Warning: Permanently added '10.128.1.100' (ED25519) to the list of known hosts. 1970/01/01 00:01:00 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:00 ignoring optional flag "type"="gce" 1970/01/01 00:01:00 parsed 1 programs [ 61.251435][ T4294] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS 1970/01/01 00:01:01 executed programs: 0 [ 61.396092][ T4313] chnl_net:caif_netlink_parms(): no params data found [ 61.431891][ T4313] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.433887][ T4313] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.436392][ T4313] device bridge_slave_0 entered promiscuous mode [ 61.441887][ T4313] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.443936][ T4313] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.447016][ T4313] device bridge_slave_1 entered promiscuous mode [ 61.472078][ T4313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.476723][ T4313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.492806][ T4313] team0: Port device team_slave_0 added [ 61.497113][ T4313] team0: Port device team_slave_1 added [ 61.509939][ T4313] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.511813][ T4313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.518991][ T4313] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.522990][ T4313] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.524762][ T4313] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.531958][ T4313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.597916][ T4313] device hsr_slave_0 entered promiscuous mode [ 61.616149][ T4313] device hsr_slave_1 entered promiscuous mode [ 62.348238][ T4313] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.382712][ T4313] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.417659][ T4313] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.470037][ T4313] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 62.544267][ T4313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.559418][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 62.561982][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 62.567515][ T4313] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.577008][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 62.579745][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 62.582279][ T136] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.584077][ T136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.589231][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 62.592015][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 62.594471][ T136] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.596546][ T136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.606542][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 62.610140][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 62.613033][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 62.617589][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 62.620811][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 62.631691][ T4313] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 62.634352][ T4313] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 62.641198][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 62.643741][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 62.649589][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 62.652711][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 62.658612][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 62.662099][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 62.664703][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 62.672022][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 62.748064][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 62.749994][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 62.762120][ T4313] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 62.775167][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 62.778827][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 62.791982][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 62.795037][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 62.798415][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 62.800864][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 62.806963][ T4313] device veth0_vlan entered promiscuous mode [ 62.814002][ T4313] device veth1_vlan entered promiscuous mode [ 62.832606][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 62.837603][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 62.840330][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 62.843141][ T607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 62.850890][ T4313] device veth0_macvtap entered promiscuous mode [ 62.855077][ T4313] device veth1_macvtap entered promiscuous mode [ 62.866889][ T4313] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.870321][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 62.872835][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 62.875268][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 62.879258][ T136] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 62.882998][ T4313] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.889091][ T4313] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.891457][ T4313] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.893683][ T4313] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.897562][ T4313] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.901791][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 62.904603][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 62.953651][ T1883] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.957905][ T1883] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.960895][ T148] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 62.979765][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 62.982014][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 62.985114][ T1883] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 63.337049][ T25] Bluetooth: hci0: command 0x0409 tx timeout [ 65.416502][ T25] Bluetooth: hci0: command 0x041b tx timeout 1970/01/01 00:01:06 executed programs: 93 [ 67.495838][ T3607] Bluetooth: hci0: command 0x040f tx timeout [ 69.575830][ T25] Bluetooth: hci0: command 0x0419 tx timeout [ 69.658322][ T2057] ieee802154 phy0 wpan0: encryption failed: -22 [ 69.660091][ T2057] ieee802154 phy1 wpan1: encryption failed: -22 1970/01/01 00:01:11 executed programs: 285 [ 73.645805][ C1] IPv4: Attempt to release TCP socket in state 8 000000003dd3aebe [ 73.648037][ C1] [ 73.648562][ C1] ========================= [ 73.649554][ C1] WARNING: held lock freed! [ 73.650587][ C1] 5.15.174-syzkaller #0 Not tainted [ 73.651802][ C1] ------------------------- [ 73.652841][ C1] syz-executor.0/5460 is freeing memory ffff0000cfd7d080-ffff0000cfd7db5f, with a lock still held there! [ 73.655511][ C1] ffff0000cfd7d1a0 (sk_lock-AF_INET){+.+.}-{0:0}, at: inet_sendmsg+0x15c/0x290 [ 73.657515][ C1] 2 locks held by syz-executor.0/5460: [ 73.658698][ C1] #0: ffff0000cfd7d1a0 (sk_lock-AF_INET){+.+.}-{0:0}, at: inet_sendmsg+0x15c/0x290 [ 73.660833][ C1] #1: ffff800008017ba0 ((&msk->sk.icsk_retransmit_timer)){+.-.}-{0:0}, at: call_timer_fn+0xd0/0x8f0 [ 73.663381][ C1] [ 73.663381][ C1] stack backtrace: [ 73.664764][ C1] CPU: 1 PID: 5460 Comm: syz-executor.0 Not tainted 5.15.174-syzkaller #0 [ 73.666734][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 73.669046][ C1] Call trace: [ 73.669723][ C1] dump_backtrace+0x0/0x530 [ 73.670733][ C1] show_stack+0x2c/0x3c [ 73.671745][ C1] dump_stack_lvl+0x108/0x170 [ 73.672900][ C1] dump_stack+0x1c/0x58 [ 73.673863][ C1] debug_check_no_locks_freed+0x27c/0x300 [ 73.675205][ C1] slab_free_freelist_hook+0x88/0x1ec [ 73.676446][ C1] kmem_cache_free+0xdc/0x3c4 [ 73.677537][ C1] __sk_destruct+0x408/0x600 [ 73.678588][ C1] __sk_free+0x37c/0x4e8 [ 73.679552][ C1] sk_free+0x68/0xdc [ 73.680452][ C1] mptcp_retransmit_timer+0x198/0x2bc [ 73.681773][ C1] call_timer_fn+0x19c/0x8f0 [ 73.682853][ C1] __run_timers+0x554/0x718 [ 73.683943][ C1] run_timer_softirq+0x7c/0x114 [ 73.685115][ C1] handle_softirqs+0x384/0xdbc [ 73.686274][ C1] __irq_exit_rcu+0x268/0x4d8 [ 73.687418][ C1] irq_exit+0x14/0x88 [ 73.688315][ C1] handle_domain_irq+0xf4/0x178 [ 73.689431][ C1] gic_handle_irq+0x78/0x1c8 [ 73.690529][ C1] call_on_irq_stack+0x24/0x4c [ 73.691711][ C1] do_interrupt_handler+0x74/0x94 [ 73.692890][ C1] el1_interrupt+0x30/0x58 [ 73.693956][ C1] el1h_64_irq_handler+0x18/0x24 [ 73.695099][ C1] el1h_64_irq+0x78/0x7c [ 73.696123][ C1] _raw_spin_unlock_irqrestore+0xbc/0x158 [ 73.697498][ C1] __mod_timer+0x960/0xd30 [ 73.698532][ C1] mod_timer+0x2c/0x3c [ 73.699454][ C1] sk_reset_timer+0x30/0xfc [ 73.700451][ C1] __mptcp_push_pending+0x6a8/0x85c [ 73.701694][ C1] mptcp_sendmsg+0x1544/0x1a1c [ 73.702850][ C1] inet_sendmsg+0x15c/0x290 [ 73.703908][ C1] ____sys_sendmsg+0x584/0x870 [ 73.705066][ C1] ___sys_sendmsg+0x214/0x294 [ 73.706198][ C1] __arm64_sys_sendmsg+0x1ac/0x25c [ 73.707442][ C1] invoke_syscall+0x98/0x2b8 [ 73.708504][ C1] el0_svc_common+0x138/0x258 [ 73.709625][ C1] do_el0_svc+0x58/0x14c [ 73.710662][ C1] el0_svc+0x7c/0x1f0 [ 73.711605][ C1] el0t_64_sync_handler+0x84/0xe4 [ 73.712808][ C1] el0t_64_sync+0x1a0/0x1a4 [ 73.714709][ T5460] ------------[ cut here ]------------ [ 73.716668][ T5460] refcount_t: addition on 0; use-after-free. [ 73.718289][ T5460] WARNING: CPU: 1 PID: 5460 at lib/refcount.c:25 refcount_warn_saturate+0x1a8/0x20c [ 73.720438][ T5460] Modules linked in: [ 73.721342][ T5460] CPU: 1 PID: 5460 Comm: syz-executor.0 Not tainted 5.15.174-syzkaller #0 [ 73.723324][ T5460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 73.725683][ T5460] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 73.727541][ T5460] pc : refcount_warn_saturate+0x1a8/0x20c [ 73.728876][ T5460] lr : refcount_warn_saturate+0x1a8/0x20c [ 73.730270][ T5460] sp : ffff800021a37440 [ 73.731269][ T5460] x29: ffff800021a37440 x28: ffff0000cfd7d8c8 x27: ffff0000cfd7d080 [ 73.733113][ T5460] x26: dfff800000000000 x25: ffff0000d765818e x24: 0000000000000000 [ 73.735028][ T5460] x23: ffff700004346ea8 x22: 0000000000000000 x21: 0000000000000002 [ 73.736868][ T5460] x20: ffff0000cfd7d100 x19: ffff800016fcd000 x18: 1fffe00036832d8e [ 73.738701][ T5460] x17: 1fffe00036832d8e x16: ffff800011b4d2d0 x15: ffff800014c0fac0 [ 73.740611][ T5460] x14: ffff0001b4196c80 x13: ffff0001b4196c7c x12: 0000000000000001 [ 73.742399][ T5460] x11: 0000000000000000 x10: 0000000000000000 x9 : b3f518603bc06e00 [ 73.744328][ T5460] x8 : b3f518603bc06e00 x7 : 0000000000000000 x6 : ffff80000826abdc [ 73.746252][ T5460] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800008046154 [ 73.748234][ T5460] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000002a [ 73.750144][ T5460] Call trace: [ 73.750889][ T5460] refcount_warn_saturate+0x1a8/0x20c [ 73.752129][ T5460] sk_reset_timer+0xcc/0xfc [ 73.753185][ T5460] __mptcp_push_pending+0x6a8/0x85c [ 73.754405][ T5460] mptcp_sendmsg+0x1544/0x1a1c [ 73.755521][ T5460] inet_sendmsg+0x15c/0x290 [ 73.756612][ T5460] ____sys_sendmsg+0x584/0x870 [ 73.757797][ T5460] ___sys_sendmsg+0x214/0x294 [ 73.758913][ T5460] __arm64_sys_sendmsg+0x1ac/0x25c [ 73.760060][ T5460] invoke_syscall+0x98/0x2b8 [ 73.761115][ T5460] el0_svc_common+0x138/0x258 [ 73.762265][ T5460] do_el0_svc+0x58/0x14c [ 73.763316][ T5460] el0_svc+0x7c/0x1f0 [ 73.764243][ T5460] el0t_64_sync_handler+0x84/0xe4 [ 73.765448][ T5460] el0t_64_sync+0x1a0/0x1a4 [ 73.766501][ T5460] irq event stamp: 1572 [ 73.767540][ T5460] hardirqs last enabled at (1572): [] kasan_quarantine_put+0xdc/0x204 [ 73.769949][ T5460] hardirqs last disabled at (1571): [] kasan_quarantine_put+0x9c/0x204 [ 73.772183][ T5460] softirqs last enabled at (1536): [] mptcp_sendmsg+0xcf0/0x1a1c [ 73.774315][ T5460] softirqs last disabled at (1541): [] __irq_exit_rcu+0x268/0x4d8 [ 73.776444][ T5460] ---[ end trace 27f6600ceba51088 ]--- [ 73.780564][ T5459] ------------[ cut here ]------------ [ 73.781853][ T5459] refcount_t: saturated; leaking memory. [ 73.783312][ T5459] WARNING: CPU: 0 PID: 5459 at lib/refcount.c:22 refcount_warn_saturate+0x188/0x20c [ 73.785482][ T5459] Modules linked in: [ 73.786415][ T5459] CPU: 0 PID: 5459 Comm: syz-executor.0 Tainted: G W 5.15.174-syzkaller #0 [ 73.788736][ T5459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 73.791133][ T5459] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 73.793016][ T5459] pc : refcount_warn_saturate+0x188/0x20c [ 73.794439][ T5459] lr : refcount_warn_saturate+0x188/0x20c [ 73.795827][ T5459] sp : ffff8000217978d0 [ 73.796816][ T5459] x29: ffff8000217978d0 x28: 00000000002e0003 x27: 1fffe0001a3fc995 [ 73.798734][ T5459] x26: dfff800000000000 x25: ffff0000cfd7d080 x24: 1fffe00019fafaa0 [ 73.800640][ T5459] x23: ffff0000cfd7da48 x22: 1ffff0000295de30 x21: 0000000000000001 [ 73.802556][ T5459] x20: ffff0000cfd7d100 x19: ffff800016fcd000 x18: 0000000000000001 [ 73.804473][ T5459] x17: 0000000000000000 x16: ffff800011b4e2a8 x15: 00000000ffffffff [ 73.806346][ T5459] x14: ffff0000d60c0000 x13: 0000000000000001 x12: 0000000000000001 [ 73.808213][ T5459] x11: 0000000000000000 x10: 0000000000000000 x9 : 04b80c53f5de1500 [ 73.810073][ T5459] x8 : 04b80c53f5de1500 x7 : 0000000000000001 x6 : 0000000000000001 [ 73.811971][ T5459] x5 : ffff800021797038 x4 : ffff800014c50660 x3 : ffff800008555fe4 [ 73.813864][ T5459] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000026 [ 73.815765][ T5459] Call trace: [ 73.816496][ T5459] refcount_warn_saturate+0x188/0x20c [ 73.817753][ T5459] mptcp_close+0x7a8/0xab0 [ 73.818848][ T5459] inet_release+0x160/0x1d0 [ 73.819879][ T5459] sock_close+0xb8/0x1fc [ 73.820846][ T5459] __fput+0x1c4/0x800 [ 73.821779][ T5459] ____fput+0x20/0x30 [ 73.822686][ T5459] task_work_run+0x130/0x1e4 [ 73.823828][ T5459] do_notify_resume+0x262c/0x32b8 [ 73.825020][ T5459] el0_svc+0xfc/0x1f0 [ 73.826009][ T5459] el0t_64_sync_handler+0x84/0xe4 [ 73.827196][ T5459] el0t_64_sync+0x1a0/0x1a4 [ 73.828278][ T5459] irq event stamp: 1438 [ 73.829243][ T5459] hardirqs last enabled at (1437): [] _raw_spin_unlock_irqrestore+0xac/0x158 [ 73.831706][ T5459] hardirqs last disabled at (1438): [] __schedule+0x308/0x1e48 [ 73.833862][ T5459] softirqs last enabled at (1420): [] local_bh_enable+0x10/0x34 [ 73.836150][ T5459] softirqs last disabled at (1418): [] local_bh_disable+0x10/0x34 [ 73.838391][ T5459] ---[ end trace 27f6600ceba51089 ]--- [ 73.839916][ T5459] ------------[ cut here ]------------ [ 73.842836][ T5459] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: mptcp_retransmit_timer+0x0/0x2bc [ 73.845901][ T5459] WARNING: CPU: 0 PID: 5459 at lib/debugobjects.c:521 debug_print_object+0x148/0x1d4 [ 73.848147][ T5459] Modules linked in: [ 73.849090][ T5459] CPU: 0 PID: 5459 Comm: syz-executor.0 Tainted: G W 5.15.174-syzkaller #0 [ 73.851679][ T5459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 73.854248][ T5459] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 73.856307][ T5459] pc : debug_print_object+0x148/0x1d4 [ 73.857662][ T5459] lr : debug_print_object+0x148/0x1d4 [ 73.859118][ T5459] sp : ffff8000217975b0 [ 73.860192][ T5459] x29: ffff8000217975b0 x28: dfff800000000000 x27: ffff7000042f2ec4 [ 73.862249][ T5459] x26: 1ffff000042f2ee4 x25: ffff8000083bc048 x24: dfff800000000000 [ 73.864325][ T5459] x23: 0000000000000000 x22: ffff800011af3f74 x21: ffff800012166240 [ 73.866276][ T5459] x20: ffff800011cc2ee0 x19: ffff800012165d80 x18: 0000000000000001 [ 73.868300][ T5459] x17: 0000000000000000 x16: ffff800011b4e2a8 x15: 00000000ffffffff [ 73.870317][ T5459] x14: ffff0000d60c0000 x13: 0000000000000001 x12: 0000000000000001 [ 73.872340][ T5459] x11: 0000000000000000 x10: 0000000000000000 x9 : 04b80c53f5de1500 [ 73.874389][ T5459] x8 : 04b80c53f5de1500 x7 : 0000000000000001 x6 : 0000000000000001 [ 73.876514][ T5459] x5 : ffff800021796d18 x4 : ffff800014c50660 x3 : ffff800008555fe4 [ 73.878567][ T5459] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000071 [ 73.880654][ T5459] Call trace: [ 73.881469][ T5459] debug_print_object+0x148/0x1d4 [ 73.882835][ T5459] debug_object_assert_init+0x314/0x3c4 [ 73.884251][ T5459] del_timer+0xa8/0x2b4 [ 73.885329][ T5459] sk_stop_timer+0x24/0xd4 [ 73.886437][ T5459] __mptcp_destroy_sock+0x300/0x6a4 [ 73.887710][ T5459] mptcp_close+0x618/0xab0 [ 73.888873][ T5459] inet_release+0x160/0x1d0 [ 73.890071][ T5459] sock_close+0xb8/0x1fc [ 73.891236][ T5459] __fput+0x1c4/0x800 [ 73.892277][ T5459] ____fput+0x20/0x30 [ 73.893332][ T5459] task_work_run+0x130/0x1e4 [ 73.894622][ T5459] do_notify_resume+0x262c/0x32b8 [ 73.895927][ T5459] el0_svc+0xfc/0x1f0 [ 73.896992][ T5459] el0t_64_sync_handler+0x84/0xe4 [ 73.898272][ T5459] el0t_64_sync+0x1a0/0x1a4 [ 73.899451][ T5459] irq event stamp: 1438 [ 73.900462][ T5459] hardirqs last enabled at (1437): [] _raw_spin_unlock_irqrestore+0xac/0x158 [ 73.903093][ T5459] hardirqs last disabled at (1438): [] __schedule+0x308/0x1e48 [ 73.905443][ T5459] softirqs last enabled at (1420): [] local_bh_enable+0x10/0x34 [ 73.907813][ T5459] softirqs last disabled at (1418): [] local_bh_disable+0x10/0x34 [ 73.910194][ T5459] ---[ end trace 27f6600ceba5108a ]--- [ 73.912774][ T5459] ------------[ cut here ]------------ [ 73.914144][ T5459] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: mptcp_tout_timer+0x0/0xe8 [ 73.918588][ T5459] WARNING: CPU: 0 PID: 5459 at lib/debugobjects.c:521 debug_print_object+0x148/0x1d4 [ 73.920943][ T5459] Modules linked in: [ 73.921905][ T5459] CPU: 0 PID: 5459 Comm: syz-executor.0 Tainted: G W 5.15.174-syzkaller #0 [ 73.924338][ T5459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 73.926851][ T5459] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 73.928686][ T5459] pc : debug_print_object+0x148/0x1d4 [ 73.929961][ T5459] lr : debug_print_object+0x148/0x1d4 [ 73.931319][ T5459] sp : ffff8000217975b0 [ 73.932307][ T5459] x29: ffff8000217975b0 x28: dfff800000000000 x27: ffff7000042f2ec4 [ 73.934376][ T5459] x26: ffff0000dd025b40 x25: ffff8000083bc048 x24: dfff800000000000 [ 73.936382][ T5459] x23: 0000000000000000 x22: ffff800011af4230 x21: ffff800012166240 [ 73.938331][ T5459] x20: ffff800011cc2ee0 x19: ffff800012165d80 x18: 1fffe0003682eb8e [ 73.940404][ T5459] x17: 1fffe0003682eb8e x16: ffff800011b4e2a8 x15: ffff800014c0fac0 [ 73.942503][ T5459] x14: ffff0001b4175c80 x13: ffff0001b4175c7c x12: 0000000000000001 [ 73.944638][ T5459] x11: 0000000000000000 x10: 0000000000000000 x9 : 04b80c53f5de1500 [ 73.946709][ T5459] x8 : 04b80c53f5de1500 x7 : 0000000000000000 x6 : ffff80000826abdc [ 73.948743][ T5459] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80000aa0ff7c [ 73.950858][ T5459] x2 : ffff0001b4175d10 x1 : 0000000100000000 x0 : 000000000000006a [ 73.952952][ T5459] Call trace: [ 73.953722][ T5459] debug_print_object+0x148/0x1d4 [ 73.955080][ T5459] debug_object_assert_init+0x314/0x3c4 [ 73.956477][ T5459] del_timer+0xa8/0x2b4 [ 73.957592][ T5459] sk_stop_timer+0x24/0xd4 [ 73.958653][ T5459] __mptcp_destroy_sock+0x30c/0x6a4 [ 73.959952][ T5459] mptcp_close+0x618/0xab0 [ 73.961003][ T5459] inet_release+0x160/0x1d0 [ 73.962220][ T5459] sock_close+0xb8/0x1fc [ 73.963346][ T5459] __fput+0x1c4/0x800 [ 73.964366][ T5459] ____fput+0x20/0x30 [ 73.965426][ T5459] task_work_run+0x130/0x1e4 [ 73.966592][ T5459] do_notify_resume+0x262c/0x32b8 [ 73.967903][ T5459] el0_svc+0xfc/0x1f0 [ 73.968986][ T5459] el0t_64_sync_handler+0x84/0xe4 [ 73.970264][ T5459] el0t_64_sync+0x1a0/0x1a4 [ 73.971413][ T5459] irq event stamp: 1438 [ 73.972450][ T5459] hardirqs last enabled at (1437): [] _raw_spin_unlock_irqrestore+0xac/0x158 [ 73.975122][ T5459] hardirqs last disabled at (1438): [] __schedule+0x308/0x1e48 [ 73.977551][ T5459] softirqs last enabled at (1420): [] local_bh_enable+0x10/0x34 [ 73.979967][ T5459] softirqs last disabled at (1418): [] local_bh_disable+0x10/0x34 [ 73.982331][ T5459] ---[ end trace 27f6600ceba5108b ]--- [ 73.983916][ T5459] ------------[ cut here ]------------ [ 73.987177][ T5459] refcount_t: underflow; use-after-free. [ 73.988832][ T5459] WARNING: CPU: 0 PID: 5459 at lib/refcount.c:28 refcount_warn_saturate+0x1c8/0x20c [ 73.991181][ T5459] Modules linked in: [ 73.992132][ T5459] CPU: 0 PID: 5459 Comm: syz-executor.0 Tainted: G W 5.15.174-syzkaller #0 [ 73.994542][ T5459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 73.997126][ T5459] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 73.999038][ T5459] pc : refcount_warn_saturate+0x1c8/0x20c [ 74.000437][ T5459] lr : refcount_warn_saturate+0x1c8/0x20c [ 74.001834][ T5459] sp : ffff8000217977d0 [ 74.002842][ T5459] x29: ffff8000217977d0 x28: 00000000002e0003 x27: ffff0000cfd7da48 [ 74.004850][ T5459] x26: 1fffe00019fafb49 x25: dfff800000000000 x24: 1fffe00019fafb4e [ 74.006798][ T5459] x23: ffff0000cfd7da70 x22: 0000000000000000 x21: 0000000000000003 [ 74.008860][ T5459] x20: ffff0000cfd7d100 x19: ffff800016fcd000 x18: 0000000000000001 [ 74.010931][ T5459] x17: 0000000000000000 x16: ffff800011b4e2a8 x15: 00000000ffffffff [ 74.012931][ T5459] x14: ffff0000d60c0000 x13: 0000000000000001 x12: 0000000000000001 [ 74.015021][ T5459] x11: 0000000000000000 x10: 0000000000000000 x9 : 04b80c53f5de1500 [ 74.017023][ T5459] x8 : 04b80c53f5de1500 x7 : 0000000000000001 x6 : 0000000000000001 [ 74.019159][ T5459] x5 : ffff800021796f38 x4 : ffff800014c50660 x3 : ffff800008555fe4 [ 74.021211][ T5459] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000026 [ 74.023181][ T5459] Call trace: [ 74.023983][ T5459] refcount_warn_saturate+0x1c8/0x20c [ 74.025340][ T5459] __mptcp_destroy_sock+0x5f8/0x6a4 [ 74.026704][ T5459] mptcp_close+0x618/0xab0 [ 74.027819][ T5459] inet_release+0x160/0x1d0 [ 74.028962][ T5459] sock_close+0xb8/0x1fc [ 74.030027][ T5459] __fput+0x1c4/0x800 [ 74.031040][ T5459] ____fput+0x20/0x30 [ 74.031969][ T5459] task_work_run+0x130/0x1e4 [ 74.033069][ T5459] do_notify_resume+0x262c/0x32b8 [ 74.034253][ T5459] el0_svc+0xfc/0x1f0 [ 74.035238][ T5459] el0t_64_sync_handler+0x84/0xe4 [ 74.036470][ T5459] el0t_64_sync+0x1a0/0x1a4 [ 74.037654][ T5459] irq event stamp: 1438 [ 74.038730][ T5459] hardirqs last enabled at (1437): [] _raw_spin_unlock_irqrestore+0xac/0x158 [ 74.041255][ T5459] hardirqs last disabled at (1438): [] __schedule+0x308/0x1e48 [ 74.043539][ T5459] softirqs last enabled at (1420): [] local_bh_enable+0x10/0x34 [ 74.045815][ T5459] softirqs last disabled at (1418): [] local_bh_disable+0x10/0x34 [ 74.048215][ T5459] ---[ end trace 27f6600ceba5108c ]--- [ 74.776514][ T3323] cfg80211: failed to load regulatory.db 1970/01/01 00:01:16 executed programs: 508 1970/01/01 00:01:21 executed programs: 780