Warning: Permanently added '10.128.10.7' (ED25519) to the list of known hosts. 2024/09/22 16:04:16 ignoring optional flag "sandboxArg"="0" 2024/09/22 16:04:16 parsed 1 programs 2024/09/22 16:04:16 executed programs: 0 [ 52.676758][ T1908] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.754596][ T1933] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 52.763779][ T1937] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 52.771012][ T1937] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 52.779332][ T1937] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 52.783567][ T1940] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 52.786706][ T1937] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 52.793759][ T1940] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 52.800341][ T1943] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 52.808155][ T1940] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 52.814281][ T1937] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 52.821365][ T1945] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 52.835161][ T1937] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 52.835582][ T1945] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 52.842250][ T1943] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 52.849688][ T1945] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 52.863380][ T1943] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 52.864475][ T1945] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 52.870889][ T1937] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 52.878062][ T1945] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 52.885420][ T1937] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 52.892037][ T1946] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 52.898491][ T1937] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 52.905668][ T1945] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 52.912451][ T1937] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 52.920254][ T1946] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 52.926232][ T1937] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 52.933037][ T1945] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 52.940038][ T1937] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 52.948178][ T48] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 52.954307][ T1937] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 52.968147][ T1937] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 52.975115][ T1945] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 52.975635][ T1937] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 52.988323][ T1945] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 52.990292][ T1937] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 52.996124][ T1945] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 53.563025][ T1921] chnl_net:caif_netlink_parms(): no params data found [ 53.574174][ T1934] chnl_net:caif_netlink_parms(): no params data found [ 53.621668][ T1930] chnl_net:caif_netlink_parms(): no params data found [ 53.727817][ T1919] chnl_net:caif_netlink_parms(): no params data found [ 53.737583][ T1920] chnl_net:caif_netlink_parms(): no params data found [ 53.878933][ T1931] chnl_net:caif_netlink_parms(): no params data found [ 55.012850][ T1937] Bluetooth: hci5: command tx timeout [ 55.018323][ T1945] Bluetooth: hci2: command tx timeout [ 55.023986][ T1926] Bluetooth: hci1: command tx timeout [ 55.092850][ T1937] Bluetooth: hci0: command tx timeout [ 55.098411][ T1937] Bluetooth: hci4: command tx timeout [ 55.104206][ T1945] Bluetooth: hci3: command tx timeout [ 57.092619][ T1937] Bluetooth: hci5: command tx timeout [ 57.098118][ T1926] Bluetooth: hci2: command tx timeout [ 57.104626][ T1926] Bluetooth: hci1: command tx timeout [ 57.172536][ T1937] Bluetooth: hci4: command tx timeout [ 57.177955][ T1937] Bluetooth: hci3: command tx timeout [ 57.183567][ T1945] Bluetooth: hci0: command tx timeout [ 59.173869][ T1937] Bluetooth: hci5: command tx timeout [ 59.179304][ T1937] Bluetooth: hci1: command tx timeout [ 59.184838][ T1926] Bluetooth: hci2: command tx timeout [ 59.252557][ T1937] Bluetooth: hci3: command tx timeout [ 59.258004][ T1945] Bluetooth: hci0: command tx timeout [ 59.263569][ T1926] Bluetooth: hci4: command tx timeout [ 59.929136][ T1934] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.094520][ T1930] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.142327][ T1919] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.181985][ T1921] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.240668][ T1931] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.271696][ T1920] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.260636][ T1937] Bluetooth: hci1: command tx timeout [ 61.266129][ T1945] Bluetooth: hci2: command tx timeout [ 61.271506][ T1945] Bluetooth: hci5: command tx timeout [ 61.334472][ T1945] Bluetooth: hci3: command tx timeout [ 61.339918][ T1945] Bluetooth: hci0: command tx timeout [ 61.345754][ T1937] Bluetooth: hci4: command tx timeout [ 64.206434][ T1921] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.254731][ T1934] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.349961][ T1930] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.366423][ T1920] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.398730][ T1919] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.420222][ T1931] 8021q: adding VLAN 0 to HW filter on device batadv0 2024/09/22 16:04:35 executed programs: 6 [ 71.997385][ T1926] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 72.004721][ T1926] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 72.011907][ T1926] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 72.019903][ T1926] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 72.027848][ T1926] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 72.036484][ T1926] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 72.045809][ T1295] bond0 (unregistering): Released all slaves [ 72.055832][ T1926] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 72.064194][ T1926] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 72.071692][ T1926] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 72.079724][ T4330] ================================================================== [ 72.087776][ T4330] BUG: KASAN: slab-use-after-free in device_for_each_child+0xa1/0x160 [ 72.096001][ T4330] Read of size 8 at addr ffff8881752c9308 by task kbnepd bnep0/4330 [ 72.103958][ T4330] [ 72.106270][ T4330] CPU: 0 UID: 0 PID: 4330 Comm: kbnepd bnep0 Not tainted 6.11.0-syzkaller #0 [ 72.115012][ T4330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 72.125051][ T4330] Call Trace: [ 72.128308][ T4330] [ 72.131214][ T4330] dump_stack_lvl+0x108/0x280 [ 72.135885][ T4330] ? __pfx_dump_stack_lvl+0x10/0x10 [ 72.141140][ T4330] ? __pfx__printk+0x10/0x10 [ 72.145701][ T4330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 72.151303][ T4330] ? __virt_addr_valid+0x141/0x270 [ 72.156381][ T4330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 72.161980][ T4330] ? __virt_addr_valid+0x229/0x270 [ 72.167059][ T4330] print_report+0x169/0x550 [ 72.171561][ T4330] ? __virt_addr_valid+0x141/0x270 [ 72.176640][ T4330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 72.182243][ T4330] ? __virt_addr_valid+0x229/0x270 [ 72.187322][ T4330] ? device_for_each_child+0xa1/0x160 [ 72.192663][ T4330] kasan_report+0x143/0x180 [ 72.197134][ T4330] ? device_for_each_child+0xa1/0x160 [ 72.202475][ T4330] ? __pfx_dev_memalloc_noio+0x10/0x10 [ 72.207905][ T4330] device_for_each_child+0xa1/0x160 [ 72.213072][ T4330] ? __pfx_device_for_each_child+0x10/0x10 [ 72.218845][ T4330] ? do_raw_spin_unlock+0x13c/0x8b0 [ 72.224014][ T4330] pm_runtime_set_memalloc_noio+0x105/0x200 [ 72.229875][ T4330] netdev_unregister_kobject+0x158/0x230 [ 72.235482][ T4330] unregister_netdevice_many_notify+0x1762/0x1ac0 [ 72.241869][ T4330] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 72.248594][ T4330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 72.254199][ T4330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 72.259802][ T4330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 72.265402][ T4330] unregister_netdev+0x17c/0x1d0 [ 72.270306][ T4330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 72.275904][ T4330] ? __pfx_unregister_netdev+0x10/0x10 [ 72.281329][ T4330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 72.286929][ T4330] ? remove_wait_queue+0x33/0x130 [ 72.291921][ T4330] bnep_session+0x28f3/0x2aa0 [ 72.296568][ T4330] ? __lock_acquire+0x61d/0xc70 [ 72.301393][ T4330] ? __pfx_bnep_session+0x10/0x10 [ 72.306385][ T4330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 72.311983][ T4330] ? _raw_spin_unlock_irqrestore+0xcf/0x130 [ 72.317843][ T4330] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 72.324139][ T4330] ? __pfx_woken_wake_function+0x10/0x10 [ 72.329740][ T4330] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 72.336035][ T4330] ? srso_alias_return_thunk+0x5/0xfbef5 [ 72.341632][ T4330] ? __kthread_parkme+0x80/0x140 [ 72.346542][ T4330] ? __pfx_bnep_session+0x10/0x10 [ 72.351535][ T4330] kthread+0x26a/0x2c0 [ 72.355574][ T4330] ? __pfx_bnep_session+0x10/0x10 [ 72.360563][ T4330] ? __pfx_kthread+0x10/0x10 [ 72.365119][ T4330] ret_from_fork+0x34/0x60 [ 72.369504][ T4330] ? __pfx_kthread+0x10/0x10 [ 72.374079][ T4330] ret_from_fork_asm+0x1a/0x30 [ 72.378817][ T4330] [ 72.381810][ T4330] [ 72.384106][ T4330] Allocated by task 1934: [ 72.388401][ T4330] kasan_save_track+0x3f/0x80 [ 72.393046][ T4330] __kasan_kmalloc+0x98/0xb0 [ 72.397601][ T4330] __kmalloc_noprof+0x1d5/0x440 [ 72.402419][ T4330] hci_alloc_dev_priv+0x1d/0x2010 [ 72.407411][ T4330] vhci_create_device+0x110/0x660 [ 72.412404][ T4330] vhci_write+0x2d4/0x3d0 [ 72.416791][ T4330] vfs_write+0xa95/0xef0 [ 72.421000][ T4330] ksys_write+0x163/0x250 [ 72.425301][ T4330] do_syscall_64+0x8d/0x190 [ 72.429773][ T4330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.435633][ T4330] [ 72.437931][ T4330] Freed by task 1934: [ 72.441879][ T4330] kasan_save_track+0x3f/0x80 [ 72.446526][ T4330] kasan_save_free_info+0x40/0x50 [ 72.451514][ T4330] __kasan_slab_free+0x59/0x70 [ 72.456242][ T4330] kfree+0x186/0x3e0 [ 72.460104][ T4330] hci_release_dev+0x1345/0x14b0 [ 72.465011][ T4330] bt_host_release+0x5f/0x70 [ 72.469569][ T4330] device_release+0x94/0x140 [ 72.474126][ T4330] kobject_put+0x188/0x340 [ 72.478508][ T4330] vhci_release+0x7e/0xc0 [ 72.482804][ T4330] __fput+0x1a6/0x660 [ 72.486756][ T4330] task_work_run+0x211/0x290 [ 72.491311][ T4330] do_exit+0x8b6/0x2550 [ 72.495436][ T4330] do_group_exit+0x1ba/0x280 [ 72.499993][ T4330] __x64_sys_exit_group+0x3f/0x40 [ 72.504983][ T4330] x64_sys_call+0x2634/0x2640 [ 72.509626][ T4330] do_syscall_64+0x8d/0x190 [ 72.514099][ T4330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.519959][ T4330] [ 72.522256][ T4330] Last potentially related work creation: [ 72.527937][ T4330] kasan_save_stack+0x3f/0x60 [ 72.532580][ T4330] __kasan_record_aux_stack+0xac/0xc0 [ 72.537926][ T4330] insert_work+0x38/0x230 [ 72.542221][ T4330] __queue_work+0x8a9/0xa80 [ 72.546692][ T4330] queue_work_on+0x123/0x1f0 [ 72.551245][ T4330] process_scheduled_works+0x8ea/0x1360 [ 72.556754][ T4330] worker_thread+0x868/0xc70 [ 72.561308][ T4330] kthread+0x26a/0x2c0 [ 72.565339][ T4330] ret_from_fork+0x34/0x60 [ 72.569721][ T4330] ret_from_fork_asm+0x1a/0x30 [ 72.574448][ T4330] [ 72.576743][ T4330] Second to last potentially related work creation: [ 72.583291][ T4330] kasan_save_stack+0x3f/0x60 [ 72.587936][ T4330] __kasan_record_aux_stack+0xac/0xc0 [ 72.593272][ T4330] insert_work+0x38/0x230 [ 72.597567][ T4330] __queue_work+0x88a/0xa80 [ 72.602035][ T4330] call_timer_fn+0x128/0x320 [ 72.606590][ T4330] __run_timer_base+0x560/0x600 [ 72.611404][ T4330] run_timer_softirq+0x79/0xd0 [ 72.616132][ T4330] handle_softirqs+0x1b7/0x570 [ 72.620864][ T4330] __irq_exit_rcu+0x45/0xe0 [ 72.625334][ T4330] sysvec_apic_timer_interrupt+0x92/0xb0 [ 72.630930][ T4330] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 72.636875][ T4330] [ 72.639170][ T4330] The buggy address belongs to the object at ffff8881752c8000 [ 72.639170][ T4330] which belongs to the cache kmalloc-8k of size 8192 [ 72.653188][ T4330] The buggy address is located 4872 bytes inside of [ 72.653188][ T4330] freed 8192-byte region [ffff8881752c8000, ffff8881752ca000) [ 72.667118][ T4330] [ 72.669412][ T4330] The buggy address belongs to the physical page: [ 72.675793][ T4330] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1752c8 [ 72.684604][ T4330] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 72.693064][ T4330] flags: 0x100000000000040(head|node=0|zone=2) [ 72.699192][ T4330] page_type: f5(slab) [ 72.703164][ T4330] raw: 0100000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 72.711740][ T4330] raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000 [ 72.720299][ T4330] head: 0100000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 72.728938][ T4330] head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000 [ 72.737573][ T4330] head: 0100000000000003 ffffea0005d4b201 ffffffffffffffff 0000000000000000 [ 72.746209][ T4330] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 72.754850][ T4330] page dumped because: kasan: bad access detected [ 72.761232][ T4330] page_owner tracks the page as allocated [ 72.766914][ T4330] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1934, tgid 1934 (syz-executor.5), ts 52753489487, free_ts 52746029914 [ 72.788410][ T4330] post_alloc_hook+0x10f/0x130 [ 72.793148][ T4330] get_page_from_freelist+0x4213/0x43f0 [ 72.798665][ T4330] __alloc_pages_noprof+0x256/0x670 [ 72.803829][ T4330] alloc_pages_mpol_noprof+0x289/0x4e0 [ 72.809252][ T4330] alloc_slab_page+0x6a/0x120 [ 72.813899][ T4330] allocate_slab+0x5d/0x290 [ 72.818364][ T4330] ___slab_alloc+0xa7f/0x11d0 [ 72.823007][ T4330] __kmalloc_noprof+0x25a/0x440 [ 72.827828][ T4330] hci_alloc_dev_priv+0x1d/0x2010 [ 72.832819][ T4330] vhci_create_device+0x110/0x660 [ 72.837812][ T4330] vhci_write+0x2d4/0x3d0 [ 72.842104][ T4330] vfs_write+0xa95/0xef0 [ 72.846313][ T4330] ksys_write+0x163/0x250 [ 72.850609][ T4330] do_syscall_64+0x8d/0x190 [ 72.855077][ T4330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.860934][ T4330] page last free pid 1921 tgid 1921 stack trace: [ 72.867222][ T4330] free_unref_page+0xab7/0xc90 [ 72.871950][ T4330] __put_partials+0x18e/0x1d0 [ 72.876595][ T4330] put_cpu_partial+0x151/0x1b0 [ 72.881321][ T4330] __slab_free+0x2b8/0x3a0 [ 72.885703][ T4330] qlist_free_all+0x9a/0x140 [ 72.890257][ T4330] kasan_quarantine_reduce+0x14f/0x170 [ 72.895706][ T4330] __kasan_slab_alloc+0x23/0x80 [ 72.900522][ T4330] __kmalloc_cache_noprof+0x12a/0x360 [ 72.905860][ T4330] tomoyo_init_log+0x1d3/0x1fe0 [ 72.910684][ T4330] tomoyo_supervisor+0x316/0xfb0 [ 72.915589][ T4330] tomoyo_path_number_perm+0x3c2/0x6c0 [ 72.921013][ T4330] security_file_ioctl+0x5c/0x100 [ 72.926010][ T4330] __se_sys_ioctl+0x36/0xf0 [ 72.930481][ T4330] do_syscall_64+0x8d/0x190 [ 72.934953][ T4330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.940814][ T4330] [ 72.943109][ T4330] Memory state around the buggy address: [ 72.948708][ T4330] ffff8881752c9200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.956735][ T4330] ffff8881752c9280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.964763][ T4330] >ffff8881752c9300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.972790][ T4330] ^ [ 72.977086][ T4330] ffff8881752c9380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.985114][ T4330] ffff8881752c9400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.993143][ T4330] ================================================================== [ 73.001527][ T4330] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 73.009018][ T4330] Kernel Offset: disabled [ 73.013320][ T4330] Rebooting in 86400 seconds..