Warning: Permanently added '10.128.0.71' (ED25519) to the list of known hosts.
2024/05/08 03:29:13 ignoring optional flag "sandboxArg"="0"
2024/05/08 03:29:14 parsed 1 programs
syzkaller login: [ 83.146810][ T5074] cgroup: Unknown subsys name 'net'
[ 83.287733][ T5074] cgroup: Unknown subsys name 'rlimit'
2024/05/08 03:29:16 executed programs: 0
[ 85.177352][ T5074] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 85.388291][ T5092] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 85.401973][ T5096] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 85.411790][ T5096] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 85.421297][ T5097] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 85.431601][ T5097] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 85.442744][ T5097] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 85.453539][ T5097] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 85.462181][ T52] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 85.462201][ T5097] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 85.464857][ T5097] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 85.470722][ T52] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 85.478971][ T5097] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 85.485047][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 85.495711][ T5097] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 85.519826][ T5104] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 85.521140][ T52] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 85.528911][ T5097] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 85.540236][ T52] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 85.553938][ T5089] ==================================================================
[ 85.556239][ T52] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 85.563440][ T5089] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x41/0x3b0
[ 85.574866][ T52] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 85.580799][ T5089] Read of size 4 at addr ffff88802bd55d64 by task syz-executor.0/5089
[ 85.589631][ T52] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 85.598590][ T5089]
[ 85.598602][ T5089] CPU: 1 PID: 5089 Comm: syz-executor.0 Not tainted 6.9.0-rc7-syzkaller-00012-gdccb07f2914c #0
[ 85.598626][ T5089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 85.598640][ T5089] Call Trace:
[ 85.598651][ T5089]
[ 85.598661][ T5089] dump_stack_lvl+0x241/0x360
[ 85.606958][ T52] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 85.608636][ T5089] ? __pfx_dump_stack_lvl+0x10/0x10
[ 85.623575][ T52] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 85.631943][ T5089] ? __pfx__printk+0x10/0x10
[ 85.631993][ T5089] ? _printk+0xd5/0x120
[ 85.632024][ T5089] ? __virt_addr_valid+0x183/0x520
[ 85.637216][ T52] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 85.639641][ T5089] ? __virt_addr_valid+0x183/0x520
[ 85.693168][ T5089] print_report+0x169/0x550
[ 85.698020][ T5089] ? __virt_addr_valid+0x183/0x520
[ 85.705561][ T5089] ? __virt_addr_valid+0x183/0x520
[ 85.711708][ T5089] ? __virt_addr_valid+0x44e/0x520
[ 85.717308][ T5089] ? __phys_addr+0xba/0x170
[ 85.722505][ T5089] ? kfree_skb_reason+0x41/0x3b0
[ 85.730742][ T5089] kasan_report+0x143/0x180
[ 85.735643][ T5089] ? kfree_skb_reason+0x41/0x3b0
[ 85.740992][ T5089] kasan_check_range+0x282/0x290
[ 85.746251][ T5089] kfree_skb_reason+0x41/0x3b0
[ 85.751072][ T5089] __hci_req_sync+0x62f/0x950
[ 85.755889][ T5089] ? __pfx___hci_req_sync+0x10/0x10
[ 85.761145][ T5089] ? __pfx___mutex_lock+0x10/0x10
[ 85.766303][ T5089] ? __pfx_autoremove_wake_function+0x10/0x10
[ 85.772419][ T5089] ? __pfx_hci_scan_req+0x10/0x10
[ 85.777629][ T5089] hci_req_sync+0xa9/0xd0
[ 85.782019][ T5089] hci_dev_cmd+0x518/0xa90
[ 85.786634][ T5089] ? security_capable+0x90/0xb0
[ 85.791922][ T5089] ? __pfx_hci_dev_cmd+0x10/0x10
[ 85.797735][ T5089] ? hci_sock_ioctl+0x6c2/0xaa0
[ 85.803189][ T5089] sock_do_ioctl+0x158/0x460
[ 85.808552][ T5089] ? __pfx_smack_log+0x10/0x10
[ 85.814028][ T5089] ? __pfx_sock_do_ioctl+0x10/0x10
[ 85.815517][ T5097] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 85.822175][ T5089] ? smk_tskacc+0x300/0x370
[ 85.832773][ T5097] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 85.835846][ T5089] ? smack_file_ioctl+0x2a1/0x3a0
[ 85.835883][ T5089] sock_ioctl+0x629/0x8e0
[ 85.835942][ T5089] ? __pfx_sock_ioctl+0x10/0x10
[ 85.835972][ T5089] ? __fget_files+0x28/0x470
[ 85.846934][ T5097] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 85.850127][ T5089] ? bpf_lsm_file_ioctl+0x9/0x10
[ 85.856667][ T5097] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 85.859447][ T5089] ? security_file_ioctl+0x87/0xb0
[ 85.865530][ T5097] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 85.871166][ T5089] ? __pfx_sock_ioctl+0x10/0x10
[ 85.876786][ T5097] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 85.883090][ T5089] __se_sys_ioctl+0xfc/0x170
[ 85.916809][ T5089] do_syscall_64+0xf5/0x240
[ 85.921739][ T5089] ? clear_bhb_loop+0x35/0x90
[ 85.928019][ T5089] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 85.935584][ T5089] RIP: 0033:0x7f64f527dacb
[ 85.940321][ T5089] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 85.961472][ T5089] RSP: 002b:00007fff66529ba0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 85.970051][ T5089] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f64f527dacb
[ 85.978611][ T5089] RDX: 00007fff66529c18 RSI: 00000000400448dd RDI: 0000000000000003
[ 85.988250][ T5089] RBP: 000055558bbc1430 R08: 0000000000000000 R09: 0000000000000000
[ 85.997506][ T5089] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 86.008150][ T5089] R13: 0000000000000000 R14: 0000000000000001 R15: 00000000fffffff1
[ 86.017606][ T5089]
[ 86.022210][ T5089]
[ 86.025186][ T5089] Allocated by task 5097:
[ 86.031079][ T5089] kasan_save_track+0x3f/0x80
[ 86.036795][ T5089] __kasan_slab_alloc+0x66/0x80
[ 86.043391][ T5089] kmem_cache_alloc+0x174/0x350
[ 86.048900][ T5089] skb_clone+0x20c/0x390
[ 86.053773][ T5089] hci_cmd_work+0x29e/0x670
[ 86.060273][ T5089] process_scheduled_works+0xa10/0x17c0
[ 86.067040][ T5089] worker_thread+0x86d/0xd70
[ 86.072877][ T5089] kthread+0x2f0/0x390
[ 86.079237][ T5089] ret_from_fork+0x4b/0x80
[ 86.087133][ T5089] ret_from_fork_asm+0x1a/0x30
[ 86.094797][ T5089]
[ 86.097419][ T5089] Freed by task 52:
[ 86.102769][ T5089] kasan_save_track+0x3f/0x80
[ 86.109913][ T5089] kasan_save_free_info+0x40/0x50
[ 86.117285][ T5089] poison_slab_object+0xa6/0xe0
[ 86.122912][ T5089] __kasan_slab_free+0x37/0x60
[ 86.129581][ T5089] kmem_cache_free+0x10b/0x2d0
[ 86.135921][ T5089] hci_req_sync_complete+0xe7/0x290
[ 86.142085][ T5089] hci_event_packet+0xc71/0x1540
[ 86.150218][ T5089] hci_rx_work+0x3e8/0xca0
[ 86.154926][ T5089] process_scheduled_works+0xa10/0x17c0
[ 86.160556][ T5089] worker_thread+0x86d/0xd70
[ 86.165462][ T5089] kthread+0x2f0/0x390
[ 86.170181][ T5089] ret_from_fork+0x4b/0x80
[ 86.174657][ T5089] ret_from_fork_asm+0x1a/0x30
[ 86.179487][ T5089]
[ 86.182043][ T5089] The buggy address belongs to the object at ffff88802bd55c80
[ 86.182043][ T5089] which belongs to the cache skbuff_head_cache of size 240
[ 86.201327][ T5089] The buggy address is located 228 bytes inside of
[ 86.201327][ T5089] freed 240-byte region [ffff88802bd55c80, ffff88802bd55d70)
[ 86.219543][ T5089]
[ 86.222706][ T5089] The buggy address belongs to the physical page:
[ 86.230911][ T5089] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2bd55
[ 86.242778][ T5089] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 86.252154][ T5089] page_type: 0xffffffff()
[ 86.257139][ T5089] raw: 00fff00000000800 ffff888018e96780 ffffea0000796ac0 dead000000000004
[ 86.269571][ T5089] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000
[ 86.279854][ T5089] page dumped because: kasan: bad access detected
[ 86.288234][ T5089] page_owner tracks the page as allocated
[ 86.294620][ T5089] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 4527, tgid -1974157755 (udevadm), ts 4527, free_ts 31596039751
[ 86.316907][ T5089] post_alloc_hook+0x1ea/0x210
[ 86.322518][ T5089] get_page_from_freelist+0x3410/0x35b0
[ 86.328676][ T5089] __alloc_pages+0x256/0x6c0
[ 86.334079][ T5089] alloc_slab_page+0x5f/0x160
[ 86.339975][ T5089] new_slab+0x84/0x2f0
[ 86.344623][ T5089] ___slab_alloc+0xc73/0x1260
[ 86.350621][ T5089] kmem_cache_alloc_node+0x24a/0x390
[ 86.356666][ T5089] __alloc_skb+0x1c3/0x440
[ 86.361485][ T5089] alloc_uevent_skb+0x74/0x230
[ 86.367498][ T5089] kobject_uevent_net_broadcast+0x2fd/0x580
[ 86.374081][ T5089] kobject_uevent_env+0x57d/0x8e0
[ 86.380378][ T5089] kobject_synth_uevent+0x4ef/0xae0
[ 86.386357][ T5089] uevent_store+0x4b/0x70
[ 86.391271][ T5089] kernfs_fop_write_iter+0x3a1/0x500
[ 86.397040][ T5089] vfs_write+0xa84/0xcb0
[ 86.402388][ T5089] ksys_write+0x1a0/0x2c0
[ 86.410126][ T5089] page last free pid 927 tgid 927 stack trace:
[ 86.417703][ T5089] free_unref_page_prepare+0x97b/0xaa0
[ 86.425051][ T5089] free_unref_page+0x37/0x3f0
[ 86.430493][ T5089] vfree+0x186/0x2e0
[ 86.435140][ T5089] delayed_vfree_work+0x56/0x80
[ 86.442055][ T5089] process_scheduled_works+0xa10/0x17c0
[ 86.450026][ T5089] worker_thread+0x86d/0xd70
[ 86.455301][ T5089] kthread+0x2f0/0x390
[ 86.460236][ T5089] ret_from_fork+0x4b/0x80
[ 86.465292][ T5089] ret_from_fork_asm+0x1a/0x30
[ 86.471151][ T5089]
[ 86.474844][ T5089] Memory state around the buggy address:
[ 86.480891][ T5089] ffff88802bd55c00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 86.490414][ T5089] ffff88802bd55c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 86.499599][ T5089] >ffff88802bd55d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 86.509536][ T5089] ^
[ 86.517673][ T5089] ffff88802bd55d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 86.527722][ T5089] ffff88802bd55e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 86.537771][ T5089] ==================================================================
[ 86.557706][ T5089] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 86.565234][ T5089] CPU: 1 PID: 5089 Comm: syz-executor.0 Not tainted 6.9.0-rc7-syzkaller-00012-gdccb07f2914c #0
[ 86.576669][ T5089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 86.587329][ T5089] Call Trace:
[ 86.590832][ T5089]
[ 86.595202][ T5089] dump_stack_lvl+0x241/0x360
[ 86.600330][ T5089] ? __pfx_dump_stack_lvl+0x10/0x10
[ 86.606804][ T5089] ? __pfx__printk+0x10/0x10
[ 86.612859][ T5089] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 86.620184][ T5089] ? vscnprintf+0x5d/0x90
[ 86.626151][ T5089] panic+0x349/0x860
[ 86.632219][ T5089] ? check_panic_on_warn+0x21/0xb0
[ 86.639771][ T5089] ? __pfx_panic+0x10/0x10
[ 86.645898][ T5089] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 86.654588][ T5089] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 86.662896][ T5089] check_panic_on_warn+0x86/0xb0
[ 86.668622][ T5089] ? kfree_skb_reason+0x41/0x3b0
[ 86.673622][ T5089] end_report+0x77/0x160
[ 86.678269][ T5089] kasan_report+0x154/0x180
[ 86.683092][ T5089] ? kfree_skb_reason+0x41/0x3b0
[ 86.689554][ T5089] kasan_check_range+0x282/0x290
[ 86.695348][ T5089] kfree_skb_reason+0x41/0x3b0
[ 86.700938][ T5089] __hci_req_sync+0x62f/0x950
[ 86.706916][ T5089] ? __pfx___hci_req_sync+0x10/0x10
[ 86.714389][ T5089] ? __pfx___mutex_lock+0x10/0x10
[ 86.725212][ T5089] ? __pfx_autoremove_wake_function+0x10/0x10
[ 86.733356][ T5089] ? __pfx_hci_scan_req+0x10/0x10
[ 86.739765][ T5089] hci_req_sync+0xa9/0xd0
[ 86.745064][ T5089] hci_dev_cmd+0x518/0xa90
[ 86.753132][ T5089] ? security_capable+0x90/0xb0
[ 86.759794][ T5089] ? __pfx_hci_dev_cmd+0x10/0x10
[ 86.766641][ T5089] ? hci_sock_ioctl+0x6c2/0xaa0
[ 86.773037][ T5089] sock_do_ioctl+0x158/0x460
[ 86.780231][ T5089] ? __pfx_smack_log+0x10/0x10
[ 86.786171][ T5089] ? __pfx_sock_do_ioctl+0x10/0x10
[ 86.795114][ T5089] ? smk_tskacc+0x300/0x370
[ 86.801870][ T5089] ? smack_file_ioctl+0x2a1/0x3a0
[ 86.808786][ T5089] sock_ioctl+0x629/0x8e0
[ 86.814865][ T5089] ? __pfx_sock_ioctl+0x10/0x10
[ 86.819956][ T5089] ? __fget_files+0x28/0x470
[ 86.825049][ T5089] ? bpf_lsm_file_ioctl+0x9/0x10
[ 86.830239][ T5089] ? security_file_ioctl+0x87/0xb0
[ 86.838564][ T5089] ? __pfx_sock_ioctl+0x10/0x10
[ 86.845927][ T5089] __se_sys_ioctl+0xfc/0x170
[ 86.850818][ T5089] do_syscall_64+0xf5/0x240
[ 86.858337][ T5089] ? clear_bhb_loop+0x35/0x90
[ 86.863496][ T5089] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.870669][ T5089] RIP: 0033:0x7f64f527dacb
[ 86.875554][ T5089] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 86.904452][ T5089] RSP: 002b:00007fff66529ba0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 86.917019][ T5089] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f64f527dacb
[ 86.927995][ T5089] RDX: 00007fff66529c18 RSI: 00000000400448dd RDI: 0000000000000003
[ 86.938283][ T5089] RBP: 000055558bbc1430 R08: 0000000000000000 R09: 0000000000000000
[ 86.949094][ T5089] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 86.959456][ T5089] R13: 0000000000000000 R14: 0000000000000001 R15: 00000000fffffff1
[ 86.969442][ T5089]
[ 86.973380][ T5089] Kernel Offset: disabled
[ 86.977936][ T5089] Rebooting in 86400 seconds..