Warning: Permanently added '10.128.1.63' (ECDSA) to the list of known hosts.
[   71.141574][ T2928] cfg80211: failed to load regulatory.db
2022/08/30 07:00:55 ignoring optional flag "sandboxArg"="0"
2022/08/30 07:00:55 parsed 1 programs
2022/08/30 07:00:55 executed programs: 0
[   72.679552][ T5873] IPVS: ftp: loaded support on port[0] = 21
[   72.729336][ T5873] chnl_net:caif_netlink_parms(): no params data found
[   72.760720][ T5873] bridge0: port 1(bridge_slave_0) entered blocking state
[   72.767835][ T5873] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.776332][ T5873] device bridge_slave_0 entered promiscuous mode
[   72.785044][ T5873] bridge0: port 2(bridge_slave_1) entered blocking state
[   72.792371][ T5873] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.800346][ T5873] device bridge_slave_1 entered promiscuous mode
[   72.817033][ T5873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   72.828560][ T5873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   72.846808][ T5873] team0: Port device team_slave_0 added
[   72.854524][ T5873] team0: Port device team_slave_1 added
[   72.868171][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_0
[   72.875115][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   72.901370][ T5873] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   72.914330][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_1
[   72.921522][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   72.947733][ T5873] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   72.969308][ T5873] device hsr_slave_0 entered promiscuous mode
[   72.976419][ T5873] device hsr_slave_1 entered promiscuous mode
[   73.026081][ T5873] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.033339][ T5873] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.040783][ T5873] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.047829][ T5873] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.080682][ T5873] 8021q: adding VLAN 0 to HW filter on device bond0
[   73.092221][ T4750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   73.101122][ T4750] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.109882][ T4750] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.117379][ T4750] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[   73.129992][ T5873] 8021q: adding VLAN 0 to HW filter on device team0
[   73.140464][ T5431] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   73.149866][ T5431] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.157009][ T5431] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.180602][ T2928] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   73.189987][ T2928] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.197272][ T2928] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.205346][ T2928] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   73.215527][ T2928] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   73.225369][ T2928] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   73.233759][ T2928] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   73.243375][ T5873] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   73.251917][ T5431] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   73.267761][ T5873] 8021q: adding VLAN 0 to HW filter on device batadv0
[   73.275455][ T2928] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   73.283580][ T2928] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   73.368548][ T2928] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   73.377260][ T2928] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   73.386615][ T2928] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   73.394670][ T2928] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   73.403056][ T5873] device veth0_vlan entered promiscuous mode
[   73.413262][ T5873] device veth1_vlan entered promiscuous mode
[   73.429631][ T5431] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   73.437512][ T5431] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   73.446477][ T5431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   73.456396][ T5873] device veth0_macvtap entered promiscuous mode
[   73.466098][ T5873] device veth1_macvtap entered promiscuous mode
[   73.481403][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_0
[   73.489433][ T5431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   73.499130][ T5431] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   73.509459][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_1
[   73.520572][ T2928] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   73.562805][ T1286] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.570901][ T1286] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.581465][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   73.593725][  T674] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   73.602278][  T674] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   73.611230][   T19] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   73.667107][ T5887] ==================================================================
[   73.675302][ T5887] BUG: KASAN: use-after-free in ipvlan_queue_xmit+0x1322/0x16e0
[   73.682927][ T5887] Read of size 4 at addr ffff8880191be3ff by task syz-executor.0/5887
[   73.691068][ T5887] 
[   73.693375][ T5887] CPU: 1 PID: 5887 Comm: syz-executor.0 Not tainted 5.11.0-syzkaller #0
[   73.701673][ T5887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[   73.711721][ T5887] Call Trace:
[   73.714987][ T5887]  dump_stack+0x9a/0xcc
[   73.719132][ T5887]  ? ipvlan_queue_xmit+0x1322/0x16e0
[   73.724417][ T5887]  print_address_description.constprop.0.cold+0x5b/0x2f8
[   73.731422][ T5887]  ? ipvlan_queue_xmit+0x1322/0x16e0
[   73.736694][ T5887]  ? ipvlan_queue_xmit+0x1322/0x16e0
[   73.741965][ T5887]  kasan_report.cold+0x79/0xd5
[   73.746718][ T5887]  ? ipvlan_queue_xmit+0x1322/0x16e0
[   73.751980][ T5887]  ipvlan_queue_xmit+0x1322/0x16e0
[   73.757108][ T5887]  ? ipvlan_handle_mode_l3+0x120/0x120
[   73.762647][ T5887]  ? __alloc_skb+0x2e5/0x4e0
[   73.767249][ T5887]  ? skb_crc32c_csum_help+0x50/0x50
[   73.772523][ T5887]  ? alloc_skb_with_frags+0x73/0x540
[   73.777969][ T5887]  ? netif_skb_features+0x226/0x9c0
[   73.783170][ T5887]  ipvlan_start_xmit+0x40/0x160
[   73.788108][ T5887]  __dev_direct_xmit+0x472/0x670
[   73.793031][ T5887]  ? validate_xmit_skb_list+0x120/0x120
[   73.798654][ T5887]  ? netdev_pick_tx+0x432/0x8b0
[   73.803541][ T5887]  packet_direct_xmit+0x1a0/0x250
[   73.808549][ T5887]  packet_sendmsg+0x1e46/0x47c0
[   73.813405][ T5887]  ? save_trace+0x208/0x9f0
[   73.817947][ T5887]  ? aa_sk_perm+0x1b5/0x810
[   73.822429][ T5887]  ? packet_cached_dev_get+0x190/0x190
[   73.827870][ T5887]  ? aa_af_perm+0x210/0x210
[   73.832488][ T5887]  ? packet_cached_dev_get+0x190/0x190
[   73.837927][ T5887]  sock_sendmsg+0xab/0xe0
[   73.842261][ T5887]  __sys_sendto+0x1a4/0x270
[   73.846763][ T5887]  ? __ia32_sys_getpeername+0xa0/0xa0
[   73.852149][ T5887]  ? find_held_lock+0x2d/0x110
[   73.857186][ T5887]  ? lock_downgrade+0x6d0/0x6d0
[   73.862036][ T5887]  __x64_sys_sendto+0xd8/0x1b0
[   73.866785][ T5887]  ? lockdep_hardirqs_on+0x79/0x100
[   73.872399][ T5887]  ? syscall_enter_from_user_mode+0x27/0x70
[   73.878497][ T5887]  do_syscall_64+0x2d/0x40
[   73.883025][ T5887]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   73.888905][ T5887] RIP: 0033:0x7fe3bc7ef279
[   73.893360][ T5887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   73.913130][ T5887] RSP: 002b:00007fe3bbf64168 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   73.921629][ T5887] RAX: ffffffffffffffda RBX: 00007fe3bc901f80 RCX: 00007fe3bc7ef279
[   73.929585][ T5887] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[   73.937627][ T5887] RBP: 00007fe3bc849189 R08: 00000000200000c0 R09: 0000000000000014
[   73.945608][ T5887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   73.953651][ T5887] R13: 00007ffe6afd5b3f R14: 00007fe3bbf64300 R15: 0000000000022000
[   73.961615][ T5887] 
[   73.963933][ T5887] Allocated by task 5682:
[   73.968348][ T5887]  kasan_save_stack+0x1b/0x40
[   73.973041][ T5887]  ____kasan_kmalloc.constprop.0+0x82/0xa0
[   73.979013][ T5887]  tomoyo_realpath_from_path+0xb0/0x6a0
[   73.984563][ T5887]  tomoyo_check_open_permission+0x21c/0x2c0
[   73.990426][ T5887]  security_file_open+0x43/0x400
[   73.995337][ T5887]  do_dentry_open+0x30d/0xfb0
[   73.999990][ T5887]  path_openat+0x129c/0x2190
[   74.004558][ T5887]  do_filp_open+0x16d/0x390
[   74.009034][ T5887]  do_sys_openat2+0x11e/0x360
[   74.013679][ T5887]  __x64_sys_openat+0x11b/0x1d0
[   74.018502][ T5887]  do_syscall_64+0x2d/0x40
[   74.022907][ T5887]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   74.028775][ T5887] 
[   74.031074][ T5887] Freed by task 5682:
[   74.035021][ T5887]  kasan_save_stack+0x1b/0x40
[   74.039669][ T5887]  kasan_set_track+0x1c/0x30
[   74.044229][ T5887]  kasan_set_free_info+0x20/0x30
[   74.049282][ T5887]  ____kasan_slab_free+0xe1/0x110
[   74.054371][ T5887]  slab_free_freelist_hook+0x5d/0x150
[   74.059724][ T5887]  kfree+0xdb/0x3b0
[   74.063513][ T5887]  tomoyo_realpath_from_path+0x14b/0x6a0
[   74.069120][ T5887]  tomoyo_check_open_permission+0x21c/0x2c0
[   74.074994][ T5887]  security_file_open+0x43/0x400
[   74.080029][ T5887]  do_dentry_open+0x30d/0xfb0
[   74.084688][ T5887]  path_openat+0x129c/0x2190
[   74.089342][ T5887]  do_filp_open+0x16d/0x390
[   74.093960][ T5887]  do_sys_openat2+0x11e/0x360
[   74.098614][ T5887]  __x64_sys_openat+0x11b/0x1d0
[   74.103455][ T5887]  do_syscall_64+0x2d/0x40
[   74.107868][ T5887]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   74.114001][ T5887] 
[   74.116331][ T5887] The buggy address belongs to the object at ffff8880191be000
[   74.116331][ T5887]  which belongs to the cache kmalloc-4k of size 4096
[   74.130363][ T5887] The buggy address is located 1023 bytes inside of
[   74.130363][ T5887]  4096-byte region [ffff8880191be000, ffff8880191bf000)
[   74.144162][ T5887] The buggy address belongs to the page:
[   74.149799][ T5887] page:00000000ec32e922 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x191b8
[   74.160009][ T5887] head:00000000ec32e922 order:3 compound_mapcount:0 compound_pincount:0
[   74.168396][ T5887] flags: 0xfff00000010200(slab|head)
[   74.173655][ T5887] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff88800f442140
[   74.182304][ T5887] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[   74.190942][ T5887] page dumped because: kasan: bad access detected
[   74.197338][ T5887] page_owner tracks the page as allocated
[   74.203042][ T5887] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5002, ts 20250462650
[   74.219600][ T5887]  post_alloc_hook+0x144/0x1c0
[   74.224350][ T5887]  get_page_from_freelist+0x1c6e/0x3f80
[   74.229877][ T5887]  __alloc_pages_nodemask+0x2d6/0x730
[   74.235226][ T5887]  allocate_slab+0x2b6/0x4a0
[   74.239796][ T5887]  ___slab_alloc+0x476/0x790
[   74.244364][ T5887]  __slab_alloc.constprop.0+0x95/0xe0
[   74.249822][ T5887]  kmem_cache_alloc_trace+0x2cc/0x360
[   74.255260][ T5887]  tomoyo_find_next_domain+0x112/0x1c40
[   74.260789][ T5887]  tomoyo_bprm_check_security+0xfb/0x170
[   74.266415][ T5887]  security_bprm_check+0x34/0x70
[   74.271335][ T5887]  bprm_execve+0x5ec/0x1520
[   74.275929][ T5887]  do_execveat_common+0x558/0x740
[   74.281019][ T5887]  __x64_sys_execve+0x8a/0xb0
[   74.285678][ T5887]  do_syscall_64+0x2d/0x40
[   74.290205][ T5887]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   74.296356][ T5887] page last free stack trace:
[   74.301013][ T5887]  __free_pages_ok+0x4da/0xed0
[   74.305766][ T5887]  unfreeze_partials+0x16c/0x1b0
[   74.310682][ T5887]  put_cpu_partial+0x129/0x200
[   74.315430][ T5887]  qlist_free_all+0x5a/0xc0
[   74.319911][ T5887]  quarantine_reduce+0x180/0x200
[   74.325060][ T5887]  __kasan_kmalloc_large+0x8f/0xa0
[   74.330152][ T5887]  kmalloc_order_trace+0x14/0x130
[   74.335871][ T5887]  proc_sys_call_handler+0x1b3/0x4c0
[   74.341148][ T5887]  new_sync_read+0x35a/0x5f0
[   74.345740][ T5887]  vfs_read+0x264/0x470
[   74.349884][ T5887]  ksys_read+0xf4/0x1d0
[   74.354208][ T5887]  do_syscall_64+0x2d/0x40
[   74.358695][ T5887]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   74.364585][ T5887] 
[   74.366887][ T5887] Memory state around the buggy address:
[   74.373308][ T5887]  ffff8880191be280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.381359][ T5887]  ffff8880191be300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.389399][ T5887] >ffff8880191be380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.397452][ T5887]                                                                 ^
[   74.405406][ T5887]  ffff8880191be400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.413458][ T5887]  ffff8880191be480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   74.421593][ T5887] ==================================================================
[   74.429807][ T5887] Disabling lock debugging due to kernel taint
[   74.435983][ T5887] Kernel panic - not syncing: panic_on_warn set ...
[   74.442561][ T5887] CPU: 1 PID: 5887 Comm: syz-executor.0 Tainted: G    B             5.11.0-syzkaller #0
[   74.452340][ T5887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022
[   74.462368][ T5887] Call Trace:
[   74.465630][ T5887]  dump_stack+0x9a/0xcc
[   74.469850][ T5887]  panic+0x256/0x4eb
[   74.473986][ T5887]  ? __warn_printk+0xee/0xee
[   74.478674][ T5887]  ? ipvlan_queue_xmit+0x1322/0x16e0
[   74.483927][ T5887]  ? ipvlan_queue_xmit+0x1322/0x16e0
[   74.489182][ T5887]  end_report+0x58/0x5e
[   74.493326][ T5887]  kasan_report.cold+0x67/0xd5
[   74.498073][ T5887]  ? ipvlan_queue_xmit+0x1322/0x16e0
[   74.503341][ T5887]  ipvlan_queue_xmit+0x1322/0x16e0
[   74.508430][ T5887]  ? ipvlan_handle_mode_l3+0x120/0x120
[   74.513871][ T5887]  ? __alloc_skb+0x2e5/0x4e0
[   74.518431][ T5887]  ? skb_crc32c_csum_help+0x50/0x50
[   74.523598][ T5887]  ? alloc_skb_with_frags+0x73/0x540
[   74.528871][ T5887]  ? netif_skb_features+0x226/0x9c0
[   74.534062][ T5887]  ipvlan_start_xmit+0x40/0x160
[   74.538897][ T5887]  __dev_direct_xmit+0x472/0x670
[   74.543852][ T5887]  ? validate_xmit_skb_list+0x120/0x120
[   74.549379][ T5887]  ? netdev_pick_tx+0x432/0x8b0
[   74.554215][ T5887]  packet_direct_xmit+0x1a0/0x250
[   74.559217][ T5887]  packet_sendmsg+0x1e46/0x47c0
[   74.564132][ T5887]  ? save_trace+0x208/0x9f0
[   74.568729][ T5887]  ? aa_sk_perm+0x1b5/0x810
[   74.573381][ T5887]  ? packet_cached_dev_get+0x190/0x190
[   74.578820][ T5887]  ? aa_af_perm+0x210/0x210
[   74.583309][ T5887]  ? packet_cached_dev_get+0x190/0x190
[   74.589118][ T5887]  sock_sendmsg+0xab/0xe0
[   74.593508][ T5887]  __sys_sendto+0x1a4/0x270
[   74.597984][ T5887]  ? __ia32_sys_getpeername+0xa0/0xa0
[   74.603399][ T5887]  ? find_held_lock+0x2d/0x110
[   74.608144][ T5887]  ? lock_downgrade+0x6d0/0x6d0
[   74.612972][ T5887]  __x64_sys_sendto+0xd8/0x1b0
[   74.617714][ T5887]  ? lockdep_hardirqs_on+0x79/0x100
[   74.622889][ T5887]  ? syscall_enter_from_user_mode+0x27/0x70
[   74.628750][ T5887]  do_syscall_64+0x2d/0x40
[   74.633241][ T5887]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   74.639139][ T5887] RIP: 0033:0x7fe3bc7ef279
[   74.643709][ T5887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   74.663293][ T5887] RSP: 002b:00007fe3bbf64168 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   74.671680][ T5887] RAX: ffffffffffffffda RBX: 00007fe3bc901f80 RCX: 00007fe3bc7ef279
[   74.679822][ T5887] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[   74.687784][ T5887] RBP: 00007fe3bc849189 R08: 00000000200000c0 R09: 0000000000000014
[   74.695732][ T5887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   74.703791][ T5887] R13: 00007ffe6afd5b3f R14: 00007fe3bbf64300 R15: 0000000000022000
[   74.711815][ T5887] Kernel Offset: disabled
[   74.716116][ T5887] Rebooting in 86400 seconds..