Warning: Permanently added '10.128.10.54' (ECDSA) to the list of known hosts.
1970/01/01 00:00:54 ignoring optional flag "sandboxArg"="0"
1970/01/01 00:00:55 parsed 1 programs
1970/01/01 00:00:55 executed programs: 0
[   55.204035][   T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   55.206007][   T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   55.207800][   T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   55.213582][   T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   55.215366][   T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   55.216909][   T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   55.269278][ T4575] chnl_net:caif_netlink_parms(): no params data found
[   55.288644][ T4575] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.290503][ T4575] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.292233][ T4575] device bridge_slave_0 entered promiscuous mode
[   55.294561][ T4575] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.296070][ T4575] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.297840][ T4575] device bridge_slave_1 entered promiscuous mode
[   55.306347][ T4575] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.309312][ T4575] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.317552][ T4575] team0: Port device team_slave_0 added
[   55.319807][ T4575] team0: Port device team_slave_1 added
[   55.327459][ T4575] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.328979][ T4575] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.334073][ T4575] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.337384][ T4575] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.338715][ T4575] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.344279][ T4575] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.400356][ T4575] device hsr_slave_0 entered promiscuous mode
[   55.459060][ T4575] device hsr_slave_1 entered promiscuous mode
[   56.498142][ T4575] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   56.540012][ T4575] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   56.560592][ T4575] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   56.609873][ T4575] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   56.670176][ T4575] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.674817][ T3801] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.676571][ T3801] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.679488][ T4575] 8021q: adding VLAN 0 to HW filter on device team0
[   56.690033][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   56.691889][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   56.694265][ T1510] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.695955][ T1510] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.697442][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   56.700695][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   56.702459][ T1510] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.703877][ T1510] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.705550][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   56.707383][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   56.711869][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   56.713775][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   56.715503][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   56.717511][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   56.720244][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   56.722205][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   56.725974][ T4575] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   56.728281][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   56.734492][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   56.736429][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   56.738235][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   56.740400][ T4223] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   56.786195][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   56.787837][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   56.791859][ T4575] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.799281][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   56.801148][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   56.806431][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   56.808336][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   56.811673][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   56.813368][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   56.816481][ T4575] device veth0_vlan entered promiscuous mode
[   56.820589][ T4575] device veth1_vlan entered promiscuous mode
[   56.828063][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   56.830067][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   56.831773][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   56.833687][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   56.837414][ T4575] device veth0_macvtap entered promiscuous mode
[   56.840781][ T4575] device veth1_macvtap entered promiscuous mode
[   56.846809][ T4575] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.848435][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   56.850377][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   56.852136][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   56.854073][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   56.858292][ T4575] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.860970][ T4575] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.862634][ T4575] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.864375][ T4575] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.866128][ T4575] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.869740][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   56.871718][ T1510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   56.905235][   T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.906787][   T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.910452][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   56.919501][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.921077][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.923861][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   57.229351][ T4227] Bluetooth: hci0: command 0x0409 tx timeout
[   57.235193][ T4718] ==================================================================
[   57.236751][ T4718] BUG: KASAN: use-after-free in gsm_cleanup_mux+0x624/0x6e0
[   57.238238][ T4718] Read of size 4 at addr ffff0000c41f900c by task syz-executor.0/4718
[   57.239844][ T4718] 
[   57.240303][ T4718] CPU: 1 PID: 4718 Comm: syz-executor.0 Not tainted 6.1.35-syzkaller #0
[   57.241961][ T4718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   57.244026][ T4718] Call trace:
[   57.244704][ T4718]  dump_backtrace+0x100/0x150
[   57.245740][ T4718]  show_stack+0x18/0x24
[   57.246598][ T4718]  dump_stack_lvl+0x90/0xc8
[   57.247483][ T4718]  print_report+0x174/0x4c0
[   57.248372][ T4718]  kasan_report+0xd4/0x130
[   57.249251][ T4718]  __asan_report_load4_noabort+0x2c/0x38
[   57.250464][ T4718]  gsm_cleanup_mux+0x624/0x6e0
[   57.251416][ T4718]  gsmld_ioctl+0x758/0x159c
[   57.252250][ T4718]  tty_ioctl+0x56c/0x9b8
[   57.253076][ T4718]  __arm64_sys_ioctl+0x110/0x14c
[   57.254072][ T4718]  invoke_syscall+0x7c/0x258
[   57.255081][ T4718]  el0_svc_common+0x160/0x1e4
[   57.256008][ T4718]  do_el0_svc+0x54/0x178
[   57.256870][ T4718]  el0_svc+0x58/0x168
[   57.257702][ T4718]  el0t_64_sync_handler+0x84/0xf0
[   57.258719][ T4718]  el0t_64_sync+0x18c/0x190
[   57.259655][ T4718] 
[   57.260140][ T4718] Allocated by task 4713:
[   57.260971][ T4718]  kasan_set_track+0x4c/0x80
[   57.262010][ T4718]  kasan_save_alloc_info+0x24/0x30
[   57.263030][ T4718]  __kasan_kmalloc+0xac/0xc4
[   57.263960][ T4718]  kmalloc_trace+0x7c/0x94
[   57.264833][ T4718]  gsm_dlci_alloc+0x5c/0x30c
[   57.265735][ T4718]  gsm_activate_mux+0x28/0x208
[   57.266718][ T4718]  gsmld_ioctl+0x8c8/0x159c
[   57.267712][ T4718]  tty_ioctl+0x56c/0x9b8
[   57.268553][ T4718]  __arm64_sys_ioctl+0x110/0x14c
[   57.269591][ T4718]  invoke_syscall+0x7c/0x258
[   57.270444][ T4718]  el0_svc_common+0x160/0x1e4
[   57.271347][ T4718]  do_el0_svc+0x54/0x178
[   57.272169][ T4718]  el0_svc+0x58/0x168
[   57.272993][ T4718]  el0t_64_sync_handler+0x84/0xf0
[   57.274089][ T4718]  el0t_64_sync+0x18c/0x190
[   57.275016][ T4718] 
[   57.275440][ T4718] Freed by task 4713:
[   57.276272][ T4718]  kasan_set_track+0x4c/0x80
[   57.277210][ T4718]  kasan_save_free_info+0x38/0x5c
[   57.278288][ T4718]  ____kasan_slab_free+0x144/0x1c0
[   57.279314][ T4718]  __kasan_slab_free+0x18/0x28
[   57.280190][ T4718]  __kmem_cache_free+0x2c0/0x4b4
[   57.281102][ T4718]  kfree+0xcc/0x1b8
[   57.281906][ T4718]  gsm_dlci_free+0xec/0x134
[   57.282755][ T4718]  tty_port_put+0xe4/0x14c
[   57.283652][ T4718]  gsm_cleanup_mux+0x360/0x6e0
[   57.284617][ T4718]  gsmld_ioctl+0x758/0x159c
[   57.285556][ T4718]  tty_ioctl+0x56c/0x9b8
[   57.286416][ T4718]  __arm64_sys_ioctl+0x110/0x14c
[   57.287461][ T4718]  invoke_syscall+0x7c/0x258
[   57.288494][ T4718]  el0_svc_common+0x160/0x1e4
[   57.289492][ T4718]  do_el0_svc+0x54/0x178
[   57.290368][ T4718]  el0_svc+0x58/0x168
[   57.291222][ T4718]  el0t_64_sync_handler+0x84/0xf0
[   57.292259][ T4718]  el0t_64_sync+0x18c/0x190
[   57.293152][ T4718] 
[   57.293593][ T4718] The buggy address belongs to the object at ffff0000c41f9000
[   57.293593][ T4718]  which belongs to the cache kmalloc-2k of size 2048
[   57.296545][ T4718] The buggy address is located 12 bytes inside of
[   57.296545][ T4718]  2048-byte region [ffff0000c41f9000, ffff0000c41f9800)
[   57.299251][ T4718] 
[   57.299691][ T4718] The buggy address belongs to the physical page:
[   57.301036][ T4718] page:00000000ceb99fb8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041f8
[   57.303117][ T4718] head:00000000ceb99fb8 order:3 compound_mapcount:0 compound_pincount:0
[   57.304793][ T4718] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff)
[   57.306453][ T4718] raw: 05ffc00000010200 0000000000000000 dead000000000122 ffff0000c0002900
[   57.308156][ T4718] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[   57.309927][ T4718] page dumped because: kasan: bad access detected
[   57.311278][ T4718] 
[   57.311689][ T4718] Memory state around the buggy address:
[   57.312883][ T4718]  ffff0000c41f8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.314672][ T4718]  ffff0000c41f8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   57.316264][ T4718] >ffff0000c41f9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.317852][ T4718]                       ^
[   57.318741][ T4718]  ffff0000c41f9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.320466][ T4718]  ffff0000c41f9100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   57.322065][ T4718] ==================================================================
[   57.328414][ T4718] Disabling lock debugging due to kernel taint
[   57.330520][ T4718] list_add corruption. prev is NULL.
[   57.331656][ T4718] ------------[ cut here ]------------
[   57.332774][ T4718] kernel BUG at lib/list_debug.c:24!
[   57.333913][ T4718] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
[   57.335434][ T4718] Modules linked in:
[   57.336292][ T4718] CPU: 0 PID: 4718 Comm: syz-executor.0 Tainted: G    B              6.1.35-syzkaller #0
[   57.338393][ T4718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[   57.340451][ T4718] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   57.342032][ T4718] pc : __list_add_valid+0xcc/0x110
[   57.343086][ T4718] lr : __list_add_valid+0xcc/0x110
[   57.344260][ T4718] sp : ffff80001c4278a0
[   57.345121][ T4718] x29: ffff80001c4278a0 x28: 1fffe00018c1ca83 x27: ffff0000c60e5418
[   57.346813][ T4718] x26: ffff0000c60e5410 x25: dfff800000000000 x24: 0000000000000000
[   57.348384][ T4718] x23: 0000000000000000 x22: ffff0000c60e53c8 x21: ffff0000dc66c000
[   57.349629][ T4718] x20: ffff0000dc66c008 x19: ffff0000c60e5000 x18: ffffffffffffffff
[   57.350904][ T4718] x17: ffffffffffffffff x16: ffff800010e55424 x15: 0000000000000001
[   57.352188][ T4718] x14: 0000000000000000 x13: 0000000000000001 x12: 0000000000000001
[   57.353546][ T4718] x11: 0000000000000002 x10: 0000000000000000 x9 : c5940a29e5499000
[   57.355205][ T4718] x8 : c5940a29e5499000 x7 : 0000000000000001 x6 : 0000000000000001
[   57.356846][ T4718] x5 : ffff80001c427198 x4 : ffff80001432a5a0 x3 : ffff8000084d2368
[   57.358377][ T4718] x2 : 0000000000000001 x1 : 0000000000000004 x0 : 0000000000000022
[   57.360005][ T4718] Call trace:
[   57.360729][ T4718]  __list_add_valid+0xcc/0x110
[   57.361739][ T4718]  gsm_send+0x314/0x58c
[   57.362629][ T4718]  gsm_cleanup_mux+0x168/0x6e0
[   57.363607][ T4718]  gsmld_ioctl+0x758/0x159c
[   57.364495][ T4718]  tty_ioctl+0x56c/0x9b8
[   57.365475][ T4718]  __arm64_sys_ioctl+0x110/0x14c
[   57.366410][ T4718]  invoke_syscall+0x7c/0x258
[   57.367316][ T4718]  el0_svc_common+0x160/0x1e4
[   57.368247][ T4718]  do_el0_svc+0x54/0x178
[   57.369141][ T4718]  el0_svc+0x58/0x168
[   57.370030][ T4718]  el0t_64_sync_handler+0x84/0xf0
[   57.371036][ T4718]  el0t_64_sync+0x18c/0x190
[   57.371949][ T4718] Code: d4210000 f0037aa0 913e8000 95a45590 (d4210000) 
[   57.373313][ T4718] ---[ end trace 0000000000000000 ]---
[   57.576581][ T4718] Kernel panic - not syncing: Oops - BUG: Fatal exception
[   57.578071][ T4718] SMP: stopping secondary CPUs
[   57.579138][ T4718] Kernel Offset: disabled
[   57.580048][ T4718] CPU features: 0x00000,02070084,26017203
[   57.581232][ T4718] Memory Limit: none
[   57.782545][ T4718] Rebooting in 86400 seconds..