Warning: Permanently added '10.128.1.211' (ED25519) to the list of known hosts. 2024/07/05 19:56:57 ignoring optional flag "sandboxArg"="0" 2024/07/05 19:56:58 parsed 1 programs 2024/07/05 19:56:59 executed programs: 0 [ 63.356076][ T3232] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 63.382977][ T2644] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 63.390340][ T2644] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 63.397929][ T2644] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 63.406165][ T2644] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 63.413745][ T2644] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 63.421300][ T2644] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 63.511263][ T3237] chnl_net:caif_netlink_parms(): no params data found [ 64.305398][ T3237] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.977991][ T3237] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.450112][ T2644] Bluetooth: hci0: command tx timeout [ 66.253688][ T635] ieee802154 phy0 wpan0: encryption failed: -22 [ 66.260686][ T635] ieee802154 phy1 wpan1: encryption failed: -22 [ 66.470787][ T3556] loop0: detected capacity change from 0 to 40427 [ 66.491677][ T3556] F2FS-fs (loop0): Found nat_bits in checkpoint [ 66.535930][ T3556] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 66.555005][ T3237] syz-executor.0: attempt to access beyond end of device [ 66.555005][ T3237] loop0: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 66.571029][ T3237] syz-executor.0: attempt to access beyond end of device [ 66.571029][ T3237] loop0: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 66.618413][ T1425] kworker/u8:7: attempt to access beyond end of device [ 66.618413][ T1425] loop0: rw=2049, sector=40960, nr_sectors = 144 limit=40427 [ 66.633623][ T1425] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.641333][ T1425] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.648421][ T1425] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.655587][ T1425] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.663358][ T1425] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.671372][ T1425] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.678587][ T1425] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.685710][ T1425] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.693446][ T1425] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.700637][ T1425] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.707615][ T1425] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.714810][ T1425] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.721768][ T1425] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.728772][ T1425] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.736364][ T1425] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.743514][ T1425] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.750814][ T1425] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.757832][ T1425] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 66.773295][ T1533] bond0 (unregistering): Released all slaves [ 66.790702][ T3557] ================================================================== [ 66.799060][ T3557] BUG: KASAN: slab-use-after-free in device_for_each_child+0xa1/0x160 [ 66.807233][ T3557] Read of size 8 at addr ffff88807b789320 by task kbnepd bnep0/3557 [ 66.815209][ T3557] [ 66.817523][ T3557] CPU: 1 PID: 3557 Comm: kbnepd bnep0 Not tainted 6.10.0-rc6-syzkaller #0 [ 66.826263][ T3557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 66.836299][ T3557] Call Trace: [ 66.839559][ T3557] [ 66.842467][ T3557] dump_stack_lvl+0x108/0x280 [ 66.847158][ T3557] ? __pfx_dump_stack_lvl+0x10/0x10 [ 66.852330][ T3557] ? __pfx__printk+0x10/0x10 [ 66.856895][ T3557] ? __virt_addr_valid+0x141/0x260 [ 66.862061][ T3557] ? __virt_addr_valid+0x219/0x260 [ 66.867140][ T3557] print_report+0x169/0x550 [ 66.871716][ T3557] ? __virt_addr_valid+0x141/0x260 [ 66.876903][ T3557] ? __virt_addr_valid+0x219/0x260 [ 66.881993][ T3557] ? device_for_each_child+0xa1/0x160 [ 66.887346][ T3557] kasan_report+0x143/0x180 [ 66.891843][ T3557] ? device_for_each_child+0xa1/0x160 [ 66.897287][ T3557] ? __pfx_dev_memalloc_noio+0x10/0x10 [ 66.902727][ T3557] device_for_each_child+0xa1/0x160 [ 66.907897][ T3557] ? __pfx_device_for_each_child+0x10/0x10 [ 66.913680][ T3557] ? do_raw_spin_unlock+0x13c/0x8b0 [ 66.918847][ T3557] ? kobject_put+0x186/0x340 [ 66.923423][ T3557] pm_runtime_set_memalloc_noio+0x105/0x200 [ 66.929471][ T3557] netdev_unregister_kobject+0x158/0x230 [ 66.935075][ T3557] unregister_netdevice_many_notify+0x1137/0x1480 [ 66.941470][ T3557] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 66.948380][ T3557] ? __pfx_lock_acquire+0x10/0x10 [ 66.953562][ T3557] ? do_raw_spin_unlock+0x13c/0x8b0 [ 66.958739][ T3557] unregister_netdev+0x17c/0x1d0 [ 66.963650][ T3557] ? __pfx_unregister_netdev+0x10/0x10 [ 66.969169][ T3557] ? remove_wait_queue+0x33/0x130 [ 66.974164][ T3557] bnep_session+0x28eb/0x2aa0 [ 66.978814][ T3557] ? __lock_acquire+0x5cd/0xc10 [ 66.983640][ T3557] ? __pfx_bnep_session+0x10/0x10 [ 66.988644][ T3557] ? _raw_spin_unlock_irqrestore+0xcf/0x130 [ 66.994508][ T3557] ? _raw_spin_unlock+0x14/0x50 [ 66.999326][ T3557] ? __pfx_woken_wake_function+0x10/0x10 [ 67.005226][ T3557] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 67.011723][ T3557] ? __kthread_parkme+0x80/0x140 [ 67.016655][ T3557] ? __pfx_bnep_session+0x10/0x10 [ 67.021751][ T3557] kthread+0x268/0x2c0 [ 67.025800][ T3557] ? __pfx_bnep_session+0x10/0x10 [ 67.030796][ T3557] ? __pfx_kthread+0x10/0x10 [ 67.035565][ T3557] ret_from_fork+0x32/0x60 [ 67.039968][ T3557] ? __pfx_kthread+0x10/0x10 [ 67.044552][ T3557] ret_from_fork_asm+0x1a/0x30 [ 67.049388][ T3557] [ 67.052397][ T3557] [ 67.054709][ T3557] Allocated by task 3237: [ 67.059024][ T3557] kasan_save_track+0x3f/0x80 [ 67.063858][ T3557] __kasan_kmalloc+0x98/0xb0 [ 67.068420][ T3557] __kmalloc_noprof+0x1d5/0x440 [ 67.073266][ T3557] hci_alloc_dev_priv+0x1d/0x2020 [ 67.078315][ T3557] vhci_create_device+0xf5/0x630 [ 67.083262][ T3557] vhci_write+0x2cc/0x3c0 [ 67.087574][ T3557] vfs_write+0x7b6/0xf50 [ 67.091786][ T3557] ksys_write+0x163/0x250 [ 67.096101][ T3557] do_syscall_64+0x8d/0x1a0 [ 67.100664][ T3557] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.106560][ T3557] [ 67.108872][ T3557] Freed by task 3237: [ 67.112821][ T3557] kasan_save_track+0x3f/0x80 [ 67.117467][ T3557] kasan_save_free_info+0x40/0x50 [ 67.122460][ T3557] poison_slab_object+0xe0/0x150 [ 67.127462][ T3557] __kasan_slab_free+0x37/0x60 [ 67.132197][ T3557] kfree+0x12f/0x310 [ 67.136088][ T3557] hci_release_dev+0x1338/0x14a0 [ 67.140994][ T3557] bt_host_release+0x5f/0x70 [ 67.145571][ T3557] device_release+0x92/0x140 [ 67.150305][ T3557] kobject_put+0x186/0x340 [ 67.154693][ T3557] vhci_release+0x81/0xc0 [ 67.159015][ T3557] __fput+0x1a8/0x690 [ 67.163079][ T3557] task_work_run+0x20f/0x290 [ 67.167814][ T3557] do_exit+0x8ae/0x2530 [ 67.171942][ T3557] do_group_exit+0x1ba/0x280 [ 67.176503][ T3557] __x64_sys_exit_group+0x3f/0x40 [ 67.181517][ T3557] do_syscall_64+0x8d/0x1a0 [ 67.186080][ T3557] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.192032][ T3557] [ 67.194356][ T3557] Last potentially related work creation: [ 67.200063][ T3557] kasan_save_stack+0x3f/0x60 [ 67.204798][ T3557] __kasan_record_aux_stack+0xac/0xc0 [ 67.210143][ T3557] insert_work+0x38/0x230 [ 67.214447][ T3557] __queue_work+0x80c/0x9f0 [ 67.218962][ T3557] queue_work_on+0x123/0x1f0 [ 67.223710][ T3557] l2cap_chan_send+0x2f2/0x2260 [ 67.228846][ T3557] l2cap_sock_sendmsg+0x162/0x270 [ 67.234022][ T3557] __sock_sendmsg+0x1ec/0x230 [ 67.238758][ T3557] kernel_sendmsg+0x11d/0x1f0 [ 67.243404][ T3557] bnep_session+0x247f/0x2aa0 [ 67.248052][ T3557] kthread+0x268/0x2c0 [ 67.252139][ T3557] ret_from_fork+0x32/0x60 [ 67.256531][ T3557] ret_from_fork_asm+0x1a/0x30 [ 67.261262][ T3557] [ 67.263617][ T3557] Second to last potentially related work creation: [ 67.270184][ T3557] kasan_save_stack+0x3f/0x60 [ 67.274860][ T3557] __kasan_record_aux_stack+0xac/0xc0 [ 67.280212][ T3557] insert_work+0x38/0x230 [ 67.284513][ T3557] __queue_work+0x80c/0x9f0 [ 67.289076][ T3557] queue_work_on+0x123/0x1f0 [ 67.293636][ T3557] l2cap_chan_send+0x2f2/0x2260 [ 67.298460][ T3557] l2cap_sock_sendmsg+0x162/0x270 [ 67.303460][ T3557] __sock_sendmsg+0x1ec/0x230 [ 67.308132][ T3557] kernel_sendmsg+0x11d/0x1f0 [ 67.312779][ T3557] bnep_session+0x247f/0x2aa0 [ 67.317517][ T3557] kthread+0x268/0x2c0 [ 67.321648][ T3557] ret_from_fork+0x32/0x60 [ 67.326036][ T3557] ret_from_fork_asm+0x1a/0x30 [ 67.330768][ T3557] [ 67.333067][ T3557] The buggy address belongs to the object at ffff88807b788000 [ 67.333067][ T3557] which belongs to the cache kmalloc-8k of size 8192 [ 67.347089][ T3557] The buggy address is located 4896 bytes inside of [ 67.347089][ T3557] freed 8192-byte region [ffff88807b788000, ffff88807b78a000) [ 67.361116][ T3557] [ 67.363677][ T3557] The buggy address belongs to the physical page: [ 67.370069][ T3557] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b788 [ 67.379161][ T3557] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 67.387630][ T3557] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 67.395150][ T3557] page_type: 0xffffefff(slab) [ 67.399796][ T3557] raw: 00fff00000000040 ffff88800f042280 ffffea0001ebfc00 0000000000000002 [ 67.408434][ T3557] raw: 0000000000000000 0000000000020002 00000001ffffefff 0000000000000000 [ 67.417078][ T3557] head: 00fff00000000040 ffff88800f042280 ffffea0001ebfc00 0000000000000002 [ 67.425813][ T3557] head: 0000000000000000 0000000000020002 00000001ffffefff 0000000000000000 [ 67.434452][ T3557] head: 00fff00000000003 ffffea0001ede201 ffffffffffffffff 0000000000000000 [ 67.443264][ T3557] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 67.452105][ T3557] page dumped because: kasan: bad access detected [ 67.458592][ T3557] page_owner tracks the page as allocated [ 67.464375][ T3557] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2831, tgid 2831 (sh), ts 19340268870, free_ts 12459313246 [ 67.484048][ T3557] post_alloc_hook+0x10f/0x130 [ 67.488958][ T3557] get_page_from_freelist+0x2c48/0x2d00 [ 67.494574][ T3557] __alloc_pages_noprof+0x256/0x670 [ 67.499747][ T3557] alloc_slab_page+0x5f/0x120 [ 67.504394][ T3557] allocate_slab+0x5d/0x290 [ 67.509048][ T3557] ___slab_alloc+0xa7f/0x11d0 [ 67.513702][ T3557] kmalloc_trace_noprof+0x1fc/0x360 [ 67.519178][ T3557] tomoyo_init_log+0x10ae/0x1fe0 [ 67.524105][ T3557] tomoyo_supervisor+0x316/0xfb0 [ 67.529029][ T3557] tomoyo_env_perm+0x131/0x1f0 [ 67.533771][ T3557] tomoyo_find_next_domain+0xf4a/0x1710 [ 67.539286][ T3557] tomoyo_bprm_check_security+0xfb/0x130 [ 67.544888][ T3557] security_bprm_check+0x2a/0x80 [ 67.549883][ T3557] bprm_execve+0x7d4/0x12f0 [ 67.554667][ T3557] do_execveat_common+0x43c/0x5f0 [ 67.559660][ T3557] __x64_sys_execve+0x8d/0xa0 [ 67.564324][ T3557] page last free pid 2799 tgid 2799 stack trace: [ 67.570937][ T3557] free_unref_page+0xc0e/0xd60 [ 67.575670][ T3557] __put_partials+0x18e/0x1d0 [ 67.580317][ T3557] put_cpu_partial+0x151/0x1b0 [ 67.585055][ T3557] __slab_free+0x2b8/0x3a0 [ 67.589613][ T3557] qlist_free_all+0x9e/0x140 [ 67.594191][ T3557] kasan_quarantine_reduce+0x14f/0x170 [ 67.599619][ T3557] __kasan_slab_alloc+0x23/0x80 [ 67.604548][ T3557] __kmalloc_noprof+0x182/0x440 [ 67.609457][ T3557] tomoyo_supervisor+0xc62/0xfb0 [ 67.614451][ T3557] tomoyo_check_open_permission+0x419/0x960 [ 67.620315][ T3557] security_file_open+0x2f/0x5c0 [ 67.625220][ T3557] do_dentry_open+0x30f/0x1090 [ 67.629972][ T3557] vfs_open+0x36/0x290 [ 67.634027][ T3557] path_openat+0x2489/0x2a10 [ 67.638611][ T3557] do_filp_open+0x22b/0x440 [ 67.643438][ T3557] do_sys_openat2+0xf6/0x180 [ 67.648006][ T3557] [ 67.650305][ T3557] Memory state around the buggy address: [ 67.655908][ T3557] ffff88807b789200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.664028][ T3557] ffff88807b789280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.672061][ T3557] >ffff88807b789300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.680093][ T3557] ^ [ 67.685253][ T3557] ffff88807b789380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.693343][ T3557] ffff88807b789400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.701378][ T3557] ================================================================== [ 67.709916][ T3557] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 67.717374][ T3557] Kernel Offset: disabled [ 67.721706][ T3557] Rebooting in 86400 seconds..