[ 9.922456][ T2659] 8021q: adding VLAN 0 to HW filter on device bond0 [ 9.925321][ T2659] eql: remember to turn off Van-Jacobson compression on your slave devices [ 9.954272][ T9] gvnic 0000:00:00.0 enp0s0: Device link is up. [ 9.958248][ T2568] IPv6: ADDRCONF(NETDEV_CHANGE): enp0s0: link becomes ready Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.99' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 27.034493][ T3083] ------------[ cut here ]------------ [ 27.036004][ T3083] refcount_t: underflow; use-after-free. [ 27.037988][ T3083] WARNING: CPU: 1 PID: 3083 at lib/refcount.c:28 refcount_warn_saturate+0x1a0/0x1c8 [ 27.040318][ T3083] Modules linked in: [ 27.041295][ T3083] CPU: 1 PID: 3083 Comm: syz-executor181 Not tainted 6.1.0-rc5-syzkaller-32269-g9500fc6e9e60 #0 [ 27.043951][ T3083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 27.046345][ T3083] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 27.048395][ T3083] pc : refcount_warn_saturate+0x1a0/0x1c8 [ 27.049999][ T3083] lr : refcount_warn_saturate+0x1a0/0x1c8 [ 27.051489][ T3083] sp : ffff800012e7b9b0 [ 27.052585][ T3083] x29: ffff800012e7b9b0 x28: ffff0000c6b51a40 x27: 0000000020000040 [ 27.054699][ T3083] x26: 0000000000010002 x25: 0000000000000000 x24: ffff0000cd574088 [ 27.056909][ T3083] x23: 0000000000000000 x22: 0000000000000000 x21: ffff0000ca9ffc0c [ 27.058991][ T3083] x20: 0000000000000003 x19: ffff80000d98f000 x18: 00000000000001cc [ 27.061029][ T3083] x17: 0000000000000000 x16: ffff80000dc18158 x15: ffff0000c6b51a40 [ 27.063308][ T3083] x14: 0000000000000000 x13: 00000000ffffffff x12: ffff0000c6b51a40 [ 27.065425][ T3083] x11: ff808000081c6510 x10: 0000000000000000 x9 : 2060ebe174811d00 [ 27.067672][ T3083] x8 : 2060ebe174811d00 x7 : ffff800008165f54 x6 : 0000000000000000 [ 27.069752][ T3083] x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000 [ 27.071808][ T3083] x2 : ffff0001fefddcc8 x1 : 0000000100000000 x0 : 0000000000000026 [ 27.074041][ T3083] Call trace: [ 27.074857][ T3083] refcount_warn_saturate+0x1a0/0x1c8 [ 27.076260][ T3083] p9_client_walk+0x2a4/0x2e8 [ 27.077490][ T3083] v9fs_vfs_lookup+0xa0/0x37c [ 27.078833][ T3083] __lookup_slow+0x14c/0x204 [ 27.080091][ T3083] lookup_slow+0x44/0x68 [ 27.081230][ T3083] walk_component+0x178/0x1b0 [ 27.082452][ T3083] path_lookupat+0xc4/0x208 [ 27.083616][ T3083] filename_lookup+0xf8/0x264 [ 27.084906][ T3083] user_path_at_empty+0x5c/0x114 [ 27.086221][ T3083] __arm64_sys_mount+0x28c/0x3c4 [ 27.087471][ T3083] el0_svc_common+0x138/0x220 [ 27.088724][ T3083] do_el0_svc+0x48/0x164 [ 27.089862][ T3083] el0_svc+0x58/0x150 [ 27.090907][ T3083] el0t_64_sync_handler+0x84/0xf0 [ 27.092332][ T3083] el0t_64_sync+0x190/0x194 [ 27.093499][ T3083] irq event stamp: 1078 [ 27.094569][ T3083] hardirqs last enabled at (1077): [] finish_lock_switch+0x94/0xe8 [ 27.097153][ T3083] hardirqs last disabled at (1078): [] el1_dbg+0x24/0x80 [ 27.099473][ T3083] softirqs last enabled at (1070): [] _stext+0x2e4/0x37c [ 27.101719][ T3083] softirqs last disabled at (1059): [] ____do_softirq+0x14/0x20 [ 27.104238][ T3083] ---[ end trace 0000000000000000 ]--- [ 27.108952][ T3080] 9pnet: Found fid 0 not clunked [ 27.110262][ T3080] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 [ 27.112876][ T3080] Mem abort info: [ 27.113807][ T3080] ESR = 0x0000000096000004 [ 27.114946][ T3080] EC = 0x25: DABT (current EL), IL = 32 bits [ 27.116564][ T3080] SET = 0, FnV = 0 [ 27.117543][ T3080] EA = 0, S1PTW = 0 [ 27.118582][ T3080] FSC = 0x04: level 0 translation fault [ 27.120029][ T3080] Data abort info: [ 27.120978][ T3080] ISV = 0, ISS = 0x00000004 [ 27.122207][ T3080] CM = 0, WnR = 0 [ 27.123202][ T3080] user pgtable: 4k pages, 48-bit VAs, pgdp=000000010ab34000 [ 27.125282][ T3080] [0000000000000018] pgd=0000000000000000, p4d=0000000000000000 [ 27.127394][ T3080] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 27.129312][ T3080] Modules linked in: [ 27.130317][ T3080] CPU: 1 PID: 3080 Comm: syz-executor181 Tainted: G W 6.1.0-rc5-syzkaller-32269-g9500fc6e9e60 #0 [ 27.133397][ T3080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022 [ 27.136027][ T3080] pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 27.138117][ T3080] pc : __lock_acquire+0x60/0x3084 [ 27.139423][ T3080] lr : lock_acquire+0x100/0x1f8 [ 27.140651][ T3080] sp : ffff800012f13a60 [ 27.141744][ T3080] x29: ffff800012f13b40 x28: 0000000000000000 x27: 00000000000000c0 [ 27.143885][ T3080] x26: 0000000000000018 x25: ffff80000be9cd24 x24: 0000000000000080 [ 27.146017][ T3080] x23: 0000000000000000 x22: 0000000000000018 x21: 0000000000000000 [ 27.148057][ T3080] x20: 0000000000000000 x19: 0000000000000000 x18: ffff800012f13590 [ 27.150117][ T3080] x17: 4553006964623d4d x16: ffff80000dc18158 x15: ffff0000c2063480 [ 27.152327][ T3080] x14: 0000000000000000 x13: 00000000ffffffff x12: ffff0000c2063480 [ 27.154620][ T3080] x11: ff808000095f6cf8 x10: 0000000000000000 x9 : 0000000000000001 [ 27.156785][ T3080] x8 : 0000000000000001 x7 : ffff80000be9cd24 x6 : 0000000000000000 [ 27.158836][ T3080] x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000 [ 27.160923][ T3080] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000018 [ 27.162941][ T3080] Call trace: [ 27.163812][ T3080] __lock_acquire+0x60/0x3084 [ 27.165028][ T3080] lock_acquire+0x100/0x1f8 [ 27.166233][ T3080] _raw_spin_lock_irqsave+0x6c/0xb4 [ 27.167635][ T3080] p9_client_destroy+0xa8/0x2f0 [ 27.168899][ T3080] v9fs_session_close+0x2c/0xd8 [ 27.170141][ T3080] v9fs_kill_super+0x34/0x50 [ 27.171315][ T3080] deactivate_locked_super+0x70/0xe8 [ 27.172868][ T3080] deactivate_super+0xd0/0xd4 [ 27.174245][ T3080] cleanup_mnt+0x184/0x1c0 [ 27.175508][ T3080] __cleanup_mnt+0x20/0x30 [ 27.176793][ T3080] task_work_run+0x100/0x148 [ 27.178013][ T3080] do_notify_resume+0x174/0x1f0 [ 27.179254][ T3080] el0_svc+0x9c/0x150 [ 27.180240][ T3080] el0t_64_sync_handler+0x84/0xf0 [ 27.181528][ T3080] el0t_64_sync+0x190/0x194 [ 27.182759][ T3080] Code: 2a0303f4 2a0203f7 aa0003fa 34000148 (f9400348) [ 27.184519][ T3080] ---[ end trace 0000000000000000 ]--- [ 27.452936][ T3080] Kernel panic - not syncing: Oops: Fatal exception [ 27.454689][ T3080] SMP: stopping secondary CPUs [ 27.455950][ T3080] Kernel Offset: disabled [ 27.457065][ T3080] CPU features: 0x00000,040e0108,4c017203 [ 27.458543][ T3080] Memory Limit: none [ 27.715299][ T3080] Rebooting in 86400 seconds..