[ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.66' (ECDSA) to the list of known hosts. 2021/09/06 21:11:37 parsed 1 programs 2021/09/06 21:11:37 executed programs: 0 syzkaller login: [ 1578.734863][ T8477] chnl_net:caif_netlink_parms(): no params data found [ 1578.787072][ T8477] bridge0: port 1(bridge_slave_0) entered blocking state [ 1578.795240][ T8477] bridge0: port 1(bridge_slave_0) entered disabled state [ 1578.805119][ T8477] device bridge_slave_0 entered promiscuous mode [ 1578.814555][ T8477] bridge0: port 2(bridge_slave_1) entered blocking state [ 1578.821630][ T8477] bridge0: port 2(bridge_slave_1) entered disabled state [ 1578.829868][ T8477] device bridge_slave_1 entered promiscuous mode [ 1578.849605][ T8477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1578.860563][ T8477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1578.882358][ T8477] team0: Port device team_slave_0 added [ 1578.889437][ T8477] team0: Port device team_slave_1 added [ 1578.906729][ T8477] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1578.913908][ T8477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1578.939817][ T8477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1578.952146][ T8477] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1578.959181][ T8477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1578.985392][ T8477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1579.014361][ T8477] device hsr_slave_0 entered promiscuous mode [ 1579.020913][ T8477] device hsr_slave_1 entered promiscuous mode [ 1579.120630][ T8477] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1579.130530][ T8477] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1579.140288][ T8477] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1579.149763][ T8477] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1579.172353][ T8477] bridge0: port 2(bridge_slave_1) entered blocking state [ 1579.179510][ T8477] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1579.187110][ T8477] bridge0: port 1(bridge_slave_0) entered blocking state [ 1579.194214][ T8477] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1579.235031][ T8477] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1579.248211][ T8452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1579.259071][ T8452] bridge0: port 1(bridge_slave_0) entered disabled state [ 1579.268570][ T8452] bridge0: port 2(bridge_slave_1) entered disabled state [ 1579.277376][ T8452] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1579.289559][ T8477] 8021q: adding VLAN 0 to HW filter on device team0 [ 1579.300477][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1579.309561][ T8617] bridge0: port 1(bridge_slave_0) entered blocking state [ 1579.316656][ T8617] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1579.329086][ T8452] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1579.338874][ T8452] bridge0: port 2(bridge_slave_1) entered blocking state [ 1579.345963][ T8452] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1579.364399][ T8452] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1579.376853][ T8699] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1579.385185][ T8699] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1579.400791][ T8477] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1579.411497][ T8477] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1579.424541][ T8452] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1579.434310][ T8452] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1579.443511][ T8452] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1579.462117][ T8698] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1579.470239][ T8698] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1579.480171][ T8477] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1579.499338][ T8698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1579.518270][ T8698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1579.527289][ T8698] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1579.535898][ T8698] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1579.548014][ T8477] device veth0_vlan entered promiscuous mode [ 1579.559666][ T8477] device veth1_vlan entered promiscuous mode [ 1579.581124][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1579.589093][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1579.598515][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1579.610667][ T8477] device veth0_macvtap entered promiscuous mode [ 1579.620447][ T8477] device veth1_macvtap entered promiscuous mode [ 1579.637840][ T8477] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1579.645497][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1579.656581][ T8617] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1579.668023][ T8477] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1579.675863][ T8452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1579.687957][ T8477] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1579.697221][ T8477] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1579.706040][ T8477] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1579.715085][ T8477] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1579.819275][ T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1579.836063][ T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1579.857896][ T8642] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1579.862575][ T8698] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1579.873677][ T8642] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1579.885366][ T8698] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1580.574346][ T8698] Bluetooth: hci0: command 0x0409 tx timeout 2021/09/06 21:11:42 executed programs: 3 [ 1582.653404][ T8702] Bluetooth: hci0: command 0x041b tx timeout [ 1584.733016][ T3086] Bluetooth: hci0: command 0x040f tx timeout [ 1586.812626][ T8617] Bluetooth: hci0: command 0x0419 tx timeout 2021/09/06 21:11:48 executed programs: 9 [ 1588.902585][ T3086] Bluetooth: hci0: command 0x0405 tx timeout 2021/09/06 21:11:53 executed programs: 15 2021/09/06 21:11:58 executed programs: 21 2021/09/06 21:12:03 executed programs: 27 [ 1606.892804][ T3266] ieee802154 phy0 wpan0: encryption failed: -22 [ 1606.899295][ T3266] ieee802154 phy1 wpan1: encryption failed: -22 2021/09/06 21:12:08 executed programs: 33 2021/09/06 21:12:13 executed programs: 39 2021/09/06 21:12:18 executed programs: 45 2021/09/06 21:12:24 executed programs: 51 [ 1624.811427][ T8699] ================================================================== [ 1624.819583][ T8699] BUG: KASAN: use-after-free in __lock_acquire+0x3d86/0x54a0 [ 1624.827017][ T8699] Read of size 8 at addr ffff88801d6270a0 by task kworker/0:3/8699 [ 1624.834929][ T8699] [ 1624.837234][ T8699] CPU: 0 PID: 8699 Comm: kworker/0:3 Not tainted 5.14.0-rc7-syzkaller #0 [ 1624.845680][ T8699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1624.855718][ T8699] Workqueue: events l2cap_chan_timeout [ 1624.861235][ T8699] Call Trace: [ 1624.864672][ T8699] dump_stack_lvl+0xcd/0x134 [ 1624.869288][ T8699] print_address_description.constprop.0.cold+0x6c/0x309 [ 1624.876331][ T8699] ? __lock_acquire+0x3d86/0x54a0 [ 1624.881341][ T8699] ? __lock_acquire+0x3d86/0x54a0 [ 1624.886355][ T8699] kasan_report.cold+0x83/0xdf [ 1624.891204][ T8699] ? __lock_acquire+0x3d86/0x54a0 [ 1624.896221][ T8699] __lock_acquire+0x3d86/0x54a0 [ 1624.901062][ T8699] ? __lock_acquire+0x24ca/0x54a0 [ 1624.906101][ T8699] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1624.912064][ T8699] lock_acquire+0x1ab/0x510 [ 1624.916549][ T8699] ? lock_sock_nested+0x40/0x120 [ 1624.921523][ T8699] ? lock_release+0x720/0x720 [ 1624.926183][ T8699] _raw_spin_lock_bh+0x2f/0x40 [ 1624.930969][ T8699] ? lock_sock_nested+0x40/0x120 [ 1624.935890][ T8699] lock_sock_nested+0x40/0x120 [ 1624.940638][ T8699] l2cap_sock_teardown_cb+0xa1/0x660 [ 1624.945910][ T8699] ? __mutex_lock+0x5bf/0x10a0 [ 1624.950677][ T8699] l2cap_chan_close+0x37c/0xaf0 [ 1624.955511][ T8699] ? l2cap_rx+0x1fb0/0x1fb0 [ 1624.959999][ T8699] ? lock_release+0x720/0x720 [ 1624.964673][ T8699] ? lock_downgrade+0x6e0/0x6e0 [ 1624.969510][ T8699] ? do_raw_spin_lock+0x120/0x2b0 [ 1624.974519][ T8699] l2cap_chan_timeout+0x17e/0x2f0 [ 1624.979546][ T8699] process_one_work+0x98d/0x1630 [ 1624.984531][ T8699] ? pwq_dec_nr_in_flight+0x320/0x320 [ 1624.989891][ T8699] ? rwlock_bug.part.0+0x90/0x90 [ 1624.994811][ T8699] ? _raw_spin_lock_irq+0x41/0x50 [ 1624.999822][ T8699] worker_thread+0x658/0x11f0 [ 1625.004577][ T8699] ? process_one_work+0x1630/0x1630 [ 1625.009760][ T8699] kthread+0x3e5/0x4d0 [ 1625.013810][ T8699] ? set_kthread_struct+0x130/0x130 [ 1625.018994][ T8699] ret_from_fork+0x1f/0x30 [ 1625.023472][ T8699] [ 1625.025775][ T8699] Allocated by task 9033: [ 1625.030079][ T8699] kasan_save_stack+0x1b/0x40 [ 1625.034769][ T8699] __kasan_kmalloc+0xa4/0xd0 [ 1625.039349][ T8699] sk_prot_alloc+0x110/0x290 [ 1625.043921][ T8699] sk_alloc+0x32/0xbc0 [ 1625.047970][ T8699] __netlink_create+0x63/0x2f0 [ 1625.052789][ T8699] netlink_create+0x3ad/0x5e0 [ 1625.057468][ T8699] __sock_create+0x353/0x790 [ 1625.062066][ T8699] __sys_socket+0xef/0x200 [ 1625.066461][ T8699] __x64_sys_socket+0x6f/0xb0 [ 1625.071134][ T8699] do_syscall_64+0x35/0xb0 [ 1625.075591][ T8699] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1625.081463][ T8699] [ 1625.083766][ T8699] Freed by task 0: [ 1625.087462][ T8699] kasan_save_stack+0x1b/0x40 [ 1625.092135][ T8699] kasan_set_track+0x1c/0x30 [ 1625.096714][ T8699] kasan_set_free_info+0x20/0x30 [ 1625.101673][ T8699] __kasan_slab_free+0xff/0x130 [ 1625.106504][ T8699] slab_free_freelist_hook+0xe3/0x250 [ 1625.112440][ T8699] kfree+0xe4/0x540 [ 1625.116235][ T8699] __sk_destruct+0x6a8/0x900 [ 1625.120812][ T8699] sk_destruct+0xbd/0xe0 [ 1625.125049][ T8699] __sk_free+0xef/0x3d0 [ 1625.129249][ T8699] sk_free+0x78/0xa0 [ 1625.133126][ T8699] deferred_put_nlk_sk+0x151/0x2f0 [ 1625.138225][ T8699] rcu_core+0x7ab/0x1380 [ 1625.142553][ T8699] __do_softirq+0x29b/0x9c2 [ 1625.147069][ T8699] [ 1625.149374][ T8699] Last potentially related work creation: [ 1625.155067][ T8699] kasan_save_stack+0x1b/0x40 [ 1625.159745][ T8699] kasan_record_aux_stack+0xe9/0x110 [ 1625.165021][ T8699] call_rcu+0xb1/0x750 [ 1625.169096][ T8699] netlink_release+0xdd4/0x1dd0 [ 1625.173935][ T8699] __sock_release+0xcd/0x280 [ 1625.178526][ T8699] sock_close+0x18/0x20 [ 1625.182708][ T8699] __fput+0x288/0x920 [ 1625.186727][ T8699] task_work_run+0xdd/0x1a0 [ 1625.191211][ T8699] exit_to_user_mode_prepare+0x27e/0x290 [ 1625.196892][ T8699] syscall_exit_to_user_mode+0x19/0x60 [ 1625.202339][ T8699] do_syscall_64+0x42/0xb0 [ 1625.206743][ T8699] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1625.212651][ T8699] [ 1625.214956][ T8699] Second to last potentially related work creation: [ 1625.221519][ T8699] kasan_save_stack+0x1b/0x40 [ 1625.226185][ T8699] kasan_record_aux_stack+0xe9/0x110 [ 1625.231473][ T8699] call_rcu+0xb1/0x750 [ 1625.235525][ T8699] netlink_release+0xdd4/0x1dd0 [ 1625.240360][ T8699] __sock_release+0xcd/0x280 [ 1625.244945][ T8699] sock_close+0x18/0x20 [ 1625.249250][ T8699] __fput+0x288/0x920 [ 1625.253213][ T8699] task_work_run+0xdd/0x1a0 [ 1625.257708][ T8699] do_exit+0xbd4/0x2a60 [ 1625.262178][ T8699] do_group_exit+0x125/0x310 [ 1625.266762][ T8699] __x64_sys_exit_group+0x3a/0x50 [ 1625.271769][ T8699] do_syscall_64+0x35/0xb0 [ 1625.276170][ T8699] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1625.282044][ T8699] [ 1625.284356][ T8699] The buggy address belongs to the object at ffff88801d627000 [ 1625.284356][ T8699] which belongs to the cache kmalloc-2k of size 2048 [ 1625.298401][ T8699] The buggy address is located 160 bytes inside of [ 1625.298401][ T8699] 2048-byte region [ffff88801d627000, ffff88801d627800) [ 1625.311742][ T8699] The buggy address belongs to the page: [ 1625.317352][ T8699] page:ffffea0000758800 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801d622000 pfn:0x1d620 [ 1625.328782][ T8699] head:ffffea0000758800 order:3 compound_mapcount:0 compound_pincount:0 [ 1625.337082][ T8699] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 1625.345048][ T8699] raw: 00fff00000010200 0000000000000000 0000000100000001 ffff888010842000 [ 1625.353624][ T8699] raw: ffff88801d622000 0000000080080007 00000001ffffffff 0000000000000000 [ 1625.362183][ T8699] page dumped because: kasan: bad access detected [ 1625.368580][ T8699] page_owner tracks the page as allocated [ 1625.374281][ T8699] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4950, ts 19516962215, free_ts 19494999433 [ 1625.393368][ T8699] get_page_from_freelist+0xa72/0x2f80 [ 1625.398844][ T8699] __alloc_pages+0x1b2/0x500 [ 1625.403415][ T8699] alloc_pages+0x18c/0x2a0 [ 1625.407860][ T8699] allocate_slab+0x32e/0x4b0 [ 1625.412431][ T8699] ___slab_alloc+0x4ba/0x820 [ 1625.417011][ T8699] __slab_alloc.constprop.0+0xa7/0xf0 [ 1625.422380][ T8699] __kmalloc+0x312/0x330 [ 1625.426605][ T8699] sk_prot_alloc+0x110/0x290 [ 1625.431203][ T8699] sk_alloc+0x32/0xbc0 [ 1625.435264][ T8699] __netlink_create+0x63/0x2f0 [ 1625.440024][ T8699] netlink_create+0x3ad/0x5e0 [ 1625.444684][ T8699] __sock_create+0x353/0x790 [ 1625.449257][ T8699] __sys_socket+0xef/0x200 [ 1625.453676][ T8699] __x64_sys_socket+0x6f/0xb0 [ 1625.458331][ T8699] do_syscall_64+0x35/0xb0 [ 1625.462731][ T8699] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1625.468605][ T8699] page last free stack trace: [ 1625.473255][ T8699] free_pcp_prepare+0x2c5/0x780 [ 1625.478141][ T8699] free_unref_page+0x19/0x690 [ 1625.482802][ T8699] unfreeze_partials+0x17c/0x1d0 [ 1625.487790][ T8699] put_cpu_partial+0x13d/0x230 [ 1625.492543][ T8699] qlist_free_all+0x5a/0xc0 [ 1625.497056][ T8699] kasan_quarantine_reduce+0x180/0x200 [ 1625.502561][ T8699] __kasan_slab_alloc+0x95/0xb0 [ 1625.507413][ T8699] kmem_cache_alloc+0x285/0x4a0 [ 1625.512251][ T8699] getname_flags.part.0+0x50/0x4f0 [ 1625.517346][ T8699] user_path_at_empty+0xa1/0x100 [ 1625.522353][ T8699] vfs_statx+0x142/0x390 [ 1625.526579][ T8699] __do_sys_newstat+0x91/0x110 [ 1625.531337][ T8699] do_syscall_64+0x35/0xb0 [ 1625.535736][ T8699] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1625.541611][ T8699] [ 1625.543913][ T8699] Memory state around the buggy address: [ 1625.549529][ T8699] ffff88801d626f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1625.557578][ T8699] ffff88801d627000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1625.565621][ T8699] >ffff88801d627080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1625.573661][ T8699] ^ [ 1625.578865][ T8699] ffff88801d627100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1625.586907][ T8699] ffff88801d627180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1625.594942][ T8699] ================================================================== [ 1625.602979][ T8699] Disabling lock debugging due to kernel taint [ 1625.609323][ T8699] Kernel panic - not syncing: panic_on_warn set ... [ 1625.615903][ T8699] CPU: 0 PID: 8699 Comm: kworker/0:3 Tainted: G B 5.14.0-rc7-syzkaller #0 [ 1625.625706][ T8699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1625.635746][ T8699] Workqueue: events l2cap_chan_timeout [ 1625.641195][ T8699] Call Trace: [ 1625.644459][ T8699] dump_stack_lvl+0xcd/0x134 [ 1625.649034][ T8699] panic+0x306/0x73d [ 1625.652940][ T8699] ? __warn_printk+0xf3/0xf3 [ 1625.657513][ T8699] ? __lock_acquire+0x3d86/0x54a0 [ 1625.662679][ T8699] ? __lock_acquire+0x3d86/0x54a0 [ 1625.667741][ T8699] ? __lock_acquire+0x3d86/0x54a0 [ 1625.672749][ T8699] end_report.cold+0x5a/0x5a [ 1625.677871][ T8699] kasan_report.cold+0x71/0xdf [ 1625.682631][ T8699] ? __lock_acquire+0x3d86/0x54a0 [ 1625.687657][ T8699] __lock_acquire+0x3d86/0x54a0 [ 1625.692494][ T8699] ? __lock_acquire+0x24ca/0x54a0 [ 1625.697507][ T8699] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1625.703480][ T8699] lock_acquire+0x1ab/0x510 [ 1625.707970][ T8699] ? lock_sock_nested+0x40/0x120 [ 1625.712894][ T8699] ? lock_release+0x720/0x720 [ 1625.717558][ T8699] _raw_spin_lock_bh+0x2f/0x40 [ 1625.722414][ T8699] ? lock_sock_nested+0x40/0x120 [ 1625.727341][ T8699] lock_sock_nested+0x40/0x120 [ 1625.732091][ T8699] l2cap_sock_teardown_cb+0xa1/0x660 [ 1625.737375][ T8699] ? __mutex_lock+0x5bf/0x10a0 [ 1625.742124][ T8699] l2cap_chan_close+0x37c/0xaf0 [ 1625.747221][ T8699] ? l2cap_rx+0x1fb0/0x1fb0 [ 1625.751724][ T8699] ? lock_release+0x720/0x720 [ 1625.756390][ T8699] ? lock_downgrade+0x6e0/0x6e0 [ 1625.761222][ T8699] ? do_raw_spin_lock+0x120/0x2b0 [ 1625.766229][ T8699] l2cap_chan_timeout+0x17e/0x2f0 [ 1625.771262][ T8699] process_one_work+0x98d/0x1630 [ 1625.776205][ T8699] ? pwq_dec_nr_in_flight+0x320/0x320 [ 1625.781565][ T8699] ? rwlock_bug.part.0+0x90/0x90 [ 1625.786485][ T8699] ? _raw_spin_lock_irq+0x41/0x50 [ 1625.791492][ T8699] worker_thread+0x658/0x11f0 [ 1625.796160][ T8699] ? process_one_work+0x1630/0x1630 [ 1625.801359][ T8699] kthread+0x3e5/0x4d0 [ 1625.805445][ T8699] ? set_kthread_struct+0x130/0x130 [ 1625.810626][ T8699] ret_from_fork+0x1f/0x30 [ 1625.816354][ T8699] Kernel Offset: disabled [ 1625.820663][ T8699] Rebooting in 86400 seconds..