[   56.752914][   T42] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.767353][   T42] veth1_macvtap: left promiscuous mode
[   56.773147][   T42] veth0_macvtap: left promiscuous mode
[   56.778856][   T42] veth1_vlan: left promiscuous mode
[   56.784443][   T42] veth0_vlan: left promiscuous mode
[   56.921455][   T42] team0 (unregistering): Port device team_slave_1 removed
[   56.938626][   T42] team0 (unregistering): Port device team_slave_0 removed
[   56.950868][   T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   56.966868][   T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   57.015013][   T42] bond0 (unregistering): Released all slaves
Warning: Permanently added '10.128.15.195' (ECDSA) to the list of known hosts.
2023/06/10 12:11:32 ignoring optional flag "sandboxArg"="0"
2023/06/10 12:11:32 parsed 1 programs
2023/06/10 12:11:32 executed programs: 0
[   72.962164][ T4411] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   72.972142][ T4411] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   72.980545][ T4411] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   72.988633][ T4411] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   72.996095][ T4411] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   73.003462][ T4411] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   73.099278][ T5358] chnl_net:caif_netlink_parms(): no params data found
[   73.137821][ T5358] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.145115][ T5358] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.152487][ T5358] bridge_slave_0: entered allmulticast mode
[   73.159365][ T5358] bridge_slave_0: entered promiscuous mode
[   73.167011][ T5358] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.174341][ T5358] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.182102][ T5358] bridge_slave_1: entered allmulticast mode
[   73.189086][ T5358] bridge_slave_1: entered promiscuous mode
[   73.208226][ T5358] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   73.219488][ T5358] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   73.242391][ T5358] team0: Port device team_slave_0 added
[   73.249646][ T5358] team0: Port device team_slave_1 added
[   73.266722][ T5358] batman_adv: batadv0: Adding interface: batadv_slave_0
[   73.274246][ T5358] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.300820][ T5358] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   73.313421][ T5358] batman_adv: batadv0: Adding interface: batadv_slave_1
[   73.320715][ T5358] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   73.348186][ T5358] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   73.376974][ T5358] hsr_slave_0: entered promiscuous mode
[   73.383736][ T5358] hsr_slave_1: entered promiscuous mode
[   73.962853][ T5358] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   73.974684][ T5358] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   73.985682][ T5358] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   73.996538][ T5358] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   74.023762][ T5358] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.031223][ T5358] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.039107][ T5358] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.046631][ T5358] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.088102][ T1825] bridge0: port 1(bridge_slave_0) entered disabled state
[   74.096080][ T1825] bridge0: port 2(bridge_slave_1) entered disabled state
[   74.129068][ T5358] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.149118][ T5358] 8021q: adding VLAN 0 to HW filter on device team0
[   74.161131][ T1126] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.168392][ T1126] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.192207][ T1126] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.199941][ T1126] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.222660][ T5358] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   74.235083][ T5358] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   74.389203][ T5358] 8021q: adding VLAN 0 to HW filter on device batadv0
[   74.435124][ T5358] veth0_vlan: entered promiscuous mode
[   74.451691][ T5358] veth1_vlan: entered promiscuous mode
[   74.484335][ T5358] veth0_macvtap: entered promiscuous mode
[   74.498227][ T5358] veth1_macvtap: entered promiscuous mode
[   74.520638][ T5358] batman_adv: batadv0: Interface activated: batadv_slave_0
[   74.537921][ T5358] batman_adv: batadv0: Interface activated: batadv_slave_1
[   74.551823][ T5358] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   74.563125][ T5358] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   74.573644][ T5358] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   74.582560][ T5358] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   74.652563][  T988] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.673849][  T988] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   74.696608][  T988] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   74.708067][  T988] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.060624][ T5009] Bluetooth: hci0: command 0x0409 tx timeout
[   76.543885][ T5516] ==================================================================
[   76.552706][ T5516] BUG: KASAN: slab-out-of-bounds in extract_iter_to_sg+0x1323/0x1650
[   76.562018][ T5516] Read of size 8 at addr ffff88802a696ff8 by task syz-executor.0/5516
[   76.574970][ T5516] 
[   76.577661][ T5516] CPU: 1 PID: 5516 Comm: syz-executor.0 Not tainted 6.4.0-rc5-syzkaller #0
[   76.588928][ T5516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   76.601109][ T5516] Call Trace:
[   76.605643][ T5516]  <TASK>
[   76.608663][ T5516]  dump_stack_lvl+0x64/0xb0
[   76.613878][ T5516]  print_address_description.constprop.0+0x2c/0x3c0
[   76.620724][ T5516]  ? extract_iter_to_sg+0x1323/0x1650
[   76.626909][ T5516]  kasan_report+0x11c/0x130
[   76.632049][ T5516]  ? extract_iter_to_sg+0x1323/0x1650
[   76.638423][ T5516]  extract_iter_to_sg+0x1323/0x1650
[   76.643653][ T5516]  ? lock_acquire+0x1b1/0x520
[   76.648519][ T5516]  ? sg_init_one+0x110/0x110
[   76.656373][ T5516]  ? af_alg_sendmsg+0x3ac/0x2480
[   76.661763][ T5516]  ? lock_downgrade+0x690/0x690
[   76.667043][ T5516]  ? mark_held_locks+0x9f/0xe0
[   76.671992][ T5516]  ? __local_bh_enable_ip+0xa4/0x130
[   76.677488][ T5516]  af_alg_sendmsg+0x146c/0x2480
[   76.682853][ T5516]  ? alg_setsockopt+0xce0/0xce0
[   76.688572][ T5516]  ? find_held_lock+0x2d/0x110
[   76.693778][ T5516]  ? aa_af_perm+0x220/0x220
[   76.698291][ T5516]  ? current_time+0x72/0x220
[   76.703068][ T5516]  ? hash_sendpage_nokey+0x80/0x80
[   76.708459][ T5516]  sock_sendmsg+0xc0/0x150
[   76.712989][ T5516]  splice_to_socket+0x738/0xd70
[   76.717863][ T5516]  ? splice_from_pipe+0x120/0x120
[   76.723035][ T5516]  ? touch_atime+0xd5/0x5c0
[   76.727592][ T5516]  direct_splice_actor+0xff/0x1d0
[   76.732635][ T5516]  splice_direct_to_actor+0x2bf/0x790
[   76.738026][ T5516]  ? folio_flags.constprop.0+0xd0/0xd0
[   76.743861][ T5516]  ? direct_splice_actor+0x1d0/0x1d0
[   76.749613][ T5516]  ? apparmor_file_permission+0x152/0x460
[   76.755657][ T5516]  do_splice_direct+0x14c/0x260
[   76.760876][ T5516]  ? splice_direct_to_actor+0x790/0x790
[   76.766448][ T5516]  ? apparmor_file_permission+0x152/0x460
[   76.772180][ T5516]  ? security_file_permission+0x40/0x90
[   76.777922][ T5516]  do_sendfile+0x93d/0x1170
[   76.783239][ T5516]  ? vfs_iocb_iter_write+0x3b0/0x3b0
[   76.789582][ T5516]  __x64_sys_sendfile64+0x11e/0x1d0
[   76.796881][ T5516]  ? __ia32_sys_sendfile+0x1d0/0x1d0
[   76.802560][ T5516]  ? syscall_enter_from_user_mode+0x26/0x80
[   76.808902][ T5516]  do_syscall_64+0x39/0xb0
[   76.814155][ T5516]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   76.820448][ T5516] RIP: 0033:0x7f5ff388c169
[   76.825963][ T5516] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   76.847325][ T5516] RSP: 002b:00007f5ff451f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   76.856454][ T5516] RAX: ffffffffffffffda RBX: 00007f5ff39ac120 RCX: 00007f5ff388c169
[   76.865139][ T5516] RDX: 0000000020000180 RSI: 0000000000000003 RDI: 0000000000000005
[   76.873557][ T5516] RBP: 00007f5ff38e7ca1 R08: 0000000000000000 R09: 0000000000000000
[   76.882076][ T5516] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000000
[   76.891114][ T5516] R13: 00007fff844034df R14: 00007f5ff451f300 R15: 0000000000022000
[   76.899964][ T5516]  </TASK>
[   76.903002][ T5516] 
[   76.905751][ T5516] Allocated by task 5516:
[   76.910268][ T5516]  kasan_save_stack+0x22/0x40
[   76.915131][ T5516]  kasan_set_track+0x25/0x30
[   76.920171][ T5516]  __kasan_kmalloc+0xa2/0xb0
[   76.924982][ T5516]  __kmalloc+0x5e/0x190
[   76.930031][ T5516]  sock_kmalloc+0x8a/0xd0
[   76.934809][ T5516]  af_alg_sendmsg+0x1395/0x2480
[   76.940218][ T5516]  sock_sendmsg+0xc0/0x150
[   76.945264][ T5516]  splice_to_socket+0x738/0xd70
[   76.951372][ T5516]  direct_splice_actor+0xff/0x1d0
[   76.957252][ T5516]  splice_direct_to_actor+0x2bf/0x790
[   76.963851][ T5516]  do_splice_direct+0x14c/0x260
[   76.969062][ T5516]  do_sendfile+0x93d/0x1170
[   76.974071][ T5516]  __x64_sys_sendfile64+0x11e/0x1d0
[   76.979925][ T5516]  do_syscall_64+0x39/0xb0
[   76.984883][ T5516]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   76.991934][ T5516] 
[   76.995753][ T5516] The buggy address belongs to the object at ffff88802a696000
[   76.995753][ T5516]  which belongs to the cache kmalloc-4k of size 4096
[   77.015026][ T5516] The buggy address is located 0 bytes to the right of
[   77.015026][ T5516]  allocated 4088-byte region [ffff88802a696000, ffff88802a696ff8)
[   77.032295][ T5516] 
[   77.034707][ T5516] The buggy address belongs to the physical page:
[   77.041304][ T5516] page:ffffea0000a9a400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a690
[   77.052102][ T5516] head:ffffea0000a9a400 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   77.062006][ T5516] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[   77.070364][ T5516] page_type: 0xffffffff()
[   77.075322][ T5516] raw: 00fff00000010200 ffff888011442140 ffffea0000aba600 dead000000000002
[   77.084349][ T5516] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[   77.093111][ T5516] page dumped because: kasan: bad access detected
[   77.099605][ T5516] page_owner tracks the page as allocated
[   77.105326][ T5516] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4673, tgid 4673 (dhcpcd), ts 28200911031, free_ts 28191262479
[   77.125560][ T5516]  post_alloc_hook+0x2db/0x350
[   77.130336][ T5516]  get_page_from_freelist+0xf41/0x2c00
[   77.135898][ T5516]  __alloc_pages+0x1cb/0x4a0
[   77.140498][ T5516]  allocate_slab+0x25f/0x390
[   77.145099][ T5516]  ___slab_alloc+0xa91/0x1400
[   77.149784][ T5516]  __slab_alloc.constprop.0+0x56/0xa0
[   77.155340][ T5516]  __kmem_cache_alloc_node+0x136/0x320
[   77.161091][ T5516]  __kmalloc+0x4e/0x190
[   77.165411][ T5516]  tomoyo_realpath_from_path+0xa8/0x660
[   77.171228][ T5516]  tomoyo_check_open_permission+0x23f/0x2e0
[   77.177462][ T5516]  security_file_open+0x38/0x80
[   77.182336][ T5516]  do_dentry_open+0x33e/0x1140
[   77.187397][ T5516]  path_openat+0x12a5/0x2280
[   77.192010][ T5516]  do_filp_open+0x1a9/0x3e0
[   77.196710][ T5516]  do_sys_openat2+0x11e/0x3f0
[   77.201654][ T5516]  __x64_sys_openat+0x11f/0x1d0
[   77.206607][ T5516] page last free stack trace:
[   77.211281][ T5516]  free_unref_page_prepare+0x62e/0xcb0
[   77.216922][ T5516]  free_unref_page+0x33/0x370
[   77.221787][ T5516]  __unfreeze_partials+0x17c/0x1a0
[   77.227179][ T5516]  qlist_free_all+0x6a/0x170
[   77.231974][ T5516]  kasan_quarantine_reduce+0x195/0x220
[   77.237625][ T5516]  __kasan_slab_alloc+0x63/0x90
[   77.242579][ T5516]  kmem_cache_alloc+0x17c/0x3b0
[   77.247873][ T5516]  getname_flags.part.0+0x4a/0x440
[   77.252997][ T5516]  vfs_fstatat+0x39/0x70
[   77.257344][ T5516]  __do_sys_newfstatat+0x6b/0xc0
[   77.262295][ T5516]  do_syscall_64+0x39/0xb0
[   77.266816][ T5516]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   77.272989][ T5516] 
[   77.275314][ T5516] Memory state around the buggy address:
[   77.281030][ T5516]  ffff88802a696e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   77.289283][ T5516]  ffff88802a696f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   77.297458][ T5516] >ffff88802a696f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   77.305521][ T5516]                                                                 ^
[   77.313856][ T5516]  ffff88802a697000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   77.322192][ T5516]  ffff88802a697080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   77.331130][ T5516] ==================================================================
[   77.344623][ T5009] Bluetooth: hci0: command 0x041b tx timeout
[   77.356561][ T5516] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   77.364396][ T5516] CPU: 0 PID: 5516 Comm: syz-executor.0 Not tainted 6.4.0-rc5-syzkaller #0
[   77.373245][ T5516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[   77.383651][ T5516] Call Trace:
[   77.387077][ T5516]  <TASK>
[   77.390189][ T5516]  dump_stack_lvl+0x64/0xb0
[   77.394718][ T5516]  panic+0x24f/0x540
[   77.398602][ T5516]  ? panic_smp_self_stop+0x70/0x70
[   77.403769][ T5516]  ? lockdep_hardirqs_on+0x7d/0x100
[   77.409232][ T5516]  ? preempt_schedule_thunk+0x1a/0x20
[   77.414595][ T5516]  ? preempt_schedule_common+0x45/0xb0
[   77.420053][ T5516]  ? preempt_schedule_thunk+0x1a/0x20
[   77.426316][ T5516]  check_panic_on_warn+0x75/0x80
[   77.431806][ T5516]  end_report+0xe9/0x120
[   77.436393][ T5516]  ? extract_iter_to_sg+0x1323/0x1650
[   77.441861][ T5516]  kasan_report+0xf9/0x130
[   77.446793][ T5516]  ? extract_iter_to_sg+0x1323/0x1650
[   77.452271][ T5516]  extract_iter_to_sg+0x1323/0x1650
[   77.457461][ T5516]  ? lock_acquire+0x1b1/0x520
[   77.462135][ T5516]  ? sg_init_one+0x110/0x110
[   77.466972][ T5516]  ? af_alg_sendmsg+0x3ac/0x2480
[   77.472168][ T5516]  ? lock_downgrade+0x690/0x690
[   77.477101][ T5516]  ? mark_held_locks+0x9f/0xe0
[   77.482047][ T5516]  ? __local_bh_enable_ip+0xa4/0x130
[   77.487419][ T5516]  af_alg_sendmsg+0x146c/0x2480
[   77.492639][ T5516]  ? alg_setsockopt+0xce0/0xce0
[   77.497843][ T5516]  ? find_held_lock+0x2d/0x110
[   77.502933][ T5516]  ? aa_af_perm+0x220/0x220
[   77.507542][ T5516]  ? current_time+0x72/0x220
[   77.512228][ T5516]  ? hash_sendpage_nokey+0x80/0x80
[   77.517353][ T5516]  sock_sendmsg+0xc0/0x150
[   77.522400][ T5516]  splice_to_socket+0x738/0xd70
[   77.527248][ T5516]  ? splice_from_pipe+0x120/0x120
[   77.532248][ T5516]  ? touch_atime+0xd5/0x5c0
[   77.536829][ T5516]  direct_splice_actor+0xff/0x1d0
[   77.541861][ T5516]  splice_direct_to_actor+0x2bf/0x790
[   77.547418][ T5516]  ? folio_flags.constprop.0+0xd0/0xd0
[   77.552956][ T5516]  ? direct_splice_actor+0x1d0/0x1d0
[   77.558311][ T5516]  ? apparmor_file_permission+0x152/0x460
[   77.564010][ T5516]  do_splice_direct+0x14c/0x260
[   77.569008][ T5516]  ? splice_direct_to_actor+0x790/0x790
[   77.574898][ T5516]  ? apparmor_file_permission+0x152/0x460
[   77.580888][ T5516]  ? security_file_permission+0x40/0x90
[   77.586578][ T5516]  do_sendfile+0x93d/0x1170
[   77.591097][ T5516]  ? vfs_iocb_iter_write+0x3b0/0x3b0
[   77.597136][ T5516]  __x64_sys_sendfile64+0x11e/0x1d0
[   77.603988][ T5516]  ? __ia32_sys_sendfile+0x1d0/0x1d0
[   77.610337][ T5516]  ? syscall_enter_from_user_mode+0x26/0x80
[   77.616646][ T5516]  do_syscall_64+0x39/0xb0
[   77.621254][ T5516]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   77.627800][ T5516] RIP: 0033:0x7f5ff388c169
[   77.632391][ T5516] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   77.653136][ T5516] RSP: 002b:00007f5ff451f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   77.662770][ T5516] RAX: ffffffffffffffda RBX: 00007f5ff39ac120 RCX: 00007f5ff388c169
[   77.671093][ T5516] RDX: 0000000020000180 RSI: 0000000000000003 RDI: 0000000000000005
[   77.679763][ T5516] RBP: 00007f5ff38e7ca1 R08: 0000000000000000 R09: 0000000000000000
[   77.687985][ T5516] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000000
[   77.695930][ T5516] R13: 00007fff844034df R14: 00007f5ff451f300 R15: 0000000000022000
[   77.704167][ T5516]  </TASK>
[   77.707510][ T5516] Kernel Offset: disabled
[   77.711828][ T5516] Rebooting in 86400 seconds..