Warning: Permanently added '10.128.1.242' (ED25519) to the list of known hosts.
2024/05/30 01:30:21 ignoring optional flag "sandboxArg"="0"
[   82.325587][  T928] cfg80211: failed to load regulatory.db
2024/05/30 01:30:21 parsed 1 programs
2024/05/30 01:30:23 executed programs: 0
[   84.198380][ T5374] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   84.258167][   T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   84.269058][   T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   84.277170][   T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   84.286697][   T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   84.295896][   T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   84.303248][   T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   84.425989][ T5384] chnl_net:caif_netlink_parms(): no params data found
[   84.484915][ T5384] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.492269][ T5384] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.499858][ T5384] bridge_slave_0: entered allmulticast mode
[   84.507438][ T5384] bridge_slave_0: entered promiscuous mode
[   84.516019][ T5384] bridge0: port 2(bridge_slave_1) entered blocking state
[   84.523365][ T5384] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.531079][ T5384] bridge_slave_1: entered allmulticast mode
[   84.538152][ T5384] bridge_slave_1: entered promiscuous mode
[   84.566955][ T5384] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   84.579524][ T5384] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   84.610986][ T5384] team0: Port device team_slave_0 added
[   84.620631][ T5384] team0: Port device team_slave_1 added
[   84.643422][ T5384] batman_adv: batadv0: Adding interface: batadv_slave_0
[   84.651027][ T5384] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.677458][ T5384] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   84.689728][ T5384] batman_adv: batadv0: Adding interface: batadv_slave_1
[   84.696886][ T5384] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.724444][ T5384] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   84.761171][ T5384] hsr_slave_0: entered promiscuous mode
[   84.768920][ T5384] hsr_slave_1: entered promiscuous mode
[   85.493350][ T5384] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   85.512235][ T5384] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   85.527465][ T5384] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   85.555284][ T5384] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   85.663074][ T5384] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.690618][ T5384] 8021q: adding VLAN 0 to HW filter on device team0
[   85.706138][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.713309][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.738130][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.745378][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.961300][ T5384] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.022394][ T5384] veth0_vlan: entered promiscuous mode
[   86.040207][ T5384] veth1_vlan: entered promiscuous mode
[   86.080599][ T5384] veth0_macvtap: entered promiscuous mode
[   86.096404][ T5384] veth1_macvtap: entered promiscuous mode
[   86.123232][ T5384] batman_adv: batadv0: Interface activated: batadv_slave_0
[   86.142594][ T5384] batman_adv: batadv0: Interface activated: batadv_slave_1
[   86.162040][ T5384] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.172718][ T5384] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.182443][ T5384] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   86.196114][ T5384] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   86.307132][ T2475] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.325696][   T53] Bluetooth: hci0: command tx timeout
[   86.333565][ T2475] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.378705][    T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.389564][    T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.818050][ T5459] loop0: detected capacity change from 0 to 32768
[   86.896162][ T5459] ==================================================================
[   86.904419][ T5459] BUG: KASAN: slab-use-after-free in diWrite+0xde3/0x19b0
[   86.911677][ T5459] Write of size 32 at addr ffff8880298b00c0 by task syz-executor.0/5459
[   86.920030][ T5459] 
[   86.922385][ T5459] CPU: 0 PID: 5459 Comm: syz-executor.0 Not tainted 6.10.0-rc1-syzkaller-00027-g4a4be1ad3a6e #0
[   86.932835][ T5459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   86.942935][ T5459] Call Trace:
[   86.946422][ T5459]  <TASK>
[   86.949563][ T5459]  dump_stack_lvl+0x241/0x360
[   86.954370][ T5459]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.959606][ T5459]  ? __pfx__printk+0x10/0x10
[   86.964235][ T5459]  ? _printk+0xd5/0x120
[   86.968764][ T5459]  ? __virt_addr_valid+0x183/0x520
[   86.974213][ T5459]  ? __virt_addr_valid+0x183/0x520
[   86.979491][ T5459]  print_report+0x169/0x550
[   86.984026][ T5459]  ? __virt_addr_valid+0x183/0x520
[   86.989261][ T5459]  ? __virt_addr_valid+0x183/0x520
[   86.994490][ T5459]  ? __virt_addr_valid+0x44e/0x520
[   86.999641][ T5459]  ? __phys_addr+0xba/0x170
[   87.004187][ T5459]  ? diWrite+0xde3/0x19b0
[   87.008636][ T5459]  kasan_report+0x143/0x180
[   87.013357][ T5459]  ? diWrite+0xde3/0x19b0
[   87.017811][ T5459]  kasan_check_range+0x282/0x290
[   87.022859][ T5459]  ? diWrite+0xde3/0x19b0
[   87.027238][ T5459]  __asan_memcpy+0x40/0x70
[   87.031859][ T5459]  diWrite+0xde3/0x19b0
[   87.036228][ T5459]  txCommit+0xa1a/0x6a20
[   87.040499][ T5459]  ? add_index+0x34c/0x1620
[   87.045117][ T5459]  ? __pfx_add_index+0x10/0x10
[   87.049921][ T5459]  ? __pfx_txCommit+0x10/0x10
[   87.054726][ T5459]  ? rcu_is_watching+0x15/0xb0
[   87.059524][ T5459]  ? __mark_inode_dirty+0x41c/0xe20
[   87.064753][ T5459]  jfs_readdir+0x28e9/0x4660
[   87.069380][ T5459]  ? __pfx_jfs_readdir+0x10/0x10
[   87.074356][ T5459]  ? __pfx___down_write_common+0x10/0x10
[   87.080015][ T5459]  ? __pfx___mutex_lock+0x10/0x10
[   87.085072][ T5459]  ? __pfx_jfs_readdir+0x10/0x10
[   87.090215][ T5459]  wrap_directory_iterator+0x94/0xe0
[   87.095619][ T5459]  iterate_dir+0x65e/0x820
[   87.100067][ T5459]  __se_sys_getdents64+0x20d/0x4f0
[   87.105476][ T5459]  ? __pfx___se_sys_getdents64+0x10/0x10
[   87.111133][ T5459]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   87.117204][ T5459]  ? __pfx_filldir64+0x10/0x10
[   87.121994][ T5459]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   87.128528][ T5459]  ? do_syscall_64+0x100/0x230
[   87.133325][ T5459]  ? do_syscall_64+0xb6/0x230
[   87.138463][ T5459]  do_syscall_64+0xf3/0x230
[   87.143093][ T5459]  ? clear_bhb_loop+0x35/0x90
[   87.147805][ T5459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.153916][ T5459] RIP: 0033:0x7fe7c4e7dea9
[   87.158362][ T5459] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   87.178250][ T5459] RSP: 002b:00007fe7c5c000c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   87.186829][ T5459] RAX: ffffffffffffffda RBX: 00007fe7c4fabf80 RCX: 00007fe7c4e7dea9
[   87.194833][ T5459] RDX: 000000000000005d RSI: 00000000200002c0 RDI: 0000000000000005
[   87.202921][ T5459] RBP: 00007fe7c4eca4a4 R08: 0000000000000000 R09: 0000000000000000
[   87.210915][ T5459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.219175][ T5459] R13: 000000000000000b R14: 00007fe7c4fabf80 R15: 00007ffcb97bfaa8
[   87.227179][ T5459]  </TASK>
[   87.230387][ T5459] 
[   87.232723][ T5459] Allocated by task 5384:
[   87.237227][ T5459]  kasan_save_track+0x3f/0x80
[   87.242100][ T5459]  __kasan_kmalloc+0x98/0xb0
[   87.246716][ T5459]  __kmalloc_noprof+0x1f9/0x400
[   87.251589][ T5459]  tomoyo_realpath_from_path+0xcf/0x5e0
[   87.257265][ T5459]  tomoyo_path_number_perm+0x23a/0x880
[   87.262846][ T5459]  security_file_ioctl+0x75/0xb0
[   87.267892][ T5459]  __se_sys_ioctl+0x47/0x170
[   87.272596][ T5459]  do_syscall_64+0xf3/0x230
[   87.277117][ T5459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.283119][ T5459] 
[   87.285452][ T5459] Freed by task 5384:
[   87.289449][ T5459]  kasan_save_track+0x3f/0x80
[   87.294146][ T5459]  kasan_save_free_info+0x40/0x50
[   87.299188][ T5459]  poison_slab_object+0xe0/0x150
[   87.304157][ T5459]  __kasan_slab_free+0x37/0x60
[   87.308938][ T5459]  kfree+0x149/0x360
[   87.313109][ T5459]  tomoyo_realpath_from_path+0x5a9/0x5e0
[   87.318844][ T5459]  tomoyo_path_number_perm+0x23a/0x880
[   87.324322][ T5459]  security_file_ioctl+0x75/0xb0
[   87.329286][ T5459]  __se_sys_ioctl+0x47/0x170
[   87.333897][ T5459]  do_syscall_64+0xf3/0x230
[   87.338505][ T5459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.344510][ T5459] 
[   87.346842][ T5459] The buggy address belongs to the object at ffff8880298b0000
[   87.346842][ T5459]  which belongs to the cache kmalloc-4k of size 4096
[   87.361085][ T5459] The buggy address is located 192 bytes inside of
[   87.361085][ T5459]  freed 4096-byte region [ffff8880298b0000, ffff8880298b1000)
[   87.375164][ T5459] 
[   87.377500][ T5459] The buggy address belongs to the physical page:
[   87.383934][ T5459] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x298b0
[   87.392816][ T5459] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   87.401414][ T5459] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[   87.408983][ T5459] page_type: 0xffffefff(slab)
[   87.413780][ T5459] raw: 00fff00000000040 ffff888015042140 ffffea00017ca000 0000000000000002
[   87.422533][ T5459] raw: 0000000000000000 0000000000040004 00000001ffffefff 0000000000000000
[   87.431143][ T5459] head: 00fff00000000040 ffff888015042140 ffffea00017ca000 0000000000000002
[   87.440044][ T5459] head: 0000000000000000 0000000000040004 00000001ffffefff 0000000000000000
[   87.448738][ T5459] head: 00fff00000000003 ffffea0000a62c01 ffffffffffffffff 0000000000000000
[   87.457779][ T5459] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   87.466634][ T5459] page dumped because: kasan: bad access detected
[   87.473077][ T5459] page_owner tracks the page as allocated
[   87.478915][ T5459] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 8, tgid 8 (kworker/0:0), ts 62745335305, free_ts 61616198644
[   87.501262][ T5459]  post_alloc_hook+0x1f3/0x230
[   87.506286][ T5459]  get_page_from_freelist+0x2e2d/0x2ee0
[   87.511902][ T5459]  __alloc_pages_noprof+0x256/0x6c0
[   87.517401][ T5459]  alloc_slab_page+0x5f/0x120
[   87.522284][ T5459]  allocate_slab+0x5a/0x2e0
[   87.526843][ T5459]  ___slab_alloc+0xcd1/0x14b0
[   87.531558][ T5459]  __slab_alloc+0x58/0xa0
[   87.535916][ T5459]  kmalloc_node_track_caller_noprof+0x281/0x440
[   87.542180][ T5459]  kmalloc_reserve+0x111/0x2a0
[   87.547061][ T5459]  __alloc_skb+0x1f3/0x440
[   87.551590][ T5459]  nsim_dev_trap_report_work+0x254/0xaa0
[   87.557338][ T5459]  process_scheduled_works+0xa2c/0x1830
[   87.562907][ T5459]  worker_thread+0x86d/0xd70
[   87.567537][ T5459]  kthread+0x2f0/0x390
[   87.571632][ T5459]  ret_from_fork+0x4b/0x80
[   87.576080][ T5459]  ret_from_fork_asm+0x1a/0x30
[   87.580928][ T5459] page last free pid 5079 tgid 5079 stack trace:
[   87.587268][ T5459]  free_unref_page+0xd19/0xea0
[   87.592051][ T5459]  __put_partials+0xeb/0x130
[   87.596747][ T5459]  put_cpu_partial+0x17c/0x250
[   87.601536][ T5459]  __slab_free+0x2ea/0x3d0
[   87.605982][ T5459]  qlist_free_all+0x9e/0x140
[   87.610609][ T5459]  kasan_quarantine_reduce+0x14f/0x170
[   87.616539][ T5459]  __kasan_slab_alloc+0x23/0x80
[   87.621519][ T5459]  kmem_cache_alloc_noprof+0x135/0x2a0
[   87.627009][ T5459]  getname_flags+0xbd/0x4f0
[   87.631632][ T5459]  do_sys_openat2+0xd2/0x1d0
[   87.636249][ T5459]  __x64_sys_openat+0x247/0x2a0
[   87.641661][ T5459]  do_syscall_64+0xf3/0x230
[   87.646551][ T5459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.652493][ T5459] 
[   87.654835][ T5459] Memory state around the buggy address:
[   87.661443][ T5459]  ffff8880298aff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   87.669697][ T5459]  ffff8880298b0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   87.677783][ T5459] >ffff8880298b0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   87.685945][ T5459]                                            ^
[   87.692226][ T5459]  ffff8880298b0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   87.700390][ T5459]  ffff8880298b0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   87.708724][ T5459] ==================================================================
[   87.733298][ T5459] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   87.740579][ T5459] CPU: 0 PID: 5459 Comm: syz-executor.0 Not tainted 6.10.0-rc1-syzkaller-00027-g4a4be1ad3a6e #0
[   87.751344][ T5459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[   87.761499][ T5459] Call Trace:
[   87.764894][ T5459]  <TASK>
[   87.767838][ T5459]  dump_stack_lvl+0x241/0x360
[   87.772642][ T5459]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.777963][ T5459]  ? __pfx__printk+0x10/0x10
[   87.782586][ T5459]  ? preempt_schedule+0xe1/0xf0
[   87.787563][ T5459]  ? vscnprintf+0x5d/0x90
[   87.791928][ T5459]  panic+0x349/0x860
[   87.795857][ T5459]  ? check_panic_on_warn+0x21/0xb0
[   87.801072][ T5459]  ? __pfx_panic+0x10/0x10
[   87.805494][ T5459]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[   87.811588][ T5459]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   87.817937][ T5459]  ? print_report+0x502/0x550
[   87.822726][ T5459]  check_panic_on_warn+0x86/0xb0
[   87.827689][ T5459]  ? diWrite+0xde3/0x19b0
[   87.832024][ T5459]  end_report+0x77/0x160
[   87.836260][ T5459]  kasan_report+0x154/0x180
[   87.840756][ T5459]  ? diWrite+0xde3/0x19b0
[   87.845094][ T5459]  kasan_check_range+0x282/0x290
[   87.850030][ T5459]  ? diWrite+0xde3/0x19b0
[   87.854352][ T5459]  __asan_memcpy+0x40/0x70
[   87.858763][ T5459]  diWrite+0xde3/0x19b0
[   87.862920][ T5459]  txCommit+0xa1a/0x6a20
[   87.867156][ T5459]  ? add_index+0x34c/0x1620
[   87.871658][ T5459]  ? __pfx_add_index+0x10/0x10
[   87.876500][ T5459]  ? __pfx_txCommit+0x10/0x10
[   87.881286][ T5459]  ? rcu_is_watching+0x15/0xb0
[   87.886043][ T5459]  ? __mark_inode_dirty+0x41c/0xe20
[   87.891249][ T5459]  jfs_readdir+0x28e9/0x4660
[   87.895844][ T5459]  ? __pfx_jfs_readdir+0x10/0x10
[   87.900882][ T5459]  ? __pfx___down_write_common+0x10/0x10
[   87.906536][ T5459]  ? __pfx___mutex_lock+0x10/0x10
[   87.911740][ T5459]  ? __pfx_jfs_readdir+0x10/0x10
[   87.916759][ T5459]  wrap_directory_iterator+0x94/0xe0
[   87.922039][ T5459]  iterate_dir+0x65e/0x820
[   87.926493][ T5459]  __se_sys_getdents64+0x20d/0x4f0
[   87.931604][ T5459]  ? __pfx___se_sys_getdents64+0x10/0x10
[   87.937229][ T5459]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   87.943195][ T5459]  ? __pfx_filldir64+0x10/0x10
[   87.947946][ T5459]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   87.954262][ T5459]  ? do_syscall_64+0x100/0x230
[   87.959016][ T5459]  ? do_syscall_64+0xb6/0x230
[   87.963784][ T5459]  do_syscall_64+0xf3/0x230
[   87.968282][ T5459]  ? clear_bhb_loop+0x35/0x90
[   87.972957][ T5459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.978861][ T5459] RIP: 0033:0x7fe7c4e7dea9
[   87.983279][ T5459] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   88.003138][ T5459] RSP: 002b:00007fe7c5c000c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   88.011740][ T5459] RAX: ffffffffffffffda RBX: 00007fe7c4fabf80 RCX: 00007fe7c4e7dea9
[   88.019899][ T5459] RDX: 000000000000005d RSI: 00000000200002c0 RDI: 0000000000000005
[   88.027862][ T5459] RBP: 00007fe7c4eca4a4 R08: 0000000000000000 R09: 0000000000000000
[   88.036106][ T5459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   88.044239][ T5459] R13: 000000000000000b R14: 00007fe7c4fabf80 R15: 00007ffcb97bfaa8
[   88.052408][ T5459]  </TASK>
[   88.055802][ T5459] Kernel Offset: disabled
[   88.060149][ T5459] Rebooting in 86400 seconds..