Warning: Permanently added '10.128.1.111' (ED25519) to the list of known hosts. 1970/01/01 00:00:32 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:32 parsed 1 programs [ 32.762850][ T6091] cgroup: Unknown subsys name 'net' [ 33.003062][ T6091] cgroup: Unknown subsys name 'rlimit' [ 33.299453][ T6091] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 33.304514][ T6089] syz-execprog[6089]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set 1970/01/01 00:00:33 executed programs: 0 [ 33.341656][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 33.344107][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 33.346370][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 33.349616][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 33.352059][ T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 33.354092][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 33.432016][ T6101] chnl_net:caif_netlink_parms(): no params data found [ 33.462393][ T6101] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.464297][ T6101] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.466162][ T6101] bridge_slave_0: entered allmulticast mode [ 33.468782][ T6101] bridge_slave_0: entered promiscuous mode [ 33.472247][ T6101] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.474119][ T6101] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.475998][ T6101] bridge_slave_1: entered allmulticast mode [ 33.478328][ T6101] bridge_slave_1: entered promiscuous mode [ 33.490995][ T6101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 33.494682][ T6101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 33.509788][ T6101] team0: Port device team_slave_0 added [ 33.512996][ T6101] team0: Port device team_slave_1 added [ 33.523995][ T6101] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.525854][ T6101] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.533228][ T6101] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.537396][ T6101] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.539456][ T6101] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.545979][ T6101] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.619450][ T6101] hsr_slave_0: entered promiscuous mode [ 33.657773][ T6101] hsr_slave_1: entered promiscuous mode [ 33.754614][ T6101] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 33.819566][ T6101] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 33.878947][ T6101] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 33.928915][ T6101] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 33.981618][ T6101] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.983522][ T6101] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.985791][ T6101] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.987716][ T6101] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.015241][ T6101] 8021q: adding VLAN 0 to HW filter on device bond0 [ 34.025152][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.029114][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.036402][ T6101] 8021q: adding VLAN 0 to HW filter on device team0 [ 34.041207][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.043019][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.048177][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.049976][ T5833] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.066469][ T6101] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 34.071025][ T6101] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 34.139656][ T6101] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 34.161659][ T6101] veth0_vlan: entered promiscuous mode [ 34.166086][ T6101] veth1_vlan: entered promiscuous mode [ 34.180312][ T6101] veth0_macvtap: entered promiscuous mode [ 34.183990][ T6101] veth1_macvtap: entered promiscuous mode [ 34.193456][ T6101] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 34.198874][ T6101] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 34.202375][ T6101] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.204660][ T6101] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.206841][ T6101] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.210979][ T6101] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 34.250359][ T1879] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.252466][ T1879] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 34.266099][ T468] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 34.268359][ T468] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 35.378098][ T50] Bluetooth: hci0: command 0x0409 tx timeout [ 37.457531][ T50] Bluetooth: hci0: command 0x041b tx timeout [ 37.710445][ T6125] ================================================================== [ 37.712519][ T6125] BUG: KASAN: slab-use-after-free in hci_conn_drop+0x34/0x2bc [ 37.714350][ T6125] Write of size 4 at addr ffff0000d9518010 by task syz-executor.0/6125 [ 37.716469][ T6125] [ 37.717075][ T6125] CPU: 1 PID: 6125 Comm: syz-executor.0 Not tainted 6.6.0-rc7-syzkaller-g8de1e7afcc1c #0 [ 37.719608][ T6125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 37.722332][ T6125] Call trace: [ 37.723169][ T6125] dump_backtrace+0x1b8/0x1e4 [ 37.724369][ T6125] show_stack+0x2c/0x44 [ 37.725436][ T6125] dump_stack_lvl+0xd0/0x124 [ 37.726575][ T6125] print_report+0x174/0x514 [ 37.727733][ T6125] kasan_report+0xd8/0x138 [ 37.728898][ T6125] kasan_check_range+0x254/0x294 [ 37.730166][ T6125] __kasan_check_write+0x20/0x30 [ 37.731436][ T6125] hci_conn_drop+0x34/0x2bc [ 37.732603][ T6125] __sco_sock_close+0x3a8/0x7b0 [ 37.733872][ T6125] sco_sock_release+0xb4/0x2c0 [ 37.735073][ T6125] sock_close+0xa4/0x1e8 [ 37.736165][ T6125] __fput+0x324/0x7f8 [ 37.737185][ T6125] __fput_sync+0x60/0x9c [ 37.738303][ T6125] __arm64_sys_close+0x150/0x1e0 [ 37.739607][ T6125] invoke_syscall+0x98/0x2b8 [ 37.740769][ T6125] el0_svc_common+0x130/0x23c [ 37.742020][ T6125] do_el0_svc+0x48/0x58 [ 37.743130][ T6125] el0_svc+0x54/0x158 [ 37.744128][ T6125] el0t_64_sync_handler+0x84/0xfc [ 37.745413][ T6125] el0t_64_sync+0x190/0x194 [ 37.746559][ T6125] [ 37.747133][ T6125] Allocated by task 6126: [ 37.748247][ T6125] kasan_set_track+0x4c/0x7c [ 37.749452][ T6125] kasan_save_alloc_info+0x24/0x30 [ 37.750809][ T6125] __kasan_kmalloc+0xac/0xc4 [ 37.752013][ T6125] kmalloc_trace+0x70/0x88 [ 37.753187][ T6125] hci_conn_add+0xcc/0x1210 [ 37.754388][ T6125] hci_connect_sco+0x94/0x2bc [ 37.755630][ T6125] sco_sock_connect+0x278/0x840 [ 37.756949][ T6125] __sys_connect+0x268/0x290 [ 37.758144][ T6125] __arm64_sys_connect+0x7c/0x94 [ 37.759430][ T6125] invoke_syscall+0x98/0x2b8 [ 37.760633][ T6125] el0_svc_common+0x130/0x23c [ 37.761878][ T6125] do_el0_svc+0x48/0x58 [ 37.763014][ T6125] el0_svc+0x54/0x158 [ 37.764083][ T6125] el0t_64_sync_handler+0x84/0xfc [ 37.765377][ T6125] el0t_64_sync+0x190/0x194 [ 37.766588][ T6125] [ 37.767172][ T6125] Freed by task 50: [ 37.768178][ T6125] kasan_set_track+0x4c/0x7c [ 37.769426][ T6125] kasan_save_free_info+0x38/0x5c [ 37.770758][ T6125] ____kasan_slab_free+0x144/0x1c0 [ 37.772086][ T6125] __kasan_slab_free+0x18/0x28 [ 37.773329][ T6125] __kmem_cache_free+0x2ac/0x480 [ 37.774720][ T6125] kfree+0xb8/0x19c [ 37.775733][ T6125] bt_link_release+0x20/0x30 [ 37.776942][ T6125] device_release+0x8c/0x1ac [ 37.778105][ T6125] kobject_put+0x1c4/0x3c4 [ 37.779251][ T6125] put_device+0x28/0x40 [ 37.780330][ T6125] hci_conn_del+0x78c/0xabc [ 37.781525][ T6125] hci_conn_failed+0x204/0x2c0 [ 37.782735][ T6125] hci_abort_conn_sync+0x688/0xe38 [ 37.784098][ T6125] abort_conn_sync+0x5c/0x8c [ 37.785305][ T6125] hci_cmd_sync_work+0x1cc/0x34c [ 37.786622][ T6125] process_one_work+0x694/0x1204 [ 37.787909][ T6125] worker_thread+0x938/0xef4 [ 37.789074][ T6125] kthread+0x288/0x310 [ 37.790201][ T6125] ret_from_fork+0x10/0x20 [ 37.791498][ T6125] [ 37.792115][ T6125] The buggy address belongs to the object at ffff0000d9518000 [ 37.792115][ T6125] which belongs to the cache kmalloc-4k of size 4096 [ 37.795750][ T6125] The buggy address is located 16 bytes inside of [ 37.795750][ T6125] freed 4096-byte region [ffff0000d9518000, ffff0000d9519000) [ 37.799427][ T6125] [ 37.800033][ T6125] The buggy address belongs to the physical page: [ 37.801748][ T6125] page:00000000c96e5067 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x119518 [ 37.804532][ T6125] head:00000000c96e5067 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 37.806921][ T6125] flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 37.809064][ T6125] page_type: 0xffffffff() [ 37.810245][ T6125] raw: 05ffc00000000840 ffff0000c0002140 fffffc0003653800 dead000000000002 [ 37.812344][ T6125] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000 [ 37.814466][ T6125] page dumped because: kasan: bad access detected [ 37.816103][ T6125] [ 37.816681][ T6125] Memory state around the buggy address: [ 37.818170][ T6125] ffff0000d9517f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.820304][ T6125] ffff0000d9517f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.822485][ T6125] >ffff0000d9518000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.824574][ T6125] ^ [ 37.825934][ T6125] ffff0000d9518080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.828092][ T6125] ffff0000d9518100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.830262][ T6125] ================================================================== [ 37.832704][ T6125] Disabling lock debugging due to kernel taint [ 37.834310][ T6125] ------------[ cut here ]------------ [ 37.835719][ T6125] ODEBUG: assert_init not available (active state 0) object: 00000000dac7e963 object type: timer_list hint: hci_conn_timeout+0x0/0x1e8 [ 37.839631][ T6125] WARNING: CPU: 1 PID: 6125 at lib/debugobjects.c:517 debug_print_object+0x168/0x1e0 [ 37.842137][ T6125] Modules linked in: [ 37.843142][ T6125] CPU: 1 PID: 6125 Comm: syz-executor.0 Tainted: G B 6.6.0-rc7-syzkaller-g8de1e7afcc1c #0 [ 37.846094][ T6125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 37.848808][ T6125] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 37.850856][ T6125] pc : debug_print_object+0x168/0x1e0 [ 37.852317][ T6125] lr : debug_print_object+0x168/0x1e0 [ 37.853720][ T6125] sp : ffff800096f57790 [ 37.854845][ T6125] x29: ffff800096f57790 x28: dfff800000000000 x27: ffff700012deaf00 [ 37.856952][ T6125] x26: dfff800000000000 x25: dfff800000000000 x24: ffff0000d9518390 [ 37.859070][ T6125] x23: ffff80008ad651a0 x22: ffff800089881d98 x21: ffff80008a89c360 [ 37.861168][ T6125] x20: 0000000000000000 x19: ffff80008ad64cc0 x18: 0000000000000000 [ 37.863308][ T6125] x17: 0000000000000000 x16: ffff80008a71b23c x15: 0000000000000001 [ 37.865417][ T6125] x14: 1ffff00012deae44 x13: 0000000000000000 x12: 0000000000000000 [ 37.867512][ T6125] x11: 0000000000000001 x10: 0000000000000000 x9 : a121024982282a00 [ 37.869545][ T6125] x8 : a121024982282a00 x7 : 0000000000000001 x6 : 0000000000000001 [ 37.871631][ T6125] x5 : ffff800096f57078 x4 : ffff80008e4210a0 x3 : ffff800082b180c4 [ 37.873690][ T6125] x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000000000 [ 37.875770][ T6125] Call trace: [ 37.876612][ T6125] debug_print_object+0x168/0x1e0 [ 37.877909][ T6125] debug_object_assert_init+0x318/0x3c8 [ 37.879327][ T6125] __timer_delete+0xac/0x2f8 [ 37.880578][ T6125] timer_delete+0x24/0x34 [ 37.881733][ T6125] try_to_grab_pending+0x8c/0x618 [ 37.883060][ T6125] __cancel_work+0xb0/0x2a8 [ 37.884240][ T6125] cancel_delayed_work+0x24/0x38 [ 37.885493][ T6125] hci_conn_drop+0x150/0x2bc [ 37.886672][ T6125] __sco_sock_close+0x3a8/0x7b0 [ 37.887944][ T6125] sco_sock_release+0xb4/0x2c0 [ 37.889139][ T6125] sock_close+0xa4/0x1e8 [ 37.890319][ T6125] __fput+0x324/0x7f8 [ 37.891267][ T6125] __fput_sync+0x60/0x9c [ 37.892380][ T6125] __arm64_sys_close+0x150/0x1e0 [ 37.893710][ T6125] invoke_syscall+0x98/0x2b8 [ 37.894889][ T6125] el0_svc_common+0x130/0x23c [ 37.896128][ T6125] do_el0_svc+0x48/0x58 [ 37.897188][ T6125] el0_svc+0x54/0x158 [ 37.898214][ T6125] el0t_64_sync_handler+0x84/0xfc [ 37.899481][ T6125] el0t_64_sync+0x190/0x194 [ 37.900645][ T6125] irq event stamp: 14297 [ 37.901770][ T6125] hardirqs last enabled at (14297): [] exit_to_kernel_mode+0xdc/0x10c [ 37.904374][ T6125] hardirqs last disabled at (14296): [] __do_softirq+0x950/0xd54 [ 37.906769][ T6125] softirqs last enabled at (14076): [] lock_sock_nested+0xcc/0x11c [ 37.909286][ T6125] softirqs last disabled at (14074): [] lock_sock_nested+0x74/0x11c [ 37.911847][ T6125] ---[ end trace 0000000000000000 ]--- [ 37.913730][ T6125] ------------[ cut here ]------------ [ 37.915141][ T6125] WARNING: CPU: 1 PID: 6125 at kernel/workqueue.c:1939 queue_delayed_work_on+0x214/0x2e4 [ 37.917587][ T6125] Modules linked in: [ 37.918551][ T6125] CPU: 1 PID: 6125 Comm: syz-executor.0 Tainted: G B W 6.6.0-rc7-syzkaller-g8de1e7afcc1c #0 [ 37.921512][ T6125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 37.924112][ T6125] pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 37.926134][ T6125] pc : queue_delayed_work_on+0x214/0x2e4 [ 37.927614][ T6125] lr : queue_delayed_work_on+0x214/0x2e4 [ 37.929102][ T6125] sp : ffff800096f57af0 [ 37.930233][ T6125] x29: ffff800096f57af0 x28: 1fffe0001a4c9bc0 x27: dfff800000000000 [ 37.932314][ T6125] x26: 0000000000000000 x25: ffff0000d95183a8 x24: ffff0000d2033400 [ 37.934402][ T6125] x23: 0000000000000000 x22: ffff0000d9518348 x21: 0000000000000008 [ 37.936487][ T6125] x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000000 [ 37.938593][ T6125] x17: 0000000000000000 x16: ffff80008a71b23c x15: ffff60001b2a3069 [ 37.940778][ T6125] x14: 1fffe0001b2a3069 x13: 00000000000000fb x12: ffffffffffffffff [ 37.942933][ T6125] x11: 0000000000000001 x10: 0000000000000000 x9 : 0000000000000000 [ 37.945042][ T6125] x8 : ffff0000d9588000 x7 : 0000000000000000 x6 : 0000000000000000 [ 37.947167][ T6125] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080221e68 [ 37.949213][ T6125] x2 : 0000000000000000 x1 : 0000000000000008 x0 : 0000000000000000 [ 37.951357][ T6125] Call trace: [ 37.952203][ T6125] queue_delayed_work_on+0x214/0x2e4 [ 37.953609][ T6125] hci_conn_drop+0x198/0x2bc [ 37.954851][ T6125] __sco_sock_close+0x3a8/0x7b0 [ 37.956167][ T6125] sco_sock_release+0xb4/0x2c0 [ 37.957460][ T6125] sock_close+0xa4/0x1e8 [ 37.958571][ T6125] __fput+0x324/0x7f8 [ 37.959595][ T6125] __fput_sync+0x60/0x9c [ 37.960728][ T6125] __arm64_sys_close+0x150/0x1e0 [ 37.962052][ T6125] invoke_syscall+0x98/0x2b8 [ 37.963306][ T6125] el0_svc_common+0x130/0x23c [ 37.964502][ T6125] do_el0_svc+0x48/0x58 [ 37.965621][ T6125] el0_svc+0x54/0x158 [ 37.966674][ T6125] el0t_64_sync_handler+0x84/0xfc [ 37.968014][ T6125] el0t_64_sync+0x190/0x194 [ 37.969180][ T6125] irq event stamp: 14297 [ 37.970265][ T6125] hardirqs last enabled at (14297): [] exit_to_kernel_mode+0xdc/0x10c [ 37.972860][ T6125] hardirqs last disabled at (14296): [] __do_softirq+0x950/0xd54 [ 37.975255][ T6125] softirqs last enabled at (14076): [] lock_sock_nested+0xcc/0x11c [ 37.977697][ T6125] softirqs last disabled at (14074): [] lock_sock_nested+0x74/0x11c [ 37.980278][ T6125] ---[ end trace 0000000000000000 ]--- [ 37.981702][ T6125] ------------[ cut here ]------------ [ 37.983122][ T6125] ODEBUG: activate not available (active state 0) object: 00000000d0bb0e1a object type: work_struct hint: hci_conn_timeout+0x0/0x1e8 [ 37.986983][ T6125] WARNING: CPU: 1 PID: 6125 at lib/debugobjects.c:517 debug_print_object+0x168/0x1e0 [ 37.989549][ T6125] Modules linked in: [ 37.990558][ T6125] CPU: 1 PID: 6125 Comm: syz-executor.0 Tainted: G B W 6.6.0-rc7-syzkaller-g8de1e7afcc1c #0 [ 37.993468][ T6125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 37.996119][ T6125] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 37.998174][ T6125] pc : debug_print_object+0x168/0x1e0 [ 37.999547][ T6125] lr : debug_print_object+0x168/0x1e0 [ 38.000941][ T6125] sp : ffff800096f57870 [ 38.002065][ T6125] x29: ffff800096f57870 x28: dfff800000000000 x27: ffff700012deaf1c [ 38.004137][ T6125] x26: ffff0000d11d01d8 x25: dfff800000000000 x24: ffff0000d9518348 [ 38.006270][ T6125] x23: ffff80008ad651a0 x22: ffff800089881d98 x21: ffff80008a8710a0 [ 38.008344][ T6125] x20: 0000000000000000 x19: ffff80008ad64c40 x18: 0000000000000000 [ 38.010466][ T6125] x17: 0000000000000000 x16: ffff80008a71b23c x15: 0000000000000001 [ 38.012613][ T6125] x14: 1fffe00036833432 x13: 0000000000000000 x12: 0000000000000000 [ 38.014760][ T6125] x11: 0000000000000002 x10: 0000000000000000 x9 : a121024982282a00 [ 38.016873][ T6125] x8 : a121024982282a00 x7 : 0000000000000001 x6 : 0000000000000001 [ 38.018972][ T6125] x5 : ffff800096f57158 x4 : ffff80008e4210a0 x3 : ffff8000805a359c [ 38.021062][ T6125] x2 : 0000000000000001 x1 : 0000000000000002 x0 : 0000000000000000 [ 38.023186][ T6125] Call trace: [ 38.024052][ T6125] debug_print_object+0x168/0x1e0 [ 38.025423][ T6125] debug_object_activate+0x600/0x7e0 [ 38.026850][ T6125] insert_work+0x4c/0x2d4 [ 38.028015][ T6125] __queue_work+0xcf4/0x1338 [ 38.029266][ T6125] queue_delayed_work_on+0x1f4/0x2e4 [ 38.030649][ T6125] hci_conn_drop+0x198/0x2bc [ 38.031834][ T6125] __sco_sock_close+0x3a8/0x7b0 [ 38.033108][ T6125] sco_sock_release+0xb4/0x2c0 [ 38.034371][ T6125] sock_close+0xa4/0x1e8 [ 38.035448][ T6125] __fput+0x324/0x7f8 [ 38.036498][ T6125] __fput_sync+0x60/0x9c [ 38.037615][ T6125] __arm64_sys_close+0x150/0x1e0 [ 38.038981][ T6125] invoke_syscall+0x98/0x2b8 [ 38.040194][ T6125] el0_svc_common+0x130/0x23c [ 38.041407][ T6125] do_el0_svc+0x48/0x58 [ 38.042500][ T6125] el0_svc+0x54/0x158 [ 38.043549][ T6125] el0t_64_sync_handler+0x84/0xfc [ 38.044854][ T6125] el0t_64_sync+0x190/0x194 [ 38.046005][ T6125] irq event stamp: 14297 [ 38.047095][ T6125] hardirqs last enabled at (14297): [] exit_to_kernel_mode+0xdc/0x10c [ 38.049670][ T6125] hardirqs last disabled at (14296): [] __do_softirq+0x950/0xd54 [ 38.052088][ T6125] softirqs last enabled at (14076): [] lock_sock_nested+0xcc/0x11c [ 38.054669][ T6125] softirqs last disabled at (14074): [] lock_sock_nested+0x74/0x11c [ 38.057195][ T6125] ---[ end trace 0000000000000000 ]--- [ 38.058653][ T50] ------------[ cut here ]------------ [ 38.060120][ T50] ODEBUG: deactivate not available (active state 0) object: 00000000d0bb0e1a object type: work_struct hint: hci_conn_timeout+0x0/0x1e8 [ 38.064053][ T50] WARNING: CPU: 0 PID: 50 at lib/debugobjects.c:517 debug_object_deactivate+0x340/0x414 [ 38.066631][ T50] Modules linked in: [ 38.067664][ T50] CPU: 0 PID: 50 Comm: kworker/u5:0 Tainted: G B W 6.6.0-rc7-syzkaller-g8de1e7afcc1c #0 [ 38.070508][ T50] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 38.073204][ T50] Workqueue: 0x0 (hci0) [ 38.074359][ T50] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 38.076409][ T50] pc : debug_object_deactivate+0x340/0x414 [ 38.077965][ T50] lr : debug_object_deactivate+0x340/0x414 [ 38.079506][ T50] sp : ffff800094247b00 [ 38.080637][ T50] x29: ffff800094247b00 x28: 1fffe0001b2a3069 x27: 0000000000000001 [ 38.082752][ T50] x26: ffff80008e340000 x25: dfff800000000000 x24: ffff0000d11d01d8 [ 38.084889][ T50] x23: 00000000000000c0 x22: ffff800092b0e000 x21: ffff80008a8710a0 [ 38.086975][ T50] x20: ffff0000d9518348 x19: ffff800089881d98 x18: 1fffe0003682efce [ 38.089119][ T50] x17: 0000000000000000 x16: ffff80008a71b23c x15: 0000000000000001 [ 38.091232][ T50] x14: 1ffff00012848eb4 x13: 0000000000000000 x12: 0000000000000000 [ 38.093440][ T50] x11: 0000000000000001 x10: 0000000000000000 x9 : de2d3d2d6467b300 [ 38.095593][ T50] x8 : de2d3d2d6467b300 x7 : 0000000000000001 x6 : 0000000000000001 [ 38.097644][ T50] x5 : ffff8000942473f8 x4 : ffff80008e4210a0 x3 : ffff800082b180c4 [ 38.099804][ T50] x2 : 0000000000000001 x1 : 0000000100000001 x0 : 0000000000000000 [ 38.101953][ T50] Call trace: [ 38.102828][ T50] debug_object_deactivate+0x340/0x414 [ 38.104303][ T50] process_one_work+0x198/0x1204 [ 38.105676][ T50] worker_thread+0x938/0xef4 [ 38.106827][ T50] kthread+0x288/0x310 [ 38.107896][ T50] ret_from_fork+0x10/0x20 [ 38.109068][ T50] irq event stamp: 1756 [ 38.110117][ T50] hardirqs last enabled at (1755): [] _raw_spin_unlock_irq+0x30/0x80 [ 38.112870][ T50] hardirqs last disabled at (1756): [] __schedule+0x2b4/0x23b4 [ 38.115282][ T50] softirqs last enabled at (1642): [] release_sock+0x15c/0x1b0 [ 38.117700][ T50] softirqs last disabled at (1640): [] release_sock+0x3c/0x1b0 [ 38.120141][ T50] ---[ end trace 0000000000000000 ]--- [ 39.537538][ T50] Bluetooth: hci0: command 0x040f tx timeout 1970/01/01 00:00:39 executed programs: 4 [ 41.617520][ T50] Bluetooth: hci0: command 0x0419 tx timeout [ 43.697556][ T5663] Bluetooth: hci0: command 0x0407 tx timeout 1970/01/01 00:00:44 executed programs: 10 [ 45.777548][ T5663] Bluetooth: hci0: command 0x0405 tx timeout [ 47.354756][ T6152] ------------[ cut here ]------------ [ 47.356197][ T6152] ODEBUG: assert_init not available (active state 0) object: 00000000ad4eead4 object type: timer_list hint: hci_conn_timeout+0x0/0x1e8 [ 47.360176][ T6152] WARNING: CPU: 0 PID: 6152 at lib/debugobjects.c:517 debug_print_object+0x168/0x1e0 [ 47.362660][ T6152] Modules linked in: [ 47.363637][ T6152] CPU: 0 PID: 6152 Comm: syz-executor.0 Tainted: G B W 6.6.0-rc7-syzkaller-g8de1e7afcc1c #0 [ 47.366580][ T6152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 47.369204][ T6152] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 47.371208][ T6152] pc : debug_print_object+0x168/0x1e0 [ 47.372605][ T6152] lr : debug_print_object+0x168/0x1e0 [ 47.374034][ T6152] sp : ffff800097067790 [ 47.375112][ T6152] x29: ffff800097067790 x28: dfff800000000000 x27: ffff700012e0cf00 [ 47.377190][ T6152] x26: ffff0000d4e43c20 x25: dfff800000000000 x24: ffff0000c7096390 [ 47.379331][ T6152] x23: ffff80008ad651a0 x22: ffff800089881d98 x21: ffff80008a89c360 [ 47.381379][ T6152] x20: 0000000000000000 x19: ffff80008ad64cc0 x18: 0000000000000000 [ 47.383533][ T6152] x17: 0000000000000000 x16: ffff80008a71b23c x15: 0000000000000001 [ 47.385706][ T6152] x14: 1fffe0003682f032 x13: 0000000000000000 x12: 0000000000000000 [ 47.387758][ T6152] x11: 0000000000000001 x10: 0000000000000000 x9 : e4234390f910d900 [ 47.389932][ T6152] x8 : e4234390f910d900 x7 : 0000000000000001 x6 : 0000000000000001 [ 47.392105][ T6152] x5 : ffff800097067078 x4 : ffff80008e4210a0 x3 : ffff8000805a359c [ 47.394205][ T6152] x2 : 0000000000000001 x1 : 0000000100000001 x0 : 0000000000000000 [ 47.396320][ T6152] Call trace: [ 47.397171][ T6152] debug_print_object+0x168/0x1e0 [ 47.398516][ T6152] debug_object_assert_init+0x318/0x3c8 [ 47.400036][ T6152] __timer_delete+0xac/0x2f8 [ 47.401302][ T6152] timer_delete+0x24/0x34 [ 47.402437][ T6152] try_to_grab_pending+0x8c/0x618 [ 47.403794][ T6152] __cancel_work+0xb0/0x2a8 [ 47.404943][ T6152] cancel_delayed_work+0x24/0x38 [ 47.406281][ T6152] hci_conn_drop+0x150/0x2bc [ 47.407470][ T6152] __sco_sock_close+0x3a8/0x7b0 [ 47.408722][ T6152] sco_sock_release+0xb4/0x2c0 [ 47.409957][ T6152] sock_close+0xa4/0x1e8 [ 47.411058][ T6152] __fput+0x324/0x7f8 [ 47.412086][ T6152] __fput_sync+0x60/0x9c [ 47.413266][ T6152] __arm64_sys_close+0x150/0x1e0 [ 47.414576][ T6152] invoke_syscall+0x98/0x2b8 [ 47.415792][ T6152] el0_svc_common+0x130/0x23c [ 47.417034][ T6152] do_el0_svc+0x48/0x58 [ 47.418103][ T6152] el0_svc+0x54/0x158 [ 47.419149][ T6152] el0t_64_sync_handler+0x84/0xfc [ 47.420478][ T6152] el0t_64_sync+0x190/0x194 [ 47.421681][ T6152] irq event stamp: 0 [ 47.422673][ T6152] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 47.424545][ T6152] hardirqs last disabled at (0): [] copy_process+0x1318/0x34b8 [ 47.426887][ T6152] softirqs last enabled at (0): [] copy_process+0x1340/0x34b8 [ 47.429206][ T6152] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 47.431085][ T6152] ---[ end trace 0000000000000000 ]--- [ 47.432653][ T6152] ------------[ cut here ]------------ [ 47.434044][ T6152] ODEBUG: activate not available (active state 0) object: 0000000081853695 object type: work_struct hint: hci_conn_timeout+0x0/0x1e8 [ 47.437622][ T6152] WARNING: CPU: 0 PID: 6152 at lib/debugobjects.c:517 debug_print_object+0x168/0x1e0 [ 47.440129][ T6152] Modules linked in: [ 47.441070][ T6152] CPU: 0 PID: 6152 Comm: syz-executor.0 Tainted: G B W 6.6.0-rc7-syzkaller-g8de1e7afcc1c #0 [ 47.444041][ T6152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 47.446683][ T6152] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 47.448713][ T6152] pc : debug_print_object+0x168/0x1e0 [ 47.450132][ T6152] lr : debug_print_object+0x168/0x1e0 [ 47.451517][ T6152] sp : ffff800097067870 [ 47.452593][ T6152] x29: ffff800097067870 x28: dfff800000000000 x27: ffff700012e0cf1c [ 47.454648][ T6152] x26: ffff0000d4e43c20 x25: dfff800000000000 x24: ffff0000c7096348 [ 47.456756][ T6152] x23: ffff80008ad651a0 x22: ffff800089881d98 x21: ffff80008a8710a0 [ 47.458858][ T6152] x20: 0000000000000000 x19: ffff80008ad64c40 x18: 0000000000000000 [ 47.460989][ T6152] x17: 0000000000000000 x16: ffff80008a71b23c x15: 0000000000000001 [ 47.463076][ T6152] x14: 1ffff00012e0ce60 x13: 0000000000000000 x12: 0000000000000000 [ 47.465119][ T6152] x11: 0000000000000002 x10: 0000000000000000 x9 : e4234390f910d900 [ 47.467199][ T6152] x8 : e4234390f910d900 x7 : 0000000000000001 x6 : 0000000000000001 [ 47.469353][ T6152] x5 : ffff800097067158 x4 : ffff80008e4210a0 x3 : ffff800082b180c4 [ 47.471428][ T6152] x2 : 0000000000000001 x1 : 0000000100000002 x0 : 0000000000000000 [ 47.473549][ T6152] Call trace: [ 47.474402][ T6152] debug_print_object+0x168/0x1e0 [ 47.475695][ T6152] debug_object_activate+0x600/0x7e0 [ 47.477080][ T6152] insert_work+0x4c/0x2d4 [ 47.478191][ T6152] __queue_work+0xcf4/0x1338 [ 47.479410][ T6152] queue_delayed_work_on+0x1f4/0x2e4 [ 47.480799][ T6152] hci_conn_drop+0x198/0x2bc [ 47.482027][ T6152] __sco_sock_close+0x3a8/0x7b0 [ 47.483356][ T6152] sco_sock_release+0xb4/0x2c0 [ 47.484642][ T6152] sock_close+0xa4/0x1e8 [ 47.485812][ T6152] __fput+0x324/0x7f8 [ 47.486865][ T6152] __fput_sync+0x60/0x9c [ 47.487945][ T6152] __arm64_sys_close+0x150/0x1e0 [ 47.489230][ T6152] invoke_syscall+0x98/0x2b8 [ 47.490404][ T6152] el0_svc_common+0x130/0x23c [ 47.491664][ T6152] do_el0_svc+0x48/0x58 [ 47.492778][ T6152] el0_svc+0x54/0x158 [ 47.493825][ T6152] el0t_64_sync_handler+0x84/0xfc [ 47.495119][ T6152] el0t_64_sync+0x190/0x194 [ 47.496251][ T6152] irq event stamp: 0 [ 47.497263][ T6152] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 47.499169][ T6152] hardirqs last disabled at (0): [] copy_process+0x1318/0x34b8 [ 47.501594][ T6152] softirqs last enabled at (0): [] copy_process+0x1340/0x34b8 [ 47.503984][ T6152] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 47.505895][ T6152] ---[ end trace 0000000000000000 ]---