Warning: Permanently added '10.128.1.112' (ED25519) to the list of known hosts. 1970/01/01 00:01:06 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:06 ignoring optional flag "type"="gce" 1970/01/01 00:01:06 parsed 1 programs [ 67.027307][ T4317] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS 1970/01/01 00:01:07 executed programs: 0 [ 67.159818][ T4331] chnl_net:caif_netlink_parms(): no params data found [ 67.192628][ T4331] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.194705][ T4331] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.197558][ T4331] device bridge_slave_0 entered promiscuous mode [ 67.201017][ T4331] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.203032][ T4331] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.205553][ T4331] device bridge_slave_1 entered promiscuous mode [ 67.219970][ T4331] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.224269][ T4331] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.239580][ T4331] team0: Port device team_slave_0 added [ 67.242765][ T4331] team0: Port device team_slave_1 added [ 67.254816][ T4331] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.257079][ T4331] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.264217][ T4331] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.268614][ T4331] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.270536][ T4331] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.277689][ T4331] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.337146][ T4331] device hsr_slave_0 entered promiscuous mode [ 67.375396][ T4331] device hsr_slave_1 entered promiscuous mode [ 68.197866][ T4331] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 68.228877][ T4331] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 68.287047][ T4331] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 68.327715][ T4331] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 68.423018][ T4331] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.433604][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.437895][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.443477][ T4331] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.451091][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 68.453867][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.457982][ T550] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.460005][ T550] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.471991][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 68.474771][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 68.478402][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 68.481080][ T550] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.483077][ T550] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.488104][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 68.501343][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 68.504252][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 68.508370][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 68.511233][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 68.514030][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 68.524728][ T4331] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 68.528028][ T4331] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 68.532124][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 68.534709][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 68.538946][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 68.542079][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 68.544776][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 68.552097][ T550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 68.628207][ T4331] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 68.631017][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 68.633183][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 68.649118][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 68.651920][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 68.664406][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 68.668549][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 68.671498][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 68.674467][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 68.679744][ T4331] device veth0_vlan entered promiscuous mode [ 68.689435][ T4331] device veth1_vlan entered promiscuous mode [ 68.704713][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 68.709346][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 68.712017][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 68.715570][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 68.720398][ T4331] device veth0_macvtap entered promiscuous mode [ 68.724453][ T4331] device veth1_macvtap entered promiscuous mode [ 68.740064][ T4331] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.742135][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 68.744695][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 68.750096][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 68.752842][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 68.758861][ T4331] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.760900][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 68.763557][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 68.769694][ T4331] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.772196][ T4331] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.774681][ T4331] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.777866][ T4331] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.828047][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.830364][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.833557][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.851126][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.853385][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.857518][ T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 69.156001][ T3324] Bluetooth: hci0: command 0x0409 tx timeout [ 69.627761][ T2057] ieee802154 phy0 wpan0: encryption failed: -22 [ 69.629681][ T2057] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.225758][ T3324] Bluetooth: hci0: command 0x041b tx timeout 1970/01/01 00:01:12 executed programs: 100 [ 73.305860][ T3324] Bluetooth: hci0: command 0x040f tx timeout [ 74.746501][ T21] cfg80211: failed to load regulatory.db [ 75.395384][ T4048] Bluetooth: hci0: command 0x0419 tx timeout 1970/01/01 00:01:17 executed programs: 291 1970/01/01 00:01:22 executed programs: 528 1970/01/01 00:01:27 executed programs: 766 1970/01/01 00:01:32 executed programs: 1009 1970/01/01 00:01:37 executed programs: 1245 1970/01/01 00:01:42 executed programs: 1487 1970/01/01 00:01:47 executed programs: 1726 1970/01/01 00:01:52 executed programs: 1985 1970/01/01 00:01:57 executed programs: 2252 1970/01/01 00:02:02 executed programs: 2515 [ 124.425199][ C1] IPv4: Attempt to release TCP socket in state 8 000000003b46c13b [ 124.427847][ C1] [ 124.428496][ C1] ========================= [ 124.429767][ C1] WARNING: held lock freed! [ 124.431048][ C1] 5.15.182-syzkaller #0 Not tainted [ 124.432477][ C1] ------------------------- [ 124.433780][ C1] syz-executor.0/9941 is freeing memory ffff0000dbdd9700-ffff0000dbdda1df, with a lock still held there! [ 124.436858][ C1] ffff0000dbdd9820 (sk_lock-AF_INET){+.+.}-{0:0}, at: inet_sendmsg+0x154/0x284 [ 124.439406][ C1] 2 locks held by syz-executor.0/9941: [ 124.440986][ C1] #0: ffff0000dbdd9820 (sk_lock-AF_INET){+.+.}-{0:0}, at: inet_sendmsg+0x154/0x284 [ 124.443689][ C1] #1: ffff800008017b80 ((&msk->sk.icsk_retransmit_timer)){+.-.}-{0:0}, at: call_timer_fn+0xd0/0x858 [ 124.446790][ C1] [ 124.446790][ C1] stack backtrace: [ 124.448443][ C1] CPU: 1 PID: 9941 Comm: syz-executor.0 Not tainted 5.15.182-syzkaller #0 [ 124.450812][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 124.453673][ C1] Call trace: [ 124.454623][ C1] dump_backtrace+0x0/0x43c [ 124.455901][ C1] show_stack+0x2c/0x3c [ 124.457086][ C1] __dump_stack+0x30/0x40 [ 124.458377][ C1] dump_stack_lvl+0xf8/0x160 [ 124.459621][ C1] dump_stack+0x1c/0x5c [ 124.460694][ C1] debug_check_no_locks_freed+0x20c/0x2a0 [ 124.462252][ C1] slab_free_freelist_hook+0x88/0x1e8 [ 124.463784][ C1] kmem_cache_free+0xdc/0x3b4 [ 124.465057][ C1] __sk_destruct+0x40c/0x604 [ 124.466369][ C1] __sk_free+0x320/0x430 [ 124.467498][ C1] sk_free+0x68/0xdc [ 124.468575][ C1] mptcp_retransmit_timer+0x190/0x2b4 [ 124.470089][ C1] call_timer_fn+0x19c/0x858 [ 124.471348][ C1] __run_timers+0x46c/0x6c4 [ 124.472577][ C1] run_timer_softirq+0x7c/0x114 [ 124.473890][ C1] handle_softirqs+0x344/0xbf0 [ 124.475255][ C1] __irq_exit_rcu+0x240/0x440 [ 124.476573][ C1] irq_exit+0x14/0x88 [ 124.477632][ C1] handle_domain_irq+0x14c/0x1fc [ 124.479055][ C1] gic_handle_irq+0x78/0x1c8 [ 124.480365][ C1] call_on_irq_stack+0x24/0x4c [ 124.481683][ C1] do_interrupt_handler+0x6c/0x88 [ 124.483114][ C1] el1_interrupt+0x30/0x58 [ 124.484343][ C1] el1h_64_irq_handler+0x18/0x24 [ 124.485684][ C1] el1h_64_irq+0x78/0x7c [ 124.486866][ C1] _raw_spin_unlock_irqrestore+0xb8/0x14c [ 124.488435][ C1] __mod_timer+0x6e8/0xb44 [ 124.489654][ C1] mod_timer+0x2c/0x3c [ 124.490775][ C1] sk_reset_timer+0x30/0xfc [ 124.492059][ C1] __mptcp_push_pending+0x528/0x630 [ 124.493483][ C1] mptcp_sendmsg+0x14dc/0x19ec [ 124.494734][ C1] inet_sendmsg+0x154/0x284 [ 124.495965][ C1] ____sys_sendmsg+0x61c/0x920 [ 124.497293][ C1] ___sys_sendmsg+0x1d0/0x240 [ 124.498654][ C1] __arm64_sys_sendmsg+0x1a8/0x254 [ 124.500072][ C1] invoke_syscall+0x98/0x2b8 [ 124.501316][ C1] el0_svc_common+0x138/0x258 [ 124.502600][ C1] do_el0_svc+0x58/0x14c [ 124.503816][ C1] el0_svc+0x78/0x1e0 [ 124.504994][ C1] el0t_64_sync_handler+0xcc/0xe4 [ 124.506372][ C1] el0t_64_sync+0x1a0/0x1a4 [ 124.509720][ T9941] ------------[ cut here ]------------ [ 124.511277][ T9941] refcount_t: addition on 0; use-after-free. [ 124.513140][ T9941] WARNING: CPU: 1 PID: 9941 at lib/refcount.c:25 refcount_warn_saturate+0x134/0x1f8 [ 124.515730][ T9941] Modules linked in: [ 124.516813][ T9941] CPU: 1 PID: 9941 Comm: syz-executor.0 Not tainted 5.15.182-syzkaller #0 [ 124.519250][ T9941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 124.522016][ T9941] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 124.524164][ T9941] pc : refcount_warn_saturate+0x134/0x1f8 [ 124.525817][ T9941] lr : refcount_warn_saturate+0x134/0x1f8 [ 124.527390][ T9941] sp : ffff800021f874b0 [ 124.528579][ T9941] x29: ffff800021f874b0 x28: 00000000000000d0 x27: 0000000000000000 [ 124.530777][ T9941] x26: ffff0000d82c8170 x25: 0000000000000000 x24: ffff0000dbdd9f48 [ 124.533016][ T9941] x23: dfff800000000000 x22: ffff7000043f0eac x21: ffff0000dbdd9db0 [ 124.535320][ T9941] x20: ffff0000dbdd9780 x19: ffff80001658e000 x18: 0000000000000001 [ 124.537501][ T9941] x17: 0000000000000000 x16: ffff8000111a53fc x15: 00000000ffffffff [ 124.539701][ T9941] x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 [ 124.541861][ T9941] x11: 0000000000000000 x10: 0000000000000000 x9 : 9336b0b9370aca00 [ 124.544181][ T9941] x8 : 9336b0b9370aca00 x7 : 0000000000000001 x6 : 0000000000000001 [ 124.546364][ T9941] x5 : ffff800021f86d98 x4 : ffff80001422f280 x3 : ffff800008503828 [ 124.548519][ T9941] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 000000000000002a [ 124.550787][ T9941] Call trace: [ 124.551719][ T9941] refcount_warn_saturate+0x134/0x1f8 [ 124.553287][ T9941] sk_reset_timer+0xcc/0xfc [ 124.554514][ T9941] __mptcp_push_pending+0x528/0x630 [ 124.555974][ T9941] mptcp_sendmsg+0x14dc/0x19ec [ 124.557320][ T9941] inet_sendmsg+0x154/0x284 [ 124.558554][ T9941] ____sys_sendmsg+0x61c/0x920 [ 124.559888][ T9941] ___sys_sendmsg+0x1d0/0x240 [ 124.561169][ T9941] __arm64_sys_sendmsg+0x1a8/0x254 [ 124.562590][ T9941] invoke_syscall+0x98/0x2b8 [ 124.563889][ T9941] el0_svc_common+0x138/0x258 [ 124.565226][ T9941] do_el0_svc+0x58/0x14c [ 124.566374][ T9941] el0_svc+0x78/0x1e0 [ 124.567475][ T9941] el0t_64_sync_handler+0xcc/0xe4 [ 124.568863][ T9941] el0t_64_sync+0x1a0/0x1a4 [ 124.570164][ T9941] irq event stamp: 1582 [ 124.571268][ T9941] hardirqs last enabled at (1582): [] kasan_quarantine_put+0xc4/0x204 [ 124.574007][ T9941] hardirqs last disabled at (1581): [] kasan_quarantine_put+0x108/0x204 [ 124.576734][ T9941] softirqs last enabled at (1546): [] mptcp_sendmsg+0xccc/0x19ec [ 124.579357][ T9941] softirqs last disabled at (1551): [] __irq_exit_rcu+0x240/0x440 [ 124.581920][ T9941] ---[ end trace 35bd823fe42c9bbe ]--- [ 124.585970][ T9940] ------------[ cut here ]------------ [ 124.587479][ T9940] refcount_t: saturated; leaking memory. [ 124.589313][ T9940] WARNING: CPU: 1 PID: 9940 at lib/refcount.c:22 refcount_warn_saturate+0x1b4/0x1f8 [ 124.591837][ T9940] Modules linked in: [ 124.592856][ T9940] CPU: 1 PID: 9940 Comm: syz-executor.0 Tainted: G W 5.15.182-syzkaller #0 [ 124.595466][ T9940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 124.598273][ T9940] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 124.600439][ T9940] pc : refcount_warn_saturate+0x1b4/0x1f8 [ 124.602009][ T9940] lr : refcount_warn_saturate+0x1b4/0x1f8 [ 124.603565][ T9940] sp : ffff8000223079a0 [ 124.604709][ T9940] x29: ffff8000223079a0 x28: ffff0000e21491a0 x27: 1fffe0001b6375e5 [ 124.606891][ T9940] x26: ffff0000dbdd9700 x25: ffff8000140cf000 x24: 1ffff00002819e30 [ 124.609098][ T9940] x23: ffff0000dbdda0c8 x22: 00000000c0000000 x21: ffff0000dbdd9780 [ 124.611358][ T9940] x20: ffff0000dbdd9780 x19: ffff80001658e000 x18: 0000000000000001 [ 124.613555][ T9940] x17: 0000000000000000 x16: ffff8000111a53fc x15: 00000000ffffffff [ 124.615805][ T9940] x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 [ 124.617983][ T9940] x11: 0000000000000000 x10: 0000000000000000 x9 : a9febfc1b421fb00 [ 124.620283][ T9940] x8 : a9febfc1b421fb00 x7 : 0000000000000001 x6 : 0000000000000001 [ 124.622456][ T9940] x5 : ffff800022307298 x4 : ffff80001422f280 x3 : ffff800008503828 [ 124.624737][ T9940] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000026 [ 124.626999][ T9940] Call trace: [ 124.627870][ T9940] refcount_warn_saturate+0x1b4/0x1f8 [ 124.629368][ T9940] mptcp_close+0x738/0xa04 [ 124.630595][ T9940] inet_release+0x154/0x1d0 [ 124.631932][ T9940] sock_close+0xb4/0x1f8 [ 124.633147][ T9940] __fput+0x1c0/0x7f8 [ 124.634254][ T9940] ____fput+0x20/0x30 [ 124.635367][ T9940] task_work_run+0x12c/0x1e0 [ 124.636645][ T9940] do_notify_resume+0x24b4/0x3128 [ 124.638080][ T9940] el0_svc+0xf0/0x1e0 [ 124.639180][ T9940] el0t_64_sync_handler+0xcc/0xe4 [ 124.640574][ T9940] el0t_64_sync+0x1a0/0x1a4 [ 124.641840][ T9940] irq event stamp: 1418 [ 124.643040][ T9940] hardirqs last enabled at (1417): [] _raw_spin_unlock_irqrestore+0xa8/0x14c [ 124.645903][ T9940] hardirqs last disabled at (1418): [] __schedule+0x2ec/0x1c0c [ 124.648436][ T9940] softirqs last enabled at (1044): [] local_bh_enable+0x10/0x34 [ 124.651027][ T9940] softirqs last disabled at (1042): [] local_bh_disable+0x10/0x34 [ 124.653609][ T9940] ---[ end trace 35bd823fe42c9bbf ]--- [ 124.656251][ T9940] ------------[ cut here ]------------ [ 124.657788][ T9940] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: mptcp_retransmit_timer+0x0/0x2b4 [ 124.661466][ T9940] WARNING: CPU: 1 PID: 9940 at lib/debugobjects.c:521 debug_print_object+0x148/0x1d4 [ 124.664060][ T9940] Modules linked in: [ 124.665093][ T9940] CPU: 1 PID: 9940 Comm: syz-executor.0 Tainted: G W 5.15.182-syzkaller #0 [ 124.667798][ T9940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 124.670506][ T9940] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 124.672639][ T9940] pc : debug_print_object+0x148/0x1d4 [ 124.674125][ T9940] lr : debug_print_object+0x148/0x1d4 [ 124.675579][ T9940] sp : ffff800022307790 [ 124.676727][ T9940] x29: ffff800022307790 x28: dfff800000000000 x27: 0000000000000000 [ 124.678874][ T9940] x26: ffff800014150000 x25: ffff80000837c92c x24: dfff800000000000 [ 124.681125][ T9940] x23: 0000000000000000 x22: ffff8000110950d8 x21: ffff8000117aa020 [ 124.683395][ T9940] x20: ffff800011312ce0 x19: ffff8000117a9b60 x18: 0000000000000001 [ 124.685552][ T9940] x17: 0000000000000000 x16: ffff8000111a53fc x15: 00000000ffffffff [ 124.687813][ T9940] x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 [ 124.690050][ T9940] x11: 0000000000000000 x10: 0000000000000000 x9 : a9febfc1b421fb00 [ 124.692234][ T9940] x8 : a9febfc1b421fb00 x7 : 0000000000000001 x6 : 0000000000000001 [ 124.694458][ T9940] x5 : ffff800022307078 x4 : ffff80001422f280 x3 : ffff800008503828 [ 124.696673][ T9940] x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000071 [ 124.698886][ T9940] Call trace: [ 124.699759][ T9940] debug_print_object+0x148/0x1d4 [ 124.701202][ T9940] debug_object_assert_init+0x24c/0x2c4 [ 124.702724][ T9940] del_timer+0x48/0x1e4 [ 124.703860][ T9940] sk_stop_timer+0x24/0xd4 [ 124.705095][ T9940] __mptcp_destroy_sock+0x284/0x610 [ 124.706520][ T9940] mptcp_close+0x5b8/0xa04 [ 124.707698][ T9940] inet_release+0x154/0x1d0 [ 124.708972][ T9940] sock_close+0xb4/0x1f8 [ 124.710104][ T9940] __fput+0x1c0/0x7f8 [ 124.711190][ T9940] ____fput+0x20/0x30 [ 124.712269][ T9940] task_work_run+0x12c/0x1e0 [ 124.713532][ T9940] do_notify_resume+0x24b4/0x3128 [ 124.714919][ T9940] el0_svc+0xf0/0x1e0 [ 124.715972][ T9940] el0t_64_sync_handler+0xcc/0xe4 [ 124.717334][ T9940] el0t_64_sync+0x1a0/0x1a4 [ 124.718582][ T9940] irq event stamp: 1418 [ 124.719690][ T9940] hardirqs last enabled at (1417): [] _raw_spin_unlock_irqrestore+0xa8/0x14c [ 124.722624][ T9940] hardirqs last disabled at (1418): [] __schedule+0x2ec/0x1c0c [ 124.725140][ T9940] softirqs last enabled at (1044): [] local_bh_enable+0x10/0x34 [ 124.727742][ T9940] softirqs last disabled at (1042): [] local_bh_disable+0x10/0x34 [ 124.730517][ T9940] ---[ end trace 35bd823fe42c9bc0 ]--- [ 124.732343][ T9940] ------------[ cut here ]------------ [ 124.733805][ T9940] ODEBUG: assert_init not available (active state 0) object type: timer_list hint: mptcp_tout_timer+0x0/0xe8 [ 124.737415][ T9940] WARNING: CPU: 1 PID: 9940 at lib/debugobjects.c:521 debug_print_object+0x148/0x1d4 [ 124.740029][ T9940] Modules linked in: [ 124.741124][ T9940] CPU: 1 PID: 9940 Comm: syz-executor.0 Tainted: G W 5.15.182-syzkaller #0 [ 124.743818][ T9940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 124.746681][ T9940] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 124.748868][ T9940] pc : debug_print_object+0x148/0x1d4 [ 124.750314][ T9940] lr : debug_print_object+0x148/0x1d4 [ 124.751790][ T9940] sp : ffff800022307790 [ 124.753003][ T9940] x29: ffff800022307790 x28: dfff800000000000 x27: 0000000000000001 [ 124.755220][ T9940] x26: ffff800014150000 x25: ffff80000837c92c x24: dfff800000000000 [ 124.757409][ T9940] x23: 0000000000000000 x22: ffff80001109538c x21: ffff8000117aa020 [ 124.759576][ T9940] x20: ffff800011312ce0 x19: ffff8000117a9b60 x18: 0000000000000001 [ 124.761756][ T9940] x17: 0000000000000000 x16: ffff8000111a53fc x15: 00000000ffffffff [ 124.763996][ T9940] x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 [ 124.766217][ T9940] x11: 0000000000000000 x10: 0000000000000000 x9 : a9febfc1b421fb00 [ 124.768446][ T9940] x8 : a9febfc1b421fb00 x7 : 0000000000000001 x6 : 0000000000000001 [ 124.770637][ T9940] x5 : ffff800022307078 x4 : ffff80001422f280 x3 : ffff80000a731dc4 [ 124.772978][ T9940] x2 : ffff0001a111cd10 x1 : 0000000100000000 x0 : 000000000000006a [ 124.775230][ T9940] Call trace: [ 124.776158][ T9940] debug_print_object+0x148/0x1d4 [ 124.777498][ T9940] debug_object_assert_init+0x24c/0x2c4 [ 124.779063][ T9940] del_timer+0x48/0x1e4 [ 124.780193][ T9940] sk_stop_timer+0x24/0xd4 [ 124.781438][ T9940] __mptcp_destroy_sock+0x290/0x610 [ 124.782851][ T9940] mptcp_close+0x5b8/0xa04 [ 124.784087][ T9940] inet_release+0x154/0x1d0 [ 124.785341][ T9940] sock_close+0xb4/0x1f8 [ 124.786577][ T9940] __fput+0x1c0/0x7f8 [ 124.787633][ T9940] ____fput+0x20/0x30 [ 124.788774][ T9940] task_work_run+0x12c/0x1e0 [ 124.790006][ T9940] do_notify_resume+0x24b4/0x3128 [ 124.791336][ T9940] el0_svc+0xf0/0x1e0 [ 124.792418][ T9940] el0t_64_sync_handler+0xcc/0xe4 [ 124.793843][ T9940] el0t_64_sync+0x1a0/0x1a4 [ 124.795135][ T9940] irq event stamp: 1418 [ 124.796278][ T9940] hardirqs last enabled at (1417): [] _raw_spin_unlock_irqrestore+0xa8/0x14c [ 124.799180][ T9940] hardirqs last disabled at (1418): [] __schedule+0x2ec/0x1c0c [ 124.801776][ T9940] softirqs last enabled at (1044): [] local_bh_enable+0x10/0x34 [ 124.804359][ T9940] softirqs last disabled at (1042): [] local_bh_disable+0x10/0x34 [ 124.806899][ T9940] ---[ end trace 35bd823fe42c9bc1 ]--- [ 124.808973][ T9940] ------------[ cut here ]------------ [ 124.810492][ T9940] refcount_t: underflow; use-after-free. [ 124.812383][ T9940] WARNING: CPU: 1 PID: 9940 at lib/refcount.c:28 refcount_warn_saturate+0x154/0x1f8 [ 124.815061][ T9940] Modules linked in: [ 124.816170][ T9940] CPU: 1 PID: 9940 Comm: syz-executor.0 Tainted: G W 5.15.182-syzkaller #0 [ 124.819064][ T9940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 124.821953][ T9940] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 124.824128][ T9940] pc : refcount_warn_saturate+0x154/0x1f8 [ 124.825719][ T9940] lr : refcount_warn_saturate+0x154/0x1f8 [ 124.827355][ T9940] sp : ffff8000223078c0 [ 124.828531][ T9940] x29: ffff8000223078c0 x28: dfff800000000000 x27: 1ffff00004460f20 [ 124.830797][ T9940] x26: ffff0000dbdd9700 x25: 1fffe0001b7bb419 x24: ffff0000dbdda0c8 [ 124.833056][ T9940] x23: ffff0000dbdda0f0 x22: 0000000000000000 x21: 00000000c0000000 [ 124.835247][ T9940] x20: ffff0000dbdd9780 x19: ffff80001658e000 x18: 0000000000000001 [ 124.837457][ T9940] x17: 0000000000000000 x16: ffff8000111a53fc x15: 00000000ffffffff [ 124.839642][ T9940] x14: 0000000000ff0100 x13: 0000000000000001 x12: 0000000000ff0100 [ 124.841886][ T9940] x11: 0000000000000000 x10: 0000000000000000 x9 : a9febfc1b421fb00 [ 124.844199][ T9940] x8 : a9febfc1b421fb00 x7 : 0000000000000001 x6 : 0000000000000001 [ 124.846440][ T9940] x5 : ffff8000223071b8 x4 : ffff80001422f280 x3 : ffff80000a731dc4 [ 124.848665][ T9940] x2 : ffff0001a111cd10 x1 : 0000000100000000 x0 : 0000000000000026 [ 124.850862][ T9940] Call trace: [ 124.851798][ T9940] refcount_warn_saturate+0x154/0x1f8 [ 124.853402][ T9940] __mptcp_destroy_sock+0x564/0x610 [ 124.854781][ T9940] mptcp_close+0x5b8/0xa04 [ 124.856034][ T9940] inet_release+0x154/0x1d0 [ 124.857201][ T9940] sock_close+0xb4/0x1f8 [ 124.858328][ T9940] __fput+0x1c0/0x7f8 [ 124.859432][ T9940] ____fput+0x20/0x30 [ 124.860530][ T9940] task_work_run+0x12c/0x1e0 [ 124.861854][ T9940] do_notify_resume+0x24b4/0x3128 [ 124.863677][ T9940] el0_svc+0xf0/0x1e0 [ 124.864803][ T9940] el0t_64_sync_handler+0xcc/0xe4 [ 124.866171][ T9940] el0t_64_sync+0x1a0/0x1a4 [ 124.867449][ T9940] irq event stamp: 1418 [ 124.868593][ T9940] hardirqs last enabled at (1417): [] _raw_spin_unlock_irqrestore+0xa8/0x14c [ 124.871476][ T9940] hardirqs last disabled at (1418): [] __schedule+0x2ec/0x1c0c [ 124.874030][ T9940] softirqs last enabled at (1044): [] local_bh_enable+0x10/0x34 [ 124.876688][ T9940] softirqs last disabled at (1042): [] local_bh_disable+0x10/0x34 [ 124.879385][ T9940] ---[ end trace 35bd823fe42c9bc2 ]--- 1970/01/01 00:02:07 executed programs: 2799 [ 131.066859][ T2057] ieee802154 phy0 wpan0: encryption failed: -22 [ 131.068792][ T2057] ieee802154 phy1 wpan1: encryption failed: -22 1970/01/01 00:02:12 executed programs: 3158