Warning: Permanently added '10.128.1.64' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
[ 22.791251][ T28] audit: type=1400 audit(1733070233.988:66): avc: denied { execmem } for pid=287 comm="syz-executor260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 22.818729][ T28] audit: type=1400 audit(1733070233.988:67): avc: denied { create } for pid=295 comm="syz-executor260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 22.840051][ T43] Bluetooth: hci1: Frame reassembly failed (-84)
[ 22.843095][ T28] audit: type=1400 audit(1733070233.988:68): avc: denied { ioctl } for pid=295 comm="syz-executor260" path="socket:[15387]" dev="sockfs" ino=15387 ioctlcmd=0x48e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 22.850339][ T43] Bluetooth: hci2: Frame reassembly failed (-84)
[ 22.877062][ T8] Bluetooth: hci3: Frame reassembly failed (-84)
[ 22.884171][ T43] Bluetooth: hci4: Frame reassembly failed (-84)
[ 24.813955][ T295] Bluetooth: hci0: Opcode 0x080f failed: -110
[ 24.813955][ T296] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 24.893991][ T302] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 24.894038][ T306] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 24.900114][ T302] Bluetooth: hci4: command 0x1003 tx timeout
[ 24.906449][ T297] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 24.912549][ T296] Bluetooth: hci2: command 0x1003 tx timeout
[ 26.894023][ T302] Bluetooth: hci0: command 0x080f tx timeout
[ 26.894045][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 26.900646][ T302] Bluetooth: hci0: sending frame failed (-49)
executing program
executing program
executing program
executing program
executing program
[ 27.803994][ T294] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 27.810389][ T298] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 27.817296][ T299] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 27.824108][ T300] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 27.838814][ T43] Bluetooth: hci0: Frame reassembly failed (-84)
[ 27.880349][ T43] Bluetooth: hci1: Frame reassembly failed (-84)
[ 27.887742][ T8] Bluetooth: hci2: Frame reassembly failed (-84)
[ 27.888267][ T310] Bluetooth: hci4: Frame reassembly failed (-84)
[ 27.894486][ T8] Bluetooth: hci3: Frame reassembly failed (-84)
[ 29.853992][ T307] Bluetooth: hci0: command 0x1003 tx timeout
[ 29.853997][ T302] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 29.866172][ T318] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 29.872236][ T323] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
[ 29.933942][ T297] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 29.933971][ T306] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 29.939985][ T297] Bluetooth: hci1: command 0x1003 tx timeout
[ 29.945884][ T296] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 29.951678][ T297] Bluetooth: hci3: command 0x1003 tx timeout
[ 29.957574][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 29.963394][ T297] Bluetooth: hci4: command 0x1003 tx timeout
executing program
executing program
[ 31.933977][ T306] Bluetooth: hci0: command 0x080f tx timeout
[ 31.933980][ T321] Bluetooth: hci0: Opcode 0x080f failed: -110
[ 31.945927][ T322] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 31.952659][ T324] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 31.967623][ T310] Bluetooth: hci0: Frame reassembly failed (-84)
[ 31.974346][ T310] Bluetooth: hci0: Frame reassembly failed (-84)
executing program
[ 31.993077][ T8] Bluetooth: hci2: Frame reassembly failed (-84)
[ 31.999753][ T8] Bluetooth: hci2: Frame reassembly failed (-84)
[ 32.013991][ T45] Bluetooth: hci1: command 0x1003 tx timeout
[ 32.014052][ T296] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 32.032431][ T43] Bluetooth: hci1: Frame reassembly failed (-84)
executing program
executing program
[ 32.038927][ T43] Bluetooth: hci1: Frame reassembly failed (-84)
[ 32.048327][ T43] Bluetooth: hci3: Frame reassembly failed (-84)
[ 32.056978][ T43] Bluetooth: hci4: Frame reassembly failed (-84)
[ 34.014017][ T302] Bluetooth: hci2: command 0x1003 tx timeout
[ 34.024008][ T297] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 34.024405][ T309] Bluetooth: hci0: command 0x1003 tx timeout
[ 34.030070][ T306] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 34.042773][ T330] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 34.050759][ T332] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 34.058303][ T333] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 34.065731][ T334] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 34.072386][ T335] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 34.094002][ T306] Bluetooth: hci4: command 0x1003 tx timeout
[ 34.094003][ T296] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 34.094062][ T296] Bluetooth: hci3: command 0x1003 tx timeout
executing program
executing program
executing program
executing program
[ 34.100697][ T307] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 34.107511][ T45] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 34.128127][ T43] Bluetooth: hci1: Frame reassembly failed (-84)
[ 34.131093][ T310] Bluetooth: hci0: Frame reassembly failed (-84)
[ 34.154622][ T8] Bluetooth: hci3: Frame reassembly failed (-84)
executing program
[ 34.157570][ T310] Bluetooth: hci2: Frame reassembly failed (-84)
[ 34.194525][ T8] Bluetooth: hci4: Frame reassembly failed (-84)
[ 34.200900][ T8] Bluetooth: hci4: Frame reassembly failed (-84)
[ 36.173992][ T297] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 36.173997][ T309] Bluetooth: hci3: command 0x1003 tx timeout
[ 36.174035][ T309] Bluetooth: hci0: command 0x1003 tx timeout
[ 36.180090][ T297] Bluetooth: hci1: command 0x1003 tx timeout
[ 36.186016][ T296] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 36.191942][ T307] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 36.197792][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 36.204100][ T338] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
[ 36.222200][ T339] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 36.228599][ T340] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 36.234978][ T341] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 36.241311][ T342] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 36.253952][ T306] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 36.253967][ T297] Bluetooth: hci4: command 0x1003 tx timeout
executing program
executing program
executing program
executing program
[ 36.277305][ T8] Bluetooth: hci0: Frame reassembly failed (-84)
[ 36.299636][ T8] Bluetooth: hci1: Frame reassembly failed (-84)
[ 36.303803][ T43] Bluetooth: hci2: Frame reassembly failed (-84)
[ 36.306039][ T8] Bluetooth: hci3: Frame reassembly failed (-84)
[ 36.317725][ T310] Bluetooth: hci4: Frame reassembly failed (-84)
[ 36.324722][ T310] Bluetooth: hci4: Frame reassembly failed (-84)
[ 38.333990][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 38.334006][ T307] Bluetooth: hci4: command 0x1003 tx timeout
[ 38.334028][ T307] Bluetooth: hci1: command 0x1003 tx timeout
[ 38.334045][ T307] Bluetooth: hci0: command 0x1003 tx timeout
[ 38.339952][ T309] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 38.346481][ T296] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 38.352245][ T302] Bluetooth: hci3: command 0x1003 tx timeout
[ 38.358076][ T297] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 38.364607][ T302] Bluetooth: hci2: command 0x1003 tx timeout
[ 38.370031][ T306] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 38.394691][ T345] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 38.400834][ T346] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
[ 38.453464][ T310] Bluetooth: hci1: Frame reassembly failed (-84)
executing program
[ 40.413967][ T348] Bluetooth: hci0: Opcode 0x080f failed: -110
[ 40.413975][ T297] Bluetooth: hci0: command 0x080f tx timeout
[ 40.427162][ T347] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 40.433444][ T349] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 40.446095][ T310] Bluetooth: hci0: Frame reassembly failed (-84)
executing program
executing program
executing program
executing program
[ 40.493978][ T296] Bluetooth: hci1: command 0x1003 tx timeout
[ 40.493994][ T306] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 40.507964][ T310] Bluetooth: hci1: Frame reassembly failed (-84)
[ 40.514404][ T8] Bluetooth: hci2: Frame reassembly failed (-84)
[ 40.520970][ T43] Bluetooth: hci3: Frame reassembly failed (-84)
[ 40.524536][ T8] Bluetooth: hci4: Frame reassembly failed (-84)
[ 42.493956][ T297] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 42.573979][ T296] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 42.573979][ T307] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 42.574035][ T296] Bluetooth: hci3: command 0x1003 tx timeout
[ 42.580299][ T307] Bluetooth: hci1: command 0x1003 tx timeout
[ 42.586399][ T352] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 42.592683][ T306] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 44.573964][ T356] Bluetooth: hci0: Opcode 0x080f failed: -110
executing program
executing program
[ 45.506014][ T357] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 45.516154][ T358] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 45.526247][ T360] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 45.532283][ T359] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 45.542332][ T8] Bluetooth: hci0: Frame reassembly failed (-84)
executing program
executing program
[ 45.554921][ T8] Bluetooth: hci1: Frame reassembly failed (-84)
executing program
[ 45.598834][ T8] Bluetooth: hci3: Frame reassembly failed (-84)
[ 45.603098][ T43] Bluetooth: hci2: Frame reassembly failed (-84)
[ 45.605164][ T8] Bluetooth: hci4: Frame reassembly failed (-84)
[ 47.613918][ T302] Bluetooth: hci3: command 0x1003 tx timeout
[ 47.613909][ T352] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 47.613956][ T307] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 47.619768][ T352] Bluetooth: hci4: command 0x1003 tx timeout
[ 47.625688][ T307] Bluetooth: hci2: command 0x1003 tx timeout
[ 47.631534][ T297] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 47.637376][ T307] Bluetooth: hci0: command 0x1003 tx timeout
[ 47.643266][ T296] Bluetooth: hci2: Opcode 0x1003 failed: -110
executing program
[ 47.649284][ T306] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 47.667393][ T368] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 47.673593][ T370] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 47.680073][ T373] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 47.686023][ T372] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 47.692260][ T374] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
executing program
executing program
executing program
[ 47.737167][ T43] Bluetooth: hci0: Frame reassembly failed (-84)
[ 47.760213][ T43] Bluetooth: hci2: Frame reassembly failed (-84)
[ 47.766757][ T310] Bluetooth: hci1: Frame reassembly failed (-84)
[ 47.766756][ T8] Bluetooth: hci3: Frame reassembly failed (-84)
[ 47.766814][ T310] Bluetooth: hci4: Frame reassembly failed (-84)
[ 47.785840][ T310] Bluetooth: hci4: Frame reassembly failed (-84)
[ 49.774016][ T309] Bluetooth: hci4: command 0x1003 tx timeout
[ 49.774021][ T352] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 49.774085][ T306] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 49.787155][ T307] Bluetooth: hci3: command 0x1003 tx timeout
[ 49.787185][ T307] Bluetooth: hci2: command 0x1003 tx timeout
[ 49.792976][ T302] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 49.793027][ T302] Bluetooth: hci0: command 0x1003 tx timeout
executing program
[ 49.799958][ T296] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 49.805255][ T297] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 49.812054][ T377] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 49.837532][ T380] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 49.843564][ T381] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 49.849827][ T378] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 49.856871][ T379] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
executing program
executing program
executing program
[ 49.899043][ T310] Bluetooth: hci0: Frame reassembly failed (-84)
[ 49.921017][ T310] Bluetooth: hci1: Frame reassembly failed (-84)
[ 49.928263][ T310] Bluetooth: hci3: Frame reassembly failed (-84)
[ 49.928889][ T43] Bluetooth: hci4: Frame reassembly failed (-84)
[ 49.934685][ T10] Bluetooth: hci2: Frame reassembly failed (-84)
[ 51.933993][ T296] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 51.934006][ T309] Bluetooth: hci2: command 0x1003 tx timeout
[ 51.934030][ T309] Bluetooth: hci4: command 0x1003 tx timeout
[ 51.939948][ T302] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 51.945748][ T297] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 51.951733][ T302] Bluetooth: hci3: command 0x1003 tx timeout
[ 51.958197][ T307] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 51.964569][ T302] Bluetooth: hci1: command 0x1003 tx timeout
[ 51.970166][ T306] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 54.013959][ T384] Bluetooth: hci0: Opcode 0x080f failed: -110
executing program
executing program
[ 54.921909][ T385] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 54.929105][ T388] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 54.935446][ T386] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 54.941523][ T387] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 54.953528][ T310] Bluetooth: hci0: Frame reassembly failed (-84)
executing program
executing program
executing program
[ 54.977039][ T10] Bluetooth: hci1: Frame reassembly failed (-84)
[ 54.984141][ T10] Bluetooth: hci1: Frame reassembly failed (-84)
[ 54.992212][ T43] Bluetooth: hci2: Frame reassembly failed (-84)
[ 54.996285][ T10] Bluetooth: hci3: Frame reassembly failed (-84)
[ 54.998569][ T310] Bluetooth: hci4: Frame reassembly failed (-84)
[ 56.973978][ T302] Bluetooth: hci0: command 0x1003 tx timeout
[ 56.974012][ T306] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 56.986823][ T396] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 56.993238][ T399] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
[ 57.054051][ T309] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 57.054051][ T352] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 57.054144][ T352] Bluetooth: hci4: command 0x1003 tx timeout
[ 57.060382][ T306] Bluetooth: hci2: command 0x1003 tx timeout
[ 57.066373][ T297] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 57.066412][ T307] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 57.072249][ T306] Bluetooth: hci1: command 0x1003 tx timeout
[ 57.101714][ T310] Bluetooth: hci1: Frame reassembly failed (-84)
executing program
executing program
[ 59.054049][ T309] Bluetooth: hci0: command 0x080f tx timeout
[ 59.054042][ T402] Bluetooth: hci0: Opcode 0x080f failed: -110
[ 59.066226][ T400] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 59.072071][ T401] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 59.090267][ T310] Bluetooth: hci0: Frame reassembly failed (-84)
executing program
executing program
executing program
[ 59.110585][ T43] Bluetooth: hci2: Frame reassembly failed (-84)
[ 59.116949][ T43] Bluetooth: hci2: Frame reassembly failed (-84)
[ 59.133912][ T296] Bluetooth: hci1: command 0x1003 tx timeout
[ 59.140048][ T307] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 59.144483][ T43] Bluetooth: hci3: Frame reassembly failed (-84)
[ 59.146956][ T10] Bluetooth: hci4: Frame reassembly failed (-84)
[ 59.159725][ T43] Bluetooth: hci1: Frame reassembly failed (-84)
[ 61.133963][ T302] Bluetooth: hci2: command 0x1003 tx timeout
[ 61.133959][ T306] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 61.133991][ T302] Bluetooth: hci0: command 0x1003 tx timeout
[ 61.139910][ T309] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 61.157852][ T409] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 61.164142][ T410] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 61.171082][ T411] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 61.177711][ T412] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
[ 61.183762][ T413] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 61.197494][ T309] ==================================================================
[ 61.207001][ T309] BUG: KASAN: use-after-free in enqueue_timer+0xa6/0x480
[ 61.214401][ T309] Write of size 8 at addr ffff8881126cca00 by task kworker/u5:7/309
[ 61.224657][ T309]
[ 61.228060][ T309] CPU: 0 PID: 309 Comm: kworker/u5:7 Not tainted 6.1.115-syzkaller-00041-ga887a44ace2a #0
[ 61.240674][ T309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 61.251432][ T309] Workqueue: hci0 hci_power_on
[ 61.256578][ T309] Call Trace:
[ 61.259885][ T309]
[ 61.262657][ T309] dump_stack_lvl+0x151/0x1b7
[ 61.268500][ T309] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 61.275548][ T309] ? _printk+0xd1/0x111
[ 61.279815][ T309] ? __virt_addr_valid+0x242/0x2f0
[ 61.285637][ T309] print_report+0x158/0x4e0
[ 61.290770][ T309] ? __virt_addr_valid+0x242/0x2f0
[ 61.296105][ T309] ? kasan_complete_mode_report_info+0x90/0x1b0
[ 61.302635][ T309] ? enqueue_timer+0xa6/0x480
[ 61.307598][ T309] kasan_report+0x13c/0x170
[ 61.312041][ T309] ? enqueue_timer+0xa6/0x480
[ 61.316707][ T309] __asan_report_store8_noabort+0x17/0x20
[ 61.322255][ T309] enqueue_timer+0xa6/0x480
[ 61.326949][ T309] __mod_timer+0x8d3/0xcf0
[ 61.331201][ T309] ? mod_timer_pending+0x30/0x30
[ 61.336059][ T309] ? insert_work+0x283/0x310
[ 61.340482][ T309] ? __kasan_check_write+0x14/0x20
[ 61.345619][ T309] ? _raw_spin_lock_irqsave+0xf9/0x210
[ 61.351020][ T309] schedule_timeout+0x187/0x380
[ 61.355834][ T309] ? console_conditional_schedule+0x10/0x10
[ 61.361543][ T309] ? queue_work_on+0x135/0x170
[ 61.366143][ T309] ? update_process_times+0x1b0/0x1b0
[ 61.371693][ T309] ? prepare_to_wait_event+0x3e6/0x420
[ 61.376981][ T309] __hci_cmd_sync_sk+0x2ad/0xf70
[ 61.381787][ T309] ? eir_get_service_data+0x2e0/0x2e0
[ 61.387041][ T309] ? wake_bit_function+0x230/0x230
[ 61.392289][ T309] ? __kasan_check_read+0x11/0x20
[ 61.397301][ T309] hci_dev_open_sync+0x1314/0x30a0
[ 61.402240][ T309] ? hci_reset_sync+0x100/0x100
[ 61.406954][ T309] ? __switch_to+0x62c/0x1190
[ 61.411444][ T309] ? __kasan_check_write+0x14/0x20
[ 61.416460][ T309] ? mutex_lock+0xb1/0x1e0
[ 61.420805][ T309] ? bit_wait_io_timeout+0x120/0x120
[ 61.425930][ T309] ? kthread_data+0x53/0xc0
[ 61.430286][ T309] hci_power_on+0x1a7/0x5e0
[ 61.434606][ T309] ? hci_tx_work+0x3790/0x3790
[ 61.439464][ T309] ? __schedule+0xcbd/0x1560
[ 61.443894][ T309] process_one_work+0x73d/0xcb0
[ 61.448586][ T309] worker_thread+0xa60/0x1260
[ 61.453279][ T309] kthread+0x26d/0x300
[ 61.457257][ T309] ? worker_clr_flags+0x1a0/0x1a0
[ 61.462235][ T309] ? kthread_blkcg+0xd0/0xd0
[ 61.466658][ T309] ret_from_fork+0x1f/0x30
[ 61.470902][ T309]
[ 61.473765][ T309]
[ 61.476071][ T309] Allocated by task 409:
[ 61.480123][ T309] kasan_set_track+0x4b/0x70
[ 61.484586][ T309] kasan_save_alloc_info+0x1f/0x30
[ 61.489502][ T309] __kasan_kmalloc+0x9c/0xb0
[ 61.494020][ T309] __kmalloc+0xb4/0x1e0
[ 61.498212][ T309] hci_alloc_dev_priv+0x27/0x1c00
[ 61.503470][ T309] hci_uart_tty_ioctl+0x401/0xa70
[ 61.508543][ T309] tty_ioctl+0x903/0xc50
[ 61.512811][ T309] __se_sys_ioctl+0x114/0x190
[ 61.517319][ T309] __x64_sys_ioctl+0x7b/0x90
[ 61.521796][ T309] x64_sys_call+0x98/0x9a0
[ 61.525989][ T309] do_syscall_64+0x3b/0xb0
[ 61.530377][ T309] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 61.536093][ T309]
[ 61.538262][ T309] Freed by task 413:
[ 61.541991][ T309] kasan_set_track+0x4b/0x70
[ 61.546451][ T309] kasan_save_free_info+0x2b/0x40
[ 61.551378][ T309] ____kasan_slab_free+0x131/0x180
[ 61.556330][ T309] __kasan_slab_free+0x11/0x20
[ 61.560927][ T309] __kmem_cache_free+0x21d/0x410
[ 61.565824][ T309] kfree+0x7a/0xf0
[ 61.569372][ T309] hci_release_dev+0x14d3/0x1640
[ 61.574158][ T309] bt_host_release+0x83/0xa0
[ 61.579068][ T309] device_release+0x95/0x1c0
[ 61.583664][ T309] kobject_put+0x178/0x260
[ 61.588133][ T309] put_device+0x1f/0x30
[ 61.592120][ T309] hci_dev_cmd+0x2be/0x9b0
[ 61.596380][ T309] hci_sock_ioctl+0x415/0x7f0
[ 61.600893][ T309] sock_do_ioctl+0x152/0x450
[ 61.605423][ T309] sock_ioctl+0x455/0x740
[ 61.609611][ T309] __se_sys_ioctl+0x114/0x190
[ 61.614289][ T309] __x64_sys_ioctl+0x7b/0x90
[ 61.619387][ T309] x64_sys_call+0x98/0x9a0
[ 61.624028][ T309] do_syscall_64+0x3b/0xb0
[ 61.628630][ T309] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 61.634522][ T309]
[ 61.636779][ T309] Last potentially related work creation:
[ 61.642903][ T309] kasan_save_stack+0x3b/0x60
[ 61.647487][ T309] __kasan_record_aux_stack+0xb4/0xc0
[ 61.653358][ T309] kasan_record_aux_stack_noalloc+0xb/0x10
[ 61.660803][ T309] insert_work+0x56/0x310
[ 61.666539][ T309] __queue_work+0x9b6/0xd70
[ 61.672168][ T309] queue_work_on+0x105/0x170
[ 61.678633][ T309] __hci_cmd_sync_sk+0xc2a/0xf70
[ 61.684736][ T309] hci_cmd_sync_status+0x52/0x130
[ 61.691202][ T309] hci_dev_cmd+0x771/0x9b0
[ 61.696803][ T309] hci_sock_ioctl+0x415/0x7f0
[ 61.702183][ T309] sock_do_ioctl+0x152/0x450
[ 61.707086][ T309] sock_ioctl+0x455/0x740
[ 61.712348][ T309] __se_sys_ioctl+0x114/0x190
[ 61.717198][ T309] __x64_sys_ioctl+0x7b/0x90
[ 61.723190][ T309] x64_sys_call+0x98/0x9a0
[ 61.728624][ T309] do_syscall_64+0x3b/0xb0
[ 61.733102][ T309] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 61.739234][ T309]
[ 61.741385][ T309] Second to last potentially related work creation:
[ 61.747859][ T309] kasan_save_stack+0x3b/0x60
[ 61.752414][ T309] __kasan_record_aux_stack+0xb4/0xc0
[ 61.757640][ T309] kasan_record_aux_stack_noalloc+0xb/0x10
[ 61.763274][ T309] insert_work+0x56/0x310
[ 61.767583][ T309] __queue_work+0x9b6/0xd70
[ 61.772225][ T309] queue_work_on+0x105/0x170
[ 61.776640][ T309] __hci_cmd_sync_sk+0xc2a/0xf70
[ 61.781426][ T309] hci_cmd_sync_status+0x52/0x130
[ 61.786362][ T309] hci_dev_cmd+0x771/0x9b0
[ 61.790862][ T309] hci_sock_ioctl+0x415/0x7f0
[ 61.796741][ T309] sock_do_ioctl+0x152/0x450
[ 61.801256][ T309] sock_ioctl+0x455/0x740
[ 61.805653][ T309] __se_sys_ioctl+0x114/0x190
[ 61.810744][ T309] __x64_sys_ioctl+0x7b/0x90
[ 61.815719][ T309] x64_sys_call+0x98/0x9a0
[ 61.820150][ T309] do_syscall_64+0x3b/0xb0
[ 61.824821][ T309] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 61.831191][ T309]
[ 61.833634][ T309] The buggy address belongs to the object at ffff8881126cc000
[ 61.833634][ T309] which belongs to the cache kmalloc-8k of size 8192
[ 61.849887][ T309] The buggy address is located 2560 bytes inside of
[ 61.849887][ T309] 8192-byte region [ffff8881126cc000, ffff8881126ce000)
[ 61.866550][ T309]
[ 61.868892][ T309] The buggy address belongs to the physical page:
[ 61.877068][ T309] page:ffffea000449b200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1126c8
[ 61.887216][ T309] head:ffffea000449b200 order:3 compound_mapcount:0 compound_pincount:0
[ 61.896020][ T309] flags: 0x4000000000010200(slab|head|zone=1)
[ 61.902130][ T309] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043500
[ 61.911140][ T309] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[ 61.919921][ T309] page dumped because: kasan: bad access detected
[ 61.926520][ T309] page_owner tracks the page as allocated
[ 61.932066][ T309] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 401, tgid 401 (syz-executor260), ts 54993636184, free_ts 54958123070
[ 61.953676][ T309] post_alloc_hook+0x213/0x220
[ 61.958402][ T309] prep_new_page+0x1b/0x110
[ 61.963021][ T309] get_page_from_freelist+0x2980/0x2a10
[ 61.969381][ T309] __alloc_pages+0x234/0x610
[ 61.974153][ T309] alloc_slab_page+0x6c/0xf0
[ 61.978653][ T309] new_slab+0x90/0x3e0
[ 61.982980][ T309] ___slab_alloc+0x6f9/0xb80
[ 61.987680][ T309] __slab_alloc+0x5d/0xa0
[ 61.991991][ T309] __kmem_cache_alloc_node+0x207/0x2a0
[ 61.997443][ T309] __kmalloc+0xa3/0x1e0
[ 62.001850][ T309] hci_alloc_dev_priv+0x27/0x1c00
[ 62.007134][ T309] hci_uart_tty_ioctl+0x401/0xa70
[ 62.012516][ T309] tty_ioctl+0x903/0xc50
[ 62.017065][ T309] __se_sys_ioctl+0x114/0x190
[ 62.022269][ T309] __x64_sys_ioctl+0x7b/0x90
[ 62.027942][ T309] x64_sys_call+0x98/0x9a0
[ 62.033901][ T309] page last free stack trace:
[ 62.039529][ T309] free_unref_page_prepare+0x83d/0x850
[ 62.045126][ T309] free_unref_page+0xb2/0x5c0
[ 62.049822][ T309] __free_pages+0x61/0xf0
[ 62.054132][ T309] __free_slab+0xce/0x1a0
[ 62.058372][ T309] __unfreeze_partials+0x165/0x1a0
[ 62.063842][ T309] put_cpu_partial+0xa9/0x100
[ 62.068551][ T309] __slab_free+0x1c8/0x280
[ 62.073038][ T309] ___cache_free+0xc6/0xd0
[ 62.077663][ T309] qlist_free_all+0xc5/0x140
[ 62.082166][ T309] kasan_quarantine_reduce+0x15a/0x180
[ 62.088411][ T309] __kasan_slab_alloc+0x24/0x80
[ 62.093843][ T309] slab_post_alloc_hook+0x53/0x2c0
[ 62.099241][ T309] kmem_cache_alloc+0x175/0x320
[ 62.104212][ T309] getname_flags+0xba/0x520
[ 62.108738][ T309] getname+0x19/0x20
[ 62.112545][ T309] do_sys_openat2+0xe0/0x870
[ 62.117157][ T309]
[ 62.119443][ T309] Memory state around the buggy address:
[ 62.126702][ T309] ffff8881126cc900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 62.135672][ T309] ffff8881126cc980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 62.144566][ T309] >ffff8881126cca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 62.153043][ T309] ^
[ 62.157035][ T309] ffff8881126cca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 62.165298][ T309] ffff8881126ccb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 62.173887][ T309] ==================================================================
[ 62.181802][ T309] Disabling lock debugging due to kernel taint
executing program
executing program
[ 62.188289][ T306] Bluetooth: hci1: command 0x1003 tx timeout
[ 62.188712][ T302] Bluetooth: hci4: command 0x1003 tx timeout
[ 62.194234][ T296] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 62.200875][ T307] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 62.206747][ T306] Bluetooth: hci3: command 0x1003 tx timeout
[ 62.212566][ T352] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 62.224787][ T10] Bluetooth: hci0: Frame reassembly failed (-84)
executing program
executing program
[ 62.239853][ T43] Bluetooth: hci1: Frame reassembly failed (-84)
[ 62.243395][ T10] Bluetooth: hci2: Frame reassembly failed (-84)
[ 62.253588][ T10] Bluetooth: hci4: Frame reassembly failed (-84)
[ 62.254522][ T43] Bluetooth: hci3: Frame reassembly failed (-84)
[ 63.213982][ C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[ 63.224108][ T309] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 63.227543][ C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 63.227570][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 6.1.115-syzkaller-00041-ga887a44ace2a #0
[ 63.227596][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 63.263153][ C0] RIP: 0010:__queue_work+0x4f1/0xd70
[ 63.268270][ C0] Code: 39 03 0f 84 40 01 00 00 e8 0c 6c 2a 00 4c 89 e7 e8 d4 73 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 d0 da 71 00 49 8b 3e e8 88 6c d6
[ 63.288671][ C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046
[ 63.294687][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff8701d4c0
[ 63.302867][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 63.310826][ C0] RBP: ffffc90000007d00 R08: ffffffff814b185b R09: 0000000000000007
[ 63.318911][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881126cc9c8
[ 63.330868][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881126cc9e0
[ 63.339911][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 63.349943][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 63.356734][ C0] CR2: 0000000020000008 CR3: 0000000110b1e000 CR4: 00000000003506b0
[ 63.365825][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 63.374555][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 63.383704][ C0] Call Trace:
[ 63.386972][ C0]
[ 63.389808][ C0] ? __die_body+0x62/0xb0
[ 63.394595][ C0] ? die_addr+0x9f/0xd0
[ 63.399097][ C0] ? exc_general_protection+0x317/0x4c0
[ 63.404674][ C0] ? ttwu_do_wakeup+0xe5/0x430
[ 63.409694][ C0] ? asm_exc_general_protection+0x27/0x30
[ 63.415688][ C0] ? __queue_work+0x28b/0xd70
[ 63.420233][ C0] ? __queue_work+0x4f1/0xd70
[ 63.425095][ C0] ? __queue_work+0x29c/0xd70
[ 63.430229][ C0] delayed_work_timer_fn+0x61/0x80
[ 63.435915][ C0] ? queue_work_node+0x1d0/0x1d0
[ 63.440868][ C0] call_timer_fn+0x3b/0x2d0
[ 63.445264][ C0] ? queue_work_node+0x1d0/0x1d0
[ 63.450143][ C0] __run_timers+0x756/0xa10
[ 63.454766][ C0] ? calc_index+0x270/0x270
[ 63.459193][ C0] ? sched_clock+0x9/0x10
[ 63.463353][ C0] ? sched_clock_cpu+0x71/0x2b0
[ 63.468187][ C0] run_timer_softirq+0x69/0xf0
[ 63.473584][ C0] handle_softirqs+0x1db/0x650
[ 63.478674][ C0] ? irqtime_account_irq+0xdc/0x260
[ 63.483767][ C0] __irq_exit_rcu+0x52/0xf0
[ 63.488189][ C0] irq_exit_rcu+0x9/0x10
[ 63.492938][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 63.499201][ C0]
[ 63.501966][ C0]
[ 63.504746][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 63.510822][ C0] RIP: 0010:acpi_idle_enter+0x416/0x760
[ 63.516315][ C0] Code: 89 de 48 83 e6 08 31 ff e8 27 1c 54 fc 48 83 e3 08 0f 85 b1 00 00 00 0f 1f 44 00 00 e8 d3 17 54 fc 0f 00 2d 7c e8 ce 00 fb f4 e9 e3 00 00 00 49 83 c7 04 4c 89 f8 48 c1 e8 03 42 0f b6 04 30
[ 63.537643][ C0] RSP: 0018:ffffffff87007bd0 EFLAGS: 000002d3
[ 63.544194][ C0] RAX: ffffffff85216edd RBX: 0000000000000000 RCX: ffffffff8701d4c0
[ 63.552492][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 63.560994][ C0] RBP: ffffffff87007c10 R08: ffffffff85216ec9 R09: fffffbfff0e03a99
[ 63.571081][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001
[ 63.580661][ C0] R13: ffff888109bf1004 R14: dffffc0000000000 R15: ffff8881097cb864
[ 63.588664][ C0] ? acpi_idle_enter+0x3f9/0x760
[ 63.593768][ C0] ? acpi_idle_enter+0x40d/0x760
[ 63.598671][ C0] ? intel_idle_xstate+0xa0/0xa0
[ 63.603528][ C0] cpuidle_enter_state+0x5eb/0x17f0
[ 63.608549][ C0] ? cpuidle_enter_s2idle+0x600/0x600
[ 63.613972][ C0] ? menu_enable_device+0x380/0x380
[ 63.619006][ C0] ? __sched_text_start+0x8/0x8
[ 63.623776][ C0] cpuidle_enter+0x5f/0xa0
[ 63.628143][ C0] do_idle+0x3d1/0x580
[ 63.632071][ C0] ? idle_inject_timer_fn+0x60/0x60
[ 63.637329][ C0] ? schedule_idle+0x5b/0x90
[ 63.642128][ C0] ? do_idle+0x56b/0x580
[ 63.647306][ C0] ? debug_smp_processor_id+0x17/0x20
[ 63.652885][ C0] cpu_startup_entry+0x44/0x60
[ 63.657868][ C0] rest_init+0x10b/0x130
[ 63.661930][ C0] ? time_init+0x38/0x38
[ 63.666163][ C0] arch_call_rest_init+0xe/0xe
[ 63.670874][ C0] start_kernel+0x46c/0x4d8
[ 63.675403][ C0] x86_64_start_reservations+0x2a/0x2c
[ 63.680922][ C0] x86_64_start_kernel+0x7c/0x81
[ 63.685715][ C0] secondary_startup_64_no_verify+0xce/0xdb
[ 63.691422][ C0]
[ 63.694278][ C0] Modules linked in:
[ 63.698221][ C0] ---[ end trace 0000000000000000 ]---
[ 63.703688][ C0] RIP: 0010:__queue_work+0x4f1/0xd70
[ 63.709093][ C0] Code: 39 03 0f 84 40 01 00 00 e8 0c 6c 2a 00 4c 89 e7 e8 d4 73 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 d0 da 71 00 49 8b 3e e8 88 6c d6
[ 63.729184][ C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046
[ 63.735684][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff8701d4c0
[ 63.744653][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 63.752578][ C0] RBP: ffffc90000007d00 R08: ffffffff814b185b R09: 0000000000000007
[ 63.760708][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881126cc9c8
[ 63.768887][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881126cc9e0
[ 63.776694][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 63.785725][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 63.792145][ C0] CR2: 0000000020000008 CR3: 0000000110b1e000 CR4: 00000000003506b0
[ 63.799963][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 63.807998][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 63.815912][ C0] Kernel panic - not syncing: Fatal exception in interrupt
[ 63.823047][ C0] Kernel Offset: disabled
[ 63.827089][ C0] Rebooting in 86400 seconds..