Warning: Permanently added '10.128.0.32' (ED25519) to the list of known hosts. 2025/05/21 07:05:01 ignoring optional flag "sandboxArg"="0" 2025/05/21 07:05:02 parsed 1 programs [ 342.225786][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 342.232785][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 396.418270][ T6437] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 400.744947][ T5877] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 400.762120][ T5877] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 400.771434][ T5877] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 400.785546][ T5877] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 400.795772][ T5877] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 401.439226][ T3664] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 401.447537][ T3664] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 401.512485][ T3664] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 401.520973][ T3664] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 403.671537][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 403.678204][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 405.978988][ T6509] chnl_net:caif_netlink_parms(): no params data found [ 406.324015][ T6509] bridge0: port 1(bridge_slave_0) entered blocking state [ 406.334175][ T6509] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.342046][ T6509] bridge_slave_0: entered allmulticast mode [ 406.351260][ T6509] bridge_slave_0: entered promiscuous mode [ 406.364061][ T6509] bridge0: port 2(bridge_slave_1) entered blocking state [ 406.371795][ T6509] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.379232][ T6509] bridge_slave_1: entered allmulticast mode [ 406.389080][ T6509] bridge_slave_1: entered promiscuous mode [ 406.455958][ T6509] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 406.473332][ T6509] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 406.538532][ T6509] team0: Port device team_slave_0 added [ 406.553735][ T6509] team0: Port device team_slave_1 added [ 406.613724][ T6509] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 406.622250][ T6509] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 406.648764][ T6509] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 406.663824][ T6509] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 406.671279][ T6509] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 406.698160][ T6509] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 406.790608][ T6509] hsr_slave_0: entered promiscuous mode [ 406.798884][ T6509] hsr_slave_1: entered promiscuous mode [ 407.668446][ T6509] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 407.690481][ T6509] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 407.712438][ T6509] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 407.739283][ T6509] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 408.112448][ T6509] 8021q: adding VLAN 0 to HW filter on device bond0 [ 408.178383][ T6509] 8021q: adding VLAN 0 to HW filter on device team0 [ 408.212025][ T4344] bridge0: port 1(bridge_slave_0) entered blocking state [ 408.219849][ T4344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 408.268483][ T4344] bridge0: port 2(bridge_slave_1) entered blocking state [ 408.276371][ T4344] bridge0: port 2(bridge_slave_1) entered forwarding state [ 408.845718][ T6509] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 409.021272][ T6509] veth0_vlan: entered promiscuous mode [ 409.059583][ T6509] veth1_vlan: entered promiscuous mode [ 409.168767][ T6509] veth0_macvtap: entered promiscuous mode [ 409.198554][ T6509] veth1_macvtap: entered promiscuous mode [ 409.264239][ T6509] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 409.305348][ T6509] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 409.328520][ T6509] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.339334][ T6509] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.349968][ T6509] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.359147][ T6509] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.525279][ T2985] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.604109][ T2985] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.718557][ T2985] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.915798][ T2985] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.164254][ T2985] bridge_slave_1: left allmulticast mode [ 412.170308][ T2985] bridge_slave_1: left promiscuous mode [ 412.176851][ T2985] bridge0: port 2(bridge_slave_1) entered disabled state [ 412.192998][ T2985] bridge_slave_0: left allmulticast mode [ 412.198905][ T2985] bridge_slave_0: left promiscuous mode [ 412.206713][ T2985] bridge0: port 1(bridge_slave_0) entered disabled state 2025/05/21 07:06:19 executed programs: 0 [ 412.790635][ T2985] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 412.828284][ T2985] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 412.852813][ T2985] bond0 (unregistering): Released all slaves [ 413.046887][ T5877] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 413.060953][ T5877] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 413.078159][ T5877] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 413.102552][ T6622] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 413.123811][ T6622] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 413.134854][ T2985] hsr_slave_0: left promiscuous mode [ 413.153882][ T2985] hsr_slave_1: left promiscuous mode [ 413.162637][ T2985] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 413.170483][ T2985] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 413.230916][ T2985] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 413.238580][ T2985] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 413.270217][ T2985] veth1_macvtap: left promiscuous mode [ 413.276004][ T2985] veth0_macvtap: left promiscuous mode [ 413.282330][ T2985] veth1_vlan: left promiscuous mode [ 413.287918][ T2985] veth0_vlan: left promiscuous mode [ 413.898350][ T2985] team0 (unregistering): Port device team_slave_1 removed [ 413.970236][ T2985] team0 (unregistering): Port device team_slave_0 removed [ 415.050009][ T6620] chnl_net:caif_netlink_parms(): no params data found [ 415.281144][ T6622] Bluetooth: hci0: command tx timeout [ 415.601609][ T6620] bridge0: port 1(bridge_slave_0) entered blocking state [ 415.609155][ T6620] bridge0: port 1(bridge_slave_0) entered disabled state [ 415.618671][ T6620] bridge_slave_0: entered allmulticast mode [ 415.627915][ T6620] bridge_slave_0: entered promiscuous mode [ 415.645838][ T6620] bridge0: port 2(bridge_slave_1) entered blocking state [ 415.653682][ T6620] bridge0: port 2(bridge_slave_1) entered disabled state [ 415.663930][ T6620] bridge_slave_1: entered allmulticast mode [ 415.673318][ T6620] bridge_slave_1: entered promiscuous mode [ 415.771311][ T6620] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 415.794251][ T6620] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 415.884305][ T6620] team0: Port device team_slave_0 added [ 415.902001][ T6620] team0: Port device team_slave_1 added [ 415.988871][ T6620] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 415.996192][ T6620] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 416.022715][ T6620] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 416.043619][ T6620] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 416.050929][ T6620] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 416.077329][ T6620] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 416.200361][ T6620] hsr_slave_0: entered promiscuous mode [ 416.210166][ T6620] hsr_slave_1: entered promiscuous mode [ 416.971328][ T6620] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 416.992479][ T6620] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 417.014801][ T6620] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 417.037167][ T6620] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 417.332025][ T6622] Bluetooth: hci0: command tx timeout [ 417.417374][ T6620] 8021q: adding VLAN 0 to HW filter on device bond0 [ 417.486147][ T6620] 8021q: adding VLAN 0 to HW filter on device team0 [ 417.517898][ T2985] bridge0: port 1(bridge_slave_0) entered blocking state [ 417.525676][ T2985] bridge0: port 1(bridge_slave_0) entered forwarding state [ 417.572060][ T2985] bridge0: port 2(bridge_slave_1) entered blocking state [ 417.579762][ T2985] bridge0: port 2(bridge_slave_1) entered forwarding state [ 418.236453][ T6620] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 418.408251][ T6620] veth0_vlan: entered promiscuous mode [ 418.448571][ T6620] veth1_vlan: entered promiscuous mode [ 418.560136][ T6620] veth0_macvtap: entered promiscuous mode [ 418.582737][ T6620] veth1_macvtap: entered promiscuous mode [ 418.648529][ T6620] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 418.687607][ T6620] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 418.726104][ T6620] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.737015][ T6620] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.747979][ T6620] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.757283][ T6620] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 419.411448][ T6622] Bluetooth: hci0: command tx timeout [ 420.938997][ T2985] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 420.947201][ T2985] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 421.042053][ T2985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 421.050718][ T2985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2025/05/21 07:06:27 executed programs: 2 [ 421.326215][ T4344] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0xe6 [ 421.335542][ T4344] ===================================================== [ 421.343685][ T4344] BUG: KMSAN: use-after-free in nci_ntf_packet+0x2b0b/0x42b0 [ 421.352193][ T4344] nci_ntf_packet+0x2b0b/0x42b0 [ 421.357252][ T4344] nci_rx_work+0x403/0x750 [ 421.362861][ T4344] process_scheduled_works+0xb9a/0x1d90 [ 421.368619][ T4344] worker_thread+0xedf/0x1590 [ 421.373630][ T4344] kthread+0xd5c/0xf00 [ 421.377908][ T4344] ret_from_fork+0x71/0x90 [ 421.382756][ T4344] ret_from_fork_asm+0x1a/0x30 [ 421.387839][ T4344] [ 421.390421][ T4344] Uninit was created at: [ 421.394916][ T4344] kmem_cache_free+0x286/0xf00 [ 421.400074][ T4344] skb_release_data+0xe56/0x1110 [ 421.405243][ T4344] __kfree_skb+0x6b/0x260 [ 421.410012][ T4344] consume_skb+0x83/0x230 [ 421.414541][ T4344] skb_free_datagram+0x1e/0x30 [ 421.419718][ T4344] netlink_recvmsg+0xab9/0x1760 [ 421.424781][ T4344] sock_recvmsg+0x2dc/0x390 [ 421.429583][ T4344] ____sys_recvmsg+0x193/0x610 [ 421.434555][ T4344] ___sys_recvmsg+0x20b/0x850 [ 421.439644][ T4344] __x64_sys_recvmsg+0x20e/0x3d0 [ 421.444786][ T4344] x64_sys_call+0x11ff/0x3db0 [ 421.449840][ T4344] do_syscall_64+0xd9/0x1b0 [ 421.454561][ T4344] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.460848][ T4344] [ 421.463325][ T4344] CPU: 0 UID: 0 PID: 4344 Comm: kworker/u8:25 Not tainted 6.15.0-rc7-syzkaller-g4a95bc121ccd #0 PREEMPT(undef) [ 421.475684][ T4344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 421.486263][ T4344] Workqueue: nfc2_nci_rx_wq nci_rx_work [ 421.492312][ T4344] ===================================================== [ 421.500004][ T4344] Disabling lock debugging due to kernel taint [ 421.506296][ T4344] Kernel panic - not syncing: kmsan.panic set ... [ 421.512870][ T4344] CPU: 0 UID: 0 PID: 4344 Comm: kworker/u8:25 Tainted: G B 6.15.0-rc7-syzkaller-g4a95bc121ccd #0 PREEMPT(undef) [ 421.526658][ T4344] Tainted: [B]=BAD_PAGE [ 421.530936][ T4344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 421.541164][ T4344] Workqueue: nfc2_nci_rx_wq nci_rx_work [ 421.546981][ T4344] Call Trace: [ 421.550487][ T4344] [ 421.553542][ T4344] __dump_stack+0x26/0x30 [ 421.558086][ T4344] dump_stack_lvl+0x53/0x270 [ 421.562987][ T4344] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 421.569075][ T4344] dump_stack+0x1e/0x25 [ 421.573443][ T4344] panic+0x4bd/0xd50 [ 421.577599][ T4344] kmsan_report+0x29d/0x2a0 [ 421.582345][ T4344] ? kmsan_internal_chain_origin+0xb6/0xd0 [ 421.588477][ T4344] ? __msan_warning+0x96/0x120 [ 421.593461][ T4344] ? nci_ntf_packet+0x2b0b/0x42b0 [ 421.598777][ T4344] ? nci_rx_work+0x403/0x750 [ 421.603602][ T4344] ? process_scheduled_works+0xb9a/0x1d90 [ 421.609535][ T4344] ? worker_thread+0xedf/0x1590 [ 421.614628][ T4344] ? kthread+0xd5c/0xf00 [ 421.619204][ T4344] ? ret_from_fork+0x71/0x90 [ 421.624016][ T4344] ? ret_from_fork_asm+0x1a/0x30 [ 421.629357][ T4344] ? ret_from_fork_asm+0x1a/0x30 [ 421.634512][ T4344] ? vprintk_emit+0xab3/0xcd0 [ 421.639426][ T4344] ? vprintk_default+0x3f/0x50 [ 421.644452][ T4344] ? vprintk+0x36/0x50 [ 421.648712][ T4344] ? _printk+0x17e/0x1b0 [ 421.653207][ T4344] ? kmsan_get_metadata+0x105/0x1b0 [ 421.658660][ T4344] __msan_warning+0x96/0x120 [ 421.663479][ T4344] nci_ntf_packet+0x2b0b/0x42b0 [ 421.668543][ T4344] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 421.674856][ T4344] ? sk_skb_reason_drop+0x13f/0x440 [ 421.680443][ T4344] nci_rx_work+0x403/0x750 [ 421.685237][ T4344] ? __pfx_nci_rx_work+0x10/0x10 [ 421.690669][ T4344] process_scheduled_works+0xb9a/0x1d90 [ 421.696591][ T4344] worker_thread+0xedf/0x1590 [ 421.701529][ T4344] kthread+0xd5c/0xf00 [ 421.705822][ T4344] ? __pfx_worker_thread+0x10/0x10 [ 421.711453][ T4344] ? __pfx_kthread+0x10/0x10 [ 421.716378][ T4344] ret_from_fork+0x71/0x90 [ 421.721051][ T4344] ? __pfx_kthread+0x10/0x10 [ 421.725983][ T4344] ret_from_fork_asm+0x1a/0x30 [ 421.731117][ T4344] [ 421.734659][ T4344] Kernel Offset: disabled [ 421.739526][ T4344] Rebooting in 86400 seconds..