Warning: Permanently added '10.128.0.145' (ED25519) to the list of known hosts.
[ 77.391370][ T5087] cgroup: Unknown subsys name 'net'
[ 77.590178][ T5087] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[ 79.427164][ T5087] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 79.484379][ T5100] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 79.493788][ T5100] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 79.504090][ T5106] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 79.513859][ T5107] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 79.521249][ T5106] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 79.523476][ T5107] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 79.529962][ T5106] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 79.535643][ T5109] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 79.545100][ T5107] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 79.551177][ T5106] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 79.556795][ T5111] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 79.564384][ T5109] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 79.571949][ T5107] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 79.586272][ T5106] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 79.587592][ T5111] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 79.594006][ T5109] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 79.602494][ T5107] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 79.608901][ T5106] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 79.615380][ T5107] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 79.622540][ T5109] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 79.629082][ T5107] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 79.636332][ T5106] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 79.645565][ T5107] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 79.650095][ T5109] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 79.657624][ T5107] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 79.664081][ T5106] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 79.670570][ T5112] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 79.684625][ T5094] ==================================================================
[ 79.685982][ T5107] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 79.692695][ T5094] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x41/0x3b0
[ 79.692758][ T5094] Read of size 4 at addr ffff88807499e9a4 by task syz-executor404/5094
[ 79.692776][ T5094]
[ 79.692787][ T5094] CPU: 1 PID: 5094 Comm: syz-executor404 Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 79.692811][ T5094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 79.738678][ T5094] Call Trace:
[ 79.741994][ T5094]
[ 79.744942][ T5094] dump_stack_lvl+0x241/0x360
[ 79.749678][ T5094] ? __pfx_dump_stack_lvl+0x10/0x10
[ 79.754906][ T5094] ? __pfx__printk+0x10/0x10
[ 79.759530][ T5094] ? _printk+0xd5/0x120
[ 79.763718][ T5094] ? __virt_addr_valid+0x183/0x520
[ 79.768861][ T5094] ? __virt_addr_valid+0x183/0x520
[ 79.774068][ T5094] print_report+0x169/0x550
[ 79.778606][ T5094] ? __virt_addr_valid+0x183/0x520
[ 79.783752][ T5094] ? __virt_addr_valid+0x183/0x520
[ 79.788898][ T5094] ? __virt_addr_valid+0x44e/0x520
[ 79.794066][ T5094] ? __phys_addr+0xba/0x170
[ 79.798608][ T5094] ? kfree_skb_reason+0x41/0x3b0
[ 79.798618][ T53] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 79.798646][ T5094] kasan_report+0x143/0x180
[ 79.808501][ T5112] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 79.810508][ T5094] ? kfree_skb_reason+0x41/0x3b0
[ 79.826917][ T5094] kasan_check_range+0x282/0x290
[ 79.831909][ T5094] kfree_skb_reason+0x41/0x3b0
[ 79.836730][ T5094] __hci_req_sync+0x62f/0x950
[ 79.841449][ T5094] ? __pfx___hci_req_sync+0x10/0x10
[ 79.846777][ T5094] ? __pfx___mutex_lock+0x10/0x10
[ 79.851937][ T5094] ? __pfx_autoremove_wake_function+0x10/0x10
[ 79.858043][ T5094] ? __pfx_hci_scan_req+0x10/0x10
[ 79.863103][ T5094] hci_req_sync+0xa9/0xd0
[ 79.867474][ T5094] hci_dev_cmd+0x4c5/0xa50
[ 79.871953][ T5094] ? security_capable+0x90/0xb0
[ 79.876862][ T5094] ? __pfx_hci_dev_cmd+0x10/0x10
[ 79.881835][ T5094] ? hci_sock_ioctl+0x6c4/0xa40
[ 79.886721][ T5094] compat_sock_ioctl+0x18b/0xf20
[ 79.891697][ T5094] ? __pfx_compat_sock_ioctl+0x10/0x10
[ 79.897197][ T5094] ? __fget_files+0x29/0x470
[ 79.901834][ T5094] ? __fget_files+0x3f6/0x470
[ 79.906562][ T5094] ? bpf_lsm_file_ioctl_compat+0x9/0x10
[ 79.912143][ T5094] ? security_file_ioctl_compat+0x87/0xb0
[ 79.917902][ T5094] __se_compat_sys_ioctl+0x51c/0xca0
[ 79.923237][ T5094] ? __pfx___se_compat_sys_ioctl+0x10/0x10
[ 79.929110][ T5094] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 79.935114][ T5094] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 79.941458][ T5094] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 79.948060][ T5094] ? lockdep_hardirqs_on+0x99/0x150
[ 79.953292][ T5094] __do_fast_syscall_32+0xb4/0x120
[ 79.958426][ T5094] do_fast_syscall_32+0x34/0x80
[ 79.963282][ T5094] entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 79.969632][ T5094] RIP: 0023:0xf7e59579
[ 79.973707][ T5094] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 79.993321][ T5094] RSP: 002b:00000000ff833844 EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 80.001740][ T5094] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000400448dd
[ 80.009886][ T5094] RDX: 00000000ff8338f0 RSI: 00000000f7e4aff4 RDI: 0000000000000003
[ 80.017863][ T5094] RBP: 00000000ff833a88 R08: 0000000000000000 R09: 0000000000000000
[ 80.025833][ T5094] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 80.033806][ T5094] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 80.041806][ T5094]
[ 80.044849][ T5094]
[ 80.047174][ T5094] Allocated by task 5106:
[ 80.051685][ T5094] kasan_save_track+0x3f/0x80
[ 80.056368][ T5094] __kasan_slab_alloc+0x66/0x80
[ 80.061225][ T5094] kmem_cache_alloc_noprof+0x135/0x2a0
[ 80.066694][ T5094] skb_clone+0x20c/0x390
[ 80.070943][ T5094] hci_cmd_work+0x29e/0x670
[ 80.075446][ T5094] process_scheduled_works+0xa2c/0x1830
[ 80.080993][ T5094] worker_thread+0x86d/0xd70
[ 80.085586][ T5094] kthread+0x2f0/0x390
[ 80.089662][ T5094] ret_from_fork+0x4b/0x80
[ 80.094085][ T5094] ret_from_fork_asm+0x1a/0x30
[ 80.098856][ T5094]
[ 80.101176][ T5094] Freed by task 5107:
[ 80.105157][ T5094] kasan_save_track+0x3f/0x80
[ 80.109932][ T5094] kasan_save_free_info+0x40/0x50
[ 80.114985][ T5094] poison_slab_object+0xe0/0x150
[ 80.119927][ T5094] __kasan_slab_free+0x37/0x60
[ 80.124694][ T5094] kmem_cache_free+0x145/0x350
[ 80.129480][ T5094] hci_req_sync_complete+0xe7/0x290
[ 80.134680][ T5094] hci_event_packet+0xc71/0x1540
[ 80.139613][ T5094] hci_rx_work+0x3e8/0xca0
[ 80.144031][ T5094] process_scheduled_works+0xa2c/0x1830
[ 80.149577][ T5094] worker_thread+0x86d/0xd70
[ 80.154167][ T5094] kthread+0x2f0/0x390
[ 80.158245][ T5094] ret_from_fork+0x4b/0x80
[ 80.162663][ T5094] ret_from_fork_asm+0x1a/0x30
[ 80.167433][ T5094]
[ 80.169755][ T5094] The buggy address belongs to the object at ffff88807499e8c0
[ 80.169755][ T5094] which belongs to the cache skbuff_head_cache of size 240
[ 80.184418][ T5094] The buggy address is located 228 bytes inside of
[ 80.184418][ T5094] freed 240-byte region [ffff88807499e8c0, ffff88807499e9b0)
[ 80.198219][ T5094]
[ 80.200543][ T5094] The buggy address belongs to the physical page:
[ 80.206959][ T5094] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7499e
[ 80.215724][ T5094] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 80.222839][ T5094] page_type: 0xffffefff(slab)
[ 80.227535][ T5094] raw: 00fff00000000000 ffff888017aab640 dead000000000122 0000000000000000
[ 80.236124][ T5094] raw: 0000000000000000 00000000800c000c 00000001ffffefff 0000000000000000
[ 80.244705][ T5094] page dumped because: kasan: bad access detected
[ 80.251128][ T5094] page_owner tracks the page as allocated
[ 80.256843][ T5094] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5106, tgid 5106 (kworker/u9:5), ts 79682926030, free_ts 25156433607
[ 80.276157][ T5094] post_alloc_hook+0x1f3/0x230
[ 80.280948][ T5094] get_page_from_freelist+0x2e2d/0x2ee0
[ 80.286505][ T5094] __alloc_pages_noprof+0x256/0x6c0
[ 80.291713][ T5094] alloc_slab_page+0x5f/0x120
[ 80.296393][ T5094] allocate_slab+0x5a/0x2e0
[ 80.300900][ T5094] ___slab_alloc+0xcd1/0x14b0
[ 80.305590][ T5094] __slab_alloc+0x58/0xa0
[ 80.309921][ T5094] kmem_cache_alloc_noprof+0x1c1/0x2a0
[ 80.315386][ T5094] skb_clone+0x20c/0x390
[ 80.319629][ T5094] hci_event_packet+0x49c/0x1540
[ 80.324565][ T5094] hci_rx_work+0x3e8/0xca0
[ 80.328983][ T5094] process_scheduled_works+0xa2c/0x1830
[ 80.334529][ T5094] worker_thread+0x86d/0xd70
[ 80.339120][ T5094] kthread+0x2f0/0x390
[ 80.343194][ T5094] ret_from_fork+0x4b/0x80
[ 80.347616][ T5094] ret_from_fork_asm+0x1a/0x30
[ 80.352385][ T5094] page last free pid 1 tgid 1 stack trace:
[ 80.358202][ T5094] free_unref_page+0xd22/0xea0
[ 80.362974][ T5094] free_contig_range+0x9e/0x160
[ 80.367847][ T5094] destroy_args+0x8a/0x890
[ 80.372275][ T5094] debug_vm_pgtable+0x4be/0x550
[ 80.377131][ T5094] do_one_initcall+0x248/0x880
[ 80.381903][ T5094] do_initcall_level+0x157/0x210
[ 80.386841][ T5094] do_initcalls+0x3f/0x80
[ 80.391185][ T5094] kernel_init_freeable+0x435/0x5d0
[ 80.396380][ T5094] kernel_init+0x1d/0x2b0
[ 80.400713][ T5094] ret_from_fork+0x4b/0x80
[ 80.405134][ T5094] ret_from_fork_asm+0x1a/0x30
[ 80.409911][ T5094]
[ 80.412232][ T5094] Memory state around the buggy address:
[ 80.417870][ T5094] ffff88807499e880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 80.425931][ T5094] ffff88807499e900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 80.434000][ T5094] >ffff88807499e980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 80.442056][ T5094] ^
[ 80.447164][ T5094] ffff88807499ea00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 80.455222][ T5094] ffff88807499ea80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 80.463275][ T5094] ==================================================================
[ 80.551876][ T5094] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 80.559141][ T5094] CPU: 0 PID: 5094 Comm: syz-executor404 Not tainted 6.10.0-rc1-syzkaller-00021-ge0cce98fe279 #0
[ 80.569671][ T5094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 80.579759][ T5094] Call Trace:
[ 80.583066][ T5094]
[ 80.586025][ T5094] dump_stack_lvl+0x241/0x360
[ 80.590741][ T5094] ? __pfx_dump_stack_lvl+0x10/0x10
[ 80.595969][ T5094] ? __pfx__printk+0x10/0x10
[ 80.600585][ T5094] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 80.606601][ T5094] ? vscnprintf+0x5d/0x90
[ 80.610966][ T5094] panic+0x349/0x860
[ 80.614900][ T5094] ? check_panic_on_warn+0x21/0xb0
[ 80.620047][ T5094] ? __pfx_panic+0x10/0x10
[ 80.624521][ T5094] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 80.630536][ T5094] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 80.636911][ T5094] check_panic_on_warn+0x86/0xb0
[ 80.641888][ T5094] ? kfree_skb_reason+0x41/0x3b0
[ 80.646866][ T5094] end_report+0x77/0x160
[ 80.651148][ T5094] kasan_report+0x154/0x180
[ 80.655687][ T5094] ? kfree_skb_reason+0x41/0x3b0
[ 80.660670][ T5094] kasan_check_range+0x282/0x290
[ 80.665643][ T5094] kfree_skb_reason+0x41/0x3b0
[ 80.670450][ T5094] __hci_req_sync+0x62f/0x950
[ 80.675159][ T5094] ? __pfx___hci_req_sync+0x10/0x10
[ 80.680397][ T5094] ? __pfx___mutex_lock+0x10/0x10
[ 80.685470][ T5094] ? __pfx_autoremove_wake_function+0x10/0x10
[ 80.691576][ T5094] ? __pfx_hci_scan_req+0x10/0x10
[ 80.696655][ T5094] hci_req_sync+0xa9/0xd0
[ 80.701030][ T5094] hci_dev_cmd+0x4c5/0xa50
[ 80.705487][ T5094] ? security_capable+0x90/0xb0
[ 80.710377][ T5094] ? __pfx_hci_dev_cmd+0x10/0x10
[ 80.715355][ T5094] ? hci_sock_ioctl+0x6c4/0xa40
[ 80.720248][ T5094] compat_sock_ioctl+0x18b/0xf20
[ 80.725224][ T5094] ? __pfx_compat_sock_ioctl+0x10/0x10
[ 80.730721][ T5094] ? __fget_files+0x29/0x470
[ 80.735349][ T5094] ? __fget_files+0x3f6/0x470
[ 80.740067][ T5094] ? bpf_lsm_file_ioctl_compat+0x9/0x10
[ 80.745654][ T5094] ? security_file_ioctl_compat+0x87/0xb0
[ 80.751404][ T5094] __se_compat_sys_ioctl+0x51c/0xca0
[ 80.756724][ T5094] ? __pfx___se_compat_sys_ioctl+0x10/0x10
[ 80.762568][ T5094] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 80.768581][ T5094] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 80.774952][ T5094] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[ 80.781573][ T5094] ? lockdep_hardirqs_on+0x99/0x150
[ 80.786891][ T5094] __do_fast_syscall_32+0xb4/0x120
[ 80.792038][ T5094] do_fast_syscall_32+0x34/0x80
[ 80.796925][ T5094] entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 80.803303][ T5094] RIP: 0023:0xf7e59579
[ 80.807396][ T5094] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 80.827026][ T5094] RSP: 002b:00000000ff833844 EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 80.835443][ T5094] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000400448dd
[ 80.843456][ T5094] RDX: 00000000ff8338f0 RSI: 00000000f7e4aff4 RDI: 0000000000000003
[ 80.851433][ T5094] RBP: 00000000ff833a88 R08: 0000000000000000 R09: 0000000000000000
[ 80.859417][ T5094] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 80.867401][ T5094] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 80.875402][ T5094]
[ 80.878761][ T5094] Kernel Offset: disabled
[ 80.883084][ T5094] Rebooting in 86400 seconds..