[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.251' (ECDSA) to the list of known hosts. 2021/08/17 01:42:04 parsed 1 programs 2021/08/17 01:42:04 executed programs: 0 syzkaller login: [ 1581.917195][ T8465] chnl_net:caif_netlink_parms(): no params data found [ 1581.959261][ T8465] bridge0: port 1(bridge_slave_0) entered blocking state [ 1581.968750][ T8465] bridge0: port 1(bridge_slave_0) entered disabled state [ 1581.977344][ T8465] device bridge_slave_0 entered promiscuous mode [ 1581.986182][ T8465] bridge0: port 2(bridge_slave_1) entered blocking state [ 1581.993329][ T8465] bridge0: port 2(bridge_slave_1) entered disabled state [ 1582.000869][ T8465] device bridge_slave_1 entered promiscuous mode [ 1582.017396][ T8465] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1582.027955][ T8465] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1582.046998][ T8465] team0: Port device team_slave_0 added [ 1582.054523][ T8465] team0: Port device team_slave_1 added [ 1582.069175][ T8465] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1582.076211][ T8465] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1582.102836][ T8465] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1582.115054][ T8465] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1582.121978][ T8465] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1582.148090][ T8465] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1582.172000][ T8465] device hsr_slave_0 entered promiscuous mode [ 1582.178576][ T8465] device hsr_slave_1 entered promiscuous mode [ 1582.256672][ T8465] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1582.267057][ T8465] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1582.276616][ T8465] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1582.286299][ T8465] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1582.304899][ T8465] bridge0: port 2(bridge_slave_1) entered blocking state [ 1582.312030][ T8465] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1582.320216][ T8465] bridge0: port 1(bridge_slave_0) entered blocking state [ 1582.327358][ T8465] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1582.362330][ T8465] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1582.377520][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1582.388805][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 1582.397000][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 1582.405203][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 1582.419101][ T8465] 8021q: adding VLAN 0 to HW filter on device team0 [ 1582.430256][ T8606] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1582.439876][ T8606] bridge0: port 1(bridge_slave_0) entered blocking state [ 1582.446967][ T8606] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1582.457645][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1582.466303][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 1582.473388][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1582.495093][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1582.503755][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1582.512385][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1582.523227][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1582.531124][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1582.543900][ T8465] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1582.558610][ T8605] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1582.566288][ T8605] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1582.580181][ T8465] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1582.596042][ T8606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1582.613811][ T8606] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1582.622095][ T8606] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1582.631156][ T8606] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1582.641329][ T8465] device veth0_vlan entered promiscuous mode [ 1582.652432][ T8465] device veth1_vlan entered promiscuous mode [ 1582.672263][ T8465] device veth0_macvtap entered promiscuous mode [ 1582.680173][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1582.690130][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1582.698345][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1582.707078][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1582.718359][ T8465] device veth1_macvtap entered promiscuous mode [ 1582.732908][ T8465] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1582.740708][ T8605] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1582.752115][ T8465] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1582.760204][ T8605] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1582.771084][ T8465] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1582.780615][ T8465] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1582.789407][ T8465] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1582.798851][ T8465] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1582.871449][ T10] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1582.882330][ T10] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1582.898520][ T8702] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1582.910810][ T8702] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1582.915066][ T8606] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1582.931777][ T8606] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1583.804522][ T8605] Bluetooth: hci0: command 0x0409 tx timeout 2021/08/17 01:42:09 executed programs: 97 [ 1585.883976][ T8605] Bluetooth: hci0: command 0x041b tx timeout [ 1587.963781][ T8605] Bluetooth: hci0: command 0x040f tx timeout [ 1590.043387][ T8686] Bluetooth: hci0: command 0x0419 tx timeout 2021/08/17 01:42:14 executed programs: 282 2021/08/17 01:42:19 executed programs: 476 [ 1596.989632][ T8465] ================================================================== [ 1596.997713][ T8465] BUG: KASAN: use-after-free in __lock_acquire+0x3d86/0x54a0 [ 1597.005101][ T8465] Read of size 8 at addr ffff88801c6f60a0 by task syz-executor.0/8465 [ 1597.013249][ T8465] [ 1597.015568][ T8465] CPU: 0 PID: 8465 Comm: syz-executor.0 Not tainted 5.14.0-rc6-syzkaller #0 [ 1597.024234][ T8465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1597.034640][ T8465] Call Trace: [ 1597.037912][ T8465] dump_stack_lvl+0xcd/0x134 [ 1597.044505][ T8465] print_address_description.constprop.0.cold+0x6c/0x309 [ 1597.051512][ T8465] ? __lock_acquire+0x3d86/0x54a0 [ 1597.056512][ T8465] ? __lock_acquire+0x3d86/0x54a0 [ 1597.061532][ T8465] kasan_report.cold+0x83/0xdf [ 1597.066399][ T8465] ? __lock_acquire+0x3d86/0x54a0 [ 1597.071419][ T8465] __lock_acquire+0x3d86/0x54a0 [ 1597.076249][ T8465] ? mark_lock+0xef/0x17b0 [ 1597.080645][ T8465] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 1597.086428][ T8465] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1597.092390][ T8465] ? lock_chain_count+0x20/0x20 [ 1597.097217][ T8465] lock_acquire+0x1ab/0x510 [ 1597.101698][ T8465] ? lock_sock_nested+0x40/0x120 [ 1597.106614][ T8465] ? lock_release+0x720/0x720 [ 1597.111264][ T8465] ? del_timer+0xc5/0x110 [ 1597.115574][ T8465] _raw_spin_lock_bh+0x2f/0x40 [ 1597.120320][ T8465] ? lock_sock_nested+0x40/0x120 [ 1597.125237][ T8465] lock_sock_nested+0x40/0x120 [ 1597.130031][ T8465] l2cap_sock_teardown_cb+0xa1/0x660 [ 1597.135398][ T8465] ? lockdep_hardirqs_on+0x79/0x100 [ 1597.140595][ T8465] l2cap_chan_del+0xbc/0xa80 [ 1597.145165][ T8465] l2cap_conn_del+0x3c0/0x7b0 [ 1597.149824][ T8465] ? l2cap_conn_del+0x7b0/0x7b0 [ 1597.154650][ T8465] l2cap_disconn_cfm+0x95/0xd0 [ 1597.159398][ T8465] hci_conn_hash_flush+0x127/0x260 [ 1597.164500][ T8465] hci_dev_do_close+0x528/0x1130 [ 1597.169421][ T8465] ? hci_dev_open+0x300/0x300 [ 1597.174073][ T8465] ? do_raw_read_unlock+0x70/0x70 [ 1597.179081][ T8465] hci_unregister_dev+0x1c0/0x5a0 [ 1597.184089][ T8465] vhci_release+0x70/0xe0 [ 1597.188405][ T8465] __fput+0x288/0x920 [ 1597.192365][ T8465] ? vhci_close_dev+0x50/0x50 [ 1597.197025][ T8465] task_work_run+0xdd/0x1a0 [ 1597.201507][ T8465] do_exit+0xbd4/0x2a60 [ 1597.205639][ T8465] ? __context_tracking_exit+0xb8/0xe0 [ 1597.211079][ T8465] ? lock_downgrade+0x6e0/0x6e0 [ 1597.215904][ T8465] ? lock_downgrade+0x6e0/0x6e0 [ 1597.220731][ T8465] ? mm_update_next_owner+0x7a0/0x7a0 [ 1597.226083][ T8465] do_group_exit+0x125/0x310 [ 1597.230671][ T8465] __x64_sys_exit_group+0x3a/0x50 [ 1597.235676][ T8465] do_syscall_64+0x35/0xb0 [ 1597.240072][ T8465] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1597.245943][ T8465] RIP: 0033:0x4665e9 [ 1597.249811][ T8465] Code: Unable to access opcode bytes at RIP 0x4665bf. [ 1597.256625][ T8465] RSP: 002b:00007ffe82b64368 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1597.265014][ T8465] RAX: ffffffffffffffda RBX: 000000000000061b RCX: 00000000004665e9 [ 1597.272959][ T8465] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000043 [ 1597.280905][ T8465] RBP: 0000000000000000 R08: 0000000000000014 R09: 000000000000061b [ 1597.288852][ T8465] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004bfe0f [ 1597.296801][ T8465] R13: 0000000000000000 R14: 0000000000000005 R15: 00007ffe82b64560 [ 1597.304771][ T8465] [ 1597.307069][ T8465] Allocated by task 10521: [ 1597.311455][ T8465] kasan_save_stack+0x1b/0x40 [ 1597.316112][ T8465] __kasan_kmalloc+0x9b/0xd0 [ 1597.320678][ T8465] sk_prot_alloc+0x110/0x290 [ 1597.325248][ T8465] sk_alloc+0x32/0xbc0 [ 1597.329313][ T8465] l2cap_sock_alloc.constprop.0+0x31/0x230 [ 1597.335119][ T8465] l2cap_sock_create+0x123/0x1f0 [ 1597.340036][ T8465] bt_sock_create+0x17c/0x340 [ 1597.344690][ T8465] __sock_create+0x353/0x790 [ 1597.349254][ T8465] __sys_socket+0xef/0x200 [ 1597.353642][ T8465] __x64_sys_socket+0x6f/0xb0 [ 1597.358295][ T8465] do_syscall_64+0x35/0xb0 [ 1597.362683][ T8465] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1597.368549][ T8465] [ 1597.370847][ T8465] Freed by task 10520: [ 1597.374884][ T8465] kasan_save_stack+0x1b/0x40 [ 1597.379539][ T8465] kasan_set_track+0x1c/0x30 [ 1597.384103][ T8465] kasan_set_free_info+0x20/0x30 [ 1597.389019][ T8465] __kasan_slab_free+0xfb/0x130 [ 1597.393843][ T8465] slab_free_freelist_hook+0xdf/0x240 [ 1597.399189][ T8465] kfree+0xe4/0x540 [ 1597.402968][ T8465] __sk_destruct+0x6a8/0x900 [ 1597.407901][ T8465] sk_destruct+0xbd/0xe0 [ 1597.412389][ T8465] __sk_free+0xef/0x3d0 [ 1597.416543][ T8465] sk_free+0x78/0xa0 [ 1597.420416][ T8465] l2cap_sock_kill+0x203/0x240 [ 1597.425158][ T8465] l2cap_sock_release+0x184/0x200 [ 1597.430507][ T8465] __sock_release+0xcd/0x280 [ 1597.435161][ T8465] sock_close+0x18/0x20 [ 1597.439314][ T8465] __fput+0x288/0x920 [ 1597.443354][ T8465] task_work_run+0xdd/0x1a0 [ 1597.447833][ T8465] exit_to_user_mode_prepare+0x27e/0x290 [ 1597.453556][ T8465] syscall_exit_to_user_mode+0x19/0x60 [ 1597.458998][ T8465] do_syscall_64+0x42/0xb0 [ 1597.463396][ T8465] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1597.469267][ T8465] [ 1597.471567][ T8465] Last potentially related work creation: [ 1597.477250][ T8465] kasan_save_stack+0x1b/0x40 [ 1597.481931][ T8465] kasan_record_aux_stack+0xe5/0x110 [ 1597.487369][ T8465] call_rcu+0xb1/0x750 [ 1597.491423][ T8465] netlink_release+0xdd4/0x1dd0 [ 1597.496253][ T8465] __sock_release+0xcd/0x280 [ 1597.500834][ T8465] sock_close+0x18/0x20 [ 1597.504961][ T8465] __fput+0x288/0x920 [ 1597.509003][ T8465] task_work_run+0xdd/0x1a0 [ 1597.513481][ T8465] do_exit+0xbd4/0x2a60 [ 1597.517611][ T8465] do_group_exit+0x125/0x310 [ 1597.522174][ T8465] __x64_sys_exit_group+0x3a/0x50 [ 1597.527170][ T8465] do_syscall_64+0x35/0xb0 [ 1597.531565][ T8465] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1597.537435][ T8465] [ 1597.539731][ T8465] The buggy address belongs to the object at ffff88801c6f6000 [ 1597.539731][ T8465] which belongs to the cache kmalloc-2k of size 2048 [ 1597.553757][ T8465] The buggy address is located 160 bytes inside of [ 1597.553757][ T8465] 2048-byte region [ffff88801c6f6000, ffff88801c6f6800) [ 1597.567700][ T8465] The buggy address belongs to the page: [ 1597.573316][ T8465] page:ffffea000071bc00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1c6f0 [ 1597.583718][ T8465] head:ffffea000071bc00 order:3 compound_mapcount:0 compound_pincount:0 [ 1597.592018][ T8465] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 1597.599977][ T8465] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010842000 [ 1597.608536][ T8465] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 1597.617088][ T8465] page dumped because: kasan: bad access detected [ 1597.623471][ T8465] page_owner tracks the page as allocated [ 1597.629156][ T8465] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8605, ts 1584523777016, free_ts 1584487668141 [ 1597.648838][ T8465] get_page_from_freelist+0xa72/0x2f80 [ 1597.654285][ T8465] __alloc_pages+0x1b2/0x500 [ 1597.658849][ T8465] alloc_pages+0x18c/0x2a0 [ 1597.663254][ T8465] allocate_slab+0x32e/0x4b0 [ 1597.667820][ T8465] ___slab_alloc+0x4ba/0x820 [ 1597.672389][ T8465] __slab_alloc.constprop.0+0xa7/0xf0 [ 1597.677733][ T8465] __kmalloc_node_track_caller+0x2e3/0x360 [ 1597.683515][ T8465] __alloc_skb+0xde/0x340 [ 1597.688341][ T8465] alloc_skb_with_frags+0x93/0x620 [ 1597.693639][ T8465] sock_alloc_send_pskb+0x783/0x910 [ 1597.698813][ T8465] mld_newpack+0x1df/0x770 [ 1597.703204][ T8465] add_grhead+0x265/0x330 [ 1597.707593][ T8465] add_grec+0x1053/0x14e0 [ 1597.711984][ T8465] mld_send_initial_cr.part.0+0xf6/0x230 [ 1597.717681][ T8465] mld_dad_work+0x1d3/0x690 [ 1597.722175][ T8465] process_one_work+0x98d/0x1630 [ 1597.727089][ T8465] page last free stack trace: [ 1597.731733][ T8465] free_pcp_prepare+0x2c5/0x780 [ 1597.736580][ T8465] free_unref_page+0x19/0x690 [ 1597.741238][ T8465] unfreeze_partials+0x17c/0x1d0 [ 1597.746237][ T8465] put_cpu_partial+0x13d/0x230 [ 1597.750976][ T8465] qlist_free_all+0x5a/0xc0 [ 1597.755458][ T8465] kasan_quarantine_reduce+0x180/0x200 [ 1597.760894][ T8465] __kasan_slab_alloc+0x8e/0xa0 [ 1597.765723][ T8465] __kmalloc+0x1f4/0x330 [ 1597.770032][ T8465] ext4_find_extent+0xa47/0xd00 [ 1597.774860][ T8465] ext4_ext_map_blocks+0x1e2/0x6070 [ 1597.781948][ T8465] ext4_map_blocks+0x653/0x17d0 [ 1597.786777][ T8465] ext4_getblk+0x13c/0x680 [ 1597.791169][ T8465] ext4_bread+0x2a/0x1c0 [ 1597.795390][ T8465] ext4_append+0x177/0x390 [ 1597.799782][ T8465] ext4_init_new_dir+0x33f/0x5e0 [ 1597.804694][ T8465] ext4_mkdir+0x3cf/0xb20 [ 1597.809006][ T8465] [ 1597.811394][ T8465] Memory state around the buggy address: [ 1597.817010][ T8465] ffff88801c6f5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1597.825045][ T8465] ffff88801c6f6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1597.833082][ T8465] >ffff88801c6f6080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1597.841111][ T8465] ^ [ 1597.846193][ T8465] ffff88801c6f6100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1597.854228][ T8465] ffff88801c6f6180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1597.862259][ T8465] ================================================================== [ 1597.870288][ T8465] Disabling lock debugging due to kernel taint [ 1597.876408][ T8465] Kernel panic - not syncing: panic_on_warn set ... [ 1597.882962][ T8465] CPU: 0 PID: 8465 Comm: syz-executor.0 Tainted: G B 5.14.0-rc6-syzkaller #0 [ 1597.892996][ T8465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1597.903025][ T8465] Call Trace: [ 1597.906372][ T8465] dump_stack_lvl+0xcd/0x134 [ 1597.911151][ T8465] panic+0x306/0x73d [ 1597.915279][ T8465] ? __warn_printk+0xf3/0xf3 [ 1597.919931][ T8465] ? __lock_acquire+0x3d86/0x54a0 [ 1597.924931][ T8465] ? __lock_acquire+0x3d86/0x54a0 [ 1597.929929][ T8465] ? __lock_acquire+0x3d86/0x54a0 [ 1597.934929][ T8465] end_report.cold+0x5a/0x5a [ 1597.941680][ T8465] kasan_report.cold+0x71/0xdf [ 1597.946437][ T8465] ? __lock_acquire+0x3d86/0x54a0 [ 1597.951660][ T8465] __lock_acquire+0x3d86/0x54a0 [ 1597.956488][ T8465] ? mark_lock+0xef/0x17b0 [ 1597.960974][ T8465] ? _raw_spin_unlock_irqrestore+0x3d/0x70 [ 1597.967112][ T8465] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 1597.973066][ T8465] ? lock_chain_count+0x20/0x20 [ 1597.978005][ T8465] lock_acquire+0x1ab/0x510 [ 1597.982590][ T8465] ? lock_sock_nested+0x40/0x120 [ 1597.988038][ T8465] ? lock_release+0x720/0x720 [ 1597.992776][ T8465] ? del_timer+0xc5/0x110 [ 1597.997082][ T8465] _raw_spin_lock_bh+0x2f/0x40 [ 1598.001827][ T8465] ? lock_sock_nested+0x40/0x120 [ 1598.006742][ T8465] lock_sock_nested+0x40/0x120 [ 1598.011862][ T8465] l2cap_sock_teardown_cb+0xa1/0x660 [ 1598.017189][ T8465] ? lockdep_hardirqs_on+0x79/0x100 [ 1598.022427][ T8465] l2cap_chan_del+0xbc/0xa80 [ 1598.027059][ T8465] l2cap_conn_del+0x3c0/0x7b0 [ 1598.031713][ T8465] ? l2cap_conn_del+0x7b0/0x7b0 [ 1598.036541][ T8465] l2cap_disconn_cfm+0x95/0xd0 [ 1598.041284][ T8465] hci_conn_hash_flush+0x127/0x260 [ 1598.046374][ T8465] hci_dev_do_close+0x528/0x1130 [ 1598.051301][ T8465] ? hci_dev_open+0x300/0x300 [ 1598.055958][ T8465] ? do_raw_read_unlock+0x70/0x70 [ 1598.060966][ T8465] hci_unregister_dev+0x1c0/0x5a0 [ 1598.065989][ T8465] vhci_release+0x70/0xe0 [ 1598.070313][ T8465] __fput+0x288/0x920 [ 1598.074292][ T8465] ? vhci_close_dev+0x50/0x50 [ 1598.078947][ T8465] task_work_run+0xdd/0x1a0 [ 1598.083429][ T8465] do_exit+0xbd4/0x2a60 [ 1598.087559][ T8465] ? __context_tracking_exit+0xb8/0xe0 [ 1598.093091][ T8465] ? lock_downgrade+0x6e0/0x6e0 [ 1598.098195][ T8465] ? lock_downgrade+0x6e0/0x6e0 [ 1598.103023][ T8465] ? mm_update_next_owner+0x7a0/0x7a0 [ 1598.108402][ T8465] do_group_exit+0x125/0x310 [ 1598.112973][ T8465] __x64_sys_exit_group+0x3a/0x50 [ 1598.118062][ T8465] do_syscall_64+0x35/0xb0 [ 1598.122728][ T8465] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 1598.128860][ T8465] RIP: 0033:0x4665e9 [ 1598.132731][ T8465] Code: Unable to access opcode bytes at RIP 0x4665bf. [ 1598.139634][ T8465] RSP: 002b:00007ffe82b64368 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1598.148025][ T8465] RAX: ffffffffffffffda RBX: 000000000000061b RCX: 00000000004665e9 [ 1598.156060][ T8465] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000043 [ 1598.164096][ T8465] RBP: 0000000000000000 R08: 0000000000000014 R09: 000000000000061b [ 1598.172043][ T8465] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004bfe0f [ 1598.179990][ T8465] R13: 0000000000000000 R14: 0000000000000005 R15: 00007ffe82b64560 [ 1598.195443][ T8465] Kernel Offset: disabled [ 1598.199751][ T8465] Rebooting in 86400 seconds..