Warning: Permanently added '10.128.0.116' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
[ 28.198606][ T28] audit: type=1400 audit(1749322942.019:64): avc: denied { execmem } for pid=282 comm="syz-executor880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
executing program
[ 28.229173][ T28] audit: type=1400 audit(1749322942.049:65): avc: denied { create } for pid=290 comm="syz-executor880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 28.229205][ T28] audit: type=1400 audit(1749322942.049:66): avc: denied { ioctl } for pid=290 comm="syz-executor880" path="socket:[8189]" dev="sockfs" ino=8189 ioctlcmd=0x48e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
executing program
[ 30.259319][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 30.259360][ T288] Bluetooth: hci0: Opcode 0x080f failed: -110
[ 30.339397][ T303] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 30.339405][ T301] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 30.339453][ T303] Bluetooth: hci2: command 0x1003 tx timeout
[ 30.346770][ T300] Bluetooth: hci2: Opcode 0x1003 failed: -110
executing program
[ 32.339342][ T300] Bluetooth: hci1: command 0x1003 tx timeout
[ 32.339337][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 32.339377][ T294] Bluetooth: hci0: Opcode 0x1003 failed: -110
executing program
executing program
[ 33.212441][ T292] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 33.219353][ T291] Bluetooth: hci0: Opcode 0x080f failed: -4
executing program
executing program
[ 33.310506][ T304] Bluetooth: hci0: Opcode 0x080f failed: -4
executing program
[ 34.419361][ T301] Bluetooth: hci1: command 0x1003 tx timeout
[ 34.419361][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110
executing program
executing program
[ 35.299370][ T300] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 35.299370][ T303] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 35.299431][ T303] Bluetooth: hci2: command 0x1003 tx timeout
[ 35.379514][ T305] Bluetooth: hci4: command 0x1003 tx timeout
[ 35.379523][ T294] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 35.392893][ T306] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 36.499376][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 36.499397][ T306] Bluetooth: hci1: command 0x1003 tx timeout
[ 37.379397][ T45] Bluetooth: hci3: command 0x1003 tx timeout
[ 37.379424][ T303] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 37.386455][ T45] Bluetooth: hci2: command 0x1003 tx timeout
[ 37.393160][ T300] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 37.459324][ T311] Bluetooth: hci0: Opcode 0x080f failed: -110
executing program
[ 38.359450][ T312] Bluetooth: hci0: Opcode 0x080f failed: -4
executing program
[ 39.439519][ T313] Bluetooth: hci0: Opcode 0x080f failed: -4
executing program
[ 40.325955][ T314] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 40.332498][ T315] Bluetooth: hci0: Opcode 0x080f failed: -4
executing program
executing program
executing program
[ 40.429305][ T303] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 40.429318][ T306] Bluetooth: hci4: command 0x1003 tx timeout
executing program
[ 41.539369][ T306] Bluetooth: hci1: command 0x1003 tx timeout
[ 41.539402][ T300] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 42.419381][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 42.419398][ T294] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 42.419444][ T294] Bluetooth: hci0: command 0x1003 tx timeout
[ 42.439466][ T319] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 42.446540][ T321] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 42.453618][ T322] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 42.460531][ T323] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 42.466920][ T324] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
executing program
[ 42.499419][ T303] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 42.499556][ T306] Bluetooth: hci4: command 0x1003 tx timeout
[ 42.512731][ T305] Bluetooth: hci4: Opcode 0x1003 failed: -110
executing program
executing program
executing program
[ 43.619399][ T294] Bluetooth: hci1: command 0x1003 tx timeout
[ 43.619399][ T300] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 44.579383][ T45] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 44.579409][ T301] Bluetooth: hci3: command 0x1003 tx timeout
[ 44.586350][ T300] Bluetooth: hci0: command 0x1003 tx timeout
[ 44.592864][ T305] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 44.600178][ T300] Bluetooth: hci2: command 0x1003 tx timeout
[ 44.606748][ T306] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 44.619661][ T325] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
[ 44.626102][ T327] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
[ 44.659435][ T331] Bluetooth: hci4: command 0x1003 tx timeout
[ 44.659501][ T303] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 45.699358][ T329] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 45.699379][ T331] Bluetooth: hci1: command 0x1003 tx timeout
executing program
executing program
executing program
[ 46.659398][ T328] Bluetooth: hci0: Opcode 0x080f failed: -110
[ 46.659408][ T305] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 46.667070][ T329] Bluetooth: hci2: command 0x1003 tx timeout
[ 46.673863][ T331] Bluetooth: hci0: command 0x080f tx timeout
[ 46.688093][ T330] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
executing program
[ 46.739301][ T303] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 46.739973][ T329] Bluetooth: hci3: command 0x1003 tx timeout
[ 48.739424][ T305] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 48.739443][ T45] Bluetooth: hci1: command 0x1003 tx timeout
[ 48.739466][ T45] Bluetooth: hci0: command 0x1003 tx timeout
[ 48.746377][ T331] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 48.766828][ T334] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 48.773925][ T335] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 48.780814][ T336] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 48.789138][ T337] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 48.795836][ T338] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 48.819363][ T331] Bluetooth: hci4: command 0x1003 tx timeout
[ 48.819391][ T329] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 48.825830][ T331] Bluetooth: hci2: command 0x1003 tx timeout
executing program
executing program
executing program
executing program
executing program
[ 48.829286][ T301] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 48.834867][ T303] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 50.899383][ T301] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 50.899383][ T329] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 50.899440][ T301] Bluetooth: hci3: command 0x1003 tx timeout
[ 50.906256][ T329] Bluetooth: hci2: command 0x1003 tx timeout
[ 50.912831][ T45] Bluetooth: hci0: command 0x1003 tx timeout
[ 50.919115][ T306] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 50.925241][ T331] Bluetooth: hci3: Opcode 0x1003 failed: -110
executing program
[ 50.931526][ T303] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 50.951224][ T339] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 50.957540][ T340] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 50.964247][ T341] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 50.971613][ T342] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 50.978259][ T343] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
executing program
executing program
executing program
[ 53.059359][ T305] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 53.059359][ T303] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 53.059423][ T303] Bluetooth: hci1: command 0x1003 tx timeout
[ 53.139329][ T331] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 53.139336][ T305] Bluetooth: hci4: command 0x1003 tx timeout
[ 53.139372][ T329] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 53.146313][ T305] Bluetooth: hci3: command 0x1003 tx timeout
[ 53.154183][ T331] Bluetooth: hci2: command 0x1003 tx timeout
[ 53.162425][ T306] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 55.139298][ T344] Bluetooth: hci0: Opcode 0x080f failed: -110
executing program
executing program
[ 56.055080][ T345] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 56.062360][ T346] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 56.069841][ T348] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 56.077854][ T347] Bluetooth: hci0: Opcode 0x080f failed: -4
executing program
executing program
executing program
[ 58.099402][ T306] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 58.099412][ T303] Bluetooth: hci0: command 0x1003 tx timeout
[ 58.113693][ T351] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 58.120421][ T353] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 58.129532][ T355] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 58.136713][ T356] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 58.143618][ T354] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 58.179479][ T329] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 58.179514][ T305] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 58.186781][ T306] Bluetooth: hci2: command 0x1003 tx timeout
[ 58.186806][ T306] Bluetooth: hci4: command 0x1003 tx timeout
[ 58.193851][ T303] Bluetooth: hci3: command 0x1003 tx timeout
[ 58.200703][ T331] Bluetooth: hci2: Opcode 0x1003 failed: -110
executing program
executing program
executing program
executing program
executing program
[ 58.206690][ T45] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 60.179286][ C1] ==================================================================
[ 60.187643][ C1] BUG: KASAN: use-after-free in __run_timers+0x32b/0x9a0
[ 60.195029][ C1] Write of size 8 at addr ffff888125628a00 by task swapper/1/0
[ 60.203372][ C1]
[ 60.205985][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.1.138-syzkaller-00056-g7af56ffc913d #0
[ 60.216388][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 60.227571][ C1] Call Trace:
[ 60.231125][ C1]
[ 60.234147][ C1] __dump_stack+0x21/0x24
[ 60.238501][ C1] dump_stack_lvl+0xee/0x150
[ 60.243336][ C1] ? __cfi_dump_stack_lvl+0x8/0x8
[ 60.249237][ C1] ? update_rq_clock+0x536/0x5c0
[ 60.254282][ C1] ? __run_timers+0x32b/0x9a0
[ 60.258974][ C1] print_address_description+0x71/0x210
[ 60.264717][ C1] print_report+0x4a/0x60
[ 60.270026][ C1] kasan_report+0x122/0x150
[ 60.274634][ C1] ? __run_timers+0x32b/0x9a0
[ 60.279407][ C1] __asan_report_store8_noabort+0x17/0x20
[ 60.285281][ C1] __run_timers+0x32b/0x9a0
[ 60.290070][ C1] ? sched_clock+0x9/0x10
[ 60.294598][ C1] ? sched_clock_cpu+0x6e/0x250
[ 60.299717][ C1] ? calc_index+0x200/0x200
[ 60.304314][ C1] ? kvm_sched_clock_read+0x18/0x40
[ 60.309362][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 60.309957][ C1] run_timer_softirq+0x6a/0xf0
[ 60.321149][ C1] handle_softirqs+0x1d7/0x600
[ 60.326108][ C1] ? irqtime_account_irq+0xc4/0x240
[ 60.331780][ C1] __irq_exit_rcu+0x52/0xf0
[ 60.336289][ C1] irq_exit_rcu+0x9/0x10
[ 60.340564][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 60.346338][ C1]
[ 60.349359][ C1]
[ 60.352300][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 60.358284][ C1] RIP: 0010:default_idle+0xf/0x20
[ 60.363428][ C1] Code: e9 47 ff ff ff 00 00 cc cc 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 23 79 56 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[ 60.383801][ C1] RSP: 0018:ffffc90000147dd8 EFLAGS: 00000257
[ 60.390046][ C1] RAX: ffff8881f7100000 RBX: ffff8881003b6540 RCX: e537c3e9e8e24100
[ 60.398804][ C1] RDX: 0000000000000001 RSI: ffffffff85a9f680 RDI: ffffffff85a9f640
[ 60.406880][ C1] RBP: ffffc90000147dd8 R08: dffffc0000000000 R09: ffffed103ee26917
[ 60.415846][ C1] R10: 0000000000000000 R11: ffffffff84efba50 R12: 0000000000000000
[ 60.424438][ C1] R13: 0000000000000000 R14: ffff8881003b6540 R15: dffffc0000000000
[ 60.432666][ C1] ? __cfi_default_idle+0x10/0x10
[ 60.437980][ C1] arch_cpu_idle+0x1c/0x20
[ 60.442676][ C1] default_idle_call+0x71/0x1d0
[ 60.448065][ C1] do_idle+0x1a7/0x520
[ 60.452179][ C1] ? irqentry_exit+0x30/0x40
[ 60.456793][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 60.461983][ C1] ? schedule_idle+0x5b/0x90
[ 60.466835][ C1] ? do_idle+0x6/0x520
[ 60.470978][ C1] cpu_startup_entry+0x43/0x60
[ 60.475890][ C1] start_secondary+0x119/0x120
[ 60.480840][ C1] secondary_startup_64_no_verify+0xce/0xdb
[ 60.486833][ C1]
[ 60.489932][ C1]
[ 60.492578][ C1] Allocated by task 351:
[ 60.496812][ C1] kasan_set_track+0x4b/0x70
[ 60.501745][ C1] kasan_save_alloc_info+0x25/0x30
[ 60.507056][ C1] __kasan_kmalloc+0x95/0xb0
[ 60.511835][ C1] __kmalloc+0xb1/0x1e0
[ 60.516094][ C1] hci_alloc_dev_priv+0x27/0x1bd0
[ 60.521689][ C1] hci_uart_tty_ioctl+0x3d6/0xa20
[ 60.526931][ C1] tty_ioctl+0x8ef/0xc60
[ 60.531546][ C1] __se_sys_ioctl+0x12f/0x1b0
[ 60.536256][ C1] __x64_sys_ioctl+0x7b/0x90
[ 60.541247][ C1] x64_sys_call+0x58b/0x9a0
[ 60.545760][ C1] do_syscall_64+0x4c/0xa0
[ 60.550274][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 60.556361][ C1]
[ 60.558687][ C1] Freed by task 354:
[ 60.563359][ C1] kasan_set_track+0x4b/0x70
[ 60.568696][ C1] kasan_save_free_info+0x31/0x50
[ 60.573855][ C1] ____kasan_slab_free+0x132/0x180
[ 60.579544][ C1] __kasan_slab_free+0x11/0x20
[ 60.584610][ C1] slab_free_freelist_hook+0xc2/0x190
[ 60.590124][ C1] __kmem_cache_free+0xb7/0x1b0
[ 60.595195][ C1] kfree+0x6f/0xf0
[ 60.598923][ C1] hci_release_dev+0x13ad/0x1500
[ 60.604131][ C1] bt_host_release+0x82/0x90
[ 60.608821][ C1] device_release+0xa4/0x1d0
[ 60.613764][ C1] kobject_put+0x19d/0x280
[ 60.618188][ C1] put_device+0x1f/0x30
[ 60.622429][ C1] hci_dev_cmd+0x265/0x720
[ 60.627067][ C1] hci_sock_ioctl+0x41e/0x7f0
[ 60.631860][ C1] sock_do_ioctl+0x101/0x310
[ 60.636639][ C1] sock_ioctl+0x4d8/0x6e0
[ 60.641181][ C1] __se_sys_ioctl+0x12f/0x1b0
[ 60.646759][ C1] __x64_sys_ioctl+0x7b/0x90
[ 60.651426][ C1] x64_sys_call+0x58b/0x9a0
[ 60.656101][ C1] do_syscall_64+0x4c/0xa0
[ 60.660680][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 60.666945][ C1]
[ 60.669453][ C1] Last potentially related work creation:
[ 60.675250][ C1] kasan_save_stack+0x3a/0x60
[ 60.679927][ C1] __kasan_record_aux_stack+0xb6/0xc0
[ 60.685911][ C1] kasan_record_aux_stack_noalloc+0xb/0x10
[ 60.691909][ C1] insert_work+0x51/0x300
[ 60.696257][ C1] __queue_work+0x9b1/0xd30
[ 60.701554][ C1] queue_work_on+0xd2/0x140
[ 60.707219][ C1] __hci_cmd_sync_sk+0xa3e/0xcf0
[ 60.712858][ C1] hci_cmd_sync_status+0x53/0x120
[ 60.718275][ C1] hci_dev_cmd+0x628/0x720
[ 60.722803][ C1] hci_sock_ioctl+0x41e/0x7f0
[ 60.727578][ C1] sock_do_ioctl+0x101/0x310
[ 60.732354][ C1] sock_ioctl+0x4d8/0x6e0
[ 60.737041][ C1] __se_sys_ioctl+0x12f/0x1b0
[ 60.742264][ C1] __x64_sys_ioctl+0x7b/0x90
[ 60.746969][ C1] x64_sys_call+0x58b/0x9a0
[ 60.751563][ C1] do_syscall_64+0x4c/0xa0
[ 60.755998][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 60.762168][ C1]
[ 60.764525][ C1] Second to last potentially related work creation:
[ 60.771105][ C1] kasan_save_stack+0x3a/0x60
[ 60.776392][ C1] __kasan_record_aux_stack+0xb6/0xc0
[ 60.782321][ C1] kasan_record_aux_stack_noalloc+0xb/0x10
[ 60.788617][ C1] insert_work+0x51/0x300
[ 60.793605][ C1] __queue_work+0x9b1/0xd30
[ 60.798314][ C1] queue_work_on+0xd2/0x140
[ 60.803001][ C1] __hci_cmd_sync_sk+0xa3e/0xcf0
[ 60.808102][ C1] hci_cmd_sync_status+0x53/0x120
[ 60.813139][ C1] hci_dev_cmd+0x628/0x720
[ 60.817663][ C1] hci_sock_ioctl+0x41e/0x7f0
[ 60.822375][ C1] sock_do_ioctl+0x101/0x310
[ 60.827442][ C1] sock_ioctl+0x4d8/0x6e0
[ 60.831937][ C1] __se_sys_ioctl+0x12f/0x1b0
[ 60.836734][ C1] __x64_sys_ioctl+0x7b/0x90
[ 60.841428][ C1] x64_sys_call+0x58b/0x9a0
[ 60.845928][ C1] do_syscall_64+0x4c/0xa0
[ 60.850423][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 60.856494][ C1]
[ 60.858875][ C1] The buggy address belongs to the object at ffff888125628000
[ 60.858875][ C1] which belongs to the cache kmalloc-8k of size 8192
[ 60.873032][ C1] The buggy address is located 2560 bytes inside of
[ 60.873032][ C1] 8192-byte region [ffff888125628000, ffff88812562a000)
[ 60.886567][ C1]
[ 60.888981][ C1] The buggy address belongs to the physical page:
[ 60.895489][ C1] page:ffffea0004958a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x125628
[ 60.906342][ C1] head:ffffea0004958a00 order:3 compound_mapcount:0 compound_pincount:0
[ 60.915118][ C1] flags: 0x4000000000010200(slab|head|zone=1)
[ 60.921839][ C1] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043500
[ 60.931464][ C1] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[ 60.941001][ C1] page dumped because: kasan: bad access detected
[ 60.947774][ C1] page_owner tracks the page as allocated
[ 60.953997][ C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 347, tgid 347 (syz-executor880), ts 51061059157, free_ts 0
[ 60.976301][ C1] post_alloc_hook+0x1f5/0x210
[ 60.981202][ C1] prep_new_page+0x1c/0x110
[ 60.985716][ C1] get_page_from_freelist+0x2c6e/0x2ce0
[ 60.991458][ C1] __alloc_pages+0x19e/0x3a0
[ 60.996171][ C1] alloc_slab_page+0x6e/0xf0
[ 61.000944][ C1] new_slab+0x98/0x3d0
[ 61.006279][ C1] ___slab_alloc+0x6f6/0xb50
[ 61.010970][ C1] __slab_alloc+0x5e/0xa0
[ 61.015581][ C1] __kmem_cache_alloc_node+0x203/0x2c0
[ 61.021165][ C1] __kmalloc+0xa1/0x1e0
[ 61.026073][ C1] hci_alloc_dev_priv+0x27/0x1bd0
[ 61.031280][ C1] hci_uart_tty_ioctl+0x3d6/0xa20
[ 61.036481][ C1] tty_ioctl+0x8ef/0xc60
[ 61.040800][ C1] __se_sys_ioctl+0x12f/0x1b0
[ 61.045673][ C1] __x64_sys_ioctl+0x7b/0x90
[ 61.050283][ C1] x64_sys_call+0x58b/0x9a0
[ 61.054789][ C1] page_owner free stack trace missing
[ 61.060154][ C1]
[ 61.062473][ C1] Memory state around the buggy address:
[ 61.068097][ C1] ffff888125628900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 61.076151][ C1] ffff888125628980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 61.084590][ C1] >ffff888125628a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 61.092660][ C1] ^
[ 61.096839][ C1] ffff888125628a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 61.105009][ C1] ffff888125628b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 61.113067][ C1] ==================================================================
[ 61.121246][ C1] Disabling lock debugging due to kernel taint
[ 61.127567][ C1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[ 61.139502][ C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 61.147923][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 6.1.138-syzkaller-00056-g7af56ffc913d #0
[ 61.159025][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 61.169181][ C1] RIP: 0010:__queue_work+0x575/0xd30
[ 61.174481][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 f8 d2 28 00 4c 89 ff e8 70 c6 a8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 dc 29 6d 00 49 8b 7d 00 e8 53 c2
[ 61.194524][ C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046
[ 61.200599][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881003b6540
[ 61.208671][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 61.216933][ C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007
[ 61.225756][ C1] R10: ffffed1024ac5139 R11: 1ffff11024ac5139 R12: dffffc0000000000
[ 61.234328][ C1] R13: 0000000000000000 R14: ffff8881256289c8 R15: 0000000000000008
[ 61.242714][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 61.251754][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 61.258734][ C1] CR2: 000055a581a7c8a8 CR3: 0000000124e61000 CR4: 00000000003506a0
[ 61.266747][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 61.275168][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 61.283370][ C1] Call Trace:
[ 61.286937][ C1]
[ 61.289803][ C1] delayed_work_timer_fn+0x61/0x80
[ 61.295062][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10
[ 61.301223][ C1] call_timer_fn+0x46/0x2a0
[ 61.306112][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10
[ 61.312242][ C1] __run_timers+0x667/0x9a0
[ 61.317492][ C1] ? calc_index+0x200/0x200
[ 61.322455][ C1] ? kvm_sched_clock_read+0x18/0x40
[ 61.327997][ C1] run_timer_softirq+0x6a/0xf0
[ 61.333187][ C1] handle_softirqs+0x1d7/0x600
[ 61.337993][ C1] ? irqtime_account_irq+0xc4/0x240
[ 61.343299][ C1] __irq_exit_rcu+0x52/0xf0
[ 61.348467][ C1] irq_exit_rcu+0x9/0x10
[ 61.352724][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 61.358467][ C1]
[ 61.361670][ C1]
[ 61.364702][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 61.370709][ C1] RIP: 0010:default_idle+0xf/0x20
[ 61.375940][ C1] Code: e9 47 ff ff ff 00 00 cc cc 00 00 90 90 90 90 90 90 90 90 90 90 90 b8 0c 67 40 a5 55 48 89 e5 66 90 0f 00 2d 23 79 56 00 fb f4 <5d> c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 90 90 90 90 90
[ 61.396388][ C1] RSP: 0018:ffffc90000147dd8 EFLAGS: 00000257
[ 61.403003][ C1] RAX: ffff8881f7100000 RBX: ffff8881003b6540 RCX: e537c3e9e8e24100
[ 61.411799][ C1] RDX: 0000000000000001 RSI: ffffffff85a9f680 RDI: ffffffff85a9f640
[ 61.420141][ C1] RBP: ffffc90000147dd8 R08: dffffc0000000000 R09: ffffed103ee26917
[ 61.428561][ C1] R10: 0000000000000000 R11: ffffffff84efba50 R12: 0000000000000000
[ 61.436926][ C1] R13: 0000000000000000 R14: ffff8881003b6540 R15: dffffc0000000000
[ 61.445024][ C1] ? __cfi_default_idle+0x10/0x10
[ 61.450337][ C1] arch_cpu_idle+0x1c/0x20
[ 61.455055][ C1] default_idle_call+0x71/0x1d0
[ 61.459936][ C1] do_idle+0x1a7/0x520
[ 61.464298][ C1] ? irqentry_exit+0x30/0x40
[ 61.469425][ C1] ? idle_inject_timer_fn+0x60/0x60
[ 61.474903][ C1] ? schedule_idle+0x5b/0x90
[ 61.479765][ C1] ? do_idle+0x6/0x520
[ 61.484126][ C1] cpu_startup_entry+0x43/0x60
[ 61.489154][ C1] start_secondary+0x119/0x120
[ 61.493928][ C1] secondary_startup_64_no_verify+0xce/0xdb
[ 61.499888][ C1]
[ 61.503019][ C1] Modules linked in:
[ 61.506973][ C1] ---[ end trace 0000000000000000 ]---
[ 61.512638][ C1] RIP: 0010:__queue_work+0x575/0xd30
[ 61.518395][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 f8 d2 28 00 4c 89 ff e8 70 c6 a8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 dc 29 6d 00 49 8b 7d 00 e8 53 c2
[ 61.539687][ C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046
[ 61.546141][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881003b6540
[ 61.554574][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 61.564308][ C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007
[ 61.572732][ C1] R10: ffffed1024ac5139 R11: 1ffff11024ac5139 R12: dffffc0000000000
[ 61.581164][ C1] R13: 0000000000000000 R14: ffff8881256289c8 R15: 0000000000000008
[ 61.589426][ C1] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 61.600294][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 61.608162][ C1] CR2: 000055a581a7c8a8 CR3: 0000000124e61000 CR4: 00000000003506a0
[ 61.616595][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 61.625640][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 61.635565][ C1] Kernel panic - not syncing: Fatal exception in interrupt
[ 61.643407][ C1] Kernel Offset: disabled
[ 61.648083][ C1] Rebooting in 86400 seconds..