Warning: Permanently added '10.128.1.57' (ED25519) to the list of known hosts.
2024/06/09 09:47:13 ignoring optional flag "sandboxArg"="0"
2024/06/09 09:47:13 parsed 1 programs
[ 71.338448][ T5089] cgroup: Unknown subsys name 'net'
[ 71.584622][ T5089] cgroup: Unknown subsys name 'rlimit'
[ 71.636630][ T1247] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.643190][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[ 72.969159][ T5106] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 73.208265][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 73.215917][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 73.226465][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 73.234850][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 73.243322][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 73.251298][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 73.265540][ T5125] ==================================================================
[ 73.273603][ T5125] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x41/0x3b0
[ 73.281314][ T5125] Read of size 4 at addr ffff88802be9e864 by task syz-executor.0/5125
[ 73.289437][ T5125]
[ 73.291739][ T5125] CPU: 1 PID: 5125 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00366-g771ed66105de #0
[ 73.302119][ T5125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 73.312154][ T5125] Call Trace:
[ 73.315411][ T5125]
[ 73.318332][ T5125] dump_stack_lvl+0x241/0x360
[ 73.322995][ T5125] ? __pfx_dump_stack_lvl+0x10/0x10
[ 73.328174][ T5125] ? __pfx__printk+0x10/0x10
[ 73.332741][ T5125] ? _printk+0xd5/0x120
[ 73.336871][ T5125] ? __virt_addr_valid+0x183/0x520
[ 73.341964][ T5125] ? __virt_addr_valid+0x183/0x520
[ 73.347050][ T5125] print_report+0x169/0x550
[ 73.351532][ T5125] ? __virt_addr_valid+0x183/0x520
[ 73.356627][ T5125] ? __virt_addr_valid+0x183/0x520
[ 73.361719][ T5125] ? __virt_addr_valid+0x44e/0x520
[ 73.366807][ T5125] ? __phys_addr+0xba/0x170
[ 73.371286][ T5125] ? kfree_skb_reason+0x41/0x3b0
[ 73.376202][ T5125] kasan_report+0x143/0x180
[ 73.380681][ T5125] ? kfree_skb_reason+0x41/0x3b0
[ 73.385595][ T5125] kasan_check_range+0x282/0x290
[ 73.390507][ T5125] kfree_skb_reason+0x41/0x3b0
[ 73.395246][ T5125] __hci_req_sync+0x62f/0x950
[ 73.399899][ T5125] ? __pfx___hci_req_sync+0x10/0x10
[ 73.405077][ T5125] ? __pfx___mutex_lock+0x10/0x10
[ 73.410076][ T5125] ? __pfx_autoremove_wake_function+0x10/0x10
[ 73.416121][ T5125] ? __pfx_hci_scan_req+0x10/0x10
[ 73.421121][ T5125] hci_req_sync+0xa9/0xd0
[ 73.425426][ T5125] hci_dev_cmd+0x4c5/0xa50
[ 73.429820][ T5125] ? security_capable+0x90/0xb0
[ 73.434653][ T5125] ? __pfx_hci_dev_cmd+0x10/0x10
[ 73.439565][ T5125] ? hci_sock_ioctl+0x6c4/0xa40
[ 73.444401][ T5125] sock_do_ioctl+0x158/0x460
[ 73.448971][ T5125] ? __pfx_sock_do_ioctl+0x10/0x10
[ 73.454068][ T5125] sock_ioctl+0x629/0x8e0
[ 73.458374][ T5125] ? __pfx_sock_ioctl+0x10/0x10
[ 73.463198][ T5125] ? __fget_files+0x29/0x470
[ 73.467762][ T5125] ? __fget_files+0x3f6/0x470
[ 73.472414][ T5125] ? __fget_files+0x29/0x470
[ 73.476981][ T5125] ? bpf_lsm_file_ioctl+0x9/0x10
[ 73.481889][ T5125] ? security_file_ioctl+0x87/0xb0
[ 73.486972][ T5125] ? __pfx_sock_ioctl+0x10/0x10
[ 73.491795][ T5125] __se_sys_ioctl+0xfc/0x170
[ 73.496361][ T5125] do_syscall_64+0xf3/0x230
[ 73.500840][ T5125] ? clear_bhb_loop+0x35/0x90
[ 73.505493][ T5125] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.511367][ T5125] RIP: 0033:0x7fe274c7cccb
[ 73.515763][ T5125] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 73.535342][ T5125] RSP: 002b:00007ffc43598dc0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 73.543744][ T5125] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fe274c7cccb
[ 73.551689][ T5125] RDX: 00007ffc43598e38 RSI: 00000000400448dd RDI: 0000000000000003
[ 73.559644][ T5125] RBP: 0000555585b89430 R08: 0000000000000000 R09: 0000000000000000
[ 73.567604][ T5125] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 73.575558][ T5125] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
[ 73.583514][ T5125]
[ 73.586507][ T5125]
[ 73.588804][ T5125] Allocated by task 4490:
[ 73.593101][ T5125] kasan_save_track+0x3f/0x80
[ 73.597754][ T5125] __kasan_slab_alloc+0x66/0x80
[ 73.602580][ T5125] kmem_cache_alloc_noprof+0x135/0x2a0
[ 73.608013][ T5125] skb_clone+0x20c/0x390
[ 73.612226][ T5125] hci_cmd_work+0x29e/0x670
[ 73.616702][ T5125] process_scheduled_works+0xa2c/0x1830
[ 73.622226][ T5125] worker_thread+0x86d/0xd70
[ 73.626788][ T5125] kthread+0x2f0/0x390
[ 73.630843][ T5125] ret_from_fork+0x4b/0x80
[ 73.635251][ T5125] ret_from_fork_asm+0x1a/0x30
[ 73.639994][ T5125]
[ 73.642296][ T5125] Freed by task 4490:
[ 73.646258][ T5125] kasan_save_track+0x3f/0x80
[ 73.650906][ T5125] kasan_save_free_info+0x40/0x50
[ 73.655904][ T5125] poison_slab_object+0xe0/0x150
[ 73.660814][ T5125] __kasan_slab_free+0x37/0x60
[ 73.665550][ T5125] kmem_cache_free+0x145/0x350
[ 73.670286][ T5125] hci_req_sync_complete+0xe7/0x290
[ 73.675457][ T5125] hci_event_packet+0xc71/0x1540
[ 73.680364][ T5125] hci_rx_work+0x3e8/0xca0
[ 73.684752][ T5125] process_scheduled_works+0xa2c/0x1830
[ 73.690267][ T5125] worker_thread+0x86d/0xd70
[ 73.694830][ T5125] kthread+0x2f0/0x390
[ 73.698874][ T5125] ret_from_fork+0x4b/0x80
[ 73.703265][ T5125] ret_from_fork_asm+0x1a/0x30
[ 73.708002][ T5125]
[ 73.710300][ T5125] The buggy address belongs to the object at ffff88802be9e780
[ 73.710300][ T5125] which belongs to the cache skbuff_head_cache of size 240
[ 73.724848][ T5125] The buggy address is located 228 bytes inside of
[ 73.724848][ T5125] freed 240-byte region [ffff88802be9e780, ffff88802be9e870)
[ 73.738618][ T5125]
[ 73.740915][ T5125] The buggy address belongs to the physical page:
[ 73.747307][ T5125] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2be9e
[ 73.756048][ T5125] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 73.763568][ T5125] page_type: 0xffffefff(slab)
[ 73.768216][ T5125] raw: 00fff00000000000 ffff888018ad7780 ffffea00008c0e00 dead000000000005
[ 73.776773][ T5125] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[ 73.785323][ T5125] page dumped because: kasan: bad access detected
[ 73.791709][ T5125] page_owner tracks the page as allocated
[ 73.797398][ T5125] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4553, tgid 4553 (udevd), ts 18389069105, free_ts 18377028275
[ 73.816038][ T5125] post_alloc_hook+0x1f3/0x230
[ 73.820782][ T5125] get_page_from_freelist+0x2e43/0x2f00
[ 73.826312][ T5125] __alloc_pages_noprof+0x256/0x6c0
[ 73.831497][ T5125] alloc_slab_page+0x5f/0x120
[ 73.836158][ T5125] allocate_slab+0x5a/0x2f0
[ 73.840638][ T5125] ___slab_alloc+0xcd1/0x14b0
[ 73.845287][ T5125] __slab_alloc+0x58/0xa0
[ 73.849588][ T5125] kmem_cache_alloc_node_noprof+0x1fe/0x320
[ 73.855456][ T5125] __alloc_skb+0x1c3/0x440
[ 73.859850][ T5125] alloc_skb_with_frags+0xc3/0x770
[ 73.864933][ T5125] sock_alloc_send_pskb+0x91a/0xa60
[ 73.870103][ T5125] unix_dgram_sendmsg+0x6d3/0x1f80
[ 73.875193][ T5125] __sock_sendmsg+0x221/0x270
[ 73.879844][ T5125] sock_write_iter+0x2dd/0x400
[ 73.884584][ T5125] vfs_write+0xa72/0xc90
[ 73.888815][ T5125] ksys_write+0x1a0/0x2c0
[ 73.893121][ T5125] page last free pid 4546 tgid 4546 stack trace:
[ 73.899419][ T5125] free_unref_page+0xd22/0xea0
[ 73.904158][ T5125] __slab_free+0x31b/0x3d0
[ 73.908549][ T5125] qlist_free_all+0x9e/0x140
[ 73.913111][ T5125] kasan_quarantine_reduce+0x14f/0x170
[ 73.918541][ T5125] __kasan_slab_alloc+0x23/0x80
[ 73.923365][ T5125] kmem_cache_alloc_node_noprof+0x16b/0x320
[ 73.929234][ T5125] __alloc_skb+0x1c3/0x440
[ 73.933626][ T5125] netlink_sendmsg+0x631/0xcb0
[ 73.938363][ T5125] __sock_sendmsg+0x221/0x270
[ 73.943015][ T5125] ____sys_sendmsg+0x525/0x7d0
[ 73.947756][ T5125] __sys_sendmsg+0x2b0/0x3a0
[ 73.952325][ T5125] do_syscall_64+0xf3/0x230
[ 73.956805][ T5125] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.962674][ T5125]
[ 73.964970][ T5125] Memory state around the buggy address:
[ 73.970569][ T5125] ffff88802be9e700: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 73.978601][ T5125] ffff88802be9e780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.986635][ T5125] >ffff88802be9e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 73.994667][ T5125] ^
[ 74.001830][ T5125] ffff88802be9e880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 74.009861][ T5125] ffff88802be9e900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 74.017893][ T5125] ==================================================================
[ 74.026919][ T5125] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 74.034119][ T5125] CPU: 0 PID: 5125 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00366-g771ed66105de #0
[ 74.044511][ T5125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 74.054548][ T5125] Call Trace:
[ 74.057809][ T5125]
[ 74.060723][ T5125] dump_stack_lvl+0x241/0x360
[ 74.065388][ T5125] ? __pfx_dump_stack_lvl+0x10/0x10
[ 74.070572][ T5125] ? __pfx__printk+0x10/0x10
[ 74.075143][ T5125] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 74.081107][ T5125] ? vscnprintf+0x5d/0x90
[ 74.085424][ T5125] panic+0x349/0x860
[ 74.089302][ T5125] ? check_panic_on_warn+0x21/0xb0
[ 74.094399][ T5125] ? __pfx_panic+0x10/0x10
[ 74.098798][ T5125] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 74.104765][ T5125] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 74.111081][ T5125] check_panic_on_warn+0x86/0xb0
[ 74.116003][ T5125] ? kfree_skb_reason+0x41/0x3b0
[ 74.120921][ T5125] end_report+0x77/0x160
[ 74.125151][ T5125] kasan_report+0x154/0x180
[ 74.129638][ T5125] ? kfree_skb_reason+0x41/0x3b0
[ 74.134560][ T5125] kasan_check_range+0x282/0x290
[ 74.139485][ T5125] kfree_skb_reason+0x41/0x3b0
[ 74.144231][ T5125] __hci_req_sync+0x62f/0x950
[ 74.148898][ T5125] ? __pfx___hci_req_sync+0x10/0x10
[ 74.154083][ T5125] ? __pfx___mutex_lock+0x10/0x10
[ 74.159090][ T5125] ? __pfx_autoremove_wake_function+0x10/0x10
[ 74.165140][ T5125] ? __pfx_hci_scan_req+0x10/0x10
[ 74.170151][ T5125] hci_req_sync+0xa9/0xd0
[ 74.174467][ T5125] hci_dev_cmd+0x4c5/0xa50
[ 74.178871][ T5125] ? security_capable+0x90/0xb0
[ 74.183708][ T5125] ? __pfx_hci_dev_cmd+0x10/0x10
[ 74.188633][ T5125] ? hci_sock_ioctl+0x6c4/0xa40
[ 74.193470][ T5125] sock_do_ioctl+0x158/0x460
[ 74.198048][ T5125] ? __pfx_sock_do_ioctl+0x10/0x10
[ 74.203150][ T5125] sock_ioctl+0x629/0x8e0
[ 74.207465][ T5125] ? __pfx_sock_ioctl+0x10/0x10
[ 74.212300][ T5125] ? __fget_files+0x29/0x470
[ 74.216879][ T5125] ? __fget_files+0x3f6/0x470
[ 74.221538][ T5125] ? __fget_files+0x29/0x470
[ 74.226115][ T5125] ? bpf_lsm_file_ioctl+0x9/0x10
[ 74.231039][ T5125] ? security_file_ioctl+0x87/0xb0
[ 74.236133][ T5125] ? __pfx_sock_ioctl+0x10/0x10
[ 74.240966][ T5125] __se_sys_ioctl+0xfc/0x170
[ 74.245541][ T5125] do_syscall_64+0xf3/0x230
[ 74.250027][ T5125] ? clear_bhb_loop+0x35/0x90
[ 74.254688][ T5125] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.260566][ T5125] RIP: 0033:0x7fe274c7cccb
[ 74.264962][ T5125] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 74.284553][ T5125] RSP: 002b:00007ffc43598dc0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 74.292952][ T5125] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fe274c7cccb
[ 74.300905][ T5125] RDX: 00007ffc43598e38 RSI: 00000000400448dd RDI: 0000000000000003
[ 74.308856][ T5125] RBP: 0000555585b89430 R08: 0000000000000000 R09: 0000000000000000
[ 74.316809][ T5125] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 74.324762][ T5125] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
[ 74.332721][ T5125]
[ 74.335921][ T5125] Kernel Offset: disabled
[ 74.340232][ T5125] Rebooting in 86400 seconds..