[ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.75' (ECDSA) to the list of known hosts. syzkaller login: [ 72.594054][ T6545] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 72.602281][ T6545] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 72.611485][ T6545] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 72.619773][ T6545] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 72.627794][ T6545] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 72.635257][ T6545] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 executing program [ 72.766521][ T6545] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 72.778263][ T6545] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 72.786658][ T6545] CPU: 0 PID: 6545 Comm: kworker/u5:1 Not tainted 5.16.0-rc4-next-20211208-syzkaller #0 [ 72.796362][ T6545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.806500][ T6545] Workqueue: hci0 hci_rx_work [ 72.811172][ T6545] RIP: 0010:hci_inquiry_result_with_rssi_evt+0xbc/0x970 [ 72.818117][ T6545] Code: 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 88 07 00 00 48 8b 04 24 4c 8b 28 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <0f> b6 04 02 4c 89 ea 83 e2 07 38 d0 7f 08 84 c0 0f 85 1b 07 00 00 [ 72.837714][ T6545] RSP: 0018:ffffc90001aafad0 EFLAGS: 00010246 [ 72.843768][ T6545] RAX: dffffc0000000000 RBX: ffff88807e754000 RCX: 0000000000000000 [ 72.851729][ T6545] RDX: 0000000000000000 RSI: ffffffff883588a8 RDI: ffff88807e754000 [ 72.859692][ T6545] RBP: ffff88807e754000 R08: 0000000000000000 R09: 0000000000000000 [ 72.867737][ T6545] R10: ffffffff88376f27 R11: 0000000000000000 R12: ffff88807015eb40 [ 72.875695][ T6545] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 72.883655][ T6545] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 72.892577][ T6545] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.899154][ T6545] CR2: 00007ffd653f7000 CR3: 0000000071f88000 CR4: 00000000003506f0 [ 72.907116][ T6545] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.915076][ T6545] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.923040][ T6545] Call Trace: [ 72.926310][ T6545] [ 72.929232][ T6545] ? lock_chain_count+0x20/0x20 [ 72.934088][ T6545] ? hci_cc_le_set_scan_enable+0x1a0/0x1a0 [ 72.939912][ T6545] ? find_held_lock+0x2d/0x110 [ 72.944685][ T6545] hci_event_packet+0x817/0xe90 [ 72.949537][ T6545] ? hci_cc_le_set_scan_enable+0x1a0/0x1a0 [ 72.955357][ T6545] ? hci_le_conn_complete_evt+0x320/0x320 [ 72.961079][ T6545] ? mark_held_locks+0x9f/0xe0 [ 72.965851][ T6545] ? _raw_spin_unlock_irqrestore+0x50/0x70 [ 72.971662][ T6545] ? lockdep_hardirqs_on+0x79/0x100 [ 72.976862][ T6545] hci_rx_work+0x4fa/0xd30 [ 72.981284][ T6545] process_one_work+0x9b2/0x1690 [ 72.986233][ T6545] ? pwq_dec_nr_in_flight+0x2a0/0x2a0 [ 72.991618][ T6545] ? rwlock_bug.part.0+0x90/0x90 [ 72.996740][ T6545] ? _raw_spin_lock_irq+0x41/0x50 [ 73.001767][ T6545] worker_thread+0x658/0x11f0 [ 73.006441][ T6545] ? process_one_work+0x1690/0x1690 [ 73.011633][ T6545] kthread+0x405/0x4f0 [ 73.015705][ T6545] ? set_kthread_struct+0x130/0x130 [ 73.020904][ T6545] ret_from_fork+0x1f/0x30 [ 73.025325][ T6545] [ 73.028332][ T6545] Modules linked in: [ 73.033407][ T6545] ---[ end trace 403a15c54e29c5c4 ]--- [ 73.038882][ T6545] RIP: 0010:hci_inquiry_result_with_rssi_evt+0xbc/0x970 [ 73.046673][ T6545] Code: 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 88 07 00 00 48 8b 04 24 4c 8b 28 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <0f> b6 04 02 4c 89 ea 83 e2 07 38 d0 7f 08 84 c0 0f 85 1b 07 00 00 [ 73.066637][ T6545] RSP: 0018:ffffc90001aafad0 EFLAGS: 00010246 [ 73.073088][ T6545] RAX: dffffc0000000000 RBX: ffff88807e754000 RCX: 0000000000000000 [ 73.081102][ T6545] RDX: 0000000000000000 RSI: ffffffff883588a8 RDI: ffff88807e754000 [ 73.089651][ T6545] RBP: ffff88807e754000 R08: 0000000000000000 R09: 0000000000000000 [ 73.097973][ T6545] R10: ffffffff88376f27 R11: 0000000000000000 R12: ffff88807015eb40 [ 73.106178][ T6545] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 73.114454][ T6545] FS: 0000000000000000(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 [ 73.123541][ T6545] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.130141][ T6545] CR2: 00007f2bb803f018 CR3: 000000001d893000 CR4: 00000000003506f0 [ 73.138610][ T6545] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 73.146686][ T6545] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 73.154858][ T6545] Kernel panic - not syncing: Fatal exception [ 73.161200][ T6545] Kernel Offset: disabled [ 73.165513][ T6545] Rebooting in 86400 seconds..