Warning: Permanently added '10.128.0.14' (ED25519) to the list of known hosts.
2024/06/03 03:45:45 ignoring optional flag "sandboxArg"="0"
2024/06/03 03:45:45 parsed 1 programs
[ 54.277526][ T5077] cgroup: Unknown subsys name 'net'
[ 54.551810][ T5077] cgroup: Unknown subsys name 'rlimit'
[ 55.567701][ T5079] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 56.214065][ T5126] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 56.222638][ T5126] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 56.230337][ T5126] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 56.239671][ T5126] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 56.248040][ T5126] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 56.255755][ T5126] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 56.266214][ T5124] ==================================================================
[ 56.274383][ T5124] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x41/0x3b0
[ 56.282144][ T5124] Read of size 4 at addr ffff888029316ae4 by task syz-executor.0/5124
[ 56.290294][ T5124]
[ 56.292621][ T5124] CPU: 1 PID: 5124 Comm: syz-executor.0 Not tainted 6.10.0-rc1-syzkaller-00317-ga693b9c95abd #0
[ 56.303008][ T5124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 56.313047][ T5124] Call Trace:
[ 56.316337][ T5124]
[ 56.319257][ T5124] dump_stack_lvl+0x241/0x360
[ 56.323926][ T5124] ? __pfx_dump_stack_lvl+0x10/0x10
[ 56.329108][ T5124] ? __pfx__printk+0x10/0x10
[ 56.333683][ T5124] ? _printk+0xd5/0x120
[ 56.337822][ T5124] ? __virt_addr_valid+0x183/0x520
[ 56.342923][ T5124] ? __virt_addr_valid+0x183/0x520
[ 56.348023][ T5124] print_report+0x169/0x550
[ 56.352511][ T5124] ? __virt_addr_valid+0x183/0x520
[ 56.357606][ T5124] ? __virt_addr_valid+0x183/0x520
[ 56.362703][ T5124] ? __virt_addr_valid+0x44e/0x520
[ 56.367797][ T5124] ? __phys_addr+0xba/0x170
[ 56.372286][ T5124] ? kfree_skb_reason+0x41/0x3b0
[ 56.377206][ T5124] kasan_report+0x143/0x180
[ 56.381694][ T5124] ? kfree_skb_reason+0x41/0x3b0
[ 56.386617][ T5124] kasan_check_range+0x282/0x290
[ 56.391537][ T5124] kfree_skb_reason+0x41/0x3b0
[ 56.396286][ T5124] __hci_req_sync+0x62f/0x950
[ 56.400951][ T5124] ? __pfx___hci_req_sync+0x10/0x10
[ 56.406137][ T5124] ? __pfx___mutex_lock+0x10/0x10
[ 56.411152][ T5124] ? __pfx_autoremove_wake_function+0x10/0x10
[ 56.417204][ T5124] ? __pfx_hci_scan_req+0x10/0x10
[ 56.422220][ T5124] hci_req_sync+0xa9/0xd0
[ 56.426536][ T5124] hci_dev_cmd+0x4c5/0xa50
[ 56.430938][ T5124] ? security_capable+0x90/0xb0
[ 56.435801][ T5124] ? __pfx_hci_dev_cmd+0x10/0x10
[ 56.440828][ T5124] ? hci_sock_ioctl+0x6c4/0xa40
[ 56.445674][ T5124] sock_do_ioctl+0x158/0x460
[ 56.450257][ T5124] ? __pfx_smack_log+0x10/0x10
[ 56.455016][ T5124] ? __pfx_sock_do_ioctl+0x10/0x10
[ 56.460148][ T5124] ? smk_tskacc+0x300/0x370
[ 56.464649][ T5124] ? smack_file_ioctl+0x2a1/0x3a0
[ 56.469662][ T5124] sock_ioctl+0x629/0x8e0
[ 56.473982][ T5124] ? __pfx_sock_ioctl+0x10/0x10
[ 56.478821][ T5124] ? __fget_files+0x3f6/0x470
[ 56.483480][ T5124] ? __fget_files+0x29/0x470
[ 56.488140][ T5124] ? bpf_lsm_file_ioctl+0x9/0x10
[ 56.493247][ T5124] ? security_file_ioctl+0x87/0xb0
[ 56.498346][ T5124] ? __pfx_sock_ioctl+0x10/0x10
[ 56.503183][ T5124] __se_sys_ioctl+0xfc/0x170
[ 56.507768][ T5124] do_syscall_64+0xf3/0x230
[ 56.512257][ T5124] ? clear_bhb_loop+0x35/0x90
[ 56.516919][ T5124] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 56.522808][ T5124] RIP: 0033:0x7fef5407cc4b
[ 56.527213][ T5124] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 56.546808][ T5124] RSP: 002b:00007ffff8fa41b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 56.555206][ T5124] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fef5407cc4b
[ 56.563162][ T5124] RDX: 00007ffff8fa4228 RSI: 00000000400448dd RDI: 0000000000000003
[ 56.571122][ T5124] RBP: 00005555646a6430 R08: 0000000000000000 R09: 0000000000000000
[ 56.579085][ T5124] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 56.587036][ T5124] R13: 0000000000000000 R14: 0000000000000001 R15: 00000000fffffff1
[ 56.594996][ T5124]
[ 56.597999][ T5124]
[ 56.600305][ T5124] Allocated by task 4477:
[ 56.604616][ T5124] kasan_save_track+0x3f/0x80
[ 56.609282][ T5124] __kasan_slab_alloc+0x66/0x80
[ 56.614156][ T5124] kmem_cache_alloc_noprof+0x135/0x2a0
[ 56.619602][ T5124] skb_clone+0x20c/0x390
[ 56.623828][ T5124] hci_cmd_work+0x29e/0x670
[ 56.628332][ T5124] process_scheduled_works+0xa2c/0x1830
[ 56.633882][ T5124] worker_thread+0x86d/0xd70
[ 56.638460][ T5124] kthread+0x2f0/0x390
[ 56.642518][ T5124] ret_from_fork+0x4b/0x80
[ 56.646928][ T5124] ret_from_fork_asm+0x1a/0x30
[ 56.651684][ T5124]
[ 56.653992][ T5124] Freed by task 4477:
[ 56.657952][ T5124] kasan_save_track+0x3f/0x80
[ 56.662637][ T5124] kasan_save_free_info+0x40/0x50
[ 56.667665][ T5124] poison_slab_object+0xe0/0x150
[ 56.672603][ T5124] __kasan_slab_free+0x37/0x60
[ 56.677360][ T5124] kmem_cache_free+0x145/0x350
[ 56.682115][ T5124] hci_req_sync_complete+0xe7/0x290
[ 56.687316][ T5124] hci_event_packet+0xc71/0x1540
[ 56.692247][ T5124] hci_rx_work+0x3e8/0xca0
[ 56.696652][ T5124] process_scheduled_works+0xa2c/0x1830
[ 56.702182][ T5124] worker_thread+0x86d/0xd70
[ 56.706757][ T5124] kthread+0x2f0/0x390
[ 56.710813][ T5124] ret_from_fork+0x4b/0x80
[ 56.715250][ T5124] ret_from_fork_asm+0x1a/0x30
[ 56.720023][ T5124]
[ 56.722334][ T5124] The buggy address belongs to the object at ffff888029316a00
[ 56.722334][ T5124] which belongs to the cache skbuff_head_cache of size 240
[ 56.736889][ T5124] The buggy address is located 228 bytes inside of
[ 56.736889][ T5124] freed 240-byte region [ffff888029316a00, ffff888029316af0)
[ 56.750667][ T5124]
[ 56.752974][ T5124] The buggy address belongs to the physical page:
[ 56.759370][ T5124] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29316
[ 56.768111][ T5124] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 56.775210][ T5124] page_type: 0xffffefff(slab)
[ 56.779873][ T5124] raw: 00fff00000000000 ffff888018aea780 ffffea0000ba1fc0 dead000000000004
[ 56.788438][ T5124] raw: 0000000000000000 00000000800c000c 00000001ffffefff 0000000000000000
[ 56.797171][ T5124] page dumped because: kasan: bad access detected
[ 56.803575][ T5124] page_owner tracks the page as allocated
[ 56.809270][ T5124] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 11344715507, free_ts 10953589034
[ 56.827750][ T5124] post_alloc_hook+0x1f3/0x230
[ 56.832502][ T5124] get_page_from_freelist+0x2e2d/0x2ee0
[ 56.838033][ T5124] __alloc_pages_noprof+0x256/0x6c0
[ 56.843215][ T5124] alloc_slab_page+0x5f/0x120
[ 56.847881][ T5124] allocate_slab+0x5a/0x2e0
[ 56.852372][ T5124] ___slab_alloc+0xcd1/0x14b0
[ 56.857037][ T5124] __slab_alloc+0x58/0xa0
[ 56.861352][ T5124] kmem_cache_alloc_node_noprof+0x1fe/0x320
[ 56.867231][ T5124] __alloc_skb+0x1c3/0x440
[ 56.871638][ T5124] alloc_uevent_skb+0x74/0x230
[ 56.876390][ T5124] kobject_uevent_net_broadcast+0x182/0x580
[ 56.882275][ T5124] kobject_uevent_env+0x57d/0x8e0
[ 56.887292][ T5124] netdev_queue_update_kobjects+0x2c4/0x5f0
[ 56.893171][ T5124] netdev_register_kobject+0x265/0x320
[ 56.898614][ T5124] register_netdevice+0x11d5/0x19e0
[ 56.903890][ T5124] register_netdev+0x3b/0x50
[ 56.908463][ T5124] page last free pid 50 tgid 50 stack trace:
[ 56.914420][ T5124] free_unref_page+0xd19/0xea0
[ 56.919169][ T5124] vfree+0x186/0x2e0
[ 56.923138][ T5124] delayed_vfree_work+0x56/0x80
[ 56.927981][ T5124] process_scheduled_works+0xa2c/0x1830
[ 56.933511][ T5124] worker_thread+0x86d/0xd70
[ 56.938085][ T5124] kthread+0x2f0/0x390
[ 56.942139][ T5124] ret_from_fork+0x4b/0x80
[ 56.946541][ T5124] ret_from_fork_asm+0x1a/0x30
[ 56.951294][ T5124]
[ 56.953600][ T5124] Memory state around the buggy address:
[ 56.959212][ T5124] ffff888029316980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 56.967254][ T5124] ffff888029316a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 56.975301][ T5124] >ffff888029316a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 56.983341][ T5124] ^
[ 56.990537][ T5124] ffff888029316b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 56.998582][ T5124] ffff888029316b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 57.006622][ T5124] ==================================================================
[ 57.015194][ T5124] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 57.022402][ T5124] CPU: 1 PID: 5124 Comm: syz-executor.0 Not tainted 6.10.0-rc1-syzkaller-00317-ga693b9c95abd #0
[ 57.032821][ T5124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 57.042874][ T5124] Call Trace:
[ 57.046143][ T5124]
[ 57.049064][ T5124] dump_stack_lvl+0x241/0x360
[ 57.053737][ T5124] ? __pfx_dump_stack_lvl+0x10/0x10
[ 57.058926][ T5124] ? __pfx__printk+0x10/0x10
[ 57.063504][ T5124] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 57.069476][ T5124] ? vscnprintf+0x5d/0x90
[ 57.073797][ T5124] panic+0x349/0x860
[ 57.077678][ T5124] ? check_panic_on_warn+0x21/0xb0
[ 57.082787][ T5124] ? __pfx_panic+0x10/0x10
[ 57.087192][ T5124] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 57.093160][ T5124] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 57.099477][ T5124] check_panic_on_warn+0x86/0xb0
[ 57.104403][ T5124] ? kfree_skb_reason+0x41/0x3b0
[ 57.109325][ T5124] end_report+0x77/0x160
[ 57.113558][ T5124] kasan_report+0x154/0x180
[ 57.118046][ T5124] ? kfree_skb_reason+0x41/0x3b0
[ 57.122974][ T5124] kasan_check_range+0x282/0x290
[ 57.127900][ T5124] kfree_skb_reason+0x41/0x3b0
[ 57.132651][ T5124] __hci_req_sync+0x62f/0x950
[ 57.137320][ T5124] ? __pfx___hci_req_sync+0x10/0x10
[ 57.142507][ T5124] ? __pfx___mutex_lock+0x10/0x10
[ 57.147523][ T5124] ? __pfx_autoremove_wake_function+0x10/0x10
[ 57.153579][ T5124] ? __pfx_hci_scan_req+0x10/0x10
[ 57.158597][ T5124] hci_req_sync+0xa9/0xd0
[ 57.162915][ T5124] hci_dev_cmd+0x4c5/0xa50
[ 57.167319][ T5124] ? security_capable+0x90/0xb0
[ 57.172162][ T5124] ? __pfx_hci_dev_cmd+0x10/0x10
[ 57.177087][ T5124] ? hci_sock_ioctl+0x6c4/0xa40
[ 57.181929][ T5124] sock_do_ioctl+0x158/0x460
[ 57.186507][ T5124] ? __pfx_smack_log+0x10/0x10
[ 57.191262][ T5124] ? __pfx_sock_do_ioctl+0x10/0x10
[ 57.196360][ T5124] ? smk_tskacc+0x300/0x370
[ 57.200854][ T5124] ? smack_file_ioctl+0x2a1/0x3a0
[ 57.205866][ T5124] sock_ioctl+0x629/0x8e0
[ 57.210183][ T5124] ? __pfx_sock_ioctl+0x10/0x10
[ 57.215021][ T5124] ? __fget_files+0x3f6/0x470
[ 57.219685][ T5124] ? __fget_files+0x29/0x470
[ 57.224260][ T5124] ? bpf_lsm_file_ioctl+0x9/0x10
[ 57.229183][ T5124] ? security_file_ioctl+0x87/0xb0
[ 57.234281][ T5124] ? __pfx_sock_ioctl+0x10/0x10
[ 57.239118][ T5124] __se_sys_ioctl+0xfc/0x170
[ 57.243699][ T5124] do_syscall_64+0xf3/0x230
[ 57.248214][ T5124] ? clear_bhb_loop+0x35/0x90
[ 57.252887][ T5124] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 57.258767][ T5124] RIP: 0033:0x7fef5407cc4b
[ 57.263169][ T5124] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 57.282760][ T5124] RSP: 002b:00007ffff8fa41b0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 57.291160][ T5124] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fef5407cc4b
[ 57.299118][ T5124] RDX: 00007ffff8fa4228 RSI: 00000000400448dd RDI: 0000000000000003
[ 57.307074][ T5124] RBP: 00005555646a6430 R08: 0000000000000000 R09: 0000000000000000
[ 57.315030][ T5124] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 57.322988][ T5124] R13: 0000000000000000 R14: 0000000000000001 R15: 00000000fffffff1
[ 57.330950][ T5124]
[ 57.334067][ T5124] Kernel Offset: disabled
[ 57.338377][ T5124] Rebooting in 86400 seconds..