Warning: Permanently added '10.128.0.185' (ED25519) to the list of known hosts. 2024/05/29 14:18:23 ignoring optional flag "sandboxArg"="0" 2024/05/29 14:18:23 parsed 1 programs [ 526.109122][ T5114] cgroup: Unknown subsys name 'net' [ 526.343097][ T5114] cgroup: Unknown subsys name 'rlimit' [ 527.477719][ T5130] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 527.701990][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 527.711276][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 527.719113][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 527.729019][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 527.739262][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 527.749220][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 527.761496][ T5150] ================================================================== [ 527.769595][ T5150] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x41/0x3b0 [ 527.777323][ T5150] Read of size 4 at addr ffff8880228039a4 by task syz-executor.0/5150 [ 527.785451][ T5150] [ 527.787764][ T5150] CPU: 0 PID: 5150 Comm: syz-executor.0 Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0 [ 527.798148][ T5150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 527.808187][ T5150] Call Trace: [ 527.811451][ T5150] [ 527.814363][ T5150] dump_stack_lvl+0x241/0x360 [ 527.819023][ T5150] ? __pfx_dump_stack_lvl+0x10/0x10 [ 527.824197][ T5150] ? __pfx__printk+0x10/0x10 [ 527.828779][ T5150] ? _printk+0xd5/0x120 [ 527.832947][ T5150] ? __virt_addr_valid+0x183/0x520 [ 527.838057][ T5150] ? __virt_addr_valid+0x183/0x520 [ 527.843162][ T5150] print_report+0x169/0x550 [ 527.847652][ T5150] ? __virt_addr_valid+0x183/0x520 [ 527.852851][ T5150] ? __virt_addr_valid+0x183/0x520 [ 527.857961][ T5150] ? __virt_addr_valid+0x44e/0x520 [ 527.863086][ T5150] ? __phys_addr+0xba/0x170 [ 527.867574][ T5150] ? kfree_skb_reason+0x41/0x3b0 [ 527.872497][ T5150] kasan_report+0x143/0x180 [ 527.876988][ T5150] ? kfree_skb_reason+0x41/0x3b0 [ 527.881932][ T5150] kasan_check_range+0x282/0x290 [ 527.886854][ T5150] kfree_skb_reason+0x41/0x3b0 [ 527.891600][ T5150] __hci_req_sync+0x62f/0x950 [ 527.896259][ T5150] ? __pfx___hci_req_sync+0x10/0x10 [ 527.901522][ T5150] ? __pfx___mutex_lock+0x10/0x10 [ 527.906549][ T5150] ? __pfx_autoremove_wake_function+0x10/0x10 [ 527.912596][ T5150] ? __pfx_hci_scan_req+0x10/0x10 [ 527.917599][ T5150] hci_req_sync+0xa9/0xd0 [ 527.921908][ T5150] hci_dev_cmd+0x4c5/0xa50 [ 527.926304][ T5150] ? security_capable+0x90/0xb0 [ 527.931149][ T5150] ? __pfx_hci_dev_cmd+0x10/0x10 [ 527.936099][ T5150] ? hci_sock_ioctl+0x6c4/0xa40 [ 527.941280][ T5150] sock_do_ioctl+0x158/0x460 [ 527.945853][ T5150] ? __pfx_smack_log+0x10/0x10 [ 527.950598][ T5150] ? __pfx_sock_do_ioctl+0x10/0x10 [ 527.955690][ T5150] ? smk_tskacc+0x300/0x370 [ 527.960176][ T5150] ? smack_file_ioctl+0x2a1/0x3a0 [ 527.965178][ T5150] sock_ioctl+0x629/0x8e0 [ 527.969487][ T5150] ? __pfx_sock_ioctl+0x10/0x10 [ 527.974315][ T5150] ? __fget_files+0x3f6/0x470 [ 527.979057][ T5150] ? __fget_files+0x29/0x470 [ 527.983627][ T5150] ? bpf_lsm_file_ioctl+0x9/0x10 [ 527.988548][ T5150] ? security_file_ioctl+0x87/0xb0 [ 527.993640][ T5150] ? __pfx_sock_ioctl+0x10/0x10 [ 527.998468][ T5150] __se_sys_ioctl+0xfc/0x170 [ 528.003041][ T5150] do_syscall_64+0xf3/0x230 [ 528.007527][ T5150] ? clear_bhb_loop+0x35/0x90 [ 528.012182][ T5150] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.018061][ T5150] RIP: 0033:0x7f14d827cc4b [ 528.022460][ T5150] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 528.042050][ T5150] RSP: 002b:00007ffe14b03900 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 528.050449][ T5150] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f14d827cc4b [ 528.058508][ T5150] RDX: 00007ffe14b03978 RSI: 00000000400448dd RDI: 0000000000000003 [ 528.066720][ T5150] RBP: 0000555568058430 R08: 0000000000000000 R09: 0000000000000000 [ 528.074670][ T5150] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 528.082642][ T5150] R13: 0000000000000000 R14: 0000000000000001 R15: 00000000fffffff1 [ 528.090609][ T5150] [ 528.093984][ T5150] [ 528.096291][ T5150] Allocated by task 4477: [ 528.100593][ T5150] kasan_save_track+0x3f/0x80 [ 528.105276][ T5150] __kasan_slab_alloc+0x66/0x80 [ 528.110109][ T5150] kmem_cache_alloc_noprof+0x135/0x2a0 [ 528.115551][ T5150] skb_clone+0x20c/0x390 [ 528.119769][ T5150] hci_cmd_work+0x29e/0x670 [ 528.124245][ T5150] process_scheduled_works+0xa2c/0x1830 [ 528.129771][ T5150] worker_thread+0x86d/0xd70 [ 528.134334][ T5150] kthread+0x2f0/0x390 [ 528.138385][ T5150] ret_from_fork+0x4b/0x80 [ 528.142780][ T5150] ret_from_fork_asm+0x1a/0x30 [ 528.147525][ T5150] [ 528.149829][ T5150] Freed by task 4477: [ 528.153783][ T5150] kasan_save_track+0x3f/0x80 [ 528.158443][ T5150] kasan_save_free_info+0x40/0x50 [ 528.163445][ T5150] poison_slab_object+0xe0/0x150 [ 528.168450][ T5150] __kasan_slab_free+0x37/0x60 [ 528.173191][ T5150] kmem_cache_free+0x145/0x350 [ 528.178034][ T5150] hci_req_sync_complete+0xe7/0x290 [ 528.183206][ T5150] hci_event_packet+0xc71/0x1540 [ 528.188118][ T5150] hci_rx_work+0x3e8/0xca0 [ 528.192507][ T5150] process_scheduled_works+0xa2c/0x1830 [ 528.198204][ T5150] worker_thread+0x86d/0xd70 [ 528.202769][ T5150] kthread+0x2f0/0x390 [ 528.206818][ T5150] ret_from_fork+0x4b/0x80 [ 528.211289][ T5150] ret_from_fork_asm+0x1a/0x30 [ 528.216058][ T5150] [ 528.218398][ T5150] The buggy address belongs to the object at ffff8880228038c0 [ 528.218398][ T5150] which belongs to the cache skbuff_head_cache of size 240 [ 528.233729][ T5150] The buggy address is located 228 bytes inside of [ 528.233729][ T5150] freed 240-byte region [ffff8880228038c0, ffff8880228039b0) [ 528.247502][ T5150] [ 528.249804][ T5150] The buggy address belongs to the physical page: [ 528.256201][ T5150] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22803 [ 528.264959][ T5150] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 528.272485][ T5150] page_type: 0xffffefff(slab) [ 528.277163][ T5150] raw: 00fff00000000000 ffff888018ae6780 0000000000000000 dead000000000001 [ 528.285723][ T5150] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000 [ 528.294299][ T5150] page dumped because: kasan: bad access detected [ 528.300697][ T5150] page_owner tracks the page as allocated [ 528.306393][ T5150] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4534, tgid 4534 (udevadm), ts 19728014203, free_ts 19629330773 [ 528.325206][ T5150] post_alloc_hook+0x1f3/0x230 [ 528.329969][ T5150] get_page_from_freelist+0x2e2d/0x2ee0 [ 528.335508][ T5150] __alloc_pages_noprof+0x256/0x6c0 [ 528.340777][ T5150] alloc_slab_page+0x5f/0x120 [ 528.345438][ T5150] allocate_slab+0x5a/0x2e0 [ 528.349924][ T5150] ___slab_alloc+0xcd1/0x14b0 [ 528.354599][ T5150] __slab_alloc+0x58/0xa0 [ 528.358914][ T5150] kmem_cache_alloc_noprof+0x1c1/0x2a0 [ 528.364381][ T5150] skb_clone+0x20c/0x390 [ 528.368706][ T5150] netlink_broadcast_filtered+0x707/0x1290 [ 528.374495][ T5150] netlink_broadcast+0x39/0x50 [ 528.379252][ T5150] kobject_uevent_net_broadcast+0x38f/0x580 [ 528.385145][ T5150] kobject_uevent_env+0x57d/0x8e0 [ 528.390153][ T5150] kobject_synth_uevent+0x4ef/0xae0 [ 528.395334][ T5150] uevent_store+0x4b/0x70 [ 528.399642][ T5150] kernfs_fop_write_iter+0x3a1/0x500 [ 528.404919][ T5150] page last free pid 4534 tgid 4534 stack trace: [ 528.411279][ T5150] free_unref_page+0xd19/0xea0 [ 528.416042][ T5150] __slab_free+0x31b/0x3d0 [ 528.420447][ T5150] qlist_free_all+0x9e/0x140 [ 528.425014][ T5150] kasan_quarantine_reduce+0x14f/0x170 [ 528.430449][ T5150] __kasan_slab_alloc+0x23/0x80 [ 528.435280][ T5150] kmalloc_trace_noprof+0x132/0x2c0 [ 528.440586][ T5150] smk_fetch+0x92/0x140 [ 528.444735][ T5150] smack_d_instantiate+0x749/0xa50 [ 528.449839][ T5150] security_d_instantiate+0x9f/0x100 [ 528.455102][ T5150] d_splice_alias+0x6f/0x330 [ 528.459678][ T5150] path_openat+0x1033/0x3280 [ 528.464249][ T5150] do_filp_open+0x235/0x490 [ 528.468750][ T5150] do_sys_openat2+0x13e/0x1d0 [ 528.473411][ T5150] __x64_sys_openat+0x247/0x2a0 [ 528.478341][ T5150] do_syscall_64+0xf3/0x230 [ 528.482843][ T5150] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.488715][ T5150] [ 528.491016][ T5150] Memory state around the buggy address: [ 528.496633][ T5150] ffff888022803880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 528.504675][ T5150] ffff888022803900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 528.512730][ T5150] >ffff888022803980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 528.520788][ T5150] ^ [ 528.525877][ T5150] ffff888022803a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 528.533910][ T5150] ffff888022803a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 528.541942][ T5150] ================================================================== [ 528.551202][ T5150] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 528.558417][ T5150] CPU: 1 PID: 5150 Comm: syz-executor.0 Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0 [ 528.568828][ T5150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 528.578892][ T5150] Call Trace: [ 528.582213][ T5150] [ 528.585142][ T5150] dump_stack_lvl+0x241/0x360 [ 528.589819][ T5150] ? __pfx_dump_stack_lvl+0x10/0x10 [ 528.594999][ T5150] ? __pfx__printk+0x10/0x10 [ 528.599566][ T5150] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 528.605530][ T5150] ? vscnprintf+0x5d/0x90 [ 528.609844][ T5150] panic+0x349/0x860 [ 528.613733][ T5150] ? check_panic_on_warn+0x21/0xb0 [ 528.618834][ T5150] ? __pfx_panic+0x10/0x10 [ 528.623247][ T5150] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 528.629209][ T5150] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 528.635521][ T5150] check_panic_on_warn+0x86/0xb0 [ 528.640438][ T5150] ? kfree_skb_reason+0x41/0x3b0 [ 528.645359][ T5150] end_report+0x77/0x160 [ 528.649590][ T5150] kasan_report+0x154/0x180 [ 528.654070][ T5150] ? kfree_skb_reason+0x41/0x3b0 [ 528.658991][ T5150] kasan_check_range+0x282/0x290 [ 528.663905][ T5150] kfree_skb_reason+0x41/0x3b0 [ 528.668652][ T5150] __hci_req_sync+0x62f/0x950 [ 528.673311][ T5150] ? __pfx___hci_req_sync+0x10/0x10 [ 528.678509][ T5150] ? __pfx___mutex_lock+0x10/0x10 [ 528.683560][ T5150] ? __pfx_autoremove_wake_function+0x10/0x10 [ 528.689635][ T5150] ? __pfx_hci_scan_req+0x10/0x10 [ 528.694645][ T5150] hci_req_sync+0xa9/0xd0 [ 528.698960][ T5150] hci_dev_cmd+0x4c5/0xa50 [ 528.703360][ T5150] ? security_capable+0x90/0xb0 [ 528.708197][ T5150] ? __pfx_hci_dev_cmd+0x10/0x10 [ 528.713119][ T5150] ? hci_sock_ioctl+0x6c4/0xa40 [ 528.718049][ T5150] sock_do_ioctl+0x158/0x460 [ 528.722618][ T5150] ? __pfx_smack_log+0x10/0x10 [ 528.727374][ T5150] ? __pfx_sock_do_ioctl+0x10/0x10 [ 528.732469][ T5150] ? smk_tskacc+0x300/0x370 [ 528.736953][ T5150] ? smack_file_ioctl+0x2a1/0x3a0 [ 528.741953][ T5150] sock_ioctl+0x629/0x8e0 [ 528.746262][ T5150] ? __pfx_sock_ioctl+0x10/0x10 [ 528.751089][ T5150] ? __fget_files+0x3f6/0x470 [ 528.755765][ T5150] ? __fget_files+0x29/0x470 [ 528.760331][ T5150] ? bpf_lsm_file_ioctl+0x9/0x10 [ 528.765248][ T5150] ? security_file_ioctl+0x87/0xb0 [ 528.770357][ T5150] ? __pfx_sock_ioctl+0x10/0x10 [ 528.775201][ T5150] __se_sys_ioctl+0xfc/0x170 [ 528.779773][ T5150] do_syscall_64+0xf3/0x230 [ 528.784255][ T5150] ? clear_bhb_loop+0x35/0x90 [ 528.788922][ T5150] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.794816][ T5150] RIP: 0033:0x7f14d827cc4b [ 528.799216][ T5150] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 528.818813][ T5150] RSP: 002b:00007ffe14b03900 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 528.827217][ T5150] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f14d827cc4b [ 528.835190][ T5150] RDX: 00007ffe14b03978 RSI: 00000000400448dd RDI: 0000000000000003 [ 528.843147][ T5150] RBP: 0000555568058430 R08: 0000000000000000 R09: 0000000000000000 [ 528.851107][ T5150] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 528.859058][ T5150] R13: 0000000000000000 R14: 0000000000000001 R15: 00000000fffffff1 [ 528.867016][ T5150] [ 528.870251][ T5150] Kernel Offset: disabled [ 528.874582][ T5150] Rebooting in 86400 seconds..