Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts.
[   72.824042][   T45] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   72.832719][   T45] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   72.841039][   T45] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   72.849628][   T45] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   72.857291][   T45] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   72.864741][   T45] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   74.909608][    T6] Bluetooth: hci0: command 0x0409 tx timeout
[   76.581610][  T141] cfg80211: failed to load regulatory.db
[   76.978570][    T6] Bluetooth: hci0: command 0x041b tx timeout
[   79.068668][    T6] Bluetooth: hci0: command 0x040f tx timeout
[   81.138625][  T141] Bluetooth: hci0: command 0x0419 tx timeout
[   83.218602][  T141] Bluetooth: hci0: command 0x0405 tx timeout
[   85.298564][    T6] Bluetooth: hci0: command 0x0405 tx timeout
[  113.059600][  T141] ==================================================================
[  113.067833][  T141] BUG: KASAN: use-after-free in sco_sock_timeout+0x64/0x290
[  113.075144][  T141] Write of size 4 at addr ffff888074aac080 by task kworker/1:2/141
[  113.083134][  T141] 
[  113.085561][  T141] CPU: 1 PID: 141 Comm: kworker/1:2 Not tainted 5.17.0-rc4-syzkaller-01424-g922ea87ff6f2-dirty #0
[  113.096158][  T141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  113.106213][  T141] Workqueue: events sco_sock_timeout
[  113.111576][  T141] Call Trace:
[  113.114863][  T141]  <TASK>
[  113.117798][  T141]  dump_stack_lvl+0xcd/0x134
[  113.122390][  T141]  print_address_description.constprop.0.cold+0x8d/0x336
[  113.129501][  T141]  ? sco_sock_timeout+0x64/0x290
[  113.134427][  T141]  ? sco_sock_timeout+0x64/0x290
[  113.139349][  T141]  kasan_report.cold+0x83/0xdf
[  113.144532][  T141]  ? sco_sock_timeout+0x64/0x290
[  113.149457][  T141]  kasan_check_range+0x13d/0x180
[  113.154478][  T141]  sco_sock_timeout+0x64/0x290
[  113.159424][  T141]  process_one_work+0x9ac/0x1650
[  113.164376][  T141]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[  113.170031][  T141]  ? rwlock_bug.part.0+0x90/0x90
[  113.174962][  T141]  ? _raw_spin_lock_irq+0x41/0x50
[  113.179991][  T141]  worker_thread+0x657/0x1110
[  113.184687][  T141]  ? process_one_work+0x1650/0x1650
[  113.189885][  T141]  kthread+0x2e9/0x3a0
[  113.194127][  T141]  ? kthread_complete_and_exit+0x40/0x40
[  113.200053][  T141]  ret_from_fork+0x1f/0x30
[  113.204501][  T141]  </TASK>
[  113.207517][  T141] 
[  113.209830][  T141] Allocated by task 4058:
[  113.214232][  T141]  kasan_save_stack+0x1e/0x40
[  113.218907][  T141]  __kasan_kmalloc+0xa9/0xd0
[  113.223754][  T141]  sk_prot_alloc+0x110/0x290
[  113.228339][  T141]  sk_alloc+0x32/0xa80
[  113.232490][  T141]  sco_sock_alloc.constprop.0+0x31/0x330
[  113.238119][  T141]  sco_sock_create+0xd5/0x1b0
[  113.242787][  T141]  bt_sock_create+0x17c/0x340
[  113.247461][  T141]  __sock_create+0x353/0x790
[  113.252058][  T141]  __sys_socket+0xef/0x200
[  113.256476][  T141]  __x64_sys_socket+0x6f/0xb0
[  113.261163][  T141]  do_syscall_64+0x35/0xb0
[  113.265572][  T141]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  113.271554][  T141] 
[  113.273863][  T141] Freed by task 4059:
[  113.277828][  T141]  kasan_save_stack+0x1e/0x40
[  113.284530][  T141]  kasan_set_track+0x21/0x30
[  113.289118][  T141]  kasan_set_free_info+0x20/0x30
[  113.294222][  T141]  ____kasan_slab_free+0x126/0x160
[  113.299411][  T141]  slab_free_freelist_hook+0x8b/0x1c0
[  113.304778][  T141]  kfree+0xd0/0x390
[  113.308584][  T141]  __sk_destruct+0x6c0/0x920
[  113.313256][  T141]  sk_destruct+0x131/0x180
[  113.317661][  T141]  __sk_free+0xef/0x3d0
[  113.321893][  T141]  sk_free+0x78/0xa0
[  113.325782][  T141]  sco_sock_kill+0x18d/0x1b0
[  113.330387][  T141]  sco_sock_release+0x155/0x2c0
[  113.335227][  T141]  __sock_release+0xcd/0x280
[  113.339810][  T141]  sock_close+0x18/0x20
[  113.343958][  T141]  __fput+0x286/0x9f0
[  113.347933][  T141]  task_work_run+0xdd/0x1a0
[  113.352429][  T141]  get_signal+0x1de2/0x2490
[  113.356928][  T141]  arch_do_signal_or_restart+0x2a9/0x1c40
[  113.362730][  T141]  exit_to_user_mode_prepare+0x17d/0x290
[  113.368360][  T141]  syscall_exit_to_user_mode+0x19/0x60
[  113.373808][  T141]  do_syscall_64+0x42/0xb0
[  113.378217][  T141]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  113.384116][  T141] 
[  113.386445][  T141] The buggy address belongs to the object at ffff888074aac000
[  113.386445][  T141]  which belongs to the cache kmalloc-2k of size 2048
[  113.400584][  T141] The buggy address is located 128 bytes inside of
[  113.400584][  T141]  2048-byte region [ffff888074aac000, ffff888074aac800)
[  113.413944][  T141] The buggy address belongs to the page:
[  113.419561][  T141] page:ffffea0001d2aa00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x74aa8
[  113.429714][  T141] head:ffffea0001d2aa00 order:3 compound_mapcount:0 compound_pincount:0
[  113.438027][  T141] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  113.446141][  T141] raw: 00fff00000010200 ffffea000078ac00 dead000000000002 ffff888010c42000
[  113.454715][  T141] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[  113.463280][  T141] page dumped because: kasan: bad access detected
[  113.469694][  T141] page_owner tracks the page as allocated
[  113.475391][  T141] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3593, ts 45984233319, free_ts 45950800073
[  113.494774][  T141]  get_page_from_freelist+0xa72/0x2f50
[  113.500237][  T141]  __alloc_pages+0x1b2/0x500
[  113.504831][  T141]  alloc_pages+0x1aa/0x310
[  113.509239][  T141]  allocate_slab+0x27f/0x3c0
[  113.513828][  T141]  ___slab_alloc+0xbe1/0x12b0
[  113.518503][  T141]  __slab_alloc.constprop.0+0x4d/0xa0
[  113.523884][  T141]  __kmalloc+0x372/0x450
[  113.528127][  T141]  __register_sysctl_table+0x112/0x1090
[  113.533669][  T141]  __devinet_sysctl_register+0x156/0x280
[  113.539382][  T141]  devinet_sysctl_register+0x160/0x230
[  113.544837][  T141]  inetdev_init+0x286/0x580
[  113.549335][  T141]  inetdev_event+0xa8a/0x15d0
[  113.554004][  T141]  notifier_call_chain+0xb5/0x200
[  113.559027][  T141]  call_netdevice_notifiers_info+0xb5/0x130
[  113.564914][  T141]  register_netdevice+0x1102/0x15a0
[  113.570108][  T141]  veth_newlink+0x59c/0xa90
[  113.574609][  T141] page last free stack trace:
[  113.579354][  T141]  free_pcp_prepare+0x374/0x870
[  113.584197][  T141]  free_unref_page+0x19/0x690
[  113.588868][  T141]  __unfreeze_partials+0x320/0x340
[  113.593977][  T141]  qlist_free_all+0x6d/0x160
[  113.598560][  T141]  kasan_quarantine_reduce+0x180/0x200
[  113.604101][  T141]  __kasan_slab_alloc+0xa2/0xc0
[  113.608941][  T141]  kmem_cache_alloc_trace+0x258/0x3d0
[  113.614500][  T141]  ref_tracker_alloc+0x14c/0x550
[  113.619466][  T141]  netdev_queue_update_kobjects+0x1a7/0x4e0
[  113.625462][  T141]  netdev_register_kobject+0x35a/0x430
[  113.631018][  T141]  register_netdevice+0xd9d/0x15a0
[  113.636131][  T141]  veth_newlink+0x405/0xa90
[  113.640637][  T141]  __rtnl_newlink+0x107c/0x1760
[  113.645608][  T141]  rtnl_newlink+0x64/0xa0
[  113.649957][  T141]  rtnetlink_rcv_msg+0x413/0xb80
[  113.655000][  T141]  netlink_rcv_skb+0x153/0x420
[  113.660015][  T141] 
[  113.662354][  T141] Memory state around the buggy address:
[  113.667973][  T141]  ffff888074aabf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  113.676206][  T141]  ffff888074aac000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  113.684300][  T141] >ffff888074aac080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  113.692359][  T141]                    ^
[  113.696429][  T141]  ffff888074aac100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  113.704760][  T141]  ffff888074aac180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  113.712809][  T141] ==================================================================
[  113.721218][  T141] Disabling lock debugging due to kernel taint
[  113.727577][  T141] Kernel panic - not syncing: panic_on_warn set ...
[  113.734170][  T141] CPU: 1 PID: 141 Comm: kworker/1:2 Tainted: G    B             5.17.0-rc4-syzkaller-01424-g922ea87ff6f2-dirty #0
[  113.746150][  T141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  113.756210][  T141] Workqueue: events sco_sock_timeout
[  113.761509][  T141] Call Trace:
[  113.764955][  T141]  <TASK>
[  113.767879][  T141]  dump_stack_lvl+0xcd/0x134
[  113.772577][  T141]  panic+0x2b0/0x6dd
[  113.776548][  T141]  ? __warn_printk+0xf3/0xf3
[  113.781212][  T141]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[  113.787444][  T141]  ? trace_hardirqs_on+0x38/0x1c0
[  113.792545][  T141]  ? trace_hardirqs_on+0x51/0x1c0
[  113.797562][  T141]  ? sco_sock_timeout+0x64/0x290
[  113.802487][  T141]  ? sco_sock_timeout+0x64/0x290
[  113.807414][  T141]  end_report.cold+0x63/0x6f
[  113.811998][  T141]  kasan_report.cold+0x71/0xdf
[  113.816770][  T141]  ? sco_sock_timeout+0x64/0x290
[  113.821785][  T141]  kasan_check_range+0x13d/0x180
[  113.826888][  T141]  sco_sock_timeout+0x64/0x290
[  113.831726][  T141]  process_one_work+0x9ac/0x1650
[  113.836662][  T141]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[  113.842022][  T141]  ? rwlock_bug.part.0+0x90/0x90
[  113.846962][  T141]  ? _raw_spin_lock_irq+0x41/0x50
[  113.851977][  T141]  worker_thread+0x657/0x1110
[  113.856647][  T141]  ? process_one_work+0x1650/0x1650
[  113.861834][  T141]  kthread+0x2e9/0x3a0
[  113.865911][  T141]  ? kthread_complete_and_exit+0x40/0x40
[  113.871536][  T141]  ret_from_fork+0x1f/0x30
[  113.875948][  T141]  </TASK>
[  113.879164][  T141] Kernel Offset: disabled
[  113.883734][  T141] Rebooting in 86400 seconds..