Warning: Permanently added '10.128.0.37' (ED25519) to the list of known hosts. 2025/05/18 04:31:15 ignoring optional flag "sandboxArg"="0" 2025/05/18 04:31:15 parsed 1 programs [ 81.614960][ T2463] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 83.170076][ T1587] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 83.178141][ T1587] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 83.186018][ T1587] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 83.220272][ T1587] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 83.233593][ T1587] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 83.511472][ T2479] chnl_net:caif_netlink_parms(): no params data found [ 85.323799][ T1587] Bluetooth: hci0: command tx timeout [ 85.988358][ T2479] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.404089][ T1587] Bluetooth: hci0: command tx timeout [ 87.579108][ T2479] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.484693][ T1587] Bluetooth: hci0: command tx timeout 2025/05/18 04:31:25 executed programs: 0 [ 90.655412][ T1590] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.668154][ T2956] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.676153][ T2956] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.687716][ T49] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.695767][ T49] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.706877][ T2958] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.709008][ T2959] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.715173][ T2958] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 90.722335][ T2959] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.733334][ T2958] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.736913][ T2964] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.744126][ T2958] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.751430][ T2964] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 90.759106][ T2958] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.766168][ T2959] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.771973][ T2965] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.780061][ T2959] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.793545][ T2966] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 90.794597][ T2958] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.808609][ T2959] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.809519][ T2965] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.822982][ T2965] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.830975][ T2959] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.833039][ T2965] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.847050][ T2959] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 91.085978][ T873] bond0 (unregistering): Released all slaves [ 92.041977][ T2955] chnl_net:caif_netlink_parms(): no params data found [ 92.062419][ T2950] chnl_net:caif_netlink_parms(): no params data found [ 92.136039][ T2951] chnl_net:caif_netlink_parms(): no params data found [ 92.242287][ T2962] chnl_net:caif_netlink_parms(): no params data found [ 92.261187][ T2957] chnl_net:caif_netlink_parms(): no params data found [ 92.844629][ T1388] Bluetooth: hci0: command tx timeout [ 92.925239][ T1388] Bluetooth: hci1: command tx timeout [ 92.931003][ T1388] Bluetooth: hci3: command tx timeout [ 92.936973][ T2959] Bluetooth: hci2: command tx timeout [ 92.942764][ T2959] Bluetooth: hci4: command tx timeout [ 94.923792][ T1388] Bluetooth: hci0: command tx timeout [ 95.003768][ T1388] Bluetooth: hci3: command tx timeout [ 95.009210][ T1388] Bluetooth: hci4: command tx timeout [ 95.011229][ T2959] Bluetooth: hci2: command tx timeout [ 95.014673][ T1388] Bluetooth: hci1: command tx timeout [ 97.003789][ T1388] Bluetooth: hci0: command tx timeout [ 97.083760][ T1388] Bluetooth: hci1: command tx timeout [ 97.084134][ T2959] Bluetooth: hci2: command tx timeout [ 97.089264][ T1388] Bluetooth: hci4: command tx timeout [ 97.094939][ T2959] Bluetooth: hci3: command tx timeout [ 99.083793][ T2959] Bluetooth: hci0: command tx timeout [ 99.164331][ T2959] Bluetooth: hci4: command tx timeout [ 99.169904][ T2966] Bluetooth: hci3: command tx timeout [ 99.169943][ T1388] Bluetooth: hci2: command tx timeout [ 99.175856][ T2966] Bluetooth: hci1: command tx timeout [ 102.978106][ T2951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.026324][ T2955] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.267985][ T2962] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.352402][ T2950] 8021q: adding VLAN 0 to HW filter on device bond0 [ 103.534106][ T2957] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.149701][ T2951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.311514][ T2955] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.477811][ T2962] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.527201][ T2950] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.608792][ T2957] 8021q: adding VLAN 0 to HW filter on device batadv0 2025/05/18 04:31:57 executed programs: 10 [ 123.937389][ T5001] Bluetooth: MGMT ver 1.23 2025/05/18 04:32:02 executed programs: 319 [ 128.109219][ T5595] ================================================================== [ 128.117317][ T5595] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x31/0x190 [ 128.126609][ T5595] Read of size 8 at addr ffff888178c81908 by task syz.2.335/5595 [ 128.134411][ T5595] [ 128.136763][ T5595] CPU: 0 UID: 0 PID: 5595 Comm: syz.2.335 Not tainted 6.15.0-rc6-syzkaller #0 PREEMPT(undef) [ 128.136774][ T5595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 128.136785][ T5595] Call Trace: [ 128.136789][ T5595] [ 128.136794][ T5595] dump_stack_lvl+0xfc/0x190 [ 128.136808][ T5595] ? __pfx_dump_stack_lvl+0x10/0x10 [ 128.136816][ T5595] ? rcu_is_watching+0x1f/0xa0 [ 128.136823][ T5595] ? __virt_addr_valid+0x102/0x360 [ 128.136831][ T5595] ? lock_release+0x42/0x2f0 [ 128.136837][ T5595] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 128.136846][ T5595] ? __virt_addr_valid+0x102/0x360 [ 128.136853][ T5595] ? __virt_addr_valid+0x102/0x360 [ 128.136859][ T5595] ? __virt_addr_valid+0x2bc/0x360 [ 128.136865][ T5595] print_report+0xb4/0x290 [ 128.136873][ T5595] ? __list_del_entry_valid_or_report+0x31/0x190 [ 128.136881][ T5595] kasan_report+0x118/0x150 [ 128.136889][ T5595] ? __list_del_entry_valid_or_report+0x31/0x190 [ 128.136898][ T5595] __list_del_entry_valid_or_report+0x31/0x190 [ 128.136906][ T5595] mgmt_pending_remove+0x1f/0x160 [ 128.136916][ T5595] mgmt_pending_foreach+0x74/0xd0 [ 128.136923][ T5595] ? __pfx_cmd_complete_rsp+0x10/0x10 [ 128.136932][ T5595] mgmt_index_removed+0xfa/0x2a0 [ 128.136938][ T5595] ? hci_dev_get+0x31/0x170 [ 128.136946][ T5595] ? __pfx_mgmt_index_removed+0x10/0x10 [ 128.136955][ T5595] ? _raw_read_unlock+0x28/0x50 [ 128.136964][ T5595] hci_sock_bind+0x9c7/0xd40 [ 128.136981][ T5595] ? __pfx_hci_sock_bind+0x10/0x10 [ 128.136991][ T5595] __sys_bind+0x243/0x320 [ 128.137000][ T5595] ? __pfx___sys_bind+0x10/0x10 [ 128.137013][ T5595] __x64_sys_bind+0x75/0x90 [ 128.137020][ T5595] do_syscall_64+0xa4/0x180 [ 128.137028][ T5595] ? clear_bhb_loop+0x40/0x90 [ 128.137036][ T5595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.137046][ T5595] RIP: 0033:0x7fe1c8b7fed9 [ 128.137057][ T5595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.137067][ T5595] RSP: 002b:00007fe1c98a7058 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 128.137079][ T5595] RAX: ffffffffffffffda RBX: 00007fe1c8d45fa0 RCX: 00007fe1c8b7fed9 [ 128.137084][ T5595] RDX: 0000000000000006 RSI: 0000000020000040 RDI: 0000000000000004 [ 128.137089][ T5595] RBP: 00007fe1c8bf3cc8 R08: 0000000000000000 R09: 0000000000000000 [ 128.137093][ T5595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.137097][ T5595] R13: 0000000000000000 R14: 00007fe1c8d45fa0 R15: 00007ffe8c9120b8 [ 128.137106][ T5595] [ 128.137109][ T5595] [ 128.388636][ T5595] Allocated by task 5593: [ 128.392942][ T5595] kasan_save_track+0x3e/0x80 [ 128.397599][ T5595] __kasan_kmalloc+0x93/0xb0 [ 128.402157][ T5595] __kmalloc_cache_noprof+0x220/0x410 [ 128.407516][ T5595] mgmt_pending_new+0x60/0x200 [ 128.412260][ T5595] mgmt_pending_add+0x16/0xf0 [ 128.416909][ T5595] remove_adv_monitor+0xe8/0x170 [ 128.421818][ T5595] hci_mgmt_cmd+0x840/0xe00 [ 128.426291][ T5595] hci_sock_sendmsg+0x538/0xd70 [ 128.431108][ T5595] __sock_sendmsg+0x1dd/0x220 [ 128.435755][ T5595] sock_write_iter+0x1d1/0x2a0 [ 128.440487][ T5595] vfs_write+0x491/0xa40 [ 128.444698][ T5595] ksys_write+0x110/0x1e0 [ 128.448996][ T5595] do_syscall_64+0xa4/0x180 [ 128.453555][ T5595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.459607][ T5595] [ 128.461944][ T5595] Freed by task 2966: [ 128.465917][ T5595] kasan_save_track+0x3e/0x80 [ 128.470624][ T5595] kasan_save_free_info+0x46/0x50 [ 128.475629][ T5595] __kasan_slab_free+0x62/0x70 [ 128.480388][ T5595] kfree+0x179/0x3e0 [ 128.484350][ T5595] mgmt_remove_adv_monitor_complete+0x246/0x4a0 [ 128.490564][ T5595] hci_cmd_sync_work+0x24b/0x350 [ 128.495489][ T5595] process_scheduled_works+0x98a/0x12d0 [ 128.501016][ T5595] worker_thread+0x850/0xc60 [ 128.505598][ T5595] kthread+0x59b/0x690 [ 128.509683][ T5595] ret_from_fork+0x35/0x70 [ 128.514071][ T5595] ret_from_fork_asm+0x1a/0x30 [ 128.518817][ T5595] [ 128.521143][ T5595] The buggy address belongs to the object at ffff888178c81900 [ 128.521143][ T5595] which belongs to the cache kmalloc-96 of size 96 [ 128.535225][ T5595] The buggy address is located 8 bytes inside of [ 128.535225][ T5595] freed 96-byte region [ffff888178c81900, ffff888178c81960) [ 128.548744][ T5595] [ 128.551069][ T5595] The buggy address belongs to the physical page: [ 128.557470][ T5595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x178c81 [ 128.566318][ T5595] flags: 0x100000000000000(node=0|zone=2) [ 128.572205][ T5595] page_type: f5(slab) [ 128.576159][ T5595] raw: 0100000000000000 ffff888100041280 dead000000000100 dead000000000122 [ 128.584715][ T5595] raw: 0000000000000000 0000000000200020 00000000f5000000 0000000000000000 [ 128.593356][ T5595] page dumped because: kasan: bad access detected [ 128.599746][ T5595] page_owner tracks the page as allocated [ 128.605433][ T5595] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 2331, tgid 2331 (modprobe), ts 56652421234, free_ts 56545492985 [ 128.624628][ T5595] post_alloc_hook+0xec/0x120 [ 128.629278][ T5595] get_page_from_freelist+0x3c4a/0x3da0 [ 128.634902][ T5595] __alloc_frozen_pages_noprof+0x26b/0x460 [ 128.640674][ T5595] allocate_slab+0x65/0x350 [ 128.645147][ T5595] ___slab_alloc+0xafd/0x1260 [ 128.649790][ T5595] __kmalloc_node_noprof+0x2e8/0x4f0 [ 128.655048][ T5595] allocate_slab+0x17c/0x350 [ 128.659630][ T5595] ___slab_alloc+0xafd/0x1260 [ 128.664278][ T5595] kmem_cache_alloc_noprof+0x26e/0x400 [ 128.669712][ T5595] vm_area_alloc+0x1f/0x130 [ 128.674187][ T5595] mmap_region+0xa68/0x1800 [ 128.678659][ T5595] do_mmap+0x926/0xc30 [ 128.682710][ T5595] vm_mmap_pgoff+0x1c0/0x370 [ 128.687328][ T5595] elf_load+0x116/0x4f0 [ 128.691454][ T5595] load_elf_binary+0xc6d/0x21e0 [ 128.696358][ T5595] bprm_execve+0x74c/0xe70 [ 128.700754][ T5595] page last free pid 2325 tgid 2325 stack trace: [ 128.707049][ T5595] __free_frozen_pages+0xa04/0xbe0 [ 128.712145][ T5595] __tlb_remove_table+0x208/0x2f0 [ 128.717253][ T5595] tlb_remove_table_rcu+0x6e/0xd0 [ 128.722268][ T5595] rcu_core+0x999/0x1630 [ 128.726599][ T5595] handle_softirqs+0x250/0x740 [ 128.731411][ T5595] __irq_exit_rcu+0xc0/0x1e0 [ 128.735971][ T5595] irq_exit_rcu+0x9/0x30 [ 128.740375][ T5595] sysvec_apic_timer_interrupt+0x92/0xb0 [ 128.746066][ T5595] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 128.752018][ T5595] [ 128.754320][ T5595] Memory state around the buggy address: [ 128.759933][ T5595] ffff888178c81800: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 128.768051][ T5595] ffff888178c81880: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 128.776171][ T5595] >ffff888178c81900: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 128.784222][ T5595] ^ [ 128.788520][ T5595] ffff888178c81980: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 128.796549][ T5595] ffff888178c81a00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 128.804630][ T5595] ================================================================== [ 128.813163][ T5595] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 128.820674][ T5595] Kernel Offset: disabled [ 128.825001][ T5595] Rebooting in 86400 seconds..