Warning: Permanently added '10.128.1.191' (ED25519) to the list of known hosts. 2024/11/27 09:51:20 ignoring optional flag "sandboxArg"="0" 2024/11/27 09:51:20 parsed 1 programs [ 73.837485][ T2480] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.112284][ T1590] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.119741][ T1590] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.168972][ T1598] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.187120][ T1598] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.213029][ T1598] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 75.220373][ T1598] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.263922][ T2493] chnl_net:caif_netlink_parms(): no params data found [ 76.672395][ T2493] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.260687][ T1598] Bluetooth: hci0: command tx timeout [ 77.563554][ T2493] 8021q: adding VLAN 0 to HW filter on device batadv0 2024/11/27 09:51:26 executed programs: 0 [ 79.181524][ T1407] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.190868][ T1407] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.203854][ T1407] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.214057][ T1407] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.238123][ T48] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.250407][ T2969] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.257946][ T2969] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 79.271120][ T2969] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 79.277181][ T2978] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.280536][ T2969] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.286346][ T2978] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 79.292212][ T2969] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 79.299083][ T2978] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.306410][ T2969] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 79.313316][ T2978] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 79.320000][ T2969] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 79.327345][ T2978] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.335803][ T1598] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.341775][ T2978] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.348271][ T1598] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 79.355307][ T2978] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 79.362348][ T2969] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 79.369268][ T2978] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.383481][ T2978] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 79.386276][ T2969] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 79.397798][ T2978] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 79.399861][ T2969] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 79.412877][ T2969] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 79.420824][ T2969] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 79.428205][ T2969] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 79.642889][ T504] bond0 (unregistering): Released all slaves [ 80.060696][ T2972] chnl_net:caif_netlink_parms(): no params data found [ 80.081841][ T2962] chnl_net:caif_netlink_parms(): no params data found [ 80.156719][ T2966] chnl_net:caif_netlink_parms(): no params data found [ 80.211969][ T2976] chnl_net:caif_netlink_parms(): no params data found [ 80.243670][ T2967] chnl_net:caif_netlink_parms(): no params data found [ 81.431235][ T2974] Bluetooth: hci2: command tx timeout [ 81.431269][ T2969] Bluetooth: hci1: command tx timeout [ 81.500631][ T2969] Bluetooth: hci4: command tx timeout [ 81.500823][ T2974] Bluetooth: hci5: command tx timeout [ 81.506045][ T48] Bluetooth: hci3: command tx timeout [ 83.502338][ T2969] Bluetooth: hci1: command tx timeout [ 83.507781][ T2969] Bluetooth: hci2: command tx timeout [ 83.581684][ T2969] Bluetooth: hci4: command tx timeout [ 83.587137][ T48] Bluetooth: hci5: command tx timeout [ 83.587177][ T2974] Bluetooth: hci3: command tx timeout [ 85.570719][ T2972] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.583784][ T2974] Bluetooth: hci2: command tx timeout [ 85.583795][ T48] Bluetooth: hci1: command tx timeout [ 85.632007][ T2966] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.660676][ T2974] Bluetooth: hci5: command tx timeout [ 85.660685][ T48] Bluetooth: hci3: command tx timeout [ 85.660705][ T48] Bluetooth: hci4: command tx timeout [ 85.753017][ T2976] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.775983][ T2962] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.911095][ T2967] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.660770][ T48] Bluetooth: hci2: command tx timeout [ 87.660781][ T2969] Bluetooth: hci1: command tx timeout [ 87.741137][ T48] Bluetooth: hci4: command tx timeout [ 87.744603][ T2969] Bluetooth: hci5: command tx timeout [ 87.746629][ T48] Bluetooth: hci3: command tx timeout [ 89.257491][ T2972] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.312046][ T2966] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.536799][ T2962] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.552282][ T2976] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.583423][ T2967] 8021q: adding VLAN 0 to HW filter on device batadv0 2024/11/27 09:51:43 executed programs: 10 [ 97.982703][ T2969] Bluetooth: hci5: command 0x0405 tx timeout 2024/11/27 09:51:48 executed programs: 426 2024/11/27 09:51:53 executed programs: 874 [ 109.659046][ T7527] ================================================================== [ 109.667148][ T7527] BUG: KASAN: slab-use-after-free in __lock_acquire+0x7c/0xc70 [ 109.674721][ T7527] Read of size 8 at addr ffff88811321b020 by task syz.1.1186/7527 [ 109.682546][ T7527] [ 109.684894][ T7527] CPU: 0 UID: 0 PID: 7527 Comm: syz.1.1186 Not tainted 6.12.0-rc6-syzkaller #0 [ 109.693831][ T7527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 109.703908][ T7527] Call Trace: [ 109.707208][ T7527] [ 109.710151][ T7527] dump_stack_lvl+0x108/0x280 [ 109.714850][ T7527] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.720073][ T7527] ? __pfx__printk+0x10/0x10 [ 109.724680][ T7527] ? lock_acquire+0xc2/0x3a0 [ 109.729281][ T7527] ? __pfx_lock_acquire+0x10/0x10 [ 109.734317][ T7527] ? __virt_addr_valid+0x141/0x270 [ 109.739444][ T7527] ? __virt_addr_valid+0x229/0x270 [ 109.744575][ T7527] print_report+0x169/0x550 [ 109.749093][ T7527] ? __virt_addr_valid+0x141/0x270 [ 109.754215][ T7527] ? __virt_addr_valid+0x229/0x270 [ 109.759339][ T7527] ? __lock_acquire+0x7c/0xc70 [ 109.764114][ T7527] kasan_report+0x143/0x180 [ 109.768636][ T7527] ? __lock_acquire+0x7c/0xc70 [ 109.773418][ T7527] __lock_acquire+0x7c/0xc70 [ 109.778185][ T7527] lock_acquire+0x1a9/0x3a0 [ 109.782702][ T7527] ? sco_sock_connect+0x260/0x820 [ 109.787740][ T7527] ? __pfx_lock_acquire+0x10/0x10 [ 109.792769][ T7527] ? do_raw_spin_unlock+0x13c/0x8b0 [ 109.797989][ T7527] ? lock_sock_nested+0x4f/0xd0 [ 109.802842][ T7527] _raw_spin_lock+0x2e/0x40 [ 109.807340][ T7527] ? sco_sock_connect+0x260/0x820 [ 109.812408][ T7527] sco_sock_connect+0x260/0x820 [ 109.817269][ T7527] ? __pfx_sco_sock_connect+0x10/0x10 [ 109.822655][ T7527] __sys_connect+0x30d/0x380 [ 109.827252][ T7527] ? __pfx___sys_connect+0x10/0x10 [ 109.832462][ T7527] __x64_sys_connect+0x75/0x90 [ 109.837236][ T7527] do_syscall_64+0x8d/0x190 [ 109.841750][ T7527] ? clear_bhb_loop+0x55/0xb0 [ 109.846429][ T7527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.852324][ T7527] RIP: 0033:0x7f680277e819 [ 109.856729][ T7527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.876377][ T7527] RSP: 002b:00007f68034f9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 109.884884][ T7527] RAX: ffffffffffffffda RBX: 00007f6802935fa0 RCX: 00007f680277e819 [ 109.892895][ T7527] RDX: 0000000000000008 RSI: 0000000020000000 RDI: 0000000000000005 [ 109.900948][ T7527] RBP: 00007f68027f175e R08: 0000000000000000 R09: 0000000000000000 [ 109.908902][ T7527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.916853][ T7527] R13: 0000000000000000 R14: 00007f6802935fa0 R15: 00007fff8059d288 [ 109.924805][ T7527] [ 109.927804][ T7527] [ 109.930104][ T7527] Allocated by task 7513: [ 109.934411][ T7527] kasan_save_track+0x3f/0x80 [ 109.939070][ T7527] __kasan_kmalloc+0x98/0xb0 [ 109.943637][ T7527] __kmalloc_cache_noprof+0x19e/0x360 [ 109.948989][ T7527] sco_conn_add+0xce/0x320 [ 109.953553][ T7527] sco_sock_connect+0x242/0x820 [ 109.958376][ T7527] __sys_connect+0x30d/0x380 [ 109.963098][ T7527] __x64_sys_connect+0x75/0x90 [ 109.967835][ T7527] do_syscall_64+0x8d/0x190 [ 109.972312][ T7527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.978382][ T7527] [ 109.980681][ T7527] Freed by task 7527: [ 109.984634][ T7527] kasan_save_track+0x3f/0x80 [ 109.989283][ T7527] kasan_save_free_info+0x40/0x50 [ 109.994278][ T7527] __kasan_slab_free+0x59/0x70 [ 109.999015][ T7527] kfree+0x186/0x3e0 [ 110.002894][ T7527] sco_conn_add+0x96/0x320 [ 110.007282][ T7527] sco_sock_connect+0x242/0x820 [ 110.012103][ T7527] __sys_connect+0x30d/0x380 [ 110.016675][ T7527] __x64_sys_connect+0x75/0x90 [ 110.021415][ T7527] do_syscall_64+0x8d/0x190 [ 110.025891][ T7527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.031762][ T7527] [ 110.034060][ T7527] The buggy address belongs to the object at ffff88811321b000 [ 110.034060][ T7527] which belongs to the cache kmalloc-256 of size 256 [ 110.048088][ T7527] The buggy address is located 32 bytes inside of [ 110.048088][ T7527] freed 256-byte region [ffff88811321b000, ffff88811321b100) [ 110.061766][ T7527] [ 110.064085][ T7527] The buggy address belongs to the physical page: [ 110.070536][ T7527] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11321a [ 110.079398][ T7527] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 110.087907][ T7527] anon flags: 0x100000000000040(head|node=0|zone=2) [ 110.094591][ T7527] page_type: f5(slab) [ 110.098607][ T7527] raw: 0100000000000040 ffff888100041b40 ffffea0005d3c080 dead000000000003 [ 110.107185][ T7527] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 110.116005][ T7527] head: 0100000000000040 ffff888100041b40 ffffea0005d3c080 dead000000000003 [ 110.124701][ T7527] head: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 110.133378][ T7527] head: 0100000000000001 ffffea00044c8681 ffffffffffffffff 0000000000000000 [ 110.142224][ T7527] head: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 110.150906][ T7527] page dumped because: kasan: bad access detected [ 110.157420][ T7527] page_owner tracks the page as allocated [ 110.163118][ T7527] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 6551002086, free_ts 4747367799 [ 110.183601][ T7527] post_alloc_hook+0x10f/0x130 [ 110.188356][ T7527] get_page_from_freelist+0x42ac/0x4480 [ 110.193875][ T7527] __alloc_pages_noprof+0x256/0x650 [ 110.199075][ T7527] alloc_pages_mpol_noprof+0x289/0x4e0 [ 110.204561][ T7527] alloc_slab_page+0x6a/0x140 [ 110.209508][ T7527] allocate_slab+0x5d/0x290 [ 110.214030][ T7527] ___slab_alloc+0xa7f/0x11e0 [ 110.218715][ T7527] __kmalloc_noprof+0x25a/0x440 [ 110.223563][ T7527] mpi_alloc+0x6b/0x110 [ 110.227789][ T7527] mpi_read_raw_data+0xd8/0xa20 [ 110.232620][ T7527] rsa_set_pub_key+0x37f/0x5e0 [ 110.237386][ T7527] pkcs1pad_set_pub_key+0xc1/0x1c0 [ 110.242508][ T7527] public_key_verify_signature+0x41f/0x6f0 [ 110.248334][ T7527] x509_check_for_self_signed+0x2a5/0x370 [ 110.254047][ T7527] x509_cert_parse+0x5d2/0x6f0 [ 110.258793][ T7527] x509_key_preparse+0x60/0x630 [ 110.263723][ T7527] page last free pid 43 tgid 43 stack trace: [ 110.269702][ T7527] free_unref_page+0xaa5/0xc80 [ 110.274489][ T7527] vfree+0x10e/0x210 [ 110.278357][ T7527] delayed_vfree_work+0x3c/0x70 [ 110.283209][ T7527] process_scheduled_works+0x8e8/0x1360 [ 110.288763][ T7527] worker_thread+0x868/0xc70 [ 110.293363][ T7527] kthread+0x268/0x2c0 [ 110.297434][ T7527] ret_from_fork+0x32/0x60 [ 110.301857][ T7527] ret_from_fork_asm+0x1a/0x30 [ 110.306643][ T7527] [ 110.308966][ T7527] Memory state around the buggy address: [ 110.314599][ T7527] ffff88811321af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 110.322735][ T7527] ffff88811321af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 110.330867][ T7527] >ffff88811321b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 110.338913][ T7527] ^ [ 110.344007][ T7527] ffff88811321b080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 110.352040][ T7527] ffff88811321b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 110.360107][ T7527] ================================================================== [ 110.368182][ T7527] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 110.375605][ T7527] Kernel Offset: disabled [ 110.380057][ T7527] Rebooting in 86400 seconds..