[ 81.863010][ T758] cfg80211: failed to load regulatory.db
Warning: Permanently added '10.128.0.92' (ECDSA) to the list of known hosts.
2023/06/14 23:14:49 ignoring optional flag "sandboxArg"="0"
2023/06/14 23:14:49 parsed 1 programs
2023/06/14 23:14:49 executed programs: 0
[ 87.069926][ T5008] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 87.078797][ T5008] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 87.086752][ T5008] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 87.094932][ T5008] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 87.102991][ T5008] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 87.110316][ T5008] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 87.211535][ T5357] chnl_net:caif_netlink_parms(): no params data found
[ 87.252515][ T5357] bridge0: port 1(bridge_slave_0) entered blocking state
[ 87.259640][ T5357] bridge0: port 1(bridge_slave_0) entered disabled state
[ 87.267196][ T5357] bridge_slave_0: entered allmulticast mode
[ 87.274084][ T5357] bridge_slave_0: entered promiscuous mode
[ 87.282418][ T5357] bridge0: port 2(bridge_slave_1) entered blocking state
[ 87.289615][ T5357] bridge0: port 2(bridge_slave_1) entered disabled state
[ 87.296903][ T5357] bridge_slave_1: entered allmulticast mode
[ 87.303819][ T5357] bridge_slave_1: entered promiscuous mode
[ 87.325146][ T5357] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 87.336417][ T5357] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 87.359490][ T5357] team0: Port device team_slave_0 added
[ 87.367460][ T5357] team0: Port device team_slave_1 added
[ 87.386221][ T5357] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 87.393843][ T5357] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 87.420926][ T5357] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 87.435315][ T5357] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 87.442526][ T5357] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 87.470050][ T5357] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 87.499110][ T5357] hsr_slave_0: entered promiscuous mode
[ 87.506427][ T5357] hsr_slave_1: entered promiscuous mode
[ 88.143914][ T5357] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 88.155178][ T5357] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 88.166908][ T5357] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 88.179852][ T5357] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 88.282769][ T5357] 8021q: adding VLAN 0 to HW filter on device bond0
[ 88.305124][ T5357] 8021q: adding VLAN 0 to HW filter on device team0
[ 88.318175][ T22] bridge0: port 1(bridge_slave_0) entered blocking state
[ 88.325974][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 88.350129][ T5018] bridge0: port 2(bridge_slave_1) entered blocking state
[ 88.357784][ T5018] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 88.395342][ T5357] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 88.600019][ T5357] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 88.648764][ T5357] veth0_vlan: entered promiscuous mode
[ 88.666017][ T5357] veth1_vlan: entered promiscuous mode
[ 88.700494][ T5357] veth0_macvtap: entered promiscuous mode
[ 88.710856][ T5357] veth1_macvtap: entered promiscuous mode
[ 88.734397][ T5357] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 88.753235][ T5357] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 88.768013][ T5357] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.780189][ T5357] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.792331][ T5357] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.803848][ T5357] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 88.884771][ T22] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.907873][ T22] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 88.941017][ T22] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 88.950232][ T22] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 89.142584][ T5008] Bluetooth: hci0: command 0x0409 tx timeout
[ 89.950878][ T5450] ==================================================================
[ 89.959610][ T5450] BUG: KASAN: slab-out-of-bounds in extract_iter_to_sg+0x180b/0x1970
[ 89.969020][ T5450] Read of size 8 at addr ffff8880282aaff8 by task syz-executor.0/5450
[ 89.977636][ T5450]
[ 89.980059][ T5450] CPU: 0 PID: 5450 Comm: syz-executor.0 Not tainted 6.4.0-rc5-syzkaller-gfa0e21fa4443-dirty #0
[ 89.990859][ T5450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 90.001636][ T5450] Call Trace:
[ 90.005360][ T5450]
[ 90.008461][ T5450] dump_stack_lvl+0xd9/0x150
[ 90.014206][ T5450] print_address_description.constprop.0+0x2c/0x3c0
[ 90.021178][ T5450] ? extract_iter_to_sg+0x180b/0x1970
[ 90.027015][ T5450] kasan_report+0x11c/0x130
[ 90.031617][ T5450] ? extract_iter_to_sg+0x180b/0x1970
[ 90.037266][ T5450] extract_iter_to_sg+0x180b/0x1970
[ 90.042853][ T5450] ? sg_init_one+0x140/0x140
[ 90.047901][ T5450] ? af_alg_sendmsg+0x310/0x2990
[ 90.053022][ T5450] ? lock_downgrade+0x690/0x690
[ 90.058153][ T5450] ? mark_held_locks+0x9f/0xe0
[ 90.063817][ T5450] ? __local_bh_enable_ip+0xa4/0x130
[ 90.069225][ T5450] af_alg_sendmsg+0x1917/0x2990
[ 90.074172][ T5450] ? aa_sk_perm+0x31d/0xb10
[ 90.078879][ T5450] ? af_alg_pull_tsgl+0xc50/0xc50
[ 90.084068][ T5450] ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 90.089635][ T5450] ? hash_recvmsg_nokey+0x90/0x90
[ 90.094935][ T5450] sock_sendmsg+0xde/0x190
[ 90.099534][ T5450] splice_to_socket+0x954/0xe30
[ 90.104945][ T5450] ? splice_from_pipe+0x140/0x140
[ 90.110346][ T5450] ? security_file_permission+0xaf/0xd0
[ 90.116159][ T5450] ? splice_from_pipe+0x140/0x140
[ 90.121366][ T5450] direct_splice_actor+0x114/0x180
[ 90.126516][ T5450] splice_direct_to_actor+0x34a/0x9c0
[ 90.131920][ T5450] ? folio_flags.constprop.0+0x150/0x150
[ 90.137850][ T5450] ? direct_splice_actor+0x180/0x180
[ 90.143265][ T5450] ? bpf_lsm_file_permission+0x9/0x10
[ 90.148648][ T5450] ? security_file_permission+0xaf/0xd0
[ 90.154551][ T5450] do_splice_direct+0x1ad/0x280
[ 90.159421][ T5450] ? splice_direct_to_actor+0x9c0/0x9c0
[ 90.165351][ T5450] ? propagate_umount+0x19f0/0x19f0
[ 90.170560][ T5450] ? bpf_lsm_file_permission+0x9/0x10
[ 90.176034][ T5450] ? security_file_permission+0xaf/0xd0
[ 90.181594][ T5450] do_sendfile+0xb19/0x12c0
[ 90.186208][ T5450] ? vfs_iocb_iter_write+0x480/0x480
[ 90.191725][ T5450] __x64_sys_sendfile64+0x14d/0x210
[ 90.197107][ T5450] ? __ia32_sys_sendfile+0x220/0x220
[ 90.202746][ T5450] ? syscall_enter_from_user_mode+0x26/0x80
[ 90.208831][ T5450] do_syscall_64+0x39/0xb0
[ 90.213349][ T5450] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 90.219478][ T5450] RIP: 0033:0x7f10eb08c169
[ 90.224259][ T5450] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 90.244581][ T5450] RSP: 002b:00007f10ebe5e168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 90.253119][ T5450] RAX: ffffffffffffffda RBX: 00007f10eb1ac120 RCX: 00007f10eb08c169
[ 90.261093][ T5450] RDX: 0000000020000180 RSI: 0000000000000003 RDI: 0000000000000005
[ 90.269424][ T5450] RBP: 00007f10eb0e7ca1 R08: 0000000000000000 R09: 0000000000000000
[ 90.277573][ T5450] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000000
[ 90.285886][ T5450] R13: 00007ffea268bd7f R14: 00007f10ebe5e300 R15: 0000000000022000
[ 90.293957][ T5450]
[ 90.297150][ T5450]
[ 90.299466][ T5450] Allocated by task 5450:
[ 90.303965][ T5450] kasan_save_stack+0x22/0x40
[ 90.308739][ T5450] kasan_set_track+0x25/0x30
[ 90.313451][ T5450] __kasan_kmalloc+0xa2/0xb0
[ 90.318054][ T5450] __kmalloc+0x5e/0x190
[ 90.322307][ T5450] sock_kmalloc+0xb2/0x100
[ 90.326901][ T5450] af_alg_sendmsg+0x17a4/0x2990
[ 90.331752][ T5450] sock_sendmsg+0xde/0x190
[ 90.336176][ T5450] splice_to_socket+0x954/0xe30
[ 90.341210][ T5450] direct_splice_actor+0x114/0x180
[ 90.346439][ T5450] splice_direct_to_actor+0x34a/0x9c0
[ 90.352358][ T5450] do_splice_direct+0x1ad/0x280
[ 90.357496][ T5450] do_sendfile+0xb19/0x12c0
[ 90.362096][ T5450] __x64_sys_sendfile64+0x14d/0x210
[ 90.367904][ T5450] do_syscall_64+0x39/0xb0
[ 90.372500][ T5450] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 90.378780][ T5450]
[ 90.381904][ T5450] The buggy address belongs to the object at ffff8880282aa000
[ 90.381904][ T5450] which belongs to the cache kmalloc-4k of size 4096
[ 90.396227][ T5450] The buggy address is located 0 bytes to the right of
[ 90.396227][ T5450] allocated 4088-byte region [ffff8880282aa000, ffff8880282aaff8)
[ 90.410891][ T5450]
[ 90.413217][ T5450] The buggy address belongs to the physical page:
[ 90.420499][ T5450] page:ffffea0000a0aa00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x282a8
[ 90.430910][ T5450] head:ffffea0000a0aa00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 90.440194][ T5450] anon flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 90.449384][ T5450] page_type: 0xffffffff()
[ 90.454132][ T5450] raw: 00fff00000010200 ffff888012442140 0000000000000000 0000000000000001
[ 90.463409][ T5450] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[ 90.472248][ T5450] page dumped because: kasan: bad access detected
[ 90.478913][ T5450] page_owner tracks the page as allocated
[ 90.484905][ T5450] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5156, tgid 5156 (dhcpcd-run-hook), ts 68845362597, free_ts 68027991491
[ 90.507334][ T5450] post_alloc_hook+0x2db/0x350
[ 90.512747][ T5450] get_page_from_freelist+0xf41/0x2c00
[ 90.519121][ T5450] __alloc_pages+0x1cb/0x4a0
[ 90.523824][ T5450] alloc_pages+0x1aa/0x270
[ 90.528265][ T5450] allocate_slab+0x25f/0x390
[ 90.533218][ T5450] ___slab_alloc+0xa91/0x1400
[ 90.537991][ T5450] __slab_alloc.constprop.0+0x56/0xa0
[ 90.543757][ T5450] __kmem_cache_alloc_node+0x136/0x320
[ 90.549487][ T5450] __kmalloc+0x4e/0x190
[ 90.553914][ T5450] tomoyo_realpath_from_path+0xc3/0x600
[ 90.559496][ T5450] tomoyo_check_open_permission+0x29a/0x3a0
[ 90.565913][ T5450] tomoyo_file_open+0xa1/0xc0
[ 90.570593][ T5450] security_file_open+0x49/0xb0
[ 90.575462][ T5450] do_dentry_open+0x575/0x13f0
[ 90.580318][ T5450] path_openat+0x1baa/0x2750
[ 90.585010][ T5450] do_filp_open+0x1ba/0x410
[ 90.589519][ T5450] page last free stack trace:
[ 90.594184][ T5450] free_unref_page_prepare+0x62e/0xcb0
[ 90.599746][ T5450] free_unref_page+0x33/0x370
[ 90.604620][ T5450] qlist_free_all+0x6a/0x170
[ 90.609222][ T5450] kasan_quarantine_reduce+0x195/0x220
[ 90.614863][ T5450] __kasan_slab_alloc+0x63/0x90
[ 90.619732][ T5450] kmem_cache_alloc+0x17c/0x3b0
[ 90.624591][ T5450] vm_area_alloc+0x20/0x230
[ 90.629201][ T5450] mmap_region+0x407/0x28d0
[ 90.633817][ T5450] do_mmap+0x831/0xf60
[ 90.637906][ T5450] vm_mmap_pgoff+0x1a2/0x3b0
[ 90.642509][ T5450] ksys_mmap_pgoff+0x7d/0x5a0
[ 90.647192][ T5450] do_syscall_64+0x39/0xb0
[ 90.651624][ T5450] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 90.657680][ T5450]
[ 90.660015][ T5450] Memory state around the buggy address:
[ 90.665701][ T5450] ffff8880282aae80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 90.673766][ T5450] ffff8880282aaf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 90.682209][ T5450] >ffff8880282aaf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[ 90.690558][ T5450] ^
[ 90.698632][ T5450] ffff8880282ab000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 90.707149][ T5450] ffff8880282ab080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 90.715639][ T5450] ==================================================================
[ 90.747923][ T5450] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 90.755552][ T5450] CPU: 0 PID: 5450 Comm: syz-executor.0 Not tainted 6.4.0-rc5-syzkaller-gfa0e21fa4443-dirty #0
[ 90.767311][ T5450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 90.777900][ T5450] Call Trace:
[ 90.781209][ T5450]
[ 90.784245][ T5450] dump_stack_lvl+0xd9/0x150
[ 90.789047][ T5450] panic+0x686/0x730
[ 90.792981][ T5450] ? panic_smp_self_stop+0xa0/0xa0
[ 90.798139][ T5450] ? preempt_schedule_thunk+0x1a/0x20
[ 90.804225][ T5450] ? preempt_schedule_common+0x45/0xb0
[ 90.809792][ T5450] check_panic_on_warn+0xb1/0xc0
[ 90.815010][ T5450] end_report+0xe9/0x120
[ 90.819272][ T5450] ? extract_iter_to_sg+0x180b/0x1970
[ 90.824753][ T5450] kasan_report+0xf9/0x130
[ 90.829359][ T5450] ? extract_iter_to_sg+0x180b/0x1970
[ 90.834837][ T5450] extract_iter_to_sg+0x180b/0x1970
[ 90.840413][ T5450] ? sg_init_one+0x140/0x140
[ 90.845546][ T5450] ? af_alg_sendmsg+0x310/0x2990
[ 90.851036][ T5450] ? lock_downgrade+0x690/0x690
[ 90.856356][ T5450] ? mark_held_locks+0x9f/0xe0
[ 90.861589][ T5450] ? __local_bh_enable_ip+0xa4/0x130
[ 90.867250][ T5450] af_alg_sendmsg+0x1917/0x2990
[ 90.872160][ T5450] ? aa_sk_perm+0x31d/0xb10
[ 90.877273][ T5450] ? af_alg_pull_tsgl+0xc50/0xc50
[ 90.882397][ T5450] ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 90.887774][ T5450] ? hash_recvmsg_nokey+0x90/0x90
[ 90.893169][ T5450] sock_sendmsg+0xde/0x190
[ 90.897938][ T5450] splice_to_socket+0x954/0xe30
[ 90.903064][ T5450] ? splice_from_pipe+0x140/0x140
[ 90.908194][ T5450] ? security_file_permission+0xaf/0xd0
[ 90.913753][ T5450] ? splice_from_pipe+0x140/0x140
[ 90.918957][ T5450] direct_splice_actor+0x114/0x180
[ 90.924476][ T5450] splice_direct_to_actor+0x34a/0x9c0
[ 90.929870][ T5450] ? folio_flags.constprop.0+0x150/0x150
[ 90.935557][ T5450] ? direct_splice_actor+0x180/0x180
[ 90.940855][ T5450] ? bpf_lsm_file_permission+0x9/0x10
[ 90.947205][ T5450] ? security_file_permission+0xaf/0xd0
[ 90.953281][ T5450] do_splice_direct+0x1ad/0x280
[ 90.958409][ T5450] ? splice_direct_to_actor+0x9c0/0x9c0
[ 90.963997][ T5450] ? propagate_umount+0x19f0/0x19f0
[ 90.969296][ T5450] ? bpf_lsm_file_permission+0x9/0x10
[ 90.974777][ T5450] ? security_file_permission+0xaf/0xd0
[ 90.980419][ T5450] do_sendfile+0xb19/0x12c0
[ 90.985199][ T5450] ? vfs_iocb_iter_write+0x480/0x480
[ 90.990610][ T5450] __x64_sys_sendfile64+0x14d/0x210
[ 90.995902][ T5450] ? __ia32_sys_sendfile+0x220/0x220
[ 91.001216][ T5450] ? syscall_enter_from_user_mode+0x26/0x80
[ 91.007585][ T5450] do_syscall_64+0x39/0xb0
[ 91.012361][ T5450] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 91.018274][ T5450] RIP: 0033:0x7f10eb08c169
[ 91.022974][ T5450] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 91.044740][ T5450] RSP: 002b:00007f10ebe5e168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 91.053869][ T5450] RAX: ffffffffffffffda RBX: 00007f10eb1ac120 RCX: 00007f10eb08c169
[ 91.062454][ T5450] RDX: 0000000020000180 RSI: 0000000000000003 RDI: 0000000000000005
[ 91.071120][ T5450] RBP: 00007f10eb0e7ca1 R08: 0000000000000000 R09: 0000000000000000
[ 91.079390][ T5450] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000000
[ 91.087983][ T5450] R13: 00007ffea268bd7f R14: 00007f10ebe5e300 R15: 0000000000022000
[ 91.096066][ T5450]
[ 91.099310][ T5450] Kernel Offset: disabled
[ 91.104072][ T5450] Rebooting in 86400 seconds..