[   76.082557][    C3] sched: DL replenish lagged too much
[   79.097252][ T1424] ieee802154 phy0 wpan0: encryption failed: -22
[   79.099483][ T1424] ieee802154 phy1 wpan1: encryption failed: -22
Warning: Permanently added '[localhost]:39003' (ED25519) to the list of known hosts.
2025/08/23 21:48:34 ignoring optional flag "type"="qemu"
2025/08/23 21:48:34 parsed 1 programs
[   80.469411][   T40] kauditd_printk_skb: 17 callbacks suppressed
[   80.469427][   T40] audit: type=1400 audit(1755985714.808:102): avc:  denied  { getattr } for  pid=6066 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   80.572955][   T40] audit: type=1400 audit(1755985714.908:103): avc:  denied  { unlink } for  pid=6072 comm="syz-executor" name="swap-file" dev="sda1" ino=2027 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   81.563940][ T6072] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2025/08/23 21:48:35 executed programs: 0
[   81.616892][ T6089] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   81.619842][ T6089] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   81.624002][ T6089] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   81.630254][ T6092] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   81.644889][ T5981] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   81.645354][ T6099] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   81.649041][ T5981] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   81.653044][ T6099] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   81.653881][ T6100] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   81.655132][ T6102] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   81.655227][ T6100] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   81.655522][ T6100] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   81.657021][   T63] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   81.657986][   T63] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   81.659325][   T63] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   81.663106][ T5327] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   81.666373][ T6099] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   81.669003][ T5327] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   81.674088][ T6099] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   81.691479][ T6099] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   81.955450][ T6086] chnl_net:caif_netlink_parms(): no params data found
[   81.999765][ T6087] chnl_net:caif_netlink_parms(): no params data found
[   82.022018][ T6094] chnl_net:caif_netlink_parms(): no params data found
[   82.089339][ T6093] chnl_net:caif_netlink_parms(): no params data found
[   82.166681][ T6086] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.169215][ T6086] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.171705][ T6086] bridge_slave_0: entered allmulticast mode
[   82.174741][ T6086] bridge_slave_0: entered promiscuous mode
[   82.184207][ T6086] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.187084][ T6086] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.189467][ T6086] bridge_slave_1: entered allmulticast mode
[   82.192152][ T6086] bridge_slave_1: entered promiscuous mode
[   82.279477][ T6087] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.281884][ T6087] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.284686][ T6087] bridge_slave_0: entered allmulticast mode
[   82.287448][ T6087] bridge_slave_0: entered promiscuous mode
[   82.317146][ T6086] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   82.347053][ T6087] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.349309][ T6087] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.351682][ T6087] bridge_slave_1: entered allmulticast mode
[   82.354817][ T6087] bridge_slave_1: entered promiscuous mode
[   82.376077][ T6086] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   82.411806][ T6094] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.415084][ T6094] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.417404][ T6094] bridge_slave_0: entered allmulticast mode
[   82.420073][ T6094] bridge_slave_0: entered promiscuous mode
[   82.423426][ T6094] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.425773][ T6094] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.428150][ T6094] bridge_slave_1: entered allmulticast mode
[   82.430810][ T6094] bridge_slave_1: entered promiscuous mode
[   82.470524][ T6086] team0: Port device team_slave_0 added
[   82.475314][ T6086] team0: Port device team_slave_1 added
[   82.483382][   T40] audit: type=1400 audit(1755985716.818:104): avc:  denied  { search } for  pid=6127 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   82.491329][   T40] audit: type=1400 audit(1755985716.818:105): avc:  denied  { search } for  pid=6127 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=1897 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   82.498765][   T40] audit: type=1400 audit(1755985716.818:106): avc:  denied  { search } for  pid=6127 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1901 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   82.505891][   T40] audit: type=1400 audit(1755985716.818:107): avc:  denied  { search } for  pid=6127 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1902 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   82.512965][   T40] audit: type=1400 audit(1755985716.828:108): avc:  denied  { read open } for  pid=6128 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1902 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   82.521341][   T40] audit: type=1400 audit(1755985716.828:109): avc:  denied  { getattr } for  pid=6128 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1902 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   82.529475][   T40] audit: type=1400 audit(1755985716.838:110): avc:  denied  { add_name } for  pid=6127 comm="dhcpcd-run-hook" name="resolv.conf.eth5.ipv4ll" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   82.553693][   T40] audit: type=1400 audit(1755985716.888:111): avc:  denied  { remove_name } for  pid=6130 comm="rm" name="resolv.conf.eth5.ipv4ll" dev="tmpfs" ino=1994 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   82.557707][ T6087] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   82.566430][ T6087] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   82.616040][ T6094] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   82.637477][ T6087] team0: Port device team_slave_0 added
[   82.639576][ T6093] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.641869][ T6093] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.645372][ T6093] bridge_slave_0: entered allmulticast mode
[   82.648069][ T6093] bridge_slave_0: entered promiscuous mode
[   82.652185][ T6086] batman_adv: batadv0: Adding interface: batadv_slave_0
[   82.655568][ T6086] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   82.666639][ T6086] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   82.672859][ T6094] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   82.706066][ T6087] team0: Port device team_slave_1 added
[   82.708935][ T6093] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.711292][ T6093] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.713697][ T6093] bridge_slave_1: entered allmulticast mode
[   82.716419][ T6093] bridge_slave_1: entered promiscuous mode
[   82.719899][ T6086] batman_adv: batadv0: Adding interface: batadv_slave_1
[   82.722437][ T6086] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   82.730682][ T6086] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   82.759681][ T6094] team0: Port device team_slave_0 added
[   82.814788][ T6094] team0: Port device team_slave_1 added
[   82.833344][ T6087] batman_adv: batadv0: Adding interface: batadv_slave_0
[   82.835664][ T6087] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   82.845202][ T6087] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   82.851417][ T6093] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   82.858374][ T6093] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   82.908319][ T6087] batman_adv: batadv0: Adding interface: batadv_slave_1
[   82.911661][ T6087] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   82.920550][ T6087] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   82.975682][ T6094] batman_adv: batadv0: Adding interface: batadv_slave_0
[   82.978076][ T6094] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   82.986346][ T6094] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   82.993706][ T6094] batman_adv: batadv0: Adding interface: batadv_slave_1
[   82.995849][ T6094] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.004398][ T6094] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   83.044328][ T6086] hsr_slave_0: entered promiscuous mode
[   83.047211][ T6086] hsr_slave_1: entered promiscuous mode
[   83.059052][ T6093] team0: Port device team_slave_0 added
[   83.115127][ T6093] team0: Port device team_slave_1 added
[   83.157172][ T6087] hsr_slave_0: entered promiscuous mode
[   83.159670][ T6087] hsr_slave_1: entered promiscuous mode
[   83.162241][ T6087] debugfs: 'hsr0' already exists in 'hsr'
[   83.165981][ T6087] Cannot create hsr debugfs directory
[   83.265322][ T6094] hsr_slave_0: entered promiscuous mode
[   83.267665][ T6094] hsr_slave_1: entered promiscuous mode
[   83.269834][ T6094] debugfs: 'hsr0' already exists in 'hsr'
[   83.272155][ T6094] Cannot create hsr debugfs directory
[   83.280607][ T6093] batman_adv: batadv0: Adding interface: batadv_slave_0
[   83.283333][ T6093] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.291545][ T6093] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   83.299580][ T6093] batman_adv: batadv0: Adding interface: batadv_slave_1
[   83.301928][ T6093] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.310033][ T6093] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   83.490898][ T6093] hsr_slave_0: entered promiscuous mode
[   83.494799][ T6093] hsr_slave_1: entered promiscuous mode
[   83.497054][ T6093] debugfs: 'hsr0' already exists in 'hsr'
[   83.498991][ T6093] Cannot create hsr debugfs directory
[   83.733404][ T6092] Bluetooth: hci1: command tx timeout
[   83.733502][ T6099] Bluetooth: hci3: command tx timeout
[   83.735619][ T5327] Bluetooth: hci0: command tx timeout
[   83.736664][ T6092] Bluetooth: hci2: command tx timeout
[   83.981104][ T6086] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   83.988150][ T6086] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   83.998175][ T6086] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   84.014658][ T6086] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   84.065074][ T6087] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   84.069796][ T6087] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   84.074937][ T6087] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   84.080830][ T6087] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   84.143915][ T6093] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   84.167693][ T6093] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   84.176234][ T6093] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   84.183314][ T6093] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   84.264016][ T6094] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   84.271591][ T6094] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   84.278598][ T6094] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   84.286328][ T6094] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   84.303871][ T6087] 8021q: adding VLAN 0 to HW filter on device bond0
[   84.333499][ T6086] 8021q: adding VLAN 0 to HW filter on device bond0
[   84.363143][ T6087] 8021q: adding VLAN 0 to HW filter on device team0
[   84.390332][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.392843][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.396839][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.399161][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.423580][ T6086] 8021q: adding VLAN 0 to HW filter on device team0
[   84.440142][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.443011][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.461859][ T6093] 8021q: adding VLAN 0 to HW filter on device bond0
[   84.471690][ T6094] 8021q: adding VLAN 0 to HW filter on device bond0
[   84.477962][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.480231][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.526899][ T6093] 8021q: adding VLAN 0 to HW filter on device team0
[   84.531898][ T6094] 8021q: adding VLAN 0 to HW filter on device team0
[   84.549745][  T216] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.552863][  T216] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.569046][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.571606][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   84.576433][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.578751][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.587109][   T71] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.590207][   T71] bridge0: port 2(bridge_slave_1) entered forwarding state
[   84.669722][ T6087] 8021q: adding VLAN 0 to HW filter on device batadv0
[   84.715006][ T6087] veth0_vlan: entered promiscuous mode
[   84.741670][ T6087] veth1_vlan: entered promiscuous mode
[   84.759799][ T6087] veth0_macvtap: entered promiscuous mode
[   84.765716][ T6087] veth1_macvtap: entered promiscuous mode
[   84.772289][ T6086] 8021q: adding VLAN 0 to HW filter on device batadv0
[   84.787004][ T6087] batman_adv: batadv0: Interface activated: batadv_slave_0
[   84.797739][ T6087] batman_adv: batadv0: Interface activated: batadv_slave_1
[   84.817905][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.827939][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.831085][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.835649][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.859024][ T6093] 8021q: adding VLAN 0 to HW filter on device batadv0
[   84.884120][ T6086] veth0_vlan: entered promiscuous mode
[   84.891864][ T6094] 8021q: adding VLAN 0 to HW filter on device batadv0
[   84.913589][ T6086] veth1_vlan: entered promiscuous mode
[   84.942272][ T6093] veth0_vlan: entered promiscuous mode
[   84.971415][ T6093] veth1_vlan: entered promiscuous mode
[   84.988643][ T6086] veth0_macvtap: entered promiscuous mode
[   84.992409][ T6094] veth0_vlan: entered promiscuous mode
[   85.000865][ T6094] veth1_vlan: entered promiscuous mode
[   85.006381][ T6086] veth1_macvtap: entered promiscuous mode
[   85.026342][ T6086] batman_adv: batadv0: Interface activated: batadv_slave_0
[   85.031505][ T6086] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.047057][ T6093] veth0_macvtap: entered promiscuous mode
[   85.055729][   T71] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   85.059406][   T71] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   85.066620][ T6093] veth1_macvtap: entered promiscuous mode
[   85.072318][   T71] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   85.076384][   T71] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   85.087057][ T6094] veth0_macvtap: entered promiscuous mode
[   85.116429][ T6094] veth1_macvtap: entered promiscuous mode
[   85.123047][ T6093] batman_adv: batadv0: Interface activated: batadv_slave_0
[   85.136503][ T6093] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.144713][ T6094] batman_adv: batadv0: Interface activated: batadv_slave_0
[   85.151142][  T216] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   85.161757][ T6094] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.166896][  T216] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   85.177774][ T1226] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   85.185489][ T1226] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   85.193892][ T1226] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   85.196987][ T1226] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   85.206989][ T1226] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   85.209808][ T1226] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   85.813006][ T5327] Bluetooth: hci2: command tx timeout
[   85.813349][ T6099] Bluetooth: hci1: command tx timeout
[   85.822740][ T6099] Bluetooth: hci0: command tx timeout
[   85.822890][ T5327] Bluetooth: hci3: command tx timeout
[   86.236635][ T6202] ==================================================================
[   86.239331][ T6202] BUG: KASAN: slab-use-after-free in __mutex_lock+0xe8a/0x1060
[   86.241758][ T6202] Read of size 8 at addr ffff88802c68c320 by task kworker/2:3/6202
[   86.244254][ T6202] 
[   86.245133][ T6202] CPU: 2 UID: 0 PID: 6202 Comm: kworker/2:3 Not tainted syzkaller #0 PREEMPT(full) 
[   86.245148][ T6202] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.245156][ T6202] Workqueue: events l2cap_chan_timeout
[   86.245176][ T6202] Call Trace:
[   86.245181][ T6202]  <TASK>
[   86.245185][ T6202]  dump_stack_lvl+0x116/0x1f0
[   86.245199][ T6202]  print_report+0xcd/0x630
[   86.245252][ T6202]  ? __virt_addr_valid+0x81/0x610
[   86.245267][ T6202]  ? __phys_addr+0xe8/0x180
[   86.245280][ T6202]  ? __mutex_lock+0xe8a/0x1060
[   86.245292][ T6202]  kasan_report+0xe0/0x110
[   86.245303][ T6202]  ? __mutex_lock+0xe8a/0x1060
[   86.245316][ T6202]  ? l2cap_chan_timeout+0x6d/0x310
[   86.245331][ T6202]  __mutex_lock+0xe8a/0x1060
[   86.245343][ T6202]  ? l2cap_chan_timeout+0x6d/0x310
[   86.245359][ T6202]  ? __pfx___mutex_lock+0x10/0x10
[   86.245371][ T6202]  ? debug_object_deactivate+0x1ec/0x3a0
[   86.245390][ T6202]  ? l2cap_chan_timeout+0x6d/0x310
[   86.245405][ T6202]  l2cap_chan_timeout+0x6d/0x310
[   86.245421][ T6202]  process_one_work+0x9cf/0x1b70
[   86.245435][ T6202]  ? __pfx_process_one_work+0x10/0x10
[   86.245447][ T6202]  ? assign_work+0x1a0/0x250
[   86.245464][ T6202]  worker_thread+0x6c8/0xf10
[   86.245476][ T6202]  ? __kthread_parkme+0x19e/0x250
[   86.245492][ T6202]  ? __pfx_worker_thread+0x10/0x10
[   86.245503][ T6202]  kthread+0x3c2/0x780
[   86.245513][ T6202]  ? __pfx_kthread+0x10/0x10
[   86.245523][ T6202]  ? rcu_is_watching+0x12/0xc0
[   86.245537][ T6202]  ? __pfx_kthread+0x10/0x10
[   86.245547][ T6202]  ret_from_fork+0x5d7/0x6f0
[   86.245557][ T6202]  ? __pfx_kthread+0x10/0x10
[   86.245567][ T6202]  ret_from_fork_asm+0x1a/0x30
[   86.245583][ T6202]  </TASK>
[   86.245586][ T6202] 
[   86.312535][ T6202] Allocated by task 6455:
[   86.314315][ T6202]  kasan_save_stack+0x33/0x60
[   86.316291][ T6202]  kasan_save_track+0x14/0x30
[   86.318278][ T6202]  __kasan_kmalloc+0xaa/0xb0
[   86.320199][ T6202]  l2cap_conn_add.part.0+0x60/0xa60
[   86.322207][ T6202]  l2cap_chan_connect+0x15e5/0x2020
[   86.324280][ T6202]  l2cap_sock_connect+0x3ba/0x740
[   86.326161][ T6202]  __sys_connect_file+0x13e/0x1a0
[   86.328034][ T6202]  __sys_connect+0x13b/0x160
[   86.329875][ T6202]  __x64_sys_connect+0x72/0xb0
[   86.331975][ T6202]  do_syscall_64+0xcd/0x4c0
[   86.333880][ T6202]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.336357][ T6202] 
[   86.337326][ T6202] Freed by task 5327:
[   86.338876][ T6202]  kasan_save_stack+0x33/0x60
[   86.340643][ T6202]  kasan_save_track+0x14/0x30
[   86.342394][ T6202]  kasan_save_free_info+0x3b/0x60
[   86.344255][ T6202]  __kasan_slab_free+0x60/0x70
[   86.346348][ T6202]  kfree+0x2b4/0x4d0
[   86.347840][ T6202]  l2cap_conn_del+0x59c/0x730
[   86.349716][ T6202]  l2cap_connect_cfm+0x9e1/0xf80
[   86.351610][ T6202]  hci_conn_failed+0x1ba/0x330
[   86.353391][ T6202]  hci_abort_conn_sync+0x76a/0xb20
[   86.355292][ T6202]  abort_conn_sync+0x197/0x360
[   86.357074][ T6202]  hci_cmd_sync_work+0x1ab/0x430
[   86.358923][ T6202]  process_one_work+0x9cf/0x1b70
[   86.360753][ T6202]  worker_thread+0x6c8/0xf10
[   86.362472][ T6202]  kthread+0x3c2/0x780
[   86.363996][ T6202]  ret_from_fork+0x5d7/0x6f0
[   86.365695][ T6202]  ret_from_fork_asm+0x1a/0x30
[   86.367722][ T6202] 
[   86.368624][ T6202] The buggy address belongs to the object at ffff88802c68c000
[   86.368624][ T6202]  which belongs to the cache kmalloc-1k of size 1024
[   86.373902][ T6202] The buggy address is located 800 bytes inside of
[   86.373902][ T6202]  freed 1024-byte region [ffff88802c68c000, ffff88802c68c400)
[   86.379212][ T6202] 
[   86.380200][ T6202] The buggy address belongs to the physical page:
[   86.382722][ T6202] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2c688
[   86.385998][ T6202] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   86.389064][ T6202] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   86.391845][ T6202] page_type: f5(slab)
[   86.393359][ T6202] raw: 00fff00000000040 ffff88801b842dc0 ffffea0000d4d200 0000000000000002
[   86.396608][ T6202] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   86.399762][ T6202] head: 00fff00000000040 ffff88801b842dc0 ffffea0000d4d200 0000000000000002
[   86.403058][ T6202] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   86.406258][ T6202] head: 00fff00000000003 ffffea0000b1a201 00000000ffffffff 00000000ffffffff
[   86.409420][ T6202] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   86.412615][ T6202] page dumped because: kasan: bad access detected
[   86.414969][ T6202] page_owner tracks the page as allocated
[   86.417396][ T6202] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6087, tgid 6087 (syz-executor.0), ts 84386803278, free_ts 83536572576
[   86.425957][ T6202]  post_alloc_hook+0x1c0/0x230
[   86.427748][ T6202]  get_page_from_freelist+0x132b/0x38e0
[   86.429764][ T6202]  __alloc_frozen_pages_noprof+0x261/0x23f0
[   86.431957][ T6202]  alloc_pages_mpol+0x1fb/0x550
[   86.433773][ T6202]  new_slab+0x247/0x330
[   86.435330][ T6202]  ___slab_alloc+0xcf2/0x1740
[   86.437069][ T6202]  __slab_alloc.constprop.0+0x56/0xb0
[   86.439048][ T6202]  __kmalloc_node_noprof+0x2ed/0x500
[   86.441004][ T6202]  qdisc_alloc+0xbb/0xc50
[   86.442647][ T6202]  qdisc_create_dflt+0x94/0x490
[   86.444442][ T6202]  dev_activate+0x63f/0x12d0
[   86.446164][ T6202]  __dev_open+0x432/0x7c0
[   86.447789][ T6202]  __dev_change_flags+0x55d/0x720
[   86.449663][ T6202]  netif_change_flags+0x8d/0x160
[   86.451566][ T6202]  do_setlink.constprop.0+0xb53/0x4380
[   86.453581][ T6202]  rtnl_newlink+0x1446/0x2000
[   86.455390][ T6202] page last free pid 6147 tgid 6147 stack trace:
[   86.457783][ T6202]  __free_frozen_pages+0x7d5/0x10f0
[   86.459816][ T6202]  __put_partials+0x165/0x1c0
[   86.461617][ T6202]  qlist_free_all+0x4d/0x120
[   86.463339][ T6202]  kasan_quarantine_reduce+0x195/0x1e0
[   86.465336][ T6202]  __kasan_slab_alloc+0x69/0x90
[   86.467182][ T6202]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[   86.469249][ T6202]  vm_area_dup+0x27/0x8d0
[   86.471108][ T6202]  __split_vma+0x18e/0x1070
[   86.473004][ T6202]  vms_gather_munmap_vmas+0x1d2/0x1340
[   86.475366][ T6202]  __mmap_region+0x436/0x27b0
[   86.477123][ T6202]  mmap_region+0x1ab/0x3f0
[   86.478794][ T6202]  do_mmap+0xa3e/0x1210
[   86.480384][ T6202]  vm_mmap_pgoff+0x29e/0x470
[   86.482109][ T6202]  ksys_mmap_pgoff+0x32c/0x5c0
[   86.483919][ T6202]  __x64_sys_mmap+0x125/0x190
[   86.485788][ T6202]  do_syscall_64+0xcd/0x4c0
[   86.487667][ T6202] 
[   86.488572][ T6202] Memory state around the buggy address:
[   86.490810][ T6202]  ffff88802c68c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.493790][ T6202]  ffff88802c68c280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.496702][ T6202] >ffff88802c68c300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.499614][ T6202]                                ^
[   86.501522][ T6202]  ffff88802c68c380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   86.504631][ T6202]  ffff88802c68c400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   86.507696][ T6202] ==================================================================
[   86.511903][ T6202] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   86.515239][ T6202] CPU: 2 UID: 0 PID: 6202 Comm: kworker/2:3 Not tainted syzkaller #0 PREEMPT(full) 
[   86.519240][ T6202] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.523769][ T6202] Workqueue: events l2cap_chan_timeout
[   86.526097][ T6202] Call Trace:
[   86.527536][ T6202]  <TASK>
[   86.528777][ T6202]  dump_stack_lvl+0x3d/0x1f0
[   86.530755][ T6202]  vpanic+0x6e8/0x7a0
[   86.532545][ T6202]  ? __pfx_vpanic+0x10/0x10
[   86.534480][ T6202]  ? __pfx_vprintk_emit+0x10/0x10
[   86.536597][ T6202]  ? __mutex_lock+0xe8a/0x1060
[   86.538717][ T6202]  panic+0xca/0xd0
[   86.540542][ T6202]  ? __pfx_panic+0x10/0x10
[   86.542994][ T6202]  ? check_panic_on_warn+0x1f/0xb0
[   86.545699][ T6202]  check_panic_on_warn+0xab/0xb0
[   86.548196][ T6202]  end_report+0x107/0x170
[   86.550010][ T6202]  kasan_report+0xee/0x110
[   86.551930][ T6202]  ? __mutex_lock+0xe8a/0x1060
[   86.553936][ T6202]  ? l2cap_chan_timeout+0x6d/0x310
[   86.556087][ T6202]  __mutex_lock+0xe8a/0x1060
[   86.558062][ T6202]  ? l2cap_chan_timeout+0x6d/0x310
[   86.560241][ T6202]  ? __pfx___mutex_lock+0x10/0x10
[   86.562404][ T6202]  ? debug_object_deactivate+0x1ec/0x3a0
[   86.564741][ T6202]  ? l2cap_chan_timeout+0x6d/0x310
[   86.566905][ T6202]  l2cap_chan_timeout+0x6d/0x310
[   86.569106][ T6202]  process_one_work+0x9cf/0x1b70
[   86.571265][ T6202]  ? __pfx_process_one_work+0x10/0x10
[   86.573490][ T6202]  ? assign_work+0x1a0/0x250
[   86.575416][ T6202]  worker_thread+0x6c8/0xf10
[   86.577307][ T6202]  ? __kthread_parkme+0x19e/0x250
[   86.579458][ T6202]  ? __pfx_worker_thread+0x10/0x10
2025/08/23 21:48:40 executed programs: 109
[   86.581637][ T6202]  kthread+0x3c2/0x780
[   86.583539][ T6202]  ? __pfx_kthread+0x10/0x10
[   86.585465][ T6202]  ? rcu_is_watching+0x12/0xc0
[   86.587501][ T6202]  ? __pfx_kthread+0x10/0x10
[   86.589457][ T6202]  ret_from_fork+0x5d7/0x6f0
[   86.591448][ T6202]  ? __pfx_kthread+0x10/0x10
[   86.593525][ T6202]  ret_from_fork_asm+0x1a/0x30
[   86.595565][ T6202]  </TASK>
[   86.597757][ T6202] Kernel Offset: disabled
[   86.599165][ T6202] Rebooting in 86400 seconds..