Warning: Permanently added '10.128.0.71' (ECDSA) to the list of known hosts.
2021/10/01 11:47:07 parsed 1 programs
2021/10/01 11:47:08 executed programs: 0
[  411.561953][ T6556] chnl_net:caif_netlink_parms(): no params data found
[  411.633070][ T6556] bridge0: port 1(bridge_slave_0) entered blocking state
[  411.640917][ T6556] bridge0: port 1(bridge_slave_0) entered disabled state
[  411.650311][ T6556] device bridge_slave_0 entered promiscuous mode
[  411.660486][ T6556] bridge0: port 2(bridge_slave_1) entered blocking state
[  411.667764][ T6556] bridge0: port 2(bridge_slave_1) entered disabled state
[  411.676561][ T6556] device bridge_slave_1 entered promiscuous mode
[  411.706773][ T6556] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  411.718550][ T6556] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  411.753282][ T6556] team0: Port device team_slave_0 added
[  411.762274][ T6556] team0: Port device team_slave_1 added
[  411.789903][ T6556] batman_adv: batadv0: Adding interface: batadv_slave_0
[  411.797139][ T6556] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  411.824754][ T6556] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  411.838986][ T6556] batman_adv: batadv0: Adding interface: batadv_slave_1
[  411.846290][ T6556] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  411.873394][ T6556] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  411.910633][ T6556] device hsr_slave_0 entered promiscuous mode
[  411.918561][ T6556] device hsr_slave_1 entered promiscuous mode
[  412.040429][ T6556] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  412.050696][ T6556] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  412.061640][ T6556] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  412.071969][ T6556] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  412.094766][ T6556] bridge0: port 2(bridge_slave_1) entered blocking state
[  412.101955][ T6556] bridge0: port 2(bridge_slave_1) entered forwarding state
[  412.109495][ T6556] bridge0: port 1(bridge_slave_0) entered blocking state
[  412.116593][ T6556] bridge0: port 1(bridge_slave_0) entered forwarding state
[  412.161768][ T6556] 8021q: adding VLAN 0 to HW filter on device bond0
[  412.175278][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  412.187266][    T5] bridge0: port 1(bridge_slave_0) entered disabled state
[  412.197013][    T5] bridge0: port 2(bridge_slave_1) entered disabled state
[  412.206469][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  412.219107][ T6556] 8021q: adding VLAN 0 to HW filter on device team0
[  412.231677][ T6720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  412.240084][ T6720] bridge0: port 1(bridge_slave_0) entered blocking state
[  412.247218][ T6720] bridge0: port 1(bridge_slave_0) entered forwarding state
[  412.260254][ T6720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  412.269059][ T6720] bridge0: port 2(bridge_slave_1) entered blocking state
[  412.276190][ T6720] bridge0: port 2(bridge_slave_1) entered forwarding state
[  412.293745][ T6889] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  412.313114][ T6889] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  412.322231][ T6889] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  412.330552][ T6889] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  412.339618][ T6889] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  412.352570][ T6556] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  412.370875][ T6889] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  412.378357][ T6889] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  412.393020][ T6556] 8021q: adding VLAN 0 to HW filter on device batadv0
[  412.411430][ T6889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  412.433007][ T6556] device veth0_vlan entered promiscuous mode
[  412.440025][ T6889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  412.448229][ T6889] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  412.456764][ T6889] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  412.469988][ T6556] device veth1_vlan entered promiscuous mode
[  412.490291][ T1052] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  412.498411][ T1052] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  412.507420][ T1052] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  412.519090][ T6556] device veth0_macvtap entered promiscuous mode
[  412.529251][ T6556] device veth1_macvtap entered promiscuous mode
[  412.543191][ T6720] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  412.558051][ T6556] batman_adv: batadv0: Interface activated: batadv_slave_0
[  412.565678][ T6889] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  412.575667][ T6889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  412.589155][ T6556] batman_adv: batadv0: Interface activated: batadv_slave_1
[  412.598106][ T6888] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  412.606727][ T6888] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  412.617675][ T6556] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  412.627085][ T6556] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  412.635963][ T6556] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  412.644836][ T6556] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  412.739529][ T6503] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  412.752510][ T6503] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  412.776157][ T1052] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  412.789368][ T6503] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  412.799917][ T6503] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  412.811580][ T1052] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  413.383030][ T1052] Bluetooth: hci0: command 0x0409 tx timeout
2021/10/01 11:47:13 executed programs: 3
[  415.461569][ T1052] Bluetooth: hci0: command 0x041b tx timeout
[  417.541342][ T6720] Bluetooth: hci0: command 0x040f tx timeout
[  419.620753][   T20] Bluetooth: hci0: command 0x0419 tx timeout
2021/10/01 11:47:18 executed programs: 9
[  421.700676][ T6720] Bluetooth: hci0: command 0x0405 tx timeout
2021/10/01 11:47:23 executed programs: 15
2021/10/01 11:47:28 executed programs: 21
2021/10/01 11:47:33 executed programs: 27
[  439.710990][ T1359] ieee802154 phy0 wpan0: encryption failed: -22
[  439.717446][ T1359] ieee802154 phy1 wpan1: encryption failed: -22
2021/10/01 11:47:38 executed programs: 33
2021/10/01 11:47:44 executed programs: 39
2021/10/01 11:47:49 executed programs: 45
2021/10/01 11:47:54 executed programs: 51
[  460.179962][ T6888] ==================================================================
[  460.188046][ T6888] BUG: KASAN: use-after-free in __lock_acquire+0x3d86/0x54a0
[  460.195607][ T6888] Read of size 8 at addr ffff8880229b6120 by task kworker/0:1/6888
[  460.203486][ T6888] 
[  460.205802][ T6888] CPU: 0 PID: 6888 Comm: kworker/0:1 Not tainted 5.15.0-rc3-syzkaller #0
[  460.214200][ T6888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  460.224249][ T6888] Workqueue: events l2cap_chan_timeout
[  460.229801][ T6888] Call Trace:
[  460.233076][ T6888]  dump_stack_lvl+0xcd/0x134
[  460.237720][ T6888]  print_address_description.constprop.0.cold+0x6c/0x309
[  460.244868][ T6888]  ? __lock_acquire+0x3d86/0x54a0
[  460.249885][ T6888]  ? __lock_acquire+0x3d86/0x54a0
[  460.254898][ T6888]  kasan_report.cold+0x83/0xdf
[  460.259657][ T6888]  ? __lock_acquire+0x3d86/0x54a0
[  460.264691][ T6888]  __lock_acquire+0x3d86/0x54a0
[  460.269533][ T6888]  ? mark_lock+0xef/0x17b0
[  460.273932][ T6888]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[  460.279804][ T6888]  ? debug_object_assert_init+0x246/0x2e0
[  460.285688][ T6888]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  460.291687][ T6888]  lock_acquire+0x1ab/0x510
[  460.296177][ T6888]  ? l2cap_sock_teardown_cb+0xa1/0x660
[  460.301628][ T6888]  ? lock_release+0x720/0x720
[  460.306292][ T6888]  ? mark_held_locks+0x9f/0xe0
[  460.311046][ T6888]  ? cancel_delayed_work+0x2bd/0x340
[  460.316369][ T6888]  lock_sock_nested+0x2f/0xf0
[  460.321073][ T6888]  ? l2cap_sock_teardown_cb+0xa1/0x660
[  460.326526][ T6888]  l2cap_sock_teardown_cb+0xa1/0x660
[  460.331801][ T6888]  ? __mutex_lock+0x21c/0x12f0
[  460.336557][ T6888]  l2cap_chan_del+0xbc/0xa80
[  460.341144][ T6888]  l2cap_chan_close+0x1b9/0xaf0
[  460.345999][ T6888]  ? l2cap_rx+0x1fb0/0x1fb0
[  460.350549][ T6888]  ? lock_release+0x720/0x720
[  460.355212][ T6888]  ? lock_downgrade+0x6e0/0x6e0
[  460.360057][ T6888]  l2cap_chan_timeout+0x17e/0x2f0
[  460.365087][ T6888]  process_one_work+0x9bf/0x16b0
[  460.370098][ T6888]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[  460.375458][ T6888]  ? rwlock_bug.part.0+0x90/0x90
[  460.380568][ T6888]  ? _raw_spin_lock_irq+0x41/0x50
[  460.385581][ T6888]  worker_thread+0x658/0x11f0
[  460.390248][ T6888]  ? process_one_work+0x16b0/0x16b0
[  460.395432][ T6888]  kthread+0x3e5/0x4d0
[  460.399573][ T6888]  ? set_kthread_struct+0x130/0x130
[  460.404788][ T6888]  ret_from_fork+0x1f/0x30
[  460.409237][ T6888] 
[  460.411539][ T6888] Allocated by task 6959:
[  460.415845][ T6888]  kasan_save_stack+0x1b/0x40
[  460.420568][ T6888]  __kasan_kmalloc+0xa4/0xd0
[  460.425175][ T6888]  sk_prot_alloc+0x110/0x290
[  460.429796][ T6888]  sk_alloc+0x30/0xa60
[  460.433846][ T6888]  l2cap_sock_alloc.constprop.0+0x31/0x230
[  460.439640][ T6888]  l2cap_sock_create+0x123/0x1f0
[  460.444577][ T6888]  bt_sock_create+0x17c/0x340
[  460.449475][ T6888]  __sock_create+0x353/0x790
[  460.454074][ T6888]  __sys_socket+0xef/0x200
[  460.458492][ T6888]  __x64_sys_socket+0x6f/0xb0
[  460.463160][ T6888]  do_syscall_64+0x35/0xb0
[  460.467619][ T6888]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  460.473498][ T6888] 
[  460.475821][ T6888] Freed by task 6959:
[  460.479784][ T6888]  kasan_save_stack+0x1b/0x40
[  460.484473][ T6888]  kasan_set_track+0x1c/0x30
[  460.489054][ T6888]  kasan_set_free_info+0x20/0x30
[  460.494161][ T6888]  __kasan_slab_free+0xff/0x130
[  460.498998][ T6888]  slab_free_freelist_hook+0x81/0x190
[  460.504371][ T6888]  kfree+0xe4/0x530
[  460.508168][ T6888]  __sk_destruct+0x6a8/0x900
[  460.512739][ T6888]  sk_destruct+0xbd/0xe0
[  460.516961][ T6888]  __sk_free+0xef/0x3d0
[  460.521096][ T6888]  sk_free+0x78/0xa0
[  460.524972][ T6888]  l2cap_sock_kill+0x203/0x240
[  460.529758][ T6888]  l2cap_sock_release+0x184/0x200
[  460.534786][ T6888]  __sock_release+0xcd/0x280
[  460.539366][ T6888]  sock_close+0x18/0x20
[  460.543521][ T6888]  __fput+0x288/0x9f0
[  460.547537][ T6888]  task_work_run+0xdd/0x1a0
[  460.552026][ T6888]  get_signal+0x1b35/0x2160
[  460.556573][ T6888]  arch_do_signal_or_restart+0x2a9/0x1c40
[  460.562349][ T6888]  exit_to_user_mode_prepare+0x17d/0x290
[  460.568020][ T6888]  syscall_exit_to_user_mode+0x19/0x60
[  460.573466][ T6888]  do_syscall_64+0x42/0xb0
[  460.577954][ T6888]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  460.583882][ T6888] 
[  460.586187][ T6888] The buggy address belongs to the object at ffff8880229b6000
[  460.586187][ T6888]  which belongs to the cache kmalloc-2k of size 2048
[  460.600223][ T6888] The buggy address is located 288 bytes inside of
[  460.600223][ T6888]  2048-byte region [ffff8880229b6000, ffff8880229b6800)
[  460.613579][ T6888] The buggy address belongs to the page:
[  460.619190][ T6888] page:ffffea00008a6c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x229b0
[  460.629338][ T6888] head:ffffea00008a6c00 order:3 compound_mapcount:0 compound_pincount:0
[  460.637642][ T6888] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  460.645623][ T6888] raw: 00fff00000010200 0000000000000000 dead000000000122 ffff888010c42000
[  460.654208][ T6888] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[  460.662778][ T6888] page dumped because: kasan: bad access detected
[  460.669175][ T6888] page_owner tracks the page as allocated
[  460.674879][ T6888] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6950, ts 417985823943, free_ts 417983520546
[  460.692046][ T6888]  get_page_from_freelist+0xa72/0x2f80
[  460.697557][ T6888]  __alloc_pages+0x1b2/0x500
[  460.702149][ T6888]  alloc_pages+0x1a7/0x300
[  460.706549][ T6888]  new_slab+0x319/0x490
[  460.710689][ T6888]  ___slab_alloc+0x921/0xfe0
[  460.715260][ T6888]  __slab_alloc.constprop.0+0x4d/0xa0
[  460.720632][ T6888]  kmem_cache_alloc_trace+0x293/0x2b0
[  460.725989][ T6888]  l2cap_chan_create+0x40/0x570
[  460.730822][ T6888]  l2cap_sock_alloc.constprop.0+0x185/0x230
[  460.736711][ T6888]  l2cap_sock_create+0x123/0x1f0
[  460.741634][ T6888]  bt_sock_create+0x17c/0x340
[  460.746295][ T6888]  __sock_create+0x353/0x790
[  460.750869][ T6888]  __sys_socket+0xef/0x200
[  460.755284][ T6888]  __x64_sys_socket+0x6f/0xb0
[  460.759960][ T6888]  do_syscall_64+0x35/0xb0
[  460.764380][ T6888]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  460.770271][ T6888] page last free stack trace:
[  460.774935][ T6888]  free_pcp_prepare+0x2c5/0x780
[  460.779801][ T6888]  free_unref_page+0x19/0x690
[  460.784484][ T6888]  __unfreeze_partials+0x340/0x360
[  460.789580][ T6888]  qlist_free_all+0x5a/0xc0
[  460.794077][ T6888]  kasan_quarantine_reduce+0x180/0x200
[  460.799519][ T6888]  __kasan_slab_alloc+0x95/0xb0
[  460.804367][ T6888]  kmem_cache_alloc+0x209/0x390
[  460.809217][ T6888]  getname_flags.part.0+0x50/0x4f0
[  460.814366][ T6888]  getname+0x8e/0xd0
[  460.818258][ T6888]  do_sys_openat2+0xf5/0x4d0
[  460.822845][ T6888]  __x64_sys_openat+0x13f/0x1f0
[  460.827684][ T6888]  do_syscall_64+0x35/0xb0
[  460.832089][ T6888]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  460.837967][ T6888] 
[  460.840271][ T6888] Memory state around the buggy address:
[  460.845890][ T6888]  ffff8880229b6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  460.853952][ T6888]  ffff8880229b6080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  460.861994][ T6888] >ffff8880229b6100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  460.870032][ T6888]                                ^
[  460.875118][ T6888]  ffff8880229b6180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  460.883160][ T6888]  ffff8880229b6200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  460.891198][ T6888] ==================================================================
[  460.899246][ T6888] Disabling lock debugging due to kernel taint
[  460.905393][ T6888] Kernel panic - not syncing: panic_on_warn set ...
[  460.911959][ T6888] CPU: 0 PID: 6888 Comm: kworker/0:1 Tainted: G    B             5.15.0-rc3-syzkaller #0
[  460.921762][ T6888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  460.931803][ T6888] Workqueue: events l2cap_chan_timeout
[  460.937256][ T6888] Call Trace:
[  460.940518][ T6888]  dump_stack_lvl+0xcd/0x134
[  460.945093][ T6888]  panic+0x2b0/0x6dd
[  460.949000][ T6888]  ? __warn_printk+0xf3/0xf3
[  460.953599][ T6888]  ? __lock_acquire+0x3d86/0x54a0
[  460.958615][ T6888]  ? __lock_acquire+0x3d86/0x54a0
[  460.963657][ T6888]  ? __lock_acquire+0x3d86/0x54a0
[  460.968669][ T6888]  end_report.cold+0x63/0x6f
[  460.973244][ T6888]  kasan_report.cold+0x71/0xdf
[  460.977990][ T6888]  ? __lock_acquire+0x3d86/0x54a0
[  460.982998][ T6888]  __lock_acquire+0x3d86/0x54a0
[  460.987837][ T6888]  ? mark_lock+0xef/0x17b0
[  460.992236][ T6888]  ? _raw_spin_unlock_irqrestore+0x3d/0x70
[  460.998030][ T6888]  ? debug_object_assert_init+0x246/0x2e0
[  461.003742][ T6888]  ? lockdep_hardirqs_on_prepare+0x400/0x400
[  461.009715][ T6888]  lock_acquire+0x1ab/0x510
[  461.014205][ T6888]  ? l2cap_sock_teardown_cb+0xa1/0x660
[  461.019654][ T6888]  ? lock_release+0x720/0x720
[  461.024320][ T6888]  ? mark_held_locks+0x9f/0xe0
[  461.029074][ T6888]  ? cancel_delayed_work+0x2bd/0x340
[  461.034350][ T6888]  lock_sock_nested+0x2f/0xf0
[  461.039017][ T6888]  ? l2cap_sock_teardown_cb+0xa1/0x660
[  461.044481][ T6888]  l2cap_sock_teardown_cb+0xa1/0x660
[  461.049753][ T6888]  ? __mutex_lock+0x21c/0x12f0
[  461.054569][ T6888]  l2cap_chan_del+0xbc/0xa80
[  461.059156][ T6888]  l2cap_chan_close+0x1b9/0xaf0
[  461.064012][ T6888]  ? l2cap_rx+0x1fb0/0x1fb0
[  461.068503][ T6888]  ? lock_release+0x720/0x720
[  461.073165][ T6888]  ? lock_downgrade+0x6e0/0x6e0
[  461.077998][ T6888]  l2cap_chan_timeout+0x17e/0x2f0
[  461.083006][ T6888]  process_one_work+0x9bf/0x16b0
[  461.087932][ T6888]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[  461.093288][ T6888]  ? rwlock_bug.part.0+0x90/0x90
[  461.098214][ T6888]  ? _raw_spin_lock_irq+0x41/0x50
[  461.103242][ T6888]  worker_thread+0x658/0x11f0
[  461.107915][ T6888]  ? process_one_work+0x16b0/0x16b0
[  461.113262][ T6888]  kthread+0x3e5/0x4d0
[  461.117338][ T6888]  ? set_kthread_struct+0x130/0x130
[  461.122528][ T6888]  ret_from_fork+0x1f/0x30
[  461.127247][ T6888] Kernel Offset: disabled
[  461.131559][ T6888] Rebooting in 86400 seconds..