Warning: Permanently added '10.128.1.111' (ED25519) to the list of known hosts.
2024/04/30 23:50:08 fuzzer started
2024/04/30 23:50:09 dialing manager at 10.128.0.163:30011
2024/04/30 23:50:09 checking machine...
2024/04/30 23:50:09 testing simple program...
[   52.849488][ T3547] cgroup: Unknown subsys name 'net'
[   52.948806][ T3547] cgroup: Unknown subsys name 'rlimit'
[   54.160811][ T3547] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   54.277093][ T3555] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   54.284672][ T3555] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   54.292356][ T3555] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   54.300110][ T3555] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   54.307900][ T3555] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   54.315488][ T3555] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   54.413452][ T3552] chnl_net:caif_netlink_parms(): no params data found
[   54.454263][ T3552] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.462440][ T3552] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.470179][ T3552] device bridge_slave_0 entered promiscuous mode
[   54.478859][ T3552] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.486559][ T3552] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.494500][ T3552] device bridge_slave_1 entered promiscuous mode
[   54.514018][ T3552] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.525270][ T3552] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.547404][ T3552] team0: Port device team_slave_0 added
[   54.554921][ T3552] team0: Port device team_slave_1 added
[   54.571788][ T3552] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.578724][ T3552] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.604919][ T3552] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.617840][ T3552] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.624874][ T3552] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.651039][ T3552] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.678686][ T3552] device hsr_slave_0 entered promiscuous mode
[   54.685659][ T3552] device hsr_slave_1 entered promiscuous mode
[   54.762459][ T3552] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   54.772652][ T3552] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   54.781476][ T3552] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   54.789863][ T3552] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   54.810191][ T3552] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.817339][ T3552] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.825055][ T3552] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.832297][ T3552] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.874173][ T3552] 8021q: adding VLAN 0 to HW filter on device bond0
[   54.886211][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   54.896260][ T3561] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.904483][ T3561] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.912916][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   54.925470][ T3552] 8021q: adding VLAN 0 to HW filter on device team0
[   54.936266][   T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   54.945682][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.952793][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.972231][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   54.980494][ T3561] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.987684][ T3561] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.996018][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   55.004601][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   55.018573][ T3552] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   55.029615][ T3552] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   55.043941][ T3562] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   55.051975][ T3562] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   55.060303][ T3562] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   55.068854][ T3562] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   55.171021][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   55.178434][ T2536] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   55.188649][ T3552] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.205348][ T3562] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   55.222569][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   55.230633][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   55.238917][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   55.248168][ T3552] device veth0_vlan entered promiscuous mode
[   55.259246][ T3552] device veth1_vlan entered promiscuous mode
[   55.276796][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   55.284762][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   55.293557][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   55.305173][ T3552] device veth0_macvtap entered promiscuous mode
[   55.314405][ T3552] device veth1_macvtap entered promiscuous mode
[   55.328670][ T3552] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.336935][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   55.347328][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   55.358262][ T3552] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.366235][  T151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   55.376698][ T3552] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.386579][ T3552] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.396295][ T3552] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.405475][ T3552] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.458185][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.477511][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.486476][  T102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.487710][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   55.494405][  T102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.510210][ T3561] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
2024/04/30 23:50:11 building call list...
executing program
[   58.085262][ T3571] can: request_module (can-proto-0) failed.
[   58.113694][ T3571] can: request_module (can-proto-0) failed.
[   58.140317][ T3571] can: request_module (can-proto-0) failed.
[   58.545083][ T3552] syz-executor.0 (3552) used greatest stack depth: 19960 bytes left
[   58.568298][   T46] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
executing program
2024/04/30 23:50:15 code coverage: enabled
2024/04/30 23:50:15 comparison tracing: enabled
2024/04/30 23:50:15 extra coverage: enabled
2024/04/30 23:50:15 delay kcov mmap: enabled
2024/04/30 23:50:15 setuid sandbox: enabled
2024/04/30 23:50:15 namespace sandbox: enabled
2024/04/30 23:50:15 Android sandbox: /sys/fs/selinux/policy does not exist
2024/04/30 23:50:15 fault injection: enabled
2024/04/30 23:50:15 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2024/04/30 23:50:15 net packet injection: enabled
2024/04/30 23:50:15 net device setup: enabled
2024/04/30 23:50:15 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2024/04/30 23:50:15 devlink PCI setup: PCI device 0000:00:10.0 is not available
2024/04/30 23:50:15 NIC VF setup: PCI device 0000:00:11.0 is not available
2024/04/30 23:50:15 USB emulation: enabled
2024/04/30 23:50:15 hci packet injection: enabled
2024/04/30 23:50:15 wifi device emulation: enabled
2024/04/30 23:50:15 802.15.4 emulation: enabled
2024/04/30 23:50:15 swap file: enabled
2024/04/30 23:50:15 starting 5 executor processes
[   60.766055][   T46] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.835255][   T46] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.916429][   T46] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   61.666690][   T46] device hsr_slave_0 left promiscuous mode
[   61.674597][   T46] device hsr_slave_1 left promiscuous mode
[   61.683776][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   61.691444][   T46] batman_adv: batadv0: Removing interface: batadv_slave_0
[   61.704013][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   61.711525][   T46] batman_adv: batadv0: Removing interface: batadv_slave_1
[   61.720669][   T46] device bridge_slave_1 left promiscuous mode
[   61.729073][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.740560][   T46] device bridge_slave_0 left promiscuous mode
[   61.749002][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.765177][   T46] device veth1_macvtap left promiscuous mode
[   61.771586][   T46] device veth0_macvtap left promiscuous mode
[   61.777699][   T46] device veth1_vlan left promiscuous mode
[   61.785127][   T46] device veth0_vlan left promiscuous mode
[   61.990247][   T46] team0 (unregistering): Port device team_slave_1 removed
[   62.004520][   T46] team0 (unregistering): Port device team_slave_0 removed
[   62.017213][   T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   62.033945][   T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   62.080158][   T46] bond0 (unregistering): Released all slaves
[   71.223298][ T1254] ieee802154 phy0 wpan0: encryption failed: -22
[   71.229801][ T1254] ieee802154 phy1 wpan1: encryption failed: -22
[   76.342040][   T14] cfg80211: failed to load regulatory.db
[  132.662288][ T1254] ieee802154 phy0 wpan0: encryption failed: -22
[  132.668627][ T1254] ieee802154 phy1 wpan1: encryption failed: -22
[  155.321955][ T3553] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  155.331993][ T3915] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  155.341077][ T3920] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  155.348477][ T3920] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  155.356225][ T3920] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  155.358129][ T3915] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  155.363565][ T3920] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  155.372999][ T3915] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  155.384576][ T3921] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  155.385489][ T3915] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  155.399232][ T3921] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  155.399611][ T3915] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  155.406699][ T3921] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  155.414434][ T3915] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  155.429080][ T3920] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  155.444744][   T48] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  155.453089][ T3920] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  155.460387][ T3920] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  155.485563][ T3553] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  155.494453][ T3553] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  155.502225][ T3553] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  155.510166][ T3553] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  155.517865][ T3553] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  155.525146][ T3553] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  155.541235][ T3920] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  155.549708][ T3920] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  155.560026][ T3923] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  155.568275][ T3923] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  155.576832][ T3923] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  155.586725][ T3923] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  155.595236][ T3924] ==================================================================
[  155.603313][ T3924] BUG: KASAN: use-after-free in kfree_skb_reason+0x3d/0x390
[  155.610610][ T3924] Read of size 4 at addr ffff88805ad52224 by task syz-executor.1/3924
[  155.618770][ T3924] 
[  155.621096][ T3924] CPU: 0 PID: 3924 Comm: syz-executor.1 Not tainted 6.1.89-syzkaller #0
[  155.629422][ T3924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[  155.639479][ T3924] Call Trace:
[  155.642763][ T3924]  <TASK>
[  155.645771][ T3924]  dump_stack_lvl+0x1e3/0x2cb
[  155.650469][ T3924]  ? nf_tcp_handle_invalid+0x642/0x642
[  155.655940][ T3924]  ? panic+0x764/0x764
[  155.660017][ T3924]  ? _printk+0xd1/0x111
[  155.664184][ T3924]  ? __virt_addr_valid+0x17f/0x520
[  155.669308][ T3924]  ? __virt_addr_valid+0x17f/0x520
[  155.674432][ T3924]  print_report+0x15f/0x4f0
[  155.678949][ T3924]  ? __virt_addr_valid+0x17f/0x520
[  155.684067][ T3924]  ? __virt_addr_valid+0x17f/0x520
[  155.689172][ T3924]  ? __virt_addr_valid+0x44a/0x520
[  155.694269][ T3924]  ? __phys_addr+0xb6/0x170
[  155.698762][ T3924]  ? kfree_skb_reason+0x3d/0x390
[  155.703698][ T3924]  kasan_report+0x136/0x160
[  155.708207][ T3924]  ? kfree_skb_reason+0x3d/0x390
[  155.713146][ T3924]  kasan_check_range+0x27f/0x290
[  155.718086][ T3924]  kfree_skb_reason+0x3d/0x390
[  155.722852][ T3924]  __hci_req_sync+0x626/0x940
[  155.727515][ T3924]  ? trace_contention_end+0x61/0x170
[  155.732792][ T3924]  ? hci_req_sync_complete+0x280/0x280
[  155.738246][ T3924]  ? mutex_lock_nested+0x10/0x10
[  155.743172][ T3924]  ? wake_bit_function+0x210/0x210
[  155.748279][ T3924]  ? hci_encrypt_req+0x170/0x170
[  155.753205][ T3924]  hci_req_sync+0xa5/0xc0
[  155.757531][ T3924]  hci_dev_cmd+0x2fc/0xa30
[  155.761937][ T3924]  ? security_capable+0x86/0xb0
[  155.766775][ T3924]  ? hci_dev_reset_stat+0x1a0/0x1a0
[  155.771960][ T3924]  ? hci_sock_ioctl+0x426/0x850
[  155.776797][ T3924]  sock_do_ioctl+0x152/0x450
[  155.781373][ T3924]  ? sock_show_fdinfo+0xb0/0xb0
[  155.786207][ T3924]  ? __fget_files+0x28/0x4a0
[  155.790787][ T3924]  sock_ioctl+0x47f/0x770
[  155.795100][ T3924]  ? sock_poll+0x410/0x410
[  155.799497][ T3924]  ? __fget_files+0x28/0x4a0
[  155.804070][ T3924]  ? __fget_files+0x435/0x4a0
[  155.808728][ T3924]  ? __fget_files+0x28/0x4a0
[  155.813303][ T3924]  ? bpf_lsm_file_ioctl+0x5/0x10
[  155.818221][ T3924]  ? security_file_ioctl+0x7d/0xa0
[  155.823317][ T3924]  ? sock_poll+0x410/0x410
[  155.827717][ T3924]  __se_sys_ioctl+0xf1/0x160
[  155.832303][ T3924]  do_syscall_64+0x3b/0xb0
[  155.836706][ T3924]  ? clear_bhb_loop+0x45/0xa0
[  155.841372][ T3924]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  155.847253][ T3924] RIP: 0033:0x7ff46ea7dc0b
[  155.851650][ T3924] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  155.871244][ T3924] RSP: 002b:00007ffd40256040 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  155.879641][ T3924] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007ff46ea7dc0b
[  155.887594][ T3924] RDX: 00007ffd402560b8 RSI: 00000000400448dd RDI: 0000000000000003
[  155.895550][ T3924] RBP: 0000555556473430 R08: 0000000000000000 R09: 0000000000000000
[  155.903504][ T3924] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000004
[  155.911459][ T3924] R13: 0000000000000004 R14: 00007ff46ebac9d8 R15: 000000000000000c
[  155.919417][ T3924]  </TASK>
[  155.922420][ T3924] 
[  155.924724][ T3924] Allocated by task 3553:
[  155.929031][ T3924]  kasan_set_track+0x4b/0x70
[  155.933610][ T3924]  __kasan_slab_alloc+0x65/0x70
[  155.938442][ T3924]  slab_post_alloc_hook+0x52/0x3a0
[  155.943537][ T3924]  kmem_cache_alloc+0x10c/0x2d0
[  155.948368][ T3924]  skb_clone+0x1e5/0x360
[  155.952592][ T3924]  hci_cmd_work+0x296/0x660
[  155.957081][ T3924]  process_one_work+0x8a9/0x11d0
[  155.962004][ T3924]  worker_thread+0xa47/0x1200
[  155.966662][ T3924]  kthread+0x28d/0x320
[  155.970712][ T3924]  ret_from_fork+0x1f/0x30
[  155.975115][ T3924] 
[  155.977421][ T3924] Freed by task 3553:
[  155.981380][ T3924]  kasan_set_track+0x4b/0x70
[  155.985955][ T3924]  kasan_save_free_info+0x27/0x40
[  155.990961][ T3924]  ____kasan_slab_free+0xd6/0x120
[  155.995972][ T3924]  kmem_cache_free+0x292/0x510
[  156.000719][ T3924]  hci_req_sync_complete+0xee/0x280
[  156.005903][ T3924]  hci_event_packet+0xc49/0x1510
[  156.010825][ T3924]  hci_rx_work+0x3cd/0xce0
[  156.015231][ T3924]  process_one_work+0x8a9/0x11d0
[  156.020150][ T3924]  worker_thread+0xa47/0x1200
[  156.024811][ T3924]  kthread+0x28d/0x320
[  156.028861][ T3924]  ret_from_fork+0x1f/0x30
[  156.033262][ T3924] 
[  156.035568][ T3924] The buggy address belongs to the object at ffff88805ad52140
[  156.035568][ T3924]  which belongs to the cache skbuff_head_cache of size 240
[  156.050121][ T3924] The buggy address is located 228 bytes inside of
[  156.050121][ T3924]  240-byte region [ffff88805ad52140, ffff88805ad52230)
[  156.063377][ T3924] 
[  156.065684][ T3924] The buggy address belongs to the physical page:
[  156.072074][ T3924] page:ffffea00016b5480 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ad52
[  156.082203][ T3924] flags: 0xfff80000000200(slab|node=0|zone=1|lastcpupid=0xfff)
[  156.089741][ T3924] raw: 00fff80000000200 0000000000000000 dead000000000122 ffff888140a37500
[  156.098303][ T3924] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[  156.106865][ T3924] page dumped because: kasan: bad access detected
[  156.113253][ T3924] page_owner tracks the page as allocated
[  156.118944][ T3924] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 3553, tgid 3553 (kworker/u5:1), ts 155595082668, free_ts 10843256751
[  156.137242][ T3924]  post_alloc_hook+0x18d/0x1b0
[  156.141992][ T3924]  get_page_from_freelist+0x31a1/0x3320
[  156.147519][ T3924]  __alloc_pages+0x28d/0x770
[  156.152092][ T3924]  alloc_slab_page+0x6a/0x150
[  156.156754][ T3924]  new_slab+0x84/0x2d0
[  156.160807][ T3924]  ___slab_alloc+0xc20/0x1270
[  156.165468][ T3924]  kmem_cache_alloc+0x1a5/0x2d0
[  156.170301][ T3924]  skb_clone+0x1e5/0x360
[  156.174524][ T3924]  hci_cmd_work+0xd8/0x660
[  156.178925][ T3924]  process_one_work+0x8a9/0x11d0
[  156.183845][ T3924]  worker_thread+0xa47/0x1200
[  156.188502][ T3924]  kthread+0x28d/0x320
[  156.192551][ T3924]  ret_from_fork+0x1f/0x30
[  156.196949][ T3924] page last free stack trace:
[  156.201601][ T3924]  free_unref_page_prepare+0xf63/0x1120
[  156.207128][ T3924]  free_unref_page+0x33/0x3e0
[  156.211785][ T3924]  free_contig_range+0x9a/0x150
[  156.216618][ T3924]  destroy_args+0xfe/0x997
[  156.221019][ T3924]  debug_vm_pgtable+0x416/0x46b
[  156.225849][ T3924]  do_one_initcall+0x265/0x8f0
[  156.230595][ T3924]  do_initcall_level+0x157/0x207
[  156.235519][ T3924]  do_initcalls+0x49/0x86
[  156.239841][ T3924]  kernel_init_freeable+0x45c/0x60f
[  156.245022][ T3924]  kernel_init+0x19/0x290
[  156.249334][ T3924]  ret_from_fork+0x1f/0x30
[  156.253734][ T3924] 
[  156.256040][ T3924] Memory state around the buggy address:
[  156.261651][ T3924]  ffff88805ad52100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  156.269693][ T3924]  ffff88805ad52180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  156.277734][ T3924] >ffff88805ad52200: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  156.285772][ T3924]                                ^
[  156.290863][ T3924]  ffff88805ad52280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  156.298903][ T3924]  ffff88805ad52300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  156.306940][ T3924] ==================================================================
[  156.317403][ T3924] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  156.324607][ T3924] CPU: 1 PID: 3924 Comm: syz-executor.1 Not tainted 6.1.89-syzkaller #0
[  156.332917][ T3924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[  156.342955][ T3924] Call Trace:
[  156.346215][ T3924]  <TASK>
[  156.349128][ T3924]  dump_stack_lvl+0x1e3/0x2cb
[  156.353797][ T3924]  ? nf_tcp_handle_invalid+0x642/0x642
[  156.359243][ T3924]  ? panic+0x764/0x764
[  156.363302][ T3924]  ? preempt_schedule_common+0xa6/0xd0
[  156.368747][ T3924]  ? vscnprintf+0x59/0x80
[  156.373061][ T3924]  panic+0x318/0x764
[  156.376942][ T3924]  ? check_panic_on_warn+0x1d/0xa0
[  156.382039][ T3924]  ? memcpy_page_flushcache+0xfc/0xfc
[  156.387394][ T3924]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[  156.393358][ T3924]  ? _raw_spin_unlock+0x40/0x40
[  156.398189][ T3924]  ? print_report+0x4a3/0x4f0
[  156.402852][ T3924]  check_panic_on_warn+0x7e/0xa0
[  156.407776][ T3924]  ? kfree_skb_reason+0x3d/0x390
[  156.412703][ T3924]  end_report+0x66/0x110
[  156.416928][ T3924]  kasan_report+0x143/0x160
[  156.421413][ T3924]  ? kfree_skb_reason+0x3d/0x390
[  156.426337][ T3924]  kasan_check_range+0x27f/0x290
[  156.431256][ T3924]  kfree_skb_reason+0x3d/0x390
[  156.436006][ T3924]  __hci_req_sync+0x626/0x940
[  156.440670][ T3924]  ? trace_contention_end+0x61/0x170
[  156.445948][ T3924]  ? hci_req_sync_complete+0x280/0x280
[  156.451392][ T3924]  ? mutex_lock_nested+0x10/0x10
[  156.456321][ T3924]  ? wake_bit_function+0x210/0x210
[  156.461425][ T3924]  ? hci_encrypt_req+0x170/0x170
[  156.466350][ T3924]  hci_req_sync+0xa5/0xc0
[  156.470664][ T3924]  hci_dev_cmd+0x2fc/0xa30
[  156.475070][ T3924]  ? security_capable+0x86/0xb0
[  156.479905][ T3924]  ? hci_dev_reset_stat+0x1a0/0x1a0
[  156.485091][ T3924]  ? hci_sock_ioctl+0x426/0x850
[  156.489925][ T3924]  sock_do_ioctl+0x152/0x450
[  156.494501][ T3924]  ? sock_show_fdinfo+0xb0/0xb0
[  156.499335][ T3924]  ? __fget_files+0x28/0x4a0
[  156.503912][ T3924]  sock_ioctl+0x47f/0x770
[  156.508225][ T3924]  ? sock_poll+0x410/0x410
[  156.512623][ T3924]  ? __fget_files+0x28/0x4a0
[  156.517192][ T3924]  ? __fget_files+0x435/0x4a0
[  156.521865][ T3924]  ? __fget_files+0x28/0x4a0
[  156.526438][ T3924]  ? bpf_lsm_file_ioctl+0x5/0x10
[  156.531358][ T3924]  ? security_file_ioctl+0x7d/0xa0
[  156.536448][ T3924]  ? sock_poll+0x410/0x410
[  156.540844][ T3924]  __se_sys_ioctl+0xf1/0x160
[  156.545428][ T3924]  do_syscall_64+0x3b/0xb0
[  156.549834][ T3924]  ? clear_bhb_loop+0x45/0xa0
[  156.554496][ T3924]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  156.560372][ T3924] RIP: 0033:0x7ff46ea7dc0b
[  156.564772][ T3924] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  156.584362][ T3924] RSP: 002b:00007ffd40256040 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  156.593018][ T3924] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007ff46ea7dc0b
[  156.600974][ T3924] RDX: 00007ffd402560b8 RSI: 00000000400448dd RDI: 0000000000000003
[  156.608927][ T3924] RBP: 0000555556473430 R08: 0000000000000000 R09: 0000000000000000
[  156.616879][ T3924] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000004
[  156.624833][ T3924] R13: 0000000000000004 R14: 00007ff46ebac9d8 R15: 000000000000000c
[  156.632791][ T3924]  </TASK>
[  156.636047][ T3924] Kernel Offset: disabled
[  156.640368][ T3924] Rebooting in 86400 seconds..