Warning: Permanently added '10.128.10.59' (ECDSA) to the list of known hosts. 2023/01/15 22:29:39 ignoring optional flag "sandboxArg"="0" 2023/01/15 22:29:39 parsed 1 programs 2023/01/15 22:29:39 executed programs: 0 [ 116.470837][ T4392] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 116.479514][ T4392] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 116.488378][ T4392] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 116.496528][ T4392] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 116.505778][ T4392] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 116.513495][ T4392] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 116.666165][ T5553] chnl_net:caif_netlink_parms(): no params data found [ 116.724125][ T5553] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.731869][ T5553] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.740501][ T5553] device bridge_slave_0 entered promiscuous mode [ 116.750510][ T5553] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.758129][ T5553] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.766313][ T5553] device bridge_slave_1 entered promiscuous mode [ 116.793390][ T5553] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.805274][ T5553] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.834617][ T5553] team0: Port device team_slave_0 added [ 116.843483][ T5553] team0: Port device team_slave_1 added [ 116.869854][ T5553] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 116.877059][ T5553] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.905115][ T5553] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 116.919322][ T5553] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 116.926792][ T5553] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.954605][ T5553] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 116.993419][ T5553] device hsr_slave_0 entered promiscuous mode [ 117.000502][ T5553] device hsr_slave_1 entered promiscuous mode [ 117.845040][ T5553] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 117.858409][ T5553] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 117.872452][ T5553] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 117.883765][ T5553] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 117.994340][ T5553] 8021q: adding VLAN 0 to HW filter on device bond0 [ 118.013321][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 118.023366][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 118.036177][ T5553] 8021q: adding VLAN 0 to HW filter on device team0 [ 118.051262][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 118.061333][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 118.071138][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.078405][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.101379][ T901] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 118.110491][ T901] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 118.120295][ T901] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 118.129488][ T901] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.136645][ T901] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.145846][ T901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 118.155916][ T901] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 118.182803][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 118.193469][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 118.203880][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 118.213394][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 118.228209][ T5553] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 118.242790][ T5553] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 118.252950][ T5098] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 118.261266][ T5098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 118.270358][ T5098] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 118.564534][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 118.573037][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 118.591433][ T5553] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 118.598800][ T5088] Bluetooth: hci0: command 0x0409 tx timeout [ 118.630117][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 118.641848][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 118.671414][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 118.682643][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 118.696835][ T5553] device veth0_vlan entered promiscuous mode [ 118.709370][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 118.722333][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 118.736913][ T5553] device veth1_vlan entered promiscuous mode [ 118.791431][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 118.803350][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 118.816246][ T5553] device veth0_macvtap entered promiscuous mode [ 118.831140][ T5553] device veth1_macvtap entered promiscuous mode [ 118.861668][ T5553] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.869267][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 118.881482][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 118.890973][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 118.902336][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 118.916339][ T5553] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.925565][ T5098] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 118.936679][ T5098] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 118.949769][ T5553] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.960654][ T5553] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.970650][ T5553] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.980075][ T5553] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.082159][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.099533][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.131868][ T5104] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 119.153177][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.165271][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.182924][ T5104] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 120.076764][ T5606] ================================================================== [ 120.076816][ T5605] ------------[ cut here ]------------ [ 120.084959][ T5606] BUG: KASAN: use-after-free in dummy_pcm_prepare+0xae/0xc0 [ 120.085015][ T5606] Read of size 8 at addr ffff888077855200 by task syz-executor.0/5606 [ 120.098509][ T5605] DEBUG_LOCKS_WARN_ON(mutex_is_locked(lock)) [ 120.105916][ T5606] [ 120.105927][ T5606] CPU: 1 PID: 5606 Comm: syz-executor.0 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0 [ 120.112846][ T5605] WARNING: CPU: 0 PID: 5605 at kernel/locking/mutex-debug.c:102 mutex_destroy+0xc1/0x100 [ 120.114251][ T5606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 120.114270][ T5606] Call Trace: [ 120.114280][ T5606] [ 120.127955][ T5605] Modules linked in: [ 120.134388][ T5606] dump_stack_lvl+0xd1/0x138 [ 120.134434][ T5606] print_report+0x15e/0x45d [ 120.145043][ T5605] [ 120.147769][ T5606] ? __phys_addr+0xc8/0x140 [ 120.147823][ T5606] ? dummy_pcm_prepare+0xae/0xc0 [ 120.151188][ T5605] CPU: 0 PID: 5605 Comm: syz-executor.0 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0 [ 120.154634][ T5606] kasan_report+0xc0/0xf0 [ 120.159581][ T5605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 120.163730][ T5606] ? dummy_pcm_prepare+0xae/0xc0 [ 120.166106][ T5605] RIP: 0010:mutex_destroy+0xc1/0x100 [ 120.170566][ T5606] dummy_pcm_prepare+0xae/0xc0 [ 120.170617][ T5606] snd_pcm_do_prepare+0x6a/0xb0 [ 120.170652][ T5606] snd_pcm_action_single+0x75/0x130 [ 120.170702][ T5606] snd_pcm_action_nonatomic+0x12b/0x160 [ 120.176950][ T5605] Code: 03 0f b6 14 11 38 d0 7c 04 84 d2 75 3f 8b 05 3e e3 10 0d 85 c0 75 92 48 c7 c6 20 4d 4c 8a 48 c7 c7 60 4d 4c 8a e8 73 34 59 08 <0f> 0b e9 78 ff ff ff 48 c7 c7 00 22 c2 91 e8 6c 73 6c 00 e9 5d ff [ 120.186226][ T5606] snd_pcm_kernel_ioctl+0x264/0x2e0 [ 120.186276][ T5606] snd_pcm_oss_prepare+0x44/0x220 [ 120.191136][ T5605] RSP: 0018:ffffc9000514fd60 EFLAGS: 00010282 [ 120.200875][ T5606] snd_pcm_oss_make_ready+0x161/0x1b0 [ 120.200937][ T5606] snd_pcm_oss_set_trigger.isra.0+0x30f/0x6e0 [ 120.206316][ T5605] [ 120.211232][ T5606] ? lockdep_hardirqs_on+0x7d/0x100 [ 120.211285][ T5606] snd_pcm_oss_poll+0x613/0xab0 [ 120.216537][ T5605] RAX: 0000000000000000 RBX: ffff88807d0991d0 RCX: 0000000000000000 [ 120.220886][ T5606] ? lock_release+0x810/0x810 [ 120.220931][ T5606] ? snd_pcm_oss_set_trigger.isra.0+0x6e0/0x6e0 [ 120.220974][ T5606] ? rcu_read_lock_sched_held+0x3e/0x70 [ 120.221009][ T5606] io_poll_task_func+0x3a6/0x1220 [ 120.221043][ T5606] ? snd_pcm_oss_set_trigger.isra.0+0x6e0/0x6e0 [ 120.221087][ T5606] ? lock_downgrade+0x6e0/0x6e0 [ 120.221118][ T5606] ? io_poll_remove_entries.part.0+0x810/0x810 [ 120.229891][ T5605] RDX: ffff888025d357c0 RSI: ffffffff8166972c RDI: fffff52000a29f9e [ 120.231878][ T5606] ? handle_tw_list+0x149/0x540 [ 120.252796][ T5605] RBP: ffff88807d099000 R08: 0000000000000005 R09: 0000000000000000 [ 120.257509][ T5606] ? lock_acquire+0x32/0xc0 [ 120.257550][ T5606] ? handle_tw_list+0x149/0x540 [ 120.257594][ T5606] handle_tw_list+0x253/0x540 [ 120.263559][ T5605] R10: 0000000080000000 R11: 4f4c5f4755424544 R12: ffff888149d06800 [ 120.269204][ T5606] tctx_task_work+0x12e/0x530 [ 120.269254][ T5606] ? handle_tw_list+0x540/0x540 [ 120.275265][ T5605] R13: ffff88802714e8c0 R14: ffff88802714e8c8 R15: ffff8880787716a0 [ 120.280729][ T5606] ? lock_downgrade+0x6e0/0x6e0 [ 120.280769][ T5606] ? do_raw_spin_lock+0x124/0x2b0 [ 120.280804][ T5606] ? rwlock_bug.part.0+0x90/0x90 [ 120.280839][ T5606] ? _raw_spin_unlock_irq+0x23/0x50 [ 120.280893][ T5606] task_work_run+0x16f/0x270 [ 120.280945][ T5606] ? task_work_cancel+0x30/0x30 [ 120.285801][ T5605] FS: 00005555562c3400(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 120.288677][ T5606] get_signal+0x1c7/0x24f0 [ 120.288722][ T5606] ? vfs_read+0x2bc/0x930 [ 120.294008][ T5605] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 120.301552][ T5606] ? exit_signals+0x910/0x910 [ 120.301589][ T5606] ? kernel_read+0x1c0/0x1c0 [ 120.306701][ T5605] CR2: 00007ffdeff80018 CR3: 000000007cfe8000 CR4: 00000000003506f0 [ 120.312799][ T5606] ? receive_fd+0x110/0x110 [ 120.312843][ T5606] arch_do_signal_or_restart+0x79/0x5c0 [ 120.318800][ T5605] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 120.323419][ T5606] ? get_sigframe_size+0x10/0x10 [ 120.330804][ T5605] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 120.334508][ T5606] ? __fget_light+0xe5/0x270 [ 120.341010][ T5605] Call Trace: [ 120.348830][ T5606] ? fput+0x2f/0x1a0 [ 120.348881][ T5606] exit_to_user_mode_prepare+0x11f/0x240 [ 120.354199][ T5605] [ 120.361804][ T5606] syscall_exit_to_user_mode+0x1d/0x50 [ 120.361858][ T5606] do_syscall_64+0x46/0xb0 [ 120.366958][ T5605] snd_pcm_detach_substream+0x1d4/0x3b0 [ 120.371550][ T5606] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 120.371601][ T5606] RIP: 0033:0x7faa7168c0c9 [ 120.379962][ T5605] snd_pcm_release_substream+0x5b/0x70 [ 120.385738][ T5606] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 120.385770][ T5606] RSP: 002b:00007faa72462168 EFLAGS: 00000246 [ 120.390833][ T5605] snd_pcm_oss_release+0x175/0x300 [ 120.395286][ T5606] ORIG_RAX: 0000000000000000 [ 120.395299][ T5606] RAX: fffffffffffffe00 RBX: 00007faa717abf80 RCX: 00007faa7168c0c9 [ 120.395320][ T5606] RDX: 0000000000002020 RSI: 00000000200021c0 RDI: 0000000000000006 [ 120.403866][ T5605] __fput+0x27c/0xa90 [ 120.408122][ T5606] RBP: 00007faa716e7ae9 R08: 0000000000000000 R09: 0000000000000000 [ 120.408144][ T5606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 120.408163][ T5606] R13: 00007ffd3b035a6f R14: 00007faa72462300 R15: 0000000000022000 [ 120.413860][ T5605] ? snd_pcm_oss_sync+0x810/0x810 [ 120.418296][ T5606] [ 120.418308][ T5606] [ 120.418313][ T5606] Allocated by task 5606: [ 120.418327][ T5606] kasan_save_stack+0x22/0x40 [ 120.423964][ T5605] task_work_run+0x16f/0x270 [ 120.428363][ T5606] kasan_set_track+0x25/0x30 [ 120.428397][ T5606] __kasan_kmalloc+0xa2/0xb0 [ 120.428426][ T5606] dummy_hrtimer_create+0x45/0x190 [ 120.428454][ T5606] dummy_pcm_open+0xd4/0x5a0 [ 120.428499][ T5606] snd_pcm_open_substream+0xa92/0x1820 [ 120.428534][ T5606] snd_pcm_oss_open.part.0+0x6dc/0x1330 [ 120.435880][ T5605] ? task_work_cancel+0x30/0x30 [ 120.442398][ T5606] snd_pcm_oss_open+0x44/0x60 [ 120.442439][ T5606] soundcore_open+0x452/0x620 [ 120.449650][ T5605] exit_to_user_mode_prepare+0x210/0x240 [ 120.453548][ T5606] chrdev_open+0x26a/0x770 [ 120.453575][ T5606] do_dentry_open+0x6cc/0x13f0 [ 120.460549][ T5605] syscall_exit_to_user_mode+0x1d/0x50 [ 120.465082][ T5606] path_openat+0x1bc1/0x2b40 [ 120.470108][ T5605] do_syscall_64+0x46/0xb0 [ 120.477927][ T5606] do_filp_open+0x1ba/0x410 [ 120.477982][ T5606] do_sys_openat2+0x16d/0x4c0 [ 120.478010][ T5606] __x64_sys_openat+0x143/0x1f0 [ 120.478037][ T5606] do_syscall_64+0x39/0xb0 [ 120.478088][ T5606] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 120.478133][ T5606] [ 120.478138][ T5606] Freed by task 5605: [ 120.478151][ T5606] kasan_save_stack+0x22/0x40 [ 120.484658][ T5605] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 120.488315][ T5606] kasan_set_track+0x25/0x30 [ 120.488359][ T5606] kasan_save_free_info+0x2e/0x40 [ 120.488399][ T5606] ____kasan_slab_free+0x160/0x1c0 [ 120.496780][ T5605] RIP: 0033:0x7faa7163df7b [ 120.501415][ T5606] slab_free_freelist_hook+0x8b/0x1c0 [ 120.501446][ T5606] __kmem_cache_free+0xaf/0x2d0 [ 120.501477][ T5606] dummy_pcm_close+0x93/0xc0 [ 120.510944][ T5605] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 [ 120.514120][ T5606] snd_pcm_release_substream.part.0+0x10e/0x330 [ 120.517801][ T5605] RSP: 002b:00007ffd3b035ad0 EFLAGS: 00000293 [ 120.521332][ T5606] snd_pcm_release_substream+0x5b/0x70 [ 120.521381][ T5606] snd_pcm_oss_release+0x175/0x300 [ 120.528641][ T5605] ORIG_RAX: 0000000000000003 [ 120.530328][ T5606] __fput+0x27c/0xa90 [ 120.535851][ T5605] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007faa7163df7b [ 120.542241][ T5606] task_work_run+0x16f/0x270 [ 120.542292][ T5606] exit_to_user_mode_prepare+0x210/0x240 [ 120.542328][ T5606] syscall_exit_to_user_mode+0x1d/0x50 [ 120.548721][ T5605] RDX: 0000001b2ec20000 RSI: 0000000000000000 RDI: 0000000000000003 [ 120.554039][ T5606] do_syscall_64+0x46/0xb0 [ 120.554089][ T5606] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 120.559258][ T5605] RBP: 00007faa717ad980 R08: 0000000000000000 R09: 00007ffd3b03f080 [ 120.564180][ T5606] [ 120.564191][ T5606] The buggy address belongs to the object at ffff888077855200 [ 120.564191][ T5606] which belongs to the cache kmalloc-128 of size 128 [ 120.564216][ T5606] The buggy address is located 0 bytes inside of [ 120.564216][ T5606] 128-byte region [ffff888077855200, ffff888077855280) [ 120.564244][ T5606] [ 120.584798][ T5605] R10: 00007ffd3b03f090 R11: 0000000000000293 R12: 000000000001d4e5 [ 120.590030][ T5606] The buggy address belongs to the physical page: [ 120.590045][ T5606] page:ffffea0001de1540 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77855 [ 120.590077][ T5606] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 120.590115][ T5606] raw: 00fff00000000200 ffff8880124418c0 dead000000000122 0000000000000000 [ 120.590141][ T5606] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 120.590155][ T5606] page dumped because: kasan: bad access detected [ 120.590168][ T5606] page_owner tracks the page as allocated [ 120.590175][ T5606] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 5553, tgid 5553 (syz-executor.0), ts 119232426868, free_ts 118550967401 [ 120.590223][ T5606] get_page_from_freelist+0x11bb/0x2d50 [ 120.590267][ T5606] __alloc_pages+0x1cb/0x5c0 [ 120.599020][ T5605] R13: 00007ffd3b035bd0 R14: 00007ffd3b035bf0 R15: 0000000000000032 [ 120.600150][ T5606] allocate_slab+0xa7/0x350 [ 120.600183][ T5606] ___slab_alloc+0xa91/0x1400 [ 120.608694][ T5605] [ 120.616239][ T5606] __slab_alloc.constprop.0+0x56/0xa0 [ 120.620722][ T5605] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 120.620742][ T5605] CPU: 0 PID: 5605 Comm: syz-executor.0 Not tainted 6.2.0-rc3-next-20230112-syzkaller-dirty #0 [ 120.620790][ T5605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 120.620808][ T5605] Call Trace: [ 120.620816][ T5605] [ 120.620826][ T5605] dump_stack_lvl+0xd1/0x138 [ 120.620865][ T5605] panic+0x2cc/0x626 [ 120.620916][ T5605] ? panic_print_sys_info.part.0+0x112/0x112 [ 120.620989][ T5605] ? mutex_destroy+0xc1/0x100 [ 120.621041][ T5605] check_panic_on_warn.cold+0x19/0x35 [ 120.621114][ T5605] __warn+0xf2/0x1a0 [ 120.621156][ T5605] ? __wake_up_klogd.part.0+0x99/0xf0 [ 120.621191][ T5605] ? mutex_destroy+0xc1/0x100 [ 120.621241][ T5605] report_bug+0x1c0/0x210 [ 120.621286][ T5605] handle_bug+0x3c/0x70 [ 120.621323][ T5605] exc_invalid_op+0x18/0x50 [ 120.621361][ T5605] asm_exc_invalid_op+0x1a/0x20 [ 120.621406][ T5605] RIP: 0010:mutex_destroy+0xc1/0x100 [ 120.621457][ T5605] Code: 03 0f b6 14 11 38 d0 7c 04 84 d2 75 3f 8b 05 3e e3 10 0d 85 c0 75 92 48 c7 c6 20 4d 4c 8a 48 c7 c7 60 4d 4c 8a e8 73 34 59 08 <0f> 0b e9 78 ff ff ff 48 c7 c7 00 22 c2 91 e8 6c 73 6c 00 e9 5d ff [ 120.621488][ T5605] RSP: 0018:ffffc9000514fd60 EFLAGS: 00010282 [ 120.621513][ T5605] RAX: 0000000000000000 RBX: ffff88807d0991d0 RCX: 0000000000000000 [ 120.621534][ T5605] RDX: ffff888025d357c0 RSI: ffffffff8166972c RDI: fffff52000a29f9e [ 120.621555][ T5605] RBP: ffff88807d099000 R08: 0000000000000005 R09: 0000000000000000 [ 120.621576][ T5605] R10: 0000000080000000 R11: 4f4c5f4755424544 R12: ffff888149d06800 [ 120.621597][ T5605] R13: ffff88802714e8c0 R14: ffff88802714e8c8 R15: ffff8880787716a0 [ 120.621624][ T5605] ? vprintk+0x8c/0xa0 [ 120.621661][ T5605] snd_pcm_detach_substream+0x1d4/0x3b0 [ 120.621717][ T5605] snd_pcm_release_substream+0x5b/0x70 [ 120.621763][ T5605] snd_pcm_oss_release+0x175/0x300 [ 120.621809][ T5605] __fput+0x27c/0xa90 [ 120.621851][ T5605] ? snd_pcm_oss_sync+0x810/0x810 [ 120.621897][ T5605] task_work_run+0x16f/0x270 [ 120.621948][ T5605] ? task_work_cancel+0x30/0x30 [ 120.622003][ T5605] exit_to_user_mode_prepare+0x210/0x240 [ 120.622043][ T5605] syscall_exit_to_user_mode+0x1d/0x50 [ 120.622091][ T5605] do_syscall_64+0x46/0xb0 [ 120.622134][ T5605] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 120.622181][ T5605] RIP: 0033:0x7faa7163df7b [ 120.622205][ T5605] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 [ 120.622240][ T5605] RSP: 002b:00007ffd3b035ad0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 120.622273][ T5605] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007faa7163df7b [ 120.622294][ T5605] RDX: 0000001b2ec20000 RSI: 0000000000000000 RDI: 0000000000000003 [ 120.622314][ T5605] RBP: 00007faa717ad980 R08: 0000000000000000 R09: 00007ffd3b03f080 [ 120.622334][ T5605] R10: 00007ffd3b03f090 R11: 0000000000000293 R12: 000000000001d4e5 [ 120.622355][ T5605] R13: 00007ffd3b035bd0 R14: 00007ffd3b035bf0 R15: 0000000000000032 [ 120.622386][ T5605] [ 120.628244][ T5606] __kmem_cache_alloc_node+0x136/0x330 [ 120.636332][ T5606] __kmalloc_node+0x4d/0xd0 [ 120.644346][ T5606] memcg_alloc_slab_cgroups+0x8f/0x150 [ 120.649411][ T5606] memcg_slab_post_alloc_hook+0xa9/0x390 [ 120.652535][ T5606] kmem_cache_alloc+0x1a7/0x320 [ 120.654889][ T5606] copy_process+0x26c4/0x7740 [ 120.659330][ T5606] kernel_clone+0xeb/0x9a0 [ 120.664042][ T5606] __do_sys_clone+0xba/0x100 [ 120.668659][ T5606] do_syscall_64+0x39/0xb0 [ 120.673369][ T5606] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 120.678019][ T5606] page last free stack trace: [ 120.683132][ T5606] free_pcp_prepare+0x4d0/0x910 [ 120.687829][ T5606] free_unref_page_list+0x176/0xcd0 [ 120.693311][ T5606] release_pages+0xcb1/0x1330 [ 120.698879][ T5606] tlb_batch_pages_flush+0xa8/0x1a0 [ 120.703748][ T5606] tlb_finish_mmu+0x14b/0x7e0 [ 120.708532][ T5606] exit_mmap+0x202/0x7c0 [ 120.713234][ T5606] __mmput+0x128/0x4c0 [ 120.718910][ T5606] mmput+0x60/0x70 [ 120.723364][ T5606] do_exit+0x9ac/0x2a90 [ 120.728172][ T5606] do_group_exit+0xd4/0x2a0 [ 120.733667][ T5606] __x64_sys_exit_group+0x3e/0x50 [ 120.738368][ T5606] do_syscall_64+0x39/0xb0 [ 120.742798][ T5606] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 120.747332][ T5606] [ 120.752010][ T5606] Memory state around the buggy address: [ 120.756879][ T5606] ffff888077855100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 120.761323][ T5606] ffff888077855180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 120.767250][ T5606] >ffff888077855200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 120.769597][ T5606] ^ [ 120.773677][ T5606] ffff888077855280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 120.778445][ T5606] ffff888077855300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 120.784349][ T5606] ================================================================== [ 120.789363][ T5605] Kernel Offset: disabled [ 121.560994][ T5605] Rebooting in 86400 seconds..