Warning: Permanently added '10.128.1.57' (ED25519) to the list of known hosts. 2024/06/09 09:47:13 ignoring optional flag "sandboxArg"="0" 2024/06/09 09:47:13 parsed 1 programs [ 71.338448][ T5089] cgroup: Unknown subsys name 'net' [ 71.584622][ T5089] cgroup: Unknown subsys name 'rlimit' [ 71.636630][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.643190][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.969159][ T5106] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 73.208265][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 73.215917][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 73.226465][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 73.234850][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 73.243322][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 73.251298][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 73.265540][ T5125] ================================================================== [ 73.273603][ T5125] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x41/0x3b0 [ 73.281314][ T5125] Read of size 4 at addr ffff88802be9e864 by task syz-executor.0/5125 [ 73.289437][ T5125] [ 73.291739][ T5125] CPU: 1 PID: 5125 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00366-g771ed66105de #0 [ 73.302119][ T5125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 73.312154][ T5125] Call Trace: [ 73.315411][ T5125] [ 73.318332][ T5125] dump_stack_lvl+0x241/0x360 [ 73.322995][ T5125] ? __pfx_dump_stack_lvl+0x10/0x10 [ 73.328174][ T5125] ? __pfx__printk+0x10/0x10 [ 73.332741][ T5125] ? _printk+0xd5/0x120 [ 73.336871][ T5125] ? __virt_addr_valid+0x183/0x520 [ 73.341964][ T5125] ? __virt_addr_valid+0x183/0x520 [ 73.347050][ T5125] print_report+0x169/0x550 [ 73.351532][ T5125] ? __virt_addr_valid+0x183/0x520 [ 73.356627][ T5125] ? __virt_addr_valid+0x183/0x520 [ 73.361719][ T5125] ? __virt_addr_valid+0x44e/0x520 [ 73.366807][ T5125] ? __phys_addr+0xba/0x170 [ 73.371286][ T5125] ? kfree_skb_reason+0x41/0x3b0 [ 73.376202][ T5125] kasan_report+0x143/0x180 [ 73.380681][ T5125] ? kfree_skb_reason+0x41/0x3b0 [ 73.385595][ T5125] kasan_check_range+0x282/0x290 [ 73.390507][ T5125] kfree_skb_reason+0x41/0x3b0 [ 73.395246][ T5125] __hci_req_sync+0x62f/0x950 [ 73.399899][ T5125] ? __pfx___hci_req_sync+0x10/0x10 [ 73.405077][ T5125] ? __pfx___mutex_lock+0x10/0x10 [ 73.410076][ T5125] ? __pfx_autoremove_wake_function+0x10/0x10 [ 73.416121][ T5125] ? __pfx_hci_scan_req+0x10/0x10 [ 73.421121][ T5125] hci_req_sync+0xa9/0xd0 [ 73.425426][ T5125] hci_dev_cmd+0x4c5/0xa50 [ 73.429820][ T5125] ? security_capable+0x90/0xb0 [ 73.434653][ T5125] ? __pfx_hci_dev_cmd+0x10/0x10 [ 73.439565][ T5125] ? hci_sock_ioctl+0x6c4/0xa40 [ 73.444401][ T5125] sock_do_ioctl+0x158/0x460 [ 73.448971][ T5125] ? __pfx_sock_do_ioctl+0x10/0x10 [ 73.454068][ T5125] sock_ioctl+0x629/0x8e0 [ 73.458374][ T5125] ? __pfx_sock_ioctl+0x10/0x10 [ 73.463198][ T5125] ? __fget_files+0x29/0x470 [ 73.467762][ T5125] ? __fget_files+0x3f6/0x470 [ 73.472414][ T5125] ? __fget_files+0x29/0x470 [ 73.476981][ T5125] ? bpf_lsm_file_ioctl+0x9/0x10 [ 73.481889][ T5125] ? security_file_ioctl+0x87/0xb0 [ 73.486972][ T5125] ? __pfx_sock_ioctl+0x10/0x10 [ 73.491795][ T5125] __se_sys_ioctl+0xfc/0x170 [ 73.496361][ T5125] do_syscall_64+0xf3/0x230 [ 73.500840][ T5125] ? clear_bhb_loop+0x35/0x90 [ 73.505493][ T5125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.511367][ T5125] RIP: 0033:0x7fe274c7cccb [ 73.515763][ T5125] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 73.535342][ T5125] RSP: 002b:00007ffc43598dc0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 73.543744][ T5125] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fe274c7cccb [ 73.551689][ T5125] RDX: 00007ffc43598e38 RSI: 00000000400448dd RDI: 0000000000000003 [ 73.559644][ T5125] RBP: 0000555585b89430 R08: 0000000000000000 R09: 0000000000000000 [ 73.567604][ T5125] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 73.575558][ T5125] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 73.583514][ T5125] [ 73.586507][ T5125] [ 73.588804][ T5125] Allocated by task 4490: [ 73.593101][ T5125] kasan_save_track+0x3f/0x80 [ 73.597754][ T5125] __kasan_slab_alloc+0x66/0x80 [ 73.602580][ T5125] kmem_cache_alloc_noprof+0x135/0x2a0 [ 73.608013][ T5125] skb_clone+0x20c/0x390 [ 73.612226][ T5125] hci_cmd_work+0x29e/0x670 [ 73.616702][ T5125] process_scheduled_works+0xa2c/0x1830 [ 73.622226][ T5125] worker_thread+0x86d/0xd70 [ 73.626788][ T5125] kthread+0x2f0/0x390 [ 73.630843][ T5125] ret_from_fork+0x4b/0x80 [ 73.635251][ T5125] ret_from_fork_asm+0x1a/0x30 [ 73.639994][ T5125] [ 73.642296][ T5125] Freed by task 4490: [ 73.646258][ T5125] kasan_save_track+0x3f/0x80 [ 73.650906][ T5125] kasan_save_free_info+0x40/0x50 [ 73.655904][ T5125] poison_slab_object+0xe0/0x150 [ 73.660814][ T5125] __kasan_slab_free+0x37/0x60 [ 73.665550][ T5125] kmem_cache_free+0x145/0x350 [ 73.670286][ T5125] hci_req_sync_complete+0xe7/0x290 [ 73.675457][ T5125] hci_event_packet+0xc71/0x1540 [ 73.680364][ T5125] hci_rx_work+0x3e8/0xca0 [ 73.684752][ T5125] process_scheduled_works+0xa2c/0x1830 [ 73.690267][ T5125] worker_thread+0x86d/0xd70 [ 73.694830][ T5125] kthread+0x2f0/0x390 [ 73.698874][ T5125] ret_from_fork+0x4b/0x80 [ 73.703265][ T5125] ret_from_fork_asm+0x1a/0x30 [ 73.708002][ T5125] [ 73.710300][ T5125] The buggy address belongs to the object at ffff88802be9e780 [ 73.710300][ T5125] which belongs to the cache skbuff_head_cache of size 240 [ 73.724848][ T5125] The buggy address is located 228 bytes inside of [ 73.724848][ T5125] freed 240-byte region [ffff88802be9e780, ffff88802be9e870) [ 73.738618][ T5125] [ 73.740915][ T5125] The buggy address belongs to the physical page: [ 73.747307][ T5125] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2be9e [ 73.756048][ T5125] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 73.763568][ T5125] page_type: 0xffffefff(slab) [ 73.768216][ T5125] raw: 00fff00000000000 ffff888018ad7780 ffffea00008c0e00 dead000000000005 [ 73.776773][ T5125] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000 [ 73.785323][ T5125] page dumped because: kasan: bad access detected [ 73.791709][ T5125] page_owner tracks the page as allocated [ 73.797398][ T5125] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4553, tgid 4553 (udevd), ts 18389069105, free_ts 18377028275 [ 73.816038][ T5125] post_alloc_hook+0x1f3/0x230 [ 73.820782][ T5125] get_page_from_freelist+0x2e43/0x2f00 [ 73.826312][ T5125] __alloc_pages_noprof+0x256/0x6c0 [ 73.831497][ T5125] alloc_slab_page+0x5f/0x120 [ 73.836158][ T5125] allocate_slab+0x5a/0x2f0 [ 73.840638][ T5125] ___slab_alloc+0xcd1/0x14b0 [ 73.845287][ T5125] __slab_alloc+0x58/0xa0 [ 73.849588][ T5125] kmem_cache_alloc_node_noprof+0x1fe/0x320 [ 73.855456][ T5125] __alloc_skb+0x1c3/0x440 [ 73.859850][ T5125] alloc_skb_with_frags+0xc3/0x770 [ 73.864933][ T5125] sock_alloc_send_pskb+0x91a/0xa60 [ 73.870103][ T5125] unix_dgram_sendmsg+0x6d3/0x1f80 [ 73.875193][ T5125] __sock_sendmsg+0x221/0x270 [ 73.879844][ T5125] sock_write_iter+0x2dd/0x400 [ 73.884584][ T5125] vfs_write+0xa72/0xc90 [ 73.888815][ T5125] ksys_write+0x1a0/0x2c0 [ 73.893121][ T5125] page last free pid 4546 tgid 4546 stack trace: [ 73.899419][ T5125] free_unref_page+0xd22/0xea0 [ 73.904158][ T5125] __slab_free+0x31b/0x3d0 [ 73.908549][ T5125] qlist_free_all+0x9e/0x140 [ 73.913111][ T5125] kasan_quarantine_reduce+0x14f/0x170 [ 73.918541][ T5125] __kasan_slab_alloc+0x23/0x80 [ 73.923365][ T5125] kmem_cache_alloc_node_noprof+0x16b/0x320 [ 73.929234][ T5125] __alloc_skb+0x1c3/0x440 [ 73.933626][ T5125] netlink_sendmsg+0x631/0xcb0 [ 73.938363][ T5125] __sock_sendmsg+0x221/0x270 [ 73.943015][ T5125] ____sys_sendmsg+0x525/0x7d0 [ 73.947756][ T5125] __sys_sendmsg+0x2b0/0x3a0 [ 73.952325][ T5125] do_syscall_64+0xf3/0x230 [ 73.956805][ T5125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.962674][ T5125] [ 73.964970][ T5125] Memory state around the buggy address: [ 73.970569][ T5125] ffff88802be9e700: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 73.978601][ T5125] ffff88802be9e780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 73.986635][ T5125] >ffff88802be9e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 73.994667][ T5125] ^ [ 74.001830][ T5125] ffff88802be9e880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 74.009861][ T5125] ffff88802be9e900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.017893][ T5125] ================================================================== [ 74.026919][ T5125] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 74.034119][ T5125] CPU: 0 PID: 5125 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00366-g771ed66105de #0 [ 74.044511][ T5125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 74.054548][ T5125] Call Trace: [ 74.057809][ T5125] [ 74.060723][ T5125] dump_stack_lvl+0x241/0x360 [ 74.065388][ T5125] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.070572][ T5125] ? __pfx__printk+0x10/0x10 [ 74.075143][ T5125] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 74.081107][ T5125] ? vscnprintf+0x5d/0x90 [ 74.085424][ T5125] panic+0x349/0x860 [ 74.089302][ T5125] ? check_panic_on_warn+0x21/0xb0 [ 74.094399][ T5125] ? __pfx_panic+0x10/0x10 [ 74.098798][ T5125] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 74.104765][ T5125] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 74.111081][ T5125] check_panic_on_warn+0x86/0xb0 [ 74.116003][ T5125] ? kfree_skb_reason+0x41/0x3b0 [ 74.120921][ T5125] end_report+0x77/0x160 [ 74.125151][ T5125] kasan_report+0x154/0x180 [ 74.129638][ T5125] ? kfree_skb_reason+0x41/0x3b0 [ 74.134560][ T5125] kasan_check_range+0x282/0x290 [ 74.139485][ T5125] kfree_skb_reason+0x41/0x3b0 [ 74.144231][ T5125] __hci_req_sync+0x62f/0x950 [ 74.148898][ T5125] ? __pfx___hci_req_sync+0x10/0x10 [ 74.154083][ T5125] ? __pfx___mutex_lock+0x10/0x10 [ 74.159090][ T5125] ? __pfx_autoremove_wake_function+0x10/0x10 [ 74.165140][ T5125] ? __pfx_hci_scan_req+0x10/0x10 [ 74.170151][ T5125] hci_req_sync+0xa9/0xd0 [ 74.174467][ T5125] hci_dev_cmd+0x4c5/0xa50 [ 74.178871][ T5125] ? security_capable+0x90/0xb0 [ 74.183708][ T5125] ? __pfx_hci_dev_cmd+0x10/0x10 [ 74.188633][ T5125] ? hci_sock_ioctl+0x6c4/0xa40 [ 74.193470][ T5125] sock_do_ioctl+0x158/0x460 [ 74.198048][ T5125] ? __pfx_sock_do_ioctl+0x10/0x10 [ 74.203150][ T5125] sock_ioctl+0x629/0x8e0 [ 74.207465][ T5125] ? __pfx_sock_ioctl+0x10/0x10 [ 74.212300][ T5125] ? __fget_files+0x29/0x470 [ 74.216879][ T5125] ? __fget_files+0x3f6/0x470 [ 74.221538][ T5125] ? __fget_files+0x29/0x470 [ 74.226115][ T5125] ? bpf_lsm_file_ioctl+0x9/0x10 [ 74.231039][ T5125] ? security_file_ioctl+0x87/0xb0 [ 74.236133][ T5125] ? __pfx_sock_ioctl+0x10/0x10 [ 74.240966][ T5125] __se_sys_ioctl+0xfc/0x170 [ 74.245541][ T5125] do_syscall_64+0xf3/0x230 [ 74.250027][ T5125] ? clear_bhb_loop+0x35/0x90 [ 74.254688][ T5125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.260566][ T5125] RIP: 0033:0x7fe274c7cccb [ 74.264962][ T5125] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 74.284553][ T5125] RSP: 002b:00007ffc43598dc0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 74.292952][ T5125] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fe274c7cccb [ 74.300905][ T5125] RDX: 00007ffc43598e38 RSI: 00000000400448dd RDI: 0000000000000003 [ 74.308856][ T5125] RBP: 0000555585b89430 R08: 0000000000000000 R09: 0000000000000000 [ 74.316809][ T5125] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000 [ 74.324762][ T5125] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 74.332721][ T5125] [ 74.335921][ T5125] Kernel Offset: disabled [ 74.340232][ T5125] Rebooting in 86400 seconds..