Warning: Permanently added '10.128.0.160' (ECDSA) to the list of known hosts.
1970/01/01 00:00:59 ignoring optional flag "sandboxArg"="0"
1970/01/01 00:00:59 parsed 1 programs
1970/01/01 00:01:00 executed programs: 0
[   60.088490][ T5545] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   60.090624][ T5545] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   60.092802][ T5545] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   60.095007][ T5545] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   60.097816][ T5545] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   60.169618][ T6328] chnl_net:caif_netlink_parms(): no params data found
[   60.197799][ T6328] bridge0: port 1(bridge_slave_0) entered blocking state
[   60.199381][ T6328] bridge0: port 1(bridge_slave_0) entered disabled state
[   60.201088][ T6328] bridge_slave_0: entered allmulticast mode
[   60.202968][ T6328] bridge_slave_0: entered promiscuous mode
[   60.206112][ T6328] bridge0: port 2(bridge_slave_1) entered blocking state
[   60.207919][ T6328] bridge0: port 2(bridge_slave_1) entered disabled state
[   60.209636][ T6328] bridge_slave_1: entered allmulticast mode
[   60.211544][ T6328] bridge_slave_1: entered promiscuous mode
[   60.223770][ T6328] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   60.227714][ T6328] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   60.240185][ T6328] team0: Port device team_slave_0 added
[   60.243322][ T6328] team0: Port device team_slave_1 added
[   60.254556][ T6328] batman_adv: batadv0: Adding interface: batadv_slave_0
[   60.256250][ T6328] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.262322][ T6328] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   60.266197][ T6328] batman_adv: batadv0: Adding interface: batadv_slave_1
[   60.267968][ T6328] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.274073][ T6328] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   60.346637][ T6328] hsr_slave_0: entered promiscuous mode
[   60.385334][ T6328] hsr_slave_1: entered promiscuous mode
[   61.121315][ T6328] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   61.163840][ T6328] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   61.216432][ T6328] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   61.247034][ T6328] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   61.321852][ T6328] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.327755][ T5552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   61.329817][ T5552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   61.334138][ T6328] 8021q: adding VLAN 0 to HW filter on device team0
[   61.339423][ T5552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   61.341844][ T5552] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   61.344091][ T5552] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.345983][ T5552] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.353872][ T5552] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   61.355920][ T5552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   61.358429][ T5552] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   61.360436][ T5552] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.362167][ T5552] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.364181][ T5552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   61.381686][ T6328] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   61.384078][ T6328] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   61.388410][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   61.390786][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   61.393371][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   61.396473][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   61.398719][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   61.401104][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   61.403429][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   61.407645][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   61.409940][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   61.413630][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   61.416038][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   61.502698][ T5988] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   61.504636][ T5988] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   61.509104][ T6328] 8021q: adding VLAN 0 to HW filter on device batadv0
[   61.518117][ T5988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   61.520405][ T5988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   61.534224][ T5988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   61.536435][ T5988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   61.539022][ T5988] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   61.541147][ T5988] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   61.545277][ T6328] veth0_vlan: entered promiscuous mode
[   61.553121][ T6328] veth1_vlan: entered promiscuous mode
[   61.564445][ T5988] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   61.566764][ T5988] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   61.568926][ T5988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   61.573543][ T5988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   61.577798][ T6328] veth0_macvtap: entered promiscuous mode
[   61.581975][ T6328] veth1_macvtap: entered promiscuous mode
[   61.591457][ T6328] batman_adv: batadv0: Interface activated: batadv_slave_0
[   61.593260][ T5988] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   61.595512][ T5988] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   61.597756][ T5988] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   61.600066][ T5988] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   61.605239][ T6328] batman_adv: batadv0: Interface activated: batadv_slave_1
[   61.608934][ T5988] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   61.611250][ T5988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   61.614076][ T6328] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   61.617475][ T6328] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   61.619590][ T6328] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   61.621634][ T6328] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   61.663452][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.667406][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.670944][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   61.679629][   T10] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.681730][   T10] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   61.684592][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   62.115588][ T5545] Bluetooth: hci0: command 0x0409 tx timeout
[   62.127159][ T6427] ==================================================================
[   62.129102][ T6427] BUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x720/0x7f4
[   62.130954][ T6427] Read of size 4 at addr ffff0000d257600c by task syz-executor.0/6427
[   62.132918][ T6427] 
[   62.133481][ T6427] CPU: 0 PID: 6427 Comm: syz-executor.0 Not tainted 6.4.0-rc2-syzkaller #0
[   62.135507][ T6427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   62.137927][ T6427] Call trace:
[   62.138740][ T6427]  dump_backtrace+0x1b8/0x1e4
[   62.139935][ T6427]  show_stack+0x2c/0x44
[   62.140946][ T6427]  dump_stack_lvl+0xd0/0x124
[   62.142078][ T6427]  print_report+0x174/0x514
[   62.143159][ T6427]  kasan_report+0xd4/0x130
[   62.144246][ T6427]  __asan_report_load4_noabort+0x20/0x2c
[   62.145623][ T6427]  gsm_cleanup_mux+0x720/0x7f4
[   62.146713][ T6427]  gsmld_ioctl+0x13bc/0x221c
[   62.147832][ T6427]  tty_ioctl+0x924/0xd8c
[   62.148885][ T6427]  __arm64_sys_ioctl+0x14c/0x1c8
[   62.150081][ T6427]  invoke_syscall+0x98/0x2c0
[   62.151226][ T6427]  el0_svc_common+0x138/0x258
[   62.152323][ T6427]  do_el0_svc+0x64/0x198
[   62.153352][ T6427]  el0_svc+0x4c/0x15c
[   62.154328][ T6427]  el0t_64_sync_handler+0x84/0xf0
[   62.155497][ T6427]  el0t_64_sync+0x190/0x194
[   62.156667][ T6427] 
[   62.157277][ T6427] Allocated by task 6418:
[   62.158400][ T6427]  kasan_set_track+0x4c/0x7c
[   62.159499][ T6427]  kasan_save_alloc_info+0x24/0x30
[   62.160810][ T6427]  __kasan_kmalloc+0xac/0xc4
[   62.161954][ T6427]  kmalloc_trace+0x70/0x88
[   62.163032][ T6427]  gsm_dlci_alloc+0x64/0x53c
[   62.164158][ T6427]  gsm_activate_mux+0x30/0x268
[   62.165327][ T6427]  gsmld_ioctl+0x162c/0x221c
[   62.166625][ T6427]  tty_ioctl+0x924/0xd8c
[   62.167657][ T6427]  __arm64_sys_ioctl+0x14c/0x1c8
[   62.168780][ T6427]  invoke_syscall+0x98/0x2c0
[   62.169812][ T6427]  el0_svc_common+0x138/0x258
[   62.171007][ T6427]  do_el0_svc+0x64/0x198
[   62.172043][ T6427]  el0_svc+0x4c/0x15c
[   62.173008][ T6427]  el0t_64_sync_handler+0x84/0xf0
[   62.174279][ T6427]  el0t_64_sync+0x190/0x194
[   62.175358][ T6427] 
[   62.175939][ T6427] Freed by task 6418:
[   62.176908][ T6427]  kasan_set_track+0x4c/0x7c
[   62.178035][ T6427]  kasan_save_free_info+0x38/0x5c
[   62.179296][ T6427]  ____kasan_slab_free+0x144/0x1c0
[   62.180515][ T6427]  __kasan_slab_free+0x18/0x28
[   62.181609][ T6427]  __kmem_cache_free+0x2a8/0x49c
[   62.182761][ T6427]  kfree+0xb8/0x19c
[   62.183654][ T6427]  gsm_dlci_free+0x11c/0x168
[   62.184759][ T6427]  tty_port_put+0xfc/0x190
[   62.185813][ T6427]  gsm_cleanup_mux+0x4ac/0x7f4
[   62.186963][ T6427]  gsmld_ioctl+0x13bc/0x221c
[   62.188121][ T6427]  tty_ioctl+0x924/0xd8c
[   62.189134][ T6427]  __arm64_sys_ioctl+0x14c/0x1c8
[   62.190286][ T6427]  invoke_syscall+0x98/0x2c0
[   62.191351][ T6427]  el0_svc_common+0x138/0x258
[   62.192552][ T6427]  do_el0_svc+0x64/0x198
[   62.193642][ T6427]  el0_svc+0x4c/0x15c
[   62.194584][ T6427]  el0t_64_sync_handler+0x84/0xf0
[   62.195820][ T6427]  el0t_64_sync+0x190/0x194
[   62.196944][ T6427] 
[   62.197502][ T6427] The buggy address belongs to the object at ffff0000d2576000
[   62.197502][ T6427]  which belongs to the cache kmalloc-2k of size 2048
[   62.200943][ T6427] The buggy address is located 12 bytes inside of
[   62.200943][ T6427]  freed 2048-byte region [ffff0000d2576000, ffff0000d2576800)
[   62.204412][ T6427] 
[   62.205021][ T6427] The buggy address belongs to the physical page:
[   62.206606][ T6427] page:00000000372e0d54 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112570
[   62.209101][ T6427] head:00000000372e0d54 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   62.211245][ T6427] anon flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   62.213287][ T6427] page_type: 0xffffffff()
[   62.214331][ T6427] raw: 05ffc00000010200 ffff0000c0002900 0000000000000000 dead000000000001
[   62.216504][ T6427] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[   62.218594][ T6427] page dumped because: kasan: bad access detected
[   62.220184][ T6427] 
[   62.220724][ T6427] Memory state around the buggy address:
[   62.222160][ T6427]  ffff0000d2575f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   62.224056][ T6427]  ffff0000d2575f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   62.226041][ T6427] >ffff0000d2576000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   62.228072][ T6427]                       ^
[   62.229079][ T6427]  ffff0000d2576080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   62.231137][ T6427]  ffff0000d2576100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   62.233101][ T6427] ==================================================================
[   62.241323][ T6427] Disabling lock debugging due to kernel taint
[   62.243036][ T6427] list_add corruption. prev is NULL.
[   62.244614][ T6427] ------------[ cut here ]------------
[   62.245920][ T6427] kernel BUG at lib/list_debug.c:24!
[   62.247253][ T6427] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
[   62.249091][ T6427] Modules linked in:
[   62.250067][ T6427] CPU: 0 PID: 6427 Comm: syz-executor.0 Tainted: G    B              6.4.0-rc2-syzkaller #0
[   62.252523][ T6427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[   62.255070][ T6427] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   62.256984][ T6427] pc : __list_add_valid+0xcc/0x110
[   62.258244][ T6427] lr : __list_add_valid+0xcc/0x110
[   62.259441][ T6427] sp : ffff80001e8577e0
[   62.260482][ T6427] x29: ffff80001e8577e0 x28: ffff0000d26b4914 x27: ffff0000d1448418
[   62.262343][ T6427] x26: ffff0000d1448410 x25: dfff800000000000 x24: 0000000000000000
[   62.264290][ T6427] x23: 0000000000000000 x22: ffff0000d14483c8 x21: ffff0000d26b4900
[   62.266153][ T6427] x20: 1fffe0001a289083 x19: ffff0000d1448000 x18: 1fffe00036844bbe
[   62.268109][ T6427] x17: 0000000000000000 x16: ffff80001243078c x15: 0000000000000002
[   62.270056][ T6427] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001
[   62.271979][ T6427] x11: 0000000000000001 x10: 0000000000000000 x9 : 2374aee343746100
[   62.273961][ T6427] x8 : 2374aee343746100 x7 : 0000000000000001 x6 : 0000000000000001
[   62.275965][ T6427] x5 : ffff80001e8570f8 x4 : ffff800015f8e880 x3 : ffff800008594020
[   62.277985][ T6427] x2 : 0000000000000001 x1 : 0000000100000001 x0 : 0000000000000022
[   62.279802][ T6427] Call trace:
[   62.280641][ T6427]  __list_add_valid+0xcc/0x110
[   62.281825][ T6427]  gsm_send+0x350/0x604
[   62.282899][ T6427]  gsm_cleanup_mux+0x1a0/0x7f4
[   62.284092][ T6427]  gsmld_ioctl+0x13bc/0x221c
[   62.285218][ T6427]  tty_ioctl+0x924/0xd8c
[   62.286208][ T6427]  __arm64_sys_ioctl+0x14c/0x1c8
[   62.287520][ T6427]  invoke_syscall+0x98/0x2c0
[   62.288639][ T6427]  el0_svc_common+0x138/0x258
[   62.289796][ T6427]  do_el0_svc+0x64/0x198
[   62.290806][ T6427]  el0_svc+0x4c/0x15c
[   62.291757][ T6427]  el0t_64_sync_handler+0x84/0xf0
[   62.292985][ T6427]  el0t_64_sync+0x190/0x194
[   62.294065][ T6427] Code: d4210000 9003fbe0 913a8000 95e4a8ac (d4210000) 
[   62.295557][ T6427] ---[ end trace 0000000000000000 ]---
[   62.667932][ T6427] Kernel panic - not syncing: Oops - BUG: Fatal exception
[   62.669844][ T6427] SMP: stopping secondary CPUs
[   62.671063][ T6427] Kernel Offset: disabled
[   62.672073][ T6427] CPU features: 0x000000,40e00804,64017203
[   62.673547][ T6427] Memory Limit: none
[   63.037623][ T6427] Rebooting in 86400 seconds..