Warning: Permanently added '10.128.0.134' (ED25519) to the list of known hosts.
2024/06/11 02:45:05 ignoring optional flag "sandboxArg"="0"
2024/06/11 02:45:05 parsed 1 programs
[ 92.307282][ T5533] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 92.402783][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.410990][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 92.441485][ T2821] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 92.449736][ T2821] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 94.156419][ T4478] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 94.166775][ T4478] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 94.175369][ T4478] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 94.184626][ T4478] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 94.193138][ T4478] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 94.201220][ T4478] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 94.514605][ T5591] chnl_net:caif_netlink_parms(): no params data found
[ 94.580973][ T5591] bridge0: port 1(bridge_slave_0) entered blocking state
[ 94.588491][ T5591] bridge0: port 1(bridge_slave_0) entered disabled state
[ 94.595906][ T5591] bridge_slave_0: entered allmulticast mode
[ 94.603910][ T5591] bridge_slave_0: entered promiscuous mode
[ 94.632558][ T5591] bridge0: port 2(bridge_slave_1) entered blocking state
[ 94.639660][ T5591] bridge0: port 2(bridge_slave_1) entered disabled state
[ 94.647533][ T5591] bridge_slave_1: entered allmulticast mode
[ 94.654687][ T5591] bridge_slave_1: entered promiscuous mode
[ 94.682852][ T5591] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 94.695221][ T5591] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 94.725515][ T5591] team0: Port device team_slave_0 added
[ 94.735051][ T5591] team0: Port device team_slave_1 added
[ 94.761204][ T5591] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 94.768310][ T5591] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 94.794818][ T5591] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 94.808303][ T5591] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 94.815410][ T5591] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 94.841565][ T5591] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 94.886809][ T5591] hsr_slave_0: entered promiscuous mode
[ 94.894081][ T5591] hsr_slave_1: entered promiscuous mode
[ 95.515439][ T5591] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 95.526165][ T5591] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 95.541275][ T5591] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 95.553411][ T5591] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 95.658870][ T5591] 8021q: adding VLAN 0 to HW filter on device bond0
[ 95.685071][ T5591] 8021q: adding VLAN 0 to HW filter on device team0
[ 95.700741][ T5200] bridge0: port 1(bridge_slave_0) entered blocking state
[ 95.709028][ T5200] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 95.735827][ T5200] bridge0: port 2(bridge_slave_1) entered blocking state
[ 95.743130][ T5200] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 95.953684][ T5591] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 96.004553][ T5591] veth0_vlan: entered promiscuous mode
[ 96.020587][ T5591] veth1_vlan: entered promiscuous mode
[ 96.063623][ T5591] veth0_macvtap: entered promiscuous mode
[ 96.076271][ T5591] veth1_macvtap: entered promiscuous mode
[ 96.100544][ T5591] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 96.119815][ T5591] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 96.136052][ T5591] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.146345][ T5591] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.157950][ T5591] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 96.167212][ T5591] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2024/06/11 02:45:11 executed programs: 0
[ 96.368132][ T2821] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 96.384551][ T5148] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 96.394055][ T5148] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 96.405645][ T5148] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 96.414471][ T5148] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 96.424783][ T5148] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 96.432366][ T5148] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 96.465041][ T2821] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 96.524674][ T2821] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 96.599221][ T2821] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 96.739202][ T5658] chnl_net:caif_netlink_parms(): no params data found
[ 96.829241][ T5658] bridge0: port 1(bridge_slave_0) entered blocking state
[ 96.837086][ T5658] bridge0: port 1(bridge_slave_0) entered disabled state
[ 96.845505][ T5658] bridge_slave_0: entered allmulticast mode
[ 96.855030][ T5658] bridge_slave_0: entered promiscuous mode
[ 96.863810][ T5658] bridge0: port 2(bridge_slave_1) entered blocking state
[ 96.871081][ T5658] bridge0: port 2(bridge_slave_1) entered disabled state
[ 96.880771][ T5658] bridge_slave_1: entered allmulticast mode
[ 96.888258][ T5658] bridge_slave_1: entered promiscuous mode
[ 96.948449][ T5658] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 96.966179][ T5658] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 97.015600][ T5658] team0: Port device team_slave_0 added
[ 97.026335][ T5658] team0: Port device team_slave_1 added
[ 97.064476][ T5658] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 97.073442][ T5658] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 97.103660][ T5658] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 97.125426][ T5658] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 97.132535][ T5658] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 97.161643][ T5658] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 97.225735][ T5658] hsr_slave_0: entered promiscuous mode
[ 97.234947][ T5658] hsr_slave_1: entered promiscuous mode
[ 97.243019][ T5658] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 97.250612][ T5658] Cannot create hsr debugfs directory
[ 98.522021][ T5148] Bluetooth: hci0: command tx timeout
[ 100.603107][ T5148] Bluetooth: hci0: command tx timeout
[ 101.008327][ T2821] bridge_slave_1: left allmulticast mode
[ 101.014928][ T2821] bridge_slave_1: left promiscuous mode
[ 101.020748][ T2821] bridge0: port 2(bridge_slave_1) entered disabled state
[ 101.035305][ T2821] bridge_slave_0: left allmulticast mode
[ 101.041022][ T2821] bridge_slave_0: left promiscuous mode
[ 101.047767][ T2821] bridge0: port 1(bridge_slave_0) entered disabled state
[ 101.244253][ T2821] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 101.256241][ T2821] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 101.267386][ T2821] bond0 (unregistering): Released all slaves
[ 101.377862][ T2821] hsr_slave_0: left promiscuous mode
[ 101.386772][ T2821] hsr_slave_1: left promiscuous mode
[ 101.393531][ T2821] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 101.401064][ T2821] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 101.417474][ T2821] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 101.427723][ T2821] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 101.449809][ T2821] veth1_macvtap: left promiscuous mode
[ 101.456716][ T2821] veth0_macvtap: left promiscuous mode
[ 101.465336][ T2821] veth1_vlan: left promiscuous mode
[ 101.470799][ T2821] veth0_vlan: left promiscuous mode
[ 101.946838][ T2821] team0 (unregistering): Port device team_slave_1 removed
[ 101.981191][ T2821] team0 (unregistering): Port device team_slave_0 removed
[ 102.517391][ T5658] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 102.535846][ T5658] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 102.545171][ T5658] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 102.554560][ T5658] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 102.643838][ T5658] 8021q: adding VLAN 0 to HW filter on device bond0
[ 102.661050][ T5658] 8021q: adding VLAN 0 to HW filter on device team0
[ 102.672854][ T785] bridge0: port 1(bridge_slave_0) entered blocking state
[ 102.679996][ T785] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 102.691700][ T5148] Bluetooth: hci0: command tx timeout
[ 102.695182][ T5171] bridge0: port 2(bridge_slave_1) entered blocking state
[ 102.704312][ T5171] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 102.740936][ T5658] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 102.752338][ T5658] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 102.862848][ T5658] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 102.899013][ T5658] veth0_vlan: entered promiscuous mode
[ 102.909829][ T5658] veth1_vlan: entered promiscuous mode
[ 102.936128][ T5658] veth0_macvtap: entered promiscuous mode
[ 102.945224][ T5658] veth1_macvtap: entered promiscuous mode
[ 102.962772][ T5658] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 102.976348][ T5658] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 102.987663][ T5658] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 102.997349][ T5658] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.006353][ T5658] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.015119][ T5658] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 103.073502][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.082407][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 103.106656][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 103.115739][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/06/11 02:45:18 executed programs: 1
[ 103.186687][ T5148] ==================================================================
[ 103.194799][ T5148] BUG: KASAN: slab-use-after-free in smack_socket_sock_rcv_skb+0xec/0x13a0
[ 103.203449][ T5148] Read of size 8 at addr ffff88807ae86498 by task kworker/u9:2/5148
[ 103.211462][ T5148]
[ 103.213810][ T5148] CPU: 1 PID: 5148 Comm: kworker/u9:2 Not tainted 6.10.0-rc1-syzkaller-00267-gcc8ed4d0a848-dirty #0
[ 103.224655][ T5148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 103.234720][ T5148] Workqueue: hci0 hci_rx_work
[ 103.239430][ T5148] Call Trace:
[ 103.242716][ T5148]
[ 103.245638][ T5148] dump_stack_lvl+0x241/0x360
[ 103.250307][ T5148] ? __pfx_dump_stack_lvl+0x10/0x10
[ 103.255497][ T5148] ? __pfx__printk+0x10/0x10
[ 103.260167][ T5148] ? _printk+0xd5/0x120
[ 103.264573][ T5148] ? __virt_addr_valid+0x183/0x520
[ 103.269676][ T5148] ? __virt_addr_valid+0x183/0x520
[ 103.274778][ T5148] print_report+0x169/0x550
[ 103.279293][ T5148] ? __virt_addr_valid+0x183/0x520
[ 103.284580][ T5148] ? __virt_addr_valid+0x183/0x520
[ 103.289686][ T5148] ? __virt_addr_valid+0x44e/0x520
[ 103.294875][ T5148] ? __phys_addr+0xba/0x170
[ 103.299458][ T5148] ? smack_socket_sock_rcv_skb+0xec/0x13a0
[ 103.305372][ T5148] kasan_report+0x143/0x180
[ 103.309867][ T5148] ? smack_socket_sock_rcv_skb+0xec/0x13a0
[ 103.315782][ T5148] smack_socket_sock_rcv_skb+0xec/0x13a0
[ 103.321408][ T5148] ? mark_lock+0x9a/0x350
[ 103.325726][ T5148] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 103.332041][ T5148] ? __pfx_smack_socket_sock_rcv_skb+0x10/0x10
[ 103.338199][ T5148] ? __lock_acquire+0x1346/0x1fd0
[ 103.343315][ T5148] ? __mutex_trylock_common+0x183/0x2e0
[ 103.348854][ T5148] ? __pfx___might_resched+0x10/0x10
[ 103.354155][ T5148] ? __pfx___mutex_trylock_common+0x10/0x10
[ 103.360040][ T5148] ? rcu_is_watching+0x15/0xb0
[ 103.365071][ T5148] security_sock_rcv_skb+0x6d/0xa0
[ 103.370191][ T5148] sk_filter_trim_cap+0x184/0xa80
[ 103.375207][ T5148] ? __local_bh_enable_ip+0x168/0x200
[ 103.380737][ T5148] ? l2cap_sock_recv_cb+0xa9/0x580
[ 103.385858][ T5148] ? lockdep_hardirqs_on+0x99/0x150
[ 103.391059][ T5148] ? __pfx___mutex_lock+0x10/0x10
[ 103.396081][ T5148] ? __local_bh_enable_ip+0x168/0x200
[ 103.401707][ T5148] ? __pfx_sk_filter_trim_cap+0x10/0x10
[ 103.407419][ T5148] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 103.413125][ T5148] ? l2cap_sock_recv_cb+0x60/0x580
[ 103.418226][ T5148] ? do_raw_spin_unlock+0x13c/0x8b0
[ 103.423448][ T5148] l2cap_sock_recv_cb+0x176/0x580
[ 103.428494][ T5148] l2cap_recv_frame+0x8b6d/0x10670
[ 103.433615][ T5148] ? validate_chain+0x11e/0x5900
[ 103.438545][ T5148] ? validate_chain+0x11e/0x5900
[ 103.443478][ T5148] ? validate_chain+0x11e/0x5900
[ 103.448430][ T5148] ? __pfx_validate_chain+0x10/0x10
[ 103.453646][ T5148] ? __pfx_validate_chain+0x10/0x10
[ 103.458947][ T5148] ? __pfx_validate_chain+0x10/0x10
[ 103.464270][ T5148] ? validate_chain+0x11e/0x5900
[ 103.469260][ T5148] ? __pfx_validate_chain+0x10/0x10
[ 103.474451][ T5148] ? __pfx_l2cap_recv_frame+0x10/0x10
[ 103.479812][ T5148] ? __pfx_validate_chain+0x10/0x10
[ 103.485009][ T5148] ? mark_lock+0x9a/0x350
[ 103.489421][ T5148] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 103.495743][ T5148] ? __lock_acquire+0x1346/0x1fd0
[ 103.500858][ T5148] ? mark_lock+0x9a/0x350
[ 103.505190][ T5148] ? hci_rx_work+0x4e7/0xca0
[ 103.509792][ T5148] ? __pfx_lock_release+0x10/0x10
[ 103.514834][ T5148] ? __mutex_unlock_slowpath+0x21d/0x750
[ 103.520472][ T5148] ? __pfx_lock_release+0x10/0x10
[ 103.525487][ T5148] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 103.531548][ T5148] ? hci_conn_enter_active_mode+0x260/0x370
[ 103.537444][ T5148] ? l2cap_recv_acldata+0x48e/0x1550
[ 103.542718][ T5148] ? hci_conn_hash_lookup_handle+0x21/0x240
[ 103.548608][ T5148] ? hci_conn_hash_lookup_handle+0x226/0x240
[ 103.554663][ T5148] hci_rx_work+0x50f/0xca0
[ 103.559069][ T5148] ? process_scheduled_works+0x945/0x1830
[ 103.564873][ T5148] process_scheduled_works+0xa2c/0x1830
[ 103.570419][ T5148] ? __pfx_process_scheduled_works+0x10/0x10
[ 103.576562][ T5148] ? assign_work+0x364/0x3d0
[ 103.581138][ T5148] worker_thread+0x86d/0xd70
[ 103.585720][ T5148] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 103.591611][ T5148] ? __kthread_parkme+0x169/0x1d0
[ 103.596624][ T5148] ? __pfx_worker_thread+0x10/0x10
[ 103.601724][ T5148] kthread+0x2f0/0x390
[ 103.605867][ T5148] ? __pfx_worker_thread+0x10/0x10
[ 103.611137][ T5148] ? __pfx_kthread+0x10/0x10
[ 103.615803][ T5148] ret_from_fork+0x4b/0x80
[ 103.620222][ T5148] ? __pfx_kthread+0x10/0x10
[ 103.624805][ T5148] ret_from_fork_asm+0x1a/0x30
[ 103.629591][ T5148]
[ 103.632615][ T5148]
[ 103.634946][ T5148] Allocated by task 5966:
[ 103.639363][ T5148] kasan_save_track+0x3f/0x80
[ 103.644048][ T5148] __kasan_kmalloc+0x98/0xb0
[ 103.648725][ T5148] __kmalloc_noprof+0x1f9/0x400
[ 103.653569][ T5148] sk_prot_alloc+0xe0/0x210
[ 103.658073][ T5148] sk_alloc+0x38/0x370
[ 103.662299][ T5148] bt_sock_alloc+0x3c/0x340
[ 103.666876][ T5148] l2cap_sock_create+0x13f/0x2d0
[ 103.671897][ T5148] bt_sock_create+0x161/0x230
[ 103.676650][ T5148] __sock_create+0x490/0x920
[ 103.681232][ T5148] __sys_socket+0x150/0x3c0
[ 103.685725][ T5148] __x64_sys_socket+0x7a/0x90
[ 103.690496][ T5148] do_syscall_64+0xf3/0x230
[ 103.694987][ T5148] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.701217][ T5148]
[ 103.703541][ T5148] Freed by task 5965:
[ 103.707593][ T5148] kasan_save_track+0x3f/0x80
[ 103.712263][ T5148] kasan_save_free_info+0x40/0x50
[ 103.717278][ T5148] poison_slab_object+0xe0/0x150
[ 103.722290][ T5148] __kasan_slab_free+0x37/0x60
[ 103.727303][ T5148] kfree+0x149/0x360
[ 103.731360][ T5148] __sk_destruct+0x476/0x5f0
[ 103.735938][ T5148] l2cap_sock_release+0x15b/0x1d0
[ 103.740947][ T5148] sock_close+0xbc/0x240
[ 103.745267][ T5148] __fput+0x406/0x8b0
[ 103.749237][ T5148] __x64_sys_close+0x7f/0x110
[ 103.753990][ T5148] do_syscall_64+0xf3/0x230
[ 103.758568][ T5148] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 103.764545][ T5148]
[ 103.766920][ T5148] The buggy address belongs to the object at ffff88807ae86000
[ 103.766920][ T5148] which belongs to the cache kmalloc-2k of size 2048
[ 103.781393][ T5148] The buggy address is located 1176 bytes inside of
[ 103.781393][ T5148] freed 2048-byte region [ffff88807ae86000, ffff88807ae86800)
[ 103.795351][ T5148]
[ 103.797843][ T5148] The buggy address belongs to the physical page:
[ 103.804269][ T5148] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ae80
[ 103.813070][ T5148] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 103.821561][ T5148] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 103.829538][ T5148] page_type: 0xffffefff(slab)
[ 103.834209][ T5148] raw: 00fff00000000040 ffff888015042000 dead000000000122 0000000000000000
[ 103.842783][ T5148] raw: 0000000000000000 0000000080080008 00000001ffffefff 0000000000000000
[ 103.851442][ T5148] head: 00fff00000000040 ffff888015042000 dead000000000122 0000000000000000
[ 103.860095][ T5148] head: 0000000000000000 0000000080080008 00000001ffffefff 0000000000000000
[ 103.868925][ T5148] head: 00fff00000000003 ffffea0001eba001 ffffffffffffffff 0000000000000000
[ 103.877666][ T5148] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 103.886437][ T5148] page dumped because: kasan: bad access detected
[ 103.893039][ T5148] page_owner tracks the page as allocated
[ 103.898857][ T5148] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5658, tgid 5658 (syz-executor), ts 103136223027, free_ts 103057739028
[ 103.921802][ T5148] post_alloc_hook+0x1f3/0x230
[ 103.926609][ T5148] get_page_from_freelist+0x2e2d/0x2ee0
[ 103.932349][ T5148] __alloc_pages_noprof+0x256/0x6c0
[ 103.937590][ T5148] alloc_slab_page+0x5f/0x120
[ 103.942355][ T5148] allocate_slab+0x5a/0x2e0
[ 103.946962][ T5148] ___slab_alloc+0xcd1/0x14b0
[ 103.951802][ T5148] __slab_alloc+0x58/0xa0
[ 103.956118][ T5148] __kmalloc_noprof+0x257/0x400
[ 103.960966][ T5148] ip6t_alloc_initial_table+0x71/0x640
[ 103.966416][ T5148] ip6table_mangle_table_init+0x1c/0x70
[ 103.972131][ T5148] xt_find_table_lock+0x2d4/0x3b0
[ 103.977146][ T5148] xt_request_find_table_lock+0x26/0x100
[ 103.982775][ T5148] do_ip6t_get_ctl+0x89e/0x1820
[ 103.987700][ T5148] nf_getsockopt+0x299/0x2c0
[ 103.992369][ T5148] ipv6_getsockopt+0x263/0x380
[ 103.997125][ T5148] tcp_getsockopt+0x163/0x1c0
[ 104.001793][ T5148] page last free pid 4534 tgid 4534 stack trace:
[ 104.008276][ T5148] free_unref_page+0xd19/0xea0
[ 104.013031][ T5148] __slab_free+0x31b/0x3d0
[ 104.017502][ T5148] qlist_free_all+0x9e/0x140
[ 104.022099][ T5148] kasan_quarantine_reduce+0x14f/0x170
[ 104.027553][ T5148] __kasan_slab_alloc+0x23/0x80
[ 104.032573][ T5148] kmem_cache_alloc_noprof+0x135/0x2a0
[ 104.038027][ T5148] getname_flags+0xbd/0x4f0
[ 104.042617][ T5148] do_sys_openat2+0xd2/0x1d0
[ 104.047302][ T5148] __x64_sys_openat+0x247/0x2a0
[ 104.052146][ T5148] do_syscall_64+0xf3/0x230
[ 104.056670][ T5148] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 104.062553][ T5148]
[ 104.064864][ T5148] Memory state around the buggy address:
[ 104.070670][ T5148] ffff88807ae86380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 104.078896][ T5148] ffff88807ae86400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 104.087128][ T5148] >ffff88807ae86480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 104.095176][ T5148] ^
[ 104.100017][ T5148] ffff88807ae86500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 104.108074][ T5148] ffff88807ae86580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 104.116117][ T5148] ==================================================================
[ 104.130444][ T5148] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 104.137683][ T5148] CPU: 1 PID: 5148 Comm: kworker/u9:2 Not tainted 6.10.0-rc1-syzkaller-00267-gcc8ed4d0a848-dirty #0
[ 104.148542][ T5148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[ 104.158708][ T5148] Workqueue: hci0 hci_rx_work
[ 104.163431][ T5148] Call Trace:
[ 104.166726][ T5148]
[ 104.169671][ T5148] dump_stack_lvl+0x241/0x360
[ 104.174632][ T5148] ? __pfx_dump_stack_lvl+0x10/0x10
[ 104.179853][ T5148] ? __pfx__printk+0x10/0x10
[ 104.184463][ T5148] ? preempt_schedule+0xe1/0xf0
[ 104.189351][ T5148] ? vscnprintf+0x5d/0x90
[ 104.193803][ T5148] panic+0x349/0x860
[ 104.197723][ T5148] ? check_panic_on_warn+0x21/0xb0
[ 104.202862][ T5148] ? __pfx_panic+0x10/0x10
[ 104.207479][ T5148] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 104.213755][ T5148] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 104.220103][ T5148] ? print_report+0x502/0x550
[ 104.224802][ T5148] check_panic_on_warn+0x86/0xb0
[ 104.229762][ T5148] ? smack_socket_sock_rcv_skb+0xec/0x13a0
[ 104.235617][ T5148] end_report+0x77/0x160
[ 104.239882][ T5148] kasan_report+0x154/0x180
[ 104.244410][ T5148] ? smack_socket_sock_rcv_skb+0xec/0x13a0
[ 104.250420][ T5148] smack_socket_sock_rcv_skb+0xec/0x13a0
[ 104.256190][ T5148] ? mark_lock+0x9a/0x350
[ 104.260721][ T5148] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 104.267504][ T5148] ? __pfx_smack_socket_sock_rcv_skb+0x10/0x10
[ 104.273688][ T5148] ? __lock_acquire+0x1346/0x1fd0
[ 104.279024][ T5148] ? __mutex_trylock_common+0x183/0x2e0
[ 104.284615][ T5148] ? __pfx___might_resched+0x10/0x10
[ 104.289929][ T5148] ? __pfx___mutex_trylock_common+0x10/0x10
[ 104.296119][ T5148] ? rcu_is_watching+0x15/0xb0
[ 104.300999][ T5148] security_sock_rcv_skb+0x6d/0xa0
[ 104.306170][ T5148] sk_filter_trim_cap+0x184/0xa80
[ 104.311233][ T5148] ? __local_bh_enable_ip+0x168/0x200
[ 104.316597][ T5148] ? l2cap_sock_recv_cb+0xa9/0x580
[ 104.321701][ T5148] ? lockdep_hardirqs_on+0x99/0x150
[ 104.327000][ T5148] ? __pfx___mutex_lock+0x10/0x10
[ 104.332025][ T5148] ? __local_bh_enable_ip+0x168/0x200
[ 104.337474][ T5148] ? __pfx_sk_filter_trim_cap+0x10/0x10
[ 104.343387][ T5148] ? __pfx___local_bh_enable_ip+0x10/0x10
[ 104.349300][ T5148] ? l2cap_sock_recv_cb+0x60/0x580
[ 104.354528][ T5148] ? do_raw_spin_unlock+0x13c/0x8b0
[ 104.359743][ T5148] l2cap_sock_recv_cb+0x176/0x580
[ 104.364775][ T5148] l2cap_recv_frame+0x8b6d/0x10670
[ 104.369877][ T5148] ? validate_chain+0x11e/0x5900
[ 104.374828][ T5148] ? validate_chain+0x11e/0x5900
[ 104.379870][ T5148] ? validate_chain+0x11e/0x5900
[ 104.384824][ T5148] ? __pfx_validate_chain+0x10/0x10
[ 104.390189][ T5148] ? __pfx_validate_chain+0x10/0x10
[ 104.395414][ T5148] ? __pfx_validate_chain+0x10/0x10
[ 104.400681][ T5148] ? validate_chain+0x11e/0x5900
[ 104.405710][ T5148] ? __pfx_validate_chain+0x10/0x10
[ 104.411000][ T5148] ? __pfx_l2cap_recv_frame+0x10/0x10
[ 104.416453][ T5148] ? __pfx_validate_chain+0x10/0x10
[ 104.421662][ T5148] ? mark_lock+0x9a/0x350
[ 104.426004][ T5148] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 104.432342][ T5148] ? __lock_acquire+0x1346/0x1fd0
[ 104.437371][ T5148] ? mark_lock+0x9a/0x350
[ 104.441695][ T5148] ? hci_rx_work+0x4e7/0xca0
[ 104.446290][ T5148] ? __pfx_lock_release+0x10/0x10
[ 104.451307][ T5148] ? __mutex_unlock_slowpath+0x21d/0x750
[ 104.456952][ T5148] ? __pfx_lock_release+0x10/0x10
[ 104.461966][ T5148] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 104.468061][ T5148] ? hci_conn_enter_active_mode+0x260/0x370
[ 104.473957][ T5148] ? l2cap_recv_acldata+0x48e/0x1550
[ 104.479255][ T5148] ? hci_conn_hash_lookup_handle+0x21/0x240
[ 104.485162][ T5148] ? hci_conn_hash_lookup_handle+0x226/0x240
[ 104.491145][ T5148] hci_rx_work+0x50f/0xca0
[ 104.495557][ T5148] ? process_scheduled_works+0x945/0x1830
[ 104.501285][ T5148] process_scheduled_works+0xa2c/0x1830
[ 104.506855][ T5148] ? __pfx_process_scheduled_works+0x10/0x10
[ 104.512828][ T5148] ? assign_work+0x364/0x3d0
[ 104.517584][ T5148] worker_thread+0x86d/0xd70
[ 104.522188][ T5148] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 104.528073][ T5148] ? __kthread_parkme+0x169/0x1d0
[ 104.533089][ T5148] ? __pfx_worker_thread+0x10/0x10
[ 104.538187][ T5148] kthread+0x2f0/0x390
[ 104.542245][ T5148] ? __pfx_worker_thread+0x10/0x10
[ 104.547432][ T5148] ? __pfx_kthread+0x10/0x10
[ 104.552032][ T5148] ret_from_fork+0x4b/0x80
[ 104.556475][ T5148] ? __pfx_kthread+0x10/0x10
[ 104.561114][ T5148] ret_from_fork_asm+0x1a/0x30
[ 104.565904][ T5148]
[ 104.569244][ T5148] Kernel Offset: disabled
[ 104.573561][ T5148] Rebooting in 86400 seconds..