Warning: Permanently added '10.128.10.9' (ED25519) to the list of known hosts.
2023/09/05 11:24:18 ignoring optional flag "sandboxArg"="0"
2023/09/05 11:24:18 parsed 1 programs
2023/09/05 11:24:19 executed programs: 0
[   95.265618][ T5383] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   95.326790][ T5037] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   95.335479][ T5037] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   95.344071][   T49] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   95.353247][ T5037] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   95.361352][ T5037] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   95.368958][ T5037] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   95.476476][ T5390] chnl_net:caif_netlink_parms(): no params data found
[   95.520468][ T5390] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.527845][ T5390] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.535298][ T5390] bridge_slave_0: entered allmulticast mode
[   95.542054][ T5390] bridge_slave_0: entered promiscuous mode
[   95.550855][ T5390] bridge0: port 2(bridge_slave_1) entered blocking state
[   95.558080][ T5390] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.565835][ T5390] bridge_slave_1: entered allmulticast mode
[   95.572674][ T5390] bridge_slave_1: entered promiscuous mode
[   95.595620][ T5390] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.607594][ T5390] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.631262][ T5390] team0: Port device team_slave_0 added
[   95.638898][ T5390] team0: Port device team_slave_1 added
[   95.658427][ T5390] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.666059][ T5390] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.694038][ T5390] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.706981][ T5390] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.714218][ T5390] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.741442][ T5390] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.771208][ T5390] hsr_slave_0: entered promiscuous mode
[   95.777875][ T5390] hsr_slave_1: entered promiscuous mode
[   96.400369][ T5390] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   96.411735][ T5390] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   96.422826][ T5390] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   96.433416][ T5390] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   96.459814][ T5390] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.467012][ T5390] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.474437][ T5390] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.481930][ T5390] bridge0: port 1(bridge_slave_0) entered forwarding state
[   96.508570][   T22] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.518844][   T22] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.573652][ T5390] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.599119][ T5390] 8021q: adding VLAN 0 to HW filter on device team0
[   96.612713][ T4112] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.620358][ T4112] bridge0: port 1(bridge_slave_0) entered forwarding state
[   96.649415][ T4112] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.656695][ T4112] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.691008][ T5390] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   96.701519][ T5390] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   96.908989][ T5390] 8021q: adding VLAN 0 to HW filter on device batadv0
[   96.960531][ T5390] veth0_vlan: entered promiscuous mode
[   96.973647][ T5390] veth1_vlan: entered promiscuous mode
[   97.010542][ T5390] veth0_macvtap: entered promiscuous mode
[   97.022814][ T5390] veth1_macvtap: entered promiscuous mode
[   97.043602][ T5390] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.061351][ T5390] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.076867][ T5390] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.087910][ T5390] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.098057][ T5390] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.107625][ T5390] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.179830][ T4112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.193854][ T4112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.227237][ T1675] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.236086][ T1675] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.386422][ T4440] Bluetooth: hci0: command 0x0409 tx timeout
[   99.464723][ T5037] Bluetooth: hci0: command 0x041b tx timeout
2023/09/05 11:24:25 executed programs: 4
[  101.555083][ T5037] Bluetooth: hci0: command 0x040f tx timeout
[  103.624699][ T5037] Bluetooth: hci0: command 0x0419 tx timeout
[  105.704587][   T49] Bluetooth: hci0: command 0x0405 tx timeout
2023/09/05 11:24:30 executed programs: 10
[  107.784637][   T49] Bluetooth: hci0: command 0x0405 tx timeout
[  109.864640][   T49] Bluetooth: hci0: command 0x0405 tx timeout
2023/09/05 11:24:35 executed programs: 16
[  111.945756][ T5037] Bluetooth: hci0: command 0x0405 tx timeout
[  114.024646][ T5037] Bluetooth: hci0: command 0x0405 tx timeout
2023/09/05 11:24:40 executed programs: 22
[  116.104651][ T4440] Bluetooth: hci0: command 0x0405 tx timeout
[  118.184613][ T4440] Bluetooth: hci0: command 0x0405 tx timeout
[  120.264659][ T5037] Bluetooth: hci0: command 0x0405 tx timeout
2023/09/05 11:24:45 executed programs: 28
[  122.344619][ T5037] Bluetooth: hci0: command 0x0405 tx timeout
[  124.424632][ T5037] Bluetooth: hci0: command 0x0405 tx timeout
[  124.500084][ T5037] ==================================================================
[  124.508646][ T5037] BUG: KASAN: slab-use-after-free in sco_conn_del+0xb9/0x2d0
[  124.516152][ T5037] Write of size 4 at addr ffff888068c19080 by task kworker/u5:2/5037
[  124.524769][ T5037] 
[  124.527118][ T5037] CPU: 0 PID: 5037 Comm: kworker/u5:2 Not tainted 6.5.0-syzkaller-03967-gbd6c11bc43c4-dirty #0
[  124.538086][ T5037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[  124.548583][ T5037] Workqueue: hci0 hci_cmd_sync_work
[  124.553796][ T5037] Call Trace:
[  124.557254][ T5037]  <TASK>
[  124.560355][ T5037]  dump_stack_lvl+0xd9/0x1b0
[  124.564949][ T5037]  print_report+0xc4/0x620
[  124.569382][ T5037]  ? __virt_addr_valid+0x5e/0x2d0
[  124.574433][ T5037]  ? __phys_addr+0xc6/0x140
[  124.579042][ T5037]  kasan_report+0xda/0x110
[  124.583665][ T5037]  ? sco_conn_del+0xb9/0x2d0
[  124.588372][ T5037]  ? sco_conn_del+0xb9/0x2d0
[  124.593496][ T5037]  kasan_check_range+0xef/0x190
[  124.598573][ T5037]  sco_conn_del+0xb9/0x2d0
[  124.603086][ T5037]  sco_connect_cfm+0x205/0xb70
[  124.607866][ T5037]  ? hci_conn_unlink+0x34a/0x9b0
[  124.612898][ T5037]  ? sco_sock_release+0x2c0/0x2c0
[  124.618121][ T5037]  ? __phys_addr+0xc6/0x140
[  124.622901][ T5037]  ? sco_sock_release+0x2c0/0x2c0
[  124.628217][ T5037]  hci_conn_failed+0x196/0x320
[  124.633095][ T5037]  hci_conn_unlink+0x6f9/0x9b0
[  124.638067][ T5037]  hci_conn_del+0x59/0xd10
[  124.642570][ T5037]  hci_abort_conn_sync+0xacb/0xe20
[  124.647695][ T5037]  ? hci_dev_close_sync+0x10f0/0x10f0
[  124.653524][ T5037]  ? abort_conn_sync+0x11e/0x3a0
[  124.658503][ T5037]  ? reacquire_held_locks+0x4b0/0x4b0
[  124.663992][ T5037]  ? bit_wait_timeout+0x160/0x160
[  124.669041][ T5037]  abort_conn_sync+0x18e/0x3a0
[  124.673808][ T5037]  hci_cmd_sync_work+0x1a4/0x3c0
[  124.679037][ T5037]  process_one_work+0xaa2/0x16f0
[  124.684290][ T5037]  ? le_conn_timeout+0x240/0x240
[  124.689308][ T5037]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[  124.694946][ T5037]  ? spin_bug+0x1d0/0x1d0
[  124.699539][ T5037]  worker_thread+0x687/0x1110
[  124.704304][ T5037]  ? __kthread_parkme+0x152/0x220
[  124.709351][ T5037]  ? process_one_work+0x16f0/0x16f0
[  124.714741][ T5037]  kthread+0x33a/0x430
[  124.719078][ T5037]  ? kthread_complete_and_exit+0x40/0x40
[  124.724890][ T5037]  ret_from_fork+0x2c/0x70
[  124.729407][ T5037]  ? kthread_complete_and_exit+0x40/0x40
[  124.735200][ T5037]  ret_from_fork_asm+0x11/0x20
[  124.739976][ T5037]  </TASK>
[  124.742987][ T5037] 
[  124.745307][ T5037] Allocated by task 5848:
[  124.749631][ T5037]  kasan_save_stack+0x33/0x50
[  124.754584][ T5037]  kasan_set_track+0x25/0x30
[  124.759268][ T5037]  __kasan_kmalloc+0xa2/0xb0
[  124.764142][ T5037]  __kmalloc+0x5d/0x100
[  124.768316][ T5037]  sk_prot_alloc+0x1a4/0x2a0
[  124.773088][ T5037]  sk_alloc+0x3a/0x7f0
[  124.777173][ T5037]  bt_sock_alloc+0x3b/0x3e0
[  124.781715][ T5037]  sco_sock_create+0xe3/0x3b0
[  124.786398][ T5037]  bt_sock_create+0x180/0x340
[  124.791069][ T5037]  __sock_create+0x334/0x810
[  124.795739][ T5037]  __sys_socket+0x14c/0x260
[  124.800591][ T5037]  __x64_sys_socket+0x72/0xb0
[  124.805629][ T5037]  do_syscall_64+0x38/0xb0
[  124.810125][ T5037]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  124.816290][ T5037] 
[  124.818709][ T5037] Freed by task 5849:
[  124.823073][ T5037]  kasan_save_stack+0x33/0x50
[  124.828121][ T5037]  kasan_set_track+0x25/0x30
[  124.832983][ T5037]  kasan_save_free_info+0x2b/0x40
[  124.838005][ T5037]  ____kasan_slab_free+0x15e/0x1b0
[  124.843210][ T5037]  slab_free_freelist_hook+0x10b/0x1e0
[  124.848770][ T5037]  __kmem_cache_free+0xb8/0x2f0
[  124.853619][ T5037]  __sk_destruct+0x5fc/0x770
[  124.858567][ T5037]  sk_destruct+0xc2/0xf0
[  124.862847][ T5037]  __sk_free+0xc4/0x3a0
[  124.867008][ T5037]  sk_free+0x7c/0xa0
[  124.871022][ T5037]  sco_sock_kill+0x19d/0x1c0
[  124.875622][ T5037]  sco_sock_release+0x154/0x2c0
[  124.880528][ T5037]  __sock_release+0xae/0x260
[  124.885198][ T5037]  sock_close+0x1c/0x20
[  124.889518][ T5037]  __fput+0x3f7/0xa70
[  124.893683][ T5037]  task_work_run+0x14d/0x240
[  124.898375][ T5037]  get_signal+0x1075/0x2770
[  124.902962][ T5037]  arch_do_signal_or_restart+0x89/0x5f0
[  124.908688][ T5037]  exit_to_user_mode_prepare+0x11f/0x240
[  124.914555][ T5037]  syscall_exit_to_user_mode+0x1d/0x60
[  124.920282][ T5037]  do_syscall_64+0x44/0xb0
[  124.926441][ T5037]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  124.932701][ T5037] 
[  124.935201][ T5037] The buggy address belongs to the object at ffff888068c19000
[  124.935201][ T5037]  which belongs to the cache kmalloc-2k of size 2048
[  124.950054][ T5037] The buggy address is located 128 bytes inside of
[  124.950054][ T5037]  freed 2048-byte region [ffff888068c19000, ffff888068c19800)
[  124.964380][ T5037] 
[  124.966707][ T5037] The buggy address belongs to the physical page:
[  124.975113][ T5037] page:ffffea0001a30600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x68c18
[  124.985781][ T5037] head:ffffea0001a30600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  124.994925][ T5037] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  125.003523][ T5037] page_type: 0xffffffff()
[  125.008207][ T5037] raw: 00fff00000010200 ffff888012842000 ffffea0001a30400 0000000000000002
[  125.017236][ T5037] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[  125.027554][ T5037] page dumped because: kasan: bad access detected
[  125.034134][ T5037] page_owner tracks the page as allocated
[  125.039942][ T5037] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 22, tgid 22 (kworker/1:0), ts 96674696674, free_ts 74879599637
[  125.062814][ T5037]  post_alloc_hook+0x2d2/0x350
[  125.067593][ T5037]  get_page_from_freelist+0x10a9/0x31e0
[  125.073146][ T5037]  __alloc_pages+0x1d0/0x4a0
[  125.077729][ T5037]  alloc_pages+0x1a9/0x270
[  125.082144][ T5037]  allocate_slab+0x24e/0x380
[  125.086938][ T5037]  ___slab_alloc+0x8bc/0x1570
[  125.091730][ T5037]  __slab_alloc.constprop.0+0x56/0xa0
[  125.097225][ T5037]  __kmem_cache_alloc_node+0x137/0x350
[  125.102957][ T5037]  __kmalloc_node_track_caller+0x4d/0x100
[  125.108689][ T5037]  kmalloc_reserve+0xef/0x270
[  125.113374][ T5037]  __alloc_skb+0x12b/0x330
[  125.117790][ T5037]  alloc_skb_with_frags+0xe4/0x710
[  125.122919][ T5037]  sock_alloc_send_pskb+0x7c8/0x950
[  125.128209][ T5037]  mld_newpack.isra.0+0x1ee/0x790
[  125.133253][ T5037]  add_grhead+0x295/0x340
[  125.137602][ T5037]  add_grec+0x10bb/0x1680
[  125.141987][ T5037] page last free stack trace:
[  125.146910][ T5037]  __free_pages_ok+0x6b3/0xef0
[  125.151700][ T5037]  kvfree+0x47/0x50
[  125.155524][ T5037]  proc_sys_call_handler+0x549/0x6c0
[  125.160847][ T5037]  vfs_read+0x4e0/0x930
[  125.165004][ T5037]  ksys_read+0x12f/0x250
[  125.169246][ T5037]  do_syscall_64+0x38/0xb0
[  125.173662][ T5037]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  125.179642][ T5037] 
[  125.181975][ T5037] Memory state around the buggy address:
[  125.187615][ T5037]  ffff888068c18f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  125.195845][ T5037]  ffff888068c19000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  125.204070][ T5037] >ffff888068c19080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  125.212123][ T5037]                    ^
[  125.216182][ T5037]  ffff888068c19100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  125.224333][ T5037]  ffff888068c19180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  125.232513][ T5037] ==================================================================
[  125.240972][ T5037] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  125.249145][ T5037] CPU: 0 PID: 5037 Comm: kworker/u5:2 Not tainted 6.5.0-syzkaller-03967-gbd6c11bc43c4-dirty #0
[  125.259857][ T5037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[  125.270635][ T5037] Workqueue: hci0 hci_cmd_sync_work
[  125.275850][ T5037] Call Trace:
[  125.279214][ T5037]  <TASK>
[  125.282412][ T5037]  dump_stack_lvl+0xd9/0x1b0
[  125.287035][ T5037]  panic+0x6a4/0x750
[  125.290970][ T5037]  ? panic_smp_self_stop+0xa0/0xa0
[  125.296875][ T5037]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  125.303145][ T5037]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  125.309602][ T5037]  check_panic_on_warn+0xab/0xb0
[  125.314815][ T5037]  end_report+0x108/0x150
[  125.319337][ T5037]  kasan_report+0xea/0x110
[  125.323774][ T5037]  ? sco_conn_del+0xb9/0x2d0
[  125.328558][ T5037]  ? sco_conn_del+0xb9/0x2d0
[  125.333733][ T5037]  kasan_check_range+0xef/0x190
[  125.338881][ T5037]  sco_conn_del+0xb9/0x2d0
[  125.343526][ T5037]  sco_connect_cfm+0x205/0xb70
[  125.348313][ T5037]  ? hci_conn_unlink+0x34a/0x9b0
[  125.353363][ T5037]  ? sco_sock_release+0x2c0/0x2c0
[  125.358491][ T5037]  ? __phys_addr+0xc6/0x140
[  125.363552][ T5037]  ? sco_sock_release+0x2c0/0x2c0
[  125.368965][ T5037]  hci_conn_failed+0x196/0x320
[  125.373924][ T5037]  hci_conn_unlink+0x6f9/0x9b0
[  125.378880][ T5037]  hci_conn_del+0x59/0xd10
[  125.383412][ T5037]  hci_abort_conn_sync+0xacb/0xe20
[  125.389271][ T5037]  ? hci_dev_close_sync+0x10f0/0x10f0
[  125.394685][ T5037]  ? abort_conn_sync+0x11e/0x3a0
[  125.399747][ T5037]  ? reacquire_held_locks+0x4b0/0x4b0
[  125.405334][ T5037]  ? bit_wait_timeout+0x160/0x160
[  125.411016][ T5037]  abort_conn_sync+0x18e/0x3a0
[  125.416084][ T5037]  hci_cmd_sync_work+0x1a4/0x3c0
[  125.421122][ T5037]  process_one_work+0xaa2/0x16f0
[  125.426087][ T5037]  ? le_conn_timeout+0x240/0x240
[  125.431209][ T5037]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[  125.437087][ T5037]  ? spin_bug+0x1d0/0x1d0
[  125.441448][ T5037]  worker_thread+0x687/0x1110
[  125.446240][ T5037]  ? __kthread_parkme+0x152/0x220
[  125.451283][ T5037]  ? process_one_work+0x16f0/0x16f0
[  125.456684][ T5037]  kthread+0x33a/0x430
[  125.460932][ T5037]  ? kthread_complete_and_exit+0x40/0x40
[  125.466591][ T5037]  ret_from_fork+0x2c/0x70
[  125.471139][ T5037]  ? kthread_complete_and_exit+0x40/0x40
[  125.476796][ T5037]  ret_from_fork_asm+0x11/0x20
[  125.481615][ T5037]  </TASK>
[  125.484973][ T5037] Kernel Offset: disabled
[  125.489297][ T5037] Rebooting in 86400 seconds..