[ 435.875798][ T8833] __fput+0x288/0x920 [ 435.879787][ T8833] ? vhci_close_dev+0x50/0x50 [ 435.884474][ T8833] task_work_run+0xdd/0x1a0 [ 435.888984][ T8833] do_exit+0xbfc/0x2a80 [ 435.893154][ T8833] ? lock_is_held_type+0xd5/0x130 [ 435.898184][ T8833] ? find_held_lock+0x2d/0x110 [ 435.902953][ T8833] ? mm_update_next_owner+0x7a0/0x7a0 [ 435.908339][ T8833] ? lock_release+0x3bb/0x720 [ 435.913022][ T8833] ? get_signal+0x337/0x2210 [ 435.917618][ T8833] ? lock_downgrade+0x6d0/0x6d0 [ 435.922476][ T8833] ? lock_is_held_type+0xd5/0x130 [ 435.927512][ T8833] do_group_exit+0x125/0x310 [ 435.932111][ T8833] get_signal+0x47f/0x2210 [ 435.936539][ T8833] ? lockdep_hardirqs_on+0x79/0x100 [ 435.941757][ T8833] arch_do_signal_or_restart+0x2a8/0x1eb0 [ 435.947484][ T8833] ? kmem_cache_free+0x333/0x370 [ 435.952430][ T8833] ? putname+0xe1/0x120 [ 435.956595][ T8833] ? copy_siginfo_to_user32+0xa0/0xa0 [ 435.961972][ T8833] ? do_unlinkat+0x130/0x690 [ 435.966576][ T8833] ? __ia32_sys_rmdir+0x100/0x100 [ 435.971608][ T8833] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 435.977867][ T8833] exit_to_user_mode_prepare+0x124/0x200 [ 435.983533][ T8833] syscall_exit_to_user_mode+0x19/0x50 [ 435.988999][ T8833] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 435.994899][ T8833] RIP: 0033:0x4651c7 [ 435.998818][ T8833] Code: Unable to access opcode bytes at RIP 0x46519d. [ 436.005654][ T8833] RSP: 002b:00007ffea71497a8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 436.014069][ T8833] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000004651c7 [ 436.022043][ T8833] RDX: 00007ffea71497e0 RSI: 00007ffea71497e0 RDI: 00007ffea7149870 [ 436.030019][ T8833] RBP: 00007ffea7149870 R08: 0000000000000001 R09: 00007ffea7149640 [ 436.037990][ T8833] R10: 0000000001aa5853 R11: 0000000000000206 R12: 00000000004ae4e9 [ 436.045967][ T8833] R13: 00007ffea714a920 R14: 0000000001aa5810 R15: 0000000000000003 [ 436.053961][ T8833] [ 436.056287][ T8833] Allocated by task 11063: [ 436.060695][ T8833] kasan_save_stack+0x1b/0x40 [ 436.065375][ T8833] __kasan_kmalloc+0x7a/0x90 [ 436.069965][ T8833] tomoyo_get_name+0x22e/0x4c0 [ 436.074737][ T8833] tomoyo_parse_name_union+0xbc/0x160 [ 436.080113][ T8833] tomoyo_write_file+0x4c0/0x7f0 [ 436.085053][ T8833] tomoyo_write_domain2+0x116/0x1d0 [ 436.090254][ T8833] tomoyo_supervisor+0xbe9/0xf20 [ 436.095194][ T8833] tomoyo_path_permission+0x270/0x3a0 [ 436.100570][ T8833] tomoyo_path_perm+0x37c/0x3f0 [ 436.105425][ T8833] tomoyo_path_symlink+0x94/0xe0 [ 436.110368][ T8833] security_path_symlink+0xdf/0x150 [ 436.115569][ T8833] do_symlinkat+0x123/0x300 [ 436.120078][ T8833] do_syscall_64+0x2d/0x70 [ 436.124506][ T8833] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 436.130405][ T8833] [ 436.132728][ T8833] The buggy address belongs to the object at ffff888013198f00 [ 436.132728][ T8833] which belongs to the cache kmalloc-128 of size 128 [ 436.146782][ T8833] The buggy address is located 72 bytes to the right of [ 436.146782][ T8833] 128-byte region [ffff888013198f00, ffff888013198f80) [ 436.160493][ T8833] The buggy address belongs to the page: [ 436.166114][ T8833] page:00000000d5ceaff9 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888013198700 pfn:0x13198 [ 436.177571][ T8833] flags: 0xfff00000000200(slab) [ 436.182429][ T8833] raw: 00fff00000000200 ffffea000045f908 ffffea0000480288 ffff8880104418c0 [ 436.191017][ T8833] raw: ffff888013198700 000000000010000b 00000001ffffffff 0000000000000000 [ 436.199594][ T8833] page dumped because: kasan: bad access detected [ 436.206001][ T8833] [ 436.208319][ T8833] Memory state around the buggy address: [ 436.213942][ T8833] ffff888013198e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 436.222007][ T8833] ffff888013198f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 436.230064][ T8833] >ffff888013198f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 436.238120][ T8833] ^ [ 436.244528][ T8833] ffff888013199000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 436.252715][ T8833] ffff888013199080: 00 00 00 00 00 fc fc fc fc fc fc fc fc 00 00 00 [ 436.260777][ T8833] ================================================================== [ 436.268829][ T8833] Disabling lock debugging due to kernel taint [ 436.284170][ T8833] ------------[ cut here ]------------ [ 436.290200][ T8833] kobject: '“JŠ˙˙˙˙¤' (00000000eb8bb199): is not initialized, yet kobject_put() is being called. [ 436.302750][ T8833] WARNING: CPU: 0 PID: 8833 at lib/kobject.c:750 kobject_put+0x22b/0x540 [ 436.315935][ T8833] Modules linked in: [ 436.320707][ T8833] CPU: 0 PID: 8833 Comm: syz-executor.5 Tainted: G B 5.12.0-rc8-syzkaller #0 [ 436.331388][ T8833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 436.342460][ T8833] RIP: 0010:kobject_put+0x22b/0x540 [ 436.348232][ T8833] Code: e8 aa ad 94 fd 48 89 e8 48 c1 e8 03 42 80 3c 20 00 0f 85 97 02 00 00 48 8b 75 00 48 89 ea 48 c7 c7 40 09 e3 89 e8 88 74 f6 04 <0f> 0b e9 32 fe ff ff e8 79 ad 94 fd 4d 89 f9 48 89 e9 4c 89 f2 49 [ 436.368281][ T8833] RSP: 0018:ffffc900018df7d8 EFLAGS: 00010286 [ 436.374455][ T8833] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 436.382564][ T8833] RDX: ffff888025efb580 RSI: ffffffff815bf005 RDI: fffff5200031beed [ 436.391131][ T8833] RBP: ffff888013199340 R08: 0000000000000000 R09: 0000000000000000 [ 436.399190][ T8833] R10: ffffffff815bd3bb R11: 0000000000000000 R12: dffffc0000000000 [ 436.407222][ T8833] R13: ffff88801319937c R14: ffffffff8fc41f00 R15: 0000000000000067 [ 436.415187][ T8833] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 436.424139][ T8833] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 436.430755][ T8833] CR2: 0000561a16ba7160 CR3: 0000000013381000 CR4: 0000000000350ef0 [ 436.438752][ T8833] Call Trace: [ 436.442022][ T8833] put_device+0x1b/0x30 [ 436.446179][ T8833] hci_chan_del+0x144/0x200 [ 436.450702][ T8833] l2cap_conn_del+0x478/0x7b0 [ 436.455396][ T8833] ? l2cap_conn_del+0x7b0/0x7b0 [ 436.460510][ T8833] l2cap_disconn_cfm+0x98/0xd0 [ 436.465281][ T8833] hci_conn_hash_flush+0x127/0x260 [ 436.470415][ T8833] hci_dev_do_close+0x569/0x1140 [ 436.475351][ T8833] ? hci_dev_open+0x300/0x300 [ 436.480195][ T8833] ? do_raw_read_unlock+0x70/0x70 [ 436.485237][ T8833] hci_unregister_dev+0x263/0x1150 [ 436.490376][ T8833] ? fsnotify+0x1090/0x1090 [ 436.494877][ T8833] ? hci_bdaddr_list_clear+0x200/0x200 [ 436.500686][ T8833] ? fcntl_setlk+0xee0/0xee0 [ 436.505935][ T8833] ? lock_is_held_type+0xd5/0x130 [ 436.511152][ T8833] vhci_release+0x70/0xe0 [ 436.515679][ T8833] __fput+0x288/0x920 [ 436.519911][ T8833] ? vhci_close_dev+0x50/0x50 [ 436.524585][ T8833] task_work_run+0xdd/0x1a0 [ 436.529111][ T8833] do_exit+0xbfc/0x2a80 [ 436.533261][ T8833] ? lock_is_held_type+0xd5/0x130 [ 436.538306][ T8833] ? find_held_lock+0x2d/0x110 [ 436.543065][ T8833] ? mm_update_next_owner+0x7a0/0x7a0 [ 436.548458][ T8833] ? lock_release+0x3bb/0x720 [ 436.553130][ T8833] ? get_signal+0x337/0x2210 [ 436.557764][ T8833] ? lock_downgrade+0x6d0/0x6d0 [ 436.562758][ T8833] ? lock_is_held_type+0xd5/0x130 [ 436.567822][ T8833] do_group_exit+0x125/0x310 [ 436.572410][ T8833] get_signal+0x47f/0x2210 [ 436.576847][ T8833] ? lockdep_hardirqs_on+0x79/0x100 [ 436.582044][ T8833] arch_do_signal_or_restart+0x2a8/0x1eb0 [ 436.587780][ T8833] ? kmem_cache_free+0x333/0x370 [ 436.592718][ T8833] ? putname+0xe1/0x120 [ 436.596888][ T8833] ? copy_siginfo_to_user32+0xa0/0xa0 [ 436.602258][ T8833] ? do_unlinkat+0x130/0x690 [ 436.607667][ T8833] ? __ia32_sys_rmdir+0x100/0x100 [ 436.612693][ T8833] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 436.618958][ T8833] exit_to_user_mode_prepare+0x124/0x200 [ 436.624600][ T8833] syscall_exit_to_user_mode+0x19/0x50 [ 436.630077][ T8833] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 436.635967][ T8833] RIP: 0033:0x4651c7 [ 436.639889][ T8833] Code: Unable to access opcode bytes at RIP 0x46519d. [ 436.646759][ T8833] RSP: 002b:00007ffea71497a8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 436.655166][ T8833] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000004651c7 [ 436.663351][ T8833] RDX: 00007ffea71497e0 RSI: 00007ffea71497e0 RDI: 00007ffea7149870 [ 436.671354][ T8833] RBP: 00007ffea7149870 R08: 0000000000000001 R09: 00007ffea7149640 [ 436.679353][ T8833] R10: 0000000001aa5853 R11: 0000000000000206 R12: 00000000004ae4e9 [ 436.687466][ T8833] R13: 00007ffea714a920 R14: 0000000001aa5810 R15: 0000000000000003 [ 436.695440][ T8833] irq event stamp: 14256590 [ 436.699954][ T8833] hardirqs last enabled at (14256589): [] __free_object+0x638/0xde0 [ 436.709620][ T8833] hardirqs last disabled at (14256590): [] _raw_spin_lock_irqsave+0x4e/0x50 [ 436.720538][ T8833] softirqs last enabled at (14253698): [] __irq_exit_rcu+0x17f/0x200 [ 436.730455][ T8833] softirqs last disabled at (14253615): [] __irq_exit_rcu+0x17f/0x200 [ 436.740224][ T8833] ---[ end trace 2f79cd434fc308af ]--- [ 436.745686][ T8833] ------------[ cut here ]------------ [ 436.751152][ T8833] refcount_t: underflow; use-after-free. [ 436.757026][ T8833] WARNING: CPU: 0 PID: 8833 at lib/refcount.c:28 refcount_warn_saturate+0x286/0x290 [ 436.766608][ T8833] Modules linked in: [ 436.770491][ T8833] CPU: 0 PID: 8833 Comm: syz-executor.5 Tainted: G B W 5.12.0-rc8-syzkaller #0 [ 436.780669][ T8833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 436.790821][ T8833] RIP: 0010:refcount_warn_saturate+0x286/0x290 [ 436.797010][ T8833] Code: e9 43 fe ff ff 48 89 df e8 87 98 f2 fd e9 d5 fd ff ff e8 0d e2 ad fd 48 c7 c7 80 aa df 89 c6 05 59 38 c7 09 01 e8 fd a8 0f 05 <0f> 0b e9 17 fe ff ff 0f 1f 00 41 56 41 55 41 54 55 48 bd 00 00 00 [ 436.816643][ T8833] RSP: 0018:ffffc900018df7c0 EFLAGS: 00010286 [ 436.822699][ T8833] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 436.831257][ T8833] RDX: ffff888025efb580 RSI: ffffffff815bf005 RDI: fffff5200031beea [ 436.839406][ T8833] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 436.847555][ T8833] R10: ffffffff815bd3bb R11: 0000000000000000 R12: dffffc0000000000 [ 436.855523][ T8833] R13: ffff88801319937c R14: ffff888013199378 R15: 0000000000000067 [ 436.863517][ T8833] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 436.872684][ T8833] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 436.879353][ T8833] CR2: 0000561a16ba7160 CR3: 0000000013381000 CR4: 0000000000350ef0 [ 436.887389][ T8833] Call Trace: [ 436.890667][ T8833] kobject_put+0x2f6/0x540 [ 436.895262][ T8833] put_device+0x1b/0x30 [ 436.899773][ T8833] hci_chan_del+0x144/0x200 [ 436.904275][ T8833] l2cap_conn_del+0x478/0x7b0 [ 436.908982][ T8833] ? l2cap_conn_del+0x7b0/0x7b0 [ 436.913826][ T8833] l2cap_disconn_cfm+0x98/0xd0 [ 436.918614][ T8833] hci_conn_hash_flush+0x127/0x260 [ 436.923724][ T8833] hci_dev_do_close+0x569/0x1140 [ 436.928680][ T8833] ? hci_dev_open+0x300/0x300 [ 436.933348][ T8833] ? do_raw_read_unlock+0x70/0x70 [ 436.938732][ T8833] hci_unregister_dev+0x263/0x1150 [ 436.943856][ T8833] ? fsnotify+0x1090/0x1090 [ 436.949142][ T8833] ? hci_bdaddr_list_clear+0x200/0x200 [ 436.954602][ T8833] ? fcntl_setlk+0xee0/0xee0 [ 436.959431][ T8833] ? lock_is_held_type+0xd5/0x130 [ 436.964685][ T8833] vhci_release+0x70/0xe0 [ 436.970930][ T8833] __fput+0x288/0x920 [ 436.974938][ T8833] ? vhci_close_dev+0x50/0x50 [ 436.979794][ T8833] task_work_run+0xdd/0x1a0 [ 436.984746][ T8833] do_exit+0xbfc/0x2a80 [ 436.989482][ T8833] ? lock_is_held_type+0xd5/0x130 [ 436.994524][ T8833] ? find_held_lock+0x2d/0x110 [ 436.999990][ T8833] ? mm_update_next_owner+0x7a0/0x7a0 [ 437.005362][ T8833] ? lock_release+0x3bb/0x720 [ 437.010197][ T8833] ? get_signal+0x337/0x2210 [ 437.015206][ T8833] ? lock_downgrade+0x6d0/0x6d0 [ 437.020637][ T8833] ? lock_is_held_type+0xd5/0x130 [ 437.025671][ T8833] do_group_exit+0x125/0x310 [ 437.030463][ T8833] get_signal+0x47f/0x2210 [ 437.034889][ T8833] ? lockdep_hardirqs_on+0x79/0x100 [ 437.040518][ T8833] arch_do_signal_or_restart+0x2a8/0x1eb0 [ 437.046244][ T8833] ? kmem_cache_free+0x333/0x370 [ 437.051368][ T8833] ? putname+0xe1/0x120 [ 437.055531][ T8833] ? copy_siginfo_to_user32+0xa0/0xa0 [ 437.061294][ T8833] ? do_unlinkat+0x130/0x690 [ 437.065891][ T8833] ? __ia32_sys_rmdir+0x100/0x100 [ 437.071165][ T8833] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 437.078103][ T8833] exit_to_user_mode_prepare+0x124/0x200 [ 437.083738][ T8833] syscall_exit_to_user_mode+0x19/0x50 [ 437.089253][ T8833] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 437.095141][ T8833] RIP: 0033:0x4651c7 [ 437.099061][ T8833] Code: Unable to access opcode bytes at RIP 0x46519d. [ 437.105892][ T8833] RSP: 002b:00007ffea71497a8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 437.114503][ T8833] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000004651c7 [ 437.122528][ T8833] RDX: 00007ffea71497e0 RSI: 00007ffea71497e0 RDI: 00007ffea7149870 [ 437.131370][ T8833] RBP: 00007ffea7149870 R08: 0000000000000001 R09: 00007ffea7149640 [ 437.139382][ T8833] R10: 0000000001aa5853 R11: 0000000000000206 R12: 00000000004ae4e9 [ 437.147412][ T8833] R13: 00007ffea714a920 R14: 0000000001aa5810 R15: 0000000000000003 [ 437.155374][ T8833] irq event stamp: 14256590 [ 437.159895][ T8833] hardirqs last enabled at (14256589): [] __free_object+0x638/0xde0 [ 437.169569][ T8833] hardirqs last disabled at (14256590): [] _raw_spin_lock_irqsave+0x4e/0x50 [ 437.180369][ T8833] softirqs last enabled at (14253698): [] __irq_exit_rcu+0x17f/0x200 [ 437.190137][ T8833] softirqs last disabled at (14253615): [] __irq_exit_rcu+0x17f/0x200 [ 437.200375][ T8833] ---[ end trace 2f79cd434fc308b0 ]--- [ 437.205999][ T8833] ================================================================================ [ 437.215656][ T8833] UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.c:130:9 [ 437.223869][ T8833] index 7451 is out of range for type 'long unsigned int [8]' [ 437.231296][ T8833] CPU: 1 PID: 8833 Comm: syz-executor.5 Tainted: G B W 5.12.0-rc8-syzkaller #0 [ 437.241439][ T8833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 437.251557][ T8833] Call Trace: [ 437.254813][ T8833] dump_stack+0xfa/0x151 [ 437.259038][ T8833] ubsan_epilogue+0xb/0x5a [ 437.263658][ T8833] __ubsan_handle_out_of_bounds.cold+0x62/0x6c [ 437.270209][ T8833] __pv_queued_spin_lock_slowpath+0xa3f/0xb40 [ 437.276669][ T8833] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 437.282909][ T8833] ? pv_hash+0x100/0x100 [ 437.287133][ T8833] ? report_bug+0x38/0x210 [ 437.291530][ T8833] ? lock_acquire+0x57f/0x730 [ 437.296392][ T8833] do_raw_spin_lock+0x200/0x2b0 [ 437.301227][ T8833] ? rwlock_bug.part.0+0x90/0x90 [ 437.306360][ T8833] ? wake_up_klogd+0xcb/0x100 [ 437.311195][ T8833] _raw_spin_lock_irqsave+0x41/0x50 [ 437.316440][ T8833] ? skb_dequeue+0x1c/0x180 [ 437.320922][ T8833] skb_dequeue+0x1c/0x180 [ 437.325227][ T8833] skb_queue_purge+0x21/0x30 [ 437.329796][ T8833] hci_chan_del+0x14d/0x200 [ 437.334364][ T8833] l2cap_conn_del+0x478/0x7b0 [ 437.339021][ T8833] ? l2cap_conn_del+0x7b0/0x7b0 [ 437.343850][ T8833] l2cap_disconn_cfm+0x98/0xd0 [ 437.348592][ T8833] hci_conn_hash_flush+0x127/0x260 [ 437.353682][ T8833] hci_dev_do_close+0x569/0x1140 [ 437.358598][ T8833] ? hci_dev_open+0x300/0x300 [ 437.363250][ T8833] ? do_raw_read_unlock+0x70/0x70 [ 437.368253][ T8833] hci_unregister_dev+0x263/0x1150 [ 437.373341][ T8833] ? fsnotify+0x1090/0x1090 [ 437.377824][ T8833] ? hci_bdaddr_list_clear+0x200/0x200 [ 437.383263][ T8833] ? fcntl_setlk+0xee0/0xee0 [ 437.387835][ T8833] ? lock_is_held_type+0xd5/0x130 [ 437.392839][ T8833] vhci_release+0x70/0xe0 [ 437.397145][ T8833] __fput+0x288/0x920 [ 437.401107][ T8833] ? vhci_close_dev+0x50/0x50 [ 437.405762][ T8833] task_work_run+0xdd/0x1a0 [ 437.410421][ T8833] do_exit+0xbfc/0x2a80 [ 437.414573][ T8833] ? lock_is_held_type+0xd5/0x130 [ 437.419575][ T8833] ? find_held_lock+0x2d/0x110 [ 437.424330][ T8833] ? mm_update_next_owner+0x7a0/0x7a0 [ 437.429697][ T8833] ? lock_release+0x3bb/0x720 [ 437.434352][ T8833] ? get_signal+0x337/0x2210 [ 437.438920][ T8833] ? lock_downgrade+0x6d0/0x6d0 [ 437.443747][ T8833] ? lock_is_held_type+0xd5/0x130 [ 437.448751][ T8833] do_group_exit+0x125/0x310 [ 437.453324][ T8833] get_signal+0x47f/0x2210 [ 437.457718][ T8833] ? lockdep_hardirqs_on+0x79/0x100 [ 437.462898][ T8833] arch_do_signal_or_restart+0x2a8/0x1eb0 [ 437.468595][ T8833] ? kmem_cache_free+0x333/0x370 [ 437.473514][ T8833] ? putname+0xe1/0x120 [ 437.477649][ T8833] ? copy_siginfo_to_user32+0xa0/0xa0 [ 437.483002][ T8833] ? do_unlinkat+0x130/0x690 [ 437.487575][ T8833] ? __ia32_sys_rmdir+0x100/0x100 [ 437.492579][ T8833] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 437.498816][ T8833] exit_to_user_mode_prepare+0x124/0x200 [ 437.504424][ T8833] syscall_exit_to_user_mode+0x19/0x50 [ 437.509858][ T8833] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 437.515729][ T8833] RIP: 0033:0x4651c7 [ 437.519598][ T8833] Code: Unable to access opcode bytes at RIP 0x46519d. [ 437.526417][ T8833] RSP: 002b:00007ffea71497a8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 437.534987][ T8833] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000004651c7 [ 437.543020][ T8833] RDX: 00007ffea71497e0 RSI: 00007ffea71497e0 RDI: 00007ffea7149870 [ 437.550969][ T8833] RBP: 00007ffea7149870 R08: 0000000000000001 R09: 00007ffea7149640 [ 437.558917][ T8833] R10: 0000000001aa5853 R11: 0000000000000206 R12: 00000000004ae4e9 [ 437.567040][ T8833] R13: 00007ffea714a920 R14: 0000000001aa5810 R15: 0000000000000003 [ 437.574991][ T8833] ================================================================================ [ 437.584257][ T8833] general protection fault, probably for non-canonical address 0xdffffc00004bc32a: 0000 [#1] PREEMPT SMP KASAN [ 437.595945][ T8833] KASAN: probably user-memory-access in range [0x00000000025e1950-0x00000000025e1957] [ 437.605476][ T8833] CPU: 1 PID: 8833 Comm: syz-executor.5 Tainted: G B W 5.12.0-rc8-syzkaller #0 [ 437.615517][ T8833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 437.625547][ T8833] RIP: 0010:__pv_queued_spin_lock_slowpath+0x55a/0xb40 [ 437.632382][ T8833] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 e5 04 00 00 4a 03 1c e5 e0 26 32 8b 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 b5 04 00 00 4c 8d 6b 14 48 89 6c 24 08 48 8b 2c [ 437.651966][ T8833] RSP: 0018:ffffc900018df648 EFLAGS: 00010012 [ 437.658009][ T8833] RAX: dffffc0000000000 RBX: 00000000025e1950 RCX: 0000000000000000 [ 437.665955][ T8833] RDX: 00000000004bc32a RSI: ffffffff8159aa9f RDI: ffffffff8b330fb8 [ 437.673903][ T8833] RBP: ffff888013198f38 R08: 0000000000000000 R09: 0000000000000000 [ 437.681854][ T8833] R10: ffffffff88e7ec30 R11: 0000000000000000 R12: 0000000000001d1b [ 437.689804][ T8833] R13: 0000000000000001 R14: 0000000000080000 R15: ffff8880b9d35f40 [ 437.697755][ T8833] FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 437.706663][ T8833] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 437.713253][ T8833] CR2: 00007fdeda98d000 CR3: 0000000013381000 CR4: 0000000000350ee0 [ 437.721202][ T8833] Call Trace: [ 437.724460][ T8833] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 437.730687][ T8833] ? pv_hash+0x100/0x100 [ 437.734907][ T8833] ? report_bug+0x38/0x210 [ 437.739305][ T8833] ? lock_acquire+0x57f/0x730 [ 437.743973][ T8833] do_raw_spin_lock+0x200/0x2b0 [ 437.748817][ T8833] ? rwlock_bug.part.0+0x90/0x90 [ 437.753750][ T8833] ? wake_up_klogd+0xcb/0x100 [ 437.758406][ T8833] _raw_spin_lock_irqsave+0x41/0x50 [ 437.763597][ T8833] ? skb_dequeue+0x1c/0x180 [ 437.768095][ T8833] skb_dequeue+0x1c/0x180 [ 437.772402][ T8833] skb_queue_purge+0x21/0x30 [ 437.777090][ T8833] hci_chan_del+0x14d/0x200 [ 437.781660][ T8833] l2cap_conn_del+0x478/0x7b0 [ 437.786415][ T8833] ? l2cap_conn_del+0x7b0/0x7b0 [ 437.791279][ T8833] l2cap_disconn_cfm+0x98/0xd0 [ 437.796026][ T8833] hci_conn_hash_flush+0x127/0x260 [ 437.801118][ T8833] hci_dev_do_close+0x569/0x1140 [ 437.806035][ T8833] ? hci_dev_open+0x300/0x300 [ 437.810687][ T8833] ? do_raw_read_unlock+0x70/0x70 [ 437.815692][ T8833] hci_unregister_dev+0x263/0x1150 [ 437.820783][ T8833] ? fsnotify+0x1090/0x1090 [ 437.825269][ T8833] ? hci_bdaddr_list_clear+0x200/0x200 [ 437.830722][ T8833] ? fcntl_setlk+0xee0/0xee0 [ 437.835294][ T8833] ? lock_is_held_type+0xd5/0x130 [ 437.840299][ T8833] vhci_release+0x70/0xe0 [ 437.844626][ T8833] __fput+0x288/0x920 [ 437.848590][ T8833] ? vhci_close_dev+0x50/0x50 [ 437.853260][ T8833] task_work_run+0xdd/0x1a0 [ 437.857743][ T8833] do_exit+0xbfc/0x2a80 [ 437.861880][ T8833] ? lock_is_held_type+0xd5/0x130 [ 437.866883][ T8833] ? find_held_lock+0x2d/0x110 [ 437.871624][ T8833] ? mm_update_next_owner+0x7a0/0x7a0 [ 437.876972][ T8833] ? lock_release+0x3bb/0x720 [ 437.881626][ T8833] ? get_signal+0x337/0x2210 [ 437.886194][ T8833] ? lock_downgrade+0x6d0/0x6d0 [ 437.891027][ T8833] ? lock_is_held_type+0xd5/0x130 [ 437.896065][ T8833] do_group_exit+0x125/0x310 [ 437.900653][ T8833] get_signal+0x47f/0x2210 [ 437.905064][ T8833] ? lockdep_hardirqs_on+0x79/0x100 [ 437.910242][ T8833] arch_do_signal_or_restart+0x2a8/0x1eb0 [ 437.915944][ T8833] ? kmem_cache_free+0x333/0x370 [ 437.920857][ T8833] ? putname+0xe1/0x120 [ 437.924991][ T8833] ? copy_siginfo_to_user32+0xa0/0xa0 [ 437.930342][ T8833] ? do_unlinkat+0x130/0x690 [ 437.934911][ T8833] ? __ia32_sys_rmdir+0x100/0x100 [ 437.939916][ T8833] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 437.946138][ T8833] exit_to_user_mode_prepare+0x124/0x200 [ 437.951872][ T8833] syscall_exit_to_user_mode+0x19/0x50 [ 437.957310][ T8833] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 437.963181][ T8833] RIP: 0033:0x4651c7 [ 437.967050][ T8833] Code: Unable to access opcode bytes at RIP 0x46519d. [ 437.973866][ T8833] RSP: 002b:00007ffea71497a8 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 437.982254][ T8833] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000004651c7 [ 437.990379][ T8833] RDX: 00007ffea71497e0 RSI: 00007ffea71497e0 RDI: 00007ffea7149870 [ 437.998432][ T8833] RBP: 00007ffea7149870 R08: 0000000000000001 R09: 00007ffea7149640 [ 438.006730][ T8833] R10: 0000000001aa5853 R11: 0000000000000206 R12: 00000000004ae4e9 [ 438.014695][ T8833] R13: 00007ffea714a920 R14: 0000000001aa5810 R15: 0000000000000003 [ 438.022818][ T8833] Modules linked in: [ 438.026800][ T8833] ---[ end trace 2f79cd434fc308b1 ]--- [ 438.032226][ T8833] RIP: 0010:__pv_queued_spin_lock_slowpath+0x55a/0xb40 [ 438.039252][ T8833] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 e5 04 00 00 4a 03 1c e5 e0 26 32 8b 48 b8 00 00 00 00 00 fc ff df 48 89 da 48 c1 ea 03 <80> 3c 02 00 0f 85 b5 04 00 00 4c 8d 6b 14 48 89 6c 24 08 48 8b 2c [ 438.058947][ T8833] RSP: 0018:ffffc900018df648 EFLAGS: 00010012 [ 438.064991][ T8833] RAX: dffffc0000000000 RBX: 00000000025e1950 RCX: 0000000000000000 [ 438.072957][ T8833] RDX: 00000000004bc32a RSI: ffffffff8159aa9f RDI: ffffffff8b330fb8 [ 438.080907][ T8833] RBP: ffff888013198f38 R08: 0000000000000000 R09: 0000000000000000 [ 438.088854][ T8833] R10: ffffffff88e7ec30 R11: 0000000000000000 R12: 0000000000001d1b [ 438.096804][ T8833] R13: 0000000000000001 R14: 0000000000080000 R15: ffff8880b9d35f40 [ 438.104757][ T8833] FS: 0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 [ 438.113680][ T8833] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 438.120240][ T8833] CR2: 00007fdeda98d000 CR3: 0000000013381000 CR4: 0000000000350ee0 [ 438.128192][ T8833] Kernel panic - not syncing: Fatal exception [ 438.138067][ T8833] Kernel Offset: disabled [ 438.142478][ T8833] Rebooting in 86400 seconds..