[  447.746159][ T2813] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  447.833381][ T2813] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  447.904876][ T2813] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  447.976615][ T2813] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.765429][ T2813] hsr_slave_0: left promiscuous mode
[  448.772495][ T2813] hsr_slave_1: left promiscuous mode
[  448.779491][ T2813] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  448.786895][ T2813] batman_adv: batadv0: Removing interface: batadv_slave_0
[  448.796368][ T2813] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  448.804236][ T2813] batman_adv: batadv0: Removing interface: batadv_slave_1
[  448.814008][ T2813] bridge_slave_1: left allmulticast mode
[  448.820082][ T2813] bridge_slave_1: left promiscuous mode
[  448.825867][ T2813] bridge0: port 2(bridge_slave_1) entered disabled state
[  448.836191][ T2813] bridge_slave_0: left allmulticast mode
[  448.841985][ T2813] bridge_slave_0: left promiscuous mode
[  448.847846][ T2813] bridge0: port 1(bridge_slave_0) entered disabled state
[  448.862562][ T2813] veth1_macvtap: left promiscuous mode
[  448.868921][ T2813] veth0_macvtap: left promiscuous mode
[  448.874640][ T2813] veth1_vlan: left promiscuous mode
[  448.880643][ T2813] veth0_vlan: left promiscuous mode
[  449.112839][ T2813] team0 (unregistering): Port device team_slave_1 removed
[  449.126949][ T2813] team0 (unregistering): Port device team_slave_0 removed
[  449.140457][ T2813] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  449.160614][ T2813] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  449.220374][ T2813] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.10.9' (ED25519) to the list of known hosts.
[  451.978296][ T7449] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  451.985662][ T7449] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  451.993392][ T7449] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  452.001118][ T7449] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  452.009019][ T7449] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  453.859091][    T8] ==================================================================
[  453.867204][    T8] BUG: KASAN: slab-out-of-bounds in l2cap_chan_del+0xa0b/0xa70
[  453.875016][    T8] Read of size 8 at addr ffff888068778718 by task kworker/0:0/8
[  453.882662][    T8] 
[  453.884997][    T8] CPU: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.5.0-rc6-next-20230818-syzkaller-dirty #0
[  453.894817][    T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[  453.904983][    T8] Workqueue: events l2cap_chan_timeout
[  453.910487][    T8] Call Trace:
[  453.913868][    T8]  <TASK>
[  453.916911][    T8]  dump_stack_lvl+0xd9/0x1b0
[  453.921577][    T8]  print_report+0xc4/0x620
[  453.926046][    T8]  ? __virt_addr_valid+0x5e/0x2d0
[  453.931158][    T8]  ? __phys_addr+0xc6/0x140
[  453.935659][    T8]  kasan_report+0xda/0x110
[  453.940073][    T8]  ? l2cap_chan_del+0xa0b/0xa70
[  453.944913][    T8]  ? l2cap_chan_del+0xa0b/0xa70
[  453.949799][    T8]  l2cap_chan_del+0xa0b/0xa70
[  453.954460][    T8]  ? mutex_lock_io_nested+0x11a0/0x11a0
[  453.960080][    T8]  l2cap_chan_close+0xff/0xa20
[  453.965016][    T8]  ? __l2cap_ecred_conn_rsp_defer+0x790/0x790
[  453.971070][    T8]  ? lock_sync+0x190/0x190
[  453.975494][    T8]  ? reacquire_held_locks+0x4b0/0x4b0
[  453.980864][    T8]  ? __schedule+0xee9/0x59f0
[  453.985448][    T8]  l2cap_chan_timeout+0x17d/0x2f0
[  453.990462][    T8]  process_one_work+0x887/0x15d0
[  453.995402][    T8]  ? lock_sync+0x190/0x190
[  453.999820][    T8]  ? init_worker_pool+0x770/0x770
[  454.004832][    T8]  ? assign_work+0x1a0/0x240
[  454.009415][    T8]  worker_thread+0x8bb/0x1290
[  454.014082][    T8]  ? process_one_work+0x15d0/0x15d0
[  454.019265][    T8]  kthread+0x33a/0x430
[  454.023317][    T8]  ? kthread_complete_and_exit+0x40/0x40
[  454.028934][    T8]  ret_from_fork+0x45/0x80
[  454.033358][    T8]  ? kthread_complete_and_exit+0x40/0x40
[  454.038991][    T8]  ret_from_fork_asm+0x11/0x20
[  454.043763][    T8]  </TASK>
[  454.046764][    T8] 
[  454.049066][    T8] Allocated by task 4708:
[  454.053456][    T8]  kasan_save_stack+0x33/0x50
[  454.058228][    T8]  kasan_set_track+0x25/0x30
[  454.062927][    T8]  __kasan_kmalloc+0xa2/0xb0
[  454.067539][    T8]  __kmalloc_node_track_caller+0x61/0x100
[  454.073323][    T8]  kmalloc_reserve+0xef/0x270
[  454.078134][    T8]  __alloc_skb+0x12b/0x330
[  454.082540][    T8]  alloc_skb_with_frags+0xe4/0x710
[  454.087652][    T8]  sock_alloc_send_pskb+0x7c8/0x950
[  454.092839][    T8]  unix_dgram_sendmsg+0x455/0x1c30
[  454.098003][    T8]  sock_sendmsg+0xd9/0x180
[  454.102691][    T8]  sock_write_iter+0x29b/0x3d0
[  454.107533][    T8]  do_iter_readv_writev+0x21e/0x3c0
[  454.108002][ T7449] Bluetooth: hci0: command 0x0409 tx timeout
[  454.112729][    T8]  do_iter_write+0x17f/0x830
[  454.123634][    T8]  vfs_writev+0x221/0x700
[  454.127962][    T8]  do_writev+0x285/0x370
[  454.132214][    T8]  do_syscall_64+0x38/0xb0
[  454.136807][    T8]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  454.142761][    T8] 
[  454.145079][    T8] Freed by task 4707:
[  454.149039][    T8]  kasan_save_stack+0x33/0x50
[  454.153740][    T8]  kasan_set_track+0x25/0x30
[  454.158328][    T8]  kasan_save_free_info+0x2b/0x40
[  454.163338][    T8]  ____kasan_slab_free+0x15b/0x1b0
[  454.168437][    T8]  slab_free_freelist_hook+0x114/0x1e0
[  454.173886][    T8]  __kmem_cache_free+0xb8/0x2f0
[  454.178736][    T8]  skb_free_head+0x110/0x1b0
[  454.183314][    T8]  skb_release_data+0x5ba/0x870
[  454.188155][    T8]  consume_skb+0xd2/0x170
[  454.192473][    T8]  __unix_dgram_recvmsg+0x814/0xe50
[  454.197661][    T8]  unix_dgram_recvmsg+0xc3/0xf0
[  454.202592][    T8]  sock_recvmsg+0xe2/0x170
[  454.207082][    T8]  sock_read_iter+0x2c3/0x3c0
[  454.211746][    T8]  do_iter_readv_writev+0x2f2/0x3c0
[  454.217035][    T8]  do_iter_read+0x315/0x870
[  454.221522][    T8]  vfs_readv+0x12d/0x1a0
[  454.225749][    T8]  do_readv+0x285/0x370
[  454.229890][    T8]  do_syscall_64+0x38/0xb0
[  454.234476][    T8]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  454.240887][    T8] 
[  454.243202][    T8] The buggy address belongs to the object at ffff888068778400
[  454.243202][    T8]  which belongs to the cache kmalloc-cg-512 of size 512
[  454.257501][    T8] The buggy address is located 280 bytes to the right of
[  454.257501][    T8]  allocated 512-byte region [ffff888068778400, ffff888068778600)
[  454.272515][    T8] 
[  454.274910][    T8] The buggy address belongs to the physical page:
[  454.281566][    T8] page:ffffea0001a1de00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x68778
[  454.291871][    T8] head:ffffea0001a1de00 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  454.300954][    T8] memcg:ffff88801937bc01
[  454.305168][    T8] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  454.313238][    T8] page_type: 0xffffffff()
[  454.317637][    T8] raw: 00fff00000000840 ffff888012c4f140 dead000000000122 0000000000000000
[  454.326490][    T8] raw: 0000000000000000 0000000000100010 00000001ffffffff ffff88801937bc01
[  454.335167][    T8] page dumped because: kasan: bad access detected
[  454.341567][    T8] page_owner tracks the page as allocated
[  454.347258][    T8] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4708, tgid 4708 (dhcpcd), ts 448399025420, free_ts 448388778101
[  454.369729][    T8]  post_alloc_hook+0x2cf/0x340
[  454.374615][    T8]  get_page_from_freelist+0x10d7/0x31b0
[  454.380161][    T8]  __alloc_pages+0x1d0/0x4a0
[  454.384751][    T8]  alloc_pages+0x1a9/0x270
[  454.389167][    T8]  allocate_slab+0x251/0x380
[  454.393767][    T8]  ___slab_alloc+0x8be/0x1570
[  454.398430][    T8]  __slab_alloc.constprop.0+0x56/0xa0
[  454.403792][    T8]  __kmem_cache_alloc_node+0x137/0x350
[  454.409331][    T8]  __kmalloc_node_track_caller+0x50/0x100
[  454.415118][    T8]  kmalloc_reserve+0xef/0x270
[  454.419783][    T8]  __alloc_skb+0x12b/0x330
[  454.424185][    T8]  alloc_skb_with_frags+0xe4/0x710
[  454.429370][    T8]  sock_alloc_send_pskb+0x7c8/0x950
[  454.434635][    T8]  unix_dgram_sendmsg+0x455/0x1c30
[  454.439739][    T8]  sock_sendmsg+0xd9/0x180
[  454.444138][    T8]  sock_write_iter+0x29b/0x3d0
[  454.448897][    T8] page last free stack trace:
[  454.453569][    T8]  free_unref_page_prepare+0x476/0xa40
[  454.459040][    T8]  free_unref_page+0x33/0x3b0
[  454.463718][    T8]  skb_free_head+0x110/0x1b0
[  454.468326][    T8]  skb_release_data+0x5ba/0x870
[  454.473170][    T8]  consume_skb+0xd2/0x170
[  454.477506][    T8]  __unix_dgram_recvmsg+0x814/0xe50
[  454.482799][    T8]  unix_dgram_recvmsg+0xc3/0xf0
[  454.487652][    T8]  sock_recvmsg+0xe2/0x170
[  454.492061][    T8]  sock_read_iter+0x2c3/0x3c0
[  454.496812][    T8]  do_iter_readv_writev+0x2f2/0x3c0
[  454.502002][    T8]  do_iter_read+0x315/0x870
[  454.506577][    T8]  vfs_readv+0x12d/0x1a0
[  454.510832][    T8]  do_readv+0x285/0x370
[  454.514973][    T8]  do_syscall_64+0x38/0xb0
[  454.519379][    T8]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  454.525359][    T8] 
[  454.527665][    T8] Memory state around the buggy address:
[  454.533276][    T8]  ffff888068778600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  454.541335][    T8]  ffff888068778680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  454.549553][    T8] >ffff888068778700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  454.557686][    T8]                             ^
[  454.562703][    T8]  ffff888068778780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  454.570783][    T8]  ffff888068778800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  454.578914][    T8] ==================================================================
[  454.588341][    T8] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  454.595554][    T8] CPU: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.5.0-rc6-next-20230818-syzkaller-dirty #0
[  454.605451][    T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[  454.615520][    T8] Workqueue: events l2cap_chan_timeout
[  454.620995][    T8] Call Trace:
[  454.624285][    T8]  <TASK>
[  454.627250][    T8]  dump_stack_lvl+0xd9/0x1b0
[  454.631862][    T8]  panic+0x6a6/0x750
[  454.635785][    T8]  ? panic_smp_self_stop+0xa0/0xa0
[  454.640909][    T8]  ? preempt_schedule_thunk+0x1a/0x30
[  454.646296][    T8]  ? preempt_schedule_common+0x45/0xc0
[  454.651767][    T8]  check_panic_on_warn+0xab/0xb0
[  454.656794][    T8]  end_report+0x108/0x150
[  454.661122][    T8]  kasan_report+0xea/0x110
[  454.665620][    T8]  ? l2cap_chan_del+0xa0b/0xa70
[  454.670601][    T8]  ? l2cap_chan_del+0xa0b/0xa70
[  454.675569][    T8]  l2cap_chan_del+0xa0b/0xa70
[  454.680766][    T8]  ? mutex_lock_io_nested+0x11a0/0x11a0
[  454.686444][    T8]  l2cap_chan_close+0xff/0xa20
[  454.691239][    T8]  ? __l2cap_ecred_conn_rsp_defer+0x790/0x790
[  454.697508][    T8]  ? lock_sync+0x190/0x190
[  454.701928][    T8]  ? reacquire_held_locks+0x4b0/0x4b0
[  454.707313][    T8]  ? __schedule+0xee9/0x59f0
[  454.711909][    T8]  l2cap_chan_timeout+0x17d/0x2f0
[  454.716951][    T8]  process_one_work+0x887/0x15d0
[  454.721892][    T8]  ? lock_sync+0x190/0x190
[  454.727003][    T8]  ? init_worker_pool+0x770/0x770
[  454.732056][    T8]  ? assign_work+0x1a0/0x240
[  454.736848][    T8]  worker_thread+0x8bb/0x1290
[  454.741635][    T8]  ? process_one_work+0x15d0/0x15d0
[  454.746834][    T8]  kthread+0x33a/0x430
[  454.751629][    T8]  ? kthread_complete_and_exit+0x40/0x40
[  454.757374][    T8]  ret_from_fork+0x45/0x80
[  454.762340][    T8]  ? kthread_complete_and_exit+0x40/0x40
[  454.768362][    T8]  ret_from_fork_asm+0x11/0x20
[  454.773523][    T8]  </TASK>
[  454.776762][    T8] Kernel Offset: disabled
[  454.781076][    T8] Rebooting in 86400 seconds..