Warning: Permanently added '10.128.1.38' (ED25519) to the list of known hosts. 1970/01/01 00:01:00 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:00 parsed 1 programs [ 60.517398][ T6442] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS 1970/01/01 00:01:00 executed programs: 0 [ 60.555905][ T5662] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 60.558381][ T5662] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 60.561028][ T5662] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 60.563467][ T5662] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 60.565627][ T5662] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 60.567613][ T5662] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 60.635411][ T6450] chnl_net:caif_netlink_parms(): no params data found [ 60.663470][ T6450] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.665359][ T6450] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.667194][ T6450] bridge_slave_0: entered allmulticast mode [ 60.669352][ T6450] bridge_slave_0: entered promiscuous mode [ 60.672324][ T6450] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.674143][ T6450] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.676109][ T6450] bridge_slave_1: entered allmulticast mode [ 60.678095][ T6450] bridge_slave_1: entered promiscuous mode [ 60.689981][ T6450] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.693759][ T6450] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.706750][ T6450] team0: Port device team_slave_0 added [ 60.709651][ T6450] team0: Port device team_slave_1 added [ 60.720226][ T6450] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.721960][ T6450] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.728433][ T6450] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.732618][ T6450] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.734406][ T6450] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.740995][ T6450] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.811045][ T6450] hsr_slave_0: entered promiscuous mode [ 60.849483][ T6450] hsr_slave_1: entered promiscuous mode [ 61.573462][ T6450] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 61.621044][ T6450] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 61.672151][ T6450] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 61.720764][ T6450] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 61.823706][ T6450] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.833046][ T6450] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.840742][ T6097] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.842587][ T6097] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.846207][ T6097] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.848075][ T6097] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.942546][ T6450] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.966537][ T6450] veth0_vlan: entered promiscuous mode [ 61.973188][ T6450] veth1_vlan: entered promiscuous mode [ 61.988166][ T6450] veth0_macvtap: entered promiscuous mode [ 61.995255][ T6450] veth1_macvtap: entered promiscuous mode [ 62.004122][ T6450] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.012922][ T6450] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.017749][ T6450] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.020447][ T6450] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.022693][ T6450] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.024926][ T6450] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.070914][ T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.073075][ T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.096275][ T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.098309][ T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.580231][ T5662] Bluetooth: hci0: command 0x0409 tx timeout [ 64.510983][ T2213] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.512752][ T2213] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.659152][ T5662] Bluetooth: hci0: command 0x041b tx timeout 1970/01/01 00:01:05 executed programs: 4 [ 65.859885][ T6101] ================================================================== [ 65.862137][ T6101] BUG: KASAN: slab-use-after-free in sco_sock_timeout+0x64/0x25c [ 65.864246][ T6101] Write of size 4 at addr ffff0000db795080 by task kworker/0:3/6101 [ 65.866305][ T6101] [ 65.866922][ T6101] CPU: 0 PID: 6101 Comm: kworker/0:3 Not tainted 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c-dirty #0 [ 65.869622][ T6101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 65.872235][ T6101] Workqueue: events sco_sock_timeout [ 65.873620][ T6101] Call trace: [ 65.874453][ T6101] dump_backtrace+0x1b8/0x1e4 [ 65.875676][ T6101] show_stack+0x2c/0x44 [ 65.876800][ T6101] dump_stack_lvl+0xd0/0x124 [ 65.877922][ T6101] print_report+0x174/0x514 [ 65.879144][ T6101] kasan_report+0xd8/0x138 [ 65.880261][ T6101] kasan_check_range+0x254/0x294 [ 65.881537][ T6101] __kasan_check_write+0x20/0x30 [ 65.882828][ T6101] sco_sock_timeout+0x64/0x25c [ 65.884017][ T6101] process_one_work+0x694/0x1204 [ 65.885362][ T6101] worker_thread+0x938/0xef4 [ 65.886592][ T6101] kthread+0x288/0x310 [ 65.887638][ T6101] ret_from_fork+0x10/0x20 [ 65.888781][ T6101] [ 65.889396][ T6101] Allocated by task 6617: [ 65.890490][ T6101] kasan_set_track+0x4c/0x7c [ 65.891622][ T6101] kasan_save_alloc_info+0x24/0x30 [ 65.892932][ T6101] __kasan_kmalloc+0xac/0xc4 [ 65.894111][ T6101] __kmalloc+0xcc/0x1b8 [ 65.895219][ T6101] sk_prot_alloc+0xc4/0x1f0 [ 65.896341][ T6101] sk_alloc+0x44/0x3f4 [ 65.897405][ T6101] bt_sock_alloc+0x4c/0x32c [ 65.898561][ T6101] sco_sock_create+0xbc/0x31c [ 65.899725][ T6101] bt_sock_create+0x14c/0x248 [ 65.900929][ T6101] __sock_create+0x43c/0x884 [ 65.902183][ T6101] __sys_socket+0x134/0x340 [ 65.903431][ T6101] __arm64_sys_socket+0x7c/0x94 [ 65.904719][ T6101] invoke_syscall+0x98/0x2b8 [ 65.905930][ T6101] el0_svc_common+0x130/0x23c [ 65.907217][ T6101] do_el0_svc+0x48/0x58 [ 65.908385][ T6101] el0_svc+0x54/0x158 [ 65.909417][ T6101] el0t_64_sync_handler+0x84/0xfc [ 65.910726][ T6101] el0t_64_sync+0x190/0x194 [ 65.911974][ T6101] [ 65.912602][ T6101] Freed by task 6617: [ 65.913672][ T6101] kasan_set_track+0x4c/0x7c [ 65.914873][ T6101] kasan_save_free_info+0x38/0x5c [ 65.916148][ T6101] ____kasan_slab_free+0x144/0x1c0 [ 65.917492][ T6101] __kasan_slab_free+0x18/0x28 [ 65.918738][ T6101] __kmem_cache_free+0x2ac/0x480 [ 65.920126][ T6101] kfree+0xb8/0x19c [ 65.921163][ T6101] __sk_destruct+0x4c0/0x770 [ 65.922376][ T6101] __sk_free+0x37c/0x4e8 [ 65.923456][ T6101] sk_free+0x60/0xc8 [ 65.924507][ T6101] sco_sock_kill+0xfc/0x1b4 [ 65.925677][ T6101] sco_sock_release+0x1fc/0x2c0 [ 65.926960][ T6101] sock_close+0xa4/0x1e8 [ 65.928040][ T6101] __fput+0x324/0x7f8 [ 65.929044][ T6101] ____fput+0x20/0x30 [ 65.930089][ T6101] task_work_run+0x230/0x2e0 [ 65.931306][ T6101] get_signal+0x13f4/0x15ec [ 65.932486][ T6101] do_notify_resume+0x3bc/0x393c [ 65.933805][ T6101] el0_svc+0x9c/0x158 [ 65.934882][ T6101] el0t_64_sync_handler+0x84/0xfc [ 65.936172][ T6101] el0t_64_sync+0x190/0x194 [ 65.937323][ T6101] [ 65.937941][ T6101] The buggy address belongs to the object at ffff0000db795000 [ 65.937941][ T6101] which belongs to the cache kmalloc-2k of size 2048 [ 65.941689][ T6101] The buggy address is located 128 bytes inside of [ 65.941689][ T6101] freed 2048-byte region [ffff0000db795000, ffff0000db795800) [ 65.945397][ T6101] [ 65.945991][ T6101] The buggy address belongs to the physical page: [ 65.947699][ T6101] page:0000000058a39b68 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff0000db797000 pfn:0x11b790 [ 65.950740][ T6101] head:0000000058a39b68 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 65.953046][ T6101] flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 65.955121][ T6101] page_type: 0xffffffff() [ 65.956234][ T6101] raw: 05ffc00000000840 ffff0000c0002000 ffff0000c0000948 fffffc0003359410 [ 65.958527][ T6101] raw: ffff0000db797000 0000000000080006 00000001ffffffff 0000000000000000 [ 65.960762][ T6101] page dumped because: kasan: bad access detected [ 65.962477][ T6101] [ 65.963055][ T6101] Memory state around the buggy address: [ 65.964476][ T6101] ffff0000db794f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 65.966659][ T6101] ffff0000db795000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.968735][ T6101] >ffff0000db795080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.970808][ T6101] ^ [ 65.971837][ T6101] ffff0000db795100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.973932][ T6101] ffff0000db795180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.976070][ T6101] ================================================================== [ 65.978442][ T6101] Disabling lock debugging due to kernel taint [ 65.980057][ T6101] ------------[ cut here ]------------ [ 65.981497][ T6101] refcount_t: addition on 0; use-after-free. [ 65.983278][ T6101] WARNING: CPU: 0 PID: 6101 at lib/refcount.c:25 refcount_warn_saturate+0x1a8/0x20c [ 65.985616][ T6101] Modules linked in: [ 65.986567][ T6101] CPU: 0 PID: 6101 Comm: kworker/0:3 Tainted: G B 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c-dirty #0 [ 65.989604][ T6101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 65.992242][ T6101] Workqueue: events sco_sock_timeout [ 65.993597][ T6101] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 65.995585][ T6101] pc : refcount_warn_saturate+0x1a8/0x20c [ 65.997127][ T6101] lr : refcount_warn_saturate+0x1a8/0x20c [ 65.998616][ T6101] sp : ffff800096c47af0 [ 65.999704][ T6101] x29: ffff800096c47af0 x28: 1fffe0001abfc00a x27: dfff800000000000 [ 66.001758][ T6101] x26: ffff0000c1084008 x25: ffff0000d5fe0050 x24: ffff0001b418b500 [ 66.003841][ T6101] x23: dfff800000000000 x22: 0000000000000000 x21: 0000000000000002 [ 66.006018][ T6101] x20: ffff0000db795080 x19: ffff8000910a2000 x18: ffff800096c47800 [ 66.008108][ T6101] x17: 0000000000000000 x16: ffff80008a6688c0 x15: 0000000000000001 [ 66.010206][ T6101] x14: 1ffff00012d88e78 x13: 0000000000000000 x12: 0000000000000000 [ 66.012247][ T6101] x11: 0000000000000001 x10: 0000000000000000 x9 : 345179c02a25c000 [ 66.014296][ T6101] x8 : 345179c02a25c000 x7 : 0000000000000001 x6 : 0000000000000001 [ 66.016408][ T6101] x5 : ffff800096c473d8 x4 : ffff80008e4210a0 x3 : ffff8000803639bc [ 66.018487][ T6101] x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000000000 [ 66.020585][ T6101] Call trace: [ 66.021482][ T6101] refcount_warn_saturate+0x1a8/0x20c [ 66.022883][ T6101] sco_sock_timeout+0x19c/0x25c [ 66.024125][ T6101] process_one_work+0x694/0x1204 [ 66.025377][ T6101] worker_thread+0x938/0xef4 [ 66.026620][ T6101] kthread+0x288/0x310 [ 66.027630][ T6101] ret_from_fork+0x10/0x20 [ 66.028827][ T6101] irq event stamp: 5571 [ 66.029832][ T6101] hardirqs last enabled at (5571): [] exit_to_kernel_mode+0xdc/0x10c [ 66.032378][ T6101] hardirqs last disabled at (5570): [] __do_softirq+0x950/0xd54 [ 66.034763][ T6101] softirqs last enabled at (5414): [] nsim_dev_trap_report_work+0x620/0x924 [ 66.037472][ T6101] softirqs last disabled at (5412): [] nsim_dev_trap_report_work+0x59c/0x924 [ 66.040133][ T6101] ---[ end trace 0000000000000000 ]--- [ 66.041824][ T6101] ------------[ cut here ]------------ [ 66.043190][ T6101] refcount_t: underflow; use-after-free. [ 66.044956][ T6101] WARNING: CPU: 0 PID: 6101 at lib/refcount.c:28 refcount_warn_saturate+0x1c8/0x20c [ 66.047303][ T6101] Modules linked in: [ 66.048342][ T6101] CPU: 0 PID: 6101 Comm: kworker/0:3 Tainted: G B W 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c-dirty #0 [ 66.051408][ T6101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 66.054040][ T6101] Workqueue: events sco_sock_timeout [ 66.055430][ T6101] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 66.057475][ T6101] pc : refcount_warn_saturate+0x1c8/0x20c [ 66.058902][ T6101] lr : refcount_warn_saturate+0x1c8/0x20c [ 66.060381][ T6101] sp : ffff800096c47af0 [ 66.061412][ T6101] x29: ffff800096c47af0 x28: 1fffe0001abfc00a x27: dfff800000000000 [ 66.063510][ T6101] x26: ffff0000c1084008 x25: ffff0000d5fe0050 x24: ffff0001b418b500 [ 66.065612][ T6101] x23: dfff800000000000 x22: 0000000000000000 x21: 0000000000000003 [ 66.067693][ T6101] x20: ffff0000db795080 x19: ffff8000910a2000 x18: 1fffe0003682efce [ 66.069786][ T6101] x17: 0000000000000000 x16: ffff80008a71b1fc x15: 0000000000000001 [ 66.071885][ T6101] x14: 1ffff00012d88eb0 x13: 0000000000000000 x12: 0000000000000000 [ 66.074012][ T6101] x11: 0000000000000000 x10: 0000000000000000 x9 : 345179c02a25c000 [ 66.076006][ T6101] x8 : 345179c02a25c000 x7 : 0000000000000001 x6 : 0000000000000001 [ 66.078113][ T6101] x5 : ffff800096c473d8 x4 : ffff80008e4210a0 x3 : ffff800082b180c4 [ 66.080259][ T6101] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000000 [ 66.082341][ T6101] Call trace: [ 66.083159][ T6101] refcount_warn_saturate+0x1c8/0x20c [ 66.084519][ T6101] sco_sock_timeout+0x1b0/0x25c [ 66.085769][ T6101] process_one_work+0x694/0x1204 [ 66.087049][ T6101] worker_thread+0x938/0xef4 [ 66.088240][ T6101] kthread+0x288/0x310 [ 66.089263][ T6101] ret_from_fork+0x10/0x20 [ 66.090437][ T6101] irq event stamp: 5571 [ 66.091526][ T6101] hardirqs last enabled at (5571): [] exit_to_kernel_mode+0xdc/0x10c [ 66.093996][ T6101] hardirqs last disabled at (5570): [] __do_softirq+0x950/0xd54 [ 66.096373][ T6101] softirqs last enabled at (5414): [] nsim_dev_trap_report_work+0x620/0x924 [ 66.099064][ T6101] softirqs last disabled at (5412): [] nsim_dev_trap_report_work+0x59c/0x924 [ 66.101731][ T6101] ---[ end trace 0000000000000000 ]--- [ 66.739169][ T5662] Bluetooth: hci0: command 0x040f tx timeout [ 67.248617][ T6817] ------------[ cut here ]------------ [ 67.250069][ T6817] ODEBUG: assert_init not available (active state 0) object: 000000007991403f object type: timer_list hint: hci_conn_timeout+0x0/0x1e8 [ 67.253990][ T6817] WARNING: CPU: 0 PID: 6817 at lib/debugobjects.c:517 debug_print_object+0x168/0x1e0 [ 67.256378][ T6817] Modules linked in: [ 67.257398][ T6817] CPU: 0 PID: 6817 Comm: syz-executor.0 Tainted: G B W 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c-dirty #0 [ 67.260610][ T6817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 67.263123][ T6817] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 67.265205][ T6817] pc : debug_print_object+0x168/0x1e0 [ 67.266706][ T6817] lr : debug_print_object+0x168/0x1e0 [ 67.268123][ T6817] sp : ffff800096c97790 [ 67.269228][ T6817] x29: ffff800096c97790 x28: dfff800000000000 x27: ffff700012d92f00 [ 67.271226][ T6817] x26: dfff800000000000 x25: dfff800000000000 x24: ffff0000d2a98390 [ 67.273316][ T6817] x23: ffff80008ad651a0 x22: ffff800089881d98 x21: ffff80008a89c360 [ 67.275378][ T6817] x20: 0000000000000000 x19: ffff80008ad64cc0 x18: 0000000000000000 [ 67.277500][ T6817] x17: 0000000000000000 x16: ffff80008a71b1fc x15: 0000000000000001 [ 67.279604][ T6817] x14: 1fffe0003682f032 x13: 0000000000000000 x12: 0000000000000000 [ 67.281753][ T6817] x11: 0000000000000001 x10: 0000000000000000 x9 : 57ae745acee02e00 [ 67.283850][ T6817] x8 : 57ae745acee02e00 x7 : 0000000000000001 x6 : 0000000000000001 [ 67.285902][ T6817] x5 : ffff800096c97078 x4 : ffff80008e4210a0 x3 : ffff8000805a359c [ 67.288014][ T6817] x2 : 0000000000000001 x1 : 0000000100000001 x0 : 0000000000000000 [ 67.290037][ T6817] Call trace: [ 67.290873][ T6817] debug_print_object+0x168/0x1e0 [ 67.292162][ T6817] debug_object_assert_init+0x318/0x3c8 [ 67.293605][ T6817] __timer_delete+0xac/0x2f8 [ 67.294790][ T6817] timer_delete+0x24/0x34 [ 67.296131][ T6817] try_to_grab_pending+0x8c/0x618 [ 67.297386][ T6817] __cancel_work+0xb0/0x2a8 [ 67.298573][ T6817] cancel_delayed_work+0x24/0x38 [ 67.299867][ T6817] hci_conn_drop+0x150/0x2bc [ 67.301055][ T6817] __sco_sock_close+0x3a8/0x7b0 [ 67.302295][ T6817] sco_sock_release+0xb4/0x2c0 [ 67.303500][ T6817] sock_close+0xa4/0x1e8 [ 67.304604][ T6817] __fput+0x324/0x7f8 [ 67.305612][ T6817] __fput_sync+0x60/0x9c [ 67.306687][ T6817] __arm64_sys_close+0x150/0x1e0 [ 67.308064][ T6817] invoke_syscall+0x98/0x2b8 [ 67.309307][ T6817] el0_svc_common+0x130/0x23c [ 67.310503][ T6817] do_el0_svc+0x48/0x58 [ 67.311609][ T6817] el0_svc+0x54/0x158 [ 67.312629][ T6817] el0t_64_sync_handler+0x84/0xfc [ 67.313958][ T6817] el0t_64_sync+0x190/0x194 [ 67.315122][ T6817] irq event stamp: 0 [ 67.316118][ T6817] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 67.318013][ T6817] hardirqs last disabled at (0): [] copy_process+0x1318/0x34b8 [ 67.320402][ T6817] softirqs last enabled at (0): [] copy_process+0x1340/0x34b8 [ 67.322827][ T6817] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 67.324700][ T6817] ---[ end trace 0000000000000000 ]--- [ 67.326270][ T6817] ------------[ cut here ]------------ [ 67.327633][ T6817] WARNING: CPU: 0 PID: 6817 at kernel/workqueue.c:1939 queue_delayed_work_on+0x214/0x2e4 [ 67.330068][ T6817] Modules linked in: [ 67.331081][ T6817] CPU: 0 PID: 6817 Comm: syz-executor.0 Tainted: G B W 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c-dirty #0 [ 67.334372][ T6817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 67.337059][ T6817] pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 67.339111][ T6817] pc : queue_delayed_work_on+0x214/0x2e4 [ 67.340580][ T6817] lr : queue_delayed_work_on+0x214/0x2e4 [ 67.342042][ T6817] sp : ffff800096c97af0 [ 67.343118][ T6817] x29: ffff800096c97af0 x28: 1fffe000191cd480 x27: dfff800000000000 [ 67.345184][ T6817] x26: 0000000000000000 x25: ffff0000d2a983a8 x24: ffff0000d9106400 [ 67.347348][ T6817] x23: 0000000000000000 x22: ffff0000d2a98348 x21: 0000000000000008 [ 67.349500][ T6817] x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000000 [ 67.351538][ T6817] x17: 0000000000000000 x16: ffff80008a71b1fc x15: ffff60001a553069 [ 67.353609][ T6817] x14: 1fffe0001a553069 x13: 00000000000000fb x12: ffffffffffffffff [ 67.355713][ T6817] x11: 0000000000000001 x10: 0000000000000000 x9 : 0000000000000000 [ 67.357758][ T6817] x8 : ffff0000d79d5340 x7 : 0000000000000000 x6 : 0000000000000000 [ 67.359826][ T6817] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080221e68 [ 67.361843][ T6817] x2 : 0000000000000000 x1 : 0000000000000008 x0 : 0000000000000000 [ 67.363958][ T6817] Call trace: [ 67.364846][ T6817] queue_delayed_work_on+0x214/0x2e4 [ 67.366204][ T6817] hci_conn_drop+0x198/0x2bc [ 67.367423][ T6817] __sco_sock_close+0x3a8/0x7b0 [ 67.368720][ T6817] sco_sock_release+0xb4/0x2c0 [ 67.369981][ T6817] sock_close+0xa4/0x1e8 [ 67.371068][ T6817] __fput+0x324/0x7f8 [ 67.372121][ T6817] __fput_sync+0x60/0x9c [ 67.373201][ T6817] __arm64_sys_close+0x150/0x1e0 [ 67.374487][ T6817] invoke_syscall+0x98/0x2b8 [ 67.375704][ T6817] el0_svc_common+0x130/0x23c [ 67.376974][ T6817] do_el0_svc+0x48/0x58 [ 67.378070][ T6817] el0_svc+0x54/0x158 [ 67.379110][ T6817] el0t_64_sync_handler+0x84/0xfc [ 67.380405][ T6817] el0t_64_sync+0x190/0x194 [ 67.381604][ T6817] irq event stamp: 0 [ 67.382632][ T6817] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 67.384563][ T6817] hardirqs last disabled at (0): [] copy_process+0x1318/0x34b8 [ 67.386890][ T6817] softirqs last enabled at (0): [] copy_process+0x1340/0x34b8 [ 67.389233][ T6817] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 67.391128][ T6817] ---[ end trace 0000000000000000 ]--- [ 67.392528][ T6817] ------------[ cut here ]------------ [ 67.393932][ T6817] ODEBUG: activate not available (active state 0) object: 0000000060ae18f3 object type: work_struct hint: hci_conn_timeout+0x0/0x1e8 [ 67.397717][ T6817] WARNING: CPU: 0 PID: 6817 at lib/debugobjects.c:517 debug_print_object+0x168/0x1e0 [ 67.400150][ T6817] Modules linked in: [ 67.401169][ T6817] CPU: 0 PID: 6817 Comm: syz-executor.0 Tainted: G B W 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c-dirty #0 [ 67.404411][ T6817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 67.407066][ T6817] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 67.409171][ T6817] pc : debug_print_object+0x168/0x1e0 [ 67.410579][ T6817] lr : debug_print_object+0x168/0x1e0 [ 67.411907][ T6817] sp : ffff800096c97870 [ 67.412942][ T6817] x29: ffff800096c97870 x28: dfff800000000000 x27: ffff700012d92f1c [ 67.415010][ T6817] x26: ffff0000d1990910 x25: dfff800000000000 x24: ffff0000d2a98348 [ 67.417079][ T6817] x23: ffff80008ad651a0 x22: ffff800089881d98 x21: ffff80008a8710a0 [ 67.419162][ T6817] x20: 0000000000000000 x19: ffff80008ad64c40 x18: 0000000000000000 [ 67.421268][ T6817] x17: 0000000000000000 x16: ffff80008a71b1fc x15: 0000000000000001 [ 67.423376][ T6817] x14: 1fffe0003682f032 x13: 0000000000000000 x12: 0000000000000000 [ 67.425470][ T6817] x11: 0000000000000002 x10: 0000000000000000 x9 : 57ae745acee02e00 [ 67.427539][ T6817] x8 : 57ae745acee02e00 x7 : 0000000000000001 x6 : 0000000000000001 [ 67.429632][ T6817] x5 : ffff800096c97158 x4 : ffff80008e4210a0 x3 : ffff8000805a359c [ 67.431730][ T6817] x2 : 0000000000000001 x1 : 0000000100000002 x0 : 0000000000000000 [ 67.433843][ T6817] Call trace: [ 67.434668][ T6817] debug_print_object+0x168/0x1e0 [ 67.436028][ T6817] debug_object_activate+0x600/0x7e0 [ 67.437415][ T6817] insert_work+0x4c/0x2d4 [ 67.438550][ T6817] __queue_work+0xcf4/0x1338 [ 67.439776][ T6817] queue_delayed_work_on+0x1f4/0x2e4 [ 67.441111][ T6817] hci_conn_drop+0x198/0x2bc [ 67.442358][ T6817] __sco_sock_close+0x3a8/0x7b0 [ 67.443582][ T6817] sco_sock_release+0xb4/0x2c0 [ 67.444828][ T6817] sock_close+0xa4/0x1e8 [ 67.445916][ T6817] __fput+0x324/0x7f8 [ 67.446993][ T6817] __fput_sync+0x60/0x9c [ 67.448018][ T6817] __arm64_sys_close+0x150/0x1e0 [ 67.449246][ T6817] invoke_syscall+0x98/0x2b8 [ 67.450451][ T6817] el0_svc_common+0x130/0x23c [ 67.451652][ T6817] do_el0_svc+0x48/0x58 [ 67.452781][ T6817] el0_svc+0x54/0x158 [ 67.453820][ T6817] el0t_64_sync_handler+0x84/0xfc [ 67.455162][ T6817] el0t_64_sync+0x190/0x194 [ 67.456368][ T6817] irq event stamp: 0 [ 67.457364][ T6817] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 67.459158][ T6817] hardirqs last disabled at (0): [] copy_process+0x1318/0x34b8 [ 67.461559][ T6817] softirqs last enabled at (0): [] copy_process+0x1340/0x34b8 [ 67.463875][ T6817] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 67.465700][ T6817] ---[ end trace 0000000000000000 ]--- [ 67.467105][ T5662] ------------[ cut here ]------------ [ 67.468519][ T5662] ODEBUG: deactivate not available (active state 0) object: 0000000060ae18f3 object type: work_struct hint: hci_conn_timeout+0x0/0x1e8 [ 67.472541][ T5662] WARNING: CPU: 1 PID: 5662 at lib/debugobjects.c:517 debug_object_deactivate+0x340/0x414 [ 67.475139][ T5662] Modules linked in: [ 67.476177][ T5662] CPU: 1 PID: 5662 Comm: kworker/u5:1 Tainted: G B W 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c-dirty #0 [ 67.479382][ T5662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 67.481986][ T5662] Workqueue: 0x0 (hci0) [ 67.483080][ T5662] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 67.485130][ T5662] pc : debug_object_deactivate+0x340/0x414 [ 67.486688][ T5662] lr : debug_object_deactivate+0x340/0x414 [ 67.488335][ T5662] sp : ffff80009dec7b00 [ 67.489468][ T5662] x29: ffff80009dec7b00 x28: 1fffe0001a553069 x27: 0000000000000001 [ 67.491552][ T5662] x26: ffff80008e340000 x25: dfff800000000000 x24: ffff0000d1990910 [ 67.493643][ T5662] x23: 00000000000000c0 x22: ffff800092b0e000 x21: ffff80008a8710a0 [ 67.495745][ T5662] x20: ffff0000d2a98348 x19: ffff800089881d98 x18: 1fffe000368333ce [ 67.497852][ T5662] x17: 0000000000000000 x16: ffff80008a71b1fc x15: 0000000000000001 [ 67.500000][ T5662] x14: 1ffff00013bd8eb4 x13: 0000000000000000 x12: 0000000000000000 [ 67.502099][ T5662] x11: 0000000000000001 x10: 0000000000000000 x9 : ff80db44dc543a00 [ 67.504166][ T5662] x8 : ff80db44dc543a00 x7 : 0000000000000001 x6 : 0000000000000001 [ 67.506264][ T5662] x5 : ffff80009dec73f8 x4 : ffff80008e4210a0 x3 : ffff800082b180c4 [ 67.508397][ T5662] x2 : 0000000000000001 x1 : 0000000100000001 x0 : 0000000000000000 [ 67.510555][ T5662] Call trace: [ 67.511391][ T5662] debug_object_deactivate+0x340/0x414 [ 67.512803][ T5662] process_one_work+0x198/0x1204 [ 67.514106][ T5662] worker_thread+0x938/0xef4 [ 67.515317][ T5662] kthread+0x288/0x310 [ 67.516352][ T5662] ret_from_fork+0x10/0x20 [ 67.517531][ T5662] irq event stamp: 3258 [ 67.518643][ T5662] hardirqs last enabled at (3257): [] _raw_spin_unlock_irq+0x30/0x80 [ 67.521275][ T5662] hardirqs last disabled at (3258): [] __schedule+0x2b4/0x23b4 [ 67.523669][ T5662] softirqs last enabled at (2880): [] __do_softirq+0xac0/0xd54 [ 67.526077][ T5662] softirqs last disabled at (2631): [] ____do_softirq+0x14/0x20 [ 67.528505][ T5662] ---[ end trace 0000000000000000 ]--- [ 68.819114][ T5662] Bluetooth: hci0: command 0x0419 tx timeout [ 69.214467][ T6823] ------------[ cut here ]------------ [ 69.215982][ T6823] ODEBUG: assert_init not available (active state 0) object: 00000000919b3351 object type: timer_list hint: hci_conn_timeout+0x0/0x1e8 [ 69.219940][ T6823] WARNING: CPU: 1 PID: 6823 at lib/debugobjects.c:517 debug_print_object+0x168/0x1e0 [ 69.222386][ T6823] Modules linked in: [ 69.223376][ T6823] CPU: 1 PID: 6823 Comm: syz-executor.0 Tainted: G B W 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c-dirty #0 [ 69.226582][ T6823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 69.229142][ T6823] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 69.231152][ T6823] pc : debug_print_object+0x168/0x1e0 [ 69.232611][ T6823] lr : debug_print_object+0x168/0x1e0 [ 69.234071][ T6823] sp : ffff800096cc7790 [ 69.235147][ T6823] x29: ffff800096cc7790 x28: dfff800000000000 x27: ffff700012d98f00 [ 69.237218][ T6823] x26: dfff800000000000 x25: dfff800000000000 x24: ffff0000d3fa6390 [ 69.239345][ T6823] x23: ffff80008ad651a0 x22: ffff800089881d98 x21: ffff80008a89c360 [ 69.241437][ T6823] x20: 0000000000000000 x19: ffff80008ad64cc0 x18: 0000000000000000 [ 69.243573][ T6823] x17: 0000000000000000 x16: ffff80008a71b1fc x15: 0000000000000001 [ 69.245705][ T6823] x14: 1fffe00036833432 x13: 0000000000000000 x12: 0000000000000000 [ 69.247815][ T6823] x11: 0000000000000001 x10: 0000000000000000 x9 : 21a6d5b2b1e40400 [ 69.249900][ T6823] x8 : 21a6d5b2b1e40400 x7 : 0000000000000001 x6 : 0000000000000001 [ 69.252000][ T6823] x5 : ffff800096cc7078 x4 : ffff80008e4210a0 x3 : ffff8000805a359c [ 69.254104][ T6823] x2 : 0000000000000001 x1 : 0000000100000001 x0 : 0000000000000000 [ 69.256228][ T6823] Call trace: [ 69.257047][ T6823] debug_print_object+0x168/0x1e0 [ 69.258382][ T6823] debug_object_assert_init+0x318/0x3c8 [ 69.259814][ T6823] __timer_delete+0xac/0x2f8 [ 69.261043][ T6823] timer_delete+0x24/0x34 [ 69.262182][ T6823] try_to_grab_pending+0x8c/0x618 [ 69.263480][ T6823] __cancel_work+0xb0/0x2a8 [ 69.264677][ T6823] cancel_delayed_work+0x24/0x38 [ 69.265957][ T6823] hci_conn_drop+0x150/0x2bc [ 69.267175][ T6823] __sco_sock_close+0x3a8/0x7b0 [ 69.268401][ T6823] sco_sock_release+0xb4/0x2c0 [ 69.269593][ T6823] sock_close+0xa4/0x1e8 [ 69.270705][ T6823] __fput+0x324/0x7f8 [ 69.271721][ T6823] __fput_sync+0x60/0x9c [ 69.272849][ T6823] __arm64_sys_close+0x150/0x1e0 [ 69.274158][ T6823] invoke_syscall+0x98/0x2b8 [ 69.275376][ T6823] el0_svc_common+0x130/0x23c [ 69.276583][ T6823] do_el0_svc+0x48/0x58 [ 69.277667][ T6823] el0_svc+0x54/0x158 [ 69.278713][ T6823] el0t_64_sync_handler+0x84/0xfc [ 69.279966][ T6823] el0t_64_sync+0x190/0x194 [ 69.281151][ T6823] irq event stamp: 0 [ 69.282141][ T6823] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 69.284014][ T6823] hardirqs last disabled at (0): [] copy_process+0x1318/0x34b8 [ 69.286358][ T6823] softirqs last enabled at (0): [] copy_process+0x1340/0x34b8 [ 69.288674][ T6823] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 69.290523][ T6823] ---[ end trace 0000000000000000 ]--- [ 69.292112][ T6823] ------------[ cut here ]------------ [ 69.293506][ T6823] ODEBUG: activate not available (active state 0) object: 000000000e3b7c8f object type: work_struct hint: hci_conn_timeout+0x0/0x1e8 [ 69.297245][ T6823] WARNING: CPU: 1 PID: 6823 at lib/debugobjects.c:517 debug_print_object+0x168/0x1e0 [ 69.299600][ T6823] Modules linked in: [ 69.300613][ T6823] CPU: 1 PID: 6823 Comm: syz-executor.0 Tainted: G B W 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c-dirty #0 [ 69.303851][ T6823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 69.306470][ T6823] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 69.308524][ T6823] pc : debug_print_object+0x168/0x1e0 [ 69.309916][ T6823] lr : debug_print_object+0x168/0x1e0 [ 69.311327][ T6823] sp : ffff800096cc7870 [ 69.312367][ T6823] x29: ffff800096cc7870 x28: dfff800000000000 x27: ffff700012d98f1c [ 69.314454][ T6823] x26: ffff0000c4fb1be8 x25: dfff800000000000 x24: ffff0000d3fa6348 [ 69.316521][ T6823] x23: ffff80008ad651a0 x22: ffff800089881d98 x21: ffff80008a8710a0 [ 69.318535][ T6823] x20: 0000000000000000 x19: ffff80008ad64c40 x18: 0000000000000000 [ 69.320576][ T6823] x17: 0000000000000000 x16: ffff80008a71b1fc x15: 0000000000000001 [ 69.322727][ T6823] x14: 1ffff00012d98e60 x13: 0000000000000000 x12: 0000000000000000 [ 69.324766][ T6823] x11: 0000000000000002 x10: 0000000000000000 x9 : 21a6d5b2b1e40400 [ 69.326851][ T6823] x8 : 21a6d5b2b1e40400 x7 : 0000000000000001 x6 : 0000000000000001 [ 69.328932][ T6823] x5 : ffff800096cc7158 x4 : ffff80008e4210a0 x3 : ffff800082b180c4 [ 69.331010][ T6823] x2 : 0000000000000001 x1 : 0000000000000002 x0 : 0000000000000000 [ 69.333061][ T6823] Call trace: [ 69.333942][ T6823] debug_print_object+0x168/0x1e0 [ 69.335234][ T6823] debug_object_activate+0x600/0x7e0 [ 69.336606][ T6823] insert_work+0x4c/0x2d4 [ 69.337761][ T6823] __queue_work+0xcf4/0x1338 [ 69.338972][ T6823] queue_delayed_work_on+0x1f4/0x2e4 [ 69.340366][ T6823] hci_conn_drop+0x198/0x2bc [ 69.341573][ T6823] __sco_sock_close+0x3a8/0x7b0 [ 69.342882][ T6823] sco_sock_release+0xb4/0x2c0 [ 69.344096][ T6823] sock_close+0xa4/0x1e8 [ 69.345227][ T6823] __fput+0x324/0x7f8 [ 69.346229][ T6823] __fput_sync+0x60/0x9c [ 69.347322][ T6823] __arm64_sys_close+0x150/0x1e0 [ 69.348568][ T6823] invoke_syscall+0x98/0x2b8 [ 69.349789][ T6823] el0_svc_common+0x130/0x23c [ 69.350973][ T6823] do_el0_svc+0x48/0x58 [ 69.352006][ T6823] el0_svc+0x54/0x158 [ 69.353050][ T6823] el0t_64_sync_handler+0x84/0xfc [ 69.354372][ T6823] el0t_64_sync+0x190/0x194 [ 69.355532][ T6823] irq event stamp: 0 [ 69.356543][ T6823] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 69.358328][ T6823] hardirqs last disabled at (0): [] copy_process+0x1318/0x34b8 [ 69.360665][ T6823] softirqs last enabled at (0): [] copy_process+0x1340/0x34b8 [ 69.363030][ T6823] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 69.364960][ T6823] ---[ end trace 0000000000000000 ]--- [ 69.619372][ T10] cfg80211: failed to load regulatory.db [ 70.899116][ T6102] Bluetooth: hci0: command 0x0407 tx timeout 1970/01/01 00:01:11 executed programs: 10 [ 72.979118][ T6102] Bluetooth: hci0: command 0x0405 tx timeout [ 75.059174][ T5662] Bluetooth: hci0: command 0x0407 tx timeout