[ 7.925743][ T2656] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7.928951][ T2656] eql: remember to turn off Van-Jacobson compression on your slave devices [ 7.948127][ T709] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 7.950013][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.10.22' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program executing program syzkaller login: [ 23.672796][ T3078] ------------[ cut here ]------------ [ 23.674467][ T3078] refcount_t: underflow; use-after-free. [ 23.676309][ T3078] WARNING: CPU: 0 PID: 3078 at lib/refcount.c:28 refcount_warn_saturate+0x1a0/0x1c8 [ 23.678671][ T3078] Modules linked in: [ 23.679674][ T3078] CPU: 0 PID: 3078 Comm: syz-executor896 Not tainted 6.1.0-rc2-syzkaller-154433-g247f34f7b803 #0 [ 23.682311][ T3078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 23.684883][ T3078] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 23.686898][ T3078] pc : refcount_warn_saturate+0x1a0/0x1c8 [ 23.688373][ T3078] lr : refcount_warn_saturate+0x1a0/0x1c8 [ 23.689855][ T3078] sp : ffff80000ff2bc10 [ 23.690932][ T3078] x29: ffff80000ff2bc10 x28: ffff0000c626b480 x27: 0000000000000000 [ 23.693058][ T3078] x26: 0000000000000000 x25: 0000000000000000 x24: ffff0000cb86ec8c [ 23.695243][ T3078] x23: ffff0000c690a040 x22: ffff0000ccd88c00 x21: 00000000ffffffff [ 23.697292][ T3078] x20: 0000000000000003 x19: ffff80000d95f000 x18: 000000000000005a [ 23.699309][ T3078] x17: ffff80000c0cd83c x16: 0000000000000001 x15: 0000000000000000 [ 23.701338][ T3078] x14: 0000000000000000 x13: 205d383730335420 x12: 5b5d373634343736 [ 23.703364][ T3078] x11: ff808000081c650c x10: 0000000000000000 x9 : e7557c2201ef4a00 [ 23.705367][ T3078] x8 : e7557c2201ef4a00 x7 : 205b5d3736343437 x6 : ffff80000c0903b4 [ 23.707404][ T3078] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 [ 23.709422][ T3078] x2 : ffff0001fefbecc8 x1 : 0000000100000000 x0 : 0000000000000026 [ 23.711449][ T3078] Call trace: [ 23.712261][ T3078] refcount_warn_saturate+0x1a0/0x1c8 [ 23.713615][ T3078] v9fs_vfs_lookup+0x2e8/0x37c [ 23.714827][ T3078] __lookup_hash+0xa0/0x164 [ 23.715965][ T3078] filename_create+0x108/0x218 [ 23.717162][ T3078] do_mknodat+0x120/0x3e8 [ 23.718247][ T3078] __arm64_sys_mknodat+0x4c/0x64 [ 23.719514][ T3078] el0_svc_common+0x138/0x220 [ 23.720692][ T3078] do_el0_svc+0x48/0x164 [ 23.721749][ T3078] el0_svc+0x58/0x150 [ 23.722738][ T3078] el0t_64_sync_handler+0x84/0xf0 [ 23.724015][ T3078] el0t_64_sync+0x18c/0x190 [ 23.725155][ T3078] irq event stamp: 0 [ 23.726130][ T3078] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 23.727951][ T3078] hardirqs last disabled at (0): [] copy_process+0x928/0x16ec [ 23.730233][ T3078] softirqs last enabled at (0): [] copy_process+0x938/0x16ec [ 23.732522][ T3078] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 23.734328][ T3078] ---[ end trace 0000000000000000 ]--- [ 23.736574][ T3078] ------------[ cut here ]------------ [ 23.737978][ T3078] refcount_t: saturated; leaking memory. [ 23.739588][ T3078] WARNING: CPU: 0 PID: 3078 at lib/refcount.c:22 refcount_warn_saturate+0x160/0x1c8 [ 23.741867][ T3078] Modules linked in: [ 23.742835][ T3078] CPU: 0 PID: 3078 Comm: syz-executor896 Tainted: G W 6.1.0-rc2-syzkaller-154433-g247f34f7b803 #0 [ 23.745749][ T3078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 23.748326][ T3078] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 23.750299][ T3078] pc : refcount_warn_saturate+0x160/0x1c8 [ 23.751752][ T3078] lr : refcount_warn_saturate+0x160/0x1c8 [ 23.753234][ T3078] sp : ffff80000ff2bb60 [ 23.754296][ T3078] x29: ffff80000ff2bb60 x28: ffff0000ccd88c00 x27: ffff0000c68ffe58 [ 23.756311][ T3078] x26: 00000000c0000001 x25: ffff0000cb86ec8c x24: 0000000000000000 [ 23.758362][ T3078] x23: 0000000000000000 x22: ffff0000cb86ec80 x21: 0000000000000000 [ 23.760384][ T3078] x20: 0000000000000001 x19: ffff80000d95f000 x18: 000000000000005a [ 23.762453][ T3078] x17: ffff80000c0cd83c x16: 0000000000000002 x15: 0000000000000000 [ 23.764493][ T3078] x14: 0000000000000000 x13: 205d383730335420 x12: 5b5d383739373337 [ 23.766536][ T3078] x11: ff808000081c650c x10: 0000000000000000 x9 : e7557c2201ef4a00 [ 23.768547][ T3078] x8 : e7557c2201ef4a00 x7 : 205b5d3837393733 x6 : ffff80000c0903b4 [ 23.770568][ T3078] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 [ 23.772601][ T3078] x2 : 0000000000000000 x1 : 0000000100000001 x0 : 0000000000000026 [ 23.774638][ T3078] Call trace: [ 23.775460][ T3078] refcount_warn_saturate+0x160/0x1c8 [ 23.776846][ T3078] v9fs_fid_lookup_with_uid+0x8a0/0xa80 [ 23.778258][ T3078] v9fs_fid_lookup+0xc8/0xdc [ 23.779436][ T3078] v9fs_vfs_mknod_dotl+0x64/0x414 [ 23.780732][ T3078] v9fs_vfs_create_dotl+0x40/0x54 [ 23.781977][ T3078] vfs_create+0x1c8/0x270 [ 23.783056][ T3078] do_mknodat+0x274/0x3e8 [ 23.784136][ T3078] __arm64_sys_mknodat+0x4c/0x64 [ 23.785425][ T3078] el0_svc_common+0x138/0x220 [ 23.786618][ T3078] do_el0_svc+0x48/0x164 [ 23.787699][ T3078] el0_svc+0x58/0x150 [ 23.788692][ T3078] el0t_64_sync_handler+0x84/0xf0 [ 23.789958][ T3078] el0t_64_sync+0x18c/0x190 [ 23.791108][ T3078] irq event stamp: 0 [ 23.792062][ T3078] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 23.793880][ T3078] hardirqs last disabled at (0): [] copy_process+0x928/0x16ec [ 23.796137][ T3078] softirqs last enabled at (0): [] copy_process+0x938/0x16ec [ 23.798431][ T3078] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 23.800204][ T3078] ---[ end trace 0000000000000000 ]--- [ 23.801641][ T3078] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000048 [ 23.803969][ T3078] Mem abort info: [ 23.804831][ T3078] ESR = 0x0000000096000006 [ 23.806003][ T3078] EC = 0x25: DABT (current EL), IL = 32 bits [ 23.807505][ T3078] SET = 0, FnV = 0 [ 23.808456][ T3078] EA = 0, S1PTW = 0 [ 23.809388][ T3078] FSC = 0x06: level 2 translation fault [ 23.810807][ T3078] Data abort info: [ 23.811711][ T3078] ISV = 0, ISS = 0x00000006 [ 23.812841][ T3078] CM = 0, WnR = 0 [ 23.813763][ T3078] user pgtable: 4k pages, 48-bit VAs, pgdp=000000010743b000 [ 23.815546][ T3078] [0000000000000048] pgd=080000010b9e9003, p4d=080000010b9e9003, pud=080000010b856003, pmd=0000000000000000 [ 23.818538][ T3078] Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP [ 23.820311][ T3078] Modules linked in: [ 23.821264][ T3078] CPU: 0 PID: 3078 Comm: syz-executor896 Tainted: G W 6.1.0-rc2-syzkaller-154433-g247f34f7b803 #0 [ 23.824206][ T3078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 23.826686][ T3078] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 23.828646][ T3078] pc : p9_client_rpc+0x4c/0x548 [ 23.829859][ T3078] lr : p9_client_rpc+0x4c/0x548 [ 23.831108][ T3078] sp : ffff80000ff2bb00 [ 23.832156][ T3078] x29: ffff80000ff2bb80 x28: 0000000000000000 x27: ffff0000c68ffea0 [ 23.834328][ T3078] x26: ffff0000c626b480 x25: ffff0000cb86ec80 x24: ffff0000c68fff10 [ 23.836330][ T3078] x23: 0000000000008000 x22: 0000000000000000 x21: ffff80000cf52863 [ 23.838394][ T3078] x20: 0000000000000012 x19: 0000000000000000 x18: 000000000000005a [ 23.840426][ T3078] x17: ffff80000c0cd83c x16: 0000000000000000 x15: 0000000000000000 [ 23.842461][ T3078] x14: 0000000000000000 x13: 0000000000008000 x12: ffff80000d4f0680 [ 23.844473][ T3078] x11: ff8080000be7a890 x10: 0000000000000000 x9 : ffff80000be7a890 [ 23.846492][ T3078] x8 : ffff0000c626b480 x7 : 0000000000000000 x6 : 0000000000000000 [ 23.848508][ T3078] x5 : 0000000000008000 x4 : ffff0000c68fff10 x3 : 0000000000000000 [ 23.850537][ T3078] x2 : ffff80000cf52863 x1 : 0000000000000012 x0 : 0000000000000000 [ 23.852553][ T3078] Call trace: [ 23.853365][ T3078] p9_client_rpc+0x4c/0x548 [ 23.854549][ T3078] p9_client_mknod_dotl+0x70/0x100 [ 23.855812][ T3078] v9fs_vfs_mknod_dotl+0x1b0/0x414 [ 23.857127][ T3078] v9fs_vfs_create_dotl+0x40/0x54 [ 23.858404][ T3078] vfs_create+0x1c8/0x270 [ 23.859521][ T3078] do_mknodat+0x274/0x3e8 [ 23.860600][ T3078] __arm64_sys_mknodat+0x4c/0x64 [ 23.861852][ T3078] el0_svc_common+0x138/0x220 [ 23.863026][ T3078] do_el0_svc+0x48/0x164 [ 23.864086][ T3078] el0_svc+0x58/0x150 [ 23.865091][ T3078] el0t_64_sync_handler+0x84/0xf0 [ 23.866373][ T3078] el0t_64_sync+0x18c/0x190 [ 23.867517][ T3078] Code: a9019be5 f90017e7 f81f83a8 9710b221 (f9402668) [ 23.869257][ T3078] ---[ end trace 0000000000000000 ]--- [ 24.130256][ T3078] Kernel panic - not syncing: Oops: Fatal exception [ 24.131957][ T3078] SMP: stopping secondary CPUs [ 24.133166][ T3078] Kernel Offset: disabled [ 24.134282][ T3078] CPU features: 0x00000,02070084,26017203 [ 24.135748][ T3078] Memory Limit: none [ 24.388101][ T3078] Rebooting in 86400 seconds..