.818228][    C0]  ? __pfx_kthread+0x10/0x10
[  185.818239][    C0]  ret_from_fork_asm+0x1a/0x30
[  185.818254][    C0]  </TASK>
[  186.011546][ T6965] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  186.014887][ T6965] CPU: 0 UID: 0 PID: 6965 Comm: khidpd_000d2f19 Not tainted syzkaller #0 PREEMPT(full) 
[  186.019180][ T6965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  186.024075][ T6965] Call Trace:
[  186.025649][ T6965]  <TASK>
[  186.027015][ T6965]  dump_stack_lvl+0x99/0x250
[  186.029165][ T6965]  ? __asan_memcpy+0x40/0x70
[  186.031343][ T6965]  ? __pfx_dump_stack_lvl+0x10/0x10
[  186.033758][ T6965]  ? __pfx__printk+0x10/0x10
[  186.035893][ T6965]  vpanic+0x237/0x6d0
[  186.037766][ T6965]  ? __pfx_vpanic+0x10/0x10
[  186.039833][ T6965]  panic+0xb9/0xc0
[  186.041554][ T6965]  ? __pfx_panic+0x10/0x10
[  186.043689][ T6965]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  186.046527][ T6965]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  186.049174][ T6965]  ? __mutex_lock+0x801/0x1350
[  186.051351][ T6965]  check_panic_on_warn+0x89/0xb0
[  186.053627][ T6965]  ? __mutex_lock+0x801/0x1350
[  186.055808][ T6965]  end_report+0x6f/0x140
[  186.057716][ T6965]  kasan_report+0x129/0x150
[  186.059762][ T6965]  ? __mutex_lock+0x801/0x1350
[  186.062044][ T6965]  __mutex_lock+0x801/0x1350
[  186.064151][ T6965]  ? __mutex_lock+0x5bb/0x1350
[  186.066354][ T6965]  ? l2cap_unregister_user+0x6a/0x1b0
[  186.068795][ T6965]  ? __pfx___mutex_lock+0x10/0x10
[  186.071159][ T6965]  ? __pfx___timer_delete_sync+0x10/0x10
[  186.073852][ T6965]  l2cap_unregister_user+0x6a/0x1b0
[  186.076355][ T6965]  hidp_session_thread+0x3a1/0x420
[  186.078861][ T6965]  ? __pfx_hidp_session_thread+0x10/0x10
[  186.081564][ T6965]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  186.084300][ T6965]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  186.087309][ T6965]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  186.090141][ T6965]  ? __kthread_parkme+0x7b/0x200
[  186.092631][ T6965]  ? __kthread_parkme+0x1a1/0x200
[  186.094935][ T6965]  kthread+0x711/0x8a0
[  186.096804][ T6965]  ? __pfx_hidp_session_thread+0x10/0x10
[  186.099328][ T6965]  ? __pfx_kthread+0x10/0x10
[  186.101467][ T6965]  ? _raw_spin_unlock_irq+0x23/0x50
[  186.103806][ T6965]  ? lockdep_hardirqs_on+0x98/0x140
[  186.106176][ T6965]  ? __pfx_kthread+0x10/0x10
[  186.108323][ T6965]  ret_from_fork+0x599/0xb30
[  186.110479][ T6965]  ? __pfx_ret_from_fork+0x10/0x10
[  186.112839][ T6965]  ? __pfx_kthread+0x10/0x10
[  186.114956][ T6965]  ret_from_fork_asm+0x1a/0x30
[  186.117169][ T6965]  </TASK>
[  186.118913][ T6965] Kernel Offset: disabled
[  186.120902][ T6965] Rebooting in 86400 seconds..