Warning: Permanently added '10.128.0.140' (ED25519) to the list of known hosts.
syzkaller login: [ 80.012446][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 80.021624][ T52] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 80.030437][ T52] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 80.039102][ T52] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 80.047958][ T52] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 80.055818][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
executing program
[ 80.146576][ T5066] kernel profiling enabled (shift: 7)
[ 80.183211][ C1] ==================================================================
[ 80.192880][ C1] BUG: KASAN: stack-out-of-bounds in profile_pc+0xd2/0x170
[ 80.200390][ C1] Read of size 8 at addr ffffc900001e76a0 by task kworker/1:0/24
[ 80.208408][ C1]
[ 80.210842][ C1] CPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0
[ 80.220667][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 80.230834][ C1] Workqueue: events free_ipc
[ 80.235603][ C1] Call Trace:
[ 80.238926][ C1]
[ 80.241784][ C1] dump_stack_lvl+0x241/0x360
[ 80.246674][ C1] ? __pfx_dump_stack_lvl+0x10/0x10
[ 80.251898][ C1] ? __pfx__printk+0x10/0x10
[ 80.256521][ C1] ? _printk+0xd5/0x120
[ 80.261108][ C1] print_report+0x169/0x550
[ 80.265857][ C1] ? __pfx_raise_softirq+0x10/0x10
[ 80.271276][ C1] ? rcu_read_lock_sched_held+0x8d/0x130
[ 80.277541][ C1] ? __virt_addr_valid+0xbd/0x520
[ 80.283105][ C1] ? profile_pc+0xd2/0x170
[ 80.287558][ C1] kasan_report+0x143/0x180
[ 80.292342][ C1] ? profile_pc+0xd2/0x170
[ 80.297140][ C1] ? _raw_spin_unlock_irqrestore+0xd8/0x140
[ 80.303365][ C1] profile_pc+0xd2/0x170
[ 80.307713][ C1] profile_tick+0xd7/0x150
[ 80.312153][ C1] tick_nohz_handler+0x3a8/0x540
[ 80.317291][ C1] ? __pfx_tick_nohz_handler+0x10/0x10
[ 80.323250][ C1] __hrtimer_run_queues+0x54b/0xd00
[ 80.328677][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 80.334513][ C1] ? ktime_get_update_offsets_now+0x411/0x430
[ 80.340878][ C1] hrtimer_interrupt+0x396/0x990
[ 80.346142][ C1] __sysvec_apic_timer_interrupt+0x107/0x3a0
[ 80.352369][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0
[ 80.358226][ C1]
[ 80.361180][ C1]
[ 80.364223][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 80.370555][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140
[ 80.377173][ C1] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 fe 9e 7e f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 c3 94 ee f5 65 8b 05 d4 79 8d 74 85 c0 74 43 48 c7 04 24 0e 36
[ 80.397504][ C1] RSP: 0018:ffffc900001e76a0 EFLAGS: 00000206
[ 80.403776][ C1] RAX: f84a17b1fab1c500 RBX: 1ffff9200003ced8 RCX: ffffffff81720b2a
[ 80.411942][ C1] RDX: dffffc0000000000 RSI: ffffffff8baac1e0 RDI: 0000000000000001
[ 80.419944][ C1] RBP: ffffc900001e7730 R08: ffffffff92cae517 R09: 1ffffffff2595ca2
[ 80.427918][ C1] R10: dffffc0000000000 R11: fffffbfff2595ca3 R12: dffffc0000000000
[ 80.435982][ C1] R13: 1ffff9200003ced4 R14: ffffc900001e76c0 R15: 0000000000000246
[ 80.444029][ C1] ? mark_lock+0x9a/0x350
[ 80.449465][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 80.456109][ C1] kthread_queue_work+0x110/0x180
[ 80.461267][ C1] synchronize_rcu_expedited+0x593/0x820
[ 80.468781][ C1] ? __pfx_synchronize_rcu_expedited+0x10/0x10
[ 80.476122][ C1] ? stack_trace_save+0x118/0x1d0
[ 80.481432][ C1] ? __pfx_stack_trace_save+0x10/0x10
[ 80.486826][ C1] ? __pfx_wait_rcu_exp_gp+0x10/0x10
[ 80.492119][ C1] ? process_scheduled_works+0x91b/0x1770
[ 80.498115][ C1] ? __pfx___might_resched+0x10/0x10
[ 80.503617][ C1] ? __lock_acquire+0x1346/0x1fd0
[ 80.508966][ C1] ? process_scheduled_works+0x91b/0x1770
[ 80.515249][ C1] synchronize_rcu+0x136/0x3e0
[ 80.520140][ C1] ? __pfx_synchronize_rcu+0x10/0x10
[ 80.525622][ C1] ? __pfx_lock_acquire+0x10/0x10
[ 80.530738][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 80.536816][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 80.543533][ C1] ? process_scheduled_works+0x91b/0x1770
[ 80.549533][ C1] free_ipc+0xb7/0x280
[ 80.553890][ C1] ? process_scheduled_works+0x91b/0x1770
[ 80.559703][ C1] process_scheduled_works+0xa00/0x1770
[ 80.565451][ C1] ? __pfx_process_scheduled_works+0x10/0x10
[ 80.571448][ C1] ? assign_work+0x364/0x3d0
[ 80.576043][ C1] worker_thread+0x86d/0xd70
[ 80.580761][ C1] ? __kthread_parkme+0x169/0x1d0
[ 80.585840][ C1] ? __pfx_worker_thread+0x10/0x10
[ 80.590966][ C1] kthread+0x2f0/0x390
[ 80.595072][ C1] ? __pfx_worker_thread+0x10/0x10
[ 80.600198][ C1] ? __pfx_kthread+0x10/0x10
[ 80.604975][ C1] ret_from_fork+0x4b/0x80
[ 80.609440][ C1] ? __pfx_kthread+0x10/0x10
[ 80.614059][ C1] ret_from_fork_asm+0x1a/0x30
[ 80.618879][ C1]
[ 80.621898][ C1]
[ 80.624225][ C1] The buggy address belongs to stack of task kworker/1:0/24
[ 80.631855][ C1] and is located at offset 0 in frame:
[ 80.637395][ C1] _raw_spin_unlock_irqrestore+0x0/0x140
[ 80.643063][ C1]
[ 80.645428][ C1] This frame has 1 object:
[ 80.649937][ C1] [32, 40) 'flags.i.i.i.i'
[ 80.649949][ C1]
[ 80.656948][ C1] The buggy address belongs to the virtual mapping at
[ 80.656948][ C1] [ffffc900001e0000, ffffc900001e9000) created by:
[ 80.656948][ C1] copy_process+0x5d1/0x3df0
[ 80.675894][ C1]
[ 80.678220][ C1] The buggy address belongs to the physical page:
[ 80.684824][ C1] page:ffffea00005da6c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1769b
[ 80.695364][ C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 80.702489][ C1] page_type: 0xffffffff()
[ 80.706822][ C1] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 80.715675][ C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 80.724357][ C1] page dumped because: kasan: bad access detected
[ 80.730966][ C1] page_owner tracks the page as allocated
[ 80.737050][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 2, tgid 2 (kthreadd), ts 4233659110, free_ts 0
[ 80.754700][ C1] post_alloc_hook+0x1ea/0x210
[ 80.759945][ C1] get_page_from_freelist+0x33ea/0x3580
[ 80.765734][ C1] __alloc_pages+0x256/0x680
[ 80.770379][ C1] __vmalloc_node_range+0x9c2/0x14a0
[ 80.775773][ C1] dup_task_struct+0x3e9/0x7d0
[ 80.780821][ C1] copy_process+0x5d1/0x3df0
[ 80.785601][ C1] kernel_clone+0x223/0x840
[ 80.790376][ C1] kernel_thread+0x1bc/0x240
[ 80.795157][ C1] kthreadd+0x60d/0x810
[ 80.799409][ C1] ret_from_fork+0x4b/0x80
[ 80.804013][ C1] ret_from_fork_asm+0x1a/0x30
[ 80.809144][ C1] page_owner free stack trace missing
[ 80.814773][ C1]
[ 80.817120][ C1] Memory state around the buggy address:
[ 80.822777][ C1] ffffc900001e7580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 80.830934][ C1] ffffc900001e7600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 80.839125][ C1] >ffffc900001e7680: 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3 00 00 00 00
[ 80.848423][ C1] ^
[ 80.853631][ C1] ffffc900001e7700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 80.862478][ C1] ffffc900001e7780: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 f2 f2 f2
[ 80.870567][ C1] ==================================================================
[ 80.879111][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 80.886402][ C1] CPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0
[ 80.896048][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 80.907180][ C1] Workqueue: events free_ipc
[ 80.912059][ C1] Call Trace:
[ 80.915482][ C1]
[ 80.918351][ C1] dump_stack_lvl+0x241/0x360
[ 80.923256][ C1] ? __pfx_dump_stack_lvl+0x10/0x10
[ 80.928761][ C1] ? __pfx__printk+0x10/0x10
[ 80.933568][ C1] ? rcu_is_watching+0x15/0xb0
[ 80.938667][ C1] ? vscnprintf+0x5d/0x90
[ 80.943589][ C1] panic+0x349/0x860
[ 80.948324][ C1] ? __pfx_lock_release+0x10/0x10
[ 80.953384][ C1] ? check_panic_on_warn+0x21/0xb0
[ 80.958891][ C1] ? __pfx_panic+0x10/0x10
[ 80.963487][ C1] ? do_raw_spin_unlock+0x13c/0x8b0
[ 80.968943][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 80.975165][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 80.981832][ C1] check_panic_on_warn+0x86/0xb0
[ 80.987156][ C1] ? profile_pc+0xd2/0x170
[ 80.991644][ C1] end_report+0x6e/0x140
[ 80.996207][ C1] kasan_report+0x154/0x180
[ 81.000909][ C1] ? profile_pc+0xd2/0x170
[ 81.005436][ C1] ? _raw_spin_unlock_irqrestore+0xd8/0x140
[ 81.011446][ C1] profile_pc+0xd2/0x170
[ 81.015709][ C1] profile_tick+0xd7/0x150
[ 81.020139][ C1] tick_nohz_handler+0x3a8/0x540
[ 81.025088][ C1] ? __pfx_tick_nohz_handler+0x10/0x10
[ 81.030563][ C1] __hrtimer_run_queues+0x54b/0xd00
[ 81.035781][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10
[ 81.041726][ C1] ? ktime_get_update_offsets_now+0x411/0x430
[ 81.048092][ C1] hrtimer_interrupt+0x396/0x990
[ 81.053321][ C1] __sysvec_apic_timer_interrupt+0x107/0x3a0
[ 81.059751][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0
[ 81.065873][ C1]
[ 81.069027][ C1]
[ 81.072156][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 81.078195][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140
[ 81.085969][ C1] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 fe 9e 7e f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 c3 94 ee f5 65 8b 05 d4 79 8d 74 85 c0 74 43 48 c7 04 24 0e 36
[ 81.106226][ C1] RSP: 0018:ffffc900001e76a0 EFLAGS: 00000206
[ 81.112933][ C1] RAX: f84a17b1fab1c500 RBX: 1ffff9200003ced8 RCX: ffffffff81720b2a
[ 81.121262][ C1] RDX: dffffc0000000000 RSI: ffffffff8baac1e0 RDI: 0000000000000001
[ 81.129461][ C1] RBP: ffffc900001e7730 R08: ffffffff92cae517 R09: 1ffffffff2595ca2
[ 81.137822][ C1] R10: dffffc0000000000 R11: fffffbfff2595ca3 R12: dffffc0000000000
[ 81.145825][ C1] R13: 1ffff9200003ced4 R14: ffffc900001e76c0 R15: 0000000000000246
[ 81.153814][ C1] ? mark_lock+0x9a/0x350
[ 81.158515][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 81.164864][ C1] kthread_queue_work+0x110/0x180
[ 81.169902][ C1] synchronize_rcu_expedited+0x593/0x820
[ 81.175550][ C1] ? __pfx_synchronize_rcu_expedited+0x10/0x10
[ 81.181742][ C1] ? stack_trace_save+0x118/0x1d0
[ 81.186833][ C1] ? __pfx_stack_trace_save+0x10/0x10
[ 81.192770][ C1] ? __pfx_wait_rcu_exp_gp+0x10/0x10
[ 81.198203][ C1] ? process_scheduled_works+0x91b/0x1770
[ 81.204193][ C1] ? __pfx___might_resched+0x10/0x10
[ 81.209869][ C1] ? __lock_acquire+0x1346/0x1fd0
[ 81.215218][ C1] ? process_scheduled_works+0x91b/0x1770
[ 81.221200][ C1] synchronize_rcu+0x136/0x3e0
[ 81.226085][ C1] ? __pfx_synchronize_rcu+0x10/0x10
[ 81.231394][ C1] ? __pfx_lock_acquire+0x10/0x10
[ 81.236603][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 81.242681][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 81.249027][ C1] ? process_scheduled_works+0x91b/0x1770
[ 81.254771][ C1] free_ipc+0xb7/0x280
[ 81.258916][ C1] ? process_scheduled_works+0x91b/0x1770
[ 81.264775][ C1] process_scheduled_works+0xa00/0x1770
[ 81.270381][ C1] ? __pfx_process_scheduled_works+0x10/0x10
[ 81.276398][ C1] ? assign_work+0x364/0x3d0
[ 81.281045][ C1] worker_thread+0x86d/0xd70
[ 81.286072][ C1] ? __kthread_parkme+0x169/0x1d0
[ 81.291676][ C1] ? __pfx_worker_thread+0x10/0x10
[ 81.296896][ C1] kthread+0x2f0/0x390
[ 81.301094][ C1] ? __pfx_worker_thread+0x10/0x10
[ 81.306222][ C1] ? __pfx_kthread+0x10/0x10
[ 81.311078][ C1] ret_from_fork+0x4b/0x80
[ 81.315517][ C1] ? __pfx_kthread+0x10/0x10
[ 81.320117][ C1] ret_from_fork_asm+0x1a/0x30
[ 81.325250][ C1]
[ 81.328698][ C1] Kernel Offset: disabled
[ 81.333042][ C1] Rebooting in 86400 seconds..