Warning: Permanently added '10.128.0.255' (ED25519) to the list of known hosts. 2024/12/23 22:20:21 ignoring optional flag "sandboxArg"="0" 2024/12/23 22:20:21 parsed 1 programs [ 73.865598][ T2408] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 74.536005][ T2426] chnl_net:caif_netlink_parms(): no params data found [ 75.304020][ T2426] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.854834][ T2426] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.862206][ T1635] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 75.870249][ T1635] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 77.084764][ T662] bond0 (unregistering): Released all slaves [ 77.202553][ T43] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.209865][ T43] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.218027][ T43] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.227207][ T43] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 77.234387][ T43] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 2024/12/23 22:20:25 executed programs: 0 [ 77.585310][ T1600] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.592617][ T1600] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.600485][ T1600] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.607809][ T1600] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 77.614944][ T1600] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.707134][ T2866] chnl_net:caif_netlink_parms(): no params data found [ 78.485280][ T2866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.030619][ T2866] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.037986][ T1635] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 79.045334][ T1635] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 79.706017][ T1635] Bluetooth: hci0: command 0x0409 tx timeout [ 79.983255][ T3231] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input4 [ 81.775430][ T1635] Bluetooth: hci0: command 0x041b tx timeout 2024/12/23 22:20:30 executed programs: 202 [ 83.858130][ T1635] Bluetooth: hci0: command 0x040f tx timeout [ 85.935532][ T1635] Bluetooth: hci0: command 0x0419 tx timeout [ 87.627005][ T43] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.634584][ T43] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.643328][ T43] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.651378][ T43] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 87.659528][ T43] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.742367][ T4432] chnl_net:caif_netlink_parms(): no params data found [ 87.850540][ T52] bond0 (unregistering): Released all slaves [ 88.525942][ T4432] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.079622][ T4432] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.086980][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 89.094737][ T2857] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 89.695570][ T1635] Bluetooth: hci1: command 0x0409 tx timeout 2024/12/23 22:20:38 executed programs: 602 [ 90.039309][ T4797] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input5 [ 91.785443][ T1635] Bluetooth: hci1: command 0x041b tx timeout [ 93.855615][ T1635] Bluetooth: hci1: command 0x040f tx timeout 2024/12/23 22:20:43 executed programs: 1004 [ 95.935505][ T2857] Bluetooth: hci1: command 0x0419 tx timeout [ 97.463565][ T1600] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 97.471026][ T1600] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 97.478224][ T6000] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 97.485725][ T4798] ================================================================== [ 97.488460][ T6000] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 97.493955][ T4798] BUG: KASAN: use-after-free in __mutex_lock+0xfb9/0x1040 [ 97.502093][ T6000] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 97.508243][ T4798] Read of size 8 at addr ffff888079c6c060 by task khidpd_7fff0008/4798 [ 97.508253][ T4798] [ 97.508260][ T4798] CPU: 0 PID: 4798 Comm: khidpd_7fff0008 Not tainted 5.16.0-rc1-syzkaller #0 [ 97.508266][ T4798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 97.508277][ T4798] Call Trace: [ 97.515619][ T6000] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 97.523500][ T4798] [ 97.558478][ T4798] dump_stack_lvl+0x41/0x5e [ 97.563280][ T4798] print_address_description.constprop.0.cold+0x8d/0x321 [ 97.570299][ T4798] ? __mutex_lock+0xfb9/0x1040 [ 97.575056][ T4798] ? __mutex_lock+0xfb9/0x1040 [ 97.579946][ T4798] kasan_report.cold+0x83/0xdf [ 97.584804][ T4798] ? __mutex_lock+0xfb9/0x1040 [ 97.589580][ T4798] __mutex_lock+0xfb9/0x1040 [ 97.594183][ T4798] ? l2cap_unregister_user+0x66/0x210 [ 97.599557][ T4798] ? mutex_lock_io_nested+0xed0/0xed0 [ 97.604928][ T4798] ? do_raw_spin_unlock+0x171/0x230 [ 97.610218][ T4798] ? _raw_spin_unlock_irqrestore+0x35/0x60 [ 97.616134][ T4798] ? del_timer+0xb3/0xf0 [ 97.620373][ T4798] l2cap_unregister_user+0x66/0x210 [ 97.625566][ T4798] hidp_session_thread+0x400/0x5d0 [ 97.630680][ T4798] ? hidp_session_run+0x1220/0x1220 [ 97.635928][ T4798] ? lock_downgrade+0x540/0x540 [ 97.640876][ T4798] ? hidp_close+0x10/0x10 [ 97.640997][ T5998] chnl_net:caif_netlink_parms(): no params data found [ 97.645277][ T4798] ? lock_acquire+0x132/0x290 [ 97.656839][ T4798] ? __kthread_parkme+0x49/0x150 [ 97.661926][ T4798] ? hidp_close+0x10/0x10 [ 97.666254][ T4798] ? do_raw_spin_unlock+0x171/0x230 [ 97.671453][ T4798] ? __kthread_parkme+0x7e/0x150 [ 97.676476][ T4798] ? hidp_session_run+0x1220/0x1220 [ 97.681671][ T4798] kthread+0x344/0x400 [ 97.685743][ T4798] ? set_kthread_struct+0x100/0x100 [ 97.690947][ T4798] ret_from_fork+0x22/0x30 [ 97.695366][ T4798] [ 97.698546][ T4798] [ 97.700934][ T4798] Allocated by task 4432: [ 97.705257][ T4798] kasan_save_stack+0x1e/0x50 [ 97.710012][ T4798] __kasan_kmalloc+0xa9/0xd0 [ 97.714601][ T4798] hci_alloc_dev_priv+0x14/0x24f0 [ 97.719611][ T4798] __vhci_create_device+0xd4/0x730 [ 97.724947][ T4798] vhci_write+0x261/0x3d0 [ 97.729263][ T4798] new_sync_write+0x366/0x600 [ 97.733930][ T4798] vfs_write+0x59c/0x810 [ 97.738335][ T4798] ksys_write+0xf4/0x1d0 [ 97.742571][ T4798] do_syscall_64+0x3c/0x90 [ 97.746987][ T4798] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 97.752939][ T4798] [ 97.755252][ T4798] Freed by task 4432: [ 97.759222][ T4798] kasan_save_stack+0x1e/0x50 [ 97.763892][ T4798] kasan_set_track+0x21/0x30 [ 97.768484][ T4798] kasan_set_free_info+0x20/0x30 [ 97.773422][ T4798] __kasan_slab_free+0xff/0x130 [ 97.778280][ T4798] slab_free_freelist_hook+0x8b/0x1c0 [ 97.783826][ T4798] kfree+0xe7/0x510 [ 97.787629][ T4798] hci_release_dev+0x439/0x550 [ 97.792384][ T4798] bt_host_release+0x4d/0x80 [ 97.797073][ T4798] device_release+0x96/0x190 [ 97.801748][ T4798] kobject_cleanup+0xfd/0x3a0 [ 97.806432][ T4798] vhci_release+0x7a/0xe0 [ 97.810967][ T4798] __fput+0x1ee/0x8c0 [ 97.814944][ T4798] task_work_run+0xc5/0x150 [ 97.819531][ T4798] do_exit+0x9c7/0x2460 [ 97.823677][ T4798] do_group_exit+0xe7/0x2a0 [ 97.828265][ T4798] get_signal+0x3e1/0x1b20 [ 97.832769][ T4798] arch_do_signal_or_restart+0x2b5/0x16d0 [ 97.838489][ T4798] exit_to_user_mode_prepare+0xfb/0x170 [ 97.844032][ T4798] syscall_exit_to_user_mode+0x13/0x30 [ 97.849495][ T4798] do_syscall_64+0x4a/0x90 [ 97.854004][ T4798] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 97.859895][ T4798] [ 97.862218][ T4798] Last potentially related work creation: [ 97.867929][ T4798] kasan_save_stack+0x1e/0x50 [ 97.872595][ T4798] __kasan_record_aux_stack+0xf5/0x120 [ 97.878048][ T4798] insert_work+0x45/0x380 [ 97.882370][ T4798] __queue_work+0x54c/0xc50 [ 97.886889][ T4798] queue_work_on+0x52/0x70 [ 97.891392][ T4798] process_one_work+0x81d/0x1200 [ 97.896407][ T4798] worker_thread+0x4a0/0xdd0 [ 97.900989][ T4798] kthread+0x344/0x400 [ 97.905055][ T4798] ret_from_fork+0x22/0x30 [ 97.909467][ T4798] [ 97.911790][ T4798] Second to last potentially related work creation: [ 97.918368][ T4798] kasan_save_stack+0x1e/0x50 [ 97.923258][ T4798] __kasan_record_aux_stack+0xf5/0x120 [ 97.928718][ T4798] insert_work+0x45/0x380 [ 97.933045][ T4798] __queue_work+0x54c/0xc50 [ 97.937547][ T4798] call_timer_fn+0x15b/0x3b0 [ 97.942126][ T4798] __run_timers.part.0+0x2c5/0x7a0 [ 97.947243][ T4798] run_timer_softirq+0x97/0x180 [ 97.952196][ T4798] __do_softirq+0x1f1/0x641 [ 97.956693][ T4798] [ 97.959005][ T4798] The buggy address belongs to the object at ffff888079c6c000 [ 97.959005][ T4798] which belongs to the cache kmalloc-8k of size 8192 [ 97.973171][ T4798] The buggy address is located 96 bytes inside of [ 97.973171][ T4798] 8192-byte region [ffff888079c6c000, ffff888079c6e000) [ 97.987136][ T4798] The buggy address belongs to the page: [ 97.992758][ T4798] page:ffffea0001e71a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79c68 [ 98.002908][ T4798] head:ffffea0001e71a00 order:3 compound_mapcount:0 compound_pincount:0 [ 98.011228][ T4798] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 98.019205][ T4798] raw: 00fff00000010200 ffffea0001f3f800 dead000000000003 ffff88800e842280 [ 98.027814][ T4798] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 98.036740][ T4798] page dumped because: kasan: bad access detected [ 98.043156][ T4798] page_owner tracks the page as allocated [ 98.048860][ T4798] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 2866, ts 77716130185, free_ts 77691280461 [ 98.067352][ T4798] get_page_from_freelist+0x1330/0x2e70 [ 98.072979][ T4798] __alloc_pages+0x1b2/0x480 [ 98.077580][ T4798] allocate_slab+0x2ff/0x430 [ 98.082171][ T4798] ___slab_alloc+0x8dd/0xbf0 [ 98.086842][ T4798] __slab_alloc.constprop.0+0x45/0x80 [ 98.092216][ T4798] __kmalloc+0x3bc/0x430 [ 98.096449][ T4798] batadv_hash_new+0x9d/0x2a0 [ 98.101374][ T4798] batadv_nc_mesh_init+0x13c/0x450 [ 98.106489][ T4798] batadv_mesh_init+0x519/0x900 [ 98.111332][ T4798] batadv_softif_init_late+0xaa3/0xd80 [ 98.116788][ T4798] register_netdevice+0x421/0x1250 [ 98.121895][ T4798] __rtnl_newlink+0xcc8/0x1370 [ 98.126741][ T4798] rtnl_newlink+0x5a/0x90 [ 98.131063][ T4798] rtnetlink_rcv_msg+0x39b/0x910 [ 98.135993][ T4798] netlink_rcv_skb+0x11b/0x340 [ 98.140751][ T4798] netlink_unicast+0x433/0x700 [ 98.145750][ T4798] page last free stack trace: [ 98.150452][ T4798] free_pcp_prepare+0x446/0x970 [ 98.155563][ T4798] free_unref_page+0x19/0x500 [ 98.160235][ T4798] __unfreeze_partials+0x30c/0x330 [ 98.165435][ T4798] qlist_free_all+0x5a/0xc0 [ 98.169932][ T4798] kasan_quarantine_reduce+0x180/0x1f0 [ 98.175555][ T4798] __kasan_slab_alloc+0xa2/0xc0 [ 98.180411][ T4798] __kmalloc+0x25e/0x430 [ 98.184817][ T4798] load_elf_phdrs+0xd4/0x190 [ 98.189403][ T4798] load_elf_binary+0x186/0x3d80 [ 98.194245][ T4798] bprm_execve+0x639/0x13b0 [ 98.198745][ T4798] kernel_execve+0x2c2/0x3e0 [ 98.203339][ T4798] call_usermodehelper_exec_async+0x2c4/0x500 [ 98.209403][ T4798] ret_from_fork+0x22/0x30 [ 98.213816][ T4798] [ 98.216140][ T4798] Memory state around the buggy address: [ 98.221758][ T4798] ffff888079c6bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 98.229811][ T4798] ffff888079c6bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 98.238051][ T4798] >ffff888079c6c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 98.246108][ T4798] ^ [ 98.253304][ T4798] ffff888079c6c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 98.261364][ T4798] ffff888079c6c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 98.269510][ T4798] ================================================================== [ 98.277653][ T4798] Disabling lock debugging due to kernel taint [ 98.283928][ T4798] Kernel panic - not syncing: panic_on_warn set ... [ 98.290933][ T4798] Kernel Offset: disabled [ 98.295356][ T4798] Rebooting in 86400 seconds..