Warning: Permanently added '10.128.1.172' (ED25519) to the list of known hosts. 1970/01/01 00:01:22 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:22 ignoring optional flag "type"="gce" 1970/01/01 00:01:23 parsed 1 programs [ 86.028200][ T4465] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 95.706351][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.708560][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.711499][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 95.731987][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.734240][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.737782][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 96.514776][ T4528] chnl_net:caif_netlink_parms(): no params data found [ 96.551749][ T4528] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.553816][ T4528] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.556971][ T4528] device bridge_slave_0 entered promiscuous mode [ 96.560683][ T4528] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.562775][ T4528] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.565877][ T4528] device bridge_slave_1 entered promiscuous mode [ 96.582798][ T4528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 96.587671][ T4528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 96.603155][ T4528] team0: Port device team_slave_0 added [ 96.606640][ T4528] team0: Port device team_slave_1 added [ 96.620845][ T4528] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 96.622860][ T4528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.630735][ T4528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 96.635337][ T4528] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 96.637475][ T4528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 96.644934][ T4528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 96.727656][ T4528] device hsr_slave_0 entered promiscuous mode [ 96.765952][ T4528] device hsr_slave_1 entered promiscuous mode [ 97.599595][ T4528] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 97.644938][ T4528] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 97.677164][ T4528] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 97.726212][ T4528] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 97.800685][ T4528] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.811456][ T4528] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.814811][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 97.817383][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 97.829827][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 97.832655][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.836300][ T136] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.838261][ T136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.841177][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 97.844057][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.848607][ T136] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.850589][ T136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.852996][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 97.858028][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 97.868198][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 97.871129][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 97.875348][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 97.878452][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 97.881400][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 97.886946][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 97.895287][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 97.898201][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 97.900843][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 97.903728][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 97.910953][ T4528] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 97.991893][ T4528] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.997129][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 97.999308][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 98.012271][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 98.017658][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 98.030905][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 98.033733][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 98.038745][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 98.041644][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 98.046709][ T4528] device veth0_vlan entered promiscuous mode [ 98.053274][ T4528] device veth1_vlan entered promiscuous mode [ 98.102991][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 98.108115][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 98.110783][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 98.113495][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 98.126381][ T4528] device veth0_macvtap entered promiscuous mode [ 98.131524][ T4528] device veth1_macvtap entered promiscuous mode [ 98.145272][ T4528] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.147411][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 98.150157][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 98.152763][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 98.158299][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 98.163184][ T4528] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.167853][ T4528] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.170344][ T4528] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.172834][ T4528] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.176606][ T4528] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.181701][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 98.185667][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 1970/01/01 00:01:38 executed programs: 0 [ 98.398405][ T4627] chnl_net:caif_netlink_parms(): no params data found [ 98.439005][ T4627] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.441093][ T4627] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.443742][ T4627] device bridge_slave_0 entered promiscuous mode [ 98.448109][ T4627] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.450130][ T4627] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.452731][ T4627] device bridge_slave_1 entered promiscuous mode [ 98.473045][ T4627] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.478770][ T4627] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.495829][ T4627] team0: Port device team_slave_0 added [ 98.499062][ T4627] team0: Port device team_slave_1 added [ 98.512253][ T4627] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.514142][ T4627] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.521607][ T4627] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.529122][ T4627] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.531205][ T4627] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.542189][ T4627] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.596431][ T4627] device hsr_slave_0 entered promiscuous mode [ 98.657284][ T4627] device hsr_slave_1 entered promiscuous mode [ 98.676058][ T4627] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 98.678241][ T4627] Cannot create hsr debugfs directory [ 98.781176][ T4627] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.315374][ T4565] Bluetooth: hci0: command 0x0409 tx timeout [ 100.915156][ T4627] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.394479][ T4562] Bluetooth: hci0: command 0x041b tx timeout [ 103.392510][ T4627] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.443120][ T4627] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.629377][ T4627] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 103.676709][ T4627] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 103.736578][ T4627] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 103.786690][ T4627] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 103.901509][ T4627] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.916405][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 103.918957][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 103.924172][ T4627] 8021q: adding VLAN 0 to HW filter on device team0 [ 103.932231][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 103.937878][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 103.940509][ T337] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.942495][ T337] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.953814][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 103.957757][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 103.960574][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 103.963229][ T337] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.965230][ T337] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.970140][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 103.985312][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 103.989331][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 103.994152][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 103.998424][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 104.001610][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 104.006829][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 104.009975][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 104.012690][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 104.016406][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 104.019547][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 104.024825][ T4627] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 104.112330][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 104.114890][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 104.122062][ T4627] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 104.138604][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 104.141433][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 104.161146][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 104.163878][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 104.167326][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 104.170311][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 104.175377][ T4627] device veth0_vlan entered promiscuous mode [ 104.182828][ T4627] device veth1_vlan entered promiscuous mode [ 104.199019][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 104.202872][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 104.206691][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 104.209333][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 104.213606][ T4627] device veth0_macvtap entered promiscuous mode [ 104.220026][ T4627] device veth1_macvtap entered promiscuous mode [ 104.231510][ T4627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 104.235523][ T4627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.239425][ T4627] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 104.241496][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 104.244407][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 104.246979][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 104.249732][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 104.254108][ T4627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 104.257759][ T4627] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 104.263637][ T4627] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 104.267761][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 104.270632][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 104.276140][ T4627] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.278483][ T4627] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.280941][ T4627] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.283305][ T4627] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.326446][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.328700][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.331753][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 104.350039][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.352291][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.358326][ T337] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 1970/01/01 00:01:44 executed programs: 2 [ 104.399836][ T144] [ 104.400480][ T144] ===================================== [ 104.402031][ T144] WARNING: bad unlock balance detected! [ 104.403518][ T144] 5.15.184-syzkaller #0 Not tainted [ 104.404948][ T144] ------------------------------------- [ 104.406456][ T144] kworker/u5:0/144 is trying to release lock (&chan->lock) at: [ 104.408507][ T144] [] l2cap_recv_frame+0x934/0x61a4 [ 104.410419][ T144] but there are no more locks to release! [ 104.411987][ T144] [ 104.411987][ T144] other info that might help us debug this: [ 104.414239][ T144] 2 locks held by kworker/u5:0/144: [ 104.415726][ T144] #0: ffff0000dbe4b938 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x678/0x1140 [ 104.418648][ T144] #1: ffff80001be17c00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6b8/0x1140 [ 104.421830][ T144] [ 104.421830][ T144] stack backtrace: [ 104.423549][ T144] CPU: 1 PID: 144 Comm: kworker/u5:0 Not tainted 5.15.184-syzkaller #0 [ 104.425763][ T144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 104.428529][ T144] Workqueue: hci0 hci_rx_work [ 104.429781][ T144] Call trace: [ 104.430621][ T144] dump_backtrace+0x0/0x43c [ 104.431868][ T144] show_stack+0x2c/0x3c [ 104.432984][ T144] __dump_stack+0x30/0x40 [ 104.434202][ T144] dump_stack_lvl+0xf8/0x160 [ 104.435444][ T144] dump_stack+0x1c/0x5c [ 104.436595][ T144] print_unlock_imbalance_bug+0x11c/0x160 [ 104.438157][ T144] lock_release+0x454/0x8e8 [ 104.439445][ T144] __mutex_unlock_slowpath+0xc0/0x5d8 [ 104.440967][ T144] mutex_unlock+0x90/0xec [ 104.442189][ T144] l2cap_recv_frame+0x934/0x61a4 [ 104.443551][ T144] l2cap_recv_acldata+0x4dc/0x137c [ 104.444997][ T144] hci_rx_work+0x3a0/0x880 [ 104.446227][ T144] process_one_work+0x79c/0x1140 [ 104.447654][ T144] worker_thread+0x8f4/0x101c [ 104.448945][ T144] kthread+0x374/0x454 [ 104.450125][ T144] ret_from_fork+0x10/0x20 [ 104.464547][ T4561] Bluetooth: hci0: command 0x040f tx timeout [ 105.074494][ T144] ================================================================== [ 105.076743][ T144] BUG: KASAN: use-after-free in do_raw_spin_lock+0x234/0x2f0 [ 105.078750][ T144] Read of size 4 at addr ffff0000c27d908c by task kworker/u5:0/144 [ 105.080944][ T144] [ 105.081545][ T144] CPU: 0 PID: 144 Comm: kworker/u5:0 Not tainted 5.15.184-syzkaller #0 [ 105.083754][ T144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 105.086611][ T144] Workqueue: hci0 hci_rx_work [ 105.087903][ T144] Call trace: [ 105.088789][ T144] dump_backtrace+0x0/0x43c [ 105.090005][ T144] show_stack+0x2c/0x3c [ 105.091152][ T144] __dump_stack+0x30/0x40 [ 105.092342][ T144] dump_stack_lvl+0xf8/0x160 [ 105.093516][ T144] print_address_description+0x78/0x30c [ 105.095065][ T144] kasan_report+0xec/0x15c [ 105.096270][ T144] __asan_report_load4_noabort+0x44/0x50 [ 105.097861][ T144] do_raw_spin_lock+0x234/0x2f0 [ 105.099179][ T144] _raw_spin_lock_bh+0x11c/0x1b4 [ 105.100544][ T144] __lock_sock+0x114/0x25c [ 105.101755][ T144] lock_sock_nested+0x124/0x1d4 [ 105.103123][ T144] l2cap_sock_recv_cb+0x5c/0x1c4 [ 105.104480][ T144] l2cap_recv_frame+0x880/0x61a4 [ 105.105891][ T144] l2cap_recv_acldata+0x4dc/0x137c [ 105.107302][ T144] hci_rx_work+0x3a0/0x880 [ 105.108590][ T144] process_one_work+0x79c/0x1140 [ 105.110002][ T144] worker_thread+0x8f4/0x101c [ 105.111251][ T144] kthread+0x374/0x454 [ 105.112356][ T144] ret_from_fork+0x10/0x20 [ 105.113655][ T144] [ 105.114268][ T144] Allocated by task 4967: [ 105.115483][ T144] __kasan_kmalloc+0xb0/0xf0 [ 105.116768][ T144] __kmalloc+0x298/0x44c [ 105.117951][ T144] sk_prot_alloc+0xc4/0x1f0 [ 105.119175][ T144] sk_alloc+0x40/0x388 [ 105.120261][ T144] l2cap_sock_create+0x140/0x354 [ 105.121631][ T144] bt_sock_create+0x14c/0x24c [ 105.122907][ T144] __sock_create+0x4b0/0x8b4 [ 105.124214][ T144] __sys_socket+0xf0/0x18c [ 105.125406][ T144] __arm64_sys_socket+0x7c/0x94 [ 105.126774][ T144] invoke_syscall+0x98/0x2b8 [ 105.128056][ T144] el0_svc_common+0x138/0x258 [ 105.129343][ T144] do_el0_svc+0x58/0x14c [ 105.130658][ T144] el0_svc+0x78/0x1e0 [ 105.131764][ T144] el0t_64_sync_handler+0xcc/0xe4 [ 105.133143][ T144] el0t_64_sync+0x1a0/0x1a4 [ 105.134370][ T144] [ 105.135018][ T144] Freed by task 4966: [ 105.136097][ T144] kasan_set_track+0x4c/0x84 [ 105.137365][ T144] kasan_set_free_info+0x28/0x4c [ 105.138707][ T144] ____kasan_slab_free+0x118/0x164 [ 105.140167][ T144] __kasan_slab_free+0x18/0x28 [ 105.141494][ T144] slab_free_freelist_hook+0x128/0x1e8 [ 105.143106][ T144] kfree+0x170/0x40c [ 105.144196][ T144] __sk_destruct+0x41c/0x604 [ 105.145469][ T144] __sk_free+0x320/0x430 [ 105.146736][ T144] sk_free+0x68/0xdc [ 105.147833][ T144] l2cap_sock_kill+0x114/0x228 [ 105.149156][ T144] l2cap_sock_release+0x130/0x1ac [ 105.150554][ T144] sock_close+0xb4/0x1f8 [ 105.151727][ T144] __fput+0x1c0/0x7f8 [ 105.152837][ T144] ____fput+0x20/0x30 [ 105.154020][ T144] task_work_run+0x12c/0x1e0 [ 105.155274][ T144] do_notify_resume+0x24b4/0x3128 [ 105.156665][ T144] el0_svc+0xf0/0x1e0 [ 105.157777][ T144] el0t_64_sync_handler+0xcc/0xe4 [ 105.159174][ T144] el0t_64_sync+0x1a0/0x1a4 [ 105.160474][ T144] [ 105.161138][ T144] The buggy address belongs to the object at ffff0000c27d9000 [ 105.161138][ T144] which belongs to the cache kmalloc-2k of size 2048 [ 105.165047][ T144] The buggy address is located 140 bytes inside of [ 105.165047][ T144] 2048-byte region [ffff0000c27d9000, ffff0000c27d9800) [ 105.168690][ T144] The buggy address belongs to the page: [ 105.170270][ T144] page:00000000193ce342 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027d8 [ 105.173224][ T144] head:00000000193ce342 order:3 compound_mapcount:0 compound_pincount:0 [ 105.175694][ T144] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 105.177994][ T144] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002900 [ 105.180448][ T144] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 105.182925][ T144] page dumped because: kasan: bad access detected [ 105.184748][ T144] [ 105.185405][ T144] Memory state around the buggy address: [ 105.186975][ T144] ffff0000c27d8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 105.189404][ T144] ffff0000c27d9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 105.191681][ T144] >ffff0000c27d9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 105.193940][ T144] ^ [ 105.195167][ T144] ffff0000c27d9100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 105.197458][ T144] ffff0000c27d9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 105.199722][ T144] ================================================================== [ 105.789181][ T589] device hsr_slave_0 left promiscuous mode [ 105.805846][ T589] device hsr_slave_1 left promiscuous mode [ 105.874570][ T589] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 105.876760][ T589] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 105.881144][ T589] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 105.883317][ T589] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 105.887155][ T589] device bridge_slave_1 left promiscuous mode [ 105.888970][ T589] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.931219][ T589] device bridge_slave_0 left promiscuous mode [ 105.932967][ T589] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.054692][ T589] device veth1_macvtap left promiscuous mode [ 106.056472][ T589] device veth0_macvtap left promiscuous mode [ 106.058156][ T589] device veth1_vlan left promiscuous mode [ 106.059846][ T589] device veth0_vlan left promiscuous mode [ 106.281175][ T589] team0 (unregistering): Port device team_slave_1 removed [ 106.289588][ T589] team0 (unregistering): Port device team_slave_0 removed [ 106.296851][ T589] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 106.350343][ T589] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 106.489328][ T589] bond0 (unregistering): Released all slaves [ 106.556549][ T4050] Bluetooth: hci0: command 0x0419 tx timeout 1970/01/01 00:01:49 executed programs: 275 1970/01/01 00:01:54 executed programs: 560