Warning: Permanently added '10.128.10.2' (ED25519) to the list of known hosts. 2023/12/06 03:47:56 ignoring optional flag "sandboxArg"="0" 2023/12/06 03:47:57 parsed 1 programs 2023/12/06 03:47:57 executed programs: 0 [ 65.919604][ T1902] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 65.940639][ T1237] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.947792][ T1237] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.954902][ T1237] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.962476][ T1237] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.970634][ T1237] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 65.977808][ T1237] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 66.075432][ T1907] chnl_net:caif_netlink_parms(): no params data found [ 66.912292][ T1907] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.460289][ T1907] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.467203][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 67.474500][ T1796] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 68.045184][ T1237] Bluetooth: hci0: command 0x0409 tx timeout [ 70.125215][ T1237] Bluetooth: hci0: command 0x041b tx timeout 2023/12/06 03:48:02 executed programs: 3 [ 72.205172][ T1237] Bluetooth: hci0: command 0x040f tx timeout [ 74.295194][ T1237] Bluetooth: hci0: command 0x0419 tx timeout 2023/12/06 03:48:07 executed programs: 9 [ 76.365251][ T1237] Bluetooth: hci0: command 0x0405 tx timeout 2023/12/06 03:48:12 executed programs: 15 2023/12/06 03:48:17 executed programs: 21 2023/12/06 03:48:22 executed programs: 27 2023/12/06 03:48:27 executed programs: 33 2023/12/06 03:48:32 executed programs: 39 2023/12/06 03:48:37 executed programs: 45 2023/12/06 03:48:42 executed programs: 51 2023/12/06 03:48:47 executed programs: 57 [ 120.125188][ T1392] Bluetooth: hci0: command 0x0405 tx timeout 2023/12/06 03:48:52 executed programs: 63 2023/12/06 03:48:57 executed programs: 69 2023/12/06 03:49:02 executed programs: 75 2023/12/06 03:49:07 executed programs: 81 2023/12/06 03:49:12 executed programs: 87 2023/12/06 03:49:17 executed programs: 93 2023/12/06 03:49:22 executed programs: 99 2023/12/06 03:49:27 executed programs: 105 [ 158.605342][ T1578] ================================================================== [ 158.613432][ T1578] BUG: KASAN: slab-use-after-free in sco_sock_timeout+0x57/0x1f0 [ 158.621148][ T1578] Write of size 4 at addr ffff88810ea7b080 by task kworker/0:3/1578 [ 158.629096][ T1578] [ 158.631393][ T1578] CPU: 0 PID: 1578 Comm: kworker/0:3 Not tainted 6.3.0-rc5-syzkaller #0 [ 158.639684][ T1578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 158.649717][ T1578] Workqueue: events sco_sock_timeout [ 158.654979][ T1578] Call Trace: [ 158.658237][ T1578] [ 158.661143][ T1578] dump_stack_lvl+0x3d/0x60 [ 158.665620][ T1578] print_report+0xc4/0x620 [ 158.670005][ T1578] ? __lock_acquire.constprop.0+0x496/0xf60 [ 158.675866][ T1578] kasan_report+0xdc/0x110 [ 158.680250][ T1578] ? sco_sock_timeout+0x57/0x1f0 [ 158.685155][ T1578] ? sco_sock_timeout+0x57/0x1f0 [ 158.690061][ T1578] kasan_check_range+0x143/0x190 [ 158.694966][ T1578] sco_sock_timeout+0x57/0x1f0 [ 158.699723][ T1578] process_one_work+0x850/0x1270 [ 158.704633][ T1578] ? pwq_dec_nr_in_flight+0x230/0x230 [ 158.709972][ T1578] ? spin_bug+0x1d0/0x1d0 [ 158.714291][ T1578] ? lock_acquire+0x134/0x2b0 [ 158.718951][ T1578] worker_thread+0xf1/0xdd0 [ 158.723431][ T1578] ? do_raw_spin_unlock+0x173/0x230 [ 158.728634][ T1578] ? __kthread_parkme+0x7e/0x150 [ 158.733542][ T1578] ? process_one_work+0x1270/0x1270 [ 158.738709][ T1578] kthread+0x22c/0x2b0 [ 158.743703][ T1578] ? kthread_complete_and_exit+0x20/0x20 [ 158.749326][ T1578] ret_from_fork+0x1f/0x30 [ 158.753716][ T1578] [ 158.756724][ T1578] [ 158.759028][ T1578] Allocated by task 2487: [ 158.763325][ T1578] kasan_save_stack+0x33/0x50 [ 158.767991][ T1578] kasan_set_track+0x25/0x30 [ 158.772547][ T1578] __kasan_kmalloc+0xa2/0xb0 [ 158.777106][ T1578] __kmalloc+0x5d/0x160 [ 158.781231][ T1578] sk_prot_alloc+0x14f/0x210 [ 158.785787][ T1578] sk_alloc+0x30/0x580 [ 158.789821][ T1578] sco_sock_alloc.constprop.0+0x22/0x2f0 [ 158.795440][ T1578] sco_sock_create+0xb3/0x160 [ 158.800084][ T1578] bt_sock_create+0x11e/0x250 [ 158.804728][ T1578] __sock_create+0x1fd/0x460 [ 158.809286][ T1578] __sys_socket+0x114/0x1b0 [ 158.813780][ T1578] __x64_sys_socket+0x6d/0xb0 [ 158.818423][ T1578] do_syscall_64+0x39/0xb0 [ 158.822811][ T1578] entry_SYSCALL_64_after_hwframe+0x64/0xce [ 158.828671][ T1578] [ 158.830968][ T1578] Freed by task 2488: [ 158.834916][ T1578] kasan_save_stack+0x33/0x50 [ 158.839564][ T1578] kasan_set_track+0x25/0x30 [ 158.844140][ T1578] kasan_save_free_info+0x2e/0x40 [ 158.849133][ T1578] ____kasan_slab_free+0x15e/0x1b0 [ 158.854230][ T1578] slab_free_freelist_hook+0x10b/0x1e0 [ 158.859655][ T1578] __kmem_cache_free+0xab/0x330 [ 158.864493][ T1578] __sk_destruct+0x4a5/0x6b0 [ 158.869051][ T1578] sco_sock_release+0x130/0x280 [ 158.873871][ T1578] __sock_release+0xbb/0x280 [ 158.878427][ T1578] sock_close+0x13/0x20 [ 158.882571][ T1578] __fput+0x1e3/0x9b0 [ 158.886520][ T1578] task_work_run+0x114/0x1f0 [ 158.891077][ T1578] get_signal+0x194/0x1f00 [ 158.895483][ T1578] arch_do_signal_or_restart+0x89/0x5f0 [ 158.901014][ T1578] exit_to_user_mode_prepare+0xc3/0x150 [ 158.906532][ T1578] syscall_exit_to_user_mode+0x17/0x40 [ 158.911960][ T1578] do_syscall_64+0x46/0xb0 [ 158.916349][ T1578] entry_SYSCALL_64_after_hwframe+0x64/0xce [ 158.922213][ T1578] [ 158.924513][ T1578] Last potentially related work creation: [ 158.930196][ T1578] kasan_save_stack+0x33/0x50 [ 158.934840][ T1578] __kasan_record_aux_stack+0xbf/0xd0 [ 158.940181][ T1578] __call_rcu_common.constprop.0+0x8e/0x6b0 [ 158.946040][ T1578] netlink_release+0xc67/0x15e0 [ 158.950856][ T1578] __sock_release+0xbb/0x280 [ 158.955415][ T1578] sock_close+0x13/0x20 [ 158.960170][ T1578] __fput+0x1e3/0x9b0 [ 158.964121][ T1578] task_work_run+0x114/0x1f0 [ 158.968688][ T1578] exit_to_user_mode_prepare+0x141/0x150 [ 158.974287][ T1578] syscall_exit_to_user_mode+0x17/0x40 [ 158.979713][ T1578] do_syscall_64+0x46/0xb0 [ 158.984119][ T1578] entry_SYSCALL_64_after_hwframe+0x64/0xce [ 158.989996][ T1578] [ 158.992297][ T1578] The buggy address belongs to the object at ffff88810ea7b000 [ 158.992297][ T1578] which belongs to the cache kmalloc-2k of size 2048 [ 159.006320][ T1578] The buggy address is located 128 bytes inside of [ 159.006320][ T1578] freed 2048-byte region [ffff88810ea7b000, ffff88810ea7b800) [ 159.020539][ T1578] [ 159.022862][ T1578] The buggy address belongs to the physical page: [ 159.029244][ T1578] page:ffffea00043a9e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ea78 [ 159.039447][ T1578] head:ffffea00043a9e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 159.048347][ T1578] flags: 0x100000000010200(slab|head|node=0|zone=2) [ 159.054912][ T1578] raw: 0100000000010200 ffff888100042000 dead000000000100 dead000000000122 [ 159.063465][ T1578] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 159.072019][ T1578] page dumped because: kasan: bad access detected [ 159.078401][ T1578] page_owner tracks the page as allocated [ 159.084089][ T1578] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 1652148147, free_ts 0 [ 159.103692][ T1578] post_alloc_hook+0x282/0x300 [ 159.108428][ T1578] get_page_from_freelist+0xc0a/0x41b0 [ 159.113863][ T1578] __alloc_pages+0x1d0/0x470 [ 159.118427][ T1578] alloc_page_interleave+0xf/0x200 [ 159.123505][ T1578] allocate_slab+0x24e/0x360 [ 159.128082][ T1578] ___slab_alloc+0x7f6/0xf50 [ 159.132830][ T1578] __slab_alloc.constprop.0+0x4d/0x90 [ 159.138174][ T1578] __kmem_cache_alloc_node+0x144/0x390 [ 159.143607][ T1578] kmalloc_trace+0x25/0xb0 [ 159.148083][ T1578] acpi_add_single_object+0xb7/0x1810 [ 159.153428][ T1578] acpi_bus_check_add+0x1a6/0x4a0 [ 159.158509][ T1578] acpi_ns_walk_namespace+0x2e6/0x4b0 [ 159.163851][ T1578] acpi_walk_namespace+0xb4/0xe0 [ 159.168759][ T1578] acpi_bus_scan+0x119/0x160 [ 159.173323][ T1578] acpi_scan_init+0x1ea/0x630 [ 159.178317][ T1578] acpi_init+0x380/0x870 [ 159.182526][ T1578] page_owner free stack trace missing [ 159.187906][ T1578] [ 159.190245][ T1578] Memory state around the buggy address: [ 159.195849][ T1578] ffff88810ea7af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 159.203903][ T1578] ffff88810ea7b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 159.211932][ T1578] >ffff88810ea7b080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 159.219961][ T1578] ^ [ 159.223995][ T1578] ffff88810ea7b100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 159.232025][ T1578] ffff88810ea7b180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 159.240051][ T1578] ================================================================== [ 159.248166][ T1578] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 159.255532][ T1578] Kernel Offset: disabled [ 159.260180][ T1578] Rebooting in 86400 seconds..