Warning: Permanently added '10.128.10.25' (ED25519) to the list of known hosts.
2023/08/31 18:04:05 ignoring optional flag "sandboxArg"="0"
2023/08/31 18:04:05 parsed 1 programs
2023/08/31 18:04:05 executed programs: 0
[   48.210677][ T1914] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   48.236598][ T1251] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   48.243874][ T1251] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   48.251200][ T1251] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   48.258753][ T1251] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   48.266162][ T1251] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   48.273370][ T1251] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   48.433394][ T1920] chnl_net:caif_netlink_parms(): no params data found
[   49.804176][ T1920] 8021q: adding VLAN 0 to HW filter on device bond0
[   50.359654][ T1251] Bluetooth: hci0: command 0x0409 tx timeout
[   50.714848][ T1920] 8021q: adding VLAN 0 to HW filter on device batadv0
[   52.429802][ T1404] Bluetooth: hci0: command 0x041b tx timeout
2023/08/31 18:04:10 executed programs: 1
[   54.509555][ T1404] Bluetooth: hci0: command 0x040f tx timeout
[   56.589537][ T1404] Bluetooth: hci0: command 0x0419 tx timeout
[   57.229528][  T421] ==================================================================
[   57.237596][  T421] BUG: KASAN: slab-use-after-free in hci_send_acl+0xd43/0x1150
[   57.245203][  T421] Read of size 8 at addr ffff88810da4d618 by task kworker/1:2/421
[   57.253058][  T421] 
[   57.255354][  T421] CPU: 1 PID: 421 Comm: kworker/1:2 Not tainted 6.5.0-rc5-syzkaller #0
[   57.263664][  T421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[   57.273957][  T421] Workqueue: events l2cap_info_timeout
[   57.279493][  T421] Call Trace:
[   57.282752][  T421]  <TASK>
[   57.285753][  T421]  dump_stack_lvl+0x3d/0x60
[   57.290234][  T421]  print_report+0xc4/0x620
[   57.294624][  T421]  kasan_report+0xda/0x110
[   57.299010][  T421]  ? hci_send_acl+0xd43/0x1150
[   57.303744][  T421]  ? hci_send_acl+0xd43/0x1150
[   57.308476][  T421]  hci_send_acl+0xd43/0x1150
[   57.313172][  T421]  ? l2cap_send_cmd+0x6d9/0x950
[   57.317994][  T421]  l2cap_send_conn_req+0x1c5/0x240
[   57.323187][  T421]  ? l2cap_connect+0x10e0/0x10e0
[   57.328094][  T421]  l2cap_conn_start+0x615/0x870
[   57.332913][  T421]  ? l2cap_chan_timeout+0x280/0x280
[   57.338080][  T421]  ? __lock_acquire.constprop.0+0x486/0xf20
[   57.343944][  T421]  ? reacquire_held_locks+0x380/0x380
[   57.349461][  T421]  ? _raw_spin_unlock+0x28/0x40
[   57.354279][  T421]  ? lock_acquire+0x12a/0x2b0
[   57.358937][  T421]  process_one_work+0x922/0x1370
[   57.363861][  T421]  ? mod_delayed_work_on+0x290/0x290
[   57.369374][  T421]  ? spin_bug+0x1d0/0x1d0
[   57.373671][  T421]  worker_thread+0xfb/0xe40
[   57.378141][  T421]  ? __kthread_parkme+0x7e/0x150
[   57.383069][  T421]  ? rescuer_thread+0xb60/0xb60
[   57.387915][  T421]  kthread+0x278/0x330
[   57.392081][  T421]  ? kthread_complete_and_exit+0x20/0x20
[   57.397692][  T421]  ret_from_fork+0x2c/0x70
[   57.402077][  T421]  ? kthread_complete_and_exit+0x20/0x20
[   57.407680][  T421]  ret_from_fork_asm+0x11/0x20
[   57.412606][  T421]  </TASK>
[   57.415598][  T421] 
[   57.417892][  T421] Allocated by task 2322:
[   57.422219][  T421]  kasan_save_stack+0x33/0x50
[   57.426864][  T421]  kasan_set_track+0x25/0x30
[   57.431420][  T421]  __kasan_kmalloc+0xa2/0xb0
[   57.435976][  T421]  hci_chan_create+0x88/0x360
[   57.440624][  T421]  l2cap_conn_add.part.0+0x12/0xd10
[   57.445789][  T421]  l2cap_chan_connect+0x11eb/0x1b10
[   57.450964][  T421]  lowpan_control_write+0x33b/0x600
[   57.456144][  T421]  full_proxy_write+0xf1/0x150
[   57.460881][  T421]  vfs_write+0x208/0xc80
[   57.465267][  T421]  ksys_write+0xf6/0x1d0
[   57.469479][  T421]  do_syscall_64+0x38/0xb0
[   57.473953][  T421]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.479815][  T421] 
[   57.482146][  T421] Freed by task 1404:
[   57.486268][  T421]  kasan_save_stack+0x33/0x50
[   57.491009][  T421]  kasan_set_track+0x25/0x30
[   57.495743][  T421]  kasan_save_free_info+0x2b/0x40
[   57.500752][  T421]  ____kasan_slab_free+0x15e/0x1b0
[   57.505938][  T421]  slab_free_freelist_hook+0x10b/0x1e0
[   57.511462][  T421]  __kmem_cache_free+0xba/0x340
[   57.516298][  T421]  hci_chan_list_flush+0x6d/0xd0
[   57.521215][  T421]  hci_conn_del+0x181/0xb70
[   57.525692][  T421]  hci_abort_conn_sync+0x351/0x870
[   57.530824][  T421]  hci_cmd_sync_work+0x173/0x340
[   57.535837][  T421]  process_one_work+0x922/0x1370
[   57.540918][  T421]  worker_thread+0xfb/0xe40
[   57.545391][  T421]  kthread+0x278/0x330
[   57.549424][  T421]  ret_from_fork+0x2c/0x70
[   57.553811][  T421]  ret_from_fork_asm+0x11/0x20
[   57.558541][  T421] 
[   57.560835][  T421] Last potentially related work creation:
[   57.566519][  T421]  kasan_save_stack+0x33/0x50
[   57.571178][  T421]  __kasan_record_aux_stack+0xbc/0xd0
[   57.576518][  T421]  kvfree_call_rcu+0x63/0x970
[   57.581160][  T421]  kernfs_unlink_open_file+0x2b4/0x380
[   57.586706][  T421]  kernfs_fop_release+0xce/0x1c0
[   57.591611][  T421]  __fput+0x339/0xa20
[   57.595657][  T421]  task_work_run+0x114/0x1f0
[   57.600236][  T421]  exit_to_user_mode_prepare+0x13f/0x150
[   57.605921][  T421]  syscall_exit_to_user_mode+0x16/0x30
[   57.611788][  T421]  do_syscall_64+0x44/0xb0
[   57.616189][  T421]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   57.622326][  T421] 
[   57.624769][  T421] The buggy address belongs to the object at ffff88810da4d600
[   57.624769][  T421]  which belongs to the cache kmalloc-128 of size 128
[   57.639050][  T421] The buggy address is located 24 bytes inside of
[   57.639050][  T421]  freed 128-byte region [ffff88810da4d600, ffff88810da4d680)
[   57.653002][  T421] 
[   57.655388][  T421] The buggy address belongs to the physical page:
[   57.661768][  T421] page:ffffea0004369340 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10da4d
[   57.671984][  T421] flags: 0x100000000000200(slab|node=0|zone=2)
[   57.678205][  T421] page_type: 0xffffffff()
[   57.682557][  T421] raw: 0100000000000200 ffff8881000418c0 ffffea0004369280 dead000000000004
[   57.691116][  T421] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[   57.699750][  T421] page dumped because: kasan: bad access detected
[   57.706160][  T421] page_owner tracks the page as allocated
[   57.711843][  T421] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 2575840749, free_ts 2563289409
[   57.729429][  T421]  post_alloc_hook+0x281/0x2f0
[   57.734172][  T421]  get_page_from_freelist+0x1131/0x3d90
[   57.739685][  T421]  __alloc_pages+0x1d0/0x470
[   57.744247][  T421]  alloc_page_interleave+0xf/0x200
[   57.749335][  T421]  allocate_slab+0x24e/0x360
[   57.753906][  T421]  ___slab_alloc+0x7a7/0x1000
[   57.758551][  T421]  __slab_alloc.constprop.0+0x4d/0x90
[   57.764151][  T421]  __kmem_cache_alloc_node+0x143/0x390
[   57.769579][  T421]  kmalloc_trace+0x25/0xb0
[   57.774055][  T421]  acpi_device_add+0x46d/0xae0
[   57.778787][  T421]  acpi_add_single_object+0xa15/0x1810
[   57.784217][  T421]  acpi_bus_check_add+0x1a6/0x490
[   57.789218][  T421]  acpi_bus_scan+0x8d/0x400
[   57.793712][  T421]  acpi_scan_init+0x1ea/0x630
[   57.798529][  T421]  acpi_init+0x380/0x870
[   57.802741][  T421]  do_one_initcall+0xcd/0x3c0
[   57.807387][  T421] page last free stack trace:
[   57.812030][  T421]  free_unref_page_prepare+0x5ac/0xcf0
[   57.817456][  T421]  free_unref_page+0x33/0x350
[   57.822101][  T421]  __unfreeze_partials+0x1f1/0x210
[   57.827181][  T421]  qlist_free_all+0x6a/0x170
[   57.831745][  T421]  kasan_quarantine_remove_cache+0xe7/0x170
[   57.837867][  T421]  kmem_cache_shrink+0xd/0x20
[   57.842632][  T421]  acpi_os_purge_cache+0x9/0x10
[   57.847463][  T421]  acpi_purge_cached_objects+0xa8/0xf0
[   57.852917][  T421]  acpi_initialize_objects+0x1c/0x70
[   57.858187][  T421]  acpi_init+0x12f/0x870
[   57.862446][  T421]  do_one_initcall+0xcd/0x3c0
[   57.867286][  T421]  kernel_init_freeable+0x504/0x840
[   57.872452][  T421]  kernel_init+0x1a/0x1c0
[   57.876749][  T421]  ret_from_fork+0x2c/0x70
[   57.881135][  T421]  ret_from_fork_asm+0x11/0x20
[   57.885872][  T421] 
[   57.888343][  T421] Memory state around the buggy address:
[   57.893964][  T421]  ffff88810da4d500: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[   57.901997][  T421]  ffff88810da4d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.910203][  T421] >ffff88810da4d600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.918407][  T421]                             ^
[   57.923311][  T421]  ffff88810da4d680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.931425][  T421]  ffff88810da4d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[   57.939457][  T421] ==================================================================
[   57.947703][  T421] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   57.955361][  T421] Kernel Offset: disabled
[   57.959661][  T421] Rebooting in 86400 seconds..