[ 82.254220][ T922] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.1.147' (ED25519) to the list of known hosts.
2024/03/03 11:48:34 ignoring optional flag "sandboxArg"="0"
2024/03/03 11:48:34 parsed 1 programs
2024/03/03 11:48:36 executed programs: 0
[ 86.660044][ T5406] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 86.715669][ T4461] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 86.723602][ T4461] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 86.731298][ T4461] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 86.740728][ T4461] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 86.748600][ T4461] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 86.756568][ T4461] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 86.874088][ T5412] chnl_net:caif_netlink_parms(): no params data found
[ 86.929376][ T5412] bridge0: port 1(bridge_slave_0) entered blocking state
[ 86.936682][ T5412] bridge0: port 1(bridge_slave_0) entered disabled state
[ 86.944235][ T5412] bridge_slave_0: entered allmulticast mode
[ 86.951235][ T5412] bridge_slave_0: entered promiscuous mode
[ 86.959261][ T5412] bridge0: port 2(bridge_slave_1) entered blocking state
[ 86.968253][ T5412] bridge0: port 2(bridge_slave_1) entered disabled state
[ 86.975610][ T5412] bridge_slave_1: entered allmulticast mode
[ 86.982821][ T5412] bridge_slave_1: entered promiscuous mode
[ 87.009298][ T5412] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 87.021069][ T5412] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 87.049521][ T5412] team0: Port device team_slave_0 added
[ 87.058547][ T5412] team0: Port device team_slave_1 added
[ 87.081786][ T5412] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 87.088953][ T5412] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 87.115050][ T5412] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 87.127798][ T5412] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 87.135249][ T5412] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 87.164389][ T5412] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 87.201190][ T5412] hsr_slave_0: entered promiscuous mode
[ 87.208006][ T5412] hsr_slave_1: entered promiscuous mode
[ 87.851297][ T5412] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 87.861910][ T5412] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 87.877929][ T5412] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 87.889524][ T5412] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 88.007057][ T5412] 8021q: adding VLAN 0 to HW filter on device bond0
[ 88.033689][ T5412] 8021q: adding VLAN 0 to HW filter on device team0
[ 88.051142][ T5077] bridge0: port 1(bridge_slave_0) entered blocking state
[ 88.058463][ T5077] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 88.087892][ T5077] bridge0: port 2(bridge_slave_1) entered blocking state
[ 88.095290][ T5077] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 88.305308][ T5412] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 88.368076][ T5412] veth0_vlan: entered promiscuous mode
[ 88.385643][ T5412] veth1_vlan: entered promiscuous mode
[ 88.433562][ T5412] veth0_macvtap: entered promiscuous mode
[ 88.446305][ T5412] veth1_macvtap: entered promiscuous mode
[ 88.475506][ T5412] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 88.495185][ T5412] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 88.511570][ T5412] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.525283][ T5412] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.535382][ T5412] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.546811][ T5412] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.645573][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.657193][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 88.707622][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.717063][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 88.798136][ T5486] ==================================================================
[ 88.806709][ T5486] BUG: KASAN: slab-use-after-free in __se_sys_io_cancel+0x2c7/0x2d0
[ 88.814903][ T5486] Read of size 4 at addr ffff88802d7b6020 by task syz-executor.0/5486
[ 88.823701][ T5486]
[ 88.826053][ T5486] CPU: 0 PID: 5486 Comm: syz-executor.0 Not tainted 6.8.0-rc6-syzkaller-g04b8076df253-dirty #0
[ 88.836400][ T5486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 88.846666][ T5486] Call Trace:
[ 88.849975][ T5486]
[ 88.852945][ T5486] dump_stack_lvl+0x1e7/0x2e0
[ 88.853667][ T5067] Bluetooth: hci0: command 0x0409 tx timeout
[ 88.857638][ T5486] ? __pfx_dump_stack_lvl+0x10/0x10
[ 88.869080][ T5486] ? __pfx__printk+0x10/0x10
[ 88.873697][ T5486] ? _printk+0xd5/0x120
[ 88.878063][ T5486] ? __virt_addr_valid+0x183/0x520
[ 88.883211][ T5486] ? __virt_addr_valid+0x183/0x520
[ 88.888459][ T5486] print_report+0x167/0x540
[ 88.893009][ T5486] ? __virt_addr_valid+0x183/0x520
[ 88.898197][ T5486] ? __virt_addr_valid+0x183/0x520
[ 88.903431][ T5486] ? __virt_addr_valid+0x44e/0x520
[ 88.908663][ T5486] ? __phys_addr+0xba/0x170
[ 88.913303][ T5486] ? __se_sys_io_cancel+0x2c7/0x2d0
[ 88.918806][ T5486] kasan_report+0x142/0x180
[ 88.923361][ T5486] ? __se_sys_io_cancel+0x2c7/0x2d0
[ 88.928865][ T5486] __se_sys_io_cancel+0x2c7/0x2d0
[ 88.934032][ T5486] do_syscall_64+0xf9/0x240
[ 88.938754][ T5486] entry_SYSCALL_64_after_hwframe+0x6f/0x77
[ 88.944880][ T5486] RIP: 0033:0x7f693e07dda9
[ 88.949328][ T5486] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 88.970022][ T5486] RSP: 002b:00007f693ed4f0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d2
[ 88.978822][ T5486] RAX: ffffffffffffffda RBX: 00007f693e1abf80 RCX: 00007f693e07dda9
[ 88.987016][ T5486] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00007f693ed2e000
[ 88.995456][ T5486] RBP: 00007f693e0ca47a R08: 0000000000000000 R09: 0000000000000000
[ 89.003549][ T5486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 89.011699][ T5486] R13: 000000000000000b R14: 00007f693e1abf80 R15: 00007ffc96ae9b58
[ 89.019929][ T5486]
[ 89.022969][ T5486]
[ 89.025537][ T5486] Allocated by task 5486:
[ 89.030109][ T5486] kasan_save_track+0x3f/0x80
[ 89.034962][ T5486] __kasan_slab_alloc+0x66/0x80
[ 89.039986][ T5486] kmem_cache_alloc+0x16f/0x340
[ 89.044930][ T5486] io_submit_one+0x154/0x18b0
[ 89.049598][ T5486] __se_sys_io_submit+0x17f/0x300
[ 89.054696][ T5486] do_syscall_64+0xf9/0x240
[ 89.059192][ T5486] entry_SYSCALL_64_after_hwframe+0x6f/0x77
[ 89.065349][ T5486]
[ 89.067663][ T5486] Freed by task 4850:
[ 89.071633][ T5486] kasan_save_track+0x3f/0x80
[ 89.076302][ T5486] kasan_save_free_info+0x40/0x50
[ 89.081317][ T5486] poison_slab_object+0xa6/0xe0
[ 89.086331][ T5486] __kasan_slab_free+0x37/0x60
[ 89.091085][ T5486] kmem_cache_free+0x102/0x2a0
[ 89.095837][ T5486] aio_poll_complete_work+0x4e7/0x710
[ 89.101199][ T5486] process_scheduled_works+0x913/0x1420
[ 89.106742][ T5486] worker_thread+0xa5f/0x1000
[ 89.111587][ T5486] kthread+0x2ef/0x390
[ 89.115678][ T5486] ret_from_fork+0x4b/0x80
[ 89.120258][ T5486] ret_from_fork_asm+0x1b/0x30
[ 89.125014][ T5486]
[ 89.127325][ T5486] Last potentially related work creation:
[ 89.133023][ T5486] kasan_save_stack+0x3f/0x60
[ 89.137691][ T5486] __kasan_record_aux_stack+0xac/0xc0
[ 89.143064][ T5486] insert_work+0x3e/0x330
[ 89.147396][ T5486] __queue_work+0xbf4/0x1000
[ 89.151973][ T5486] queue_work_on+0x14f/0x250
[ 89.156577][ T5486] aio_poll_cancel+0xbb/0x130
[ 89.161352][ T5486] __se_sys_io_cancel+0x126/0x2d0
[ 89.166647][ T5486] do_syscall_64+0xf9/0x240
[ 89.171151][ T5486] entry_SYSCALL_64_after_hwframe+0x6f/0x77
[ 89.177077][ T5486]
[ 89.179391][ T5486] The buggy address belongs to the object at ffff88802d7b6000
[ 89.179391][ T5486] which belongs to the cache aio_kiocb of size 216
[ 89.193343][ T5486] The buggy address is located 32 bytes inside of
[ 89.193343][ T5486] freed 216-byte region [ffff88802d7b6000, ffff88802d7b60d8)
[ 89.207234][ T5486]
[ 89.209551][ T5486] The buggy address belongs to the physical page:
[ 89.216136][ T5486] page:ffffea0000b5ed80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2d7b6
[ 89.227056][ T5486] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff)
[ 89.234586][ T5486] page_type: 0xffffffff()
[ 89.239163][ T5486] raw: 00fff00000000800 ffff88801676ab40 dead000000000122 0000000000000000
[ 89.247833][ T5486] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
[ 89.256665][ T5486] page dumped because: kasan: bad access detected
[ 89.263239][ T5486] page_owner tracks the page as allocated
[ 89.269111][ T5486] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5486, tgid 5484 (syz-executor.0), ts 88796805839, free_ts 88787850821
[ 89.288635][ T5486] post_alloc_hook+0x1ea/0x210
[ 89.293391][ T5486] get_page_from_freelist+0x33ea/0x3580
[ 89.298926][ T5486] __alloc_pages+0x255/0x680
[ 89.303502][ T5486] alloc_slab_page+0x5f/0x160
[ 89.308348][ T5486] new_slab+0x84/0x2f0
[ 89.312407][ T5486] ___slab_alloc+0xd17/0x13e0
[ 89.317074][ T5486] kmem_cache_alloc+0x24d/0x340
[ 89.321914][ T5486] io_submit_one+0x154/0x18b0
[ 89.326620][ T5486] __se_sys_io_submit+0x17f/0x300
[ 89.331919][ T5486] do_syscall_64+0xf9/0x240
[ 89.336419][ T5486] entry_SYSCALL_64_after_hwframe+0x6f/0x77
[ 89.342379][ T5486] page last free pid 5485 tgid 5485 stack trace:
[ 89.348688][ T5486] free_unref_page_prepare+0x968/0xa90
[ 89.354401][ T5486] free_unref_page+0x37/0x3f0
[ 89.359089][ T5486] __put_partials+0xeb/0x130
[ 89.363669][ T5486] put_cpu_partial+0x17b/0x250
[ 89.368427][ T5486] __slab_free+0x302/0x410
[ 89.372834][ T5486] qlist_free_all+0x5e/0xc0
[ 89.377510][ T5486] kasan_quarantine_reduce+0x14f/0x170
[ 89.383219][ T5486] __kasan_slab_alloc+0x23/0x80
[ 89.388109][ T5486] kmem_cache_alloc+0x16f/0x340
[ 89.392951][ T5486] getname_flags+0xbc/0x4f0
[ 89.397527][ T5486] user_path_at_empty+0x2c/0x60
[ 89.402639][ T5486] __se_sys_chdir+0xbf/0x220
[ 89.407221][ T5486] do_syscall_64+0xf9/0x240
[ 89.411803][ T5486] entry_SYSCALL_64_after_hwframe+0x6f/0x77
[ 89.417690][ T5486]
[ 89.420000][ T5486] Memory state around the buggy address:
[ 89.425613][ T5486] ffff88802d7b5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 89.433669][ T5486] ffff88802d7b5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 89.441808][ T5486] >ffff88802d7b6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 89.450121][ T5486] ^
[ 89.455230][ T5486] ffff88802d7b6080: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[ 89.463298][ T5486] ffff88802d7b6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 89.471608][ T5486] ==================================================================
[ 89.504942][ T5486] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 89.512197][ T5486] CPU: 1 PID: 5486 Comm: syz-executor.0 Not tainted 6.8.0-rc6-syzkaller-g04b8076df253-dirty #0
[ 89.522901][ T5486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[ 89.533066][ T5486] Call Trace:
[ 89.536345][ T5486]
[ 89.539266][ T5486] dump_stack_lvl+0x1e7/0x2e0
[ 89.543948][ T5486] ? __pfx_dump_stack_lvl+0x10/0x10
[ 89.550830][ T5486] ? __pfx__printk+0x10/0x10
[ 89.555535][ T5486] ? vscnprintf+0x5d/0x90
[ 89.560308][ T5486] panic+0x349/0x860
[ 89.564293][ T5486] ? check_panic_on_warn+0x21/0xb0
[ 89.569662][ T5486] ? __pfx_panic+0x10/0x10
[ 89.574074][ T5486] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 89.580664][ T5486] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 89.587069][ T5486] ? print_report+0x4ff/0x540
[ 89.591915][ T5486] check_panic_on_warn+0x86/0xb0
[ 89.596848][ T5486] ? __se_sys_io_cancel+0x2c7/0x2d0
[ 89.602207][ T5486] end_report+0x6e/0x140
[ 89.606456][ T5486] kasan_report+0x153/0x180
[ 89.610955][ T5486] ? __se_sys_io_cancel+0x2c7/0x2d0
[ 89.616243][ T5486] __se_sys_io_cancel+0x2c7/0x2d0
[ 89.621267][ T5486] do_syscall_64+0xf9/0x240
[ 89.626029][ T5486] entry_SYSCALL_64_after_hwframe+0x6f/0x77
[ 89.632613][ T5486] RIP: 0033:0x7f693e07dda9
[ 89.637025][ T5486] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 89.656911][ T5486] RSP: 002b:00007f693ed4f0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d2
[ 89.665425][ T5486] RAX: ffffffffffffffda RBX: 00007f693e1abf80 RCX: 00007f693e07dda9
[ 89.673670][ T5486] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 00007f693ed2e000
[ 89.681777][ T5486] RBP: 00007f693e0ca47a R08: 0000000000000000 R09: 0000000000000000
[ 89.689938][ T5486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 89.697912][ T5486] R13: 000000000000000b R14: 00007f693e1abf80 R15: 00007ffc96ae9b58
[ 89.707039][ T5486]
[ 89.710749][ T5486] Kernel Offset: disabled
[ 89.715175][ T5486] Rebooting in 86400 seconds..