Warning: Permanently added '10.128.0.181' (ED25519) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
[ 23.292084][ T28] audit: type=1400 audit(1739853643.947:66): avc: denied { execmem } for pid=289 comm="syz-executor184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 23.314601][ T28] audit: type=1400 audit(1739853643.957:67): avc: denied { create } for pid=297 comm="syz-executor184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 23.323340][ T8] Bluetooth: hci1: Frame reassembly failed (-84)
[ 23.335439][ T28] audit: type=1400 audit(1739853643.957:68): avc: denied { ioctl } for pid=297 comm="syz-executor184" path="socket:[13205]" dev="sockfs" ino=13205 ioctlcmd=0x48e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 23.341280][ T8] Bluetooth: hci2: Frame reassembly failed (-84)
[ 23.366858][ T43] Bluetooth: hci3: Frame reassembly failed (-84)
[ 23.373350][ T8] Bluetooth: hci4: Frame reassembly failed (-84)
[ 25.327504][ T304] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 25.327518][ T305] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 25.327604][ T303] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 25.333476][ T300] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 25.339360][ T297] Bluetooth: hci0: Opcode 0x080f failed: -110
executing program
[ 27.407503][ T299] Bluetooth: hci0: Opcode 0x080f failed: -110
[ 27.455760][ T8] Bluetooth: hci1: Frame reassembly failed (-84)
executing program
executing program
executing program
executing program
[ 28.302829][ T296] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 28.312921][ T301] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 28.318739][ T302] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 28.328499][ T8] Bluetooth: hci0: Frame reassembly failed (-84)
[ 28.361697][ T8] Bluetooth: hci2: Frame reassembly failed (-84)
[ 28.367252][ T43] Bluetooth: hci3: Frame reassembly failed (-84)
[ 28.368077][ T8] Bluetooth: hci4: Frame reassembly failed (-84)
executing program
[ 29.487529][ T306] Bluetooth: hci1: command 0x1003 tx timeout
[ 29.487529][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 29.506013][ T8] Bluetooth: hci1: Frame reassembly failed (-84)
[ 30.367538][ T307] Bluetooth: hci4: command 0x1003 tx timeout
[ 30.367530][ T305] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 30.367563][ T307] Bluetooth: hci2: command 0x1003 tx timeout
[ 30.373360][ T304] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 30.379304][ T300] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 30.385098][ T304] Bluetooth: hci0: command 0x1003 tx timeout
[ 30.390987][ T303] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 30.408754][ T315] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
executing program
executing program
executing program
[ 30.414701][ T318] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 30.420695][ T317] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 30.426612][ T319] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 30.434645][ T322] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 30.477183][ T8] Bluetooth: hci0: Frame reassembly failed (-84)
[ 30.484253][ T320] Bluetooth: hci2: Frame reassembly failed (-84)
[ 30.490041][ T8] Bluetooth: hci3: Frame reassembly failed (-84)
[ 30.490431][ T10] Bluetooth: hci4: Frame reassembly failed (-84)
executing program
[ 31.567500][ T305] Bluetooth: hci1: command 0x1003 tx timeout
[ 31.567493][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 31.585270][ T10] Bluetooth: hci1: Frame reassembly failed (-84)
[ 32.527485][ T303] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 32.527518][ T307] Bluetooth: hci4: command 0x1003 tx timeout
[ 32.527541][ T307] Bluetooth: hci3: command 0x1003 tx timeout
[ 32.533756][ T303] Bluetooth: hci2: command 0x1003 tx timeout
[ 32.539548][ T304] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 32.546152][ T306] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 32.551157][ T300] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 33.647526][ T300] Bluetooth: hci1: command 0x1003 tx timeout
[ 33.647545][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 34.607557][ T324] Bluetooth: hci0: Opcode 0x080f failed: -110
executing program
[ 35.476694][ T327] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 35.482531][ T325] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 35.488393][ T326] Bluetooth: hci0: Opcode 0x080f failed: -4
executing program
executing program
[ 35.539980][ T10] Bluetooth: hci2: Frame reassembly failed (-84)
[ 35.570497][ T320] Bluetooth: hci3: Frame reassembly failed (-84)
executing program
executing program
[ 36.584855][ T331] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 36.594524][ T320] Bluetooth: hci0: Frame reassembly failed (-84)
[ 36.640471][ T10] Bluetooth: hci1: Frame reassembly failed (-84)
[ 36.646682][ T10] Bluetooth: hci1: Frame reassembly failed (-84)
executing program
[ 37.567502][ T303] Bluetooth: hci2: command 0x1003 tx timeout
[ 37.567495][ T45] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 37.588809][ T10] Bluetooth: hci2: Frame reassembly failed (-84)
executing program
executing program
[ 37.647525][ T303] Bluetooth: hci3: command 0x1003 tx timeout
[ 37.647530][ T300] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 37.657493][ T333] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 37.659316][ T300] Bluetooth: hci4: command 0x1003 tx timeout
[ 37.671474][ T10] Bluetooth: hci3: Frame reassembly failed (-84)
[ 37.678327][ T10] Bluetooth: hci4: Frame reassembly failed (-84)
[ 38.607487][ T306] Bluetooth: hci0: command 0x1003 tx timeout
[ 38.607479][ T305] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 38.619395][ T343] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 38.625271][ T344] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 38.631284][ T346] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 38.637349][ T347] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 38.643301][ T348] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
executing program
[ 38.687574][ T304] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 38.687596][ T303] Bluetooth: hci1: command 0x1003 tx timeout
[ 38.705550][ T320] Bluetooth: hci0: Frame reassembly failed (-84)
[ 38.711905][ T320] Bluetooth: hci0: Frame reassembly failed (-84)
[ 38.713355][ T8] Bluetooth: hci1: Frame reassembly failed (-84)
executing program
[ 39.647508][ T303] Bluetooth: hci2: command 0x1003 tx timeout
[ 39.647503][ T45] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 39.665436][ T8] Bluetooth: hci2: Frame reassembly failed (-84)
executing program
executing program
[ 39.727489][ T333] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 39.727511][ T306] Bluetooth: hci4: command 0x1003 tx timeout
[ 39.727532][ T306] Bluetooth: hci3: command 0x1003 tx timeout
[ 39.733476][ T300] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 39.752839][ T8] Bluetooth: hci3: Frame reassembly failed (-84)
[ 39.762296][ T8] Bluetooth: hci4: Frame reassembly failed (-84)
[ 40.767509][ T306] Bluetooth: hci1: command 0x1003 tx timeout
[ 40.767510][ T305] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 40.767551][ T304] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 40.773369][ T306] Bluetooth: hci0: command 0x1003 tx timeout
[ 40.791228][ T350] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 40.797147][ T351] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 40.803194][ T353] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 40.809088][ T354] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
executing program
[ 40.815141][ T355] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 40.853676][ T8] Bluetooth: hci0: Frame reassembly failed (-84)
[ 40.863753][ T8] Bluetooth: hci1: Frame reassembly failed (-84)
executing program
[ 41.727509][ T303] Bluetooth: hci2: command 0x1003 tx timeout
[ 41.727502][ T45] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 41.751507][ T10] Bluetooth: hci2: Frame reassembly failed (-84)
executing program
executing program
[ 41.807517][ T300] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 41.807578][ T333] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 41.813467][ T300] Bluetooth: hci4: command 0x1003 tx timeout
[ 41.820757][ T10] Bluetooth: hci3: Frame reassembly failed (-84)
[ 41.833316][ T8] Bluetooth: hci4: Frame reassembly failed (-84)
[ 41.839528][ T8] Bluetooth: hci4: Frame reassembly failed (-84)
[ 42.927510][ T300] Bluetooth: hci1: command 0x1003 tx timeout
[ 42.927513][ T306] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 42.927547][ T300] Bluetooth: hci0: command 0x1003 tx timeout
[ 42.933463][ T304] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 42.945333][ T357] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 42.956980][ T358] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 42.962941][ T360] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 42.968992][ T361] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
[ 42.975738][ T362] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
[ 43.027694][ T8] Bluetooth: hci0: Frame reassembly failed (-84)
[ 43.066423][ T10] Bluetooth: hci1: Frame reassembly failed (-84)
executing program
[ 43.807500][ T45] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 43.807517][ T305] Bluetooth: hci2: command 0x1003 tx timeout
[ 43.825220][ T8] Bluetooth: hci2: Frame reassembly failed (-84)
[ 43.831552][ T8] Bluetooth: hci2: Frame reassembly failed (-84)
executing program
executing program
[ 43.887500][ T333] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 43.887536][ T300] Bluetooth: hci4: command 0x1003 tx timeout
[ 43.893431][ T305] Bluetooth: hci3: command 0x1003 tx timeout
[ 43.899271][ T303] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 43.918508][ T8] Bluetooth: hci3: Frame reassembly failed (-84)
[ 43.920579][ T10] Bluetooth: hci4: Frame reassembly failed (-84)
[ 45.087474][ T304] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 45.097484][ T306] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 45.097854][ T304] Bluetooth: hci1: command 0x1003 tx timeout
[ 45.887511][ T45] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 45.887520][ T306] Bluetooth: hci2: command 0x1003 tx timeout
[ 45.967499][ T303] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 45.967512][ T300] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 45.967573][ T300] Bluetooth: hci3: command 0x1003 tx timeout
[ 47.167513][ T364] Bluetooth: hci0: Opcode 0x080f failed: -110
executing program
[ 48.071329][ T365] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 48.120964][ T10] Bluetooth: hci1: Frame reassembly failed (-84)
executing program
[ 48.825622][ T367] Bluetooth: hci0: Opcode 0x080f failed: -4
executing program
executing program
[ 48.916600][ T369] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 48.922418][ T368] Bluetooth: hci0: Opcode 0x080f failed: -4
[ 48.932262][ T10] Bluetooth: hci0: Frame reassembly failed (-84)
executing program
[ 48.979873][ T10] Bluetooth: hci3: Frame reassembly failed (-84)
[ 49.029888][ T10] Bluetooth: hci4: Frame reassembly failed (-84)
executing program
[ 50.127492][ T305] Bluetooth: hci1: command 0x1003 tx timeout
[ 50.127485][ T303] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 50.142653][ T320] Bluetooth: hci1: Frame reassembly failed (-84)
[ 50.148854][ T320] Bluetooth: hci1: Frame reassembly failed (-84)
executing program
[ 50.927486][ T305] Bluetooth: hci2: command 0x1003 tx timeout
[ 50.927483][ T45] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 50.945374][ T10] Bluetooth: hci2: Frame reassembly failed (-84)
[ 50.951572][ T10] Bluetooth: hci2: Frame reassembly failed (-84)
[ 51.007506][ T300] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 51.007525][ T333] Bluetooth: hci3: command 0x1003 tx timeout
[ 51.007547][ T333] Bluetooth: hci0: command 0x1003 tx timeout
[ 51.013454][ T306] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 51.019448][ T378] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 51.037118][ T380] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 51.043013][ T381] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 51.048951][ T384] Bluetooth: hci0: Opcode 0x080f failed: -22
executing program
[ 51.054861][ T385] Bluetooth: hci0: Opcode 0x080f failed: -22
[ 51.084948][ T306] ==================================================================
[ 51.092832][ T306] BUG: KASAN: use-after-free in enqueue_timer+0xa6/0x480
[ 51.099685][ T306] Write of size 8 at addr ffff888112040a00 by task kworker/u5:5/306
[ 51.107498][ T306]
[ 51.109847][ T306] CPU: 0 PID: 306 Comm: kworker/u5:5 Not tainted 6.1.124-syzkaller-00008-gccc915784332 #0
[ 51.119566][ T306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 51.127517][ T304] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 51.129458][ T306] Workqueue: hci0 hci_cmd_work
[ 51.139960][ T306] Call Trace:
[ 51.143081][ T306]
[ 51.145879][ T306] dump_stack_lvl+0x151/0x1b7
[ 51.150376][ T306] ? nf_tcp_handle_invalid+0x3f1/0x3f1
[ 51.155668][ T306] ? _printk+0xd1/0x111
[ 51.159664][ T306] ? __virt_addr_valid+0x242/0x2f0
[ 51.164730][ T306] print_report+0x158/0x4e0
[ 51.169063][ T306] ? __virt_addr_valid+0x242/0x2f0
[ 51.174010][ T306] ? kasan_complete_mode_report_info+0x90/0x1b0
[ 51.180086][ T306] ? enqueue_timer+0xa6/0x480
[ 51.184600][ T306] kasan_report+0x13c/0x170
[ 51.188939][ T306] ? enqueue_timer+0xa6/0x480
[ 51.193453][ T306] ? __kasan_check_write+0x14/0x20
[ 51.198401][ T306] __asan_report_store8_noabort+0x17/0x20
[ 51.203983][ T306] enqueue_timer+0xa6/0x480
[ 51.208293][ T306] __mod_timer+0x8d3/0xcf0
[ 51.212546][ T306] ? wake_up_process+0x10/0x20
[ 51.217147][ T306] ? insert_work+0x283/0x310
[ 51.221572][ T306] ? __queue_work+0x9d9/0xd70
[ 51.226084][ T306] ? mod_timer_pending+0x30/0x30
[ 51.230857][ T306] ? __kasan_check_write+0x14/0x20
[ 51.235807][ T306] ? queue_work_on+0x135/0x170
[ 51.240406][ T306] add_timer+0x68/0x80
[ 51.244312][ T306] __queue_delayed_work+0x16d/0x1f0
[ 51.249343][ T306] queue_delayed_work_on+0x10f/0x180
[ 51.254551][ T306] ? delayed_work_timer_fn+0x80/0x80
[ 51.259673][ T306] hci_cmd_work+0x2b1/0x310
[ 51.264012][ T306] process_one_work+0x73d/0xcb0
[ 51.268704][ T306] worker_thread+0xa60/0x1260
[ 51.273216][ T306] kthread+0x26d/0x300
[ 51.277123][ T306] ? worker_clr_flags+0x1a0/0x1a0
[ 51.281977][ T306] ? kthread_blkcg+0xd0/0xd0
[ 51.286407][ T306] ret_from_fork+0x1f/0x30
[ 51.290659][ T306]
[ 51.293523][ T306]
[ 51.295690][ T306] Allocated by task 378:
[ 51.299803][ T306] kasan_set_track+0x4b/0x70
[ 51.304201][ T306] kasan_save_alloc_info+0x1f/0x30
[ 51.309150][ T306] __kasan_kmalloc+0x9c/0xb0
[ 51.313572][ T306] __kmalloc+0xb4/0x1e0
[ 51.317571][ T306] hci_alloc_dev_priv+0x27/0x1c00
[ 51.322433][ T306] hci_uart_tty_ioctl+0x401/0xa70
[ 51.327286][ T306] tty_ioctl+0x903/0xc50
[ 51.331364][ T306] __se_sys_ioctl+0x114/0x190
[ 51.335877][ T306] __x64_sys_ioctl+0x7b/0x90
[ 51.340305][ T306] x64_sys_call+0x98/0x9a0
[ 51.344554][ T306] do_syscall_64+0x3b/0xb0
[ 51.348807][ T306] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 51.354537][ T306]
[ 51.356737][ T306] Freed by task 385:
[ 51.360461][ T306] kasan_set_track+0x4b/0x70
[ 51.364869][ T306] kasan_save_free_info+0x2b/0x40
[ 51.369735][ T306] ____kasan_slab_free+0x131/0x180
[ 51.374673][ T306] __kasan_slab_free+0x11/0x20
[ 51.379280][ T306] __kmem_cache_free+0x21d/0x410
[ 51.384051][ T306] kfree+0x7a/0xf0
[ 51.387609][ T306] hci_release_dev+0x14d3/0x1640
[ 51.392385][ T306] bt_host_release+0x83/0xa0
[ 51.396807][ T306] device_release+0x95/0x1c0
[ 51.401232][ T306] kobject_put+0x178/0x260
[ 51.405507][ T306] put_device+0x1f/0x30
[ 51.409479][ T306] hci_dev_cmd+0x2be/0x9b0
[ 51.413802][ T306] hci_sock_ioctl+0x415/0x7f0
[ 51.418242][ T306] sock_do_ioctl+0x152/0x450
[ 51.422672][ T306] sock_ioctl+0x455/0x740
[ 51.426845][ T306] __se_sys_ioctl+0x114/0x190
[ 51.431352][ T306] __x64_sys_ioctl+0x7b/0x90
[ 51.435774][ T306] x64_sys_call+0x98/0x9a0
[ 51.440027][ T306] do_syscall_64+0x3b/0xb0
[ 51.444281][ T306] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 51.450010][ T306]
[ 51.452180][ T306] Last potentially related work creation:
[ 51.457734][ T306] kasan_save_stack+0x3b/0x60
[ 51.462244][ T306] __kasan_record_aux_stack+0xb4/0xc0
[ 51.467452][ T306] kasan_record_aux_stack_noalloc+0xb/0x10
[ 51.473094][ T306] insert_work+0x56/0x310
[ 51.477261][ T306] __queue_work+0x9b6/0xd70
[ 51.481598][ T306] queue_work_on+0x105/0x170
[ 51.486028][ T306] __hci_cmd_sync_sk+0xc2a/0xf70
[ 51.490800][ T306] hci_cmd_sync_status+0x52/0x130
[ 51.495659][ T306] hci_dev_cmd+0x771/0x9b0
[ 51.499924][ T306] hci_sock_ioctl+0x415/0x7f0
[ 51.504432][ T306] sock_do_ioctl+0x152/0x450
[ 51.508861][ T306] sock_ioctl+0x455/0x740
[ 51.513018][ T306] __se_sys_ioctl+0x114/0x190
[ 51.517536][ T306] __x64_sys_ioctl+0x7b/0x90
[ 51.522039][ T306] x64_sys_call+0x98/0x9a0
[ 51.526334][ T306] do_syscall_64+0x3b/0xb0
[ 51.530590][ T306] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 51.536319][ T306]
[ 51.538491][ T306] Second to last potentially related work creation:
[ 51.544920][ T306] kasan_save_stack+0x3b/0x60
[ 51.549422][ T306] __kasan_record_aux_stack+0xb4/0xc0
[ 51.554630][ T306] kasan_record_aux_stack_noalloc+0xb/0x10
[ 51.560275][ T306] insert_work+0x56/0x310
[ 51.564440][ T306] __queue_work+0x9b6/0xd70
[ 51.568777][ T306] queue_work_on+0x105/0x170
[ 51.573214][ T306] __hci_cmd_sync_sk+0xc2a/0xf70
[ 51.577975][ T306] hci_cmd_sync_status+0x52/0x130
[ 51.582839][ T306] hci_dev_cmd+0x771/0x9b0
[ 51.587088][ T306] hci_sock_ioctl+0x415/0x7f0
[ 51.591605][ T306] sock_do_ioctl+0x152/0x450
[ 51.596029][ T306] sock_ioctl+0x455/0x740
[ 51.600195][ T306] __se_sys_ioctl+0x114/0x190
[ 51.604707][ T306] __x64_sys_ioctl+0x7b/0x90
[ 51.609135][ T306] x64_sys_call+0x98/0x9a0
[ 51.613387][ T306] do_syscall_64+0x3b/0xb0
[ 51.617640][ T306] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 51.623368][ T306]
[ 51.625541][ T306] The buggy address belongs to the object at ffff888112040000
[ 51.625541][ T306] which belongs to the cache kmalloc-8k of size 8192
[ 51.639427][ T306] The buggy address is located 2560 bytes inside of
[ 51.639427][ T306] 8192-byte region [ffff888112040000, ffff888112042000)
[ 51.652707][ T306]
[ 51.654879][ T306] The buggy address belongs to the physical page:
[ 51.661147][ T306] page:ffffea0004481000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112040
[ 51.671732][ T306] head:ffffea0004481000 order:3 compound_mapcount:0 compound_pincount:0
[ 51.679888][ T306] flags: 0x4000000000010200(slab|head|zone=1)
[ 51.685796][ T306] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043500
[ 51.694213][ T306] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[ 51.702625][ T306] page dumped because: kasan: bad access detected
[ 51.708882][ T306] page_owner tracks the page as allocated
[ 51.714432][ T306] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 378, tgid 378 (syz-executor184), ts 48931564175, free_ts 48870704958
[ 51.735693][ T306] post_alloc_hook+0x213/0x220
[ 51.740302][ T306] prep_new_page+0x1b/0x110
[ 51.744634][ T306] get_page_from_freelist+0x3a98/0x3b10
[ 51.750015][ T306] __alloc_pages+0x234/0x610
[ 51.754444][ T306] alloc_slab_page+0x6c/0xf0
[ 51.758866][ T306] new_slab+0x90/0x3e0
[ 51.762773][ T306] ___slab_alloc+0x6f9/0xb80
[ 51.767198][ T306] __slab_alloc+0x5d/0xa0
[ 51.771366][ T306] __kmem_cache_alloc_node+0x207/0x2a0
[ 51.776661][ T306] __kmalloc+0xa3/0x1e0
[ 51.780669][ T306] hci_alloc_dev_priv+0x27/0x1c00
[ 51.785513][ T306] hci_uart_tty_ioctl+0x401/0xa70
[ 51.790372][ T306] tty_ioctl+0x903/0xc50
[ 51.794466][ T306] __se_sys_ioctl+0x114/0x190
[ 51.798982][ T306] __x64_sys_ioctl+0x7b/0x90
[ 51.803392][ T306] x64_sys_call+0x98/0x9a0
[ 51.807646][ T306] page last free stack trace:
[ 51.812161][ T306] free_unref_page_prepare+0x9f1/0xa00
[ 51.817460][ T306] free_unref_page+0xb2/0x5c0
[ 51.821974][ T306] __free_pages+0x61/0xf0
[ 51.826135][ T306] __free_slab+0xce/0x1a0
[ 51.830297][ T306] __unfreeze_partials+0x165/0x1a0
[ 51.835247][ T306] put_cpu_partial+0xa9/0x100
[ 51.839756][ T306] __slab_free+0x1c8/0x280
[ 51.844010][ T306] ___cache_free+0xc6/0xd0
[ 51.848264][ T306] qlist_free_all+0xc5/0x140
[ 51.852688][ T306] kasan_quarantine_reduce+0x15a/0x180
[ 51.857983][ T306] __kasan_slab_alloc+0x24/0x80
[ 51.862672][ T306] slab_post_alloc_hook+0x53/0x2c0
[ 51.867616][ T306] kmem_cache_alloc+0x175/0x320
[ 51.872312][ T306] getname_flags+0xba/0x520
[ 51.876647][ T306] __se_sys_newfstatat+0xe2/0x7b0
[ 51.881511][ T306] __x64_sys_newfstatat+0x9b/0xb0
[ 51.886366][ T306]
[ 51.888533][ T306] Memory state around the buggy address:
[ 51.894006][ T306] ffff888112040900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.901906][ T306] ffff888112040980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.909802][ T306] >ffff888112040a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.917697][ T306] ^
[ 51.921603][ T306] ffff888112040a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 51.929507][ T306] ffff888112040b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
executing program
executing program
[ 51.937400][ T306] ==================================================================
[ 51.945299][ T306] Disabling lock debugging due to kernel taint
[ 51.952491][ T10] Bluetooth: hci0: Frame reassembly failed (-84)
[ 51.965222][ T10] Bluetooth: hci3: Frame reassembly failed (-84)
[ 51.967100][ T320] Bluetooth: hci4: Frame reassembly failed (-84)
executing program
[ 52.207466][ T305] Bluetooth: hci1: command 0x1003 tx timeout
[ 52.207460][ T303] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 52.231273][ T320] Bluetooth: hci1: Frame reassembly failed (-84)
executing program
[ 53.007498][ T300] Bluetooth: hci2: command 0x1003 tx timeout
[ 53.007501][ T45] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 53.025693][ T320] Bluetooth: hci2: Frame reassembly failed (-84)
[ 53.087477][ T333] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 53.087520][ C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[ 53.104929][ C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
[ 53.113171][ C0] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 6.1.124-syzkaller-00008-gccc915784332 #0
[ 53.123943][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 53.133915][ C0] RIP: 0010:__queue_work+0x4f1/0xd70
[ 53.139036][ C0] Code: 39 03 0f 84 40 01 00 00 e8 5c 6c 2a 00 4c 89 e7 e8 64 49 d7 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 70 09 72 00 49 8b 3e e8 18 42 d7
[ 53.158478][ C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046
[ 53.164379][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff8701d580
[ 53.172191][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 53.180002][ C0] RBP: ffffc90000007d00 R08: ffffffff814b261b R09: 0000000000000007
[ 53.187811][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881120409c8
[ 53.195622][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881120409e0
[ 53.203437][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 53.212249][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 53.218721][ C0] CR2: 00007fff1e0b3c68 CR3: 0000000122fb7000 CR4: 00000000003506b0
[ 53.226524][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 53.234337][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 53.242145][ C0] Call Trace:
[ 53.245285][ C0]
[ 53.247970][ C0] ? __die_body+0x62/0xb0
[ 53.252124][ C0] ? die_addr+0x9f/0xd0
[ 53.256120][ C0] ? exc_general_protection+0x317/0x4c0
[ 53.261501][ C0] ? cpu_curr_snapshot+0x200/0x200
[ 53.266448][ C0] ? asm_exc_general_protection+0x27/0x30
[ 53.272003][ C0] ? __queue_work+0x28b/0xd70
[ 53.276513][ C0] ? __queue_work+0x4f1/0xd70
[ 53.281029][ C0] ? __queue_work+0x29c/0xd70
[ 53.285549][ C0] delayed_work_timer_fn+0x61/0x80
[ 53.290493][ C0] ? queue_work_node+0x1d0/0x1d0
[ 53.295260][ C0] call_timer_fn+0x3b/0x2d0
[ 53.299609][ C0] ? queue_work_node+0x1d0/0x1d0
[ 53.304381][ C0] __run_timers+0x756/0xa10
[ 53.308725][ C0] ? calc_index+0x270/0x270
[ 53.313053][ C0] ? sched_clock+0x9/0x10
[ 53.317219][ C0] ? sched_clock_cpu+0x71/0x2b0
[ 53.321910][ C0] run_timer_softirq+0x69/0xf0
[ 53.326508][ C0] handle_softirqs+0x1db/0x650
[ 53.331108][ C0] ? irqtime_account_irq+0xdc/0x260
[ 53.336141][ C0] __irq_exit_rcu+0x52/0xf0
[ 53.340480][ C0] irq_exit_rcu+0x9/0x10
[ 53.344557][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0
[ 53.350029][ C0]
[ 53.352802][ C0]
[ 53.355589][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 53.361399][ C0] RIP: 0010:acpi_idle_enter+0x416/0x760
[ 53.366782][ C0] Code: 89 de 48 83 e6 08 31 ff e8 e7 46 53 fc 48 83 e3 08 0f 85 b1 00 00 00 0f 1f 44 00 00 e8 93 42 53 fc 0f 00 2d cc 12 ce 00 fb f4 e9 e3 00 00 00 49 83 c7 04 4c 89 f8 48 c1 e8 03 42 0f b6 04 30
[ 53.386573][ C0] RSP: 0018:ffffffff87007bd0 EFLAGS: 000002d3
[ 53.392469][ C0] RAX: ffffffff8522522d RBX: 0000000000000000 RCX: ffffffff8701d580
[ 53.400278][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 53.408089][ C0] RBP: ffffffff87007c10 R08: ffffffff85225219 R09: fffffbfff0e03ab1
[ 53.415915][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001
[ 53.423714][ C0] R13: ffff888109ea0804 R14: dffffc0000000000 R15: ffff888109b8f864
[ 53.431530][ C0] ? acpi_idle_enter+0x3f9/0x760
[ 53.436819][ C0] ? acpi_idle_enter+0x40d/0x760
[ 53.441597][ C0] ? intel_idle_xstate+0xa0/0xa0
[ 53.446370][ C0] cpuidle_enter_state+0x5eb/0x17f0
[ 53.451404][ C0] ? cpuidle_enter_s2idle+0x600/0x600
[ 53.456607][ C0] ? menu_enable_device+0x380/0x380
[ 53.461641][ C0] ? __sched_text_start+0x8/0x8
[ 53.466328][ C0] cpuidle_enter+0x5f/0xa0
[ 53.470608][ C0] do_idle+0x3d1/0x580
[ 53.474487][ C0] ? idle_inject_timer_fn+0x60/0x60
[ 53.479609][ C0] ? schedule_idle+0x40/0x90
[ 53.484032][ C0] ? do_idle+0x56c/0x580
[ 53.488115][ C0] cpu_startup_entry+0x44/0x60
[ 53.492714][ C0] rest_init+0x10b/0x130
[ 53.496791][ C0] ? time_init+0x38/0x38
[ 53.500871][ C0] arch_call_rest_init+0xe/0xe
[ 53.505473][ C0] start_kernel+0x46c/0x4d8
[ 53.509810][ C0] x86_64_start_reservations+0x2a/0x2c
[ 53.515103][ C0] x86_64_start_kernel+0x7c/0x81
[ 53.519878][ C0] secondary_startup_64_no_verify+0xce/0xdb
[ 53.525610][ C0]
[ 53.528472][ C0] Modules linked in:
[ 53.532208][ C0] ---[ end trace 0000000000000000 ]---
[ 53.537520][ C0] RIP: 0010:__queue_work+0x4f1/0xd70
[ 53.542631][ C0] Code: 39 03 0f 84 40 01 00 00 e8 5c 6c 2a 00 4c 89 e7 e8 64 49 d7 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 70 09 72 00 49 8b 3e e8 18 42 d7
[ 53.562064][ C0] RSP: 0018:ffffc90000007c78 EFLAGS: 00010046
[ 53.567962][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffffffff8701d580
[ 53.575774][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff
[ 53.583590][ C0] RBP: ffffc90000007d00 R08: ffffffff814b261b R09: 0000000000000007
[ 53.591599][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881120409c8
[ 53.599412][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881120409e0
[ 53.607218][ C0] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[ 53.615988][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 53.622413][ C0] CR2: 00007fff1e0b3c68 CR3: 0000000122fb7000 CR4: 00000000003506b0
[ 53.630309][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 53.638115][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 53.645930][ C0] Kernel panic - not syncing: Fatal exception in interrupt
[ 53.653174][ C0] Kernel Offset: disabled
[ 53.657307][ C0] Rebooting in 86400 seconds..