[ 81.976599][ T47] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.171' (ED25519) to the list of known hosts. 2023/10/30 04:13:35 ignoring optional flag "sandboxArg"="0" 2023/10/30 04:13:35 parsed 1 programs 2023/10/30 04:13:38 executed programs: 0 [ 87.772097][ T4507] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.146268][ T4514] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.153692][ T4514] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.160994][ T4514] bridge_slave_0: entered allmulticast mode [ 88.168089][ T4514] bridge_slave_0: entered promiscuous mode [ 88.176208][ T4514] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.183306][ T4514] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.191410][ T4514] bridge_slave_1: entered allmulticast mode [ 88.198347][ T4514] bridge_slave_1: entered promiscuous mode [ 88.321033][ T4514] team0: Port device team_slave_0 added [ 88.330361][ T4514] team0: Port device team_slave_1 added [ 88.461012][ T4514] hsr_slave_0: entered promiscuous mode [ 88.467654][ T4514] hsr_slave_1: entered promiscuous mode [ 89.249188][ T4514] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.262392][ T4514] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.276104][ T4514] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.288943][ T4514] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.761658][ T4514] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.778270][ T47] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.786182][ T47] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.807246][ T47] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.814838][ T47] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.874228][ T4514] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 91.014116][ T4514] veth0_vlan: entered promiscuous mode [ 91.034177][ T4514] veth1_vlan: entered promiscuous mode [ 91.080536][ T4514] veth0_macvtap: entered promiscuous mode [ 91.092906][ T4514] veth1_macvtap: entered promiscuous mode [ 91.635779][ T2488] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.643899][ T2488] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.676740][ T47] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.684959][ T47] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.779458][ T4696] ================================================================== [ 91.788171][ T4696] BUG: KASAN: stack-out-of-bounds in string+0x394/0x3d0 [ 91.795220][ T4696] Read of size 1 at addr ffffc9000221f3fd by task syz-executor.0/4696 [ 91.803568][ T4696] [ 91.805902][ T4696] CPU: 1 PID: 4696 Comm: syz-executor.0 Not tainted 6.6.0-rc7-syzkaller #0 [ 91.814678][ T4696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 91.824929][ T4696] Call Trace: [ 91.828290][ T4696] [ 91.831397][ T4696] dump_stack_lvl+0x8e/0xf0 [ 91.835908][ T4696] print_report+0xc4/0x620 [ 91.840330][ T4696] ? __virt_addr_valid+0x1fb/0x2b0 [ 91.845443][ T4696] kasan_report+0xda/0x110 [ 91.849960][ T4696] ? string+0x394/0x3d0 [ 91.854108][ T4696] ? string+0x394/0x3d0 [ 91.858261][ T4696] string+0x394/0x3d0 [ 91.862257][ T4696] ? ip6_addr_string_sa+0x820/0x820 [ 91.867554][ T4696] ? __stack_depot_save+0x247/0x460 [ 91.872867][ T4696] vsnprintf+0xcde/0x1910 [ 91.877384][ T4696] ? pointer+0xbb0/0xbb0 [ 91.881827][ T4696] ? unwind_next_frame+0x51/0x2390 [ 91.886957][ T4696] ? stack_access_ok+0xf9/0x270 [ 91.892082][ T4696] vprintk_store+0x397/0xac0 [ 91.896700][ T4696] ? printk_sprint+0x280/0x280 [ 91.901483][ T4696] ? is_dynamic_key+0x150/0x150 [ 91.906469][ T4696] ? ref_tracker_alloc+0x297/0x510 [ 91.911679][ T4696] vprintk_emit+0x142/0x4e0 [ 91.916257][ T4696] vprintk+0x7b/0x90 [ 91.920673][ T4696] _printk+0xc8/0x100 [ 91.924755][ T4696] ? syslog_print_all+0x3d0/0x3d0 [ 91.930047][ T4696] ? ___ratelimit+0xce/0x4e0 [ 91.934727][ T4696] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 91.940940][ T4696] ? idr_get_free+0x8c0/0x8c0 [ 91.945822][ T4696] tcp_inbound_hash.constprop.0+0xcb9/0x1030 [ 91.951851][ T4696] ? __xfrm_policy_check2.constprop.0+0x700/0x700 [ 91.958896][ T4696] ? inet6_lhash2_lookup+0x4c0/0x4c0 [ 91.964356][ T4696] ? inet6_ehashfn+0x460/0x460 [ 91.969121][ T4696] ? __local_bh_enable_ip+0x28/0x60 [ 91.976846][ T4696] ? ip6t_do_table+0xb4a/0x1a10 [ 91.981802][ T4696] tcp_v6_rcv+0x2f33/0x36f0 [ 91.986500][ T4696] ? tcp_v6_err+0x1380/0x1380 [ 91.991453][ T4696] ? nf_nat_icmpv6_reply_translation+0x630/0x630 [ 91.998228][ T4696] ? rawv6_rcv+0x15a0/0x15a0 [ 92.002927][ T4696] ip6_protocol_deliver_rcu+0x16b/0x12a0 [ 92.008830][ T4696] ? ip6_input_finish+0x111/0x1c0 [ 92.014041][ T4696] ip6_input_finish+0x131/0x1c0 [ 92.018986][ T4696] ? ip6_input_finish+0x111/0x1c0 [ 92.024043][ T4696] ip6_input+0xca/0x230 [ 92.028409][ T4696] ? ip6_input_finish+0x1c0/0x1c0 [ 92.033651][ T4696] ? ip6_protocol_deliver_rcu+0x12a0/0x12a0 [ 92.039827][ T4696] ipv6_rcv+0x3aa/0x4b0 [ 92.044088][ T4696] ? ip6_rcv_core+0x1a00/0x1a00 [ 92.049125][ T4696] ? ip6_sublist_rcv+0xbc0/0xbc0 [ 92.054169][ T4696] ? ip6_rcv_core+0x1a00/0x1a00 [ 92.059039][ T4696] __netif_receive_skb_one_core+0x115/0x180 [ 92.065052][ T4696] ? __netif_receive_skb_list_core+0x8a0/0x8a0 [ 92.071216][ T4696] ? lock_acquire+0x12a/0x2b0 [ 92.076529][ T4696] __netif_receive_skb+0x1f/0x1b0 [ 92.081755][ T4696] netif_receive_skb+0xff/0x500 [ 92.086787][ T4696] ? __netif_receive_skb+0x1b0/0x1b0 [ 92.092510][ T4696] ? skb_set_owner_w+0x27d/0x430 [ 92.097718][ T4696] ? __tun_build_skb+0x1e5/0x340 [ 92.102768][ T4696] tun_rx_batched+0x422/0x770 [ 92.107801][ T4696] ? tun_flow_cleanup+0x2f0/0x2f0 [ 92.112832][ T4696] ? lock_acquire+0x12a/0x2b0 [ 92.117795][ T4696] tun_get_user+0x2684/0x32e0 [ 92.122499][ T4696] ? tun_build_skb.constprop.0+0xd50/0xd50 [ 92.128405][ T4696] ? reacquire_held_locks+0x380/0x380 [ 92.133789][ T4696] ? lock_acquire+0x12a/0x2b0 [ 92.138745][ T4696] tun_chr_write_iter+0xe8/0x210 [ 92.143860][ T4696] vfs_write+0x63c/0xce0 [ 92.148198][ T4696] ? kernel_write+0x560/0x560 [ 92.152906][ T4696] ? __fget_files+0x234/0x2d0 [ 92.158476][ T4696] ? __fget_light+0xe6/0x260 [ 92.163167][ T4696] ksys_write+0x12f/0x250 [ 92.167511][ T4696] ? __ia32_sys_read+0xb0/0xb0 [ 92.172304][ T4696] ? fpregs_restore_userregs+0x15f/0x2c0 [ 92.177957][ T4696] do_syscall_64+0x38/0xb0 [ 92.182566][ T4696] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 92.188492][ T4696] RIP: 0033:0x7fa0dfe7b82f [ 92.192907][ T4696] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 b9 80 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 0c 81 02 00 48 [ 92.213559][ T4696] RSP: 002b:00007fa0e0c83090 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 92.222204][ T4696] RAX: ffffffffffffffda RBX: 00007fa0dff9bf80 RCX: 00007fa0dfe7b82f [ 92.234435][ T4696] RDX: 000000000000008a RSI: 00000000200002c0 RDI: 00000000000000c8 [ 92.244503][ T4696] RBP: 00007fa0dfec847a R08: 0000000000000000 R09: 0000000000000000 [ 92.252494][ T4696] R10: 000000000000008a R11: 0000000000000293 R12: 0000000000000000 [ 92.260464][ T4696] R13: 000000000000000b R14: 00007fa0dff9bf80 R15: 00007ffca86da928 [ 92.268614][ T4696] [ 92.271640][ T4696] [ 92.273952][ T4696] The buggy address belongs to stack of task syz-executor.0/4696 [ 92.281740][ T4696] and is located at offset 101 in frame: [ 92.287533][ T4696] tcp_inbound_hash.constprop.0+0x0/0x1030 [ 92.293989][ T4696] [ 92.296486][ T4696] This frame has 3 objects: [ 92.301079][ T4696] [32, 40) 'md5_tmp' [ 92.301094][ T4696] [64, 72) 'ao_tmp' [ 92.305335][ T4696] [96, 101) 'hdr_flags' [ 92.309262][ T4696] [ 92.315803][ T4696] The buggy address belongs to the virtual mapping at [ 92.315803][ T4696] [ffffc90002218000, ffffc90002221000) created by: [ 92.315803][ T4696] kernel_clone+0xfd/0xab0 [ 92.333799][ T4696] [ 92.336119][ T4696] The buggy address belongs to the physical page: [ 92.342625][ T4696] page:ffffea000464e240 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x119389 [ 92.352957][ T4696] memcg:ffff888106e6da02 [ 92.357186][ T4696] flags: 0x100000000000000(node=0|zone=2) [ 92.363071][ T4696] page_type: 0xffffffff() [ 92.367404][ T4696] raw: 0100000000000000 0000000000000000 dead000000000122 0000000000000000 [ 92.376071][ T4696] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff888106e6da02 [ 92.384726][ T4696] page dumped because: kasan: bad access detected [ 92.391124][ T4696] page_owner tracks the page as allocated [ 92.396831][ T4696] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 1957, tgid 1957 (kworker/u4:7), ts 87842847477, free_ts 83818198241 [ 92.415241][ T4696] post_alloc_hook+0x27e/0x2f0 [ 92.420102][ T4696] get_page_from_freelist+0xe91/0x30a0 [ 92.425656][ T4696] __alloc_pages+0x1d0/0x470 [ 92.430628][ T4696] alloc_pages+0x21f/0x3e0 [ 92.435306][ T4696] __vmalloc_node_range+0xa46/0x1510 [ 92.440606][ T4696] copy_process+0x1213/0x6b10 [ 92.445282][ T4696] kernel_clone+0xfd/0xab0 [ 92.449736][ T4696] user_mode_thread+0xb4/0xf0 [ 92.454412][ T4696] call_usermodehelper_exec_work+0x6b/0x170 [ 92.460389][ T4696] process_one_work+0x7eb/0x13e0 [ 92.465327][ T4696] worker_thread+0x86f/0x1160 [ 92.470021][ T4696] kthread+0x2aa/0x380 [ 92.474087][ T4696] ret_from_fork+0x45/0x80 [ 92.478501][ T4696] ret_from_fork_asm+0x11/0x20 [ 92.483356][ T4696] page last free stack trace: [ 92.488017][ T4696] free_unref_page_prepare+0x503/0xb90 [ 92.493485][ T4696] free_unref_page+0x33/0x350 [ 92.498342][ T4696] kasan_depopulate_vmalloc_pte+0x63/0x80 [ 92.504413][ T4696] __apply_to_page_range+0x4e6/0xcd0 [ 92.510138][ T4696] kasan_release_vmalloc+0xa8/0xc0 [ 92.515337][ T4696] __purge_vmap_area_lazy+0x8d6/0x20b0 [ 92.521010][ T4696] _vm_unmap_aliases+0x29a/0xa80 [ 92.525949][ T4696] change_page_attr_set_clr+0x248/0x490 [ 92.531672][ T4696] set_memory_ro+0x7c/0xa0 [ 92.536180][ T4696] bpf_prog_select_runtime+0x4ec/0x620 [ 92.541736][ T4696] bpf_prepare_filter+0xcee/0x10a0 [ 92.546849][ T4696] bpf_prog_create_from_user+0x1e4/0x2d0 [ 92.552484][ T4696] do_seccomp+0x7b7/0x2560 [ 92.557170][ T4696] prctl_set_seccomp+0x4b/0x70 [ 92.562088][ T4696] __do_sys_prctl+0xf57/0x18e0 [ 92.566935][ T4696] do_syscall_64+0x38/0xb0 [ 92.571358][ T4696] [ 92.573672][ T4696] Memory state around the buggy address: [ 92.579378][ T4696] ffffc9000221f280: 00 00 f1 f1 f1 f1 00 00 00 f3 f3 f3 f3 f3 00 00 [ 92.587431][ T4696] ffffc9000221f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.595485][ T4696] >ffffc9000221f380: 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 00 f2 f2 f2 05 [ 92.603881][ T4696] ^ [ 92.611932][ T4696] ffffc9000221f400: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.620332][ T4696] ffffc9000221f480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 92.628472][ T4696] ================================================================== [ 92.636612][ T4696] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 92.644103][ T4696] Kernel Offset: disabled [ 92.648410][ T4696] Rebooting in 86400 seconds..