Warning: Permanently added '10.128.1.134' (ED25519) to the list of known hosts. 1970/01/01 00:00:56 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:56 parsed 1 programs [ 56.473480][ T6443] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS 1970/01/01 00:00:56 executed programs: 0 [ 56.512393][ T5830] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 56.515485][ T5830] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 56.517673][ T5830] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 56.520330][ T5830] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 56.522786][ T5830] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 56.524821][ T5830] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 56.579713][ T6460] chnl_net:caif_netlink_parms(): no params data found [ 56.605481][ T6460] bridge0: port 1(bridge_slave_0) entered blocking state [ 56.607415][ T6460] bridge0: port 1(bridge_slave_0) entered disabled state [ 56.609398][ T6460] bridge_slave_0: entered allmulticast mode [ 56.611540][ T6460] bridge_slave_0: entered promiscuous mode [ 56.614181][ T6460] bridge0: port 2(bridge_slave_1) entered blocking state [ 56.616006][ T6460] bridge0: port 2(bridge_slave_1) entered disabled state [ 56.617897][ T6460] bridge_slave_1: entered allmulticast mode [ 56.619883][ T6460] bridge_slave_1: entered promiscuous mode [ 56.631622][ T6460] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 56.635203][ T6460] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 56.645954][ T6460] team0: Port device team_slave_0 added [ 56.648663][ T6460] team0: Port device team_slave_1 added [ 56.658120][ T6460] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 56.659938][ T6460] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.667318][ T6460] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 56.671088][ T6460] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 56.672970][ T6460] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 56.679763][ T6460] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 56.753010][ T6460] hsr_slave_0: entered promiscuous mode [ 56.791259][ T6460] hsr_slave_1: entered promiscuous mode [ 57.771935][ T6460] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 57.775968][ T6460] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 57.779393][ T6460] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 57.783583][ T6460] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 57.824622][ T6460] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.834607][ T6460] 8021q: adding VLAN 0 to HW filter on device team0 [ 57.838724][ T6256] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.841063][ T6256] bridge0: port 1(bridge_slave_0) entered forwarding state [ 57.846895][ T27] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.848746][ T27] bridge0: port 2(bridge_slave_1) entered forwarding state [ 57.932008][ T6460] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 57.952540][ T6460] veth0_vlan: entered promiscuous mode [ 57.956406][ T6460] veth1_vlan: entered promiscuous mode [ 57.974175][ T6460] veth0_macvtap: entered promiscuous mode [ 57.978135][ T6460] veth1_macvtap: entered promiscuous mode [ 57.986714][ T6460] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 57.994742][ T6460] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 57.999002][ T6460] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.001373][ T6460] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.003590][ T6460] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.005749][ T6460] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 58.048177][ T724] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.050308][ T724] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.067487][ T651] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 58.069523][ T651] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 58.190666][ T6599] FAULT_INJECTION: forcing a failure. [ 58.190666][ T6599] name failslab, interval 1, probability 0, space 0, times 1 [ 58.194886][ T6599] CPU: 0 PID: 6599 Comm: syz-executor.0 Tainted: G W 6.10.0-rc3-syzkaller-00018-gac2193b4b460 #0 [ 58.198058][ T6599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 58.200762][ T6599] Call trace: [ 58.201665][ T6599] dump_backtrace+0x1b8/0x1e4 [ 58.202972][ T6599] show_stack+0x2c/0x3c [ 58.204102][ T6599] dump_stack_lvl+0xe4/0x150 [ 58.205432][ T6599] dump_stack+0x1c/0x28 [ 58.206631][ T6599] should_fail_ex+0x3b0/0x50c [ 58.207818][ T6599] __should_failslab+0xc8/0x128 [ 58.209178][ T6599] should_failslab+0x10/0x28 [ 58.210447][ T6599] kmem_cache_alloc_node_noprof+0x88/0x3a4 [ 58.211959][ T6599] __alloc_skb+0x1e0/0x420 [ 58.213193][ T6599] kcm_sendmsg+0x6c4/0x2128 [ 58.214406][ T6599] sock_sendmsg+0x220/0x2c0 [ 58.215698][ T6599] splice_to_socket+0x7cc/0xd58 [ 58.216980][ T6599] direct_splice_actor+0xec/0x1d8 [ 58.218351][ T6599] splice_direct_to_actor+0x438/0xa0c [ 58.219838][ T6599] do_splice_direct+0x1e4/0x304 [ 58.221048][ T6599] do_sendfile+0x468/0xbb8 [ 58.222274][ T6599] __arm64_sys_sendfile64+0x160/0x3b4 [ 58.223684][ T6599] invoke_syscall+0x98/0x2b8 [ 58.224901][ T6599] el0_svc_common+0x130/0x23c [ 58.226210][ T6599] do_el0_svc+0x48/0x58 [ 58.227293][ T6599] el0_svc+0x54/0x168 [ 58.228342][ T6599] el0t_64_sync_handler+0x84/0xfc [ 58.229650][ T6599] el0t_64_sync+0x190/0x194 [ 58.288821][ T6598] ================================================================== [ 58.291051][ T6598] BUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 [ 58.293008][ T6598] Read of size 8 at addr ffff0000dc666780 by task syz-executor.0/6598 [ 58.295063][ T6598] [ 58.295704][ T6598] CPU: 0 PID: 6598 Comm: syz-executor.0 Tainted: G W 6.10.0-rc3-syzkaller-00018-gac2193b4b460 #0 [ 58.298855][ T6598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 58.301514][ T6598] Call trace: [ 58.302387][ T6598] dump_backtrace+0x1b8/0x1e4 [ 58.303698][ T6598] show_stack+0x2c/0x3c [ 58.304811][ T6598] dump_stack_lvl+0xe4/0x150 [ 58.305983][ T6598] print_report+0x198/0x538 [ 58.307229][ T6598] kasan_report+0xd8/0x138 [ 58.308413][ T6598] __asan_report_load8_noabort+0x20/0x2c [ 58.309817][ T6598] kcm_release+0x170/0x4c8 [ 58.310983][ T6598] sock_close+0xa4/0x1e8 [ 58.312018][ T6598] __fput+0x334/0x760 [ 58.313085][ T6598] __fput_sync+0x60/0x9c [ 58.314178][ T6598] __arm64_sys_close+0x150/0x1e0 [ 58.315559][ T6598] invoke_syscall+0x98/0x2b8 [ 58.316781][ T6598] el0_svc_common+0x130/0x23c [ 58.318049][ T6598] do_el0_svc+0x48/0x58 [ 58.319176][ T6598] el0_svc+0x54/0x168 [ 58.320241][ T6598] el0t_64_sync_handler+0x84/0xfc [ 58.321599][ T6598] el0t_64_sync+0x190/0x194 [ 58.322839][ T6598] [ 58.323443][ T6598] Allocated by task 6599: [ 58.324596][ T6598] kasan_save_track+0x40/0x78 [ 58.325852][ T6598] kasan_save_alloc_info+0x40/0x50 [ 58.327190][ T6598] __kasan_slab_alloc+0x74/0x8c [ 58.328506][ T6598] kmem_cache_alloc_node_noprof+0x204/0x3a4 [ 58.330028][ T6598] __alloc_skb+0x1e0/0x420 [ 58.331217][ T6598] kcm_sendmsg+0x1d40/0x2128 [ 58.332443][ T6598] sock_sendmsg+0x220/0x2c0 [ 58.333644][ T6598] splice_to_socket+0x7cc/0xd58 [ 58.334912][ T6598] direct_splice_actor+0xec/0x1d8 [ 58.336272][ T6598] splice_direct_to_actor+0x438/0xa0c [ 58.337626][ T6598] do_splice_direct+0x1e4/0x304 [ 58.338880][ T6598] do_sendfile+0x468/0xbb8 [ 58.340311][ T6598] __arm64_sys_sendfile64+0x160/0x3b4 [ 58.341638][ T6598] invoke_syscall+0x98/0x2b8 [ 58.342832][ T6598] el0_svc_common+0x130/0x23c [ 58.343974][ T6598] do_el0_svc+0x48/0x58 [ 58.345053][ T6598] el0_svc+0x54/0x168 [ 58.346168][ T6598] el0t_64_sync_handler+0x84/0xfc [ 58.347423][ T6598] el0t_64_sync+0x190/0x194 [ 58.348567][ T6598] [ 58.349129][ T6598] Freed by task 6598: [ 58.350137][ T6598] kasan_save_track+0x40/0x78 [ 58.351393][ T6598] kasan_save_free_info+0x54/0x6c [ 58.352869][ T6598] poison_slab_object+0x128/0x180 [ 58.354185][ T6598] __kasan_slab_free+0x3c/0x70 [ 58.355483][ T6598] kmem_cache_free+0x170/0x4d0 [ 58.356754][ T6598] kfree_skbmem+0x15c/0x1ec [ 58.357980][ T6598] kfree_skb_reason+0x1c0/0x490 [ 58.359285][ T6598] kcm_release+0x104/0x4c8 [ 58.360402][ T6598] sock_close+0xa4/0x1e8 [ 58.361563][ T6598] __fput+0x334/0x760 [ 58.362690][ T6598] __fput_sync+0x60/0x9c [ 58.363804][ T6598] __arm64_sys_close+0x150/0x1e0 [ 58.365309][ T6598] invoke_syscall+0x98/0x2b8 [ 58.366598][ T6598] el0_svc_common+0x130/0x23c [ 58.367913][ T6598] do_el0_svc+0x48/0x58 [ 58.369014][ T6598] el0_svc+0x54/0x168 [ 58.370030][ T6598] el0t_64_sync_handler+0x84/0xfc [ 58.371330][ T6598] el0t_64_sync+0x190/0x194 [ 58.372525][ T6598] [ 58.373119][ T6598] The buggy address belongs to the object at ffff0000dc666780 [ 58.373119][ T6598] which belongs to the cache skbuff_head_cache of size 240 [ 58.376983][ T6598] The buggy address is located 0 bytes inside of [ 58.376983][ T6598] freed 240-byte region [ffff0000dc666780, ffff0000dc666870) [ 58.380564][ T6598] [ 58.381187][ T6598] The buggy address belongs to the physical page: [ 58.382887][ T6598] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c666 [ 58.385236][ T6598] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 58.387061][ T6598] page_type: 0xffffefff(slab) [ 58.388296][ T6598] raw: 05ffc00000000000 ffff0000c1bcc780 dead000000000122 0000000000000000 [ 58.390528][ T6598] raw: 0000000000000000 00000000000c000c 00000001ffffefff 0000000000000000 [ 58.392832][ T6598] page dumped because: kasan: bad access detected [ 58.394448][ T6598] [ 58.395050][ T6598] Memory state around the buggy address: [ 58.396477][ T6598] ffff0000dc666680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.398606][ T6598] ffff0000dc666700: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 58.400724][ T6598] >ffff0000dc666780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.402777][ T6598] ^ [ 58.403863][ T6598] ffff0000dc666800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 58.406024][ T6598] ffff0000dc666880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 58.408126][ T6598] ================================================================== [ 58.411438][ T6598] Disabling lock debugging due to kernel taint [ 58.414274][ T6598] Unable to handle kernel paging request at virtual address 0066c07580000338 [ 58.416579][ T6598] Mem abort info: [ 58.417441][ T6598] ESR = 0x0000000096000004 [ 58.418641][ T6598] EC = 0x25: DABT (current EL), IL = 32 bits [ 58.420208][ T6598] SET = 0, FnV = 0 [ 58.421434][ T6598] EA = 0, S1PTW = 0 [ 58.422423][ T6598] FSC = 0x04: level 0 translation fault [ 58.423838][ T6598] Data abort info: [ 58.424780][ T6598] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 58.426376][ T6598] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 58.427838][ T6598] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 58.429536][ T6598] [0066c07580000338] address between user and kernel address ranges [ 58.432060][ T6598] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 58.433893][ T6598] Modules linked in: [ 58.434884][ T6598] CPU: 0 PID: 6598 Comm: syz-executor.0 Tainted: G B W 6.10.0-rc3-syzkaller-00018-gac2193b4b460 #0 [ 58.437869][ T6598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 58.440541][ T6598] pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 58.442712][ T6598] pc : kcm_release+0x1bc/0x4c8 [ 58.443910][ T6598] lr : kcm_release+0x1b4/0x4c8 [ 58.445172][ T6598] sp : ffff800099bb7bc0 [ 58.446268][ T6598] x29: ffff800099bb7be0 x28: 1fffe0001a93812e x27: 1fffe0001a938130 [ 58.448473][ T6598] x26: dfff800000000000 x25: ffff0000dab62708 x24: 033a03ac000019c6 [ 58.450483][ T6598] x23: ffff0000dc666780 x22: ffff0000d49c0980 x21: ffff0000d49c0970 [ 58.452675][ T6598] x20: ffff0000d49c06c0 x19: ffff0000dab62700 x18: 1fffe000367b33de [ 58.454760][ T6598] x17: ffff80008efad000 x16: ffff800080a66988 x15: ffff60001b8cccf0 [ 58.456892][ T6598] x14: 1fffe0001b8cccf0 x13: 00000000000000fa x12: fffffffffffffffe [ 58.458981][ T6598] x11: ffff60001b8cccf0 x10: 1fffe0001b8cccf1 x9 : ffff8000938a6f80 [ 58.461049][ T6598] x8 : 0067407580000338 x7 : 0000000000000000 x6 : ffff8000802ae7b4 [ 58.463174][ T6598] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80008a309c30 [ 58.465122][ T6598] x2 : 0000000000000001 x1 : 0000000000000008 x0 : 0000000000000000 [ 58.467173][ T6598] Call trace: [ 58.468014][ T6598] kcm_release+0x1bc/0x4c8 [ 58.469267][ T6598] sock_close+0xa4/0x1e8 [ 58.470355][ T6598] __fput+0x334/0x760 [ 58.471404][ T6598] __fput_sync+0x60/0x9c [ 58.472455][ T6598] __arm64_sys_close+0x150/0x1e0 [ 58.473740][ T6598] invoke_syscall+0x98/0x2b8 [ 58.474893][ T6598] el0_svc_common+0x130/0x23c [ 58.476152][ T6598] do_el0_svc+0x48/0x58 [ 58.477248][ T6598] el0_svc+0x54/0x168 [ 58.478249][ T6598] el0t_64_sync_handler+0x84/0xfc [ 58.479608][ T6598] el0t_64_sync+0x190/0x194 [ 58.480713][ T6598] Code: aa1903e0 97705bf1 d343ff08 f9000338 (387a6908) [ 58.482529][ T6598] ---[ end trace 0000000000000000 ]--- [ 58.865542][ T6598] Kernel panic - not syncing: Oops: Fatal exception [ 58.867401][ T6598] SMP: stopping secondary CPUs [ 58.868646][ T6598] Kernel Offset: disabled [ 58.869792][ T6598] CPU features: 0x00,00000103,80100128,42017203 [ 58.871446][ T6598] Memory Limit: none [ 59.218102][ T6598] Rebooting in 86400 seconds..