Warning: Permanently added '10.128.1.122' (ED25519) to the list of known hosts. 2023/09/10 21:26:00 ignoring optional flag "sandboxArg"="0" 2023/09/10 21:26:00 parsed 1 programs 2023/09/10 21:26:00 executed programs: 0 [ 45.335771][ T1910] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 45.373428][ T1926] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 45.381557][ T1926] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 45.397364][ T1933] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 45.405002][ T1933] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 45.410347][ T1937] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 45.419463][ T1937] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.426616][ T1937] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 45.433879][ T1937] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.440911][ T1937] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.448661][ T1937] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.453423][ T1942] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 45.455863][ T1937] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 45.462756][ T1942] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.469567][ T1937] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.476818][ T1942] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.483488][ T1937] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 45.490359][ T1942] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 45.497446][ T1937] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 45.505077][ T1942] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.512053][ T1937] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 45.524053][ T1944] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 45.525245][ T1937] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 45.531993][ T1944] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.539191][ T1937] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 45.553092][ T1944] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 45.553335][ T1937] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.567245][ T1937] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 45.567637][ T1246] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 45.574501][ T1937] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 45.582852][ T1945] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 45.591369][ T1937] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 45.596780][ T1945] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.602734][ T1937] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.609004][ T1942] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 45.619630][ T1937] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 45.630219][ T1945] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 46.071212][ T1941] chnl_net:caif_netlink_parms(): no params data found [ 46.121676][ T1916] chnl_net:caif_netlink_parms(): no params data found [ 46.142817][ T1938] chnl_net:caif_netlink_parms(): no params data found [ 46.156303][ T1921] chnl_net:caif_netlink_parms(): no params data found [ 46.167604][ T1928] chnl_net:caif_netlink_parms(): no params data found [ 46.204371][ T1929] chnl_net:caif_netlink_parms(): no params data found [ 47.643399][ T1945] Bluetooth: hci5: command 0x0409 tx timeout [ 47.649484][ T1945] Bluetooth: hci3: command 0x0409 tx timeout [ 47.657763][ T1940] Bluetooth: hci1: command 0x0409 tx timeout [ 47.666058][ T1933] Bluetooth: hci4: command 0x0409 tx timeout [ 47.672032][ T1933] Bluetooth: hci2: command 0x0409 tx timeout [ 47.673347][ T1926] Bluetooth: hci0: command 0x0409 tx timeout [ 49.723492][ T1945] Bluetooth: hci2: command 0x041b tx timeout [ 49.729492][ T1945] Bluetooth: hci1: command 0x041b tx timeout [ 49.736987][ T1926] Bluetooth: hci3: command 0x041b tx timeout [ 49.737003][ T1933] Bluetooth: hci4: command 0x041b tx timeout [ 49.742944][ T1926] Bluetooth: hci0: command 0x041b tx timeout [ 49.751064][ T1933] Bluetooth: hci5: command 0x041b tx timeout [ 50.731139][ T1941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.788791][ T1929] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.800854][ T1938] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.917196][ T1921] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.928973][ T1916] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.010902][ T1928] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.803443][ T1933] Bluetooth: hci5: command 0x040f tx timeout [ 51.803952][ T1926] Bluetooth: hci0: command 0x040f tx timeout [ 51.809439][ T1933] Bluetooth: hci1: command 0x040f tx timeout [ 51.815610][ T1940] Bluetooth: hci4: command 0x040f tx timeout [ 51.822110][ T1933] Bluetooth: hci3: command 0x040f tx timeout [ 51.827413][ T1945] Bluetooth: hci2: command 0x040f tx timeout [ 53.816324][ T1929] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.883395][ T1940] Bluetooth: hci4: command 0x0419 tx timeout [ 53.889480][ T1940] Bluetooth: hci2: command 0x0419 tx timeout [ 53.896331][ T1945] Bluetooth: hci3: command 0x0419 tx timeout [ 53.896881][ T1933] Bluetooth: hci0: command 0x0419 tx timeout [ 53.902288][ T1945] Bluetooth: hci1: command 0x0419 tx timeout [ 53.910853][ T1933] Bluetooth: hci5: command 0x0419 tx timeout [ 53.968351][ T1938] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.999447][ T1941] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.010156][ T1928] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.102269][ T1916] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.112678][ T1921] 8021q: adding VLAN 0 to HW filter on device batadv0 2023/09/10 21:26:14 executed programs: 6 [ 61.199057][ T4365] ================================================================== [ 61.207115][ T4365] BUG: KASAN: slab-use-after-free in __sco_sock_close+0x26e/0x5e0 [ 61.214892][ T4365] Write of size 4 at addr ffff8881681ec010 by task syz-executor.4/4365 [ 61.223095][ T4365] [ 61.225391][ T4365] CPU: 0 PID: 4365 Comm: syz-executor.4 Not tainted 6.5.0-rc7-syzkaller #0 [ 61.234026][ T4365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 61.244054][ T4365] Call Trace: [ 61.247312][ T4365] [ 61.250216][ T4365] dump_stack_lvl+0x3d/0x60 [ 61.254695][ T4365] print_report+0xc4/0x620 [ 61.259100][ T4365] kasan_report+0xda/0x110 [ 61.263494][ T4365] ? __sco_sock_close+0x26e/0x5e0 [ 61.268492][ T4365] ? __sco_sock_close+0x26e/0x5e0 [ 61.273494][ T4365] kasan_check_range+0xef/0x190 [ 61.278322][ T4365] __sco_sock_close+0x26e/0x5e0 [ 61.283142][ T4365] ? do_raw_spin_unlock+0x173/0x230 [ 61.288310][ T4365] sco_sock_release+0x65/0x280 [ 61.293042][ T4365] __sock_release+0x9b/0x250 [ 61.297613][ T4365] sock_close+0x13/0x20 [ 61.301750][ T4365] __fput+0x339/0xa20 [ 61.305707][ T4365] task_work_run+0x114/0x1f0 [ 61.310281][ T4365] ? task_work_func_match+0x50/0x50 [ 61.315482][ T4365] ? task_work_cancel+0x20/0x20 [ 61.320312][ T4365] ? spin_bug+0x1d0/0x1d0 [ 61.324626][ T4365] exit_to_user_mode_prepare+0x13f/0x150 [ 61.330237][ T4365] syscall_exit_to_user_mode+0x16/0x40 [ 61.335686][ T4365] do_syscall_64+0x44/0xb0 [ 61.340093][ T4365] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.345960][ T4365] RIP: 0033:0x7f63d647b9da [ 61.350341][ T4365] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24 [ 61.369942][ T4365] RSP: 002b:00007ffc821ead90 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 61.378320][ T4365] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007f63d647b9da [ 61.386279][ T4365] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 61.394230][ T4365] RBP: 00007f63d659d980 R08: 0000001b33760000 R09: 0000000000000001 [ 61.402176][ T4365] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000eef7 [ 61.410201][ T4365] R13: ffffffffffffffff R14: 00007f63d6000000 R15: 000000000000ebb6 [ 61.418149][ T4365] [ 61.421155][ T4365] [ 61.423450][ T4365] Allocated by task 4367: [ 61.427763][ T4365] kasan_save_stack+0x33/0x50 [ 61.432412][ T4365] kasan_set_track+0x25/0x30 [ 61.437020][ T4365] __kasan_kmalloc+0xa2/0xb0 [ 61.441586][ T4365] hci_conn_add+0xad/0x14f0 [ 61.446052][ T4365] hci_connect_sco+0x2be/0xb70 [ 61.450779][ T4365] sco_sock_connect+0x358/0x8e0 [ 61.455626][ T4365] __sys_connect+0xfd/0x120 [ 61.460101][ T4365] __x64_sys_connect+0x6d/0xb0 [ 61.464839][ T4365] do_syscall_64+0x38/0xb0 [ 61.469234][ T4365] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.475462][ T4365] [ 61.477757][ T4365] Freed by task 1933: [ 61.481699][ T4365] kasan_save_stack+0x33/0x50 [ 61.486360][ T4365] kasan_set_track+0x25/0x30 [ 61.490926][ T4365] kasan_save_free_info+0x2b/0x40 [ 61.495917][ T4365] ____kasan_slab_free+0x15e/0x1b0 [ 61.500995][ T4365] slab_free_freelist_hook+0x10b/0x1e0 [ 61.503565][ T1933] Bluetooth: hci5: command 0x0407 tx timeout [ 61.506449][ T4365] __kmem_cache_free+0xba/0x340 [ 61.506463][ T4365] device_release+0x97/0x1a0 [ 61.506468][ T4365] kobject_put.part.0+0x167/0x400 [ 61.506473][ T4365] hci_abort_conn_sync+0x351/0x870 [ 61.506478][ T4365] hci_cmd_sync_work+0x173/0x340 [ 61.506482][ T4365] process_one_work+0x922/0x1370 [ 61.506486][ T4365] worker_thread+0xfb/0xe40 [ 61.506489][ T4365] kthread+0x278/0x330 [ 61.550170][ T4365] ret_from_fork+0x2c/0x70 [ 61.554552][ T4365] ret_from_fork_asm+0x11/0x20 [ 61.559282][ T4365] [ 61.561578][ T4365] The buggy address belongs to the object at ffff8881681ec000 [ 61.561578][ T4365] which belongs to the cache kmalloc-4k of size 4096 [ 61.575680][ T4365] The buggy address is located 16 bytes inside of [ 61.575680][ T4365] freed 4096-byte region [ffff8881681ec000, ffff8881681ed000) [ 61.589454][ T4365] [ 61.591749][ T4365] The buggy address belongs to the physical page: [ 61.598210][ T4365] page:ffffea0005a07a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1681e8 [ 61.608409][ T4365] head:ffffea0005a07a00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 61.617303][ T4365] flags: 0x100000000010200(slab|head|node=0|zone=2) [ 61.623858][ T4365] page_type: 0xffffffff() [ 61.628262][ T4365] raw: 0100000000010200 ffff888100042140 dead000000000122 0000000000000000 [ 61.636829][ T4365] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 61.645387][ T4365] page dumped because: kasan: bad access detected [ 61.651769][ T4365] page_owner tracks the page as allocated [ 61.657456][ T4365] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4365, tgid 4365 (syz-executor.4), ts 60365206214, free_ts 3470163381 [ 61.679477][ T4365] post_alloc_hook+0x281/0x2f0 [ 61.684210][ T4365] get_page_from_freelist+0x1131/0x3d90 [ 61.689722][ T4365] __alloc_pages+0x1d0/0x470 [ 61.694279][ T4365] allocate_slab+0x24e/0x360 [ 61.698844][ T4365] ___slab_alloc+0x7a7/0x1000 [ 61.703484][ T4365] __slab_alloc.constprop.0+0x4d/0x90 [ 61.708819][ T4365] __kmem_cache_alloc_node+0x143/0x390 [ 61.714244][ T4365] __kmalloc+0x4c/0x160 [ 61.718369][ T4365] tomoyo_realpath_from_path+0xaf/0x7a0 [ 61.723876][ T4365] tomoyo_path_perm+0x230/0x350 [ 61.728693][ T4365] tomoyo_path_symlink+0x7f/0xd0 [ 61.733594][ T4365] security_path_symlink+0xd6/0x120 [ 61.738773][ T4365] do_symlinkat+0xe3/0x280 [ 61.743154][ T4365] __x64_sys_symlinkat+0x92/0xb0 [ 61.748053][ T4365] do_syscall_64+0x38/0xb0 [ 61.752434][ T4365] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 61.758294][ T4365] page last free stack trace: [ 61.762947][ T4365] free_unref_page_prepare+0x5ac/0xcf0 [ 61.768388][ T4365] free_unref_page+0x33/0x350 [ 61.773033][ T4365] free_contig_range+0xa1/0x150 [ 61.777850][ T4365] destroy_args+0x4f4/0x6b0 [ 61.782317][ T4365] debug_vm_pgtable+0x19f9/0x2c50 [ 61.787304][ T4365] do_one_initcall+0xcd/0x3c0 [ 61.791947][ T4365] kernel_init_freeable+0x504/0x840 [ 61.797110][ T4365] kernel_init+0x1a/0x1c0 [ 61.801408][ T4365] ret_from_fork+0x2c/0x70 [ 61.805789][ T4365] ret_from_fork_asm+0x11/0x20 [ 61.810521][ T4365] [ 61.812831][ T4365] Memory state around the buggy address: [ 61.818426][ T4365] ffff8881681ebf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.826472][ T4365] ffff8881681ebf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.834506][ T4365] >ffff8881681ec000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.842537][ T4365] ^ [ 61.847091][ T4365] ffff8881681ec080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.855117][ T4365] ffff8881681ec100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.863145][ T4365] ================================================================== [ 61.871396][ T4365] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 61.879109][ T4365] Kernel Offset: disabled [ 61.883496][ T4365] Rebooting in 86400 seconds..