Warning: Permanently added '10.128.1.65' (ED25519) to the list of known hosts.
2024/06/01 04:10:30 ignoring optional flag "sandboxArg"="0"
2024/06/01 04:10:30 parsed 1 programs
[  767.170783][ T5143] cgroup: Unknown subsys name 'net'
[  767.426091][ T5143] cgroup: Unknown subsys name 'rlimit'
[  768.500805][ T5161] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  769.994933][ T2799] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  770.018779][ T2799] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  770.051929][ T2799] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  770.061329][ T2799] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  770.749197][ T5221] chnl_net:caif_netlink_parms(): no params data found
[  770.826727][ T5221] bridge0: port 1(bridge_slave_0) entered blocking state
[  770.834609][ T5221] bridge0: port 1(bridge_slave_0) entered disabled state
[  770.842361][ T5221] bridge_slave_0: entered allmulticast mode
[  770.849325][ T5221] bridge_slave_0: entered promiscuous mode
[  770.858953][ T5221] bridge0: port 2(bridge_slave_1) entered blocking state
[  770.866201][ T5221] bridge0: port 2(bridge_slave_1) entered disabled state
[  770.873697][ T5221] bridge_slave_1: entered allmulticast mode
[  770.881090][ T5221] bridge_slave_1: entered promiscuous mode
[  770.907681][ T5221] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  770.918825][ T5221] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  770.950096][ T5221] team0: Port device team_slave_0 added
[  771.006849][ T5221] team0: Port device team_slave_1 added
[  771.052472][ T5221] batman_adv: batadv0: Adding interface: batadv_slave_0
[  771.059453][ T5221] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  771.086068][ T5221] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  771.102834][ T5221] batman_adv: batadv0: Adding interface: batadv_slave_1
[  771.110007][ T5221] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  771.140521][ T5221] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  771.179058][ T5221] hsr_slave_0: entered promiscuous mode
[  771.185396][ T5221] hsr_slave_1: entered promiscuous mode
[  771.307546][ T5221] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  771.318832][ T5221] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  771.330469][ T5221] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  771.341888][ T5221] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  771.417500][ T5221] 8021q: adding VLAN 0 to HW filter on device bond0
[  771.437955][ T5221] 8021q: adding VLAN 0 to HW filter on device team0
[  771.449277][ T2528] bridge0: port 1(bridge_slave_0) entered blocking state
[  771.456660][ T2528] bridge0: port 1(bridge_slave_0) entered forwarding state
[  771.473493][ T5081] bridge0: port 2(bridge_slave_1) entered blocking state
[  771.480680][ T5081] bridge0: port 2(bridge_slave_1) entered forwarding state
[  771.520625][ T5221] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  771.623367][ T5221] 8021q: adding VLAN 0 to HW filter on device batadv0
[  771.661242][ T5221] veth0_vlan: entered promiscuous mode
[  771.677692][ T5221] veth1_vlan: entered promiscuous mode
[  771.706029][ T5221] veth0_macvtap: entered promiscuous mode
[  771.715247][ T5221] veth1_macvtap: entered promiscuous mode
[  771.733151][ T5221] batman_adv: batadv0: Interface activated: batadv_slave_0
[  771.748458][ T5221] batman_adv: batadv0: Interface activated: batadv_slave_1
[  771.760819][ T5221] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  771.770184][ T5221] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  771.778898][ T5221] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  771.787953][ T5221] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  771.912599][ T5228] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  771.943246][   T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  771.951859][   T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  771.959520][   T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  771.968918][   T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  771.982379][   T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  771.983060][ T5228] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  771.990657][   T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  772.011200][ T5238] ==================================================================
[  772.019288][ T5238] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x41/0x3b0
[  772.027037][ T5238] Read of size 4 at addr ffff888026ade224 by task syz-executor.0/5238
[  772.035190][ T5238] 
[  772.037502][ T5238] CPU: 0 PID: 5238 Comm: syz-executor.0 Not tainted 6.10.0-rc1-next-20240531-syzkaller #0
[  772.047379][ T5238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  772.057529][ T5238] Call Trace:
[  772.060811][ T5238]  <TASK>
[  772.063732][ T5238]  dump_stack_lvl+0x241/0x360
[  772.068393][ T5238]  ? __pfx_dump_stack_lvl+0x10/0x10
[  772.073572][ T5238]  ? __pfx__printk+0x10/0x10
[  772.078147][ T5238]  ? _printk+0xd5/0x120
[  772.082284][ T5238]  ? __virt_addr_valid+0x183/0x520
[  772.087380][ T5238]  ? __virt_addr_valid+0x183/0x520
[  772.092483][ T5238]  print_report+0x169/0x550
[  772.096974][ T5238]  ? __virt_addr_valid+0x183/0x520
[  772.102070][ T5238]  ? __virt_addr_valid+0x183/0x520
[  772.107163][ T5238]  ? __virt_addr_valid+0x44e/0x520
[  772.112256][ T5238]  ? __phys_addr+0xba/0x170
[  772.116743][ T5238]  ? kfree_skb_reason+0x41/0x3b0
[  772.121685][ T5238]  kasan_report+0x143/0x180
[  772.126190][ T5238]  ? kfree_skb_reason+0x41/0x3b0
[  772.131134][ T5238]  kasan_check_range+0x282/0x290
[  772.136068][ T5238]  kfree_skb_reason+0x41/0x3b0
[  772.140837][ T5238]  __hci_req_sync+0x62f/0x950
[  772.145522][ T5238]  ? __pfx___hci_req_sync+0x10/0x10
[  772.150716][ T5238]  ? __pfx___mutex_lock+0x10/0x10
[  772.155756][ T5238]  ? __pfx_autoremove_wake_function+0x10/0x10
[  772.161812][ T5238]  ? __pfx_hci_scan_req+0x10/0x10
[  772.166821][ T5238]  hci_req_sync+0xa9/0xd0
[  772.171154][ T5238]  hci_dev_cmd+0x4c5/0xa50
[  772.175579][ T5238]  ? security_capable+0x90/0xb0
[  772.180449][ T5238]  ? __pfx_hci_dev_cmd+0x10/0x10
[  772.185403][ T5238]  ? hci_sock_ioctl+0x6c4/0xa40
[  772.190242][ T5238]  sock_do_ioctl+0x158/0x460
[  772.194822][ T5238]  ? __pfx_sock_do_ioctl+0x10/0x10
[  772.199930][ T5238]  sock_ioctl+0x629/0x8e0
[  772.204260][ T5238]  ? __pfx_sock_ioctl+0x10/0x10
[  772.209091][ T5238]  ? __fget_files+0x29/0x470
[  772.213677][ T5238]  ? __fget_files+0x3f6/0x470
[  772.218343][ T5238]  ? __fget_files+0x29/0x470
[  772.222916][ T5238]  ? bpf_lsm_file_ioctl+0x9/0x10
[  772.227835][ T5238]  ? security_file_ioctl+0x87/0xb0
[  772.232935][ T5238]  ? __pfx_sock_ioctl+0x10/0x10
[  772.237770][ T5238]  __se_sys_ioctl+0xfc/0x170
[  772.242349][ T5238]  do_syscall_64+0xf3/0x230
[  772.246836][ T5238]  ? clear_bhb_loop+0x35/0x90
[  772.251498][ T5238]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  772.257383][ T5238] RIP: 0033:0x7f77c147cc4b
[  772.261784][ T5238] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  772.281373][ T5238] RSP: 002b:00007fff046263f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  772.289790][ T5238] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f77c147cc4b
[  772.297765][ T5238] RDX: 00007fff04626468 RSI: 00000000400448dd RDI: 0000000000000003
[  772.305732][ T5238] RBP: 00005555722ed430 R08: 0000000000000000 R09: 0000000000000000
[  772.313693][ T5238] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[  772.321659][ T5238] R13: 0000000000000000 R14: 0000000000000001 R15: 00000000fffffff1
[  772.329620][ T5238]  </TASK>
[  772.332622][ T5238] 
[  772.334926][ T5238] Allocated by task 53:
[  772.339054][ T5238]  kasan_save_track+0x3f/0x80
[  772.343720][ T5238]  __kasan_slab_alloc+0x66/0x80
[  772.348563][ T5238]  kmem_cache_alloc_noprof+0x135/0x2a0
[  772.354093][ T5238]  skb_clone+0x20c/0x390
[  772.358313][ T5238]  hci_cmd_work+0x29e/0x670
[  772.362832][ T5238]  process_scheduled_works+0xa2c/0x1830
[  772.368357][ T5238]  worker_thread+0x86d/0xd50
[  772.372933][ T5238]  kthread+0x2f0/0x390
[  772.376987][ T5238]  ret_from_fork+0x4b/0x80
[  772.381384][ T5238]  ret_from_fork_asm+0x1a/0x30
[  772.386131][ T5238] 
[  772.388430][ T5238] Freed by task 53:
[  772.392247][ T5238]  kasan_save_track+0x3f/0x80
[  772.396905][ T5238]  kasan_save_free_info+0x40/0x50
[  772.401911][ T5238]  poison_slab_object+0xe0/0x150
[  772.406833][ T5238]  __kasan_slab_free+0x37/0x60
[  772.411591][ T5238]  kmem_cache_free+0x145/0x350
[  772.416335][ T5238]  hci_req_sync_complete+0xe7/0x290
[  772.421513][ T5238]  hci_event_packet+0xc71/0x1540
[  772.426433][ T5238]  hci_rx_work+0x3e8/0xca0
[  772.430834][ T5238]  process_scheduled_works+0xa2c/0x1830
[  772.436365][ T5238]  worker_thread+0x86d/0xd50
[  772.440936][ T5238]  kthread+0x2f0/0x390
[  772.444983][ T5238]  ret_from_fork+0x4b/0x80
[  772.449378][ T5238]  ret_from_fork_asm+0x1a/0x30
[  772.454130][ T5238] 
[  772.456440][ T5238] The buggy address belongs to the object at ffff888026ade140
[  772.456440][ T5238]  which belongs to the cache skbuff_head_cache of size 240
[  772.470992][ T5238] The buggy address is located 228 bytes inside of
[  772.470992][ T5238]  freed 240-byte region [ffff888026ade140, ffff888026ade230)
[  772.484773][ T5238] 
[  772.487080][ T5238] The buggy address belongs to the physical page:
[  772.493475][ T5238] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26ade
[  772.502332][ T5238] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  772.509445][ T5238] page_type: 0xfdffffff(slab)
[  772.514115][ T5238] raw: 00fff00000000000 ffff888018ecd780 dead000000000122 0000000000000000
[  772.522684][ T5238] raw: 0000000000000000 00000000000c000c 00000001fdffffff 0000000000000000
[  772.531258][ T5238] page dumped because: kasan: bad access detected
[  772.537685][ T5238] page_owner tracks the page as allocated
[  772.543385][ T5238] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 53, tgid 53 (kworker/u9:0), ts 772010517825, free_ts 771876942425
[  772.562382][ T5238]  post_alloc_hook+0x1f3/0x230
[  772.567130][ T5238]  get_page_from_freelist+0x2cbd/0x2d70
[  772.572667][ T5238]  __alloc_pages_noprof+0x256/0x6c0
[  772.577849][ T5238]  alloc_slab_page+0x5f/0x120
[  772.582508][ T5238]  allocate_slab+0x5a/0x2f0
[  772.586994][ T5238]  ___slab_alloc+0xcd1/0x14b0
[  772.591662][ T5238]  __slab_alloc+0x58/0xa0
[  772.595991][ T5238]  kmem_cache_alloc_noprof+0x1c1/0x2a0
[  772.601444][ T5238]  skb_clone+0x20c/0x390
[  772.605728][ T5238]  hci_cmd_work+0xdc/0x670
[  772.610137][ T5238]  process_scheduled_works+0xa2c/0x1830
[  772.615688][ T5238]  worker_thread+0x86d/0xd50
[  772.620266][ T5238]  kthread+0x2f0/0x390
[  772.624317][ T5238]  ret_from_fork+0x4b/0x80
[  772.628720][ T5238]  ret_from_fork_asm+0x1a/0x30
[  772.633576][ T5238] page last free pid 5221 tgid 5221 stack trace:
[  772.639883][ T5238]  free_unref_folios+0x103a/0x1b00
[  772.644979][ T5238]  folios_put_refs+0x76e/0x860
[  772.649726][ T5238]  free_pages_and_swap_cache+0x5c8/0x690
[  772.655701][ T5238]  tlb_flush_mmu+0x3a3/0x680
[  772.660285][ T5238]  tlb_finish_mmu+0xd4/0x200
[  772.664864][ T5238]  exit_mmap+0x44f/0xc80
[  772.669112][ T5238]  __mmput+0x115/0x3c0
[  772.673164][ T5238]  exit_mm+0x220/0x310
[  772.677213][ T5238]  do_exit+0x9aa/0x28e0
[  772.681350][ T5238]  do_group_exit+0x207/0x2c0
[  772.685920][ T5238]  get_signal+0x16a1/0x1740
[  772.690415][ T5238]  arch_do_signal_or_restart+0x96/0x860
[  772.695969][ T5238]  syscall_exit_to_user_mode+0xc9/0x370
[  772.701500][ T5238]  do_syscall_64+0x100/0x230
[  772.706175][ T5238]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  772.712140][ T5238] 
[  772.714442][ T5238] Memory state around the buggy address:
[  772.720057][ T5238]  ffff888026ade100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  772.728110][ T5238]  ffff888026ade180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  772.736154][ T5238] >ffff888026ade200: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  772.744191][ T5238]                                ^
[  772.749277][ T5238]  ffff888026ade280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  772.757314][ T5238]  ffff888026ade300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  772.765353][ T5238] ==================================================================
[  772.782812][ T5238] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  772.790047][ T5238] CPU: 0 PID: 5238 Comm: syz-executor.0 Not tainted 6.10.0-rc1-next-20240531-syzkaller #0
[  772.800202][ T5238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  772.810265][ T5238] Call Trace:
[  772.813541][ T5238]  <TASK>
[  772.816472][ T5238]  dump_stack_lvl+0x241/0x360
[  772.821155][ T5238]  ? __pfx_dump_stack_lvl+0x10/0x10
[  772.826348][ T5238]  ? __pfx__printk+0x10/0x10
[  772.830932][ T5238]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  772.836909][ T5238]  ? vscnprintf+0x5d/0x90
[  772.841240][ T5238]  panic+0x349/0x870
[  772.845131][ T5238]  ? check_panic_on_warn+0x21/0xb0
[  772.850242][ T5238]  ? __pfx_panic+0x10/0x10
[  772.854663][ T5238]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  772.860643][ T5238]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  772.866972][ T5238]  check_panic_on_warn+0x86/0xb0
[  772.871905][ T5238]  ? kfree_skb_reason+0x41/0x3b0
[  772.876843][ T5238]  end_report+0x77/0x160
[  772.881081][ T5238]  kasan_report+0x154/0x180
[  772.885582][ T5238]  ? kfree_skb_reason+0x41/0x3b0
[  772.890514][ T5238]  kasan_check_range+0x282/0x290
[  772.895440][ T5238]  kfree_skb_reason+0x41/0x3b0
[  772.900199][ T5238]  __hci_req_sync+0x62f/0x950
[  772.904877][ T5238]  ? __pfx___hci_req_sync+0x10/0x10
[  772.910068][ T5238]  ? __pfx___mutex_lock+0x10/0x10
[  772.915080][ T5238]  ? __pfx_autoremove_wake_function+0x10/0x10
[  772.921140][ T5238]  ? __pfx_hci_scan_req+0x10/0x10
[  772.926159][ T5238]  hci_req_sync+0xa9/0xd0
[  772.930482][ T5238]  hci_dev_cmd+0x4c5/0xa50
[  772.934888][ T5238]  ? security_capable+0x90/0xb0
[  772.939734][ T5238]  ? __pfx_hci_dev_cmd+0x10/0x10
[  772.944716][ T5238]  ? hci_sock_ioctl+0x6c4/0xa40
[  772.949584][ T5238]  sock_do_ioctl+0x158/0x460
[  772.954183][ T5238]  ? __pfx_sock_do_ioctl+0x10/0x10
[  772.959297][ T5238]  sock_ioctl+0x629/0x8e0
[  772.963620][ T5238]  ? __pfx_sock_ioctl+0x10/0x10
[  772.968485][ T5238]  ? __fget_files+0x29/0x470
[  772.973090][ T5238]  ? __fget_files+0x3f6/0x470
[  772.977775][ T5238]  ? __fget_files+0x29/0x470
[  772.982362][ T5238]  ? bpf_lsm_file_ioctl+0x9/0x10
[  772.987315][ T5238]  ? security_file_ioctl+0x87/0xb0
[  772.992432][ T5238]  ? __pfx_sock_ioctl+0x10/0x10
[  772.997280][ T5238]  __se_sys_ioctl+0xfc/0x170
[  773.001877][ T5238]  do_syscall_64+0xf3/0x230
[  773.006374][ T5238]  ? clear_bhb_loop+0x35/0x90
[  773.011062][ T5238]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  773.016976][ T5238] RIP: 0033:0x7f77c147cc4b
[  773.021391][ T5238] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  773.041164][ T5238] RSP: 002b:00007fff046263f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  773.049570][ T5238] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f77c147cc4b
[  773.057530][ T5238] RDX: 00007fff04626468 RSI: 00000000400448dd RDI: 0000000000000003
[  773.065491][ T5238] RBP: 00005555722ed430 R08: 0000000000000000 R09: 0000000000000000
[  773.073452][ T5238] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[  773.081411][ T5238] R13: 0000000000000000 R14: 0000000000000001 R15: 00000000fffffff1
[  773.089380][ T5238]  </TASK>
[  773.092641][ T5238] Kernel Offset: disabled
[  773.096969][ T5238] Rebooting in 86400 seconds..