Warning: Permanently added '10.128.0.92' (ED25519) to the list of known hosts.
2024/07/21 11:15:35 ignoring optional flag "sandboxArg"="0"
2024/07/21 11:15:35 parsed 1 programs
[ 107.268366][ T5522] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 109.622475][ T5532] chnl_net:caif_netlink_parms(): no params data found
[ 109.677380][ T5532] bridge0: port 1(bridge_slave_0) entered blocking state
[ 109.684786][ T5532] bridge0: port 1(bridge_slave_0) entered disabled state
[ 109.692118][ T5532] bridge_slave_0: entered allmulticast mode
[ 109.698876][ T5532] bridge_slave_0: entered promiscuous mode
[ 109.707079][ T5532] bridge0: port 2(bridge_slave_1) entered blocking state
[ 109.714758][ T5532] bridge0: port 2(bridge_slave_1) entered disabled state
[ 109.722334][ T5532] bridge_slave_1: entered allmulticast mode
[ 109.729043][ T5532] bridge_slave_1: entered promiscuous mode
[ 109.753023][ T5532] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 109.764084][ T5532] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 109.792003][ T5532] team0: Port device team_slave_0 added
[ 109.799799][ T5532] team0: Port device team_slave_1 added
[ 109.822258][ T5532] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 109.829360][ T5532] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 109.855430][ T5532] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 109.867525][ T5532] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 109.874859][ T5532] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 109.900957][ T5532] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 109.936000][ T5532] hsr_slave_0: entered promiscuous mode
[ 109.943566][ T5532] hsr_slave_1: entered promiscuous mode
[ 110.586990][ T5532] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 110.614381][ T5532] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 110.625067][ T5532] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 110.637767][ T5532] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 110.727970][ T5532] 8021q: adding VLAN 0 to HW filter on device bond0
[ 110.754125][ T5532] 8021q: adding VLAN 0 to HW filter on device team0
[ 110.772741][ T46] bridge0: port 1(bridge_slave_0) entered blocking state
[ 110.780087][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 110.797263][ T46] bridge0: port 2(bridge_slave_1) entered blocking state
[ 110.804540][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 111.052979][ T5532] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 111.105695][ T5532] veth0_vlan: entered promiscuous mode
[ 111.120271][ T5532] veth1_vlan: entered promiscuous mode
[ 111.153971][ T5532] veth0_macvtap: entered promiscuous mode
[ 111.165542][ T5532] veth1_macvtap: entered promiscuous mode
[ 111.193794][ T5532] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 111.215595][ T5532] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 111.228881][ T5532] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 111.239733][ T5532] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 111.248651][ T5532] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 111.261452][ T5532] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 111.461492][ T1042] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 111.548521][ T1042] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 111.661604][ T1042] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 111.766960][ T1042] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 113.164474][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.185835][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.216903][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 113.228861][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 113.944832][ T5135] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 113.955294][ T5135] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 113.966710][ T5135] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 113.975756][ T5135] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 113.985379][ T5135] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 113.993569][ T5135] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
2024/07/21 11:15:46 executed programs: 0
[ 114.603879][ T4486] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 114.612936][ T4486] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 114.622836][ T4486] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 114.633992][ T4486] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 114.651508][ T4486] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 114.658905][ T4486] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 114.938682][ T5754] chnl_net:caif_netlink_parms(): no params data found
[ 115.036002][ T5754] bridge0: port 1(bridge_slave_0) entered blocking state
[ 115.043451][ T5754] bridge0: port 1(bridge_slave_0) entered disabled state
[ 115.051866][ T5754] bridge_slave_0: entered allmulticast mode
[ 115.059656][ T5754] bridge_slave_0: entered promiscuous mode
[ 115.068901][ T5754] bridge0: port 2(bridge_slave_1) entered blocking state
[ 115.076700][ T5754] bridge0: port 2(bridge_slave_1) entered disabled state
[ 115.084138][ T5754] bridge_slave_1: entered allmulticast mode
[ 115.091741][ T5754] bridge_slave_1: entered promiscuous mode
[ 115.132534][ T5754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 115.144936][ T5754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 115.186386][ T5754] team0: Port device team_slave_0 added
[ 115.196516][ T5754] team0: Port device team_slave_1 added
[ 115.234193][ T5754] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 115.244031][ T5754] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 115.271491][ T5754] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 115.285410][ T5754] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 115.292799][ T5754] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 115.320027][ T5754] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 115.375156][ T5754] hsr_slave_0: entered promiscuous mode
[ 115.384172][ T5754] hsr_slave_1: entered promiscuous mode
[ 115.395708][ T5754] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 115.406897][ T5754] Cannot create hsr debugfs directory
[ 116.064525][ T1042] bridge_slave_1: left allmulticast mode
[ 116.074569][ T1042] bridge_slave_1: left promiscuous mode
[ 116.081097][ T1042] bridge0: port 2(bridge_slave_1) entered disabled state
[ 116.093331][ T1042] bridge_slave_0: left allmulticast mode
[ 116.099015][ T1042] bridge_slave_0: left promiscuous mode
[ 116.110894][ T1042] bridge0: port 1(bridge_slave_0) entered disabled state
[ 116.428468][ T1042] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 116.443822][ T1042] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 116.455805][ T1042] bond0 (unregistering): Released all slaves
[ 116.568668][ T1042] hsr_slave_0: left promiscuous mode
[ 116.575013][ T1042] hsr_slave_1: left promiscuous mode
[ 116.581721][ T1042] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 116.594412][ T1042] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 116.602900][ T1042] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 116.610962][ T1042] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 116.633596][ T1042] veth1_macvtap: left promiscuous mode
[ 116.642640][ T1042] veth0_macvtap: left promiscuous mode
[ 116.648340][ T1042] veth1_vlan: left promiscuous mode
[ 116.654317][ T1042] veth0_vlan: left promiscuous mode
[ 116.750472][ T5135] Bluetooth: hci0: command tx timeout
[ 117.073767][ T1042] team0 (unregistering): Port device team_slave_1 removed
[ 117.121275][ T1042] team0 (unregistering): Port device team_slave_0 removed
[ 117.628412][ T5754] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 117.643831][ T5754] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 117.676594][ T5754] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 117.700805][ T5754] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 117.831878][ T5754] 8021q: adding VLAN 0 to HW filter on device bond0
[ 117.858391][ T5754] 8021q: adding VLAN 0 to HW filter on device team0
[ 117.897695][ T927] bridge0: port 1(bridge_slave_0) entered blocking state
[ 117.905151][ T927] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 117.917136][ T927] bridge0: port 2(bridge_slave_1) entered blocking state
[ 117.924342][ T927] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 118.728427][ T5754] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 118.794766][ T5754] veth0_vlan: entered promiscuous mode
[ 118.808605][ T5754] veth1_vlan: entered promiscuous mode
[ 118.830486][ T5135] Bluetooth: hci0: command tx timeout
[ 118.863288][ T5754] veth0_macvtap: entered promiscuous mode
[ 118.875521][ T5754] veth1_macvtap: entered promiscuous mode
[ 118.896033][ T5754] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 118.912257][ T5754] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 118.926224][ T5754] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 118.935593][ T5754] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 118.945760][ T5754] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 118.956093][ T5754] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 119.038598][ T1096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.056784][ T1096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 119.087184][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 119.096920][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2024/07/21 11:15:51 executed programs: 9
[ 120.219851][ C1] ==================================================================
[ 120.228051][ C1] BUG: KASAN: slab-use-after-free in bq_xmit_all+0x134/0x11d0
[ 120.235547][ C1] Read of size 8 at addr ffff88802e0fa748 by task syz.0.32/5981
[ 120.243208][ C1]
[ 120.245553][ C1] CPU: 1 PID: 5981 Comm: syz.0.32 Not tainted 6.10.0-syzkaller-11185-g2c9b3512402e-dirty #0
[ 120.255635][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 120.266166][ C1] Call Trace:
[ 120.269467][ C1]
[ 120.272331][ C1] dump_stack_lvl+0x241/0x360
[ 120.277097][ C1] ? __pfx_dump_stack_lvl+0x10/0x10
[ 120.282333][ C1] ? __pfx__printk+0x10/0x10
[ 120.286972][ C1] ? _printk+0xd5/0x120
[ 120.291254][ C1] ? __virt_addr_valid+0x183/0x530
[ 120.296398][ C1] ? __virt_addr_valid+0x183/0x530
[ 120.301643][ C1] print_report+0x169/0x550
[ 120.306180][ C1] ? __virt_addr_valid+0x183/0x530
[ 120.311429][ C1] ? __virt_addr_valid+0x183/0x530
[ 120.316588][ C1] ? __virt_addr_valid+0x45f/0x530
[ 120.321734][ C1] ? __phys_addr+0xba/0x170
[ 120.326275][ C1] ? bq_xmit_all+0x134/0x11d0
[ 120.330979][ C1] kasan_report+0x143/0x180
[ 120.335609][ C1] ? bq_xmit_all+0x134/0x11d0
[ 120.340316][ C1] bq_xmit_all+0x134/0x11d0
[ 120.344845][ C1] ? mark_lock+0x9a/0x350
[ 120.349388][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 120.355500][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 120.361856][ C1] ? _raw_spin_lock_irq+0xdf/0x120
[ 120.366999][ C1] ? __pfx_bq_xmit_all+0x10/0x10
[ 120.372006][ C1] ? lockdep_hardirqs_on+0x99/0x150
[ 120.377242][ C1] ? _raw_spin_unlock_irq+0x2e/0x50
[ 120.382468][ C1] ? process_backlog+0x151a/0x15b0
[ 120.387609][ C1] ? raise_softirq+0x108/0x1b0
[ 120.392432][ C1] __dev_flush+0x81/0x160
[ 120.396793][ C1] xdp_do_check_flushed+0x129/0x240
[ 120.402030][ C1] __napi_poll+0xe4/0x490
[ 120.406395][ C1] net_rx_action+0x89b/0x1240
[ 120.411126][ C1] ? __pfx_net_rx_action+0x10/0x10
[ 120.416270][ C1] ? sched_balance_domains+0x91b/0xa90
[ 120.421766][ C1] ? sched_balance_domains+0x1b2/0xa90
[ 120.427265][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 120.433711][ C1] handle_softirqs+0x2c4/0x970
[ 120.438508][ C1] ? __irq_exit_rcu+0xf4/0x1c0
[ 120.443301][ C1] ? __pfx_handle_softirqs+0x10/0x10
[ 120.448800][ C1] ? irqtime_account_irq+0xd4/0x1e0
[ 120.454204][ C1] __irq_exit_rcu+0xf4/0x1c0
[ 120.458923][ C1] ? __pfx___irq_exit_rcu+0x10/0x10
[ 120.464159][ C1] irq_exit_rcu+0x9/0x30
[ 120.468440][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 120.474195][ C1]
[ 120.477154][ C1]
[ 120.480098][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 120.486392][ C1] RIP: 0010:propagate_protected_usage+0x42/0x210
[ 120.492744][ C1] Code: fc ff df e8 d0 ab 95 ff 49 8d 9c 24 a0 00 00 00 49 89 de 49 c1 ee 03 41 80 3c 2e 00 74 08 48 89 df e8 d2 a1 f8 ff 48 83 3b 00 <74> 78 48 89 1c 24 49 8d bc 24 80 00 00 00 48 89 f8 48 c1 e8 03 80
[ 120.512558][ C1] RSP: 0018:ffffc90003c87160 EFLAGS: 00000246
[ 120.518672][ C1] RAX: ffffffff81fd96f0 RBX: ffff8880162dc1e0 RCX: ffff8880271e3c00
[ 120.527192][ C1] RDX: 0000000000000000 RSI: 000000000000014a RDI: ffff8880162dc140
[ 120.535293][ C1] RBP: dffffc0000000000 R08: ffffffff81fd9639 R09: 1ffff11002c5b828
[ 120.543460][ C1] R10: dffffc0000000000 R11: ffffed1002c5b829 R12: ffff8880162dc140
[ 120.551460][ C1] R13: ffffc90003c872e0 R14: 1ffff11002c5b83c R15: 000000000000014a
[ 120.559545][ C1] ? page_counter_cancel+0x39/0xc0
[ 120.564682][ C1] ? propagate_protected_usage+0x20/0x210
[ 120.570433][ C1] ? page_counter_cancel+0x43/0xc0
[ 120.575657][ C1] page_counter_uncharge+0x2e/0x70
[ 120.580805][ C1] uncharge_batch+0xde/0x4f0
[ 120.585431][ C1] ? __pfx_uncharge_batch+0x10/0x10
[ 120.590747][ C1] ? percpu_ref_put+0x19/0x180
[ 120.595606][ C1] ? percpu_ref_put+0xfa/0x180
[ 120.600348][ C1] __mem_cgroup_uncharge_folios+0x14a/0x1c0
[ 120.606235][ C1] ? __pfx___mem_cgroup_uncharge_folios+0x10/0x10
[ 120.612642][ C1] ? free_unref_folios+0x186f/0x19c0
[ 120.617959][ C1] ? __page_cache_release+0xbe7/0x1c80
[ 120.623419][ C1] folios_put_refs+0x932/0xa60
[ 120.628179][ C1] ? __pfx_folios_put_refs+0x10/0x10
[ 120.633460][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 120.639916][ C1] ? __lruvec_stat_mod_folio+0x7d/0x300
[ 120.645554][ C1] ? free_swap_cache+0xb3/0x880
[ 120.650573][ C1] free_pages_and_swap_cache+0x5c8/0x690
[ 120.656266][ C1] ? __pfx_free_pages_and_swap_cache+0x10/0x10
[ 120.662425][ C1] ? tlb_table_flush+0x143/0x410
[ 120.667348][ C1] tlb_flush_mmu+0x3a3/0x680
[ 120.671946][ C1] tlb_finish_mmu+0xd4/0x200
[ 120.676543][ C1] exit_mmap+0x44f/0xc80
[ 120.681055][ C1] ? __pfx_exit_mmap+0x10/0x10
[ 120.685965][ C1] ? __asan_memset+0x23/0x50
[ 120.690573][ C1] ? uprobe_clear_state+0x277/0x290
[ 120.695847][ C1] ? mm_update_next_owner+0x559/0x6b0
[ 120.701317][ C1] __mmput+0x115/0x380
[ 120.705467][ C1] exit_mm+0x220/0x310
[ 120.709728][ C1] ? __pfx_exit_mm+0x10/0x10
[ 120.714317][ C1] ? taskstats_exit+0x326/0xa60
[ 120.719156][ C1] do_exit+0x9b2/0x27f0
[ 120.723302][ C1] ? __pfx_do_exit+0x10/0x10
[ 120.727954][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 120.733324][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 120.739292][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 120.745604][ C1] ? _raw_spin_lock_irq+0xdf/0x120
[ 120.751137][ C1] do_group_exit+0x207/0x2c0
[ 120.755757][ C1] ? _raw_spin_unlock_irq+0x23/0x50
[ 120.761021][ C1] ? lockdep_hardirqs_on+0x99/0x150
[ 120.766225][ C1] get_signal+0x16a1/0x1740
[ 120.770890][ C1] ? __pfx_get_signal+0x10/0x10
[ 120.775730][ C1] arch_do_signal_or_restart+0x96/0x860
[ 120.781283][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 120.787458][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 120.793459][ C1] ? syscall_exit_to_user_mode+0xa3/0x370
[ 120.799203][ C1] syscall_exit_to_user_mode+0xc9/0x370
[ 120.804822][ C1] do_syscall_64+0x100/0x230
[ 120.809490][ C1] ? clear_bhb_loop+0x35/0x90
[ 120.814151][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 120.820026][ C1] RIP: 0033:0x7fc403375b59
[ 120.824514][ C1] Code: Unable to access opcode bytes at 0x7fc403375b2f.
[ 120.831884][ C1] RSP: 002b:00007fc4041330f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 120.840367][ C1] RAX: fffffffffffffe00 RBX: 00007fc403505f68 RCX: 00007fc403375b59
[ 120.848450][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc403505f68
[ 120.856404][ C1] RBP: 00007fc403505f60 R08: 00007fc4041336c0 R09: 00007fc4041336c0
[ 120.864459][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc403505f6c
[ 120.872583][ C1] R13: 000000000000000b R14: 00007ffd23f516c0 R15: 00007ffd23f517a8
[ 120.880542][ C1]
[ 120.883545][ C1]
[ 120.885849][ C1] Allocated by task 5977:
[ 120.890153][ C1] kasan_save_track+0x3f/0x80
[ 120.894903][ C1] __kasan_slab_alloc+0x66/0x80
[ 120.899821][ C1] kmem_cache_alloc_noprof+0x135/0x2a0
[ 120.905272][ C1] vm_area_dup+0x27/0x290
[ 120.909590][ C1] __split_vma+0x1a9/0xc30
[ 120.913988][ C1] vma_modify+0x194/0x350
[ 120.918295][ C1] mprotect_fixup+0x3ea/0xa90
[ 120.923038][ C1] do_mprotect_pkey+0x908/0xe00
[ 120.927967][ C1] __x64_sys_mprotect+0x80/0x90
[ 120.929345][ T5135] Bluetooth: hci0: command tx timeout
[ 120.932879][ C1] do_syscall_64+0xf3/0x230
[ 120.942834][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 120.948749][ C1]
[ 120.951106][ C1] Freed by task 5977:
[ 120.955196][ C1] kasan_save_track+0x3f/0x80
[ 120.960065][ C1] kasan_save_free_info+0x40/0x50
[ 120.965128][ C1] poison_slab_object+0xe0/0x150
[ 120.970073][ C1] __kasan_slab_free+0x37/0x60
[ 120.975004][ C1] kmem_cache_free+0x145/0x350
[ 120.979767][ C1] exit_mmap+0x645/0xc80
[ 120.984028][ C1] __mmput+0x115/0x380
[ 120.988235][ C1] exit_mm+0x220/0x310
[ 120.992391][ C1] do_exit+0x9b2/0x27f0
[ 120.996533][ C1] do_group_exit+0x207/0x2c0
[ 121.001106][ C1] __x64_sys_exit_group+0x3f/0x40
[ 121.006128][ C1] x64_sys_call+0x26c3/0x26d0
[ 121.010801][ C1] do_syscall_64+0xf3/0x230
[ 121.015387][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 121.021369][ C1]
[ 121.023673][ C1] The buggy address belongs to the object at ffff88802e0fa6c8
[ 121.023673][ C1] which belongs to the cache vm_area_struct of size 184
[ 121.037976][ C1] The buggy address is located 128 bytes inside of
[ 121.037976][ C1] freed 184-byte region [ffff88802e0fa6c8, ffff88802e0fa780)
[ 121.052119][ C1]
[ 121.054435][ C1] The buggy address belongs to the physical page:
[ 121.060941][ C1] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2e0fa
[ 121.069779][ C1] memcg:ffff88806981bc01
[ 121.074016][ C1] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 121.081622][ C1] page_type: 0xffffefff(slab)
[ 121.086605][ C1] raw: 00fff00000000000 ffff888015eefb40 ffffea00008fcf00 dead000000000005
[ 121.095375][ C1] raw: 0000000000000000 0000000000100010 00000001ffffefff ffff88806981bc01
[ 121.104212][ C1] page dumped because: kasan: bad access detected
[ 121.110622][ C1] page_owner tracks the page as allocated
[ 121.116321][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5298, tgid 5298 (rm), ts 85421049674, free_ts 85420936799
[ 121.135057][ C1] post_alloc_hook+0x1f3/0x230
[ 121.139814][ C1] get_page_from_freelist+0x2e4c/0x2f10
[ 121.145337][ C1] __alloc_pages_noprof+0x256/0x6c0
[ 121.150601][ C1] alloc_slab_page+0x5f/0x120
[ 121.155256][ C1] allocate_slab+0x5a/0x2f0
[ 121.159740][ C1] ___slab_alloc+0xcd1/0x14b0
[ 121.164393][ C1] __slab_alloc+0x58/0xa0
[ 121.168785][ C1] kmem_cache_alloc_noprof+0x1c1/0x2a0
[ 121.174297][ C1] vm_area_dup+0x27/0x290
[ 121.178656][ C1] __split_vma+0x1a9/0xc30
[ 121.183093][ C1] do_vmi_align_munmap+0x388/0x18c0
[ 121.188310][ C1] do_vmi_munmap+0x261/0x2f0
[ 121.192886][ C1] __vm_munmap+0x1fc/0x400
[ 121.197290][ C1] elf_load+0x2d8/0x6f0
[ 121.201440][ C1] load_elf_binary+0x1027/0x2680
[ 121.206455][ C1] bprm_execve+0xaf8/0x1770
[ 121.211134][ C1] page last free pid 5298 tgid 5298 stack trace:
[ 121.217536][ C1] free_unref_folios+0xf12/0x19c0
[ 121.222607][ C1] folios_put_refs+0x93a/0xa60
[ 121.227391][ C1] free_pages_and_swap_cache+0x5c8/0x690
[ 121.233037][ C1] tlb_flush_mmu+0x3a3/0x680
[ 121.238363][ C1] tlb_finish_mmu+0xd4/0x200
[ 121.243073][ C1] setup_arg_pages+0xd2d/0x1000
[ 121.247945][ C1] load_elf_binary+0xb80/0x2680
[ 121.253073][ C1] bprm_execve+0xaf8/0x1770
[ 121.257674][ C1] do_execveat_common+0x55f/0x6f0
[ 121.262716][ C1] __x64_sys_execve+0x92/0xb0
[ 121.267397][ C1] do_syscall_64+0xf3/0x230
[ 121.271894][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 121.277868][ C1]
[ 121.280184][ C1] Memory state around the buggy address:
[ 121.285817][ C1] ffff88802e0fa600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 121.293949][ C1] ffff88802e0fa680: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb
[ 121.302264][ C1] >ffff88802e0fa700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 121.310499][ C1] ^
[ 121.317062][ C1] ffff88802e0fa780: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[ 121.325367][ C1] ffff88802e0fa800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 121.333499][ C1] ==================================================================
[ 121.341839][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 121.349174][ C1] CPU: 1 PID: 5981 Comm: syz.0.32 Not tainted 6.10.0-syzkaller-11185-g2c9b3512402e-dirty #0
[ 121.359343][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[ 121.369419][ C1] Call Trace:
[ 121.372791][ C1]
[ 121.375662][ C1] dump_stack_lvl+0x241/0x360
[ 121.380428][ C1] ? __pfx_dump_stack_lvl+0x10/0x10
[ 121.385718][ C1] ? __pfx__printk+0x10/0x10
[ 121.390441][ C1] ? vscnprintf+0x5d/0x90
[ 121.394773][ C1] panic+0x349/0x860
[ 121.398801][ C1] ? check_panic_on_warn+0x21/0xb0
[ 121.403930][ C1] ? __pfx_panic+0x10/0x10
[ 121.408376][ C1] ? mark_lock+0x9a/0x350
[ 121.412704][ C1] ? _raw_spin_unlock_irqrestore+0xd8/0x140
[ 121.418601][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 121.424494][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 121.430910][ C1] ? print_report+0x502/0x550
[ 121.435679][ C1] check_panic_on_warn+0x86/0xb0
[ 121.440599][ C1] ? bq_xmit_all+0x134/0x11d0
[ 121.445347][ C1] end_report+0x77/0x160
[ 121.449581][ C1] kasan_report+0x154/0x180
[ 121.454163][ C1] ? bq_xmit_all+0x134/0x11d0
[ 121.458829][ C1] bq_xmit_all+0x134/0x11d0
[ 121.463395][ C1] ? mark_lock+0x9a/0x350
[ 121.467868][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 121.473865][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 121.480371][ C1] ? _raw_spin_lock_irq+0xdf/0x120
[ 121.485468][ C1] ? __pfx_bq_xmit_all+0x10/0x10
[ 121.490471][ C1] ? lockdep_hardirqs_on+0x99/0x150
[ 121.495665][ C1] ? _raw_spin_unlock_irq+0x2e/0x50
[ 121.501120][ C1] ? process_backlog+0x151a/0x15b0
[ 121.506325][ C1] ? raise_softirq+0x108/0x1b0
[ 121.511082][ C1] __dev_flush+0x81/0x160
[ 121.515399][ C1] xdp_do_check_flushed+0x129/0x240
[ 121.520594][ C1] __napi_poll+0xe4/0x490
[ 121.524912][ C1] net_rx_action+0x89b/0x1240
[ 121.529661][ C1] ? __pfx_net_rx_action+0x10/0x10
[ 121.534755][ C1] ? sched_balance_domains+0x91b/0xa90
[ 121.540289][ C1] ? sched_balance_domains+0x1b2/0xa90
[ 121.545726][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 121.552045][ C1] handle_softirqs+0x2c4/0x970
[ 121.556820][ C1] ? __irq_exit_rcu+0xf4/0x1c0
[ 121.561579][ C1] ? __pfx_handle_softirqs+0x10/0x10
[ 121.566856][ C1] ? irqtime_account_irq+0xd4/0x1e0
[ 121.572087][ C1] __irq_exit_rcu+0xf4/0x1c0
[ 121.576681][ C1] ? __pfx___irq_exit_rcu+0x10/0x10
[ 121.581891][ C1] irq_exit_rcu+0x9/0x30
[ 121.586132][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0
[ 121.592021][ C1]
[ 121.595376][ C1]
[ 121.598291][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 121.604271][ C1] RIP: 0010:propagate_protected_usage+0x42/0x210
[ 121.610967][ C1] Code: fc ff df e8 d0 ab 95 ff 49 8d 9c 24 a0 00 00 00 49 89 de 49 c1 ee 03 41 80 3c 2e 00 74 08 48 89 df e8 d2 a1 f8 ff 48 83 3b 00 <74> 78 48 89 1c 24 49 8d bc 24 80 00 00 00 48 89 f8 48 c1 e8 03 80
[ 121.630836][ C1] RSP: 0018:ffffc90003c87160 EFLAGS: 00000246
[ 121.636914][ C1] RAX: ffffffff81fd96f0 RBX: ffff8880162dc1e0 RCX: ffff8880271e3c00
[ 121.644966][ C1] RDX: 0000000000000000 RSI: 000000000000014a RDI: ffff8880162dc140
[ 121.652929][ C1] RBP: dffffc0000000000 R08: ffffffff81fd9639 R09: 1ffff11002c5b828
[ 121.660893][ C1] R10: dffffc0000000000 R11: ffffed1002c5b829 R12: ffff8880162dc140
[ 121.669001][ C1] R13: ffffc90003c872e0 R14: 1ffff11002c5b83c R15: 000000000000014a
[ 121.676973][ C1] ? page_counter_cancel+0x39/0xc0
[ 121.682506][ C1] ? propagate_protected_usage+0x20/0x210
[ 121.688218][ C1] ? page_counter_cancel+0x43/0xc0
[ 121.693343][ C1] page_counter_uncharge+0x2e/0x70
[ 121.698452][ C1] uncharge_batch+0xde/0x4f0
[ 121.703040][ C1] ? __pfx_uncharge_batch+0x10/0x10
[ 121.708330][ C1] ? percpu_ref_put+0x19/0x180
[ 121.713097][ C1] ? percpu_ref_put+0xfa/0x180
[ 121.717854][ C1] __mem_cgroup_uncharge_folios+0x14a/0x1c0
[ 121.723744][ C1] ? __pfx___mem_cgroup_uncharge_folios+0x10/0x10
[ 121.730148][ C1] ? free_unref_folios+0x186f/0x19c0
[ 121.735602][ C1] ? __page_cache_release+0xbe7/0x1c80
[ 121.741397][ C1] folios_put_refs+0x932/0xa60
[ 121.746161][ C1] ? __pfx_folios_put_refs+0x10/0x10
[ 121.751433][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 121.757770][ C1] ? __lruvec_stat_mod_folio+0x7d/0x300
[ 121.763300][ C1] ? free_swap_cache+0xb3/0x880
[ 121.768158][ C1] free_pages_and_swap_cache+0x5c8/0x690
[ 121.773809][ C1] ? __pfx_free_pages_and_swap_cache+0x10/0x10
[ 121.779968][ C1] ? tlb_table_flush+0x143/0x410
[ 121.784897][ C1] tlb_flush_mmu+0x3a3/0x680
[ 121.789480][ C1] tlb_finish_mmu+0xd4/0x200
[ 121.794059][ C1] exit_mmap+0x44f/0xc80
[ 121.798292][ C1] ? __pfx_exit_mmap+0x10/0x10
[ 121.803142][ C1] ? __asan_memset+0x23/0x50
[ 121.807727][ C1] ? uprobe_clear_state+0x277/0x290
[ 121.812913][ C1] ? mm_update_next_owner+0x559/0x6b0
[ 121.818276][ C1] __mmput+0x115/0x380
[ 121.822333][ C1] exit_mm+0x220/0x310
[ 121.826387][ C1] ? __pfx_exit_mm+0x10/0x10
[ 121.830964][ C1] ? taskstats_exit+0x326/0xa60
[ 121.835797][ C1] do_exit+0x9b2/0x27f0
[ 121.839948][ C1] ? __pfx_do_exit+0x10/0x10
[ 121.844523][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 121.849892][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 121.855865][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 121.862469][ C1] ? _raw_spin_lock_irq+0xdf/0x120
[ 121.867673][ C1] do_group_exit+0x207/0x2c0
[ 121.872333][ C1] ? _raw_spin_unlock_irq+0x23/0x50
[ 121.877688][ C1] ? lockdep_hardirqs_on+0x99/0x150
[ 121.882961][ C1] get_signal+0x16a1/0x1740
[ 121.887450][ C1] ? __pfx_get_signal+0x10/0x10
[ 121.892287][ C1] arch_do_signal_or_restart+0x96/0x860
[ 121.897929][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 121.904156][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 121.910122][ C1] ? syscall_exit_to_user_mode+0xa3/0x370
[ 121.915833][ C1] syscall_exit_to_user_mode+0xc9/0x370
[ 121.921460][ C1] do_syscall_64+0x100/0x230
[ 121.926120][ C1] ? clear_bhb_loop+0x35/0x90
[ 121.930963][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 121.936840][ C1] RIP: 0033:0x7fc403375b59
[ 121.941240][ C1] Code: Unable to access opcode bytes at 0x7fc403375b2f.
[ 121.948233][ C1] RSP: 002b:00007fc4041330f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 121.956630][ C1] RAX: fffffffffffffe00 RBX: 00007fc403505f68 RCX: 00007fc403375b59
[ 121.964933][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc403505f68
[ 121.972901][ C1] RBP: 00007fc403505f60 R08: 00007fc4041336c0 R09: 00007fc4041336c0
[ 121.980860][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc403505f6c
[ 121.988941][ C1] R13: 000000000000000b R14: 00007ffd23f516c0 R15: 00007ffd23f517a8
[ 121.996908][ C1]
[ 122.000254][ C1] Kernel Offset: disabled
[ 122.004585][ C1] Rebooting in 86400 seconds..