Warning: Permanently added '10.128.1.82' (ED25519) to the list of known hosts. 1970/01/01 00:00:57 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:57 ignoring optional flag "type"="gce" 1970/01/01 00:00:57 parsed 1 programs [ 58.026494][ T4271] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS 1970/01/01 00:00:58 executed programs: 0 [ 58.164951][ T4286] chnl_net:caif_netlink_parms(): no params data found [ 58.200980][ T4286] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.202712][ T4286] bridge0: port 1(bridge_slave_0) entered disabled state [ 58.206529][ T4286] device bridge_slave_0 entered promiscuous mode [ 58.209874][ T4286] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.211710][ T4286] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.214618][ T4286] device bridge_slave_1 entered promiscuous mode [ 58.236975][ T4286] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.241108][ T4286] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.258812][ T4286] team0: Port device team_slave_0 added [ 58.262087][ T4286] team0: Port device team_slave_1 added [ 58.277963][ T4286] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.279793][ T4286] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.286342][ T4286] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.290337][ T4286] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.292007][ T4286] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.298704][ T4286] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.365966][ T4286] device hsr_slave_0 entered promiscuous mode [ 58.424425][ T4286] device hsr_slave_1 entered promiscuous mode [ 59.093530][ T4286] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 59.125986][ T4286] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.175792][ T4286] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 59.222197][ T4286] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 59.309769][ T4286] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.317890][ T436] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 59.321315][ T436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 59.327580][ T4286] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.334157][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 59.336815][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 59.339115][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.340754][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.342770][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 59.347954][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 59.350650][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.352406][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.365920][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.368285][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.371374][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.374772][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 59.378110][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.380538][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.383036][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.397703][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 59.400391][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 59.402783][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 59.406775][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 59.409313][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 59.412328][ T4286] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 59.490136][ T4286] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.496733][ T436] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 59.498626][ T436] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 59.511896][ T436] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 59.516197][ T436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 59.530427][ T436] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 59.532749][ T436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 59.536999][ T436] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 59.540113][ T436] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 59.546264][ T4286] device veth0_vlan entered promiscuous mode [ 59.553043][ T4286] device veth1_vlan entered promiscuous mode [ 59.568234][ T436] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 59.570598][ T436] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 59.572911][ T436] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 59.580155][ T436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 59.585426][ T4286] device veth0_macvtap entered promiscuous mode [ 59.589851][ T4286] device veth1_macvtap entered promiscuous mode [ 59.602367][ T4286] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.605121][ T436] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 59.607362][ T436] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 59.610248][ T436] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 59.612660][ T436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 59.619598][ T4286] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.622941][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 59.627174][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 59.630645][ T4286] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.632906][ T4286] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.637344][ T4286] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.639446][ T4286] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.693673][ T436] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.696717][ T436] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.699388][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 59.719872][ T265] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.721950][ T265] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.727211][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 60.114836][ T7] Bluetooth: hci0: command 0x0409 tx timeout [ 62.204277][ T7] Bluetooth: hci0: command 0x041b tx timeout 1970/01/01 00:01:03 executed programs: 96 [ 63.634339][ C0] IPv4: Attempt to release TCP socket in state 8 0000000079560bdb [ 63.636509][ C0] [ 63.637045][ C0] ========================= [ 63.638074][ C0] WARNING: held lock freed! [ 63.638973][ C0] 5.15.167-syzkaller #0 Not tainted [ 63.640321][ C0] ------------------------- [ 63.641415][ C0] syz-executor.0/4820 is freeing memory ffff0000cdc96780-ffff0000cdc97257, with a lock still held there! [ 63.643977][ C0] ffff0000cdc968a0 (sk_lock-AF_INET){+.+.}-{0:0}, at: inet_sendmsg+0x15c/0x290 [ 63.646138][ C0] 2 locks held by syz-executor.0/4820: [ 63.647483][ C0] #0: ffff0000cdc968a0 (sk_lock-AF_INET){+.+.}-{0:0}, at: inet_sendmsg+0x15c/0x290 [ 63.649843][ C0] #1: ffff800008007ba0 ((&msk->sk.icsk_retransmit_timer)){+.-.}-{0:0}, at: call_timer_fn+0xd0/0x8f0 [ 63.652618][ C0] [ 63.652618][ C0] stack backtrace: [ 63.654124][ C0] CPU: 0 PID: 4820 Comm: syz-executor.0 Not tainted 5.15.167-syzkaller #0 [ 63.656196][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 63.658487][ C0] Call trace: [ 63.659336][ C0] dump_backtrace+0x0/0x530 [ 63.660447][ C0] show_stack+0x2c/0x3c [ 63.661439][ C0] dump_stack_lvl+0x108/0x170 [ 63.662550][ C0] dump_stack+0x1c/0x58 [ 63.663426][ C0] debug_check_no_locks_freed+0x27c/0x300 [ 63.664861][ C0] slab_free_freelist_hook+0x88/0x1ec [ 63.666182][ C0] kmem_cache_free+0xdc/0x3c4 [ 63.667382][ C0] __sk_destruct+0x408/0x600 [ 63.668516][ C0] __sk_free+0x37c/0x4e8 [ 63.669481][ C0] sk_free+0x68/0xdc [ 63.670438][ C0] mptcp_retransmit_timer+0x198/0x2bc [ 63.671728][ C0] call_timer_fn+0x19c/0x8f0 [ 63.672934][ C0] __run_timers+0x554/0x718 [ 63.674101][ C0] run_timer_softirq+0x7c/0x114 [ 63.675337][ C0] handle_softirqs+0x384/0xdbc [ 63.676336][ C0] __irq_exit_rcu+0x268/0x4d8 [ 63.677408][ C0] irq_exit+0x14/0x88 [ 63.678348][ C0] handle_domain_irq+0xf4/0x178 [ 63.679453][ C0] gic_handle_irq+0x78/0x1c8 [ 63.680584][ C0] call_on_irq_stack+0x24/0x4c [ 63.681761][ C0] do_interrupt_handler+0x74/0x94 [ 63.682960][ C0] el1_interrupt+0x30/0x58 [ 63.684114][ C0] el1h_64_irq_handler+0x18/0x24 [ 63.685228][ C0] el1h_64_irq+0x78/0x7c [ 63.686302][ C0] _raw_spin_unlock_irqrestore+0xbc/0x158 [ 63.687720][ C0] __mod_timer+0x960/0xd30 [ 63.688736][ C0] mod_timer+0x2c/0x3c [ 63.689730][ C0] sk_reset_timer+0x30/0xfc [ 63.690866][ C0] __mptcp_push_pending+0x6a8/0x85c [ 63.692135][ C0] mptcp_sendmsg+0x1544/0x1a1c [ 63.693151][ C0] inet_sendmsg+0x15c/0x290 [ 63.694223][ C0] ____sys_sendmsg+0x584/0x870 [ 63.695336][ C0] ___sys_sendmsg+0x214/0x294 [ 63.696531][ C0] __arm64_sys_sendmsg+0x1ac/0x25c [ 63.697715][ C0] invoke_syscall+0x98/0x2b8 [ 63.698765][ C0] el0_svc_common+0x138/0x258 [ 63.699930][ C0] do_el0_svc+0x58/0x14c [ 63.700990][ C0] el0_svc+0x7c/0x1f0 [ 63.701949][ C0] el0t_64_sync_handler+0x84/0xe4 [ 63.703186][ C0] el0t_64_sync+0x1a0/0x1a4 [ 63.705509][ T4820] ------------[ cut here ]------------ [ 63.706969][ T4820] refcount_t: addition on 0; use-after-free. [ 63.708805][ T4820] WARNING: CPU: 0 PID: 4820 at lib/refcount.c:25 refcount_warn_saturate+0x1a8/0x20c [ 63.711150][ T4820] Modules linked in: [ 63.712134][ T4820] CPU: 0 PID: 4820 Comm: syz-executor.0 Not tainted 5.15.167-syzkaller #0 [ 63.714236][ T4820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 63.716768][ T4820] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 63.718861][ T4820] pc : refcount_warn_saturate+0x1a8/0x20c [ 63.720221][ T4820] lr : refcount_warn_saturate+0x1a8/0x20c [ 63.721590][ T4820] sp : ffff800020167440 [ 63.722479][ T4820] x29: ffff800020167440 x28: ffff0000cdc96fc8 x27: ffff0000cdc96780 [ 63.724385][ T4820] x26: dfff800000000000 x25: ffff0000d1c7018e x24: 0000000000000000 [ 63.726367][ T4820] x23: ffff70000402cea8 x22: 0000000000000000 x21: 0000000000000002 [ 63.728442][ T4820] x20: ffff0000cdc96800 x19: ffff800016f0c000 x18: 1fffe00036831b8e [ 63.730525][ T4820] x17: 1fffe00036831b8e x16: ffff800011ac1408 x15: ffff800014b5ef40 [ 63.732432][ T4820] x14: ffff0001b418dc80 x13: ffff0001b418dc7c x12: 0000000000000001 [ 63.734312][ T4820] x11: 0000000000000000 x10: 0000000000000000 x9 : 06ec32d687471300 [ 63.736199][ T4820] x8 : 06ec32d687471300 x7 : 0000000000000000 x6 : ffff80000826acb8 [ 63.738151][ T4820] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80000804605c [ 63.739878][ T4820] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000002a [ 63.741783][ T4820] Call trace: [ 63.742605][ T4820] refcount_warn_saturate+0x1a8/0x20c [ 63.743906][ T4820] sk_reset_timer+0xcc/0xfc [ 63.745021][ T4820] __mptcp_push_pending+0x6a8/0x85c [ 63.746255][ T4820] mptcp_sendmsg+0x1544/0x1a1c [ 63.747390][ T4820] inet_sendmsg+0x15c/0x290 [ 63.748461][ T4820] ____sys_sendmsg+0x584/0x870 [ 63.749616][ T4820] ___sys_sendmsg+0x214/0x294 [ 63.750743][ T4820] __arm64_sys_sendmsg+0x1ac/0x25c [ 63.752078][ T4820] invoke_syscall+0x98/0x2b8 [ 63.753318][ T4820] el0_svc_common+0x138/0x258 [ 63.754481][ T4820] do_el0_svc+0x58/0x14c [ 63.755344][ T4820] el0_svc+0x7c/0x1f0 [ 63.756394][ T4820] el0t_64_sync_handler+0x84/0xe4 [ 63.757490][ T4820] el0t_64_sync+0x1a0/0x1a4 [ 63.758576][ T4820] irq event stamp: 1692 [ 63.759528][ T4820] hardirqs last enabled at (1692): [] kasan_quarantine_put+0xdc/0x204 [ 63.761920][ T4820] hardirqs last disabled at (1691): [] kasan_quarantine_put+0x9c/0x204 [ 63.764388][ T4820] softirqs last enabled at (1522): [] mptcp_sendmsg+0xcf0/0x1a1c [ 63.766497][ T4820] softirqs last disabled at (1527): [] __irq_exit_rcu+0x268/0x4d8 [ 63.768947][ T4820] ---[ end trace 7397058f8ae56b2d ]--- [ 63.773347][ T4819] ------------[ cut here ]------------ [ 63.774899][ T4819] refcount_t: saturated; leaking memory. [ 63.776457][ T4819] WARNING: CPU: 1 PID: 4819 at lib/refcount.c:22 refcount_warn_saturate+0x188/0x20c [ 63.778806][ T4819] Modules linked in: [ 63.779838][ T4819] CPU: 1 PID: 4819 Comm: syz-executor.0 Tainted: G W 5.15.167-syzkaller #0 [ 63.782078][ T4819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 63.784372][ T4819] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 63.786220][ T4819] pc : refcount_warn_saturate+0x188/0x20c [ 63.787565][ T4819] lr : refcount_warn_saturate+0x188/0x20c [ 63.789158][ T4819] sp : ffff80001fc278d0 [ 63.790308][ T4819] x29: ffff80001fc278d0 x28: 00000000002e0003 x27: 1fffe00019bf04a5 [ 63.792171][ T4819] x26: dfff800000000000 x25: ffff0000cdc96780 x24: 1fffe00019b92d80 [ 63.794215][ T4819] x23: ffff0000cdc97140 x22: 1ffff00002947e30 x21: 0000000000000001 [ 63.796306][ T4819] x20: ffff0000cdc96800 x19: ffff800016f0c000 x18: 0000000000000001 [ 63.798441][ T4819] x17: 0000000000000000 x16: ffff800011ac23e0 x15: 00000000ffffffff [ 63.800138][ T4819] x14: ffff0000c2289b40 x13: 0000000000000001 x12: 0000000000000001 [ 63.802080][ T4819] x11: 0000000000000000 x10: 0000000000000000 x9 : 9625a2aa139cea00 [ 63.804041][ T4819] x8 : 9625a2aa139cea00 x7 : 0000000000000001 x6 : 0000000000000001 [ 63.806004][ T4819] x5 : ffff80001fc27038 x4 : ffff800014b9fae0 x3 : ffff800008557c4c [ 63.808022][ T4819] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000026 [ 63.809990][ T4819] Call trace: [ 63.810770][ T4819] refcount_warn_saturate+0x188/0x20c [ 63.812120][ T4819] mptcp_close+0x7a8/0xab0 [ 63.813243][ T4819] inet_release+0x160/0x1d0 [ 63.814370][ T4819] sock_close+0xb8/0x1fc [ 63.815427][ T4819] __fput+0x1c4/0x800 [ 63.816419][ T4819] ____fput+0x20/0x30 [ 63.817423][ T4819] task_work_run+0x130/0x1e4 [ 63.818570][ T4819] do_notify_resume+0x262c/0x32b8 [ 63.819820][ T4819] el0_svc+0xfc/0x1f0 [ 63.820759][ T4819] el0t_64_sync_handler+0x84/0xe4 [ 63.822123][ T4819] el0t_64_sync+0x1a0/0x1a4 [ 63.823349][ T4819] irq event stamp: 1766 [ 63.824347][ T4819] hardirqs last enabled at (1765): [] _raw_spin_unlock_irqrestore+0xac/0x158 [ 63.826937][ T4819] hardirqs last disabled at (1766): [] __schedule+0x308/0x1e48 [ 63.829315][ T4819] softirqs last enabled at (1748): [] local_bh_enable+0x10/0x34 [ 63.831642][ T4819] softirqs last disabled at (1746): [] local_bh_disable+0x10/0x34 [ 63.833921][ T4819] ---[ end trace 7397058f8ae56b2e ]--- [ 63.847520][ T4819] ------------[ cut here ]------------ [ 63.848934][ T4819] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: mptcp_retransmit_timer+0x0/0x2bc [ 63.852278][ T4819] WARNING: CPU: 1 PID: 4819 at lib/debugobjects.c:520 debug_print_object+0x148/0x1d4 [ 63.854689][ T4819] Modules linked in: [ 63.855810][ T4819] CPU: 1 PID: 4819 Comm: syz-executor.0 Tainted: G W 5.15.167-syzkaller #0 [ 63.858160][ T4819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 63.860532][ T4819] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 63.862463][ T4819] pc : debug_print_object+0x148/0x1d4 [ 63.863804][ T4819] lr : debug_print_object+0x148/0x1d4 [ 63.865135][ T4819] sp : ffff80001fc275b0 [ 63.866128][ T4819] x29: ffff80001fc275b0 x28: dfff800000000000 x27: ffff700003f84ec4 [ 63.868119][ T4819] x26: 1ffff00003f84ee4 x25: ffff8000083bd024 x24: dfff800000000000 [ 63.870069][ T4819] x23: 0000000000000000 x22: ffff800011a680bc x21: ffff8000120c8b40 [ 63.872176][ T4819] x20: ffff800011c32ee0 x19: ffff8000120c8680 x18: 0000000000000001 [ 63.874022][ T4819] x17: 0000000000000000 x16: ffff800011ac23e0 x15: 00000000ffffffff [ 63.876084][ T4819] x14: ffff0000c2289b40 x13: 0000000000000001 x12: 0000000000000001 [ 63.878035][ T4819] x11: 0000000000000000 x10: 0000000000000000 x9 : 9625a2aa139cea00 [ 63.879911][ T4819] x8 : 9625a2aa139cea00 x7 : 0000000000000001 x6 : 0000000000000001 [ 63.882021][ T4819] x5 : ffff80001fc26d18 x4 : ffff800014b9fae0 x3 : ffff800008557c4c [ 63.883978][ T4819] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000071 [ 63.886073][ T4819] Call trace: [ 63.886870][ T4819] debug_print_object+0x148/0x1d4 [ 63.888053][ T4819] debug_object_assert_init+0x314/0x3c4 [ 63.889510][ T4819] del_timer+0xa8/0x2b4 [ 63.890480][ T4819] sk_stop_timer+0x24/0xd4 [ 63.891574][ T4819] __mptcp_destroy_sock+0x300/0x6a4 [ 63.892840][ T4819] mptcp_close+0x618/0xab0 [ 63.894053][ T4819] inet_release+0x160/0x1d0 [ 63.895221][ T4819] sock_close+0xb8/0x1fc [ 63.896303][ T4819] __fput+0x1c4/0x800 [ 63.897275][ T4819] ____fput+0x20/0x30 [ 63.898292][ T4819] task_work_run+0x130/0x1e4 [ 63.899337][ T4819] do_notify_resume+0x262c/0x32b8 [ 63.900524][ T4819] el0_svc+0xfc/0x1f0 [ 63.901445][ T4819] el0t_64_sync_handler+0x84/0xe4 [ 63.902777][ T4819] el0t_64_sync+0x1a0/0x1a4 [ 63.903885][ T4819] irq event stamp: 1766 [ 63.904884][ T4819] hardirqs last enabled at (1765): [] _raw_spin_unlock_irqrestore+0xac/0x158 [ 63.907345][ T4819] hardirqs last disabled at (1766): [] __schedule+0x308/0x1e48 [ 63.909519][ T4819] softirqs last enabled at (1748): [] local_bh_enable+0x10/0x34 [ 63.911695][ T4819] softirqs last disabled at (1746): [] local_bh_disable+0x10/0x34 [ 63.913927][ T4819] ---[ end trace 7397058f8ae56b2f ]--- [ 63.918335][ T4819] ------------[ cut here ]------------ [ 63.919775][ T4819] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: mptcp_tout_timer+0x0/0xe8 [ 63.922889][ T4819] WARNING: CPU: 1 PID: 4819 at lib/debugobjects.c:520 debug_print_object+0x148/0x1d4 [ 63.925321][ T4819] Modules linked in: [ 63.926174][ T4819] CPU: 1 PID: 4819 Comm: syz-executor.0 Tainted: G W 5.15.167-syzkaller #0 [ 63.928687][ T4819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 63.931158][ T4819] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 63.933080][ T4819] pc : debug_print_object+0x148/0x1d4 [ 63.934346][ T4819] lr : debug_print_object+0x148/0x1d4 [ 63.935490][ T4819] sp : ffff80001fc275b0 [ 63.936480][ T4819] x29: ffff80001fc275b0 x28: dfff800000000000 x27: ffff700003f84ec4 [ 63.938323][ T4819] x26: ffff0000cfffa408 x25: ffff8000083bd024 x24: dfff800000000000 [ 63.940389][ T4819] x23: 0000000000000000 x22: ffff800011a68378 x21: ffff8000120c8b40 [ 63.942195][ T4819] x20: ffff800011c32ee0 x19: ffff8000120c8680 x18: 0000000000000001 [ 63.943908][ T4819] x17: 0000000000000000 x16: ffff800011ac23e0 x15: 00000000ffffffff [ 63.945616][ T4819] x14: ffff0000c2289b40 x13: 0000000000000001 x12: 0000000000000001 [ 63.947658][ T4819] x11: 0000000000000000 x10: 0000000000000000 x9 : 9625a2aa139cea00 [ 63.949644][ T4819] x8 : 9625a2aa139cea00 x7 : 0000000000000001 x6 : 0000000000000001 [ 63.951785][ T4819] x5 : ffff80001fc26d18 x4 : ffff800014b9fae0 x3 : ffff800008557c4c [ 63.953710][ T4819] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000006a [ 63.955565][ T4819] Call trace: [ 63.956307][ T4819] debug_print_object+0x148/0x1d4 [ 63.957395][ T4819] debug_object_assert_init+0x314/0x3c4 [ 63.958666][ T4819] del_timer+0xa8/0x2b4 [ 63.959729][ T4819] sk_stop_timer+0x24/0xd4 [ 63.960810][ T4819] __mptcp_destroy_sock+0x30c/0x6a4 [ 63.962146][ T4819] mptcp_close+0x618/0xab0 [ 63.963182][ T4819] inet_release+0x160/0x1d0 [ 63.964295][ T4819] sock_close+0xb8/0x1fc [ 63.965323][ T4819] __fput+0x1c4/0x800 [ 63.966273][ T4819] ____fput+0x20/0x30 [ 63.967269][ T4819] task_work_run+0x130/0x1e4 [ 63.968323][ T4819] do_notify_resume+0x262c/0x32b8 [ 63.969569][ T4819] el0_svc+0xfc/0x1f0 [ 63.970582][ T4819] el0t_64_sync_handler+0x84/0xe4 [ 63.971881][ T4819] el0t_64_sync+0x1a0/0x1a4 [ 63.972920][ T4819] irq event stamp: 1766 [ 63.974027][ T4819] hardirqs last enabled at (1765): [] _raw_spin_unlock_irqrestore+0xac/0x158 [ 63.976533][ T4819] hardirqs last disabled at (1766): [] __schedule+0x308/0x1e48 [ 63.978931][ T4819] softirqs last enabled at (1748): [] local_bh_enable+0x10/0x34 [ 63.981177][ T4819] softirqs last disabled at (1746): [] local_bh_disable+0x10/0x34 [ 63.983485][ T4819] ---[ end trace 7397058f8ae56b30 ]--- [ 63.989003][ T4819] ------------[ cut here ]------------ [ 63.990485][ T4819] refcount_t: underflow; use-after-free. [ 63.992161][ T4819] WARNING: CPU: 1 PID: 4819 at lib/refcount.c:28 refcount_warn_saturate+0x1c8/0x20c [ 63.994602][ T4819] Modules linked in: [ 63.995685][ T4819] CPU: 1 PID: 4819 Comm: syz-executor.0 Tainted: G W 5.15.167-syzkaller #0 [ 63.998361][ T4819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 64.000934][ T4819] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 64.003036][ T4819] pc : refcount_warn_saturate+0x1c8/0x20c [ 64.004606][ T4819] lr : refcount_warn_saturate+0x1c8/0x20c [ 64.005988][ T4819] sp : ffff80001fc277d0 [ 64.007060][ T4819] x29: ffff80001fc277d0 x28: 00000000002e0003 x27: ffff0000cdc97140 [ 64.009174][ T4819] x26: 1fffe00019b92e28 x25: dfff800000000000 x24: 1fffe00019b92e2d [ 64.011056][ T4819] x23: ffff0000cdc97168 x22: 0000000000000000 x21: 0000000000000003 [ 64.012969][ T4819] x20: ffff0000cdc96800 x19: ffff800016f0c000 x18: 0000000000000001 [ 64.014992][ T4819] x17: 0000000000000000 x16: ffff800011ac23e0 x15: 00000000ffffffff [ 64.016941][ T4819] x14: ffff0000c2289b40 x13: 0000000000000001 x12: 0000000000000001 [ 64.018969][ T4819] x11: 0000000000000000 x10: 0000000000000000 x9 : 9625a2aa139cea00 [ 64.021029][ T4819] x8 : 9625a2aa139cea00 x7 : 0000000000000001 x6 : 0000000000000001 [ 64.022982][ T4819] x5 : ffff80001fc26f38 x4 : ffff800014b9fae0 x3 : ffff800008557c4c [ 64.025048][ T4819] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000026 [ 64.026978][ T4819] Call trace: [ 64.027857][ T4819] refcount_warn_saturate+0x1c8/0x20c [ 64.029325][ T4819] __mptcp_destroy_sock+0x5f8/0x6a4 [ 64.030600][ T4819] mptcp_close+0x618/0xab0 [ 64.031769][ T4819] inet_release+0x160/0x1d0 [ 64.032852][ T4819] sock_close+0xb8/0x1fc [ 64.033967][ T4819] __fput+0x1c4/0x800 [ 64.034952][ T4819] ____fput+0x20/0x30 [ 64.035900][ T4819] task_work_run+0x130/0x1e4 [ 64.037137][ T4819] do_notify_resume+0x262c/0x32b8 [ 64.038308][ T4819] el0_svc+0xfc/0x1f0 [ 64.039324][ T4819] el0t_64_sync_handler+0x84/0xe4 [ 64.040601][ T4819] el0t_64_sync+0x1a0/0x1a4 [ 64.041764][ T4819] irq event stamp: 1766 [ 64.042664][ T4819] hardirqs last enabled at (1765): [] _raw_spin_unlock_irqrestore+0xac/0x158 [ 64.045406][ T4819] hardirqs last disabled at (1766): [] __schedule+0x308/0x1e48 [ 64.047680][ T4819] softirqs last enabled at (1748): [] local_bh_enable+0x10/0x34 [ 64.050144][ T4819] softirqs last disabled at (1746): [] local_bh_disable+0x10/0x34 [ 64.052484][ T4819] ---[ end trace 7397058f8ae56b31 ]--- [ 64.284161][ T1535] Bluetooth: hci0: command 0x040f tx timeout [ 66.363882][ T1535] Bluetooth: hci0: command 0x0419 tx timeout 1970/01/01 00:01:08 executed programs: 357 [ 68.463873][ C1] IPv4: Attempt to release TCP socket in state 8 000000000d70d000 [ 68.466287][ T5410] ------------[ cut here ]------------ [ 68.467695][ T5410] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: mptcp_retransmit_timer+0x0/0x2bc [ 68.470755][ T5410] WARNING: CPU: 1 PID: 5410 at lib/debugobjects.c:520 debug_print_object+0x148/0x1d4 [ 68.473058][ T5410] Modules linked in: [ 68.474016][ T5410] CPU: 1 PID: 5410 Comm: syz-executor.0 Tainted: G W 5.15.167-syzkaller #0 [ 68.476515][ T5410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 68.479016][ T5410] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 68.480895][ T5410] pc : debug_print_object+0x148/0x1d4 [ 68.482207][ T5410] lr : debug_print_object+0x148/0x1d4 [ 68.483512][ T5410] sp : ffff800021f575b0 [ 68.484645][ T5410] x29: ffff800021f575b0 x28: dfff800000000000 x27: ffff7000043eaec4 [ 68.486664][ T5410] x26: 1ffff000043eaee4 x25: ffff8000083bd024 x24: dfff800000000000 [ 68.488599][ T5410] x23: 0000000000000000 x22: ffff800011a680bc x21: ffff8000120c8b40 [ 68.490503][ T5410] x20: ffff800011c32ee0 x19: ffff8000120c8680 x18: 0000000000000001 [ 68.492446][ T5410] x17: 0000000000000000 x16: ffff800011ac23e0 x15: 00000000ffffffff [ 68.494383][ T5410] x14: ffff0000d6c28000 x13: 0000000000000001 x12: 0000000000000001 [ 68.496360][ T5410] x11: 0000000000000000 x10: 0000000000000000 x9 : e3fdbc161f8cb300 [ 68.498422][ T5410] x8 : e3fdbc161f8cb300 x7 : 0000000000000001 x6 : 0000000000000001 [ 68.500226][ T5410] x5 : ffff800021f56d18 x4 : ffff800014b9fae0 x3 : ffff800008557c4c [ 68.502144][ T5410] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000071 [ 68.504299][ T5410] Call trace: [ 68.505034][ T5410] debug_print_object+0x148/0x1d4 [ 68.506252][ T5410] debug_object_assert_init+0x314/0x3c4 [ 68.507498][ T5410] del_timer+0xa8/0x2b4 [ 68.508513][ T5410] sk_stop_timer+0x24/0xd4 [ 68.509571][ T5410] __mptcp_destroy_sock+0x300/0x6a4 [ 68.510652][ T5410] mptcp_close+0x618/0xab0 [ 68.512047][ T5410] inet_release+0x160/0x1d0 [ 68.513376][ T5410] sock_close+0xb8/0x1fc [ 68.514436][ T5410] __fput+0x1c4/0x800 [ 68.515422][ T5410] ____fput+0x20/0x30 [ 68.516544][ T5410] task_work_run+0x130/0x1e4 [ 68.517606][ T5410] do_notify_resume+0x262c/0x32b8 [ 68.518830][ T5410] el0_svc+0xfc/0x1f0 [ 68.519937][ T5410] el0t_64_sync_handler+0x84/0xe4 [ 68.521317][ T5410] el0t_64_sync+0x1a0/0x1a4 [ 68.522557][ T5410] irq event stamp: 0 [ 68.523603][ T5410] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 68.525450][ T5410] hardirqs last disabled at (0): [] copy_process+0x129c/0x3750 [ 68.527645][ T5410] softirqs last enabled at (0): [] copy_process+0x12c4/0x3750 [ 68.529806][ T5410] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 68.531612][ T5410] ---[ end trace 7397058f8ae56b32 ]--- [ 68.534471][ T5410] ------------[ cut here ]------------ [ 68.536892][ T5410] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: mptcp_tout_timer+0x0/0xe8 [ 68.540595][ T5410] WARNING: CPU: 0 PID: 5410 at lib/debugobjects.c:520 debug_print_object+0x148/0x1d4 [ 68.542903][ T5410] Modules linked in: [ 68.543840][ T5410] CPU: 0 PID: 5410 Comm: syz-executor.0 Tainted: G W 5.15.167-syzkaller #0 [ 68.545992][ T5410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 68.548387][ T5410] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 68.550180][ T5410] pc : debug_print_object+0x148/0x1d4 [ 68.551592][ T5410] lr : debug_print_object+0x148/0x1d4 [ 68.552859][ T5410] sp : ffff800021f575b0 [ 68.553929][ T5410] x29: ffff800021f575b0 x28: dfff800000000000 x27: ffff7000043eaec4 [ 68.555718][ T5410] x26: ffff0000c1e869f0 x25: ffff8000083bd024 x24: dfff800000000000 [ 68.557734][ T5410] x23: 0000000000000000 x22: ffff800011a68378 x21: ffff8000120c8b40 [ 68.559678][ T5410] x20: ffff800011c32ee0 x19: ffff8000120c8680 x18: 1fffe00036831b8e [ 68.561483][ T5410] x17: 1fffe00036831b8e x16: ffff800011ac23e0 x15: ffff800014b5ef40 [ 68.563461][ T5410] x14: ffff0001b418dc80 x13: ffff0001b418dc7c x12: 0000000000000001 [ 68.565280][ T5410] x11: 0000000000000000 x10: 0000000000000000 x9 : e3fdbc161f8cb300 [ 68.567147][ T5410] x8 : e3fdbc161f8cb300 x7 : 0000000000000000 x6 : ffff80000826acb8 [ 68.569004][ T5410] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff800008557c4c [ 68.570967][ T5410] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000006a [ 68.572997][ T5410] Call trace: [ 68.573775][ T5410] debug_print_object+0x148/0x1d4 [ 68.574897][ T5410] debug_object_assert_init+0x314/0x3c4 [ 68.576243][ T5410] del_timer+0xa8/0x2b4 [ 68.577235][ T5410] sk_stop_timer+0x24/0xd4 [ 68.578224][ T5410] __mptcp_destroy_sock+0x30c/0x6a4 [ 68.579637][ T5410] mptcp_close+0x618/0xab0 [ 68.580774][ T5410] inet_release+0x160/0x1d0 [ 68.581776][ T5410] sock_close+0xb8/0x1fc [ 68.582912][ T5410] __fput+0x1c4/0x800 [ 68.583897][ T5410] ____fput+0x20/0x30 [ 68.584834][ T5410] task_work_run+0x130/0x1e4 [ 68.585890][ T5410] do_notify_resume+0x262c/0x32b8 [ 68.587227][ T5410] el0_svc+0xfc/0x1f0 [ 68.588286][ T5410] el0t_64_sync_handler+0x84/0xe4 [ 68.589518][ T5410] el0t_64_sync+0x1a0/0x1a4 [ 68.590582][ T5410] irq event stamp: 0 [ 68.591496][ T5410] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 68.593205][ T5410] hardirqs last disabled at (0): [] copy_process+0x129c/0x3750 [ 68.595641][ T5410] softirqs last enabled at (0): [] copy_process+0x12c4/0x3750 [ 68.597679][ T5410] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 68.599437][ T5410] ---[ end trace 7397058f8ae56b33 ]--- [ 69.634444][ T25] cfg80211: failed to load regulatory.db [ 69.635017][ T2054] ieee802154 phy0 wpan0: encryption failed: -22 [ 69.637653][ T2054] ieee802154 phy1 wpan1: encryption failed: -22 1970/01/01 00:01:13 executed programs: 659