Warning: Permanently added '10.128.1.182' (ED25519) to the list of known hosts. 1970/01/01 00:01:25 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:26 parsed 1 programs [ 89.613649][ T6880] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 99.876778][ T6997] chnl_net:caif_netlink_parms(): no params data found [ 99.941740][ T6997] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.941821][ T6997] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.941961][ T6997] bridge_slave_0: entered allmulticast mode [ 99.942774][ T6997] bridge_slave_0: entered promiscuous mode [ 99.943826][ T6997] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.943877][ T6997] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.943966][ T6997] bridge_slave_1: entered allmulticast mode [ 99.944746][ T6997] bridge_slave_1: entered promiscuous mode [ 99.964291][ T6997] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 99.968534][ T6997] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.986330][ T6997] team0: Port device team_slave_0 added [ 99.988440][ T6997] team0: Port device team_slave_1 added [ 100.006183][ T6997] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 100.006233][ T6997] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.006286][ T6997] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 100.007820][ T6997] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 100.007846][ T6997] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 100.007876][ T6997] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 100.090302][ T6997] hsr_slave_0: entered promiscuous mode [ 100.090805][ T6997] hsr_slave_1: entered promiscuous mode [ 100.958195][ T6997] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.962027][ T6997] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.967734][ T6997] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.971518][ T6997] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 101.027603][ T6997] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.037580][ T6997] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.042788][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 101.042869][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 101.053203][ T1986] bridge0: port 2(bridge_slave_1) entered blocking state [ 101.053306][ T1986] bridge0: port 2(bridge_slave_1) entered forwarding state [ 101.162967][ T6997] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.191449][ T6997] veth0_vlan: entered promiscuous mode [ 101.198751][ T6997] veth1_vlan: entered promiscuous mode [ 101.216039][ T6997] veth0_macvtap: entered promiscuous mode [ 101.223120][ T6997] veth1_macvtap: entered promiscuous mode [ 101.232595][ T6997] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.240889][ T6997] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.245449][ T6997] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.249093][ T6997] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.251728][ T6997] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.254338][ T6997] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.649331][ T1986] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.718918][ T1986] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.790444][ T1986] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.790652][ T6095] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 101.791359][ T6095] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 101.791924][ T6095] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 101.792742][ T6095] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 101.793155][ T6095] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 101.879500][ T1986] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.755060][ T393] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.755122][ T393] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.774239][ T2001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.774311][ T2001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 1970/01/01 00:01:43 executed programs: 0 [ 103.923128][ T6095] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 103.926293][ T6095] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 103.929210][ T6095] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 103.931956][ T6095] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 103.934638][ T6095] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 104.031194][ T7288] chnl_net:caif_netlink_parms(): no params data found [ 104.077693][ T7288] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.080182][ T7288] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.082368][ T7288] bridge_slave_0: entered allmulticast mode [ 104.085293][ T7288] bridge_slave_0: entered promiscuous mode [ 104.088771][ T7288] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.091028][ T7288] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.093389][ T7288] bridge_slave_1: entered allmulticast mode [ 104.096115][ T7288] bridge_slave_1: entered promiscuous mode [ 104.119080][ T7288] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.123742][ T7288] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.144734][ T7288] team0: Port device team_slave_0 added [ 104.148256][ T7288] team0: Port device team_slave_1 added [ 104.167922][ T7288] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.170117][ T7288] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.177883][ T7288] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.179036][ T7288] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.179060][ T7288] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.179105][ T7288] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 104.225500][ T7288] hsr_slave_0: entered promiscuous mode [ 104.226078][ T7288] hsr_slave_1: entered promiscuous mode [ 104.226470][ T7288] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 104.226501][ T7288] Cannot create hsr debugfs directory [ 104.480902][ T1986] bridge_slave_1: left allmulticast mode [ 104.480973][ T1986] bridge_slave_1: left promiscuous mode [ 104.481092][ T1986] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.487046][ T1986] bridge_slave_0: left allmulticast mode [ 104.487101][ T1986] bridge_slave_0: left promiscuous mode [ 104.487232][ T1986] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.947342][ T6095] Bluetooth: hci0: command tx timeout [ 106.039288][ T1986] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 106.079830][ T1986] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 106.128655][ T1986] bond0 (unregistering): Released all slaves [ 106.202209][ T1986] hsr_slave_0: left promiscuous mode [ 106.206000][ T1986] hsr_slave_1: left promiscuous mode [ 106.206499][ T1986] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 106.206543][ T1986] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 106.212899][ T1986] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 106.212938][ T1986] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 106.224107][ T1986] veth1_macvtap: left promiscuous mode [ 106.224206][ T1986] veth0_macvtap: left promiscuous mode [ 106.224307][ T1986] veth1_vlan: left promiscuous mode [ 106.224377][ T1986] veth0_vlan: left promiscuous mode [ 107.949061][ T1986] team0 (unregistering): Port device team_slave_1 removed [ 108.037069][ T6095] Bluetooth: hci0: command tx timeout [ 108.138462][ T1986] team0 (unregistering): Port device team_slave_0 removed [ 110.107086][ T6095] Bluetooth: hci0: command tx timeout [ 110.934704][ T7288] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 110.939746][ T7288] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 110.946640][ T7288] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 110.952696][ T7288] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 111.012540][ T7288] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.019649][ T7288] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.379464][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.379550][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.385873][ T4393] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.385964][ T4393] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.406825][ T7288] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 111.496343][ T7288] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 111.656117][ T7288] veth0_vlan: entered promiscuous mode [ 111.659428][ T7288] veth1_vlan: entered promiscuous mode [ 111.672798][ T7288] veth0_macvtap: entered promiscuous mode [ 111.674507][ T7288] veth1_macvtap: entered promiscuous mode [ 111.682245][ T7288] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.684032][ T7288] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.685440][ T7288] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.685478][ T7288] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.685508][ T7288] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.685538][ T7288] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.766795][ T393] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.766855][ T393] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.782992][ T393] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.783049][ T393] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 1970/01/01 00:01:51 executed programs: 2 [ 111.832316][ T7437] BUG: spinlock bad magic on CPU#1, syz.0.16/7437 [ 111.832371][ T7437] lock: 0xffff0000c5c00580, .magic: ffff8000, .owner: /-1, .owner_cpu: -1 [ 111.832400][ T7437] CPU: 1 UID: 0 PID: 7437 Comm: syz.0.16 Not tainted 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 111.832414][ T7437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.832421][ T7437] Call trace: [ 111.832425][ T7437] show_stack+0x2c/0x3c (C) [ 111.832440][ T7437] __dump_stack+0x30/0x40 [ 111.832454][ T7437] dump_stack_lvl+0xd8/0x12c [ 111.832467][ T7437] dump_stack+0x1c/0x28 [ 111.832480][ T7437] spin_dump+0x104/0x1ec [ 111.832491][ T7437] do_raw_spin_lock+0x1c4/0x2cc [ 111.832504][ T7437] _raw_spin_lock+0x50/0x60 [ 111.832516][ T7437] cipso_v4_sock_setattr+0x134/0x404 [ 111.832528][ T7437] netlbl_sock_setattr+0x240/0x334 [ 111.832542][ T7437] smack_netlbl_add+0xa8/0x158 [ 111.832557][ T7437] smack_inode_setsecurity+0x378/0x430 [ 111.832570][ T7437] security_inode_setsecurity+0x118/0x3c0 [ 111.832583][ T7437] __vfs_setxattr_noperm+0x174/0x5c4 [ 111.832596][ T7437] __vfs_setxattr_locked+0x1ec/0x218 [ 111.832609][ T7437] vfs_setxattr+0x158/0x2ac [ 111.832621][ T7437] file_setxattr+0x1b8/0x294 [ 111.832634][ T7437] path_setxattrat+0x2ac/0x320 [ 111.832647][ T7437] __arm64_sys_fsetxattr+0xc0/0xdc [ 111.832659][ T7437] invoke_syscall+0x98/0x2b8 [ 111.832669][ T7437] el0_svc_common+0x130/0x23c [ 111.832680][ T7437] do_el0_svc+0x48/0x58 [ 111.832689][ T7437] el0_svc+0x58/0x180 [ 111.832700][ T7437] el0t_64_sync_handler+0x84/0x12c [ 111.832711][ T7437] el0t_64_sync+0x198/0x19c [ 111.832725][ T7437] ------------[ cut here ]------------ [ 111.832884][ T7437] UBSAN: array-index-out-of-bounds in kernel/locking/qspinlock.h:68:9 [ 111.832903][ T7437] index 8773 is out of range for type 'unsigned long[8]' [ 111.832920][ T7437] CPU: 1 UID: 0 PID: 7437 Comm: syz.0.16 Not tainted 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 111.832932][ T7437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.832938][ T7437] Call trace: [ 111.832941][ T7437] show_stack+0x2c/0x3c (C) [ 111.832952][ T7437] __dump_stack+0x30/0x40 [ 111.832965][ T7437] dump_stack_lvl+0xd8/0x12c [ 111.832978][ T7437] dump_stack+0x1c/0x28 [ 111.832990][ T7437] ubsan_epilogue+0x14/0x48 [ 111.833003][ T7437] __ubsan_handle_out_of_bounds+0xd0/0xfc [ 111.833018][ T7437] queued_spin_lock_slowpath+0x9f4/0xaec [ 111.833030][ T7437] do_raw_spin_lock+0x2a8/0x2cc [ 111.833041][ T7437] _raw_spin_lock+0x50/0x60 [ 111.833051][ T7437] cipso_v4_sock_setattr+0x134/0x404 [ 111.833061][ T7437] netlbl_sock_setattr+0x240/0x334 [ 111.833074][ T7437] smack_netlbl_add+0xa8/0x158 [ 111.833087][ T7437] smack_inode_setsecurity+0x378/0x430 [ 111.833099][ T7437] security_inode_setsecurity+0x118/0x3c0 [ 111.833112][ T7437] __vfs_setxattr_noperm+0x174/0x5c4 [ 111.833125][ T7437] __vfs_setxattr_locked+0x1ec/0x218 [ 111.833137][ T7437] vfs_setxattr+0x158/0x2ac [ 111.833149][ T7437] file_setxattr+0x1b8/0x294 [ 111.833161][ T7437] path_setxattrat+0x2ac/0x320 [ 111.833174][ T7437] __arm64_sys_fsetxattr+0xc0/0xdc [ 111.833186][ T7437] invoke_syscall+0x98/0x2b8 [ 111.833196][ T7437] el0_svc_common+0x130/0x23c [ 111.833206][ T7437] do_el0_svc+0x48/0x58 [ 111.833216][ T7437] el0_svc+0x58/0x180 [ 111.833226][ T7437] el0t_64_sync_handler+0x84/0x12c [ 111.833237][ T7437] el0t_64_sync+0x198/0x19c [ 111.833248][ T7437] ---[ end trace ]--- [ 111.833429][ T7437] ================================================================== [ 111.833441][ T7437] BUG: KASAN: use-after-free in queued_spin_lock_slowpath+0x854/0xaec [ 111.833459][ T7437] Write of size 8 at addr ffff00011ec59800 by task syz.0.16/7437 [ 111.833474][ T7437] [ 111.833484][ T7437] CPU: 1 UID: 0 PID: 7437 Comm: syz.0.16 Not tainted 6.16.0-rc5-syzkaller-00067-gec4801305969-dirty #0 PREEMPT [ 111.833497][ T7437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.833503][ T7437] Call trace: [ 111.833506][ T7437] show_stack+0x2c/0x3c (C) [ 111.833516][ T7437] __dump_stack+0x30/0x40 [ 111.833529][ T7437] dump_stack_lvl+0xd8/0x12c [ 111.833542][ T7437] print_address_description+0xa8/0x254 [ 111.833555][ T7437] print_report+0x68/0x84 [ 111.833567][ T7437] kasan_report+0xb0/0x110 [ 111.833578][ T7437] __asan_report_store8_noabort+0x20/0x2c [ 111.833590][ T7437] queued_spin_lock_slowpath+0x854/0xaec [ 111.833602][ T7437] do_raw_spin_lock+0x2a8/0x2cc [ 111.833613][ T7437] _raw_spin_lock+0x50/0x60 [ 111.833624][ T7437] cipso_v4_sock_setattr+0x134/0x404 [ 111.833635][ T7437] netlbl_sock_setattr+0x240/0x334 [ 111.833647][ T7437] smack_netlbl_add+0xa8/0x158 [ 111.833660][ T7437] smack_inode_setsecurity+0x378/0x430 [ 111.833673][ T7437] security_inode_setsecurity+0x118/0x3c0 [ 111.833686][ T7437] __vfs_setxattr_noperm+0x174/0x5c4 [ 111.833698][ T7437] __vfs_setxattr_locked+0x1ec/0x218 [ 111.833711][ T7437] vfs_setxattr+0x158/0x2ac [ 111.833723][ T7437] file_setxattr+0x1b8/0x294 [ 111.833735][ T7437] path_setxattrat+0x2ac/0x320 [ 111.833748][ T7437] __arm64_sys_fsetxattr+0xc0/0xdc [ 111.833766][ T7437] invoke_syscall+0x98/0x2b8 [ 111.833777][ T7437] el0_svc_common+0x130/0x23c [ 111.833787][ T7437] do_el0_svc+0x48/0x58 [ 111.833796][ T7437] el0_svc+0x58/0x180 [ 111.833806][ T7437] el0t_64_sync_handler+0x84/0x12c [ 111.833818][ T7437] el0t_64_sync+0x198/0x19c [ 111.833828][ T7437] [ 111.833965][ T7437] The buggy address belongs to the physical page: [ 111.833977][ T7437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x15ec59 [ 111.833993][ T7437] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 111.834014][ T7437] raw: 05ffc00000000000 fffffdffc47b1648 fffffdffc47b1648 0000000000000000 [ 111.834030][ T7437] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 111.834042][ T7437] page dumped because: kasan: bad access detected [ 111.834053][ T7437] [ 111.834062][ T7437] Memory state around the buggy address: [ 111.834073][ T7437] ffff00011ec59700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 111.834087][ T7437] ffff00011ec59780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 111.834100][ T7437] >ffff00011ec59800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 111.834112][ T7437] ^ [ 111.834123][ T7437] ffff00011ec59880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 111.834137][ T7437] ffff00011ec59900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 111.834148][ T7437] ==================================================================