Warning: Permanently added '10.128.0.125' (ED25519) to the list of known hosts.
2024/05/15 13:41:35 ignoring optional flag "sandboxArg"="0"
2024/05/15 13:41:36 parsed 1 programs
[  124.780388][ T3570] cgroup: Unknown subsys name 'net'
[  124.877117][ T3570] cgroup: Unknown subsys name 'rlimit'
2024/05/15 13:41:37 executed programs: 0
[  126.169551][ T3570] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[  126.334834][ T3598] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  126.342614][ T3598] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  126.343169][ T3600] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  126.350137][ T3598] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  126.357317][ T3600] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  126.365911][ T3601] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  126.371609][ T3600] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  126.378618][ T3601] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  126.385830][ T3600] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  126.392870][ T3601] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  126.399201][ T3600] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  126.406627][ T3602] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  126.413400][ T3600] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  126.419596][ T3598] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  126.427699][ T3602] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  126.434581][ T3598] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  126.449039][ T3600] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  126.449080][ T3598] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  126.456190][ T3600] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  126.470352][ T3601] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  126.471094][ T3600] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  126.478121][ T3598] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  126.484644][ T3600] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  126.491572][ T3601] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  126.498767][ T3600] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  126.505122][ T3598] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  126.512427][ T3600] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  126.519509][ T3598] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  126.526725][ T3600] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  126.533450][ T3603] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  126.549279][ T3585] ==================================================================
[  126.557368][ T3585] BUG: KASAN: use-after-free in kfree_skb_reason+0x3d/0x390
[  126.564669][ T3585] Read of size 4 at addr ffff8880201c50e4 by task syz-executor.1/3585
[  126.572824][ T3585] 
[  126.575154][ T3585] CPU: 0 PID: 3585 Comm: syz-executor.1 Not tainted 6.1.90-syzkaller #0
[  126.583486][ T3585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  126.593548][ T3585] Call Trace:
[  126.596835][ T3585]  <TASK>
[  126.599780][ T3585]  dump_stack_lvl+0x1e3/0x2cb
[  126.604489][ T3585]  ? nf_tcp_handle_invalid+0x642/0x642
[  126.609964][ T3585]  ? panic+0x764/0x764
[  126.614051][ T3585]  ? _printk+0xd1/0x111
[  126.618219][ T3585]  ? __virt_addr_valid+0x17f/0x520
[  126.623345][ T3585]  ? __virt_addr_valid+0x17f/0x520
[  126.628473][ T3585]  print_report+0x15f/0x4f0
[  126.632986][ T3585]  ? __virt_addr_valid+0x17f/0x520
[  126.638123][ T3585]  ? __virt_addr_valid+0x17f/0x520
[  126.643250][ T3585]  ? __virt_addr_valid+0x44a/0x520
[  126.648376][ T3585]  ? __phys_addr+0xb6/0x170
[  126.652893][ T3585]  ? kfree_skb_reason+0x3d/0x390
[  126.657848][ T3585]  kasan_report+0x136/0x160
[  126.662362][ T3585]  ? kfree_skb_reason+0x3d/0x390
[  126.667320][ T3585]  kasan_check_range+0x27f/0x290
[  126.672277][ T3585]  kfree_skb_reason+0x3d/0x390
[  126.677061][ T3585]  __hci_req_sync+0x626/0x940
[  126.681750][ T3585]  ? trace_contention_end+0x61/0x170
[  126.687057][ T3585]  ? hci_req_sync_complete+0x280/0x280
[  126.692530][ T3585]  ? mutex_lock_nested+0x10/0x10
[  126.697479][ T3585]  ? hci_encrypt_req+0x170/0x170
[  126.702431][ T3585]  hci_req_sync+0xa5/0xc0
[  126.706777][ T3585]  hci_dev_cmd+0x2fc/0xa30
[  126.711207][ T3585]  ? security_capable+0x86/0xb0
[  126.716075][ T3585]  ? hci_dev_reset_stat+0x1a0/0x1a0
[  126.721289][ T3585]  ? hci_sock_ioctl+0x426/0x850
[  126.726156][ T3585]  sock_do_ioctl+0x152/0x450
[  126.730762][ T3585]  ? sock_show_fdinfo+0xb0/0xb0
[  126.735636][ T3585]  ? __fget_files+0x28/0x4a0
[  126.740244][ T3585]  sock_ioctl+0x47f/0x770
[  126.744585][ T3585]  ? sock_poll+0x410/0x410
[  126.749011][ T3585]  ? __fget_files+0x28/0x4a0
[  126.753610][ T3585]  ? __fget_files+0x435/0x4a0
[  126.758298][ T3585]  ? __fget_files+0x28/0x4a0
[  126.762903][ T3585]  ? bpf_lsm_file_ioctl+0x5/0x10
[  126.767851][ T3585]  ? security_file_ioctl+0x7d/0xa0
[  126.772960][ T3585]  ? sock_poll+0x410/0x410
[  126.777379][ T3585]  __se_sys_ioctl+0xf1/0x160
[  126.781964][ T3585]  do_syscall_64+0x3b/0xb0
[  126.786374][ T3585]  ? clear_bhb_loop+0x45/0xa0
[  126.791215][ T3585]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  126.797105][ T3585] RIP: 0033:0x7f276547dacb
[  126.801507][ T3585] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  126.821099][ T3585] RSP: 002b:00007ffe2a470000 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  126.829502][ T3585] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f276547dacb
[  126.837465][ T3585] RDX: 00007ffe2a470078 RSI: 00000000400448dd RDI: 0000000000000003
[  126.845425][ T3585] RBP: 000055555691c430 R08: 0000000000000000 R09: 0000000000000000
[  126.853385][ T3585] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[  126.861343][ T3585] R13: 0000000000000001 R14: 0000000000000001 R15: 00000000fffffff1
[  126.869306][ T3585]  </TASK>
[  126.872315][ T3585] 
[  126.874622][ T3585] Allocated by task 3596:
[  126.878930][ T3585]  kasan_set_track+0x4b/0x70
[  126.883515][ T3585]  __kasan_slab_alloc+0x65/0x70
[  126.888351][ T3585]  slab_post_alloc_hook+0x52/0x3a0
[  126.893451][ T3585]  kmem_cache_alloc+0x10c/0x2d0
[  126.898290][ T3585]  skb_clone+0x1e5/0x360
[  126.902519][ T3585]  hci_cmd_work+0x296/0x660
[  126.907018][ T3585]  process_one_work+0x8a9/0x11d0
[  126.911942][ T3585]  worker_thread+0xa47/0x1200
[  126.916605][ T3585]  kthread+0x28d/0x320
[  126.920659][ T3585]  ret_from_fork+0x1f/0x30
[  126.925064][ T3585] 
[  126.927371][ T3585] Freed by task 3596:
[  126.931330][ T3585]  kasan_set_track+0x4b/0x70
[  126.935910][ T3585]  kasan_save_free_info+0x27/0x40
[  126.940920][ T3585]  ____kasan_slab_free+0xd6/0x120
[  126.945935][ T3585]  kmem_cache_free+0x292/0x510
[  126.950685][ T3585]  hci_req_sync_complete+0xee/0x280
[  126.955871][ T3585]  hci_event_packet+0xc49/0x1510
[  126.960795][ T3585]  hci_rx_work+0x3cd/0xce0
[  126.965202][ T3585]  process_one_work+0x8a9/0x11d0
[  126.970128][ T3585]  worker_thread+0xa47/0x1200
[  126.974794][ T3585]  kthread+0x28d/0x320
[  126.978845][ T3585]  ret_from_fork+0x1f/0x30
[  126.983252][ T3585] 
[  126.985562][ T3585] The buggy address belongs to the object at ffff8880201c5000
[  126.985562][ T3585]  which belongs to the cache skbuff_head_cache of size 240
[  127.000121][ T3585] The buggy address is located 228 bytes inside of
[  127.000121][ T3585]  240-byte region [ffff8880201c5000, ffff8880201c50f0)
[  127.013380][ T3585] 
[  127.015689][ T3585] The buggy address belongs to the physical page:
[  127.022083][ T3585] page:ffffea0000807140 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x201c5
[  127.032225][ T3585] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff)
[  127.039763][ T3585] raw: 00fff00000000200 0000000000000000 dead000000000122 ffff88814225a500
[  127.048331][ T3585] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[  127.056896][ T3585] page dumped because: kasan: bad access detected
[  127.063288][ T3585] page_owner tracks the page as allocated
[  127.068983][ T3585] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 3596, tgid 3596 (kworker/u5:3), ts 126547478961, free_ts 44142080607
[  127.087371][ T3585]  post_alloc_hook+0x18d/0x1b0
[  127.092127][ T3585]  get_page_from_freelist+0x31a1/0x3320
[  127.097657][ T3585]  __alloc_pages+0x28d/0x770
[  127.102236][ T3585]  alloc_slab_page+0x6a/0x150
[  127.106909][ T3585]  new_slab+0x84/0x2d0
[  127.110968][ T3585]  ___slab_alloc+0xc20/0x1270
[  127.115633][ T3585]  kmem_cache_alloc+0x1a5/0x2d0
[  127.120471][ T3585]  skb_clone+0x1e5/0x360
[  127.124696][ T3585]  hci_cmd_work+0x296/0x660
[  127.129190][ T3585]  process_one_work+0x8a9/0x11d0
[  127.134119][ T3585]  worker_thread+0xa47/0x1200
[  127.138782][ T3585]  kthread+0x28d/0x320
[  127.142833][ T3585]  ret_from_fork+0x1f/0x30
[  127.147238][ T3585] page last free stack trace:
[  127.151894][ T3585]  free_unref_page_prepare+0xf63/0x1120
[  127.157423][ T3585]  free_unref_page+0x33/0x3e0
[  127.162084][ T3585]  pipe_read+0x6e1/0x12a0
[  127.166399][ T3585]  vfs_read+0x7de/0xbe0
[  127.170539][ T3585]  ksys_read+0x19c/0x2c0
[  127.174771][ T3585]  do_syscall_64+0x3b/0xb0
[  127.179177][ T3585]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  127.185065][ T3585] 
[  127.187373][ T3585] Memory state around the buggy address:
[  127.192990][ T3585]  ffff8880201c4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  127.201036][ T3585]  ffff8880201c5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  127.209082][ T3585] >ffff8880201c5080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  127.217124][ T3585]                                                        ^
[  127.224298][ T3585]  ffff8880201c5100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  127.232342][ T3585]  ffff8880201c5180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  127.240384][ T3585] ==================================================================
[  127.250258][ T3585] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  127.257464][ T3585] CPU: 1 PID: 3585 Comm: syz-executor.1 Not tainted 6.1.90-syzkaller #0
[  127.265792][ T3585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  127.275834][ T3585] Call Trace:
[  127.279102][ T3585]  <TASK>
[  127.282022][ T3585]  dump_stack_lvl+0x1e3/0x2cb
[  127.286699][ T3585]  ? nf_tcp_handle_invalid+0x642/0x642
[  127.292150][ T3585]  ? panic+0x764/0x764
[  127.296208][ T3585]  ? preempt_schedule_common+0xa6/0xd0
[  127.301660][ T3585]  ? vscnprintf+0x59/0x80
[  127.305988][ T3585]  panic+0x318/0x764
[  127.309869][ T3585]  ? check_panic_on_warn+0x1d/0xa0
[  127.314979][ T3585]  ? memcpy_page_flushcache+0xfc/0xfc
[  127.320340][ T3585]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[  127.326309][ T3585]  ? _raw_spin_unlock+0x40/0x40
[  127.331148][ T3585]  ? print_report+0x4a3/0x4f0
[  127.335813][ T3585]  check_panic_on_warn+0x7e/0xa0
[  127.340738][ T3585]  ? kfree_skb_reason+0x3d/0x390
[  127.345666][ T3585]  end_report+0x66/0x110
[  127.349899][ T3585]  kasan_report+0x143/0x160
[  127.354390][ T3585]  ? kfree_skb_reason+0x3d/0x390
[  127.359319][ T3585]  kasan_check_range+0x27f/0x290
[  127.364245][ T3585]  kfree_skb_reason+0x3d/0x390
[  127.369002][ T3585]  __hci_req_sync+0x626/0x940
[  127.373666][ T3585]  ? trace_contention_end+0x61/0x170
[  127.378947][ T3585]  ? hci_req_sync_complete+0x280/0x280
[  127.384398][ T3585]  ? mutex_lock_nested+0x10/0x10
[  127.389323][ T3585]  ? hci_encrypt_req+0x170/0x170
[  127.394254][ T3585]  hci_req_sync+0xa5/0xc0
[  127.398570][ T3585]  hci_dev_cmd+0x2fc/0xa30
[  127.402980][ T3585]  ? security_capable+0x86/0xb0
[  127.407821][ T3585]  ? hci_dev_reset_stat+0x1a0/0x1a0
[  127.413013][ T3585]  ? hci_sock_ioctl+0x426/0x850
[  127.417851][ T3585]  sock_do_ioctl+0x152/0x450
[  127.422431][ T3585]  ? sock_show_fdinfo+0xb0/0xb0
[  127.427270][ T3585]  ? __fget_files+0x28/0x4a0
[  127.431848][ T3585]  sock_ioctl+0x47f/0x770
[  127.436166][ T3585]  ? sock_poll+0x410/0x410
[  127.440568][ T3585]  ? __fget_files+0x28/0x4a0
[  127.445144][ T3585]  ? __fget_files+0x435/0x4a0
[  127.449807][ T3585]  ? __fget_files+0x28/0x4a0
[  127.454387][ T3585]  ? bpf_lsm_file_ioctl+0x5/0x10
[  127.459316][ T3585]  ? security_file_ioctl+0x7d/0xa0
[  127.464412][ T3585]  ? sock_poll+0x410/0x410
[  127.468814][ T3585]  __se_sys_ioctl+0xf1/0x160
[  127.473398][ T3585]  do_syscall_64+0x3b/0xb0
[  127.477805][ T3585]  ? clear_bhb_loop+0x45/0xa0
[  127.482473][ T3585]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  127.488372][ T3585] RIP: 0033:0x7f276547dacb
[  127.492780][ T3585] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  127.512375][ T3585] RSP: 002b:00007ffe2a470000 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  127.520775][ T3585] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f276547dacb
[  127.528735][ T3585] RDX: 00007ffe2a470078 RSI: 00000000400448dd RDI: 0000000000000003
[  127.536697][ T3585] RBP: 000055555691c430 R08: 0000000000000000 R09: 0000000000000000
[  127.544658][ T3585] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[  127.552616][ T3585] R13: 0000000000000001 R14: 0000000000000001 R15: 00000000fffffff1
[  127.560579][ T3585]  </TASK>
[  127.563831][ T3585] Kernel Offset: disabled
[  127.568140][ T3585] Rebooting in 86400 seconds..