Warning: Permanently added '10.128.1.83' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 882.734415][ T8451] Bluetooth: hci1: sending frame failed (-49) [ 882.748095][ T8466] Bluetooth: hci0: sending frame failed (-49) [ 882.760742][ T8472] Bluetooth: hci2: sending frame failed (-49) executing program [ 882.808633][ T8474] Bluetooth: hci4: sending frame failed (-49) [ 882.831517][ T8474] Bluetooth: hci3: sending frame failed (-49) [ 882.869831][ T8474] Bluetooth: hci5: sending frame failed (-49) executing program [ 884.741479][ T2034] Bluetooth: hci1: Entering manufacturer mode failed (-110) executing program executing program executing program [ 884.811485][ T8472] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 884.812252][ T8466] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 884.818849][ T8467] Bluetooth: hci2: command 0xfc11 tx timeout [ 884.827520][ T8451] Bluetooth: hci0: Entering manufacturer mode failed (-110) [ 884.854097][ T8501] Bluetooth: hci0: Frame reassembly failed (-84) executing program [ 884.874617][ T9] Bluetooth: hci4: Frame reassembly failed (-84) [ 884.882100][ T9] Bluetooth: hci4: Frame reassembly failed (-84) [ 884.891461][ T4888] Bluetooth: hci5: command 0xfc11 tx timeout [ 884.901539][ T8483] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 884.908098][ T4888] Bluetooth: hci3: command 0xfc11 tx timeout [ 884.908926][ T8490] Bluetooth: hci5: Entering manufacturer mode failed (-110) executing program [ 884.950306][ T9] Bluetooth: hci3: Frame reassembly failed (-84) [ 884.980494][ T120] Bluetooth: hci5: Frame reassembly failed (-84) executing program [ 886.811436][ T8535] Bluetooth: hci1: command 0xfc11 tx timeout [ 886.812019][ T2034] Bluetooth: hci1: Entering manufacturer mode failed (-110) [ 886.832252][ T8501] Bluetooth: hci1: Frame reassembly failed (-84) executing program executing program executing program [ 886.891451][ T8472] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 886.891463][ T8534] Bluetooth: hci4: command 0xfc11 tx timeout [ 886.891493][ T8534] Bluetooth: hci0: command 0xfc11 tx timeout [ 886.898802][ T8522] Bluetooth: hci2: command 0xfc11 tx timeout [ 886.904815][ T8451] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 886.910890][ T8466] Bluetooth: hci0: Entering manufacturer mode failed (-110) executing program [ 886.948410][ T8538] Bluetooth: hci0: Frame reassembly failed (-84) [ 886.954996][ T8451] Bluetooth: hci4: sending frame failed (-49) [ 886.971545][ T8463] Bluetooth: hci3: command 0xfc11 tx timeout [ 886.977559][ T8490] Bluetooth: hci3: Entering manufacturer mode failed (-110) executing program [ 887.016321][ T120] Bluetooth: hci3: Frame reassembly failed (-84) [ 887.051532][ T8483] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 887.076692][ T8538] Bluetooth: hci5: Frame reassembly failed (-84) executing program [ 888.891428][ T2034] Bluetooth: hci1: Entering manufacturer mode failed (-110) [ 888.891443][ T7] Bluetooth: hci1: command 0xfc11 tx timeout [ 888.920992][ T120] Bluetooth: hci1: Frame reassembly failed (-84) executing program executing program executing program [ 888.971608][ T8472] Bluetooth: hci0: Entering manufacturer mode failed (-110) [ 888.971619][ T8494] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 888.972212][ T8] Bluetooth: hci4: command tx timeout [ 888.981465][ T8466] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 888.990109][ T8] Bluetooth: hci2: command 0xfc11 tx timeout executing program [ 889.026170][ T8538] Bluetooth: hci2: Frame reassembly failed (-84) [ 889.051410][ T8490] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 889.052109][ T8] Bluetooth: hci3: command 0xfc11 tx timeout executing program [ 889.111123][ T8451] Bluetooth: hci3: sending frame failed (-49) [ 889.131513][ T8] Bluetooth: hci5: command 0xfc11 tx timeout [ 889.131544][ T8483] Bluetooth: hci5: Entering manufacturer mode failed (-110) executing program [ 890.971449][ T2034] Bluetooth: hci1: Entering manufacturer mode failed (-110) [ 890.971483][ T7] Bluetooth: hci1: command 0xfc11 tx timeout executing program executing program [ 891.051450][ T8466] Bluetooth: hci0: Entering manufacturer mode failed (-110) [ 891.061483][ T8472] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 891.087239][ T120] Bluetooth: hci2: Frame reassembly failed (-84) executing program executing program [ 891.131474][ T8490] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 891.131546][ T7] Bluetooth: hci3: command 0xfc11 tx timeout [ 891.138902][ T8494] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 891.166704][ T8538] Bluetooth: hci3: Frame reassembly failed (-84) [ 891.179000][ T8501] Bluetooth: hci4: Frame reassembly failed (-84) executing program [ 891.211447][ T8483] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 891.218822][ T8] Bluetooth: hci5: command tx timeout [ 891.232629][ T120] Bluetooth: hci5: Frame reassembly failed (-84) executing program [ 893.051481][ T2034] Bluetooth: hci1: Entering manufacturer mode failed (-110) [ 893.059002][ T7] Bluetooth: hci1: command tx timeout [ 893.074365][ T120] Bluetooth: hci1: Frame reassembly failed (-84) executing program executing program [ 893.131511][ T8466] Bluetooth: hci0: Entering manufacturer mode failed (-110) [ 893.141937][ T8472] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 893.159492][ T8538] Bluetooth: hci0: Frame reassembly failed (-84) [ 893.170595][ T120] Bluetooth: hci2: Frame reassembly failed (-84) executing program executing program [ 893.211550][ T8490] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 893.212070][ T8] Bluetooth: hci4: command 0xfc11 tx timeout [ 893.219034][ T8463] Bluetooth: hci3: command 0xfc11 tx timeout [ 893.227774][ T8494] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 893.250786][ T120] Bluetooth: hci3: Frame reassembly failed (-84) executing program [ 893.265752][ T8538] Bluetooth: hci4: Frame reassembly failed (-84) [ 893.291524][ T8483] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 893.317317][ T120] Bluetooth: hci5: Frame reassembly failed (-84) executing program [ 895.131450][ T7] Bluetooth: hci1: command 0xfc11 tx timeout [ 895.132302][ T2034] Bluetooth: hci1: Entering manufacturer mode failed (-110) [ 895.155705][ T8538] Bluetooth: hci1: Frame reassembly failed (-84) executing program executing program [ 895.211433][ T8472] Bluetooth: hci0: Entering manufacturer mode failed (-110) [ 895.211534][ T8466] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 895.226758][ T120] Bluetooth: hci0: Frame reassembly failed (-84) [ 895.233113][ T8522] Bluetooth: hci2: command 0xfc11 tx timeout [ 895.254410][ T8538] Bluetooth: hci2: Frame reassembly failed (-84) executing program executing program [ 895.291423][ T8494] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 895.291438][ T8522] Bluetooth: hci4: command 0xfc11 tx timeout [ 895.291469][ T8522] Bluetooth: hci3: command 0xfc11 tx timeout [ 895.307188][ T8490] Bluetooth: hci4: Entering manufacturer mode failed (-110) executing program [ 895.337454][ T8538] Bluetooth: hci3: Frame reassembly failed (-84) [ 895.343976][ T8494] Bluetooth: hci4: sending frame failed (-49) [ 895.371618][ T8522] Bluetooth: hci5: command 0xfc11 tx timeout [ 895.377714][ T8483] Bluetooth: hci5: Entering manufacturer mode failed (-110) executing program [ 897.211440][ T7] Bluetooth: hci1: command 0xfc11 tx timeout [ 897.211451][ T2034] Bluetooth: hci1: Entering manufacturer mode failed (-110) [ 897.237239][ T8538] Bluetooth: hci1: Frame reassembly failed (-84) executing program executing program [ 897.291412][ T8466] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 897.301437][ T8] Bluetooth: hci0: command 0xfc11 tx timeout [ 897.307808][ T8472] Bluetooth: hci0: Entering manufacturer mode failed (-110) [ 897.318383][ T120] Bluetooth: hci2: Frame reassembly failed (-84) [ 897.333113][ T120] Bluetooth: hci0: Frame reassembly failed (-84) executing program executing program [ 897.371541][ T8522] Bluetooth: hci3: command 0xfc11 tx timeout [ 897.371580][ T8451] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 897.385492][ T8] Bluetooth: hci4: command 0xfc11 tx timeout [ 897.387103][ T8490] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 897.408631][ T120] Bluetooth: hci3: Frame reassembly failed (-84) executing program [ 897.422677][ T8501] Bluetooth: hci4: Frame reassembly failed (-84) [ 897.451523][ T8483] Bluetooth: hci5: Entering manufacturer mode failed (-110) executing program [ 899.291429][ T2034] Bluetooth: hci1: Entering manufacturer mode failed (-110) [ 899.291450][ T7] Bluetooth: hci1: command 0xfc11 tx timeout [ 899.318926][ T120] Bluetooth: hci1: Frame reassembly failed (-84) executing program executing program [ 899.371464][ T8472] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 899.371464][ T8466] Bluetooth: hci0: Entering manufacturer mode failed (-110) [ 899.386888][ T20] Bluetooth: hci0: command 0xfc11 tx timeout [ 899.405962][ T8538] Bluetooth: hci0: Frame reassembly failed (-84) executing program executing program [ 899.451471][ T8] Bluetooth: hci4: command 0xfc11 tx timeout [ 899.451525][ T8490] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 899.457517][ T8451] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 899.485906][ T120] Bluetooth: hci3: Frame reassembly failed (-84) executing program [ 899.531425][ T8483] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 899.547489][ T8501] Bluetooth: hci5: Frame reassembly failed (-84) executing program [ 901.371437][ T7] Bluetooth: hci1: command 0xfc11 tx timeout [ 901.381445][ T2034] Bluetooth: hci1: Entering manufacturer mode failed (-110) [ 901.401471][ T8501] Bluetooth: hci1: Frame reassembly failed (-84) [ 901.409101][ T8501] Bluetooth: hci1: Frame reassembly failed (-84) executing program executing program [ 901.451451][ T7] Bluetooth: hci0: command 0xfc11 tx timeout [ 901.457504][ T8472] Bluetooth: hci0: Entering manufacturer mode failed (-110) [ 901.464839][ T8466] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 901.499619][ T8501] Bluetooth: hci0: Frame reassembly failed (-84) [ 901.526014][ T8538] Bluetooth: hci2: Frame reassembly failed (-84) [ 901.531409][ T7] Bluetooth: hci4: command 0xfc11 tx timeout [ 901.532759][ T8490] Bluetooth: hci4: Entering manufacturer mode failed (-110) executing program executing program [ 901.545835][ T8451] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 901.553148][ T20] Bluetooth: hci3: command 0xfc11 tx timeout [ 901.611527][ T8483] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 901.611527][ T8] Bluetooth: hci5: command 0xfc11 tx timeout [ 901.627579][ T8501] Bluetooth: hci3: Frame reassembly failed (-84) executing program [ 901.680263][ T8538] Bluetooth: hci5: Frame reassembly failed (-84) executing program [ 903.451423][ T2034] Bluetooth: hci1: Entering manufacturer mode failed (-110) [ 903.451448][ T8534] Bluetooth: hci1: command 0xfc11 tx timeout executing program executing program [ 903.531473][ T8466] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 903.531991][ T8472] Bluetooth: hci0: Entering manufacturer mode failed (-110) [ 903.539931][ T8534] Bluetooth: hci0: command 0xfc11 tx timeout [ 903.569128][ T8501] Bluetooth: hci0: Frame reassembly failed (-84) executing program [ 903.691497][ T8451] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 903.698827][ T8] ================================================================== [ 903.698860][ T8490] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 903.706885][ T8] BUG: KASAN: use-after-free in hci_cmd_timeout+0x1f1/0x210 [ 903.714231][ T8483] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 903.721452][ T8] Read of size 8 at addr ffff888036d92850 by task kworker/0:2/8 [ 903.721469][ T8] [ 903.721476][ T8] CPU: 0 PID: 8 Comm: kworker/0:2 Tainted: G W 5.13.0-syzkaller #0 [ 903.721494][ T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 903.721507][ T8] Workqueue: events hci_cmd_timeout [ 903.729969][ T8522] Bluetooth: hci3: command tx timeout [ 903.736373][ T8] [ 903.736380][ T8] Call Trace: [ 903.736388][ T8] dump_stack_lvl+0xcd/0x134 [ 903.778702][ T8] print_address_description.constprop.0.cold+0x6c/0x309 [ 903.785758][ T8] ? hci_cmd_timeout+0x1f1/0x210 [ 903.790684][ T8] ? hci_cmd_timeout+0x1f1/0x210 [ 903.795603][ T8] kasan_report.cold+0x83/0xdf [ 903.800352][ T8] ? hci_cmd_timeout+0x1f1/0x210 [ 903.805273][ T8] hci_cmd_timeout+0x1f1/0x210 [ 903.810111][ T8] process_one_work+0x98d/0x1630 [ 903.815085][ T8] ? pwq_dec_nr_in_flight+0x320/0x320 [ 903.820444][ T8] ? rwlock_bug.part.0+0x90/0x90 [ 903.825401][ T8] worker_thread+0x658/0x11f0 [ 903.830237][ T8] ? process_one_work+0x1630/0x1630 [ 903.835421][ T8] kthread+0x3e5/0x4d0 [ 903.839508][ T8] ? set_kthread_struct+0x130/0x130 [ 903.844693][ T8] ret_from_fork+0x1f/0x30 [ 903.849110][ T8] [ 903.851419][ T8] Allocated by task 8494: [ 903.855740][ T8] kasan_save_stack+0x1b/0x40 [ 903.860407][ T8] __kasan_slab_alloc+0x84/0xa0 [ 903.865243][ T8] kmem_cache_alloc+0x29b/0x4a0 [ 903.870076][ T8] skb_clone+0x170/0x3c0 [ 903.874363][ T8] hci_cmd_work+0x18c/0x390 [ 903.878851][ T8] process_one_work+0x98d/0x1630 [ 903.883773][ T8] worker_thread+0x658/0x11f0 [ 903.888434][ T8] kthread+0x3e5/0x4d0 [ 903.892484][ T8] ret_from_fork+0x1f/0x30 [ 903.896884][ T8] [ 903.899186][ T8] Freed by task 8451: [ 903.903229][ T8] kasan_save_stack+0x1b/0x40 [ 903.907911][ T8] kasan_set_track+0x1c/0x30 [ 903.912485][ T8] kasan_set_free_info+0x20/0x30 [ 903.917404][ T8] __kasan_slab_free+0xfb/0x130 [ 903.922240][ T8] slab_free_freelist_hook+0xdf/0x240 [ 903.927594][ T8] kmem_cache_free+0x8e/0x5a0 [ 903.932254][ T8] kfree_skbmem+0xef/0x1b0 [ 903.936654][ T8] kfree_skb+0x140/0x3f0 [ 903.940879][ T8] hci_dev_do_open+0xa50/0x1a00 [ 903.945713][ T8] hci_power_on+0x133/0x650 [ 903.950209][ T8] process_one_work+0x98d/0x1630 [ 903.955135][ T8] worker_thread+0x658/0x11f0 [ 903.959797][ T8] kthread+0x3e5/0x4d0 [ 903.963849][ T8] ret_from_fork+0x1f/0x30 [ 903.968272][ T8] [ 903.970582][ T8] The buggy address belongs to the object at ffff888036d92780 [ 903.970582][ T8] which belongs to the cache skbuff_head_cache of size 232 [ 903.985241][ T8] The buggy address is located 208 bytes inside of [ 903.985241][ T8] 232-byte region [ffff888036d92780, ffff888036d92868) [ 903.998508][ T8] The buggy address belongs to the page: [ 904.004117][ T8] page:ffffea0000db6480 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36d92 [ 904.014246][ T8] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 904.021874][ T8] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff8881441f7000 [ 904.030442][ T8] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000 [ 904.039002][ T8] page dumped because: kasan: bad access detected [ 904.045389][ T8] page_owner tracks the page as allocated [ 904.051079][ T8] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 4869, ts 901671643713, free_ts 901657618048 [ 904.067292][ T8] get_page_from_freelist+0xa72/0x2f80 [ 904.072819][ T8] __alloc_pages+0x1b2/0x500 [ 904.077398][ T8] alloc_pages+0x18c/0x2a0 [ 904.081840][ T8] allocate_slab+0x32b/0x4c0 [ 904.086414][ T8] ___slab_alloc+0x4ba/0x820 [ 904.090986][ T8] __slab_alloc.constprop.0+0xa7/0xf0 [ 904.096343][ T8] kmem_cache_alloc_node+0x12c/0x3e0 [ 904.101624][ T8] __alloc_skb+0x20b/0x340 [ 904.106024][ T8] netlink_sendmsg+0x954/0xda0 [ 904.110836][ T8] sock_sendmsg+0xcf/0x120 [ 904.115234][ T8] ____sys_sendmsg+0x6e8/0x810 [ 904.120075][ T8] ___sys_sendmsg+0xf3/0x170 [ 904.124647][ T8] __sys_sendmsg+0xe5/0x1b0 [ 904.129132][ T8] do_syscall_64+0x35/0xb0 [ 904.133543][ T8] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 904.139465][ T8] page last free stack trace: [ 904.144113][ T8] free_pcp_prepare+0x2c5/0x780 [ 904.148950][ T8] free_unref_page+0x19/0x690 [ 904.153612][ T8] qlist_free_all+0x5a/0xc0 [ 904.158161][ T8] kasan_quarantine_reduce+0x180/0x200 [ 904.163621][ T8] __kasan_slab_alloc+0x8e/0xa0 [ 904.168455][ T8] __kmalloc+0x1f4/0x330 [ 904.172679][ T8] tomoyo_realpath_from_path+0xc3/0x620 [ 904.178264][ T8] tomoyo_path_number_perm+0x1d5/0x590 [ 904.183743][ T8] security_path_chmod+0xe0/0x150 [ 904.188766][ T8] chmod_common+0x156/0x440 [ 904.193325][ T8] __x64_sys_fchmod+0x10e/0x190 [ 904.198159][ T8] do_syscall_64+0x35/0xb0 [ 904.202579][ T8] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 904.208464][ T8] [ 904.210767][ T8] Memory state around the buggy address: [ 904.216373][ T8] ffff888036d92700: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc [ 904.224412][ T8] ffff888036d92780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 904.232455][ T8] >ffff888036d92800: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc executing program [ 904.240755][ T8] ^ [ 904.247407][ T8] ffff888036d92880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 904.255534][ T8] ffff888036d92900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 904.263573][ T8] ================================================================== [ 904.297026][ T8501] Bluetooth: hci3: Frame reassembly failed (-84) [ 904.317237][ T8] Kernel panic - not syncing: panic_on_warn set ... [ 904.323849][ T8] CPU: 0 PID: 8 Comm: kworker/0:2 Tainted: G B W 5.13.0-syzkaller #0 [ 904.333045][ T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 904.343101][ T8] Workqueue: events hci_cmd_timeout [ 904.348313][ T8] Call Trace: [ 904.351595][ T8] dump_stack_lvl+0xcd/0x134 [ 904.356199][ T8] panic+0x306/0x73d [ 904.360136][ T8] ? __warn_printk+0xf3/0xf3 [ 904.364732][ T8] ? preempt_schedule_common+0x59/0xc0 [ 904.370256][ T8] ? hci_cmd_timeout+0x1f1/0x210 [ 904.375270][ T8] ? preempt_schedule_thunk+0x16/0x18 [ 904.380769][ T8] ? trace_hardirqs_on+0x38/0x1c0 [ 904.385894][ T8] ? trace_hardirqs_on+0x51/0x1c0 [ 904.390906][ T8] ? hci_cmd_timeout+0x1f1/0x210 [ 904.395847][ T8] ? hci_cmd_timeout+0x1f1/0x210 [ 904.400787][ T8] end_report.cold+0x5a/0x5a [ 904.405367][ T8] kasan_report.cold+0x71/0xdf [ 904.410126][ T8] ? hci_cmd_timeout+0x1f1/0x210 [ 904.415058][ T8] hci_cmd_timeout+0x1f1/0x210 [ 904.419810][ T8] process_one_work+0x98d/0x1630 [ 904.424741][ T8] ? pwq_dec_nr_in_flight+0x320/0x320 [ 904.430101][ T8] ? rwlock_bug.part.0+0x90/0x90 [ 904.435137][ T8] worker_thread+0x658/0x11f0 [ 904.439825][ T8] ? process_one_work+0x1630/0x1630 [ 904.445049][ T8] kthread+0x3e5/0x4d0 [ 904.449114][ T8] ? set_kthread_struct+0x130/0x130 [ 904.454298][ T8] ret_from_fork+0x1f/0x30 [ 904.460264][ T8] Kernel Offset: disabled [ 904.464583][ T8] Rebooting in 86400 seconds..