Warning: Permanently added '10.128.1.94' (ECDSA) to the list of known hosts.
syzkaller login: [   61.038800][ T3602] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   61.047421][ T3602] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   61.055005][ T3602] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   61.062982][ T3600] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   61.070712][ T3600] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   61.078014][ T3600] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   61.167571][ T3604] chnl_net:caif_netlink_parms(): no params data found
[   61.209698][ T3604] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.217615][ T3604] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.225612][ T3604] device bridge_slave_0 entered promiscuous mode
[   61.235142][ T3604] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.242385][ T3604] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.250284][ T3604] device bridge_slave_1 entered promiscuous mode
[   61.272261][ T3604] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   61.283595][ T3604] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   61.305546][ T3604] team0: Port device team_slave_0 added
[   61.313476][ T3604] team0: Port device team_slave_1 added
[   61.330515][ T3604] batman_adv: batadv0: Adding interface: batadv_slave_0
[   61.337491][ T3604] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.363438][ T3604] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   61.375695][ T3604] batman_adv: batadv0: Adding interface: batadv_slave_1
[   61.382904][ T3604] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   61.408991][ T3604] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   61.435039][ T3604] device hsr_slave_0 entered promiscuous mode
[   61.441672][ T3604] device hsr_slave_1 entered promiscuous mode
[   61.522087][ T3604] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   61.532301][ T3604] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   61.542740][ T3604] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   61.552479][ T3604] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   61.573697][ T3604] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.581006][ T3604] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.588801][ T3604] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.595965][ T3604] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.641309][ T3604] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.655486][  T143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   61.665728][  T143] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.674894][  T143] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.682859][  T143] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   61.695597][ T3604] 8021q: adding VLAN 0 to HW filter on device team0
[   61.706818][ T3611] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   61.716211][ T3611] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.723341][ T3611] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.742778][  T143] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   61.752067][  T143] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.759139][  T143] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.767878][  T143] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   61.785580][ T3604] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   61.797763][ T3604] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   61.811816][ T3269] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   61.819732][ T3269] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   61.828807][ T3269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   61.837868][ T3269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   61.846933][ T3269] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   61.863527][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   61.871805][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   61.884299][ T3604] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.899670][ T3269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   61.919442][ T3269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   61.928782][ T3269] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   61.936759][ T3269] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   61.948374][ T3604] device veth0_vlan entered promiscuous mode
[   61.959674][ T3604] device veth1_vlan entered promiscuous mode
[   61.978428][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   61.986869][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   61.995754][ T3610] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   62.005964][ T3604] device veth0_macvtap entered promiscuous mode
[   62.015752][ T3604] device veth1_macvtap entered promiscuous mode
[   62.031834][ T3604] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.039247][ T3269] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   62.049742][ T3269] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   62.061950][ T3604] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.069830][ T1578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   62.082966][ T3604] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.092408][ T3604] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.101631][ T3604] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   62.110919][ T3604] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   62.169354][   T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.184876][   T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.198733][    T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.199732][ T1578] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
executing program
[   62.206851][    T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.222621][ T1578] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   62.245351][ T3604] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   62.358140][   T41] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   63.112157][ T1578] Bluetooth: hci0: command 0x0409 tx timeout
[   65.137021][ T3599] ==================================================================
[   65.145220][ T3599] BUG: KASAN: vmalloc-out-of-bounds in blocking_notifier_chain_unregister+0x230/0x290
[   65.154793][ T3599] Read of size 8 at addr ffffc900037bbbe8 by task syz-executor101/3599
[   65.163059][ T3599] 
[   65.165389][ T3599] CPU: 0 PID: 3599 Comm: syz-executor101 Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0
[   65.175549][ T3599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[   65.185644][ T3599] Call Trace:
[   65.188936][ T3599]  <TASK>
[   65.191880][ T3599]  dump_stack_lvl+0xcd/0x134
[   65.196517][ T3599]  ? blocking_notifier_chain_unregister+0x230/0x290
[   65.203134][ T3599]  print_report.cold+0x59/0x719
[   65.208003][ T3599]  ? blocking_notifier_chain_unregister+0x230/0x290
[   65.214609][ T3599]  kasan_report+0xb1/0x1e0
[   65.219040][ T3599]  ? blocking_notifier_chain_unregister+0x230/0x290
[   65.225648][ T3599]  blocking_notifier_chain_unregister+0x230/0x290
[   65.232074][ T3599]  hci_unregister_suspend_notifier+0x73/0x90
[   65.238064][ T3599]  hci_unregister_dev+0x16f/0x4e0
[   65.243095][ T3599]  vhci_release+0x7c/0xf0
[   65.247433][ T3599]  __fput+0x277/0x9d0
[   65.251426][ T3599]  ? vhci_close_dev+0x50/0x50
[   65.256138][ T3599]  task_work_run+0xdd/0x1a0
[   65.260671][ T3599]  do_exit+0xad5/0x29b0
[   65.264833][ T3599]  ? lock_downgrade+0x6e0/0x6e0
[   65.269686][ T3599]  ? up_write+0x470/0x470
[   65.274058][ T3599]  ? mm_update_next_owner+0x7a0/0x7a0
[   65.279454][ T3599]  do_group_exit+0xd2/0x2f0
[   65.283965][ T3599]  __ia32_sys_exit_group+0x3a/0x50
[   65.289080][ T3599]  __do_fast_syscall_32+0x65/0xf0
[   65.294111][ T3599]  do_fast_syscall_32+0x2f/0x70
[   65.298965][ T3599]  entry_SYSENTER_compat_after_hwframe+0x70/0x82
[   65.305300][ T3599] RIP: 0023:0xf7e26549
[   65.309370][ T3599] Code: Unable to access opcode bytes at RIP 0xf7e2651f.
[   65.316380][ T3599] RSP: 002b:00000000ff9d3b2c EFLAGS: 00000296 ORIG_RAX: 00000000000000fc
[   65.324794][ T3599] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[   65.332768][ T3599] RDX: 00000000f7e1bfe0 RSI: 00000000f7e1c3f8 RDI: 00000000f7e1c3f8
[   65.340752][ T3599] RBP: 00000000f7f3c668 R08: 0000000000000000 R09: 0000000000000000
[   65.348812][ T3599] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000
[   65.356787][ T3599] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   65.364766][ T3599]  </TASK>
[   65.367786][ T3599] 
[   65.370110][ T3599] Memory state around the buggy address:
[   65.375737][ T3599]  ffffc900037bba80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   65.383794][ T3599]  ffffc900037bbb00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   65.391856][ T3599] >ffffc900037bbb80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   65.399919][ T3599]                                                           ^
[   65.407368][ T3599]  ffffc900037bbc00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   65.415425][ T3599]  ffffc900037bbc80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[   65.423499][ T3599] ==================================================================
[   65.432274][ T3269] Bluetooth: hci0: command 0x041b tx timeout
[   65.471598][   T41] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   65.487931][ T3599] Kernel panic - not syncing: panic_on_warn set ...
[   65.494543][ T3599] CPU: 0 PID: 3599 Comm: syz-executor101 Not tainted 5.19.0-syzkaller-13930-g7ebfc85e2cd7 #0
[   65.504708][ T3599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[   65.514772][ T3599] Call Trace:
[   65.518059][ T3599]  <TASK>
[   65.520997][ T3599]  dump_stack_lvl+0xcd/0x134
[   65.525610][ T3599]  panic+0x2c8/0x627
[   65.529530][ T3599]  ? panic_print_sys_info.part.0+0x10b/0x10b
[   65.535533][ T3599]  ? preempt_schedule_common+0x59/0xc0
[   65.541015][ T3599]  ? preempt_schedule_thunk+0x16/0x18
[   65.546410][ T3599]  ? blocking_notifier_chain_unregister+0x230/0x290
[   65.553024][ T3599]  end_report.part.0+0x3f/0x7c
[   65.557805][ T3599]  kasan_report.cold+0xa/0xf
[   65.562510][ T3599]  ? blocking_notifier_chain_unregister+0x230/0x290
[   65.569133][ T3599]  blocking_notifier_chain_unregister+0x230/0x290
[   65.575572][ T3599]  hci_unregister_suspend_notifier+0x73/0x90
[   65.581575][ T3599]  hci_unregister_dev+0x16f/0x4e0
[   65.586628][ T3599]  vhci_release+0x7c/0xf0
[   65.590997][ T3599]  __fput+0x277/0x9d0
[   65.595033][ T3599]  ? vhci_close_dev+0x50/0x50
[   65.599737][ T3599]  task_work_run+0xdd/0x1a0
[   65.604262][ T3599]  do_exit+0xad5/0x29b0
[   65.608443][ T3599]  ? lock_downgrade+0x6e0/0x6e0
[   65.613310][ T3599]  ? up_write+0x470/0x470
[   65.617662][ T3599]  ? mm_update_next_owner+0x7a0/0x7a0
[   65.623057][ T3599]  do_group_exit+0xd2/0x2f0
[   65.627583][ T3599]  __ia32_sys_exit_group+0x3a/0x50
[   65.632807][ T3599]  __do_fast_syscall_32+0x65/0xf0
[   65.637853][ T3599]  do_fast_syscall_32+0x2f/0x70
[   65.642718][ T3599]  entry_SYSENTER_compat_after_hwframe+0x70/0x82
[   65.649072][ T3599] RIP: 0023:0xf7e26549
[   65.653157][ T3599] Code: Unable to access opcode bytes at RIP 0xf7e2651f.
[   65.660186][ T3599] RSP: 002b:00000000ff9d3b2c EFLAGS: 00000296 ORIG_RAX: 00000000000000fc
[   65.668619][ T3599] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[   65.676613][ T3599] RDX: 00000000f7e1bfe0 RSI: 00000000f7e1c3f8 RDI: 00000000f7e1c3f8
[   65.684597][ T3599] RBP: 00000000f7f3c668 R08: 0000000000000000 R09: 0000000000000000
[   65.692577][ T3599] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000
[   65.700562][ T3599] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   65.708552][ T3599]  </TASK>
[   65.711805][ T3599] Kernel Offset: disabled
[   65.716147][ T3599] Rebooting in 86400 seconds..