Warning: Permanently added '10.128.1.186' (ED25519) to the list of known hosts. 1970/01/01 00:00:57 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:57 parsed 1 programs [ 57.841592][ T6355] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS 1970/01/01 00:00:57 executed programs: 0 [ 57.878135][ T5579] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 57.881026][ T5579] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 57.883818][ T5579] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 57.886515][ T5579] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 57.888806][ T5579] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 57.890970][ T5579] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 57.959258][ T6363] chnl_net:caif_netlink_parms(): no params data found [ 57.988392][ T6363] bridge0: port 1(bridge_slave_0) entered blocking state [ 57.990217][ T6363] bridge0: port 1(bridge_slave_0) entered disabled state [ 57.992798][ T6363] bridge_slave_0: entered allmulticast mode [ 57.994819][ T6363] bridge_slave_0: entered promiscuous mode [ 57.997797][ T6363] bridge0: port 2(bridge_slave_1) entered blocking state [ 57.999670][ T6363] bridge0: port 2(bridge_slave_1) entered disabled state [ 58.001548][ T6363] bridge_slave_1: entered allmulticast mode [ 58.004693][ T6363] bridge_slave_1: entered promiscuous mode [ 58.018410][ T6363] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 58.023402][ T6363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 58.035660][ T6363] team0: Port device team_slave_0 added [ 58.038386][ T6363] team0: Port device team_slave_1 added [ 58.050141][ T6363] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 58.052004][ T6363] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.058755][ T6363] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 58.062860][ T6363] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 58.064681][ T6363] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 58.071167][ T6363] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 58.143801][ T6363] hsr_slave_0: entered promiscuous mode [ 58.192574][ T6363] hsr_slave_1: entered promiscuous mode [ 59.001294][ T6363] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 59.075115][ T6363] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 59.123913][ T6363] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 59.173960][ T6363] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 59.258652][ T6363] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.270690][ T6363] 8021q: adding VLAN 0 to HW filter on device team0 [ 59.276048][ T5807] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.277833][ T5807] bridge0: port 1(bridge_slave_0) entered forwarding state [ 59.294815][ T5807] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.296735][ T5807] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.304491][ T6363] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 59.375948][ T6363] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 59.397696][ T6363] veth0_vlan: entered promiscuous mode [ 59.406350][ T6363] veth1_vlan: entered promiscuous mode [ 59.419563][ T6363] veth0_macvtap: entered promiscuous mode [ 59.423951][ T6363] veth1_macvtap: entered promiscuous mode [ 59.431878][ T6363] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 59.439654][ T6363] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 59.447942][ T6363] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.450277][ T6363] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.453788][ T6363] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.456022][ T6363] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 59.499367][ T25] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.501504][ T25] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.510203][ T25] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 59.513773][ T25] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 59.745500][ T6453] loop0: detected capacity change from 0 to 32768 [ 59.922890][ T5579] Bluetooth: hci0: command 0x0409 tx timeout [ 62.002693][ T5579] Bluetooth: hci0: command 0x041b tx timeout [ 64.082379][ T5579] Bluetooth: hci0: command 0x040f tx timeout [ 64.564369][ T2170] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.566263][ T2170] ieee802154 phy1 wpan1: encryption failed: -22 [ 66.163350][ T5579] Bluetooth: hci0: command 0x0419 tx timeout [ 69.685950][ T8] cfg80211: failed to load regulatory.db [ 72.782164][ C0] ================================================================== [ 72.784284][ C0] BUG: KASAN: slab-use-after-free in reweight_entity+0x3f8/0x828 [ 72.786316][ C0] Read of size 8 at addr ffff0000c5dab830 by task syz-executor.0/6453 [ 72.788389][ C0] [ 72.789016][ C0] CPU: 0 PID: 6453 Comm: syz-executor.0 Not tainted 6.6.0-rc6-syzkaller-00068-g78124b0c1d10 #0 [ 72.791594][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 72.794314][ C0] Call trace: [ 72.795161][ C0] dump_backtrace+0x1b8/0x1e4 [ 72.796368][ C0] show_stack+0x2c/0x44 [ 72.797467][ C0] dump_stack_lvl+0xd0/0x124 [ 72.798665][ C0] print_report+0x174/0x514 [ 72.799811][ C0] kasan_report+0xd8/0x138 [ 72.800964][ C0] __asan_report_load8_noabort+0x20/0x2c [ 72.802416][ C0] reweight_entity+0x3f8/0x828 [ 72.803666][ C0] task_tick_fair+0x1b8/0x4f4 [ 72.804864][ C0] scheduler_tick+0x1f8/0x570 [ 72.806084][ C0] update_process_times+0x198/0x1f4 [ 72.807499][ C0] tick_sched_timer+0x330/0x4e8 [ 72.808736][ C0] __hrtimer_run_queues+0x458/0xca0 [ 72.810123][ C0] hrtimer_interrupt+0x2c0/0xb64 [ 72.811359][ C0] arch_timer_handler_virt+0x74/0x88 [ 72.812681][ C0] handle_percpu_devid_irq+0x2a4/0x804 [ 72.814134][ C0] generic_handle_domain_irq+0x7c/0xc4 [ 72.815544][ C0] gic_handle_irq+0x6c/0x190 [ 72.816701][ C0] call_on_irq_stack+0x24/0x4c [ 72.817910][ C0] do_interrupt_handler+0xd4/0x138 [ 72.819235][ C0] el1_interrupt+0x34/0x68 [ 72.820356][ C0] el1h_64_irq_handler+0x18/0x24 [ 72.821636][ C0] el1h_64_irq+0x64/0x68 [ 72.822695][ C0] dtSplitRoot+0x67c/0x1428 [ 72.823893][ C0] dtInsert+0xee8/0x54f4 [ 72.824943][ C0] jfs_mkdir+0x6bc/0x9f8 [ 72.826038][ C0] vfs_mkdir+0x240/0x3a8 [ 72.827114][ C0] do_mkdirat+0x20c/0x610 [ 72.828214][ C0] __arm64_sys_mkdirat+0x90/0xa8 [ 72.829497][ C0] invoke_syscall+0x98/0x2b8 [ 72.830750][ C0] el0_svc_common+0x130/0x23c [ 72.831894][ C0] do_el0_svc+0x48/0x58 [ 72.832965][ C0] el0_svc+0x54/0x158 [ 72.833963][ C0] el0t_64_sync_handler+0x84/0xfc [ 72.835263][ C0] el0t_64_sync+0x190/0x194 [ 72.836416][ C0] [ 72.837026][ C0] Allocated by task 5622: [ 72.838180][ C0] kasan_set_track+0x4c/0x7c [ 72.839356][ C0] kasan_save_alloc_info+0x24/0x30 [ 72.840687][ C0] __kasan_slab_alloc+0x74/0x8c [ 72.841937][ C0] slab_post_alloc_hook+0x90/0x4a0 [ 72.843226][ C0] kmem_cache_alloc_node+0x2c8/0x46c [ 72.844606][ C0] dup_task_struct+0x74/0x888 [ 72.845828][ C0] copy_process+0x488/0x34b8 [ 72.846996][ C0] kernel_clone+0x1d8/0x80c [ 72.848106][ C0] __arm64_sys_clone+0x1f8/0x24c [ 72.849339][ C0] invoke_syscall+0x98/0x2b8 [ 72.850507][ C0] el0_svc_common+0x130/0x23c [ 72.851720][ C0] do_el0_svc+0x48/0x58 [ 72.852778][ C0] el0_svc+0x54/0x158 [ 72.853769][ C0] el0t_64_sync_handler+0x84/0xfc [ 72.855091][ C0] el0t_64_sync+0x190/0x194 [ 72.856257][ C0] [ 72.856844][ C0] Freed by task 0: [ 72.857807][ C0] kasan_set_track+0x4c/0x7c [ 72.859037][ C0] kasan_save_free_info+0x38/0x5c [ 72.860355][ C0] ____kasan_slab_free+0x144/0x1c0 [ 72.861673][ C0] __kasan_slab_free+0x18/0x28 [ 72.862861][ C0] kmem_cache_free+0x2e4/0x56c [ 72.864135][ C0] free_task+0xe8/0x14c [ 72.865187][ C0] __put_task_struct+0x178/0x210 [ 72.866374][ C0] put_task_struct+0x88/0x10c [ 72.867551][ C0] delayed_put_task_struct+0xdc/0x2d8 [ 72.868929][ C0] rcu_core+0x8a4/0x1b28 [ 72.870021][ C0] rcu_core_si+0x10/0x1c [ 72.871112][ C0] __do_softirq+0x2d0/0xd54 [ 72.872230][ C0] [ 72.872798][ C0] Last potentially related work creation: [ 72.874227][ C0] kasan_save_stack+0x40/0x6c [ 72.875396][ C0] __kasan_record_aux_stack+0xcc/0xe8 [ 72.876821][ C0] kasan_record_aux_stack_noalloc+0x14/0x20 [ 72.878382][ C0] call_rcu+0x104/0xaf4 [ 72.879443][ C0] release_task+0x145c/0x1544 [ 72.880679][ C0] wait_consider_task+0x15d0/0x2660 [ 72.881928][ C0] do_wait+0x2f4/0xac8 [ 72.882985][ C0] kernel_wait4+0x24c/0x3d8 [ 72.884179][ C0] __arm64_sys_wait4+0x11c/0x2a0 [ 72.885459][ C0] invoke_syscall+0x98/0x2b8 [ 72.886600][ C0] el0_svc_common+0x130/0x23c [ 72.887813][ C0] do_el0_svc+0x48/0x58 [ 72.888864][ C0] el0_svc+0x54/0x158 [ 72.889880][ C0] el0t_64_sync_handler+0x84/0xfc [ 72.891132][ C0] el0t_64_sync+0x190/0x194 [ 72.892279][ C0] [ 72.892844][ C0] Second to last potentially related work creation: [ 72.894507][ C0] kasan_save_stack+0x40/0x6c [ 72.895737][ C0] __kasan_record_aux_stack+0xcc/0xe8 [ 72.897027][ C0] kasan_record_aux_stack_noalloc+0x14/0x20 [ 72.898497][ C0] call_rcu+0x104/0xaf4 [ 72.899615][ C0] release_task+0x145c/0x1544 [ 72.900800][ C0] wait_consider_task+0x15d0/0x2660 [ 72.902147][ C0] do_wait+0x2f4/0xac8 [ 72.903195][ C0] kernel_wait4+0x24c/0x3d8 [ 72.904359][ C0] __arm64_sys_wait4+0x11c/0x2a0 [ 72.905644][ C0] invoke_syscall+0x98/0x2b8 [ 72.906809][ C0] el0_svc_common+0x130/0x23c [ 72.908039][ C0] do_el0_svc+0x48/0x58 [ 72.909120][ C0] el0_svc+0x54/0x158 [ 72.910097][ C0] el0t_64_sync_handler+0x84/0xfc [ 72.911396][ C0] el0t_64_sync+0x190/0x194 [ 72.912520][ C0] [ 72.913091][ C0] The buggy address belongs to the object at ffff0000c5dab780 [ 72.913091][ C0] which belongs to the cache task_struct of size 6848 [ 72.916661][ C0] The buggy address is located 176 bytes inside of [ 72.916661][ C0] freed 6848-byte region [ffff0000c5dab780, ffff0000c5dad240) [ 72.920153][ C0] [ 72.920769][ C0] The buggy address belongs to the physical page: [ 72.922343][ C0] page:00000000d589d0d6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105da8 [ 72.924928][ C0] head:00000000d589d0d6 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 72.927147][ C0] ksm flags: 0x5ffc00000000840(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 72.929314][ C0] page_type: 0xffffffff() [ 72.930445][ C0] raw: 05ffc00000000840 ffff0000c185a500 fffffc0003281e00 dead000000000003 [ 72.932595][ C0] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000 [ 72.934780][ C0] page dumped because: kasan: bad access detected [ 72.936400][ C0] [ 72.936991][ C0] Memory state around the buggy address: [ 72.938384][ C0] ffff0000c5dab700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 72.940445][ C0] ffff0000c5dab780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.942472][ C0] >ffff0000c5dab800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.944614][ C0] ^ [ 72.946097][ C0] ffff0000c5dab880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.948292][ C0] ffff0000c5dab900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 72.950338][ C0] ================================================================== [ 72.952366][ C0] Disabling lock debugging due to kernel taint