Warning: Permanently added '10.128.1.149' (ED25519) to the list of known hosts. 1970/01/01 00:00:59 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:59 parsed 1 programs [ 59.743053][ T6439] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS 1970/01/01 00:00:59 executed programs: 0 [ 59.782911][ T5663] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 59.785917][ T5663] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 59.788346][ T5663] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 59.790926][ T5663] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 59.793519][ T5663] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 59.796152][ T5663] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 59.869073][ T6447] chnl_net:caif_netlink_parms(): no params data found [ 59.898830][ T6447] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.900799][ T6447] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.902822][ T6447] bridge_slave_0: entered allmulticast mode [ 59.904921][ T6447] bridge_slave_0: entered promiscuous mode [ 59.908437][ T6447] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.910343][ T6447] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.912260][ T6447] bridge_slave_1: entered allmulticast mode [ 59.914374][ T6447] bridge_slave_1: entered promiscuous mode [ 59.926472][ T6447] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.931103][ T6447] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.943239][ T6447] team0: Port device team_slave_0 added [ 59.946321][ T6447] team0: Port device team_slave_1 added [ 59.958412][ T6447] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.960235][ T6447] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.967258][ T6447] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.971330][ T6447] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.973140][ T6447] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.980106][ T6447] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.055860][ T6447] hsr_slave_0: entered promiscuous mode [ 60.094516][ T6447] hsr_slave_1: entered promiscuous mode [ 60.856475][ T6447] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 60.897032][ T6447] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 60.951436][ T6447] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 60.996025][ T6447] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 61.086831][ T6447] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.098462][ T6447] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.103179][ T2122] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.105180][ T2122] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.111581][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.113545][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.215322][ T6447] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.246617][ T6447] veth0_vlan: entered promiscuous mode [ 61.251951][ T6447] veth1_vlan: entered promiscuous mode [ 61.270819][ T6447] veth0_macvtap: entered promiscuous mode [ 61.277338][ T6447] veth1_macvtap: entered promiscuous mode [ 61.285727][ T6447] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.291423][ T6447] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.297430][ T6447] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.299792][ T6447] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.302115][ T6447] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.304593][ T6447] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.340451][ T5097] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.342588][ T5097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.357563][ T5097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.359667][ T5097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.834889][ T5663] Bluetooth: hci0: command 0x0409 tx timeout [ 63.904427][ T5663] Bluetooth: hci0: command 0x041b tx timeout [ 63.972812][ T6682] ================================================================== [ 63.974907][ T6682] BUG: KASAN: slab-use-after-free in hci_conn_drop+0x34/0x2bc [ 63.976940][ T6682] Write of size 4 at addr ffff0000cbbc2010 by task syz-executor.0/6682 [ 63.979191][ T6682] [ 63.979758][ T6682] CPU: 0 PID: 6682 Comm: syz-executor.0 Not tainted 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c #0 [ 63.982522][ T6682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 63.985152][ T6682] Call trace: [ 63.986035][ T6682] dump_backtrace+0x1b8/0x1e4 [ 63.987341][ T6682] show_stack+0x2c/0x44 [ 63.988421][ T6682] dump_stack_lvl+0xd0/0x124 [ 63.989655][ T6682] print_report+0x174/0x514 [ 63.990806][ T6682] kasan_report+0xd8/0x138 [ 63.991963][ T6682] kasan_check_range+0x254/0x294 [ 63.993253][ T6682] __kasan_check_write+0x20/0x30 [ 63.994530][ T6682] hci_conn_drop+0x34/0x2bc [ 63.995678][ T6682] __sco_sock_close+0x3a8/0x7b0 [ 63.996902][ T6682] sco_sock_release+0xb4/0x2c0 [ 63.998135][ T6682] sock_close+0xa4/0x1e8 [ 63.999233][ T6682] __fput+0x324/0x7f8 [ 64.000209][ T6682] __fput_sync+0x60/0x9c [ 64.001367][ T6682] __arm64_sys_close+0x150/0x1e0 [ 64.002611][ T6682] invoke_syscall+0x98/0x2b8 [ 64.003788][ T6682] el0_svc_common+0x130/0x23c [ 64.005014][ T6682] do_el0_svc+0x48/0x58 [ 64.006115][ T6682] el0_svc+0x54/0x158 [ 64.007183][ T6682] el0t_64_sync_handler+0x84/0xfc [ 64.008496][ T6682] el0t_64_sync+0x190/0x194 [ 64.009694][ T6682] [ 64.010321][ T6682] Allocated by task 6684: [ 64.011477][ T6682] kasan_set_track+0x4c/0x7c [ 64.012711][ T6682] kasan_save_alloc_info+0x24/0x30 [ 64.014012][ T6682] __kasan_kmalloc+0xac/0xc4 [ 64.015254][ T6682] kmalloc_trace+0x70/0x88 [ 64.016395][ T6682] hci_conn_add+0xcc/0x1210 [ 64.017651][ T6682] hci_connect_sco+0x94/0x2bc [ 64.018880][ T6682] sco_sock_connect+0x278/0x840 [ 64.020190][ T6682] __sys_connect+0x268/0x290 [ 64.021336][ T6682] __arm64_sys_connect+0x7c/0x94 [ 64.022665][ T6682] invoke_syscall+0x98/0x2b8 [ 64.023851][ T6682] el0_svc_common+0x130/0x23c [ 64.025062][ T6682] do_el0_svc+0x48/0x58 [ 64.026199][ T6682] el0_svc+0x54/0x158 [ 64.027241][ T6682] el0t_64_sync_handler+0x84/0xfc [ 64.028590][ T6682] el0t_64_sync+0x190/0x194 [ 64.029750][ T6682] [ 64.030350][ T6682] Freed by task 5663: [ 64.031428][ T6682] kasan_set_track+0x4c/0x7c [ 64.032668][ T6682] kasan_save_free_info+0x38/0x5c [ 64.033968][ T6682] ____kasan_slab_free+0x144/0x1c0 [ 64.035340][ T6682] __kasan_slab_free+0x18/0x28 [ 64.036613][ T6682] __kmem_cache_free+0x2ac/0x480 [ 64.037898][ T6682] kfree+0xb8/0x19c [ 64.038919][ T6682] bt_link_release+0x20/0x30 [ 64.040133][ T6682] device_release+0x8c/0x1ac [ 64.041447][ T6682] kobject_put+0x1c4/0x3c4 [ 64.042674][ T6682] put_device+0x28/0x40 [ 64.043800][ T6682] hci_conn_del+0x78c/0xabc [ 64.044994][ T6682] hci_conn_failed+0x204/0x2c0 [ 64.046255][ T6682] hci_abort_conn_sync+0x688/0xe38 [ 64.047569][ T6682] abort_conn_sync+0x5c/0x8c [ 64.048842][ T6682] hci_cmd_sync_work+0x1cc/0x34c [ 64.050177][ T6682] process_one_work+0x694/0x1204 [ 64.051492][ T6682] worker_thread+0x938/0xef4 [ 64.052680][ T6682] kthread+0x288/0x310 [ 64.053742][ T6682] ret_from_fork+0x10/0x20 [ 64.054893][ T6682] [ 64.055455][ T6682] The buggy address belongs to the object at ffff0000cbbc2000 [ 64.055455][ T6682] which belongs to the cache kmalloc-4k of size 4096 [ 64.059226][ T6682] The buggy address is located 16 bytes inside of [ 64.059226][ T6682] freed 4096-byte region [ffff0000cbbc2000, ffff0000cbbc3000) [ 64.062898][ T6682] [ 64.063518][ T6682] The buggy address belongs to the physical page: [ 64.065290][ T6682] page:00000000d33ba1c4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10bbc0 [ 64.068049][ T6682] head:00000000d33ba1c4 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 64.070500][ T6682] flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 64.072634][ T6682] page_type: 0xffffffff() [ 64.073827][ T6682] raw: 05ffc00000000840 ffff0000c0002140 fffffc00032ea000 0000000000000002 [ 64.076234][ T6682] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 64.078529][ T6682] page dumped because: kasan: bad access detected [ 64.080236][ T6682] [ 64.080844][ T6682] Memory state around the buggy address: [ 64.082374][ T6682] ffff0000cbbc1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.084603][ T6682] ffff0000cbbc1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.086752][ T6682] >ffff0000cbbc2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.088924][ T6682] ^ [ 64.090125][ T6682] ffff0000cbbc2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.092361][ T6682] ffff0000cbbc2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.094598][ T6682] ================================================================== [ 64.096975][ T6682] Disabling lock debugging due to kernel taint [ 64.098588][ T6682] ------------[ cut here ]------------ [ 64.100007][ T6682] ODEBUG: assert_init not available (active state 0) object: 0000000045ef6dac object type: timer_list hint: hci_conn_timeout+0x0/0x1e8 [ 64.103987][ T6682] WARNING: CPU: 0 PID: 6682 at lib/debugobjects.c:517 debug_print_object+0x168/0x1e0 [ 64.106546][ T6682] Modules linked in: [ 64.107554][ T6682] CPU: 0 PID: 6682 Comm: syz-executor.0 Tainted: G B 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c #0 [ 64.110668][ T6682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 64.113384][ T6682] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 64.115497][ T6682] pc : debug_print_object+0x168/0x1e0 [ 64.116981][ T6682] lr : debug_print_object+0x168/0x1e0 [ 64.118520][ T6682] sp : ffff800097057790 [ 64.119671][ T6682] x29: ffff800097057790 x28: dfff800000000000 x27: ffff700012e0af00 [ 64.121855][ T6682] x26: dfff800000000000 x25: dfff800000000000 x24: ffff0000cbbc2390 [ 64.123891][ T6682] x23: ffff80008ad651a0 x22: ffff800089881d98 x21: ffff80008a89c360 [ 64.126037][ T6682] x20: 0000000000000000 x19: ffff80008ad64cc0 x18: 0000000000000000 [ 64.128188][ T6682] x17: 0000000000000000 x16: ffff80008a668900 x15: 0000000000000001 [ 64.130334][ T6682] x14: 1ffff00012e0ae0c x13: 0000000000000000 x12: 0000000000000000 [ 64.132437][ T6682] x11: 0000000000000001 x10: 0000000000000000 x9 : 63609b671c627700 [ 64.134583][ T6682] x8 : 63609b671c627700 x7 : 0000000000000001 x6 : 0000000000000001 [ 64.136659][ T6682] x5 : ffff800097057078 x4 : ffff80008e4210a0 x3 : ffff8000803639bc [ 64.138770][ T6682] x2 : 0000000000000001 x1 : 0000000000000001 x0 : 0000000000000000 [ 64.140870][ T6682] Call trace: [ 64.141721][ T6682] debug_print_object+0x168/0x1e0 [ 64.143126][ T6682] debug_object_assert_init+0x318/0x3c8 [ 64.144647][ T6682] __timer_delete+0xac/0x2f8 [ 64.145829][ T6682] timer_delete+0x24/0x34 [ 64.146910][ T6682] try_to_grab_pending+0x8c/0x618 [ 64.148283][ T6682] __cancel_work+0xb0/0x2a8 [ 64.149490][ T6682] cancel_delayed_work+0x24/0x38 [ 64.150791][ T6682] hci_conn_drop+0x150/0x2bc [ 64.152037][ T6682] __sco_sock_close+0x3a8/0x7b0 [ 64.153356][ T6682] sco_sock_release+0xb4/0x2c0 [ 64.154610][ T6682] sock_close+0xa4/0x1e8 [ 64.155708][ T6682] __fput+0x324/0x7f8 [ 64.156749][ T6682] __fput_sync+0x60/0x9c [ 64.157859][ T6682] __arm64_sys_close+0x150/0x1e0 [ 64.159178][ T6682] invoke_syscall+0x98/0x2b8 [ 64.160381][ T6682] el0_svc_common+0x130/0x23c [ 64.161615][ T6682] do_el0_svc+0x48/0x58 [ 64.162768][ T6682] el0_svc+0x54/0x158 [ 64.163839][ T6682] el0t_64_sync_handler+0x84/0xfc [ 64.165184][ T6682] el0t_64_sync+0x190/0x194 [ 64.166411][ T6682] irq event stamp: 17595 [ 64.167518][ T6682] hardirqs last enabled at (17595): [] exit_to_kernel_mode+0xdc/0x10c [ 64.170043][ T6682] hardirqs last disabled at (17594): [] __do_softirq+0x950/0xd54 [ 64.172470][ T6682] softirqs last enabled at (17476): [] lock_sock_nested+0xcc/0x11c [ 64.175028][ T6682] softirqs last disabled at (17474): [] lock_sock_nested+0x74/0x11c [ 64.177615][ T6682] ---[ end trace 0000000000000000 ]--- [ 64.179361][ T6682] ------------[ cut here ]------------ [ 64.180741][ T6682] WARNING: CPU: 0 PID: 6682 at kernel/workqueue.c:1939 queue_delayed_work_on+0x214/0x2e4 [ 64.183347][ T6682] Modules linked in: [ 64.184348][ T6682] CPU: 0 PID: 6682 Comm: syz-executor.0 Tainted: G B W 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c #0 [ 64.187520][ T6682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 64.190200][ T6682] pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 64.192214][ T6682] pc : queue_delayed_work_on+0x214/0x2e4 [ 64.193723][ T6682] lr : queue_delayed_work_on+0x214/0x2e4 [ 64.195231][ T6682] sp : ffff800097057af0 [ 64.196338][ T6682] x29: ffff800097057af0 x28: 1fffe0001a7f5c80 x27: dfff800000000000 [ 64.198461][ T6682] x26: 0000000000000000 x25: ffff0000cbbc23a8 x24: ffff0000cfcd0400 [ 64.200572][ T6682] x23: 0000000000000000 x22: ffff0000cbbc2348 x21: 0000000000000008 [ 64.202693][ T6682] x20: 0000000000000000 x19: 0000000000000000 x18: ffff0001b4191bb8 [ 64.204731][ T6682] x17: 0000000000000000 x16: ffff80008a71b23c x15: ffff600019778469 [ 64.206873][ T6682] x14: 1fffe00019778469 x13: 00000000000000fb x12: ffffffffffffffff [ 64.209001][ T6682] x11: 0000000000000001 x10: 0000000000000000 x9 : 0000000000000000 [ 64.211109][ T6682] x8 : ffff0000d8b85340 x7 : 0000000000000000 x6 : 0000000000000000 [ 64.213192][ T6682] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800080221e68 [ 64.215324][ T6682] x2 : 0000000000000000 x1 : 0000000000000008 x0 : 0000000000000000 [ 64.217436][ T6682] Call trace: [ 64.218315][ T6682] queue_delayed_work_on+0x214/0x2e4 [ 64.219709][ T6682] hci_conn_drop+0x198/0x2bc [ 64.220930][ T6682] __sco_sock_close+0x3a8/0x7b0 [ 64.222231][ T6682] sco_sock_release+0xb4/0x2c0 [ 64.223489][ T6682] sock_close+0xa4/0x1e8 [ 64.224625][ T6682] __fput+0x324/0x7f8 [ 64.225694][ T6682] __fput_sync+0x60/0x9c [ 64.226804][ T6682] __arm64_sys_close+0x150/0x1e0 [ 64.228088][ T6682] invoke_syscall+0x98/0x2b8 [ 64.229316][ T6682] el0_svc_common+0x130/0x23c [ 64.230572][ T6682] do_el0_svc+0x48/0x58 [ 64.231694][ T6682] el0_svc+0x54/0x158 [ 64.232758][ T6682] el0t_64_sync_handler+0x84/0xfc [ 64.234076][ T6682] el0t_64_sync+0x190/0x194 [ 64.235252][ T6682] irq event stamp: 17595 [ 64.236363][ T6682] hardirqs last enabled at (17595): [] exit_to_kernel_mode+0xdc/0x10c [ 64.238897][ T6682] hardirqs last disabled at (17594): [] __do_softirq+0x950/0xd54 [ 64.241272][ T6682] softirqs last enabled at (17476): [] lock_sock_nested+0xcc/0x11c [ 64.243761][ T6682] softirqs last disabled at (17474): [] lock_sock_nested+0x74/0x11c [ 64.246319][ T6682] ---[ end trace 0000000000000000 ]--- [ 64.247737][ T6682] ------------[ cut here ]------------ [ 64.249169][ T6682] ODEBUG: activate not available (active state 0) object: 000000008212a88d object type: work_struct hint: hci_conn_timeout+0x0/0x1e8 [ 64.253020][ T6682] WARNING: CPU: 0 PID: 6682 at lib/debugobjects.c:517 debug_print_object+0x168/0x1e0 [ 64.255552][ T6682] Modules linked in: [ 64.256588][ T6682] CPU: 0 PID: 6682 Comm: syz-executor.0 Tainted: G B W 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c #0 [ 64.259679][ T6682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 64.262344][ T6682] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 64.264383][ T6682] pc : debug_print_object+0x168/0x1e0 [ 64.265796][ T6682] lr : debug_print_object+0x168/0x1e0 [ 64.267209][ T6682] sp : ffff800097057870 [ 64.268266][ T6682] x29: ffff800097057870 x28: dfff800000000000 x27: ffff700012e0af1c [ 64.270397][ T6682] x26: ffff0000c926d0f8 x25: dfff800000000000 x24: ffff0000cbbc2348 [ 64.272574][ T6682] x23: ffff80008ad651a0 x22: ffff800089881d98 x21: ffff80008a8710a0 [ 64.274687][ T6682] x20: 0000000000000000 x19: ffff80008ad64c40 x18: ffff0001b4191bb8 [ 64.276791][ T6682] x17: 0000000000000000 x16: ffff80008a71b23c x15: 0000000000000001 [ 64.278881][ T6682] x14: 1fffe0003682f032 x13: 0000000000000000 x12: 0000000000000000 [ 64.280988][ T6682] x11: 0000000000000002 x10: 0000000000000000 x9 : 63609b671c627700 [ 64.283116][ T6682] x8 : 63609b671c627700 x7 : 0000000000000001 x6 : 0000000000000001 [ 64.285185][ T6682] x5 : ffff800097057158 x4 : ffff80008e4210a0 x3 : ffff8000805a359c [ 64.287256][ T6682] x2 : 0000000000000001 x1 : 0000000000000002 x0 : 0000000000000000 [ 64.289299][ T6682] Call trace: [ 64.290146][ T6682] debug_print_object+0x168/0x1e0 [ 64.291504][ T6682] debug_object_activate+0x600/0x7e0 [ 64.292931][ T6682] insert_work+0x4c/0x2d4 [ 64.294070][ T6682] __queue_work+0xcf4/0x1338 [ 64.295233][ T6682] queue_delayed_work_on+0x1f4/0x2e4 [ 64.296582][ T6682] hci_conn_drop+0x198/0x2bc [ 64.297744][ T6682] __sco_sock_close+0x3a8/0x7b0 [ 64.299008][ T6682] sco_sock_release+0xb4/0x2c0 [ 64.300258][ T6682] sock_close+0xa4/0x1e8 [ 64.301404][ T6682] __fput+0x324/0x7f8 [ 64.302448][ T6682] __fput_sync+0x60/0x9c [ 64.303519][ T6682] __arm64_sys_close+0x150/0x1e0 [ 64.304809][ T6682] invoke_syscall+0x98/0x2b8 [ 64.306035][ T6682] el0_svc_common+0x130/0x23c [ 64.307335][ T6682] do_el0_svc+0x48/0x58 [ 64.308455][ T6682] el0_svc+0x54/0x158 [ 64.309508][ T6682] el0t_64_sync_handler+0x84/0xfc [ 64.310858][ T6682] el0t_64_sync+0x190/0x194 [ 64.311992][ T6682] irq event stamp: 17595 [ 64.313144][ T6682] hardirqs last enabled at (17595): [] exit_to_kernel_mode+0xdc/0x10c [ 64.315676][ T6682] hardirqs last disabled at (17594): [] __do_softirq+0x950/0xd54 [ 64.318134][ T6682] softirqs last enabled at (17476): [] lock_sock_nested+0xcc/0x11c [ 64.320674][ T6682] softirqs last disabled at (17474): [] lock_sock_nested+0x74/0x11c [ 64.323275][ T6682] ---[ end trace 0000000000000000 ]--- [ 64.324711][ T5663] ------------[ cut here ]------------ [ 64.326186][ T5663] ODEBUG: deactivate not available (active state 0) object: 000000008212a88d object type: work_struct hint: hci_conn_timeout+0x0/0x1e8 [ 64.330060][ T5663] WARNING: CPU: 1 PID: 5663 at lib/debugobjects.c:517 debug_object_deactivate+0x340/0x414 [ 64.332740][ T5663] Modules linked in: [ 64.333777][ T5663] CPU: 1 PID: 5663 Comm: kworker/u5:1 Tainted: G B W 6.6.0-rc7-syzkaller-00089-g8de1e7afcc1c #0 [ 64.336929][ T5663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 64.339586][ T5663] Workqueue: 0x0 (hci0) [ 64.340774][ T5663] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 64.342844][ T5663] pc : debug_object_deactivate+0x340/0x414 [ 64.344427][ T5663] lr : debug_object_deactivate+0x340/0x414 [ 64.345938][ T5663] sp : ffff80009dbf7b00 [ 64.347049][ T5663] x29: ffff80009dbf7b00 x28: 1fffe00019778469 x27: 0000000000000001 [ 64.349238][ T5663] x26: ffff80008e340000 x25: dfff800000000000 x24: ffff0000c926d0f8 [ 64.351374][ T5663] x23: 00000000000000c0 x22: ffff800092b0e000 x21: ffff80008a8710a0 [ 64.353488][ T5663] x20: ffff0000cbbc2348 x19: ffff800089881d98 x18: 1fffe000368333ce [ 64.355684][ T5663] x17: 0000000000000000 x16: ffff80008a668900 x15: 0000000000000001 [ 64.357804][ T5663] x14: 1ffff00013b7ee7c x13: 0000000000000000 x12: 0000000000000000 [ 64.359939][ T5663] x11: 0000000000000001 x10: 0000000000000000 x9 : 620fcca926feda00 [ 64.362073][ T5663] x8 : 620fcca926feda00 x7 : 0000000000000001 x6 : 0000000000000001 [ 64.364200][ T5663] x5 : ffff80009dbf73f8 x4 : ffff80008e4210a0 x3 : ffff8000803639bc [ 64.366324][ T5663] x2 : 0000000000000001 x1 : 0000000100000001 x0 : 0000000000000000 [ 64.368446][ T5663] Call trace: [ 64.369261][ T5663] debug_object_deactivate+0x340/0x414 [ 64.370669][ T5663] process_one_work+0x198/0x1204 [ 64.371974][ T5663] worker_thread+0x938/0xef4 [ 64.373182][ T5663] kthread+0x288/0x310 [ 64.374261][ T5663] ret_from_fork+0x10/0x20 [ 64.375414][ T5663] irq event stamp: 2888 [ 64.376507][ T5663] hardirqs last enabled at (2887): [] _raw_spin_unlock_irq+0x30/0x80 [ 64.379102][ T5663] hardirqs last disabled at (2888): [] __schedule+0x2b4/0x23b4 [ 64.381529][ T5663] softirqs last enabled at (2850): [] __do_softirq+0xac0/0xd54 [ 64.383935][ T5663] softirqs last disabled at (2743): [] ____do_softirq+0x14/0x20 [ 64.386451][ T5663] ---[ end trace 0000000000000000 ]--- [ 64.544752][ T2214] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.546462][ T2214] ieee802154 phy1 wpan1: encryption failed: -22 [ 65.984330][ T50] Bluetooth: hci0: command 0x040f tx timeout 1970/01/01 00:01:05 executed programs: 3 [ 68.074297][ T5663] Bluetooth: hci0: command 0x0419 tx timeout [ 69.664542][ T1364] cfg80211: failed to load regulatory.db [ 70.144285][ T5663] Bluetooth: hci0: command 0x0407 tx timeout 1970/01/01 00:01:10 executed programs: 9 [ 72.224389][ T5663] Bluetooth: hci0: command 0x0405 tx timeout