[   81.197635][  T921] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.147' (ED25519) to the list of known hosts.
2024/10/07 21:12:01 ignoring optional flag "sandboxArg"="0"
2024/10/07 21:12:01 ignoring optional flag "type"="gce"
2024/10/07 21:12:01 parsed 1 programs
2024/10/07 21:12:02 executed programs: 0
[   86.504343][ T5391] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   86.564712][ T5101] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   86.572660][ T5101] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   86.580919][ T5101] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   86.589160][ T5101] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   86.597066][ T5101] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   86.604379][ T5101] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   86.727695][ T5397] chnl_net:caif_netlink_parms(): no params data found
[   86.779264][ T5397] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.786669][ T5397] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.793811][ T5397] bridge_slave_0: entered allmulticast mode
[   86.801142][ T5397] bridge_slave_0: entered promiscuous mode
[   86.809920][ T5397] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.817399][ T5397] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.824566][ T5397] bridge_slave_1: entered allmulticast mode
[   86.831941][ T5397] bridge_slave_1: entered promiscuous mode
[   86.856711][ T5397] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.868118][ T5397] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.897523][ T5397] team0: Port device team_slave_0 added
[   86.905069][ T5397] team0: Port device team_slave_1 added
[   86.926361][ T5397] batman_adv: batadv0: Adding interface: batadv_slave_0
[   86.933323][ T5397] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   86.960141][ T5397] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   86.972929][ T5397] batman_adv: batadv0: Adding interface: batadv_slave_1
[   86.980105][ T5397] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.006380][ T5397] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.041359][ T5397] hsr_slave_0: entered promiscuous mode
[   87.047773][ T5397] hsr_slave_1: entered promiscuous mode
[   87.526689][ T5397] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   87.537135][ T5397] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   87.548550][ T5397] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   87.558860][ T5397] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   87.587571][ T5397] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.594701][ T5397] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.602260][ T5397] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.609516][ T5397] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.679091][ T5397] 8021q: adding VLAN 0 to HW filter on device bond0
[   87.697630][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.706393][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.726792][ T5397] 8021q: adding VLAN 0 to HW filter on device team0
[   87.741863][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.749025][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   87.782978][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.790167][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   87.969153][ T5397] 8021q: adding VLAN 0 to HW filter on device batadv0
[   88.012610][ T5397] veth0_vlan: entered promiscuous mode
[   88.027873][ T5397] veth1_vlan: entered promiscuous mode
[   88.064456][ T5397] veth0_macvtap: entered promiscuous mode
[   88.077106][ T5397] veth1_macvtap: entered promiscuous mode
[   88.099579][ T5397] batman_adv: batadv0: Interface activated: batadv_slave_0
[   88.116537][ T5397] batman_adv: batadv0: Interface activated: batadv_slave_1
[   88.131465][ T5397] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   88.142963][ T5397] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   88.153494][ T5397] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   88.163626][ T5397] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   88.240547][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.262052][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.287730][ T2398] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   88.296069][ T2398] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   88.646531][ T4493] Bluetooth: hci0: command tx timeout
[   90.716526][ T4493] Bluetooth: hci0: command 0x041b tx timeout
2024/10/07 21:12:08 executed programs: 4
[   92.796703][ T4493] Bluetooth: hci0: command 0x041b tx timeout
[   94.885611][ T5101] Bluetooth: hci0: command 0x041b tx timeout
[   96.955572][ T4493] Bluetooth: hci0: command 0x041b tx timeout
2024/10/07 21:12:13 executed programs: 11
[   99.035662][ T5101] Bluetooth: hci0: command 0x041b tx timeout
2024/10/07 21:12:18 executed programs: 17
2024/10/07 21:12:23 executed programs: 23
2024/10/07 21:12:28 executed programs: 29
2024/10/07 21:12:34 executed programs: 35
2024/10/07 21:12:39 executed programs: 42
2024/10/07 21:12:44 executed programs: 48
[  132.408066][ T1242] ieee802154 phy0 wpan0: encryption failed: -22
[  132.414502][ T1242] ieee802154 phy1 wpan1: encryption failed: -22
2024/10/07 21:12:49 executed programs: 54
[  134.956802][  T921] ==================================================================
[  134.964891][  T921] BUG: KASAN: slab-use-after-free in sco_sock_timeout+0xa2/0x2d0
[  134.972636][  T921] Write of size 4 at addr ffff888140eac080 by task kworker/0:2/921
[  134.980541][  T921] 
[  134.982857][  T921] CPU: 0 UID: 0 PID: 921 Comm: kworker/0:2 Not tainted 6.12.0-rc2-syzkaller-g87d6aab2389e-dirty #0
[  134.993523][  T921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  135.003573][  T921] Workqueue: events sco_sock_timeout
[  135.008871][  T921] Call Trace:
[  135.012152][  T921]  <TASK>
[  135.015128][  T921]  dump_stack_lvl+0x241/0x360
[  135.019811][  T921]  ? __pfx_dump_stack_lvl+0x10/0x10
[  135.025034][  T921]  ? __pfx__printk+0x10/0x10
[  135.029622][  T921]  ? _printk+0xd5/0x120
[  135.033778][  T921]  ? __virt_addr_valid+0x183/0x530
[  135.038890][  T921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  135.044528][  T921]  print_report+0x169/0x550
[  135.049033][  T921]  ? __virt_addr_valid+0x183/0x530
[  135.054152][  T921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  135.059845][  T921]  ? __virt_addr_valid+0x45f/0x530
[  135.065060][  T921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  135.070699][  T921]  ? __phys_addr+0xba/0x170
[  135.075239][  T921]  ? sco_sock_timeout+0xa2/0x2d0
[  135.080191][  T921]  kasan_report+0x143/0x180
[  135.084713][  T921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  135.090381][  T921]  ? sco_sock_timeout+0xa2/0x2d0
[  135.095336][  T921]  kasan_check_range+0x282/0x290
[  135.100333][  T921]  sco_sock_timeout+0xa2/0x2d0
[  135.105110][  T921]  ? process_scheduled_works+0x976/0x1850
[  135.110835][  T921]  process_scheduled_works+0xa65/0x1850
[  135.116399][  T921]  ? __pfx_process_scheduled_works+0x10/0x10
[  135.122396][  T921]  ? assign_work+0x364/0x3d0
[  135.127016][  T921]  worker_thread+0x870/0xd30
[  135.131635][  T921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  135.137278][  T921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  135.142915][  T921]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  135.148816][  T921]  ? __kthread_parkme+0x169/0x1d0
[  135.153846][  T921]  ? __pfx_worker_thread+0x10/0x10
[  135.158983][  T921]  kthread+0x2f2/0x390
[  135.163048][  T921]  ? __pfx_worker_thread+0x10/0x10
[  135.168186][  T921]  ? __pfx_kthread+0x10/0x10
[  135.172783][  T921]  ret_from_fork+0x4d/0x80
[  135.177214][  T921]  ? __pfx_kthread+0x10/0x10
[  135.181891][  T921]  ret_from_fork_asm+0x1a/0x30
[  135.186756][  T921]  </TASK>
[  135.189767][  T921] 
[  135.192081][  T921] Allocated by task 5764:
[  135.196401][  T921]  kasan_save_track+0x3f/0x80
[  135.201098][  T921]  __kasan_kmalloc+0x98/0xb0
[  135.205688][  T921]  __kmalloc_noprof+0x1fc/0x400
[  135.210540][  T921]  sk_prot_alloc+0xe0/0x210
[  135.215044][  T921]  sk_alloc+0x38/0x370
[  135.219122][  T921]  bt_sock_alloc+0x3c/0x340
[  135.223649][  T921]  sco_sock_create+0xbb/0x390
[  135.228355][  T921]  bt_sock_create+0x163/0x230
[  135.233028][  T921]  __sock_create+0x492/0x920
[  135.237617][  T921]  __sys_socket+0x150/0x3c0
[  135.242114][  T921]  __x64_sys_socket+0x7a/0x90
[  135.246790][  T921]  do_syscall_64+0xf3/0x230
[  135.251295][  T921]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.257187][  T921] 
[  135.259499][  T921] Freed by task 5765:
[  135.263473][  T921]  kasan_save_track+0x3f/0x80
[  135.268171][  T921]  kasan_save_free_info+0x40/0x50
[  135.273206][  T921]  __kasan_slab_free+0x59/0x70
[  135.277978][  T921]  kfree+0x1a0/0x440
[  135.281870][  T921]  __sk_destruct+0x479/0x5f0
[  135.286457][  T921]  sco_sock_release+0x25e/0x320
[  135.291395][  T921]  sock_close+0xbe/0x240
[  135.295636][  T921]  __fput+0x241/0x880
[  135.299698][  T921]  task_work_run+0x251/0x310
[  135.304303][  T921]  get_signal+0x15e8/0x1740
[  135.308805][  T921]  arch_do_signal_or_restart+0x96/0x860
[  135.314350][  T921]  syscall_exit_to_user_mode+0xc9/0x370
[  135.319897][  T921]  do_syscall_64+0x100/0x230
[  135.324491][  T921]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.330384][  T921] 
[  135.332699][  T921] The buggy address belongs to the object at ffff888140eac000
[  135.332699][  T921]  which belongs to the cache kmalloc-2k of size 2048
[  135.346750][  T921] The buggy address is located 128 bytes inside of
[  135.346750][  T921]  freed 2048-byte region [ffff888140eac000, ffff888140eac800)
[  135.360628][  T921] 
[  135.362941][  T921] The buggy address belongs to the physical page:
[  135.369337][  T921] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888140eab000 pfn:0x140ea8
[  135.379476][  T921] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  135.387962][  T921] flags: 0x57ff00000000240(workingset|head|node=1|zone=2|lastcpupid=0x7ff)
[  135.396539][  T921] page_type: f5(slab)
[  135.400516][  T921] raw: 057ff00000000240 ffff888015442000 ffffea000515b410 ffffea000510e610
[  135.409190][  T921] raw: ffff888140eab000 0000000000080006 00000001f5000000 0000000000000000
[  135.417799][  T921] head: 057ff00000000240 ffff888015442000 ffffea000515b410 ffffea000510e610
[  135.426480][  T921] head: ffff888140eab000 0000000000080006 00000001f5000000 0000000000000000
[  135.435161][  T921] head: 057ff00000000003 ffffea000503aa01 ffffffffffffffff 0000000000000000
[  135.443830][  T921] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  135.452496][  T921] page dumped because: kasan: bad access detected
[  135.459073][  T921] page_owner tracks the page as allocated
[  135.464793][  T921] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 2263006817, free_ts 0
[  135.484541][  T921]  post_alloc_hook+0x1f3/0x230
[  135.489315][  T921]  get_page_from_freelist+0x3045/0x3190
[  135.494943][  T921]  __alloc_pages_noprof+0x256/0x6c0
[  135.500138][  T921]  alloc_pages_mpol_noprof+0x3e8/0x680
[  135.505622][  T921]  alloc_slab_page+0x6a/0x120
[  135.510312][  T921]  allocate_slab+0x5a/0x2f0
[  135.514827][  T921]  ___slab_alloc+0xcd1/0x14b0
[  135.519509][  T921]  __slab_alloc+0x58/0xa0
[  135.523835][  T921]  __kmalloc_cache_noprof+0x1d5/0x2c0
[  135.529227][  T921]  acpi_ds_create_walk_state+0x103/0x2a0
[  135.534964][  T921]  acpi_ds_auto_serialize_method+0xe7/0x240
[  135.540865][  T921]  acpi_ds_init_one_object+0x1bb/0x370
[  135.546345][  T921]  acpi_ns_walk_namespace+0x296/0x4f0
[  135.551715][  T921]  acpi_ds_initialize_objects+0x199/0x2b0
[  135.557436][  T921]  acpi_ns_load_table+0xfd/0x120
[  135.562366][  T921]  acpi_tb_load_namespace+0x291/0x6d0
[  135.567734][  T921] page_owner free stack trace missing
[  135.573085][  T921] 
[  135.575396][  T921] Memory state around the buggy address:
[  135.581021][  T921]  ffff888140eabf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  135.589244][  T921]  ffff888140eac000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  135.597311][  T921] >ffff888140eac080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  135.605371][  T921]                    ^
[  135.609516][  T921]  ffff888140eac100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  135.617571][  T921]  ffff888140eac180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  135.625625][  T921] ==================================================================
[  135.634017][  T921] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  135.641223][  T921] CPU: 0 UID: 0 PID: 921 Comm: kworker/0:2 Not tainted 6.12.0-rc2-syzkaller-g87d6aab2389e-dirty #0
[  135.651985][  T921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  135.662131][  T921] Workqueue: events sco_sock_timeout
[  135.667448][  T921] Call Trace:
[  135.670723][  T921]  <TASK>
[  135.673647][  T921]  dump_stack_lvl+0x241/0x360
[  135.678349][  T921]  ? __pfx_dump_stack_lvl+0x10/0x10
[  135.683553][  T921]  ? __pfx__printk+0x10/0x10
[  135.688147][  T921]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  135.694145][  T921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  135.699789][  T921]  ? vscnprintf+0x5d/0x90
[  135.704131][  T921]  panic+0x349/0x880
[  135.708031][  T921]  ? check_panic_on_warn+0x21/0xb0
[  135.713146][  T921]  ? __pfx_panic+0x10/0x10
[  135.717569][  T921]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[  135.723474][  T921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  135.729217][  T921]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  135.735217][  T921]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  135.741568][  T921]  check_panic_on_warn+0x86/0xb0
[  135.746601][  T921]  ? sco_sock_timeout+0xa2/0x2d0
[  135.751560][  T921]  end_report+0x77/0x160
[  135.755896][  T921]  kasan_report+0x154/0x180
[  135.760399][  T921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  135.766048][  T921]  ? sco_sock_timeout+0xa2/0x2d0
[  135.771090][  T921]  kasan_check_range+0x282/0x290
[  135.776039][  T921]  sco_sock_timeout+0xa2/0x2d0
[  135.780845][  T921]  ? process_scheduled_works+0x976/0x1850
[  135.786576][  T921]  process_scheduled_works+0xa65/0x1850
[  135.792254][  T921]  ? __pfx_process_scheduled_works+0x10/0x10
[  135.798336][  T921]  ? assign_work+0x364/0x3d0
[  135.802935][  T921]  worker_thread+0x870/0xd30
[  135.807542][  T921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  135.813307][  T921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  135.818951][  T921]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  135.824947][  T921]  ? __kthread_parkme+0x169/0x1d0
[  135.829990][  T921]  ? __pfx_worker_thread+0x10/0x10
[  135.835112][  T921]  kthread+0x2f2/0x390
[  135.839210][  T921]  ? __pfx_worker_thread+0x10/0x10
[  135.844334][  T921]  ? __pfx_kthread+0x10/0x10
[  135.848950][  T921]  ret_from_fork+0x4d/0x80
[  135.853558][  T921]  ? __pfx_kthread+0x10/0x10
[  135.858150][  T921]  ret_from_fork_asm+0x1a/0x30
[  135.863061][  T921]  </TASK>
[  135.866345][  T921] Kernel Offset: disabled
[  135.871325][  T921] Rebooting in 86400 seconds..