Warning: Permanently added '10.128.10.17' (ED25519) to the list of known hosts. 2024/02/08 15:29:40 ignoring optional flag "sandboxArg"="0" 2024/02/08 15:29:40 parsed 1 programs 2024/02/08 15:29:40 executed programs: 0 [ 50.351237][ T1973] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 50.384383][ T1304] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 50.391804][ T1304] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 50.407803][ T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 50.415168][ T45] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 50.426876][ T1990] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 50.434147][ T1990] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 50.443485][ T1990] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 50.450646][ T1990] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 50.452213][ T2001] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 50.458154][ T1990] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 50.465295][ T2001] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 50.472058][ T1990] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 50.478553][ T2001] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 50.485558][ T1990] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 50.492357][ T2001] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 50.499952][ T1990] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 50.506693][ T2000] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 50.520587][ T2000] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 50.520646][ T1990] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 50.534616][ T2002] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 50.535728][ T2000] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 50.541755][ T1990] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 50.550154][ T2000] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 50.563697][ T1990] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 50.564993][ T2000] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 50.577866][ T1990] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 50.586245][ T1990] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 50.594877][ T2000] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 50.602177][ T2000] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 50.609447][ T2000] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 51.064025][ T1997] chnl_net:caif_netlink_parms(): no params data found [ 51.090501][ T1980] chnl_net:caif_netlink_parms(): no params data found [ 51.116791][ T1987] chnl_net:caif_netlink_parms(): no params data found [ 51.129463][ T1992] chnl_net:caif_netlink_parms(): no params data found [ 51.202501][ T1996] chnl_net:caif_netlink_parms(): no params data found [ 52.609949][ T1993] Bluetooth: hci1: command 0x0409 tx timeout [ 52.614929][ T2000] Bluetooth: hci2: command 0x0409 tx timeout [ 52.616016][ T1993] Bluetooth: hci0: command 0x0409 tx timeout [ 52.685979][ T1993] Bluetooth: hci3: command 0x0409 tx timeout [ 52.687962][ T2000] Bluetooth: hci4: command 0x0409 tx timeout [ 54.694895][ T2000] Bluetooth: hci2: command 0x041b tx timeout [ 54.694929][ T1993] Bluetooth: hci1: command 0x041b tx timeout [ 54.700897][ T2000] Bluetooth: hci0: command 0x041b tx timeout [ 54.765027][ T2000] Bluetooth: hci3: command 0x041b tx timeout [ 54.765100][ T1993] Bluetooth: hci4: command 0x041b tx timeout [ 55.734294][ T1997] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.849609][ T1980] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.010875][ T1987] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.024165][ T1992] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.167762][ T1996] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.765800][ T1993] Bluetooth: hci0: command 0x040f tx timeout [ 56.765938][ T2000] Bluetooth: hci1: command 0x040f tx timeout [ 56.771811][ T1999] Bluetooth: hci2: command 0x040f tx timeout [ 56.844916][ T1999] Bluetooth: hci4: command 0x040f tx timeout [ 56.844920][ T1993] Bluetooth: hci3: command 0x040f tx timeout [ 58.846912][ T1999] Bluetooth: hci0: command 0x0419 tx timeout [ 58.846924][ T1993] Bluetooth: hci2: command 0x0419 tx timeout [ 58.846941][ T1993] Bluetooth: hci1: command 0x0419 tx timeout [ 58.912960][ T1997] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.925014][ T1993] Bluetooth: hci3: command 0x0419 tx timeout [ 58.931034][ T2000] Bluetooth: hci4: command 0x0419 tx timeout [ 59.038105][ T1980] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.136391][ T1992] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.237285][ T1987] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.378068][ T1996] 8021q: adding VLAN 0 to HW filter on device batadv0 2024/02/08 15:29:55 executed programs: 5 [ 66.844872][ T2000] Bluetooth: hci4: command 0x0405 tx timeout [ 68.924867][ T2000] Bluetooth: hci4: command 0x0405 tx timeout 2024/02/08 15:30:00 executed programs: 93 [ 71.004919][ T2000] Bluetooth: hci4: command 0x0405 tx timeout [ 73.084949][ T2000] Bluetooth: hci4: command 0x0405 tx timeout [ 73.091188][ T1993] ================================================================== [ 73.099503][ T1993] BUG: KASAN: slab-use-after-free in __hci_acl_create_connection_sync+0x605/0x8d0 [ 73.108679][ T1993] Write of size 2 at addr ffff8881784ba036 by task kworker/u5:4/1993 [ 73.116718][ T1993] [ 73.119022][ T1993] CPU: 0 PID: 1993 Comm: kworker/u5:4 Not tainted 6.8.0-rc2-syzkaller #0 [ 73.127405][ T1993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 73.137435][ T1993] Workqueue: hci4 hci_cmd_sync_work [ 73.142619][ T1993] Call Trace: [ 73.145876][ T1993] [ 73.148783][ T1993] dump_stack_lvl+0xf8/0x260 [ 73.153371][ T1993] ? __pfx_dump_stack_lvl+0x10/0x10 [ 73.158557][ T1993] ? __pfx__printk+0x10/0x10 [ 73.163132][ T1993] ? __virt_addr_valid+0x141/0x260 [ 73.168232][ T1993] ? __virt_addr_valid+0x219/0x260 [ 73.173319][ T1993] print_report+0x167/0x540 [ 73.177800][ T1993] ? __virt_addr_valid+0x141/0x260 [ 73.182909][ T1993] ? __virt_addr_valid+0x219/0x260 [ 73.187992][ T1993] ? __hci_acl_create_connection_sync+0x605/0x8d0 [ 73.194378][ T1993] kasan_report+0x142/0x180 [ 73.198851][ T1993] ? __hci_acl_create_connection_sync+0x605/0x8d0 [ 73.205235][ T1993] __hci_acl_create_connection_sync+0x605/0x8d0 [ 73.211446][ T1993] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 73.217401][ T1993] ? __pfx___hci_acl_create_connection_sync+0x10/0x10 [ 73.224143][ T1993] ? hci_cmd_sync_work+0x286/0x3a0 [ 73.229224][ T1993] ? kfree+0x139/0x350 [ 73.233261][ T1993] ? __pfx___hci_acl_create_connection_sync+0x10/0x10 [ 73.239993][ T1993] hci_cmd_sync_work+0x210/0x3a0 [ 73.244902][ T1993] ? process_scheduled_works+0x758/0xfd0 [ 73.250506][ T1993] process_scheduled_works+0x7e9/0xfd0 [ 73.255937][ T1993] ? __pfx_process_scheduled_works+0x10/0x10 [ 73.261886][ T1993] ? assign_work+0x23f/0x350 [ 73.266447][ T1993] worker_thread+0x868/0xca0 [ 73.271011][ T1993] ? __pfx_worker_thread+0x10/0x10 [ 73.276092][ T1993] kthread+0x267/0x2c0 [ 73.280130][ T1993] ? __pfx_worker_thread+0x10/0x10 [ 73.285222][ T1993] ? __pfx_kthread+0x10/0x10 [ 73.289791][ T1993] ret_from_fork+0x32/0x60 [ 73.294190][ T1993] ? __pfx_kthread+0x10/0x10 [ 73.298759][ T1993] ret_from_fork_asm+0x1b/0x30 [ 73.303501][ T1993] [ 73.306501][ T1993] [ 73.308804][ T1993] Allocated by task 4218: [ 73.313113][ T1993] kasan_save_track+0x3f/0x80 [ 73.317765][ T1993] __kasan_kmalloc+0x98/0xb0 [ 73.322329][ T1993] kmalloc_trace+0x1c4/0x3a0 [ 73.326891][ T1993] hci_conn_add+0xbb/0x1240 [ 73.331367][ T1993] hci_connect_acl+0x1d3/0x490 [ 73.336101][ T1993] hci_connect_sco+0x36/0x390 [ 73.340748][ T1993] sco_sock_connect+0x1f3/0x7f0 [ 73.345569][ T1993] __sys_connect+0x317/0x390 [ 73.350128][ T1993] __x64_sys_connect+0x75/0x90 [ 73.354866][ T1993] do_syscall_64+0x94/0x1a0 [ 73.359336][ T1993] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 73.365200][ T1993] [ 73.367499][ T1993] Freed by task 1993: [ 73.371448][ T1993] kasan_save_track+0x3f/0x80 [ 73.376094][ T1993] kasan_save_free_info+0x4e/0x60 [ 73.381088][ T1993] poison_slab_object+0xee/0x1a0 [ 73.385997][ T1993] __kasan_slab_free+0x34/0x70 [ 73.390731][ T1993] kfree+0x139/0x350 [ 73.394597][ T1993] device_release+0x92/0x140 [ 73.399242][ T1993] kobject_put+0x14d/0x300 [ 73.403653][ T1993] hci_conn_del+0x73d/0xa60 [ 73.408130][ T1993] hci_abort_conn_sync+0x2d3/0xb30 [ 73.413223][ T1993] __hci_acl_create_connection_sync+0x553/0x8d0 [ 73.419448][ T1993] hci_cmd_sync_work+0x210/0x3a0 [ 73.424365][ T1993] process_scheduled_works+0x7e9/0xfd0 [ 73.429885][ T1993] worker_thread+0x868/0xca0 [ 73.434456][ T1993] kthread+0x267/0x2c0 [ 73.438500][ T1993] ret_from_fork+0x32/0x60 [ 73.442886][ T1993] ret_from_fork_asm+0x1b/0x30 [ 73.447637][ T1993] [ 73.449935][ T1993] The buggy address belongs to the object at ffff8881784ba000 [ 73.449935][ T1993] which belongs to the cache kmalloc-4k of size 4096 [ 73.463960][ T1993] The buggy address is located 54 bytes inside of [ 73.463960][ T1993] freed 4096-byte region [ffff8881784ba000, ffff8881784bb000) [ 73.477720][ T1993] [ 73.480020][ T1993] The buggy address belongs to the physical page: [ 73.486408][ T1993] page:ffffea0005e12e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1784b8 [ 73.496707][ T1993] head:ffffea0005e12e00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 73.505622][ T1993] anon flags: 0x100000000000840(slab|head|node=0|zone=2) [ 73.512633][ T1993] page_type: 0xffffffff() [ 73.516937][ T1993] raw: 0100000000000840 ffff888100042140 0000000000000000 dead000000000001 [ 73.525493][ T1993] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 73.534043][ T1993] page dumped because: kasan: bad access detected [ 73.540427][ T1993] page_owner tracks the page as allocated [ 73.546112][ T1993] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 3050, tgid 3050 (modprobe), ts 58161764114, free_ts 58020762351 [ 73.567691][ T1993] post_alloc_hook+0x10f/0x130 [ 73.572427][ T1993] get_page_from_freelist+0x3e5f/0x4080 [ 73.577941][ T1993] __alloc_pages+0x255/0x650 [ 73.582499][ T1993] alloc_slab_page+0x5f/0x160 [ 73.587145][ T1993] new_slab+0x70/0x270 [ 73.591183][ T1993] ___slab_alloc+0xa79/0x10b0 [ 73.595834][ T1993] __kmalloc+0x2ba/0x480 [ 73.600047][ T1993] tomoyo_realpath_from_path+0xe3/0x4e0 [ 73.605563][ T1993] tomoyo_check_open_permission+0x249/0x960 [ 73.611427][ T1993] security_file_open+0x2a/0x80 [ 73.616244][ T1993] do_dentry_open+0x2ee/0x11c0 [ 73.620973][ T1993] path_openat+0x217f/0x2780 [ 73.625531][ T1993] do_filp_open+0x22a/0x440 [ 73.630010][ T1993] do_sys_openat2+0xf6/0x180 [ 73.634566][ T1993] __x64_sys_openat+0x20d/0x260 [ 73.639385][ T1993] do_syscall_64+0x94/0x1a0 [ 73.643856][ T1993] page last free pid 1996 tgid 1996 stack trace: [ 73.650149][ T1993] free_unref_page_prepare+0x87f/0x9a0 [ 73.655574][ T1993] free_unref_page+0x37/0x3a0 [ 73.660217][ T1993] __put_partials+0x18e/0x1d0 [ 73.664873][ T1993] put_cpu_partial+0x150/0x1b0 [ 73.669620][ T1993] __slab_free+0x2b8/0x3c0 [ 73.674002][ T1993] qlist_free_all+0x6d/0xd0 [ 73.678473][ T1993] kasan_quarantine_reduce+0x14f/0x170 [ 73.683898][ T1993] __kasan_slab_alloc+0x23/0x80 [ 73.688717][ T1993] kmem_cache_alloc_lru+0x15d/0x390 [ 73.693896][ T1993] sock_alloc_inode+0x20/0xb0 [ 73.698551][ T1993] new_inode_pseudo+0x5b/0x190 [ 73.703292][ T1993] __sock_create+0xc1/0x6e0 [ 73.707767][ T1993] __sys_socket+0x124/0x340 [ 73.712243][ T1993] __x64_sys_socket+0x75/0x90 [ 73.716887][ T1993] do_syscall_64+0x94/0x1a0 [ 73.721363][ T1993] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 73.727229][ T1993] [ 73.729526][ T1993] Memory state around the buggy address: [ 73.735123][ T1993] ffff8881784b9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.743151][ T1993] ffff8881784b9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.751180][ T1993] >ffff8881784ba000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.759207][ T1993] ^ [ 73.764823][ T1993] ffff8881784ba080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.772851][ T1993] ffff8881784ba100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.780877][ T1993] ================================================================== [ 73.789036][ T1993] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 73.796400][ T1993] Kernel Offset: disabled [ 73.800696][ T1993] Rebooting in 86400 seconds..