[ 82.152515][ T45] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.234' (ED25519) to the list of known hosts.
2024/05/20 22:57:47 ignoring optional flag "sandboxArg"="0"
2024/05/20 22:57:47 parsed 1 programs
2024/05/20 22:57:49 executed programs: 0
[ 89.490065][ T5438] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 89.546246][ T4488] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 89.554393][ T4488] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 89.562454][ T4488] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 89.571813][ T4488] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 89.580737][ T4488] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 89.588219][ T4488] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 89.707400][ T5445] chnl_net:caif_netlink_parms(): no params data found
[ 89.764099][ T5445] bridge0: port 1(bridge_slave_0) entered blocking state
[ 89.772660][ T5445] bridge0: port 1(bridge_slave_0) entered disabled state
[ 89.780604][ T5445] bridge_slave_0: entered allmulticast mode
[ 89.787509][ T5445] bridge_slave_0: entered promiscuous mode
[ 89.796266][ T5445] bridge0: port 2(bridge_slave_1) entered blocking state
[ 89.804068][ T5445] bridge0: port 2(bridge_slave_1) entered disabled state
[ 89.811464][ T5445] bridge_slave_1: entered allmulticast mode
[ 89.818423][ T5445] bridge_slave_1: entered promiscuous mode
[ 89.843373][ T5445] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 89.855470][ T5445] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 89.884083][ T5445] team0: Port device team_slave_0 added
[ 89.893902][ T5445] team0: Port device team_slave_1 added
[ 89.917654][ T5445] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 89.924893][ T5445] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 89.951527][ T5445] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 89.963868][ T5445] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 89.971775][ T5445] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 89.998596][ T5445] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 90.034692][ T5445] hsr_slave_0: entered promiscuous mode
[ 90.041904][ T5445] hsr_slave_1: entered promiscuous mode
[ 90.662365][ T5445] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 90.675118][ T5445] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 90.687017][ T5445] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 90.699271][ T5445] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 90.807699][ T5445] 8021q: adding VLAN 0 to HW filter on device bond0
[ 90.832006][ T5445] 8021q: adding VLAN 0 to HW filter on device team0
[ 90.849062][ T45] bridge0: port 1(bridge_slave_0) entered blocking state
[ 90.856410][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 90.875000][ T45] bridge0: port 2(bridge_slave_1) entered blocking state
[ 90.883603][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 90.934895][ T5445] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 90.946771][ T5445] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 91.133869][ T5445] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 91.195970][ T5445] veth0_vlan: entered promiscuous mode
[ 91.213445][ T5445] veth1_vlan: entered promiscuous mode
[ 91.257568][ T5445] veth0_macvtap: entered promiscuous mode
[ 91.273077][ T5445] veth1_macvtap: entered promiscuous mode
[ 91.300937][ T5445] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 91.321466][ T5445] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 91.338048][ T5445] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.349245][ T5445] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.362554][ T5445] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.372003][ T5445] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 91.473490][ T2791] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 91.493039][ T2791] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.527854][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 91.538297][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 91.593101][ T4488] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
[ 91.604314][ T4488] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 4488, name: kworker/u9:1
[ 91.616286][ T4488] preempt_count: 0, expected: 0
[ 91.624428][ T4488] RCU nest depth: 1, expected: 0
[ 91.629527][ T4488] 4 locks held by kworker/u9:1/4488:
[ 91.635491][ T4488] #0: ffff888028822148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 91.646967][ T4488] #1: ffffc9000e28fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 91.660414][ T4488] #2: ffff88807a870078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[ 91.672162][ T4488] #3: ffffffff8e333e60 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[ 91.683563][ T4488] CPU: 1 PID: 4488 Comm: kworker/u9:1 Not tainted 6.9.0-next-20240520-syzkaller-13491-g632483ea8004 #0
[ 91.694966][ T4488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 91.705317][ T4488] Workqueue: hci0 hci_rx_work
[ 91.710050][ T4488] Call Trace:
[ 91.713352][ T4488]
[ 91.716306][ T4488] dump_stack_lvl+0x241/0x360
[ 91.721204][ T4488] ? __pfx_dump_stack_lvl+0x10/0x10
[ 91.726444][ T4488] ? __pfx__printk+0x10/0x10
[ 91.731091][ T4488] __might_resched+0x5d4/0x780
[ 91.735892][ T4488] ? __mutex_lock+0x112/0xd70
[ 91.740607][ T4488] ? __pfx___might_resched+0x10/0x10
[ 91.745965][ T4488] __mutex_lock+0xc1/0xd70
[ 91.750433][ T4488] ? __pfx_lock_acquire+0x10/0x10
[ 91.755505][ T4488] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 91.761789][ T4488] ? __pfx_lock_release+0x10/0x10
[ 91.766950][ T4488] ? __pfx___mutex_lock+0x10/0x10
[ 91.772113][ T4488] ? trace_contention_end+0x3c/0x120
[ 91.777507][ T4488] ? skb_pull_data+0x112/0x230
[ 91.782315][ T4488] ? hci_conn_set_handle+0x19a/0x270
[ 91.787744][ T4488] hci_le_create_big_complete_evt+0x3d9/0xae0
[ 91.794114][ T4488] ? __copy_skb_header+0x437/0x5b0
[ 91.799308][ T4488] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 91.805687][ T4488] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 91.812433][ T4488] ? hci_le_meta_evt+0x366/0x580
[ 91.817490][ T4488] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 91.824293][ T4488] hci_event_packet+0xa53/0x1540
[ 91.829285][ T4488] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 91.834617][ T4488] ? __pfx_hci_event_packet+0x10/0x10
[ 91.840205][ T4488] ? do_raw_spin_unlock+0x13c/0x8b0
[ 91.845755][ T4488] ? kcov_remote_start+0x9e/0x7e0
[ 91.850828][ T4488] ? hci_send_to_monitor+0xd8/0x7f0
[ 91.856203][ T4488] ? skb_dequeue+0x113/0x150
[ 91.861013][ T4488] hci_rx_work+0x3e8/0xca0
[ 91.865569][ T4488] ? process_scheduled_works+0x945/0x1830
[ 91.871422][ T4488] process_scheduled_works+0xa2c/0x1830
[ 91.877044][ T4488] ? __pfx_process_scheduled_works+0x10/0x10
[ 91.883078][ T4488] ? assign_work+0x364/0x3d0
[ 91.887745][ T4488] worker_thread+0x86d/0xd70
[ 91.892389][ T4488] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 91.898590][ T4488] ? __kthread_parkme+0x169/0x1d0
[ 91.903757][ T4488] ? __pfx_worker_thread+0x10/0x10
[ 91.908997][ T4488] kthread+0x2f0/0x390
[ 91.913105][ T4488] ? __pfx_worker_thread+0x10/0x10
[ 91.918258][ T4488] ? __pfx_kthread+0x10/0x10
[ 91.923324][ T4488] ret_from_fork+0x4b/0x80
[ 91.927786][ T4488] ? __pfx_kthread+0x10/0x10
[ 91.932420][ T4488] ret_from_fork_asm+0x1a/0x30
[ 91.937256][ T4488]
[ 91.949966][ T4488]
[ 91.952345][ T4488] =============================
[ 91.957208][ T4488] [ BUG: Invalid wait context ]
[ 91.962244][ T4488] 6.9.0-next-20240520-syzkaller-13491-g632483ea8004 #0 Tainted: G W
[ 91.971628][ T4488] -----------------------------
[ 91.976491][ T4488] kworker/u9:1/4488 is trying to lock:
[ 91.981966][ T4488] ffffffff8f7516c8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x3d9/0xae0
[ 91.992709][ T4488] other info that might help us debug this:
[ 91.998716][ T4488] context-{4:4}
[ 92.002363][ T4488] 4 locks held by kworker/u9:1/4488:
[ 92.007641][ T4488] #0: ffff888028822148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 92.019056][ T4488] #1: ffffc9000e28fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 92.031312][ T4488] #2: ffff88807a870078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0
[ 92.042096][ T4488] #3: ffffffff8e333e60 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0
[ 92.052793][ T4488] stack backtrace:
[ 92.056501][ T4488] CPU: 1 PID: 4488 Comm: kworker/u9:1 Tainted: G W 6.9.0-next-20240520-syzkaller-13491-g632483ea8004 #0
[ 92.069590][ T4488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 92.080202][ T4488] Workqueue: hci0 hci_rx_work
[ 92.084890][ T4488] Call Trace:
[ 92.088191][ T4488]
[ 92.091115][ T4488] dump_stack_lvl+0x241/0x360
[ 92.095787][ T4488] ? __pfx_dump_stack_lvl+0x10/0x10
[ 92.100977][ T4488] ? __pfx__printk+0x10/0x10
[ 92.105762][ T4488] __lock_acquire+0x1507/0x1fd0
[ 92.110644][ T4488] lock_acquire+0x1ed/0x550
[ 92.115170][ T4488] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 92.121618][ T4488] ? __pfx_lock_acquire+0x10/0x10
[ 92.126655][ T4488] ? __mutex_lock+0x112/0xd70
[ 92.131511][ T4488] ? __pfx___might_resched+0x10/0x10
[ 92.136793][ T4488] __mutex_lock+0x136/0xd70
[ 92.141302][ T4488] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 92.147543][ T4488] ? __pfx_lock_acquire+0x10/0x10
[ 92.152560][ T4488] ? hci_le_create_big_complete_evt+0x3d9/0xae0
[ 92.158888][ T4488] ? __pfx_lock_release+0x10/0x10
[ 92.163921][ T4488] ? __pfx___mutex_lock+0x10/0x10
[ 92.169117][ T4488] ? trace_contention_end+0x3c/0x120
[ 92.174398][ T4488] ? skb_pull_data+0x112/0x230
[ 92.179241][ T4488] ? hci_conn_set_handle+0x19a/0x270
[ 92.184522][ T4488] hci_le_create_big_complete_evt+0x3d9/0xae0
[ 92.190582][ T4488] ? __copy_skb_header+0x437/0x5b0
[ 92.195689][ T4488] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 92.201954][ T4488] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 92.208679][ T4488] ? hci_le_meta_evt+0x366/0x580
[ 92.213626][ T4488] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 92.220400][ T4488] hci_event_packet+0xa53/0x1540
[ 92.225451][ T4488] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 92.230852][ T4488] ? __pfx_hci_event_packet+0x10/0x10
[ 92.236515][ T4488] ? do_raw_spin_unlock+0x13c/0x8b0
[ 92.241726][ T4488] ? kcov_remote_start+0x9e/0x7e0
[ 92.246789][ T4488] ? hci_send_to_monitor+0xd8/0x7f0
[ 92.251980][ T4488] ? skb_dequeue+0x113/0x150
[ 92.256561][ T4488] hci_rx_work+0x3e8/0xca0
[ 92.261074][ T4488] ? process_scheduled_works+0x945/0x1830
[ 92.266791][ T4488] process_scheduled_works+0xa2c/0x1830
[ 92.272340][ T4488] ? __pfx_process_scheduled_works+0x10/0x10
[ 92.278488][ T4488] ? assign_work+0x364/0x3d0
[ 92.283157][ T4488] worker_thread+0x86d/0xd70
[ 92.287742][ T4488] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 92.294001][ T4488] ? __kthread_parkme+0x169/0x1d0
[ 92.299054][ T4488] ? __pfx_worker_thread+0x10/0x10
[ 92.304177][ T4488] kthread+0x2f0/0x390
[ 92.308270][ T4488] ? __pfx_worker_thread+0x10/0x10
[ 92.313391][ T4488] ? __pfx_kthread+0x10/0x10
[ 92.317977][ T4488] ret_from_fork+0x4b/0x80
[ 92.322511][ T4488] ? __pfx_kthread+0x10/0x10
[ 92.327132][ T4488] ret_from_fork_asm+0x1a/0x30
[ 92.332451][ T4488]
[ 92.359017][ T4488] ==================================================================
[ 92.367920][ T4488] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0x383/0xae0
[ 92.376967][ T4488] Read of size 8 at addr ffff88802cb80000 by task kworker/u9:1/4488
[ 92.385055][ T4488]
[ 92.387406][ T4488] CPU: 1 PID: 4488 Comm: kworker/u9:1 Tainted: G W 6.9.0-next-20240520-syzkaller-13491-g632483ea8004 #0
[ 92.400013][ T4488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 92.410094][ T4488] Workqueue: hci0 hci_rx_work
[ 92.414810][ T4488] Call Trace:
[ 92.418116][ T4488]
[ 92.421096][ T4488] dump_stack_lvl+0x241/0x360
[ 92.425809][ T4488] ? __pfx_dump_stack_lvl+0x10/0x10
[ 92.431038][ T4488] ? __pfx__printk+0x10/0x10
[ 92.435751][ T4488] ? _printk+0xd5/0x120
[ 92.440032][ T4488] ? __virt_addr_valid+0x183/0x520
[ 92.445244][ T4488] ? __virt_addr_valid+0x183/0x520
[ 92.450354][ T4488] print_report+0x169/0x550
[ 92.455065][ T4488] ? __virt_addr_valid+0x183/0x520
[ 92.460206][ T4488] ? __virt_addr_valid+0x183/0x520
[ 92.465314][ T4488] ? __virt_addr_valid+0x44e/0x520
[ 92.470452][ T4488] ? __phys_addr+0xba/0x170
[ 92.474958][ T4488] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 92.481280][ T4488] kasan_report+0x143/0x180
[ 92.486460][ T4488] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 92.492697][ T4488] hci_le_create_big_complete_evt+0x383/0xae0
[ 92.498770][ T4488] ? __copy_skb_header+0x437/0x5b0
[ 92.504000][ T4488] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 92.510166][ T4488] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 92.517063][ T4488] ? hci_le_meta_evt+0x366/0x580
[ 92.522456][ T4488] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 92.529294][ T4488] hci_event_packet+0xa53/0x1540
[ 92.534747][ T4488] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 92.540052][ T4488] ? __pfx_hci_event_packet+0x10/0x10
[ 92.545618][ T4488] ? do_raw_spin_unlock+0x13c/0x8b0
[ 92.550836][ T4488] ? kcov_remote_start+0x9e/0x7e0
[ 92.556319][ T4488] ? hci_send_to_monitor+0xd8/0x7f0
[ 92.561598][ T4488] ? skb_dequeue+0x113/0x150
[ 92.567313][ T4488] hci_rx_work+0x3e8/0xca0
[ 92.571737][ T4488] ? process_scheduled_works+0x945/0x1830
[ 92.577540][ T4488] process_scheduled_works+0xa2c/0x1830
[ 92.583174][ T4488] ? __pfx_process_scheduled_works+0x10/0x10
[ 92.589171][ T4488] ? assign_work+0x364/0x3d0
[ 92.594187][ T4488] worker_thread+0x86d/0xd70
[ 92.598774][ T4488] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 92.604872][ T4488] ? __kthread_parkme+0x169/0x1d0
[ 92.611044][ T4488] ? __pfx_worker_thread+0x10/0x10
[ 92.616472][ T4488] kthread+0x2f0/0x390
[ 92.620567][ T4488] ? __pfx_worker_thread+0x10/0x10
[ 92.626390][ T4488] ? __pfx_kthread+0x10/0x10
[ 92.631083][ T4488] ret_from_fork+0x4b/0x80
[ 92.635497][ T4488] ? __pfx_kthread+0x10/0x10
[ 92.640150][ T4488] ret_from_fork_asm+0x1a/0x30
[ 92.645023][ T4488]
[ 92.648294][ T4488]
[ 92.650645][ T4488] Allocated by task 4488:
[ 92.655406][ T4488] kasan_save_track+0x3f/0x80
[ 92.660297][ T4488] __kasan_kmalloc+0x98/0xb0
[ 92.665079][ T4488] kmalloc_trace_noprof+0x19c/0x2c0
[ 92.670532][ T4488] hci_conn_add+0x2f9/0x1850
[ 92.675212][ T4488] hci_le_big_sync_established_evt+0x1c6/0xb50
[ 92.681620][ T4488] hci_event_packet+0xa53/0x1540
[ 92.686829][ T4488] hci_rx_work+0x3e8/0xca0
[ 92.691973][ T4488] process_scheduled_works+0xa2c/0x1830
[ 92.697524][ T4488] worker_thread+0x86d/0xd70
[ 92.702196][ T4488] kthread+0x2f0/0x390
[ 92.706365][ T4488] ret_from_fork+0x4b/0x80
[ 92.711847][ T4488] ret_from_fork_asm+0x1a/0x30
[ 92.716820][ T4488]
[ 92.719322][ T4488] Freed by task 4488:
[ 92.723595][ T4488] kasan_save_track+0x3f/0x80
[ 92.729070][ T4488] kasan_save_free_info+0x40/0x50
[ 92.734375][ T4488] poison_slab_object+0xe0/0x150
[ 92.739402][ T4488] __kasan_slab_free+0x37/0x60
[ 92.744303][ T4488] kfree+0x149/0x360
[ 92.748213][ T4488] device_release+0x99/0x1c0
[ 92.752917][ T4488] kobject_put+0x22f/0x480
[ 92.757331][ T4488] hci_conn_del+0x8c4/0xc40
[ 92.761847][ T4488] hci_le_create_big_complete_evt+0x619/0xae0
[ 92.767998][ T4488] hci_event_packet+0xa53/0x1540
[ 92.773088][ T4488] hci_rx_work+0x3e8/0xca0
[ 92.777557][ T4488] process_scheduled_works+0xa2c/0x1830
[ 92.783197][ T4488] worker_thread+0x86d/0xd70
[ 92.787781][ T4488] kthread+0x2f0/0x390
[ 92.791927][ T4488] ret_from_fork+0x4b/0x80
[ 92.796445][ T4488] ret_from_fork_asm+0x1a/0x30
[ 92.801842][ T4488]
[ 92.804156][ T4488] The buggy address belongs to the object at ffff88802cb80000
[ 92.804156][ T4488] which belongs to the cache kmalloc-8k of size 8192
[ 92.818462][ T4488] The buggy address is located 0 bytes inside of
[ 92.818462][ T4488] freed 8192-byte region [ffff88802cb80000, ffff88802cb82000)
[ 92.832612][ T4488]
[ 92.834949][ T4488] The buggy address belongs to the physical page:
[ 92.841401][ T4488] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2cb80
[ 92.850241][ T4488] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 92.858754][ T4488] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 92.866320][ T4488] page_type: 0xffffefff(slab)
[ 92.871087][ T4488] raw: 00fff00000000040 ffff888015042280 ffffea0000b0c200 dead000000000002
[ 92.879666][ T4488] raw: 0000000000000000 0000000000020002 00000001ffffefff 0000000000000000
[ 92.888247][ T4488] head: 00fff00000000040 ffff888015042280 ffffea0000b0c200 dead000000000002
[ 92.896905][ T4488] head: 0000000000000000 0000000000020002 00000001ffffefff 0000000000000000
[ 92.905562][ T4488] head: 00fff00000000003 ffffea0000b2e001 ffffffffffffffff 0000000000000000
[ 92.914245][ T4488] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 92.922907][ T4488] page dumped because: kasan: bad access detected
[ 92.929309][ T4488] page_owner tracks the page as allocated
[ 92.935036][ T4488] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4830, tgid 4830 (S50sshd), ts 36190905609, free_ts 36186512868
[ 92.955453][ T4488] post_alloc_hook+0x1f3/0x230
[ 92.960356][ T4488] get_page_from_freelist+0x2ce2/0x2d90
[ 92.965902][ T4488] __alloc_pages_noprof+0x256/0x6c0
[ 92.971195][ T4488] alloc_slab_page+0x5f/0x120
[ 92.975901][ T4488] allocate_slab+0x5a/0x2e0
[ 92.980422][ T4488] ___slab_alloc+0xcd1/0x14b0
[ 92.985107][ T4488] __slab_alloc+0x58/0xa0
[ 92.989447][ T4488] kmalloc_trace_noprof+0x1d5/0x2c0
[ 92.994647][ T4488] tomoyo_init_log+0x11ce/0x2050
[ 92.999693][ T4488] tomoyo_supervisor+0x38a/0x11f0
[ 93.004761][ T4488] tomoyo_env_perm+0x178/0x210
[ 93.009628][ T4488] tomoyo_find_next_domain+0x1384/0x1cf0
[ 93.015444][ T4488] tomoyo_bprm_check_security+0x115/0x180
[ 93.021159][ T4488] security_bprm_check+0x65/0x90
[ 93.026088][ T4488] bprm_execve+0xa56/0x17c0
[ 93.030580][ T4488] do_execveat_common+0x553/0x700
[ 93.035603][ T4488] page last free pid 4550 tgid 4550 stack trace:
[ 93.041943][ T4488] free_unref_page+0xd22/0xea0
[ 93.046714][ T4488] __put_partials+0xeb/0x130
[ 93.051315][ T4488] put_cpu_partial+0x17c/0x250
[ 93.056074][ T4488] __slab_free+0x2ea/0x3d0
[ 93.060739][ T4488] qlist_free_all+0x9e/0x140
[ 93.066020][ T4488] kasan_quarantine_reduce+0x14f/0x170
[ 93.071469][ T4488] __kasan_slab_alloc+0x23/0x80
[ 93.076310][ T4488] kmem_cache_alloc_noprof+0x135/0x2a0
[ 93.081854][ T4488] getname_flags+0xbd/0x4f0
[ 93.086450][ T4488] vfs_fstatat+0x11c/0x190
[ 93.090969][ T4488] __x64_sys_newfstatat+0x125/0x1b0
[ 93.096501][ T4488] do_syscall_64+0xf5/0x240
[ 93.101138][ T4488] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 93.107059][ T4488]
[ 93.109482][ T4488] Memory state around the buggy address:
[ 93.115300][ T4488] ffff88802cb7ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 93.123539][ T4488] ffff88802cb7ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 93.131962][ T4488] >ffff88802cb80000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 93.140189][ T4488] ^
[ 93.144267][ T4488] ffff88802cb80080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 93.152577][ T4488] ffff88802cb80100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 93.160932][ T4488] ==================================================================
[ 93.170836][ T4488] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 93.178165][ T4488] CPU: 1 PID: 4488 Comm: kworker/u9:1 Tainted: G W 6.9.0-next-20240520-syzkaller-13491-g632483ea8004 #0
[ 93.190889][ T4488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 93.201154][ T4488] Workqueue: hci0 hci_rx_work
[ 93.205962][ T4488] Call Trace:
[ 93.209356][ T4488]
[ 93.212305][ T4488] dump_stack_lvl+0x241/0x360
[ 93.217023][ T4488] ? __pfx_dump_stack_lvl+0x10/0x10
[ 93.222337][ T4488] ? __pfx__printk+0x10/0x10
[ 93.226959][ T4488] ? rcu_is_watching+0x15/0xb0
[ 93.231747][ T4488] ? preempt_schedule+0xe1/0xf0
[ 93.236628][ T4488] ? vscnprintf+0x5d/0x90
[ 93.240995][ T4488] panic+0x349/0x860
[ 93.245015][ T4488] ? check_panic_on_warn+0x21/0xb0
[ 93.250248][ T4488] ? __pfx_panic+0x10/0x10
[ 93.254708][ T4488] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 93.260732][ T4488] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 93.267358][ T4488] ? print_report+0x502/0x550
[ 93.272332][ T4488] check_panic_on_warn+0x86/0xb0
[ 93.277391][ T4488] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 93.284038][ T4488] end_report+0x77/0x160
[ 93.288472][ T4488] kasan_report+0x154/0x180
[ 93.293199][ T4488] ? hci_le_create_big_complete_evt+0x383/0xae0
[ 93.299490][ T4488] hci_le_create_big_complete_evt+0x383/0xae0
[ 93.305675][ T4488] ? __copy_skb_header+0x437/0x5b0
[ 93.310955][ T4488] ? hci_le_create_big_complete_evt+0xdb/0xae0
[ 93.317674][ T4488] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 93.324482][ T4488] ? hci_le_meta_evt+0x366/0x580
[ 93.329443][ T4488] ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[ 93.336245][ T4488] hci_event_packet+0xa53/0x1540
[ 93.341395][ T4488] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 93.347232][ T4488] ? __pfx_hci_event_packet+0x10/0x10
[ 93.353257][ T4488] ? do_raw_spin_unlock+0x13c/0x8b0
[ 93.359538][ T4488] ? kcov_remote_start+0x9e/0x7e0
[ 93.364767][ T4488] ? hci_send_to_monitor+0xd8/0x7f0
[ 93.369999][ T4488] ? skb_dequeue+0x113/0x150
[ 93.374624][ T4488] hci_rx_work+0x3e8/0xca0
[ 93.379080][ T4488] ? process_scheduled_works+0x945/0x1830
[ 93.385178][ T4488] process_scheduled_works+0xa2c/0x1830
[ 93.390770][ T4488] ? __pfx_process_scheduled_works+0x10/0x10
[ 93.396869][ T4488] ? assign_work+0x364/0x3d0
[ 93.401508][ T4488] worker_thread+0x86d/0xd70
[ 93.406140][ T4488] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 93.412073][ T4488] ? __kthread_parkme+0x169/0x1d0
[ 93.417392][ T4488] ? __pfx_worker_thread+0x10/0x10
[ 93.422548][ T4488] kthread+0x2f0/0x390
[ 93.426959][ T4488] ? __pfx_worker_thread+0x10/0x10
[ 93.432097][ T4488] ? __pfx_kthread+0x10/0x10
[ 93.436899][ T4488] ret_from_fork+0x4b/0x80
[ 93.441410][ T4488] ? __pfx_kthread+0x10/0x10
[ 93.446114][ T4488] ret_from_fork_asm+0x1a/0x30
[ 93.450916][ T4488]
[ 93.454388][ T4488] Kernel Offset: disabled
[ 93.458729][ T4488] Rebooting in 86400 seconds..