Warning: Permanently added '10.128.0.127' (ED25519) to the list of known hosts. 2025/06/15 01:29:43 ignoring optional flag "sandboxArg"="0" 2025/06/15 01:29:44 parsed 1 programs [ 77.207321][ T3259] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 78.665439][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.673122][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.680397][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.691848][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.712918][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.221954][ T3273] chnl_net:caif_netlink_parms(): no params data found [ 81.110278][ T3273] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.268166][ T3273] 8021q: adding VLAN 0 to HW filter on device batadv0 2025/06/15 01:29:52 executed programs: 0 [ 84.314046][ T2427] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.324796][ T2427] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.332192][ T2427] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.340958][ T2427] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.348970][ T2427] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.363872][ T2226] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.371533][ T2226] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.382283][ T2226] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.393173][ T2226] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.402640][ T2226] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.410119][ T3726] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.421366][ T3726] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.434549][ T3726] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.444090][ T3726] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 84.451384][ T3726] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.453969][ T2427] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.458551][ T3726] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 84.466039][ T2427] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.481000][ T3726] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 84.484348][ T2427] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 84.495345][ T3734] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.504119][ T3734] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.504151][ T2427] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 84.520544][ T48] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 84.531778][ T2226] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 84.817186][ T35] bond0 (unregistering): Released all slaves [ 85.058452][ T3714] chnl_net:caif_netlink_parms(): no params data found [ 85.271414][ T3724] chnl_net:caif_netlink_parms(): no params data found [ 85.321761][ T3719] chnl_net:caif_netlink_parms(): no params data found [ 85.376115][ T3723] chnl_net:caif_netlink_parms(): no params data found [ 85.536719][ T3722] chnl_net:caif_netlink_parms(): no params data found [ 86.382658][ T2427] Bluetooth: hci0: command tx timeout [ 86.462584][ T2427] Bluetooth: hci1: command tx timeout [ 86.542627][ T2427] Bluetooth: hci2: command tx timeout [ 86.622636][ T2427] Bluetooth: hci4: command tx timeout [ 86.623192][ T3727] Bluetooth: hci3: command tx timeout [ 88.462736][ T3727] Bluetooth: hci0: command tx timeout [ 88.542601][ T3727] Bluetooth: hci1: command tx timeout [ 88.622668][ T3727] Bluetooth: hci2: command tx timeout [ 88.702603][ T3727] Bluetooth: hci3: command tx timeout [ 88.702651][ T2427] Bluetooth: hci4: command tx timeout [ 90.542745][ T2427] Bluetooth: hci0: command tx timeout [ 90.622726][ T2427] Bluetooth: hci1: command tx timeout [ 90.702839][ T2427] Bluetooth: hci2: command tx timeout [ 90.797528][ T2427] Bluetooth: hci3: command tx timeout [ 90.797569][ T3727] Bluetooth: hci4: command tx timeout [ 91.598162][ T3714] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.814530][ T3724] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.046327][ T3719] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.062439][ T3723] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.090073][ T3722] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.632822][ T3727] Bluetooth: hci0: command tx timeout [ 92.702859][ T3727] Bluetooth: hci1: command tx timeout [ 92.782669][ T3727] Bluetooth: hci2: command tx timeout [ 92.862811][ T2427] Bluetooth: hci3: command tx timeout [ 92.862813][ T3727] Bluetooth: hci4: command tx timeout [ 96.713794][ T3714] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.954441][ T3724] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.027636][ T3719] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.080314][ T3723] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.168120][ T3722] 8021q: adding VLAN 0 to HW filter on device batadv0 2025/06/15 01:30:12 executed programs: 10 2025/06/15 01:30:18 executed programs: 56 2025/06/15 01:30:23 executed programs: 109 [ 115.910582][ T5889] ================================================================== [ 115.918679][ T5889] BUG: KASAN: slab-use-after-free in do_sync_mmap_readahead+0x41f/0x7d0 [ 115.927021][ T5889] Read of size 8 at addr ffff88806eb087d0 by task syz.6.119/5889 [ 115.934730][ T5889] [ 115.937081][ T5889] CPU: 0 UID: 0 PID: 5889 Comm: syz.6.119 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 115.937101][ T5889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 115.937109][ T5889] Call Trace: [ 115.937114][ T5889] [ 115.937119][ T5889] dump_stack_lvl+0xf4/0x170 [ 115.937133][ T5889] ? __pfx_dump_stack_lvl+0x10/0x10 [ 115.937141][ T5889] ? rcu_is_watching+0x1f/0xa0 [ 115.937149][ T5889] ? __virt_addr_valid+0x176/0x2b0 [ 115.937156][ T5889] ? lock_release+0x42/0x2f0 [ 115.937163][ T5889] ? lock_acquire+0x69/0x210 [ 115.937170][ T5889] ? __virt_addr_valid+0x176/0x2b0 [ 115.937177][ T5889] ? __virt_addr_valid+0x262/0x2b0 [ 115.937184][ T5889] print_report+0xd2/0x2b0 [ 115.937193][ T5889] ? do_sync_mmap_readahead+0x41f/0x7d0 [ 115.937201][ T5889] kasan_report+0x118/0x150 [ 115.937208][ T5889] ? do_sync_mmap_readahead+0x41f/0x7d0 [ 115.937217][ T5889] do_sync_mmap_readahead+0x41f/0x7d0 [ 115.937227][ T5889] ? __pfx_do_sync_mmap_readahead+0x10/0x10 [ 115.937236][ T5889] ? count_memcg_event_mm+0x17/0xa0 [ 115.937243][ T5889] ? count_memcg_event_mm+0x17/0xa0 [ 115.937251][ T5889] filemap_fault+0x4d0/0xd70 [ 115.937261][ T5889] ? __pfx_filemap_fault+0x10/0x10 [ 115.937268][ T5889] ? __pfx_filemap_map_pages+0x10/0x10 [ 115.937279][ T5889] __do_fault+0x112/0x290 [ 115.937286][ T5889] handle_mm_fault+0x1ba0/0x3e20 [ 115.937294][ T5889] ? handle_mm_fault+0x1095/0x3e20 [ 115.937307][ T5889] ? __pfx_handle_mm_fault+0x10/0x10 [ 115.937317][ T5889] ? __pfx_follow_page_pte+0x10/0x10 [ 115.937327][ T5889] ? check_vma_flags+0x95/0x1e0 [ 115.937335][ T5889] __get_user_pages+0x189a/0x21e0 [ 115.937344][ T5889] ? mt_find+0x168/0x440 [ 115.937358][ T5889] ? __pfx___get_user_pages+0x10/0x10 [ 115.937368][ T5889] populate_vma_page_range+0x1b5/0x260 [ 115.937376][ T5889] ? __pfx_populate_vma_page_range+0x10/0x10 [ 115.937386][ T5889] __mm_populate+0x1ea/0x2b0 [ 115.937394][ T5889] ? __pfx___mm_populate+0x10/0x10 [ 115.937401][ T5889] ? vm_mmap_pgoff+0x23a/0x370 [ 115.937410][ T5889] vm_mmap_pgoff+0x251/0x370 [ 115.937419][ T5889] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 115.937426][ T5889] ? __fget_files+0x2e/0x2a0 [ 115.937434][ T5889] ? __fget_files+0x23d/0x2a0 [ 115.937440][ T5889] ? __fget_files+0x2e/0x2a0 [ 115.937446][ T5889] ksys_mmap_pgoff+0x2be/0x3f0 [ 115.937456][ T5889] do_syscall_64+0x8f/0x250 [ 115.937464][ T5889] ? fpregs_assert_state_consistent+0x48/0x60 [ 115.937472][ T5889] ? clear_bhb_loop+0x40/0x90 [ 115.937480][ T5889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.937487][ T5889] RIP: 0033:0x7fcf2ab8e929 [ 115.937498][ T5889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 115.937504][ T5889] RSP: 002b:00007fcf2b9de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 115.937515][ T5889] RAX: ffffffffffffffda RBX: 00007fcf2adb5fa0 RCX: 00007fcf2ab8e929 [ 115.937519][ T5889] RDX: 0000000001000006 RSI: 0000000000b36000 RDI: 0000200000000000 [ 115.937522][ T5889] RBP: 00007fcf2ac10b39 R08: 0000000000000006 R09: 0000000000000000 [ 115.937527][ T5889] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000000 [ 115.937531][ T5889] R13: 0000000000000000 R14: 00007fcf2adb5fa0 R15: 00007ffe33968428 [ 115.937540][ T5889] [ 115.937543][ T5889] [ 116.256455][ T5889] Allocated by task 5889: [ 116.260757][ T5889] kasan_save_track+0x3e/0x80 [ 116.265407][ T5889] __kasan_slab_alloc+0x6c/0x80 [ 116.270231][ T5889] kmem_cache_alloc_noprof+0x1b1/0x400 [ 116.275656][ T5889] vm_area_alloc+0x1f/0x130 [ 116.280132][ T5889] mmap_region+0xcec/0x1b20 [ 116.284610][ T5889] do_mmap+0x95c/0xc60 [ 116.288662][ T5889] vm_mmap_pgoff+0x1c0/0x370 [ 116.293222][ T5889] ksys_mmap_pgoff+0x2be/0x3f0 [ 116.297955][ T5889] do_syscall_64+0x8f/0x250 [ 116.302428][ T5889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.308302][ T5889] [ 116.310616][ T5889] Freed by task 23: [ 116.314392][ T5889] kasan_save_track+0x3e/0x80 [ 116.319040][ T5889] kasan_save_free_info+0x46/0x50 [ 116.324033][ T5889] __kasan_slab_free+0x62/0x70 [ 116.328764][ T5889] slab_free_after_rcu_debug+0x131/0x290 [ 116.334367][ T5889] rcu_core+0xbf1/0x1530 [ 116.338593][ T5889] handle_softirqs+0x19a/0x500 [ 116.343324][ T5889] run_ksoftirqd+0x28/0x40 [ 116.347709][ T5889] smpboot_thread_fn+0x3f7/0x7d0 [ 116.352618][ T5889] kthread+0x598/0x690 [ 116.356658][ T5889] ret_from_fork+0x139/0x2d0 [ 116.361240][ T5889] ret_from_fork_asm+0x1a/0x30 [ 116.365977][ T5889] [ 116.368280][ T5889] Last potentially related work creation: [ 116.373973][ T5889] kasan_save_stack+0x3e/0x60 [ 116.378623][ T5889] kasan_record_aux_stack+0xbd/0xd0 [ 116.383789][ T5889] kmem_cache_free+0x2b5/0x460 [ 116.388521][ T5889] vms_complete_munmap_vmas+0x390/0x680 [ 116.394042][ T5889] mmap_region+0xc2a/0x1b20 [ 116.398602][ T5889] do_mmap+0x95c/0xc60 [ 116.402643][ T5889] vm_mmap_pgoff+0x1c0/0x370 [ 116.407207][ T5889] do_syscall_64+0x8f/0x250 [ 116.411767][ T5889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.417638][ T5889] [ 116.419937][ T5889] The buggy address belongs to the object at ffff88806eb08780 [ 116.419937][ T5889] which belongs to the cache vm_area_struct of size 256 [ 116.434219][ T5889] The buggy address is located 80 bytes inside of [ 116.434219][ T5889] freed 256-byte region [ffff88806eb08780, ffff88806eb08880) [ 116.447893][ T5889] [ 116.450194][ T5889] The buggy address belongs to the physical page: [ 116.456574][ T5889] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6eb08 [ 116.465312][ T5889] memcg:ffff888077de1b81 [ 116.469558][ T5889] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 116.476726][ T5889] page_type: f5(slab) [ 116.480678][ T5889] raw: 00fff00000000000 ffff8880112a6b40 dead000000000100 dead000000000122 [ 116.489233][ T5889] raw: 0000000000000000 00000000000c000c 00000000f5000000 ffff888077de1b81 [ 116.497783][ T5889] page dumped because: kasan: bad access detected [ 116.504177][ T5889] page_owner tracks the page as allocated [ 116.509868][ T5889] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 2656, tgid 2656 (modprobe), ts 46779968051, free_ts 46769076676 [ 116.528842][ T5889] post_alloc_hook+0x168/0x1a0 [ 116.533581][ T5889] get_page_from_freelist+0x2954/0x2a30 [ 116.539100][ T5889] __alloc_frozen_pages_noprof+0x26b/0x460 [ 116.544876][ T5889] alloc_pages_mpol+0x150/0x320 [ 116.549702][ T5889] allocate_slab+0x8a/0x350 [ 116.554177][ T5889] ___slab_alloc+0x9dc/0x10e0 [ 116.558829][ T5889] kmem_cache_alloc_noprof+0x26e/0x400 [ 116.564346][ T5889] vm_area_dup+0x26/0x610 [ 116.568648][ T5889] __split_vma+0x101/0x7f0 [ 116.573035][ T5889] vma_modify+0x1399/0x19b0 [ 116.577513][ T5889] vma_modify_flags+0x1c9/0x220 [ 116.582332][ T5889] mprotect_fixup+0x2c4/0x790 [ 116.586977][ T5889] do_mprotect_pkey+0x5d8/0x900 [ 116.591798][ T5889] __x64_sys_mprotect+0x7b/0x90 [ 116.596620][ T5889] do_syscall_64+0x8f/0x250 [ 116.601093][ T5889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 116.606952][ T5889] page last free pid 23 tgid 23 stack trace: [ 116.612898][ T5889] __free_frozen_pages+0xc66/0xe50 [ 116.617980][ T5889] __tlb_remove_table+0x1c3/0x2a0 [ 116.622982][ T5889] tlb_remove_table_rcu+0x6e/0xd0 [ 116.627971][ T5889] rcu_core+0xbf1/0x1530 [ 116.632188][ T5889] handle_softirqs+0x19a/0x500 [ 116.636918][ T5889] run_ksoftirqd+0x28/0x40 [ 116.641301][ T5889] smpboot_thread_fn+0x3f7/0x7d0 [ 116.646207][ T5889] kthread+0x598/0x690 [ 116.650243][ T5889] ret_from_fork+0x139/0x2d0 [ 116.654808][ T5889] ret_from_fork_asm+0x1a/0x30 [ 116.659544][ T5889] [ 116.662190][ T5889] Memory state around the buggy address: [ 116.667793][ T5889] ffff88806eb08680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 116.675912][ T5889] ffff88806eb08700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 116.683945][ T5889] >ffff88806eb08780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.691975][ T5889] ^ [ 116.698653][ T5889] ffff88806eb08800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 116.706811][ T5889] ffff88806eb08880: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 116.714841][ T5889] ================================================================== [ 116.750303][ T5889] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 116.757732][ T5889] Kernel Offset: disabled [ 116.762045][ T5889] Rebooting in 86400 seconds..