[ 412.343534] Bluetooth: hci1 command 0x0401 tx timeout [ 414.423438] Bluetooth: hci1 command 0x0401 tx timeout [ 414.673364] Bluetooth: hci0 command 0x0406 tx timeout Warning: Permanently added '10.128.1.94' (ECDSA) to the list of known hosts. [ 416.503329] Bluetooth: hci1 command 0x0401 tx timeout [ 416.848484] IPVS: ftp: loaded support on port[0] = 21 [ 418.583308] Bluetooth: hci1 command 0x0401 tx timeout *** stack smashing detected ***: terminated *** stack smashing detected ***: terminated [ 418.903217] Bluetooth: hci6 command 0x0409 tx timeout [ 420.663129] Bluetooth: hci1 command 0x0401 tx timeout [ 420.983108] Bluetooth: hci6 command 0x041b tx timeout [ 422.743000] Bluetooth: hci1 command 0x0401 tx timeout [ 423.063085] Bluetooth: hci6 command 0x040f tx timeout [ 424.823005] Bluetooth: hci1 command 0x0401 tx timeout [ 425.142991] Bluetooth: hci6 command 0x0419 tx timeout [ 426.902925] Bluetooth: hci1 command 0x0401 tx timeout [ 428.982860] Bluetooth: hci1 command 0x0401 tx timeout [ 431.062768] Bluetooth: hci1 command 0x0401 tx timeout [ 433.198946] Bluetooth: hci1 command 0x0401 tx timeout [ 433.554101] kasan: CONFIG_KASAN_INLINE enabled [ 433.559077] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 433.566560] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 433.572795] Modules linked in: [ 433.576104] CPU: 1 PID: 31697 Comm: syz-executor.3 Not tainted 4.14.222-syzkaller #0 [ 433.584307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 433.593687] task: ffff88810f9ac400 task.stack: ffff8881696d8000 [ 433.599746] RIP: 0010:__queue_work+0x128/0xea0 [ 433.604563] RSP: 0018:ffff8881696df858 EFLAGS: 00010046 [ 433.609908] RAX: ffff8881f248d1c0 RBX: 0000000000000001 RCX: ffff8881f5c00068 [ 433.617258] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000 [ 433.624736] RBP: ffff8881696df8d0 R08: ffffffff87f55600 R09: ffffffff87f55608 [ 433.632173] R10: 0000000000000000 R11: 0000000000000040 R12: 0000000000000000 [ 433.639692] R13: ffff8881b4678780 R14: 0000000000000040 R15: dffffc0000000000 [ 433.647087] FS: 00007fbf26478700(0000) GS:ffff8881f6700000(0000) knlGS:0000000000000000 [ 433.655465] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 433.661413] CR2: 00007f66baefe740 CR3: 00000001c09bd001 CR4: 00000000001606e0 [ 433.668689] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 433.676025] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 433.683301] Call Trace: [ 433.685956] ? mark_held_locks+0xc7/0x130 [ 433.690083] queue_work_on+0x140/0x180 [ 433.693965] req_run+0x2b2/0x590 [ 433.697327] __hci_req_sync+0x297/0x7d0 [ 433.701280] ? hci_req_sync_cancel+0xc0/0xc0 [ 433.705802] ? hci_req_sync+0x5b/0xb0 [ 433.709580] ? __ww_mutex_wakeup_for_backoff+0x250/0x250 [ 433.715262] ? debug_check_no_obj_freed+0x2d5/0x890 [ 433.720354] ? hci_inquiry+0x55f/0x790 [ 433.724245] ? wake_up_q+0xe0/0xe0 [ 433.727772] ? hci_unregister_cb+0x160/0x160 [ 433.732156] ? hci_unregister_cb+0x160/0x160 [ 433.736553] hci_req_sync+0x70/0xb0 [ 433.740162] hci_inquiry+0x580/0x790 [ 433.744042] ? __local_bh_enable_ip+0xcc/0x150 [ 433.749179] ? hci_inquiry_cache_update_resolve+0x590/0x590 [ 433.755051] ? __local_bh_enable_ip+0xcc/0x150 [ 433.759704] ? _raw_spin_unlock_bh+0x30/0x40 [ 433.764462] hci_sock_ioctl+0x199/0x600 [ 433.768577] ? hci_sock_sendmsg+0x22d0/0x22d0 [ 433.773203] ? trace_hardirqs_on+0x10/0x10 [ 433.777436] sock_do_ioctl+0x62/0xa0 [ 433.781135] sock_ioctl+0x251/0x430 [ 433.785283] do_vfs_ioctl+0x180/0xfb0 [ 433.789074] ? __fget+0x1a9/0x2f0 [ 433.792650] ? lock_downgrade+0x7f0/0x7f0 [ 433.796949] ? ioctl_preallocate+0x1a0/0x1a0 [ 433.801336] ? __fget+0x1c6/0x2f0 [ 433.804783] ? __fget_light+0x166/0x200 [ 433.808919] SyS_ioctl+0x74/0x80 [ 433.812353] ? do_vfs_ioctl+0xfb0/0xfb0 [ 433.816751] do_syscall_64+0x1c7/0x5b0 [ 433.820701] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 433.825807] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 433.831522] RIP: 0033:0x465109 [ 433.834882] RSP: 002b:00007fbf26478188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 433.843017] RAX: ffffffffffffffda RBX: 000000000055cf00 RCX: 0000000000465109 [ 433.850902] RDX: 0000000020000200 RSI: 00000000800448f0 RDI: 0000000000000004 [ 433.858567] RBP: 00000000004af711 R08: 0000000000000000 R09: 0000000000000000 [ 433.866369] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000055cf00 [ 433.874313] R13: 00007ffea8c1297f R14: 00007fbf26478300 R15: 0000000000022000 [ 433.882134] Code: e8 6e a1 ef ff 4c 89 ef 89 c6 e8 c4 76 ff ff 48 8b 7d d0 49 89 c4 e8 78 df ff ff 48 85 c0 0f 84 d5 02 00 00 4c 89 e2 48 c1 ea 03 <42> 80 3c 3a 00 0f 85 4b 0c 00 00 49 39 04 24 0f 85 84 04 00 00 [ 433.901464] RIP: __queue_work+0x128/0xea0 RSP: ffff8881696df858 [ 433.908617] ---[ end trace 481ed56571203370 ]--- [ 433.913700] Kernel panic - not syncing: Fatal exception [ 433.921647] Kernel Offset: disabled [ 433.925457] Rebooting in 86400 seconds..