Warning: Permanently added '10.128.0.160' (ED25519) to the list of known hosts.
2024/06/23 20:57:49 ignoring optional flag "sandboxArg"="0"
2024/06/23 20:57:49 parsed 1 programs
[   57.785184][ T5092] cgroup: Unknown subsys name 'net'
[   58.056821][ T5092] cgroup: Unknown subsys name 'rlimit'
[   59.200038][ T5106] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   59.523824][ T5131] chnl_net:caif_netlink_parms(): no params data found
[   59.599352][ T5131] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.607240][ T5131] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.614446][ T5131] bridge_slave_0: entered allmulticast mode
[   59.621816][ T5131] bridge_slave_0: entered promiscuous mode
[   59.631739][ T5131] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.639815][ T5131] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.647057][ T5131] bridge_slave_1: entered allmulticast mode
[   59.653821][ T5131] bridge_slave_1: entered promiscuous mode
[   59.685150][ T5131] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.697447][ T5131] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.724604][ T5131] team0: Port device team_slave_0 added
[   59.733220][ T5131] team0: Port device team_slave_1 added
[   59.757326][ T5131] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.764285][ T5131] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.791037][ T5131] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.804294][ T5131] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.811405][ T5131] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.837406][ T5131] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.874376][ T5131] hsr_slave_0: entered promiscuous mode
[   59.880755][ T5131] hsr_slave_1: entered promiscuous mode
[   59.992695][ T5131] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   60.004212][ T5131] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   60.013657][ T5131] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   60.023920][ T5131] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   60.051709][ T5131] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.059650][ T5131] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.068041][ T5131] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.075249][ T5131] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.133432][ T5131] 8021q: adding VLAN 0 to HW filter on device bond0
[   60.150708][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.160235][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.178766][ T5131] 8021q: adding VLAN 0 to HW filter on device team0
[   60.192805][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.200029][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[   60.213382][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.220759][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[   60.361536][ T5131] 8021q: adding VLAN 0 to HW filter on device batadv0
[   60.400905][ T5131] veth0_vlan: entered promiscuous mode
[   60.412903][ T5131] veth1_vlan: entered promiscuous mode
[   60.440234][ T5131] veth0_macvtap: entered promiscuous mode
[   60.449247][ T5131] veth1_macvtap: entered promiscuous mode
[   60.468024][ T5131] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.483174][ T5131] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.494444][ T5131] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.504659][ T5131] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.513898][ T5131] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.524190][ T5131] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.616569][ T5131] syz-executor.0 (5131) used greatest stack depth: 18352 bytes left
[   60.649026][ T2887] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.747826][ T2887] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.770918][ T1061] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.783439][ T1061] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.812625][ T2887] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   60.830972][ T1061] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.840618][ T1061] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.929691][ T2887] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   61.652308][ T5175] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   61.660692][ T5175] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   61.669103][ T5175] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   61.677682][ T5175] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   61.686137][ T5175] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   61.693783][ T5175] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   61.705888][ T5174] ==================================================================
[   61.713974][ T5174] BUG: KASAN: slab-use-after-free in sk_skb_reason_drop+0x44/0x3d0
[   61.721874][ T5174] Read of size 4 at addr ffff8880659b7c24 by task syz-executor.0/5174
[   61.730020][ T5174] 
[   61.732345][ T5174] CPU: 0 PID: 5174 Comm: syz-executor.0 Not tainted 6.10.0-rc4-syzkaller-00874-g84562f9953ec #0
[   61.742768][ T5174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   61.752842][ T5174] Call Trace:
[   61.756132][ T5174]  <TASK>
[   61.759053][ T5174]  dump_stack_lvl+0x241/0x360
[   61.763733][ T5174]  ? __pfx_dump_stack_lvl+0x10/0x10
[   61.768930][ T5174]  ? __pfx__printk+0x10/0x10
[   61.773542][ T5174]  ? _printk+0xd5/0x120
[   61.777693][ T5174]  ? __virt_addr_valid+0x183/0x520
[   61.782803][ T5174]  ? __virt_addr_valid+0x183/0x520
[   61.787907][ T5174]  print_report+0x169/0x550
[   61.792415][ T5174]  ? __virt_addr_valid+0x183/0x520
[   61.797518][ T5174]  ? __virt_addr_valid+0x183/0x520
[   61.802624][ T5174]  ? __virt_addr_valid+0x44e/0x520
[   61.807745][ T5174]  ? __phys_addr+0xba/0x170
[   61.812248][ T5174]  ? sk_skb_reason_drop+0x44/0x3d0
[   61.817356][ T5174]  kasan_report+0x143/0x180
[   61.821856][ T5174]  ? sk_skb_reason_drop+0x44/0x3d0
[   61.826963][ T5174]  kasan_check_range+0x282/0x290
[   61.831894][ T5174]  sk_skb_reason_drop+0x44/0x3d0
[   61.836825][ T5174]  __hci_req_sync+0x631/0x950
[   61.841782][ T5174]  ? __pfx___hci_req_sync+0x10/0x10
[   61.846991][ T5174]  ? __pfx___mutex_lock+0x10/0x10
[   61.852012][ T5174]  ? __pfx_hci_scan_req+0x10/0x10
[   61.857035][ T5174]  hci_req_sync+0xa9/0xd0
[   61.861362][ T5174]  hci_dev_cmd+0x4c5/0xa50
[   61.865770][ T5174]  ? security_capable+0x90/0xb0
[   61.870629][ T5174]  ? __pfx_hci_dev_cmd+0x10/0x10
[   61.875561][ T5174]  ? hci_sock_ioctl+0x6c6/0xa40
[   61.880403][ T5174]  sock_do_ioctl+0x158/0x460
[   61.884990][ T5174]  ? __pfx_sock_do_ioctl+0x10/0x10
[   61.890194][ T5174]  sock_ioctl+0x629/0x8e0
[   61.894526][ T5174]  ? __pfx_sock_ioctl+0x10/0x10
[   61.899373][ T5174]  ? __fget_files+0x29/0x470
[   61.903957][ T5174]  ? __fget_files+0x3f6/0x470
[   61.908629][ T5174]  ? __fget_files+0x29/0x470
[   61.913218][ T5174]  ? bpf_lsm_file_ioctl+0x9/0x10
[   61.918189][ T5174]  ? security_file_ioctl+0x87/0xb0
[   61.923383][ T5174]  ? __pfx_sock_ioctl+0x10/0x10
[   61.928234][ T5174]  __se_sys_ioctl+0xfc/0x170
[   61.933005][ T5174]  do_syscall_64+0xf3/0x230
[   61.937591][ T5174]  ? clear_bhb_loop+0x35/0x90
[   61.942270][ T5174]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   61.948176][ T5174] RIP: 0033:0x7f933f27ce0b
[   61.952588][ T5174] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   61.972366][ T5174] RSP: 002b:00007ffe546c6fc0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   61.980862][ T5174] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f933f27ce0b
[   61.988821][ T5174] RDX: 00007ffe546c7038 RSI: 00000000400448dd RDI: 0000000000000003
[   61.996779][ T5174] RBP: 000055558c4c3430 R08: 0000000000000000 R09: 0000000000000000
[   62.004739][ T5174] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[   62.012791][ T5174] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
[   62.020785][ T5174]  </TASK>
[   62.023792][ T5174] 
[   62.026099][ T5174] Allocated by task 4493:
[   62.030407][ T5174]  kasan_save_track+0x3f/0x80
[   62.035092][ T5174]  __kasan_slab_alloc+0x66/0x80
[   62.039934][ T5174]  kmem_cache_alloc_noprof+0x135/0x2a0
[   62.045390][ T5174]  skb_clone+0x20c/0x390
[   62.049644][ T5174]  hci_cmd_work+0x2a2/0x670
[   62.054143][ T5174]  process_scheduled_works+0xa2c/0x1830
[   62.059678][ T5174]  worker_thread+0x86d/0xd70
[   62.064256][ T5174]  kthread+0x2f0/0x390
[   62.068420][ T5174]  ret_from_fork+0x4b/0x80
[   62.072826][ T5174]  ret_from_fork_asm+0x1a/0x30
[   62.077580][ T5174] 
[   62.079889][ T5174] Freed by task 4493:
[   62.083855][ T5174]  kasan_save_track+0x3f/0x80
[   62.088523][ T5174]  kasan_save_free_info+0x40/0x50
[   62.093537][ T5174]  poison_slab_object+0xe0/0x150
[   62.098463][ T5174]  __kasan_slab_free+0x37/0x60
[   62.103217][ T5174]  kmem_cache_free+0x145/0x350
[   62.107969][ T5174]  hci_req_sync_complete+0xe8/0x290
[   62.113158][ T5174]  hci_event_packet+0xc75/0x1540
[   62.118088][ T5174]  hci_rx_work+0x3e8/0xca0
[   62.122515][ T5174]  process_scheduled_works+0xa2c/0x1830
[   62.128077][ T5174]  worker_thread+0x86d/0xd70
[   62.132659][ T5174]  kthread+0x2f0/0x390
[   62.136718][ T5174]  ret_from_fork+0x4b/0x80
[   62.141216][ T5174]  ret_from_fork_asm+0x1a/0x30
[   62.145974][ T5174] 
[   62.148295][ T5174] The buggy address belongs to the object at ffff8880659b7b40
[   62.148295][ T5174]  which belongs to the cache skbuff_head_cache of size 240
[   62.162859][ T5174] The buggy address is located 228 bytes inside of
[   62.162859][ T5174]  freed 240-byte region [ffff8880659b7b40, ffff8880659b7c30)
[   62.176653][ T5174] 
[   62.178963][ T5174] The buggy address belongs to the physical page:
[   62.185378][ T5174] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x659b7
[   62.194126][ T5174] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[   62.201240][ T5174] page_type: 0xffffefff(slab)
[   62.205905][ T5174] raw: 00fff00000000000 ffff888018e98780 dead000000000122 0000000000000000
[   62.214480][ T5174] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[   62.223048][ T5174] page dumped because: kasan: bad access detected
[   62.229452][ T5174] page_owner tracks the page as allocated
[   62.235151][ T5174] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5175, tgid 5175 (kworker/u9:2), ts 61702947833, free_ts 61656603903
[   62.254345][ T5174]  post_alloc_hook+0x1f3/0x230
[   62.259120][ T5174]  get_page_from_freelist+0x2e43/0x2f00
[   62.264670][ T5174]  __alloc_pages_noprof+0x256/0x6c0
[   62.269859][ T5174]  alloc_slab_page+0x5f/0x120
[   62.274528][ T5174]  allocate_slab+0x5a/0x2f0
[   62.279082][ T5174]  ___slab_alloc+0xcd1/0x14b0
[   62.284275][ T5174]  __slab_alloc+0x58/0xa0
[   62.288684][ T5174]  kmem_cache_alloc_noprof+0x1c1/0x2a0
[   62.294135][ T5174]  skb_clone+0x20c/0x390
[   62.298458][ T5174]  hci_cmd_work+0x2a2/0x670
[   62.302949][ T5174]  process_scheduled_works+0xa2c/0x1830
[   62.308483][ T5174]  worker_thread+0x86d/0xd70
[   62.313128][ T5174]  kthread+0x2f0/0x390
[   62.317269][ T5174]  ret_from_fork+0x4b/0x80
[   62.321729][ T5174]  ret_from_fork_asm+0x1a/0x30
[   62.326493][ T5174] page last free pid 5167 tgid 5167 stack trace:
[   62.332799][ T5174]  free_unref_page+0xd22/0xea0
[   62.337552][ T5174]  vfree+0x186/0x2e0
[   62.341433][ T5174]  kcov_close+0x2b/0x50
[   62.345578][ T5174]  __fput+0x406/0x8b0
[   62.349545][ T5174]  task_work_run+0x24f/0x310
[   62.354298][ T5174]  do_exit+0xa27/0x27e0
[   62.358445][ T5174]  do_group_exit+0x207/0x2c0
[   62.363024][ T5174]  get_signal+0x16a1/0x1740
[   62.367519][ T5174]  arch_do_signal_or_restart+0x96/0x860
[   62.373405][ T5174]  syscall_exit_to_user_mode+0xc9/0x370
[   62.378948][ T5174]  do_syscall_64+0x100/0x230
[   62.383530][ T5174]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   62.389418][ T5174] 
[   62.391727][ T5174] Memory state around the buggy address:
[   62.397342][ T5174]  ffff8880659b7b00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   62.405432][ T5174]  ffff8880659b7b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   62.413483][ T5174] >ffff8880659b7c00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[   62.421533][ T5174]                                ^
[   62.426632][ T5174]  ffff8880659b7c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   62.434679][ T5174]  ffff8880659b7d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[   62.442726][ T5174] ==================================================================
[   62.452963][ T5174] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   62.460278][ T5174] CPU: 1 PID: 5174 Comm: syz-executor.0 Not tainted 6.10.0-rc4-syzkaller-00874-g84562f9953ec #0
[   62.470680][ T5174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   62.480750][ T5174] Call Trace:
[   62.484029][ T5174]  <TASK>
[   62.486952][ T5174]  dump_stack_lvl+0x241/0x360
[   62.491630][ T5174]  ? __pfx_dump_stack_lvl+0x10/0x10
[   62.496823][ T5174]  ? __pfx__printk+0x10/0x10
[   62.501411][ T5174]  ? preempt_schedule+0xe1/0xf0
[   62.506262][ T5174]  ? vscnprintf+0x5d/0x90
[   62.510586][ T5174]  panic+0x349/0x860
[   62.514476][ T5174]  ? check_panic_on_warn+0x21/0xb0
[   62.520114][ T5174]  ? __pfx_panic+0x10/0x10
[   62.524526][ T5174]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   62.530609][ T5174]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   62.536936][ T5174]  ? print_report+0x502/0x550
[   62.541696][ T5174]  check_panic_on_warn+0x86/0xb0
[   62.546629][ T5174]  ? sk_skb_reason_drop+0x44/0x3d0
[   62.551732][ T5174]  end_report+0x77/0x160
[   62.555971][ T5174]  kasan_report+0x154/0x180
[   62.560469][ T5174]  ? sk_skb_reason_drop+0x44/0x3d0
[   62.565762][ T5174]  kasan_check_range+0x282/0x290
[   62.570718][ T5174]  sk_skb_reason_drop+0x44/0x3d0
[   62.575657][ T5174]  __hci_req_sync+0x631/0x950
[   62.580341][ T5174]  ? __pfx___hci_req_sync+0x10/0x10
[   62.585539][ T5174]  ? __pfx___mutex_lock+0x10/0x10
[   62.590573][ T5174]  ? __pfx_hci_scan_req+0x10/0x10
[   62.595600][ T5174]  hci_req_sync+0xa9/0xd0
[   62.599925][ T5174]  hci_dev_cmd+0x4c5/0xa50
[   62.604331][ T5174]  ? security_capable+0x90/0xb0
[   62.609185][ T5174]  ? __pfx_hci_dev_cmd+0x10/0x10
[   62.614125][ T5174]  ? hci_sock_ioctl+0x6c6/0xa40
[   62.618976][ T5174]  sock_do_ioctl+0x158/0x460
[   62.623569][ T5174]  ? __pfx_sock_do_ioctl+0x10/0x10
[   62.628688][ T5174]  sock_ioctl+0x629/0x8e0
[   62.633019][ T5174]  ? __pfx_sock_ioctl+0x10/0x10
[   62.637862][ T5174]  ? __fget_files+0x29/0x470
[   62.642447][ T5174]  ? __fget_files+0x3f6/0x470
[   62.647151][ T5174]  ? __fget_files+0x29/0x470
[   62.651766][ T5174]  ? bpf_lsm_file_ioctl+0x9/0x10
[   62.656698][ T5174]  ? security_file_ioctl+0x87/0xb0
[   62.661804][ T5174]  ? __pfx_sock_ioctl+0x10/0x10
[   62.666651][ T5174]  __se_sys_ioctl+0xfc/0x170
[   62.671347][ T5174]  do_syscall_64+0xf3/0x230
[   62.675859][ T5174]  ? clear_bhb_loop+0x35/0x90
[   62.680557][ T5174]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   62.686466][ T5174] RIP: 0033:0x7f933f27ce0b
[   62.690873][ T5174] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[   62.710470][ T5174] RSP: 002b:00007ffe546c6fc0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   62.718878][ T5174] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f933f27ce0b
[   62.726841][ T5174] RDX: 00007ffe546c7038 RSI: 00000000400448dd RDI: 0000000000000003
[   62.734802][ T5174] RBP: 000055558c4c3430 R08: 0000000000000000 R09: 0000000000000000
[   62.742762][ T5174] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[   62.750727][ T5174] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
[   62.758697][ T5174]  </TASK>
[   62.761845][ T5174] Kernel Offset: disabled
[   62.766242][ T5174] Rebooting in 86400 seconds..