Warning: Permanently added '10.128.1.45' (ED25519) to the list of known hosts. 2023/09/18 04:32:37 fuzzer started 2023/09/18 04:32:38 connecting to host at 10.128.0.169:37475 2023/09/18 04:32:38 checking machine... 2023/09/18 04:32:38 checking revisions... 2023/09/18 04:32:38 testing simple program... [ 79.475968][ T5055] cgroup: Unknown subsys name 'net' [ 79.620470][ T5055] cgroup: Unknown subsys name 'rlimit' [ 81.324779][ T5055] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 81.528152][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.536549][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.544365][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.553597][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.561357][ T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 81.568985][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.752267][ T5058] chnl_net:caif_netlink_parms(): no params data found [ 81.835226][ T5058] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.843176][ T5058] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.850825][ T5058] bridge_slave_0: entered allmulticast mode [ 81.857955][ T5058] bridge_slave_0: entered promiscuous mode [ 81.868196][ T5058] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.875569][ T5058] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.883189][ T5058] bridge_slave_1: entered allmulticast mode [ 81.890603][ T5058] bridge_slave_1: entered promiscuous mode [ 81.926986][ T5058] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.941821][ T5058] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.979770][ T5058] team0: Port device team_slave_0 added [ 81.988396][ T5058] team0: Port device team_slave_1 added [ 82.022062][ T5058] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.029121][ T5058] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.055823][ T5058] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.069623][ T5058] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.076768][ T5058] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.103604][ T5058] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.154330][ T5058] hsr_slave_0: entered promiscuous mode [ 82.161819][ T5058] hsr_slave_1: entered promiscuous mode executing program [ 82.336117][ T5058] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.349639][ T5058] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.361422][ T5058] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.373672][ T5058] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.407777][ T5058] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.415539][ T5058] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.423957][ T5058] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.431167][ T5058] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.512857][ T5058] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.535726][ T54] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.546159][ T54] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.565650][ T5058] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.579048][ T27] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.586571][ T27] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.602222][ T4792] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.609589][ T4792] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.808766][ T5058] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.868481][ T5058] veth0_vlan: entered promiscuous mode [ 82.884328][ T5058] veth1_vlan: entered promiscuous mode [ 82.921501][ T5058] veth0_macvtap: entered promiscuous mode [ 82.933265][ T5058] veth1_macvtap: entered promiscuous mode [ 82.958488][ T5058] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.977359][ T5058] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.992193][ T5058] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.002498][ T5058] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.011848][ T5058] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.021490][ T5058] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.131498][ T5069] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.141560][ T5069] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.178889][ T781] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.189077][ T781] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 2023/09/18 04:32:42 building call list... executing program [ 85.330886][ T5053] page:ffffea00019e0000 refcount:512 mapcount:2 mapping:0000000000000000 index:0xc001600 pfn:0x67800 [ 85.343142][ T5053] head:ffffea00019e0000 order:9 entire_mapcount:1 nr_pages_mapped:1 pincount:0 [ 85.352459][ T5053] memcg:ffff888140662000 [ 85.356732][ T5053] anon flags: 0xfff800000a0078(uptodate|dirty|lru|head|mappedtodisk|swapbacked|node=0|zone=1|lastcpupid=0x7ff) [ 85.368990][ T5053] page_type: 0x0() [ 85.373452][ T5053] raw: 00fff800000a0078 ffffea0001a9b988 ffffea0001a9c5c8 ffff88801c0a0771 [ 85.382434][ T5053] raw: 000000000c001600 0000000000000000 0000020000000000 ffff888140662000 [ 85.391370][ T5053] page dumped because: VM_WARN_ON_FOLIO(page_mapcount(page) > 1 && PageAnonExclusive(page)) [ 85.401764][ T5053] page_owner tracks the page as allocated [ 85.408195][ T5053] page last allocated via order 9, migratetype Movable, gfp_mask 0x3d24ca(GFP_TRANSHUGE|__GFP_NORETRY|__GFP_THISNODE), pid 5078, tgid 5047 (syz-fuzzer), ts 83909729748, free_ts 28832570856 [ 85.426998][ T5053] post_alloc_hook+0x2cf/0x340 [ 85.431869][ T5053] get_page_from_freelist+0xf17/0x2e50 [ 85.437417][ T5053] __alloc_pages+0x1d0/0x4a0 [ 85.442425][ T5053] __folio_alloc+0x16/0x40 [ 85.447230][ T5053] vma_alloc_folio+0x63f/0x890 [ 85.452287][ T5053] do_huge_pmd_anonymous_page+0x243/0x2160 [ 85.458210][ T5053] __handle_mm_fault+0x2363/0x3da0 [ 85.463416][ T5053] handle_mm_fault+0x478/0xa00 [ 85.468230][ T5053] do_user_addr_fault+0x30b/0x1000 [ 85.473463][ T5053] exc_page_fault+0x5c/0xd0 [ 85.478186][ T5053] asm_exc_page_fault+0x26/0x30 [ 85.483135][ T5053] page last free stack trace: [ 85.488120][ T5053] free_unref_page_prepare+0x476/0xa40 [ 85.493862][ T5053] free_unref_page+0x33/0x3b0 [ 85.498611][ T5053] free_contig_range+0xb6/0x190 [ 85.503641][ T5053] destroy_args+0x768/0x990 [ 85.508202][ T5053] debug_vm_pgtable+0x1d79/0x3df0 [ 85.513340][ T5053] do_one_initcall+0x11c/0x640 [ 85.518570][ T5053] kernel_init_freeable+0x5c2/0x8f0 [ 85.523933][ T5053] kernel_init+0x1c/0x2a0 [ 85.528312][ T5053] ret_from_fork+0x45/0x80 [ 85.532891][ T5053] ret_from_fork_asm+0x11/0x20 [ 85.537801][ T5053] ------------[ cut here ]------------ [ 85.544044][ T5053] WARNING: CPU: 0 PID: 5053 at mm/rmap.c:1252 page_add_anon_rmap+0xc33/0x1a70 [ 85.553396][ T5053] Modules linked in: [ 85.557410][ T5053] CPU: 0 PID: 5053 Comm: syz-fuzzer Not tainted 6.6.0-rc2-next-20230918-syzkaller #0 [ 85.567389][ T5053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 85.577858][ T5053] RIP: 0010:page_add_anon_rmap+0xc33/0x1a70 [ 85.583938][ T5053] Code: 48 c1 eb 11 83 e3 01 89 de e8 99 aa b8 ff 84 db 0f 84 36 fb ff ff e8 5c af b8 ff 48 c7 c6 40 89 99 8a 4c 89 e7 e8 dd 02 f7 ff <0f> 0b e9 1b fb ff ff e8 41 af b8 ff 49 89 dd 31 ff 41 81 e5 ff 0f [ 85.603946][ T5053] RSP: 0018:ffffc900039af6b8 EFLAGS: 00010293 [ 85.610161][ T5053] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 85.618253][ T5053] RDX: ffff88801aad3b80 RSI: ffffffff81cf4673 RDI: ffffffff8ae94460 [ 85.626503][ T5053] RBP: ffff88801d45a400 R08: 0000000000000000 R09: fffffbfff1d9d0aa [ 85.635177][ T5053] R10: ffffffff8ece8557 R11: 0000000000000001 R12: ffffea00019e0000 [ 85.643530][ T5053] R13: 00fff800000a0078 R14: 0000000000000000 R15: ffffea0001a9b988 [ 85.651751][ T5053] FS: 000000c000bec490(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 85.661114][ T5053] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.668548][ T5053] CR2: 000000c00148d000 CR3: 00000000744da000 CR4: 00000000003506f0 [ 85.676783][ T5053] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 85.684848][ T5053] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 85.693754][ T5053] Call Trace: [ 85.697048][ T5053] <TASK> [ 85.700089][ T5053] ? show_regs+0x8f/0xa0 [ 85.704451][ T5053] ? __warn+0xe6/0x380 [ 85.708629][ T5053] ? page_add_anon_rmap+0xc33/0x1a70 [ 85.714187][ T5053] ? report_bug+0x3bc/0x580 [ 85.718742][ T5053] ? handle_bug+0x3c/0x70 [ 85.723163][ T5053] ? exc_invalid_op+0x17/0x40 [ 85.727872][ T5053] ? asm_exc_invalid_op+0x1a/0x20 [ 85.732974][ T5053] ? page_add_anon_rmap+0xc33/0x1a70 [ 85.738285][ T5053] ? page_add_anon_rmap+0xc33/0x1a70 [ 85.743653][ T5053] ? page_add_anon_rmap+0xc33/0x1a70 [ 85.749221][ T5053] __split_huge_pmd+0x17d5/0x31e0 [ 85.754523][ T5053] ? __print_lock_name+0x1a1/0x260 [ 85.759864][ T5053] ? __split_huge_pud+0x4d0/0x4d0 [ 85.765169][ T5053] unmap_page_range+0xf13/0x2c00 [ 85.770496][ T5053] ? vm_normal_page_pmd+0x5a0/0x5a0 [ 85.775730][ T5053] ? zap_page_range_single+0x305/0x4e0 [ 85.781626][ T5053] ? reacquire_held_locks+0x4b0/0x4b0 [ 85.787084][ T5053] unmap_single_vma+0x194/0x2b0 [ 85.792392][ T5053] zap_page_range_single+0x324/0x4e0 [ 85.797710][ T5053] ? unmap_vmas+0x330/0x330 [ 85.802417][ T5053] ? userfaultfd_remove+0x128/0x2b0 [ 85.807903][ T5053] ? mas_prev_slot+0x3ad/0xf40 [ 85.812744][ T5053] ? madvise_dontneed_free_valid_vma+0x8a/0x310 [ 85.819044][ T5053] madvise_vma_behavior+0xbb0/0x1d00 [ 85.824720][ T5053] ? madvise_vma_anon_name+0xf0/0xf0 [ 85.830255][ T5053] ? mas_prev+0xc6/0x480 [ 85.834603][ T5053] ? madvise_vma_anon_name+0xf0/0xf0 [ 85.840048][ T5053] ? find_vma_prev+0xe8/0x160 [ 85.844786][ T5053] ? vm_unmapped_area+0xaf0/0xaf0 [ 85.850197][ T5053] ? lock_sync+0x190/0x190 [ 85.854658][ T5053] ? preempt_count_sub+0x150/0x150 [ 85.859911][ T5053] ? madvise_vma_anon_name+0xf0/0xf0 [ 85.865665][ T5053] madvise_walk_vmas+0x1cf/0x2c0 [ 85.870689][ T5053] ? __remove_memory+0x40/0x40 [ 85.875519][ T5053] do_madvise+0x333/0x660 [ 85.879978][ T5053] ? madvise_set_anon_name+0x110/0x110 [ 85.885515][ T5053] ? ksys_mmap_pgoff+0x85/0x5b0 [ 85.890583][ T5053] __x64_sys_madvise+0xaa/0x110 [ 85.895476][ T5053] ? syscall_enter_from_user_mode+0x26/0x80 [ 85.901561][ T5053] do_syscall_64+0x38/0xb0 [ 85.906209][ T5053] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 85.912186][ T5053] RIP: 0033:0x46b677 [ 85.917060][ T5053] Code: 8b 24 24 48 8b 6c 24 10 48 83 c4 18 c3 cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 48 c7 c0 1c 00 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc 48 8b 7c 24 08 8b 74 24 10 8b 54 24 14 [ 85.937441][ T5053] RSP: 002b:000000c000065d70 EFLAGS: 00000202 ORIG_RAX: 000000000000001c [ 85.946044][ T5053] RAX: ffffffffffffffda RBX: 000000000016e000 RCX: 000000000046b677 [ 85.954372][ T5053] RDX: 0000000000000004 RSI: 000000000016e000 RDI: 000000c001692000 [ 85.962492][ T5053] RBP: 000000c000065db0 R08: 0000000000200000 R09: 000080c0017fffff [ 85.970619][ T5053] R10: 0000000001134fa0 R11: 0000000000000202 R12: 0000000001134f20 [ 85.978652][ T5053] R13: 0000000000000003 R14: 000000c000007ba0 R15: 0000000001134f60 [ 85.987670][ T5053] </TASK> [ 85.990944][ T5053] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 85.998339][ T5053] CPU: 0 PID: 5053 Comm: syz-fuzzer Not tainted 6.6.0-rc2-next-20230918-syzkaller #0 [ 86.007910][ T5053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 86.017980][ T5053] Call Trace: [ 86.021275][ T5053] <TASK> [ 86.024232][ T5053] dump_stack_lvl+0xd9/0x1b0 [ 86.028865][ T5053] panic+0x6dc/0x790 [ 86.032988][ T5053] ? panic_smp_self_stop+0xa0/0xa0 [ 86.038404][ T5053] ? show_trace_log_lvl+0x363/0x4f0 [ 86.043762][ T5053] ? page_add_anon_rmap+0xc33/0x1a70 [ 86.049084][ T5053] check_panic_on_warn+0xab/0xb0 [ 86.054513][ T5053] __warn+0xf2/0x380 [ 86.058448][ T5053] ? page_add_anon_rmap+0xc33/0x1a70 [ 86.065941][ T5053] report_bug+0x3bc/0x580 [ 86.070390][ T5053] handle_bug+0x3c/0x70 [ 86.074571][ T5053] exc_invalid_op+0x17/0x40 [ 86.079191][ T5053] asm_exc_invalid_op+0x1a/0x20 [ 86.084158][ T5053] RIP: 0010:page_add_anon_rmap+0xc33/0x1a70 [ 86.090610][ T5053] Code: 48 c1 eb 11 83 e3 01 89 de e8 99 aa b8 ff 84 db 0f 84 36 fb ff ff e8 5c af b8 ff 48 c7 c6 40 89 99 8a 4c 89 e7 e8 dd 02 f7 ff <0f> 0b e9 1b fb ff ff e8 41 af b8 ff 49 89 dd 31 ff 41 81 e5 ff 0f [ 86.110406][ T5053] RSP: 0018:ffffc900039af6b8 EFLAGS: 00010293 [ 86.116672][ T5053] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 86.124922][ T5053] RDX: ffff88801aad3b80 RSI: ffffffff81cf4673 RDI: ffffffff8ae94460 [ 86.132943][ T5053] RBP: ffff88801d45a400 R08: 0000000000000000 R09: fffffbfff1d9d0aa [ 86.141184][ T5053] R10: ffffffff8ece8557 R11: 0000000000000001 R12: ffffea00019e0000 [ 86.149253][ T5053] R13: 00fff800000a0078 R14: 0000000000000000 R15: ffffea0001a9b988 [ 86.157430][ T5053] ? page_add_anon_rmap+0xc33/0x1a70 [ 86.162861][ T5053] ? page_add_anon_rmap+0xc33/0x1a70 [ 86.168808][ T5053] __split_huge_pmd+0x17d5/0x31e0 [ 86.174144][ T5053] ? __print_lock_name+0x1a1/0x260 [ 86.179477][ T5053] ? __split_huge_pud+0x4d0/0x4d0 [ 86.184554][ T5053] unmap_page_range+0xf13/0x2c00 [ 86.189533][ T5053] ? vm_normal_page_pmd+0x5a0/0x5a0 [ 86.194754][ T5053] ? zap_page_range_single+0x305/0x4e0 [ 86.200232][ T5053] ? reacquire_held_locks+0x4b0/0x4b0 [ 86.205719][ T5053] unmap_single_vma+0x194/0x2b0 [ 86.210680][ T5053] zap_page_range_single+0x324/0x4e0 [ 86.216421][ T5053] ? unmap_vmas+0x330/0x330 [ 86.221121][ T5053] ? userfaultfd_remove+0x128/0x2b0 [ 86.226734][ T5053] ? mas_prev_slot+0x3ad/0xf40 [ 86.232310][ T5053] ? madvise_dontneed_free_valid_vma+0x8a/0x310 [ 86.238700][ T5053] madvise_vma_behavior+0xbb0/0x1d00 [ 86.244230][ T5053] ? madvise_vma_anon_name+0xf0/0xf0 [ 86.249556][ T5053] ? mas_prev+0xc6/0x480 [ 86.254091][ T5053] ? madvise_vma_anon_name+0xf0/0xf0 [ 86.259498][ T5053] ? find_vma_prev+0xe8/0x160 [ 86.264389][ T5053] ? vm_unmapped_area+0xaf0/0xaf0 [ 86.269645][ T5053] ? lock_sync+0x190/0x190 [ 86.274098][ T5053] ? preempt_count_sub+0x150/0x150 [ 86.279225][ T5053] ? madvise_vma_anon_name+0xf0/0xf0 [ 86.284534][ T5053] madvise_walk_vmas+0x1cf/0x2c0 [ 86.289492][ T5053] ? __remove_memory+0x40/0x40 [ 86.294638][ T5053] do_madvise+0x333/0x660 [ 86.298993][ T5053] ? madvise_set_anon_name+0x110/0x110 [ 86.304512][ T5053] ? ksys_mmap_pgoff+0x85/0x5b0 [ 86.309589][ T5053] __x64_sys_madvise+0xaa/0x110 [ 86.314483][ T5053] ? syscall_enter_from_user_mode+0x26/0x80 [ 86.320850][ T5053] do_syscall_64+0x38/0xb0 [ 86.325485][ T5053] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 86.331414][ T5053] RIP: 0033:0x46b677 [ 86.335328][ T5053] Code: 8b 24 24 48 8b 6c 24 10 48 83 c4 18 c3 cc cc cc cc cc cc 48 8b 7c 24 08 48 8b 74 24 10 8b 54 24 18 48 c7 c0 1c 00 00 00 0f 05 <89> 44 24 20 c3 cc cc cc cc 48 8b 7c 24 08 8b 74 24 10 8b 54 24 14 [ 86.355488][ T5053] RSP: 002b:000000c000065d70 EFLAGS: 00000202 ORIG_RAX: 000000000000001c [ 86.364190][ T5053] RAX: ffffffffffffffda RBX: 000000000016e000 RCX: 000000000046b677 [ 86.372346][ T5053] RDX: 0000000000000004 RSI: 000000000016e000 RDI: 000000c001692000 [ 86.380497][ T5053] RBP: 000000c000065db0 R08: 0000000000200000 R09: 000080c0017fffff [ 86.389185][ T5053] R10: 0000000001134fa0 R11: 0000000000000202 R12: 0000000001134f20 [ 86.397179][ T5053] R13: 0000000000000003 R14: 000000c000007ba0 R15: 0000000001134f60 [ 86.405184][ T5053] </TASK> [ 86.408436][ T5053] Kernel Offset: disabled [ 86.412766][ T5053] Rebooting in 86400 seconds..