Warning: Permanently added '10.128.10.57' (ED25519) to the list of known hosts.
2023/11/20 22:08:05 ignoring optional flag "sandboxArg"="0"
2023/11/20 22:08:05 parsed 1 programs
2023/11/20 22:08:08 executed programs: 0
[ 103.597021][ T5418] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 103.660325][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 103.669273][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 103.678152][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 103.686863][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 103.696300][ T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 103.704426][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 103.870233][ T5425] chnl_net:caif_netlink_parms(): no params data found
[ 103.946630][ T5425] bridge0: port 1(bridge_slave_0) entered blocking state
[ 103.954234][ T5425] bridge0: port 1(bridge_slave_0) entered disabled state
[ 103.961579][ T5425] bridge_slave_0: entered allmulticast mode
[ 103.969516][ T5425] bridge_slave_0: entered promiscuous mode
[ 103.979782][ T5425] bridge0: port 2(bridge_slave_1) entered blocking state
[ 103.987082][ T5425] bridge0: port 2(bridge_slave_1) entered disabled state
[ 103.995092][ T5425] bridge_slave_1: entered allmulticast mode
[ 104.002390][ T5425] bridge_slave_1: entered promiscuous mode
[ 104.038356][ T5425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 104.050534][ T5425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 104.086798][ T5425] team0: Port device team_slave_0 added
[ 104.095941][ T5425] team0: Port device team_slave_1 added
[ 104.126315][ T5425] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 104.133442][ T5425] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 104.159879][ T5425] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 104.172784][ T5425] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 104.180250][ T5425] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 104.207432][ T5425] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 104.254959][ T5425] hsr_slave_0: entered promiscuous mode
[ 104.262160][ T5425] hsr_slave_1: entered promiscuous mode
[ 105.045381][ T5425] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 105.060278][ T5425] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 105.074573][ T5425] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 105.089569][ T5425] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 105.230623][ T5425] 8021q: adding VLAN 0 to HW filter on device bond0
[ 105.265234][ T5425] 8021q: adding VLAN 0 to HW filter on device team0
[ 105.282759][ T27] bridge0: port 1(bridge_slave_0) entered blocking state
[ 105.290080][ T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 105.322675][ T27] bridge0: port 2(bridge_slave_1) entered blocking state
[ 105.329969][ T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 105.602886][ T5425] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 105.680017][ T5425] veth0_vlan: entered promiscuous mode
[ 105.701245][ T5425] veth1_vlan: entered promiscuous mode
[ 105.753240][ T5425] veth0_macvtap: entered promiscuous mode
[ 105.768987][ T5425] veth1_macvtap: entered promiscuous mode
[ 105.798600][ T50] Bluetooth: hci0: command 0x0409 tx timeout
[ 105.810566][ T5425] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 105.835131][ T5425] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 105.851452][ T5425] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 105.865406][ T5425] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 105.875752][ T5425] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 105.887023][ T5425] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 105.994439][ T1286] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.011384][ T1286] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 106.057595][ T1286] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 106.065647][ T1286] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 107.877416][ T50] Bluetooth: hci0: command 0x041b tx timeout
2023/11/20 22:08:13 executed programs: 3
[ 109.968618][ T4465] Bluetooth: hci0: command 0x040f tx timeout
[ 112.047608][ T4465] Bluetooth: hci0: command 0x0419 tx timeout
2023/11/20 22:08:18 executed programs: 9
[ 114.117260][ T50] Bluetooth: hci0: command 0x0405 tx timeout
[ 116.197467][ T50] Bluetooth: hci0: command 0x0405 tx timeout
[ 118.277314][ T4465] Bluetooth: hci0: command 0x0405 tx timeout
2023/11/20 22:08:23 executed programs: 15
[ 120.357060][ T4465] Bluetooth: hci0: command 0x0405 tx timeout
[ 122.437075][ T50] Bluetooth: hci0: command 0x0405 tx timeout
2023/11/20 22:08:28 executed programs: 21
[ 124.527402][ T5069] Bluetooth: hci0: command 0x0405 tx timeout
[ 126.597144][ T5069] Bluetooth: hci0: command 0x0405 tx timeout
[ 128.677296][ T5069] Bluetooth: hci0: command 0x0405 tx timeout
2023/11/20 22:08:33 executed programs: 27
[ 130.757475][ T50] Bluetooth: hci0: command 0x0405 tx timeout
[ 132.837976][ T5069] Bluetooth: hci0: command 0x0405 tx timeout
[ 133.481282][ T1234] ieee802154 phy0 wpan0: encryption failed: -22
[ 133.488213][ T1234] ieee802154 phy1 wpan1: encryption failed: -22
2023/11/20 22:08:39 executed programs: 33
[ 134.927092][ T5069] Bluetooth: hci0: command 0x0405 tx timeout
[ 136.997405][ T5069] Bluetooth: hci0: command 0x0405 tx timeout
[ 139.077786][ T5069] Bluetooth: hci0: command 0x0405 tx timeout
2023/11/20 22:08:44 executed programs: 40
[ 141.157136][ T50] Bluetooth: hci0: command 0x0405 tx timeout
[ 143.247065][ T5069] Bluetooth: hci0: command 0x0405 tx timeout
2023/11/20 22:08:49 executed programs: 46
[ 145.317288][ T5069] Bluetooth: hci0: command 0x0405 tx timeout
[ 146.278047][ T54] ==================================================================
[ 146.286254][ T54] BUG: KASAN: slab-use-after-free in sco_sock_timeout+0x68/0x2b0
[ 146.294080][ T54] Write of size 4 at addr ffff888023b09080 by task kworker/0:2/54
[ 146.302141][ T54]
[ 146.304461][ T54] CPU: 0 PID: 54 Comm: kworker/0:2 Not tainted 6.7.0-rc1-syzkaller-00274-g94c81c626689 #0
[ 146.314442][ T54] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 146.324512][ T54] Workqueue: events sco_sock_timeout
[ 146.329828][ T54] Call Trace:
[ 146.333111][ T54]
[ 146.336039][ T54] dump_stack_lvl+0xd9/0x1b0
[ 146.340659][ T54] print_report+0xc4/0x620
[ 146.345104][ T54] ? __virt_addr_valid+0x5e/0x2d0
[ 146.350435][ T54] ? __phys_addr+0xc6/0x140
[ 146.355039][ T54] kasan_report+0xda/0x110
[ 146.359503][ T54] ? sco_sock_timeout+0x68/0x2b0
[ 146.364521][ T54] ? sco_sock_timeout+0x68/0x2b0
[ 146.369488][ T54] kasan_check_range+0xef/0x190
[ 146.374387][ T54] sco_sock_timeout+0x68/0x2b0
[ 146.379203][ T54] process_one_work+0x886/0x15d0
[ 146.384264][ T54] ? lock_sync+0x190/0x190
[ 146.388789][ T54] ? workqueue_congested+0x300/0x300
[ 146.394092][ T54] ? assign_work+0x1a0/0x250
[ 146.398778][ T54] worker_thread+0x8b9/0x1290
[ 146.403470][ T54] ? __kthread_parkme+0x14b/0x220
[ 146.408501][ T54] ? process_one_work+0x15d0/0x15d0
[ 146.413733][ T54] kthread+0x2c6/0x3a0
[ 146.417825][ T54] ? _raw_spin_unlock_irq+0x23/0x50
[ 146.423053][ T54] ? kthread_complete_and_exit+0x40/0x40
[ 146.428868][ T54] ret_from_fork+0x45/0x80
[ 146.433291][ T54] ? kthread_complete_and_exit+0x40/0x40
[ 146.439044][ T54] ret_from_fork_asm+0x11/0x20
[ 146.443838][ T54]
[ 146.446850][ T54]
[ 146.449181][ T54] Allocated by task 5479:
[ 146.453598][ T54] kasan_save_stack+0x33/0x50
[ 146.458372][ T54] kasan_set_track+0x25/0x30
[ 146.463051][ T54] __kasan_kmalloc+0xa2/0xb0
[ 146.467731][ T54] __kmalloc+0x59/0x90
[ 146.471811][ T54] sk_prot_alloc+0x1a4/0x2a0
[ 146.476500][ T54] sk_alloc+0x36/0xb80
[ 146.480589][ T54] bt_sock_alloc+0x3b/0x3e0
[ 146.485105][ T54] sco_sock_create+0xe3/0x3b0
[ 146.489883][ T54] bt_sock_create+0x180/0x340
[ 146.494739][ T54] __sock_create+0x328/0x800
[ 146.499345][ T54] __sys_socket+0x14c/0x260
[ 146.503865][ T54] __x64_sys_socket+0x72/0xb0
[ 146.508551][ T54] do_syscall_64+0x40/0x110
[ 146.513065][ T54] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 146.519089][ T54]
[ 146.521409][ T54] The buggy address belongs to the object at ffff888023b09000
[ 146.521409][ T54] which belongs to the cache kmalloc-2k of size 2048
[ 146.535543][ T54] The buggy address is located 128 bytes inside of
[ 146.535543][ T54] freed 2048-byte region [ffff888023b09000, ffff888023b09800)
[ 146.549435][ T54]
[ 146.551764][ T54] The buggy address belongs to the physical page:
[ 146.558339][ T54] page:ffffea00008ec200 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888023b09000 pfn:0x23b08
[ 146.569878][ T54] head:ffffea00008ec200 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 146.578842][ T54] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 146.586901][ T54] page_type: 0xffffffff()
[ 146.591240][ T54] raw: 00fff00000000840 ffff888013042000 ffffea000056a410 ffffea0001e0a010
[ 146.600124][ T54] raw: ffff888023b09000 0000000000080001 00000001ffffffff 0000000000000000
[ 146.608871][ T54] page dumped because: kasan: bad access detected
[ 146.615684][ T54] page_owner tracks the page as allocated
[ 146.621386][ T54] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5078, tgid 5078 (kworker/0:4), ts 106110901744, free_ts 106110348934
[ 146.643703][ T54] post_alloc_hook+0x2d0/0x350
[ 146.648521][ T54] get_page_from_freelist+0xa25/0x36d0
[ 146.654167][ T54] __alloc_pages+0x22e/0x2420
[ 146.658860][ T54] alloc_pages_mpol+0x258/0x5f0
[ 146.663738][ T54] new_slab+0x283/0x3c0
[ 146.667893][ T54] ___slab_alloc+0x979/0x1500
[ 146.672761][ T54] __slab_alloc.constprop.0+0x56/0xa0
[ 146.678141][ T54] __kmem_cache_alloc_node+0x131/0x310
[ 146.683611][ T54] __kmalloc_node_track_caller+0x4a/0x90
[ 146.689338][ T54] kmalloc_reserve+0xef/0x260
[ 146.694108][ T54] __alloc_skb+0x12b/0x330
[ 146.698524][ T54] skb_copy+0x12c/0x2e0
[ 146.702774][ T54] mac80211_hwsim_tx_frame_no_nl.isra.0+0xb94/0x1300
[ 146.709490][ T54] mac80211_hwsim_tx+0x7a2/0x25d0
[ 146.714609][ T54] ieee80211_handle_wake_tx_queue+0x187/0x260
[ 146.720710][ T54] ieee80211_queue_skb+0x1299/0x1fb0
[ 146.726097][ T54] page last free stack trace:
[ 146.730845][ T54] free_unref_page_prepare+0x4fa/0xaa0
[ 146.736318][ T54] free_unref_page+0x33/0x3b0
[ 146.741088][ T54] __unfreeze_partials+0x226/0x240
[ 146.746302][ T54] qlist_free_all+0x6a/0x170
[ 146.750900][ T54] kasan_quarantine_reduce+0x18e/0x1d0
[ 146.756359][ T54] __kasan_slab_alloc+0x65/0x90
[ 146.761308][ T54] kmem_cache_alloc_node+0x180/0x330
[ 146.766597][ T54] __alloc_skb+0x287/0x330
[ 146.771017][ T54] alloc_skb_with_frags+0xe4/0x710
[ 146.776133][ T54] sock_alloc_send_pskb+0x7e4/0x970
[ 146.782117][ T54] mld_newpack.isra.0+0x1f3/0x790
[ 146.787147][ T54] add_grhead+0x295/0x340
[ 146.791484][ T54] add_grec+0x1120/0x1670
[ 146.795906][ T54] mld_ifc_work+0x41f/0xcd0
[ 146.800499][ T54] process_one_work+0x886/0x15d0
[ 146.805537][ T54] worker_thread+0x8b9/0x1290
[ 146.810226][ T54]
[ 146.812542][ T54] Memory state around the buggy address:
[ 146.818250][ T54] ffff888023b08f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 146.826404][ T54] ffff888023b09000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 146.834545][ T54] >ffff888023b09080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 146.842604][ T54] ^
[ 146.846668][ T54] ffff888023b09100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 146.854727][ T54] ffff888023b09180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 146.862876][ T54] ==================================================================
[ 146.871646][ T54] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 146.878860][ T54] CPU: 0 PID: 54 Comm: kworker/0:2 Not tainted 6.7.0-rc1-syzkaller-00274-g94c81c626689 #0
[ 146.888770][ T54] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 146.898834][ T54] Workqueue: events sco_sock_timeout
[ 146.904135][ T54] Call Trace:
[ 146.907410][ T54]
[ 146.910348][ T54] dump_stack_lvl+0xd9/0x1b0
[ 146.914942][ T54] panic+0x6dc/0x790
[ 146.919201][ T54] ? mark_held_locks+0x9f/0xe0
[ 146.923979][ T54] ? panic_smp_self_stop+0xa0/0xa0
[ 146.929102][ T54] ? irqentry_exit+0x3b/0x80
[ 146.933710][ T54] ? lockdep_hardirqs_on+0x7d/0x110
[ 146.938925][ T54] ? check_panic_on_warn+0x1f/0xb0
[ 146.944048][ T54] check_panic_on_warn+0xab/0xb0
[ 146.949011][ T54] end_report+0x108/0x150
[ 146.953351][ T54] kasan_report+0xea/0x110
[ 146.957780][ T54] ? sco_sock_timeout+0x68/0x2b0
[ 146.962809][ T54] ? sco_sock_timeout+0x68/0x2b0
[ 146.967873][ T54] kasan_check_range+0xef/0x190
[ 146.972724][ T54] sco_sock_timeout+0x68/0x2b0
[ 146.977493][ T54] process_one_work+0x886/0x15d0
[ 146.982532][ T54] ? lock_sync+0x190/0x190
[ 146.986959][ T54] ? workqueue_congested+0x300/0x300
[ 146.992262][ T54] ? assign_work+0x1a0/0x250
[ 146.996949][ T54] worker_thread+0x8b9/0x1290
[ 147.001639][ T54] ? __kthread_parkme+0x14b/0x220
[ 147.006772][ T54] ? process_one_work+0x15d0/0x15d0
[ 147.011978][ T54] kthread+0x2c6/0x3a0
[ 147.016049][ T54] ? _raw_spin_unlock_irq+0x23/0x50
[ 147.021605][ T54] ? kthread_complete_and_exit+0x40/0x40
[ 147.027291][ T54] ret_from_fork+0x45/0x80
[ 147.031709][ T54] ? kthread_complete_and_exit+0x40/0x40
[ 147.037433][ T54] ret_from_fork_asm+0x11/0x20
[ 147.042388][ T54]
[ 147.045634][ T54] Kernel Offset: disabled
[ 147.049947][ T54] Rebooting in 86400 seconds..