Warning: Permanently added '10.128.10.15' (ED25519) to the list of known hosts.
2024/06/26 00:06:18 ignoring optional flag "sandboxArg"="0"
2024/06/26 00:06:18 parsed 1 programs
[  274.799844][ T5111] cgroup: Unknown subsys name 'net'
[  274.993581][ T5111] cgroup: Unknown subsys name 'rlimit'
[  276.399179][ T5111] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  277.085902][ T2446] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.093872][ T2446] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.206288][ T2446] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.214149][ T2446] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  278.207572][ T5165] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  278.216258][ T5165] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  278.224030][ T5165] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  278.239520][ T5165] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  278.247948][ T5165] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  278.256245][ T5165] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  278.266419][ T5164] ==================================================================
[  278.274501][ T5164] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x41/0x3b0
[  278.282254][ T5164] Read of size 4 at addr ffff888063d095e4 by task syz-executor/5164
[  278.290219][ T5164] 
[  278.292536][ T5164] CPU: 0 PID: 5164 Comm: syz-executor Not tainted 6.10.0-rc4-syzkaller-00194-gb1c4b4d45263 #0
[  278.302754][ T5164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  278.312803][ T5164] Call Trace:
[  278.316097][ T5164]  <TASK>
[  278.319022][ T5164]  dump_stack_lvl+0x241/0x360
[  278.323695][ T5164]  ? __pfx_dump_stack_lvl+0x10/0x10
[  278.328917][ T5164]  ? __pfx__printk+0x10/0x10
[  278.333500][ T5164]  ? _printk+0xd5/0x120
[  278.337647][ T5164]  ? __virt_addr_valid+0x183/0x520
[  278.343267][ T5164]  ? __virt_addr_valid+0x183/0x520
[  278.348368][ T5164]  print_report+0x169/0x550
[  278.352864][ T5164]  ? __virt_addr_valid+0x183/0x520
[  278.357974][ T5164]  ? __virt_addr_valid+0x183/0x520
[  278.363076][ T5164]  ? __virt_addr_valid+0x44e/0x520
[  278.368174][ T5164]  ? __phys_addr+0xba/0x170
[  278.372667][ T5164]  ? kfree_skb_reason+0x41/0x3b0
[  278.377595][ T5164]  kasan_report+0x143/0x180
[  278.382086][ T5164]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  278.388401][ T5164]  ? kfree_skb_reason+0x41/0x3b0
[  278.393352][ T5164]  kasan_check_range+0x282/0x290
[  278.398281][ T5164]  kfree_skb_reason+0x41/0x3b0
[  278.403034][ T5164]  __hci_req_sync+0x62f/0x950
[  278.407705][ T5164]  ? __pfx___hci_req_sync+0x10/0x10
[  278.412901][ T5164]  ? __pfx___mutex_lock+0x10/0x10
[  278.417918][ T5164]  ? __pfx_hci_scan_req+0x10/0x10
[  278.422928][ T5164]  hci_req_sync+0xa9/0xd0
[  278.427253][ T5164]  hci_dev_cmd+0x4c5/0xa50
[  278.431653][ T5164]  ? security_capable+0x90/0xb0
[  278.436505][ T5164]  ? __pfx_hci_dev_cmd+0x10/0x10
[  278.441431][ T5164]  ? hci_sock_ioctl+0x6c4/0xa40
[  278.446269][ T5164]  sock_do_ioctl+0x158/0x460
[  278.450852][ T5164]  ? __pfx_sock_do_ioctl+0x10/0x10
[  278.455962][ T5164]  sock_ioctl+0x629/0x8e0
[  278.460370][ T5164]  ? __pfx_sock_ioctl+0x10/0x10
[  278.465212][ T5164]  ? __fget_files+0x29/0x470
[  278.469794][ T5164]  ? __fget_files+0x3f6/0x470
[  278.474462][ T5164]  ? __fget_files+0x29/0x470
[  278.479042][ T5164]  ? bpf_lsm_file_ioctl+0x9/0x10
[  278.483968][ T5164]  ? security_file_ioctl+0x87/0xb0
[  278.489070][ T5164]  ? __pfx_sock_ioctl+0x10/0x10
[  278.493910][ T5164]  __se_sys_ioctl+0xfc/0x170
[  278.498490][ T5164]  do_syscall_64+0xf3/0x230
[  278.502987][ T5164]  ? clear_bhb_loop+0x35/0x90
[  278.507656][ T5164]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.513549][ T5164] RIP: 0033:0x7f32495756eb
[  278.517955][ T5164] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  278.537549][ T5164] RSP: 002b:00007ffe5e62cfe0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  278.545960][ T5164] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f32495756eb
[  278.553917][ T5164] RDX: 00007ffe5e62d058 RSI: 00000000400448dd RDI: 0000000000000003
[  278.561878][ T5164] RBP: 000055558ff6a4a8 R08: 0000000000000000 R09: 0000000000000000
[  278.569837][ T5164] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[  278.577798][ T5164] R13: 0000000000000000 R14: 0000000000000009 R15: 0000000000000009
[  278.585761][ T5164]  </TASK>
[  278.588767][ T5164] 
[  278.591084][ T5164] Allocated by task 5165:
[  278.595403][ T5164]  kasan_save_track+0x3f/0x80
[  278.600069][ T5164]  __kasan_slab_alloc+0x66/0x80
[  278.604906][ T5164]  kmem_cache_alloc_noprof+0x135/0x2a0
[  278.610356][ T5164]  skb_clone+0x20c/0x390
[  278.614586][ T5164]  hci_cmd_work+0x29e/0x670
[  278.619162][ T5164]  process_scheduled_works+0xa2c/0x1830
[  278.624690][ T5164]  worker_thread+0x86d/0xd70
[  278.629265][ T5164]  kthread+0x2f0/0x390
[  278.633320][ T5164]  ret_from_fork+0x4b/0x80
[  278.637748][ T5164]  ret_from_fork_asm+0x1a/0x30
[  278.642520][ T5164] 
[  278.644828][ T5164] Freed by task 5165:
[  278.648794][ T5164]  kasan_save_track+0x3f/0x80
[  278.653456][ T5164]  kasan_save_free_info+0x40/0x50
[  278.658471][ T5164]  poison_slab_object+0xe0/0x150
[  278.663396][ T5164]  __kasan_slab_free+0x37/0x60
[  278.668145][ T5164]  kmem_cache_free+0x145/0x350
[  278.672891][ T5164]  hci_req_sync_complete+0xe7/0x290
[  278.678087][ T5164]  hci_event_packet+0xc71/0x1540
[  278.683013][ T5164]  hci_rx_work+0x3e8/0xca0
[  278.687416][ T5164]  process_scheduled_works+0xa2c/0x1830
[  278.692944][ T5164]  worker_thread+0x86d/0xd70
[  278.697519][ T5164]  kthread+0x2f0/0x390
[  278.701574][ T5164]  ret_from_fork+0x4b/0x80
[  278.705975][ T5164]  ret_from_fork_asm+0x1a/0x30
[  278.710727][ T5164] 
[  278.713035][ T5164] The buggy address belongs to the object at ffff888063d09500
[  278.713035][ T5164]  which belongs to the cache skbuff_head_cache of size 240
[  278.727590][ T5164] The buggy address is located 228 bytes inside of
[  278.727590][ T5164]  freed 240-byte region [ffff888063d09500, ffff888063d095f0)
[  278.741367][ T5164] 
[  278.743672][ T5164] The buggy address belongs to the physical page:
[  278.750068][ T5164] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x63d09
[  278.758813][ T5164] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  278.765914][ T5164] page_type: 0xffffefff(slab)
[  278.770574][ T5164] raw: 00fff00000000000 ffff888018ae0780 dead000000000122 0000000000000000
[  278.779139][ T5164] raw: 0000000000000000 00000000800c000c 00000001ffffefff 0000000000000000
[  278.787700][ T5164] page dumped because: kasan: bad access detected
[  278.794103][ T5164] page_owner tracks the page as allocated
[  278.799983][ T5164] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4534, tgid 4534 (klogd), ts 278264839786, free_ts 278144238480
[  278.818716][ T5164]  post_alloc_hook+0x1f3/0x230
[  278.823468][ T5164]  get_page_from_freelist+0x2e43/0x2f00
[  278.829002][ T5164]  __alloc_pages_noprof+0x256/0x6c0
[  278.834187][ T5164]  alloc_slab_page+0x5f/0x120
[  278.838848][ T5164]  allocate_slab+0x5a/0x2f0
[  278.843333][ T5164]  ___slab_alloc+0xcd1/0x14b0
[  278.847992][ T5164]  __slab_alloc+0x58/0xa0
[  278.852301][ T5164]  kmem_cache_alloc_node_noprof+0x1fe/0x320
[  278.858180][ T5164]  __alloc_skb+0x1c3/0x440
[  278.862577][ T5164]  alloc_skb_with_frags+0xc3/0x770
[  278.867671][ T5164]  sock_alloc_send_pskb+0x91a/0xa60
[  278.872858][ T5164]  unix_dgram_sendmsg+0x6d3/0x1f80
[  278.877952][ T5164]  __sock_sendmsg+0x221/0x270
[  278.882615][ T5164]  __sys_sendto+0x3a4/0x4f0
[  278.887098][ T5164]  __x64_sys_sendto+0xde/0x100
[  278.891846][ T5164]  do_syscall_64+0xf3/0x230
[  278.896335][ T5164] page last free pid 5140 tgid 5140 stack trace:
[  278.902675][ T5164]  free_unref_page+0xd22/0xea0
[  278.907447][ T5164]  vfree+0x186/0x2e0
[  278.911338][ T5164]  kcov_close+0x2b/0x50
[  278.915486][ T5164]  __fput+0x406/0x8b0
[  278.919451][ T5164]  task_work_run+0x24f/0x310
[  278.924029][ T5164]  do_exit+0xa27/0x27e0
[  278.928174][ T5164]  do_group_exit+0x207/0x2c0
[  278.932749][ T5164]  get_signal+0x16a1/0x1740
[  278.937241][ T5164]  arch_do_signal_or_restart+0x96/0x860
[  278.942770][ T5164]  syscall_exit_to_user_mode+0xc9/0x370
[  278.948306][ T5164]  do_syscall_64+0x100/0x230
[  278.952884][ T5164]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.958769][ T5164] 
[  278.961078][ T5164] Memory state around the buggy address:
[  278.966701][ T5164]  ffff888063d09480: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  278.974762][ T5164]  ffff888063d09500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  278.982817][ T5164] >ffff888063d09580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  278.990861][ T5164]                                                        ^
[  278.998040][ T5164]  ffff888063d09600: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  279.006080][ T5164]  ffff888063d09680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  279.014119][ T5164] ==================================================================
[  279.036406][ T5164] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  279.043628][ T5164] CPU: 0 PID: 5164 Comm: syz-executor Not tainted 6.10.0-rc4-syzkaller-00194-gb1c4b4d45263 #0
[  279.053873][ T5164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  279.063938][ T5164] Call Trace:
[  279.067226][ T5164]  <TASK>
[  279.070163][ T5164]  dump_stack_lvl+0x241/0x360
[  279.074858][ T5164]  ? __pfx_dump_stack_lvl+0x10/0x10
[  279.080074][ T5164]  ? __pfx__printk+0x10/0x10
[  279.084677][ T5164]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  279.090673][ T5164]  ? vscnprintf+0x5d/0x90
[  279.095015][ T5164]  panic+0x349/0x860
[  279.098926][ T5164]  ? check_panic_on_warn+0x21/0xb0
[  279.104048][ T5164]  ? __pfx_panic+0x10/0x10
[  279.108477][ T5164]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  279.114464][ T5164]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  279.120802][ T5164]  check_panic_on_warn+0x86/0xb0
[  279.125760][ T5164]  ? kfree_skb_reason+0x41/0x3b0
[  279.130711][ T5164]  end_report+0x77/0x160
[  279.134969][ T5164]  kasan_report+0x154/0x180
[  279.139481][ T5164]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  279.145818][ T5164]  ? kfree_skb_reason+0x41/0x3b0
[  279.150772][ T5164]  kasan_check_range+0x282/0x290
[  279.155733][ T5164]  kfree_skb_reason+0x41/0x3b0
[  279.160516][ T5164]  __hci_req_sync+0x62f/0x950
[  279.165215][ T5164]  ? __pfx___hci_req_sync+0x10/0x10
[  279.170430][ T5164]  ? __pfx___mutex_lock+0x10/0x10
[  279.175471][ T5164]  ? __pfx_hci_scan_req+0x10/0x10
[  279.180504][ T5164]  hci_req_sync+0xa9/0xd0
[  279.184849][ T5164]  hci_dev_cmd+0x4c5/0xa50
[  279.189272][ T5164]  ? security_capable+0x90/0xb0
[  279.194136][ T5164]  ? __pfx_hci_dev_cmd+0x10/0x10
[  279.199085][ T5164]  ? hci_sock_ioctl+0x6c4/0xa40
[  279.203947][ T5164]  sock_do_ioctl+0x158/0x460
[  279.208569][ T5164]  ? __pfx_sock_do_ioctl+0x10/0x10
[  279.213703][ T5164]  sock_ioctl+0x629/0x8e0
[  279.218049][ T5164]  ? __pfx_sock_ioctl+0x10/0x10
[  279.222914][ T5164]  ? __fget_files+0x29/0x470
[  279.227522][ T5164]  ? __fget_files+0x3f6/0x470
[  279.232217][ T5164]  ? __fget_files+0x29/0x470
[  279.236824][ T5164]  ? bpf_lsm_file_ioctl+0x9/0x10
[  279.241771][ T5164]  ? security_file_ioctl+0x87/0xb0
[  279.246894][ T5164]  ? __pfx_sock_ioctl+0x10/0x10
[  279.251759][ T5164]  __se_sys_ioctl+0xfc/0x170
[  279.256359][ T5164]  do_syscall_64+0xf3/0x230
[  279.260873][ T5164]  ? clear_bhb_loop+0x35/0x90
[  279.265559][ T5164]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.271457][ T5164] RIP: 0033:0x7f32495756eb
[  279.275872][ T5164] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  279.295482][ T5164] RSP: 002b:00007ffe5e62cfe0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  279.303916][ T5164] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f32495756eb
[  279.311897][ T5164] RDX: 00007ffe5e62d058 RSI: 00000000400448dd RDI: 0000000000000003
[  279.319878][ T5164] RBP: 000055558ff6a4a8 R08: 0000000000000000 R09: 0000000000000000
[  279.327853][ T5164] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[  279.335826][ T5164] R13: 0000000000000000 R14: 0000000000000009 R15: 0000000000000009
[  279.343814][ T5164]  </TASK>
[  279.347050][ T5164] Kernel Offset: disabled
[  279.351367][ T5164] Rebooting in 86400 seconds..