Warning: Permanently added '10.128.1.11' (ED25519) to the list of known hosts.
2024/08/19 09:00:54 ignoring optional flag "sandboxArg"="0"
2024/08/19 09:00:55 parsed 1 programs
2024/08/19 09:00:57 executed programs: 0
[  105.504238][ T5527] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  105.517739][ T5527] syz-executor (5527) used greatest stack depth: 19800 bytes left
[  105.580674][ T4612] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  105.588549][ T4612] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  105.596298][ T4612] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  105.605597][ T4612] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  105.613536][ T4612] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  105.621239][ T4612] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  105.797766][ T5533] chnl_net:caif_netlink_parms(): no params data found
[  105.886107][ T5533] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.893351][ T5533] bridge0: port 1(bridge_slave_0) entered disabled state
[  105.900988][ T5533] bridge_slave_0: entered allmulticast mode
[  105.909330][ T5533] bridge_slave_0: entered promiscuous mode
[  105.918400][ T5533] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.925606][ T5533] bridge0: port 2(bridge_slave_1) entered disabled state
[  105.933352][ T5533] bridge_slave_1: entered allmulticast mode
[  105.940655][ T5533] bridge_slave_1: entered promiscuous mode
[  105.976077][ T5533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  105.989432][ T5533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  106.030317][ T5533] team0: Port device team_slave_0 added
[  106.039965][ T5533] team0: Port device team_slave_1 added
[  106.073291][ T5533] batman_adv: batadv0: Adding interface: batadv_slave_0
[  106.080721][ T5533] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.106670][ T5533] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  106.119650][ T5533] batman_adv: batadv0: Adding interface: batadv_slave_1
[  106.126863][ T5533] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.152788][ T5533] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  106.204453][ T5533] hsr_slave_0: entered promiscuous mode
[  106.211544][ T5533] hsr_slave_1: entered promiscuous mode
[  107.046470][ T5533] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  107.059345][ T5533] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  107.072151][ T5533] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  107.085430][ T5533] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  107.206251][ T5533] 8021q: adding VLAN 0 to HW filter on device bond0
[  107.231886][ T5533] 8021q: adding VLAN 0 to HW filter on device team0
[  107.251830][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.259132][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  107.272311][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.279515][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  107.555261][ T5533] 8021q: adding VLAN 0 to HW filter on device batadv0
[  107.627316][ T5533] veth0_vlan: entered promiscuous mode
[  107.644448][ T5533] veth1_vlan: entered promiscuous mode
[  107.679912][ T4612] Bluetooth: hci0: command tx timeout
[  107.706985][ T5533] veth0_macvtap: entered promiscuous mode
[  107.720005][ T5533] veth1_macvtap: entered promiscuous mode
[  107.748731][ T5533] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.766390][ T5533] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.783330][ T5533] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.795836][ T5533] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.806878][ T5533] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.816914][ T5533] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.922648][   T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.943469][   T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.985118][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.993559][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.757583][   T54] Bluetooth: hci0: command tx timeout
2024/08/19 09:01:02 executed programs: 3
[  111.839851][   T54] Bluetooth: hci0: command 0x040f tx timeout
[  113.918471][   T54] Bluetooth: hci0: command 0x040f tx timeout
2024/08/19 09:01:07 executed programs: 9
[  115.998240][   T54] Bluetooth: hci0: command 0x040f tx timeout
[  118.077537][ T4612] Bluetooth: hci0: command 0x040f tx timeout
2024/08/19 09:01:12 executed programs: 15
2024/08/19 09:01:17 executed programs: 21
2024/08/19 09:01:23 executed programs: 27
2024/08/19 09:01:28 executed programs: 33
[  138.482115][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  138.488567][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
2024/08/19 09:01:33 executed programs: 39
2024/08/19 09:01:38 executed programs: 45
[  148.089448][ T5249] ==================================================================
[  148.097579][ T5249] BUG: KASAN: slab-use-after-free in sco_sock_timeout+0x8b/0x270
[  148.105336][ T5249] Write of size 4 at addr ffff88802b192080 by task kworker/1:4/5249
[  148.113300][ T5249] 
[  148.115607][ T5249] CPU: 1 UID: 0 PID: 5249 Comm: kworker/1:4 Not tainted 6.11.0-rc4-syzkaller-g47ac09b91bef #0
[  148.125830][ T5249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  148.135873][ T5249] Workqueue: events sco_sock_timeout
[  148.141163][ T5249] Call Trace:
[  148.144426][ T5249]  <TASK>
[  148.147349][ T5249]  dump_stack_lvl+0x241/0x360
[  148.152046][ T5249]  ? __pfx_dump_stack_lvl+0x10/0x10
[  148.157684][ T5249]  ? __pfx__printk+0x10/0x10
[  148.162391][ T5249]  ? _printk+0xd5/0x120
[  148.166548][ T5249]  ? __virt_addr_valid+0x183/0x530
[  148.171651][ T5249]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.177381][ T5249]  print_report+0x169/0x550
[  148.181906][ T5249]  ? __virt_addr_valid+0x183/0x530
[  148.187008][ T5249]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.192637][ T5249]  ? __virt_addr_valid+0x45f/0x530
[  148.197753][ T5249]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.203411][ T5249]  ? __phys_addr+0xba/0x170
[  148.207921][ T5249]  ? sco_sock_timeout+0x8b/0x270
[  148.212864][ T5249]  kasan_report+0x143/0x180
[  148.217389][ T5249]  ? __pfx_lock_acquire+0x10/0x10
[  148.222427][ T5249]  ? sco_sock_timeout+0x8b/0x270
[  148.227380][ T5249]  kasan_check_range+0x282/0x290
[  148.232332][ T5249]  sco_sock_timeout+0x8b/0x270
[  148.237101][ T5249]  ? process_scheduled_works+0x945/0x1830
[  148.242829][ T5249]  process_scheduled_works+0xa2e/0x1830
[  148.248401][ T5249]  ? __pfx_process_scheduled_works+0x10/0x10
[  148.254394][ T5249]  ? assign_work+0x364/0x3d0
[  148.258998][ T5249]  worker_thread+0x86d/0xd40
[  148.263694][ T5249]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  148.269609][ T5249]  ? __kthread_parkme+0x169/0x1d0
[  148.275166][ T5249]  ? __pfx_worker_thread+0x10/0x10
[  148.280286][ T5249]  kthread+0x2f2/0x390
[  148.284367][ T5249]  ? __pfx_worker_thread+0x10/0x10
[  148.289487][ T5249]  ? __pfx_kthread+0x10/0x10
[  148.294095][ T5249]  ret_from_fork+0x4d/0x80
[  148.298523][ T5249]  ? __pfx_kthread+0x10/0x10
[  148.303125][ T5249]  ret_from_fork_asm+0x1a/0x30
[  148.307914][ T5249]  </TASK>
[  148.311015][ T5249] 
[  148.313331][ T5249] Allocated by task 5254:
[  148.317652][ T5249]  kasan_save_track+0x3f/0x80
[  148.322336][ T5249]  __kasan_kmalloc+0x98/0xb0
[  148.326929][ T5249]  __kmalloc_node_track_caller_noprof+0x225/0x440
[  148.333345][ T5249]  kmalloc_reserve+0x111/0x2a0
[  148.338111][ T5249]  __alloc_skb+0x1f3/0x440
[  148.342524][ T5249]  nsim_dev_trap_report_work+0x254/0xaa0
[  148.348171][ T5249]  process_scheduled_works+0xa2e/0x1830
[  148.353897][ T5249]  worker_thread+0x86d/0xd40
[  148.358496][ T5249]  kthread+0x2f2/0x390
[  148.362574][ T5249]  ret_from_fork+0x4d/0x80
[  148.367012][ T5249]  ret_from_fork_asm+0x1a/0x30
[  148.371784][ T5249] 
[  148.374097][ T5249] Freed by task 5254:
[  148.378067][ T5249]  kasan_save_track+0x3f/0x80
[  148.382749][ T5249]  kasan_save_free_info+0x40/0x50
[  148.387774][ T5249]  poison_slab_object+0xe0/0x150
[  148.393241][ T5249]  __kasan_slab_free+0x37/0x60
[  148.398017][ T5249]  kfree+0x149/0x360
[  148.401907][ T5249]  skb_release_data+0x676/0x880
[  148.406849][ T5249]  consume_skb+0xb1/0x160
[  148.411179][ T5249]  nsim_dev_trap_report_work+0x765/0xaa0
[  148.416819][ T5249]  process_scheduled_works+0xa2e/0x1830
[  148.422371][ T5249]  worker_thread+0x86d/0xd40
[  148.426974][ T5249]  kthread+0x2f2/0x390
[  148.431053][ T5249]  ret_from_fork+0x4d/0x80
[  148.435482][ T5249]  ret_from_fork_asm+0x1a/0x30
[  148.440255][ T5249] 
[  148.442745][ T5249] The buggy address belongs to the object at ffff88802b192000
[  148.442745][ T5249]  which belongs to the cache kmalloc-4k of size 4096
[  148.456802][ T5249] The buggy address is located 128 bytes inside of
[  148.456802][ T5249]  freed 4096-byte region [ffff88802b192000, ffff88802b193000)
[  148.470683][ T5249] 
[  148.472997][ T5249] The buggy address belongs to the physical page:
[  148.479441][ T5249] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b190
[  148.488198][ T5249] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  148.496688][ T5249] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  148.504258][ T5249] page_type: 0xfdffffff(slab)
[  148.508963][ T5249] raw: 00fff00000000040 ffff888015842140 dead000000000122 0000000000000000
[  148.517557][ T5249] raw: 0000000000000000 0000000000040004 00000001fdffffff 0000000000000000
[  148.526141][ T5249] head: 00fff00000000040 ffff888015842140 dead000000000122 0000000000000000
[  148.534811][ T5249] head: 0000000000000000 0000000000040004 00000001fdffffff 0000000000000000
[  148.543491][ T5249] head: 00fff00000000003 ffffea0000ac6401 ffffffffffffffff 0000000000000000
[  148.552164][ T5249] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  148.560831][ T5249] page dumped because: kasan: bad access detected
[  148.567239][ T5249] page_owner tracks the page as allocated
[  148.573233][ T5249] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5254, tgid 5254 (kworker/0:4), ts 140128433530, free_ts 139873286088
[  148.595477][ T5249]  post_alloc_hook+0x1f3/0x230
[  148.600256][ T5249]  get_page_from_freelist+0x2e4c/0x2f10
[  148.605813][ T5249]  __alloc_pages_noprof+0x256/0x6c0
[  148.611023][ T5249]  alloc_slab_page+0x5f/0x120
[  148.615714][ T5249]  allocate_slab+0x5a/0x2f0
[  148.620222][ T5249]  ___slab_alloc+0xcd1/0x14b0
[  148.624903][ T5249]  __slab_alloc+0x58/0xa0
[  148.629233][ T5249]  __kmalloc_node_track_caller_noprof+0x281/0x440
[  148.635824][ T5249]  kmalloc_reserve+0x111/0x2a0
[  148.640600][ T5249]  __alloc_skb+0x1f3/0x440
[  148.645028][ T5249]  nsim_dev_trap_report_work+0x254/0xaa0
[  148.650671][ T5249]  process_scheduled_works+0xa2e/0x1830
[  148.656228][ T5249]  worker_thread+0x86d/0xd40
[  148.660916][ T5249]  kthread+0x2f2/0x390
[  148.665035][ T5249]  ret_from_fork+0x4d/0x80
[  148.669550][ T5249]  ret_from_fork_asm+0x1a/0x30
[  148.674328][ T5249] page last free pid 4674 tgid 4674 stack trace:
[  148.680644][ T5249]  free_unref_page+0xd22/0xea0
[  148.685418][ T5249]  __slab_free+0x31b/0x3d0
[  148.689841][ T5249]  qlist_free_all+0x9e/0x140
[  148.694437][ T5249]  kasan_quarantine_reduce+0x14f/0x170
[  148.699910][ T5249]  __kasan_slab_alloc+0x23/0x80
[  148.704768][ T5249]  kmem_cache_alloc_noprof+0x135/0x2a0
[  148.710227][ T5249]  getname_flags+0xb7/0x540
[  148.714726][ T5249]  do_readlinkat+0xd8/0x3a0
[  148.719236][ T5249]  __x64_sys_readlink+0x7f/0x90
[  148.724093][ T5249]  do_syscall_64+0xf3/0x230
[  148.728592][ T5249]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.734490][ T5249] 
[  148.736804][ T5249] Memory state around the buggy address:
[  148.742427][ T5249]  ffff88802b191f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  148.750484][ T5249]  ffff88802b192000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  148.758538][ T5249] >ffff88802b192080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  148.766592][ T5249]                    ^
[  148.770743][ T5249]  ffff88802b192100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  148.778799][ T5249]  ffff88802b192180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  148.786849][ T5249] ==================================================================
[  148.795544][ T5249] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  148.802754][ T5249] CPU: 1 UID: 0 PID: 5249 Comm: kworker/1:4 Not tainted 6.11.0-rc4-syzkaller-g47ac09b91bef #0
[  148.813015][ T5249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  148.823079][ T5249] Workqueue: events sco_sock_timeout
[  148.828392][ T5249] Call Trace:
[  148.831665][ T5249]  <TASK>
[  148.834588][ T5249]  dump_stack_lvl+0x241/0x360
[  148.839272][ T5249]  ? __pfx_dump_stack_lvl+0x10/0x10
[  148.844558][ T5249]  ? __pfx__printk+0x10/0x10
[  148.849348][ T5249]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  148.855355][ T5249]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.860997][ T5249]  ? vscnprintf+0x5d/0x90
[  148.865337][ T5249]  panic+0x349/0x860
[  148.869249][ T5249]  ? check_panic_on_warn+0x21/0xb0
[  148.874366][ T5249]  ? __pfx_panic+0x10/0x10
[  148.878803][ T5249]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[  148.884709][ T5249]  ? srso_alias_return_thunk+0x5/0xfbef5
[  148.890375][ T5249]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  148.896296][ T5249]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  148.902645][ T5249]  check_panic_on_warn+0x86/0xb0
[  148.907595][ T5249]  ? sco_sock_timeout+0x8b/0x270
[  148.912540][ T5249]  end_report+0x77/0x160
[  148.916795][ T5249]  kasan_report+0x154/0x180
[  148.921313][ T5249]  ? __pfx_lock_acquire+0x10/0x10
[  148.926351][ T5249]  ? sco_sock_timeout+0x8b/0x270
[  148.931306][ T5249]  kasan_check_range+0x282/0x290
[  148.936272][ T5249]  sco_sock_timeout+0x8b/0x270
[  148.941045][ T5249]  ? process_scheduled_works+0x945/0x1830
[  148.946775][ T5249]  process_scheduled_works+0xa2e/0x1830
[  148.952360][ T5249]  ? __pfx_process_scheduled_works+0x10/0x10
[  148.958354][ T5249]  ? assign_work+0x364/0x3d0
[  148.962971][ T5249]  worker_thread+0x86d/0xd40
[  148.967579][ T5249]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  148.973488][ T5249]  ? __kthread_parkme+0x169/0x1d0
[  148.978526][ T5249]  ? __pfx_worker_thread+0x10/0x10
[  148.983645][ T5249]  kthread+0x2f2/0x390
[  148.987727][ T5249]  ? __pfx_worker_thread+0x10/0x10
[  148.993021][ T5249]  ? __pfx_kthread+0x10/0x10
[  148.997622][ T5249]  ret_from_fork+0x4d/0x80
[  149.002046][ T5249]  ? __pfx_kthread+0x10/0x10
[  149.006676][ T5249]  ret_from_fork_asm+0x1a/0x30
[  149.011549][ T5249]  </TASK>
[  149.014780][ T5249] Kernel Offset: disabled
[  149.019203][ T5249] Rebooting in 86400 seconds..