Warning: Permanently added '10.128.1.15' (ED25519) to the list of known hosts.
2024/06/24 16:36:32 ignoring optional flag "sandboxArg"="0"
2024/06/24 16:36:32 parsed 1 programs
[ 1057.547616][ T5156] cgroup: Unknown subsys name 'net'
[ 1057.814043][ T5156] cgroup: Unknown subsys name 'rlimit'
[ 1059.310994][ T5179] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 1059.618556][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1059.629119][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1059.639284][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1059.648999][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1059.657576][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1059.666563][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1059.681080][ T5194] ==================================================================
[ 1059.689204][ T5194] BUG: KASAN: slab-use-after-free in sk_skb_reason_drop+0x44/0x3d0
[ 1059.697226][ T5194] Read of size 4 at addr ffff888018384724 by task syz-executor.0/5194
[ 1059.705580][ T5194]
[ 1059.707935][ T5194] CPU: 0 PID: 5194 Comm: syz-executor.0 Not tainted 6.10.0-rc4-syzkaller-00875-g568ebdaba637 #0
[ 1059.718597][ T5194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1059.728683][ T5194] Call Trace:
[ 1059.732417][ T5194]
[ 1059.735701][ T5194] dump_stack_lvl+0x241/0x360
[ 1059.740697][ T5194] ? __pfx_dump_stack_lvl+0x10/0x10
[ 1059.746514][ T5194] ? __pfx__printk+0x10/0x10
[ 1059.752556][ T5194] ? _printk+0xd5/0x120
[ 1059.758025][ T5194] ? __virt_addr_valid+0x183/0x520
[ 1059.763703][ T5194] ? __virt_addr_valid+0x183/0x520
[ 1059.769206][ T5194] print_report+0x169/0x550
[ 1059.774407][ T5194] ? __virt_addr_valid+0x183/0x520
[ 1059.779729][ T5194] ? __virt_addr_valid+0x183/0x520
[ 1059.784870][ T5194] ? __virt_addr_valid+0x44e/0x520
[ 1059.790107][ T5194] ? __phys_addr+0xba/0x170
[ 1059.794640][ T5194] ? sk_skb_reason_drop+0x44/0x3d0
[ 1059.800706][ T5194] kasan_report+0x143/0x180
[ 1059.805661][ T5194] ? sk_skb_reason_drop+0x44/0x3d0
[ 1059.811088][ T5194] kasan_check_range+0x282/0x290
[ 1059.816416][ T5194] sk_skb_reason_drop+0x44/0x3d0
[ 1059.821405][ T5194] __hci_req_sync+0x631/0x950
[ 1059.826109][ T5194] ? __pfx___hci_req_sync+0x10/0x10
[ 1059.831608][ T5194] ? __pfx___mutex_lock+0x10/0x10
[ 1059.836655][ T5194] ? __pfx_autoremove_wake_function+0x10/0x10
[ 1059.843028][ T5194] ? __pfx_hci_scan_req+0x10/0x10
[ 1059.848164][ T5194] hci_req_sync+0xa9/0xd0
[ 1059.853025][ T5194] hci_dev_cmd+0x4c5/0xa50
[ 1059.857450][ T5194] ? security_capable+0x90/0xb0
[ 1059.862518][ T5194] ? __pfx_hci_dev_cmd+0x10/0x10
[ 1059.867481][ T5194] ? hci_sock_ioctl+0x6c6/0xa40
[ 1059.872342][ T5194] sock_do_ioctl+0x158/0x460
[ 1059.876962][ T5194] ? __pfx_sock_do_ioctl+0x10/0x10
[ 1059.882187][ T5194] sock_ioctl+0x629/0x8e0
[ 1059.886529][ T5194] ? __pfx_sock_ioctl+0x10/0x10
[ 1059.891828][ T5194] ? __fget_files+0x29/0x470
[ 1059.896578][ T5194] ? __fget_files+0x3f6/0x470
[ 1059.901267][ T5194] ? __fget_files+0x29/0x470
[ 1059.905893][ T5194] ? bpf_lsm_file_ioctl+0x9/0x10
[ 1059.910857][ T5194] ? security_file_ioctl+0x87/0xb0
[ 1059.916006][ T5194] ? __pfx_sock_ioctl+0x10/0x10
[ 1059.920905][ T5194] __se_sys_ioctl+0xfc/0x170
[ 1059.925560][ T5194] do_syscall_64+0xf3/0x230
[ 1059.930228][ T5194] ? clear_bhb_loop+0x35/0x90
[ 1059.935124][ T5194] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1059.941159][ T5194] RIP: 0033:0x7f54dc27ce0b
[ 1059.945702][ T5194] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 1059.965693][ T5194] RSP: 002b:00007ffd610690f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1059.974401][ T5194] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f54dc27ce0b
[ 1059.982852][ T5194] RDX: 00007ffd61069168 RSI: 00000000400448dd RDI: 0000000000000003
[ 1059.990843][ T5194] RBP: 000055555daad430 R08: 0000000000000000 R09: 0000000000000000
[ 1059.998818][ T5194] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 1060.006968][ T5194] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
[ 1060.014956][ T5194]
[ 1060.017984][ T5194]
[ 1060.020299][ T5194] Allocated by task 4489:
[ 1060.024638][ T5194] kasan_save_track+0x3f/0x80
[ 1060.029409][ T5194] __kasan_slab_alloc+0x66/0x80
[ 1060.034258][ T5194] kmem_cache_alloc_noprof+0x135/0x2a0
[ 1060.039818][ T5194] skb_clone+0x20c/0x390
[ 1060.044071][ T5194] hci_cmd_work+0x2a2/0x670
[ 1060.048836][ T5194] process_scheduled_works+0xa2c/0x1830
[ 1060.055825][ T5194] worker_thread+0x86d/0xd70
[ 1060.060792][ T5194] kthread+0x2f0/0x390
[ 1060.065310][ T5194] ret_from_fork+0x4b/0x80
[ 1060.069794][ T5194] ret_from_fork_asm+0x1a/0x30
[ 1060.074583][ T5194]
[ 1060.076909][ T5194] Freed by task 4489:
[ 1060.080878][ T5194] kasan_save_track+0x3f/0x80
[ 1060.085861][ T5194] kasan_save_free_info+0x40/0x50
[ 1060.090931][ T5194] poison_slab_object+0xe0/0x150
[ 1060.095892][ T5194] __kasan_slab_free+0x37/0x60
[ 1060.100754][ T5194] kmem_cache_free+0x145/0x350
[ 1060.105522][ T5194] hci_req_sync_complete+0xe8/0x290
[ 1060.111603][ T5194] hci_event_packet+0xc75/0x1540
[ 1060.116685][ T5194] hci_rx_work+0x3e8/0xca0
[ 1060.121119][ T5194] process_scheduled_works+0xa2c/0x1830
[ 1060.127134][ T5194] worker_thread+0x86d/0xd70
[ 1060.131772][ T5194] kthread+0x2f0/0x390
[ 1060.135885][ T5194] ret_from_fork+0x4b/0x80
[ 1060.140487][ T5194] ret_from_fork_asm+0x1a/0x30
[ 1060.145268][ T5194]
[ 1060.147602][ T5194] The buggy address belongs to the object at ffff888018384640
[ 1060.147602][ T5194] which belongs to the cache skbuff_head_cache of size 240
[ 1060.162358][ T5194] The buggy address is located 228 bytes inside of
[ 1060.162358][ T5194] freed 240-byte region [ffff888018384640, ffff888018384730)
[ 1060.176429][ T5194]
[ 1060.178755][ T5194] The buggy address belongs to the physical page:
[ 1060.185175][ T5194] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x18384
[ 1060.194021][ T5194] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1060.201174][ T5194] page_type: 0xffffefff(slab)
[ 1060.205888][ T5194] raw: 00fff00000000000 ffff888018ae2780 ffffea000072f700 dead000000000004
[ 1060.214488][ T5194] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[ 1060.223271][ T5194] page dumped because: kasan: bad access detected
[ 1060.229705][ T5194] page_owner tracks the page as allocated
[ 1060.235438][ T5194] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4546, tgid 4546 (udevadm), ts 31919585452, free_ts 31831647028
[ 1060.254906][ T5194] post_alloc_hook+0x1f3/0x230
[ 1060.259874][ T5194] get_page_from_freelist+0x2e43/0x2f00
[ 1060.265456][ T5194] __alloc_pages_noprof+0x256/0x6c0
[ 1060.270846][ T5194] alloc_slab_page+0x5f/0x120
[ 1060.275535][ T5194] allocate_slab+0x5a/0x2f0
[ 1060.280158][ T5194] ___slab_alloc+0xcd1/0x14b0
[ 1060.284898][ T5194] __slab_alloc+0x58/0xa0
[ 1060.289286][ T5194] kmem_cache_alloc_node_noprof+0x1fe/0x320
[ 1060.295213][ T5194] __alloc_skb+0x1c3/0x440
[ 1060.299643][ T5194] alloc_uevent_skb+0x74/0x230
[ 1060.304592][ T5194] kobject_uevent_net_broadcast+0x2fd/0x580
[ 1060.310584][ T5194] kobject_uevent_env+0x57d/0x8e0
[ 1060.315656][ T5194] kobject_synth_uevent+0x4ef/0xae0
[ 1060.320968][ T5194] uevent_store+0x4b/0x70
[ 1060.325314][ T5194] kernfs_fop_write_iter+0x3a1/0x500
[ 1060.330623][ T5194] vfs_write+0xa72/0xc90
[ 1060.334869][ T5194] page last free pid 4546 tgid 4546 stack trace:
[ 1060.341393][ T5194] free_unref_page+0xd22/0xea0
[ 1060.346760][ T5194] rcu_core+0xafd/0x1830
[ 1060.351015][ T5194] handle_softirqs+0x2c4/0x970
[ 1060.356056][ T5194] __irq_exit_rcu+0xf4/0x1c0
[ 1060.361297][ T5194] irq_exit_rcu+0x9/0x30
[ 1060.366130][ T5194] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1060.372424][ T5194] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1060.378961][ T5194]
[ 1060.381387][ T5194] Memory state around the buggy address:
[ 1060.387089][ T5194] ffff888018384600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 1060.395165][ T5194] ffff888018384680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1060.403334][ T5194] >ffff888018384700: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[ 1060.412271][ T5194] ^
[ 1060.417394][ T5194] ffff888018384780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1060.425483][ T5194] ffff888018384800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 1060.433542][ T5194] ==================================================================
[ 1060.444047][ T5194] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1060.452534][ T5194] CPU: 0 PID: 5194 Comm: syz-executor.0 Not tainted 6.10.0-rc4-syzkaller-00875-g568ebdaba637 #0
[ 1060.464975][ T5194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1060.475326][ T5194] Call Trace:
[ 1060.478616][ T5194]
[ 1060.481557][ T5194] dump_stack_lvl+0x241/0x360
[ 1060.486356][ T5194] ? __pfx_dump_stack_lvl+0x10/0x10
[ 1060.491586][ T5194] ? __pfx__printk+0x10/0x10
[ 1060.496801][ T5194] ? preempt_schedule+0xe1/0xf0
[ 1060.501718][ T5194] ? vscnprintf+0x5d/0x90
[ 1060.506102][ T5194] panic+0x349/0x860
[ 1060.510021][ T5194] ? check_panic_on_warn+0x21/0xb0
[ 1060.515237][ T5194] ? __pfx_panic+0x10/0x10
[ 1060.519671][ T5194] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 1060.525671][ T5194] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1060.532054][ T5194] ? print_report+0x502/0x550
[ 1060.536768][ T5194] check_panic_on_warn+0x86/0xb0
[ 1060.541808][ T5194] ? sk_skb_reason_drop+0x44/0x3d0
[ 1060.546933][ T5194] end_report+0x77/0x160
[ 1060.551226][ T5194] kasan_report+0x154/0x180
[ 1060.555860][ T5194] ? sk_skb_reason_drop+0x44/0x3d0
[ 1060.561183][ T5194] kasan_check_range+0x282/0x290
[ 1060.566552][ T5194] sk_skb_reason_drop+0x44/0x3d0
[ 1060.572508][ T5194] __hci_req_sync+0x631/0x950
[ 1060.577392][ T5194] ? __pfx___hci_req_sync+0x10/0x10
[ 1060.582632][ T5194] ? __pfx___mutex_lock+0x10/0x10
[ 1060.587692][ T5194] ? __pfx_autoremove_wake_function+0x10/0x10
[ 1060.593875][ T5194] ? __pfx_hci_scan_req+0x10/0x10
[ 1060.598948][ T5194] hci_req_sync+0xa9/0xd0
[ 1060.603293][ T5194] hci_dev_cmd+0x4c5/0xa50
[ 1060.607745][ T5194] ? security_capable+0x90/0xb0
[ 1060.612649][ T5194] ? __pfx_hci_dev_cmd+0x10/0x10
[ 1060.617609][ T5194] ? hci_sock_ioctl+0x6c6/0xa40
[ 1060.622479][ T5194] sock_do_ioctl+0x158/0x460
[ 1060.627094][ T5194] ? __pfx_sock_do_ioctl+0x10/0x10
[ 1060.632460][ T5194] sock_ioctl+0x629/0x8e0
[ 1060.637157][ T5194] ? __pfx_sock_ioctl+0x10/0x10
[ 1060.642026][ T5194] ? __fget_files+0x29/0x470
[ 1060.646639][ T5194] ? __fget_files+0x3f6/0x470
[ 1060.652029][ T5194] ? __fget_files+0x29/0x470
[ 1060.656643][ T5194] ? bpf_lsm_file_ioctl+0x9/0x10
[ 1060.661697][ T5194] ? security_file_ioctl+0x87/0xb0
[ 1060.666944][ T5194] ? __pfx_sock_ioctl+0x10/0x10
[ 1060.672339][ T5194] __se_sys_ioctl+0xfc/0x170
[ 1060.676979][ T5194] do_syscall_64+0xf3/0x230
[ 1060.681530][ T5194] ? clear_bhb_loop+0x35/0x90
[ 1060.686228][ T5194] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1060.692149][ T5194] RIP: 0033:0x7f54dc27ce0b
[ 1060.696573][ T5194] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 1060.716369][ T5194] RSP: 002b:00007ffd610690f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1060.724889][ T5194] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f54dc27ce0b
[ 1060.732868][ T5194] RDX: 00007ffd61069168 RSI: 00000000400448dd RDI: 0000000000000003
[ 1060.741023][ T5194] RBP: 000055555daad430 R08: 0000000000000000 R09: 0000000000000000
[ 1060.749026][ T5194] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 1060.757200][ T5194] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
[ 1060.765907][ T5194]
[ 1060.770011][ T5194] Kernel Offset: disabled
[ 1060.774349][ T5194] Rebooting in 86400 seconds..