Warning: Permanently added '10.128.1.109' (ED25519) to the list of known hosts.
2024/06/14 09:28:02 ignoring optional flag "sandboxArg"="0"
2024/06/14 09:28:02 parsed 1 programs
[ 697.304456][ T5145] cgroup: Unknown subsys name 'net'
[ 697.470668][ T5145] cgroup: Unknown subsys name 'rlimit'
[ 698.573260][ T5147] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 699.374278][ T5183] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 699.382427][ T5183] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 699.391131][ T5183] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 699.401946][ T5183] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 699.410184][ T5183] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 699.417576][ T5183] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 699.426721][ T5182] ==================================================================
[ 699.434784][ T5182] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x41/0x3b0
[ 699.442498][ T5182] Read of size 4 at addr ffff88806da5bd64 by task syz-executor.0/5182
[ 699.450637][ T5182]
[ 699.452972][ T5182] CPU: 0 PID: 5182 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00761-g3ec8d7572a69 #0
[ 699.463365][ T5182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 699.473409][ T5182] Call Trace:
[ 699.476671][ T5182]
[ 699.479584][ T5182] dump_stack_lvl+0x241/0x360
[ 699.484242][ T5182] ? __pfx_dump_stack_lvl+0x10/0x10
[ 699.489425][ T5182] ? __pfx__printk+0x10/0x10
[ 699.494014][ T5182] ? _printk+0xd5/0x120
[ 699.498154][ T5182] ? __virt_addr_valid+0x183/0x520
[ 699.503406][ T5182] ? __virt_addr_valid+0x183/0x520
[ 699.508499][ T5182] print_report+0x169/0x550
[ 699.512982][ T5182] ? __virt_addr_valid+0x183/0x520
[ 699.518080][ T5182] ? __virt_addr_valid+0x183/0x520
[ 699.523166][ T5182] ? __virt_addr_valid+0x44e/0x520
[ 699.528256][ T5182] ? __phys_addr+0xba/0x170
[ 699.532755][ T5182] ? kfree_skb_reason+0x41/0x3b0
[ 699.537672][ T5182] kasan_report+0x143/0x180
[ 699.542166][ T5182] ? kfree_skb_reason+0x41/0x3b0
[ 699.547169][ T5182] kasan_check_range+0x282/0x290
[ 699.552089][ T5182] kfree_skb_reason+0x41/0x3b0
[ 699.556835][ T5182] __hci_req_sync+0x62f/0x950
[ 699.561506][ T5182] ? __pfx___hci_req_sync+0x10/0x10
[ 699.566706][ T5182] ? __pfx___mutex_lock+0x10/0x10
[ 699.571710][ T5182] ? __pfx_autoremove_wake_function+0x10/0x10
[ 699.577757][ T5182] ? __pfx_hci_scan_req+0x10/0x10
[ 699.582767][ T5182] hci_req_sync+0xa9/0xd0
[ 699.587084][ T5182] hci_dev_cmd+0x4c5/0xa50
[ 699.591476][ T5182] ? security_capable+0x90/0xb0
[ 699.596341][ T5182] ? __pfx_hci_dev_cmd+0x10/0x10
[ 699.601356][ T5182] ? hci_sock_ioctl+0x6c4/0xa40
[ 699.606197][ T5182] sock_do_ioctl+0x158/0x460
[ 699.610792][ T5182] ? __pfx_sock_do_ioctl+0x10/0x10
[ 699.615909][ T5182] sock_ioctl+0x629/0x8e0
[ 699.620232][ T5182] ? __pfx_sock_ioctl+0x10/0x10
[ 699.625064][ T5182] ? __fget_files+0x29/0x470
[ 699.629635][ T5182] ? __fget_files+0x3f6/0x470
[ 699.634292][ T5182] ? __fget_files+0x29/0x470
[ 699.638868][ T5182] ? bpf_lsm_file_ioctl+0x9/0x10
[ 699.643788][ T5182] ? security_file_ioctl+0x87/0xb0
[ 699.648903][ T5182] ? __pfx_sock_ioctl+0x10/0x10
[ 699.653746][ T5182] __se_sys_ioctl+0xfc/0x170
[ 699.658319][ T5182] do_syscall_64+0xf3/0x230
[ 699.662800][ T5182] ? clear_bhb_loop+0x35/0x90
[ 699.667458][ T5182] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 699.673339][ T5182] RIP: 0033:0x7fc6b687cc0b
[ 699.677739][ T5182] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 699.697329][ T5182] RSP: 002b:00007ffe709f32c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 699.705737][ T5182] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc6b687cc0b
[ 699.713686][ T5182] RDX: 00007ffe709f3338 RSI: 00000000400448dd RDI: 0000000000000003
[ 699.721660][ T5182] RBP: 000055555e17b430 R08: 0000000000000000 R09: 0000000000000000
[ 699.729612][ T5182] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 699.737591][ T5182] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
[ 699.745544][ T5182]
[ 699.748542][ T5182]
[ 699.750857][ T5182] Allocated by task 4486:
[ 699.755155][ T5182] kasan_save_track+0x3f/0x80
[ 699.759839][ T5182] __kasan_slab_alloc+0x66/0x80
[ 699.764665][ T5182] kmem_cache_alloc_noprof+0x135/0x2a0
[ 699.770104][ T5182] skb_clone+0x20c/0x390
[ 699.774322][ T5182] hci_cmd_work+0x29e/0x670
[ 699.778803][ T5182] process_scheduled_works+0xa2c/0x1830
[ 699.784396][ T5182] worker_thread+0x86d/0xd70
[ 699.788984][ T5182] kthread+0x2f0/0x390
[ 699.793060][ T5182] ret_from_fork+0x4b/0x80
[ 699.797462][ T5182] ret_from_fork_asm+0x1a/0x30
[ 699.802228][ T5182]
[ 699.804529][ T5182] Freed by task 4486:
[ 699.808502][ T5182] kasan_save_track+0x3f/0x80
[ 699.813175][ T5182] kasan_save_free_info+0x40/0x50
[ 699.818177][ T5182] poison_slab_object+0xe0/0x150
[ 699.823112][ T5182] __kasan_slab_free+0x37/0x60
[ 699.827850][ T5182] kmem_cache_free+0x145/0x350
[ 699.832587][ T5182] hci_req_sync_complete+0xe7/0x290
[ 699.837767][ T5182] hci_event_packet+0xc71/0x1540
[ 699.842684][ T5182] hci_rx_work+0x3e8/0xca0
[ 699.847081][ T5182] process_scheduled_works+0xa2c/0x1830
[ 699.852603][ T5182] worker_thread+0x86d/0xd70
[ 699.857186][ T5182] kthread+0x2f0/0x390
[ 699.861231][ T5182] ret_from_fork+0x4b/0x80
[ 699.865635][ T5182] ret_from_fork_asm+0x1a/0x30
[ 699.870379][ T5182]
[ 699.872678][ T5182] The buggy address belongs to the object at ffff88806da5bc80
[ 699.872678][ T5182] which belongs to the cache skbuff_head_cache of size 240
[ 699.887235][ T5182] The buggy address is located 228 bytes inside of
[ 699.887235][ T5182] freed 240-byte region [ffff88806da5bc80, ffff88806da5bd70)
[ 699.901004][ T5182]
[ 699.903304][ T5182] The buggy address belongs to the physical page:
[ 699.909749][ T5182] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6da5b
[ 699.918517][ T5182] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 699.925624][ T5182] page_type: 0xffffefff(slab)
[ 699.930309][ T5182] raw: 00fff00000000000 ffff888018ae2780 dead000000000122 0000000000000000
[ 699.938872][ T5182] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[ 699.947430][ T5182] page dumped because: kasan: bad access detected
[ 699.953936][ T5182] page_owner tracks the page as allocated
[ 699.959626][ T5182] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5184, tgid 5182 (syz-executor.0), ts 699417443300, free_ts 699363316025
[ 699.979138][ T5182] post_alloc_hook+0x1f3/0x230
[ 699.983921][ T5182] get_page_from_freelist+0x2e2d/0x2ee0
[ 699.989447][ T5182] __alloc_pages_noprof+0x256/0x6c0
[ 699.994641][ T5182] alloc_slab_page+0x5f/0x120
[ 699.999297][ T5182] allocate_slab+0x5a/0x2e0
[ 700.003776][ T5182] ___slab_alloc+0xcd1/0x14b0
[ 700.008429][ T5182] __slab_alloc+0x58/0xa0
[ 700.012738][ T5182] kmem_cache_alloc_node_noprof+0x1fe/0x320
[ 700.018627][ T5182] __alloc_skb+0x1c3/0x440
[ 700.023018][ T5182] vhci_write+0xc0/0x480
[ 700.027238][ T5182] do_iter_readv_writev+0x5a4/0x800
[ 700.032417][ T5182] vfs_writev+0x395/0xbe0
[ 700.036734][ T5182] do_writev+0x1b1/0x350
[ 700.041006][ T5182] do_syscall_64+0xf3/0x230
[ 700.045485][ T5182] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 700.051367][ T5182] page last free pid 5176 tgid 5176 stack trace:
[ 700.057946][ T5182] free_unref_page+0xd22/0xea0
[ 700.062689][ T5182] vfree+0x186/0x2e0
[ 700.066734][ T5182] kcov_close+0x2b/0x50
[ 700.070866][ T5182] __fput+0x406/0x8b0
[ 700.074826][ T5182] task_work_run+0x24f/0x310
[ 700.079395][ T5182] do_exit+0xa27/0x27e0
[ 700.083524][ T5182] do_group_exit+0x207/0x2c0
[ 700.088091][ T5182] get_signal+0x16a1/0x1740
[ 700.092586][ T5182] arch_do_signal_or_restart+0x96/0x860
[ 700.098108][ T5182] syscall_exit_to_user_mode+0xc9/0x370
[ 700.103669][ T5182] do_syscall_64+0x100/0x230
[ 700.108255][ T5182] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 700.114134][ T5182]
[ 700.116453][ T5182] Memory state around the buggy address:
[ 700.122060][ T5182] ffff88806da5bc00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[ 700.130098][ T5182] ffff88806da5bc80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 700.138135][ T5182] >ffff88806da5bd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[ 700.146169][ T5182] ^
[ 700.153335][ T5182] ffff88806da5bd80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 700.161373][ T5182] ffff88806da5be00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 700.169411][ T5182] ==================================================================
[ 700.181347][ T5182] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 700.188582][ T5182] CPU: 0 PID: 5182 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00761-g3ec8d7572a69 #0
[ 700.198996][ T5182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 700.209049][ T5182] Call Trace:
[ 700.212308][ T5182]
[ 700.215218][ T5182] dump_stack_lvl+0x241/0x360
[ 700.219890][ T5182] ? __pfx_dump_stack_lvl+0x10/0x10
[ 700.225074][ T5182] ? __pfx__printk+0x10/0x10
[ 700.229650][ T5182] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 700.235617][ T5182] ? vscnprintf+0x5d/0x90
[ 700.239941][ T5182] panic+0x349/0x860
[ 700.243818][ T5182] ? check_panic_on_warn+0x21/0xb0
[ 700.248911][ T5182] ? __pfx_panic+0x10/0x10
[ 700.253311][ T5182] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 700.259268][ T5182] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 700.265570][ T5182] check_panic_on_warn+0x86/0xb0
[ 700.270503][ T5182] ? kfree_skb_reason+0x41/0x3b0
[ 700.275418][ T5182] end_report+0x77/0x160
[ 700.279659][ T5182] kasan_report+0x154/0x180
[ 700.284141][ T5182] ? kfree_skb_reason+0x41/0x3b0
[ 700.289070][ T5182] kasan_check_range+0x282/0x290
[ 700.294013][ T5182] kfree_skb_reason+0x41/0x3b0
[ 700.298757][ T5182] __hci_req_sync+0x62f/0x950
[ 700.303416][ T5182] ? __pfx___hci_req_sync+0x10/0x10
[ 700.308608][ T5182] ? __pfx___mutex_lock+0x10/0x10
[ 700.313616][ T5182] ? __pfx_autoremove_wake_function+0x10/0x10
[ 700.319766][ T5182] ? __pfx_hci_scan_req+0x10/0x10
[ 700.324782][ T5182] hci_req_sync+0xa9/0xd0
[ 700.329105][ T5182] hci_dev_cmd+0x4c5/0xa50
[ 700.333592][ T5182] ? security_capable+0x90/0xb0
[ 700.338449][ T5182] ? __pfx_hci_dev_cmd+0x10/0x10
[ 700.343372][ T5182] ? hci_sock_ioctl+0x6c4/0xa40
[ 700.348210][ T5182] sock_do_ioctl+0x158/0x460
[ 700.352785][ T5182] ? __pfx_sock_do_ioctl+0x10/0x10
[ 700.357895][ T5182] sock_ioctl+0x629/0x8e0
[ 700.362216][ T5182] ? __pfx_sock_ioctl+0x10/0x10
[ 700.367069][ T5182] ? __fget_files+0x29/0x470
[ 700.371646][ T5182] ? __fget_files+0x3f6/0x470
[ 700.376309][ T5182] ? __fget_files+0x29/0x470
[ 700.380899][ T5182] ? bpf_lsm_file_ioctl+0x9/0x10
[ 700.385817][ T5182] ? security_file_ioctl+0x87/0xb0
[ 700.390907][ T5182] ? __pfx_sock_ioctl+0x10/0x10
[ 700.395739][ T5182] __se_sys_ioctl+0xfc/0x170
[ 700.400311][ T5182] do_syscall_64+0xf3/0x230
[ 700.404792][ T5182] ? clear_bhb_loop+0x35/0x90
[ 700.409449][ T5182] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 700.415318][ T5182] RIP: 0033:0x7fc6b687cc0b
[ 700.419722][ T5182] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[ 700.439341][ T5182] RSP: 002b:00007ffe709f32c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 700.447742][ T5182] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc6b687cc0b
[ 700.455711][ T5182] RDX: 00007ffe709f3338 RSI: 00000000400448dd RDI: 0000000000000003
[ 700.463660][ T5182] RBP: 000055555e17b430 R08: 0000000000000000 R09: 0000000000000000
[ 700.471610][ T5182] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 700.479561][ T5182] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
[ 700.487520][ T5182]
[ 700.491101][ T5182] Kernel Offset: disabled
[ 700.495419][ T5182] Rebooting in 86400 seconds..