Warning: Permanently added '10.128.0.171' (ED25519) to the list of known hosts. 1970/01/01 00:00:58 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:00:59 parsed 1 programs 1970/01/01 00:00:59 executed programs: 0 [ 59.180157][ T5563] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 59.183173][ T5563] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 59.185818][ T5563] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 59.188531][ T5563] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 59.190699][ T5563] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 59.192678][ T5563] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 59.262961][ T6345] chnl_net:caif_netlink_parms(): no params data found [ 59.289536][ T6345] bridge0: port 1(bridge_slave_0) entered blocking state [ 59.291513][ T6345] bridge0: port 1(bridge_slave_0) entered disabled state [ 59.293482][ T6345] bridge_slave_0: entered allmulticast mode [ 59.295581][ T6345] bridge_slave_0: entered promiscuous mode [ 59.298903][ T6345] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.300851][ T6345] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.302769][ T6345] bridge_slave_1: entered allmulticast mode [ 59.304828][ T6345] bridge_slave_1: entered promiscuous mode [ 59.316398][ T6345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 59.320180][ T6345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 59.333478][ T6345] team0: Port device team_slave_0 added [ 59.336379][ T6345] team0: Port device team_slave_1 added [ 59.346149][ T6345] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 59.347993][ T6345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.354433][ T6345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 59.358880][ T6345] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 59.360732][ T6345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 59.367757][ T6345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 59.426902][ T6345] hsr_slave_0: entered promiscuous mode [ 59.465685][ T6345] hsr_slave_1: entered promiscuous mode [ 60.078796][ T6345] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 60.117011][ T6345] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 60.156844][ T6345] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 60.198623][ T6345] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 60.264971][ T6345] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.266931][ T6345] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.268815][ T6345] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.270611][ T6345] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.274218][ T22] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.277456][ T22] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.313457][ T6345] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.323090][ T6345] 8021q: adding VLAN 0 to HW filter on device team0 [ 60.329518][ T6008] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.331325][ T6008] bridge0: port 1(bridge_slave_0) entered forwarding state [ 60.339232][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.341040][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 60.450687][ T6345] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 60.474076][ T6345] veth0_vlan: entered promiscuous mode [ 60.487328][ T6345] veth1_vlan: entered promiscuous mode [ 60.507075][ T6345] veth0_macvtap: entered promiscuous mode [ 60.510806][ T6345] veth1_macvtap: entered promiscuous mode [ 60.520704][ T6345] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 60.527910][ T6345] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 60.532536][ T6345] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.534663][ T6345] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.538863][ T6345] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.541148][ T6345] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 60.579164][ T22] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.581265][ T22] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.593935][ T6008] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 60.598446][ T6008] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 60.654446][ T6423] loop0: detected capacity change from 0 to 64 [ 60.661110][ T6423] hfs: unable to locate alternate MDB [ 60.662772][ T6423] hfs: continuing without an alternate MDB [ 60.670143][ T6423] ================================================================== [ 60.672353][ T6423] BUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x310/0x454 [ 60.674540][ T6423] Write of size 256 at addr ffff0000de848e00 by task syz-executor.0/6423 [ 60.676838][ T6423] [ 60.677471][ T6423] CPU: 0 PID: 6423 Comm: syz-executor.0 Not tainted 6.5.0-rc7-syzkaller-00071-gfe4469582053 #0 [ 60.680389][ T6423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 60.683277][ T6423] Call trace: [ 60.684188][ T6423] dump_backtrace+0x1b8/0x1e4 [ 60.685502][ T6423] show_stack+0x2c/0x44 [ 60.686644][ T6423] dump_stack_lvl+0xd0/0x124 [ 60.687883][ T6423] print_report+0x174/0x514 [ 60.689137][ T6423] kasan_report+0xd8/0x138 [ 60.690366][ T6423] kasan_check_range+0x254/0x294 [ 60.691709][ T6423] __asan_memcpy+0x54/0x84 [ 60.692939][ T6423] hfs_bnode_read_key+0x310/0x454 [ 60.694316][ T6423] hfs_brec_insert+0x508/0x97c [ 60.695668][ T6423] hfs_cat_create+0x4f0/0x844 [ 60.696968][ T6423] hfs_create+0x70/0xe4 [ 60.698021][ T6423] path_openat+0xf80/0x27f8 [ 60.699221][ T6423] do_filp_open+0x1bc/0x3cc [ 60.700438][ T6423] do_sys_openat2+0x124/0x1b8 [ 60.701664][ T6423] __arm64_sys_openat+0x1f0/0x240 [ 60.702984][ T6423] invoke_syscall+0x98/0x2b8 [ 60.704182][ T6423] el0_svc_common+0x130/0x23c [ 60.705478][ T6423] do_el0_svc+0x48/0x58 [ 60.706574][ T6423] el0_svc+0x58/0x16c [ 60.707654][ T6423] el0t_64_sync_handler+0x84/0xfc [ 60.709034][ T6423] el0t_64_sync+0x190/0x194 [ 60.710238][ T6423] [ 60.710835][ T6423] Allocated by task 6423: [ 60.711996][ T6423] kasan_set_track+0x4c/0x7c [ 60.713207][ T6423] kasan_save_alloc_info+0x24/0x30 [ 60.714658][ T6423] __kasan_kmalloc+0xac/0xc4 [ 60.715909][ T6423] __kmalloc+0xcc/0x1b8 [ 60.717034][ T6423] hfs_find_init+0x88/0x1c8 [ 60.718190][ T6423] hfs_cat_create+0x168/0x844 [ 60.719527][ T6423] hfs_create+0x70/0xe4 [ 60.720596][ T6423] path_openat+0xf80/0x27f8 [ 60.721809][ T6423] do_filp_open+0x1bc/0x3cc [ 60.723080][ T6423] do_sys_openat2+0x124/0x1b8 [ 60.724277][ T6423] __arm64_sys_openat+0x1f0/0x240 [ 60.725634][ T6423] invoke_syscall+0x98/0x2b8 [ 60.726869][ T6423] el0_svc_common+0x130/0x23c [ 60.728168][ T6423] do_el0_svc+0x48/0x58 [ 60.729258][ T6423] el0_svc+0x58/0x16c [ 60.730365][ T6423] el0t_64_sync_handler+0x84/0xfc [ 60.731654][ T6423] el0t_64_sync+0x190/0x194 [ 60.732852][ T6423] [ 60.733496][ T6423] The buggy address belongs to the object at ffff0000de848e00 [ 60.733496][ T6423] which belongs to the cache kmalloc-96 of size 96 [ 60.737152][ T6423] The buggy address is located 0 bytes inside of [ 60.737152][ T6423] allocated 78-byte region [ffff0000de848e00, ffff0000de848e4e) [ 60.740851][ T6423] [ 60.741498][ T6423] The buggy address belongs to the physical page: [ 60.743233][ T6423] page:00000000922e9e65 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff0000de848f00 pfn:0x11e848 [ 60.746269][ T6423] anon flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 60.748335][ T6423] page_type: 0xffffffff() [ 60.749493][ T6423] raw: 05ffc00000000200 ffff0000c0001780 0000000000000000 0000000000000001 [ 60.751709][ T6423] raw: ffff0000de848f00 000000008020001e 00000001ffffffff 0000000000000000 [ 60.753989][ T6423] page dumped because: kasan: bad access detected [ 60.755721][ T6423] [ 60.756337][ T6423] Memory state around the buggy address: [ 60.757869][ T6423] ffff0000de848d00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 60.759986][ T6423] ffff0000de848d80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 60.762186][ T6423] >ffff0000de848e00: 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc fc [ 60.764233][ T6423] ^ [ 60.765946][ T6423] ffff0000de848e80: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 60.768152][ T6423] ffff0000de848f00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 60.770321][ T6423] ================================================================== [ 60.782012][ T6423] Disabling lock debugging due to kernel taint [ 60.803125][ T6435] loop0: detected capacity change from 0 to 64 [ 60.806726][ T6435] hfs: unable to locate alternate MDB [ 60.808142][ T6435] hfs: continuing without an alternate MDB [ 60.827816][ T6439] loop0: detected capacity change from 0 to 64 [ 60.834381][ T6439] hfs: unable to locate alternate MDB [ 60.837489][ T6439] hfs: continuing without an alternate MDB [ 60.867460][ T6443] loop0: detected capacity change from 0 to 64 [ 60.871751][ T6443] hfs: unable to locate alternate MDB [ 60.873230][ T6443] hfs: continuing without an alternate MDB [ 60.898836][ T6448] loop0: detected capacity change from 0 to 64 [ 60.901411][ T6448] hfs: unable to locate alternate MDB [ 60.903054][ T6448] hfs: continuing without an alternate MDB [ 60.930106][ T6452] loop0: detected capacity change from 0 to 64 [ 60.936457][ T6452] hfs: unable to locate alternate MDB [ 60.938011][ T6452] hfs: continuing without an alternate MDB [ 60.976939][ T6460] loop0: detected capacity change from 0 to 64 [ 60.984535][ T6460] hfs: unable to locate alternate MDB [ 60.992369][ T6460] hfs: continuing without an alternate MDB [ 61.008448][ T6464] loop0: detected capacity change from 0 to 64 [ 61.016335][ T6464] hfs: unable to locate alternate MDB [ 61.017815][ T6464] hfs: continuing without an alternate MDB [ 61.042225][ T6469] loop0: detected capacity change from 0 to 64 [ 61.044977][ T6469] hfs: unable to locate alternate MDB [ 61.047153][ T6469] hfs: continuing without an alternate MDB [ 61.076096][ T6473] loop0: detected capacity change from 0 to 64 [ 61.078718][ T6473] hfs: unable to locate alternate MDB [ 61.080235][ T6473] hfs: continuing without an alternate MDB [ 61.097859][ T6478] loop0: detected capacity change from 0 to 64 [ 61.100657][ T6478] hfs: unable to locate alternate MDB [ 61.102081][ T6478] hfs: continuing without an alternate MDB [ 61.120512][ T6482] loop0: detected capacity change from 0 to 64 [ 61.124300][ T6482] hfs: unable to locate alternate MDB [ 61.127128][ T6482] hfs: continuing without an alternate MDB [ 61.150660][ T6485] loop0: detected capacity change from 0 to 64 [ 61.153462][ T6485] hfs: unable to locate alternate MDB [ 61.155008][ T6485] hfs: continuing without an alternate MDB [ 61.173662][ T6488] loop0: detected capacity change from 0 to 64 [ 61.178324][ T6488] hfs: unable to locate alternate MDB [ 61.180030][ T6488] hfs: continuing without an alternate MDB [ 61.209410][ T6494] loop0: detected capacity change from 0 to 64 [ 61.213297][ T6494] hfs: unable to locate alternate MDB [ 61.216382][ T5563] Bluetooth: hci0: command 0x0409 tx timeout [ 61.219480][ T6494] hfs: continuing without an alternate MDB [ 61.242162][ T6498] loop0: detected capacity change from 0 to 64 [ 61.244844][ T6498] hfs: unable to locate alternate MDB [ 61.246732][ T6498] hfs: continuing without an alternate MDB [ 61.270221][ T6503] loop0: detected capacity change from 0 to 64 [ 61.272612][ T6503] hfs: unable to locate alternate MDB [ 61.273947][ T6503] hfs: continuing without an alternate MDB [ 61.309459][ T6507] loop0: detected capacity change from 0 to 64 [ 61.313279][ T6507] hfs: unable to locate alternate MDB [ 61.314799][ T6507] hfs: continuing without an alternate MDB [ 61.342977][ T6511] loop0: detected capacity change from 0 to 64 [ 61.349699][ T6511] hfs: unable to locate alternate MDB [ 61.351247][ T6511] hfs: continuing without an alternate MDB [ 61.374728][ T6515] loop0: detected capacity change from 0 to 64 [ 61.378731][ T6515] hfs: unable to locate alternate MDB [ 61.384365][ T6515] hfs: continuing without an alternate MDB [ 61.407229][ T6519] loop0: detected capacity change from 0 to 64 [ 61.409892][ T6519] hfs: unable to locate alternate MDB [ 61.411488][ T6519] hfs: continuing without an alternate MDB [ 61.433003][ T6524] loop0: detected capacity change from 0 to 64 [ 61.437422][ T6524] hfs: unable to locate alternate MDB [ 61.438843][ T6524] hfs: continuing without an alternate MDB [ 61.459577][ T6528] loop0: detected capacity change from 0 to 64 [ 61.466816][ T6528] hfs: unable to locate alternate MDB [ 61.468282][ T6528] hfs: continuing without an alternate MDB [ 61.497260][ T6533] loop0: detected capacity change from 0 to 64 [ 61.503869][ T6533] hfs: unable to locate alternate MDB [ 61.505332][ T6533] hfs: continuing without an alternate MDB [ 61.526401][ T6536] loop0: detected capacity change from 0 to 64 [ 61.528919][ T6536] hfs: unable to locate alternate MDB [ 61.530565][ T6536] hfs: continuing without an alternate MDB [ 61.554073][ T6540] loop0: detected capacity change from 0 to 64 [ 61.557881][ T6540] hfs: unable to locate alternate MDB [ 61.559397][ T6540] hfs: continuing without an alternate MDB [ 61.579817][ T6544] loop0: detected capacity change from 0 to 64 [ 61.583790][ T6544] hfs: unable to locate alternate MDB [ 61.585154][ T6544] hfs: continuing without an alternate MDB [ 61.605195][ T6548] loop0: detected capacity change from 0 to 64 [ 61.611403][ T6548] hfs: unable to locate alternate MDB [ 61.612787][ T6548] hfs: continuing without an alternate MDB [ 61.640674][ T6553] loop0: detected capacity change from 0 to 64 [ 61.647556][ T6553] hfs: unable to locate alternate MDB [ 61.649100][ T6553] hfs: continuing without an alternate MDB [ 61.670114][ T6558] loop0: detected capacity change from 0 to 64 [ 61.682408][ T6558] hfs: unable to locate alternate MDB [ 61.683848][ T6558] hfs: continuing without an alternate MDB [ 61.702405][ T6561] loop0: detected capacity change from 0 to 64 [ 61.708821][ T6561] hfs: unable to locate alternate MDB [ 61.710466][ T6561] hfs: continuing without an alternate MDB [ 61.741449][ T6567] loop0: detected capacity change from 0 to 64 [ 61.746957][ T6567] hfs: unable to locate alternate MDB [ 61.748393][ T6567] hfs: continuing without an alternate MDB [ 61.772451][ T6571] loop0: detected capacity change from 0 to 64 [ 61.774940][ T6571] hfs: unable to locate alternate MDB [ 61.778230][ T6571] hfs: continuing without an alternate MDB [ 61.796671][ T6575] loop0: detected capacity change from 0 to 64 [ 61.801623][ T6575] hfs: unable to locate alternate MDB [ 61.803120][ T6575] hfs: continuing without an alternate MDB [ 61.823947][ T6580] loop0: detected capacity change from 0 to 64 [ 61.828054][ T6580] hfs: unable to locate alternate MDB [ 61.829460][ T6580] hfs: continuing without an alternate MDB [ 61.853862][ T6584] loop0: detected capacity change from 0 to 64 [ 61.860880][ T6584] hfs: unable to locate alternate MDB [ 61.862415][ T6584] hfs: continuing without an alternate MDB [ 61.887952][ T6589] loop0: detected capacity change from 0 to 64 [ 61.890599][ T6589] hfs: unable to locate alternate MDB [ 61.892046][ T6589] hfs: continuing without an alternate MDB [ 61.913785][ T6593] loop0: detected capacity change from 0 to 64 [ 61.916486][ T6593] hfs: unable to locate alternate MDB [ 61.924505][ T6593] hfs: continuing without an alternate MDB [ 61.958972][ T6600] loop0: detected capacity change from 0 to 64 [ 61.964906][ T6600] hfs: unable to locate alternate MDB [ 61.966490][ T6600] hfs: continuing without an alternate MDB [ 62.012464][ T6609] loop0: detected capacity change from 0 to 64 [ 62.017492][ T6609] hfs: unable to locate alternate MDB [ 62.019116][ T6609] hfs: continuing without an alternate MDB [ 62.041453][ T6613] loop0: detected capacity change from 0 to 64 [ 62.043913][ T6613] hfs: unable to locate alternate MDB [ 62.049815][ T6613] hfs: continuing without an alternate MDB [ 62.076563][ T6617] loop0: detected capacity change from 0 to 64 [ 62.083012][ T6617] hfs: unable to locate alternate MDB [ 62.084565][ T6617] hfs: continuing without an alternate MDB [ 62.116302][ T6624] loop0: detected capacity change from 0 to 64 [ 62.119485][ T6624] hfs: unable to locate alternate MDB [ 62.120954][ T6624] hfs: continuing without an alternate MDB [ 62.146428][ T6629] loop0: detected capacity change from 0 to 64 [ 62.152555][ T6629] hfs: unable to locate alternate MDB [ 62.153926][ T6629] hfs: continuing without an alternate MDB [ 62.180534][ T6633] loop0: detected capacity change from 0 to 64 [ 62.183714][ T6633] hfs: unable to locate alternate MDB [ 62.185031][ T6633] hfs: continuing without an alternate MDB [ 62.214310][ T6637] loop0: detected capacity change from 0 to 64 [ 62.218021][ T6637] hfs: unable to locate alternate MDB [ 62.219411][ T6637] hfs: continuing without an alternate MDB [ 62.239376][ T6642] loop0: detected capacity change from 0 to 64 [ 62.248138][ T6642] hfs: unable to locate alternate MDB [ 62.249710][ T6642] hfs: continuing without an alternate MDB [ 62.271885][ T6647] loop0: detected capacity change from 0 to 64 [ 62.277420][ T6647] hfs: unable to locate alternate MDB [ 62.278947][ T6647] hfs: continuing without an alternate MDB [ 62.295676][ T6651] loop0: detected capacity change from 0 to 64 [ 62.300159][ T6651] hfs: unable to locate alternate MDB [ 62.301613][ T6651] hfs: continuing without an alternate MDB [ 62.323033][ T6655] loop0: detected capacity change from 0 to 64 [ 62.330682][ T6655] hfs: unable to locate alternate MDB [ 62.332183][ T6655] hfs: continuing without an alternate MDB [ 62.357068][ T6659] loop0: detected capacity change from 0 to 64 [ 62.361523][ T6659] hfs: unable to locate alternate MDB [ 62.362909][ T6659] hfs: continuing without an alternate MDB [ 62.389103][ T6663] loop0: detected capacity change from 0 to 64 [ 62.392845][ T6663] hfs: unable to locate alternate MDB [ 62.396205][ T6663] hfs: continuing without an alternate MDB [ 62.419165][ T6667] loop0: detected capacity change from 0 to 64 [ 62.421571][ T6667] hfs: unable to locate alternate MDB [ 62.423093][ T6667] hfs: continuing without an alternate MDB [ 62.446173][ T6671] loop0: detected capacity change from 0 to 64 [ 62.451260][ T6671] hfs: unable to locate alternate MDB [ 62.452696][ T6671] hfs: continuing without an alternate MDB [ 62.469367][ T6676] loop0: detected capacity change from 0 to 64 [ 62.476014][ T6676] hfs: unable to locate alternate MDB [ 62.477493][ T6676] hfs: continuing without an alternate MDB [ 62.511576][ T6682] loop0: detected capacity change from 0 to 64 [ 62.514059][ T6682] hfs: unable to locate alternate MDB [ 62.516860][ T6682] hfs: continuing without an alternate MDB [ 62.538886][ T6686] loop0: detected capacity change from 0 to 64 [ 62.541556][ T6686] hfs: unable to locate alternate MDB [ 62.543050][ T6686] hfs: continuing without an alternate MDB [ 62.564645][ T6689] loop0: detected capacity change from 0 to 64 [ 62.568117][ T6689] hfs: unable to locate alternate MDB [ 62.569632][ T6689] hfs: continuing without an alternate MDB [ 62.589653][ T6694] loop0: detected capacity change from 0 to 64 [ 62.595749][ T6694] hfs: unable to locate alternate MDB [ 62.597163][ T6694] hfs: continuing without an alternate MDB [ 62.611625][ T6697] loop0: detected capacity change from 0 to 64 [ 62.614838][ T6697] hfs: unable to locate alternate MDB [ 62.616673][ T6697] hfs: continuing without an alternate MDB [ 62.637009][ T6701] loop0: detected capacity change from 0 to 64 [ 62.639487][ T6701] hfs: unable to locate alternate MDB [ 62.641082][ T6701] hfs: continuing without an alternate MDB [ 62.655977][ C1] Unable to handle kernel paging request at virtual address dfff800000001cc6 [ 62.658106][ C1] KASAN: probably user-memory-access in range [0x000000000000e630-0x000000000000e637] [ 62.660539][ C1] Mem abort info: [ 62.661465][ C1] ESR = 0x0000000096000005 [ 62.662504][ C1] EC = 0x25: DABT (current EL), IL = 32 bits [ 62.664036][ C1] SET = 0, FnV = 0 [ 62.664985][ C1] EA = 0, S1PTW = 0 [ 62.666030][ C1] FSC = 0x05: level 1 translation fault [ 62.667455][ C1] Data abort info: [ 62.668413][ C1] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 62.670005][ C1] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 62.671468][ C1] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 62.673105][ C1] [dfff800000001cc6] address between user and kernel address ranges [ 62.675094][ C1] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP [ 62.676880][ C1] Modules linked in: [ 62.677935][ C1] CPU: 1 PID: 22 Comm: kworker/1:0 Tainted: G B 6.5.0-rc7-syzkaller-00071-gfe4469582053 #0 [ 62.680948][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 62.683520][ C1] Workqueue: mld mld_dad_work [ 62.684748][ C1] pstate: 604000c5 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 62.686745][ C1] pc : percpu_ref_get_many+0x78/0x23c [ 62.688117][ C1] lr : percpu_ref_get_many+0x2c/0x23c [ 62.689491][ C1] sp : ffff800080017c00 [ 62.690545][ C1] x29: ffff800080017c10 x28: ffff80008dffbb08 x27: ffff80008e0a11a8 [ 62.692565][ C1] x26: 0000000000000000 x25: dfff800000000000 x24: ffff0001b4207b48 [ 62.694599][ C1] x23: ffff0001b4207b08 x22: 0000000000000001 x21: dfff800000000000 [ 62.696671][ C1] x20: 000000000000e633 x19: 0000000000000001 x18: 1fffe00018358777 [ 62.698757][ C1] x17: ffff80012620c000 x16: ffff80008a571ed4 x15: ffff7000124acac0 [ 62.700870][ C1] x14: 1ffff000124acac0 x13: 0000000000000004 x12: ffff800080017ae0 [ 62.702834][ C1] x11: 0000000000000102 x10: 0000000000000003 x9 : 5c3320ca39e0ca00 [ 62.704924][ C1] x8 : 0000000000001cc6 x7 : 0000000000000000 x6 : ffff800080a12198 [ 62.706975][ C1] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000002 [ 62.708964][ C1] x2 : 0000000000000000 x1 : ffff80008abb71e0 x0 : 0000000000000000 [ 62.711028][ C1] Call trace: [ 62.711854][ C1] percpu_ref_get_many+0x78/0x23c [ 62.713190][ C1] refill_obj_stock+0xf8/0x328 [ 62.714390][ C1] obj_cgroup_uncharge+0x14/0x20 [ 62.715572][ C1] kmem_cache_free+0x190/0x56c [ 62.716790][ C1] file_free_rcu+0xd4/0x180 [ 62.717968][ C1] rcu_core+0x8a4/0x1b28 [ 62.719049][ C1] rcu_core_si+0x10/0x1c [ 62.720105][ C1] __do_softirq+0x2d0/0xd54 [ 62.721084][ C1] ____do_softirq+0x14/0x20 [ 62.722259][ C1] call_on_irq_stack+0x24/0x4c [ 62.723526][ C1] do_softirq_own_stack+0x20/0x2c [ 62.724835][ C1] __irq_exit_rcu+0x200/0x494 [ 62.726030][ C1] irq_exit_rcu+0x14/0x84 [ 62.727108][ C1] el1_interrupt+0x38/0x68 [ 62.728215][ C1] el1h_64_irq_handler+0x18/0x24 [ 62.729488][ C1] el1h_64_irq+0x64/0x68 [ 62.730534][ C1] gic_ipi_send_mask+0x348/0x3ac [ 62.731830][ C1] __ipi_send_mask+0x84/0x2e8 [ 62.733090][ C1] smp_cross_call+0x120/0x328 [ 62.734292][ C1] arch_irq_work_raise+0x38/0x44 [ 62.735576][ C1] __irq_work_queue_local+0x120/0x458 [ 62.736978][ C1] irq_work_queue+0x60/0xfc [ 62.738156][ C1] __kfence_alloc+0x21c/0x3e8 [ 62.739396][ C1] kmem_cache_alloc_node+0x404/0x46c [ 62.740828][ C1] __alloc_skb+0x19c/0x3d8 [ 62.742004][ C1] alloc_skb_with_frags+0xb4/0x590 [ 62.743384][ C1] sock_alloc_send_pskb+0x76c/0x884 [ 62.744683][ C1] mld_newpack+0x17c/0x880 [ 62.745786][ C1] add_grec+0x1184/0x1564 [ 62.746898][ C1] mld_send_initial_cr+0x254/0x3d4 [ 62.748157][ C1] mld_dad_work+0x48/0x3fc [ 62.749330][ C1] process_one_work+0x800/0x1480 [ 62.750571][ C1] worker_thread+0x8e0/0xfe8 [ 62.751736][ C1] kthread+0x288/0x310 [ 62.752716][ C1] ret_from_fork+0x10/0x20 [ 62.753835][ C1] Code: 97e455f0 d2d00015 d343fe88 f2fbfff5 (38756908) [ 62.755624][ C1] ---[ end trace 0000000000000000 ]--- [ 63.169633][ C1] Kernel panic - not syncing: Oops: Fatal exception in interrupt [ 63.171692][ C1] SMP: stopping secondary CPUs [ 63.173035][ C1] Kernel Offset: disabled [ 63.174143][ C1] CPU features: 0x00000010,38010021,88017203 [ 63.175604][ C1] Memory Limit: none [ 63.591332][ C1] Rebooting in 86400 seconds..