Warning: Permanently added '10.128.0.60' (ED25519) to the list of known hosts.
2024/04/24 04:49:51 ignoring optional flag "sandboxArg"="0"
2024/04/24 04:49:51 parsed 1 programs
[  508.703883][ T3585] cgroup: Unknown subsys name 'net'
[  508.823911][ T3585] cgroup: Unknown subsys name 'rlimit'
2024/04/24 04:49:53 executed programs: 0
[  510.347170][ T3585] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[  510.535224][ T3606] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  510.550544][ T3616] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  510.552188][ T3617] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  510.558784][ T3616] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  510.566196][ T3617] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  510.574566][ T3616] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  510.580897][ T3617] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  510.587677][ T3616] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  510.595079][ T3617] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  510.601965][ T3616] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  510.608598][ T3617] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  510.615634][ T3616] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  510.623167][ T3617] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  510.631236][ T3616] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  510.637373][ T3617] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  510.643401][ T3616] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  510.650888][ T3617] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  510.664404][ T3617] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  510.664899][ T3616] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  510.671738][ T3617] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  510.679428][ T3616] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  510.686717][ T3618] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  510.694512][ T3616] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  510.701696][ T3618] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  510.707281][ T3616] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  510.717232][ T3618] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  510.721148][   T47] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  510.728867][ T3618] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  510.742672][ T3602] ==================================================================
[  510.750797][ T3602] BUG: KASAN: use-after-free in kfree_skb_reason+0x3d/0x390
[  510.758209][ T3602] Read of size 4 at addr ffff888071ef5c24 by task syz-executor.4/3602
[  510.766497][ T3602] 
[  510.768862][ T3602] CPU: 1 PID: 3602 Comm: syz-executor.4 Not tainted 6.1.87-syzkaller #0
[  510.777398][ T3602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[  510.787577][ T3602] Call Trace:
[  510.790971][ T3602]  <TASK>
[  510.793936][ T3602]  dump_stack_lvl+0x1e3/0x2cb
[  510.798702][ T3602]  ? nf_tcp_handle_invalid+0x642/0x642
[  510.804278][ T3602]  ? panic+0x764/0x764
[  510.808398][ T3602]  ? _printk+0xd1/0x111
[  510.812653][ T3602]  ? __virt_addr_valid+0x17f/0x520
[  510.817838][ T3602]  ? __virt_addr_valid+0x17f/0x520
[  510.823006][ T3602]  print_report+0x15f/0x4f0
[  510.827599][ T3602]  ? __virt_addr_valid+0x17f/0x520
[  510.832760][ T3602]  ? __virt_addr_valid+0x17f/0x520
[  510.837919][ T3602]  ? __virt_addr_valid+0x44a/0x520
[  510.843076][ T3602]  ? __phys_addr+0xb6/0x170
[  510.847623][ T3602]  ? kfree_skb_reason+0x3d/0x390
[  510.852648][ T3602]  kasan_report+0x136/0x160
[  510.857167][ T3602]  ? kfree_skb_reason+0x3d/0x390
[  510.862128][ T3602]  kasan_check_range+0x27f/0x290
[  510.867077][ T3602]  kfree_skb_reason+0x3d/0x390
[  510.871952][ T3602]  __hci_req_sync+0x626/0x940
[  510.876702][ T3602]  ? trace_contention_end+0x61/0x170
[  510.882036][ T3602]  ? hci_req_sync_complete+0x280/0x280
[  510.887515][ T3602]  ? mutex_lock_nested+0x10/0x10
[  510.892500][ T3602]  ? wake_bit_function+0x210/0x210
[  510.897695][ T3602]  ? hci_encrypt_req+0x170/0x170
[  510.902690][ T3602]  hci_req_sync+0xa5/0xc0
[  510.907039][ T3602]  hci_dev_cmd+0x2fc/0xa30
[  510.911478][ T3602]  ? security_capable+0x86/0xb0
[  510.916511][ T3602]  ? hci_dev_reset_stat+0x1a0/0x1a0
[  510.921732][ T3602]  ? hci_sock_ioctl+0x426/0x850
[  510.926727][ T3602]  sock_do_ioctl+0x152/0x450
[  510.931341][ T3602]  ? sock_show_fdinfo+0xb0/0xb0
[  510.936315][ T3602]  ? __fget_files+0x28/0x4a0
[  510.941004][ T3602]  sock_ioctl+0x47f/0x770
[  510.945367][ T3602]  ? sock_poll+0x410/0x410
[  510.949814][ T3602]  ? __fget_files+0x28/0x4a0
[  510.954429][ T3602]  ? __fget_files+0x435/0x4a0
[  510.959127][ T3602]  ? __fget_files+0x28/0x4a0
[  510.963736][ T3602]  ? bpf_lsm_file_ioctl+0x5/0x10
[  510.968979][ T3602]  ? security_file_ioctl+0x7d/0xa0
[  510.974219][ T3602]  ? sock_poll+0x410/0x410
[  510.978649][ T3602]  __se_sys_ioctl+0xf1/0x160
[  510.983392][ T3602]  do_syscall_64+0x3b/0xb0
[  510.987832][ T3602]  ? clear_bhb_loop+0x45/0xa0
[  510.992687][ T3602]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  510.998602][ T3602] RIP: 0033:0x7f756247dc0b
[  511.003030][ T3602] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  511.022664][ T3602] RSP: 002b:00007ffc7a775f80 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  511.031110][ T3602] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f756247dc0b
[  511.039105][ T3602] RDX: 00007ffc7a775ff8 RSI: 00000000400448dd RDI: 0000000000000003
[  511.047095][ T3602] RBP: 0000555556015430 R08: 0000000000000000 R09: 0000000000000000
[  511.055160][ T3602] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[  511.063314][ T3602] R13: 0000000000000001 R14: 0000000000000001 R15: 00000000fffffff1
[  511.071303][ T3602]  </TASK>
[  511.074419][ T3602] 
[  511.076744][ T3602] Allocated by task 3609:
[  511.081074][ T3602]  kasan_set_track+0x4b/0x70
[  511.085752][ T3602]  __kasan_slab_alloc+0x65/0x70
[  511.090727][ T3602]  slab_post_alloc_hook+0x52/0x3a0
[  511.095883][ T3602]  kmem_cache_alloc+0x10c/0x2d0
[  511.100746][ T3602]  skb_clone+0x1e5/0x360
[  511.105038][ T3602]  hci_cmd_work+0x296/0x660
[  511.109777][ T3602]  process_one_work+0x8a9/0x11d0
[  511.114754][ T3602]  worker_thread+0xa47/0x1200
[  511.119441][ T3602]  kthread+0x28d/0x320
[  511.123546][ T3602]  ret_from_fork+0x1f/0x30
[  511.127991][ T3602] 
[  511.130434][ T3602] Freed by task 3616:
[  511.134456][ T3602]  kasan_set_track+0x4b/0x70
[  511.139150][ T3602]  kasan_save_free_info+0x27/0x40
[  511.144198][ T3602]  ____kasan_slab_free+0xd6/0x120
[  511.149233][ T3602]  kmem_cache_free+0x292/0x510
[  511.154013][ T3602]  hci_req_sync_complete+0xee/0x280
[  511.159220][ T3602]  hci_event_packet+0xc49/0x1510
[  511.164172][ T3602]  hci_rx_work+0x3cd/0xce0
[  511.168647][ T3602]  process_one_work+0x8a9/0x11d0
[  511.173598][ T3602]  worker_thread+0xa47/0x1200
[  511.178295][ T3602]  kthread+0x28d/0x320
[  511.182371][ T3602]  ret_from_fork+0x1f/0x30
[  511.186807][ T3602] 
[  511.189172][ T3602] The buggy address belongs to the object at ffff888071ef5b40
[  511.189172][ T3602]  which belongs to the cache skbuff_head_cache of size 240
[  511.203761][ T3602] The buggy address is located 228 bytes inside of
[  511.203761][ T3602]  240-byte region [ffff888071ef5b40, ffff888071ef5c30)
[  511.217076][ T3602] 
[  511.219406][ T3602] The buggy address belongs to the physical page:
[  511.225822][ T3602] page:ffffea0001c7bd40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x71ef5
[  511.236158][ T3602] flags: 0xfff80000000200(slab|node=0|zone=1|lastcpupid=0xfff)
[  511.243751][ T3602] raw: 00fff80000000200 0000000000000000 dead000000000122 ffff888014256500
[  511.252354][ T3602] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[  511.261064][ T3602] page dumped because: kasan: bad access detected
[  511.267484][ T3602] page_owner tracks the page as allocated
[  511.273206][ T3602] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 3609, tgid 3609 (kworker/u5:3), ts 510728505236, free_ts 230305261638
[  511.291881][ T3602]  post_alloc_hook+0x18d/0x1b0
[  511.296705][ T3602]  get_page_from_freelist+0x31a1/0x3320
[  511.302287][ T3602]  __alloc_pages+0x28d/0x770
[  511.306887][ T3602]  alloc_slab_page+0x6a/0x150
[  511.311578][ T3602]  new_slab+0x84/0x2d0
[  511.315659][ T3602]  ___slab_alloc+0xc20/0x1270
[  511.320437][ T3602]  kmem_cache_alloc+0x1a5/0x2d0
[  511.325301][ T3602]  skb_clone+0x1e5/0x360
[  511.329550][ T3602]  hci_cmd_work+0x296/0x660
[  511.334075][ T3602]  process_one_work+0x8a9/0x11d0
[  511.339023][ T3602]  worker_thread+0xa47/0x1200
[  511.343714][ T3602]  kthread+0x28d/0x320
[  511.347793][ T3602]  ret_from_fork+0x1f/0x30
[  511.352225][ T3602] page last free stack trace:
[  511.356904][ T3602]  free_unref_page_prepare+0xf63/0x1120
[  511.362549][ T3602]  free_unref_page+0x33/0x3e0
[  511.367234][ T3602]  __vunmap+0x834/0x9a0
[  511.371441][ T3602]  free_work+0x57/0x80
[  511.375532][ T3602]  process_one_work+0x8a9/0x11d0
[  511.380478][ T3602]  worker_thread+0xa47/0x1200
[  511.385174][ T3602]  kthread+0x28d/0x320
[  511.389336][ T3602]  ret_from_fork+0x1f/0x30
[  511.393873][ T3602] 
[  511.396375][ T3602] Memory state around the buggy address:
[  511.402010][ T3602]  ffff888071ef5b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  511.410075][ T3602]  ffff888071ef5b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  511.418144][ T3602] >ffff888071ef5c00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  511.426210][ T3602]                                ^
[  511.431320][ T3602]  ffff888071ef5c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  511.439387][ T3602]  ffff888071ef5d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  511.447451][ T3602] ==================================================================
[  511.456147][ T3616] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  511.468283][ T3618] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  511.469101][ T3602] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  511.469115][ T3602] CPU: 0 PID: 3602 Comm: syz-executor.4 Not tainted 6.1.87-syzkaller #0
[  511.469138][ T3602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[  511.469151][ T3602] Call Trace:
[  511.469158][ T3602]  <TASK>
[  511.469165][ T3602]  dump_stack_lvl+0x1e3/0x2cb
[  511.469203][ T3602]  ? nf_tcp_handle_invalid+0x642/0x642
[  511.469236][ T3602]  ? panic+0x764/0x764
[  511.469256][ T3602]  ? preempt_schedule_common+0xa6/0xd0
[  511.469343][ T3602]  ? vscnprintf+0x59/0x80
[  511.469368][ T3602]  panic+0x318/0x764
[  511.469390][ T3602]  ? check_panic_on_warn+0x1d/0xa0
[  511.469444][ T3602]  ? memcpy_page_flushcache+0xfc/0xfc
[  511.469468][ T3602]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[  511.469495][ T3602]  ? _raw_spin_unlock+0x40/0x40
[  511.469518][ T3602]  ? print_report+0x4a3/0x4f0
[  511.469543][ T3602]  check_panic_on_warn+0x7e/0xa0
[  511.469567][ T3602]  ? kfree_skb_reason+0x3d/0x390
[  511.469600][ T3602]  end_report+0x66/0x110
[  511.469619][ T3602]  kasan_report+0x143/0x160
[  511.469640][ T3602]  ? kfree_skb_reason+0x3d/0x390
[  511.469676][ T3602]  kasan_check_range+0x27f/0x290
[  511.469697][ T3602]  kfree_skb_reason+0x3d/0x390
[  511.469732][ T3602]  __hci_req_sync+0x626/0x940
[  511.469753][ T3602]  ? trace_contention_end+0x61/0x170
[  511.469783][ T3602]  ? hci_req_sync_complete+0x280/0x280
[  511.469809][ T3602]  ? mutex_lock_nested+0x10/0x10
[  511.469830][ T3602]  ? wake_bit_function+0x210/0x210
[  511.469865][ T3602]  ? hci_encrypt_req+0x170/0x170
[  511.469892][ T3602]  hci_req_sync+0xa5/0xc0
[  511.469912][ T3602]  hci_dev_cmd+0x2fc/0xa30
[  511.469937][ T3602]  ? security_capable+0x86/0xb0
[  511.469969][ T3602]  ? hci_dev_reset_stat+0x1a0/0x1a0
[  511.469999][ T3602]  ? hci_sock_ioctl+0x426/0x850
[  511.470023][ T3602]  sock_do_ioctl+0x152/0x450
[  511.470049][ T3602]  ? sock_show_fdinfo+0xb0/0xb0
[  511.470075][ T3602]  ? __fget_files+0x28/0x4a0
[  511.470103][ T3602]  sock_ioctl+0x47f/0x770
[  511.470125][ T3602]  ? sock_poll+0x410/0x410
[  511.470145][ T3602]  ? __fget_files+0x28/0x4a0
[  511.470166][ T3602]  ? __fget_files+0x435/0x4a0
[  511.470187][ T3602]  ? __fget_files+0x28/0x4a0
[  511.470211][ T3602]  ? bpf_lsm_file_ioctl+0x5/0x10
[  511.470234][ T3602]  ? security_file_ioctl+0x7d/0xa0
[  511.470254][ T3602]  ? sock_poll+0x410/0x410
[  511.470276][ T3602]  __se_sys_ioctl+0xf1/0x160
[  511.470318][ T3602]  do_syscall_64+0x3b/0xb0
[  511.470347][ T3602]  ? clear_bhb_loop+0x45/0xa0
[  511.470377][ T3602]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  511.470406][ T3602] RIP: 0033:0x7f756247dc0b
[  511.470424][ T3602] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  511.470442][ T3602] RSP: 002b:00007ffc7a775f80 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  511.470466][ T3602] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f756247dc0b
[  511.470481][ T3602] RDX: 00007ffc7a775ff8 RSI: 00000000400448dd RDI: 0000000000000003
[  511.470496][ T3602] RBP: 0000555556015430 R08: 0000000000000000 R09: 0000000000000000
[  511.470509][ T3602] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[  511.470522][ T3602] R13: 0000000000000001 R14: 0000000000000001 R15: 00000000fffffff1
[  511.470544][ T3602]  </TASK>
[  511.475753][ T3602] Kernel Offset: disabled
[  511.801507][ T3602] Rebooting in 86400 seconds..