Warning: Permanently added '10.128.1.103' (ED25519) to the list of known hosts.
2024/04/28 04:25:13 ignoring optional flag "sandboxArg"="0"
2024/04/28 04:25:14 parsed 1 programs
[ 69.900392][ T5083] cgroup: Unknown subsys name 'net'
[ 70.069760][ T5083] cgroup: Unknown subsys name 'rlimit'
[ 71.722897][ T1246] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.729614][ T1246] ieee802154 phy1 wpan1: encryption failed: -22
2024/04/28 04:25:16 executed programs: 0
[ 71.821328][ T5083] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 72.005853][ T5103] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 72.013877][ T5103] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 72.023102][ T5105] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 72.039191][ T5106] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 72.046945][ T5106] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 72.065865][ T5109] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 72.074539][ T5115] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 72.081801][ T5109] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 72.083308][ T5115] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 72.090325][ T5109] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 72.096261][ T5115] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 72.104096][ T5109] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 72.110768][ T5115] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 72.119009][ T5109] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 72.124529][ T5115] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 72.131068][ T5109] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 72.145297][ T5115] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 72.146357][ T5109] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 72.154086][ T5114] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 72.161406][ T5109] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 72.167647][ T5114] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 72.174296][ T5109] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 72.182193][ T5115] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 72.193372][ T5109] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 72.198053][ T5115] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 72.202596][ T5109] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 72.208851][ T5103] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 72.226577][ T5103] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 72.254024][ T5105] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 72.267637][ T5103] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 72.279809][ T5101] ==================================================================
[ 72.287919][ T5101] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x41/0x3b0
[ 72.295689][ T5101] Read of size 4 at addr ffff8880290305e4 by task syz-executor.4/5101
[ 72.303869][ T5101]
[ 72.306224][ T5101] CPU: 0 PID: 5101 Comm: syz-executor.4 Not tainted 6.9.0-rc5-syzkaller-00171-gb2ff42c6d3ab #0
[ 72.316587][ T5101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 72.326754][ T5101] Call Trace:
[ 72.331277][ T5101]
[ 72.334230][ T5101] dump_stack_lvl+0x241/0x360
[ 72.338960][ T5101] ? __pfx_dump_stack_lvl+0x10/0x10
[ 72.344196][ T5101] ? __pfx__printk+0x10/0x10
[ 72.348821][ T5101] ? _printk+0xd5/0x120
[ 72.353026][ T5101] ? __virt_addr_valid+0x183/0x520
[ 72.358174][ T5101] ? __virt_addr_valid+0x183/0x520
[ 72.363323][ T5101] print_report+0x169/0x550
[ 72.367839][ T5101] ? __virt_addr_valid+0x183/0x520
[ 72.372962][ T5101] ? __virt_addr_valid+0x183/0x520
[ 72.378087][ T5101] ? __virt_addr_valid+0x44e/0x520
[ 72.383208][ T5101] ? __phys_addr+0xba/0x170
[ 72.387822][ T5101] ? kfree_skb_reason+0x41/0x3b0
[ 72.392769][ T5101] kasan_report+0x143/0x180
[ 72.397315][ T5101] ? kfree_skb_reason+0x41/0x3b0
[ 72.402263][ T5101] kasan_check_range+0x282/0x290
[ 72.407205][ T5101] kfree_skb_reason+0x41/0x3b0
[ 72.411976][ T5101] __hci_req_sync+0x62f/0x950
[ 72.416654][ T5101] ? __pfx___hci_req_sync+0x10/0x10
[ 72.421867][ T5101] ? __pfx___mutex_lock+0x10/0x10
[ 72.426895][ T5101] ? __pfx_autoremove_wake_function+0x10/0x10
[ 72.432966][ T5101] ? __pfx_hci_scan_req+0x10/0x10
[ 72.438009][ T5101] hci_req_sync+0xa9/0xd0
[ 72.442344][ T5101] hci_dev_cmd+0x518/0xa90
[ 72.446769][ T5101] ? security_capable+0x90/0xb0
[ 72.451624][ T5101] ? __pfx_hci_dev_cmd+0x10/0x10
[ 72.456568][ T5101] ? hci_sock_ioctl+0x6c2/0xaa0
[ 72.461424][ T5101] sock_do_ioctl+0x158/0x460
[ 72.466024][ T5101] ? __pfx_sock_do_ioctl+0x10/0x10
[ 72.471148][ T5101] ? __pfx_lock_acquire+0x10/0x10
[ 72.476179][ T5101] sock_ioctl+0x629/0x8e0
[ 72.480517][ T5101] ? __pfx_sock_ioctl+0x10/0x10
[ 72.485377][ T5101] ? __fget_files+0x28/0x470
[ 72.489971][ T5101] ? bpf_lsm_file_ioctl+0x9/0x10
[ 72.494915][ T5101] ? security_file_ioctl+0x87/0xb0
[ 72.500037][ T5101] ? __pfx_sock_ioctl+0x10/0x10
[ 72.504898][ T5101] __se_sys_ioctl+0xfc/0x170
[ 72.509501][ T5101] do_syscall_64+0xf5/0x240
[ 72.514021][ T5101] ? clear_bhb_loop+0x35/0x90
[ 72.518704][ T5101] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.524599][ T5101] RIP: 0033:0x7fbb4f87dc0b
[ 72.529015][ T5101] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 72.548620][ T5101] RSP: 002b:00007fff2985f090 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 72.557060][ T5101] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbb4f87dc0b
[ 72.565039][ T5101] RDX: 00007fff2985f108 RSI: 00000000400448dd RDI: 0000000000000003
[ 72.573013][ T5101] RBP: 0000555589e90430 R08: 0000000000000000 R09: 0000000000000000
[ 72.580988][ T5101] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000003
[ 72.588958][ T5101] R13: 0000000000000003 R14: 0000000000000001 R15: 00000000fffffff1
[ 72.596935][ T5101]
[ 72.599953][ T5101]
[ 72.602285][ T5101] Allocated by task 5106:
[ 72.606621][ T5101] kasan_save_track+0x3f/0x80
[ 72.611314][ T5101] __kasan_slab_alloc+0x66/0x80
[ 72.616177][ T5101] kmem_cache_alloc+0x174/0x340
[ 72.621027][ T5101] skb_clone+0x20c/0x390
[ 72.625270][ T5101] hci_cmd_work+0x29e/0x670
[ 72.629785][ T5101] process_scheduled_works+0xa10/0x17c0
[ 72.635328][ T5101] worker_thread+0x86d/0xd70
[ 72.639920][ T5101] kthread+0x2f0/0x390
[ 72.643994][ T5101] ret_from_fork+0x4b/0x80
[ 72.648421][ T5101] ret_from_fork_asm+0x1a/0x30
[ 72.653194][ T5101]
[ 72.655514][ T5101] Freed by task 5103:
[ 72.659488][ T5101] kasan_save_track+0x3f/0x80
[ 72.664174][ T5101] kasan_save_free_info+0x40/0x50
[ 72.669208][ T5101] poison_slab_object+0xa6/0xe0
[ 72.674065][ T5101] __kasan_slab_free+0x37/0x60
[ 72.678834][ T5101] kmem_cache_free+0x10b/0x2c0
[ 72.683599][ T5101] hci_req_sync_complete+0xe7/0x290
[ 72.688805][ T5101] hci_event_packet+0xc71/0x1540
[ 72.693749][ T5101] hci_rx_work+0x3e8/0xca0
[ 72.698172][ T5101] process_scheduled_works+0xa10/0x17c0
[ 72.703717][ T5101] worker_thread+0x86d/0xd70
[ 72.708322][ T5101] kthread+0x2f0/0x390
[ 72.712398][ T5101] ret_from_fork+0x4b/0x80
[ 72.716830][ T5101] ret_from_fork_asm+0x1a/0x30
[ 72.721603][ T5101]
[ 72.723923][ T5101] The buggy address belongs to the object at ffff888029030500
[ 72.723923][ T5101] which belongs to the cache skbuff_head_cache of size 240
[ 72.738510][ T5101] The buggy address is located 228 bytes inside of
[ 72.738510][ T5101] freed 240-byte region [ffff888029030500, ffff8880290305f0)
[ 72.752304][ T5101]
[ 72.754631][ T5101] The buggy address belongs to the physical page:
[ 72.761040][ T5101] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29030
[ 72.769801][ T5101] anon flags: 0xfff80000000800(slab|node=0|zone=1|lastcpupid=0xfff)
[ 72.777780][ T5101] page_type: 0xffffffff()
[ 72.782111][ T5101] raw: 00fff80000000800 ffff888018ad1780 0000000000000000 dead000000000001
[ 72.790698][ T5101] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 72.799273][ T5101] page dumped because: kasan: bad access detected
[ 72.805688][ T5101] page_owner tracks the page as allocated
[ 72.811398][ T5101] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1347565261 (swapper/0), ts 1, free_ts 18508399136
[ 72.828937][ T5101] post_alloc_hook+0x1ea/0x210
[ 72.833699][ T5101] get_page_from_freelist+0x3410/0x35b0
[ 72.839247][ T5101] __alloc_pages+0x256/0x6c0
[ 72.843850][ T5101] alloc_slab_page+0x5f/0x160
[ 72.848543][ T5101] new_slab+0x84/0x2f0
[ 72.852615][ T5101] ___slab_alloc+0xc73/0x1260
[ 72.857304][ T5101] kmem_cache_alloc_node+0x24a/0x380
[ 72.862595][ T5101] __alloc_skb+0x1c3/0x440
[ 72.867013][ T5101] alloc_uevent_skb+0x74/0x230
[ 72.871781][ T5101] kobject_uevent_net_broadcast+0x182/0x580
[ 72.877677][ T5101] kobject_uevent_env+0x57d/0x8e0
[ 72.882703][ T5101] device_add+0x648/0xca0
[ 72.887041][ T5101] netdev_register_kobject+0x17e/0x320
[ 72.892503][ T5101] register_netdevice+0x1208/0x1a20
[ 72.897700][ T5101] register_netdev+0x3b/0x50
[ 72.902292][ T5101] nr_proto_init+0x179/0x830
[ 72.906901][ T5101] page last free pid 57 tgid 57 stack trace:
[ 72.912872][ T5101] free_unref_page_prepare+0x986/0xab0
[ 72.918347][ T5101] free_unref_page+0x37/0x3f0
[ 72.923027][ T5101] vfree+0x186/0x2e0
[ 72.926922][ T5101] delayed_vfree_work+0x56/0x80
[ 72.931779][ T5101] process_scheduled_works+0xa10/0x17c0
[ 72.937340][ T5101] worker_thread+0x86d/0xd70
[ 72.941932][ T5101] kthread+0x2f0/0x390
[ 72.946023][ T5101] ret_from_fork+0x4b/0x80
[ 72.950452][ T5101] ret_from_fork_asm+0x1a/0x30
[ 72.955228][ T5101]
[ 72.957550][ T5101] Memory state around the buggy address:
[ 72.963205][ T5101] ffff888029030480: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 72.971282][ T5101] ffff888029030500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 72.979343][ T5101] >ffff888029030580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 72.987413][ T5101] ^
[ 72.994698][ T5101] ffff888029030600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 73.002770][ T5101] ffff888029030680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.010835][ T5101] ==================================================================
[ 73.026495][ T5101] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 73.033727][ T5101] CPU: 1 PID: 5101 Comm: syz-executor.4 Not tainted 6.9.0-rc5-syzkaller-00171-gb2ff42c6d3ab #0
[ 73.044076][ T5101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 73.054173][ T5101] Call Trace:
[ 73.057488][ T5101]
[ 73.060535][ T5101] dump_stack_lvl+0x241/0x360
[ 73.065258][ T5101] ? __pfx_dump_stack_lvl+0x10/0x10
[ 73.070509][ T5101] ? __pfx__printk+0x10/0x10
[ 73.075132][ T5101] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 73.081145][ T5101] ? vscnprintf+0x5d/0x90
[ 73.085506][ T5101] panic+0x349/0x860
[ 73.090924][ T5101] ? check_panic_on_warn+0x21/0xb0
[ 73.096074][ T5101] ? __pfx_panic+0x10/0x10
[ 73.100530][ T5101] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 73.106545][ T5101] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 73.112910][ T5101] check_panic_on_warn+0x86/0xb0
[ 73.117885][ T5101] ? kfree_skb_reason+0x41/0x3b0
[ 73.122860][ T5101] end_report+0x77/0x160
[ 73.127127][ T5101] kasan_report+0x154/0x180
[ 73.131669][ T5101] ? kfree_skb_reason+0x41/0x3b0
[ 73.136645][ T5101] kasan_check_range+0x282/0x290
[ 73.141612][ T5101] kfree_skb_reason+0x41/0x3b0
[ 73.146402][ T5101] __hci_req_sync+0x62f/0x950
[ 73.151143][ T5101] ? __pfx___hci_req_sync+0x10/0x10
[ 73.156377][ T5101] ? __pfx___mutex_lock+0x10/0x10
[ 73.161435][ T5101] ? __pfx_autoremove_wake_function+0x10/0x10
[ 73.167553][ T5101] ? __pfx_hci_scan_req+0x10/0x10
[ 73.172614][ T5101] hci_req_sync+0xa9/0xd0
[ 73.176976][ T5101] hci_dev_cmd+0x518/0xa90
[ 73.181422][ T5101] ? security_capable+0x90/0xb0
[ 73.186305][ T5101] ? __pfx_hci_dev_cmd+0x10/0x10
[ 73.191272][ T5101] ? hci_sock_ioctl+0x6c2/0xaa0
[ 73.196156][ T5101] sock_do_ioctl+0x158/0x460
[ 73.200789][ T5101] ? __pfx_sock_do_ioctl+0x10/0x10
[ 73.206024][ T5101] ? __pfx_lock_acquire+0x10/0x10
[ 73.211085][ T5101] sock_ioctl+0x629/0x8e0
[ 73.215454][ T5101] ? __pfx_sock_ioctl+0x10/0x10
[ 73.220352][ T5101] ? __fget_files+0x28/0x470
[ 73.224972][ T5101] ? bpf_lsm_file_ioctl+0x9/0x10
[ 73.229947][ T5101] ? security_file_ioctl+0x87/0xb0
[ 73.235113][ T5101] ? __pfx_sock_ioctl+0x10/0x10
[ 73.240000][ T5101] __se_sys_ioctl+0xfc/0x170
[ 73.244639][ T5101] do_syscall_64+0xf5/0x240
[ 73.249188][ T5101] ? clear_bhb_loop+0x35/0x90
[ 73.253986][ T5101] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.259917][ T5101] RIP: 0033:0x7fbb4f87dc0b
[ 73.264362][ T5101] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 73.284000][ T5101] RSP: 002b:00007fff2985f090 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 73.292453][ T5101] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbb4f87dc0b
[ 73.300452][ T5101] RDX: 00007fff2985f108 RSI: 00000000400448dd RDI: 0000000000000003
[ 73.308461][ T5101] RBP: 0000555589e90430 R08: 0000000000000000 R09: 0000000000000000
[ 73.316458][ T5101] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000003
[ 73.324455][ T5101] R13: 0000000000000003 R14: 0000000000000001 R15: 00000000fffffff1
[ 73.332479][ T5101]
[ 73.335841][ T5101] Kernel Offset: disabled
[ 73.340168][ T5101] Rebooting in 86400 seconds..