Warning: Permanently added '10.128.0.106' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
[ 22.463146][ T28] audit: type=1400 audit(1733036599.924:66): avc: denied { execmem } for pid=289 comm="syz-executor620" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 22.484259][ T8] Bluetooth: hci1: Frame reassembly failed (-84)
[ 22.484606][ T28] audit: type=1400 audit(1733036599.924:67): avc: denied { create } for pid=296 comm="syz-executor620" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 22.511243][ T28] audit: type=1400 audit(1733036599.924:68): avc: denied { ioctl } for pid=296 comm="syz-executor620" path="socket:[14626]" dev="sockfs" ino=14626 ioctlcmd=0x48e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 22.517442][ T43] Bluetooth: hci2: Frame reassembly failed (-84)
[ 22.536696][ T8] Bluetooth: hci3: Frame reassembly failed (-84)
[ 22.542723][ T43] Bluetooth: hci4: Frame reassembly failed (-84)
[ 24.528527][ T305] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 24.528574][ T308] Bluetooth: hci4: command 0x1003 tx timeout
[ 24.534474][ T297] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 24.540319][ T304] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 24.546202][ T297] Bluetooth: hci3: command 0x1003 tx timeout
[ 24.552524][ T298] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 24.558323][ T296] Bluetooth: hci0: Opcode 0x080f failed: -110
[ 24.564453][ T308] Bluetooth: hci2: command 0x1003 tx timeout
[ 24.571429][ T43] Bluetooth: hci0: Frame reassembly failed (-84)
executing program
[ 26.618542][ T308] Bluetooth: hci0: command 0x080f tx timeout
[ 26.618548][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 26.630418][ T295] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 26.636302][ T301] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 26.642151][ T300] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 26.648689][ T299] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
executing program
executing program
executing program
[ 26.664086][ T8] Bluetooth: hci0: Frame reassembly failed (-84)
[ 26.682758][ T43] Bluetooth: hci1: Frame reassembly failed (-84)
[ 26.689275][ T43] Bluetooth: hci1: Frame reassembly failed (-84)
[ 26.701520][ T43] Bluetooth: hci2: Frame reassembly failed (-84)
[ 26.707820][ T10] Bluetooth: hci3: Frame reassembly failed (-84)
[ 26.710678][ T43] Bluetooth: hci4: Frame reassembly failed (-84)
[ 26.714337][ T10] Bluetooth: hci3: Frame reassembly failed (-84)
[ 28.688557][ T306] Bluetooth: hci1: command 0x1003 tx timeout
[ 28.688554][ T308] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 28.688586][ T306] Bluetooth: hci0: command 0x1003 tx timeout
[ 28.694583][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 28.712220][ T317] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 28.718150][ T318] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 28.724170][ T320] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 28.730086][ T321] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 28.735951][ T322] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
executing program
executing program
executing program
[ 28.768539][ T298] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 28.768568][ T311] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 28.774480][ T298] Bluetooth: hci4: command 0x1003 tx timeout
[ 28.780620][ T45] Bluetooth: hci2: command 0x1003 tx timeout
[ 28.786165][ T304] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 28.799824][ T43] Bluetooth: hci0: Frame reassembly failed (-84)
[ 28.805987][ T43] Bluetooth: hci0: Frame reassembly failed (-84)
[ 28.807285][ T10] Bluetooth: hci1: Frame reassembly failed (-84)
executing program
[ 28.818690][ T319] Bluetooth: hci3: Frame reassembly failed (-84)
[ 28.820188][ T10] Bluetooth: hci2: Frame reassembly failed (-84)
[ 28.842147][ T10] Bluetooth: hci4: Frame reassembly failed (-84)
[ 30.848527][ T45] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 30.848562][ T308] Bluetooth: hci4: command 0x1003 tx timeout
[ 30.854462][ T45] Bluetooth: hci3: command 0x1003 tx timeout
[ 30.860298][ T304] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 30.866295][ T45] Bluetooth: hci1: command 0x1003 tx timeout
[ 30.871982][ T306] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 30.877786][ T45] Bluetooth: hci0: command 0x1003 tx timeout
[ 30.883698][ T298] Bluetooth: hci3: Opcode 0x1003 failed: -110
executing program
[ 30.889779][ T311] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 30.896037][ T325] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 30.907270][ T326] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 30.913274][ T327] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 30.919191][ T328] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 30.925818][ T329] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
executing program
[ 30.977546][ T10] Bluetooth: hci0: Frame reassembly failed (-84)
executing program
executing program
[ 31.022025][ T10] Bluetooth: hci1: Frame reassembly failed (-84)
[ 31.025649][ T43] Bluetooth: hci2: Frame reassembly failed (-84)
[ 31.034634][ T319] Bluetooth: hci3: Frame reassembly failed (-84)
[ 31.034668][ T43] Bluetooth: hci4: Frame reassembly failed (-84)
[ 33.008570][ T297] Bluetooth: hci0: command 0x1003 tx timeout
[ 33.008589][ T311] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 33.020481][ T332] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 33.026688][ T333] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 33.032620][ T334] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 33.038606][ T335] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 33.044534][ T336] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
executing program
executing program
executing program
[ 33.088559][ T308] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 33.088605][ T297] Bluetooth: hci4: command 0x1003 tx timeout
[ 33.094571][ T311] Bluetooth: hci3: command 0x1003 tx timeout
[ 33.100317][ T304] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 33.106098][ T298] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 33.112157][ T306] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 33.112233][ T306] Bluetooth: hci2: command 0x1003 tx timeout
[ 33.132468][ T43] Bluetooth: hci0: Frame reassembly failed (-84)
executing program
[ 33.139954][ T43] Bluetooth: hci1: Frame reassembly failed (-84)
[ 33.142443][ T319] Bluetooth: hci2: Frame reassembly failed (-84)
[ 33.152348][ T10] Bluetooth: hci3: Frame reassembly failed (-84)
[ 33.152368][ T10] Bluetooth: hci4: Frame reassembly failed (-84)
[ 35.168587][ T311] Bluetooth: hci4: command 0x1003 tx timeout
[ 35.168581][ T298] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 35.168614][ T311] Bluetooth: hci3: command 0x1003 tx timeout
[ 35.174501][ T308] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 35.180354][ T306] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 35.180406][ T306] Bluetooth: hci0: command 0x1003 tx timeout
[ 35.186139][ T297] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 35.192060][ T45] Bluetooth: hci2: command 0x1003 tx timeout
executing program
[ 35.198088][ T304] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 35.221463][ T339] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 35.227371][ T341] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 35.233218][ T342] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 35.239177][ T343] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 35.245776][ T340] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
executing program
executing program
executing program
[ 35.290351][ T319] Bluetooth: hci0: Frame reassembly failed (-84)
[ 35.311771][ T43] Bluetooth: hci1: Frame reassembly failed (-84)
[ 35.318732][ T43] Bluetooth: hci1: Frame reassembly failed (-84)
[ 35.325309][ T10] Bluetooth: hci2: Frame reassembly failed (-84)
[ 35.325318][ T43] Bluetooth: hci3: Frame reassembly failed (-84)
[ 35.325796][ T43] Bluetooth: hci4: Frame reassembly failed (-84)
[ 37.328514][ T304] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 37.328566][ T308] Bluetooth: hci4: command 0x1003 tx timeout
[ 37.334485][ T304] Bluetooth: hci3: command 0x1003 tx timeout
[ 37.340284][ T306] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 37.351980][ T304] Bluetooth: hci2: command 0x1003 tx timeout
[ 37.351994][ T297] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 37.357780][ T304] Bluetooth: hci1: command 0x1003 tx timeout
[ 37.363724][ T298] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 37.375548][ T305] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 39.408527][ T346] Bluetooth: hci0: Opcode 0x080f failed: -110
executing program
executing program
[ 40.314006][ T347] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 40.324093][ T348] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 40.330001][ T349] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 40.335836][ T350] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 40.346928][ T43] Bluetooth: hci0: Frame reassembly failed (-84)
executing program
executing program
executing program
[ 40.371270][ T10] Bluetooth: hci1: Frame reassembly failed (-84)
[ 40.377502][ T10] Bluetooth: hci1: Frame reassembly failed (-84)
[ 40.387410][ T10] Bluetooth: hci2: Frame reassembly failed (-84)
[ 40.394129][ T43] Bluetooth: hci4: Frame reassembly failed (-84)
[ 40.398936][ T319] Bluetooth: hci3: Frame reassembly failed (-84)
[ 40.406504][ T319] Bluetooth: hci3: Frame reassembly failed (-84)
[ 42.368535][ T308] Bluetooth: hci0: command 0x1003 tx timeout
[ 42.368535][ T305] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 42.380385][ T357] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 42.386278][ T358] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
[ 42.448555][ T45] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 42.448555][ T298] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 42.448613][ T45] Bluetooth: hci4: command 0x1003 tx timeout
[ 42.454501][ T298] Bluetooth: hci2: command 0x1003 tx timeout
[ 42.460408][ T306] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 42.466678][ T297] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 42.482766][ T319] Bluetooth: hci1: Frame reassembly failed (-84)
executing program
executing program
[ 44.448537][ T297] Bluetooth: hci0: command 0x080f tx timeout
[ 44.448546][ T359] Bluetooth: hci0: Opcode 0x080f failed: -110
[ 44.460537][ T361] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 44.466525][ T360] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 44.484544][ T319] Bluetooth: hci0: Frame reassembly failed (-84)
executing program
executing program
[ 44.513398][ T43] Bluetooth: hci2: Frame reassembly failed (-84)
[ 44.519601][ T43] Bluetooth: hci2: Frame reassembly failed (-84)
[ 44.528564][ T45] Bluetooth: hci1: command 0x1003 tx timeout
[ 44.534419][ T298] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 44.554676][ T10] Bluetooth: hci1: Frame reassembly failed (-84)
executing program
[ 44.563689][ T10] Bluetooth: hci3: Frame reassembly failed (-84)
[ 44.573370][ T8] Bluetooth: hci4: Frame reassembly failed (-84)
[ 46.528557][ T297] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 46.528576][ T304] Bluetooth: hci2: command 0x1003 tx timeout
[ 46.528599][ T304] Bluetooth: hci0: command 0x1003 tx timeout
[ 46.534562][ T306] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 46.541007][ T369] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 46.558073][ T370] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 46.563960][ T371] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 46.571071][ T372] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 46.577084][ T373] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
executing program
executing program
[ 46.608608][ T305] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 46.608627][ T45] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 46.608680][ T45] Bluetooth: hci3: command 0x1003 tx timeout
[ 46.615051][ T298] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 46.621150][ T306] Bluetooth: hci1: command 0x1003 tx timeout
[ 46.639380][ T43] Bluetooth: hci0: Frame reassembly failed (-84)
[ 46.647892][ T10] Bluetooth: hci1: Frame reassembly failed (-84)
executing program
executing program
[ 46.654448][ T43] Bluetooth: hci2: Frame reassembly failed (-84)
[ 46.673342][ T43] Bluetooth: hci3: Frame reassembly failed (-84)
[ 46.694075][ T43] Bluetooth: hci4: Frame reassembly failed (-84)
[ 48.608518][ C0] ==================================================================
[ 48.616406][ C0] BUG: KASAN: use-after-free in __run_timers+0x34a/0xa10
[ 48.623386][ C0] Write of size 8 at addr ffff888111e08a00 by task swapper/0/0
[ 48.630760][ C0]
[ 48.632940][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.1.115-syzkaller-00041-ga887a44ace2a #0
[ 48.642218][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 48.652111][ C0] Call Trace:
[ 48.655250][ C0]
[ 48.657930][ C0] dump_stack_lvl+0x151/0x1b7
[ 48.662447][ C0] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 48.667737][ C0] ? _printk+0xd1/0x111
[ 48.671726][ C0] ? __virt_addr_valid+0x242/0x2f0
[ 48.676679][ C0] print_report+0x158/0x4e0
[ 48.681016][ C0] ? __virt_addr_valid+0x242/0x2f0
[ 48.685957][ C0] ? kasan_complete_mode_report_info+0x90/0x1b0
[ 48.692036][ C0] ? __run_timers+0x34a/0xa10
[ 48.696548][ C0] kasan_report+0x13c/0x170
[ 48.700885][ C0] ? __run_timers+0x34a/0xa10
[ 48.705404][ C0] __asan_report_store8_noabort+0x17/0x20
[ 48.710955][ C0] __run_timers+0x34a/0xa10
[ 48.715295][ C0] ? kvm_sched_clock_read+0x18/0x40
[ 48.720331][ C0] ? calc_index+0x270/0x270
[ 48.724673][ C0] ? sched_clock+0x9/0x10
[ 48.728833][ C0] ? sched_clock_cpu+0x71/0x2b0
[ 48.733522][ C0] run_timer_softirq+0x69/0xf0
[ 48.738118][ C0] handle_softirqs+0x1db/0x650
[ 48.738571][ T304] Bluetooth: hci3: command 0x1003 tx timeout
[ 48.742722][ C0] ? irqtime_account_irq+0xdc/0x260
[ 48.748562][ T305] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 48.753572][ C0] __irq_exit_rcu+0x52/0xf0
[ 48.759624][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 48.763937][ C0] irq_exit_rcu+0x9/0x10
[ 48.769860][ T298] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 48.773919][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 48.779853][ T308] Bluetooth: hci2: command 0x1003 tx timeout
[ 48.785290][ C0]
[ 48.793882][ C0]
[ 48.796657][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 48.802474][ C0] RIP: 0010:acpi_idle_enter+0x416/0x760
[ 48.807852][ C0] Code: 89 de 48 83 e6 08 31 ff e8 27 1c 54 fc 48 83 e3 08 0f 85 b1 00 00 00 0f 1f 44 00 00 e8 d3 17 54 fc 0f 00 2d 7c e8 ce 00 fb f4 e9 e3 00 00 00 49 83 c7 04 4c 89 f8 48 c1 e8 03 42 0f b6 04 30
[ 48.827294][ C0] RSP: 0018:ffffffff87007bd0 EFLAGS: 000002d3
[ 48.833203][ C0] RAX: ffffffff85216edd RBX: 0000000000000000 RCX: ffffffff8701d4c0
[ 48.841013][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 48.848824][ C0] RBP: ffffffff87007c10 R08: ffffffff85216ec9 R09: fffffbfff0e03a99
[ 48.856636][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001
[ 48.864442][ C0] R13: ffff88810a652804 R14: dffffc0000000000 R15: ffff8881097df064
[ 48.872259][ C0] ? acpi_idle_enter+0x3f9/0x760
[ 48.877025][ C0] ? acpi_idle_enter+0x40d/0x760
[ 48.881801][ C0] ? intel_idle_xstate+0xa0/0xa0
[ 48.886575][ C0] cpuidle_enter_state+0x5eb/0x17f0
[ 48.891610][ C0] ? cpuidle_enter_s2idle+0x600/0x600
[ 48.896816][ C0] ? menu_enable_device+0x380/0x380
[ 48.901959][ C0] ? __sched_text_start+0x8/0x8
[ 48.906648][ C0] cpuidle_enter+0x5f/0xa0
[ 48.910898][ C0] do_idle+0x3d1/0x580
[ 48.914803][ C0] ? idle_inject_timer_fn+0x60/0x60
[ 48.919840][ C0] ? radix_tree_lookup+0x23a/0x290
[ 48.924785][ C0] ? debug_smp_processor_id+0x17/0x20
[ 48.929994][ C0] cpu_startup_entry+0x44/0x60
[ 48.934593][ C0] rest_init+0x10b/0x130
[ 48.938672][ C0] ? time_init+0x38/0x38
[ 48.942749][ C0] arch_call_rest_init+0xe/0xe
[ 48.947350][ C0] start_kernel+0x46c/0x4d8
[ 48.951690][ C0] x86_64_start_reservations+0x2a/0x2c
[ 48.956985][ C0] x86_64_start_kernel+0x7c/0x81
[ 48.961757][ C0] secondary_startup_64_no_verify+0xce/0xdb
[ 48.967490][ C0]
[ 48.970353][ C0]
[ 48.972522][ C0] Allocated by task 369:
[ 48.976600][ C0] kasan_set_track+0x4b/0x70
[ 48.981025][ C0] kasan_save_alloc_info+0x1f/0x30
[ 48.985972][ C0] __kasan_kmalloc+0x9c/0xb0
[ 48.990400][ C0] __kmalloc+0xb4/0x1e0
[ 48.994391][ C0] hci_alloc_dev_priv+0x27/0x1c00
[ 48.999250][ C0] hci_uart_tty_ioctl+0x401/0xa70
[ 49.004111][ C0] tty_ioctl+0x903/0xc50
[ 49.008192][ C0] __se_sys_ioctl+0x114/0x190
[ 49.012708][ C0] __x64_sys_ioctl+0x7b/0x90
[ 49.017146][ C0] x64_sys_call+0x98/0x9a0
[ 49.021384][ C0] do_syscall_64+0x3b/0xb0
[ 49.025640][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 49.031455][ C0]
[ 49.033621][ C0] Freed by task 373:
[ 49.037357][ C0] kasan_set_track+0x4b/0x70
[ 49.041779][ C0] kasan_save_free_info+0x2b/0x40
[ 49.046649][ C0] ____kasan_slab_free+0x131/0x180
[ 49.051677][ C0] __kasan_slab_free+0x11/0x20
[ 49.056274][ C0] __kmem_cache_free+0x21d/0x410
[ 49.061053][ C0] kfree+0x7a/0xf0
[ 49.064607][ C0] hci_release_dev+0x14d3/0x1640
[ 49.069390][ C0] bt_host_release+0x83/0xa0
[ 49.073947][ C0] device_release+0x95/0x1c0
[ 49.078371][ C0] kobject_put+0x178/0x260
[ 49.082621][ C0] put_device+0x1f/0x30
[ 49.086612][ C0] hci_dev_cmd+0x2be/0x9b0
[ 49.090870][ C0] hci_sock_ioctl+0x415/0x7f0
[ 49.095376][ C0] sock_do_ioctl+0x152/0x450
[ 49.099804][ C0] sock_ioctl+0x455/0x740
[ 49.103968][ C0] __se_sys_ioctl+0x114/0x190
[ 49.108657][ C0] __x64_sys_ioctl+0x7b/0x90
[ 49.113092][ C0] x64_sys_call+0x98/0x9a0
[ 49.117349][ C0] do_syscall_64+0x3b/0xb0
[ 49.121593][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 49.127318][ C0]
[ 49.129487][ C0] Last potentially related work creation:
[ 49.135042][ C0] kasan_save_stack+0x3b/0x60
[ 49.139554][ C0] __kasan_record_aux_stack+0xb4/0xc0
[ 49.144763][ C0] kasan_record_aux_stack_noalloc+0xb/0x10
[ 49.150401][ C0] insert_work+0x56/0x310
[ 49.154574][ C0] __queue_work+0x9b6/0xd70
[ 49.158913][ C0] queue_work_on+0x105/0x170
[ 49.163337][ C0] __hci_cmd_sync_sk+0xc2a/0xf70
[ 49.168107][ C0] hci_cmd_sync_status+0x52/0x130
[ 49.172974][ C0] hci_dev_cmd+0x771/0x9b0
[ 49.177225][ C0] hci_sock_ioctl+0x415/0x7f0
[ 49.181734][ C0] sock_do_ioctl+0x152/0x450
[ 49.186188][ C0] sock_ioctl+0x455/0x740
[ 49.190332][ C0] __se_sys_ioctl+0x114/0x190
[ 49.194839][ C0] __x64_sys_ioctl+0x7b/0x90
[ 49.199297][ C0] x64_sys_call+0x98/0x9a0
[ 49.203520][ C0] do_syscall_64+0x3b/0xb0
[ 49.207770][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 49.213499][ C0]
[ 49.215671][ C0] Second to last potentially related work creation:
[ 49.222110][ C0] kasan_save_stack+0x3b/0x60
[ 49.226606][ C0] __kasan_record_aux_stack+0xb4/0xc0
[ 49.231813][ C0] kasan_record_aux_stack_noalloc+0xb/0x10
[ 49.237453][ C0] insert_work+0x56/0x310
[ 49.241621][ C0] __queue_work+0x9b6/0xd70
[ 49.245960][ C0] queue_work_on+0x105/0x170
[ 49.250387][ C0] __hci_cmd_sync_sk+0xc2a/0xf70
[ 49.255171][ C0] hci_cmd_sync_status+0x52/0x130
[ 49.260025][ C0] hci_dev_cmd+0x771/0x9b0
[ 49.264274][ C0] hci_sock_ioctl+0x415/0x7f0
[ 49.268798][ C0] sock_do_ioctl+0x152/0x450
[ 49.273215][ C0] sock_ioctl+0x455/0x740
[ 49.277389][ C0] __se_sys_ioctl+0x114/0x190
[ 49.281898][ C0] __x64_sys_ioctl+0x7b/0x90
[ 49.286321][ C0] x64_sys_call+0x98/0x9a0
[ 49.290574][ C0] do_syscall_64+0x3b/0xb0
[ 49.294825][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 49.300554][ C0]
[ 49.302733][ C0] The buggy address belongs to the object at ffff888111e08000
[ 49.302733][ C0] which belongs to the cache kmalloc-8k of size 8192
[ 49.316609][ C0] The buggy address is located 2560 bytes inside of
[ 49.316609][ C0] 8192-byte region [ffff888111e08000, ffff888111e0a000)
[ 49.329889][ C0]
[ 49.332097][ C0] The buggy address belongs to the physical page:
[ 49.338319][ C0] page:ffffea0004478200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x111e08
[ 49.348379][ C0] head:ffffea0004478200 order:3 compound_mapcount:0 compound_pincount:0
[ 49.357056][ C0] flags: 0x4000000000010200(slab|head|zone=1)
[ 49.363139][ C0] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043500
[ 49.371555][ C0] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[ 49.379971][ C0] page dumped because: kasan: bad access detected
[ 49.386234][ C0] page_owner tracks the page as allocated
[ 49.391778][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 365, tgid 365 (syz-executor620), ts 42480019797, free_ts 40386964661
[ 49.413053][ C0] post_alloc_hook+0x213/0x220
[ 49.417636][ C0] prep_new_page+0x1b/0x110
[ 49.421980][ C0] get_page_from_freelist+0x2980/0x2a10
[ 49.427359][ C0] __alloc_pages+0x234/0x610
[ 49.431782][ C0] alloc_slab_page+0x6c/0xf0
[ 49.436210][ C0] new_slab+0x90/0x3e0
[ 49.440114][ C0] ___slab_alloc+0x6f9/0xb80
[ 49.444540][ C0] __slab_alloc+0x5d/0xa0
[ 49.448800][ C0] __kmem_cache_alloc_node+0x207/0x2a0
[ 49.454089][ C0] __kmalloc+0xa3/0x1e0
[ 49.458080][ C0] hci_alloc_dev_priv+0x27/0x1c00
[ 49.462953][ C0] hci_uart_tty_ioctl+0x401/0xa70
[ 49.467801][ C0] tty_ioctl+0x903/0xc50
[ 49.471880][ C0] __se_sys_ioctl+0x114/0x190
[ 49.476401][ C0] __x64_sys_ioctl+0x7b/0x90
[ 49.480821][ C0] x64_sys_call+0x98/0x9a0
[ 49.485074][ C0] page last free stack trace:
[ 49.489589][ C0] free_unref_page_prepare+0x83d/0x850
[ 49.494888][ C0] free_unref_page+0xb2/0x5c0
[ 49.499397][ C0] __free_pages+0x61/0xf0
[ 49.503562][ C0] __free_slab+0xce/0x1a0
[ 49.507814][ C0] __unfreeze_partials+0x165/0x1a0
[ 49.512762][ C0] put_cpu_partial+0xa9/0x100
[ 49.517275][ C0] __slab_free+0x1c8/0x280
[ 49.521529][ C0] ___cache_free+0xc6/0xd0
[ 49.525780][ C0] qlist_free_all+0xc5/0x140
[ 49.530211][ C0] kasan_quarantine_reduce+0x15a/0x180
[ 49.535499][ C0] __kasan_slab_alloc+0x24/0x80
[ 49.540186][ C0] slab_post_alloc_hook+0x53/0x2c0
[ 49.545135][ C0] __kmem_cache_alloc_node+0x193/0x2a0
[ 49.550427][ C0] __kmalloc+0xa3/0x1e0
[ 49.554427][ C0] rfkill_alloc+0x9b/0x280
[ 49.558674][ C0] hci_register_dev+0x35b/0x9a0
[ 49.563384][ C0]
[ 49.565530][ C0] Memory state around the buggy address:
[ 49.571003][ C0] ffff888111e08900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.578994][ C0] ffff888111e08980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.586891][ C0] >ffff888111e08a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.594782][ C0] ^
[ 49.598691][ C0] ffff888111e08a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.606591][ C0] ffff888111e08b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 49.614481][ C0] ==================================================================
[ 49.622387][ C0] Disabling lock debugging due to kernel taint
[ 49.628622][ T297] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 49.628656][ C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[ 49.634546][ T297] Bluetooth: hci0: command 0x1003 tx timeout
[ 49.646058][ C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 49.646078][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 6.1.115-syzkaller-00041-ga887a44ace2a #0
[ 49.646099][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 49.646111][ C0] RIP: 0010:__queue_work+0x4f1/0xd70
[ 49.685916][ C0] Code: 39 03 0f 84 40 01 00 00 e8 0c 6c 2a 00 4c 89 e7 e8 d4 73 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 d0 da 71 00 49 8b 3e e8 88 6c d6
[ 49.705333][ C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046
[ 49.711233][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff8701d4c0
[ 49.719051][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 49.726858][ C0] RBP: ffffc90000007d00 R08: ffffffff814b185b R09: 0000000000000007
[ 49.734668][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff888111e089c8
[ 49.742479][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888111e089e0
[ 49.750292][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 49.759060][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 49.765483][ C0] CR2: 0000000020000008 CR3: 0000000124e96000 CR4: 00000000003506b0
[ 49.773381][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 49.781190][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 49.788999][ C0] Call Trace:
[ 49.792127][ C0]
[ 49.794818][ C0] ? __die_body+0x62/0xb0
[ 49.798983][ C0] ? die_addr+0x9f/0xd0
[ 49.802974][ C0] ? exc_general_protection+0x317/0x4c0
[ 49.808370][ C0] ? asm_exc_general_protection+0x27/0x30
[ 49.813910][ C0] ? __queue_work+0x28b/0xd70
[ 49.818423][ C0] ? __queue_work+0x4f1/0xd70
[ 49.822945][ C0] ? __queue_work+0x29c/0xd70
[ 49.827458][ C0] delayed_work_timer_fn+0x61/0x80
[ 49.832400][ C0] ? queue_work_node+0x1d0/0x1d0
[ 49.837167][ C0] call_timer_fn+0x3b/0x2d0
[ 49.841508][ C0] ? queue_work_node+0x1d0/0x1d0
[ 49.846283][ C0] __run_timers+0x756/0xa10
[ 49.850630][ C0] ? calc_index+0x270/0x270
[ 49.854980][ C0] ? sched_clock+0x9/0x10
[ 49.859130][ C0] ? sched_clock_cpu+0x71/0x2b0
[ 49.863817][ C0] run_timer_softirq+0x69/0xf0
[ 49.868417][ C0] handle_softirqs+0x1db/0x650
[ 49.873015][ C0] ? irqtime_account_irq+0xdc/0x260
[ 49.878051][ C0] __irq_exit_rcu+0x52/0xf0
[ 49.882391][ C0] irq_exit_rcu+0x9/0x10
[ 49.886466][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 49.891936][ C0]
[ 49.894711][ C0]
[ 49.897493][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 49.903304][ C0] RIP: 0010:acpi_idle_enter+0x416/0x760
[ 49.908688][ C0] Code: 89 de 48 83 e6 08 31 ff e8 27 1c 54 fc 48 83 e3 08 0f 85 b1 00 00 00 0f 1f 44 00 00 e8 d3 17 54 fc 0f 00 2d 7c e8 ce 00 fb f4 e9 e3 00 00 00 49 83 c7 04 4c 89 f8 48 c1 e8 03 42 0f b6 04 30
[ 49.928129][ C0] RSP: 0018:ffffffff87007bd0 EFLAGS: 000002d3
[ 49.934034][ C0] RAX: ffffffff85216edd RBX: 0000000000000000 RCX: ffffffff8701d4c0
[ 49.941839][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 49.949651][ C0] RBP: ffffffff87007c10 R08: ffffffff85216ec9 R09: fffffbfff0e03a99
[ 49.957465][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001
[ 49.965279][ C0] R13: ffff88810a652804 R14: dffffc0000000000 R15: ffff8881097df064
[ 49.973088][ C0] ? acpi_idle_enter+0x3f9/0x760
[ 49.977860][ C0] ? acpi_idle_enter+0x40d/0x760
[ 49.982639][ C0] ? intel_idle_xstate+0xa0/0xa0
[ 49.987408][ C0] cpuidle_enter_state+0x5eb/0x17f0
[ 49.992459][ C0] ? cpuidle_enter_s2idle+0x600/0x600
[ 49.997652][ C0] ? menu_enable_device+0x380/0x380
[ 50.002682][ C0] ? __sched_text_start+0x8/0x8
[ 50.007371][ C0] cpuidle_enter+0x5f/0xa0
[ 50.011622][ C0] do_idle+0x3d1/0x580
[ 50.015531][ C0] ? idle_inject_timer_fn+0x60/0x60
[ 50.020567][ C0] ? radix_tree_lookup+0x23a/0x290
[ 50.025513][ C0] ? debug_smp_processor_id+0x17/0x20
[ 50.030739][ C0] cpu_startup_entry+0x44/0x60
[ 50.035317][ C0] rest_init+0x10b/0x130
[ 50.039395][ C0] ? time_init+0x38/0x38
[ 50.043476][ C0] arch_call_rest_init+0xe/0xe
[ 50.048076][ C0] start_kernel+0x46c/0x4d8
[ 50.052416][ C0] x86_64_start_reservations+0x2a/0x2c
[ 50.057711][ C0] x86_64_start_kernel+0x7c/0x81
[ 50.062487][ C0] secondary_startup_64_no_verify+0xce/0xdb
[ 50.068214][ C0]
[ 50.071087][ C0] Modules linked in:
[ 50.074811][ C0] ---[ end trace 0000000000000000 ]---
[ 50.080103][ C0] RIP: 0010:__queue_work+0x4f1/0xd70
[ 50.085223][ C0] Code: 39 03 0f 84 40 01 00 00 e8 0c 6c 2a 00 4c 89 e7 e8 d4 73 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 d0 da 71 00 49 8b 3e e8 88 6c d6
[ 50.104675][ C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046
[ 50.110566][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff8701d4c0
[ 50.118378][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 50.126191][ C0] RBP: ffffc90000007d00 R08: ffffffff814b185b R09: 0000000000000007
[ 50.134009][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff888111e089c8
[ 50.141812][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888111e089e0
[ 50.149626][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 50.158397][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 50.164819][ C0] CR2: 0000000020000008 CR3: 0000000124e96000 CR4: 00000000003506b0
[ 50.172628][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 50.180436][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 50.188248][ C0] Kernel panic - not syncing: Fatal exception in interrupt
[ 50.195572][ C0] Kernel Offset: disabled
[ 50.199700][ C0] Rebooting in 86400 seconds..