Warning: Permanently added '10.128.15.196' (ED25519) to the list of known hosts. 1970/01/01 00:00:58 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:58 parsed 1 programs [ 58.950841][ T6441] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS 1970/01/01 00:00:58 executed programs: 0 [ 58.989030][ T5665] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 58.991931][ T5665] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 58.994242][ T5665] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 58.996679][ T5665] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 58.998839][ T5665] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 59.001293][ T5665] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 59.071880][ T6449] chnl_net:caif_netlink_parms(): no params data found [ 59.099687][ T6449] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.102300][ T6449] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.104124][ T6449] bridge_slave_0: entered allmulticast mode [ 59.106136][ T6449] bridge_slave_0: entered promiscuous mode [ 59.109192][ T6449] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.111215][ T6449] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.113051][ T6449] bridge_slave_1: entered allmulticast mode [ 59.114994][ T6449] bridge_slave_1: entered promiscuous mode [ 59.127641][ T6449] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.131760][ T6449] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.144335][ T6449] team0: Port device team_slave_0 added [ 59.147292][ T6449] team0: Port device team_slave_1 added [ 59.158831][ T6449] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.160905][ T6449] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.167511][ T6449] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.171588][ T6449] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.173360][ T6449] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.179866][ T6449] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.242473][ T6449] hsr_slave_0: entered promiscuous mode [ 59.280493][ T6449] hsr_slave_1: entered promiscuous mode [ 60.086618][ T6449] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 60.122058][ T6449] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 60.176428][ T6449] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 60.221555][ T6449] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 60.298227][ T6449] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.308579][ T6449] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.314689][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.316639][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.332354][ T6095] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.334359][ T6095] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.418558][ T6449] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.444828][ T6449] veth0_vlan: entered promiscuous mode [ 60.451073][ T6449] veth1_vlan: entered promiscuous mode [ 60.465765][ T6449] veth0_macvtap: entered promiscuous mode [ 60.469453][ T6449] veth1_macvtap: entered promiscuous mode [ 60.485430][ T6449] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.493713][ T6449] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.498333][ T6449] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.501460][ T6449] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.503767][ T6449] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.506102][ T6449] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.539855][ T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.545346][ T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.564060][ T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.566109][ T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.080879][ T5665] Bluetooth: hci0: command 0x0409 tx timeout [ 63.160145][ T5665] Bluetooth: hci0: command 0x041b tx timeout [ 64.023974][ T6752] ================================================================== [ 64.026176][ T6752] BUG: KASAN: slab-use-after-free in hci_conn_drop+0x34/0x2bc [ 64.028100][ T6752] Write of size 4 at addr ffff0000c892c010 by task syz-executor.0/6752 [ 64.030277][ T6752] [ 64.030881][ T6752] CPU: 0 PID: 6752 Comm: syz-executor.0 Not tainted 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c-dirty #0 [ 64.033941][ T6752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 64.036673][ T6752] Call trace: [ 64.037544][ T6752] dump_backtrace+0x1b8/0x1e4 [ 64.038743][ T6752] show_stack+0x2c/0x44 [ 64.039870][ T6752] dump_stack_lvl+0xd0/0x124 [ 64.041088][ T6752] print_report+0x174/0x514 [ 64.042321][ T6752] kasan_report+0xd8/0x138 [ 64.043464][ T6752] kasan_check_range+0x254/0x294 [ 64.044763][ T6752] __kasan_check_write+0x20/0x30 [ 64.046108][ T6752] hci_conn_drop+0x34/0x2bc [ 64.047337][ T6752] __sco_sock_close+0x3a8/0x7b0 [ 64.048553][ T6752] sco_sock_release+0xb4/0x2c0 [ 64.049979][ T6752] sock_close+0xa4/0x1e8 [ 64.051113][ T6752] __fput+0x324/0x7f8 [ 64.052132][ T6752] __fput_sync+0x60/0x9c [ 64.053288][ T6752] __arm64_sys_close+0x150/0x1e0 [ 64.054625][ T6752] invoke_syscall+0x98/0x2b8 [ 64.055878][ T6752] el0_svc_common+0x130/0x23c [ 64.057094][ T6752] do_el0_svc+0x48/0x58 [ 64.058215][ T6752] el0_svc+0x54/0x158 [ 64.059260][ T6752] el0t_64_sync_handler+0x84/0xfc [ 64.060556][ T6752] el0t_64_sync+0x190/0x194 [ 64.061746][ T6752] [ 64.062377][ T6752] Allocated by task 6753: [ 64.063574][ T6752] kasan_set_track+0x4c/0x7c [ 64.064814][ T6752] kasan_save_alloc_info+0x24/0x30 [ 64.066137][ T6752] __kasan_kmalloc+0xac/0xc4 [ 64.067361][ T6752] kmalloc_trace+0x70/0x88 [ 64.068535][ T6752] hci_conn_add+0xcc/0x1210 [ 64.069681][ T6752] hci_connect_sco+0x94/0x2bc [ 64.070910][ T6752] sco_sock_connect+0x270/0x8bc [ 64.072207][ T6752] __sys_connect+0x268/0x290 [ 64.073383][ T6752] __arm64_sys_connect+0x7c/0x94 [ 64.074663][ T6752] invoke_syscall+0x98/0x2b8 [ 64.075875][ T6752] el0_svc_common+0x130/0x23c [ 64.077127][ T6752] do_el0_svc+0x48/0x58 [ 64.078226][ T6752] el0_svc+0x54/0x158 [ 64.079310][ T6752] el0t_64_sync_handler+0x84/0xfc [ 64.080606][ T6752] el0t_64_sync+0x190/0x194 [ 64.081769][ T6752] [ 64.082357][ T6752] Freed by task 5665: [ 64.083415][ T6752] kasan_set_track+0x4c/0x7c [ 64.084617][ T6752] kasan_save_free_info+0x38/0x5c [ 64.085949][ T6752] ____kasan_slab_free+0x144/0x1c0 [ 64.087327][ T6752] __kasan_slab_free+0x18/0x28 [ 64.088599][ T6752] __kmem_cache_free+0x2ac/0x480 [ 64.089915][ T6752] kfree+0xb8/0x19c [ 64.090957][ T6752] bt_link_release+0x20/0x30 [ 64.092119][ T6752] device_release+0x8c/0x1ac [ 64.093389][ T6752] kobject_put+0x1c4/0x3c4 [ 64.094576][ T6752] put_device+0x28/0x40 [ 64.095707][ T6752] hci_conn_del+0x78c/0xabc [ 64.096920][ T6752] hci_conn_failed+0x204/0x2c0 [ 64.098191][ T6752] hci_abort_conn_sync+0x688/0xe38 [ 64.099463][ T6752] abort_conn_sync+0x5c/0x8c [ 64.100704][ T6752] hci_cmd_sync_work+0x1cc/0x34c [ 64.101990][ T6752] process_one_work+0x694/0x1204 [ 64.103355][ T6752] worker_thread+0x938/0xef4 [ 64.104545][ T6752] kthread+0x288/0x310 [ 64.105612][ T6752] ret_from_fork+0x10/0x20 [ 64.106795][ T6752] [ 64.107388][ T6752] The buggy address belongs to the object at ffff0000c892c000 [ 64.107388][ T6752] which belongs to the cache kmalloc-4k of size 4096 [ 64.111010][ T6752] The buggy address is located 16 bytes inside of [ 64.111010][ T6752] freed 4096-byte region [ffff0000c892c000, ffff0000c892d000) [ 64.114594][ T6752] [ 64.115187][ T6752] The buggy address belongs to the physical page: [ 64.116843][ T6752] page:00000000c7691a02 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x108928 [ 64.119572][ T6752] head:00000000c7691a02 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 64.121911][ T6752] anon flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 64.124181][ T6752] page_type: 0xffffffff() [ 64.125338][ T6752] raw: 05ffc00000000840 ffff0000c0002140 0000000000000000 dead000000000001 [ 64.127636][ T6752] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 64.129882][ T6752] page dumped because: kasan: bad access detected [ 64.131576][ T6752] [ 64.132137][ T6752] Memory state around the buggy address: [ 64.133613][ T6752] ffff0000c892bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.135708][ T6752] ffff0000c892bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.137771][ T6752] >ffff0000c892c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.139898][ T6752] ^ [ 64.141090][ T6752] ffff0000c892c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.143243][ T6752] ffff0000c892c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.145357][ T6752] ================================================================== [ 64.147928][ T6752] Disabling lock debugging due to kernel taint [ 64.149482][ T6752] ------------[ cut here ]------------ [ 64.150881][ T6752] ODEBUG: assert_init not available (active state 0) object: 000000000c51268a object type: timer_list hint: hci_conn_timeout+0x0/0x1e8 [ 64.154848][ T6752] WARNING: CPU: 0 PID: 6752 at lib/debugobjects.c:517 debug_print_object+0x168/0x1e0 [ 64.157375][ T6752] Modules linked in: [ 64.158389][ T6752] CPU: 0 PID: 6752 Comm: syz-executor.0 Tainted: G B 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c-dirty #0 [ 64.161549][ T6752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 64.164233][ T6752] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 64.166357][ T6752] pc : debug_print_object+0x168/0x1e0 [ 64.167721][ T6752] lr : debug_print_object+0x168/0x1e0 [ 64.169193][ T6752] sp : ffff800096f67790 [ 64.170335][ T6752] x29: ffff800096f67790 x28: dfff800000000000 x27: ffff700012decf00 [ 64.172402][ T6752] x26: dfff800000000000 x25: dfff800000000000 x24: ffff0000c892c390 [ 64.174528][ T6752] x23: ffff80008ad651a0 x22: ffff800089881d98 x21: ffff80008a89c360 [ 64.176638][ T6752] x20: 0000000000000000 x19: ffff80008ad64cc0 x18: 0000000000000000 [ 64.178688][ T6752] x17: 0000000000000000 x16: ffff80008a668980 x15: 0000000000000001 [ 64.180796][ T6752] x14: 1ffff00012dece0c x13: 0000000000000000 x12: 0000000000000000 [ 64.182787][ T6752] x11: 0000000000000001 x10: 0000000000000000 x9 : c73071275ea21a00 [ 64.184886][ T6752] x8 : c73071275ea21a00 x7 : 0000000000000001 x6 : 0000000000000001 [ 64.186958][ T6752] x5 : ffff800096f67078 x4 : ffff80008e4210a0 x3 : ffff8000803639bc [ 64.189082][ T6752] x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000000000 [ 64.191196][ T6752] Call trace: [ 64.192044][ T6752] debug_print_object+0x168/0x1e0 [ 64.193348][ T6752] debug_object_assert_init+0x318/0x3c8 [ 64.194809][ T6752] __timer_delete+0xac/0x2f8 [ 64.196036][ T6752] timer_delete+0x24/0x34 [ 64.197190][ T6752] try_to_grab_pending+0x8c/0x618 [ 64.198450][ T6752] __cancel_work+0xb0/0x2a8 [ 64.199596][ T6752] cancel_delayed_work+0x24/0x38 [ 64.200861][ T6752] hci_conn_drop+0x150/0x2bc [ 64.202047][ T6752] __sco_sock_close+0x3a8/0x7b0 [ 64.203286][ T6752] sco_sock_release+0xb4/0x2c0 [ 64.204535][ T6752] sock_close+0xa4/0x1e8 [ 64.205680][ T6752] __fput+0x324/0x7f8 [ 64.206741][ T6752] __fput_sync+0x60/0x9c [ 64.207871][ T6752] __arm64_sys_close+0x150/0x1e0 [ 64.209121][ T6752] invoke_syscall+0x98/0x2b8 [ 64.210339][ T6752] el0_svc_common+0x130/0x23c [ 64.211614][ T6752] do_el0_svc+0x48/0x58 [ 64.212679][ T6752] el0_svc+0x54/0x158 [ 64.213686][ T6752] el0t_64_sync_handler+0x84/0xfc [ 64.215001][ T6752] el0t_64_sync+0x190/0x194 [ 64.216145][ T6752] irq event stamp: 15717 [ 64.217242][ T6752] hardirqs last enabled at (15717): [] exit_to_kernel_mode+0xdc/0x10c [ 64.219800][ T6752] hardirqs last disabled at (15716): [] __do_softirq+0x950/0xd54 [ 64.222198][ T6752] softirqs last enabled at (15458): [] lock_sock_nested+0xcc/0x11c [ 64.224643][ T6752] softirqs last disabled at (15456): [] lock_sock_nested+0x74/0x11c [ 64.227222][ T6752] ---[ end trace 0000000000000000 ]--- [ 64.228902][ T6752] ------------[ cut here ]------------ [ 64.230266][ T6752] WARNING: CPU: 0 PID: 6752 at kernel/workqueue.c:1939 queue_delayed_work_on+0x214/0x2e4 [ 64.232818][ T6752] Modules linked in: [ 64.233808][ T6752] CPU: 0 PID: 6752 Comm: syz-executor.0 Tainted: G B W 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c-dirty #0 [ 64.237013][ T6752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 64.239602][ T6752] pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 64.241736][ T6752] pc : queue_delayed_work_on+0x214/0x2e4 [ 64.243191][ T6752] lr : queue_delayed_work_on+0x214/0x2e4 [ 64.244677][ T6752] sp : ffff800096f67af0 [ 64.245807][ T6752] x29: ffff800096f67af0 x28: 1fffe0001a828d80 x27: dfff800000000000 [ 64.247903][ T6752] x26: 0000000000000000 x25: ffff0000c892c3a8 x24: ffff0000cb635400 [ 64.250058][ T6752] x23: 0000000000000000 x22: ffff0000c892c348 x21: 0000000000000008 [ 64.252122][ T6752] x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000000 [ 64.254198][ T6752] x17: 0000000000000000 x16: ffff80008a71b2bc x15: ffff600019125869 [ 64.256267][ T6752] x14: 1fffe00019125869 x13: 00000000000000fb x12: ffffffffffffffff [ 64.258419][ T6752] x11: 0000000000000001 x10: 0000000000000000 x9 : 0000000000000000 [ 64.260431][ T6752] x8 : ffff0000d5f21bc0 x7 : 0000000000000000 x6 : 0000000000000000 [ 64.262566][ T6752] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080221e68 [ 64.264556][ T6752] x2 : 0000000000000000 x1 : 0000000000000008 x0 : 0000000000000000 [ 64.266635][ T6752] Call trace: [ 64.267488][ T6752] queue_delayed_work_on+0x214/0x2e4 [ 64.268827][ T6752] hci_conn_drop+0x198/0x2bc [ 64.270012][ T6752] __sco_sock_close+0x3a8/0x7b0 [ 64.271257][ T6752] sco_sock_release+0xb4/0x2c0 [ 64.272473][ T6752] sock_close+0xa4/0x1e8 [ 64.273588][ T6752] __fput+0x324/0x7f8 [ 64.274607][ T6752] __fput_sync+0x60/0x9c [ 64.275673][ T6752] __arm64_sys_close+0x150/0x1e0 [ 64.277021][ T6752] invoke_syscall+0x98/0x2b8 [ 64.278208][ T6752] el0_svc_common+0x130/0x23c [ 64.279393][ T6752] do_el0_svc+0x48/0x58 [ 64.280412][ T6752] el0_svc+0x54/0x158 [ 64.281424][ T6752] el0t_64_sync_handler+0x84/0xfc [ 64.282704][ T6752] el0t_64_sync+0x190/0x194 [ 64.283874][ T6752] irq event stamp: 15717 [ 64.284990][ T6752] hardirqs last enabled at (15717): [] exit_to_kernel_mode+0xdc/0x10c [ 64.287535][ T6752] hardirqs last disabled at (15716): [] __do_softirq+0x950/0xd54 [ 64.289981][ T6752] softirqs last enabled at (15458): [] lock_sock_nested+0xcc/0x11c [ 64.292543][ T6752] softirqs last disabled at (15456): [] lock_sock_nested+0x74/0x11c [ 64.294994][ T6752] ---[ end trace 0000000000000000 ]--- [ 64.296386][ T6752] ------------[ cut here ]------------ [ 64.297758][ T6752] ODEBUG: activate not available (active state 0) object: 000000002ed6b31e object type: work_struct hint: hci_conn_timeout+0x0/0x1e8 [ 64.301611][ T6752] WARNING: CPU: 0 PID: 6752 at lib/debugobjects.c:517 debug_print_object+0x168/0x1e0 [ 64.304112][ T6752] Modules linked in: [ 64.305121][ T6752] CPU: 0 PID: 6752 Comm: syz-executor.0 Tainted: G B W 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c-dirty #0 [ 64.308372][ T6752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 64.310950][ T6752] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 64.313012][ T6752] pc : debug_print_object+0x168/0x1e0 [ 64.314455][ T6752] lr : debug_print_object+0x168/0x1e0 [ 64.315832][ T6752] sp : ffff800096f67870 [ 64.316925][ T6752] x29: ffff800096f67870 x28: dfff800000000000 x27: ffff700012decf1c [ 64.319041][ T6752] x26: ffff0000e2130b78 x25: dfff800000000000 x24: ffff0000c892c348 [ 64.321102][ T6752] x23: ffff80008ad651a0 x22: ffff800089881d98 x21: ffff80008a8710a0 [ 64.323113][ T6752] x20: 0000000000000000 x19: ffff80008ad64c40 x18: 0000000000000000 [ 64.325192][ T6752] x17: 0000000000000000 x16: ffff80008a71b2bc x15: 0000000000000001 [ 64.327235][ T6752] x14: 1fffe0003682f032 x13: 0000000000000000 x12: 0000000000000000 [ 64.329344][ T6752] x11: 0000000000000002 x10: 0000000000000000 x9 : c73071275ea21a00 [ 64.331385][ T6752] x8 : c73071275ea21a00 x7 : 0000000000000001 x6 : 0000000000000001 [ 64.333455][ T6752] x5 : ffff800096f67158 x4 : ffff80008e4210a0 x3 : ffff8000805a359c [ 64.335587][ T6752] x2 : 0000000000000001 x1 : 0000000000000002 x0 : 0000000000000000 [ 64.337686][ T6752] Call trace: [ 64.338590][ T6752] debug_print_object+0x168/0x1e0 [ 64.339941][ T6752] debug_object_activate+0x600/0x7e0 [ 64.341245][ T6752] insert_work+0x4c/0x2d4 [ 64.342381][ T6752] __queue_work+0xcf4/0x1338 [ 64.343599][ T6752] queue_delayed_work_on+0x1f4/0x2e4 [ 64.345010][ T6752] hci_conn_drop+0x198/0x2bc [ 64.346233][ T6752] __sco_sock_close+0x3a8/0x7b0 [ 64.347420][ T6752] sco_sock_release+0xb4/0x2c0 [ 64.348593][ T6752] sock_close+0xa4/0x1e8 [ 64.349677][ T6752] __fput+0x324/0x7f8 [ 64.350682][ T6752] __fput_sync+0x60/0x9c [ 64.351756][ T6752] __arm64_sys_close+0x150/0x1e0 [ 64.353044][ T6752] invoke_syscall+0x98/0x2b8 [ 64.354253][ T6752] el0_svc_common+0x130/0x23c [ 64.355526][ T6752] do_el0_svc+0x48/0x58 [ 64.356645][ T6752] el0_svc+0x54/0x158 [ 64.357711][ T6752] el0t_64_sync_handler+0x84/0xfc [ 64.359017][ T6752] el0t_64_sync+0x190/0x194 [ 64.360233][ T6752] irq event stamp: 15717 [ 64.361305][ T6752] hardirqs last enabled at (15717): [] exit_to_kernel_mode+0xdc/0x10c [ 64.363761][ T6752] hardirqs last disabled at (15716): [] __do_softirq+0x950/0xd54 [ 64.366224][ T6752] softirqs last enabled at (15458): [] lock_sock_nested+0xcc/0x11c [ 64.368665][ T6752] softirqs last disabled at (15456): [] lock_sock_nested+0x74/0x11c [ 64.371213][ T6752] ---[ end trace 0000000000000000 ]--- [ 64.372686][ T5665] ------------[ cut here ]------------ [ 64.374067][ T5665] ODEBUG: deactivate not available (active state 0) object: 000000002ed6b31e object type: work_struct hint: hci_conn_timeout+0x0/0x1e8 [ 64.377874][ T5665] WARNING: CPU: 1 PID: 5665 at lib/debugobjects.c:517 debug_object_deactivate+0x340/0x414 [ 64.380377][ T5665] Modules linked in: [ 64.381354][ T5665] CPU: 1 PID: 5665 Comm: kworker/u5:1 Tainted: G B W 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c-dirty #0 [ 64.384437][ T5665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 64.386985][ T5665] Workqueue: 0x0 (hci0) [ 64.388085][ T5665] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 64.390049][ T5665] pc : debug_object_deactivate+0x340/0x414 [ 64.391511][ T5665] lr : debug_object_deactivate+0x340/0x414 [ 64.392974][ T5665] sp : ffff80009de47b00 [ 64.393988][ T5665] x29: ffff80009de47b00 x28: 1fffe00019125869 x27: 0000000000000001 [ 64.395979][ T5665] x26: ffff80008e340000 x25: dfff800000000000 x24: ffff0000e2130b78 [ 64.398021][ T5665] x23: 00000000000000c0 x22: ffff800092b0e000 x21: ffff80008a8710a0 [ 64.400028][ T5665] x20: ffff0000c892c348 x19: ffff800089881d98 x18: 1fffe000368333ce [ 64.402005][ T5665] x17: 0000000000000000 x16: ffff80008a668980 x15: 0000000000000001 [ 64.404033][ T5665] x14: 1ffff00013bc8e7c x13: 0000000000000000 x12: 0000000000000000 [ 64.406064][ T5665] x11: 0000000000000001 x10: 0000000000000000 x9 : 00b59e53cf816800 [ 64.408094][ T5665] x8 : 00b59e53cf816800 x7 : 0000000000000001 x6 : 0000000000000001 [ 64.410130][ T5665] x5 : ffff80009de473f8 x4 : ffff80008e4210a0 x3 : ffff8000803639bc [ 64.412129][ T5665] x2 : 0000000000000001 x1 : 0000000100000001 x0 : 0000000000000000 [ 64.414231][ T5665] Call trace: [ 64.415028][ T5665] debug_object_deactivate+0x340/0x414 [ 64.416383][ T5665] process_one_work+0x198/0x1204 [ 64.417659][ T5665] worker_thread+0x938/0xef4 [ 64.418848][ T5665] kthread+0x288/0x310 [ 64.419927][ T5665] ret_from_fork+0x10/0x20 [ 64.421048][ T5665] irq event stamp: 4614 [ 64.422073][ T5665] hardirqs last enabled at (4613): [] _raw_spin_unlock_irq+0x30/0x80 [ 64.424540][ T5665] hardirqs last disabled at (4614): [] __schedule+0x2b4/0x23b4 [ 64.426802][ T5665] softirqs last enabled at (4538): [] release_sock+0x15c/0x1b0 [ 64.429128][ T5665] softirqs last disabled at (4536): [] release_sock+0x3c/0x1b0 [ 64.431419][ T5665] ---[ end trace 0000000000000000 ]--- 1970/01/01 00:01:04 executed programs: 4 [ 64.530575][ T2217] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.532246][ T2217] ieee802154 phy1 wpan1: encryption failed: -22 [ 65.240097][ T5665] Bluetooth: hci0: command 0x040f tx timeout [ 67.320146][ T6100] Bluetooth: hci0: command 0x0419 tx timeout [ 69.400092][ T5665] Bluetooth: hci0: command 0x0407 tx timeout 1970/01/01 00:01:09 executed programs: 10 [ 69.640991][ T1650] cfg80211: failed to load regulatory.db [ 71.480150][ T6100] Bluetooth: hci0: command 0x0405 tx timeout [ 73.560108][ T5665] Bluetooth: hci0: command 0x0407 tx timeout