[ 81.841740][ T9] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.166' (ED25519) to the list of known hosts.
2023/11/09 14:28:54 ignoring optional flag "sandboxArg"="0"
2023/11/09 14:28:54 parsed 1 programs
2023/11/09 14:28:56 executed programs: 0
[ 85.664373][ T5404] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 85.718133][ T4453] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 85.726169][ T4453] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 85.734187][ T4453] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 85.742522][ T4453] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 85.750269][ T4453] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 85.757908][ T4453] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 85.870966][ T5411] chnl_net:caif_netlink_parms(): no params data found
[ 85.922602][ T5411] bridge0: port 1(bridge_slave_0) entered blocking state
[ 85.930061][ T5411] bridge0: port 1(bridge_slave_0) entered disabled state
[ 85.937506][ T5411] bridge_slave_0: entered allmulticast mode
[ 85.944553][ T5411] bridge_slave_0: entered promiscuous mode
[ 85.952503][ T5411] bridge0: port 2(bridge_slave_1) entered blocking state
[ 85.959684][ T5411] bridge0: port 2(bridge_slave_1) entered disabled state
[ 85.966822][ T5411] bridge_slave_1: entered allmulticast mode
[ 85.974229][ T5411] bridge_slave_1: entered promiscuous mode
[ 85.997950][ T5411] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 86.011128][ T5411] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 86.037146][ T5411] team0: Port device team_slave_0 added
[ 86.045035][ T5411] team0: Port device team_slave_1 added
[ 86.066279][ T5411] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 86.073385][ T5411] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 86.099641][ T5411] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 86.112426][ T5411] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 86.119782][ T5411] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 86.145727][ T5411] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 86.179926][ T5411] hsr_slave_0: entered promiscuous mode
[ 86.186080][ T5411] hsr_slave_1: entered promiscuous mode
[ 86.910266][ T5411] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 86.921626][ T5411] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 86.932434][ T5411] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 86.943327][ T5411] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 87.037968][ T5411] 8021q: adding VLAN 0 to HW filter on device bond0
[ 87.062979][ T5411] 8021q: adding VLAN 0 to HW filter on device team0
[ 87.083688][ T5073] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.091377][ T5073] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 87.104074][ T5073] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.112493][ T5073] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 87.315608][ T5411] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 87.372122][ T5411] veth0_vlan: entered promiscuous mode
[ 87.387838][ T5411] veth1_vlan: entered promiscuous mode
[ 87.429748][ T5411] veth0_macvtap: entered promiscuous mode
[ 87.442254][ T5411] veth1_macvtap: entered promiscuous mode
[ 87.466905][ T5411] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 87.484425][ T5411] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 87.498229][ T5411] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.509859][ T5411] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.521003][ T5411] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.531153][ T5411] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 87.618547][ T5070] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 87.636594][ T5070] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 87.662543][ T2472] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 87.671569][ T2472] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 87.839715][ T4453] Bluetooth: hci0: command 0x0409 tx timeout
[ 88.587003][ T5478] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-6)
[ 89.490060][ T5534] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-6)
[ 89.929213][ T4453] Bluetooth: hci0: command 0x041b tx timeout
[ 91.350633][ T5641] ==================================================================
[ 91.359099][ T5641] BUG: KASAN: slab-use-after-free in nfc_alloc_send_skb+0x189/0x1c0
[ 91.367458][ T5641] Read of size 4 at addr ffff888147670548 by task syz-executor.0/5641
[ 91.376077][ T5641]
[ 91.379743][ T5641] CPU: 0 PID: 5641 Comm: syz-executor.0 Not tainted 6.6.0-syzkaller-14263-gaea6bf908d73-dirty #0
[ 91.390548][ T5641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 91.402793][ T5641] Call Trace:
[ 91.406160][ T5641]
[ 91.409091][ T5641] dump_stack_lvl+0x1e7/0x2d0
[ 91.413889][ T5641] ? nf_tcp_handle_invalid+0x650/0x650
[ 91.419622][ T5641] ? panic+0x850/0x850
[ 91.423871][ T5641] ? _printk+0xd5/0x120
[ 91.428303][ T5641] print_report+0x163/0x540
[ 91.432902][ T5641] ? __virt_addr_valid+0x22f/0x2e0
[ 91.438014][ T5641] ? __phys_addr+0xba/0x170
[ 91.442686][ T5641] ? nfc_alloc_send_skb+0x189/0x1c0
[ 91.447876][ T5641] kasan_report+0x142/0x170
[ 91.452370][ T5641] ? nfc_alloc_send_skb+0x189/0x1c0
[ 91.457650][ T5641] nfc_alloc_send_skb+0x189/0x1c0
[ 91.463017][ T5641] nfc_llcp_send_ui_frame+0x2ac/0x670
[ 91.468424][ T5641] ? nfc_llcp_send_i_frame+0x4f0/0x4f0
[ 91.473903][ T5641] ? llcp_sock_sendmsg+0x1fc/0x390
[ 91.479097][ T5641] ? nfc_llcp_getsockopt+0x560/0x560
[ 91.484462][ T5641] ____sys_sendmsg+0x592/0x890
[ 91.489319][ T5641] ? __sys_sendmsg_sock+0x30/0x30
[ 91.494333][ T5641] ? __fget_files+0x3fe/0x480
[ 91.499187][ T5641] __sys_sendmmsg+0x3b2/0x730
[ 91.503861][ T5641] ? __ia32_sys_sendmsg+0x90/0x90
[ 91.508890][ T5641] ? __might_sleep+0xc0/0xc0
[ 91.513559][ T5641] ? __might_fault+0xa5/0x120
[ 91.518309][ T5641] ? __lock_acquire+0x7f70/0x7f70
[ 91.523501][ T5641] ? __might_fault+0xa5/0x120
[ 91.528174][ T5641] ? print_irqtrace_events+0x220/0x220
[ 91.533710][ T5641] ? syscall_enter_from_user_mode+0x32/0x230
[ 91.539685][ T5641] __x64_sys_sendmmsg+0xa0/0xb0
[ 91.544543][ T5641] do_syscall_64+0x44/0x110
[ 91.549058][ T5641] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 91.554945][ T5641] RIP: 0033:0x7fac8927cae9
[ 91.559352][ T5641] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 91.579290][ T5641] RSP: 002b:00007fac89f6c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 91.587957][ T5641] RAX: ffffffffffffffda RBX: 00007fac8939bf80 RCX: 00007fac8927cae9
[ 91.596094][ T5641] RDX: 0000000000000001 RSI: 00000000200013c0 RDI: 0000000000000004
[ 91.604313][ T5641] RBP: 00007fac892c847a R08: 0000000000000000 R09: 0000000000000000
[ 91.612272][ T5641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 91.620404][ T5641] R13: 000000000000000b R14: 00007fac8939bf80 R15: 00007ffd93790688
[ 91.628372][ T5641]
[ 91.631386][ T5641]
[ 91.633694][ T5641] Allocated by task 5641:
[ 91.638350][ T5641] kasan_set_track+0x4f/0x70
[ 91.643066][ T5641] __kasan_kmalloc+0x98/0xb0
[ 91.647647][ T5641] nfc_allocate_device+0x12f/0x520
[ 91.652749][ T5641] nci_allocate_device+0x1e2/0x360
[ 91.657931][ T5641] virtual_ncidev_open+0x75/0x1b0
[ 91.663034][ T5641] misc_open+0x30b/0x380
[ 91.667436][ T5641] chrdev_open+0x5ab/0x630
[ 91.671840][ T5641] do_dentry_open+0x8fd/0x1590
[ 91.676679][ T5641] path_openat+0x2845/0x3280
[ 91.681448][ T5641] do_filp_open+0x234/0x490
[ 91.686031][ T5641] do_sys_openat2+0x13e/0x1d0
[ 91.690791][ T5641] __x64_sys_openat+0x247/0x290
[ 91.695727][ T5641] do_syscall_64+0x44/0x110
[ 91.700218][ T5641] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 91.706447][ T5641]
[ 91.708938][ T5641] Freed by task 5640:
[ 91.713010][ T5641] kasan_set_track+0x4f/0x70
[ 91.717591][ T5641] kasan_save_free_info+0x28/0x40
[ 91.722869][ T5641] ____kasan_slab_free+0xd6/0x120
[ 91.727965][ T5641] __kmem_cache_free+0x263/0x3a0
[ 91.732982][ T5641] device_release+0x95/0x1c0
[ 91.737674][ T5641] kobject_put+0x1ee/0x430
[ 91.742186][ T5641] nci_free_device+0x38/0x50
[ 91.746777][ T5641] virtual_ncidev_close+0x70/0x90
[ 91.751810][ T5641] __fput+0x3cc/0xa10
[ 91.755806][ T5641] __se_sys_close+0x15f/0x220
[ 91.760492][ T5641] do_syscall_64+0x44/0x110
[ 91.765172][ T5641] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 91.771149][ T5641]
[ 91.773472][ T5641] Last potentially related work creation:
[ 91.779276][ T5641] kasan_save_stack+0x3f/0x60
[ 91.784117][ T5641] __kasan_record_aux_stack+0xad/0xc0
[ 91.789652][ T5641] call_rcu+0x167/0xa70
[ 91.793890][ T5641] netlink_release+0x162a/0x1b00
[ 91.799081][ T5641] sock_close+0xb8/0x230
[ 91.803579][ T5641] __fput+0x3cc/0xa10
[ 91.807727][ T5641] __se_sys_close+0x15f/0x220
[ 91.814565][ T5641] do_syscall_64+0x44/0x110
[ 91.819142][ T5641] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 91.825114][ T5641]
[ 91.827424][ T5641] Second to last potentially related work creation:
[ 91.834517][ T5641] kasan_save_stack+0x3f/0x60
[ 91.839187][ T5641] __kasan_record_aux_stack+0xad/0xc0
[ 91.846296][ T5641] call_rcu+0x167/0xa70
[ 91.850457][ T5641] netlink_release+0x162a/0x1b00
[ 91.855558][ T5641] sock_close+0xb8/0x230
[ 91.859878][ T5641] __fput+0x3cc/0xa10
[ 91.863852][ T5641] __se_sys_close+0x15f/0x220
[ 91.868520][ T5641] do_syscall_64+0x44/0x110
[ 91.873188][ T5641] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 91.879274][ T5641]
[ 91.882051][ T5641] The buggy address belongs to the object at ffff888147670000
[ 91.882051][ T5641] which belongs to the cache kmalloc-2k of size 2048
[ 91.896453][ T5641] The buggy address is located 1352 bytes inside of
[ 91.896453][ T5641] freed 2048-byte region [ffff888147670000, ffff888147670800)
[ 91.911273][ T5641]
[ 91.913673][ T5641] The buggy address belongs to the physical page:
[ 91.920175][ T5641] page:ffffea00051d9c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x147670
[ 91.930537][ T5641] head:ffffea00051d9c00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 91.939477][ T5641] anon flags: 0x57ff00000000840(slab|head|node=1|zone=2|lastcpupid=0x7ff)
[ 91.948407][ T5641] page_type: 0xffffffff()
[ 91.952899][ T5641] raw: 057ff00000000840 ffff888012c42000 0000000000000000 dead000000000001
[ 91.961562][ T5641] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[ 91.970218][ T5641] page dumped because: kasan: bad access detected
[ 91.976613][ T5641] page_owner tracks the page as allocated
[ 91.982403][ T5641] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 2879381771, free_ts 0
[ 92.003331][ T5641] post_alloc_hook+0x1e6/0x210
[ 92.008453][ T5641] get_page_from_freelist+0x339a/0x3530
[ 92.014431][ T5641] __alloc_pages+0x255/0x670
[ 92.019189][ T5641] alloc_pages_mpol+0x3de/0x640
[ 92.024032][ T5641] alloc_slab_page+0x6a/0x160
[ 92.028704][ T5641] new_slab+0x84/0x2f0
[ 92.032764][ T5641] ___slab_alloc+0xc85/0x1310
[ 92.037430][ T5641] __kmem_cache_alloc_node+0x21d/0x300
[ 92.042963][ T5641] kmalloc_trace+0x2a/0xe0
[ 92.047371][ T5641] acpi_ds_create_walk_state+0x103/0x2a0
[ 92.053129][ T5641] acpi_ps_execute_method+0x245/0x870
[ 92.058501][ T5641] acpi_ns_evaluate+0x5df/0xa40
[ 92.063341][ T5641] acpi_evaluate_object+0x59b/0xaf0
[ 92.068540][ T5641] acpi_evaluate_integer+0x11b/0x2f0
[ 92.073899][ T5641] acpi_bus_get_status+0x174/0x3a0
[ 92.079106][ T5641] acpi_add_single_object+0x35c/0x1d70
[ 92.084656][ T5641] page_owner free stack trace missing
[ 92.090304][ T5641]
[ 92.092625][ T5641] Memory state around the buggy address:
[ 92.098503][ T5641] ffff888147670400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 92.106728][ T5641] ffff888147670480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 92.114897][ T5641] >ffff888147670500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 92.123056][ T5641] ^
[ 92.129469][ T5641] ffff888147670580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 92.137550][ T5641] ffff888147670600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 92.145855][ T5641] ==================================================================
[ 92.159153][ T5641] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 92.166376][ T5641] CPU: 1 PID: 5641 Comm: syz-executor.0 Not tainted 6.6.0-syzkaller-14263-gaea6bf908d73-dirty #0
[ 92.177253][ T5641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[ 92.183065][ T4453] Bluetooth: hci0: command 0x040f tx timeout
[ 92.193384][ T5641] Call Trace:
[ 92.196672][ T5641]
[ 92.199806][ T5641] dump_stack_lvl+0x1e7/0x2d0
[ 92.204491][ T5641] ? nf_tcp_handle_invalid+0x650/0x650
[ 92.209961][ T5641] ? panic+0x850/0x850
[ 92.214020][ T5641] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0
[ 92.220083][ T5641] ? vscnprintf+0x5d/0x80
[ 92.224609][ T5641] panic+0x349/0x850
[ 92.228503][ T5641] ? check_panic_on_warn+0x21/0xa0
[ 92.233606][ T5641] ? __memcpy_flushcache+0x2b0/0x2b0
[ 92.238978][ T5641] ? _raw_spin_unlock_irqrestore+0x12c/0x140
[ 92.245045][ T5641] ? _raw_spin_unlock+0x40/0x40
[ 92.249892][ T5641] check_panic_on_warn+0x82/0xa0
[ 92.254843][ T5641] ? nfc_alloc_send_skb+0x189/0x1c0
[ 92.260050][ T5641] end_report+0x6e/0x130
[ 92.264308][ T5641] kasan_report+0x153/0x170
[ 92.269091][ T5641] ? nfc_alloc_send_skb+0x189/0x1c0
[ 92.274287][ T5641] nfc_alloc_send_skb+0x189/0x1c0
[ 92.279396][ T5641] nfc_llcp_send_ui_frame+0x2ac/0x670
[ 92.284854][ T5641] ? nfc_llcp_send_i_frame+0x4f0/0x4f0
[ 92.290322][ T5641] ? llcp_sock_sendmsg+0x1fc/0x390
[ 92.295522][ T5641] ? nfc_llcp_getsockopt+0x560/0x560
[ 92.300889][ T5641] ____sys_sendmsg+0x592/0x890
[ 92.305748][ T5641] ? __sys_sendmsg_sock+0x30/0x30
[ 92.310764][ T5641] ? __fget_files+0x3fe/0x480
[ 92.315443][ T5641] __sys_sendmmsg+0x3b2/0x730
[ 92.320121][ T5641] ? __ia32_sys_sendmsg+0x90/0x90
[ 92.325154][ T5641] ? __might_sleep+0xc0/0xc0
[ 92.329914][ T5641] ? __might_fault+0xa5/0x120
[ 92.334581][ T5641] ? __lock_acquire+0x7f70/0x7f70
[ 92.339606][ T5641] ? __might_fault+0xa5/0x120
[ 92.344397][ T5641] ? print_irqtrace_events+0x220/0x220
[ 92.349970][ T5641] ? syscall_enter_from_user_mode+0x32/0x230
[ 92.355958][ T5641] __x64_sys_sendmmsg+0xa0/0xb0
[ 92.361227][ T5641] do_syscall_64+0x44/0x110
[ 92.365764][ T5641] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 92.371845][ T5641] RIP: 0033:0x7fac8927cae9
[ 92.376264][ T5641] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 92.396138][ T5641] RSP: 002b:00007fac89f6c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 92.404774][ T5641] RAX: ffffffffffffffda RBX: 00007fac8939bf80 RCX: 00007fac8927cae9
[ 92.412768][ T5641] RDX: 0000000000000001 RSI: 00000000200013c0 RDI: 0000000000000004
[ 92.421268][ T5641] RBP: 00007fac892c847a R08: 0000000000000000 R09: 0000000000000000
[ 92.429232][ T5641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 92.437367][ T5641] R13: 000000000000000b R14: 00007fac8939bf80 R15: 00007ffd93790688
[ 92.445422][ T5641]
[ 92.448769][ T5641] Kernel Offset: disabled
[ 92.453075][ T5641] Rebooting in 86400 seconds..