Warning: Permanently added '10.128.1.62' (ED25519) to the list of known hosts.
[ 73.619078][ T5865] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 73.629535][ T5868] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 73.629689][ T5865] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 73.637882][ T5868] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 73.644579][ T5865] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 73.652291][ T5868] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 73.659547][ T5865] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 73.673132][ T5869] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 73.673759][ T5868] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 73.681561][ T5865] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 73.688936][ T5868] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 73.696496][ T5865] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 73.703098][ T5868] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 73.709132][ T5865] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 73.716361][ T5868] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 73.722693][ T5865] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 73.729636][ T5868] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 73.737433][ T5865] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 73.743973][ T5868] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 73.751632][ T5865] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 73.757740][ T5868] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 73.765284][ T5865] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 73.771747][ T5868] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 73.778596][ T5865] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 73.787302][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 73.799246][ T5868] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 73.801956][ T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 73.808148][ T5868] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 73.826152][ T5868] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 73.839062][ T5868] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 74.113619][ T5884] Bluetooth: MGMT ver 1.23
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 74.581347][ T5976]
[ 74.583724][ T5976] ======================================================
[ 74.590772][ T5976] WARNING: possible circular locking dependency detected
[ 74.597809][ T5976] 6.12.0-syzkaller-10724-gaf8edaeddbc5 #0 Not tainted
[ 74.604571][ T5976] ------------------------------------------------------
[ 74.611586][ T5976] syz-executor113/5976 is trying to acquire lock:
[ 74.617996][ T5976] ffff88807e410078 (&hdev->lock){+.+.}-{4:4}, at: mgmt_remove_adv_monitor_complete+0xaf/0x550
[ 74.628337][ T5976]
[ 74.628337][ T5976] but task is already holding lock:
[ 74.635700][ T5976] ffff88807e410690 (&hdev->cmd_sync_work_lock){+.+.}-{4:4}, at: hci_cmd_sync_dequeue+0x44/0x3d0
[ 74.646165][ T5976]
[ 74.646165][ T5976] which lock already depends on the new lock.
[ 74.646165][ T5976]
[ 74.656567][ T5976]
[ 74.656567][ T5976] the existing dependency chain (in reverse order) is:
[ 74.665579][ T5976]
[ 74.665579][ T5976] -> #1 (&hdev->cmd_sync_work_lock){+.+.}-{4:4}:
[ 74.674126][ T5976] lock_acquire+0x1ed/0x550
[ 74.679162][ T5976] __mutex_lock+0x1ac/0xee0
[ 74.684189][ T5976] hci_cmd_sync_queue_once+0x43/0x240
[ 74.690265][ T5976] le_conn_complete_evt+0xae1/0x12e0
[ 74.696071][ T5976] hci_le_conn_complete_evt+0x18c/0x420
[ 74.702156][ T5976] hci_event_packet+0xa55/0x1540
[ 74.707630][ T5976] hci_rx_work+0x3f3/0xdb0
[ 74.712576][ T5976] process_scheduled_works+0xa63/0x1850
[ 74.718654][ T5976] worker_thread+0x870/0xd30
[ 74.723767][ T5976] kthread+0x2f0/0x390
[ 74.728361][ T5976] ret_from_fork+0x4b/0x80
[ 74.733304][ T5976] ret_from_fork_asm+0x1a/0x30
[ 74.738622][ T5976]
[ 74.738622][ T5976] -> #0 (&hdev->lock){+.+.}-{4:4}:
[ 74.745936][ T5976] validate_chain+0x18ef/0x5920
[ 74.751322][ T5976] __lock_acquire+0x1397/0x2100
[ 74.756701][ T5976] lock_acquire+0x1ed/0x550
[ 74.761729][ T5976] __mutex_lock+0x1ac/0xee0
[ 74.766779][ T5976] mgmt_remove_adv_monitor_complete+0xaf/0x550
[ 74.773495][ T5976] hci_cmd_sync_dequeue+0x22b/0x3d0
[ 74.779224][ T5976] cmd_complete_rsp+0x4c/0x180
[ 74.784517][ T5976] mgmt_pending_foreach+0xd1/0x130
[ 74.790182][ T5976] mgmt_index_removed+0x133/0x390
[ 74.795740][ T5976] hci_sock_bind+0xcce/0x1150
[ 74.800943][ T5976] __sys_bind+0x1e4/0x290
[ 74.805805][ T5976] __x64_sys_bind+0x7a/0x90
[ 74.810836][ T5976] do_syscall_64+0xf3/0x230
[ 74.815859][ T5976] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.822280][ T5976]
[ 74.822280][ T5976] other info that might help us debug this:
[ 74.822280][ T5976]
[ 74.832511][ T5976] Possible unsafe locking scenario:
[ 74.832511][ T5976]
[ 74.839958][ T5976] CPU0 CPU1
[ 74.845408][ T5976] ---- ----
[ 74.850771][ T5976] lock(&hdev->cmd_sync_work_lock);
[ 74.856091][ T5976] lock(&hdev->lock);
[ 74.862686][ T5976] lock(&hdev->cmd_sync_work_lock);
[ 74.870597][ T5976] lock(&hdev->lock);
[ 74.874672][ T5976]
[ 74.874672][ T5976] *** DEADLOCK ***
[ 74.874672][ T5976]
[ 74.882814][ T5976] 2 locks held by syz-executor113/5976:
[ 74.888359][ T5976] #0: ffff88807cc4e258 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: hci_sock_bind+0x149/0x1150
[ 74.899532][ T5976] #1: ffff88807e410690 (&hdev->cmd_sync_work_lock){+.+.}-{4:4}, at: hci_cmd_sync_dequeue+0x44/0x3d0
[ 74.910457][ T5976]
[ 74.910457][ T5976] stack backtrace:
[ 74.916368][ T5976] CPU: 1 UID: 0 PID: 5976 Comm: syz-executor113 Not tainted 6.12.0-syzkaller-10724-gaf8edaeddbc5 #0
[ 74.927132][ T5976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 74.937205][ T5976] Call Trace:
[ 74.940490][ T5976]
[ 74.943426][ T5976] dump_stack_lvl+0x241/0x360
[ 74.948141][ T5976] ? __pfx_dump_stack_lvl+0x10/0x10
[ 74.953358][ T5976] ? __pfx__printk+0x10/0x10
[ 74.957969][ T5976] print_circular_bug+0x13a/0x1b0
[ 74.963115][ T5976] check_noncircular+0x36a/0x4a0
[ 74.968067][ T5976] ? __pfx_check_noncircular+0x10/0x10
[ 74.973534][ T5976] ? lockdep_lock+0x123/0x2b0
[ 74.978212][ T5976] ? __pfx_stack_trace_save+0x10/0x10
[ 74.983594][ T5976] ? check_noncircular+0x259/0x4a0
[ 74.988718][ T5976] validate_chain+0x18ef/0x5920
[ 74.993577][ T5976] ? queued_spin_lock_slowpath+0x42/0x50
[ 74.999249][ T5976] ? validate_chain+0x15c0/0x5920
[ 75.004286][ T5976] ? __pfx_validate_chain+0x10/0x10
[ 75.009506][ T5976] ? __pfx_validate_chain+0x10/0x10
[ 75.014721][ T5976] ? register_lock_class+0x102/0x980
[ 75.020012][ T5976] ? mark_lock+0x9a/0x360
[ 75.024376][ T5976] ? __pfx_register_lock_class+0x10/0x10
[ 75.030134][ T5976] ? mark_lock+0x9a/0x360
[ 75.034491][ T5976] __lock_acquire+0x1397/0x2100
[ 75.039363][ T5976] lock_acquire+0x1ed/0x550
[ 75.043878][ T5976] ? mgmt_remove_adv_monitor_complete+0xaf/0x550
[ 75.050238][ T5976] ? __pfx_lock_acquire+0x10/0x10
[ 75.055273][ T5976] ? __pfx___might_resched+0x10/0x10
[ 75.060582][ T5976] __mutex_lock+0x1ac/0xee0
[ 75.065095][ T5976] ? mgmt_remove_adv_monitor_complete+0xaf/0x550
[ 75.071457][ T5976] ? __pfx___might_resched+0x10/0x10
[ 75.076790][ T5976] ? __pfx___mutex_trylock_common+0x10/0x10
[ 75.082711][ T5976] ? __page_table_check_ptes_set+0x30f/0x410
[ 75.088722][ T5976] ? mgmt_remove_adv_monitor_complete+0xaf/0x550
[ 75.095084][ T5976] ? __pfx___mutex_lock+0x10/0x10
[ 75.100124][ T5976] ? trace_contention_end+0x3c/0x120
[ 75.105424][ T5976] ? __mutex_lock+0x37f/0xee0
[ 75.110127][ T5976] ? __lock_acquire+0x1397/0x2100
[ 75.115186][ T5976] ? __pfx_validate_chain+0x10/0x10
[ 75.120404][ T5976] ? cgroup_rstat_updated+0x13b/0xc60
[ 75.125794][ T5976] ? hci_cmd_sync_dequeue+0x44/0x3d0
[ 75.131093][ T5976] mgmt_remove_adv_monitor_complete+0xaf/0x550
[ 75.137269][ T5976] ? __pfx_mgmt_remove_adv_monitor_complete+0x10/0x10
[ 75.144049][ T5976] ? __pfx_mgmt_remove_adv_monitor_complete+0x10/0x10
[ 75.150826][ T5976] hci_cmd_sync_dequeue+0x22b/0x3d0
[ 75.156054][ T5976] cmd_complete_rsp+0x4c/0x180
[ 75.160829][ T5976] mgmt_pending_foreach+0xd1/0x130
[ 75.165946][ T5976] ? __pfx_cmd_complete_rsp+0x10/0x10
[ 75.171328][ T5976] mgmt_index_removed+0x133/0x390
[ 75.176362][ T5976] ? __pfx_mgmt_index_removed+0x10/0x10
[ 75.181914][ T5976] ? apparmor_capable+0x13b/0x1b0
[ 75.186977][ T5976] ? _raw_read_unlock+0x28/0x50
[ 75.191837][ T5976] hci_sock_bind+0xcce/0x1150
[ 75.196524][ T5976] ? __pfx_hci_sock_bind+0x10/0x10
[ 75.201645][ T5976] __sys_bind+0x1e4/0x290
[ 75.205986][ T5976] ? __pfx___sys_bind+0x10/0x10
[ 75.210854][ T5976] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 75.217189][ T5976] ? exc_page_fault+0x590/0x8c0
[ 75.222064][ T5976] __x64_sys_bind+0x7a/0x90
[ 75.226599][ T5976] do_syscall_64+0xf3/0x230
[ 75.231111][ T5976] ? clear_bhb_loop+0x35/0x90
[ 75.235801][ T5976] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.241715][ T5976] RIP: 0033:0x7fd2aec88919
[ 75.246146][ T5976] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 75.265842][ T5976] RSP: 002b:00007ffd1e4986f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[ 75.274281][ T5976] RAX: ffffffffffffffda RBX: 000000000001230b RCX: 00007fd2aec88919
executing program
executing program
[ 75.282270][ T5976] RDX: 0000000000000006 RSI: 0000000020000040 RDI: 0000000000000004
[ 75.290242][ T5976] RBP: 0000000000000000 R08: 00007fd2aec42990 R09: 00007fd2aec42990
[ 75.298302][ T5976] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd1e49871c
[ 75.306274][ T5976] R13: 00007ffd1e498750 R14: 00007ffd1e498730 R15: 0000000000000016
[ 75.314256][ T5976]
[ 75.319663][ T5976] ==================================================================
executing program
executing program
executing program
executing program
executing program
[ 75.327765][ T5976] BUG: KASAN: slab-use-after-free in cmd_complete_rsp+0x67/0x180
[ 75.335524][ T5976] Read of size 8 at addr ffff88814179c1c0 by task syz-executor113/5976
[ 75.343796][ T5976]
[ 75.346147][ T5976] CPU: 0 UID: 0 PID: 5976 Comm: syz-executor113 Not tainted 6.12.0-syzkaller-10724-gaf8edaeddbc5 #0
[ 75.356951][ T5976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 75.367036][ T5976] Call Trace:
[ 75.370343][ T5976]
[ 75.373301][ T5976] dump_stack_lvl+0x241/0x360
[ 75.378014][ T5976] ? __pfx_dump_stack_lvl+0x10/0x10
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 75.383254][ T5976] ? __pfx__printk+0x10/0x10
[ 75.387892][ T5976] ? _printk+0xd5/0x120
[ 75.392096][ T5976] ? __virt_addr_valid+0x183/0x530
[ 75.397244][ T5976] ? __virt_addr_valid+0x183/0x530
[ 75.402394][ T5976] print_report+0x169/0x550
[ 75.406938][ T5976] ? __virt_addr_valid+0x183/0x530
[ 75.412087][ T5976] ? __virt_addr_valid+0x183/0x530
[ 75.417238][ T5976] ? __virt_addr_valid+0x45f/0x530
[ 75.422392][ T5976] ? __phys_addr+0xba/0x170
[ 75.426947][ T5976] ? cmd_complete_rsp+0x67/0x180
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 75.431923][ T5976] kasan_report+0x143/0x180
[ 75.436470][ T5976] ? cmd_complete_rsp+0x67/0x180
[ 75.441458][ T5976] cmd_complete_rsp+0x67/0x180
[ 75.446258][ T5976] mgmt_pending_foreach+0xd1/0x130
[ 75.451410][ T5976] ? __pfx_cmd_complete_rsp+0x10/0x10
[ 75.456821][ T5976] mgmt_index_removed+0x133/0x390
[ 75.461974][ T5976] ? __pfx_mgmt_index_removed+0x10/0x10
[ 75.467554][ T5976] ? apparmor_capable+0x13b/0x1b0
[ 75.472621][ T5976] ? _raw_read_unlock+0x28/0x50
[ 75.477503][ T5976] hci_sock_bind+0xcce/0x1150
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 75.482228][ T5976] ? __pfx_hci_sock_bind+0x10/0x10
[ 75.487379][ T5976] __sys_bind+0x1e4/0x290
[ 75.491754][ T5976] ? __pfx___sys_bind+0x10/0x10
[ 75.496652][ T5976] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 75.503018][ T5976] ? exc_page_fault+0x590/0x8c0
[ 75.507918][ T5976] __x64_sys_bind+0x7a/0x90
[ 75.512465][ T5976] do_syscall_64+0xf3/0x230
[ 75.517005][ T5976] ? clear_bhb_loop+0x35/0x90
[ 75.521809][ T5976] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.527741][ T5976] RIP: 0033:0x7fd2aec88919
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 75.532194][ T5976] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 75.551834][ T5976] RSP: 002b:00007ffd1e4986f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[ 75.560287][ T5976] RAX: ffffffffffffffda RBX: 000000000001230b RCX: 00007fd2aec88919
[ 75.568306][ T5976] RDX: 0000000000000006 RSI: 0000000020000040 RDI: 0000000000000004
[ 75.576316][ T5976] RBP: 0000000000000000 R08: 00007fd2aec42990 R09: 00007fd2aec42990
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 75.584360][ T5976] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd1e49871c
[ 75.592363][ T5976] R13: 00007ffd1e498750 R14: 00007ffd1e498730 R15: 0000000000000016
[ 75.600378][ T5976]
[ 75.603421][ T5976]
[ 75.605768][ T5976] Allocated by task 5975:
[ 75.610119][ T5976] kasan_save_track+0x3f/0x80
[ 75.614837][ T5976] __kasan_kmalloc+0x98/0xb0
[ 75.619467][ T5976] __kmalloc_cache_noprof+0x243/0x390
[ 75.624882][ T5976] mgmt_pending_new+0x65/0x250
[ 75.629677][ T5976] mgmt_pending_add+0x36/0x120
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 75.634473][ T5976] remove_adv_monitor+0x102/0x1b0
[ 75.639533][ T5976] hci_mgmt_cmd+0xc47/0x11d0
[ 75.644163][ T5976] hci_sock_sendmsg+0x7b8/0x11c0
[ 75.649134][ T5976] __sock_sendmsg+0x221/0x270
[ 75.653862][ T5976] sock_write_iter+0x2d7/0x3f0
[ 75.658672][ T5976] vfs_write+0xaeb/0xd30
[ 75.662951][ T5976] ksys_write+0x18f/0x2b0
[ 75.667317][ T5976] do_syscall_64+0xf3/0x230
[ 75.671897][ T5976] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.677830][ T5976]
[ 75.680181][ T5976] Freed by task 5976:
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 75.684184][ T5976] kasan_save_track+0x3f/0x80
[ 75.688894][ T5976] kasan_save_free_info+0x40/0x50
[ 75.693961][ T5976] __kasan_slab_free+0x59/0x70
[ 75.698769][ T5976] kfree+0x196/0x420
[ 75.702707][ T5976] mgmt_remove_adv_monitor_complete+0x2bf/0x550
[ 75.708994][ T5976] hci_cmd_sync_dequeue+0x22b/0x3d0
[ 75.714235][ T5976] cmd_complete_rsp+0x4c/0x180
[ 75.719558][ T5976] mgmt_pending_foreach+0xd1/0x130
[ 75.724708][ T5976] mgmt_index_removed+0x133/0x390
[ 75.729776][ T5976] hci_sock_bind+0xcce/0x1150
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 75.734491][ T5976] __sys_bind+0x1e4/0x290
[ 75.738867][ T5976] __x64_sys_bind+0x7a/0x90
[ 75.743433][ T5976] do_syscall_64+0xf3/0x230
[ 75.747971][ T5976] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.753906][ T5976]
[ 75.756255][ T5976] The buggy address belongs to the object at ffff88814179c180
[ 75.756255][ T5976] which belongs to the cache kmalloc-96 of size 96
[ 75.770166][ T5976] The buggy address is located 64 bytes inside of
[ 75.770166][ T5976] freed 96-byte region [ffff88814179c180, ffff88814179c1e0)
[ 75.783912][ T5976]
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 75.786260][ T5976] The buggy address belongs to the physical page:
[ 75.792705][ T5976] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14179c
[ 75.801589][ T5976] anon flags: 0x57ff00000000000(node=1|zone=2|lastcpupid=0x7ff)
[ 75.809263][ T5976] page_type: f5(slab)
[ 75.813283][ T5976] raw: 057ff00000000000 ffff88801ac41280 ffffea000506db00 dead000000000005
[ 75.821906][ T5976] raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000
[ 75.830554][ T5976] page dumped because: kasan: bad access detected
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 75.837007][ T5976] page_owner tracks the page as allocated
[ 75.842754][ T5976] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 1, tgid 1 (swapper/0), ts 9565106932, free_ts 0
[ 75.860600][ T5976] post_alloc_hook+0x1f3/0x230
[ 75.865418][ T5976] get_page_from_freelist+0x3649/0x3790
[ 75.871014][ T5976] __alloc_pages_noprof+0x292/0x710
[ 75.876253][ T5976] alloc_slab_page+0x59/0x140
[ 75.880974][ T5976] allocate_slab+0x5a/0x2f0
executing program
executing program
[ 75.885514][ T5976] ___slab_alloc+0xcd1/0x14b0
[ 75.890234][ T5976] __slab_alloc+0x58/0xa0
[ 75.894606][ T5976] __kmalloc_cache_node_noprof+0x294/0x3a0
[ 75.900451][ T5976] __alloc_workqueue+0x709/0x1f20
[ 75.904108][ T5868] Bluetooth: hci1: command tx timeout
[ 75.905488][ T5976] alloc_workqueue+0xd6/0x210
[ 75.911025][ T5163] Bluetooth: hci3: command tx timeout
[ 75.915620][ T5976] bond_init+0xd5/0x7b0
[ 75.921160][ T5868] Bluetooth: hci4: command tx timeout
[ 75.925130][ T5976] register_netdevice+0x6d7/0x1b00
executing program
executing program
executing program
executing program
executing program
executing program
[ 75.935656][ T5976] bond_create+0xa5/0x110
[ 75.940023][ T5976] bonding_init+0xa6/0x110
[ 75.944472][ T5976] do_one_initcall+0x248/0x880
[ 75.949285][ T5976] do_initcall_level+0x157/0x210
[ 75.954252][ T5976] page_owner free stack trace missing
[ 75.959639][ T5976]
[ 75.961987][ T5976] Memory state around the buggy address:
[ 75.967642][ T5976] ffff88814179c080: 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc
[ 75.975734][ T5976] ffff88814179c100: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
executing program
executing program
executing program
executing program
executing program
executing program
[ 75.983829][ T5976] >ffff88814179c180: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 75.991920][ T5976] ^
[ 75.998105][ T5976] ffff88814179c200: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 76.006199][ T5976] ffff88814179c280: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 76.014292][ T5976] ==================================================================
[ 76.022684][ T5863] Bluetooth: hci2: command tx timeout
[ 76.028755][ T5976] Kernel panic - not syncing: KASAN: panic_on_warn set ...
executing program
executing program
executing program
executing program
executing program
executing program
executing program
executing program
[ 76.036005][ T5976] CPU: 1 UID: 0 PID: 5976 Comm: syz-executor113 Not tainted 6.12.0-syzkaller-10724-gaf8edaeddbc5 #0
[ 76.046808][ T5976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[ 76.056884][ T5976] Call Trace:
[ 76.060384][ T5976]
[ 76.063353][ T5976] dump_stack_lvl+0x241/0x360
[ 76.068161][ T5976] ? __pfx_dump_stack_lvl+0x10/0x10
[ 76.073399][ T5976] ? __pfx__printk+0x10/0x10
[ 76.078038][ T5976] ? rcu_is_watching+0x15/0xb0
[ 76.082843][ T5976] ? vscnprintf+0x5d/0x90
executing program
executing program
executing program
[ 76.087210][ T5976] panic+0x349/0x880
[ 76.091156][ T5976] ? check_panic_on_warn+0x21/0xb0
[ 76.096301][ T5976] ? __pfx_panic+0x10/0x10
[ 76.100772][ T5976] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 76.106803][ T5976] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 76.113191][ T5976] check_panic_on_warn+0x86/0xb0
[ 76.118169][ T5976] ? cmd_complete_rsp+0x67/0x180
[ 76.123145][ T5976] end_report+0x77/0x160
[ 76.127426][ T5976] kasan_report+0x154/0x180
[ 76.131965][ T5976] ? cmd_complete_rsp+0x67/0x180
[ 76.136945][ T5976] cmd_complete_rsp+0x67/0x180
[ 76.141747][ T5976] mgmt_pending_foreach+0xd1/0x130
[ 76.146893][ T5976] ? __pfx_cmd_complete_rsp+0x10/0x10
[ 76.152301][ T5976] mgmt_index_removed+0x133/0x390
[ 76.157372][ T5976] ? __pfx_mgmt_index_removed+0x10/0x10
[ 76.162953][ T5976] ? apparmor_capable+0x13b/0x1b0
[ 76.168022][ T5976] ? _raw_read_unlock+0x28/0x50
[ 76.172910][ T5976] hci_sock_bind+0xcce/0x1150
[ 76.177624][ T5976] ? __pfx_hci_sock_bind+0x10/0x10
[ 76.182772][ T5976] __sys_bind+0x1e4/0x290
[ 76.187148][ T5976] ? __pfx___sys_bind+0x10/0x10
[ 76.192043][ T5976] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 76.198410][ T5976] ? exc_page_fault+0x590/0x8c0
[ 76.203305][ T5976] __x64_sys_bind+0x7a/0x90
[ 76.207860][ T5976] do_syscall_64+0xf3/0x230
[ 76.212399][ T5976] ? clear_bhb_loop+0x35/0x90
[ 76.217117][ T5976] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 76.223060][ T5976] RIP: 0033:0x7fd2aec88919
[ 76.227505][ T5976] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 41 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 76.247146][ T5976] RSP: 002b:00007ffd1e4986f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[ 76.255604][ T5976] RAX: ffffffffffffffda RBX: 000000000001230b RCX: 00007fd2aec88919
[ 76.263616][ T5976] RDX: 0000000000000006 RSI: 0000000020000040 RDI: 0000000000000004
[ 76.271631][ T5976] RBP: 0000000000000000 R08: 00007fd2aec42990 R09: 00007fd2aec42990
[ 76.279640][ T5976] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd1e49871c
[ 76.287651][ T5976] R13: 00007ffd1e498750 R14: 00007ffd1e498730 R15: 0000000000000016
[ 76.295669][ T5976]
[ 76.299000][ T5976] Kernel Offset: disabled
[ 76.303341][ T5976] Rebooting in 86400 seconds..