Warning: Permanently added '10.128.0.79' (ED25519) to the list of known hosts.
2024/06/11 03:38:49 ignoring optional flag "sandboxArg"="0"
2024/06/11 03:38:49 parsed 1 programs
[ 91.259208][ T5514] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 92.305052][ T2901] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.313286][ T2901] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 92.332935][ T2901] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.343549][ T2901] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 92.771619][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 92.784326][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 92.793309][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 92.811876][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 92.821136][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 92.829040][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 93.279550][ T5578] chnl_net:caif_netlink_parms(): no params data found
[ 93.337263][ T5578] bridge0: port 1(bridge_slave_0) entered blocking state
[ 93.345045][ T5578] bridge0: port 1(bridge_slave_0) entered disabled state
[ 93.352484][ T5578] bridge_slave_0: entered allmulticast mode
[ 93.359212][ T5578] bridge_slave_0: entered promiscuous mode
[ 93.368043][ T5578] bridge0: port 2(bridge_slave_1) entered blocking state
[ 93.375940][ T5578] bridge0: port 2(bridge_slave_1) entered disabled state
[ 93.383225][ T5578] bridge_slave_1: entered allmulticast mode
[ 93.390226][ T5578] bridge_slave_1: entered promiscuous mode
[ 93.422995][ T5578] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 93.435696][ T5578] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 93.469420][ T5578] team0: Port device team_slave_0 added
[ 93.477963][ T5578] team0: Port device team_slave_1 added
[ 93.557521][ T5578] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 93.565766][ T5578] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 93.592445][ T5578] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 93.606388][ T5578] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 93.613794][ T5578] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 93.642999][ T5578] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 93.687472][ T5578] hsr_slave_0: entered promiscuous mode
[ 93.694011][ T5578] hsr_slave_1: entered promiscuous mode
[ 94.277186][ T5578] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 94.289241][ T5578] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 94.301938][ T5578] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 94.312864][ T5578] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 94.345517][ T5578] bridge0: port 2(bridge_slave_1) entered blocking state
[ 94.352754][ T5578] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 94.360309][ T5578] bridge0: port 1(bridge_slave_0) entered blocking state
[ 94.367609][ T5578] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 94.388240][ T25] bridge0: port 1(bridge_slave_0) entered disabled state
[ 94.401562][ T25] bridge0: port 2(bridge_slave_1) entered disabled state
[ 94.474359][ T5578] 8021q: adding VLAN 0 to HW filter on device bond0
[ 94.503443][ T5578] 8021q: adding VLAN 0 to HW filter on device team0
[ 94.522804][ T1798] bridge0: port 1(bridge_slave_0) entered blocking state
[ 94.530021][ T1798] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 94.541795][ T1798] bridge0: port 2(bridge_slave_1) entered blocking state
[ 94.548956][ T1798] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 94.756670][ T5578] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 94.807032][ T5578] veth0_vlan: entered promiscuous mode
[ 94.824991][ T5578] veth1_vlan: entered promiscuous mode
[ 94.864440][ T5578] veth0_macvtap: entered promiscuous mode
[ 94.875884][ T5578] veth1_macvtap: entered promiscuous mode
[ 94.902728][ T5578] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 94.921768][ T5578] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 94.936013][ T5578] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.947865][ T5578] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.958093][ T5578] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 94.969205][ T5578] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 95.121155][ T2901] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 95.198532][ T2901] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 95.285077][ T2901] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 95.367912][ T2901] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
2024/06/11 03:38:55 executed programs: 0
[ 95.610427][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 95.619126][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 95.629201][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 95.640073][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 95.647844][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 95.657419][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 95.887960][ T5659] chnl_net:caif_netlink_parms(): no params data found
[ 96.002375][ T5659] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.009749][ T5659] bridge0: port 1(bridge_slave_0) entered disabled state
[ 96.019128][ T5659] bridge_slave_0: entered allmulticast mode
[ 96.029078][ T5659] bridge_slave_0: entered promiscuous mode
[ 96.042661][ T5659] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.051243][ T5659] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.058708][ T5659] bridge_slave_1: entered allmulticast mode
[ 96.069366][ T5659] bridge_slave_1: entered promiscuous mode
[ 96.124147][ T5659] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 96.136717][ T5659] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 96.180551][ T5659] team0: Port device team_slave_0 added
[ 96.189333][ T5659] team0: Port device team_slave_1 added
[ 96.227831][ T5659] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 96.235654][ T5659] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.262277][ T5659] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 96.276487][ T5659] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 96.284136][ T5659] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 96.311045][ T5659] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 96.367518][ T5659] hsr_slave_0: entered promiscuous mode
[ 96.374936][ T5659] hsr_slave_1: entered promiscuous mode
[ 96.385368][ T5659] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 96.393430][ T5659] Cannot create hsr debugfs directory
[ 97.740384][ T53] Bluetooth: hci0: command tx timeout
[ 99.793498][ T2901] bridge_slave_1: left allmulticast mode
[ 99.799205][ T2901] bridge_slave_1: left promiscuous mode
[ 99.806519][ T2901] bridge0: port 2(bridge_slave_1) entered disabled state
[ 99.817204][ T2901] bridge_slave_0: left allmulticast mode
[ 99.823897][ T2901] bridge_slave_0: left promiscuous mode
[ 99.829678][ T2901] bridge0: port 1(bridge_slave_0) entered disabled state
[ 99.830401][ T53] Bluetooth: hci0: command tx timeout
[ 100.158354][ T2901] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 100.175009][ T2901] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 100.187568][ T2901] bond0 (unregistering): Released all slaves
[ 100.359489][ T2901] hsr_slave_0: left promiscuous mode
[ 100.368061][ T2901] hsr_slave_1: left promiscuous mode
[ 100.375492][ T2901] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 100.386094][ T2901] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 100.398360][ T2901] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 100.409491][ T2901] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 100.431912][ T2901] veth1_macvtap: left promiscuous mode
[ 100.437512][ T2901] veth0_macvtap: left promiscuous mode
[ 100.445963][ T2901] veth1_vlan: left promiscuous mode
[ 100.451439][ T2901] veth0_vlan: left promiscuous mode
[ 100.913554][ T2901] team0 (unregistering): Port device team_slave_1 removed
[ 100.956929][ T2901] team0 (unregistering): Port device team_slave_0 removed
[ 101.530574][ T5659] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 101.542152][ T5659] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 101.556015][ T5659] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 101.576622][ T5659] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 101.766316][ T5659] 8021q: adding VLAN 0 to HW filter on device bond0
[ 101.801949][ T5659] 8021q: adding VLAN 0 to HW filter on device team0
[ 101.815131][ T5155] bridge0: port 1(bridge_slave_0) entered blocking state
[ 101.822333][ T5155] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 101.841026][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 101.848299][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 101.901397][ T53] Bluetooth: hci0: command tx timeout
[ 102.076143][ T5659] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 102.136941][ T5659] veth0_vlan: entered promiscuous mode
[ 102.153939][ T5659] veth1_vlan: entered promiscuous mode
[ 102.194642][ T5659] veth0_macvtap: entered promiscuous mode
[ 102.206959][ T5659] veth1_macvtap: entered promiscuous mode
[ 102.233343][ T5659] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 102.251887][ T5659] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 102.267156][ T5659] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.277691][ T5659] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.288381][ T5659] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.297835][ T5659] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.354461][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.366001][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 102.389554][ T2901] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 102.397645][ T2901] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/06/11 03:39:02 executed programs: 1
[ 103.981823][ T53] Bluetooth: hci0: command tx timeout
[ 133.342949][ T1246] ieee802154 phy0 wpan0: encryption failed: -22
[ 133.349380][ T1246] ieee802154 phy1 wpan1: encryption failed: -22
2024/06/11 03:39:35 executed programs: 154
[ 135.133078][ T6296] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 135.143120][ T6296] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 135.151754][ T6296] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 135.162913][ T6296] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 135.170763][ T6296] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 135.178640][ T6296] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 135.303504][ T6294] chnl_net:caif_netlink_parms(): no params data found
[ 135.359018][ T6294] bridge0: port 1(bridge_slave_0) entered blocking state
[ 135.366408][ T6294] bridge0: port 1(bridge_slave_0) entered disabled state
[ 135.373947][ T6294] bridge_slave_0: entered allmulticast mode
[ 135.381916][ T6294] bridge_slave_0: entered promiscuous mode
[ 135.390951][ T6294] bridge0: port 2(bridge_slave_1) entered blocking state
[ 135.398139][ T6294] bridge0: port 2(bridge_slave_1) entered disabled state
[ 135.406320][ T6294] bridge_slave_1: entered allmulticast mode
[ 135.414242][ T6294] bridge_slave_1: entered promiscuous mode
[ 135.438837][ T6294] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 135.450432][ T6294] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 135.478256][ T6294] team0: Port device team_slave_0 added
[ 135.487892][ T6294] team0: Port device team_slave_1 added
[ 135.511718][ T6294] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 135.518701][ T6294] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 135.545440][ T6294] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 135.557453][ T6294] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 135.564640][ T6294] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 135.591166][ T6294] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 135.627795][ T6294] hsr_slave_0: entered promiscuous mode
[ 135.634321][ T6294] hsr_slave_1: entered promiscuous mode
[ 135.722428][ T6294] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 135.816018][ T6294] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 135.896396][ T6294] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 135.953375][ T6294] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 136.046412][ T6294] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 136.056114][ T6294] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 136.067301][ T6294] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 136.076642][ T6294] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 136.097959][ T6294] bridge0: port 2(bridge_slave_1) entered blocking state
[ 136.105440][ T6294] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 136.113061][ T6294] bridge0: port 1(bridge_slave_0) entered blocking state
[ 136.120953][ T6294] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 136.174437][ T6294] 8021q: adding VLAN 0 to HW filter on device bond0
[ 136.189368][ T931] bridge0: port 1(bridge_slave_0) entered disabled state
[ 136.197795][ T931] bridge0: port 2(bridge_slave_1) entered disabled state
[ 136.216411][ T6294] 8021q: adding VLAN 0 to HW filter on device team0
[ 136.233548][ T5155] bridge0: port 1(bridge_slave_0) entered blocking state
[ 136.240810][ T5155] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 136.261765][ T5155] bridge0: port 2(bridge_slave_1) entered blocking state
[ 136.268920][ T5155] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 136.296528][ T6294] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 136.412231][ T6294] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 136.449341][ T6294] veth0_vlan: entered promiscuous mode
[ 136.462633][ T6294] veth1_vlan: entered promiscuous mode
[ 136.487993][ T6294] veth0_macvtap: entered promiscuous mode
[ 136.498089][ T6294] veth1_macvtap: entered promiscuous mode
[ 136.515571][ T6294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 136.526349][ T6294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 136.537599][ T6294] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 136.551748][ T6294] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 136.565280][ T6294] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 136.576318][ T6294] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 136.589125][ T6294] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 136.598355][ T6294] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 136.607300][ T6294] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 136.616648][ T6294] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 136.684633][ T2901] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 136.697693][ T2901] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 136.723492][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 136.732683][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 136.762960][ T6296]
[ 136.765321][ T6296] =========================
[ 136.769813][ T6296] WARNING: held lock freed!
[ 136.774382][ T6296] 6.10.0-rc1-syzkaller-00267-gcc8ed4d0a848-dirty #0 Not tainted
[ 136.781987][ T6296] -------------------------
[ 136.786566][ T6296] kworker/u9:3/6296 is freeing memory ffff88807b68b000-ffff88807b68b7ff, with a lock still held there!
[ 136.797738][ T6296] ffff88807b68b258 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_recv_cb+0x53/0x6d0
[ 136.809315][ T6296] 4 locks held by kworker/u9:3/6296:
[ 136.814591][ T6296] #0: ffff88807c089948 ((wq_completion)hci1#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 136.825549][ T6296] #1: ffffc900032b7d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 136.837679][ T6296] #2: ffff88807b68b258 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_recv_cb+0x53/0x6d0
[ 136.849156][ T6296] #3: ffff88807b68c518 (&chan->lock/1){+.+.}-{3:3}, at: l2cap_sock_recv_cb+0xf3/0x6d0
[ 136.858806][ T6296]
[ 136.858806][ T6296] stack backtrace:
[ 136.864693][ T6296] CPU: 1 PID: 6296 Comm: kworker/u9:3 Not tainted 6.10.0-rc1-syzkaller-00267-gcc8ed4d0a848-dirty #0
[ 136.875500][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 136.885543][ T6296] Workqueue: hci1 hci_rx_work
[ 136.890221][ T6296] Call Trace:
[ 136.893489][ T6296]
[ 136.896428][ T6296] dump_stack_lvl+0x241/0x360
[ 136.901110][ T6296] ? __pfx_dump_stack_lvl+0x10/0x10
[ 136.906297][ T6296] ? __pfx__printk+0x10/0x10
[ 136.910874][ T6296] debug_check_no_locks_freed+0x3c5/0x4a0
[ 136.916580][ T6296] ? __pfx_debug_check_no_locks_freed+0x10/0x10
[ 136.922816][ T6296] ? kasan_quarantine_put+0xdc/0x230
[ 136.928094][ T6296] ? lockdep_hardirqs_on+0x99/0x150
[ 136.933299][ T6296] ? __sk_destruct+0x476/0x5f0
[ 136.938071][ T6296] kfree+0xfa/0x360
[ 136.941872][ T6296] __sk_destruct+0x476/0x5f0
[ 136.946451][ T6296] l2cap_sock_recv_cb+0x59c/0x6d0
[ 136.951475][ T6296] l2cap_recv_frame+0x8b6d/0x10670
[ 136.956669][ T6296] ? validate_chain+0x11e/0x5900
[ 136.961600][ T6296] ? validate_chain+0x11e/0x5900
[ 136.966525][ T6296] ? validate_chain+0x11e/0x5900
[ 136.971710][ T6296] ? __pfx_validate_chain+0x10/0x10
[ 136.976892][ T6296] ? __pfx_validate_chain+0x10/0x10
[ 136.982080][ T6296] ? __pfx_validate_chain+0x10/0x10
[ 136.987354][ T6296] ? validate_chain+0x11e/0x5900
[ 136.992367][ T6296] ? __pfx_validate_chain+0x10/0x10
[ 136.997557][ T6296] ? __pfx_l2cap_recv_frame+0x10/0x10
[ 137.002914][ T6296] ? __pfx_validate_chain+0x10/0x10
[ 137.008234][ T6296] ? mark_lock+0x9a/0x350
[ 137.012571][ T6296] ? mark_lock+0x9a/0x350
[ 137.016886][ T6296] ? __lock_acquire+0x1346/0x1fd0
[ 137.021905][ T6296] ? mark_lock+0x9a/0x350
[ 137.026239][ T6296] ? hci_rx_work+0x4e7/0xca0
[ 137.031099][ T6296] ? __pfx_lock_release+0x10/0x10
[ 137.036115][ T6296] ? __mutex_unlock_slowpath+0x21d/0x750
[ 137.041737][ T6296] ? __pfx_lock_release+0x10/0x10
[ 137.046767][ T6296] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 137.052762][ T6296] ? hci_conn_enter_active_mode+0x260/0x370
[ 137.058666][ T6296] ? l2cap_recv_acldata+0x48e/0x1550
[ 137.063940][ T6296] ? hci_conn_hash_lookup_handle+0x21/0x240
[ 137.069827][ T6296] ? hci_conn_hash_lookup_handle+0x226/0x240
[ 137.075798][ T6296] hci_rx_work+0x50f/0xca0
[ 137.080299][ T6296] ? process_scheduled_works+0x945/0x1830
[ 137.086003][ T6296] process_scheduled_works+0xa2c/0x1830
[ 137.091633][ T6296] ? __pfx_process_scheduled_works+0x10/0x10
[ 137.097688][ T6296] ? assign_work+0x364/0x3d0
[ 137.102267][ T6296] worker_thread+0x86d/0xd70
[ 137.106854][ T6296] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 137.112833][ T6296] ? __kthread_parkme+0x169/0x1d0
[ 137.117846][ T6296] ? __pfx_worker_thread+0x10/0x10
[ 137.123121][ T6296] kthread+0x2f0/0x390
[ 137.127183][ T6296] ? __pfx_worker_thread+0x10/0x10
[ 137.132284][ T6296] ? __pfx_kthread+0x10/0x10
[ 137.136867][ T6296] ret_from_fork+0x4b/0x80
[ 137.141292][ T6296] ? __pfx_kthread+0x10/0x10
[ 137.145877][ T6296] ret_from_fork_asm+0x1a/0x30
[ 137.150635][ T6296]
[ 137.158080][ T6296] ==================================================================
[ 137.166264][ T6296] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x299/0x370
[ 137.174291][ T6296] Read of size 4 at addr ffff88807b68b1c4 by task kworker/u9:3/6296
[ 137.182454][ T6296]
[ 137.184767][ T6296] CPU: 1 PID: 6296 Comm: kworker/u9:3 Not tainted 6.10.0-rc1-syzkaller-00267-gcc8ed4d0a848-dirty #0
[ 137.195507][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 137.205674][ T6296] Workqueue: hci1 hci_rx_work
[ 137.210358][ T6296] Call Trace:
[ 137.213711][ T6296]
[ 137.216656][ T6296] dump_stack_lvl+0x241/0x360
[ 137.221325][ T6296] ? __pfx_dump_stack_lvl+0x10/0x10
[ 137.226686][ T6296] ? __pfx__printk+0x10/0x10
[ 137.231267][ T6296] ? _printk+0xd5/0x120
[ 137.235437][ T6296] ? __virt_addr_valid+0x183/0x520
[ 137.240560][ T6296] ? __virt_addr_valid+0x183/0x520
[ 137.245692][ T6296] print_report+0x169/0x550
[ 137.250473][ T6296] ? __virt_addr_valid+0x183/0x520
[ 137.255578][ T6296] ? __virt_addr_valid+0x183/0x520
[ 137.260774][ T6296] ? __virt_addr_valid+0x44e/0x520
[ 137.265872][ T6296] ? __phys_addr+0xba/0x170
[ 137.270634][ T6296] ? do_raw_spin_lock+0x299/0x370
[ 137.275858][ T6296] kasan_report+0x143/0x180
[ 137.280364][ T6296] ? lock_acquire+0xe3/0x550
[ 137.284947][ T6296] ? do_raw_spin_lock+0x299/0x370
[ 137.289966][ T6296] do_raw_spin_lock+0x299/0x370
[ 137.295065][ T6296] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 137.300905][ T6296] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 137.306395][ T6296] ? __sk_destruct+0x476/0x5f0
[ 137.311240][ T6296] ? release_sock+0x30/0x1f0
[ 137.315844][ T6296] release_sock+0x30/0x1f0
[ 137.320256][ T6296] l2cap_sock_recv_cb+0x5c8/0x6d0
[ 137.325276][ T6296] l2cap_recv_frame+0x8b6d/0x10670
[ 137.330381][ T6296] ? validate_chain+0x11e/0x5900
[ 137.335408][ T6296] ? validate_chain+0x11e/0x5900
[ 137.340422][ T6296] ? validate_chain+0x11e/0x5900
[ 137.345344][ T6296] ? __pfx_validate_chain+0x10/0x10
[ 137.350531][ T6296] ? __pfx_validate_chain+0x10/0x10
[ 137.355719][ T6296] ? __pfx_validate_chain+0x10/0x10
[ 137.360931][ T6296] ? validate_chain+0x11e/0x5900
[ 137.365892][ T6296] ? __pfx_validate_chain+0x10/0x10
[ 137.371101][ T6296] ? __pfx_l2cap_recv_frame+0x10/0x10
[ 137.376469][ T6296] ? __pfx_validate_chain+0x10/0x10
[ 137.381657][ T6296] ? mark_lock+0x9a/0x350
[ 137.385992][ T6296] ? mark_lock+0x9a/0x350
[ 137.390312][ T6296] ? __lock_acquire+0x1346/0x1fd0
[ 137.395396][ T6296] ? mark_lock+0x9a/0x350
[ 137.399749][ T6296] ? hci_rx_work+0x4e7/0xca0
[ 137.404464][ T6296] ? __pfx_lock_release+0x10/0x10
[ 137.409493][ T6296] ? __mutex_unlock_slowpath+0x21d/0x750
[ 137.415127][ T6296] ? __pfx_lock_release+0x10/0x10
[ 137.420158][ T6296] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 137.426226][ T6296] ? hci_conn_enter_active_mode+0x260/0x370
[ 137.432144][ T6296] ? l2cap_recv_acldata+0x48e/0x1550
[ 137.437511][ T6296] ? hci_conn_hash_lookup_handle+0x21/0x240
[ 137.443442][ T6296] ? hci_conn_hash_lookup_handle+0x226/0x240
[ 137.449551][ T6296] hci_rx_work+0x50f/0xca0
[ 137.454099][ T6296] ? process_scheduled_works+0x945/0x1830
[ 137.459820][ T6296] process_scheduled_works+0xa2c/0x1830
[ 137.465370][ T6296] ? __pfx_process_scheduled_works+0x10/0x10
[ 137.471339][ T6296] ? assign_work+0x364/0x3d0
[ 137.475936][ T6296] worker_thread+0x86d/0xd70
[ 137.480537][ T6296] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 137.486439][ T6296] ? __kthread_parkme+0x169/0x1d0
[ 137.491461][ T6296] ? __pfx_worker_thread+0x10/0x10
[ 137.496566][ T6296] kthread+0x2f0/0x390
[ 137.500624][ T6296] ? __pfx_worker_thread+0x10/0x10
[ 137.505724][ T6296] ? __pfx_kthread+0x10/0x10
[ 137.510308][ T6296] ret_from_fork+0x4b/0x80
[ 137.514716][ T6296] ? __pfx_kthread+0x10/0x10
[ 137.519294][ T6296] ret_from_fork_asm+0x1a/0x30
[ 137.524049][ T6296]
[ 137.527139][ T6296]
[ 137.529446][ T6296] Allocated by task 6310:
[ 137.533756][ T6296] kasan_save_track+0x3f/0x80
[ 137.538433][ T6296] __kasan_kmalloc+0x98/0xb0
[ 137.543105][ T6296] __kmalloc_noprof+0x1f9/0x400
[ 137.547942][ T6296] sk_prot_alloc+0xe0/0x210
[ 137.552432][ T6296] sk_alloc+0x38/0x370
[ 137.556487][ T6296] bt_sock_alloc+0x3c/0x340
[ 137.560976][ T6296] l2cap_sock_create+0x13f/0x2d0
[ 137.565908][ T6296] bt_sock_create+0x161/0x230
[ 137.570658][ T6296] __sock_create+0x490/0x920
[ 137.575238][ T6296] __sys_socket+0x150/0x3c0
[ 137.579812][ T6296] __x64_sys_socket+0x7a/0x90
[ 137.584474][ T6296] do_syscall_64+0xf3/0x230
[ 137.588958][ T6296] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 137.594834][ T6296]
[ 137.597142][ T6296] Freed by task 6296:
[ 137.601108][ T6296] kasan_save_track+0x3f/0x80
[ 137.605773][ T6296] kasan_save_free_info+0x40/0x50
[ 137.610793][ T6296] poison_slab_object+0xe0/0x150
[ 137.615808][ T6296] __kasan_slab_free+0x37/0x60
[ 137.620557][ T6296] kfree+0x149/0x360
[ 137.624539][ T6296] __sk_destruct+0x476/0x5f0
[ 137.629134][ T6296] l2cap_sock_recv_cb+0x59c/0x6d0
[ 137.634149][ T6296] l2cap_recv_frame+0x8b6d/0x10670
[ 137.639244][ T6296] hci_rx_work+0x50f/0xca0
[ 137.643649][ T6296] process_scheduled_works+0xa2c/0x1830
[ 137.649182][ T6296] worker_thread+0x86d/0xd70
[ 137.653840][ T6296] kthread+0x2f0/0x390
[ 137.657898][ T6296] ret_from_fork+0x4b/0x80
[ 137.662302][ T6296] ret_from_fork_asm+0x1a/0x30
[ 137.667060][ T6296]
[ 137.669455][ T6296] The buggy address belongs to the object at ffff88807b68b000
[ 137.669455][ T6296] which belongs to the cache kmalloc-2k of size 2048
[ 137.683574][ T6296] The buggy address is located 452 bytes inside of
[ 137.683574][ T6296] freed 2048-byte region [ffff88807b68b000, ffff88807b68b800)
[ 137.697552][ T6296]
[ 137.699867][ T6296] The buggy address belongs to the physical page:
[ 137.706426][ T6296] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b688
[ 137.715177][ T6296] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 137.723845][ T6296] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 137.731491][ T6296] page_type: 0xffffefff(slab)
[ 137.736150][ T6296] raw: 00fff00000000040 ffff888015042000 dead000000000122 0000000000000000
[ 137.744723][ T6296] raw: 0000000000000000 0000000000080008 00000001ffffefff 0000000000000000
[ 137.753290][ T6296] head: 00fff00000000040 ffff888015042000 dead000000000122 0000000000000000
[ 137.761945][ T6296] head: 0000000000000000 0000000000080008 00000001ffffefff 0000000000000000
[ 137.770618][ T6296] head: 00fff00000000003 ffffea0001eda201 ffffffffffffffff 0000000000000000
[ 137.779278][ T6296] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 137.788032][ T6296] page dumped because: kasan: bad access detected
[ 137.794625][ T6296] page_owner tracks the page as allocated
[ 137.800323][ T6296] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6294, tgid 6294 (syz-executor), ts 136748851035, free_ts 136662215287
[ 137.823927][ T6296] post_alloc_hook+0x1f3/0x230
[ 137.828701][ T6296] get_page_from_freelist+0x2e2d/0x2ee0
[ 137.834257][ T6296] __alloc_pages_noprof+0x256/0x6c0
[ 137.839453][ T6296] alloc_slab_page+0x5f/0x120
[ 137.844129][ T6296] allocate_slab+0x5a/0x2e0
[ 137.848623][ T6296] ___slab_alloc+0xcd1/0x14b0
[ 137.853290][ T6296] __slab_alloc+0x58/0xa0
[ 137.857608][ T6296] __kmalloc_noprof+0x257/0x400
[ 137.862459][ T6296] ip6t_alloc_initial_table+0x71/0x640
[ 137.867914][ T6296] ip6table_nat_table_init+0x23/0x2d0
[ 137.873313][ T6296] xt_find_table_lock+0x2d4/0x3b0
[ 137.878359][ T6296] xt_request_find_table_lock+0x26/0x100
[ 137.883997][ T6296] do_ip6t_get_ctl+0x89e/0x1820
[ 137.888936][ T6296] nf_getsockopt+0x299/0x2c0
[ 137.893515][ T6296] ipv6_getsockopt+0x263/0x380
[ 137.898273][ T6296] tcp_getsockopt+0x163/0x1c0
[ 137.902940][ T6296] page last free pid 6294 tgid 6294 stack trace:
[ 137.909272][ T6296] free_unref_page+0xd19/0xea0
[ 137.914067][ T6296] __slab_free+0x31b/0x3d0
[ 137.918499][ T6296] qlist_free_all+0x9e/0x140
[ 137.923080][ T6296] kasan_quarantine_reduce+0x14f/0x170
[ 137.928527][ T6296] __kasan_slab_alloc+0x23/0x80
[ 137.933390][ T6296] __kmalloc_noprof+0x1a3/0x400
[ 137.938261][ T6296] ieee80211_register_hw+0x1bb2/0x3d80
[ 137.943792][ T6296] mac80211_hwsim_new_radio+0x2597/0x44c0
[ 137.949511][ T6296] hwsim_new_radio_nl+0xe4c/0x21d0
[ 137.954782][ T6296] genl_rcv_msg+0xb14/0xec0
[ 137.959277][ T6296] netlink_rcv_skb+0x1e3/0x430
[ 137.964038][ T6296] genl_rcv+0x28/0x40
[ 137.968181][ T6296] netlink_unicast+0x7ea/0x980
[ 137.972930][ T6296] netlink_sendmsg+0x8db/0xcb0
[ 137.977674][ T6296] __sock_sendmsg+0x221/0x270
[ 137.982335][ T6296] __sys_sendto+0x3a4/0x4f0
[ 137.986826][ T6296]
[ 137.989127][ T6296] Memory state around the buggy address:
[ 137.994758][ T6296] ffff88807b68b080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 138.002978][ T6296] ffff88807b68b100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 138.011147][ T6296] >ffff88807b68b180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 138.019272][ T6296] ^
[ 138.025843][ T6296] ffff88807b68b200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 138.033974][ T6296] ffff88807b68b280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 138.042016][ T6296] ==================================================================
[ 138.050170][ T6296] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 138.057379][ T6296] CPU: 1 PID: 6296 Comm: kworker/u9:3 Not tainted 6.10.0-rc1-syzkaller-00267-gcc8ed4d0a848-dirty #0
[ 138.068250][ T6296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 138.078428][ T6296] Workqueue: hci1 hci_rx_work
[ 138.083136][ T6296] Call Trace:
[ 138.086480][ T6296]
[ 138.089419][ T6296] dump_stack_lvl+0x241/0x360
[ 138.094113][ T6296] ? __pfx_dump_stack_lvl+0x10/0x10
[ 138.099323][ T6296] ? __pfx__printk+0x10/0x10
[ 138.103926][ T6296] ? rcu_is_watching+0x15/0xb0
[ 138.108777][ T6296] ? lock_release+0xbf/0x9f0
[ 138.113380][ T6296] ? vscnprintf+0x5d/0x90
[ 138.117789][ T6296] panic+0x349/0x860
[ 138.121670][ T6296] ? check_panic_on_warn+0x21/0xb0
[ 138.126785][ T6296] ? __pfx_panic+0x10/0x10
[ 138.131196][ T6296] ? trace_irq_enable+0x2c/0x120
[ 138.136116][ T6296] ? _raw_spin_unlock_irqrestore+0xd8/0x140
[ 138.141995][ T6296] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 138.147891][ T6296] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 138.154497][ T6296] ? print_report+0x502/0x550
[ 138.159278][ T6296] check_panic_on_warn+0x86/0xb0
[ 138.164257][ T6296] ? do_raw_spin_lock+0x299/0x370
[ 138.169293][ T6296] end_report+0x77/0x160
[ 138.173617][ T6296] kasan_report+0x154/0x180
[ 138.178394][ T6296] ? lock_acquire+0xe3/0x550
[ 138.182990][ T6296] ? do_raw_spin_lock+0x299/0x370
[ 138.188127][ T6296] do_raw_spin_lock+0x299/0x370
[ 138.192971][ T6296] ? __pfx___local_bh_disable_ip+0x10/0x10
[ 138.198791][ T6296] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 138.204181][ T6296] ? __sk_destruct+0x476/0x5f0
[ 138.208938][ T6296] ? release_sock+0x30/0x1f0
[ 138.213627][ T6296] release_sock+0x30/0x1f0
[ 138.218124][ T6296] l2cap_sock_recv_cb+0x5c8/0x6d0
[ 138.223227][ T6296] l2cap_recv_frame+0x8b6d/0x10670
[ 138.228326][ T6296] ? validate_chain+0x11e/0x5900
[ 138.233347][ T6296] ? validate_chain+0x11e/0x5900
[ 138.238271][ T6296] ? validate_chain+0x11e/0x5900
[ 138.243297][ T6296] ? __pfx_validate_chain+0x10/0x10
[ 138.248655][ T6296] ? __pfx_validate_chain+0x10/0x10
[ 138.253864][ T6296] ? __pfx_validate_chain+0x10/0x10
[ 138.259060][ T6296] ? validate_chain+0x11e/0x5900
[ 138.263993][ T6296] ? __pfx_validate_chain+0x10/0x10
[ 138.269265][ T6296] ? __pfx_l2cap_recv_frame+0x10/0x10
[ 138.274623][ T6296] ? __pfx_validate_chain+0x10/0x10
[ 138.279899][ T6296] ? mark_lock+0x9a/0x350
[ 138.284572][ T6296] ? mark_lock+0x9a/0x350
[ 138.288891][ T6296] ? __lock_acquire+0x1346/0x1fd0
[ 138.293914][ T6296] ? mark_lock+0x9a/0x350
[ 138.298330][ T6296] ? hci_rx_work+0x4e7/0xca0
[ 138.302902][ T6296] ? __pfx_lock_release+0x10/0x10
[ 138.308003][ T6296] ? __mutex_unlock_slowpath+0x21d/0x750
[ 138.313632][ T6296] ? __pfx_lock_release+0x10/0x10
[ 138.318642][ T6296] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 138.324609][ T6296] ? hci_conn_enter_active_mode+0x260/0x370
[ 138.330490][ T6296] ? l2cap_recv_acldata+0x48e/0x1550
[ 138.335767][ T6296] ? hci_conn_hash_lookup_handle+0x21/0x240
[ 138.341644][ T6296] ? hci_conn_hash_lookup_handle+0x226/0x240
[ 138.347696][ T6296] hci_rx_work+0x50f/0xca0
[ 138.352099][ T6296] ? process_scheduled_works+0x945/0x1830
[ 138.357803][ T6296] process_scheduled_works+0xa2c/0x1830
[ 138.363349][ T6296] ? __pfx_process_scheduled_works+0x10/0x10
[ 138.369316][ T6296] ? assign_work+0x364/0x3d0
[ 138.373904][ T6296] worker_thread+0x86d/0xd70
[ 138.378481][ T6296] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 138.384366][ T6296] ? __kthread_parkme+0x169/0x1d0
[ 138.389431][ T6296] ? __pfx_worker_thread+0x10/0x10
[ 138.394584][ T6296] kthread+0x2f0/0x390
[ 138.398640][ T6296] ? __pfx_worker_thread+0x10/0x10
[ 138.403732][ T6296] ? __pfx_kthread+0x10/0x10
[ 138.408306][ T6296] ret_from_fork+0x4b/0x80
[ 138.412723][ T6296] ? __pfx_kthread+0x10/0x10
[ 138.417304][ T6296] ret_from_fork_asm+0x1a/0x30
[ 138.422065][ T6296]
[ 138.425346][ T6296] Kernel Offset: disabled
[ 138.429662][ T6296] Rebooting in 86400 seconds..