Warning: Permanently added '10.128.0.143' (ED25519) to the list of known hosts.
2024/06/01 21:03:06 ignoring optional flag "sandboxArg"="0"
2024/06/01 21:03:06 parsed 1 programs
[ 70.006941][ T5095] cgroup: Unknown subsys name 'net'
[ 70.280578][ T5095] cgroup: Unknown subsys name 'rlimit'
[ 71.720396][ T5104] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 71.823365][ T1248] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.830013][ T1248] ieee802154 phy1 wpan1: encryption failed: -22
[ 72.515738][ T5143] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 72.524016][ T5143] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 72.532861][ T5143] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 72.542082][ T5143] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 72.550027][ T5143] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 72.559789][ T5143] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 72.570025][ T5141] ==================================================================
[ 72.578172][ T5141] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x41/0x3b0
[ 72.586031][ T5141] Read of size 4 at addr ffff88802ea899a4 by task syz-executor.0/5141
[ 72.594178][ T5141]
[ 72.596506][ T5141] CPU: 0 PID: 5141 Comm: syz-executor.0 Not tainted 6.10.0-rc1-next-20240531-syzkaller #0
[ 72.606390][ T5141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 72.616448][ T5141] Call Trace:
[ 72.619734][ T5141]
[ 72.622664][ T5141] dump_stack_lvl+0x241/0x360
[ 72.627361][ T5141] ? __pfx_dump_stack_lvl+0x10/0x10
[ 72.632569][ T5141] ? __pfx__printk+0x10/0x10
[ 72.637337][ T5141] ? _printk+0xd5/0x120
[ 72.641497][ T5141] ? __virt_addr_valid+0x183/0x520
[ 72.646623][ T5141] ? __virt_addr_valid+0x183/0x520
[ 72.651757][ T5141] print_report+0x169/0x550
[ 72.656273][ T5141] ? __virt_addr_valid+0x183/0x520
[ 72.661395][ T5141] ? __virt_addr_valid+0x183/0x520
[ 72.666514][ T5141] ? __virt_addr_valid+0x44e/0x520
[ 72.671645][ T5141] ? __phys_addr+0xba/0x170
[ 72.676160][ T5141] ? kfree_skb_reason+0x41/0x3b0
[ 72.681112][ T5141] kasan_report+0x143/0x180
[ 72.685646][ T5141] ? kfree_skb_reason+0x41/0x3b0
[ 72.690607][ T5141] kasan_check_range+0x282/0x290
[ 72.695558][ T5141] kfree_skb_reason+0x41/0x3b0
[ 72.700337][ T5141] __hci_req_sync+0x62f/0x950
[ 72.705022][ T5141] ? __pfx___hci_req_sync+0x10/0x10
[ 72.710234][ T5141] ? __pfx___mutex_lock+0x10/0x10
[ 72.715263][ T5141] ? __pfx_autoremove_wake_function+0x10/0x10
[ 72.721335][ T5141] ? __pfx_hci_scan_req+0x10/0x10
[ 72.726359][ T5141] hci_req_sync+0xa9/0xd0
[ 72.730693][ T5141] hci_dev_cmd+0x4c5/0xa50
[ 72.735115][ T5141] ? security_capable+0x90/0xb0
[ 72.739989][ T5141] ? __pfx_hci_dev_cmd+0x10/0x10
[ 72.744945][ T5141] ? hci_sock_ioctl+0x6c4/0xa40
[ 72.749805][ T5141] sock_do_ioctl+0x158/0x460
[ 72.754402][ T5141] ? __pfx_sock_do_ioctl+0x10/0x10
[ 72.759523][ T5141] sock_ioctl+0x629/0x8e0
[ 72.763854][ T5141] ? __pfx_sock_ioctl+0x10/0x10
[ 72.768727][ T5141] ? __fget_files+0x29/0x470
[ 72.773324][ T5141] ? __fget_files+0x3f6/0x470
[ 72.778002][ T5141] ? __fget_files+0x29/0x470
[ 72.782596][ T5141] ? bpf_lsm_file_ioctl+0x9/0x10
[ 72.787542][ T5141] ? security_file_ioctl+0x87/0xb0
[ 72.792669][ T5141] ? __pfx_sock_ioctl+0x10/0x10
[ 72.797709][ T5141] __se_sys_ioctl+0xfc/0x170
[ 72.802308][ T5141] do_syscall_64+0xf3/0x230
[ 72.806816][ T5141] ? clear_bhb_loop+0x35/0x90
[ 72.811504][ T5141] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 72.817410][ T5141] RIP: 0033:0x7fbc1f47cc4b
[ 72.821828][ T5141] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 72.841440][ T5141] RSP: 002b:00007ffed48f7780 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 72.849864][ T5141] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbc1f47cc4b
[ 72.857838][ T5141] RDX: 00007ffed48f77f8 RSI: 00000000400448dd RDI: 0000000000000003
[ 72.865812][ T5141] RBP: 000055558843a430 R08: 0000000000000000 R09: 0000000000000000
[ 72.873785][ T5141] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 72.881754][ T5141] R13: 0000000000000000 R14: 0000000000000001 R15: 00000000fffffff1
[ 72.889736][ T5141]
[ 72.892753][ T5141]
[ 72.895074][ T5141] Allocated by task 4490:
[ 72.899397][ T5141] kasan_save_track+0x3f/0x80
[ 72.904083][ T5141] __kasan_slab_alloc+0x66/0x80
[ 72.908945][ T5141] kmem_cache_alloc_noprof+0x135/0x2a0
[ 72.914429][ T5141] skb_clone+0x20c/0x390
[ 72.918671][ T5141] hci_cmd_work+0x29e/0x670
[ 72.923174][ T5141] process_scheduled_works+0xa2c/0x1830
[ 72.928725][ T5141] worker_thread+0x86d/0xd50
[ 72.933343][ T5141] kthread+0x2f0/0x390
[ 72.937417][ T5141] ret_from_fork+0x4b/0x80
[ 72.941834][ T5141] ret_from_fork_asm+0x1a/0x30
[ 72.946705][ T5141]
[ 72.949028][ T5141] Freed by task 4490:
[ 72.953002][ T5141] kasan_save_track+0x3f/0x80
[ 72.957683][ T5141] kasan_save_free_info+0x40/0x50
[ 72.962734][ T5141] poison_slab_object+0xe0/0x150
[ 72.967679][ T5141] __kasan_slab_free+0x37/0x60
[ 72.972470][ T5141] kmem_cache_free+0x145/0x350
[ 72.977240][ T5141] hci_req_sync_complete+0xe7/0x290
[ 72.982437][ T5141] hci_event_packet+0xc71/0x1540
[ 72.987384][ T5141] hci_rx_work+0x3e8/0xca0
[ 72.991809][ T5141] process_scheduled_works+0xa2c/0x1830
[ 72.997355][ T5141] worker_thread+0x86d/0xd50
[ 73.001947][ T5141] kthread+0x2f0/0x390
[ 73.006020][ T5141] ret_from_fork+0x4b/0x80
[ 73.010444][ T5141] ret_from_fork_asm+0x1a/0x30
[ 73.015220][ T5141]
[ 73.017541][ T5141] The buggy address belongs to the object at ffff88802ea898c0
[ 73.017541][ T5141] which belongs to the cache skbuff_head_cache of size 240
[ 73.032114][ T5141] The buggy address is located 228 bytes inside of
[ 73.032114][ T5141] freed 240-byte region [ffff88802ea898c0, ffff88802ea899b0)
[ 73.045907][ T5141]
[ 73.048226][ T5141] The buggy address belongs to the physical page:
[ 73.054640][ T5141] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ea89
[ 73.063410][ T5141] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 73.070530][ T5141] page_type: 0xfdffffff(slab)
[ 73.075215][ T5141] raw: 00fff00000000000 ffff888018e9f780 dead000000000122 0000000000000000
[ 73.083810][ T5141] raw: 0000000000000000 00000000000c000c 00000001fdffffff 0000000000000000
[ 73.092390][ T5141] page dumped because: kasan: bad access detected
[ 73.098806][ T5141] page_owner tracks the page as allocated
[ 73.104515][ T5141] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5143, tgid 5143 (kworker/u9:2), ts 72567885994, free_ts 72558488098
[ 73.123726][ T5141] post_alloc_hook+0x1f3/0x230
[ 73.128493][ T5141] get_page_from_freelist+0x2cbd/0x2d70
[ 73.134046][ T5141] __alloc_pages_noprof+0x256/0x6c0
[ 73.139245][ T5141] alloc_slab_page+0x5f/0x120
[ 73.143957][ T5141] allocate_slab+0x5a/0x2f0
[ 73.148485][ T5141] ___slab_alloc+0xcd1/0x14b0
[ 73.153186][ T5141] __slab_alloc+0x58/0xa0
[ 73.157530][ T5141] kmem_cache_alloc_noprof+0x1c1/0x2a0
[ 73.163084][ T5141] skb_clone+0x20c/0x390
[ 73.167330][ T5141] hci_event_packet+0x225/0x1540
[ 73.172289][ T5141] hci_rx_work+0x3e8/0xca0
[ 73.176704][ T5141] process_scheduled_works+0xa2c/0x1830
[ 73.182253][ T5141] worker_thread+0x86d/0xd50
[ 73.186843][ T5141] kthread+0x2f0/0x390
[ 73.190916][ T5141] ret_from_fork+0x4b/0x80
[ 73.195351][ T5141] ret_from_fork_asm+0x1a/0x30
[ 73.200127][ T5141] page last free pid 5143 tgid 5143 stack trace:
[ 73.206465][ T5141] free_unref_page+0xd22/0xea0
[ 73.211254][ T5141] __slab_free+0x31b/0x3d0
[ 73.215699][ T5141] qlist_free_all+0x9e/0x140
[ 73.220296][ T5141] kasan_quarantine_reduce+0x14f/0x170
[ 73.225765][ T5141] __kasan_slab_alloc+0x23/0x80
[ 73.230628][ T5141] kmem_cache_alloc_noprof+0x135/0x2a0
[ 73.236095][ T5141] skb_clone+0x20c/0x390
[ 73.240348][ T5141] hci_cmd_work+0xdc/0x670
[ 73.244782][ T5141] process_scheduled_works+0xa2c/0x1830
[ 73.250334][ T5141] worker_thread+0x86d/0xd50
[ 73.254925][ T5141] kthread+0x2f0/0x390
[ 73.258998][ T5141] ret_from_fork+0x4b/0x80
[ 73.263424][ T5141] ret_from_fork_asm+0x1a/0x30
[ 73.268195][ T5141]
[ 73.270519][ T5141] Memory state around the buggy address:
[ 73.276155][ T5141] ffff88802ea89880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 73.284214][ T5141] ffff88802ea89900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.292270][ T5141] >ffff88802ea89980: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 73.300342][ T5141] ^
[ 73.305461][ T5141] ffff88802ea89a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 73.313520][ T5141] ffff88802ea89a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 73.321573][ T5141] ==================================================================
[ 73.330848][ T5141] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 73.338183][ T5141] CPU: 1 PID: 5141 Comm: syz-executor.0 Not tainted 6.10.0-rc1-next-20240531-syzkaller #0
[ 73.348205][ T5141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 73.358272][ T5141] Call Trace:
[ 73.361560][ T5141]
[ 73.364493][ T5141] dump_stack_lvl+0x241/0x360
[ 73.369186][ T5141] ? __pfx_dump_stack_lvl+0x10/0x10
[ 73.374397][ T5141] ? __pfx__printk+0x10/0x10
[ 73.378991][ T5141] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 73.384982][ T5141] ? vscnprintf+0x5d/0x90
[ 73.389330][ T5141] panic+0x349/0x870
[ 73.393235][ T5141] ? check_panic_on_warn+0x21/0xb0
[ 73.398372][ T5141] ? __pfx_panic+0x10/0x10
[ 73.402858][ T5141] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 73.408857][ T5141] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 73.415205][ T5141] check_panic_on_warn+0x86/0xb0
[ 73.420162][ T5141] ? kfree_skb_reason+0x41/0x3b0
[ 73.425111][ T5141] end_report+0x77/0x160
[ 73.429388][ T5141] kasan_report+0x154/0x180
[ 73.433901][ T5141] ? kfree_skb_reason+0x41/0x3b0
[ 73.438852][ T5141] kasan_check_range+0x282/0x290
[ 73.443794][ T5141] kfree_skb_reason+0x41/0x3b0
[ 73.448570][ T5141] __hci_req_sync+0x62f/0x950
[ 73.453260][ T5141] ? __pfx___hci_req_sync+0x10/0x10
[ 73.458463][ T5141] ? __pfx___mutex_lock+0x10/0x10
[ 73.463491][ T5141] ? __pfx_autoremove_wake_function+0x10/0x10
[ 73.469673][ T5141] ? __pfx_hci_scan_req+0x10/0x10
[ 73.474705][ T5141] hci_req_sync+0xa9/0xd0
[ 73.479047][ T5141] hci_dev_cmd+0x4c5/0xa50
[ 73.483472][ T5141] ? security_capable+0x90/0xb0
[ 73.488326][ T5141] ? __pfx_hci_dev_cmd+0x10/0x10
[ 73.493279][ T5141] ? hci_sock_ioctl+0x6c4/0xa40
[ 73.498157][ T5141] sock_do_ioctl+0x158/0x460
[ 73.502771][ T5141] ? __pfx_sock_do_ioctl+0x10/0x10
[ 73.507909][ T5141] sock_ioctl+0x629/0x8e0
[ 73.512256][ T5141] ? __pfx_sock_ioctl+0x10/0x10
[ 73.517136][ T5141] ? __fget_files+0x29/0x470
[ 73.521752][ T5141] ? __fget_files+0x3f6/0x470
[ 73.526433][ T5141] ? __fget_files+0x29/0x470
[ 73.531032][ T5141] ? bpf_lsm_file_ioctl+0x9/0x10
[ 73.535984][ T5141] ? security_file_ioctl+0x87/0xb0
[ 73.541109][ T5141] ? __pfx_sock_ioctl+0x10/0x10
[ 73.545970][ T5141] __se_sys_ioctl+0xfc/0x170
[ 73.550577][ T5141] do_syscall_64+0xf3/0x230
[ 73.555089][ T5141] ? clear_bhb_loop+0x35/0x90
[ 73.559777][ T5141] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.565690][ T5141] RIP: 0033:0x7fbc1f47cc4b
[ 73.570115][ T5141] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 73.589729][ T5141] RSP: 002b:00007ffed48f7780 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 73.598168][ T5141] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbc1f47cc4b
[ 73.606143][ T5141] RDX: 00007ffed48f77f8 RSI: 00000000400448dd RDI: 0000000000000003
[ 73.614118][ T5141] RBP: 000055558843a430 R08: 0000000000000000 R09: 0000000000000000
[ 73.622091][ T5141] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 73.630066][ T5141] R13: 0000000000000000 R14: 0000000000000001 R15: 00000000fffffff1
[ 73.638064][ T5141]
[ 73.641406][ T5141] Kernel Offset: disabled
[ 73.645768][ T5141] Rebooting in 86400 seconds..