[ 82.200082][ T9] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.155' (ED25519) to the list of known hosts. 2024/01/02 16:20:08 ignoring optional flag "sandboxArg"="0" 2024/01/02 16:20:09 parsed 1 programs 2024/01/02 16:20:10 executed programs: 0 [ 86.038321][ T4585] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.089469][ T49] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.096754][ T49] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.103989][ T49] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.112695][ T49] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.120595][ T49] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 86.128030][ T49] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.254705][ T4592] chnl_net:caif_netlink_parms(): no params data found [ 88.195428][ T3547] Bluetooth: hci0: command 0x0409 tx timeout [ 88.229726][ T4592] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.242861][ T4592] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.255183][ T4592] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.268589][ T4592] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.431433][ T4592] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.829865][ T4592] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.275900][ T3547] Bluetooth: hci0: command 0x041b tx timeout [ 90.680169][ T4592] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.355386][ T3547] Bluetooth: hci0: command 0x040f tx timeout [ 94.437421][ T3547] Bluetooth: hci0: command 0x0419 tx timeout [ 94.482521][ T4592] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.491732][ T4592] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.502699][ T4592] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.511755][ T4592] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.110375][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.118585][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.159227][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.167522][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.243069][ T5146] ================================================================== [ 95.251204][ T5146] BUG: KASAN: slab-out-of-bounds in dsa_user_changeupper+0x61a/0x6e0 [ 95.259391][ T5146] Read of size 8 at addr ffff88807bdd6c90 by task syz-executor.0/5146 [ 95.267570][ T5146] [ 95.269934][ T5146] CPU: 1 PID: 5146 Comm: syz-executor.0 Not tainted 6.7.0-rc3-syzkaller #0 [ 95.278542][ T5146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 95.289154][ T5146] Call Trace: [ 95.292459][ T5146] [ 95.295402][ T5146] dump_stack_lvl+0x8e/0xf0 [ 95.300028][ T5146] print_report+0xc4/0x620 [ 95.305467][ T5146] ? __lock_acquire.constprop.0+0x486/0xf50 [ 95.311687][ T5146] ? __virt_addr_valid+0x1fb/0x2b0 [ 95.317372][ T5146] ? __phys_addr+0x9e/0x120 [ 95.322711][ T5146] kasan_report+0xda/0x110 [ 95.327892][ T5146] ? dsa_user_changeupper+0x61a/0x6e0 [ 95.334050][ T5146] ? dsa_user_changeupper+0x61a/0x6e0 [ 95.339876][ T5146] dsa_user_changeupper+0x61a/0x6e0 [ 95.345657][ T5146] ? tee_netdev_event+0x10c/0x460 [ 95.351304][ T5146] dsa_user_netdevice_event+0xd04/0x3480 [ 95.357159][ T5146] ? packet_notifier+0x173/0x780 [ 95.362228][ T5146] ? reacquire_held_locks+0x380/0x380 [ 95.368002][ T5146] ? dsa_user_change_conduit+0x7e0/0x7e0 [ 95.373850][ T5146] ? lock_acquire+0x12a/0x2b0 [ 95.378741][ T5146] ? br_device_event+0x1cc/0x8c0 [ 95.383893][ T5146] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 95.390397][ T5146] ? br_net_exit_batch+0x210/0x210 [ 95.395640][ T5146] ? packet_notifier+0x178/0x780 [ 95.400626][ T5146] ? mutex_is_locked+0x12/0x40 [ 95.405513][ T5146] notifier_call_chain+0xb6/0x330 [ 95.410766][ T5146] __netdev_upper_dev_link+0x562/0x8f0 [ 95.416527][ T5146] ? dev_set_mac_address_user+0x50/0x50 [ 95.422214][ T5146] ? nlmsg_notify+0x11e/0x220 [ 95.426940][ T5146] ? register_netdevice+0x154/0x1c30 [ 95.432694][ T5146] netdev_upper_dev_link+0x92/0xc0 [ 95.438021][ T5146] ? __netdev_upper_dev_link+0x8f0/0x8f0 [ 95.443872][ T5146] register_vlan_dev+0x246/0x590 [ 95.448939][ T5146] vlan_ioctl_handler+0x9e3/0xba0 [ 95.454173][ T5146] ? register_vlan_dev+0x590/0x590 [ 95.459322][ T5146] ? register_vlan_dev+0x590/0x590 [ 95.464465][ T5146] sock_ioctl+0x496/0x690 [ 95.468852][ T5146] ? br_ioctl_call+0xb0/0xb0 [ 95.473488][ T5146] ? bpf_lsm_file_ioctl+0x9/0x10 [ 95.478629][ T5146] ? br_ioctl_call+0xb0/0xb0 [ 95.483325][ T5146] __x64_sys_ioctl+0x18f/0x210 [ 95.488156][ T5146] do_syscall_64+0x40/0x110 [ 95.492790][ T5146] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 95.498734][ T5146] RIP: 0033:0x7fdc11e7cce9 [ 95.503175][ T5146] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 95.523332][ T5146] RSP: 002b:00007fdc12bc40c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 95.531774][ T5146] RAX: ffffffffffffffda RBX: 00007fdc11f9bf80 RCX: 00007fdc11e7cce9 [ 95.540039][ T5146] RDX: 0000000020000380 RSI: 0000000000008982 RDI: 0000000000000003 [ 95.548137][ T5146] RBP: 00007fdc11ec947a R08: 0000000000000000 R09: 0000000000000000 [ 95.556243][ T5146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 95.564672][ T5146] R13: 0000000000000006 R14: 00007fdc11f9bf80 R15: 00007ffd44e71b78 [ 95.572861][ T5146] [ 95.575909][ T5146] [ 95.578243][ T5146] Allocated by task 4592: [ 95.582576][ T5146] kasan_save_stack+0x33/0x50 [ 95.587377][ T5146] kasan_set_track+0x25/0x30 [ 95.591997][ T5146] __kasan_kmalloc+0xa2/0xb0 [ 95.596609][ T5146] __kmalloc_node+0x63/0x160 [ 95.601417][ T5146] kvmalloc_node+0x99/0x170 [ 95.605958][ T5146] alloc_netdev_mqs+0xb3/0x1290 [ 95.611281][ T5146] rtnl_create_link+0xbe0/0xf00 [ 95.616202][ T5146] __rtnl_newlink+0x1111/0x19e0 [ 95.621144][ T5146] rtnl_newlink+0x67/0xa0 [ 95.625529][ T5146] rtnetlink_rcv_msg+0x461/0xba0 [ 95.630611][ T5146] netlink_rcv_skb+0x16b/0x440 [ 95.635413][ T5146] netlink_unicast+0x683/0x930 [ 95.640333][ T5146] netlink_sendmsg+0x8ad/0xd50 [ 95.645128][ T5146] __sock_sendmsg+0xd5/0x180 [ 95.650120][ T5146] __sys_sendto+0x255/0x340 [ 95.654681][ T5146] __x64_sys_sendto+0xe0/0x1b0 [ 95.659479][ T5146] do_syscall_64+0x40/0x110 [ 95.664010][ T5146] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 95.670035][ T5146] [ 95.672549][ T5146] The buggy address belongs to the object at ffff88807bdd6000 [ 95.672549][ T5146] which belongs to the cache kmalloc-cg-4k of size 4096 [ 95.687053][ T5146] The buggy address is located 1 bytes to the right of [ 95.687053][ T5146] allocated 3215-byte region [ffff88807bdd6000, ffff88807bdd6c8f) [ 95.701752][ T5146] [ 95.704174][ T5146] The buggy address belongs to the physical page: [ 95.711287][ T5146] page:ffffea0001ef7400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7bdd0 [ 95.721647][ T5146] head:ffffea0001ef7400 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 95.730997][ T5146] memcg:ffff888019ea2701 [ 95.735345][ T5146] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 95.743427][ T5146] page_type: 0xffffffff() [ 95.747779][ T5146] raw: 00fff00000000840 ffff88800f84f500 dead000000000122 0000000000000000 [ 95.756486][ T5146] raw: 0000000000000000 0000000000040004 00000001ffffffff ffff888019ea2701 [ 95.765345][ T5146] page dumped because: kasan: bad access detected [ 95.772032][ T5146] page_owner tracks the page as allocated [ 95.777760][ T5146] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4592, tgid 4592 (syz-executor.0), ts 86229689396, free_ts 86209738623 [ 95.801246][ T5146] post_alloc_hook+0x27f/0x2f0 [ 95.806053][ T5146] get_page_from_freelist+0x10ca/0x36e0 [ 95.811658][ T5146] __alloc_pages+0x1d0/0x470 [ 95.816290][ T5146] alloc_pages_mpol+0x258/0x5e0 [ 95.821169][ T5146] allocate_slab+0x24b/0x360 [ 95.825890][ T5146] ___slab_alloc+0x8ce/0x10e0 [ 95.831029][ T5146] __slab_alloc.constprop.0+0x4d/0x90 [ 95.836431][ T5146] __kmem_cache_alloc_node+0x150/0x350 [ 95.842010][ T5146] __kmalloc_node_track_caller+0x50/0x160 [ 95.847764][ T5146] kmemdup+0x29/0x60 [ 95.851697][ T5146] __devinet_sysctl_register+0xbc/0x2a0 [ 95.857271][ T5146] devinet_sysctl_register+0x165/0x220 [ 95.862758][ T5146] inetdev_init+0x26e/0x500 [ 95.867384][ T5146] inetdev_event+0x1068/0x14c0 [ 95.872175][ T5146] notifier_call_chain+0xb6/0x330 [ 95.877246][ T5146] register_netdevice+0x15a5/0x1c30 [ 95.882465][ T5146] page last free stack trace: [ 95.887146][ T5146] free_unref_page_prepare+0x5b6/0xc60 [ 95.892634][ T5146] free_unref_page+0x33/0x350 [ 95.897349][ T5146] __unfreeze_partials+0x1f3/0x210 [ 95.902572][ T5146] qlist_free_all+0x6a/0x170 [ 95.907288][ T5146] kasan_quarantine_reduce+0x180/0x1b0 [ 95.912825][ T5146] __kasan_slab_alloc+0x65/0x90 [ 95.917706][ T5146] __kmem_cache_alloc_node+0x1bd/0x350 [ 95.923196][ T5146] kmalloc_trace+0x25/0xb0 [ 95.927663][ T5146] ref_tracker_alloc+0x129/0x510 [ 95.932637][ T5146] net_rx_queue_update_kobjects+0x27f/0x5e0 [ 95.938640][ T5146] netdev_register_kobject+0x269/0x3e0 [ 95.944393][ T5146] register_netdevice+0x10eb/0x1c30 [ 95.949627][ T5146] bond_newlink+0x48/0x90 [ 95.953988][ T5146] __rtnl_newlink+0x11fa/0x19e0 [ 95.958961][ T5146] rtnl_newlink+0x67/0xa0 [ 95.963413][ T5146] rtnetlink_rcv_msg+0x461/0xba0 [ 95.968382][ T5146] [ 95.970727][ T5146] Memory state around the buggy address: [ 95.978015][ T5146] ffff88807bdd6b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 95.986286][ T5146] ffff88807bdd6c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 95.994460][ T5146] >ffff88807bdd6c80: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 96.002714][ T5146] ^ [ 96.007402][ T5146] ffff88807bdd6d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 96.015838][ T5146] ffff88807bdd6d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 96.024123][ T5146] ================================================================== [ 96.052830][ T5146] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 96.060360][ T5146] Kernel Offset: disabled [ 96.064707][ T5146] Rebooting in 86400 seconds..