Warning: Permanently added '10.128.1.74' (ED25519) to the list of known hosts. 1970/01/01 00:01:01 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:01 parsed 1 programs 1970/01/01 00:01:01 executed programs: 0 [ 62.750781][ T5674] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.753284][ T5674] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.755556][ T5674] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.758730][ T5674] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.760907][ T5674] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 62.762919][ T5674] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.828722][ T6457] chnl_net:caif_netlink_parms(): no params data found [ 62.855373][ T6457] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.857458][ T6457] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.859286][ T6457] bridge_slave_0: entered allmulticast mode [ 62.861328][ T6457] bridge_slave_0: entered promiscuous mode [ 62.864308][ T6457] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.866134][ T6457] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.868226][ T6457] bridge_slave_1: entered allmulticast mode [ 62.870265][ T6457] bridge_slave_1: entered promiscuous mode [ 62.882475][ T6457] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.886279][ T6457] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.898610][ T6457] team0: Port device team_slave_0 added [ 62.901325][ T6457] team0: Port device team_slave_1 added [ 62.911885][ T6457] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.913721][ T6457] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.920732][ T6457] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.924685][ T6457] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.926555][ T6457] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.933361][ T6457] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.008379][ T6457] hsr_slave_0: entered promiscuous mode [ 63.047072][ T6457] hsr_slave_1: entered promiscuous mode [ 63.821192][ T6457] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.886673][ T6457] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.938258][ T6457] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.989212][ T6457] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.079166][ T6457] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.090014][ T6457] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.094548][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.096430][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.107522][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.109314][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.194541][ T6457] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.218653][ T6457] veth0_vlan: entered promiscuous mode [ 64.223876][ T6457] veth1_vlan: entered promiscuous mode [ 64.241187][ T6457] veth0_macvtap: entered promiscuous mode [ 64.244273][ T6457] veth1_macvtap: entered promiscuous mode [ 64.253161][ T6457] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.261703][ T6457] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.266110][ T6457] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.270482][ T6457] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.272798][ T6457] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.274968][ T6457] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.316584][ T258] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.322351][ T258] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.333684][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.335664][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.406048][ T6554] loop0: detected capacity change from 0 to 2048 [ 64.422664][ T6557] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 64.440997][ T6554] syz-executor.0: attempt to access beyond end of device [ 64.440997][ T6554] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 64.459918][ T6554] syz-executor.0: attempt to access beyond end of device [ 64.459918][ T6554] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 64.503435][ T6565] loop0: detected capacity change from 0 to 2048 [ 64.509127][ T2217] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.510884][ T2217] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.521069][ T6567] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 64.532336][ T6565] syz-executor.0: attempt to access beyond end of device [ 64.532336][ T6565] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 64.539669][ T6565] syz-executor.0: attempt to access beyond end of device [ 64.539669][ T6565] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 64.573432][ T6571] loop0: detected capacity change from 0 to 2048 [ 64.581902][ T6573] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 64.588944][ T6571] syz-executor.0: attempt to access beyond end of device [ 64.588944][ T6571] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 64.595128][ T6571] syz-executor.0: attempt to access beyond end of device [ 64.595128][ T6571] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 64.632352][ T6578] loop0: detected capacity change from 0 to 2048 [ 64.642263][ T6579] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 64.654461][ T6578] syz-executor.0: attempt to access beyond end of device [ 64.654461][ T6578] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 64.659768][ T6578] syz-executor.0: attempt to access beyond end of device [ 64.659768][ T6578] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 64.703527][ T6586] loop0: detected capacity change from 0 to 2048 [ 64.713420][ T6588] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 64.731182][ T6586] syz-executor.0: attempt to access beyond end of device [ 64.731182][ T6586] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 64.748365][ T6586] syz-executor.0: attempt to access beyond end of device [ 64.748365][ T6586] loop0: rw=0, sector=576460752303423530, nr_sectors = 2 limit=2048 [ 64.794638][ T6595] loop0: detected capacity change from 0 to 2048 [ 64.803192][ T6596] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 64.837523][ T5674] Bluetooth: hci0: command 0x0409 tx timeout [ 64.870699][ T6604] loop0: detected capacity change from 0 to 2048 [ 64.885696][ T6606] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 66.906960][ T5674] Bluetooth: hci0: command 0x041b tx timeout [ 68.997248][ T5674] Bluetooth: hci0: command 0x040f tx timeout [ 69.628132][ T1658] cfg80211: failed to load regulatory.db [ 69.946921][ C0] ================================================================== [ 69.949118][ C0] BUG: KASAN: slab-use-after-free in __lock_acquire+0x114/0x763c [ 69.951128][ C0] Read of size 8 at addr ffff0000cc550990 by task kworker/u4:5/258 [ 69.953134][ C0] [ 69.953757][ C0] CPU: 0 PID: 258 Comm: kworker/u4:5 Not tainted 6.7.0-rc3-syzkaller #0 [ 69.955867][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 69.958497][ C0] Workqueue: events_power_efficient gc_worker [ 69.960103][ C0] Call trace: [ 69.960982][ C0] dump_backtrace+0x1b8/0x1e4 [ 69.962174][ C0] show_stack+0x2c/0x44 [ 69.963297][ C0] dump_stack_lvl+0xd0/0x124 [ 69.964507][ C0] print_report+0x174/0x514 [ 69.965752][ C0] kasan_report+0xd8/0x138 [ 69.966932][ C0] __asan_report_load8_noabort+0x20/0x2c [ 69.968363][ C0] __lock_acquire+0x114/0x763c [ 69.969595][ C0] lock_acquire+0x23c/0x71c [ 69.970814][ C0] _raw_spin_lock_irqsave+0x5c/0x7c [ 69.972220][ C0] try_to_wake_up+0xb0/0xf50 [ 69.973421][ C0] wake_up_process+0x18/0x24 [ 69.974666][ C0] nilfs_construction_timeout+0x40/0x50 [ 69.976160][ C0] call_timer_fn+0x19c/0x8cc [ 69.977333][ C0] __run_timers+0x55c/0x734 [ 69.978599][ C0] run_timer_softirq+0x7c/0x114 [ 69.979826][ C0] __do_softirq+0x2d8/0xce4 [ 69.980993][ C0] ____do_softirq+0x14/0x20 [ 69.982189][ C0] call_on_irq_stack+0x24/0x4c [ 69.983398][ C0] do_softirq_own_stack+0x20/0x2c [ 69.984697][ C0] __irq_exit_rcu+0x1d8/0x434 [ 69.985904][ C0] irq_exit_rcu+0x14/0x84 [ 69.987064][ C0] el1_interrupt+0x38/0x68 [ 69.988173][ C0] el1h_64_irq_handler+0x18/0x24 [ 69.989463][ C0] el1h_64_irq+0x64/0x68 [ 69.990586][ C0] seqcount_lockdep_reader_access+0xe4/0x104 [ 69.992140][ C0] gc_worker+0x298/0x12cc [ 69.993212][ C0] process_one_work+0x694/0x1204 [ 69.994524][ C0] worker_thread+0x938/0xef4 [ 69.995679][ C0] kthread+0x288/0x310 [ 69.996789][ C0] ret_from_fork+0x10/0x20 [ 69.997958][ C0] [ 69.998538][ C0] Allocated by task 2: [ 69.999529][ C0] kasan_set_track+0x4c/0x7c [ 70.000738][ C0] kasan_save_alloc_info+0x24/0x30 [ 70.002094][ C0] __kasan_slab_alloc+0x74/0x8c [ 70.003367][ C0] slab_post_alloc_hook+0x90/0x498 [ 70.004684][ C0] kmem_cache_alloc_node+0x2b4/0x458 [ 70.006091][ C0] dup_task_struct+0x74/0x888 [ 70.007298][ C0] copy_process+0x488/0x3478 [ 70.008471][ C0] kernel_clone+0x1d8/0x80c [ 70.009638][ C0] kernel_thread+0x184/0x200 [ 70.010774][ C0] kthreadd+0x464/0x670 [ 70.011855][ C0] ret_from_fork+0x10/0x20 [ 70.013016][ C0] [ 70.013557][ C0] Freed by task 6609: [ 70.014638][ C0] kasan_set_track+0x4c/0x7c [ 70.015831][ C0] kasan_save_free_info+0x38/0x5c [ 70.017155][ C0] ____kasan_slab_free+0x144/0x1c0 [ 70.018465][ C0] __kasan_slab_free+0x18/0x28 [ 70.019686][ C0] kmem_cache_free+0x2e4/0x56c [ 70.020884][ C0] free_task+0xe8/0x14c [ 70.021956][ C0] __put_task_struct+0x178/0x210 [ 70.023218][ C0] put_task_struct+0x88/0x10c [ 70.024387][ C0] delayed_put_task_struct+0xdc/0x2d8 [ 70.025849][ C0] rcu_core+0x890/0x1b34 [ 70.026944][ C0] rcu_core_si+0x10/0x1c [ 70.028084][ C0] __do_softirq+0x2d8/0xce4 [ 70.029272][ C0] [ 70.029879][ C0] Last potentially related work creation: [ 70.031377][ C0] kasan_save_stack+0x40/0x6c [ 70.032618][ C0] __kasan_record_aux_stack+0xcc/0xe8 [ 70.034006][ C0] kasan_record_aux_stack_noalloc+0x14/0x20 [ 70.035551][ C0] call_rcu+0x104/0xaf4 [ 70.036704][ C0] put_task_struct_rcu_user+0x70/0xd8 [ 70.038062][ C0] finish_task_switch+0x5b4/0x614 [ 70.039329][ C0] __schedule+0x1358/0x2360 [ 70.040517][ C0] preempt_schedule_common+0xe8/0x1dc [ 70.041941][ C0] preempt_schedule+0x60/0x80 [ 70.043120][ C0] __local_bh_enable_ip+0x244/0x44c [ 70.044441][ C0] local_bh_enable+0x20/0x2c [ 70.045685][ C0] srcu_invoke_callbacks+0x1e4/0x3d8 [ 70.047022][ C0] process_one_work+0x694/0x1204 [ 70.048328][ C0] worker_thread+0x938/0xef4 [ 70.049535][ C0] kthread+0x288/0x310 [ 70.050588][ C0] ret_from_fork+0x10/0x20 [ 70.051747][ C0] [ 70.052306][ C0] Second to last potentially related work creation: [ 70.054040][ C0] kasan_save_stack+0x40/0x6c [ 70.055244][ C0] __kasan_record_aux_stack+0xcc/0xe8 [ 70.056612][ C0] kasan_record_aux_stack_noalloc+0x14/0x20 [ 70.058116][ C0] call_rcu+0x104/0xaf4 [ 70.059230][ C0] release_task+0x142c/0x15a8 [ 70.060443][ C0] wait_consider_task+0x15f0/0x2644 [ 70.061841][ C0] __do_wait+0x188/0x724 [ 70.062901][ C0] do_wait+0x1d8/0x550 [ 70.063930][ C0] kernel_wait4+0x24c/0x3d8 [ 70.065055][ C0] __arm64_sys_wait4+0x11c/0x2a0 [ 70.066365][ C0] invoke_syscall+0x98/0x2b8 [ 70.067536][ C0] el0_svc_common+0x130/0x23c [ 70.068781][ C0] do_el0_svc+0x48/0x58 [ 70.069861][ C0] el0_svc+0x54/0x158 [ 70.070892][ C0] el0t_64_sync_handler+0x84/0xfc [ 70.072247][ C0] el0t_64_sync+0x190/0x194 [ 70.073409][ C0] [ 70.074012][ C0] The buggy address belongs to the object at ffff0000cc550000 [ 70.074012][ C0] which belongs to the cache task_struct of size 6848 [ 70.077715][ C0] The buggy address is located 2448 bytes inside of [ 70.077715][ C0] freed 6848-byte region [ffff0000cc550000, ffff0000cc551ac0) [ 70.081360][ C0] [ 70.081938][ C0] The buggy address belongs to the physical page: [ 70.083586][ C0] page:00000000e37aa608 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10c550 [ 70.086321][ C0] head:00000000e37aa608 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 70.088618][ C0] memcg:ffff0000d3e09981 [ 70.089738][ C0] anon flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 70.091987][ C0] page_type: 0xffffffff() [ 70.093081][ C0] raw: 05ffc00000000840 ffff0000c1863500 0000000000000000 dead000000000001 [ 70.095297][ C0] raw: 0000000000000000 0000000000040004 00000001ffffffff ffff0000d3e09981 [ 70.097543][ C0] page dumped because: kasan: bad access detected [ 70.099177][ C0] [ 70.099789][ C0] Memory state around the buggy address: [ 70.101282][ C0] ffff0000cc550880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.103492][ C0] ffff0000cc550900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.105647][ C0] >ffff0000cc550980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.107739][ C0] ^ [ 70.108922][ C0] ffff0000cc550a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.111099][ C0] ffff0000cc550a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.113188][ C0] ================================================================== [ 70.115314][ C0] Disabling lock debugging due to kernel taint [ 71.066806][ T5674] Bluetooth: hci0: command 0x0419 tx timeout