Warning: Permanently added '10.128.1.167' (ED25519) to the list of known hosts.
2023/08/26 04:27:40 ignoring optional flag "sandboxArg"="0"
2023/08/26 04:27:40 parsed 1 programs
2023/08/26 04:27:41 executed programs: 0
[ 86.112138][ T5385] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 86.124063][ T5384] syz-execprog[5384]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[ 86.134684][ T5384] syz-execprog[5384]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[ 86.185973][ T4446] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 86.193727][ T4446] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 86.201892][ T4446] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 86.209354][ T4446] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 86.217228][ T4446] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 86.347653][ T5393] chnl_net:caif_netlink_parms(): no params data found
[ 86.410446][ T5393] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.417861][ T5393] bridge0: port 1(bridge_slave_0) entered disabled state
[ 86.425476][ T5393] bridge_slave_0: entered allmulticast mode
[ 86.432514][ T5393] bridge_slave_0: entered promiscuous mode
[ 86.441140][ T5393] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.449356][ T5393] bridge0: port 2(bridge_slave_1) entered disabled state
[ 86.456902][ T5393] bridge_slave_1: entered allmulticast mode
[ 86.464063][ T5393] bridge_slave_1: entered promiscuous mode
[ 86.493842][ T5393] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 86.505791][ T5393] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 86.535118][ T5393] team0: Port device team_slave_0 added
[ 86.544086][ T5393] team0: Port device team_slave_1 added
[ 86.570065][ T5393] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 86.577265][ T5393] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 86.603305][ T5393] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 86.616386][ T5393] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 86.623413][ T5393] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 86.649454][ T5393] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 86.690327][ T5393] hsr_slave_0: entered promiscuous mode
[ 86.696857][ T5393] hsr_slave_1: entered promiscuous mode
[ 87.145015][ T27] cfg80211: failed to load regulatory.db
[ 87.444758][ T5393] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 87.456959][ T5393] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 87.469438][ T5393] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 87.482501][ T5393] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 87.600697][ T5393] 8021q: adding VLAN 0 to HW filter on device bond0
[ 87.629714][ T5393] 8021q: adding VLAN 0 to HW filter on device team0
[ 87.645454][ T23] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.652670][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 87.678859][ T54] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.686278][ T54] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 87.901477][ T5393] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 87.968870][ T5393] veth0_vlan: entered promiscuous mode
[ 87.985517][ T5393] veth1_vlan: entered promiscuous mode
[ 88.032343][ T5393] veth0_macvtap: entered promiscuous mode
[ 88.045551][ T5393] veth1_macvtap: entered promiscuous mode
[ 88.067795][ T5393] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 88.088610][ T5393] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 88.104010][ T5393] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.115105][ T5393] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.125225][ T5393] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.134291][ T5393] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.217984][ T1154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.237288][ T1154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 88.262189][ T4446] Bluetooth: hci1: command 0x0409 tx timeout
[ 88.282933][ T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.292117][ T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 90.351368][ T4446] Bluetooth: hci1: command 0x041b tx timeout
2023/08/26 04:27:47 executed programs: 4
[ 92.431095][ T4446] Bluetooth: hci1: command 0x040f tx timeout
[ 94.501970][ T4446] Bluetooth: hci1: command 0x0419 tx timeout
[ 96.591161][ T4446] Bluetooth: hci1: command 0x0405 tx timeout
2023/08/26 04:27:52 executed programs: 10
[ 98.661245][ T4446] Bluetooth: hci1: command 0x0405 tx timeout
[ 100.740878][ T4446] Bluetooth: hci1: command 0x0405 tx timeout
2023/08/26 04:27:57 executed programs: 16
[ 106.483178][ T5857] ==================================================================
[ 106.493458][ T5857] BUG: KASAN: use-after-free in hci_get_route+0x1cc/0x510
[ 106.501028][ T5857] Read of size 8 at addr ffff888068d1c0a8 by task syz-executor.0/5857
[ 106.509179][ T5857]
[ 106.511488][ T5857] CPU: 0 PID: 5857 Comm: syz-executor.0 Not tainted 6.5.0-rc6-next-20230818-syzkaller-dirty #0
[ 106.521791][ T5857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 106.531925][ T5857] Call Trace:
[ 106.535209][ T5857]
[ 106.538140][ T5857] dump_stack_lvl+0xd9/0x1b0
[ 106.542836][ T5857] print_report+0xc4/0x620
[ 106.547368][ T5857] ? __virt_addr_valid+0x5e/0x2d0
[ 106.552505][ T5857] ? __phys_addr+0xc6/0x140
[ 106.557192][ T5857] kasan_report+0xda/0x110
[ 106.561611][ T5857] ? hci_get_route+0x1cc/0x510
[ 106.566468][ T5857] ? hci_get_route+0x1cc/0x510
[ 106.571242][ T5857] kasan_check_range+0xef/0x190
[ 106.576287][ T5857] hci_get_route+0x1cc/0x510
[ 106.580898][ T5857] ? hci_conn_link+0x3d0/0x3d0
[ 106.585783][ T5857] ? rcu_is_watching+0x12/0xb0
[ 106.590750][ T5857] get_l2cap_conn.constprop.0+0xe9/0x6b0
[ 106.596405][ T5857] ? preempt_count_sub+0x150/0x150
[ 106.601542][ T5857] ? do_enable_set+0xa50/0xa50
[ 106.606321][ T5857] lowpan_control_write+0x1ba/0x730
[ 106.611526][ T5857] ? get_l2cap_conn.constprop.0+0x6b0/0x6b0
[ 106.617424][ T5857] ? lock_acquire+0x464/0x510
[ 106.622108][ T5857] ? debugfs_file_get+0x1ca/0x440
[ 106.627217][ T5857] ? apparmor_file_permission+0x21f/0x4f0
[ 106.632944][ T5857] full_proxy_write+0x124/0x190
[ 106.637792][ T5857] vfs_write+0x2a4/0xe40
[ 106.642036][ T5857] ? full_proxy_poll+0x180/0x180
[ 106.646979][ T5857] ? kernel_write+0x6c0/0x6c0
[ 106.651662][ T5857] ? __fget_files+0x279/0x410
[ 106.656437][ T5857] ksys_write+0x12f/0x250
[ 106.660772][ T5857] ? __ia32_sys_read+0xb0/0xb0
[ 106.665538][ T5857] ? rcu_is_watching+0x12/0xb0
[ 106.670300][ T5857] ? trace_irq_enable.constprop.0+0xd0/0x100
[ 106.676283][ T5857] do_syscall_64+0x38/0xb0
[ 106.680705][ T5857] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 106.686687][ T5857] RIP: 0033:0x7f728f47cae9
[ 106.691098][ T5857] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 106.710787][ T5857] RSP: 002b:00007f72900ee0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 106.719288][ T5857] RAX: ffffffffffffffda RBX: 00007f728f59bf80 RCX: 00007f728f47cae9
[ 106.727255][ T5857] RDX: 000000000000001b RSI: 0000000020000280 RDI: 0000000000000003
[ 106.735218][ T5857] RBP: 00007f728f4c847a R08: 0000000000000000 R09: 0000000000000000
[ 106.743272][ T5857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 106.751249][ T5857] R13: 000000000000000b R14: 00007f728f59bf80 R15: 00007ffd19482978
[ 106.759225][ T5857]
[ 106.762237][ T5857]
[ 106.764723][ T5857] The buggy address belongs to the physical page:
[ 106.771120][ T5857] page:ffffea0001a34700 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x68d1c
[ 106.781273][ T5857] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 106.788371][ T5857] page_type: 0xffffffff()
[ 106.792697][ T5857] raw: 00fff00000000000 ffffea00008a6e08 ffff8880b9842670 0000000000000000
[ 106.801367][ T5857] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 106.809936][ T5857] page dumped because: kasan: bad access detected
[ 106.816497][ T5857] page_owner tracks the page as freed
[ 106.821942][ T5857] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x140dc0(GFP_USER|__GFP_COMP|__GFP_ZERO), pid 5393, tgid 5393 (syz-executor.0), ts 86181654329, free_ts 106465252737
[ 106.840257][ T5857] post_alloc_hook+0x2cf/0x340
[ 106.845045][ T5857] get_page_from_freelist+0x10d7/0x31b0
[ 106.851020][ T5857] __alloc_pages+0x1d0/0x4a0
[ 106.855864][ T5857] __kmalloc_large_node+0x87/0x1c0
[ 106.861153][ T5857] __kmalloc.cold+0xb/0xe0
[ 106.865651][ T5857] hci_alloc_dev_priv+0x1d/0x2770
[ 106.870676][ T5857] __vhci_create_device+0xf7/0x800
[ 106.875791][ T5857] vhci_write+0x2c7/0x470
[ 106.880468][ T5857] vfs_write+0x650/0xe40
[ 106.884711][ T5857] ksys_write+0x12f/0x250
[ 106.889132][ T5857] do_syscall_64+0x38/0xb0
[ 106.893549][ T5857] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 106.899963][ T5857] page last free stack trace:
[ 106.904623][ T5857] free_unref_page_prepare+0x476/0xa40
[ 106.910172][ T5857] free_unref_page+0x33/0x3b0
[ 106.914948][ T5857] bt_host_release+0x87/0xb0
[ 106.919621][ T5857] device_release+0xa1/0x240
[ 106.924208][ T5857] kobject_put+0x1f7/0x5b0
[ 106.928623][ T5857] put_device+0x1f/0x30
[ 106.932862][ T5857] hci_conn_timeout+0x215/0x2d0
[ 106.937989][ T5857] process_one_work+0x887/0x15d0
[ 106.942929][ T5857] worker_thread+0x8bb/0x1290
[ 106.947902][ T5857] kthread+0x33a/0x430
[ 106.952071][ T5857] ret_from_fork+0x45/0x80
[ 106.956867][ T5857] ret_from_fork_asm+0x11/0x20
[ 106.961742][ T5857]
[ 106.964060][ T5857] Memory state around the buggy address:
[ 106.969688][ T5857] ffff888068d1bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 106.978004][ T5857] ffff888068d1c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 106.986393][ T5857] >ffff888068d1c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 106.994643][ T5857] ^
[ 107.000013][ T5857] ffff888068d1c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 107.008244][ T5857] ffff888068d1c180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 107.016321][ T5857] ==================================================================
[ 107.025349][ T5857] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 107.032568][ T5857] CPU: 0 PID: 5857 Comm: syz-executor.0 Not tainted 6.5.0-rc6-next-20230818-syzkaller-dirty #0
[ 107.042980][ T5857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 107.053207][ T5857] Call Trace:
[ 107.059523][ T5857]
[ 107.062448][ T5857] dump_stack_lvl+0xd9/0x1b0
[ 107.067051][ T5857] panic+0x6a6/0x750
[ 107.071124][ T5857] ? panic_smp_self_stop+0xa0/0xa0
[ 107.076238][ T5857] ? trace_irq_enable.constprop.0+0xd0/0x100
[ 107.082224][ T5857] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 107.088485][ T5857] check_panic_on_warn+0xab/0xb0
[ 107.093513][ T5857] end_report+0x108/0x150
[ 107.097936][ T5857] kasan_report+0xea/0x110
[ 107.102349][ T5857] ? hci_get_route+0x1cc/0x510
[ 107.107121][ T5857] ? hci_get_route+0x1cc/0x510
[ 107.111901][ T5857] kasan_check_range+0xef/0x190
[ 107.116748][ T5857] hci_get_route+0x1cc/0x510
[ 107.121406][ T5857] ? hci_conn_link+0x3d0/0x3d0
[ 107.126176][ T5857] ? rcu_is_watching+0x12/0xb0
[ 107.131034][ T5857] get_l2cap_conn.constprop.0+0xe9/0x6b0
[ 107.136679][ T5857] ? preempt_count_sub+0x150/0x150
[ 107.142238][ T5857] ? do_enable_set+0xa50/0xa50
[ 107.147009][ T5857] lowpan_control_write+0x1ba/0x730
[ 107.152328][ T5857] ? get_l2cap_conn.constprop.0+0x6b0/0x6b0
[ 107.158396][ T5857] ? lock_acquire+0x464/0x510
[ 107.163447][ T5857] ? debugfs_file_get+0x1ca/0x440
[ 107.168564][ T5857] ? apparmor_file_permission+0x21f/0x4f0
[ 107.174328][ T5857] full_proxy_write+0x124/0x190
[ 107.179450][ T5857] vfs_write+0x2a4/0xe40
[ 107.183782][ T5857] ? full_proxy_poll+0x180/0x180
[ 107.188985][ T5857] ? kernel_write+0x6c0/0x6c0
[ 107.193892][ T5857] ? __fget_files+0x279/0x410
[ 107.198577][ T5857] ksys_write+0x12f/0x250
[ 107.203018][ T5857] ? __ia32_sys_read+0xb0/0xb0
[ 107.208073][ T5857] ? rcu_is_watching+0x12/0xb0
[ 107.212943][ T5857] ? trace_irq_enable.constprop.0+0xd0/0x100
[ 107.218938][ T5857] do_syscall_64+0x38/0xb0
[ 107.223374][ T5857] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 107.229274][ T5857] RIP: 0033:0x7f728f47cae9
[ 107.233690][ T5857] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 107.253693][ T5857] RSP: 002b:00007f72900ee0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 107.262230][ T5857] RAX: ffffffffffffffda RBX: 00007f728f59bf80 RCX: 00007f728f47cae9
[ 107.270292][ T5857] RDX: 000000000000001b RSI: 0000000020000280 RDI: 0000000000000003
[ 107.278303][ T5857] RBP: 00007f728f4c847a R08: 0000000000000000 R09: 0000000000000000
[ 107.286285][ T5857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 107.294621][ T5857] R13: 000000000000000b R14: 00007f728f59bf80 R15: 00007ffd19482978
[ 107.302796][ T5857]
[ 107.306177][ T5857] Kernel Offset: disabled
[ 107.310708][ T5857] Rebooting in 86400 seconds..