Warning: Permanently added '10.128.0.178' (ED25519) to the list of known hosts.
2023/11/19 17:36:18 ignoring optional flag "sandboxArg"="0"
2023/11/19 17:36:18 parsed 1 programs
2023/11/19 17:36:20 executed programs: 0
[ 93.067294][ T5406] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 93.120763][ T4454] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 93.129568][ T4454] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 93.138125][ T4454] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 93.146938][ T4454] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 93.155356][ T4454] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 93.163142][ T4454] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 93.284299][ T5413] chnl_net:caif_netlink_parms(): no params data found
[ 93.336085][ T5413] bridge0: port 1(bridge_slave_0) entered blocking state
[ 93.344865][ T5413] bridge0: port 1(bridge_slave_0) entered disabled state
[ 93.352724][ T5413] bridge_slave_0: entered allmulticast mode
[ 93.360055][ T5413] bridge_slave_0: entered promiscuous mode
[ 93.371763][ T5413] bridge0: port 2(bridge_slave_1) entered blocking state
[ 93.380116][ T5413] bridge0: port 2(bridge_slave_1) entered disabled state
[ 93.388431][ T5413] bridge_slave_1: entered allmulticast mode
[ 93.396074][ T5413] bridge_slave_1: entered promiscuous mode
[ 93.422806][ T5413] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 93.434640][ T5413] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 93.465948][ T5413] team0: Port device team_slave_0 added
[ 93.474927][ T5413] team0: Port device team_slave_1 added
[ 93.499418][ T5413] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 93.506729][ T5413] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 93.534031][ T5413] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 93.547132][ T5413] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 93.554803][ T5413] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 93.581771][ T5413] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 93.622004][ T5413] hsr_slave_0: entered promiscuous mode
[ 93.628415][ T5413] hsr_slave_1: entered promiscuous mode
[ 94.406631][ T5413] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 94.421237][ T5413] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 94.434577][ T5413] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 94.447330][ T5413] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 94.566433][ T5413] 8021q: adding VLAN 0 to HW filter on device bond0
[ 94.598222][ T5413] 8021q: adding VLAN 0 to HW filter on device team0
[ 94.616916][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 94.624259][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 94.644767][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state
[ 94.652449][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 94.898194][ T5413] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 94.963919][ T5413] veth0_vlan: entered promiscuous mode
[ 94.982743][ T5413] veth1_vlan: entered promiscuous mode
[ 95.027632][ T5413] veth0_macvtap: entered promiscuous mode
[ 95.042166][ T5413] veth1_macvtap: entered promiscuous mode
[ 95.075721][ T5413] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 95.096342][ T5413] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 95.115757][ T5413] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 95.125827][ T5413] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 95.137919][ T5413] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 95.147943][ T5413] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 95.211536][ T4454] Bluetooth: hci0: command 0x0409 tx timeout
[ 95.259802][ T2859] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 95.271760][ T2859] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 95.308965][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 95.318603][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 96.277156][ T5482] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-6)
[ 97.202604][ T5535] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-6)
[ 97.291387][ T4454] Bluetooth: hci0: command 0x041b tx timeout
[ 98.102294][ T5590] ==================================================================
[ 98.110586][ T5590] BUG: KASAN: slab-use-after-free in nfc_alloc_send_skb+0x189/0x1c0
[ 98.118691][ T5590] Read of size 4 at addr ffff8880283b4548 by task syz-executor.0/5590
[ 98.127118][ T5590]
[ 98.129537][ T5590] CPU: 1 PID: 5590 Comm: syz-executor.0 Not tainted 6.7.0-rc1-syzkaller-00344-g037266a5f723 #0
[ 98.140056][ T5590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 98.150130][ T5590] Call Trace:
[ 98.153594][ T5590]
[ 98.156627][ T5590] dump_stack_lvl+0x1e7/0x2d0
[ 98.161598][ T5590] ? nf_tcp_handle_invalid+0x650/0x650
[ 98.167169][ T5590] ? panic+0x850/0x850
[ 98.171271][ T5590] ? _printk+0xd5/0x120
[ 98.175452][ T5590] print_report+0x163/0x540
[ 98.180076][ T5590] ? __virt_addr_valid+0x22f/0x2e0
[ 98.185207][ T5590] ? __phys_addr+0xba/0x170
[ 98.189989][ T5590] ? nfc_alloc_send_skb+0x189/0x1c0
[ 98.195219][ T5590] kasan_report+0x142/0x170
[ 98.199752][ T5590] ? nfc_alloc_send_skb+0x189/0x1c0
[ 98.204973][ T5590] nfc_alloc_send_skb+0x189/0x1c0
[ 98.210026][ T5590] nfc_llcp_send_ui_frame+0x2ac/0x670
[ 98.215424][ T5590] ? nfc_llcp_send_i_frame+0x4f0/0x4f0
[ 98.220997][ T5590] ? llcp_sock_sendmsg+0x1fc/0x390
[ 98.226520][ T5590] ? nfc_llcp_getsockopt+0x560/0x560
[ 98.232008][ T5590] ____sys_sendmsg+0x592/0x890
[ 98.236889][ T5590] ? __sys_sendmsg_sock+0x30/0x30
[ 98.241938][ T5590] ? __fget_files+0x3fe/0x480
[ 98.246649][ T5590] __sys_sendmmsg+0x3b2/0x730
[ 98.251355][ T5590] ? __ia32_sys_sendmsg+0x90/0x90
[ 98.256434][ T5590] ? __might_sleep+0xe0/0xe0
[ 98.261684][ T5590] ? __might_fault+0xa5/0x120
[ 98.266399][ T5590] ? __lock_acquire+0x1fd0/0x1fd0
[ 98.271537][ T5590] ? __might_fault+0xa5/0x120
[ 98.276608][ T5590] ? print_irqtrace_events+0x220/0x220
[ 98.283057][ T5590] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 98.289259][ T5590] ? lockdep_hardirqs_on+0x98/0x140
[ 98.294863][ T5590] __x64_sys_sendmmsg+0xa0/0xb0
[ 98.299763][ T5590] do_syscall_64+0x45/0x110
[ 98.304832][ T5590] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 98.310934][ T5590] RIP: 0033:0x7f23e487cae9
[ 98.315635][ T5590] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 98.335871][ T5590] RSP: 002b:00007f23e55220c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 98.344392][ T5590] RAX: ffffffffffffffda RBX: 00007f23e499bf80 RCX: 00007f23e487cae9
[ 98.353083][ T5590] RDX: 0000000000000001 RSI: 00000000200013c0 RDI: 0000000000000004
[ 98.361836][ T5590] RBP: 00007f23e48c847a R08: 0000000000000000 R09: 0000000000000000
[ 98.370610][ T5590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 98.378602][ T5590] R13: 000000000000000b R14: 00007f23e499bf80 R15: 00007ffd3ae10418
[ 98.386685][ T5590]
[ 98.389721][ T5590]
[ 98.392061][ T5590] Allocated by task 5590:
[ 98.396579][ T5590] kasan_set_track+0x4f/0x70
[ 98.401628][ T5590] __kasan_kmalloc+0x98/0xb0
[ 98.406255][ T5590] nfc_allocate_device+0x12f/0x520
[ 98.411755][ T5590] nci_allocate_device+0x1e2/0x360
[ 98.417093][ T5590] virtual_ncidev_open+0x75/0x1b0
[ 98.422591][ T5590] misc_open+0x30b/0x380
[ 98.429470][ T5590] chrdev_open+0x5ab/0x630
[ 98.434338][ T5590] do_dentry_open+0x8ff/0x1590
[ 98.439218][ T5590] path_openat+0x2849/0x3290
[ 98.444360][ T5590] do_filp_open+0x234/0x490
[ 98.449501][ T5590] do_sys_openat2+0x13e/0x1d0
[ 98.454654][ T5590] __x64_sys_openat+0x247/0x290
[ 98.459806][ T5590] do_syscall_64+0x45/0x110
[ 98.464437][ T5590] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 98.470649][ T5590]
[ 98.473088][ T5590] Freed by task 5589:
[ 98.477085][ T5590] kasan_set_track+0x4f/0x70
[ 98.481799][ T5590] kasan_save_free_info+0x28/0x40
[ 98.487031][ T5590] ____kasan_slab_free+0xd6/0x120
[ 98.492087][ T5590] __kmem_cache_free+0x263/0x3a0
[ 98.497058][ T5590] device_release+0x95/0x1c0
[ 98.501861][ T5590] kobject_put+0x1f2/0x430
[ 98.506411][ T5590] nci_free_device+0x38/0x50
[ 98.511056][ T5590] virtual_ncidev_close+0x70/0x90
[ 98.517679][ T5590] __fput+0x3cc/0xa10
[ 98.521679][ T5590] __x64_sys_close+0x7e/0x100
[ 98.526470][ T5590] do_syscall_64+0x45/0x110
[ 98.531007][ T5590] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 98.536931][ T5590]
[ 98.539358][ T5590] The buggy address belongs to the object at ffff8880283b4000
[ 98.539358][ T5590] which belongs to the cache kmalloc-2k of size 2048
[ 98.554482][ T5590] The buggy address is located 1352 bytes inside of
[ 98.554482][ T5590] freed 2048-byte region [ffff8880283b4000, ffff8880283b4800)
[ 98.568835][ T5590]
[ 98.571172][ T5590] The buggy address belongs to the physical page:
[ 98.577861][ T5590] page:ffffea0000a0ec00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x283b0
[ 98.588383][ T5590] head:ffffea0000a0ec00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 98.597791][ T5590] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 98.605851][ T5590] page_type: 0xffffffff()
[ 98.610208][ T5590] raw: 00fff00000000840 ffff888012c42000 ffffea0000969000 0000000000000002
[ 98.619081][ T5590] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 98.627950][ T5590] page dumped because: kasan: bad access detected
[ 98.634561][ T5590] page_owner tracks the page as allocated
[ 98.640319][ T5590] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 2859, tgid 2859 (kworker/u4:9), ts 72663344822, free_ts 72542453008
[ 98.665184][ T5590] post_alloc_hook+0x1e6/0x210
[ 98.670657][ T5590] get_page_from_freelist+0x33ea/0x3570
[ 98.676442][ T5590] __alloc_pages+0x255/0x680
[ 98.681166][ T5590] alloc_pages_mpol+0x3de/0x640
[ 98.686112][ T5590] alloc_slab_page+0x6a/0x170
[ 98.691055][ T5590] new_slab+0x84/0x2f0
[ 98.695143][ T5590] ___slab_alloc+0xc8a/0x1330
[ 98.699968][ T5590] __kmem_cache_alloc_node+0x21d/0x300
[ 98.705905][ T5590] __kmalloc_node_track_caller+0xa0/0x190
[ 98.712429][ T5590] kmalloc_reserve+0xf3/0x260
[ 98.717204][ T5590] pskb_expand_head+0x202/0x1350
[ 98.722155][ T5590] netlink_trim+0x183/0x220
[ 98.726647][ T5590] netlink_broadcast_filtered+0x76/0x1280
[ 98.732461][ T5590] nlmsg_notify+0xfb/0x1b0
[ 98.737043][ T5590] dev_close_many+0x2db/0x4b0
[ 98.741802][ T5590] unregister_netdevice_many_notify+0x522/0x1730
[ 98.748661][ T5590] page last free stack trace:
[ 98.753549][ T5590] free_unref_page_prepare+0x931/0xa60
[ 98.759015][ T5590] free_unref_page+0x37/0x3f0
[ 98.763948][ T5590] __unfreeze_partials+0x1e0/0x220
[ 98.769055][ T5590] put_cpu_partial+0x17b/0x250
[ 98.773893][ T5590] __slab_free+0x2b6/0x390
[ 98.778945][ T5590] qlist_free_all+0x75/0xe0
[ 98.783444][ T5590] kasan_quarantine_reduce+0x14b/0x160
[ 98.788980][ T5590] __kasan_slab_alloc+0x23/0x70
[ 98.794032][ T5590] slab_post_alloc_hook+0x6c/0x3c0
[ 98.799137][ T5590] kmem_cache_alloc+0x19e/0x2b0
[ 98.803979][ T5590] getname_flags+0xbc/0x4f0
[ 98.808652][ T5590] __x64_sys_unlink+0x3c/0x50
[ 98.813407][ T5590] do_syscall_64+0x45/0x110
[ 98.818090][ T5590] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 98.824367][ T5590]
[ 98.826708][ T5590] Memory state around the buggy address:
[ 98.832948][ T5590] ffff8880283b4400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 98.841695][ T5590] ffff8880283b4480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 98.850210][ T5590] >ffff8880283b4500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 98.858373][ T5590] ^
[ 98.865057][ T5590] ffff8880283b4580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 98.873295][ T5590] ffff8880283b4600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 98.881430][ T5590] ==================================================================
[ 98.910288][ T5590] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 98.917939][ T5590] CPU: 0 PID: 5590 Comm: syz-executor.0 Not tainted 6.7.0-rc1-syzkaller-00344-g037266a5f723 #0
[ 98.929155][ T5590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
[ 98.939536][ T5590] Call Trace:
[ 98.942908][ T5590]
[ 98.946193][ T5590] dump_stack_lvl+0x1e7/0x2d0
[ 98.951063][ T5590] ? nf_tcp_handle_invalid+0x650/0x650
[ 98.956668][ T5590] ? panic+0x850/0x850
[ 98.960923][ T5590] ? lockdep_hardirqs_on_prepare+0x43c/0x780
[ 98.966909][ T5590] ? vscnprintf+0x5d/0x80
[ 98.971239][ T5590] panic+0x349/0x850
[ 98.975134][ T5590] ? check_panic_on_warn+0x21/0xa0
[ 98.981025][ T5590] ? __memcpy_flushcache+0x2b0/0x2b0
[ 98.986379][ T5590] ? _raw_spin_unlock_irqrestore+0x12c/0x140
[ 98.992671][ T5590] ? _raw_spin_unlock+0x40/0x40
[ 98.997531][ T5590] check_panic_on_warn+0x82/0xa0
[ 99.002467][ T5590] ? nfc_alloc_send_skb+0x189/0x1c0
[ 99.008218][ T5590] end_report+0x6e/0x140
[ 99.013031][ T5590] kasan_report+0x153/0x170
[ 99.017721][ T5590] ? nfc_alloc_send_skb+0x189/0x1c0
[ 99.023031][ T5590] nfc_alloc_send_skb+0x189/0x1c0
[ 99.028276][ T5590] nfc_llcp_send_ui_frame+0x2ac/0x670
[ 99.035400][ T5590] ? nfc_llcp_send_i_frame+0x4f0/0x4f0
[ 99.041350][ T5590] ? llcp_sock_sendmsg+0x1fc/0x390
[ 99.046936][ T5590] ? nfc_llcp_getsockopt+0x560/0x560
[ 99.053872][ T5590] ____sys_sendmsg+0x592/0x890
[ 99.058729][ T5590] ? __sys_sendmsg_sock+0x30/0x30
[ 99.064006][ T5590] ? __fget_files+0x3fe/0x480
[ 99.068700][ T5590] __sys_sendmmsg+0x3b2/0x730
[ 99.075375][ T5590] ? __ia32_sys_sendmsg+0x90/0x90
[ 99.080875][ T5590] ? __might_sleep+0xe0/0xe0
[ 99.085552][ T5590] ? __might_fault+0xa5/0x120
[ 99.090585][ T5590] ? __lock_acquire+0x1fd0/0x1fd0
[ 99.095725][ T5590] ? __might_fault+0xa5/0x120
[ 99.100438][ T5590] ? print_irqtrace_events+0x220/0x220
[ 99.106118][ T5590] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 99.112289][ T5590] ? lockdep_hardirqs_on+0x98/0x140
[ 99.118112][ T5590] __x64_sys_sendmmsg+0xa0/0xb0
[ 99.123103][ T5590] do_syscall_64+0x45/0x110
[ 99.127725][ T5590] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 99.134514][ T5590] RIP: 0033:0x7f23e487cae9
[ 99.138924][ T5590] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 99.159326][ T5590] RSP: 002b:00007f23e55220c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 99.168015][ T5590] RAX: ffffffffffffffda RBX: 00007f23e499bf80 RCX: 00007f23e487cae9
[ 99.176681][ T5590] RDX: 0000000000000001 RSI: 00000000200013c0 RDI: 0000000000000004
[ 99.184919][ T5590] RBP: 00007f23e48c847a R08: 0000000000000000 R09: 0000000000000000
[ 99.193063][ T5590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 99.201723][ T5590] R13: 000000000000000b R14: 00007f23e499bf80 R15: 00007ffd3ae10418
[ 99.209826][ T5590]
[ 99.213078][ T5590] Kernel Offset: disabled
[ 99.217445][ T5590] Rebooting in 86400 seconds..