Warning: Permanently added '10.128.0.203' (ED25519) to the list of known hosts.
2024/05/26 14:21:38 ignoring optional flag "sandboxArg"="0"
2024/05/26 14:21:38 parsed 1 programs
[  704.955363][ T5132] cgroup: Unknown subsys name 'net'
[  705.231012][ T5132] cgroup: Unknown subsys name 'rlimit'
[  706.344368][ T5136] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  706.470699][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  706.479776][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  706.504668][ T1051] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  706.512778][ T1051] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  707.471343][ T5186] chnl_net:caif_netlink_parms(): no params data found
[  707.566908][ T5186] bridge0: port 1(bridge_slave_0) entered blocking state
[  707.575409][ T5186] bridge0: port 1(bridge_slave_0) entered disabled state
[  707.582901][ T5186] bridge_slave_0: entered allmulticast mode
[  707.590478][ T5186] bridge_slave_0: entered promiscuous mode
[  707.599678][ T5186] bridge0: port 2(bridge_slave_1) entered blocking state
[  707.607071][ T5186] bridge0: port 2(bridge_slave_1) entered disabled state
[  707.614347][ T5186] bridge_slave_1: entered allmulticast mode
[  707.621104][ T5186] bridge_slave_1: entered promiscuous mode
[  707.652126][ T5186] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  707.663480][ T5186] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  707.701989][ T5186] team0: Port device team_slave_0 added
[  707.712427][ T5186] team0: Port device team_slave_1 added
[  707.740071][ T5186] batman_adv: batadv0: Adding interface: batadv_slave_0
[  707.747137][ T5186] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  707.774030][ T5186] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  707.787546][ T5186] batman_adv: batadv0: Adding interface: batadv_slave_1
[  707.794551][ T5186] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  707.820497][ T5186] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  707.856221][ T5186] hsr_slave_0: entered promiscuous mode
[  707.864704][ T5186] hsr_slave_1: entered promiscuous mode
[  707.974345][ T5186] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  707.985303][ T5186] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  707.996756][ T5186] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  708.007242][ T5186] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  708.036502][ T5186] bridge0: port 2(bridge_slave_1) entered blocking state
[  708.043800][ T5186] bridge0: port 2(bridge_slave_1) entered forwarding state
[  708.051704][ T5186] bridge0: port 1(bridge_slave_0) entered blocking state
[  708.059056][ T5186] bridge0: port 1(bridge_slave_0) entered forwarding state
[  708.118388][ T5186] 8021q: adding VLAN 0 to HW filter on device bond0
[  708.132633][ T5166] bridge0: port 1(bridge_slave_0) entered disabled state
[  708.142580][ T5166] bridge0: port 2(bridge_slave_1) entered disabled state
[  708.163108][ T5186] 8021q: adding VLAN 0 to HW filter on device team0
[  708.178447][ T5102] bridge0: port 1(bridge_slave_0) entered blocking state
[  708.185583][ T5102] bridge0: port 1(bridge_slave_0) entered forwarding state
[  708.205177][ T5102] bridge0: port 2(bridge_slave_1) entered blocking state
[  708.212745][ T5102] bridge0: port 2(bridge_slave_1) entered forwarding state
[  708.249465][ T5186] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  708.361198][ T5186] 8021q: adding VLAN 0 to HW filter on device batadv0
[  708.399524][ T5186] veth0_vlan: entered promiscuous mode
[  708.411144][ T5186] veth1_vlan: entered promiscuous mode
[  708.437952][ T5186] veth0_macvtap: entered promiscuous mode
[  708.447497][ T5186] veth1_macvtap: entered promiscuous mode
[  708.466132][ T5186] batman_adv: batadv0: Interface activated: batadv_slave_0
[  708.481992][ T5186] batman_adv: batadv0: Interface activated: batadv_slave_1
[  708.494182][ T5186] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  708.503077][ T5186] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  708.512140][ T5186] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  708.522075][ T5186] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  708.624622][ T5186] syz-executor.0 (5186) used greatest stack depth: 18704 bytes left
[  708.652366][ T1036] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  708.757800][ T1036] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  708.829341][ T1036] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  708.839830][ T5210] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  708.849022][ T5210] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  708.857124][ T5210] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  708.865954][ T5210] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  708.875653][ T5210] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  708.883037][ T5210] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  708.893282][ T5208] ==================================================================
[  708.901376][ T5208] BUG: KASAN: slab-use-after-free in kfree_skb_reason+0x41/0x3b0
[  708.909137][ T5208] Read of size 4 at addr ffff88801eb0fd64 by task syz-executor.0/5208
[  708.917278][ T5208] 
[  708.919596][ T5208] CPU: 0 PID: 5208 Comm: syz-executor.0 Not tainted 6.9.0-syzkaller-12071-g66ad4829ddd0 #0
[  708.929554][ T5208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  708.939607][ T5208] Call Trace:
[  708.942875][ T5208]  <TASK>
[  708.945793][ T5208]  dump_stack_lvl+0x241/0x360
[  708.950457][ T5208]  ? __pfx_dump_stack_lvl+0x10/0x10
[  708.955645][ T5208]  ? __pfx__printk+0x10/0x10
[  708.960244][ T5208]  ? _printk+0xd5/0x120
[  708.964384][ T5208]  ? __virt_addr_valid+0x183/0x520
[  708.969477][ T5208]  ? __virt_addr_valid+0x183/0x520
[  708.974584][ T5208]  print_report+0x169/0x550
[  708.979099][ T5208]  ? __virt_addr_valid+0x183/0x520
[  708.984198][ T5208]  ? __virt_addr_valid+0x183/0x520
[  708.989317][ T5208]  ? __virt_addr_valid+0x44e/0x520
[  708.994428][ T5208]  ? __phys_addr+0xba/0x170
[  708.998933][ T5208]  ? kfree_skb_reason+0x41/0x3b0
[  709.003947][ T5208]  kasan_report+0x143/0x180
[  709.008456][ T5208]  ? kfree_skb_reason+0x41/0x3b0
[  709.013397][ T5208]  kasan_check_range+0x282/0x290
[  709.018330][ T5208]  kfree_skb_reason+0x41/0x3b0
[  709.023082][ T5208]  __hci_req_sync+0x62f/0x950
[  709.027742][ T5208]  ? __pfx___hci_req_sync+0x10/0x10
[  709.032921][ T5208]  ? __pfx___mutex_lock+0x10/0x10
[  709.037932][ T5208]  ? __pfx_autoremove_wake_function+0x10/0x10
[  709.043993][ T5208]  ? __pfx_hci_scan_req+0x10/0x10
[  709.049022][ T5208]  hci_req_sync+0xa9/0xd0
[  709.053336][ T5208]  hci_dev_cmd+0x4c5/0xa50
[  709.057739][ T5208]  ? security_capable+0x90/0xb0
[  709.062586][ T5208]  ? __pfx_hci_dev_cmd+0x10/0x10
[  709.067515][ T5208]  ? hci_sock_ioctl+0x6c4/0xa40
[  709.072349][ T5208]  sock_do_ioctl+0x158/0x460
[  709.076927][ T5208]  ? __pfx_sock_do_ioctl+0x10/0x10
[  709.082025][ T5208]  sock_ioctl+0x629/0x8e0
[  709.086340][ T5208]  ? __pfx_sock_ioctl+0x10/0x10
[  709.091203][ T5208]  ? __fget_files+0x29/0x470
[  709.095813][ T5208]  ? __fget_files+0x3f6/0x470
[  709.100506][ T5208]  ? __fget_files+0x29/0x470
[  709.105086][ T5208]  ? bpf_lsm_file_ioctl+0x9/0x10
[  709.110007][ T5208]  ? security_file_ioctl+0x87/0xb0
[  709.115117][ T5208]  ? __pfx_sock_ioctl+0x10/0x10
[  709.119983][ T5208]  __se_sys_ioctl+0xfc/0x170
[  709.124652][ T5208]  do_syscall_64+0xf3/0x230
[  709.129136][ T5208]  ? clear_bhb_loop+0x35/0x90
[  709.133808][ T5208]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  709.139796][ T5208] RIP: 0033:0x7fb355c7cc4b
[  709.144200][ T5208] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  709.163810][ T5208] RSP: 002b:00007ffe2ec7c2f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  709.172219][ T5208] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fb355c7cc4b
[  709.180176][ T5208] RDX: 00007ffe2ec7c368 RSI: 00000000400448dd RDI: 0000000000000003
[  709.188237][ T5208] RBP: 000055558e58e430 R08: 0000000000000000 R09: 0000000000000000
[  709.196195][ T5208] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[  709.204165][ T5208] R13: 0000000000000000 R14: 0000000000000001 R15: 00000000fffffff1
[  709.212137][ T5208]  </TASK>
[  709.215142][ T5208] 
[  709.217446][ T5208] Allocated by task 53:
[  709.221579][ T5208]  kasan_save_track+0x3f/0x80
[  709.226258][ T5208]  __kasan_slab_alloc+0x66/0x80
[  709.231087][ T5208]  kmem_cache_alloc_noprof+0x135/0x2a0
[  709.236548][ T5208]  skb_clone+0x20c/0x390
[  709.240874][ T5208]  hci_cmd_work+0x29e/0x670
[  709.245357][ T5208]  process_scheduled_works+0xa2c/0x1830
[  709.250899][ T5208]  worker_thread+0x86d/0xd70
[  709.255490][ T5208]  kthread+0x2f0/0x390
[  709.259543][ T5208]  ret_from_fork+0x4b/0x80
[  709.263944][ T5208]  ret_from_fork_asm+0x1a/0x30
[  709.268693][ T5208] 
[  709.270999][ T5208] Freed by task 53:
[  709.274793][ T5208]  kasan_save_track+0x3f/0x80
[  709.279470][ T5208]  kasan_save_free_info+0x40/0x50
[  709.284478][ T5208]  poison_slab_object+0xe0/0x150
[  709.289443][ T5208]  __kasan_slab_free+0x37/0x60
[  709.294281][ T5208]  kmem_cache_free+0x145/0x350
[  709.299051][ T5208]  hci_req_sync_complete+0xe7/0x290
[  709.304251][ T5208]  hci_event_packet+0xc71/0x1540
[  709.309176][ T5208]  hci_rx_work+0x3e8/0xca0
[  709.313575][ T5208]  process_scheduled_works+0xa2c/0x1830
[  709.319114][ T5208]  worker_thread+0x86d/0xd70
[  709.323687][ T5208]  kthread+0x2f0/0x390
[  709.327742][ T5208]  ret_from_fork+0x4b/0x80
[  709.332140][ T5208]  ret_from_fork_asm+0x1a/0x30
[  709.336889][ T5208] 
[  709.339191][ T5208] The buggy address belongs to the object at ffff88801eb0fc80
[  709.339191][ T5208]  which belongs to the cache skbuff_head_cache of size 240
[  709.353755][ T5208] The buggy address is located 228 bytes inside of
[  709.353755][ T5208]  freed 240-byte region [ffff88801eb0fc80, ffff88801eb0fd70)
[  709.367547][ T5208] 
[  709.369854][ T5208] The buggy address belongs to the physical page:
[  709.376256][ T5208] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1eb0f
[  709.385004][ T5208] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  709.392114][ T5208] page_type: 0xffffefff(slab)
[  709.396792][ T5208] raw: 00fff00000000000 ffff888018ae0780 dead000000000122 0000000000000000
[  709.405357][ T5208] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[  709.413924][ T5208] page dumped because: kasan: bad access detected
[  709.420333][ T5208] page_owner tracks the page as allocated
[  709.426026][ T5208] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5210, tgid 5210 (kworker/u9:2), ts 708891101112, free_ts 708755356124
[  709.445373][ T5208]  post_alloc_hook+0x1f3/0x230
[  709.450129][ T5208]  get_page_from_freelist+0x2e2d/0x2ee0
[  709.455762][ T5208]  __alloc_pages_noprof+0x256/0x6c0
[  709.460951][ T5208]  alloc_slab_page+0x5f/0x120
[  709.465611][ T5208]  allocate_slab+0x5a/0x2e0
[  709.470091][ T5208]  ___slab_alloc+0xcd1/0x14b0
[  709.474749][ T5208]  __slab_alloc+0x58/0xa0
[  709.479058][ T5208]  kmem_cache_alloc_noprof+0x1c1/0x2a0
[  709.484505][ T5208]  skb_clone+0x20c/0x390
[  709.488733][ T5208]  hci_cmd_work+0xdc/0x670
[  709.493123][ T5208]  process_scheduled_works+0xa2c/0x1830
[  709.498654][ T5208]  worker_thread+0x86d/0xd70
[  709.503223][ T5208]  kthread+0x2f0/0x390
[  709.507276][ T5208]  ret_from_fork+0x4b/0x80
[  709.511679][ T5208]  ret_from_fork_asm+0x1a/0x30
[  709.516429][ T5208] page last free pid 5205 tgid 5205 stack trace:
[  709.522749][ T5208]  free_unref_folios+0xf23/0x19e0
[  709.527759][ T5208]  folios_put_refs+0x93a/0xa60
[  709.532532][ T5208]  free_pages_and_swap_cache+0x2ea/0x690
[  709.538164][ T5208]  tlb_flush_mmu+0x3a3/0x680
[  709.542739][ T5208]  tlb_finish_mmu+0xd4/0x200
[  709.547332][ T5208]  exit_mmap+0x44f/0xc80
[  709.551571][ T5208]  __mmput+0x115/0x3c0
[  709.555619][ T5208]  exit_mm+0x220/0x310
[  709.559687][ T5208]  do_exit+0x9aa/0x27e0
[  709.563848][ T5208]  do_group_exit+0x207/0x2c0
[  709.568507][ T5208]  __x64_sys_exit_group+0x3f/0x40
[  709.573603][ T5208]  do_syscall_64+0xf3/0x230
[  709.578101][ T5208]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  709.583977][ T5208] 
[  709.586280][ T5208] Memory state around the buggy address:
[  709.591904][ T5208]  ffff88801eb0fc00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[  709.599954][ T5208]  ffff88801eb0fc80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  709.608013][ T5208] >ffff88801eb0fd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  709.616057][ T5208]                                                        ^
[  709.623386][ T5208]  ffff88801eb0fd80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  709.631426][ T5208]  ffff88801eb0fe00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  709.639469][ T5208] ==================================================================
[  709.656934][ T5208] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  709.664161][ T5208] CPU: 0 PID: 5208 Comm: syz-executor.0 Not tainted 6.9.0-syzkaller-12071-g66ad4829ddd0 #0
[  709.674156][ T5208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  709.684220][ T5208] Call Trace:
[  709.687511][ T5208]  <TASK>
[  709.690433][ T5208]  dump_stack_lvl+0x241/0x360
[  709.695129][ T5208]  ? __pfx_dump_stack_lvl+0x10/0x10
[  709.700337][ T5208]  ? __pfx__printk+0x10/0x10
[  709.704937][ T5208]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  709.710900][ T5208]  ? vscnprintf+0x5d/0x90
[  709.715215][ T5208]  panic+0x349/0x860
[  709.719116][ T5208]  ? check_panic_on_warn+0x21/0xb0
[  709.724214][ T5208]  ? __pfx_panic+0x10/0x10
[  709.728614][ T5208]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  709.734584][ T5208]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  709.740912][ T5208]  check_panic_on_warn+0x86/0xb0
[  709.745839][ T5208]  ? kfree_skb_reason+0x41/0x3b0
[  709.750757][ T5208]  end_report+0x77/0x160
[  709.754991][ T5208]  kasan_report+0x154/0x180
[  709.759489][ T5208]  ? kfree_skb_reason+0x41/0x3b0
[  709.764427][ T5208]  kasan_check_range+0x282/0x290
[  709.769359][ T5208]  kfree_skb_reason+0x41/0x3b0
[  709.774463][ T5208]  __hci_req_sync+0x62f/0x950
[  709.779222][ T5208]  ? __pfx___hci_req_sync+0x10/0x10
[  709.784413][ T5208]  ? __pfx___mutex_lock+0x10/0x10
[  709.789431][ T5208]  ? __pfx_autoremove_wake_function+0x10/0x10
[  709.795495][ T5208]  ? __pfx_hci_scan_req+0x10/0x10
[  709.800513][ T5208]  hci_req_sync+0xa9/0xd0
[  709.804836][ T5208]  hci_dev_cmd+0x4c5/0xa50
[  709.809242][ T5208]  ? security_capable+0x90/0xb0
[  709.814082][ T5208]  ? __pfx_hci_dev_cmd+0x10/0x10
[  709.819012][ T5208]  ? hci_sock_ioctl+0x6c4/0xa40
[  709.823852][ T5208]  sock_do_ioctl+0x158/0x460
[  709.828434][ T5208]  ? __pfx_sock_do_ioctl+0x10/0x10
[  709.833716][ T5208]  sock_ioctl+0x629/0x8e0
[  709.838037][ T5208]  ? __pfx_sock_ioctl+0x10/0x10
[  709.842877][ T5208]  ? __fget_files+0x29/0x470
[  709.847458][ T5208]  ? __fget_files+0x3f6/0x470
[  709.852128][ T5208]  ? __fget_files+0x29/0x470
[  709.856710][ T5208]  ? bpf_lsm_file_ioctl+0x9/0x10
[  709.861645][ T5208]  ? security_file_ioctl+0x87/0xb0
[  709.866752][ T5208]  ? __pfx_sock_ioctl+0x10/0x10
[  709.871591][ T5208]  __se_sys_ioctl+0xfc/0x170
[  709.876173][ T5208]  do_syscall_64+0xf3/0x230
[  709.880668][ T5208]  ? clear_bhb_loop+0x35/0x90
[  709.885344][ T5208]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  709.891223][ T5208] RIP: 0033:0x7fb355c7cc4b
[  709.895664][ T5208] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  709.915258][ T5208] RSP: 002b:00007ffe2ec7c2f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  709.923760][ T5208] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fb355c7cc4b
[  709.931735][ T5208] RDX: 00007ffe2ec7c368 RSI: 00000000400448dd RDI: 0000000000000003
[  709.939706][ T5208] RBP: 000055558e58e430 R08: 0000000000000000 R09: 0000000000000000
[  709.947668][ T5208] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[  709.955631][ T5208] R13: 0000000000000000 R14: 0000000000000001 R15: 00000000fffffff1
[  709.963599][ T5208]  </TASK>
[  709.966853][ T5208] Kernel Offset: disabled
[  709.971169][ T5208] Rebooting in 86400 seconds..