[ 84.134589][ T11] device veth1_macvtap left promiscuous mode [ 84.141076][ T11] device veth0_macvtap left promiscuous mode [ 84.147989][ T11] device veth1_vlan left promiscuous mode [ 84.154319][ T11] device veth0_vlan left promiscuous mode [ 84.497634][ T11] team0 (unregistering): Port device team_slave_1 removed [ 84.516373][ T11] team0 (unregistering): Port device team_slave_0 removed [ 84.535568][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 84.553297][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 84.661290][ T11] bond0 (unregistering): Released all slaves [ 91.534846][ T7] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.125' (ECDSA) to the list of known hosts. 2023/01/13 06:45:02 ignoring optional flag "sandboxArg"="0" 2023/01/13 06:45:03 parsed 1 programs 2023/01/13 06:45:03 executed programs: 0 [ 109.567765][ T5079] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 109.576725][ T5079] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 109.584644][ T5079] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 109.592810][ T5079] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 109.601502][ T5079] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 109.609209][ T5079] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 109.761389][ T5542] chnl_net:caif_netlink_parms(): no params data found [ 109.818640][ T5542] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.825917][ T5542] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.835240][ T5542] device bridge_slave_0 entered promiscuous mode [ 109.844453][ T5542] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.851635][ T5542] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.860254][ T5542] device bridge_slave_1 entered promiscuous mode [ 109.886381][ T5542] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.898202][ T5542] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.927981][ T5542] team0: Port device team_slave_0 added [ 109.937052][ T5542] team0: Port device team_slave_1 added [ 109.961758][ T5542] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.969011][ T5542] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.995246][ T5542] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 110.008015][ T5542] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 110.015073][ T5542] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 110.041050][ T5542] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 110.079463][ T5542] device hsr_slave_0 entered promiscuous mode [ 110.086425][ T5542] device hsr_slave_1 entered promiscuous mode [ 110.937978][ T5542] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 110.950798][ T5542] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 110.962004][ T5542] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 110.975147][ T5542] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 111.087663][ T5542] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.109088][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 111.118788][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 111.132710][ T5542] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.146020][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 111.156017][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 111.166339][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.173571][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.196816][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 111.205990][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 111.215536][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 111.224834][ T4401] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.231959][ T4401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.240573][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 111.249731][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 111.271099][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 111.281648][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 111.301722][ T5542] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 111.315259][ T5542] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 111.330534][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 111.340636][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 111.350056][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 111.359489][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 111.368753][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 111.383787][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 111.674121][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 111.681695][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 111.694291][ T4392] Bluetooth: hci0: command 0x0409 tx timeout [ 111.702654][ T5542] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 111.729210][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 111.738910][ T1452] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 111.767058][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 111.778297][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 111.790424][ T5542] device veth0_vlan entered promiscuous mode [ 111.797836][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 111.807175][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 111.821717][ T5542] device veth1_vlan entered promiscuous mode [ 111.879273][ T5542] device veth0_macvtap entered promiscuous mode [ 111.888263][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 111.899895][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 111.911495][ T5542] device veth1_macvtap entered promiscuous mode [ 111.922157][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 111.931567][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 111.957798][ T5542] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.969371][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 111.979453][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 111.992366][ T5542] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 112.002932][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 112.012827][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 112.025366][ T5542] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.036205][ T5542] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.045843][ T5542] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.054728][ T5542] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.160582][ T2775] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.184232][ T2775] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.205660][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 112.217301][ T2775] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.227243][ T2775] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.240473][ T4401] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 112.454042][ T5598] ================================================================== [ 112.462180][ T5598] BUG: KASAN: use-after-free in __lock_acquire+0x3e7f/0x5660 [ 112.469608][ T5598] Read of size 8 at addr ffff88807e78e268 by task syz-executor.0/5598 [ 112.477806][ T5598] [ 112.480162][ T5598] CPU: 0 PID: 5598 Comm: syz-executor.0 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0 [ 112.490536][ T5598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 112.500635][ T5598] Call Trace: [ 112.503950][ T5598] [ 112.506913][ T5598] dump_stack_lvl+0xd1/0x138 [ 112.511549][ T5598] print_report+0x15e/0x45d [ 112.516113][ T5598] ? __phys_addr+0xc8/0x140 [ 112.520693][ T5598] ? __lock_acquire+0x3e7f/0x5660 [ 112.525865][ T5598] kasan_report+0xc0/0xf0 [ 112.530282][ T5598] ? __lock_acquire+0x3e7f/0x5660 [ 112.535363][ T5598] __lock_acquire+0x3e7f/0x5660 [ 112.540279][ T5598] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 112.546321][ T5598] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 112.552357][ T5598] ? lock_downgrade+0x6e0/0x6e0 [ 112.557274][ T5598] ? rcu_read_lock_sched_held+0x3e/0x70 [ 112.562871][ T5598] ? trace_contention_end+0x173/0x1e0 [ 112.568318][ T5598] lock_acquire.part.0+0x11a/0x350 [ 112.573484][ T5598] ? io_poll_remove_entries.part.0+0x15e/0x810 [ 112.579698][ T5598] ? lock_release+0x810/0x810 [ 112.584521][ T5598] ? io_poll_remove_entries.part.0+0x15e/0x810 [ 112.590813][ T5598] ? rcu_read_lock_sched_held+0x3e/0x70 [ 112.596420][ T5598] ? trace_lock_acquire+0x1f1/0x290 [ 112.601675][ T5598] ? trace_lock_acquire+0x1f1/0x290 [ 112.607015][ T5598] ? io_poll_remove_entries.part.0+0x15e/0x810 [ 112.613226][ T5598] ? lock_acquire+0x32/0xc0 [ 112.618042][ T5598] ? io_poll_remove_entries.part.0+0x15e/0x810 [ 112.624254][ T5598] _raw_spin_lock_irq+0x36/0x50 [ 112.629175][ T5598] ? io_poll_remove_entries.part.0+0x15e/0x810 [ 112.635389][ T5598] io_poll_remove_entries.part.0+0x15e/0x810 [ 112.641424][ T5598] ? snd_rawmidi_poll+0x411/0x6a0 [ 112.646607][ T5598] io_poll_task_func+0x56c/0x1220 [ 112.651963][ T5598] ? lock_downgrade+0x6e0/0x6e0 [ 112.656868][ T5598] ? io_poll_remove_entries.part.0+0x810/0x810 [ 112.663097][ T5598] ? handle_tw_list+0x1a3/0x460 [ 112.668094][ T5598] ? lock_acquire+0x32/0xc0 [ 112.672652][ T5598] ? handle_tw_list+0x1a3/0x460 [ 112.677568][ T5598] handle_tw_list+0xa8/0x460 [ 112.682224][ T5598] tctx_task_work+0x12e/0x530 [ 112.686956][ T5598] ? handle_tw_list+0x460/0x460 [ 112.691858][ T5598] ? lock_downgrade+0x6e0/0x6e0 [ 112.696774][ T5598] ? do_raw_spin_lock+0x124/0x2b0 [ 112.701886][ T5598] ? rwlock_bug.part.0+0x90/0x90 [ 112.706972][ T5598] ? _raw_spin_unlock_irq+0x23/0x50 [ 112.712240][ T5598] task_work_run+0x16f/0x270 [ 112.716992][ T5598] ? task_work_cancel+0x30/0x30 [ 112.721913][ T5598] get_signal+0x1c7/0x24f0 [ 112.726383][ T5598] ? exit_signals+0x910/0x910 [ 112.731112][ T5598] ? do_futex+0x132/0x360 [ 112.735501][ T5598] ? __ia32_sys_get_robust_list+0x400/0x400 [ 112.741456][ T5598] arch_do_signal_or_restart+0x79/0x5c0 [ 112.747063][ T5598] ? get_sigframe_size+0x10/0x10 [ 112.752061][ T5598] ? __x64_sys_futex+0x1ca/0x4d0 [ 112.757056][ T5598] ? __x64_sys_futex+0x1d3/0x4d0 [ 112.762059][ T5598] ? do_futex+0x360/0x360 [ 112.766448][ T5598] exit_to_user_mode_prepare+0x11f/0x240 [ 112.772140][ T5598] syscall_exit_to_user_mode+0x1d/0x50 [ 112.777675][ T5598] do_syscall_64+0x46/0xb0 [ 112.782142][ T5598] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 112.788102][ T5598] RIP: 0033:0x7f977d48c0c9 [ 112.792556][ T5598] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 112.812224][ T5598] RSP: 002b:00007f977e27c218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 112.820778][ T5598] RAX: fffffffffffffe00 RBX: 00007f977d5ac058 RCX: 00007f977d48c0c9 [ 112.828804][ T5598] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f977d5ac058 [ 112.836822][ T5598] RBP: 00007f977d5ac050 R08: 0000000000000000 R09: 0000000000000000 [ 112.845019][ T5598] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f977d5ac05c [ 112.853032][ T5598] R13: 00007ffef7edfc4f R14: 00007f977e27c300 R15: 0000000000022000 [ 112.861252][ T5598] [ 112.864322][ T5598] [ 112.866728][ T5598] Allocated by task 5596: [ 112.871090][ T5598] kasan_save_stack+0x22/0x40 [ 112.875907][ T5598] kasan_set_track+0x25/0x30 [ 112.880547][ T5598] __kasan_kmalloc+0xa2/0xb0 [ 112.885186][ T5598] open_substream+0xe9/0x8c0 [ 112.889821][ T5598] rawmidi_open_priv+0x591/0x6f0 [ 112.894854][ T5598] snd_rawmidi_open+0x467/0xb70 [ 112.899764][ T5598] snd_open+0x223/0x460 [ 112.903972][ T5598] chrdev_open+0x26a/0x770 [ 112.908428][ T5598] do_dentry_open+0x6cc/0x13f0 [ 112.913258][ T5598] path_openat+0x1bc1/0x2b40 [ 112.917913][ T5598] do_filp_open+0x1ba/0x410 [ 112.922475][ T5598] do_sys_openat2+0x16d/0x4c0 [ 112.927206][ T5598] __x64_sys_openat+0x143/0x1f0 [ 112.932463][ T5598] do_syscall_64+0x39/0xb0 [ 112.936930][ T5598] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 112.942902][ T5598] [ 112.945258][ T5598] Freed by task 5598: [ 112.949276][ T5598] kasan_save_stack+0x22/0x40 [ 112.954017][ T5598] kasan_set_track+0x25/0x30 [ 112.958670][ T5598] kasan_save_free_info+0x2e/0x40 [ 112.963761][ T5598] ____kasan_slab_free+0x160/0x1c0 [ 112.968927][ T5598] slab_free_freelist_hook+0x8b/0x1c0 [ 112.974354][ T5598] __kmem_cache_free+0xaf/0x2d0 [ 112.979252][ T5598] close_substream.part.0+0x21d/0x850 [ 112.984680][ T5598] rawmidi_release_priv+0x192/0x270 [ 112.989932][ T5598] snd_rawmidi_release+0x87/0x120 [ 112.995018][ T5598] __fput+0x27c/0xa90 [ 112.999079][ T5598] task_work_run+0x16f/0x270 [ 113.003736][ T5598] get_signal+0x1c7/0x24f0 [ 113.008199][ T5598] arch_do_signal_or_restart+0x79/0x5c0 [ 113.013802][ T5598] exit_to_user_mode_prepare+0x11f/0x240 [ 113.019492][ T5598] syscall_exit_to_user_mode+0x1d/0x50 [ 113.025128][ T5598] do_syscall_64+0x46/0xb0 [ 113.029596][ T5598] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 113.035566][ T5598] [ 113.037918][ T5598] The buggy address belongs to the object at ffff88807e78e200 [ 113.037918][ T5598] which belongs to the cache kmalloc-256 of size 256 [ 113.052019][ T5598] The buggy address is located 104 bytes inside of [ 113.052019][ T5598] 256-byte region [ffff88807e78e200, ffff88807e78e300) [ 113.065873][ T5598] [ 113.068221][ T5598] The buggy address belongs to the physical page: [ 113.074662][ T5598] page:ffffea0001f9e380 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e78e [ 113.084947][ T5598] head:ffffea0001f9e380 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 113.093925][ T5598] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 113.101963][ T5598] raw: 00fff00000010200 ffff888012441b40 dead000000000122 0000000000000000 [ 113.110592][ T5598] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 113.119299][ T5598] page dumped because: kasan: bad access detected [ 113.125743][ T5598] page_owner tracks the page as allocated [ 113.131494][ T5598] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5542, tgid 5542 (syz-executor.0), ts 112149922863, free_ts 109467087241 [ 113.154826][ T5598] get_page_from_freelist+0x11bb/0x2d50 [ 113.160525][ T5598] __alloc_pages+0x1cb/0x5c0 [ 113.165343][ T5598] alloc_pages+0x1aa/0x270 [ 113.169808][ T5598] allocate_slab+0x25f/0x350 [ 113.174445][ T5598] ___slab_alloc+0xa91/0x1400 [ 113.179171][ T5598] __slab_alloc.constprop.0+0x56/0xa0 [ 113.184596][ T5598] __kmem_cache_alloc_node+0x136/0x330 [ 113.190111][ T5598] __kmalloc+0x4a/0xd0 [ 113.194250][ T5598] __register_sysctl_table+0x9ef/0x10a0 [ 113.199861][ T5598] mpls_dev_sysctl_register+0x1b7/0x2d0 [ 113.205466][ T5598] mpls_dev_notify+0x46d/0x990 [ 113.210293][ T5598] notifier_call_chain+0xb5/0x200 [ 113.215375][ T5598] call_netdevice_notifiers_info+0xb5/0x130 [ 113.221342][ T5598] register_netdevice+0xfb4/0x1640 [ 113.226508][ T5598] cfg80211_register_netdevice+0x157/0x330 [ 113.232377][ T5598] ieee80211_if_add+0x1073/0x1960 [ 113.237470][ T5598] page last free stack trace: [ 113.242168][ T5598] free_pcp_prepare+0x4d0/0x910 [ 113.247071][ T5598] free_unref_page+0x1d/0x490 [ 113.251802][ T5598] qlist_free_all+0x6a/0x170 [ 113.256459][ T5598] kasan_quarantine_reduce+0x192/0x220 [ 113.261989][ T5598] __kasan_slab_alloc+0x63/0x90 [ 113.266901][ T5598] kmem_cache_alloc+0x175/0x320 [ 113.271803][ T5598] getname_flags.part.0+0x50/0x4f0 [ 113.276981][ T5598] getname+0x92/0xd0 [ 113.280942][ T5598] do_sys_openat2+0xf5/0x4c0 [ 113.285580][ T5598] __x64_sys_openat+0x143/0x1f0 [ 113.290480][ T5598] do_syscall_64+0x39/0xb0 [ 113.294943][ T5598] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 113.300982][ T5598] [ 113.303333][ T5598] Memory state around the buggy address: [ 113.309084][ T5598] ffff88807e78e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 113.317180][ T5598] ffff88807e78e180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 113.325371][ T5598] >ffff88807e78e200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 113.333553][ T5598] ^ [ 113.341054][ T5598] ffff88807e78e280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 113.349507][ T5598] ffff88807e78e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 113.357690][ T5598] ================================================================== [ 113.365869][ T5598] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 113.373177][ T5598] CPU: 0 PID: 5598 Comm: syz-executor.0 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0 [ 113.383561][ T5598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 113.393831][ T5598] Call Trace: [ 113.397138][ T5598] [ 113.400368][ T5598] dump_stack_lvl+0xd1/0x138 [ 113.405009][ T5598] panic+0x2cc/0x626 [ 113.408980][ T5598] ? panic_print_sys_info.part.0+0x112/0x112 [ 113.415299][ T5598] ? lock_downgrade+0x6e0/0x6e0 [ 113.420202][ T5598] ? dump_page.cold+0x21d/0x255 [ 113.425120][ T5598] check_panic_on_warn.cold+0x19/0x35 [ 113.430560][ T5598] end_report.part.0+0x36/0x73 [ 113.435459][ T5598] ? __lock_acquire+0x3e7f/0x5660 [ 113.440528][ T5598] kasan_report.cold+0xa/0xf [ 113.445178][ T5598] ? __lock_acquire+0x3e7f/0x5660 [ 113.450256][ T5598] __lock_acquire+0x3e7f/0x5660 [ 113.455167][ T5598] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 113.461296][ T5598] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 113.467330][ T5598] ? lock_downgrade+0x6e0/0x6e0 [ 113.472236][ T5598] ? rcu_read_lock_sched_held+0x3e/0x70 [ 113.477827][ T5598] ? trace_contention_end+0x173/0x1e0 [ 113.483263][ T5598] lock_acquire.part.0+0x11a/0x350 [ 113.488422][ T5598] ? io_poll_remove_entries.part.0+0x15e/0x810 [ 113.494631][ T5598] ? lock_release+0x810/0x810 [ 113.499430][ T5598] ? io_poll_remove_entries.part.0+0x15e/0x810 [ 113.505739][ T5598] ? rcu_read_lock_sched_held+0x3e/0x70 [ 113.511357][ T5598] ? trace_lock_acquire+0x1f1/0x290 [ 113.516602][ T5598] ? trace_lock_acquire+0x1f1/0x290 [ 113.521850][ T5598] ? io_poll_remove_entries.part.0+0x15e/0x810 [ 113.528059][ T5598] ? lock_acquire+0x32/0xc0 [ 113.532609][ T5598] ? io_poll_remove_entries.part.0+0x15e/0x810 [ 113.538819][ T5598] _raw_spin_lock_irq+0x36/0x50 [ 113.543732][ T5598] ? io_poll_remove_entries.part.0+0x15e/0x810 [ 113.549935][ T5598] io_poll_remove_entries.part.0+0x15e/0x810 [ 113.555969][ T5598] ? snd_rawmidi_poll+0x411/0x6a0 [ 113.561058][ T5598] io_poll_task_func+0x56c/0x1220 [ 113.566132][ T5598] ? lock_downgrade+0x6e0/0x6e0 [ 113.571037][ T5598] ? io_poll_remove_entries.part.0+0x810/0x810 [ 113.577244][ T5598] ? handle_tw_list+0x1a3/0x460 [ 113.582151][ T5598] ? lock_acquire+0x32/0xc0 [ 113.586704][ T5598] ? handle_tw_list+0x1a3/0x460 [ 113.591614][ T5598] handle_tw_list+0xa8/0x460 [ 113.596277][ T5598] tctx_task_work+0x12e/0x530 [ 113.601012][ T5598] ? handle_tw_list+0x460/0x460 [ 113.605923][ T5598] ? lock_downgrade+0x6e0/0x6e0 [ 113.610837][ T5598] ? do_raw_spin_lock+0x124/0x2b0 [ 113.615917][ T5598] ? rwlock_bug.part.0+0x90/0x90 [ 113.620909][ T5598] ? _raw_spin_unlock_irq+0x23/0x50 [ 113.626183][ T5598] task_work_run+0x16f/0x270 [ 113.630838][ T5598] ? task_work_cancel+0x30/0x30 [ 113.635763][ T5598] get_signal+0x1c7/0x24f0 [ 113.640324][ T5598] ? exit_signals+0x910/0x910 [ 113.645060][ T5598] ? do_futex+0x132/0x360 [ 113.649538][ T5598] ? __ia32_sys_get_robust_list+0x400/0x400 [ 113.655491][ T5598] arch_do_signal_or_restart+0x79/0x5c0 [ 113.661091][ T5598] ? get_sigframe_size+0x10/0x10 [ 113.666099][ T5598] ? __x64_sys_futex+0x1ca/0x4d0 [ 113.671088][ T5598] ? __x64_sys_futex+0x1d3/0x4d0 [ 113.676107][ T5598] ? do_futex+0x360/0x360 [ 113.680497][ T5598] exit_to_user_mode_prepare+0x11f/0x240 [ 113.686180][ T5598] syscall_exit_to_user_mode+0x1d/0x50 [ 113.691703][ T5598] do_syscall_64+0x46/0xb0 [ 113.696170][ T5598] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 113.702130][ T5598] RIP: 0033:0x7f977d48c0c9 [ 113.706589][ T5598] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 113.726354][ T5598] RSP: 002b:00007f977e27c218 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 113.734818][ T5598] RAX: fffffffffffffe00 RBX: 00007f977d5ac058 RCX: 00007f977d48c0c9 [ 113.742832][ T5598] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f977d5ac058 [ 113.750936][ T5598] RBP: 00007f977d5ac050 R08: 0000000000000000 R09: 0000000000000000 [ 113.758950][ T5598] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f977d5ac05c [ 113.766971][ T5598] R13: 00007ffef7edfc4f R14: 00007f977e27c300 R15: 0000000000022000 [ 113.773615][ T4392] Bluetooth: hci0: command 0x041b tx timeout [ 113.781118][ T5598] [ 113.784395][ T5598] Kernel Offset: disabled [ 113.788765][ T5598] Rebooting in 86400 seconds..