Warning: Permanently added '10.128.1.85' (ED25519) to the list of known hosts.
2024/06/24 03:55:30 ignoring optional flag "sandboxArg"="0"
2024/06/24 03:55:30 parsed 1 programs
[  448.327452][ T5117] cgroup: Unknown subsys name 'net'
[  448.649780][ T5117] cgroup: Unknown subsys name 'rlimit'
[  449.766946][ T5138] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k SS
[  450.419683][ T5167] chnl_net:caif_netlink_parms(): no params data found
[  450.490606][ T5167] bridge0: port 1(bridge_slave_0) entered blocking state
[  450.498670][ T5167] bridge0: port 1(bridge_slave_0) entered disabled state
[  450.505959][ T5167] bridge_slave_0: entered allmulticast mode
[  450.512801][ T5167] bridge_slave_0: entered promiscuous mode
[  450.523627][ T5167] bridge0: port 2(bridge_slave_1) entered blocking state
[  450.530904][ T5167] bridge0: port 2(bridge_slave_1) entered disabled state
[  450.538454][ T5167] bridge_slave_1: entered allmulticast mode
[  450.546027][ T5167] bridge_slave_1: entered promiscuous mode
[  450.574254][ T5167] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  450.587412][ T5167] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  450.617302][ T5167] team0: Port device team_slave_0 added
[  450.625980][ T5167] team0: Port device team_slave_1 added
[  450.652247][ T5167] batman_adv: batadv0: Adding interface: batadv_slave_0
[  450.659779][ T5167] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  450.685855][ T5167] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  450.725406][ T5167] batman_adv: batadv0: Adding interface: batadv_slave_1
[  450.732373][ T5167] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  450.758321][ T5167] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  450.806357][ T5167] hsr_slave_0: entered promiscuous mode
[  450.813015][ T5167] hsr_slave_1: entered promiscuous mode
[  450.953231][ T5167] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  450.965148][ T5167] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  450.976394][ T5167] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  450.986530][ T5167] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  451.012207][ T5167] bridge0: port 2(bridge_slave_1) entered blocking state
[  451.019466][ T5167] bridge0: port 2(bridge_slave_1) entered forwarding state
[  451.027367][ T5167] bridge0: port 1(bridge_slave_0) entered blocking state
[  451.034577][ T5167] bridge0: port 1(bridge_slave_0) entered forwarding state
[  451.093616][ T5167] 8021q: adding VLAN 0 to HW filter on device bond0
[  451.112546][ T5077] bridge0: port 1(bridge_slave_0) entered disabled state
[  451.122291][ T5077] bridge0: port 2(bridge_slave_1) entered disabled state
[  451.141367][ T5167] 8021q: adding VLAN 0 to HW filter on device team0
[  451.156847][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  451.164033][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  451.180268][ T5077] bridge0: port 2(bridge_slave_1) entered blocking state
[  451.187395][ T5077] bridge0: port 2(bridge_slave_1) entered forwarding state
[  451.336718][ T5167] 8021q: adding VLAN 0 to HW filter on device batadv0
[  451.382581][ T5167] veth0_vlan: entered promiscuous mode
[  451.396218][ T5167] veth1_vlan: entered promiscuous mode
[  451.426330][ T5167] veth0_macvtap: entered promiscuous mode
[  451.437251][ T5167] veth1_macvtap: entered promiscuous mode
[  451.458366][ T5167] batman_adv: batadv0: Interface activated: batadv_slave_0
[  451.474272][ T5167] batman_adv: batadv0: Interface activated: batadv_slave_1
[  451.490079][ T5167] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  451.499783][ T5167] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  451.509437][ T5167] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  451.518383][ T5167] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  451.607325][ T5167] syz-executor.0 (5167) used greatest stack depth: 19632 bytes left
[  451.648137][ T5181] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  451.737620][ T5181] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  451.772329][ T2865] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  451.782171][ T2865] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  451.820387][ T5181] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  451.844680][ T5161] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  451.852526][ T5161] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  451.923171][ T5181] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  452.695747][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  452.706484][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  452.715176][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  452.729637][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  452.737397][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  452.745332][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  452.755254][ T5210] ==================================================================
[  452.763344][ T5210] BUG: KASAN: slab-use-after-free in sk_skb_reason_drop+0x44/0x3d0
[  452.771249][ T5210] Read of size 4 at addr ffff88807d8f5224 by task syz-executor.0/5210
[  452.779394][ T5210] 
[  452.781725][ T5210] CPU: 0 UID: 0 PID: 5210 Comm: syz-executor.0 Not tainted 6.10.0-rc4-next-20240621-syzkaller #0
[  452.792215][ T5210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  452.802256][ T5210] Call Trace:
[  452.805535][ T5210]  <TASK>
[  452.808464][ T5210]  dump_stack_lvl+0x241/0x360
[  452.813126][ T5210]  ? __pfx_dump_stack_lvl+0x10/0x10
[  452.818303][ T5210]  ? __pfx__printk+0x10/0x10
[  452.822874][ T5210]  ? _printk+0xd5/0x120
[  452.827019][ T5210]  ? __virt_addr_valid+0x183/0x520
[  452.832111][ T5210]  ? __virt_addr_valid+0x183/0x520
[  452.837206][ T5210]  print_report+0x169/0x550
[  452.841691][ T5210]  ? __virt_addr_valid+0x183/0x520
[  452.846784][ T5210]  ? __virt_addr_valid+0x183/0x520
[  452.851872][ T5210]  ? __virt_addr_valid+0x44e/0x520
[  452.856986][ T5210]  ? __phys_addr+0xba/0x170
[  452.861470][ T5210]  ? sk_skb_reason_drop+0x44/0x3d0
[  452.866563][ T5210]  kasan_report+0x143/0x180
[  452.871045][ T5210]  ? sk_skb_reason_drop+0x44/0x3d0
[  452.876137][ T5210]  kasan_check_range+0x282/0x290
[  452.881054][ T5210]  sk_skb_reason_drop+0x44/0x3d0
[  452.885973][ T5210]  __hci_req_sync+0x631/0x950
[  452.890631][ T5210]  ? __pfx___hci_req_sync+0x10/0x10
[  452.895813][ T5210]  ? __pfx___mutex_lock+0x10/0x10
[  452.900824][ T5210]  ? __pfx_autoremove_wake_function+0x10/0x10
[  452.906911][ T5210]  ? __pfx_hci_scan_req+0x10/0x10
[  452.911943][ T5210]  hci_req_sync+0xa9/0xd0
[  452.916258][ T5210]  hci_dev_cmd+0x4c5/0xa50
[  452.920656][ T5210]  ? security_capable+0x90/0xb0
[  452.925497][ T5210]  ? __pfx_hci_dev_cmd+0x10/0x10
[  452.930413][ T5210]  ? hci_sock_ioctl+0x6c6/0xa40
[  452.935247][ T5210]  sock_do_ioctl+0x158/0x460
[  452.939834][ T5210]  ? __pfx_sock_do_ioctl+0x10/0x10
[  452.944966][ T5210]  sock_ioctl+0x629/0x8e0
[  452.949287][ T5210]  ? __pfx_sock_ioctl+0x10/0x10
[  452.954128][ T5210]  ? __fget_files+0x29/0x470
[  452.958714][ T5210]  ? __fget_files+0x3f6/0x470
[  452.963373][ T5210]  ? __fget_files+0x29/0x470
[  452.967950][ T5210]  ? bpf_lsm_file_ioctl+0x9/0x10
[  452.972867][ T5210]  ? security_file_ioctl+0x87/0xb0
[  452.977963][ T5210]  ? __pfx_sock_ioctl+0x10/0x10
[  452.982795][ T5210]  __se_sys_ioctl+0xfc/0x170
[  452.987367][ T5210]  do_syscall_64+0xf3/0x230
[  452.991852][ T5210]  ? clear_bhb_loop+0x35/0x90
[  452.996513][ T5210]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  453.002397][ T5210] RIP: 0033:0x7f6ff947ce0b
[  453.006815][ T5210] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  453.026413][ T5210] RSP: 002b:00007ffc311ba1e0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  453.034818][ T5210] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f6ff947ce0b
[  453.042771][ T5210] RDX: 00007ffc311ba258 RSI: 00000000400448dd RDI: 0000000000000003
[  453.050723][ T5210] RBP: 0000555586729430 R08: 0000000000000000 R09: 0000000000000000
[  453.058675][ T5210] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[  453.066625][ T5210] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
[  453.074580][ T5210]  </TASK>
[  453.077578][ T5210] 
[  453.079882][ T5210] Allocated by task 4487:
[  453.084192][ T5210]  kasan_save_track+0x3f/0x80
[  453.088851][ T5210]  __kasan_slab_alloc+0x66/0x80
[  453.093682][ T5210]  kmem_cache_alloc_noprof+0x135/0x2a0
[  453.099122][ T5210]  skb_clone+0x20c/0x390
[  453.103339][ T5210]  hci_cmd_work+0x2a2/0x670
[  453.107823][ T5210]  process_scheduled_works+0xa2c/0x1830
[  453.113351][ T5210]  worker_thread+0x86d/0xd50
[  453.117924][ T5210]  kthread+0x2f0/0x390
[  453.121975][ T5210]  ret_from_fork+0x4b/0x80
[  453.126370][ T5210]  ret_from_fork_asm+0x1a/0x30
[  453.131113][ T5210] 
[  453.133415][ T5210] Freed by task 4487:
[  453.137378][ T5210]  kasan_save_track+0x3f/0x80
[  453.142034][ T5210]  kasan_save_free_info+0x40/0x50
[  453.147040][ T5210]  poison_slab_object+0xe0/0x150
[  453.151958][ T5210]  __kasan_slab_free+0x37/0x60
[  453.156700][ T5210]  kmem_cache_free+0x145/0x350
[  453.161445][ T5210]  hci_req_sync_complete+0xe8/0x290
[  453.166625][ T5210]  hci_event_packet+0xc75/0x1540
[  453.171542][ T5210]  hci_rx_work+0x3e8/0xca0
[  453.175937][ T5210]  process_scheduled_works+0xa2c/0x1830
[  453.181463][ T5210]  worker_thread+0x86d/0xd50
[  453.186050][ T5210]  kthread+0x2f0/0x390
[  453.190095][ T5210]  ret_from_fork+0x4b/0x80
[  453.194492][ T5210]  ret_from_fork_asm+0x1a/0x30
[  453.199235][ T5210] 
[  453.201539][ T5210] The buggy address belongs to the object at ffff88807d8f5140
[  453.201539][ T5210]  which belongs to the cache skbuff_head_cache of size 240
[  453.216102][ T5210] The buggy address is located 228 bytes inside of
[  453.216102][ T5210]  freed 240-byte region [ffff88807d8f5140, ffff88807d8f5230)
[  453.229876][ T5210] 
[  453.232183][ T5210] The buggy address belongs to the physical page:
[  453.238575][ T5210] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d8f5
[  453.247313][ T5210] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  453.254410][ T5210] page_type: 0xffffefff(slab)
[  453.259069][ T5210] raw: 00fff00000000000 ffff8880196d9780 dead000000000122 0000000000000000
[  453.267628][ T5210] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000
[  453.276183][ T5210] page dumped because: kasan: bad access detected
[  453.282578][ T5210] page_owner tracks the page as allocated
[  453.288269][ T5210] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4487, tgid 4487 (kworker/u9:1), ts 452754998219, free_ts 452528123586
[  453.307611][ T5210]  post_alloc_hook+0x1f3/0x230
[  453.312366][ T5210]  get_page_from_freelist+0x2ccb/0x2d80
[  453.317905][ T5210]  __alloc_pages_noprof+0x256/0x6c0
[  453.323084][ T5210]  alloc_slab_page+0x5f/0x120
[  453.327748][ T5210]  allocate_slab+0x5a/0x2f0
[  453.332228][ T5210]  ___slab_alloc+0xcd1/0x14b0
[  453.336882][ T5210]  __slab_alloc+0x58/0xa0
[  453.341188][ T5210]  kmem_cache_alloc_noprof+0x1c1/0x2a0
[  453.346625][ T5210]  skb_clone+0x20c/0x390
[  453.350848][ T5210]  hci_cmd_work+0xde/0x670
[  453.355257][ T5210]  process_scheduled_works+0xa2c/0x1830
[  453.360786][ T5210]  worker_thread+0x86d/0xd50
[  453.365355][ T5210]  kthread+0x2f0/0x390
[  453.369404][ T5210]  ret_from_fork+0x4b/0x80
[  453.373800][ T5210]  ret_from_fork_asm+0x1a/0x30
[  453.378542][ T5210] page last free pid 5205 tgid 5205 stack trace:
[  453.384849][ T5210]  free_unref_page+0xd22/0xea0
[  453.389591][ T5210]  __slab_free+0x31b/0x3d0
[  453.393985][ T5210]  qlist_free_all+0x9e/0x140
[  453.398549][ T5210]  kasan_quarantine_reduce+0x14f/0x170
[  453.403985][ T5210]  __kasan_slab_alloc+0x23/0x80
[  453.408813][ T5210]  __kmalloc_cache_noprof+0x132/0x2c0
[  453.414168][ T5210]  register_netdevice+0x4e2/0x19e0
[  453.419258][ T5210]  __ip_tunnel_create+0x2b4/0x380
[  453.424261][ T5210]  ip_tunnel_init_net+0x21c/0x710
[  453.429266][ T5210]  ops_init+0x359/0x610
[  453.433397][ T5210]  setup_net+0x515/0xca0
[  453.437622][ T5210]  copy_net_ns+0x4e2/0x7b0
[  453.442014][ T5210]  create_new_namespaces+0x425/0x7b0
[  453.447278][ T5210]  unshare_nsproxy_namespaces+0x124/0x180
[  453.452996][ T5210]  ksys_unshare+0x619/0xc10
[  453.457485][ T5210]  __x64_sys_unshare+0x38/0x40
[  453.462233][ T5210] 
[  453.464537][ T5210] Memory state around the buggy address:
[  453.470138][ T5210]  ffff88807d8f5100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  453.478174][ T5210]  ffff88807d8f5180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  453.486218][ T5210] >ffff88807d8f5200: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  453.494269][ T5210]                                ^
[  453.499374][ T5210]  ffff88807d8f5280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  453.507439][ T5210]  ffff88807d8f5300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  453.515484][ T5210] ==================================================================
[  453.530849][ T5210] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  453.538092][ T5210] CPU: 0 UID: 0 PID: 5210 Comm: syz-executor.0 Not tainted 6.10.0-rc4-next-20240621-syzkaller #0
[  453.548607][ T5210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  453.558653][ T5210] Call Trace:
[  453.561915][ T5210]  <TASK>
[  453.564831][ T5210]  dump_stack_lvl+0x241/0x360
[  453.569494][ T5210]  ? __pfx_dump_stack_lvl+0x10/0x10
[  453.574669][ T5210]  ? __pfx__printk+0x10/0x10
[  453.579255][ T5210]  ? preempt_schedule+0xe1/0xf0
[  453.584097][ T5210]  ? vscnprintf+0x5d/0x90
[  453.588436][ T5210]  panic+0x349/0x870
[  453.592338][ T5210]  ? check_panic_on_warn+0x21/0xb0
[  453.597436][ T5210]  ? __pfx_panic+0x10/0x10
[  453.601838][ T5210]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  453.607798][ T5210]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  453.614107][ T5210]  ? print_report+0x502/0x550
[  453.618763][ T5210]  check_panic_on_warn+0x86/0xb0
[  453.623682][ T5210]  ? sk_skb_reason_drop+0x44/0x3d0
[  453.628771][ T5210]  end_report+0x77/0x160
[  453.632991][ T5210]  kasan_report+0x154/0x180
[  453.637481][ T5210]  ? sk_skb_reason_drop+0x44/0x3d0
[  453.642589][ T5210]  kasan_check_range+0x282/0x290
[  453.647517][ T5210]  sk_skb_reason_drop+0x44/0x3d0
[  453.652447][ T5210]  __hci_req_sync+0x631/0x950
[  453.657118][ T5210]  ? __pfx___hci_req_sync+0x10/0x10
[  453.662307][ T5210]  ? __pfx___mutex_lock+0x10/0x10
[  453.667319][ T5210]  ? __pfx_autoremove_wake_function+0x10/0x10
[  453.673376][ T5210]  ? __pfx_hci_scan_req+0x10/0x10
[  453.678387][ T5210]  hci_req_sync+0xa9/0xd0
[  453.682707][ T5210]  hci_dev_cmd+0x4c5/0xa50
[  453.687121][ T5210]  ? security_capable+0x90/0xb0
[  453.691970][ T5210]  ? __pfx_hci_dev_cmd+0x10/0x10
[  453.696895][ T5210]  ? hci_sock_ioctl+0x6c6/0xa40
[  453.701739][ T5210]  sock_do_ioctl+0x158/0x460
[  453.706320][ T5210]  ? __pfx_sock_do_ioctl+0x10/0x10
[  453.711423][ T5210]  sock_ioctl+0x629/0x8e0
[  453.715742][ T5210]  ? __pfx_sock_ioctl+0x10/0x10
[  453.720577][ T5210]  ? __fget_files+0x29/0x470
[  453.725155][ T5210]  ? __fget_files+0x3f6/0x470
[  453.729819][ T5210]  ? __fget_files+0x29/0x470
[  453.734411][ T5210]  ? bpf_lsm_file_ioctl+0x9/0x10
[  453.739332][ T5210]  ? security_file_ioctl+0x87/0xb0
[  453.744432][ T5210]  ? __pfx_sock_ioctl+0x10/0x10
[  453.749268][ T5210]  __se_sys_ioctl+0xfc/0x170
[  453.753847][ T5210]  do_syscall_64+0xf3/0x230
[  453.758333][ T5210]  ? clear_bhb_loop+0x35/0x90
[  453.762998][ T5210]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  453.768878][ T5210] RIP: 0033:0x7f6ff947ce0b
[  453.773280][ T5210] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  453.792875][ T5210] RSP: 002b:00007ffc311ba1e0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  453.801282][ T5210] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f6ff947ce0b
[  453.809239][ T5210] RDX: 00007ffc311ba258 RSI: 00000000400448dd RDI: 0000000000000003
[  453.817195][ T5210] RBP: 0000555586729430 R08: 0000000000000000 R09: 0000000000000000
[  453.825152][ T5210] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[  453.833110][ T5210] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001
[  453.841084][ T5210]  </TASK>
[  453.844313][ T5210] Kernel Offset: disabled
[  453.848626][ T5210] Rebooting in 86400 seconds..