Warning: Permanently added '10.128.15.212' (ED25519) to the list of known hosts. [ 40.345836][ T6459] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 40.349834][ T6461] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 40.352508][ T6461] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 40.355218][ T6461] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 40.357401][ T6461] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 40.359861][ T6461] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 40.361987][ T6461] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 40.364011][ T6461] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 40.365497][ T6465] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 40.366289][ T6461] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 40.368821][ T6465] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 40.369422][ T6461] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 40.371400][ T6466] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 40.373011][ T6467] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 40.374420][ T6466] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 40.375642][ T6467] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 40.377625][ T6466] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 40.378513][ T6467] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 40.380028][ T6466] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 40.388178][ T6466] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 40.390140][ T6466] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 40.392318][ T6466] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 40.407265][ T6467] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 40.409445][ T6467] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 40.411124][ T6009] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 40.413171][ T6009] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 40.414983][ T6009] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 40.416001][ T6467] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 40.418901][ T6467] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 40.420762][ T6467] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 executing program executing program executing program [ 40.503589][ T6463] BUG: sleeping function called from invalid context at net/core/sock.c:3647 [ 40.505972][ T6463] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6463, name: kworker/u9:5 [ 40.508007][ T6463] preempt_count: 1, expected: 0 [ 40.509055][ T6463] RCU nest depth: 0, expected: 0 [ 40.510124][ T6463] 5 locks held by kworker/u9:5/6463: [ 40.511498][ T6463] #0: ffff0000d2b14948 ((wq_completion)hci3#2){+.+.}-{0:0}, at: process_one_work+0x674/0x1638 [ 40.513929][ T6463] #1: ffff8000a3b57ba0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x708/0x1638 [ 40.516692][ T6463] #2: ffff0000c6624078 (&hdev->lock){+.+.}-{4:4}, at: hci_sync_conn_complete_evt+0xe4/0x90c [ 40.517928][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.518950][ T6463] #3: ffff0000cf2cc420 (&conn->lock#3){+.+.}-{3:3}, at: sco_connect_cfm+0x24c/0x8f4 [ 40.523146][ T6463] #4: ffff0000dc73e258 (sk_lock-AF_BLUETOOTH-BTPROTO_SCO){+.+.}-{0:0}, at: sco_connect_cfm+0x3d8/0x8f4 [ 40.525738][ T6463] Preemption disabled at: [ 40.525750][ T6463] [] sco_connect_cfm+0x24c/0x8f4 [ 40.528120][ T6463] CPU: 0 UID: 0 PID: 6463 Comm: kworker/u9:5 Not tainted 6.14.0-rc3-syzkaller-ga1c24ab82279 #0 [ 40.528134][ T6463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 40.528143][ T6463] Workqueue: hci3 hci_rx_work [ 40.528157][ T6463] Call trace: [ 40.528160][ T6463] show_stack+0x2c/0x3c (C) [ 40.528177][ T6463] dump_stack_lvl+0xe4/0x150 [ 40.528191][ T6463] dump_stack+0x1c/0x28 [ 40.528203][ T6463] __might_resched+0x374/0x4d0 [ 40.528214][ T6463] __might_sleep+0x90/0xe4 [ 40.528224][ T6463] lock_sock_nested+0x6c/0x11c executing program [ 40.528236][ T6463] sco_connect_cfm+0x3d8/0x8f4 [ 40.528248][ T6463] hci_sync_conn_complete_evt+0x4cc/0x90c [ 40.528259][ T6463] hci_event_packet+0x8d0/0x1060 [ 40.528270][ T6463] hci_rx_work+0x31c/0xb04 [ 40.528281][ T6463] process_one_work+0x810/0x1638 [ 40.528293][ T6463] worker_thread+0x97c/0xeec [ 40.528304][ T6463] kthread+0x65c/0x7b0 [ 40.528314][ T6463] ret_from_fork+0x10/0x20 [ 40.528327][ T6463] ================================================================== [ 40.551061][ T6463] BUG: KASAN: slab-use-after-free in __lock_acquire+0x10c/0x7904 [ 40.553080][ T6463] Read of size 8 at addr ffff0000dc73e1d8 by task kworker/u9:5/6463 [ 40.555127][ T6463] [ 40.555761][ T6463] CPU: 0 UID: 0 PID: 6463 Comm: kworker/u9:5 Tainted: G W 6.14.0-rc3-syzkaller-ga1c24ab82279 #0 [ 40.555778][ T6463] Tainted: [W]=WARN executing program executing program [ 40.555782][ T6463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 40.555789][ T6463] Workqueue: hci3 hci_rx_work [ 40.555807][ T6463] Call trace: [ 40.555810][ T6463] show_stack+0x2c/0x3c (C) [ 40.555826][ T6463] dump_stack_lvl+0xe4/0x150 [ 40.555840][ T6463] print_report+0x198/0x538 [ 40.555853][ T6463] kasan_report+0xd8/0x138 [ 40.555864][ T6463] __asan_report_load8_noabort+0x20/0x2c [ 40.555877][ T6463] __lock_acquire+0x10c/0x7904 [ 40.555889][ T6463] lock_acquire+0x23c/0x724 [ 40.555899][ T6463] _raw_spin_lock_bh+0x48/0x60 [ 40.555920][ T6463] lock_sock_nested+0x74/0x11c [ 40.555932][ T6463] sco_connect_cfm+0x3d8/0x8f4 [ 40.555945][ T6463] hci_sync_conn_complete_evt+0x4cc/0x90c [ 40.555957][ T6463] hci_event_packet+0x8d0/0x1060 [ 40.555967][ T6463] hci_rx_work+0x31c/0xb04 [ 40.555979][ T6463] process_one_work+0x810/0x1638 [ 40.555991][ T6463] worker_thread+0x97c/0xeec [ 40.556003][ T6463] kthread+0x65c/0x7b0 executing program executing program [ 40.556014][ T6463] ret_from_fork+0x10/0x20 [ 40.556025][ T6463] [ 40.556927][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.559057][ T6463] Allocated by task 6475: [ 40.576423][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.577197][ T6463] kasan_save_track+0x40/0x78 [ 40.577217][ T6463] kasan_save_alloc_info+0x40/0x50 [ 40.577229][ T6463] __kasan_kmalloc+0xac/0xc4 [ 40.594768][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.595400][ T6463] __kmalloc_noprof+0x32c/0x54c [ 40.595424][ T6463] sk_prot_alloc+0xc4/0x1f0 [ 40.595438][ T6463] sk_alloc+0x44/0x3f0 [ 40.602537][ T6463] bt_sock_alloc+0x4c/0x304 [ 40.603735][ T6463] sco_sock_create+0xbc/0x31c [ 40.605018][ T6463] bt_sock_create+0x14c/0x248 [ 40.605888][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.606292][ T6463] __sock_create+0x448/0x908 [ 40.609650][ T6463] __sys_socket+0x134/0x340 [ 40.610803][ T6463] __arm64_sys_socket+0x7c/0x94 [ 40.612071][ T6463] invoke_syscall+0x98/0x2b8 [ 40.613267][ T6463] el0_svc_common+0x130/0x23c [ 40.614506][ T6463] do_el0_svc+0x48/0x58 [ 40.615697][ T6463] el0_svc+0x54/0x168 [ 40.616720][ T6463] el0t_64_sync_handler+0x84/0x108 [ 40.617776][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.618115][ T6463] el0t_64_sync+0x198/0x19c [ 40.621603][ T6463] [ 40.622214][ T6463] Freed by task 6475: [ 40.623268][ T6463] kasan_save_track+0x40/0x78 [ 40.624492][ T6463] kasan_save_free_info+0x54/0x6c [ 40.625774][ T6463] __kasan_slab_free+0x64/0x8c [ 40.626985][ T6463] kfree+0x180/0x478 [ 40.627991][ T6463] __sk_destruct+0x4b8/0x74c [ 40.629291][ T6463] __sk_free+0x388/0x4f4 [ 40.630442][ T6463] sk_free+0x60/0xc8 [ 40.631282][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.631501][ T6463] sco_sock_kill+0xfc/0x1b4 [ 40.635097][ T6463] sco_sock_release+0x1fc/0x2c0 [ 40.636422][ T6463] sock_close+0xa4/0x1e8 [ 40.637540][ T6463] __fput+0x340/0x760 [ 40.638632][ T6463] __fput_sync+0xc8/0x118 [ 40.639773][ T6463] __arm64_sys_close+0x80/0xd8 [ 40.641042][ T6463] invoke_syscall+0x98/0x2b8 [ 40.642263][ T6463] el0_svc_common+0x130/0x23c [ 40.643485][ T6463] do_el0_svc+0x48/0x58 [ 40.643920][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.644539][ T6463] el0_svc+0x54/0x168 [ 40.648080][ T6463] el0t_64_sync_handler+0x84/0x108 [ 40.649371][ T6463] el0t_64_sync+0x198/0x19c [ 40.650498][ T6463] [ 40.651105][ T6463] The buggy address belongs to the object at ffff0000dc73e000 [ 40.651105][ T6463] which belongs to the cache kmalloc-2k of size 2048 [ 40.654745][ T6463] The buggy address is located 472 bytes inside of [ 40.654745][ T6463] freed 2048-byte region [ffff0000dc73e000, ffff0000dc73e800) [ 40.656344][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.658527][ T6463] [ 40.658535][ T6463] The buggy address belongs to the physical page: [ 40.663102][ T6463] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c738 [ 40.665279][ T6463] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 40.667547][ T6463] flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) [ 40.669577][ T6463] page_type: f5(slab) [ 40.670610][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.670624][ T6463] raw: 05ffc00000000040 ffff0000c0002000 dead000000000122 0000000000000000 [ 40.670636][ T6463] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 40.677457][ T6463] head: 05ffc00000000040 ffff0000c0002000 dead000000000122 0000000000000000 [ 40.679792][ T6463] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 40.682254][ T6463] head: 05ffc00000000003 fffffdffc371ce01 ffffffffffffffff 0000000000000000 [ 40.682681][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.684497][ T6463] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 40.689214][ T6463] page dumped because: kasan: bad access detected [ 40.690828][ T6463] [ 40.691458][ T6463] Memory state around the buggy address: [ 40.692871][ T6463] ffff0000dc73e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.695069][ T6463] ffff0000dc73e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.696189][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.697160][ T6463] >ffff0000dc73e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.701665][ T6463] ^ [ 40.703616][ T6463] ffff0000dc73e200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.705732][ T6463] ffff0000dc73e280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.707796][ T6463] ================================================================== [ 40.708421][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 40.709973][ T6463] Disabling lock debugging due to kernel taint executing program [ 40.714357][ T6463] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 40.716893][ T6463] Mem abort info: [ 40.717783][ T6463] ESR = 0x0000000096000004 [ 40.718893][ T6463] EC = 0x25: DABT (current EL), IL = 32 bits [ 40.720070][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.720483][ T6463] SET = 0, FnV = 0 [ 40.723721][ T6463] EA = 0, S1PTW = 0 executing program [ 40.724716][ T6463] FSC = 0x04: level 0 translation fault [ 40.726456][ T6463] Data abort info: [ 40.727435][ T6463] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 executing program executing program [ 40.729045][ T6463] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 40.730572][ T6463] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 40.731196][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.732258][ T6463] user pgtable: 4k pages, 48-bit VAs, pgdp=00000001186b2000 executing program [ 40.736357][ T6463] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 [ 40.738267][ T6463] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 40.740048][ T6463] Modules linked in: executing program [ 40.741034][ T6463] CPU: 0 UID: 0 PID: 6463 Comm: kworker/u9:5 Tainted: G B W 6.14.0-rc3-syzkaller-ga1c24ab82279 #0 [ 40.742262][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.744124][ T6463] Tainted: [B]=BAD_PAGE, [W]=WARN [ 40.747861][ T6463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 40.750486][ T6463] Workqueue: hci3 hci_rx_work executing program executing program [ 40.751762][ T6463] pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 40.753417][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.753843][ T6463] pc : __pi_memcpy_generic+0x24/0x22c [ 40.757607][ T6463] lr : __asan_memcpy+0x68/0x84 [ 40.758820][ T6463] sp : ffff8000a3b57600 [ 40.759894][ T6463] x29: ffff8000a3b57600 x28: 1ffff0001476aed4 x27: dfff800000000000 [ 40.762032][ T6463] x26: 1fffe0001b8e7cad x25: ffff0000dc73f3c4 x24: ffff0000dc73e568 [ 40.764122][ T6463] x23: ffff0000dc73f000 x22: ffff800082e7ceec x21: ffff0000d604cc00 [ 40.764336][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.766236][ T6463] x20: 0000000000000000 x19: 0000000000000020 x18: ffff0001b37a2828 [ 40.766260][ T6463] x17: ffff800080380838 x16: ffff80008b7275dc x15: 0000000000000004 [ 40.772968][ T6463] x14: 1fffe0001ac09980 x13: 0000000000000000 x12: 0000000000000000 [ 40.775075][ T6463] x11: ffff60001ac09984 x10: 1fffe0001ac09983 x9 : dfff800000000000 [ 40.775988][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.777173][ T6463] x8 : 0000000000000001 x7 : 0000000000000000 x6 : ffff80008a8a91a4 [ 40.781501][ T6463] x5 : ffff0000d604cc20 x4 : 0000000000000020 x3 : ffff800082e7ceec [ 40.783483][ T6463] x2 : 0000000000000020 x1 : 0000000000000000 x0 : ffff0000d604cc00 [ 40.785505][ T6463] Call trace: [ 40.786372][ T6463] __pi_memcpy_generic+0x24/0x22c (P) [ 40.787495][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.787763][ T6463] smack_sk_clone_security+0x7c/0x90 [ 40.791435][ T6463] security_sk_clone+0x90/0x194 [ 40.792753][ T6463] sco_connect_cfm+0x56c/0x8f4 [ 40.794014][ T6463] hci_sync_conn_complete_evt+0x4cc/0x90c [ 40.795480][ T6463] hci_event_packet+0x8d0/0x1060 [ 40.796781][ T6463] hci_rx_work+0x31c/0xb04 [ 40.797972][ T6463] process_one_work+0x810/0x1638 [ 40.798727][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.799283][ T6463] worker_thread+0x97c/0xeec [ 40.802771][ T6463] kthread+0x65c/0x7b0 [ 40.803836][ T6463] ret_from_fork+0x10/0x20 [ 40.804917][ T6463] Code: f100805f 540003c8 f100405f 540000c3 (a9401c26) [ 40.806650][ T6463] ---[ end trace 0000000000000000 ]--- [ 40.809781][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.821445][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 40.832247][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 40.843406][ T6009] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection [ 41.129507][ T6463] Kernel panic - not syncing: Oops: Fatal exception [ 41.131260][ T6463] SMP: stopping secondary CPUs [ 41.132548][ T6463] Kernel Offset: disabled [ 41.133695][ T6463] CPU features: 0x200,00002070,00800250,82017203 [ 41.135307][ T6463] Memory Limit: none [ 41.453868][ T6463] Rebooting in 86400 seconds..