Warning: Permanently added '10.128.0.178' (ED25519) to the list of known hosts.
2024/04/18 15:12:16 ignoring optional flag "sandboxArg"="0"
2024/04/18 15:12:16 parsed 1 programs
[ 520.081253][ T3585] cgroup: Unknown subsys name 'net'
[ 520.213890][ T3585] cgroup: Unknown subsys name 'rlimit'
2024/04/18 15:12:18 executed programs: 0
[ 521.779200][ T3585] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS
[ 521.971861][ T3610] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 521.980260][ T3610] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 521.991252][ T3616] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 521.991414][ T3617] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 522.000800][ T3616] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 522.013764][ T3616] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 522.014476][ T3617] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 522.022018][ T3616] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 522.031070][ T3617] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 522.039371][ T3616] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 522.047856][ T3617] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 522.062953][ T3618] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 522.063326][ T3617] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 522.071102][ T3618] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 522.081445][ T3619] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 522.084440][ T3616] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 522.092972][ T3619] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 522.098990][ T3616] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 522.107215][ T3619] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 522.113758][ T3616] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 522.124403][ T3618] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 522.136191][ T3616] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 522.136201][ T3620] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 522.152165][ T3616] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 522.160825][ T3616] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 522.170825][ T3616] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 522.179380][ T3604] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 522.189622][ T3618] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 522.198536][ T3609] ==================================================================
[ 522.206669][ T3609] BUG: KASAN: use-after-free in kfree_skb_reason+0x3d/0x390
[ 522.214061][ T3609] Read of size 4 at addr ffff888018fb04a4 by task syz-executor.3/3609
[ 522.222248][ T3609]
[ 522.225136][ T3609] CPU: 1 PID: 3609 Comm: syz-executor.3 Not tainted 6.1.87-syzkaller #0
[ 522.234115][ T3609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 522.244898][ T3609] Call Trace:
[ 522.248527][ T3609]
[ 522.251528][ T3609] dump_stack_lvl+0x1e3/0x2cb
[ 522.257385][ T3609] ? nf_tcp_handle_invalid+0x642/0x642
[ 522.264984][ T3609] ? panic+0x764/0x764
[ 522.272071][ T3609] ? _printk+0xd1/0x111
[ 522.279337][ T3609] ? __virt_addr_valid+0x17f/0x520
[ 522.284871][ T3609] ? __virt_addr_valid+0x17f/0x520
[ 522.291967][ T3609] print_report+0x15f/0x4f0
[ 522.297918][ T3609] ? __virt_addr_valid+0x17f/0x520
[ 522.305355][ T3609] ? __virt_addr_valid+0x17f/0x520
[ 522.311380][ T3609] ? __virt_addr_valid+0x44a/0x520
[ 522.318200][ T3609] ? __phys_addr+0xb6/0x170
[ 522.322924][ T3609] ? kfree_skb_reason+0x3d/0x390
[ 522.328388][ T3609] kasan_report+0x136/0x160
[ 522.333292][ T3609] ? kfree_skb_reason+0x3d/0x390
[ 522.338449][ T3609] kasan_check_range+0x27f/0x290
[ 522.343620][ T3609] kfree_skb_reason+0x3d/0x390
[ 522.348508][ T3609] __hci_req_sync+0x626/0x940
[ 522.353278][ T3609] ? trace_contention_end+0x61/0x170
[ 522.358909][ T3609] ? hci_req_sync_complete+0x280/0x280
[ 522.364597][ T3609] ? mutex_lock_nested+0x10/0x10
[ 522.369628][ T3609] ? wake_bit_function+0x210/0x210
[ 522.375209][ T3609] ? hci_encrypt_req+0x170/0x170
[ 522.381003][ T3609] hci_req_sync+0xa5/0xc0
[ 522.386072][ T3609] hci_dev_cmd+0x2fc/0xa30
[ 522.390790][ T3609] ? security_capable+0x86/0xb0
[ 522.395903][ T3609] ? hci_dev_reset_stat+0x1a0/0x1a0
[ 522.401846][ T3609] ? hci_sock_ioctl+0x426/0x850
[ 522.406963][ T3609] sock_do_ioctl+0x152/0x450
[ 522.412741][ T3609] ? sock_show_fdinfo+0xb0/0xb0
[ 522.417871][ T3609] ? __fget_files+0x28/0x4a0
[ 522.423277][ T3609] sock_ioctl+0x47f/0x770
[ 522.427721][ T3609] ? sock_poll+0x410/0x410
[ 522.432258][ T3609] ? __fget_files+0x28/0x4a0
[ 522.437085][ T3609] ? __fget_files+0x435/0x4a0
[ 522.442055][ T3609] ? __fget_files+0x28/0x4a0
[ 522.446693][ T3609] ? bpf_lsm_file_ioctl+0x5/0x10
[ 522.451730][ T3609] ? security_file_ioctl+0x7d/0xa0
[ 522.456988][ T3609] ? sock_poll+0x410/0x410
[ 522.461423][ T3609] __se_sys_ioctl+0xf1/0x160
[ 522.466090][ T3609] do_syscall_64+0x3b/0xb0
[ 522.470662][ T3609] ? clear_bhb_loop+0x45/0xa0
[ 522.476155][ T3609] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 522.482083][ T3609] RIP: 0033:0x7fbc67a7dc0b
[ 522.486526][ T3609] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 522.506251][ T3609] RSP: 002b:00007ffe3e4c3f50 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 522.514878][ T3609] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbc67a7dc0b
[ 522.523623][ T3609] RDX: 00007ffe3e4c3fc8 RSI: 00000000400448dd RDI: 0000000000000003
[ 522.531827][ T3609] RBP: 0000555555ea1430 R08: 0000000000000000 R09: 0000000000000000
[ 522.540545][ T3609] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000002
[ 522.548622][ T3609] R13: 0000000000000002 R14: 0000000000000001 R15: 00000000fffffff1
[ 522.556658][ T3609]
[ 522.559858][ T3609]
[ 522.562286][ T3609] Allocated by task 3610:
[ 522.566731][ T3609] kasan_set_track+0x4b/0x70
[ 522.571697][ T3609] __kasan_slab_alloc+0x65/0x70
[ 522.577867][ T3609] slab_post_alloc_hook+0x52/0x3a0
[ 522.583463][ T3609] kmem_cache_alloc+0x10c/0x2d0
[ 522.588375][ T3609] skb_clone+0x1e5/0x360
[ 522.592755][ T3609] hci_cmd_work+0x296/0x660
[ 522.598133][ T3609] process_one_work+0x8a9/0x11d0
[ 522.603225][ T3609] worker_thread+0xa47/0x1200
[ 522.608280][ T3609] kthread+0x28d/0x320
[ 522.612473][ T3609] ret_from_fork+0x1f/0x30
[ 522.617368][ T3609]
[ 522.619812][ T3609] Freed by task 3616:
[ 522.624009][ T3609] kasan_set_track+0x4b/0x70
[ 522.628947][ T3609] kasan_save_free_info+0x27/0x40
[ 522.634169][ T3609] ____kasan_slab_free+0xd6/0x120
[ 522.639435][ T3609] kmem_cache_free+0x292/0x510
[ 522.644484][ T3609] hci_req_sync_complete+0xee/0x280
[ 522.649706][ T3609] hci_event_packet+0xc49/0x1510
[ 522.654832][ T3609] hci_rx_work+0x3cd/0xce0
[ 522.659302][ T3609] process_one_work+0x8a9/0x11d0
[ 522.664303][ T3609] worker_thread+0xa47/0x1200
[ 522.669585][ T3609] kthread+0x28d/0x320
[ 522.673859][ T3609] ret_from_fork+0x1f/0x30
[ 522.678406][ T3609]
[ 522.680871][ T3609] The buggy address belongs to the object at ffff888018fb03c0
[ 522.680871][ T3609] which belongs to the cache skbuff_head_cache of size 240
[ 522.696174][ T3609] The buggy address is located 228 bytes inside of
[ 522.696174][ T3609] 240-byte region [ffff888018fb03c0, ffff888018fb04b0)
[ 522.709844][ T3609]
[ 522.712781][ T3609] The buggy address belongs to the physical page:
[ 522.719416][ T3609] page:ffffea000063ec00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18fb0
[ 522.729591][ T3609] flags: 0xfff80000000200(slab|node=0|zone=1|lastcpupid=0xfff)
[ 522.737151][ T3609] raw: 00fff80000000200 0000000000000000 dead000000000122 ffff888014656500
[ 522.746037][ T3609] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 522.754623][ T3609] page dumped because: kasan: bad access detected
[ 522.761046][ T3609] page_owner tracks the page as allocated
[ 522.766757][ T3609] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 3610, tgid 3610 (kworker/u5:3), ts 522197843856, free_ts 231318491887
[ 522.785254][ T3609] post_alloc_hook+0x18d/0x1b0
[ 522.790113][ T3609] get_page_from_freelist+0x31a1/0x3320
[ 522.795685][ T3609] __alloc_pages+0x28d/0x770
[ 522.800347][ T3609] alloc_slab_page+0x6a/0x150
[ 522.805060][ T3609] new_slab+0x84/0x2d0
[ 522.809157][ T3609] ___slab_alloc+0xc20/0x1270
[ 522.813880][ T3609] kmem_cache_alloc_node+0x1cf/0x310
[ 522.820010][ T3609] __alloc_skb+0xde/0x670
[ 522.824386][ T3609] mgmt_send_event+0x42/0x1a0
[ 522.829095][ T3609] mgmt_index_added+0x260/0x370
[ 522.833970][ T3609] hci_power_on+0x488/0x6f0
[ 522.838500][ T3609] process_one_work+0x8a9/0x11d0
[ 522.843455][ T3609] worker_thread+0xa47/0x1200
[ 522.848138][ T3609] kthread+0x28d/0x320
[ 522.852216][ T3609] ret_from_fork+0x1f/0x30
[ 522.856644][ T3609] page last free stack trace:
[ 522.861310][ T3609] free_unref_page_prepare+0xf63/0x1120
[ 522.867221][ T3609] free_unref_page_list+0x663/0x900
[ 522.872511][ T3609] release_pages+0x2836/0x2b40
[ 522.877841][ T3609] tlb_flush_mmu+0xfc/0x210
[ 522.882375][ T3609] tlb_finish_mmu+0xce/0x1f0
[ 522.887142][ T3609] exit_mmap+0x3c3/0x9f0
[ 522.891386][ T3609] __mmput+0x115/0x3c0
[ 522.895570][ T3609] exit_mm+0x226/0x300
[ 522.899649][ T3609] do_exit+0x9f6/0x26a0
[ 522.903819][ T3609] do_group_exit+0x202/0x2b0
[ 522.908416][ T3609] __x64_sys_exit_group+0x3b/0x40
[ 522.913985][ T3609] do_syscall_64+0x3b/0xb0
[ 522.918418][ T3609] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 522.924502][ T3609]
[ 522.926845][ T3609] Memory state around the buggy address:
[ 522.932560][ T3609] ffff888018fb0380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 522.940797][ T3609] ffff888018fb0400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 522.948871][ T3609] >ffff888018fb0480: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 522.956946][ T3609] ^
[ 522.962182][ T3609] ffff888018fb0500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 522.970469][ T3609] ffff888018fb0580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[ 522.978643][ T3609] ==================================================================
[ 522.996846][ T3616] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 523.004675][ T3616] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 523.046024][ T3609] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 523.053468][ T3609] CPU: 0 PID: 3609 Comm: syz-executor.3 Not tainted 6.1.87-syzkaller #0
[ 523.061829][ T3609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 523.072004][ T3609] Call Trace:
[ 523.075324][ T3609]
[ 523.078297][ T3609] dump_stack_lvl+0x1e3/0x2cb
[ 523.083027][ T3609] ? nf_tcp_handle_invalid+0x642/0x642
[ 523.088900][ T3609] ? panic+0x764/0x764
[ 523.093009][ T3609] ? preempt_schedule_common+0xa6/0xd0
[ 523.098649][ T3609] ? vscnprintf+0x59/0x80
[ 523.103009][ T3609] panic+0x318/0x764
[ 523.106925][ T3609] ? check_panic_on_warn+0x1d/0xa0
[ 523.112069][ T3609] ? memcpy_page_flushcache+0xfc/0xfc
[ 523.117909][ T3609] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 523.123933][ T3609] ? _raw_spin_unlock+0x40/0x40
[ 523.128853][ T3609] ? print_report+0x4a3/0x4f0
[ 523.133577][ T3609] check_panic_on_warn+0x7e/0xa0
[ 523.138899][ T3609] ? kfree_skb_reason+0x3d/0x390
[ 523.143879][ T3609] end_report+0x66/0x110
[ 523.148406][ T3609] kasan_report+0x143/0x160
[ 523.152924][ T3609] ? kfree_skb_reason+0x3d/0x390
[ 523.157880][ T3609] kasan_check_range+0x27f/0x290
[ 523.162845][ T3609] kfree_skb_reason+0x3d/0x390
[ 523.167638][ T3609] __hci_req_sync+0x626/0x940
[ 523.172331][ T3609] ? trace_contention_end+0x61/0x170
[ 523.177642][ T3609] ? hci_req_sync_complete+0x280/0x280
[ 523.183401][ T3609] ? mutex_lock_nested+0x10/0x10
[ 523.188366][ T3609] ? wake_bit_function+0x210/0x210
[ 523.193522][ T3609] ? hci_encrypt_req+0x170/0x170
[ 523.198494][ T3609] hci_req_sync+0xa5/0xc0
[ 523.202932][ T3609] hci_dev_cmd+0x2fc/0xa30
[ 523.207359][ T3609] ? security_capable+0x86/0xb0
[ 523.212236][ T3609] ? hci_dev_reset_stat+0x1a0/0x1a0
[ 523.217458][ T3609] ? hci_sock_ioctl+0x426/0x850
[ 523.222321][ T3609] sock_do_ioctl+0x152/0x450
[ 523.227059][ T3609] ? sock_show_fdinfo+0xb0/0xb0
[ 523.231918][ T3609] ? __fget_files+0x28/0x4a0
[ 523.236520][ T3609] sock_ioctl+0x47f/0x770
[ 523.240889][ T3609] ? sock_poll+0x410/0x410
[ 523.245335][ T3609] ? __fget_files+0x28/0x4a0
[ 523.249946][ T3609] ? __fget_files+0x435/0x4a0
[ 523.254663][ T3609] ? __fget_files+0x28/0x4a0
[ 523.259277][ T3609] ? bpf_lsm_file_ioctl+0x5/0x10
[ 523.264404][ T3609] ? security_file_ioctl+0x7d/0xa0
[ 523.269522][ T3609] ? sock_poll+0x410/0x410
[ 523.274056][ T3609] __se_sys_ioctl+0xf1/0x160
[ 523.278673][ T3609] do_syscall_64+0x3b/0xb0
[ 523.283099][ T3609] ? clear_bhb_loop+0x45/0xa0
[ 523.287785][ T3609] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 523.293685][ T3609] RIP: 0033:0x7fbc67a7dc0b
[ 523.298192][ T3609] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 523.319283][ T3609] RSP: 002b:00007ffe3e4c3f50 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 523.328896][ T3609] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fbc67a7dc0b
[ 523.337351][ T3609] RDX: 00007ffe3e4c3fc8 RSI: 00000000400448dd RDI: 0000000000000003
[ 523.345444][ T3609] RBP: 0000555555ea1430 R08: 0000000000000000 R09: 0000000000000000
[ 523.353617][ T3609] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000002
[ 523.361760][ T3609] R13: 0000000000000002 R14: 0000000000000001 R15: 00000000fffffff1
[ 523.369877][ T3609]
[ 523.373148][ T3609] Kernel Offset: disabled
[ 523.377483][ T3609] Rebooting in 86400 seconds..