Warning: Permanently added '10.128.0.185' (ED25519) to the list of known hosts.
2024/05/29 14:18:23 ignoring optional flag "sandboxArg"="0"
2024/05/29 14:18:23 parsed 1 programs
[ 526.109122][ T5114] cgroup: Unknown subsys name 'net'
[ 526.343097][ T5114] cgroup: Unknown subsys name 'rlimit'
[ 527.477719][ T5130] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 527.701990][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 527.711276][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 527.719113][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 527.729019][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 527.739262][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 527.749220][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 527.761496][ T5150] ==================================================================
[ 527.769595][ T5150] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x41/0x3b0
[ 527.777323][ T5150] Read of size 4 at addr ffff8880228039a4 by task syz-executor.0/5150
[ 527.785451][ T5150]
[ 527.787764][ T5150] CPU: 0 PID: 5150 Comm: syz-executor.0 Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 527.798148][ T5150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 527.808187][ T5150] Call Trace:
[ 527.811451][ T5150]
[ 527.814363][ T5150] dump_stack_lvl+0x241/0x360
[ 527.819023][ T5150] ? __pfx_dump_stack_lvl+0x10/0x10
[ 527.824197][ T5150] ? __pfx__printk+0x10/0x10
[ 527.828779][ T5150] ? _printk+0xd5/0x120
[ 527.832947][ T5150] ? __virt_addr_valid+0x183/0x520
[ 527.838057][ T5150] ? __virt_addr_valid+0x183/0x520
[ 527.843162][ T5150] print_report+0x169/0x550
[ 527.847652][ T5150] ? __virt_addr_valid+0x183/0x520
[ 527.852851][ T5150] ? __virt_addr_valid+0x183/0x520
[ 527.857961][ T5150] ? __virt_addr_valid+0x44e/0x520
[ 527.863086][ T5150] ? __phys_addr+0xba/0x170
[ 527.867574][ T5150] ? kfree_skb_reason+0x41/0x3b0
[ 527.872497][ T5150] kasan_report+0x143/0x180
[ 527.876988][ T5150] ? kfree_skb_reason+0x41/0x3b0
[ 527.881932][ T5150] kasan_check_range+0x282/0x290
[ 527.886854][ T5150] kfree_skb_reason+0x41/0x3b0
[ 527.891600][ T5150] __hci_req_sync+0x62f/0x950
[ 527.896259][ T5150] ? __pfx___hci_req_sync+0x10/0x10
[ 527.901522][ T5150] ? __pfx___mutex_lock+0x10/0x10
[ 527.906549][ T5150] ? __pfx_autoremove_wake_function+0x10/0x10
[ 527.912596][ T5150] ? __pfx_hci_scan_req+0x10/0x10
[ 527.917599][ T5150] hci_req_sync+0xa9/0xd0
[ 527.921908][ T5150] hci_dev_cmd+0x4c5/0xa50
[ 527.926304][ T5150] ? security_capable+0x90/0xb0
[ 527.931149][ T5150] ? __pfx_hci_dev_cmd+0x10/0x10
[ 527.936099][ T5150] ? hci_sock_ioctl+0x6c4/0xa40
[ 527.941280][ T5150] sock_do_ioctl+0x158/0x460
[ 527.945853][ T5150] ? __pfx_smack_log+0x10/0x10
[ 527.950598][ T5150] ? __pfx_sock_do_ioctl+0x10/0x10
[ 527.955690][ T5150] ? smk_tskacc+0x300/0x370
[ 527.960176][ T5150] ? smack_file_ioctl+0x2a1/0x3a0
[ 527.965178][ T5150] sock_ioctl+0x629/0x8e0
[ 527.969487][ T5150] ? __pfx_sock_ioctl+0x10/0x10
[ 527.974315][ T5150] ? __fget_files+0x3f6/0x470
[ 527.979057][ T5150] ? __fget_files+0x29/0x470
[ 527.983627][ T5150] ? bpf_lsm_file_ioctl+0x9/0x10
[ 527.988548][ T5150] ? security_file_ioctl+0x87/0xb0
[ 527.993640][ T5150] ? __pfx_sock_ioctl+0x10/0x10
[ 527.998468][ T5150] __se_sys_ioctl+0xfc/0x170
[ 528.003041][ T5150] do_syscall_64+0xf3/0x230
[ 528.007527][ T5150] ? clear_bhb_loop+0x35/0x90
[ 528.012182][ T5150] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 528.018061][ T5150] RIP: 0033:0x7f14d827cc4b
[ 528.022460][ T5150] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 528.042050][ T5150] RSP: 002b:00007ffe14b03900 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 528.050449][ T5150] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f14d827cc4b
[ 528.058508][ T5150] RDX: 00007ffe14b03978 RSI: 00000000400448dd RDI: 0000000000000003
[ 528.066720][ T5150] RBP: 0000555568058430 R08: 0000000000000000 R09: 0000000000000000
[ 528.074670][ T5150] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 528.082642][ T5150] R13: 0000000000000000 R14: 0000000000000001 R15: 00000000fffffff1
[ 528.090609][ T5150]
[ 528.093984][ T5150]
[ 528.096291][ T5150] Allocated by task 4477:
[ 528.100593][ T5150] kasan_save_track+0x3f/0x80
[ 528.105276][ T5150] __kasan_slab_alloc+0x66/0x80
[ 528.110109][ T5150] kmem_cache_alloc_noprof+0x135/0x2a0
[ 528.115551][ T5150] skb_clone+0x20c/0x390
[ 528.119769][ T5150] hci_cmd_work+0x29e/0x670
[ 528.124245][ T5150] process_scheduled_works+0xa2c/0x1830
[ 528.129771][ T5150] worker_thread+0x86d/0xd70
[ 528.134334][ T5150] kthread+0x2f0/0x390
[ 528.138385][ T5150] ret_from_fork+0x4b/0x80
[ 528.142780][ T5150] ret_from_fork_asm+0x1a/0x30
[ 528.147525][ T5150]
[ 528.149829][ T5150] Freed by task 4477:
[ 528.153783][ T5150] kasan_save_track+0x3f/0x80
[ 528.158443][ T5150] kasan_save_free_info+0x40/0x50
[ 528.163445][ T5150] poison_slab_object+0xe0/0x150
[ 528.168450][ T5150] __kasan_slab_free+0x37/0x60
[ 528.173191][ T5150] kmem_cache_free+0x145/0x350
[ 528.178034][ T5150] hci_req_sync_complete+0xe7/0x290
[ 528.183206][ T5150] hci_event_packet+0xc71/0x1540
[ 528.188118][ T5150] hci_rx_work+0x3e8/0xca0
[ 528.192507][ T5150] process_scheduled_works+0xa2c/0x1830
[ 528.198204][ T5150] worker_thread+0x86d/0xd70
[ 528.202769][ T5150] kthread+0x2f0/0x390
[ 528.206818][ T5150] ret_from_fork+0x4b/0x80
[ 528.211289][ T5150] ret_from_fork_asm+0x1a/0x30
[ 528.216058][ T5150]
[ 528.218398][ T5150] The buggy address belongs to the object at ffff8880228038c0
[ 528.218398][ T5150] which belongs to the cache skbuff_head_cache of size 240
[ 528.233729][ T5150] The buggy address is located 228 bytes inside of
[ 528.233729][ T5150] freed 240-byte region [ffff8880228038c0, ffff8880228039b0)
[ 528.247502][ T5150]
[ 528.249804][ T5150] The buggy address belongs to the physical page:
[ 528.256201][ T5150] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22803
[ 528.264959][ T5150] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 528.272485][ T5150] page_type: 0xffffefff(slab)
[ 528.277163][ T5150] raw: 00fff00000000000 ffff888018ae6780 0000000000000000 dead000000000001
[ 528.285723][ T5150] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[ 528.294299][ T5150] page dumped because: kasan: bad access detected
[ 528.300697][ T5150] page_owner tracks the page as allocated
[ 528.306393][ T5150] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4534, tgid 4534 (udevadm), ts 19728014203, free_ts 19629330773
[ 528.325206][ T5150] post_alloc_hook+0x1f3/0x230
[ 528.329969][ T5150] get_page_from_freelist+0x2e2d/0x2ee0
[ 528.335508][ T5150] __alloc_pages_noprof+0x256/0x6c0
[ 528.340777][ T5150] alloc_slab_page+0x5f/0x120
[ 528.345438][ T5150] allocate_slab+0x5a/0x2e0
[ 528.349924][ T5150] ___slab_alloc+0xcd1/0x14b0
[ 528.354599][ T5150] __slab_alloc+0x58/0xa0
[ 528.358914][ T5150] kmem_cache_alloc_noprof+0x1c1/0x2a0
[ 528.364381][ T5150] skb_clone+0x20c/0x390
[ 528.368706][ T5150] netlink_broadcast_filtered+0x707/0x1290
[ 528.374495][ T5150] netlink_broadcast+0x39/0x50
[ 528.379252][ T5150] kobject_uevent_net_broadcast+0x38f/0x580
[ 528.385145][ T5150] kobject_uevent_env+0x57d/0x8e0
[ 528.390153][ T5150] kobject_synth_uevent+0x4ef/0xae0
[ 528.395334][ T5150] uevent_store+0x4b/0x70
[ 528.399642][ T5150] kernfs_fop_write_iter+0x3a1/0x500
[ 528.404919][ T5150] page last free pid 4534 tgid 4534 stack trace:
[ 528.411279][ T5150] free_unref_page+0xd19/0xea0
[ 528.416042][ T5150] __slab_free+0x31b/0x3d0
[ 528.420447][ T5150] qlist_free_all+0x9e/0x140
[ 528.425014][ T5150] kasan_quarantine_reduce+0x14f/0x170
[ 528.430449][ T5150] __kasan_slab_alloc+0x23/0x80
[ 528.435280][ T5150] kmalloc_trace_noprof+0x132/0x2c0
[ 528.440586][ T5150] smk_fetch+0x92/0x140
[ 528.444735][ T5150] smack_d_instantiate+0x749/0xa50
[ 528.449839][ T5150] security_d_instantiate+0x9f/0x100
[ 528.455102][ T5150] d_splice_alias+0x6f/0x330
[ 528.459678][ T5150] path_openat+0x1033/0x3280
[ 528.464249][ T5150] do_filp_open+0x235/0x490
[ 528.468750][ T5150] do_sys_openat2+0x13e/0x1d0
[ 528.473411][ T5150] __x64_sys_openat+0x247/0x2a0
[ 528.478341][ T5150] do_syscall_64+0xf3/0x230
[ 528.482843][ T5150] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 528.488715][ T5150]
[ 528.491016][ T5150] Memory state around the buggy address:
[ 528.496633][ T5150] ffff888022803880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 528.504675][ T5150] ffff888022803900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 528.512730][ T5150] >ffff888022803980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 528.520788][ T5150] ^
[ 528.525877][ T5150] ffff888022803a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 528.533910][ T5150] ffff888022803a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 528.541942][ T5150] ==================================================================
[ 528.551202][ T5150] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 528.558417][ T5150] CPU: 1 PID: 5150 Comm: syz-executor.0 Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 528.568828][ T5150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 528.578892][ T5150] Call Trace:
[ 528.582213][ T5150]
[ 528.585142][ T5150] dump_stack_lvl+0x241/0x360
[ 528.589819][ T5150] ? __pfx_dump_stack_lvl+0x10/0x10
[ 528.594999][ T5150] ? __pfx__printk+0x10/0x10
[ 528.599566][ T5150] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 528.605530][ T5150] ? vscnprintf+0x5d/0x90
[ 528.609844][ T5150] panic+0x349/0x860
[ 528.613733][ T5150] ? check_panic_on_warn+0x21/0xb0
[ 528.618834][ T5150] ? __pfx_panic+0x10/0x10
[ 528.623247][ T5150] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 528.629209][ T5150] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 528.635521][ T5150] check_panic_on_warn+0x86/0xb0
[ 528.640438][ T5150] ? kfree_skb_reason+0x41/0x3b0
[ 528.645359][ T5150] end_report+0x77/0x160
[ 528.649590][ T5150] kasan_report+0x154/0x180
[ 528.654070][ T5150] ? kfree_skb_reason+0x41/0x3b0
[ 528.658991][ T5150] kasan_check_range+0x282/0x290
[ 528.663905][ T5150] kfree_skb_reason+0x41/0x3b0
[ 528.668652][ T5150] __hci_req_sync+0x62f/0x950
[ 528.673311][ T5150] ? __pfx___hci_req_sync+0x10/0x10
[ 528.678509][ T5150] ? __pfx___mutex_lock+0x10/0x10
[ 528.683560][ T5150] ? __pfx_autoremove_wake_function+0x10/0x10
[ 528.689635][ T5150] ? __pfx_hci_scan_req+0x10/0x10
[ 528.694645][ T5150] hci_req_sync+0xa9/0xd0
[ 528.698960][ T5150] hci_dev_cmd+0x4c5/0xa50
[ 528.703360][ T5150] ? security_capable+0x90/0xb0
[ 528.708197][ T5150] ? __pfx_hci_dev_cmd+0x10/0x10
[ 528.713119][ T5150] ? hci_sock_ioctl+0x6c4/0xa40
[ 528.718049][ T5150] sock_do_ioctl+0x158/0x460
[ 528.722618][ T5150] ? __pfx_smack_log+0x10/0x10
[ 528.727374][ T5150] ? __pfx_sock_do_ioctl+0x10/0x10
[ 528.732469][ T5150] ? smk_tskacc+0x300/0x370
[ 528.736953][ T5150] ? smack_file_ioctl+0x2a1/0x3a0
[ 528.741953][ T5150] sock_ioctl+0x629/0x8e0
[ 528.746262][ T5150] ? __pfx_sock_ioctl+0x10/0x10
[ 528.751089][ T5150] ? __fget_files+0x3f6/0x470
[ 528.755765][ T5150] ? __fget_files+0x29/0x470
[ 528.760331][ T5150] ? bpf_lsm_file_ioctl+0x9/0x10
[ 528.765248][ T5150] ? security_file_ioctl+0x87/0xb0
[ 528.770357][ T5150] ? __pfx_sock_ioctl+0x10/0x10
[ 528.775201][ T5150] __se_sys_ioctl+0xfc/0x170
[ 528.779773][ T5150] do_syscall_64+0xf3/0x230
[ 528.784255][ T5150] ? clear_bhb_loop+0x35/0x90
[ 528.788922][ T5150] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 528.794816][ T5150] RIP: 0033:0x7f14d827cc4b
[ 528.799216][ T5150] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 528.818813][ T5150] RSP: 002b:00007ffe14b03900 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 528.827217][ T5150] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f14d827cc4b
[ 528.835190][ T5150] RDX: 00007ffe14b03978 RSI: 00000000400448dd RDI: 0000000000000003
[ 528.843147][ T5150] RBP: 0000555568058430 R08: 0000000000000000 R09: 0000000000000000
[ 528.851107][ T5150] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 528.859058][ T5150] R13: 0000000000000000 R14: 0000000000000001 R15: 00000000fffffff1
[ 528.867016][ T5150]
[ 528.870251][ T5150] Kernel Offset: disabled
[ 528.874582][ T5150] Rebooting in 86400 seconds..