[ 403.143830] kernel BUG at lib/list_debug.c:53! [ 403.148625] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 403.154340] CPU: 1 PID: 17878 Comm: syz-executor.3 Not tainted 4.19.207-syzkaller #0 [ 403.162379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 403.171761] RIP: 0010:__list_del_entry_valid.cold.1+0x48/0x4a [ 403.177811] Code: 27 50 88 e8 a0 fb f7 ff 0f 0b 48 89 de 48 c7 c7 60 28 50 88 e8 8f fb f7 ff 0f 0b 48 89 de 48 c7 c7 00 28 50 88 e8 7e fb f7 ff <0f> 0b 41 83 c5 01 b8 ff ff 37 00 44 89 2d bc 38 35 04 48 c1 e0 2a [ 403.196788] RSP: 0018:ffff888096f67638 EFLAGS: 00010282 [ 403.202136] RAX: 0000000000000054 RBX: ffff8880a9bf4ee0 RCX: 0000000000000000 [ 403.209385] RDX: 0000000000000000 RSI: ffffffff885024a0 RDI: ffffffff8bad9720 [ 403.216629] RBP: ffff888096f67650 R08: ffffed1017464ea9 R09: ffffed1017464ea8 [ 403.223874] R10: ffffed1017464ea8 R11: ffff8880ba327547 R12: ffff8880a1bfc0a0 [ 403.231215] R13: ffff8880a1bfc0a0 R14: 0000000000000001 R15: ffff888091fec840 [ 403.238595] FS: 0000000003464400(0000) GS:ffff8880ba300000(0000) knlGS:0000000000000000 [ 403.247227] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 403.253079] CR2: 00000000034646d0 CR3: 000000009c824000 CR4: 00000000001406e0 [ 403.261195] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 403.268612] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 403.275865] Call Trace: [ 403.278427] klist_dec_and_del+0x69/0x450 [ 403.282560] ? __device_link_free_srcu+0xe0/0xe0 [ 403.287466] ? __device_link_free_srcu+0xe0/0xe0 [ 403.292378] klist_put+0x6c/0x110 [ 403.295894] ? bt_link_release+0x20/0x20 [ 403.299928] klist_del+0xe/0x10 [ 403.303276] device_del+0x15c/0xa60 [ 403.306887] ? device_link_remove+0x120/0x120 [ 403.311441] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 403.316534] ? trace_hardirqs_on+0x28/0x190 [ 403.320829] ? bt_link_release+0x20/0x20 [ 403.324971] hci_conn_del_sysfs+0xba/0x150 [ 403.329192] hci_conn_cleanup+0x1ff/0x4e0 [ 403.333312] hci_conn_del+0x22c/0x6b0 [ 403.337090] hci_conn_hash_flush+0x171/0x230 [ 403.341676] hci_dev_do_close+0x5dc/0xf10 [ 403.346074] ? hci_dev_open+0x200/0x200 [ 403.350037] ? kasan_check_write+0x14/0x20 [ 403.354247] hci_unregister_dev+0x12f/0x400 [ 403.358696] vhci_release+0x6b/0xe0 [ 403.362308] __fput+0x249/0x7f0 [ 403.365562] ____fput+0x9/0x10 [ 403.368819] task_work_run+0x108/0x180 [ 403.372681] do_exit+0xa6a/0x2d90 [ 403.376107] ? mm_update_next_owner+0x680/0x680 [ 403.380752] ? do_wp_page+0xba6/0x20b0 [ 403.384713] ? get_signal+0x2ba/0x1970 [ 403.388667] ? _raw_spin_unlock_irq+0x27/0x90 [ 403.393664] ? get_signal+0x2ba/0x1970 [ 403.397525] do_group_exit+0xf8/0x2c0 [ 403.401403] get_signal+0x30b/0x1970 [ 403.405109] ? __lock_acquire+0x764/0x47c0 [ 403.409490] ? __do_page_fault+0x508/0xab0 [ 403.413702] do_signal+0x87/0x1870 [ 403.417219] ? mark_held_locks+0x130/0x130 [ 403.421426] ? up_read+0x1a/0x110 [ 403.424863] ? __do_page_fault+0x508/0xab0 [ 403.429157] ? setup_sigcontext+0x7d0/0x7d0 [ 403.433449] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 403.438304] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 403.442952] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 403.447696] ? trace_hardirqs_on_caller+0x28/0x180 [ 403.452601] ? exit_to_usermode_loop+0x3a/0x1e0 [ 403.457419] ? syscall_return_slowpath+0x31a/0x3b0 [ 403.462325] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 403.466970] ? exit_to_usermode_loop+0x3a/0x1e0 [ 403.471724] ? trace_hardirqs_on+0x28/0x190 [ 403.476037] exit_to_usermode_loop+0x159/0x1e0 [ 403.480618] syscall_return_slowpath+0x31a/0x3b0 [ 403.485534] ret_from_fork+0x15/0x30 [ 403.489221] RIP: 0033:0x463e7b [ 403.492388] Code: ed 0f 85 60 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 89 00 00 00 41 89 c5 85 c0 0f 85 90 00 00 [ 403.511353] RSP: 002b:00007ffc985d9ec0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 403.519038] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000463e7b [ 403.526438] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 403.533694] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000003464400 [ 403.541026] R10: 00000000034646d0 R11: 0000000000000246 R12: 0000000000000001 [ 403.548270] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 403.555625] Modules linked in: [ 403.558890] Bluetooth: hci0: Ignoring connect complete event for existing connection [ 403.559074] ---[ end trace 51a974c03e05af4a ]--- [ 403.567243] Bluetooth: hci0: Ignoring connect complete event for existing connection [ 403.572166] RIP: 0010:__list_del_entry_valid.cold.1+0x48/0x4a [ 403.582589] Bluetooth: hci1: Ignoring connect complete event for existing connection [ 403.586112] Code: 27 50 88 e8 a0 fb f7 ff 0f 0b 48 89 de 48 c7 c7 60 28 50 88 e8 8f fb f7 ff 0f 0b 48 89 de 48 c7 c7 00 28 50 88 e8 7e fb f7 ff <0f> 0b 41 83 c5 01 b8 ff ff 37 00 44 89 2d bc 38 35 04 48 c1 e0 2a [ 403.594307] Bluetooth: hci1: Ignoring connect complete event for existing connection [ 403.613588] RSP: 0018:ffff888096f67638 EFLAGS: 00010282 [ 403.613593] RAX: 0000000000000054 RBX: ffff8880a9bf4ee0 RCX: 0000000000000000 [ 403.613595] RDX: 0000000000000000 RSI: ffffffff885024a0 RDI: ffffffff8bad9720 [ 403.613598] RBP: ffff888096f67650 R08: ffffed1017464ea9 R09: ffffed1017464ea8 [ 403.613600] R10: ffffed1017464ea8 R11: ffff8880ba327547 R12: ffff8880a1bfc0a0 [ 403.613603] R13: ffff8880a1bfc0a0 R14: 0000000000000001 R15: ffff888091fec840 [ 403.613609] FS: 0000000003464400(0000) GS:ffff8880ba300000(0000) knlGS:0000000000000000 [ 403.633539] list_del corruption. prev->next should be ffff8880aae03ba0, but was ffff8880a9b505f8 [ 403.634964] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 403.642388] ------------[ cut here ]------------ [ 403.649861] CR2: 00000000034646d0 CR3: 000000000986d000 CR4: 00000000001406e0 [ 403.657165] kernel BUG at lib/list_debug.c:53! [ 403.657230] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 403.664532] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 403.672724] CPU: 0 PID: 17873 Comm: syz-executor.5 Tainted: G D 4.19.207-syzkaller #0 [ 403.672727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 403.672737] RIP: 0010:__list_del_entry_valid.cold.1+0x48/0x4a [ 403.672743] Code: 27 50 88 e8 a0 fb f7 ff 0f 0b 48 89 de 48 c7 c7 60 28 50 88 e8 8f fb f7 ff 0f 0b 48 89 de 48 c7 c7 00 28 50 88 e8 7e fb f7 ff <0f> 0b 41 83 c5 01 b8 ff ff 37 00 44 89 2d bc 38 35 04 48 c1 e0 2a [ 403.681728] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 403.687675] RSP: 0018:ffff8880b07b7628 EFLAGS: 00010282 [ 403.687679] RAX: 0000000000000054 RBX: ffff8880aae03ba0 RCX: 0000000000000000 [ 403.687682] RDX: 0000000000000000 RSI: ffffffff885024a0 RDI: ffffffff8bad9720 [ 403.687684] RBP: ffff8880b07b7640 R08: ffffed1017444ea9 R09: ffffed1017444ea8 [ 403.687686] R10: ffffed1017444ea8 R11: ffff8880ba227547 R12: ffff8880aae03ce0 [ 403.687689] R13: ffff8880aae03ce0 R14: 0000000000000001 R15: ffff8880aa992500 [ 403.687693] FS: 0000000002c19400(0000) GS:ffff8880ba200000(0000) knlGS:0000000000000000 [ 403.692436] Kernel panic - not syncing: Fatal exception [ 403.699672] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 403.831095] CR2: 00007f3174026000 CR3: 000000009c45c000 CR4: 00000000001406f0 [ 403.838432] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 403.845683] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 403.853019] Call Trace: [ 403.855589] klist_dec_and_del+0x69/0x450 [ 403.859805] ? __device_link_free_srcu+0xe0/0xe0 [ 403.864723] ? __device_link_free_srcu+0xe0/0xe0 [ 403.869829] klist_put+0x6c/0x110 [ 403.873284] ? bt_link_release+0x20/0x20 [ 403.877414] klist_del+0xe/0x10 [ 403.880690] device_del+0x15c/0xa60 [ 403.885361] ? device_link_remove+0x120/0x120 [ 403.890108] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 403.895289] ? trace_hardirqs_on+0x28/0x190 [ 403.899944] ? bt_link_release+0x20/0x20 [ 403.904551] hci_conn_del_sysfs+0xba/0x150 [ 403.908954] hci_conn_cleanup+0x1ff/0x4e0 [ 403.913177] hci_conn_del+0x22c/0x6b0 [ 403.916976] hci_conn_hash_flush+0x171/0x230 [ 403.921472] hci_dev_do_close+0x5dc/0xf10 [ 403.925692] ? hci_dev_open+0x200/0x200 [ 403.930278] ? kasan_check_write+0x14/0x20 [ 403.934507] hci_unregister_dev+0x12f/0x400 [ 403.938811] vhci_release+0x6b/0xe0 [ 403.942418] __fput+0x249/0x7f0 [ 403.945696] ____fput+0x9/0x10 [ 403.948868] task_work_run+0x108/0x180 [ 403.952879] do_exit+0xa6a/0x2d90 [ 403.956317] ? mm_update_next_owner+0x680/0x680 [ 403.960980] ? do_futex+0x5c9/0x1530 [ 403.964674] ? lock_downgrade+0x860/0x860 [ 403.968816] ? get_signal+0x2ba/0x1970 [ 403.972778] ? _raw_spin_unlock_irq+0x27/0x90 [ 403.977540] ? get_signal+0x2ba/0x1970 [ 403.981409] do_group_exit+0xf8/0x2c0 [ 403.985284] get_signal+0x30b/0x1970 [ 403.989091] ? wake_up_new_task+0x65a/0xba0 [ 403.993752] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 403.998421] do_signal+0x87/0x1870 [ 404.001946] ? setup_sigcontext+0x7d0/0x7d0 [ 404.006262] ? kvm_clock_get_cycles+0x9/0x10 [ 404.010913] ? __se_sys_futex+0x209/0x270 [ 404.015154] ? do_futex+0x1530/0x1530 [ 404.019022] ? up_read+0x1a/0x110 [ 404.022636] ? exit_to_usermode_loop+0x3a/0x1e0 [ 404.027562] ? do_syscall_64+0x413/0x4e0 [ 404.031602] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 404.036249] ? exit_to_usermode_loop+0x3a/0x1e0 [ 404.040898] ? trace_hardirqs_on+0x28/0x190 [ 404.045374] exit_to_usermode_loop+0x159/0x1e0 [ 404.050023] do_syscall_64+0x413/0x4e0 [ 404.053894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 404.059351] RIP: 0033:0x465889 [ 404.062886] Code: Bad RIP value. [ 404.066245] RSP: 002b:00007fffb9669f18 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 404.074300] RAX: fffffffffffffdfc RBX: 000000000000002d RCX: 0000000000465889 [ 404.081746] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000055bf0c [ 404.089865] RBP: 00000000000626b2 R08: 0000006ca1666ac3 R09: 0000000000000000 [ 404.097561] R10: 00007fffb9669ff0 R11: 0000000000000246 R12: 00000000000003e8 [ 404.104968] R13: 000000000055bf0c R14: 000000000055bf00 R15: 000000000055bf00 [ 404.112657] Modules linked in: [ 404.116386] Kernel Offset: disabled [ 404.121078] Rebooting in 86400 seconds..