[ 87.570243][ T55] cfg80211: failed to load regulatory.db
Warning: Permanently added '[localhost]:9610' (ED25519) to the list of known hosts.
2024/06/27 03:21:36 ignoring optional flag "sandboxArg"="0"
2024/06/27 03:21:37 parsed 1 programs
[ 92.958622][ T39] audit: type=1400 audit(1719458497.613:124): avc: denied { unlink } for pid=5470 comm="syz-executor" name="swap-file" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 94.303866][ T39] audit: type=1400 audit(1719458498.963:125): avc: denied { search } for pid=5478 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 94.318258][ T39] audit: type=1400 audit(1719458498.973:126): avc: denied { read } for pid=5479 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1482 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 94.328517][ T39] audit: type=1400 audit(1719458498.983:127): avc: denied { open } for pid=5479 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1482 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 94.351393][ T39] audit: type=1400 audit(1719458498.983:128): avc: denied { getattr } for pid=5479 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1482 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 94.362471][ T39] audit: type=1400 audit(1719458498.993:129): avc: denied { write } for pid=5478 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1481 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 94.373992][ T39] audit: type=1400 audit(1719458498.993:130): avc: denied { add_name } for pid=5478 comm="dhcpcd-run-hook" name="resolv.conf.eth3.ipv4ll" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 94.401637][ T39] audit: type=1400 audit(1719458499.063:131): avc: denied { remove_name } for pid=5481 comm="rm" name="resolv.conf.eth3.ipv4ll" dev="tmpfs" ino=1708 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 94.824550][ T5470] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 94.883225][ T4639] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 94.889156][ T4639] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 94.896222][ T4639] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 94.913546][ T4639] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 94.917923][ T4639] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 94.921746][ T4639] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 95.008982][ T39] audit: type=1400 audit(1719458499.673:132): avc: denied { mounton } for pid=5490 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=2384 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 96.308997][ T5545] chnl_net:caif_netlink_parms(): no params data found
[ 96.469865][ T5545] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.480422][ T5545] bridge0: port 1(bridge_slave_0) entered disabled state
[ 96.484133][ T5545] bridge_slave_0: entered allmulticast mode
[ 96.487759][ T5545] bridge_slave_0: entered promiscuous mode
[ 96.492115][ T5545] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.495031][ T5545] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.500645][ T5545] bridge_slave_1: entered allmulticast mode
[ 96.503867][ T5545] bridge_slave_1: entered promiscuous mode
[ 96.567811][ T5545] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 96.577226][ T5545] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 96.628732][ T5545] team0: Port device team_slave_0 added
[ 96.636565][ T5545] team0: Port device team_slave_1 added
[ 96.689098][ T5545] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 96.692229][ T5545] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.705404][ T5545] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 96.713460][ T5545] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 96.716611][ T5545] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.728602][ T5545] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 96.834246][ T5545] hsr_slave_0: entered promiscuous mode
[ 96.839299][ T5545] hsr_slave_1: entered promiscuous mode
[ 97.950837][ T5545] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 97.981994][ T5545] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 97.991209][ T5545] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 98.004493][ T5545] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 98.161367][ T5545] 8021q: adding VLAN 0 to HW filter on device bond0
[ 98.183438][ T5545] 8021q: adding VLAN 0 to HW filter on device team0
[ 98.194031][ T829] bridge0: port 1(bridge_slave_0) entered blocking state
[ 98.197872][ T829] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 98.210358][ T25] bridge0: port 2(bridge_slave_1) entered blocking state
[ 98.213766][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 98.271560][ T5545] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 98.502224][ T5545] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 98.547296][ T5545] veth0_vlan: entered promiscuous mode
[ 98.559586][ T5545] veth1_vlan: entered promiscuous mode
[ 98.607198][ T5545] veth0_macvtap: entered promiscuous mode
[ 98.615066][ T5545] veth1_macvtap: entered promiscuous mode
[ 98.633615][ T5545] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 98.646624][ T5545] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 98.656474][ T5545] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.661397][ T5545] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.665861][ T5545] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.672876][ T5545] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 98.974901][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.078235][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.191767][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.262551][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 99.297312][ T1102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.303647][ T1102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 99.333769][ T1180] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 99.337474][ T1180] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/06/27 03:21:44 executed programs: 0
[ 100.259945][ T4639] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 100.265094][ T4639] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 100.269517][ T4639] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 100.274063][ T4639] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 100.279141][ T4639] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 100.282802][ T4639] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 100.448717][ T5682] chnl_net:caif_netlink_parms(): no params data found
[ 100.582681][ T5682] bridge0: port 1(bridge_slave_0) entered blocking state
[ 100.585843][ T5682] bridge0: port 1(bridge_slave_0) entered disabled state
[ 100.590875][ T5682] bridge_slave_0: entered allmulticast mode
[ 100.594825][ T5682] bridge_slave_0: entered promiscuous mode
[ 100.600235][ T5682] bridge0: port 2(bridge_slave_1) entered blocking state
[ 100.603360][ T5682] bridge0: port 2(bridge_slave_1) entered disabled state
[ 100.606474][ T5682] bridge_slave_1: entered allmulticast mode
[ 100.614268][ T5682] bridge_slave_1: entered promiscuous mode
[ 100.674009][ T5682] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 100.681333][ T5682] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 100.740393][ T5682] team0: Port device team_slave_0 added
[ 100.747418][ T5682] team0: Port device team_slave_1 added
[ 100.809877][ T5682] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 100.812060][ T5682] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 100.822673][ T5682] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 100.827654][ T5682] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 100.830075][ T5682] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 100.841840][ T5682] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 100.904745][ T5682] hsr_slave_0: entered promiscuous mode
[ 100.909044][ T5682] hsr_slave_1: entered promiscuous mode
[ 100.912679][ T5682] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 100.916046][ T5682] Cannot create hsr debugfs directory
[ 102.368281][ T5274] Bluetooth: hci0: command tx timeout
[ 103.753528][ T11] bridge_slave_1: left allmulticast mode
[ 103.756001][ T11] bridge_slave_1: left promiscuous mode
[ 103.761355][ T11] bridge0: port 2(bridge_slave_1) entered disabled state
[ 103.769235][ T11] bridge_slave_0: left allmulticast mode
[ 103.774290][ T11] bridge_slave_0: left promiscuous mode
[ 103.777148][ T11] bridge0: port 1(bridge_slave_0) entered disabled state
[ 104.174280][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 104.181844][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 104.189018][ T11] bond0 (unregistering): Released all slaves
[ 104.466665][ T5274] Bluetooth: hci0: command tx timeout
[ 104.558727][ T11] hsr_slave_0: left promiscuous mode
[ 104.562428][ T11] hsr_slave_1: left promiscuous mode
[ 104.570854][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 104.574030][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 104.577895][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 104.583908][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 104.613059][ T11] veth1_macvtap: left promiscuous mode
[ 104.615629][ T11] veth0_macvtap: left promiscuous mode
[ 104.618356][ T11] veth1_vlan: left promiscuous mode
[ 104.620976][ T11] veth0_vlan: left promiscuous mode
[ 105.499006][ T11] team0 (unregistering): Port device team_slave_1 removed
[ 105.589224][ T11] team0 (unregistering): Port device team_slave_0 removed
[ 106.529663][ T5274] Bluetooth: hci0: command tx timeout
[ 106.536664][ T5682] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 106.560137][ T5682] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 106.567573][ T5682] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 106.574348][ T5682] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 106.661409][ T5682] 8021q: adding VLAN 0 to HW filter on device bond0
[ 106.688081][ T5682] 8021q: adding VLAN 0 to HW filter on device team0
[ 106.700394][ T826] bridge0: port 1(bridge_slave_0) entered blocking state
[ 106.704428][ T826] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 106.722914][ T817] bridge0: port 2(bridge_slave_1) entered blocking state
[ 106.725786][ T817] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 107.156442][ T5682] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 107.213807][ T5682] veth0_vlan: entered promiscuous mode
[ 107.228869][ T5682] veth1_vlan: entered promiscuous mode
[ 107.271780][ T5682] veth0_macvtap: entered promiscuous mode
[ 107.284670][ T5682] veth1_macvtap: entered promiscuous mode
[ 107.304329][ T5682] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 107.316446][ T5682] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 107.326503][ T5682] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 107.331146][ T5682] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 107.335979][ T5682] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 107.340881][ T5682] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 107.405871][ T1096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.415088][ T1096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.443631][ T1096] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 107.446953][ T1096] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.488662][ T39] audit: type=1400 audit(1719458512.143:133): avc: denied { connect } for pid=5780 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
2024/06/27 03:21:52 executed programs: 1
[ 107.571335][ T5274] ==================================================================
[ 107.575144][ T5274] BUG: KASAN: slab-use-after-free in register_lock_class+0x101f/0x1230
[ 107.579227][ T5274] Read of size 1 at addr ffff88803f2d0139 by task kworker/u33:2/5274
[ 107.585818][ T5274]
[ 107.586924][ T5274] CPU: 1 PID: 5274 Comm: kworker/u33:2 Not tainted 6.10.0-rc5-syzkaller-00035-gafcd48134c58 #0
[ 107.591437][ T5274] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 107.596846][ T5274] Workqueue: hci0 hci_rx_work
[ 107.599624][ T5274] Call Trace:
[ 107.601557][ T5274]
[ 107.603120][ T5274] dump_stack_lvl+0x116/0x1f0
[ 107.606175][ T5274] print_report+0xc3/0x620
[ 107.609084][ T5274] ? __virt_addr_valid+0x5e/0x580
[ 107.611888][ T5274] ? __phys_addr+0xc6/0x150
[ 107.613887][ T5274] kasan_report+0xd9/0x110
[ 107.615765][ T5274] ? register_lock_class+0x101f/0x1230
[ 107.617866][ T5274] ? register_lock_class+0x101f/0x1230
[ 107.620332][ T5274] register_lock_class+0x101f/0x1230
[ 107.623056][ T5274] ? __pfx_register_lock_class+0x10/0x10
[ 107.626227][ T5274] __lock_acquire+0x111/0x3b30
[ 107.628558][ T5274] ? __lock_acquire+0x1fb0/0x3b30
[ 107.630943][ T5274] ? __pfx_selinux_socket_sock_rcv_skb+0x10/0x10
[ 107.633826][ T5274] ? __pfx___lock_acquire+0x10/0x10
[ 107.636158][ T5274] ? find_held_lock+0x2d/0x110
[ 107.638442][ T5274] lock_acquire+0x1b1/0x560
[ 107.640499][ T5274] ? __sock_queue_rcv_skb+0x377/0xa80
[ 107.643033][ T5274] ? __pfx_lock_acquire+0x10/0x10
[ 107.645356][ T5274] ? sk_filter_trim_cap+0xec/0xac0
[ 107.647372][ T5274] ? l2cap_sock_recv_cb+0x54/0x3d0
[ 107.649572][ T5274] _raw_spin_lock_irqsave+0x3a/0x60
[ 107.652084][ T5274] ? __sock_queue_rcv_skb+0x377/0xa80
[ 107.654496][ T5274] __sock_queue_rcv_skb+0x377/0xa80
[ 107.656751][ T5274] l2cap_sock_recv_cb+0xfa/0x3d0
[ 107.659048][ T5274] l2cap_recv_frame+0x1c4c/0x8e50
[ 107.661339][ T5274] ? find_held_lock+0x2d/0x110
[ 107.663578][ T5274] ? hci_rx_work+0xa83/0x1610
[ 107.665754][ T5274] ? __pfx_lock_release+0x10/0x10
[ 107.668242][ T5274] ? __pfx___lock_acquire+0x10/0x10
[ 107.670943][ T5274] ? __pfx_l2cap_recv_frame+0x10/0x10
[ 107.673392][ T5274] ? trace_contention_end+0xea/0x140
[ 107.675653][ T5274] ? __mutex_unlock_slowpath+0x164/0x650
[ 107.677994][ T5274] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 107.680592][ T5274] ? hci_rx_work+0xa6f/0x1610
[ 107.682674][ T5274] ? hci_conn_enter_active_mode+0x219/0x360
[ 107.685249][ T5274] ? __pfx_lock_release+0x10/0x10
[ 107.687658][ T5274] ? __pfx_hci_conn_enter_active_mode+0x10/0x10
[ 107.690690][ T5274] l2cap_recv_acldata+0x9ac/0xb60
[ 107.693002][ T5274] hci_rx_work+0xaa7/0x1610
[ 107.695019][ T5274] process_one_work+0x9c5/0x1b40
[ 107.697222][ T5274] ? __pfx_lock_acquire+0x10/0x10
[ 107.699291][ T5274] ? __pfx_process_one_work+0x10/0x10
[ 107.701460][ T5274] ? assign_work+0x1a0/0x250
[ 107.703330][ T5274] worker_thread+0x6c8/0xf30
[ 107.705178][ T5274] ? __kthread_parkme+0x148/0x220
[ 107.707458][ T5274] ? __pfx_worker_thread+0x10/0x10
[ 107.710007][ T5274] kthread+0x2c1/0x3a0
[ 107.711889][ T5274] ? _raw_spin_unlock_irq+0x23/0x50
[ 107.714293][ T5274] ? __pfx_kthread+0x10/0x10
[ 107.716370][ T5274] ret_from_fork+0x45/0x80
[ 107.718278][ T5274] ? __pfx_kthread+0x10/0x10
[ 107.720153][ T5274] ret_from_fork_asm+0x1a/0x30
[ 107.722076][ T5274]
[ 107.723613][ T5274]
[ 107.724669][ T5274] Allocated by task 5787:
[ 107.726552][ T5274] kasan_save_stack+0x33/0x60
[ 107.728620][ T5274] kasan_save_track+0x14/0x30
[ 107.730757][ T5274] __kasan_kmalloc+0xaa/0xb0
[ 107.732814][ T5274] __kmalloc_noprof+0x1ec/0x410
[ 107.735116][ T5274] sk_prot_alloc+0x1a8/0x2a0
[ 107.737373][ T5274] sk_alloc+0x36/0xb90
[ 107.739297][ T5274] bt_sock_alloc+0x3b/0x3a0
[ 107.741388][ T5274] l2cap_sock_alloc.constprop.0+0x35/0x180
[ 107.743704][ T5274] l2cap_sock_create+0x123/0x1f0
[ 107.745852][ T5274] bt_sock_create+0x182/0x350
[ 107.747942][ T5274] __sock_create+0x32e/0x800
[ 107.750014][ T5274] __sys_socket+0x14f/0x260
[ 107.752093][ T5274] __x64_sys_socket+0x72/0xb0
[ 107.754349][ T5274] do_syscall_64+0xcd/0x250
[ 107.756578][ T5274] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.759742][ T5274]
[ 107.760866][ T5274] Freed by task 5786:
[ 107.762631][ T5274] kasan_save_stack+0x33/0x60
[ 107.764783][ T5274] kasan_save_track+0x14/0x30
[ 107.766981][ T5274] kasan_save_free_info+0x3b/0x60
[ 107.769387][ T5274] poison_slab_object+0xf7/0x160
[ 107.771589][ T5274] __kasan_slab_free+0x32/0x50
[ 107.773119][ T5274] kfree+0x12a/0x3b0
[ 107.774705][ T5274] __sk_destruct+0x5d8/0x730
[ 107.776508][ T5274] sk_destruct+0xc2/0xf0
[ 107.778236][ T5274] __sk_free+0xf4/0x3e0
[ 107.780070][ T5274] sk_free+0x7c/0xa0
[ 107.781821][ T5274] l2cap_sock_kill+0x22f/0x270
[ 107.783874][ T5274] l2cap_sock_release+0x189/0x210
[ 107.787127][ T5274] __sock_release+0xb0/0x270
[ 107.789230][ T5274] sock_close+0x1c/0x30
[ 107.790841][ T5274] __fput+0x408/0xbb0
[ 107.792279][ T5274] __fput_sync+0x47/0x50
[ 107.793813][ T5274] __x64_sys_close+0x86/0x100
[ 107.795724][ T5274] do_syscall_64+0xcd/0x250
[ 107.797603][ T5274] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.799931][ T5274]
[ 107.800964][ T5274] The buggy address belongs to the object at ffff88803f2d0000
[ 107.800964][ T5274] which belongs to the cache kmalloc-2k of size 2048
[ 107.807086][ T5274] The buggy address is located 313 bytes inside of
[ 107.807086][ T5274] freed 2048-byte region [ffff88803f2d0000, ffff88803f2d0800)
[ 107.813133][ T5274]
[ 107.814268][ T5274] The buggy address belongs to the physical page:
[ 107.817088][ T5274] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3f2d0
[ 107.820589][ T5274] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 107.824236][ T5274] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 107.827259][ T5274] page_type: 0xffffefff(slab)
[ 107.829161][ T5274] raw: 00fff00000000040 ffff888015442f00 dead000000000122 0000000000000000
[ 107.832280][ T5274] raw: 0000000000000000 0000000080080008 00000001ffffefff 0000000000000000
[ 107.835415][ T5274] head: 00fff00000000040 ffff888015442f00 dead000000000122 0000000000000000
[ 107.838935][ T5274] head: 0000000000000000 0000000080080008 00000001ffffefff 0000000000000000
[ 107.842760][ T5274] head: 00fff00000000003 ffffea0000fcb401 ffffffffffffffff 0000000000000000
[ 107.846588][ T5274] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 107.849897][ T5274] page dumped because: kasan: bad access detected
[ 107.852772][ T5274] page_owner tracks the page as allocated
[ 107.855293][ T5274] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 5787, tgid 5786 (syz-executor), ts 107570159894, free_ts 107413887317
[ 107.865269][ T5274] post_alloc_hook+0x2d1/0x350
[ 107.867157][ T5274] get_page_from_freelist+0x1353/0x2e50
[ 107.869157][ T5274] __alloc_pages_noprof+0x22b/0x2460
[ 107.871139][ T5274] alloc_slab_page+0x56/0x110
[ 107.872950][ T5274] new_slab+0x84/0x260
[ 107.874742][ T5274] ___slab_alloc+0xdac/0x1870
[ 107.876744][ T5274] __slab_alloc.constprop.0+0x56/0xb0
[ 107.879283][ T5274] __kmalloc_noprof+0x36d/0x410
[ 107.881883][ T5274] sk_prot_alloc+0x1a8/0x2a0
[ 107.884118][ T5274] sk_alloc+0x36/0xb90
[ 107.885995][ T5274] bt_sock_alloc+0x3b/0x3a0
[ 107.888344][ T5274] l2cap_sock_alloc.constprop.0+0x35/0x180
[ 107.891177][ T5274] l2cap_sock_create+0x123/0x1f0
[ 107.893439][ T5274] bt_sock_create+0x182/0x350
[ 107.895670][ T5274] __sock_create+0x32e/0x800
[ 107.897774][ T5274] __sys_socket+0x14f/0x260
[ 107.899897][ T5274] page last free pid 5745 tgid 5745 stack trace:
[ 107.902834][ T5274] free_unref_page+0x64a/0xe40
[ 107.905211][ T5274] __put_partials+0x14c/0x170
[ 107.907587][ T5274] qlist_free_all+0x4e/0x140
[ 107.909790][ T5274] kasan_quarantine_reduce+0x192/0x1e0
[ 107.912304][ T5274] __kasan_slab_alloc+0x69/0x90
[ 107.914529][ T5274] kmem_cache_alloc_noprof+0x121/0x2f0
[ 107.916725][ T5274] getname_flags.part.0+0x50/0x4f0
[ 107.918729][ T5274] getname+0x8f/0xe0
[ 107.920198][ T5274] do_sys_openat2+0x104/0x1e0
[ 107.922047][ T5274] __x64_sys_openat+0x175/0x210
[ 107.924334][ T5274] do_syscall_64+0xcd/0x250
[ 107.926617][ T5274] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 107.929937][ T5274]
[ 107.931392][ T5274] Memory state around the buggy address:
[ 107.934213][ T5274] ffff88803f2d0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 107.937838][ T5274] ffff88803f2d0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 107.940995][ T5274] >ffff88803f2d0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 107.944282][ T5274] ^
[ 107.946765][ T5274] ffff88803f2d0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 107.949807][ T5274] ffff88803f2d0200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 107.953159][ T5274] ==================================================================
[ 107.956945][ T5274] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 107.960098][ T5274] CPU: 1 PID: 5274 Comm: kworker/u33:2 Not tainted 6.10.0-rc5-syzkaller-00035-gafcd48134c58 #0
[ 107.964280][ T5274] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 107.968846][ T5274] Workqueue: hci0 hci_rx_work
[ 107.970882][ T5274] Call Trace:
[ 107.972331][ T5274]
[ 107.973522][ T5274] dump_stack_lvl+0x3d/0x1f0
[ 107.975503][ T5274] panic+0x6f5/0x7a0
[ 107.977145][ T5274] ? __pfx_panic+0x10/0x10
[ 107.979228][ T5274] ? rcu_is_watching+0x12/0xc0
[ 107.981444][ T5274] ? __pfx_lock_release+0x10/0x10
[ 107.983782][ T5274] ? check_panic_on_warn+0x1f/0xb0
[ 107.986076][ T5274] check_panic_on_warn+0xab/0xb0
[ 107.988162][ T5274] end_report+0x117/0x180
[ 107.989943][ T5274] kasan_report+0xe9/0x110
[ 107.991822][ T5274] ? register_lock_class+0x101f/0x1230
[ 107.993969][ T5274] ? register_lock_class+0x101f/0x1230
[ 107.996466][ T5274] register_lock_class+0x101f/0x1230
[ 107.998810][ T5274] ? __pfx_register_lock_class+0x10/0x10
[ 108.001408][ T5274] __lock_acquire+0x111/0x3b30
[ 108.003722][ T5274] ? __lock_acquire+0x1fb0/0x3b30
[ 108.005898][ T5274] ? __pfx_selinux_socket_sock_rcv_skb+0x10/0x10
[ 108.008634][ T5274] ? __pfx___lock_acquire+0x10/0x10
[ 108.011111][ T5274] ? find_held_lock+0x2d/0x110
[ 108.013727][ T5274] lock_acquire+0x1b1/0x560
[ 108.016388][ T5274] ? __sock_queue_rcv_skb+0x377/0xa80
[ 108.018851][ T5274] ? __pfx_lock_acquire+0x10/0x10
[ 108.021079][ T5274] ? sk_filter_trim_cap+0xec/0xac0
[ 108.023101][ T5274] ? l2cap_sock_recv_cb+0x54/0x3d0
[ 108.025172][ T5274] _raw_spin_lock_irqsave+0x3a/0x60
[ 108.027277][ T5274] ? __sock_queue_rcv_skb+0x377/0xa80
[ 108.029579][ T5274] __sock_queue_rcv_skb+0x377/0xa80
[ 108.031781][ T5274] l2cap_sock_recv_cb+0xfa/0x3d0
[ 108.033710][ T5274] l2cap_recv_frame+0x1c4c/0x8e50
[ 108.035974][ T5274] ? find_held_lock+0x2d/0x110
[ 108.038580][ T5274] ? hci_rx_work+0xa83/0x1610
[ 108.041191][ T5274] ? __pfx_lock_release+0x10/0x10
[ 108.043649][ T5274] ? __pfx___lock_acquire+0x10/0x10
[ 108.045933][ T5274] ? __pfx_l2cap_recv_frame+0x10/0x10
[ 108.048290][ T5274] ? trace_contention_end+0xea/0x140
[ 108.050594][ T5274] ? __mutex_unlock_slowpath+0x164/0x650
[ 108.053061][ T5274] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 108.055713][ T5274] ? hci_rx_work+0xa6f/0x1610
[ 108.057666][ T5274] ? hci_conn_enter_active_mode+0x219/0x360
[ 108.060428][ T5274] ? __pfx_lock_release+0x10/0x10
[ 108.062957][ T5274] ? __pfx_hci_conn_enter_active_mode+0x10/0x10
[ 108.066322][ T5274] l2cap_recv_acldata+0x9ac/0xb60
[ 108.068507][ T5274] hci_rx_work+0xaa7/0x1610
[ 108.070257][ T5274] process_one_work+0x9c5/0x1b40
[ 108.072174][ T5274] ? __pfx_lock_acquire+0x10/0x10
[ 108.074107][ T5274] ? __pfx_process_one_work+0x10/0x10
[ 108.076866][ T5274] ? assign_work+0x1a0/0x250
[ 108.079349][ T5274] worker_thread+0x6c8/0xf30
[ 108.081940][ T5274] ? __kthread_parkme+0x148/0x220
[ 108.084495][ T5274] ? __pfx_worker_thread+0x10/0x10
[ 108.087055][ T5274] kthread+0x2c1/0x3a0
[ 108.089267][ T5274] ? _raw_spin_unlock_irq+0x23/0x50
[ 108.091440][ T5274] ? __pfx_kthread+0x10/0x10
[ 108.093171][ T5274] ret_from_fork+0x45/0x80
[ 108.095124][ T5274] ? __pfx_kthread+0x10/0x10
[ 108.096910][ T5274] ret_from_fork_asm+0x1a/0x30
[ 108.099027][ T5274]
[ 108.101287][ T5274] Kernel Offset: disabled
[ 108.103481][ T5274] Rebooting in 86400 seconds..