Warning: Permanently added '10.128.1.20' (ECDSA) to the list of known hosts. 2022/09/14 07:49:53 ignoring optional flag "sandboxArg"="0" 2022/09/14 07:49:53 parsed 1 programs 2022/09/14 07:49:53 executed programs: 0 [ 77.462622][ T14] cfg80211: failed to load regulatory.db [ 80.419885][ T3611] Bluetooth: hci0: Opcode 0x c03 failed: -110 [ 82.505439][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 82.513403][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 82.521572][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 82.529417][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 82.537840][ T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 82.545266][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 82.621252][ T4064] chnl_net:caif_netlink_parms(): no params data found [ 82.660598][ T4064] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.667914][ T4064] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.675913][ T4064] device bridge_slave_0 entered promiscuous mode [ 82.684216][ T4064] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.691576][ T4064] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.699286][ T4064] device bridge_slave_1 entered promiscuous mode [ 82.719354][ T4064] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.730885][ T4064] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.752765][ T4064] team0: Port device team_slave_0 added [ 82.761036][ T4064] team0: Port device team_slave_1 added [ 82.779561][ T4064] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.786629][ T4064] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.812564][ T4064] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.824637][ T4064] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.831684][ T4064] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.857815][ T4064] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.883941][ T4064] device hsr_slave_0 entered promiscuous mode [ 82.891319][ T4064] device hsr_slave_1 entered promiscuous mode [ 82.952618][ T4064] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.959755][ T4064] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.967055][ T4064] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.974187][ T4064] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.015631][ T4064] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.027781][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 83.035998][ T3617] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.044141][ T3617] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.052687][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 83.064769][ T4064] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.074788][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 83.083163][ T3620] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.090282][ T3620] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.102534][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.111636][ T3620] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.118710][ T3620] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.138488][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 83.147356][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 83.158837][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 83.174336][ T4064] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 83.185047][ T4064] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 83.198331][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 83.207077][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 83.215804][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 83.237069][ T4064] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.244439][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 83.252307][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 83.443779][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 83.457098][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 83.466749][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 83.474889][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 83.483903][ T4064] device veth0_vlan entered promiscuous mode [ 83.494789][ T4064] device veth1_vlan entered promiscuous mode [ 83.512831][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 83.521598][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 83.530107][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 83.541782][ T4064] device veth0_macvtap entered promiscuous mode [ 83.552344][ T4064] device veth1_macvtap entered promiscuous mode [ 83.568014][ T4064] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.575578][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 83.585589][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 83.596980][ T4064] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.605226][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 83.667294][ T4084] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 84.498950][ T4084] ================================================================== [ 84.507064][ T4084] BUG: KASAN: use-after-free in __lock_acquire+0x3ee7/0x56d0 [ 84.514431][ T4084] Read of size 8 at addr ffff888145d28eb0 by task syz-executor.0/4084 [ 84.522590][ T4084] [ 84.524927][ T4084] CPU: 0 PID: 4084 Comm: syz-executor.0 Not tainted 6.0.0-rc5-syzkaller-00738-gd1221cea11fc #0 [ 84.535235][ T4084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 84.545272][ T4084] Call Trace: [ 84.548548][ T4084] [ 84.551477][ T4084] dump_stack_lvl+0xcd/0x134 [ 84.556080][ T4084] print_report.cold+0x2ba/0x719 [ 84.561023][ T4084] ? __lock_acquire+0x3ee7/0x56d0 [ 84.566050][ T4084] kasan_report+0xb1/0x1e0 [ 84.570469][ T4084] ? __lock_acquire+0x3ee7/0x56d0 [ 84.575514][ T4084] __lock_acquire+0x3ee7/0x56d0 [ 84.580390][ T4084] ? kasan_quarantine_put+0xf5/0x210 [ 84.585701][ T4084] ? slab_free_freelist_hook+0x8b/0x1c0 [ 84.591270][ T4084] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 84.597273][ T4084] ? kmem_cache_free+0xeb/0x5b0 [ 84.602135][ T4084] ? rwlock_bug.part.0+0x90/0x90 [ 84.607081][ T4084] lock_acquire+0x1ab/0x570 [ 84.611585][ T4084] ? hugetlb_handle_userfault+0xf5/0x150 [ 84.617223][ T4084] ? lock_release+0x780/0x780 [ 84.621905][ T4084] down_read+0x98/0x450 [ 84.626066][ T4084] ? hugetlb_handle_userfault+0xf5/0x150 [ 84.631703][ T4084] ? rwsem_down_read_slowpath+0xb10/0xb10 [ 84.637428][ T4084] ? xas_load+0x66/0x140 [ 84.641680][ T4084] hugetlb_handle_userfault+0xf5/0x150 [ 84.647139][ T4084] ? hugetlb_fault_mutex_hash+0xd0/0xd0 [ 84.652687][ T4084] ? filemap_add_folio+0x1d0/0x1d0 [ 84.657801][ T4084] ? hugetlb_total_pages+0x140/0x140 [ 84.663087][ T4084] hugetlb_fault+0x14cd/0x1aa0 [ 84.667856][ T4084] ? hugetlb_wp+0x19d0/0x19d0 [ 84.672532][ T4084] ? count_memcg_event_mm.part.0+0x134/0x2d0 [ 84.678514][ T4084] ? lock_downgrade+0x6e0/0x6e0 [ 84.683361][ T4084] ? mark_held_locks+0x9f/0xe0 [ 84.688129][ T4084] handle_mm_fault+0x640/0x780 [ 84.692892][ T4084] do_user_addr_fault+0x475/0x1210 [ 84.698010][ T4084] exc_page_fault+0x94/0x170 [ 84.702604][ T4084] asm_exc_page_fault+0x22/0x30 [ 84.707453][ T4084] RIP: 0033:0x7f1419e2cfbd [ 84.711865][ T4084] Code: 0f 18 00 20 91 02 00 48 89 8c 24 72 04 00 00 48 8b 8c 24 70 04 00 00 4c 8d b4 24 80 04 00 00 48 01 df 0f 11 84 24 50 04 00 00 <48> 89 4f 20 66 44 89 ac 24 7a 04 00 00 8b 8c 24 78 04 00 00 41 bd [ 84.731469][ T4084] RSP: 002b:00007f141b0d55e0 EFLAGS: 00010206 [ 84.737533][ T4084] RAX: 0002912000180f80 RBX: 00000000207a2000 RCX: 0018001000180000 [ 84.745507][ T4084] RDX: 00180f8000180f80 RSI: 0000000000000000 RDI: 00000000207a5e00 [ 84.753477][ T4084] RBP: 00000000207a3000 R08: 0000000000000000 R09: 0000000000000000 [ 84.761443][ T4084] R10: 00000000207a2000 R11: 00007f141b0d5ad0 R12: 00000000207a3800 [ 84.769409][ T4084] R13: 0000000000000008 R14: 00007f141b0d5a60 R15: 0000000000000000 [ 84.777382][ T4084] [ 84.780394][ T4084] [ 84.782727][ T4084] Allocated by task 4084: [ 84.787066][ T4084] kasan_save_stack+0x1e/0x40 [ 84.791749][ T4084] __kasan_slab_alloc+0x90/0xc0 [ 84.796597][ T4084] kmem_cache_alloc_lru+0x255/0x720 [ 84.801794][ T4084] hugetlbfs_alloc_inode+0x88/0x1e0 [ 84.806991][ T4084] alloc_inode+0x61/0x230 [ 84.811326][ T4084] new_inode+0x27/0x270 [ 84.815513][ T4084] hugetlbfs_get_inode+0x353/0x5f0 [ 84.820622][ T4084] hugetlb_file_setup+0x13a/0x590 [ 84.825737][ T4084] ksys_mmap_pgoff+0x184/0x5a0 [ 84.830499][ T4084] do_syscall_64+0x35/0xb0 [ 84.834920][ T4084] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.840812][ T4084] [ 84.843127][ T4084] Freed by task 0: [ 84.846840][ T4084] kasan_save_stack+0x1e/0x40 [ 84.851518][ T4084] kasan_set_track+0x21/0x30 [ 84.856123][ T4084] kasan_set_free_info+0x20/0x30 [ 84.861099][ T4084] ____kasan_slab_free+0x166/0x1c0 [ 84.866210][ T4084] slab_free_freelist_hook+0x8b/0x1c0 [ 84.871609][ T4084] kmem_cache_free+0xeb/0x5b0 [ 84.876282][ T4084] i_callback+0x3f/0x70 [ 84.880435][ T4084] rcu_core+0x7b5/0x1890 [ 84.884680][ T4084] __do_softirq+0x1d3/0x9c6 [ 84.889183][ T4084] [ 84.891496][ T4084] Last potentially related work creation: [ 84.897209][ T4084] kasan_save_stack+0x1e/0x40 [ 84.901889][ T4084] __kasan_record_aux_stack+0xbe/0xd0 [ 84.907275][ T4084] call_rcu+0x99/0x790 [ 84.911514][ T4084] destroy_inode+0x129/0x1b0 [ 84.916104][ T4084] iput.part.0+0x55d/0x810 [ 84.920519][ T4084] iput+0x58/0x70 [ 84.924154][ T4084] dentry_unlink_inode+0x2b1/0x460 [ 84.929265][ T4084] __dentry_kill+0x3c0/0x640 [ 84.933872][ T4084] dput+0x806/0xdb0 [ 84.937675][ T4084] __fput+0x39c/0x9d0 [ 84.941654][ T4084] task_work_run+0xdd/0x1a0 [ 84.946152][ T4084] exit_to_user_mode_prepare+0x23c/0x250 [ 84.951784][ T4084] syscall_exit_to_user_mode+0x19/0x50 [ 84.957257][ T4084] do_syscall_64+0x42/0xb0 [ 84.961671][ T4084] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.967561][ T4084] [ 84.969890][ T4084] The buggy address belongs to the object at ffff888145d28ac0 [ 84.969890][ T4084] which belongs to the cache hugetlbfs_inode_cache of size 1248 [ 84.984892][ T4084] The buggy address is located 1008 bytes inside of [ 84.984892][ T4084] 1248-byte region [ffff888145d28ac0, ffff888145d28fa0) [ 84.998345][ T4084] [ 85.000663][ T4084] The buggy address belongs to the physical page: [ 85.007073][ T4084] page:ffffea0005174a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x145d28 [ 85.017327][ T4084] head:ffffea0005174a00 order:3 compound_mapcount:0 compound_pincount:0 [ 85.025643][ T4084] memcg:ffff88814ab84901 [ 85.029889][ T4084] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff) [ 85.037971][ T4084] raw: 057ff00000010200 0000000000000000 dead000000000122 ffff888145ac4000 [ 85.046562][ T4084] raw: 0000000000000000 0000000080170017 00000001ffffffff ffff88814ab84901 [ 85.055134][ T4084] page dumped because: kasan: bad access detected [ 85.061535][ T4084] page_owner tracks the page as allocated [ 85.067234][ T4084] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 4437670818, free_ts 0 [ 85.086890][ T4084] get_page_from_freelist+0x109b/0x2ce0 [ 85.092449][ T4084] __alloc_pages+0x1c7/0x510 [ 85.097062][ T4084] alloc_page_interleave+0x1e/0x200 [ 85.102260][ T4084] alloc_pages+0x22f/0x270 [ 85.106677][ T4084] allocate_slab+0x27e/0x3d0 [ 85.111283][ T4084] ___slab_alloc+0x7f1/0xe10 [ 85.115869][ T4084] __slab_alloc.constprop.0+0x4d/0xa0 [ 85.121237][ T4084] kmem_cache_alloc_lru+0x528/0x720 [ 85.126434][ T4084] hugetlbfs_alloc_inode+0x88/0x1e0 [ 85.131628][ T4084] alloc_inode+0x61/0x230 [ 85.135958][ T4084] new_inode+0x27/0x270 [ 85.140150][ T4084] hugetlbfs_fill_super+0x589/0xad0 [ 85.145384][ T4084] get_tree_nodev+0xcd/0x1d0 [ 85.149986][ T4084] hugetlbfs_get_tree+0x1e3/0x2b0 [ 85.155010][ T4084] vfs_get_tree+0x89/0x2f0 [ 85.159524][ T4084] fc_mount+0x13/0xc0 [ 85.163522][ T4084] page_owner free stack trace missing [ 85.168903][ T4084] [ 85.171229][ T4084] Memory state around the buggy address: [ 85.176870][ T4084] ffff888145d28d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 85.184931][ T4084] ffff888145d28e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 85.193073][ T4084] >ffff888145d28e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 85.201214][ T4084] ^ [ 85.206847][ T4084] ffff888145d28f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 85.214994][ T4084] ffff888145d28f80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 85.223055][ T4084] ================================================================== [ 85.231115][ T4084] Kernel panic - not syncing: panic_on_warn set ... [ 85.237690][ T4084] CPU: 0 PID: 4084 Comm: syz-executor.0 Not tainted 6.0.0-rc5-syzkaller-00738-gd1221cea11fc #0 [ 85.248011][ T4084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 85.258067][ T4084] Call Trace: [ 85.261339][ T4084] [ 85.264266][ T4084] dump_stack_lvl+0xcd/0x134 [ 85.268890][ T4084] panic+0x2c8/0x627 [ 85.272803][ T4084] ? panic_print_sys_info.part.0+0x10b/0x10b [ 85.278829][ T4084] ? print_report.cold+0x4f6/0x719 [ 85.283957][ T4084] ? __lock_acquire+0x3ee7/0x56d0 [ 85.288991][ T4084] end_report.part.0+0x3f/0x7c [ 85.293759][ T4084] kasan_report.cold+0xa/0xf [ 85.298396][ T4084] ? __lock_acquire+0x3ee7/0x56d0 [ 85.303435][ T4084] __lock_acquire+0x3ee7/0x56d0 [ 85.308300][ T4084] ? kasan_quarantine_put+0xf5/0x210 [ 85.313591][ T4084] ? slab_free_freelist_hook+0x8b/0x1c0 [ 85.319228][ T4084] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 85.325217][ T4084] ? kmem_cache_free+0xeb/0x5b0 [ 85.330070][ T4084] ? rwlock_bug.part.0+0x90/0x90 [ 85.335013][ T4084] lock_acquire+0x1ab/0x570 [ 85.339523][ T4084] ? hugetlb_handle_userfault+0xf5/0x150 [ 85.345158][ T4084] ? lock_release+0x780/0x780 [ 85.349839][ T4084] down_read+0x98/0x450 [ 85.354010][ T4084] ? hugetlb_handle_userfault+0xf5/0x150 [ 85.359643][ T4084] ? rwsem_down_read_slowpath+0xb10/0xb10 [ 85.365384][ T4084] ? xas_load+0x66/0x140 [ 85.369646][ T4084] hugetlb_handle_userfault+0xf5/0x150 [ 85.375107][ T4084] ? hugetlb_fault_mutex_hash+0xd0/0xd0 [ 85.380667][ T4084] ? filemap_add_folio+0x1d0/0x1d0 [ 85.385796][ T4084] ? hugetlb_total_pages+0x140/0x140 [ 85.391081][ T4084] hugetlb_fault+0x14cd/0x1aa0 [ 85.395867][ T4084] ? hugetlb_wp+0x19d0/0x19d0 [ 85.400591][ T4084] ? count_memcg_event_mm.part.0+0x134/0x2d0 [ 85.406586][ T4084] ? lock_downgrade+0x6e0/0x6e0 [ 85.411458][ T4084] ? mark_held_locks+0x9f/0xe0 [ 85.416236][ T4084] handle_mm_fault+0x640/0x780 [ 85.421008][ T4084] do_user_addr_fault+0x475/0x1210 [ 85.426152][ T4084] exc_page_fault+0x94/0x170 [ 85.430747][ T4084] asm_exc_page_fault+0x22/0x30 [ 85.435615][ T4084] RIP: 0033:0x7f1419e2cfbd [ 85.440029][ T4084] Code: 0f 18 00 20 91 02 00 48 89 8c 24 72 04 00 00 48 8b 8c 24 70 04 00 00 4c 8d b4 24 80 04 00 00 48 01 df 0f 11 84 24 50 04 00 00 <48> 89 4f 20 66 44 89 ac 24 7a 04 00 00 8b 8c 24 78 04 00 00 41 bd [ 85.459652][ T4084] RSP: 002b:00007f141b0d55e0 EFLAGS: 00010206 [ 85.465816][ T4084] RAX: 0002912000180f80 RBX: 00000000207a2000 RCX: 0018001000180000 [ 85.473799][ T4084] RDX: 00180f8000180f80 RSI: 0000000000000000 RDI: 00000000207a5e00 [ 85.481778][ T4084] RBP: 00000000207a3000 R08: 0000000000000000 R09: 0000000000000000 [ 85.489760][ T4084] R10: 00000000207a2000 R11: 00007f141b0d5ad0 R12: 00000000207a3800 [ 85.497742][ T4084] R13: 0000000000000008 R14: 00007f141b0d5a60 R15: 0000000000000000 [ 85.505729][ T4084] [ 85.508932][ T4084] Kernel Offset: disabled [ 85.513256][ T4084] Rebooting in 86400 seconds..