[ 81.841526][ T8] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.183' (ED25519) to the list of known hosts.
2024/01/05 00:36:38 ignoring optional flag "sandboxArg"="0"
2024/01/05 00:36:38 parsed 1 programs
2024/01/05 00:36:38 executed programs: 0
[ 84.465336][ T5062] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 84.473546][ T5062] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 84.481415][ T5062] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 84.489927][ T5062] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 84.497526][ T5062] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 84.504938][ T5062] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 84.620150][ T5410] chnl_net:caif_netlink_parms(): no params data found
[ 84.672585][ T5410] bridge0: port 1(bridge_slave_0) entered blocking state
[ 84.680107][ T5410] bridge0: port 1(bridge_slave_0) entered disabled state
[ 84.687523][ T5410] bridge_slave_0: entered allmulticast mode
[ 84.695175][ T5410] bridge_slave_0: entered promiscuous mode
[ 84.703391][ T5410] bridge0: port 2(bridge_slave_1) entered blocking state
[ 84.710787][ T5410] bridge0: port 2(bridge_slave_1) entered disabled state
[ 84.718273][ T5410] bridge_slave_1: entered allmulticast mode
[ 84.725356][ T5410] bridge_slave_1: entered promiscuous mode
[ 84.749308][ T5410] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 84.762024][ T5410] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 84.790185][ T5410] team0: Port device team_slave_0 added
[ 84.799159][ T5410] team0: Port device team_slave_1 added
[ 84.820978][ T5410] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 84.827950][ T5410] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 84.854646][ T5410] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 84.867255][ T5410] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 84.874439][ T5410] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 84.900949][ T5410] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 84.935764][ T5410] hsr_slave_0: entered promiscuous mode
[ 84.942618][ T5410] hsr_slave_1: entered promiscuous mode
[ 85.702284][ T5410] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 85.718642][ T5410] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 85.730725][ T5410] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 85.742344][ T5410] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 85.840574][ T5410] 8021q: adding VLAN 0 to HW filter on device bond0
[ 85.865796][ T5410] 8021q: adding VLAN 0 to HW filter on device team0
[ 85.881822][ T23] bridge0: port 1(bridge_slave_0) entered blocking state
[ 85.889019][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 85.916712][ T27] bridge0: port 2(bridge_slave_1) entered blocking state
[ 85.923938][ T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 86.134998][ T5410] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 86.191002][ T5410] veth0_vlan: entered promiscuous mode
[ 86.206871][ T5410] veth1_vlan: entered promiscuous mode
[ 86.251422][ T5410] veth0_macvtap: entered promiscuous mode
[ 86.266239][ T5410] veth1_macvtap: entered promiscuous mode
[ 86.292976][ T5410] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 86.314465][ T5410] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 86.333376][ T5410] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 86.343006][ T5410] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 86.355543][ T5410] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 86.365184][ T5410] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 86.453695][ T1051] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 86.472730][ T1051] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 86.505113][ T1051] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 86.516390][ T1051] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 86.559454][ T4456] Bluetooth: hci0: command 0x0409 tx timeout
[ 86.593406][ T5477] loop0: detected capacity change from 0 to 512
[ 86.602479][ T5477] EXT4-fs: Ignoring removed bh option
[ 86.613972][ T5477] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 86.641737][ T5477] EXT4-fs (loop0): 1 truncate cleaned up
[ 86.647534][ T5477] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 86.679203][ T5477] EXT4-fs error (device loop0): ext4_find_dest_de:2112: inode #12: block 7: comm syz-executor.0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0
[ 86.756982][ T5410] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 86.823460][ T5491] loop0: detected capacity change from 0 to 512
[ 86.834124][ T5491] EXT4-fs: Ignoring removed bh option
[ 86.841133][ T5491] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 86.866957][ T5491] EXT4-fs (loop0): 1 truncate cleaned up
[ 86.872886][ T5491] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 86.919102][ T5491] EXT4-fs error (device loop0): ext4_find_dest_de:2112: inode #12: block 7: comm syz-executor.0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0
[ 86.977379][ T5410] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 87.052428][ T5498] loop0: detected capacity change from 0 to 512
[ 87.060999][ T5498] EXT4-fs: Ignoring removed bh option
[ 87.067381][ T5498] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 87.083714][ T5498] EXT4-fs (loop0): 1 truncate cleaned up
[ 87.089920][ T5498] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 87.133333][ T5498] EXT4-fs error (device loop0): ext4_find_dest_de:2112: inode #12: block 7: comm syz-executor.0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0
[ 87.215830][ T5410] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 87.307429][ T5511] loop0: detected capacity change from 0 to 512
[ 87.317213][ T5511] EXT4-fs: Ignoring removed bh option
[ 87.323654][ T5511] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 87.338713][ T5511] EXT4-fs (loop0): 1 truncate cleaned up
[ 87.344510][ T5511] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 87.385484][ T5511] EXT4-fs error (device loop0): ext4_find_dest_de:2112: inode #12: block 7: comm syz-executor.0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0
[ 87.473542][ T5410] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 87.579236][ T5524] loop0: detected capacity change from 0 to 512
[ 87.590144][ T5524] EXT4-fs: Ignoring removed bh option
[ 87.596352][ T5524] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 87.615280][ T5524] EXT4-fs (loop0): 1 truncate cleaned up
[ 87.622735][ T5524] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 87.658867][ T5524] ==================================================================
[ 87.667061][ T5524] BUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1b0
[ 87.674634][ T5524] Read of size 1 at addr ffff8880709ed3ed by task syz-executor.0/5524
[ 87.682991][ T5524]
[ 87.685421][ T5524] CPU: 0 PID: 5524 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00055-g5eff55d725a4 #0
[ 87.696376][ T5524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 87.706465][ T5524] Call Trace:
[ 87.710024][ T5524]
[ 87.713054][ T5524] dump_stack_lvl+0x1e7/0x2d0
[ 87.717820][ T5524] ? nf_tcp_handle_invalid+0x650/0x650
[ 87.723304][ T5524] ? panic+0x850/0x850
[ 87.727476][ T5524] ? _printk+0xd5/0x120
[ 87.732020][ T5524] print_report+0x163/0x540
[ 87.736809][ T5524] ? __virt_addr_valid+0x22f/0x2e0
[ 87.742042][ T5524] ? __phys_addr+0xba/0x170
[ 87.746914][ T5524] ? ext4_search_dir+0xf2/0x1b0
[ 87.752131][ T5524] kasan_report+0x142/0x170
[ 87.756895][ T5524] ? ext4_search_dir+0xf2/0x1b0
[ 87.762308][ T5524] ext4_search_dir+0xf2/0x1b0
[ 87.767119][ T5524] ext4_find_inline_entry+0x4ba/0x5e0
[ 87.772644][ T5524] ? ext4_try_create_inline_dir+0x320/0x320
[ 87.778674][ T5524] ? tomoyo_path_number_perm+0x71a/0x870
[ 87.784333][ T5524] __ext4_find_entry+0x2b4/0x1b30
[ 87.789384][ T5524] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 87.794872][ T5524] ? ext4_ci_compare+0x660/0x660
[ 87.799837][ T5524] ? ext4_fname_prepare_lookup+0x3b9/0x4e0
[ 87.805754][ T5524] ? smk_tskacc+0x2ff/0x360
[ 87.810632][ T5524] ext4_lookup+0x17a/0x750
[ 87.815159][ T5524] ? smack_inode_rename+0x310/0x310
[ 87.820381][ T5524] ? ext4_add_entry+0x1000/0x1000
[ 87.825443][ T5524] ? generic_permission+0x1df/0x550
[ 87.830757][ T5524] ? bpf_lsm_inode_create+0x9/0x10
[ 87.835888][ T5524] ? security_inode_create+0xb8/0x100
[ 87.841277][ T5524] ? ext4_add_entry+0x1000/0x1000
[ 87.846331][ T5524] path_openat+0x1010/0x3290
[ 87.850954][ T5524] ? do_filp_open+0x490/0x490
[ 87.855659][ T5524] do_filp_open+0x234/0x490
[ 87.860191][ T5524] ? vfs_tmpfile+0x500/0x500
[ 87.865031][ T5524] ? _raw_spin_unlock+0x28/0x40
[ 87.869901][ T5524] ? alloc_fd+0x59c/0x640
[ 87.874260][ T5524] do_sys_openat2+0x13e/0x1d0
[ 87.878960][ T5524] ? do_sys_open+0x230/0x230
[ 87.883751][ T5524] ? xfd_validate_state+0x6e/0x150
[ 87.888911][ T5524] ? restore_fpregs_from_fpstate+0x100/0x250
[ 87.894911][ T5524] __x64_sys_open+0x225/0x270
[ 87.899616][ T5524] ? do_sys_openat2+0x1d0/0x1d0
[ 87.904490][ T5524] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 87.910924][ T5524] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 87.916936][ T5524] do_syscall_64+0x45/0x110
[ 87.921510][ T5524] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 87.927597][ T5524] RIP: 0033:0x7f1902e7c959
[ 87.932028][ T5524] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 87.952792][ T5524] RSP: 002b:00007f1903b360c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 87.961846][ T5524] RAX: ffffffffffffffda RBX: 00007f1902f9bf80 RCX: 00007f1902e7c959
[ 87.969841][ T5524] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100
[ 87.977915][ T5524] RBP: 00007f1902ed8c88 R08: 0000000000000000 R09: 0000000000000000
[ 87.986088][ T5524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 87.995647][ T5524] R13: 000000000000000b R14: 00007f1902f9bf80 R15: 00007fff6ff1af28
[ 88.003905][ T5524]
[ 88.006943][ T5524]
[ 88.009370][ T5524] The buggy address belongs to the physical page:
[ 88.015895][ T5524] page:ffffea0001c27b40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x709ed
[ 88.026241][ T5524] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 88.033503][ T5524] page_type: 0xffffffff()
[ 88.038228][ T5524] raw: 00fff00000000000 ffffea0001c27b88 ffffea0001c27b08 0000000000000000
[ 88.047014][ T5524] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 88.055782][ T5524] page dumped because: kasan: bad access detected
[ 88.062317][ T5524] page_owner tracks the page as freed
[ 88.067730][ T5524] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 5508, tgid 5508 (cmp), ts 87245304362, free_ts 87266262390
[ 88.084855][ T5524] post_alloc_hook+0x1e6/0x210
[ 88.089646][ T5524] get_page_from_freelist+0x33ea/0x3570
[ 88.095233][ T5524] __alloc_pages+0x255/0x680
[ 88.100298][ T5524] alloc_pages_mpol+0x3de/0x640
[ 88.105292][ T5524] vma_alloc_folio+0xf3/0x3f0
[ 88.110169][ T5524] handle_mm_fault+0x20ab/0x6680
[ 88.115415][ T5524] exc_page_fault+0x2ad/0x870
[ 88.120291][ T5524] asm_exc_page_fault+0x26/0x30
[ 88.125592][ T5524] page last free stack trace:
[ 88.130363][ T5524] free_unref_page_prepare+0x931/0xa60
[ 88.136019][ T5524] free_unref_page_list+0x5a0/0x840
[ 88.141331][ T5524] release_pages+0x2117/0x2400
[ 88.146117][ T5524] tlb_flush_mmu+0x34c/0x4e0
[ 88.150811][ T5524] tlb_finish_mmu+0xd4/0x1f0
[ 88.155596][ T5524] exit_mmap+0x4d3/0xc60
[ 88.159952][ T5524] __mmput+0x115/0x3c0
[ 88.164038][ T5524] exit_mm+0x21f/0x300
[ 88.168224][ T5524] do_exit+0x9af/0x2740
[ 88.172407][ T5524] do_group_exit+0x206/0x2c0
[ 88.177113][ T5524] __x64_sys_exit_group+0x3f/0x40
[ 88.182452][ T5524] do_syscall_64+0x45/0x110
[ 88.187161][ T5524] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 88.193258][ T5524]
[ 88.195681][ T5524] Memory state around the buggy address:
[ 88.201669][ T5524] ffff8880709ed280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 88.209834][ T5524] ffff8880709ed300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 88.218092][ T5524] >ffff8880709ed380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 88.226433][ T5524] ^
[ 88.233987][ T5524] ffff8880709ed400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 88.242069][ T5524] ffff8880709ed480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 88.250142][ T5524] ==================================================================
[ 88.270081][ T5524] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 88.277489][ T5524] CPU: 0 PID: 5524 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00055-g5eff55d725a4 #0
[ 88.288437][ T5524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 88.298604][ T5524] Call Trace:
[ 88.302074][ T5524]
[ 88.305028][ T5524] dump_stack_lvl+0x1e7/0x2d0
[ 88.310434][ T5524] ? nf_tcp_handle_invalid+0x650/0x650
[ 88.316109][ T5524] ? panic+0x850/0x850
[ 88.320320][ T5524] ? vscnprintf+0x5d/0x80
[ 88.324843][ T5524] panic+0x349/0x850
[ 88.328937][ T5524] ? check_panic_on_warn+0x21/0xa0
[ 88.334075][ T5524] ? __memcpy_flushcache+0x2b0/0x2b0
[ 88.339833][ T5524] ? _raw_spin_unlock_irqrestore+0x12c/0x140
[ 88.345929][ T5524] ? _raw_spin_unlock+0x40/0x40
[ 88.350893][ T5524] ? print_report+0x4fb/0x540
[ 88.355618][ T5524] check_panic_on_warn+0x82/0xa0
[ 88.360661][ T5524] ? ext4_search_dir+0xf2/0x1b0
[ 88.365623][ T5524] end_report+0x6e/0x140
[ 88.369884][ T5524] kasan_report+0x153/0x170
[ 88.374500][ T5524] ? ext4_search_dir+0xf2/0x1b0
[ 88.379385][ T5524] ext4_search_dir+0xf2/0x1b0
[ 88.384472][ T5524] ext4_find_inline_entry+0x4ba/0x5e0
[ 88.389848][ T5524] ? ext4_try_create_inline_dir+0x320/0x320
[ 88.395735][ T5524] ? tomoyo_path_number_perm+0x71a/0x870
[ 88.401401][ T5524] __ext4_find_entry+0x2b4/0x1b30
[ 88.406450][ T5524] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 88.411903][ T5524] ? ext4_ci_compare+0x660/0x660
[ 88.416830][ T5524] ? ext4_fname_prepare_lookup+0x3b9/0x4e0
[ 88.422801][ T5524] ? smk_tskacc+0x2ff/0x360
[ 88.427435][ T5524] ext4_lookup+0x17a/0x750
[ 88.431843][ T5524] ? smack_inode_rename+0x310/0x310
[ 88.437127][ T5524] ? ext4_add_entry+0x1000/0x1000
[ 88.442144][ T5524] ? generic_permission+0x1df/0x550
[ 88.447623][ T5524] ? bpf_lsm_inode_create+0x9/0x10
[ 88.452877][ T5524] ? security_inode_create+0xb8/0x100
[ 88.458447][ T5524] ? ext4_add_entry+0x1000/0x1000
[ 88.463521][ T5524] path_openat+0x1010/0x3290
[ 88.468166][ T5524] ? do_filp_open+0x490/0x490
[ 88.473010][ T5524] do_filp_open+0x234/0x490
[ 88.477498][ T5524] ? vfs_tmpfile+0x500/0x500
[ 88.482080][ T5524] ? _raw_spin_unlock+0x28/0x40
[ 88.486921][ T5524] ? alloc_fd+0x59c/0x640
[ 88.491244][ T5524] do_sys_openat2+0x13e/0x1d0
[ 88.495911][ T5524] ? do_sys_open+0x230/0x230
[ 88.500674][ T5524] ? xfd_validate_state+0x6e/0x150
[ 88.505963][ T5524] ? restore_fpregs_from_fpstate+0x100/0x250
[ 88.512110][ T5524] __x64_sys_open+0x225/0x270
[ 88.516779][ T5524] ? do_sys_openat2+0x1d0/0x1d0
[ 88.521620][ T5524] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 88.527761][ T5524] ? syscall_enter_from_user_mode+0xa4/0x2d0
[ 88.533726][ T5524] do_syscall_64+0x45/0x110
[ 88.538223][ T5524] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 88.544473][ T5524] RIP: 0033:0x7f1902e7c959
[ 88.548900][ T5524] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 88.568759][ T5524] RSP: 002b:00007f1903b360c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 88.577249][ T5524] RAX: ffffffffffffffda RBX: 00007f1902f9bf80 RCX: 00007f1902e7c959
[ 88.585207][ T5524] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100
[ 88.593250][ T5524] RBP: 00007f1902ed8c88 R08: 0000000000000000 R09: 0000000000000000
[ 88.601291][ T5524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 88.609249][ T5524] R13: 000000000000000b R14: 00007f1902f9bf80 R15: 00007fff6ff1af28
[ 88.617651][ T5524]
[ 88.620900][ T5524] Kernel Offset: disabled
[ 88.625452][ T5524] Rebooting in 86400 seconds..