Warning: Permanently added '10.128.1.145' (ED25519) to the list of known hosts.
2024/10/03 19:41:33 ignoring optional flag "sandboxArg"="0"
2024/10/03 19:41:33 ignoring optional flag "type"="gce"
2024/10/03 19:41:33 parsed 1 programs
2024/10/03 19:41:35 executed programs: 0
[   89.489664][ T5403] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   89.548863][ T5111] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   89.557174][ T5111] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   89.564854][ T5111] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   89.573328][ T5111] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   89.581375][ T5111] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   89.588741][ T5111] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   89.704656][ T5409] chnl_net:caif_netlink_parms(): no params data found
[   89.766231][ T5409] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.773507][ T5409] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.780916][ T5409] bridge_slave_0: entered allmulticast mode
[   89.788022][ T5409] bridge_slave_0: entered promiscuous mode
[   89.795809][ T5409] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.803052][ T5409] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.810282][ T5409] bridge_slave_1: entered allmulticast mode
[   89.817064][ T5409] bridge_slave_1: entered promiscuous mode
[   89.841424][ T5409] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.852704][ T5409] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.880703][ T5409] team0: Port device team_slave_0 added
[   89.888045][ T5409] team0: Port device team_slave_1 added
[   89.909533][ T5409] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.916520][ T5409] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.942923][ T5409] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.955564][ T5409] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.962551][ T5409] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.988490][ T5409] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.025103][ T5409] hsr_slave_0: entered promiscuous mode
[   90.031980][ T5409] hsr_slave_1: entered promiscuous mode
[   90.532221][ T5409] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   90.544602][ T5409] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   90.558027][ T5409] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   90.568967][ T5409] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   90.596730][ T5409] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.603985][ T5409] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.611460][ T5409] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.619266][ T5409] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.687209][ T5409] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.704946][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.715688][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.739406][ T5409] 8021q: adding VLAN 0 to HW filter on device team0
[   90.751671][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.758782][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.785278][   T61] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.792473][   T61] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.987435][ T5409] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.035881][ T5409] veth0_vlan: entered promiscuous mode
[   91.055475][ T5409] veth1_vlan: entered promiscuous mode
[   91.092223][ T5409] veth0_macvtap: entered promiscuous mode
[   91.103248][ T5409] veth1_macvtap: entered promiscuous mode
[   91.127261][ T5409] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.142146][ T5409] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.157835][ T5409] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.168471][ T5409] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.178811][ T5409] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.188525][ T5409] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.265198][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.286207][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.312024][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.322263][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.680632][ T5111] Bluetooth: hci0: command tx timeout
[   93.760262][ T5111] Bluetooth: hci0: command 0x041b tx timeout
2024/10/03 19:41:40 executed programs: 4
[   95.840446][ T5111] Bluetooth: hci0: command 0x041b tx timeout
[   97.919719][ T4492] Bluetooth: hci0: command 0x041b tx timeout
[   99.999687][ T4492] Bluetooth: hci0: command 0x041b tx timeout
2024/10/03 19:41:46 executed programs: 12
[  102.079612][ T5111] Bluetooth: hci0: command 0x041b tx timeout
2024/10/03 19:41:51 executed programs: 18
2024/10/03 19:41:56 executed programs: 25
2024/10/03 19:42:01 executed programs: 31
2024/10/03 19:42:06 executed programs: 37
2024/10/03 19:42:12 executed programs: 43
2024/10/03 19:42:17 executed programs: 49
[  131.601180][ T1808] ==================================================================
[  131.609310][ T1808] BUG: KASAN: slab-use-after-free in sco_sock_timeout+0x8b/0x270
[  131.617051][ T1808] Write of size 4 at addr ffff88802639a080 by task kworker/1:2/1808
[  131.625020][ T1808] 
[  131.627338][ T1808] CPU: 1 UID: 0 PID: 1808 Comm: kworker/1:2 Not tainted 6.12.0-rc1-syzkaller-00113-g8c245fe7dde3-dirty #0
[  131.638614][ T1808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  131.648667][ T1808] Workqueue: events sco_sock_timeout
[  131.653971][ T1808] Call Trace:
[  131.657244][ T1808]  <TASK>
[  131.660176][ T1808]  dump_stack_lvl+0x241/0x360
[  131.664876][ T1808]  ? __pfx_dump_stack_lvl+0x10/0x10
[  131.670078][ T1808]  ? __pfx__printk+0x10/0x10
[  131.674676][ T1808]  ? _printk+0xd5/0x120
[  131.678853][ T1808]  ? __virt_addr_valid+0x183/0x530
[  131.683983][ T1808]  ? srso_alias_return_thunk+0x5/0xfbef5
[  131.689641][ T1808]  print_report+0x169/0x550
[  131.694173][ T1808]  ? __virt_addr_valid+0x183/0x530
[  131.699299][ T1808]  ? srso_alias_return_thunk+0x5/0xfbef5
[  131.704935][ T1808]  ? __virt_addr_valid+0x45f/0x530
[  131.710048][ T1808]  ? srso_alias_return_thunk+0x5/0xfbef5
[  131.715686][ T1808]  ? __phys_addr+0xba/0x170
[  131.720195][ T1808]  ? sco_sock_timeout+0x8b/0x270
[  131.725160][ T1808]  kasan_report+0x143/0x180
[  131.729667][ T1808]  ? __pfx_lock_acquire+0x10/0x10
[  131.734705][ T1808]  ? sco_sock_timeout+0x8b/0x270
[  131.739686][ T1808]  kasan_check_range+0x282/0x290
[  131.744648][ T1808]  sco_sock_timeout+0x8b/0x270
[  131.749421][ T1808]  ? process_scheduled_works+0x976/0x1850
[  131.755159][ T1808]  process_scheduled_works+0xa65/0x1850
[  131.760752][ T1808]  ? __pfx_process_scheduled_works+0x10/0x10
[  131.766772][ T1808]  ? assign_work+0x364/0x3d0
[  131.771396][ T1808]  worker_thread+0x870/0xd30
[  131.775999][ T1808]  ? __kthread_parkme+0x169/0x1d0
[  131.781029][ T1808]  ? __pfx_worker_thread+0x10/0x10
[  131.786236][ T1808]  kthread+0x2f2/0x390
[  131.790310][ T1808]  ? __pfx_worker_thread+0x10/0x10
[  131.795447][ T1808]  ? __pfx_kthread+0x10/0x10
[  131.800046][ T1808]  ret_from_fork+0x4d/0x80
[  131.804486][ T1808]  ? __pfx_kthread+0x10/0x10
[  131.809071][ T1808]  ret_from_fork_asm+0x1a/0x30
[  131.813849][ T1808]  </TASK>
[  131.816862][ T1808] 
[  131.819175][ T1808] Allocated by task 25:
[  131.823315][ T1808]  kasan_save_track+0x3f/0x80
[  131.827990][ T1808]  __kasan_kmalloc+0x98/0xb0
[  131.832607][ T1808]  __kmalloc_node_track_caller_noprof+0x225/0x440
[  131.839047][ T1808]  kmalloc_reserve+0x111/0x2a0
[  131.843819][ T1808]  __alloc_skb+0x1f3/0x440
[  131.848235][ T1808]  nsim_dev_trap_report_work+0x254/0xaa0
[  131.853881][ T1808]  process_scheduled_works+0xa65/0x1850
[  131.859428][ T1808]  worker_thread+0x870/0xd30
[  131.864033][ T1808]  kthread+0x2f2/0x390
[  131.868274][ T1808]  ret_from_fork+0x4d/0x80
[  131.872700][ T1808]  ret_from_fork_asm+0x1a/0x30
[  131.877489][ T1808] 
[  131.879815][ T1808] Freed by task 25:
[  131.883615][ T1808]  kasan_save_track+0x3f/0x80
[  131.888296][ T1808]  kasan_save_free_info+0x40/0x50
[  131.893330][ T1808]  __kasan_slab_free+0x59/0x70
[  131.898097][ T1808]  kfree+0x1a0/0x440
[  131.901997][ T1808]  skb_release_data+0x6a0/0x8a0
[  131.906856][ T1808]  consume_skb+0x9f/0xf0
[  131.911101][ T1808]  nsim_dev_trap_report_work+0x765/0xaa0
[  131.916742][ T1808]  process_scheduled_works+0xa65/0x1850
[  131.922297][ T1808]  worker_thread+0x870/0xd30
[  131.926898][ T1808]  kthread+0x2f2/0x390
[  131.930968][ T1808]  ret_from_fork+0x4d/0x80
[  131.935395][ T1808]  ret_from_fork_asm+0x1a/0x30
[  131.940168][ T1808] 
[  131.942482][ T1808] The buggy address belongs to the object at ffff88802639a000
[  131.942482][ T1808]  which belongs to the cache kmalloc-4k of size 4096
[  131.956532][ T1808] The buggy address is located 128 bytes inside of
[  131.956532][ T1808]  freed 4096-byte region [ffff88802639a000, ffff88802639b000)
[  131.970416][ T1808] 
[  131.972730][ T1808] The buggy address belongs to the physical page:
[  131.979128][ T1808] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26398
[  131.987883][ T1808] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  131.996381][ T1808] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  132.003922][ T1808] page_type: f5(slab)
[  132.007904][ T1808] raw: 00fff00000000040 ffff888015442140 dead000000000122 0000000000000000
[  132.016487][ T1808] raw: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000
[  132.025074][ T1808] head: 00fff00000000040 ffff888015442140 dead000000000122 0000000000000000
[  132.033746][ T1808] head: 0000000000000000 0000000000040004 00000001f5000000 0000000000000000
[  132.042416][ T1808] head: 00fff00000000003 ffffea000098e601 ffffffffffffffff 0000000000000000
[  132.051086][ T1808] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  132.059771][ T1808] page dumped because: kasan: bad access detected
[  132.066180][ T1808] page_owner tracks the page as allocated
[  132.071884][ T1808] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5398, tgid 5398 (udevd), ts 123333990998, free_ts 123322335448
[  132.092033][ T1808]  post_alloc_hook+0x1f3/0x230
[  132.096814][ T1808]  get_page_from_freelist+0x3045/0x3190
[  132.102359][ T1808]  __alloc_pages_noprof+0x256/0x6c0
[  132.107555][ T1808]  alloc_pages_mpol_noprof+0x3e8/0x680
[  132.113019][ T1808]  alloc_slab_page+0x6a/0x120
[  132.117695][ T1808]  allocate_slab+0x5a/0x2f0
[  132.122196][ T1808]  ___slab_alloc+0xcd1/0x14b0
[  132.126868][ T1808]  __slab_alloc+0x58/0xa0
[  132.131193][ T1808]  __kmalloc_noprof+0x25a/0x400
[  132.136048][ T1808]  tomoyo_realpath_from_path+0xcf/0x5e0
[  132.141599][ T1808]  tomoyo_path2_perm+0x3eb/0xbb0
[  132.146536][ T1808]  tomoyo_path_rename+0x198/0x1e0
[  132.151561][ T1808]  security_path_rename+0x266/0x4e0
[  132.156765][ T1808]  do_renameat2+0x94a/0x13f0
[  132.161363][ T1808]  __x64_sys_rename+0x82/0x90
[  132.166045][ T1808]  do_syscall_64+0xf3/0x230
[  132.170552][ T1808] page last free pid 4548 tgid 4548 stack trace:
[  132.176869][ T1808]  free_unref_page+0xcfb/0xf20
[  132.181635][ T1808]  __slab_free+0x31b/0x3d0
[  132.186048][ T1808]  qlist_free_all+0x9a/0x140
[  132.190642][ T1808]  kasan_quarantine_reduce+0x14f/0x170
[  132.196099][ T1808]  __kasan_slab_alloc+0x23/0x80
[  132.200949][ T1808]  __kmalloc_noprof+0x1a6/0x400
[  132.205804][ T1808]  tomoyo_realpath_from_path+0xcf/0x5e0
[  132.211355][ T1808]  tomoyo_path_perm+0x2b7/0x740
[  132.216203][ T1808]  security_inode_getattr+0x130/0x330
[  132.221580][ T1808]  vfs_getattr+0x45/0x430
[  132.225920][ T1808]  vfs_fstatat+0xe4/0x190
[  132.230258][ T1808]  __x64_sys_newfstatat+0x11d/0x1a0
[  132.235451][ T1808]  do_syscall_64+0xf3/0x230
[  132.239961][ T1808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.245875][ T1808] 
[  132.248222][ T1808] Memory state around the buggy address:
[  132.253869][ T1808]  ffff888026399f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  132.261931][ T1808]  ffff88802639a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  132.269989][ T1808] >ffff88802639a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  132.278042][ T1808]                    ^
[  132.282101][ T1808]  ffff88802639a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  132.290158][ T1808]  ffff88802639a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  132.298208][ T1808] ==================================================================
[  132.306781][ T1808] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  132.313987][ T1808] CPU: 1 UID: 0 PID: 1808 Comm: kworker/1:2 Not tainted 6.12.0-rc1-syzkaller-00113-g8c245fe7dde3-dirty #0
[  132.325358][ T1808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  132.335414][ T1808] Workqueue: events sco_sock_timeout
[  132.340726][ T1808] Call Trace:
[  132.344000][ T1808]  <TASK>
[  132.347011][ T1808]  dump_stack_lvl+0x241/0x360
[  132.351704][ T1808]  ? __pfx_dump_stack_lvl+0x10/0x10
[  132.356911][ T1808]  ? __pfx__printk+0x10/0x10
[  132.361504][ T1808]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  132.367503][ T1808]  ? srso_alias_return_thunk+0x5/0xfbef5
[  132.373146][ T1808]  ? vscnprintf+0x5d/0x90
[  132.377488][ T1808]  panic+0x349/0x880
[  132.381825][ T1808]  ? check_panic_on_warn+0x21/0xb0
[  132.386945][ T1808]  ? __pfx_panic+0x10/0x10
[  132.391369][ T1808]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[  132.397273][ T1808]  ? srso_alias_return_thunk+0x5/0xfbef5
[  132.402920][ T1808]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  132.408829][ T1808]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  132.415178][ T1808]  check_panic_on_warn+0x86/0xb0
[  132.420124][ T1808]  ? sco_sock_timeout+0x8b/0x270
[  132.425075][ T1808]  end_report+0x77/0x160
[  132.429325][ T1808]  kasan_report+0x154/0x180
[  132.433833][ T1808]  ? __pfx_lock_acquire+0x10/0x10
[  132.438878][ T1808]  ? sco_sock_timeout+0x8b/0x270
[  132.443834][ T1808]  kasan_check_range+0x282/0x290
[  132.448785][ T1808]  sco_sock_timeout+0x8b/0x270
[  132.453565][ T1808]  ? process_scheduled_works+0x976/0x1850
[  132.459294][ T1808]  process_scheduled_works+0xa65/0x1850
[  132.464920][ T1808]  ? __pfx_process_scheduled_works+0x10/0x10
[  132.470916][ T1808]  ? assign_work+0x364/0x3d0
[  132.475517][ T1808]  worker_thread+0x870/0xd30
[  132.480127][ T1808]  ? __kthread_parkme+0x169/0x1d0
[  132.485164][ T1808]  ? __pfx_worker_thread+0x10/0x10
[  132.490284][ T1808]  kthread+0x2f2/0x390
[  132.494353][ T1808]  ? __pfx_worker_thread+0x10/0x10
[  132.499478][ T1808]  ? __pfx_kthread+0x10/0x10
[  132.504075][ T1808]  ret_from_fork+0x4d/0x80
[  132.508505][ T1808]  ? __pfx_kthread+0x10/0x10
[  132.513094][ T1808]  ret_from_fork_asm+0x1a/0x30
[  132.517879][ T1808]  </TASK>
[  132.521113][ T1808] Kernel Offset: disabled
[  132.525428][ T1808] Rebooting in 86400 seconds..