Warning: Permanently added '10.128.1.80' (ED25519) to the list of known hosts. 1970/01/01 00:00:31 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:31 parsed 1 programs [ 31.317192][ T6173] cgroup: Unknown subsys name 'net' [ 31.550555][ T6173] cgroup: Unknown subsys name 'rlimit' [ 31.843387][ T6173] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS 1970/01/01 00:00:31 executed programs: 0 [ 31.881471][ T6185] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 31.883564][ T6185] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 31.885534][ T6185] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 31.887710][ T6185] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 31.890039][ T6185] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 31.891980][ T6185] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 31.932936][ T6183] chnl_net:caif_netlink_parms(): no params data found [ 31.950368][ T6183] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.952305][ T6183] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.954208][ T6183] bridge_slave_0: entered allmulticast mode [ 31.956046][ T6183] bridge_slave_0: entered promiscuous mode [ 31.958729][ T6183] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.960632][ T6183] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.962568][ T6183] bridge_slave_1: entered allmulticast mode [ 31.964428][ T6183] bridge_slave_1: entered promiscuous mode [ 31.972673][ T6183] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 31.975975][ T6183] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 31.983712][ T6183] team0: Port device team_slave_0 added [ 31.986011][ T6183] team0: Port device team_slave_1 added [ 31.993311][ T6183] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 31.995203][ T6183] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.002187][ T6183] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 32.005842][ T6183] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 32.007646][ T6183] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 32.014714][ T6183] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 32.078941][ T6183] hsr_slave_0: entered promiscuous mode [ 32.118040][ T6183] hsr_slave_1: entered promiscuous mode [ 32.188779][ T6183] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 32.229239][ T6183] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 32.269114][ T6183] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 32.309145][ T6183] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 32.375029][ T6183] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.376956][ T6183] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.379066][ T6183] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.381051][ T6183] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.398693][ T6183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 32.403389][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.415981][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.422576][ T6183] 8021q: adding VLAN 0 to HW filter on device team0 [ 32.426611][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.428559][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.434844][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.436711][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.444993][ T6183] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 32.448086][ T6183] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 32.488578][ T6183] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 32.502898][ T6183] veth0_vlan: entered promiscuous mode [ 32.506286][ T6183] veth1_vlan: entered promiscuous mode [ 32.515161][ T6183] veth0_macvtap: entered promiscuous mode [ 32.518772][ T6183] veth1_macvtap: entered promiscuous mode [ 32.524761][ T6183] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 32.529789][ T6183] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 32.533150][ T6183] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.535513][ T6183] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.537822][ T6183] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.540894][ T6183] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 32.557433][ T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.562228][ T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.569212][ T25] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 32.571338][ T25] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 32.716753][ T6202] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 32.719519][ T6202] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 32.836425][ T6204] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 32.839078][ T6204] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 32.935842][ T6206] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 32.938507][ T6206] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 32.985332][ T6208] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 32.988378][ T6208] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 33.105286][ T6210] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 33.108071][ T6210] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 33.947951][ T6185] Bluetooth: hci0: command 0x0409 tx timeout [ 36.027992][ T6185] Bluetooth: hci0: command 0x041b tx timeout 1970/01/01 00:00:36 executed programs: 48 [ 37.746771][ T6316] __nla_validate_parse: 104 callbacks suppressed [ 37.746785][ T6316] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 37.751289][ T6316] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 37.820144][ C1] ================================================================== [ 37.822377][ C1] BUG: KASAN: slab-use-after-free in advance_sched+0xa70/0xac0 [ 37.824413][ C1] Read of size 8 at addr ffff0000cb1d3110 by task swapper/1/0 [ 37.826366][ C1] [ 37.826978][ C1] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B 6.8.0-rc6-syzkaller-g381f163531d8 #0 [ 37.829859][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 37.832619][ C1] Call trace: [ 37.833474][ C1] dump_backtrace+0x1b8/0x1e4 [ 37.834756][ C1] show_stack+0x2c/0x3c [ 37.835876][ C1] dump_stack_lvl+0xd0/0x124 [ 37.837143][ C1] print_report+0x178/0x518 [ 37.838420][ C1] kasan_report+0xd8/0x138 [ 37.839615][ C1] __asan_report_load8_noabort+0x20/0x2c [ 37.841109][ C1] advance_sched+0xa70/0xac0 [ 37.842392][ C1] __hrtimer_run_queues+0x484/0xca0 [ 37.843799][ C1] hrtimer_interrupt+0x2c0/0xb64 [ 37.845112][ C1] arch_timer_handler_virt+0x74/0x88 [ 37.846585][ C1] handle_percpu_devid_irq+0x2a4/0x804 [ 37.848069][ C1] generic_handle_domain_irq+0x7c/0xc4 [ 37.849524][ C1] gic_handle_irq+0x6c/0x190 [ 37.850793][ C1] call_on_irq_stack+0x24/0x4c [ 37.852083][ C1] do_interrupt_handler+0xd4/0x138 [ 37.853551][ C1] el1_interrupt+0x34/0x68 [ 37.854785][ C1] el1h_64_irq_handler+0x18/0x24 [ 37.856096][ C1] el1h_64_irq+0x64/0x68 [ 37.857274][ C1] arch_local_irq_enable+0x8/0xc [ 37.858622][ C1] do_idle+0x1f0/0x4e8 [ 37.859737][ C1] cpu_startup_entry+0x5c/0x74 [ 37.861065][ C1] secondary_start_kernel+0x198/0x1c0 [ 37.862598][ C1] __secondary_switched+0xb8/0xbc [ 37.863907][ C1] [ 37.864518][ C1] Allocated by task 6314: [ 37.865681][ C1] kasan_save_track+0x40/0x78 [ 37.866909][ C1] kasan_save_alloc_info+0x70/0x84 [ 37.868303][ C1] __kasan_kmalloc+0xac/0xc4 [ 37.869546][ C1] kmalloc_trace+0x26c/0x49c [ 37.870763][ C1] taprio_change+0xd14/0x3bf0 [ 37.872033][ C1] tc_modify_qdisc+0x1474/0x1870 [ 37.873426][ C1] rtnetlink_rcv_msg+0x748/0xdbc [ 37.874770][ C1] netlink_rcv_skb+0x214/0x3c4 [ 37.876044][ C1] rtnetlink_rcv+0x28/0x38 [ 37.877198][ C1] netlink_unicast+0x65c/0x898 [ 37.878475][ C1] netlink_sendmsg+0x83c/0xb20 [ 37.879774][ C1] ____sys_sendmsg+0x56c/0x840 [ 37.881046][ C1] __sys_sendmsg+0x26c/0x33c [ 37.882281][ C1] __arm64_sys_sendmsg+0x80/0x94 [ 37.883603][ C1] invoke_syscall+0x98/0x2b8 [ 37.884837][ C1] el0_svc_common+0x130/0x23c [ 37.886101][ C1] do_el0_svc+0x48/0x58 [ 37.887229][ C1] el0_svc+0x54/0x168 [ 37.888334][ C1] el0t_64_sync_handler+0x84/0xfc [ 37.889728][ C1] el0t_64_sync+0x190/0x194 [ 37.890921][ C1] [ 37.891538][ C1] Freed by task 0: [ 37.892558][ C1] kasan_save_track+0x40/0x78 [ 37.893801][ C1] kasan_save_free_info+0x5c/0x74 [ 37.895149][ C1] poison_slab_object+0x124/0x18c [ 37.896514][ C1] __kasan_slab_free+0x3c/0x78 [ 37.897846][ C1] kfree+0x144/0x3cc [ 37.898903][ C1] taprio_free_sched_cb+0x158/0x178 [ 37.900348][ C1] rcu_core+0x890/0x1b34 [ 37.901498][ C1] rcu_core_si+0x10/0x1c [ 37.902633][ C1] __do_softirq+0x2d8/0xce4 [ 37.903827][ C1] [ 37.904477][ C1] Last potentially related work creation: [ 37.905981][ C1] kasan_save_stack+0x40/0x6c [ 37.907238][ C1] __kasan_record_aux_stack+0xc4/0x110 [ 37.908757][ C1] kasan_record_aux_stack_noalloc+0x14/0x20 [ 37.910387][ C1] call_rcu+0x104/0xaf4 [ 37.911532][ C1] taprio_change+0x3288/0x3bf0 [ 37.912804][ C1] tc_modify_qdisc+0x1474/0x1870 [ 37.914089][ C1] rtnetlink_rcv_msg+0x748/0xdbc [ 37.915413][ C1] netlink_rcv_skb+0x214/0x3c4 [ 37.916712][ C1] rtnetlink_rcv+0x28/0x38 [ 37.917911][ C1] netlink_unicast+0x65c/0x898 [ 37.919240][ C1] netlink_sendmsg+0x83c/0xb20 [ 37.920549][ C1] ____sys_sendmsg+0x56c/0x840 [ 37.921853][ C1] __sys_sendmsg+0x26c/0x33c [ 37.923067][ C1] __arm64_sys_sendmsg+0x80/0x94 [ 37.924391][ C1] invoke_syscall+0x98/0x2b8 [ 37.925605][ C1] el0_svc_common+0x130/0x23c [ 37.926892][ C1] do_el0_svc+0x48/0x58 [ 37.928016][ C1] el0_svc+0x54/0x168 [ 37.929092][ C1] el0t_64_sync_handler+0x84/0xfc [ 37.930427][ C1] el0t_64_sync+0x190/0x194 [ 37.931657][ C1] [ 37.932287][ C1] The buggy address belongs to the object at ffff0000cb1d3000 [ 37.932287][ C1] which belongs to the cache kmalloc-512 of size 512 [ 37.936164][ C1] The buggy address is located 272 bytes inside of [ 37.936164][ C1] freed 512-byte region [ffff0000cb1d3000, ffff0000cb1d3200) [ 37.939940][ C1] [ 37.940555][ C1] The buggy address belongs to the physical page: [ 37.942305][ C1] page:00000000f02f1f24 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10b1d0 [ 37.945092][ C1] head:00000000f02f1f24 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 37.947520][ C1] flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 37.949759][ C1] page_type: 0xffffffff() [ 37.950937][ C1] raw: 05ffc00000000840 ffff0000c0001c80 dead000000000100 dead000000000122 [ 37.953289][ C1] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 37.955658][ C1] page dumped because: kasan: bad access detected [ 37.957421][ C1] [ 37.958022][ C1] Memory state around the buggy address: [ 37.959508][ C1] ffff0000cb1d3000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.961728][ C1] ffff0000cb1d3080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.963890][ C1] >ffff0000cb1d3100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.966100][ C1] ^ [ 37.967375][ C1] ffff0000cb1d3180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.969509][ C1] ffff0000cb1d3200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.971661][ C1] ================================================================== [ 37.984055][ T6318] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 37.986693][ T6318] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 38.066451][ T6320] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 38.069444][ T6320] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 38.108253][ T6185] Bluetooth: hci0: command 0x040f tx timeout [ 38.166360][ T6322] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 38.169009][ T6322] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 38.226204][ T6324] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 38.228864][ T6324] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 40.187949][ T6185] Bluetooth: hci0: command 0x0419 tx timeout 1970/01/01 00:00:41 executed programs: 104 [ 42.756948][ T6426] __nla_validate_parse: 100 callbacks suppressed [ 42.756962][ T6426] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 42.761253][ T6426] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 42.845483][ T6428] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 42.848104][ T6428] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 42.926296][ T6430] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 42.929064][ T6430] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 43.016633][ T6432] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 43.019321][ T6432] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 43.098357][ T6434] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 43.100936][ T6434] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 1970/01/01 00:00:46 executed programs: 160 [ 47.775681][ T6538] __nla_validate_parse: 102 callbacks suppressed [ 47.775694][ T6538] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 47.780063][ T6538] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.