Warning: Permanently added '10.128.0.157' (ED25519) to the list of known hosts.
2024/06/23 04:37:04 ignoring optional flag "sandboxArg"="0"
2024/06/23 04:37:04 parsed 1 programs
[ 1062.635749][ T5155] cgroup: Unknown subsys name 'net'
[ 1062.924032][ T5155] cgroup: Unknown subsys name 'rlimit'
[ 1064.365971][ T5174] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[ 1065.179488][ T5204] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1065.188921][ T5204] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1065.196787][ T5204] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1065.211330][ T5204] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1065.219506][ T5204] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1065.226934][ T5204] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1065.237837][ T5202] ==================================================================
[ 1065.245943][ T5202] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x41/0x3b0
[ 1065.253686][ T5202] Read of size 4 at addr ffff88802296a4a4 by task syz-executor.0/5202
[ 1065.261844][ T5202] 
[ 1065.264192][ T5202] CPU: 0 PID: 5202 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00242-g36534d3c5453 #0
[ 1065.274598][ T5202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1065.284663][ T5202] Call Trace:
[ 1065.287951][ T5202]  <TASK>
[ 1065.290887][ T5202]  dump_stack_lvl+0x241/0x360
[ 1065.295580][ T5202]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1065.300812][ T5202]  ? __pfx__printk+0x10/0x10
[ 1065.305419][ T5202]  ? _printk+0xd5/0x120
[ 1065.309592][ T5202]  ? __virt_addr_valid+0x183/0x520
[ 1065.314716][ T5202]  ? __virt_addr_valid+0x183/0x520
[ 1065.319846][ T5202]  print_report+0x169/0x550
[ 1065.324364][ T5202]  ? __virt_addr_valid+0x183/0x520
[ 1065.329496][ T5202]  ? __virt_addr_valid+0x183/0x520
[ 1065.334619][ T5202]  ? __virt_addr_valid+0x44e/0x520
[ 1065.339747][ T5202]  ? __phys_addr+0xba/0x170
[ 1065.344279][ T5202]  ? kfree_skb_reason+0x41/0x3b0
[ 1065.349228][ T5202]  kasan_report+0x143/0x180
[ 1065.353754][ T5202]  ? kfree_skb_reason+0x41/0x3b0
[ 1065.358706][ T5202]  kasan_check_range+0x282/0x290
[ 1065.363769][ T5202]  kfree_skb_reason+0x41/0x3b0
[ 1065.368547][ T5202]  __hci_req_sync+0x62f/0x950
[ 1065.373241][ T5202]  ? __pfx___hci_req_sync+0x10/0x10
[ 1065.378471][ T5202]  ? __pfx___mutex_lock+0x10/0x10
[ 1065.383515][ T5202]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1065.389701][ T5202]  ? __pfx_hci_scan_req+0x10/0x10
[ 1065.394767][ T5202]  hci_req_sync+0xa9/0xd0
[ 1065.399199][ T5202]  hci_dev_cmd+0x4c5/0xa50
[ 1065.403628][ T5202]  ? security_capable+0x90/0xb0
[ 1065.408598][ T5202]  ? __pfx_hci_dev_cmd+0x10/0x10
[ 1065.413549][ T5202]  ? hci_sock_ioctl+0x6c4/0xa40
[ 1065.418419][ T5202]  sock_do_ioctl+0x158/0x460
[ 1065.423024][ T5202]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1065.428156][ T5202]  sock_ioctl+0x629/0x8e0
[ 1065.432699][ T5202]  ? __pfx_sock_ioctl+0x10/0x10
[ 1065.437580][ T5202]  ? __fget_files+0x29/0x470
[ 1065.442290][ T5202]  ? __fget_files+0x3f6/0x470
[ 1065.446980][ T5202]  ? __fget_files+0x29/0x470
[ 1065.451587][ T5202]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1065.456547][ T5202]  ? security_file_ioctl+0x87/0xb0
[ 1065.461669][ T5202]  ? __pfx_sock_ioctl+0x10/0x10
[ 1065.466535][ T5202]  __se_sys_ioctl+0xfc/0x170
[ 1065.471137][ T5202]  do_syscall_64+0xf3/0x230
[ 1065.475654][ T5202]  ? clear_bhb_loop+0x35/0x90
[ 1065.480347][ T5202]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1065.486287][ T5202] RIP: 0033:0x7fd17987ce0b
[ 1065.490720][ T5202] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 1065.510342][ T5202] RSP: 002b:00007ffec0f4f6e0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1065.518776][ T5202] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd17987ce0b
[ 1065.526760][ T5202] RDX: 00007ffec0f4f758 RSI: 00000000400448dd RDI: 0000000000000003
[ 1065.534757][ T5202] RBP: 000055557dd9f430 R08: 0000000000000000 R09: 0000000000000000
[ 1065.542739][ T5202] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 1065.550725][ T5202] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
[ 1065.558714][ T5202]  </TASK>
[ 1065.561755][ T5202] 
[ 1065.564079][ T5202] Allocated by task 4488:
[ 1065.568406][ T5202]  kasan_save_track+0x3f/0x80
[ 1065.573100][ T5202]  __kasan_slab_alloc+0x66/0x80
[ 1065.577961][ T5202]  kmem_cache_alloc_noprof+0x135/0x2a0
[ 1065.583533][ T5202]  skb_clone+0x20c/0x390
[ 1065.587816][ T5202]  hci_cmd_work+0x29e/0x670
[ 1065.592595][ T5202]  process_scheduled_works+0xa2c/0x1830
[ 1065.598153][ T5202]  worker_thread+0x86d/0xd70
[ 1065.602753][ T5202]  kthread+0x2f0/0x390
[ 1065.606831][ T5202]  ret_from_fork+0x4b/0x80
[ 1065.611260][ T5202]  ret_from_fork_asm+0x1a/0x30
[ 1065.616050][ T5202] 
[ 1065.618376][ T5202] Freed by task 4488:
[ 1065.622388][ T5202]  kasan_save_track+0x3f/0x80
[ 1065.627162][ T5202]  kasan_save_free_info+0x40/0x50
[ 1065.632193][ T5202]  poison_slab_object+0xe0/0x150
[ 1065.637139][ T5202]  __kasan_slab_free+0x37/0x60
[ 1065.641911][ T5202]  kmem_cache_free+0x145/0x350
[ 1065.646686][ T5202]  hci_req_sync_complete+0xe7/0x290
[ 1065.651901][ T5202]  hci_event_packet+0xc71/0x1540
[ 1065.656854][ T5202]  hci_rx_work+0x3e8/0xca0
[ 1065.661284][ T5202]  process_scheduled_works+0xa2c/0x1830
[ 1065.666867][ T5202]  worker_thread+0x86d/0xd70
[ 1065.671473][ T5202]  kthread+0x2f0/0x390
[ 1065.675552][ T5202]  ret_from_fork+0x4b/0x80
[ 1065.679986][ T5202]  ret_from_fork_asm+0x1a/0x30
[ 1065.684768][ T5202] 
[ 1065.687094][ T5202] The buggy address belongs to the object at ffff88802296a3c0
[ 1065.687094][ T5202]  which belongs to the cache skbuff_head_cache of size 240
[ 1065.701684][ T5202] The buggy address is located 228 bytes inside of
[ 1065.701684][ T5202]  freed 240-byte region [ffff88802296a3c0, ffff88802296a4b0)
[ 1065.715583][ T5202] 
[ 1065.717910][ T5202] The buggy address belongs to the physical page:
[ 1065.724331][ T5202] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2296a
[ 1065.733104][ T5202] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1065.740232][ T5202] page_type: 0xffffefff(slab)
[ 1065.744926][ T5202] raw: 00fff00000000000 ffff888018ae0780 dead000000000122 0000000000000000
[ 1065.753522][ T5202] raw: 0000000000000000 00000000800c000c 00000001ffffefff 0000000000000000
[ 1065.762387][ T5202] page dumped because: kasan: bad access detected
[ 1065.768807][ T5202] page_owner tracks the page as allocated
[ 1065.774523][ T5202] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4488, tgid 4488 (kworker/u9:1), ts 1065236565596, free_ts 1065206565932
[ 1065.794090][ T5202]  post_alloc_hook+0x1f3/0x230
[ 1065.798888][ T5202]  get_page_from_freelist+0x2e2d/0x2ee0
[ 1065.804564][ T5202]  __alloc_pages_noprof+0x256/0x6c0
[ 1065.809792][ T5202]  alloc_slab_page+0x5f/0x120
[ 1065.814479][ T5202]  allocate_slab+0x5a/0x2e0
[ 1065.818990][ T5202]  ___slab_alloc+0xcd1/0x14b0
[ 1065.823687][ T5202]  __slab_alloc+0x58/0xa0
[ 1065.828040][ T5202]  kmem_cache_alloc_node_noprof+0x1fe/0x320
[ 1065.833958][ T5202]  __alloc_skb+0x1c3/0x440
[ 1065.838389][ T5202]  mgmt_send_event+0x46/0x1a0
[ 1065.843082][ T5202]  mgmt_index_added+0x1cb/0x260
[ 1065.847941][ T5202]  hci_power_on+0x4a2/0x6b0
[ 1065.852448][ T5202]  process_scheduled_works+0xa2c/0x1830
[ 1065.858082][ T5202]  worker_thread+0x86d/0xd70
[ 1065.862693][ T5202]  kthread+0x2f0/0x390
[ 1065.866786][ T5202]  ret_from_fork+0x4b/0x80
[ 1065.871230][ T5202] page last free pid 5204 tgid 5204 stack trace:
[ 1065.877554][ T5202]  free_unref_page+0xd22/0xea0
[ 1065.882332][ T5202]  __put_partials+0xeb/0x130
[ 1065.886941][ T5202]  put_cpu_partial+0x17c/0x250
[ 1065.891723][ T5202]  __slab_free+0x2ea/0x3d0
[ 1065.896156][ T5202]  qlist_free_all+0x9e/0x140
[ 1065.900842][ T5202]  kasan_quarantine_reduce+0x14f/0x170
[ 1065.906310][ T5202]  __kasan_slab_alloc+0x23/0x80
[ 1065.911166][ T5202]  kmem_cache_alloc_noprof+0x135/0x2a0
[ 1065.916640][ T5202]  skb_clone+0x20c/0x390
[ 1065.920890][ T5202]  hci_cmd_work+0xdc/0x670
[ 1065.925315][ T5202]  process_scheduled_works+0xa2c/0x1830
[ 1065.930953][ T5202]  worker_thread+0x86d/0xd70
[ 1065.935548][ T5202]  kthread+0x2f0/0x390
[ 1065.939630][ T5202]  ret_from_fork+0x4b/0x80
[ 1065.944058][ T5202]  ret_from_fork_asm+0x1a/0x30
[ 1065.948842][ T5202] 
[ 1065.951188][ T5202] Memory state around the buggy address:
[ 1065.956817][ T5202]  ffff88802296a380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 1065.964882][ T5202]  ffff88802296a400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1065.972946][ T5202] >ffff88802296a480: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 1065.981008][ T5202]                                ^
[ 1065.986117][ T5202]  ffff88802296a500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1065.994552][ T5202]  ffff88802296a580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 1066.002638][ T5202] ==================================================================
[ 1066.011151][ T5202] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1066.018385][ T5202] CPU: 1 PID: 5202 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00242-g36534d3c5453 #0
[ 1066.028816][ T5202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1066.038908][ T5202] Call Trace:
[ 1066.042211][ T5202]  <TASK>
[ 1066.045155][ T5202]  dump_stack_lvl+0x241/0x360
[ 1066.049866][ T5202]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1066.055177][ T5202]  ? __pfx__printk+0x10/0x10
[ 1066.059789][ T5202]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1066.065815][ T5202]  ? vscnprintf+0x5d/0x90
[ 1066.070206][ T5202]  panic+0x349/0x860
[ 1066.074157][ T5202]  ? check_panic_on_warn+0x21/0xb0
[ 1066.079305][ T5202]  ? __pfx_panic+0x10/0x10
[ 1066.083755][ T5202]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 1066.089764][ T5202]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1066.096130][ T5202]  check_panic_on_warn+0x86/0xb0
[ 1066.101094][ T5202]  ? kfree_skb_reason+0x41/0x3b0
[ 1066.106048][ T5202]  end_report+0x77/0x160
[ 1066.110316][ T5202]  kasan_report+0x154/0x180
[ 1066.114860][ T5202]  ? kfree_skb_reason+0x41/0x3b0
[ 1066.119808][ T5202]  kasan_check_range+0x282/0x290
[ 1066.124947][ T5202]  kfree_skb_reason+0x41/0x3b0
[ 1066.129721][ T5202]  __hci_req_sync+0x62f/0x950
[ 1066.134421][ T5202]  ? __pfx___hci_req_sync+0x10/0x10
[ 1066.139638][ T5202]  ? __pfx___mutex_lock+0x10/0x10
[ 1066.144679][ T5202]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1066.150797][ T5202]  ? __pfx_hci_scan_req+0x10/0x10
[ 1066.155838][ T5202]  hci_req_sync+0xa9/0xd0
[ 1066.160184][ T5202]  hci_dev_cmd+0x4c5/0xa50
[ 1066.164637][ T5202]  ? security_capable+0x90/0xb0
[ 1066.169505][ T5202]  ? __pfx_hci_dev_cmd+0x10/0x10
[ 1066.174460][ T5202]  ? hci_sock_ioctl+0x6c4/0xa40
[ 1066.179332][ T5202]  sock_do_ioctl+0x158/0x460
[ 1066.183940][ T5202]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1066.189076][ T5202]  sock_ioctl+0x629/0x8e0
[ 1066.193419][ T5202]  ? __pfx_sock_ioctl+0x10/0x10
[ 1066.198288][ T5202]  ? __fget_files+0x29/0x470
[ 1066.202933][ T5202]  ? __fget_files+0x3f6/0x470
[ 1066.207627][ T5202]  ? __fget_files+0x29/0x470
[ 1066.212255][ T5202]  ? bpf_lsm_file_ioctl+0x9/0x10
[ 1066.217206][ T5202]  ? security_file_ioctl+0x87/0xb0
[ 1066.222324][ T5202]  ? __pfx_sock_ioctl+0x10/0x10
[ 1066.227188][ T5202]  __se_sys_ioctl+0xfc/0x170
[ 1066.231799][ T5202]  do_syscall_64+0xf3/0x230
[ 1066.236320][ T5202]  ? clear_bhb_loop+0x35/0x90
[ 1066.241013][ T5202]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1066.246919][ T5202] RIP: 0033:0x7fd17987ce0b
[ 1066.251347][ T5202] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 1066.270976][ T5202] RSP: 002b:00007ffec0f4f6e0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1066.279449][ T5202] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fd17987ce0b
[ 1066.287458][ T5202] RDX: 00007ffec0f4f758 RSI: 00000000400448dd RDI: 0000000000000003
[ 1066.295455][ T5202] RBP: 000055557dd9f430 R08: 0000000000000000 R09: 0000000000000000
[ 1066.303442][ T5202] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 1066.311428][ T5202] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
[ 1066.319457][ T5202]  </TASK>
[ 1066.322746][ T5202] Kernel Offset: disabled
[ 1066.327082][ T5202] Rebooting in 86400 seconds..