Warning: Permanently added '10.128.10.51' (ED25519) to the list of known hosts.
[   55.771017][ T3541] cgroup: Unknown subsys name 'net'
[   55.878813][ T3541] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   57.121455][ T3541] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   57.174234][ T3565] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   57.175182][ T3566] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   57.182468][ T3565] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   57.190853][ T3567] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   57.197500][ T3565] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   57.205871][ T3567] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   57.212072][ T3565] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   57.219162][ T3567] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   57.225904][ T3565] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   57.233188][ T3567] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   57.239866][ T3565] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   57.246487][ T3567] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   57.253445][ T3565] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   57.260468][ T3567] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   57.267774][ T3565] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   57.274974][ T3567] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   57.281702][ T3565] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   57.290427][ T3567] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   57.295854][ T3565] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   57.310707][ T3565] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   57.310780][ T3567] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   57.317821][ T3565] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   57.324953][ T3567] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   57.339656][ T3565] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   57.348385][ T3565] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   57.356803][ T3549] ==================================================================
[   57.356929][ T3564] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   57.365514][ T3549] BUG: KASAN: use-after-free in kfree_skb_reason+0x3d/0x390
[   57.365571][ T3549] Read of size 4 at addr ffff88807eb1d0e4 by task syz-executor145/3549
[   57.365586][ T3549] 
[   57.365597][ T3549] CPU: 0 PID: 3549 Comm: syz-executor145 Not tainted 6.1.92-syzkaller #0
[   57.365612][ T3549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   57.365625][ T3549] Call Trace:
[   57.365631][ T3549]  <TASK>
[   57.365638][ T3549]  dump_stack_lvl+0x1e3/0x2cb
[   57.384538][ T3564] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   57.388356][ T3549]  ? nf_tcp_handle_invalid+0x642/0x642
[   57.413296][ T3555] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   57.415540][ T3549]  ? panic+0x764/0x764
[   57.420534][ T3555] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   57.427109][ T3549]  ? _printk+0xd1/0x111
[   57.427131][ T3549]  ? __virt_addr_valid+0x17f/0x520
[   57.427151][ T3549]  ? __virt_addr_valid+0x17f/0x520
[   57.427170][ T3549]  print_report+0x15f/0x4f0
[   57.469426][ T3549]  ? __virt_addr_valid+0x17f/0x520
[   57.474566][ T3549]  ? __virt_addr_valid+0x17f/0x520
[   57.479790][ T3549]  ? __virt_addr_valid+0x44a/0x520
[   57.484937][ T3549]  ? __phys_addr+0xb6/0x170
[   57.489460][ T3549]  ? kfree_skb_reason+0x3d/0x390
[   57.494419][ T3549]  kasan_report+0x136/0x160
[   57.498943][ T3549]  ? kfree_skb_reason+0x3d/0x390
[   57.504003][ T3549]  kasan_check_range+0x27f/0x290
[   57.508962][ T3549]  kfree_skb_reason+0x3d/0x390
[   57.513758][ T3549]  __hci_req_sync+0x626/0x940
[   57.518463][ T3549]  ? trace_contention_end+0x61/0x170
[   57.523777][ T3549]  ? hci_req_sync_complete+0x280/0x280
[   57.529266][ T3549]  ? mutex_lock_nested+0x10/0x10
[   57.534225][ T3549]  ? wake_bit_function+0x210/0x210
[   57.539468][ T3549]  ? hci_encrypt_req+0x170/0x170
[   57.544433][ T3549]  hci_req_sync+0xa5/0xc0
[   57.548810][ T3549]  hci_dev_cmd+0x2fc/0xa30
[   57.553248][ T3549]  ? security_capable+0x86/0xb0
[   57.558211][ T3549]  ? hci_dev_reset_stat+0x1a0/0x1a0
[   57.563444][ T3549]  ? hci_sock_ioctl+0x426/0x850
[   57.568402][ T3549]  sock_do_ioctl+0x152/0x450
[   57.573108][ T3549]  ? sock_show_fdinfo+0xb0/0xb0
[   57.578062][ T3549]  ? __fget_files+0x28/0x4a0
[   57.582674][ T3549]  sock_ioctl+0x47f/0x770
[   57.587112][ T3549]  ? sock_poll+0x410/0x410
[   57.591549][ T3549]  ? __fget_files+0x28/0x4a0
[   57.596250][ T3549]  ? __fget_files+0x435/0x4a0
[   57.600947][ T3549]  ? __fget_files+0x28/0x4a0
[   57.605556][ T3549]  ? bpf_lsm_file_ioctl+0x5/0x10
[   57.610514][ T3549]  ? security_file_ioctl+0x7d/0xa0
[   57.615615][ T3549]  ? sock_poll+0x410/0x410
[   57.620029][ T3549]  __se_sys_ioctl+0xf1/0x160
[   57.624615][ T3549]  do_syscall_64+0x3b/0xb0
[   57.629142][ T3549]  ? clear_bhb_loop+0x45/0xa0
[   57.633813][ T3549]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   57.640397][ T3549] RIP: 0033:0x7fa530a1802b
[   57.644810][ T3549] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   57.664509][ T3549] RSP: 002b:00007ffe9c4f32f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   57.673283][ T3549] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa530a1802b
[   57.681302][ T3549] RDX: 00007ffe9c4f3448 RSI: 00000000400448dd RDI: 0000000000000003
[   57.689453][ T3549] RBP: 00005555563b5430 R08: 0000000000000000 R09: 00007ffe9c4f3267
[   57.697972][ T3549] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[   57.706044][ T3549] R13: 0000000000000000 R14: 00007ffe9c4f3460 R15: 00007fa530aa3300
[   57.714123][ T3549]  </TASK>
[   57.717130][ T3549] 
[   57.719437][ T3549] Allocated by task 3555:
[   57.723744][ T3549]  kasan_set_track+0x4b/0x70
[   57.728415][ T3549]  __kasan_slab_alloc+0x65/0x70
[   57.733251][ T3549]  slab_post_alloc_hook+0x52/0x3a0
[   57.738353][ T3549]  kmem_cache_alloc+0x10c/0x2d0
[   57.743199][ T3549]  skb_clone+0x1e5/0x360
[   57.747429][ T3549]  hci_cmd_work+0x296/0x660
[   57.751929][ T3549]  process_one_work+0x8a9/0x11d0
[   57.756866][ T3549]  worker_thread+0xa47/0x1200
[   57.761618][ T3549]  kthread+0x28d/0x320
[   57.765700][ T3549]  ret_from_fork+0x1f/0x30
[   57.770196][ T3549] 
[   57.772508][ T3549] Freed by task 3564:
[   57.776731][ T3549]  kasan_set_track+0x4b/0x70
[   57.781491][ T3549]  kasan_save_free_info+0x27/0x40
[   57.786507][ T3549]  ____kasan_slab_free+0xd6/0x120
[   57.791527][ T3549]  kmem_cache_free+0x292/0x510
[   57.796283][ T3549]  hci_req_sync_complete+0xee/0x280
[   57.801472][ T3549]  hci_event_packet+0xc49/0x1510
[   57.806402][ T3549]  hci_rx_work+0x3cd/0xce0
[   57.810810][ T3549]  process_one_work+0x8a9/0x11d0
[   57.815847][ T3549]  worker_thread+0xa47/0x1200
[   57.820515][ T3549]  kthread+0x28d/0x320
[   57.824572][ T3549]  ret_from_fork+0x1f/0x30
[   57.828988][ T3549] 
[   57.831300][ T3549] The buggy address belongs to the object at ffff88807eb1d000
[   57.831300][ T3549]  which belongs to the cache skbuff_head_cache of size 240
[   57.845948][ T3549] The buggy address is located 228 bytes inside of
[   57.845948][ T3549]  240-byte region [ffff88807eb1d000, ffff88807eb1d0f0)
[   57.859237][ T3549] 
[   57.861551][ T3549] The buggy address belongs to the physical page:
[   57.867961][ T3549] page:ffffea0001fac740 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7eb1d
[   57.878220][ T3549] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[   57.885865][ T3549] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff888015641000
[   57.894545][ T3549] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[   57.903117][ T3549] page dumped because: kasan: bad access detected
[   57.909546][ T3549] page_owner tracks the page as allocated
[   57.915246][ T3549] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 3555, tgid 3555 (kworker/u5:1), ts 57356304507, free_ts 50108089401
[   57.933564][ T3549]  post_alloc_hook+0x18d/0x1b0
[   57.938321][ T3549]  get_page_from_freelist+0x31a1/0x3320
[   57.943857][ T3549]  __alloc_pages+0x28d/0x770
[   57.948444][ T3549]  alloc_slab_page+0x6a/0x150
[   57.953116][ T3549]  new_slab+0x84/0x2d0
[   57.957175][ T3549]  ___slab_alloc+0xc20/0x1270
[   57.962052][ T3549]  kmem_cache_alloc+0x1a5/0x2d0
[   57.967357][ T3549]  skb_clone+0x1e5/0x360
[   57.972813][ T3549]  hci_cmd_work+0x296/0x660
[   57.977592][ T3549]  process_one_work+0x8a9/0x11d0
[   57.982553][ T3549]  worker_thread+0xa47/0x1200
[   57.987234][ T3549]  kthread+0x28d/0x320
[   57.991315][ T3549]  ret_from_fork+0x1f/0x30
[   57.995737][ T3549] page last free stack trace:
[   58.000403][ T3549]  free_unref_page_prepare+0xf63/0x1120
[   58.005961][ T3549]  free_unref_page+0x33/0x3e0
[   58.010642][ T3549]  pipe_read+0x6e1/0x12a0
[   58.014970][ T3549]  vfs_read+0x7de/0xbe0
[   58.019127][ T3549]  ksys_read+0x19c/0x2c0
[   58.023356][ T3549]  do_syscall_64+0x3b/0xb0
[   58.027765][ T3549]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   58.033700][ T3549] 
[   58.036008][ T3549] Memory state around the buggy address:
[   58.041709][ T3549]  ffff88807eb1cf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   58.049756][ T3549]  ffff88807eb1d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   58.057802][ T3549] >ffff88807eb1d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[   58.065845][ T3549]                                                        ^
[   58.073021][ T3549]  ffff88807eb1d100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   58.081067][ T3549]  ffff88807eb1d180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   58.089286][ T3549] ==================================================================
[   58.097981][ T3565] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   58.106159][ T3549] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   58.113403][ T3549] CPU: 0 PID: 3549 Comm: syz-executor145 Not tainted 6.1.92-syzkaller #0
[   58.121892][ T3549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   58.132034][ T3549] Call Trace:
[   58.135304][ T3549]  <TASK>
[   58.138222][ T3549]  dump_stack_lvl+0x1e3/0x2cb
[   58.142900][ T3549]  ? nf_tcp_handle_invalid+0x642/0x642
[   58.148353][ T3549]  ? panic+0x764/0x764
[   58.152407][ T3549]  ? preempt_schedule_common+0xa6/0xd0
[   58.157861][ T3549]  ? vscnprintf+0x59/0x80
[   58.162182][ T3549]  panic+0x318/0x764
[   58.166068][ T3549]  ? check_panic_on_warn+0x1d/0xa0
[   58.171191][ T3549]  ? memcpy_page_flushcache+0xfc/0xfc
[   58.176846][ T3549]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[   58.182916][ T3549]  ? _raw_spin_unlock+0x40/0x40
[   58.187758][ T3549]  ? print_report+0x4a3/0x4f0
[   58.192424][ T3549]  check_panic_on_warn+0x7e/0xa0
[   58.197374][ T3549]  ? kfree_skb_reason+0x3d/0x390
[   58.202477][ T3549]  end_report+0x66/0x110
[   58.206716][ T3549]  kasan_report+0x143/0x160
[   58.211210][ T3549]  ? kfree_skb_reason+0x3d/0x390
[   58.216142][ T3549]  kasan_check_range+0x27f/0x290
[   58.221069][ T3549]  kfree_skb_reason+0x3d/0x390
[   58.225826][ T3549]  __hci_req_sync+0x626/0x940
[   58.230575][ T3549]  ? trace_contention_end+0x61/0x170
[   58.235852][ T3549]  ? hci_req_sync_complete+0x280/0x280
[   58.241393][ T3549]  ? mutex_lock_nested+0x10/0x10
[   58.246493][ T3549]  ? wake_bit_function+0x210/0x210
[   58.251603][ T3549]  ? hci_encrypt_req+0x170/0x170
[   58.256537][ T3549]  hci_req_sync+0xa5/0xc0
[   58.260859][ T3549]  hci_dev_cmd+0x2fc/0xa30
[   58.265273][ T3549]  ? security_capable+0x86/0xb0
[   58.270116][ T3549]  ? hci_dev_reset_stat+0x1a0/0x1a0
[   58.275328][ T3549]  ? hci_sock_ioctl+0x426/0x850
[   58.280207][ T3549]  sock_do_ioctl+0x152/0x450
[   58.284810][ T3549]  ? sock_show_fdinfo+0xb0/0xb0
[   58.289679][ T3549]  ? __fget_files+0x28/0x4a0
[   58.294274][ T3549]  sock_ioctl+0x47f/0x770
[   58.298598][ T3549]  ? sock_poll+0x410/0x410
[   58.303012][ T3549]  ? __fget_files+0x28/0x4a0
[   58.307608][ T3549]  ? __fget_files+0x435/0x4a0
[   58.312317][ T3549]  ? __fget_files+0x28/0x4a0
[   58.316932][ T3549]  ? bpf_lsm_file_ioctl+0x5/0x10
[   58.321962][ T3549]  ? security_file_ioctl+0x7d/0xa0
[   58.327064][ T3549]  ? sock_poll+0x410/0x410
[   58.331472][ T3549]  __se_sys_ioctl+0xf1/0x160
[   58.336123][ T3549]  do_syscall_64+0x3b/0xb0
[   58.340539][ T3549]  ? clear_bhb_loop+0x45/0xa0
[   58.345221][ T3549]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[   58.351118][ T3549] RIP: 0033:0x7fa530a1802b
[   58.355533][ T3549] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   58.376102][ T3549] RSP: 002b:00007ffe9c4f32f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   58.384548][ T3549] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa530a1802b
[   58.392553][ T3549] RDX: 00007ffe9c4f3448 RSI: 00000000400448dd RDI: 0000000000000003
[   58.400553][ T3549] RBP: 00005555563b5430 R08: 0000000000000000 R09: 00007ffe9c4f3267
[   58.409623][ T3549] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[   58.417730][ T3549] R13: 0000000000000000 R14: 00007ffe9c4f3460 R15: 00007fa530aa3300
[   58.426422][ T3549]  </TASK>
[   58.429900][ T3549] Kernel Offset: disabled
[   58.434461][ T3549] Rebooting in 86400 seconds..