syzbot

Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f]
CPU: 0 UID: 0 PID: 8416 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
RIP: 0010:klist_put+0x4d/0x1d0 lib/klist.c:212
Code: c1 ea 03 80 3c 02 00 0f 85 74 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 23 49 83 e4 fe 49 8d 7c 24 58 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 43 01 00 00 4c 89 e7 4d 8b 74 24 58 e8 ac 0e 0d
RSP: 0018:ffffc90005727950 EFLAGS: 00010212
RAX: dffffc0000000000 RBX: ffff888072aa8060 RCX: 0000000000000000
RDX: 000000000000000b RSI: ffffffff8b89f345 RDI: 0000000000000058
RBP: 0000000000000001 R08: 0000000000000000 R09: fffffbfff2179e38
R10: ffffffff90bcf1c3 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000001 R14: ffffffff90bcf180 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff888124326000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffcd87fc008 CR3: 0000000075cb0000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 klist_del lib/klist.c:230 [inline]
 klist_remove+0x14c/0x2e0 lib/klist.c:249
 device_move+0x12d/0x1140 drivers/base/core.c:4698
 hci_conn_del_sysfs+0x86/0x1a0 net/bluetooth/hci_sysfs.c:75
 hci_conn_cleanup net/bluetooth/hci_conn.c:170 [inline]
 hci_conn_del+0x506/0x1180 net/bluetooth/hci_conn.c:1306
 hci_conn_hash_flush+0x186/0x280 net/bluetooth/hci_conn.c:2734
 hci_dev_close_sync+0x5cf/0x13c0 net/bluetooth/hci_sync.c:5405
 hci_dev_do_close+0x2e/0xb0 net/bluetooth/hci_core.c:499
 hci_unregister_dev+0x23f/0x690 net/bluetooth/hci_core.c:2678
 vhci_release+0x17d/0x230 drivers/bluetooth/hci_vhci.c:700
 __fput+0x3ff/0xb50 fs/file_table.c:512
 task_work_run+0x150/0x240 kernel/task_work.c:233
 exit_task_work include/linux/task_work.h:40 [inline]
 do_exit+0x951/0x2ae0 kernel/exit.c:1004
 do_group_exit+0xd5/0x2a0 kernel/exit.c:1147
 __do_sys_exit_group kernel/exit.c:1158 [inline]
 __se_sys_exit_group kernel/exit.c:1156 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1156
 x64_sys_call+0x102c/0x1530 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x115/0x870 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f8141b9ce59
Code: Unable to access opcode bytes at 0x7f8141b9ce2f.
RSP: 002b:00007ffd32ffa9e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
RAX: ffffffffffffffda RBX: 00007f8141c3233c RCX: 00007f8141b9ce59
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
RBP: 0000000000000016 R08: 0000000000000000 R09: 00007f8141c322ca
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd32ffbca0
R13: 00007f8141c322ca R14: 0000555558bd84e8 R15: 00007ffd32ffef50
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:klist_put+0x4d/0x1d0 lib/klist.c:212
Code: c1 ea 03 80 3c 02 00 0f 85 74 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 23 49 83 e4 fe 49 8d 7c 24 58 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 43 01 00 00 4c 89 e7 4d 8b 74 24 58 e8 ac 0e 0d
RSP: 0018:ffffc90005727950 EFLAGS: 00010212
RAX: dffffc0000000000 RBX: ffff888072aa8060 RCX: 0000000000000000
RDX: 000000000000000b RSI: ffffffff8b89f345 RDI: 0000000000000058
RBP: 0000000000000001 R08: 0000000000000000 R09: fffffbfff2179e38
R10: ffffffff90bcf1c3 R11: 0000000000000001 R12: 0000000000000000
R13: 0000000000000001 R14: ffffffff90bcf180 R15: dffffc0000000000
FS:  0000000000000000(0000) GS:ffff888124426000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055e840d15950 CR3: 0000000034fe0000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess):
   0:	c1 ea 03             	shr    $0x3,%edx
   3:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1)
   7:	0f 85 74 01 00 00    	jne    0x181
   d:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  14:	fc ff df
  17:	4c 8b 23             	mov    (%rbx),%r12
  1a:	49 83 e4 fe          	and    $0xfffffffffffffffe,%r12
  1e:	49 8d 7c 24 58       	lea    0x58(%r12),%rdi
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	0f 85 43 01 00 00    	jne    0x177
  34:	4c 89 e7             	mov    %r12,%rdi
  37:	4d 8b 74 24 58       	mov    0x58(%r12),%r14
  3c:	e8                   	.byte 0xe8
  3d:	ac                   	lods   %ds:(%rsi),%al
  3e:	0e                   	(bad)
  3f:	0d                   	.byte 0xd