Warning: Permanently added '10.128.10.11' (ED25519) to the list of known hosts. 2024/02/17 17:54:48 ignoring optional flag "sandboxArg"="0" 2024/02/17 17:54:48 parsed 1 programs 2024/02/17 17:54:48 executed programs: 0 [ 49.858099][ T1976] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 49.911086][ T1467] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 49.928527][ T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 49.947542][ T2002] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 49.958774][ T2002] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 49.959907][ T2003] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 49.967593][ T2002] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 49.974955][ T2003] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 49.980815][ T2002] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 49.995729][ T2003] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 49.996115][ T2002] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 50.003240][ T2003] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 50.011512][ T2002] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 50.017652][ T2003] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 50.024485][ T2002] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 50.032214][ T2006] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 50.039184][ T2007] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 50.047084][ T2006] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 50.054745][ T2007] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 50.061245][ T2003] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 50.068484][ T2007] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 50.075260][ T2003] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 50.082590][ T2007] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 50.088957][ T2006] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 50.096327][ T2007] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 50.103585][ T2006] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 50.117643][ T2007] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 50.117771][ T2006] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 50.133278][ T2006] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 50.146921][ T2006] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 50.154923][ T2006] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 50.637800][ T1991] chnl_net:caif_netlink_parms(): no params data found [ 50.657696][ T1996] chnl_net:caif_netlink_parms(): no params data found [ 50.706463][ T1995] chnl_net:caif_netlink_parms(): no params data found [ 50.723292][ T1986] chnl_net:caif_netlink_parms(): no params data found [ 50.813035][ T1993] chnl_net:caif_netlink_parms(): no params data found [ 52.131675][ T45] Bluetooth: hci3: command 0x0409 tx timeout [ 52.206555][ T45] Bluetooth: hci1: command 0x0409 tx timeout [ 52.212772][ T45] Bluetooth: hci2: command 0x0409 tx timeout [ 52.215026][ T2006] Bluetooth: hci4: command 0x0409 tx timeout [ 52.221366][ T45] Bluetooth: hci0: command 0x0409 tx timeout [ 54.205220][ T45] Bluetooth: hci3: command 0x041b tx timeout [ 54.284908][ T45] Bluetooth: hci0: command 0x041b tx timeout [ 54.284959][ T2006] Bluetooth: hci4: command 0x041b tx timeout [ 54.290947][ T45] Bluetooth: hci2: command 0x041b tx timeout [ 54.297361][ T1998] Bluetooth: hci1: command 0x041b tx timeout [ 55.684523][ T1991] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.751491][ T1996] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.831259][ T1986] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.883589][ T1993] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.910187][ T1995] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.286765][ T2006] Bluetooth: hci3: command 0x040f tx timeout [ 56.374919][ T2006] Bluetooth: hci2: command 0x040f tx timeout [ 56.380969][ T2006] Bluetooth: hci4: command 0x040f tx timeout [ 56.387680][ T1998] Bluetooth: hci0: command 0x040f tx timeout [ 56.394475][ T1998] Bluetooth: hci1: command 0x040f tx timeout [ 58.364920][ T1998] Bluetooth: hci3: command 0x0419 tx timeout [ 58.445040][ T1998] Bluetooth: hci0: command 0x0419 tx timeout [ 58.451392][ T2006] Bluetooth: hci1: command 0x0419 tx timeout [ 58.457647][ T1467] Bluetooth: hci4: command 0x0419 tx timeout [ 58.460056][ T45] Bluetooth: hci2: command 0x0419 tx timeout [ 58.904204][ T1996] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 58.942952][ T1991] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.105431][ T1995] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.174540][ T1986] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.271650][ T1993] 8021q: adding VLAN 0 to HW filter on device batadv0 2024/02/17 17:55:03 executed programs: 5 [ 66.764940][ T1998] Bluetooth: hci4: command 0x0405 tx timeout [ 68.845066][ T1998] Bluetooth: hci4: command 0x0405 tx timeout 2024/02/17 17:55:08 executed programs: 94 [ 70.924906][ T1998] Bluetooth: hci4: command 0x0405 tx timeout [ 73.004991][ T1998] Bluetooth: hci4: command 0x0405 tx timeout [ 73.011449][ T45] ================================================================== [ 73.019596][ T45] BUG: KASAN: slab-use-after-free in __hci_acl_create_connection_sync+0x605/0x8d0 [ 73.029033][ T45] Write of size 2 at addr ffff888177b64036 by task kworker/u5:0/45 [ 73.037065][ T45] [ 73.039383][ T45] CPU: 0 PID: 45 Comm: kworker/u5:0 Not tainted 6.8.0-rc2-syzkaller #0 [ 73.047794][ T45] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 73.058638][ T45] Workqueue: hci4 hci_cmd_sync_work [ 73.065216][ T45] Call Trace: [ 73.068752][ T45] [ 73.071747][ T45] dump_stack_lvl+0xf8/0x260 [ 73.076548][ T45] ? __pfx_dump_stack_lvl+0x10/0x10 [ 73.082091][ T45] ? __pfx__printk+0x10/0x10 [ 73.086838][ T45] ? __virt_addr_valid+0x141/0x260 [ 73.093253][ T45] ? __virt_addr_valid+0x219/0x260 [ 73.099058][ T45] print_report+0x167/0x540 [ 73.103635][ T45] ? __virt_addr_valid+0x141/0x260 [ 73.109136][ T45] ? __virt_addr_valid+0x219/0x260 [ 73.115043][ T45] ? __hci_acl_create_connection_sync+0x605/0x8d0 [ 73.122200][ T45] kasan_report+0x142/0x180 [ 73.126953][ T45] ? __hci_acl_create_connection_sync+0x605/0x8d0 [ 73.134379][ T45] __hci_acl_create_connection_sync+0x605/0x8d0 [ 73.141577][ T45] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 73.149203][ T45] ? __pfx___hci_acl_create_connection_sync+0x10/0x10 [ 73.156657][ T45] ? hci_cmd_sync_work+0x286/0x3a0 [ 73.162182][ T45] ? kfree+0x139/0x350 [ 73.166492][ T45] ? __pfx___hci_acl_create_connection_sync+0x10/0x10 [ 73.173517][ T45] hci_cmd_sync_work+0x210/0x3a0 [ 73.178574][ T45] ? process_scheduled_works+0x758/0xfd0 [ 73.184717][ T45] process_scheduled_works+0x7e9/0xfd0 [ 73.190564][ T45] ? __pfx_process_scheduled_works+0x10/0x10 [ 73.196851][ T45] ? assign_work+0x23f/0x350 [ 73.201504][ T45] worker_thread+0x868/0xca0 [ 73.206608][ T45] ? __pfx_worker_thread+0x10/0x10 [ 73.211998][ T45] kthread+0x267/0x2c0 [ 73.216143][ T45] ? __pfx_worker_thread+0x10/0x10 [ 73.221335][ T45] ? __pfx_kthread+0x10/0x10 [ 73.226163][ T45] ret_from_fork+0x32/0x60 [ 73.230670][ T45] ? __pfx_kthread+0x10/0x10 [ 73.235454][ T45] ret_from_fork_asm+0x1b/0x30 [ 73.241042][ T45] [ 73.244479][ T45] [ 73.246790][ T45] Allocated by task 4220: [ 73.251701][ T45] kasan_save_track+0x3f/0x80 [ 73.256444][ T45] __kasan_kmalloc+0x98/0xb0 [ 73.261181][ T45] kmalloc_trace+0x1c4/0x3a0 [ 73.266010][ T45] hci_conn_add+0xbb/0x1240 [ 73.270658][ T45] hci_connect_acl+0x1d3/0x490 [ 73.275570][ T45] hci_connect_sco+0x36/0x390 [ 73.280317][ T45] sco_sock_connect+0x1f3/0x7f0 [ 73.285602][ T45] __sys_connect+0x317/0x390 [ 73.290211][ T45] __x64_sys_connect+0x75/0x90 [ 73.295471][ T45] do_syscall_64+0x94/0x1a0 [ 73.299960][ T45] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 73.306022][ T45] [ 73.308334][ T45] Freed by task 45: [ 73.312113][ T45] kasan_save_track+0x3f/0x80 [ 73.316891][ T45] kasan_save_free_info+0x4e/0x60 [ 73.322063][ T45] poison_slab_object+0xee/0x1a0 [ 73.326970][ T45] __kasan_slab_free+0x34/0x70 [ 73.331797][ T45] kfree+0x139/0x350 [ 73.335752][ T45] device_release+0x92/0x140 [ 73.340318][ T45] kobject_put+0x14d/0x300 [ 73.344880][ T45] hci_conn_del+0x73d/0xa60 [ 73.349889][ T45] hci_abort_conn_sync+0x2d3/0xb30 [ 73.355147][ T45] __hci_acl_create_connection_sync+0x553/0x8d0 [ 73.361535][ T45] hci_cmd_sync_work+0x210/0x3a0 [ 73.366625][ T45] process_scheduled_works+0x7e9/0xfd0 [ 73.372590][ T45] worker_thread+0x868/0xca0 [ 73.377678][ T45] kthread+0x267/0x2c0 [ 73.381981][ T45] ret_from_fork+0x32/0x60 [ 73.386788][ T45] ret_from_fork_asm+0x1b/0x30 [ 73.391730][ T45] [ 73.394042][ T45] The buggy address belongs to the object at ffff888177b64000 [ 73.394042][ T45] which belongs to the cache kmalloc-4k of size 4096 [ 73.409012][ T45] The buggy address is located 54 bytes inside of [ 73.409012][ T45] freed 4096-byte region [ffff888177b64000, ffff888177b65000) [ 73.423743][ T45] [ 73.426062][ T45] The buggy address belongs to the physical page: [ 73.433679][ T45] page:ffffea0005ded800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x177b60 [ 73.444150][ T45] head:ffffea0005ded800 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 73.453810][ T45] anon flags: 0x100000000000840(slab|head|node=0|zone=2) [ 73.460807][ T45] page_type: 0xffffffff() [ 73.465113][ T45] raw: 0100000000000840 ffff888100042140 0000000000000000 dead000000000001 [ 73.473849][ T45] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 73.482902][ T45] page dumped because: kasan: bad access detected [ 73.489468][ T45] page_owner tracks the page as allocated [ 73.495426][ T45] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1360, tgid 1360 (udevd), ts 7454913153, free_ts 6305708169 [ 73.515444][ T45] post_alloc_hook+0x10f/0x130 [ 73.520375][ T45] get_page_from_freelist+0x3e5f/0x4080 [ 73.525977][ T45] __alloc_pages+0x255/0x650 [ 73.530624][ T45] alloc_slab_page+0x5f/0x160 [ 73.535277][ T45] new_slab+0x70/0x270 [ 73.539404][ T45] ___slab_alloc+0xa79/0x10b0 [ 73.544919][ T45] __kmalloc+0x2ba/0x480 [ 73.549257][ T45] tomoyo_realpath_from_path+0xe3/0x4e0 [ 73.555135][ T45] tomoyo_check_open_permission+0x249/0x960 [ 73.561258][ T45] security_file_open+0x2a/0x80 [ 73.566252][ T45] do_dentry_open+0x2ee/0x11c0 [ 73.571245][ T45] path_openat+0x217f/0x2780 [ 73.575979][ T45] do_filp_open+0x22a/0x440 [ 73.580461][ T45] do_sys_openat2+0xf6/0x180 [ 73.585105][ T45] __x64_sys_openat+0x20d/0x260 [ 73.590525][ T45] do_syscall_64+0x94/0x1a0 [ 73.595201][ T45] page last free pid 1 tgid 1 stack trace: [ 73.601183][ T45] free_unref_page_prepare+0x87f/0x9a0 [ 73.606894][ T45] free_unref_page+0x37/0x3a0 [ 73.612351][ T45] free_contig_range+0x91/0x140 [ 73.617184][ T45] destroy_args+0x72/0x6e0 [ 73.621605][ T45] debug_vm_pgtable+0x3b8/0x590 [ 73.626794][ T45] do_one_initcall+0x196/0x4d0 [ 73.631830][ T45] do_initcall_level+0x11e/0x1e0 [ 73.636837][ T45] do_initcalls+0x3e/0x70 [ 73.641330][ T45] kernel_init_freeable+0x364/0x4c0 [ 73.646585][ T45] kernel_init+0x18/0x1a0 [ 73.650889][ T45] ret_from_fork+0x32/0x60 [ 73.655277][ T45] ret_from_fork_asm+0x1b/0x30 [ 73.660187][ T45] [ 73.662537][ T45] Memory state around the buggy address: [ 73.668514][ T45] ffff888177b63f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.677038][ T45] ffff888177b63f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 73.685427][ T45] >ffff888177b64000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.694785][ T45] ^ [ 73.700407][ T45] ffff888177b64080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.708669][ T45] ffff888177b64100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.716711][ T45] ================================================================== [ 73.725410][ T45] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 73.732898][ T45] Kernel Offset: disabled [ 73.737228][ T45] Rebooting in 86400 seconds..