Warning: Permanently added '10.128.1.78' (ED25519) to the list of known hosts. 1970/01/01 00:00:58 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:58 ignoring optional flag "type"="gce" 1970/01/01 00:00:58 parsed 1 programs [ 58.467760][ T6628] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS 1970/01/01 00:00:58 executed programs: 0 [ 58.500200][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 58.503223][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 58.505235][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 58.508138][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 58.510869][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 58.512379][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 58.579313][ T6633] chnl_net:caif_netlink_parms(): no params data found [ 58.605548][ T6633] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.607083][ T6633] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.608668][ T6633] bridge_slave_0: entered allmulticast mode [ 58.610332][ T6633] bridge_slave_0: entered promiscuous mode [ 58.614259][ T6633] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.615765][ T6633] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.617215][ T6633] bridge_slave_1: entered allmulticast mode [ 58.619039][ T6633] bridge_slave_1: entered promiscuous mode [ 58.630407][ T6633] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.633391][ T6633] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.645375][ T6633] team0: Port device team_slave_0 added [ 58.648023][ T6633] team0: Port device team_slave_1 added [ 58.659213][ T6633] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.660639][ T6633] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.665668][ T6633] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.669609][ T6633] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.671002][ T6633] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.675977][ T6633] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.729444][ T6633] hsr_slave_0: entered promiscuous mode [ 58.758728][ T6633] hsr_slave_1: entered promiscuous mode [ 59.592546][ T6633] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 59.601514][ T6633] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.604443][ T6633] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 59.607247][ T6633] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 59.661620][ T6633] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.670235][ T6633] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.679349][ T747] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.680728][ T747] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.683411][ T747] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.685212][ T747] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.770442][ T6633] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.795502][ T6633] veth0_vlan: entered promiscuous mode [ 59.801290][ T6633] veth1_vlan: entered promiscuous mode [ 59.815454][ T6633] veth0_macvtap: entered promiscuous mode [ 59.819370][ T6633] veth1_macvtap: entered promiscuous mode [ 59.826775][ T6633] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.834417][ T6633] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.839397][ T6633] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.841317][ T6633] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.842941][ T6633] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.844612][ T6633] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.882016][ T252] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.883511][ T252] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.896987][ T747] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.898963][ T747] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.934237][ T5995] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585 [ 59.936258][ T5995] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5995, name: kworker/u9:1 [ 59.938370][ T5995] preempt_count: 0, expected: 0 [ 59.939407][ T5995] RCU nest depth: 1, expected: 0 [ 59.940393][ T5995] 4 locks held by kworker/u9:1/5995: [ 59.941396][ T5995] #0: ffff0000d5128148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x628/0x1600 [ 59.943476][ T5995] #1: ffff8000a34f7c20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6bc/0x1600 [ 59.945944][ T5995] #2: ffff0000d4d18078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xc0/0x998 [ 59.948453][ T5995] #3: ffff80008faafee0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c [ 59.950489][ T5995] CPU: 0 UID: 0 PID: 5995 Comm: kworker/u9:1 Not tainted 6.12.0-syzkaller-00237-g7b1d1d4cfac0 #0 [ 59.952585][ T5995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 59.954544][ T5995] Workqueue: hci0 hci_rx_work [ 59.955402][ T5995] Call trace: [ 59.956127][ T5995] show_stack+0x2c/0x3c (C) [ 59.957138][ T5995] dump_stack_lvl+0xe4/0x150 [ 59.958115][ T5995] dump_stack+0x1c/0x28 [ 59.959016][ T5995] __might_resched+0x374/0x4d0 [ 59.959983][ T5995] __might_sleep+0x90/0xe4 [ 59.960943][ T5995] __mutex_lock_common+0xcc/0x21a0 [ 59.962059][ T5995] mutex_lock_nested+0x2c/0x38 [ 59.962993][ T5995] hci_le_create_big_complete_evt+0x348/0x998 [ 59.964239][ T5995] hci_le_meta_evt+0x2a4/0x478 [ 59.965246][ T5995] hci_event_packet+0x890/0x106c [ 59.966175][ T5995] hci_rx_work+0x318/0xa80 [ 59.967143][ T5995] process_one_work+0x7bc/0x1600 [ 59.968195][ T5995] worker_thread+0x97c/0xeec [ 59.969192][ T5995] kthread+0x288/0x310 [ 59.970122][ T5995] ret_from_fork+0x10/0x20 [ 59.972408][ T5995] [ 59.972923][ T5995] ============================= [ 59.973852][ T5995] [ BUG: Invalid wait context ] [ 59.974802][ T5995] 6.12.0-syzkaller-00237-g7b1d1d4cfac0 #0 Tainted: G W [ 59.976618][ T5995] ----------------------------- [ 59.977652][ T5995] kworker/u9:1/5995 is trying to lock: [ 59.978844][ T5995] ffff800092954e08 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x348/0x998 [ 59.981298][ T5995] other info that might help us debug this: [ 59.982598][ T5995] context-{4:4} [ 59.983323][ T5995] 4 locks held by kworker/u9:1/5995: [ 59.984423][ T5995] #0: ffff0000d5128148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x628/0x1600 [ 59.986630][ T5995] #1: ffff8000a34f7c20 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x6bc/0x1600 [ 59.989016][ T5995] #2: ffff0000d4d18078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xc0/0x998 [ 59.991251][ T5995] #3: ffff80008faafee0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x10/0x4c [ 59.993296][ T5995] stack backtrace: [ 59.994049][ T5995] CPU: 0 UID: 0 PID: 5995 Comm: kworker/u9:1 Tainted: G W 6.12.0-syzkaller-00237-g7b1d1d4cfac0 #0 [ 59.996494][ T5995] Tainted: [W]=WARN [ 59.997261][ T5995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 59.999242][ T5995] Workqueue: hci0 hci_rx_work [ 60.000223][ T5995] Call trace: [ 60.000912][ T5995] show_stack+0x2c/0x3c (C) [ 60.001817][ T5995] dump_stack_lvl+0xe4/0x150 [ 60.002713][ T5995] dump_stack+0x1c/0x28 [ 60.003696][ T5995] __lock_acquire+0x1f40/0x77c8 [ 60.004609][ T5995] lock_acquire+0x240/0x728 [ 60.005582][ T5995] __mutex_lock_common+0x190/0x21a0 [ 60.006619][ T5995] mutex_lock_nested+0x2c/0x38 [ 60.007603][ T5995] hci_le_create_big_complete_evt+0x348/0x998 [ 60.008906][ T5995] hci_le_meta_evt+0x2a4/0x478 [ 60.009821][ T5995] hci_event_packet+0x890/0x106c [ 60.010819][ T5995] hci_rx_work+0x318/0xa80 [ 60.011688][ T5995] process_one_work+0x7bc/0x1600 [ 60.012768][ T5995] worker_thread+0x97c/0xeec [ 60.013683][ T5995] kthread+0x288/0x310 [ 60.014504][ T5995] ret_from_fork+0x10/0x20 [ 60.058455][ T5995] ================================================================== [ 60.060240][ T5995] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x300/0x998 [ 60.062138][ T5995] Read of size 8 at addr ffff0000dacb4000 by task kworker/u9:1/5995 [ 60.063652][ T5995] [ 60.064073][ T5995] CPU: 0 UID: 0 PID: 5995 Comm: kworker/u9:1 Tainted: G W 6.12.0-syzkaller-00237-g7b1d1d4cfac0 #0 [ 60.066792][ T5995] Tainted: [W]=WARN [ 60.067663][ T5995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 60.069701][ T5995] Workqueue: hci0 hci_rx_work [ 60.070702][ T5995] Call trace: [ 60.071367][ T5995] show_stack+0x2c/0x3c (C) [ 60.072306][ T5995] dump_stack_lvl+0xe4/0x150 [ 60.073254][ T5995] print_report+0x198/0x538 [ 60.074160][ T5995] kasan_report+0xd8/0x138 [ 60.075089][ T5995] __asan_report_load8_noabort+0x20/0x2c [ 60.076252][ T5995] hci_le_create_big_complete_evt+0x300/0x998 [ 60.077593][ T5995] hci_le_meta_evt+0x2a4/0x478 [ 60.078686][ T5995] hci_event_packet+0x890/0x106c [ 60.079688][ T5995] hci_rx_work+0x318/0xa80 [ 60.080639][ T5995] process_one_work+0x7bc/0x1600 [ 60.081684][ T5995] worker_thread+0x97c/0xeec [ 60.082637][ T5995] kthread+0x288/0x310 [ 60.083466][ T5995] ret_from_fork+0x10/0x20 [ 60.084355][ T5995] [ 60.084863][ T5995] Allocated by task 5995: [ 60.085860][ T5995] kasan_save_track+0x40/0x78 [ 60.086901][ T5995] kasan_save_alloc_info+0x40/0x50 [ 60.087938][ T5995] __kasan_kmalloc+0xac/0xc4 [ 60.088893][ T5995] __kmalloc_cache_noprof+0x244/0x378 [ 60.090000][ T5995] __hci_conn_add+0x25c/0x13cc [ 60.091011][ T5995] hci_conn_add+0x70/0x88 [ 60.091926][ T5995] hci_le_big_sync_established_evt+0x360/0x9ec [ 60.093170][ T5995] hci_le_meta_evt+0x2a4/0x478 [ 60.094142][ T5995] hci_event_packet+0x890/0x106c [ 60.095152][ T5995] hci_rx_work+0x318/0xa80 [ 60.096205][ T5995] process_one_work+0x7bc/0x1600 [ 60.097306][ T5995] worker_thread+0x97c/0xeec [ 60.098361][ T5995] kthread+0x288/0x310 [ 60.099224][ T5995] ret_from_fork+0x10/0x20 [ 60.100123][ T5995] [ 60.100591][ T5995] Freed by task 5995: [ 60.101478][ T5995] kasan_save_track+0x40/0x78 [ 60.102426][ T5995] kasan_save_free_info+0x54/0x6c [ 60.103590][ T5995] __kasan_slab_free+0x64/0x8c [ 60.104643][ T5995] kfree+0x184/0x47c [ 60.105501][ T5995] bt_link_release+0x20/0x30 [ 60.106536][ T5995] device_release+0x8c/0x1ac [ 60.107669][ T5995] kobject_put+0x2a8/0x41c [ 60.108639][ T5995] put_device+0x28/0x40 [ 60.109549][ T5995] hci_conn_del_sysfs+0x7c/0x170 [ 60.110616][ T5995] hci_conn_del+0x72c/0xaa0 [ 60.111615][ T5995] hci_le_create_big_complete_evt+0x55c/0x998 [ 60.112933][ T5995] hci_le_meta_evt+0x2a4/0x478 [ 60.114011][ T5995] hci_event_packet+0x890/0x106c [ 60.115031][ T5995] hci_rx_work+0x318/0xa80 [ 60.116042][ T5995] process_one_work+0x7bc/0x1600 [ 60.117090][ T5995] worker_thread+0x97c/0xeec [ 60.118147][ T5995] kthread+0x288/0x310 [ 60.119002][ T5995] ret_from_fork+0x10/0x20 [ 60.119912][ T5995] [ 60.120433][ T5995] The buggy address belongs to the object at ffff0000dacb4000 [ 60.120433][ T5995] which belongs to the cache kmalloc-8k of size 8192 [ 60.123442][ T5995] The buggy address is located 0 bytes inside of [ 60.123442][ T5995] freed 8192-byte region [ffff0000dacb4000, ffff0000dacb6000) [ 60.126409][ T5995] [ 60.127002][ T5995] The buggy address belongs to the physical page: [ 60.128219][ T5995] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11acb0 [ 60.130041][ T5995] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 60.131790][ T5995] ksm flags: 0x5ffc00000000040(head|node=0|zone=2|lastcpupid=0x7ff) [ 60.133435][ T5995] page_type: f5(slab) [ 60.134192][ T5995] raw: 05ffc00000000040 ffff0000c0002280 fffffdffc30b7200 0000000000000003 [ 60.135968][ T5995] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000 [ 60.137782][ T5995] head: 05ffc00000000040 ffff0000c0002280 fffffdffc30b7200 0000000000000003 [ 60.139751][ T5995] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000 [ 60.141554][ T5995] head: 05ffc00000000003 fffffdffc36b2c01 ffffffffffffffff 0000000000000000 [ 60.143331][ T5995] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 60.145051][ T5995] page dumped because: kasan: bad access detected [ 60.146361][ T5995] [ 60.146875][ T5995] Memory state around the buggy address: [ 60.148016][ T5995] ffff0000dacb3f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.149828][ T5995] ffff0000dacb3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.151393][ T5995] >ffff0000dacb4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.153162][ T5995] ^ [ 60.154039][ T5995] ffff0000dacb4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.155639][ T5995] ffff0000dacb4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.157273][ T5995] ================================================================== [ 60.159191][ T5995] Unable to handle kernel paging request at virtual address dfff800000000002 [ 60.161761][ T5995] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] [ 60.163514][ T5995] Mem abort info: [ 60.164333][ T5995] ESR = 0x0000000096000005 [ 60.165362][ T5995] EC = 0x25: DABT (current EL), IL = 32 bits [ 60.166677][ T5995] SET = 0, FnV = 0 [ 60.167621][ T5995] EA = 0, S1PTW = 0 [ 60.168472][ T5995] FSC = 0x05: level 1 translation fault [ 60.169697][ T5995] Data abort info: [ 60.170466][ T5995] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 60.171650][ T5995] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 60.172823][ T5995] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 60.174075][ T5995] [dfff800000000002] address between user and kernel address ranges [ 60.175644][ T5995] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP [ 60.176997][ T5995] Modules linked in: [ 60.177780][ T5995] CPU: 0 UID: 0 PID: 5995 Comm: kworker/u9:1 Tainted: G B W 6.12.0-syzkaller-00237-g7b1d1d4cfac0 #0 [ 60.180371][ T5995] Tainted: [B]=BAD_PAGE, [W]=WARN [ 60.181414][ T5995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 60.183462][ T5995] Workqueue: hci0 hci_rx_work [ 60.184410][ T5995] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 60.186039][ T5995] pc : bcmp+0x134/0x1c8 [ 60.186916][ T5995] lr : hci_le_create_big_complete_evt+0x210/0x998 [ 60.188103][ T5995] sp : ffff8000a34f7710 [ 60.188971][ T5995] x29: ffff8000a34f7720 x28: ffff800092954d80 x27: 1ffff0001469eef4 [ 60.190618][ T5995] x26: ffff0000d17d1dbb x25: dfff800000000000 x24: dfff800000000000 [ 60.192158][ T5995] x23: ffff8000a34f77c0 x22: 0000000000000014 x21: 0000000000000014 [ 60.193839][ T5995] x20: ffff8000a34f77c0 x19: 0000000000000006 x18: 0000000000000008 [ 60.195483][ T5995] x17: 3d3d3d3d3d3d3d3d x16: ffff80008b47f808 x15: ffff70001469eef8 [ 60.197220][ T5995] x14: 1ffff0001469eef8 x13: 0000000000000006 x12: ffffffffffffffff [ 60.198810][ T5995] x11: ffff70001469eef8 x10: 1ffff0001469eef8 x9 : 0000000000000004 [ 60.200500][ T5995] x8 : 0000000000000002 x7 : 0000000000000000 x6 : ffff80008b6227cc [ 60.202094][ T5995] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff80008a6ac38c [ 60.203797][ T5995] x2 : 0000000000000006 x1 : ffff8000a34f77c0 x0 : 0000000000000014 [ 60.205395][ T5995] Call trace: [ 60.206086][ T5995] bcmp+0x134/0x1c8 (P) [ 60.206950][ T5995] hci_le_create_big_complete_evt+0x210/0x998 (L) [ 60.208353][ T5995] hci_le_create_big_complete_evt+0x210/0x998 [ 60.209581][ T5995] hci_le_meta_evt+0x2a4/0x478 [ 60.210567][ T5995] hci_event_packet+0x890/0x106c [ 60.211586][ T5995] hci_rx_work+0x318/0xa80 [ 60.212430][ T5995] process_one_work+0x7bc/0x1600 [ 60.213403][ T5995] worker_thread+0x97c/0xeec [ 60.214304][ T5995] kthread+0x288/0x310 [ 60.215038][ T5995] ret_from_fork+0x10/0x20 [ 60.215923][ T5995] Code: aa1503f6 aa1403f7 d343fea8 12000aa9 (38f86908) [ 60.217258][ T5995] ---[ end trace 0000000000000000 ]--- [ 60.641740][ T5995] Kernel panic - not syncing: Oops: Fatal exception [ 60.643162][ T5995] SMP: stopping secondary CPUs [ 60.644134][ T5995] Kernel Offset: disabled [ 60.645091][ T5995] CPU features: 0x40,0000081c,00800250,82017203 [ 60.646385][ T5995] Memory Limit: none [ 61.051763][ T5995] Rebooting in 86400 seconds..