Warning: Permanently added '10.128.0.174' (ED25519) to the list of known hosts. 1970/01/01 00:00:58 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:58 parsed 1 programs 1970/01/01 00:00:58 executed programs: 0 [ 59.950302][ T5671] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 59.952953][ T5671] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 59.956488][ T5671] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 59.959849][ T5671] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 59.962066][ T5671] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 59.964367][ T5671] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 60.029965][ T6446] chnl_net:caif_netlink_parms(): no params data found [ 60.057704][ T6446] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.059637][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.061640][ T6446] bridge_slave_0: entered allmulticast mode [ 60.063618][ T6446] bridge_slave_0: entered promiscuous mode [ 60.067430][ T6446] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.069317][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.071196][ T6446] bridge_slave_1: entered allmulticast mode [ 60.073166][ T6446] bridge_slave_1: entered promiscuous mode [ 60.085326][ T6446] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.089028][ T6446] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.100991][ T6446] team0: Port device team_slave_0 added [ 60.105287][ T6446] team0: Port device team_slave_1 added [ 60.115279][ T6446] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.117104][ T6446] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.123714][ T6446] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.127840][ T6446] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.129546][ T6446] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.136256][ T6446] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.206587][ T6446] hsr_slave_0: entered promiscuous mode [ 60.245217][ T6446] hsr_slave_1: entered promiscuous mode [ 60.960851][ T6446] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 60.990346][ T6446] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 61.036579][ T6446] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 61.076362][ T6446] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 61.153285][ T6446] 8021q: adding VLAN 0 to HW filter on device bond0 [ 61.164019][ T6446] 8021q: adding VLAN 0 to HW filter on device team0 [ 61.169446][ T2125] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.171199][ T2125] bridge0: port 1(bridge_slave_0) entered forwarding state [ 61.187108][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.188970][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 61.199080][ T6446] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 61.201597][ T6446] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 61.279439][ T6446] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.302111][ T6446] veth0_vlan: entered promiscuous mode [ 61.308080][ T6446] veth1_vlan: entered promiscuous mode [ 61.327297][ T6446] veth0_macvtap: entered promiscuous mode [ 61.331014][ T6446] veth1_macvtap: entered promiscuous mode [ 61.342210][ T6446] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.349068][ T6446] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 61.353530][ T6446] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.358319][ T6446] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.360595][ T6446] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.362660][ T6446] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 61.408286][ T23] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.410318][ T23] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.430690][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.432612][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.497268][ T6542] loop0: detected capacity change from 0 to 2048 [ 61.514192][ T6545] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 61.539334][ T6542] syz-executor.0: attempt to access beyond end of device [ 61.539334][ T6542] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 61.551677][ T6542] syz-executor.0: attempt to access beyond end of device [ 61.551677][ T6542] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 61.610681][ T6554] loop0: detected capacity change from 0 to 2048 [ 61.621502][ T6555] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 61.630686][ T6554] syz-executor.0: attempt to access beyond end of device [ 61.630686][ T6554] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 61.636859][ T6554] syz-executor.0: attempt to access beyond end of device [ 61.636859][ T6554] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 61.676898][ T6559] loop0: detected capacity change from 0 to 2048 [ 61.687503][ T6561] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 61.694217][ T6559] syz-executor.0: attempt to access beyond end of device [ 61.694217][ T6559] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 61.706066][ T6559] syz-executor.0: attempt to access beyond end of device [ 61.706066][ T6559] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 61.746727][ T6566] loop0: detected capacity change from 0 to 2048 [ 61.757283][ T6569] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 61.762212][ T6566] syz-executor.0: attempt to access beyond end of device [ 61.762212][ T6566] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 61.768698][ T6566] syz-executor.0: attempt to access beyond end of device [ 61.768698][ T6566] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 61.820132][ T6574] loop0: detected capacity change from 0 to 2048 [ 61.831069][ T6575] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 61.836626][ T6574] syz-executor.0: attempt to access beyond end of device [ 61.836626][ T6574] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 61.842293][ T6574] syz-executor.0: attempt to access beyond end of device [ 61.842293][ T6574] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 61.880536][ T6579] loop0: detected capacity change from 0 to 2048 [ 61.889468][ T6580] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 61.954370][ T6588] loop0: detected capacity change from 0 to 2048 [ 61.963914][ T6589] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 62.019755][ T6596] loop0: detected capacity change from 0 to 2048 [ 62.027017][ T5671] Bluetooth: hci0: command 0x0409 tx timeout [ 62.046763][ T6597] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 64.105492][ T5671] Bluetooth: hci0: command 0x041b tx timeout [ 64.516952][ T2217] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.518716][ T2217] ieee802154 phy1 wpan1: encryption failed: -22 [ 66.185096][ T5671] Bluetooth: hci0: command 0x040f tx timeout [ 67.065024][ C0] ================================================================== [ 67.067038][ C0] BUG: KASAN: slab-use-after-free in __lock_acquire+0x114/0x763c [ 67.069085][ C0] Read of size 8 at addr ffff0000d8c74110 by task swapper/0/0 [ 67.071135][ C0] [ 67.071782][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.7.0-rc3-syzkaller #0 [ 67.073799][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 67.076482][ C0] Call trace: [ 67.077334][ C0] dump_backtrace+0x1b8/0x1e4 [ 67.078644][ C0] show_stack+0x2c/0x44 [ 67.079760][ C0] dump_stack_lvl+0xd0/0x124 [ 67.080972][ C0] print_report+0x174/0x514 [ 67.082188][ C0] kasan_report+0xd8/0x138 [ 67.083338][ C0] __asan_report_load8_noabort+0x20/0x2c [ 67.084808][ C0] __lock_acquire+0x114/0x763c [ 67.086080][ C0] lock_acquire+0x23c/0x71c [ 67.087239][ C0] _raw_spin_lock_irqsave+0x5c/0x7c [ 67.088655][ C0] try_to_wake_up+0xb0/0xf50 [ 67.089836][ C0] wake_up_process+0x18/0x24 [ 67.091061][ C0] nilfs_construction_timeout+0x40/0x50 [ 67.092504][ C0] call_timer_fn+0x19c/0x8cc [ 67.093714][ C0] __run_timers+0x55c/0x734 [ 67.094891][ C0] run_timer_softirq+0x7c/0x114 [ 67.096151][ C0] __do_softirq+0x2d8/0xce4 [ 67.097330][ C0] ____do_softirq+0x14/0x20 [ 67.098492][ C0] call_on_irq_stack+0x24/0x4c [ 67.099785][ C0] do_softirq_own_stack+0x20/0x2c [ 67.101133][ C0] __irq_exit_rcu+0x1d8/0x434 [ 67.102376][ C0] irq_exit_rcu+0x14/0x84 [ 67.103513][ C0] el1_interrupt+0x38/0x68 [ 67.104674][ C0] el1h_64_irq_handler+0x18/0x24 [ 67.105944][ C0] el1h_64_irq+0x64/0x68 [ 67.107064][ C0] arch_local_irq_enable+0x8/0xc [ 67.108351][ C0] do_idle+0x1f0/0x4e8 [ 67.109385][ C0] cpu_startup_entry+0x5c/0x74 [ 67.110651][ C0] rest_init+0x2dc/0x2f4 [ 67.111775][ C0] start_kernel+0x0/0x4e8 [ 67.112937][ C0] start_kernel+0x3e8/0x4e8 [ 67.114102][ C0] __primary_switched+0xb8/0xc0 [ 67.115449][ C0] [ 67.116051][ C0] Allocated by task 2: [ 67.117142][ C0] kasan_set_track+0x4c/0x7c [ 67.118338][ C0] kasan_save_alloc_info+0x24/0x30 [ 67.119706][ C0] __kasan_slab_alloc+0x74/0x8c [ 67.121008][ C0] slab_post_alloc_hook+0x90/0x498 [ 67.122359][ C0] kmem_cache_alloc_node+0x2b4/0x458 [ 67.123783][ C0] dup_task_struct+0x74/0x888 [ 67.125023][ C0] copy_process+0x488/0x3478 [ 67.126241][ C0] kernel_clone+0x1d8/0x80c [ 67.127418][ C0] kernel_thread+0x184/0x200 [ 67.128614][ C0] kthreadd+0x464/0x670 [ 67.129694][ C0] ret_from_fork+0x10/0x20 [ 67.130823][ C0] [ 67.131432][ C0] Freed by task 16: [ 67.132424][ C0] kasan_set_track+0x4c/0x7c [ 67.133635][ C0] kasan_save_free_info+0x38/0x5c [ 67.134946][ C0] ____kasan_slab_free+0x144/0x1c0 [ 67.136298][ C0] __kasan_slab_free+0x18/0x28 [ 67.137524][ C0] kmem_cache_free+0x2e4/0x56c [ 67.138826][ C0] free_task+0xe8/0x14c [ 67.139909][ C0] __put_task_struct+0x178/0x210 [ 67.141214][ C0] put_task_struct+0x88/0x10c [ 67.142443][ C0] delayed_put_task_struct+0xdc/0x2d8 [ 67.143856][ C0] rcu_core+0x890/0x1b34 [ 67.144940][ C0] rcu_core_si+0x10/0x1c [ 67.146037][ C0] __do_softirq+0x2d8/0xce4 [ 67.147183][ C0] [ 67.147799][ C0] Last potentially related work creation: [ 67.149298][ C0] kasan_save_stack+0x40/0x6c [ 67.150514][ C0] __kasan_record_aux_stack+0xcc/0xe8 [ 67.151935][ C0] kasan_record_aux_stack_noalloc+0x14/0x20 [ 67.153490][ C0] call_rcu+0x104/0xaf4 [ 67.154592][ C0] put_task_struct_rcu_user+0x70/0xd8 [ 67.155964][ C0] finish_task_switch+0x5b4/0x614 [ 67.157280][ C0] __schedule+0x1358/0x2360 [ 67.158466][ C0] schedule+0xb8/0x19c [ 67.159527][ C0] worker_thread+0xb64/0xef4 [ 67.160704][ C0] kthread+0x288/0x310 [ 67.161781][ C0] ret_from_fork+0x10/0x20 [ 67.162927][ C0] [ 67.163551][ C0] Second to last potentially related work creation: [ 67.165311][ C0] kasan_save_stack+0x40/0x6c [ 67.166558][ C0] __kasan_record_aux_stack+0xcc/0xe8 [ 67.167953][ C0] kasan_record_aux_stack_noalloc+0x14/0x20 [ 67.169486][ C0] call_rcu+0x104/0xaf4 [ 67.170567][ C0] release_task+0x142c/0x15a8 [ 67.171812][ C0] wait_consider_task+0x15f0/0x2644 [ 67.173155][ C0] __do_wait+0x188/0x724 [ 67.174230][ C0] do_wait+0x1d8/0x550 [ 67.175280][ C0] kernel_wait4+0x24c/0x3d8 [ 67.176438][ C0] __arm64_sys_wait4+0x11c/0x2a0 [ 67.177732][ C0] invoke_syscall+0x98/0x2b8 [ 67.178951][ C0] el0_svc_common+0x130/0x23c [ 67.180176][ C0] do_el0_svc+0x48/0x58 [ 67.181276][ C0] el0_svc+0x54/0x158 [ 67.182332][ C0] el0t_64_sync_handler+0x84/0xfc [ 67.183604][ C0] el0t_64_sync+0x190/0x194 [ 67.184777][ C0] [ 67.185348][ C0] The buggy address belongs to the object at ffff0000d8c73780 [ 67.185348][ C0] which belongs to the cache task_struct of size 6848 [ 67.189085][ C0] The buggy address is located 2448 bytes inside of [ 67.189085][ C0] freed 6848-byte region [ffff0000d8c73780, ffff0000d8c75240) [ 67.192689][ C0] [ 67.193274][ C0] The buggy address belongs to the physical page: [ 67.194965][ C0] page:0000000090c8bdd1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118c70 [ 67.197658][ C0] head:0000000090c8bdd1 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 67.199992][ C0] anon flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 67.202237][ C0] page_type: 0xffffffff() [ 67.203361][ C0] raw: 05ffc00000000840 ffff0000c1863500 0000000000000000 0000000000000001 [ 67.205617][ C0] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 67.207862][ C0] page dumped because: kasan: bad access detected [ 67.209525][ C0] [ 67.210122][ C0] Memory state around the buggy address: [ 67.211611][ C0] ffff0000d8c74000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.213736][ C0] ffff0000d8c74080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.215846][ C0] >ffff0000d8c74100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.217896][ C0] ^ [ 67.219121][ C0] ffff0000d8c74180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.221231][ C0] ffff0000d8c74200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.223290][ C0] ================================================================== [ 67.225414][ C0] Disabling lock debugging due to kernel taint [ 68.265039][ T5671] Bluetooth: hci0: command 0x0419 tx timeout [ 69.626111][ T1365] cfg80211: failed to load regulatory.db