[ 69.604862][ T24] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.193' (ED25519) to the list of known hosts. 1970/01/01 00:01:13 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:13 parsed 1 programs [ 76.787491][ T4302] cgroup: Unknown subsys name 'net' [ 76.998285][ T4302] cgroup: Unknown subsys name 'rlimit' [ 77.313819][ T4302] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 87.376639][ T4359] chnl_net:caif_netlink_parms(): no params data found [ 87.409990][ T4359] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.411510][ T4359] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.414068][ T4359] device bridge_slave_0 entered promiscuous mode [ 87.417505][ T4359] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.418926][ T4359] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.420891][ T4359] device bridge_slave_1 entered promiscuous mode [ 87.435095][ T4359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.438354][ T4359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.451769][ T4359] team0: Port device team_slave_0 added [ 87.454392][ T4359] team0: Port device team_slave_1 added [ 87.466376][ T4359] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.467795][ T4359] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.472754][ T4359] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.479446][ T4359] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.480869][ T4359] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.486045][ T4359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.534995][ T4359] device hsr_slave_0 entered promiscuous mode [ 87.593148][ T4359] device hsr_slave_1 entered promiscuous mode [ 87.746209][ T4359] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 87.809171][ T4359] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 87.863195][ T4359] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.894611][ T4359] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.936628][ T4359] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.938182][ T4359] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.940062][ T4359] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.941500][ T4359] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.995091][ T4359] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.002085][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 88.006485][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.009199][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.031875][ T4359] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.037730][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 88.039896][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.041443][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.048876][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 88.051036][ T163] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.052562][ T163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.064680][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.067323][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 88.071829][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.088238][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 88.095463][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 88.099549][ T4359] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 88.194507][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 88.196203][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 88.201349][ T4359] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.212541][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 88.494679][ T4359] device veth0_vlan entered promiscuous mode [ 88.496708][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 88.499299][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 88.544232][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 88.546368][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 88.551580][ T4359] device veth1_vlan entered promiscuous mode [ 88.566182][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 88.568482][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 88.570494][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 88.572615][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 88.578280][ T4359] device veth0_macvtap entered promiscuous mode [ 88.581729][ T4359] device veth1_macvtap entered promiscuous mode [ 88.591746][ T4359] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.595497][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 88.597573][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 88.599664][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 88.601851][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 88.608566][ T4359] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.610367][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 88.614319][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 88.618242][ T4359] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.620215][ T4359] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.622006][ T4359] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.623934][ T4359] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.727450][ T4388] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.729740][ T4388] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.731819][ T4388] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.736285][ T4387] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.739174][ T4387] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 88.740932][ T4387] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.104854][ T39] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 89.581982][ T4382] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.583797][ T4382] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.594360][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 89.599537][ T4382] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.601169][ T4382] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.607751][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:29 executed programs: 0 [ 89.710621][ T4387] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.712627][ T4387] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.716277][ T4387] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.719243][ T4387] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.721418][ T4387] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 89.723183][ T4387] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.807368][ T4405] chnl_net:caif_netlink_parms(): no params data found [ 89.836089][ T4405] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.837695][ T4405] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.839847][ T4405] device bridge_slave_0 entered promiscuous mode [ 89.844013][ T4405] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.845610][ T4405] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.847666][ T4405] device bridge_slave_1 entered promiscuous mode [ 89.861126][ T4405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.864656][ T4405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.877482][ T4405] team0: Port device team_slave_0 added [ 89.880297][ T4405] team0: Port device team_slave_1 added [ 89.891740][ T4405] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.893493][ T4405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.898795][ T4405] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.902200][ T4405] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.904576][ T4405] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.909868][ T4405] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.984575][ T4405] device hsr_slave_0 entered promiscuous mode [ 90.023224][ T4405] device hsr_slave_1 entered promiscuous mode [ 90.072980][ T4405] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.074765][ T4405] Cannot create hsr debugfs directory [ 91.436165][ T39] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 91.763573][ T47] Bluetooth: hci0: command tx timeout [ 93.745698][ T39] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.826057][ T39] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.843047][ T47] Bluetooth: hci0: command tx timeout [ 94.806782][ T4405] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.844692][ T4405] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.894703][ T4405] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.017566][ T4405] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.210836][ T4405] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.217483][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.219526][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.223537][ T4405] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.227110][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 95.229299][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 95.231316][ T163] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.232842][ T163] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.235459][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 95.239901][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 95.242270][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 95.245458][ T163] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.247005][ T163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.279982][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 95.284816][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 95.289603][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 95.292228][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 95.294599][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 95.298751][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 95.300949][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 95.306694][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 95.308967][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 95.313443][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 95.315650][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 95.319338][ T4405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 95.413348][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 95.414940][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 95.420360][ T4405] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.428295][ T39] device hsr_slave_0 left promiscuous mode [ 95.463600][ T39] device hsr_slave_1 left promiscuous mode [ 95.593099][ T39] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 95.594689][ T39] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 95.597019][ T39] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 95.598618][ T39] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 95.600516][ T39] device bridge_slave_1 left promiscuous mode [ 95.602259][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.664248][ T39] device bridge_slave_0 left promiscuous mode [ 95.665675][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.793243][ T39] device veth1_macvtap left promiscuous mode [ 95.794606][ T39] device veth0_macvtap left promiscuous mode [ 95.795926][ T39] device veth1_vlan left promiscuous mode [ 95.797217][ T39] device veth0_vlan left promiscuous mode [ 95.923370][ T4387] Bluetooth: hci0: command tx timeout [ 97.615753][ T39] team0 (unregistering): Port device team_slave_1 removed [ 97.783905][ T39] team0 (unregistering): Port device team_slave_0 removed [ 97.963963][ T39] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 98.002980][ T47] Bluetooth: hci0: command tx timeout [ 98.194010][ T39] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 100.824418][ T39] bond0 (unregistering): Released all slaves [ 101.081479][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 101.083812][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 101.105145][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 101.107198][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 101.109299][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 101.111261][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 101.116816][ T4405] device veth0_vlan entered promiscuous mode [ 101.124009][ T4405] device veth1_vlan entered promiscuous mode [ 101.136564][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 101.138667][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 101.140589][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 101.144969][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 101.148687][ T4405] device veth0_macvtap entered promiscuous mode [ 101.152107][ T4405] device veth1_macvtap entered promiscuous mode [ 101.162991][ T4405] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.165681][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 101.167868][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 101.169911][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 101.172075][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 101.177519][ T4405] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.180414][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 101.182739][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 101.188290][ T4405] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.190115][ T4405] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.191846][ T4405] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.193811][ T4405] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.233871][ T163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.235565][ T163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.247202][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 101.252154][ T163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.254829][ T163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.257148][ T163] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:41 executed programs: 2 1970/01/01 00:01:46 executed programs: 244 1970/01/01 00:01:51 executed programs: 502 [ 113.296275][ T47] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 113.298596][ T47] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 113.300584][ T47] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 113.303844][ T47] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 113.305873][ T47] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 113.307706][ T47] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 113.486476][ T4447] ------------[ cut here ]------------ [ 113.487758][ T4447] sysfs group 'byte_queue_limits' not found for kobject 'tx-0' [ 113.489404][ T4447] WARNING: CPU: 0 PID: 4447 at fs/sysfs/group.c:280 sysfs_remove_group+0x174/0x288 [ 113.491270][ T4447] Modules linked in: [ 113.492025][ T4447] CPU: 0 PID: 4447 Comm: kbnepd bnep0 Not tainted 6.1.116-syzkaller #0 [ 113.493589][ T4447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 113.495527][ T4447] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.497133][ T4447] pc : sysfs_remove_group+0x174/0x288 [ 113.498327][ T4447] lr : sysfs_remove_group+0x174/0x288 [ 113.499385][ T4447] sp : ffff8000212b7840 [ 113.500240][ T4447] x29: ffff8000212b7840 x28: 1fffe0001ab688ca x27: 1fffe0001ab68888 [ 113.501816][ T4447] x26: 0000000000000000 x25: 00000000ffffffff x24: 1ffff00002860bdc [ 113.503366][ T4447] x23: dfff800000000000 x22: dfff800000000000 x21: ffff0000d9c5d020 [ 113.504926][ T4447] x20: ffff0000c9734000 x19: ffff8000143065c0 x18: ffff8000212b6c40 [ 113.506636][ T4447] x17: 0000000000000000 x16: ffff8000122986bc x15: 0000000000000000 [ 113.508412][ T4447] x14: 00000000ffffffff x13: 0000000000000001 x12: 0000000000000001 [ 113.510047][ T4447] x11: 0000000000ff0100 x10: 0000000000000000 x9 : 68e2702f0d59c400 [ 113.511716][ T4447] x8 : 68e2702f0d59c400 x7 : 0000000000000001 x6 : 0000000000000001 [ 113.513408][ T4447] x5 : ffff8000212b7138 x4 : ffff800015ac3800 x3 : ffff80000858aa4c [ 113.515077][ T4447] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 113.516697][ T4447] Call trace: [ 113.517448][ T4447] sysfs_remove_group+0x174/0x288 [ 113.518479][ T4447] netdev_queue_update_kobjects+0x3d4/0x470 [ 113.519711][ T4447] netdev_unregister_kobject+0x100/0x204 [ 113.521013][ T4447] unregister_netdevice_many+0x11b8/0x175c [ 113.522241][ T4447] unregister_netdev+0x178/0x1f0 [ 113.523288][ T4447] bnep_session+0x23c4/0x2584 [ 113.524258][ T4447] kthread+0x250/0x2d8 [ 113.525169][ T4447] ret_from_fork+0x10/0x20 [ 113.526122][ T4447] irq event stamp: 6620 [ 113.527083][ T4447] hardirqs last enabled at (6619): [] __up_console_sem+0xb4/0x100 [ 113.529237][ T4447] hardirqs last disabled at (6620): [] el1_dbg+0x24/0x80 [ 113.531049][ T4447] softirqs last enabled at (6508): [] dev_mc_flush+0x1b4/0x1f8 [ 113.533090][ T4447] softirqs last disabled at (6506): [] local_bh_disable+0x10/0x34 [ 113.535142][ T4447] ---[ end trace 0000000000000000 ]--- [ 113.536972][ T4447] ================================================================== [ 113.538649][ T4447] BUG: KASAN: use-after-free in device_for_each_child+0xa8/0x174 [ 113.540369][ T4447] Read of size 8 at addr ffff0000df2bd4c0 by task kbnepd bnep0/4447 [ 113.542107][ T4447] [ 113.542584][ T4447] CPU: 0 PID: 4447 Comm: kbnepd bnep0 Tainted: G W 6.1.116-syzkaller #0 [ 113.544498][ T4447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 113.546719][ T4447] Call trace: [ 113.547441][ T4447] dump_backtrace+0x1c8/0x1f4 [ 113.548497][ T4447] show_stack+0x2c/0x3c [ 113.549390][ T4447] dump_stack_lvl+0x108/0x170 [ 113.550464][ T4447] print_report+0x174/0x4c0 [ 113.551424][ T4447] kasan_report+0xd4/0x130 [ 113.552378][ T4447] __asan_report_load8_noabort+0x2c/0x38 [ 113.553602][ T4447] device_for_each_child+0xa8/0x174 [ 113.554720][ T4447] pm_runtime_set_memalloc_noio+0xf0/0x210 [ 113.555962][ T4447] netdev_unregister_kobject+0x144/0x204 [ 113.557171][ T4447] unregister_netdevice_many+0x11b8/0x175c [ 113.558487][ T4447] unregister_netdev+0x178/0x1f0 [ 113.559499][ T4447] bnep_session+0x23c4/0x2584 [ 113.560490][ T4447] kthread+0x250/0x2d8 [ 113.561420][ T4447] ret_from_fork+0x10/0x20 [ 113.562357][ T4447] [ 113.562921][ T4447] Allocated by task 4405: [ 113.563803][ T4447] kasan_set_track+0x4c/0x80 [ 113.564919][ T4447] kasan_save_alloc_info+0x24/0x30 [ 113.566150][ T4447] __kasan_kmalloc+0xac/0xc4 [ 113.567075][ T4447] __kmalloc+0xd8/0x1c4 [ 113.567853][ T4447] hci_alloc_dev_priv+0x30/0x18a8 [ 113.568933][ T4447] vhci_create_device+0xf8/0x6d0 [ 113.570034][ T4447] vhci_write+0x318/0x3b8 [ 113.570960][ T4447] vfs_write+0x610/0x91c [ 113.571886][ T4447] ksys_write+0x15c/0x26c [ 113.572805][ T4447] __arm64_sys_write+0x7c/0x90 [ 113.573916][ T4447] invoke_syscall+0x98/0x2c0 [ 113.574899][ T4447] el0_svc_common+0x138/0x258 [ 113.575919][ T4447] do_el0_svc+0x64/0x218 [ 113.576872][ T4447] el0_svc+0x58/0x168 [ 113.577784][ T4447] el0t_64_sync_handler+0x84/0xf0 [ 113.578933][ T4447] el0t_64_sync+0x18c/0x190 [ 113.579927][ T4447] [ 113.580399][ T4447] Freed by task 4405: [ 113.581273][ T4447] kasan_set_track+0x4c/0x80 [ 113.582256][ T4447] kasan_save_free_info+0x38/0x5c [ 113.583424][ T4447] ____kasan_slab_free+0x144/0x1c0 [ 113.584488][ T4447] __kasan_slab_free+0x18/0x28 [ 113.585559][ T4447] __kmem_cache_free+0x2c0/0x4b4 [ 113.586629][ T4447] kfree+0xcc/0x1b8 [ 113.587470][ T4447] hci_release_dev+0x1064/0x11cc [ 113.588494][ T4447] bt_host_release+0x70/0x88 [ 113.589402][ T4447] device_release+0x8c/0x1ac [ 113.590354][ T4447] kobject_put+0x2a8/0x41c [ 113.591280][ T4447] put_device+0x28/0x40 [ 113.592176][ T4447] hci_free_dev+0x24/0x34 [ 113.593151][ T4447] vhci_release+0x84/0xcc [ 113.594060][ T4447] __fput+0x1c8/0x7c8 [ 113.594951][ T4447] ____fput+0x20/0x30 [ 113.595772][ T4447] task_work_run+0x240/0x2f0 [ 113.596990][ T4447] do_exit+0x554/0x1a88 [ 113.598028][ T4447] do_group_exit+0x194/0x22c [ 113.598966][ T4447] get_signal+0x14a0/0x158c [ 113.599892][ T4447] do_notify_resume+0x3ac/0x3474 [ 113.601055][ T4447] el0_svc+0x9c/0x168 [ 113.601866][ T4447] el0t_64_sync_handler+0x84/0xf0 [ 113.603057][ T4447] el0t_64_sync+0x18c/0x190 [ 113.603923][ T4447] [ 113.604411][ T4447] Last potentially related work creation: [ 113.605736][ T4447] kasan_save_stack+0x40/0x70 [ 113.606733][ T4447] __kasan_record_aux_stack+0xcc/0xe8 [ 113.607908][ T4447] kasan_record_aux_stack_noalloc+0x14/0x20 [ 113.609225][ T4447] insert_work+0x64/0x384 [ 113.610173][ T4447] __queue_work+0xd48/0x136c [ 113.611125][ T4447] queue_work_on+0xc0/0x16c [ 113.612094][ T4447] hci_send_acl+0x904/0xc48 [ 113.613042][ T4447] l2cap_do_send+0x238/0x350 [ 113.613985][ T4447] l2cap_chan_send+0x190c/0x1e5c [ 113.615126][ T4447] l2cap_sock_sendmsg+0x184/0x2a8 [ 113.616195][ T4447] kernel_sendmsg+0x1c8/0x2a0 [ 113.617121][ T4447] bnep_session+0x1f28/0x2584 [ 113.618194][ T4447] kthread+0x250/0x2d8 [ 113.619051][ T4447] ret_from_fork+0x10/0x20 [ 113.620101][ T4447] [ 113.620608][ T4447] Second to last potentially related work creation: [ 113.622067][ T4447] kasan_save_stack+0x40/0x70 [ 113.623044][ T4447] __kasan_record_aux_stack+0xcc/0xe8 [ 113.624215][ T4447] kasan_record_aux_stack_noalloc+0x14/0x20 [ 113.625504][ T4447] insert_work+0x64/0x384 [ 113.626437][ T4447] __queue_work+0xd48/0x136c [ 113.627463][ T4447] queue_work_on+0xc0/0x16c [ 113.628507][ T4447] hci_send_acl+0x904/0xc48 [ 113.629505][ T4447] l2cap_do_send+0x238/0x350 [ 113.630492][ T4447] l2cap_chan_send+0x190c/0x1e5c [ 113.631474][ T4447] l2cap_sock_sendmsg+0x184/0x2a8 [ 113.632496][ T4447] kernel_sendmsg+0x1c8/0x2a0 [ 113.633451][ T4447] bnep_session+0x1f28/0x2584 [ 113.634391][ T4447] kthread+0x250/0x2d8 [ 113.635209][ T4447] ret_from_fork+0x10/0x20 [ 113.636173][ T4447] [ 113.636617][ T4447] The buggy address belongs to the object at ffff0000df2bc000 [ 113.636617][ T4447] which belongs to the cache kmalloc-8k of size 8192 [ 113.639572][ T4447] The buggy address is located 5312 bytes inside of [ 113.639572][ T4447] 8192-byte region [ffff0000df2bc000, ffff0000df2be000) [ 113.642501][ T4447] [ 113.643016][ T4447] The buggy address belongs to the physical page: [ 113.644393][ T4447] page:00000000b40ad272 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f2b8 [ 113.646607][ T4447] head:00000000b40ad272 order:3 compound_mapcount:0 compound_pincount:0 [ 113.648382][ T4447] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 113.650207][ T4447] raw: 05ffc00000010200 0000000000000000 dead000000000001 ffff0000c0002c00 [ 113.652159][ T4447] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 113.653958][ T4447] page dumped because: kasan: bad access detected [ 113.655436][ T4447] [ 113.655922][ T4447] Memory state around the buggy address: [ 113.657131][ T4447] ffff0000df2bd380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 113.658911][ T4447] ffff0000df2bd400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 113.660686][ T4447] >ffff0000df2bd480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 113.662481][ T4447] ^ [ 113.663901][ T4447] ffff0000df2bd500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 113.665605][ T4447] ffff0000df2bd580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 113.667219][ T4447] ================================================================== [ 113.673637][ T4447] Disabling lock debugging due to kernel taint [ 113.675136][ T4447] ================================================================================ [ 113.677131][ T4447] UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:131:9 [ 113.678769][ T4447] index 12563 is out of range for type 'unsigned long[8]' [ 113.680214][ T4447] CPU: 0 PID: 4447 Comm: kbnepd bnep0 Tainted: G B W 6.1.116-syzkaller #0 [ 113.682272][ T4447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 113.684345][ T4447] Call trace: [ 113.685041][ T4447] dump_backtrace+0x1c8/0x1f4 [ 113.686066][ T4447] show_stack+0x2c/0x3c [ 113.687008][ T4447] dump_stack_lvl+0x108/0x170 [ 113.688135][ T4447] dump_stack+0x1c/0x58 [ 113.689029][ T4447] __ubsan_handle_out_of_bounds+0xfc/0x148 [ 113.690189][ T4447] queued_spin_lock_slowpath+0x9fc/0xe48 [ 113.691464][ T4447] do_raw_spin_lock+0x330/0x358 [ 113.692563][ T4447] _raw_spin_lock_irqsave+0x74/0xb4 [ 113.693678][ T4447] klist_next+0x8c/0x2e4 [ 113.694629][ T4447] device_for_each_child+0xc0/0x174 [ 113.695666][ T4447] pm_runtime_set_memalloc_noio+0xf0/0x210 [ 113.696960][ T4447] netdev_unregister_kobject+0x144/0x204 [ 113.698258][ T4447] unregister_netdevice_many+0x11b8/0x175c [ 113.699640][ T4447] unregister_netdev+0x178/0x1f0 [ 113.700738][ T4447] bnep_session+0x23c4/0x2584 [ 113.701867][ T4447] kthread+0x250/0x2d8 [ 113.702740][ T4447] ret_from_fork+0x10/0x20 [ 113.703724][ T4447] ================================================================================