Warning: Permanently added '10.128.0.74' (ED25519) to the list of known hosts.
2024/10/03 15:53:33 ignoring optional flag "sandboxArg"="0"
2024/10/03 15:53:33 ignoring optional flag "type"="gce"
2024/10/03 15:53:33 parsed 1 programs
2024/10/03 15:53:35 executed programs: 0
[   89.708708][ T5393] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   89.771121][ T4494] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   89.779123][ T4494] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   89.787059][ T4494] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   89.795543][ T4494] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   89.804810][ T4494] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   89.812150][ T4494] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   89.933928][ T5398] chnl_net:caif_netlink_parms(): no params data found
[   89.988181][ T5398] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.995867][ T5398] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.003461][ T5398] bridge_slave_0: entered allmulticast mode
[   90.010347][ T5398] bridge_slave_0: entered promiscuous mode
[   90.018338][ T5398] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.025705][ T5398] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.034131][ T5398] bridge_slave_1: entered allmulticast mode
[   90.041081][ T5398] bridge_slave_1: entered promiscuous mode
[   90.065620][ T5398] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.077102][ T5398] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.104819][ T5398] team0: Port device team_slave_0 added
[   90.112122][ T5398] team0: Port device team_slave_1 added
[   90.133495][ T5398] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.140491][ T5398] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.167386][ T5398] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.179995][ T5398] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.187042][ T5398] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.213907][ T5398] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.248636][ T5398] hsr_slave_0: entered promiscuous mode
[   90.255713][ T5398] hsr_slave_1: entered promiscuous mode
[   90.721784][ T5398] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   90.734382][ T5398] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   90.744510][ T5398] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   90.754427][ T5398] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   90.781428][ T5398] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.788680][ T5398] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.796213][ T5398] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.803481][ T5398] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.875066][ T5398] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.896393][ T2450] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.904964][ T2450] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.925309][ T5398] 8021q: adding VLAN 0 to HW filter on device team0
[   90.938855][ T2466] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.946042][ T2466] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.988541][ T2466] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.996501][ T2466] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.189779][ T5398] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.230452][ T5398] veth0_vlan: entered promiscuous mode
[   91.245539][ T5398] veth1_vlan: entered promiscuous mode
[   91.280198][ T5398] veth0_macvtap: entered promiscuous mode
[   91.290072][ T5398] veth1_macvtap: entered promiscuous mode
[   91.310214][ T5398] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.327284][ T5398] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.340416][ T5398] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.351578][ T5398] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.360821][ T5398] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.369997][ T5398] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.424608][ T2466] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.436919][ T2466] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.468554][ T2830] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.477270][ T2830] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.834024][   T54] Bluetooth: hci0: command tx timeout
[   93.914859][   T54] Bluetooth: hci0: command 0x041b tx timeout
[   93.925021][ T5537] ==================================================================
[   93.933141][ T5537] BUG: KASAN: slab-use-after-free in hci_conn_drop+0x34/0x280
[   93.940658][ T5537] Write of size 4 at addr ffff88801ea58010 by task syz-executor.0/5537
[   93.948912][ T5537] 
[   93.951247][ T5537] CPU: 0 UID: 0 PID: 5537 Comm: syz-executor.0 Not tainted 6.12.0-rc1-syzkaller-g7ec462100ef9-dirty #0
[   93.962292][ T5537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   93.972459][ T5537] Call Trace:
[   93.975754][ T5537]  <TASK>
[   93.978700][ T5537]  dump_stack_lvl+0x241/0x360
[   93.983411][ T5537]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.988668][ T5537]  ? __pfx__printk+0x10/0x10
[   93.993281][ T5537]  ? srso_alias_return_thunk+0x5/0xfbef5
[   93.998935][ T5537]  ? _printk+0xd5/0x120
[   94.003102][ T5537]  ? __virt_addr_valid+0x183/0x530
[   94.008222][ T5537]  ? srso_alias_return_thunk+0x5/0xfbef5
[   94.013891][ T5537]  print_report+0x169/0x550
[   94.018442][ T5537]  ? __virt_addr_valid+0x183/0x530
[   94.023652][ T5537]  ? srso_alias_return_thunk+0x5/0xfbef5
[   94.029583][ T5537]  ? __virt_addr_valid+0x45f/0x530
[   94.034705][ T5537]  ? srso_alias_return_thunk+0x5/0xfbef5
[   94.040359][ T5537]  ? __phys_addr+0xba/0x170
[   94.044964][ T5537]  ? hci_conn_drop+0x34/0x280
[   94.049661][ T5537]  kasan_report+0x143/0x180
[   94.054186][ T5537]  ? hci_conn_drop+0x34/0x280
[   94.058886][ T5537]  kasan_check_range+0x282/0x290
[   94.063841][ T5537]  hci_conn_drop+0x34/0x280
[   94.068368][ T5537]  sco_conn_destruct+0x57/0x100
[   94.073242][ T5537]  sco_sock_destruct+0x43/0x90
[   94.078027][ T5537]  ? __pfx_sco_sock_destruct+0x10/0x10
[   94.083545][ T5537]  __sk_destruct+0x5a/0x5f0
[   94.088064][ T5537]  ? __sk_free+0x333/0x460
[   94.092496][ T5537]  sco_sock_release+0x25e/0x320
[   94.097373][ T5537]  sock_close+0xbe/0x240
[   94.101621][ T5537]  ? __pfx_sock_close+0x10/0x10
[   94.106490][ T5537]  __fput+0x241/0x880
[   94.110488][ T5537]  __x64_sys_close+0x7f/0x110
[   94.115178][ T5537]  do_syscall_64+0xf3/0x230
[   94.119694][ T5537]  ? srso_alias_return_thunk+0x5/0xfbef5
[   94.125347][ T5537]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.131278][ T5537] RIP: 0033:0x7fa71cc7cd5a
[   94.135699][ T5537] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[   94.155316][ T5537] RSP: 002b:00007ffc91af2860 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   94.163738][ T5537] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007fa71cc7cd5a
[   94.171710][ T5537] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[   94.179682][ T5537] RBP: 00007fa71cdad980 R08: 0000001b2d160000 R09: 7fffffffffffffff
[   94.187659][ T5537] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000016f8e
[   94.195635][ T5537] R13: ffffffffffffffff R14: 00007fa71c800000 R15: 0000000000016c4d
[   94.203654][ T5537]  </TASK>
[   94.206672][ T5537] 
[   94.209018][ T5537] Allocated by task 5455:
[   94.213366][ T5537]  kasan_save_track+0x3f/0x80
[   94.218052][ T5537]  __kasan_kmalloc+0x98/0xb0
[   94.222649][ T5537]  __kmalloc_cache_noprof+0x19c/0x2c0
[   94.228031][ T5537]  __hci_conn_add+0x2f9/0x1850
[   94.232803][ T5537]  hci_connect_sco+0xd0/0x370
[   94.237487][ T5537]  sco_sock_connect+0x2fc/0x990
[   94.242400][ T5537]  __sys_connect+0x2d3/0x300
[   94.247024][ T5537]  __x64_sys_connect+0x7a/0x90
[   94.251799][ T5537]  do_syscall_64+0xf3/0x230
[   94.256329][ T5537]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.262342][ T5537] 
[   94.264658][ T5537] Freed by task 4494:
[   94.268629][ T5537]  kasan_save_track+0x3f/0x80
[   94.273311][ T5537]  kasan_save_free_info+0x40/0x50
[   94.278350][ T5537]  __kasan_slab_free+0x59/0x70
[   94.283117][ T5537]  kfree+0x1a0/0x440
[   94.287021][ T5537]  device_release+0x9b/0x1c0
[   94.291635][ T5537]  kobject_put+0x231/0x480
[   94.296059][ T5537]  hci_conn_del+0x8c4/0xc40
[   94.300566][ T5537]  hci_abort_conn_sync+0x583/0xde0
[   94.305692][ T5537]  hci_cmd_sync_work+0x22d/0x400
[   94.310646][ T5537]  process_scheduled_works+0xa65/0x1850
[   94.316205][ T5537]  worker_thread+0x870/0xd30
[   94.320812][ T5537]  kthread+0x2f2/0x390
[   94.324884][ T5537]  ret_from_fork+0x4d/0x80
[   94.329319][ T5537]  ret_from_fork_asm+0x1a/0x30
[   94.334097][ T5537] 
[   94.336415][ T5537] Last potentially related work creation:
[   94.342148][ T5537]  kasan_save_stack+0x3f/0x60
[   94.346830][ T5537]  __kasan_record_aux_stack+0xac/0xc0
[   94.352217][ T5537]  insert_work+0x3e/0x330
[   94.356557][ T5537]  __queue_work+0xc8b/0xf50
[   94.361072][ T5537]  queue_delayed_work_on+0x1ca/0x390
[   94.366369][ T5537]  sco_conn_destruct+0x57/0x100
[   94.371338][ T5537]  sco_sock_destruct+0x43/0x90
[   94.376119][ T5537]  __sk_destruct+0x5a/0x5f0
[   94.380631][ T5537]  sco_sock_release+0x25e/0x320
[   94.385496][ T5537]  sock_close+0xbe/0x240
[   94.389761][ T5537]  __fput+0x241/0x880
[   94.393743][ T5537]  task_work_run+0x251/0x310
[   94.398334][ T5537]  get_signal+0x15e8/0x1740
[   94.402959][ T5537]  arch_do_signal_or_restart+0x96/0x860
[   94.408521][ T5537]  syscall_exit_to_user_mode+0xc9/0x370
[   94.414086][ T5537]  do_syscall_64+0x100/0x230
[   94.418690][ T5537]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.424592][ T5537] 
[   94.426909][ T5537] The buggy address belongs to the object at ffff88801ea58000
[   94.426909][ T5537]  which belongs to the cache kmalloc-8k of size 8192
[   94.440966][ T5537] The buggy address is located 16 bytes inside of
[   94.440966][ T5537]  freed 8192-byte region [ffff88801ea58000, ffff88801ea5a000)
[   94.454779][ T5537] 
[   94.457101][ T5537] The buggy address belongs to the physical page:
[   94.463510][ T5537] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ea58
[   94.472304][ T5537] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   94.480804][ T5537] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   94.488963][ T5537] page_type: f5(slab)
[   94.492951][ T5537] raw: 00fff00000000040 ffff888015442280 0000000000000000 dead000000000001
[   94.501542][ T5537] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   94.510131][ T5537] head: 00fff00000000040 ffff888015442280 0000000000000000 dead000000000001
[   94.518810][ T5537] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   94.527484][ T5537] head: 00fff00000000003 ffffea00007a9601 ffffffffffffffff 0000000000000000
[   94.536156][ T5537] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   94.544819][ T5537] page dumped because: kasan: bad access detected
[   94.551220][ T5537] page_owner tracks the page as allocated
[   94.556925][ T5537] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4772, tgid 4772 (dhcpcd-run-hook), ts 33884825404, free_ts 32631813811
[   94.577796][ T5537]  post_alloc_hook+0x1f3/0x230
[   94.582585][ T5537]  get_page_from_freelist+0x3045/0x3190
[   94.588144][ T5537]  __alloc_pages_noprof+0x256/0x6c0
[   94.593349][ T5537]  alloc_pages_mpol_noprof+0x3e8/0x680
[   94.598990][ T5537]  alloc_slab_page+0x6a/0x120
[   94.603666][ T5537]  allocate_slab+0x5a/0x2f0
[   94.608173][ T5537]  ___slab_alloc+0xcd1/0x14b0
[   94.612852][ T5537]  __slab_alloc+0x58/0xa0
[   94.617182][ T5537]  __kmalloc_cache_noprof+0x1d5/0x2c0
[   94.622589][ T5537]  tomoyo_init_log+0x11cd/0x2050
[   94.627545][ T5537]  tomoyo_supervisor+0x38a/0x11f0
[   94.632579][ T5537]  tomoyo_env_perm+0x178/0x210
[   94.637346][ T5537]  tomoyo_find_next_domain+0x146e/0x1d40
[   94.642979][ T5537]  tomoyo_bprm_check_security+0x114/0x180
[   94.648701][ T5537]  security_bprm_check+0x86/0x250
[   94.653729][ T5537]  bprm_execve+0xa56/0x1770
[   94.658508][ T5537] page last free pid 4743 tgid 4743 stack trace:
[   94.664865][ T5537]  free_unref_page+0xcfb/0xf20
[   94.669651][ T5537]  __put_partials+0xeb/0x130
[   94.674270][ T5537]  put_cpu_partial+0x17c/0x250
[   94.679063][ T5537]  __slab_free+0x2ea/0x3d0
[   94.683485][ T5537]  qlist_free_all+0x9a/0x140
[   94.688082][ T5537]  kasan_quarantine_reduce+0x14f/0x170
[   94.693550][ T5537]  __kasan_slab_alloc+0x23/0x80
[   94.698407][ T5537]  __kmalloc_cache_noprof+0x132/0x2c0
[   94.703819][ T5537]  tomoyo_init_log+0x1ca/0x2050
[   94.708694][ T5537]  tomoyo_supervisor+0x38a/0x11f0
[   94.713756][ T5537]  tomoyo_path_permission+0x243/0x360
[   94.719134][ T5537]  tomoyo_path_perm+0x480/0x740
[   94.723996][ T5537]  security_inode_getattr+0x130/0x330
[   94.729377][ T5537]  vfs_getattr+0x45/0x430
[   94.733723][ T5537]  vfs_fstatat+0xe4/0x190
[   94.738085][ T5537]  __x64_sys_newfstatat+0x11d/0x1a0
[   94.743288][ T5537] 
[   94.745612][ T5537] Memory state around the buggy address:
[   94.751261][ T5537]  ffff88801ea57f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   94.759325][ T5537]  ffff88801ea57f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   94.767473][ T5537] >ffff88801ea58000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   94.775562][ T5537]                          ^
[   94.780148][ T5537]  ffff88801ea58080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   94.788209][ T5537]  ffff88801ea58100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   94.796287][ T5537] ==================================================================
[   94.815267][ T5537] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   94.822602][ T5537] CPU: 0 UID: 0 PID: 5537 Comm: syz-executor.0 Not tainted 6.12.0-rc1-syzkaller-g7ec462100ef9-dirty #0
[   94.833682][ T5537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   94.843763][ T5537] Call Trace:
[   94.847063][ T5537]  <TASK>
[   94.850010][ T5537]  dump_stack_lvl+0x241/0x360
[   94.854732][ T5537]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.860024][ T5537]  ? __pfx__printk+0x10/0x10
[   94.864649][ T5537]  ? preempt_schedule+0xe1/0xf0
[   94.869547][ T5537]  ? srso_alias_return_thunk+0x5/0xfbef5
[   94.875219][ T5537]  ? vscnprintf+0x5d/0x90
[   94.879585][ T5537]  panic+0x349/0x880
[   94.883512][ T5537]  ? check_panic_on_warn+0x21/0xb0
[   94.888831][ T5537]  ? __pfx_panic+0x10/0x10
[   94.893288][ T5537]  ? srso_alias_return_thunk+0x5/0xfbef5
[   94.898963][ T5537]  ? srso_alias_return_thunk+0x5/0xfbef5
[   94.904682][ T5537]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   94.910730][ T5537]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   94.917124][ T5537]  ? print_report+0x502/0x550
[   94.921863][ T5537]  check_panic_on_warn+0x86/0xb0
[   94.926842][ T5537]  ? hci_conn_drop+0x34/0x280
[   94.931570][ T5537]  end_report+0x77/0x160
[   94.935849][ T5537]  kasan_report+0x154/0x180
[   94.940399][ T5537]  ? hci_conn_drop+0x34/0x280
[   94.945124][ T5537]  kasan_check_range+0x282/0x290
[   94.950104][ T5537]  hci_conn_drop+0x34/0x280
[   94.954684][ T5537]  sco_conn_destruct+0x57/0x100
[   94.959613][ T5537]  sco_sock_destruct+0x43/0x90
[   94.964422][ T5537]  ? __pfx_sco_sock_destruct+0x10/0x10
[   94.969922][ T5537]  __sk_destruct+0x5a/0x5f0
[   94.974465][ T5537]  ? __sk_free+0x333/0x460
[   94.978921][ T5537]  sco_sock_release+0x25e/0x320
[   94.983846][ T5537]  sock_close+0xbe/0x240
[   94.988117][ T5537]  ? __pfx_sock_close+0x10/0x10
[   94.993065][ T5537]  __fput+0x241/0x880
[   94.997171][ T5537]  __x64_sys_close+0x7f/0x110
[   95.001877][ T5537]  do_syscall_64+0xf3/0x230
[   95.006433][ T5537]  ? srso_alias_return_thunk+0x5/0xfbef5
[   95.012139][ T5537]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.018069][ T5537] RIP: 0033:0x7fa71cc7cd5a
[   95.022509][ T5537] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[   95.042183][ T5537] RSP: 002b:00007ffc91af2860 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   95.050637][ T5537] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007fa71cc7cd5a
[   95.058637][ T5537] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[   95.066632][ T5537] RBP: 00007fa71cdad980 R08: 0000001b2d160000 R09: 7fffffffffffffff
[   95.074714][ T5537] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000016f8e
[   95.082737][ T5537] R13: ffffffffffffffff R14: 00007fa71c800000 R15: 0000000000016c4d
[   95.091459][ T5537]  </TASK>
[   95.094734][ T5537] Kernel Offset: disabled
[   95.099054][ T5537] Rebooting in 86400 seconds..