Warning: Permanently added '10.128.0.247' (ED25519) to the list of known hosts. 1970/01/01 00:01:04 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:04 parsed 1 programs [ 64.365491][ T6522] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS 1970/01/01 00:01:04 executed programs: 0 [ 64.401598][ T5741] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 64.404323][ T5741] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 64.406810][ T5741] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 64.409592][ T5741] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 64.411901][ T5741] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 64.413897][ T5741] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 64.477740][ T6529] chnl_net:caif_netlink_parms(): no params data found [ 64.501051][ T2250] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.502905][ T2250] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.507323][ T6529] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.509569][ T6529] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.511431][ T6529] bridge_slave_0: entered allmulticast mode [ 64.513485][ T6529] bridge_slave_0: entered promiscuous mode [ 64.516435][ T6529] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.518406][ T6529] bridge0: port 2(bridge_slave_1) entered disabled state [ 64.520511][ T6529] bridge_slave_1: entered allmulticast mode [ 64.522526][ T6529] bridge_slave_1: entered promiscuous mode [ 64.535093][ T6529] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 64.538948][ T6529] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 64.551022][ T6529] team0: Port device team_slave_0 added [ 64.555291][ T6529] team0: Port device team_slave_1 added [ 64.564838][ T6529] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 64.566699][ T6529] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.573762][ T6529] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 64.577809][ T6529] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 64.579855][ T6529] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 64.586573][ T6529] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.640910][ T6529] hsr_slave_0: entered promiscuous mode [ 64.689636][ T6529] hsr_slave_1: entered promiscuous mode [ 65.335052][ T6529] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 65.370875][ T6529] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 65.401378][ T6529] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 65.442434][ T6529] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 65.520089][ T6529] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.528233][ T6529] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.533922][ T1691] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.535965][ T1691] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.551263][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.553209][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.573326][ T6529] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 65.642499][ T6529] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.664643][ T6529] veth0_vlan: entered promiscuous mode [ 65.671342][ T6529] veth1_vlan: entered promiscuous mode [ 65.687082][ T6529] veth0_macvtap: entered promiscuous mode [ 65.690767][ T6529] veth1_macvtap: entered promiscuous mode [ 65.698634][ T6529] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.705946][ T6529] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.709152][ T6529] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.712960][ T6529] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.715609][ T6529] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.717840][ T6529] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.758452][ T324] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.764575][ T324] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.775775][ T324] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.777883][ T324] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.919940][ T6634] FAULT_INJECTION: forcing a failure. [ 65.919940][ T6634] name failslab, interval 1, probability 0, space 0, times 1 [ 65.923561][ T6634] CPU: 0 PID: 6634 Comm: syz-executor.0 Not tainted 6.8.0-rc7-syzkaller-00135-g707081b61156 #0 [ 65.926256][ T6634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 65.928889][ T6634] Call trace: [ 65.929836][ T6634] dump_backtrace+0x1b8/0x1e4 [ 65.931121][ T6634] show_stack+0x2c/0x3c [ 65.932240][ T6634] dump_stack_lvl+0xd0/0x124 [ 65.933454][ T6634] dump_stack+0x1c/0x28 [ 65.934597][ T6634] should_fail_ex+0x3b0/0x50c [ 65.935819][ T6634] __should_failslab+0xc8/0x128 [ 65.937066][ T6634] should_failslab+0x10/0x28 [ 65.938298][ T6634] kmem_cache_alloc_node+0x88/0x4c0 [ 65.939652][ T6634] __alloc_skb+0x19c/0x3d8 [ 65.940831][ T6634] kcm_sendmsg+0x6c4/0x2124 [ 65.941989][ T6634] sock_sendmsg+0x220/0x2c0 [ 65.943218][ T6634] splice_to_socket+0x7cc/0xd58 [ 65.944552][ T6634] direct_splice_actor+0xec/0x1d8 [ 65.945853][ T6634] splice_direct_to_actor+0x438/0xa0c [ 65.947305][ T6634] do_splice_direct+0x1e4/0x304 [ 65.948626][ T6634] do_sendfile+0x460/0xb3c [ 65.949770][ T6634] __arm64_sys_sendfile64+0x160/0x3b4 [ 65.951225][ T6634] invoke_syscall+0x98/0x2b8 [ 65.952463][ T6634] el0_svc_common+0x130/0x23c [ 65.953692][ T6634] do_el0_svc+0x48/0x58 [ 65.954773][ T6634] el0_svc+0x54/0x168 [ 65.955838][ T6634] el0t_64_sync_handler+0x84/0xfc [ 65.957151][ T6634] el0t_64_sync+0x190/0x194 [ 66.032952][ T6633] ================================================================== [ 66.035140][ T6633] BUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 [ 66.037172][ T6633] Read of size 8 at addr ffff0000c63cc3c0 by task syz-executor.0/6633 [ 66.039341][ T6633] [ 66.039967][ T6633] CPU: 0 PID: 6633 Comm: syz-executor.0 Not tainted 6.8.0-rc7-syzkaller-00135-g707081b61156 #0 [ 66.042788][ T6633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 66.045414][ T6633] Call trace: [ 66.046294][ T6633] dump_backtrace+0x1b8/0x1e4 [ 66.047597][ T6633] show_stack+0x2c/0x3c [ 66.048716][ T6633] dump_stack_lvl+0xd0/0x124 [ 66.049957][ T6633] print_report+0x178/0x518 [ 66.051215][ T6633] kasan_report+0xd8/0x138 [ 66.052352][ T6633] __asan_report_load8_noabort+0x20/0x2c [ 66.053852][ T6633] kcm_release+0x170/0x4c8 [ 66.055048][ T6633] sock_close+0xa4/0x1e8 [ 66.056201][ T6633] __fput+0x30c/0x738 [ 66.057243][ T6633] __fput_sync+0x60/0x9c [ 66.058360][ T6633] __arm64_sys_close+0x150/0x1e0 [ 66.059601][ T6633] invoke_syscall+0x98/0x2b8 [ 66.060845][ T6633] el0_svc_common+0x130/0x23c [ 66.062032][ T6633] do_el0_svc+0x48/0x58 [ 66.063181][ T6633] el0_svc+0x54/0x168 [ 66.064212][ T6633] el0t_64_sync_handler+0x84/0xfc [ 66.065541][ T6633] el0t_64_sync+0x190/0x194 [ 66.066809][ T6633] [ 66.067431][ T6633] Allocated by task 6634: [ 66.068604][ T6633] kasan_save_track+0x40/0x78 [ 66.069885][ T6633] kasan_save_alloc_info+0x40/0x50 [ 66.071214][ T6633] __kasan_slab_alloc+0x74/0x8c [ 66.072501][ T6633] kmem_cache_alloc_node+0x204/0x4c0 [ 66.073943][ T6633] __alloc_skb+0x19c/0x3d8 [ 66.075118][ T6633] kcm_sendmsg+0x1d3c/0x2124 [ 66.076340][ T6633] sock_sendmsg+0x220/0x2c0 [ 66.077572][ T6633] splice_to_socket+0x7cc/0xd58 [ 66.078856][ T6633] direct_splice_actor+0xec/0x1d8 [ 66.080261][ T6633] splice_direct_to_actor+0x438/0xa0c [ 66.081773][ T6633] do_splice_direct+0x1e4/0x304 [ 66.083106][ T6633] do_sendfile+0x460/0xb3c [ 66.084326][ T6633] __arm64_sys_sendfile64+0x160/0x3b4 [ 66.085705][ T6633] invoke_syscall+0x98/0x2b8 [ 66.086902][ T6633] el0_svc_common+0x130/0x23c [ 66.088106][ T6633] do_el0_svc+0x48/0x58 [ 66.089261][ T6633] el0_svc+0x54/0x168 [ 66.090309][ T6633] el0t_64_sync_handler+0x84/0xfc [ 66.091633][ T6633] el0t_64_sync+0x190/0x194 [ 66.092836][ T6633] [ 66.093448][ T6633] Freed by task 6633: [ 66.094559][ T6633] kasan_save_track+0x40/0x78 [ 66.095804][ T6633] kasan_save_free_info+0x54/0x6c [ 66.097190][ T6633] poison_slab_object+0x124/0x18c [ 66.098509][ T6633] __kasan_slab_free+0x3c/0x70 [ 66.099773][ T6633] kmem_cache_free+0x15c/0x3d4 [ 66.100990][ T6633] kfree_skbmem+0x10c/0x19c [ 66.102188][ T6633] kfree_skb_reason+0x240/0x6f4 [ 66.103476][ T6633] kcm_release+0x104/0x4c8 [ 66.104678][ T6633] sock_close+0xa4/0x1e8 [ 66.105819][ T6633] __fput+0x30c/0x738 [ 66.106792][ T6633] __fput_sync+0x60/0x9c [ 66.107913][ T6633] __arm64_sys_close+0x150/0x1e0 [ 66.109268][ T6633] invoke_syscall+0x98/0x2b8 [ 66.110490][ T6633] el0_svc_common+0x130/0x23c [ 66.111676][ T6633] do_el0_svc+0x48/0x58 [ 66.112824][ T6633] el0_svc+0x54/0x168 [ 66.113875][ T6633] el0t_64_sync_handler+0x84/0xfc [ 66.115238][ T6633] el0t_64_sync+0x190/0x194 [ 66.116365][ T6633] [ 66.116967][ T6633] The buggy address belongs to the object at ffff0000c63cc3c0 [ 66.116967][ T6633] which belongs to the cache skbuff_head_cache of size 240 [ 66.120753][ T6633] The buggy address is located 0 bytes inside of [ 66.120753][ T6633] freed 240-byte region [ffff0000c63cc3c0, ffff0000c63cc4b0) [ 66.124331][ T6633] [ 66.124936][ T6633] The buggy address belongs to the physical page: [ 66.126675][ T6633] page:00000000f4c24677 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063cc [ 66.129397][ T6633] ksm flags: 0x5ffc00000000800(slab|node=0|zone=2|lastcpupid=0x7ff) [ 66.131517][ T6633] page_type: 0xffffffff() [ 66.132652][ T6633] raw: 05ffc00000000800 ffff0000c1bb5640 fffffdffc33e4600 0000000000000003 [ 66.134933][ T6633] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000 [ 66.137266][ T6633] page dumped because: kasan: bad access detected [ 66.138965][ T6633] [ 66.139583][ T6633] Memory state around the buggy address: [ 66.141060][ T6633] ffff0000c63cc280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.143273][ T6633] ffff0000c63cc300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 66.145441][ T6633] >ffff0000c63cc380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 66.147682][ T6633] ^ [ 66.149405][ T6633] ffff0000c63cc400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.151578][ T6633] ffff0000c63cc480: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 66.153758][ T6633] ================================================================== [ 66.159958][ T6633] Disabling lock debugging due to kernel taint [ 66.161782][ T6633] Unable to handle kernel paging request at virtual address e0d140760000033d [ 66.165135][ T6633] KASAN: maybe wild-memory-access in range [0x068e03b0000019e8-0x068e03b0000019ef] [ 66.167762][ T6633] Mem abort info: [ 66.168704][ T6633] ESR = 0x0000000096000004 [ 66.170760][ T6633] EC = 0x25: DABT (current EL), IL = 32 bits [ 66.172627][ T6633] SET = 0, FnV = 0 [ 66.173728][ T6633] EA = 0, S1PTW = 0 [ 66.174717][ T6633] FSC = 0x04: level 0 translation fault [ 66.176263][ T6633] Data abort info: [ 66.177243][ T6633] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 66.178970][ T6633] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 66.181077][ T6633] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 66.182826][ T6633] [e0d140760000033d] address between user and kernel address ranges [ 66.184994][ T6633] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 66.186854][ T6633] Modules linked in: [ 66.187885][ T6633] CPU: 0 PID: 6633 Comm: syz-executor.0 Tainted: G B 6.8.0-rc7-syzkaller-00135-g707081b61156 #0 [ 66.190966][ T6633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 66.193659][ T6633] pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 66.195755][ T6633] pc : kcm_release+0x1bc/0x4c8 [ 66.197039][ T6633] lr : kcm_release+0x1b4/0x4c8 [ 66.198350][ T6633] sp : ffff800097c77bc0 [ 66.199500][ T6633] x29: ffff800097c77be0 x28: 1fffe00019d0a201 x27: 1fffe00019d0a203 [ 66.201674][ T6633] x26: dfff800000000000 x25: ffff0000c82e3308 x24: 068e03b0000019e9 [ 66.203866][ T6633] x23: ffff0000c63cc3c0 x22: ffff0000ce851018 x21: ffff0000ce851008 [ 66.206002][ T6633] x20: ffff0000ce850d80 x19: ffff0000c82e3300 x18: 1fffe000367fff96 [ 66.208146][ T6633] x17: ffff80008ec9d000 x16: ffff8000809fd7b4 x15: ffff600018c79878 [ 66.210316][ T6633] x14: 1fffe00018c79878 x13: 00000000000000fa x12: fffffffffffffffe [ 66.212460][ T6633] x11: ffff600018c79878 x10: 1fffe00018c79879 x9 : ffff800093486880 [ 66.214592][ T6633] x8 : 00d1c0760000033d x7 : 0000000000000000 x6 : ffff800080297c0c [ 66.216800][ T6633] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff80008a176148 [ 66.218920][ T6633] x2 : 0000000000000001 x1 : 0000000000000008 x0 : 0000000000000000 [ 66.221041][ T6633] Call trace: [ 66.221897][ T6633] kcm_release+0x1bc/0x4c8 [ 66.223046][ T6633] sock_close+0xa4/0x1e8 [ 66.224181][ T6633] __fput+0x30c/0x738 [ 66.225274][ T6633] __fput_sync+0x60/0x9c [ 66.226368][ T6633] __arm64_sys_close+0x150/0x1e0 [ 66.227690][ T6633] invoke_syscall+0x98/0x2b8 [ 66.228959][ T6633] el0_svc_common+0x130/0x23c [ 66.230206][ T6633] do_el0_svc+0x48/0x58 [ 66.231377][ T6633] el0_svc+0x54/0x168 [ 66.232510][ T6633] el0t_64_sync_handler+0x84/0xfc [ 66.233798][ T6633] el0t_64_sync+0x190/0x194 [ 66.235010][ T6633] Code: aa1903e0 9776b49f d343ff08 f9000338 (387a6908) [ 66.236856][ T6633] ---[ end trace 0000000000000000 ]--- [ 66.585942][ T6633] Kernel panic - not syncing: Oops: Fatal exception [ 66.587725][ T6633] SMP: stopping secondary CPUs [ 66.588987][ T6633] Kernel Offset: disabled [ 66.590058][ T6633] CPU features: 0x0,00000081,c0080094,42017203 [ 66.591692][ T6633] Memory Limit: none [ 66.957646][ T6633] Rebooting in 86400 seconds..