Warning: Permanently added '[localhost]:26633' (ED25519) to the list of known hosts.
2024/09/23 11:31:25 ignoring optional flag "sandboxArg"="0"
2024/09/23 11:31:26 parsed 1 programs
[ 62.149889][ T39] kauditd_printk_skb: 4 callbacks suppressed
[ 62.149908][ T39] audit: type=1400 audit(1727091087.749:141): avc: denied { unlink } for pid=5571 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 62.893949][ T5571] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 64.555088][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 64.557874][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 64.572202][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 64.574930][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 64.946784][ T5660] chnl_net:caif_netlink_parms(): no params data found
[ 64.994461][ T5660] bridge0: port 1(bridge_slave_0) entered blocking state
[ 64.996459][ T5660] bridge0: port 1(bridge_slave_0) entered disabled state
[ 64.998472][ T5660] bridge_slave_0: entered allmulticast mode
[ 65.000533][ T5660] bridge_slave_0: entered promiscuous mode
[ 65.004142][ T5660] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.006045][ T5660] bridge0: port 2(bridge_slave_1) entered disabled state
[ 65.008535][ T5660] bridge_slave_1: entered allmulticast mode
[ 65.010717][ T5660] bridge_slave_1: entered promiscuous mode
[ 65.039717][ T5660] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 65.043298][ T5660] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 65.074010][ T5660] team0: Port device team_slave_0 added
[ 65.077698][ T5660] team0: Port device team_slave_1 added
[ 65.096105][ T5660] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 65.098045][ T5660] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 65.104820][ T5660] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 65.108905][ T5660] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 65.110755][ T5660] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 65.117461][ T5660] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 65.151990][ T5660] hsr_slave_0: entered promiscuous mode
[ 65.154096][ T5660] hsr_slave_1: entered promiscuous mode
[ 65.692158][ T5660] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 65.695200][ T5660] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 65.698560][ T5660] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 65.701528][ T5660] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 65.727342][ T5660] 8021q: adding VLAN 0 to HW filter on device bond0
[ 65.736462][ T5660] 8021q: adding VLAN 0 to HW filter on device team0
[ 65.740550][ T1110] bridge0: port 1(bridge_slave_0) entered blocking state
[ 65.742470][ T1110] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 65.746653][ T69] bridge0: port 2(bridge_slave_1) entered blocking state
[ 65.748623][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 65.818951][ T5660] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 65.834252][ T5660] veth0_vlan: entered promiscuous mode
[ 65.838134][ T5660] veth1_vlan: entered promiscuous mode
[ 65.848527][ T5660] veth0_macvtap: entered promiscuous mode
[ 65.852425][ T5660] veth1_macvtap: entered promiscuous mode
[ 65.859734][ T5660] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 65.864292][ T5660] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 65.868353][ T5660] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 65.870658][ T5660] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 65.872930][ T5660] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 65.875189][ T5660] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 65.942477][ T101] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 66.008247][ T101] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 66.068607][ T101] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 66.120902][ T101] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 66.249226][ T39] audit: type=1401 audit(1727091091.849:142): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[ 66.269734][ T65] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 66.272570][ T65] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 66.275083][ T65] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 66.278305][ T65] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 66.280793][ T65] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 66.282743][ T65] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2024/09/23 11:31:32 executed programs: 0
[ 66.457103][ T65] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 66.459707][ T65] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 66.461904][ T65] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 66.469440][ T65] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 66.471859][ T65] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 66.473977][ T65] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 66.555749][ T5794] chnl_net:caif_netlink_parms(): no params data found
[ 66.605011][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state
[ 66.607714][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state
[ 66.610651][ T5794] bridge_slave_0: entered allmulticast mode
[ 66.613788][ T5794] bridge_slave_0: entered promiscuous mode
[ 66.617624][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state
[ 66.620641][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state
[ 66.623185][ T5794] bridge_slave_1: entered allmulticast mode
[ 66.625884][ T5794] bridge_slave_1: entered promiscuous mode
[ 66.659276][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 66.672628][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 66.693279][ T5794] team0: Port device team_slave_0 added
[ 66.695900][ T5794] team0: Port device team_slave_1 added
[ 66.714392][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 66.716138][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 66.722958][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 66.726617][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 66.729286][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 66.735944][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 66.760635][ T5794] hsr_slave_0: entered promiscuous mode
[ 66.762673][ T5794] hsr_slave_1: entered promiscuous mode
[ 66.764531][ T5794] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 66.766530][ T5794] Cannot create hsr debugfs directory
[ 68.498219][ T4773] Bluetooth: hci0: command tx timeout
[ 69.536903][ T101] bridge_slave_1: left allmulticast mode
[ 69.538554][ T101] bridge_slave_1: left promiscuous mode
[ 69.540133][ T101] bridge0: port 2(bridge_slave_1) entered disabled state
[ 69.543719][ T101] bridge_slave_0: left allmulticast mode
[ 69.545284][ T101] bridge_slave_0: left promiscuous mode
[ 69.547063][ T101] bridge0: port 1(bridge_slave_0) entered disabled state
[ 69.790818][ T101] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 69.794438][ T101] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 69.797911][ T101] bond0 (unregistering): Released all slaves
[ 69.921344][ T101] hsr_slave_0: left promiscuous mode
[ 69.923213][ T101] hsr_slave_1: left promiscuous mode
[ 69.925148][ T101] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 69.927172][ T101] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 69.930976][ T101] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 69.933010][ T101] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 69.943833][ T101] veth1_macvtap: left promiscuous mode
[ 69.945391][ T101] veth0_macvtap: left promiscuous mode
[ 69.946916][ T101] veth1_vlan: left promiscuous mode
[ 69.948651][ T101] veth0_vlan: left promiscuous mode
[ 70.395311][ T101] team0 (unregistering): Port device team_slave_1 removed
[ 70.443963][ T101] team0 (unregistering): Port device team_slave_0 removed
[ 70.579036][ T4773] Bluetooth: hci0: command tx timeout
[ 71.149949][ T1378] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.151811][ T1378] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.195546][ T5794] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 71.199582][ T5794] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 71.205163][ T5794] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 71.208466][ T5794] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 71.238944][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0
[ 71.246987][ T5794] 8021q: adding VLAN 0 to HW filter on device team0
[ 71.251369][ T1194] bridge0: port 1(bridge_slave_0) entered blocking state
[ 71.253331][ T1194] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 71.257730][ T45] bridge0: port 2(bridge_slave_1) entered blocking state
[ 71.259720][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 71.279998][ T5794] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 71.420408][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 71.434976][ T5794] veth0_vlan: entered promiscuous mode
[ 71.439476][ T5794] veth1_vlan: entered promiscuous mode
[ 71.454140][ T5794] veth0_macvtap: entered promiscuous mode
[ 71.458851][ T5794] veth1_macvtap: entered promiscuous mode
[ 71.466387][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 71.473691][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 71.479592][ T5794] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.482865][ T5794] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.486021][ T5794] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.491030][ T5794] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 71.553993][ T1194] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 71.558030][ T1194] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 71.585781][ T1194] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 71.587951][ T1194] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/09/23 11:31:37 executed programs: 2
[ 71.625267][ T4773] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
[ 71.628798][ T4773] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4773, name: kworker/u33:1
[ 71.633185][ T4773] preempt_count: 0, expected: 0
[ 71.634516][ T4773] RCU nest depth: 1, expected: 0
[ 71.635816][ T4773] 4 locks held by kworker/u33:1/4773:
[ 71.637254][ T4773] #0: ffff88803a985148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0
[ 71.640163][ T4773] #1: ffffc90026f1fd80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[ 71.643128][ T4773] #2: ffff888030a34078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xb30
[ 71.646208][ T4773] #3: ffffffff8e1b8140 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xb30
[ 71.649403][ T4773] CPU: 2 UID: 0 PID: 4773 Comm: kworker/u33:1 Not tainted 6.11.0-syzkaller-gde5cb0dcb74c-dirty #0
[ 71.652278][ T4773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 71.655146][ T4773] Workqueue: hci0 hci_rx_work
[ 71.656473][ T4773] Call Trace:
[ 71.657375][ T4773]
[ 71.658177][ T4773] dump_stack_lvl+0x16c/0x1f0
[ 71.659379][ T4773] __might_resched+0x3c0/0x5e0
[ 71.660601][ T4773] ? __pfx___might_resched+0x10/0x10
[ 71.661894][ T4773] ? __pfx___lock_acquire+0x10/0x10
[ 71.663347][ T4773] ? rcu_is_watching+0x12/0xc0
[ 71.665057][ T4773] __mutex_lock+0xe2/0x9c0
[ 71.666260][ T4773] ? hci_le_create_big_complete_evt+0x387/0xb30
[ 71.667846][ T4773] ? __pfx___mutex_lock+0x10/0x10
[ 71.669104][ T4773] ? __pfx_lock_acquire+0x10/0x10
[ 71.670522][ T4773] ? find_held_lock+0x2d/0x110
[ 71.671811][ T4773] ? hci_event_packet+0x438/0x1180
[ 71.673195][ T4773] ? __pfx_lock_release+0x10/0x10
[ 71.674635][ T4773] ? hci_le_create_big_complete_evt+0x387/0xb30
[ 71.676296][ T4773] hci_le_create_big_complete_evt+0x387/0xb30
[ 71.677912][ T4773] ? __mutex_unlock_slowpath+0x164/0x650
[ 71.679402][ T4773] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 71.681234][ T4773] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 71.682821][ T4773] ? skb_pull_data+0x166/0x210
[ 71.684150][ T4773] hci_le_meta_evt+0x2e2/0x5d0
[ 71.685424][ T4773] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 71.687228][ T4773] hci_event_packet+0x666/0x1180
[ 71.688568][ T4773] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 71.690047][ T4773] ? __pfx_hci_event_packet+0x10/0x10
[ 71.691467][ T4773] ? mark_held_locks+0x9f/0xe0
[ 71.692777][ T4773] ? kcov_remote_start+0x3cf/0x6e0
[ 71.694292][ T4773] ? lockdep_hardirqs_on+0x7c/0x110
[ 71.695677][ T4773] hci_rx_work+0x2c6/0x1610
[ 71.697065][ T4773] process_one_work+0x9c5/0x1ba0
[ 71.698463][ T4773] ? __pfx_lock_acquire+0x10/0x10
[ 71.699911][ T4773] ? __pfx_process_one_work+0x10/0x10
[ 71.701373][ T4773] ? assign_work+0x1a0/0x250
[ 71.702620][ T4773] worker_thread+0x6c8/0xf00
[ 71.704011][ T4773] ? __pfx_worker_thread+0x10/0x10
[ 71.705492][ T4773] kthread+0x2c1/0x3a0
[ 71.706765][ T4773] ? _raw_spin_unlock_irq+0x23/0x50
[ 71.708228][ T4773] ? __pfx_kthread+0x10/0x10
[ 71.709451][ T4773] ret_from_fork+0x45/0x80
[ 71.710643][ T4773] ? __pfx_kthread+0x10/0x10
[ 71.711873][ T4773] ret_from_fork_asm+0x1a/0x30
[ 71.713182][ T4773]
[ 71.714448][ T4773]
[ 71.715097][ T4773] =============================
[ 71.716395][ T4773] [ BUG: Invalid wait context ]
[ 71.717798][ T4773] 6.11.0-syzkaller-gde5cb0dcb74c-dirty #0 Tainted: G W
[ 71.719995][ T4773] -----------------------------
[ 71.721418][ T4773] kworker/u33:1/4773 is trying to lock:
[ 71.722852][ T4773] ffffffff90141b28 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x387/0xb30
[ 71.725713][ T4773] other info that might help us debug this:
[ 71.727240][ T4773] context-{4:4}
[ 71.728178][ T4773] 4 locks held by kworker/u33:1/4773:
[ 71.729642][ T4773] #0: ffff88803a985148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0
[ 71.732370][ T4773] #1: ffffc90026f1fd80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[ 71.735856][ T4773] #2: ffff888030a34078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xb30
[ 71.738995][ T4773] #3: ffffffff8e1b8140 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xb30
[ 71.742543][ T4773] stack backtrace:
[ 71.743595][ T4773] CPU: 2 UID: 0 PID: 4773 Comm: kworker/u33:1 Tainted: G W 6.11.0-syzkaller-gde5cb0dcb74c-dirty #0
[ 71.746743][ T4773] Tainted: [W]=WARN
[ 71.747758][ T4773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 71.750584][ T4773] Workqueue: hci0 hci_rx_work
[ 71.751760][ T4773] Call Trace:
[ 71.752624][ T4773]
[ 71.753412][ T4773] dump_stack_lvl+0x116/0x1f0
[ 71.755083][ T4773] __lock_acquire+0x13db/0x3ce0
[ 71.756340][ T4773] ? __pfx___lock_acquire+0x10/0x10
[ 71.757717][ T4773] ? irqentry_exit+0x3b/0x90
[ 71.758988][ T4773] ? lockdep_hardirqs_on+0x7c/0x110
[ 71.760445][ T4773] lock_acquire+0x1b1/0x560
[ 71.761658][ T4773] ? hci_le_create_big_complete_evt+0x387/0xb30
[ 71.763302][ T4773] ? __pfx_lock_acquire+0x10/0x10
[ 71.764701][ T4773] ? dump_stack_lvl+0x1a3/0x1f0
[ 71.766061][ T4773] ? add_taint+0x5f/0xd0
[ 71.767191][ T4773] ? __might_resched+0x3cc/0x5e0
[ 71.768519][ T4773] ? __pfx___might_resched+0x10/0x10
[ 71.769880][ T4773] ? __pfx___lock_acquire+0x10/0x10
[ 71.771162][ T4773] __mutex_lock+0x175/0x9c0
[ 71.772432][ T4773] ? hci_le_create_big_complete_evt+0x387/0xb30
[ 71.774110][ T4773] ? hci_le_create_big_complete_evt+0x387/0xb30
[ 71.775747][ T4773] ? __pfx___mutex_lock+0x10/0x10
[ 71.777107][ T4773] ? __pfx_lock_acquire+0x10/0x10
[ 71.778485][ T4773] ? find_held_lock+0x2d/0x110
[ 71.779666][ T4773] ? hci_event_packet+0x438/0x1180
[ 71.781038][ T4773] ? __pfx_lock_release+0x10/0x10
[ 71.782382][ T4773] ? hci_le_create_big_complete_evt+0x387/0xb30
[ 71.784004][ T4773] hci_le_create_big_complete_evt+0x387/0xb30
[ 71.785557][ T4773] ? __mutex_unlock_slowpath+0x164/0x650
[ 71.787039][ T4773] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 71.788625][ T4773] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 71.790145][ T4773] ? skb_pull_data+0x166/0x210
[ 71.791312][ T4773] hci_le_meta_evt+0x2e2/0x5d0
[ 71.792504][ T4773] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 71.794162][ T4773] hci_event_packet+0x666/0x1180
[ 71.795362][ T4773] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 71.796764][ T4773] ? __pfx_hci_event_packet+0x10/0x10
[ 71.798173][ T4773] ? mark_held_locks+0x9f/0xe0
[ 71.799437][ T4773] ? kcov_remote_start+0x3cf/0x6e0
[ 71.800878][ T4773] ? lockdep_hardirqs_on+0x7c/0x110
[ 71.802244][ T4773] hci_rx_work+0x2c6/0x1610
[ 71.803444][ T4773] process_one_work+0x9c5/0x1ba0
[ 71.804814][ T4773] ? __pfx_lock_acquire+0x10/0x10
[ 71.806148][ T4773] ? __pfx_process_one_work+0x10/0x10
[ 71.807561][ T4773] ? assign_work+0x1a0/0x250
[ 71.808797][ T4773] worker_thread+0x6c8/0xf00
[ 71.810032][ T4773] ? __pfx_worker_thread+0x10/0x10
[ 71.811484][ T4773] kthread+0x2c1/0x3a0
[ 71.812594][ T4773] ? _raw_spin_unlock_irq+0x23/0x50
[ 71.813993][ T4773] ? __pfx_kthread+0x10/0x10
[ 71.815192][ T4773] ret_from_fork+0x45/0x80
[ 71.816342][ T4773] ? __pfx_kthread+0x10/0x10
[ 71.817607][ T4773] ret_from_fork_asm+0x1a/0x30
[ 71.818856][ T4773]
[ 71.821203][ T4773] ==================================================================
[ 71.823322][ T4773] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0xa62/0xb30
[ 71.825740][ T4773] Read of size 8 at addr ffff888048ee4000 by task kworker/u33:1/4773
[ 71.827884][ T4773]
[ 71.828503][ T4773] CPU: 2 UID: 0 PID: 4773 Comm: kworker/u33:1 Tainted: G W 6.11.0-syzkaller-gde5cb0dcb74c-dirty #0
[ 71.831480][ T4773] Tainted: [W]=WARN
[ 71.832478][ T4773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 71.835283][ T4773] Workqueue: hci0 hci_rx_work
[ 71.836527][ T4773] Call Trace:
[ 71.837406][ T4773]
[ 71.838272][ T4773] dump_stack_lvl+0x116/0x1f0
[ 71.839526][ T4773] print_report+0xc3/0x620
[ 71.840724][ T4773] ? __virt_addr_valid+0x5e/0x590
[ 71.842046][ T4773] ? __phys_addr+0xc6/0x150
[ 71.843240][ T4773] kasan_report+0xd9/0x110
[ 71.844459][ T4773] ? hci_le_create_big_complete_evt+0xa62/0xb30
[ 71.846087][ T4773] ? hci_le_create_big_complete_evt+0xa62/0xb30
[ 71.847709][ T4773] hci_le_create_big_complete_evt+0xa62/0xb30
[ 71.849310][ T4773] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 71.851030][ T4773] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 71.852695][ T4773] ? skb_pull_data+0x166/0x210
[ 71.853976][ T4773] hci_le_meta_evt+0x2e2/0x5d0
[ 71.855240][ T4773] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 71.856948][ T4773] hci_event_packet+0x666/0x1180
[ 71.858240][ T4773] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 71.859594][ T4773] ? __pfx_hci_event_packet+0x10/0x10
[ 71.860860][ T4773] ? mark_held_locks+0x9f/0xe0
[ 71.862081][ T4773] ? kcov_remote_start+0x3cf/0x6e0
[ 71.863385][ T4773] ? lockdep_hardirqs_on+0x7c/0x110
[ 71.865159][ T4773] hci_rx_work+0x2c6/0x1610
[ 71.866416][ T4773] process_one_work+0x9c5/0x1ba0
[ 71.867665][ T4773] ? __pfx_lock_acquire+0x10/0x10
[ 71.868928][ T4773] ? __pfx_process_one_work+0x10/0x10
[ 71.870308][ T4773] ? assign_work+0x1a0/0x250
[ 71.871499][ T4773] worker_thread+0x6c8/0xf00
[ 71.872721][ T4773] ? __pfx_worker_thread+0x10/0x10
[ 71.874040][ T4773] kthread+0x2c1/0x3a0
[ 71.875081][ T4773] ? _raw_spin_unlock_irq+0x23/0x50
[ 71.876396][ T4773] ? __pfx_kthread+0x10/0x10
[ 71.877587][ T4773] ret_from_fork+0x45/0x80
[ 71.878757][ T4773] ? __pfx_kthread+0x10/0x10
[ 71.879922][ T4773] ret_from_fork_asm+0x1a/0x30
[ 71.881141][ T4773]
[ 71.881946][ T4773]
[ 71.882556][ T4773] Allocated by task 4773:
[ 71.883685][ T4773] kasan_save_stack+0x33/0x60
[ 71.884895][ T4773] kasan_save_track+0x14/0x30
[ 71.886117][ T4773] __kasan_kmalloc+0xaa/0xb0
[ 71.887288][ T4773] __hci_conn_add+0x131/0x1a50
[ 71.888532][ T4773] hci_conn_add+0x56/0x70
[ 71.889630][ T4773] hci_le_big_sync_established_evt+0x73f/0xad0
[ 71.891171][ T4773] hci_le_meta_evt+0x2e2/0x5d0
[ 71.892391][ T4773] hci_event_packet+0x666/0x1180
[ 71.893656][ T4773] hci_rx_work+0x2c6/0x1610
[ 71.894840][ T4773] process_one_work+0x9c5/0x1ba0
[ 71.896129][ T4773] worker_thread+0x6c8/0xf00
[ 71.897319][ T4773] kthread+0x2c1/0x3a0
[ 71.898379][ T4773] ret_from_fork+0x45/0x80
[ 71.899534][ T4773] ret_from_fork_asm+0x1a/0x30
[ 71.900793][ T4773]
[ 71.901422][ T4773] Freed by task 4773:
[ 71.902447][ T4773] kasan_save_stack+0x33/0x60
[ 71.903669][ T4773] kasan_save_track+0x14/0x30
[ 71.905592][ T4773] kasan_save_free_info+0x3b/0x60
[ 71.906900][ T4773] __kasan_slab_free+0x51/0x70
[ 71.908128][ T4773] kfree+0x14f/0x4b0
[ 71.909155][ T4773] device_release+0xa1/0x240
[ 71.910361][ T4773] kobject_put+0x1e4/0x5a0
[ 71.911509][ T4773] put_device+0x1f/0x30
[ 71.912579][ T4773] hci_conn_del_sysfs+0x151/0x180
[ 71.913864][ T4773] hci_conn_del+0x54e/0xdb0
[ 71.915024][ T4773] hci_le_create_big_complete_evt+0x4ba/0xb30
[ 71.916573][ T4773] hci_le_meta_evt+0x2e2/0x5d0
[ 71.917800][ T4773] hci_event_packet+0x666/0x1180
[ 71.919045][ T4773] hci_rx_work+0x2c6/0x1610
[ 71.920209][ T4773] process_one_work+0x9c5/0x1ba0
[ 71.921475][ T4773] worker_thread+0x6c8/0xf00
[ 71.922648][ T4773] kthread+0x2c1/0x3a0
[ 71.923715][ T4773] ret_from_fork+0x45/0x80
[ 71.924862][ T4773] ret_from_fork_asm+0x1a/0x30
[ 71.926072][ T4773]
[ 71.926685][ T4773] The buggy address belongs to the object at ffff888048ee4000
[ 71.926685][ T4773] which belongs to the cache kmalloc-8k of size 8192
[ 71.930196][ T4773] The buggy address is located 0 bytes inside of
[ 71.930196][ T4773] freed 8192-byte region [ffff888048ee4000, ffff888048ee6000)
[ 71.933676][ T4773]
[ 71.934305][ T4773] The buggy address belongs to the physical page:
[ 71.935930][ T4773] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x48ee0
[ 71.938188][ T4773] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 71.940327][ T4773] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 71.942261][ T4773] page_type: f5(slab)
[ 71.943302][ T4773] raw: 00fff00000000040 ffff88801b043180 dead000000000122 0000000000000000
[ 71.945477][ T4773] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[ 71.947674][ T4773] head: 00fff00000000040 ffff88801b043180 dead000000000122 0000000000000000
[ 71.949873][ T4773] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[ 71.952048][ T4773] head: 00fff00000000003 ffffea000123b801 ffffffffffffffff 0000000000000000
[ 71.954204][ T4773] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 71.956448][ T4773] page dumped because: kasan: bad access detected
[ 71.958043][ T4773] page_owner tracks the page as allocated
[ 71.959434][ T4773] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5794, tgid 5794 (syz-executor), ts 71235828187, free_ts 71184288635
[ 71.964656][ T4773] post_alloc_hook+0x2d1/0x350
[ 71.965852][ T4773] get_page_from_freelist+0x101e/0x3070
[ 71.967202][ T4773] __alloc_pages_noprof+0x223/0x25c0
[ 71.968506][ T4773] alloc_pages_mpol_noprof+0x275/0x610
[ 71.969891][ T4773] new_slab+0x28b/0x3f0
[ 71.971061][ T4773] ___slab_alloc+0xd1d/0x16e0
[ 71.972281][ T4773] __slab_alloc.constprop.0+0x56/0xb0
[ 71.973652][ T4773] __kmalloc_node_noprof+0x357/0x430
[ 71.974978][ T4773] __kvmalloc_node_noprof+0x6f/0x1a0
[ 71.976342][ T4773] pfifo_fast_init+0x125/0x3b0
[ 71.977592][ T4773] qdisc_create_dflt+0x101/0x440
[ 71.978862][ T4773] dev_activate+0x63a/0x12b0
[ 71.980059][ T4773] __dev_open+0x396/0x4e0
[ 71.981174][ T4773] __dev_change_flags+0x561/0x720
[ 71.982467][ T4773] dev_change_flags+0x8f/0x160
[ 71.983706][ T4773] do_setlink+0x1b0e/0x41c0
[ 71.984860][ T4773] page last free pid 5885 tgid 5885 stack trace:
[ 71.986476][ T4773] free_unref_page+0x5f4/0xdc0
[ 71.987695][ T4773] __put_partials+0x14c/0x170
[ 71.988919][ T4773] qlist_free_all+0x4e/0x120
[ 71.990113][ T4773] kasan_quarantine_reduce+0x192/0x1e0
[ 71.991481][ T4773] __kasan_slab_alloc+0x69/0x90
[ 71.992715][ T4773] kmem_cache_alloc_noprof+0x121/0x2f0
[ 71.994088][ T4773] getname_flags.part.0+0x4c/0x550
[ 71.995385][ T4773] getname_flags+0x93/0xf0
[ 71.996525][ T4773] vfs_fstatat+0x86/0x160
[ 71.997629][ T4773] __do_sys_newfstatat+0xa2/0x130
[ 71.999018][ T4773] do_syscall_64+0xcd/0x250
[ 72.000206][ T4773] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.001739][ T4773]
[ 72.002378][ T4773] Memory state around the buggy address:
[ 72.003820][ T4773] ffff888048ee3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 72.005860][ T4773] ffff888048ee3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 72.007920][ T4773] >ffff888048ee4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.009968][ T4773] ^
[ 72.011057][ T4773] ffff888048ee4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.013059][ T4773] ffff888048ee4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.015067][ T4773] ==================================================================
[ 72.017332][ T4773] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 72.019198][ T4773] CPU: 2 UID: 0 PID: 4773 Comm: kworker/u33:1 Tainted: G W 6.11.0-syzkaller-gde5cb0dcb74c-dirty #0
[ 72.022182][ T4773] Tainted: [W]=WARN
[ 72.023126][ T4773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 72.025836][ T4773] Workqueue: hci0 hci_rx_work
[ 72.027038][ T4773] Call Trace:
[ 72.027904][ T4773]
[ 72.028682][ T4773] dump_stack_lvl+0x3d/0x1f0
[ 72.030013][ T4773] panic+0x71d/0x800
[ 72.031029][ T4773] ? __pfx_panic+0x10/0x10
[ 72.032173][ T4773] ? trace_irq_enable.constprop.0+0xe4/0x130
[ 72.033718][ T4773] ? preempt_schedule_thunk+0x1a/0x30
[ 72.035116][ T4773] ? preempt_schedule_common+0x44/0xc0
[ 72.036601][ T4773] ? check_panic_on_warn+0x1f/0xb0
[ 72.037915][ T4773] check_panic_on_warn+0xab/0xb0
[ 72.039164][ T4773] end_report+0x117/0x180
[ 72.040286][ T4773] kasan_report+0xe9/0x110
[ 72.041429][ T4773] ? hci_le_create_big_complete_evt+0xa62/0xb30
[ 72.043010][ T4773] ? hci_le_create_big_complete_evt+0xa62/0xb30
[ 72.044612][ T4773] hci_le_create_big_complete_evt+0xa62/0xb30
[ 72.046378][ T4773] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 72.048154][ T4773] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 72.050042][ T4773] ? skb_pull_data+0x166/0x210
[ 72.051272][ T4773] hci_le_meta_evt+0x2e2/0x5d0
[ 72.052512][ T4773] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 72.054178][ T4773] hci_event_packet+0x666/0x1180
[ 72.055447][ T4773] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 72.056824][ T4773] ? __pfx_hci_event_packet+0x10/0x10
[ 72.058168][ T4773] ? mark_held_locks+0x9f/0xe0
[ 72.059403][ T4773] ? kcov_remote_start+0x3cf/0x6e0
[ 72.060697][ T4773] ? lockdep_hardirqs_on+0x7c/0x110
[ 72.062034][ T4773] hci_rx_work+0x2c6/0x1610
[ 72.063205][ T4773] process_one_work+0x9c5/0x1ba0
[ 72.064475][ T4773] ? __pfx_lock_acquire+0x10/0x10
[ 72.065707][ T4773] ? __pfx_process_one_work+0x10/0x10
[ 72.067062][ T4773] ? assign_work+0x1a0/0x250
[ 72.068263][ T4773] worker_thread+0x6c8/0xf00
[ 72.069429][ T4773] ? __pfx_worker_thread+0x10/0x10
[ 72.070712][ T4773] kthread+0x2c1/0x3a0
[ 72.071759][ T4773] ? _raw_spin_unlock_irq+0x23/0x50
[ 72.073099][ T4773] ? __pfx_kthread+0x10/0x10
[ 72.074271][ T4773] ret_from_fork+0x45/0x80
[ 72.075436][ T4773] ? __pfx_kthread+0x10/0x10
[ 72.076626][ T4773] ret_from_fork_asm+0x1a/0x30
[ 72.077873][ T4773]
[ 72.079038][ T4773] Kernel Offset: disabled
[ 72.080162][ T4773] Rebooting in 86400 seconds..