[   15.526357][ T5648] 8021q: adding VLAN 0 to HW filter on device bond0
[   15.536866][ T5648] eql: remember to turn off Van-Jacobson compression on your slave devices
[   15.587250][   T39] gvnic 0000:00:00.0 enp0s0: Device link is up.
[   15.590056][ T5558] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready
Starting sshd: OK

syzkaller
Warning: Permanently added '10.128.1.86' (ECDSA) to the list of known hosts.
executing program
executing program
executing program
executing program
executing program
executing program
syzkaller login: [   39.456119][ T5987] ================================================================================
[   39.458786][ T5987] UBSAN: shift-out-of-bounds in net/nfc/nci/core.c:912:45
[   39.460568][ T5987] shift exponent 268435489 is too large for 32-bit type 'int'
[   39.462330][ T5987] CPU: 0 PID: 5987 Comm: syz-executor257 Not tainted 6.4.0-rc7-syzkaller-ge40939bbfc68 #0
[   39.464371][ T5987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   39.466386][ T5987] Call trace:
[   39.467105][ T5987]  dump_backtrace+0x1b8/0x1e4
[   39.468063][ T5987]  show_stack+0x2c/0x44
[   39.468871][ T5987]  dump_stack_lvl+0xd0/0x124
[   39.469830][ T5987]  dump_stack+0x1c/0x28
[   39.470722][ T5987]  __ubsan_handle_shift_out_of_bounds+0x2f4/0x36c
[   39.472057][ T5987]  nci_activate_target+0x8a4/0x970
[   39.473135][ T5987]  nfc_activate_target+0x1f8/0x400
[   39.474163][ T5987]  nfc_genl_activate_target+0x15c/0x208
[   39.475367][ T5987]  genl_rcv_msg+0x938/0xc1c
[   39.476345][ T5987]  netlink_rcv_skb+0x214/0x3c4
[   39.477329][ T5987]  genl_rcv+0x38/0x50
[   39.478167][ T5987]  netlink_unicast+0x660/0x8d4
[   39.479091][ T5987]  netlink_sendmsg+0x834/0xb18
[   39.480125][ T5987]  ____sys_sendmsg+0x568/0x81c
[   39.481167][ T5987]  __sys_sendmsg+0x26c/0x33c
[   39.482166][ T5987]  __arm64_sys_sendmsg+0x80/0x94
[   39.483105][ T5987]  invoke_syscall+0x98/0x2c0
[   39.484036][ T5987]  el0_svc_common+0x138/0x244
[   39.485032][ T5987]  do_el0_svc+0x64/0x198
[   39.485941][ T5987]  el0_svc+0x4c/0x160
[   39.486773][ T5987]  el0t_64_sync_handler+0x84/0xfc
[   39.487819][ T5987]  el0t_64_sync+0x190/0x194
[   39.489198][ T5987] ================================================================================
executing program
executing program
[   39.592500][ T5986] ==================================================================
[   39.594373][ T5986] BUG: KASAN: slab-use-after-free in __list_del_entry_valid+0xac/0x158
[   39.596144][ T5986] Read of size 8 at addr ffff0000cf611008 by task syz-executor257/5986
[   39.597952][ T5986] 
[   39.598437][ T5986] CPU: 0 PID: 5986 Comm: syz-executor257 Not tainted 6.4.0-rc7-syzkaller-ge40939bbfc68 #0
[   39.600614][ T5986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   39.602794][ T5986] Call trace:
[   39.603498][ T5986]  dump_backtrace+0x1b8/0x1e4
[   39.604585][ T5986]  show_stack+0x2c/0x44
[   39.605515][ T5986]  dump_stack_lvl+0xd0/0x124
[   39.606554][ T5986]  print_report+0x174/0x514
[   39.607572][ T5986]  kasan_report+0xd4/0x130
[   39.608546][ T5986]  __asan_report_load8_noabort+0x20/0x2c
[   39.609743][ T5986]  __list_del_entry_valid+0xac/0x158
[   39.610930][ T5986]  nfc_llcp_local_put+0x6c/0x1b4
[   39.612043][ T5986]  nfc_llcp_unregister_device+0xa4/0x11c
[   39.613379][ T5986]  nfc_unregister_device+0x150/0x290
[   39.614480][ T5986]  nci_unregister_device+0x1dc/0x21c
[   39.615620][ T5986]  virtual_ncidev_close+0x5c/0xa0
[   39.616664][ T5986]  __fput+0x30c/0x7bc
[   39.617530][ T5986]  ____fput+0x20/0x30
[   39.618393][ T5986]  task_work_run+0x230/0x2e0
[   39.619388][ T5986]  do_exit+0x63c/0x1f58
[   39.620290][ T5986]  do_group_exit+0x194/0x22c
[   39.621309][ T5986]  __wake_up_parent+0x0/0x60
[   39.622275][ T5986]  invoke_syscall+0x98/0x2c0
[   39.623267][ T5986]  el0_svc_common+0x138/0x244
[   39.624287][ T5986]  do_el0_svc+0x64/0x198
[   39.625247][ T5986]  el0_svc+0x4c/0x160
[   39.626083][ T5986]  el0t_64_sync_handler+0x84/0xfc
[   39.627147][ T5986]  el0t_64_sync+0x190/0x194
[   39.628137][ T5986] 
[   39.628580][ T5986] Allocated by task 5994:
[   39.629467][ T5986]  kasan_set_track+0x4c/0x7c
[   39.630450][ T5986]  kasan_save_alloc_info+0x24/0x30
[   39.631610][ T5986]  __kasan_kmalloc+0xac/0xc4
[   39.632612][ T5986]  kmalloc_trace+0x70/0x88
[   39.633600][ T5986]  nfc_llcp_register_device+0x60/0x6bc
[   39.634764][ T5987] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[   39.636697][ T5986]  nfc_register_device+0x8c/0x310
[   39.636715][ T5986]  nci_register_device+0x6ac/0x7c4
[   39.636725][ T5986]  virtual_ncidev_open+0x13c/0x1bc
[   39.636735][ T5986]  misc_open+0x2f0/0x368
[   39.636748][ T5986]  chrdev_open+0x3e8/0x4fc
[   39.641991][ T5986]  do_dentry_open+0x724/0xf90
[   39.642986][ T5986]  vfs_open+0x7c/0x90
[   39.643787][ T5986]  path_openat+0x1f2c/0x27f8
[   39.644827][ T5986]  do_filp_open+0x1bc/0x3cc
[   39.645866][ T5986]  do_sys_openat2+0x128/0x3d8
[   39.646857][ T5986]  __arm64_sys_openat+0x1f0/0x240
[   39.647971][ T5986]  invoke_syscall+0x98/0x2c0
[   39.649021][ T5986]  el0_svc_common+0x138/0x244
[   39.650095][ T5986]  do_el0_svc+0x64/0x198
[   39.650960][ T5986]  el0_svc+0x4c/0x160
[   39.651804][ T5986]  el0t_64_sync_handler+0x84/0xfc
[   39.652871][ T5986]  el0t_64_sync+0x190/0x194
[   39.653852][ T5986] 
[   39.654325][ T5986] Freed by task 5994:
[   39.655169][ T5986]  kasan_set_track+0x4c/0x7c
[   39.656179][ T5986]  kasan_save_free_info+0x38/0x5c
[   39.657281][ T5986]  ____kasan_slab_free+0x144/0x1c0
[   39.658384][ T5986]  __kasan_slab_free+0x18/0x28
[   39.659440][ T5986]  __kmem_cache_free+0x2a8/0x49c
[   39.660492][ T5986]  kfree+0xb8/0x19c
[   39.661371][ T5986]  nfc_llcp_local_put+0x15c/0x1b4
[   39.662442][ T5986]  nfc_llcp_unregister_device+0xa4/0x11c
[   39.663712][ T5986]  nfc_unregister_device+0x150/0x290
[   39.664833][ T5986]  nci_unregister_device+0x1dc/0x21c
[   39.666056][ T5986]  virtual_ncidev_close+0x5c/0xa0
[   39.667092][ T5986]  __fput+0x30c/0x7bc
[   39.667926][ T5986]  ____fput+0x20/0x30
[   39.668731][ T5986]  task_work_run+0x230/0x2e0
[   39.669710][ T5986]  do_exit+0x63c/0x1f58
[   39.670631][ T5986]  do_group_exit+0x194/0x22c
[   39.671580][ T5986]  get_signal+0x14b0/0x159c
[   39.672538][ T5986]  do_notify_resume+0x3cc/0x3c90
[   39.673711][ T5986]  el0_svc+0x94/0x160
[   39.674613][ T5986]  el0t_64_sync_handler+0x84/0xfc
[   39.675813][ T5986]  el0t_64_sync+0x190/0x194
[   39.676868][ T5986] 
[   39.677386][ T5986] The buggy address belongs to the object at ffff0000cf611000
[   39.677386][ T5986]  which belongs to the cache kmalloc-2k of size 2048
[   39.680351][ T5986] The buggy address is located 8 bytes inside of
[   39.680351][ T5986]  freed 2048-byte region [ffff0000cf611000, ffff0000cf611800)
[   39.683354][ T5986] 
[   39.683865][ T5986] The buggy address belongs to the physical page:
[   39.685219][ T5986] page:00000000bf9669b0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f610
[   39.687525][ T5986] head:00000000bf9669b0 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   39.689456][ T5986] anon flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   39.691301][ T5986] page_type: 0xffffffff()
[   39.692181][ T5986] raw: 05ffc00000010200 ffff0000c0002900 0000000000000000 dead000000000001
[   39.694083][ T5986] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[   39.695849][ T5986] page dumped because: kasan: bad access detected
[   39.697198][ T5986] 
[   39.697754][ T5986] Memory state around the buggy address:
[   39.698962][ T5986]  ffff0000cf610f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.700673][ T5986]  ffff0000cf610f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   39.702389][ T5986] >ffff0000cf611000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   39.704178][ T5986]                       ^
[   39.705138][ T5986]  ffff0000cf611080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   39.706820][ T5986]  ffff0000cf611100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   39.708491][ T5986] ==================================================================
executing program
[   39.714202][ T5986] Disabling lock debugging due to kernel taint
[   39.715650][ T5986] list_del corruption. next->prev should be ffff0000c8150000, but was 071a02880000176a. (next=ffff0000cf611000)
[   39.719378][ T5986] ------------[ cut here ]------------
[   39.720586][ T5986] kernel BUG at lib/list_debug.c:64!
[   39.721716][ T5986] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
[   39.723400][ T5986] Modules linked in:
[   39.724265][ T5986] CPU: 1 PID: 5986 Comm: syz-executor257 Tainted: G    B              6.4.0-rc7-syzkaller-ge40939bbfc68 #0
[   39.726776][ T5986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
executing program
[   39.728926][ T5986] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   39.730523][ T5986] pc : __list_del_entry_valid+0x154/0x158
[   39.731801][ T5986] lr : __list_del_entry_valid+0x154/0x158
[   39.733063][ T5986] sp : ffff8000967978e0
[   39.733984][ T5986] x29: ffff8000967978e0 x28: 1fffe0001b74b40f x27: 1fffe0001b74b405
[   39.735723][ T5986] x26: ffff0000dba5a028 x25: ffff0000c1917248 x24: 1fffe0001ae3fec1
[   39.737332][ T5986] x23: ffff800090b0c840 x22: dfff800000000000 x21: ffff0000cf611008
[   39.739084][ T5986] x20: ffff0000cf611000 x19: ffff0000c8150000 x18: 1fffe00036846fc6
[   39.740770][ T5986] x17: ffff80008deed000 x16: ffff80008a4483a0 x15: ffff0001b4237e3c
[   39.742478][ T5986] x14: ffff0001b4237e38 x13: 1fffe00036846fc6 x12: 0000000000000001
[   39.744107][ T5986] x11: 0000000000000000 x10: 0000000000000000 x9 : 1a7531c46719ac00
[   39.745757][ T5986] x8 : 1a7531c46719ac00 x7 : 1fffe00036846fc7 x6 : ffff80008028cc04
[   39.747484][ T5986] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800082a98004
[   39.749220][ T5986] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000006d
[   39.750998][ T5986] Call trace:
[   39.751656][ T5986]  __list_del_entry_valid+0x154/0x158
[   39.752841][ T5986]  nfc_llcp_local_put+0x6c/0x1b4
[   39.753878][ T5986]  nfc_llcp_unregister_device+0xa4/0x11c
[   39.755035][ T5986]  nfc_unregister_device+0x150/0x290
[   39.756178][ T5986]  nci_unregister_device+0x1dc/0x21c
[   39.757348][ T5986]  virtual_ncidev_close+0x5c/0xa0
[   39.758393][ T5986]  __fput+0x30c/0x7bc
[   39.759190][ T5986]  ____fput+0x20/0x30
[   39.760081][ T5986]  task_work_run+0x230/0x2e0
[   39.761075][ T5986]  do_exit+0x63c/0x1f58
[   39.761983][ T5986]  do_group_exit+0x194/0x22c
[   39.763066][ T5986]  __wake_up_parent+0x0/0x60
[   39.764073][ T5986]  invoke_syscall+0x98/0x2c0
[   39.765116][ T5986]  el0_svc_common+0x138/0x244
[   39.766058][ T5986]  do_el0_svc+0x64/0x198
[   39.766963][ T5986]  el0_svc+0x4c/0x160
[   39.767800][ T5986]  el0t_64_sync_handler+0x84/0xfc
[   39.768930][ T5986]  el0t_64_sync+0x190/0x194
[   39.769999][ T5986] Code: 91360000 aa1303e1 aa1403e3 95e4df27 (d4210000) 
[   39.771357][ T5986] ---[ end trace 0000000000000000 ]---
[   40.050003][ T5986] Kernel panic - not syncing: Oops - BUG: Fatal exception
[   40.051670][ T5986] SMP: stopping secondary CPUs
[   40.052638][ T5986] Kernel Offset: disabled
[   40.053510][ T5986] CPU features: 0x0000004,0e008010,c4017203
[   40.054723][ T5986] Memory Limit: none
[   40.328210][ T5986] Rebooting in 86400 seconds..