Warning: Permanently added '10.128.10.39' (ECDSA) to the list of known hosts. 1970/01/01 00:01:01 ignoring optional flag "sandboxArg"="0" 1970/01/01 00:01:02 parsed 1 programs 1970/01/01 00:01:02 executed programs: 0 [ 62.164853][ T5474] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 62.167154][ T5474] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 62.169475][ T5474] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 62.171801][ T5474] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 62.173968][ T5474] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 62.176076][ T5474] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.255354][ T6463] chnl_net:caif_netlink_parms(): no params data found [ 62.283512][ T6463] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.285551][ T6463] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.287235][ T6463] bridge_slave_0: entered allmulticast mode [ 62.289071][ T6463] bridge_slave_0: entered promiscuous mode [ 62.292183][ T6463] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.293809][ T6463] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.296041][ T6463] bridge_slave_1: entered allmulticast mode [ 62.297882][ T6463] bridge_slave_1: entered promiscuous mode [ 62.311144][ T6463] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.315031][ T6463] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.327608][ T6463] team0: Port device team_slave_0 added [ 62.331329][ T6463] team0: Port device team_slave_1 added [ 62.342624][ T6463] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.344202][ T6463] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.350409][ T6463] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.354186][ T6463] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.356100][ T6463] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.361947][ T6463] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.416255][ T6463] hsr_slave_0: entered promiscuous mode [ 62.474732][ T6463] hsr_slave_1: entered promiscuous mode [ 63.281255][ T6463] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.310255][ T6463] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.346118][ T6463] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.377606][ T6463] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.470003][ T6463] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.476029][ T6015] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.478197][ T6015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.483152][ T6463] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.490628][ T6015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.492964][ T6015] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.496869][ T6015] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.498517][ T6015] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.500715][ T6015] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 63.516376][ T1544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 63.518978][ T1544] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 63.521162][ T1544] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.522762][ T1544] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.525681][ T1544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 63.528380][ T1544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 63.530886][ T1544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 63.533359][ T1544] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 63.537187][ T1544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 63.540342][ T1544] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 63.542678][ T1544] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 63.545458][ T1544] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 63.550479][ T6463] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 63.553326][ T6463] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 63.559328][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 63.561546][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 63.563933][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 63.647734][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 63.649611][ T5481] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 63.656921][ T6463] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.670126][ T6527] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 63.672453][ T6527] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 63.683610][ T6527] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 63.686386][ T6527] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 63.689038][ T6527] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 63.691080][ T6527] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 63.696647][ T6463] veth0_vlan: entered promiscuous mode [ 63.702958][ T6463] veth1_vlan: entered promiscuous mode [ 63.720391][ T6527] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 63.722569][ T6527] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 63.727268][ T6527] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 63.730101][ T6527] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 63.733956][ T6463] veth0_macvtap: entered promiscuous mode [ 63.739036][ T6463] veth1_macvtap: entered promiscuous mode [ 63.749724][ T6463] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.751553][ T6527] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 63.753705][ T6527] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 63.757606][ T6527] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 63.760305][ T6527] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 63.766210][ T6463] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.770406][ T6014] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 63.772847][ T6014] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 63.777240][ T6463] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.779304][ T6463] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.781296][ T6463] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.783308][ T6463] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.831861][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.833686][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.837103][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 63.853764][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.856162][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.858950][ T6014] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 64.181276][ T6557] loop0: detected capacity change from 0 to 32768 [ 64.191793][ T6557] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 64.255054][ T5474] Bluetooth: hci0: command 0x0409 tx timeout [ 64.285610][ T6557] XFS (loop0): Torn write (CRC failure) detected at log block 0x180. Truncating head block from 0x200. [ 64.312615][ T6557] XFS (loop0): Starting recovery (logdev: internal) [ 64.329438][ T6557] ================================================================== [ 64.331410][ T6557] BUG: KASAN: slab-out-of-bounds in xfs_btree_lookup_get_block+0x180/0x66c [ 64.333323][ T6557] Read of size 8 at addr ffff0000c5663258 by task syz-executor.0/6557 [ 64.335315][ T6557] [ 64.335905][ T6557] CPU: 0 PID: 6557 Comm: syz-executor.0 Not tainted 6.3.0-rc4-syzkaller-00011-g59caa87f9dfb #0 [ 64.338141][ T6557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 64.340345][ T6557] Call trace: [ 64.341084][ T6557] dump_backtrace+0x1b8/0x1e4 [ 64.342194][ T6557] show_stack+0x2c/0x3c [ 64.343176][ T6557] dump_stack_lvl+0xd0/0x124 [ 64.344237][ T6557] print_report+0x174/0x514 [ 64.345270][ T6557] kasan_report+0xd4/0x130 [ 64.346314][ T6557] __asan_report_load8_noabort+0x2c/0x38 [ 64.347663][ T6557] xfs_btree_lookup_get_block+0x180/0x66c [ 64.348939][ T6557] xfs_btree_lookup+0x388/0x117c [ 64.350110][ T6557] xfs_btree_simple_query_range+0xd4/0x5c4 [ 64.351556][ T6557] xfs_btree_query_range+0x2b4/0x348 [ 64.352772][ T6557] xfs_refcount_recover_cow_leftovers+0x2c8/0xb60 [ 64.354288][ T6557] xfs_reflink_recover_cow+0x80/0x1c0 [ 64.355532][ T6557] xlog_recover_finish+0x710/0x80c [ 64.356817][ T6557] xfs_log_mount_finish+0x1b8/0x3f4 [ 64.358095][ T6557] xfs_mountfs+0x103c/0x18fc [ 64.359155][ T6557] xfs_fs_fill_super+0xd38/0xf50 [ 64.360340][ T6557] get_tree_bdev+0x360/0x54c [ 64.361478][ T6557] xfs_fs_get_tree+0x28/0x38 [ 64.362577][ T6557] vfs_get_tree+0x90/0x274 [ 64.363567][ T6557] do_new_mount+0x25c/0x8c8 [ 64.364627][ T6557] path_mount+0x590/0xe20 [ 64.365664][ T6557] __arm64_sys_mount+0x45c/0x594 [ 64.366975][ T6557] invoke_syscall+0x98/0x2c0 [ 64.368040][ T6557] el0_svc_common+0x138/0x258 [ 64.369111][ T6557] do_el0_svc+0x64/0x198 [ 64.370100][ T6557] el0_svc+0x58/0x168 [ 64.371010][ T6557] el0t_64_sync_handler+0x84/0xf0 [ 64.372261][ T6557] el0t_64_sync+0x190/0x194 [ 64.373328][ T6557] [ 64.373900][ T6557] The buggy address belongs to the object at ffff0000c5663210 [ 64.373900][ T6557] which belongs to the cache xfs_refcbt_cur of size 200 [ 64.377207][ T6557] The buggy address is located 72 bytes inside of [ 64.377207][ T6557] allocated 200-byte region [ffff0000c5663210, ffff0000c56632d8) [ 64.380455][ T6557] [ 64.381007][ T6557] The buggy address belongs to the physical page: [ 64.382508][ T6557] page:00000000bcb1bcac refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105663 [ 64.384985][ T6557] flags: 0x5ffc00000000200(slab|node=0|zone=2|lastcpupid=0x7ff) [ 64.386916][ T6557] raw: 05ffc00000000200 ffff0000c1c9e000 dead000000000122 0000000000000000 [ 64.388907][ T6557] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 64.390862][ T6557] page dumped because: kasan: bad access detected [ 64.392322][ T6557] [ 64.392865][ T6557] Memory state around the buggy address: [ 64.394254][ T6557] ffff0000c5663100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.396164][ T6557] ffff0000c5663180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.398049][ T6557] >ffff0000c5663200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.399978][ T6557] ^ [ 64.401612][ T6557] ffff0000c5663280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.403396][ T6557] ffff0000c5663300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 64.405138][ T6557] ================================================================== [ 64.425138][ T6557] Disabling lock debugging due to kernel taint [ 64.426910][ T6557] XFS (loop0): Metadata corruption detected at xfs_btree_lookup_get_block+0x444/0x66c, xfs_refcountbt block 0x18 [ 64.429594][ T6557] XFS (loop0): Unmount and run xfs_repair [ 64.431009][ T6557] Unable to handle kernel paging request at virtual address e0a4606c20000371 [ 64.433134][ T6557] KASAN: maybe wild-memory-access in range [0x0527036100001b88-0x0527036100001b8f] [ 64.436020][ T6557] Mem abort info: [ 64.436873][ T6557] ESR = 0x0000000096000004 [ 64.437874][ T6557] EC = 0x25: DABT (current EL), IL = 32 bits [ 64.439279][ T6557] SET = 0, FnV = 0 [ 64.440092][ T6557] EA = 0, S1PTW = 0 [ 64.440946][ T6557] FSC = 0x04: level 0 translation fault [ 64.442229][ T6557] Data abort info: [ 64.443065][ T6557] ISV = 0, ISS = 0x00000004 [ 64.444077][ T6557] CM = 0, WnR = 0 [ 64.445354][ T6557] [e0a4606c20000371] address between user and kernel address ranges [ 64.447199][ T6557] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 64.448903][ T6557] Modules linked in: [ 64.449857][ T6557] CPU: 0 PID: 6557 Comm: syz-executor.0 Tainted: G B 6.3.0-rc4-syzkaller-00011-g59caa87f9dfb #0 [ 64.452597][ T6557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 64.454884][ T6557] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 64.456773][ T6557] pc : xfs_trans_brelse+0x34/0x448 [ 64.458039][ T6557] lr : xfs_trans_brelse+0x2c/0x448 [ 64.459260][ T6557] sp : ffff80001e737340 [ 64.460196][ T6557] x29: ffff80001e737340 x28: 00000000ffffff8b x27: 1fffe00018acc600 [ 64.462075][ T6557] x26: 0000000000000007 x25: 00000000000000c8 x24: 1fffe00018acc609 [ 64.463955][ T6557] x23: dfff800000000000 x22: 052703610000199d x21: 0527036100001b8d [ 64.465819][ T6557] x20: ffff0000c0f43250 x19: 052703610000199d x18: 1fffe00036851db6 [ 64.467762][ T6557] x17: 0000000000000000 x16: ffff800012323354 x15: ffff800008accf98 [ 64.469698][ T6557] x14: ffff800008ac9d14 x13: ffff80000806345c x12: 0000000000000001 [ 64.471604][ T6557] x11: ff80800009ca9174 x10: 0000000000000000 x9 : ffff800009ca9174 [ 64.473542][ T6557] x8 : 00a4e06c20000371 x7 : ffff80000806345c x6 : ffff80000806366c [ 64.475359][ T6557] x5 : ffff0000e3500100 x4 : ffff80001e736a78 x3 : ffff800009ac79a8 [ 64.477207][ T6557] x2 : 0000000000000000 x1 : 052703610000199d x0 : ffff0000c0f43250 [ 64.479243][ T6557] Call trace: [ 64.480026][ T6557] xfs_trans_brelse+0x34/0x448 [ 64.481126][ T6557] xfs_btree_del_cursor+0xb8/0x24c [ 64.482330][ T6557] xfs_refcount_recover_cow_leftovers+0x2d8/0xb60 [ 64.483961][ T6557] xfs_reflink_recover_cow+0x80/0x1c0 [ 64.485245][ T6557] xlog_recover_finish+0x710/0x80c [ 64.486496][ T6557] xfs_log_mount_finish+0x1b8/0x3f4 [ 64.487713][ T6557] xfs_mountfs+0x103c/0x18fc [ 64.488821][ T6557] xfs_fs_fill_super+0xd38/0xf50 [ 64.489915][ T6557] get_tree_bdev+0x360/0x54c [ 64.490968][ T6557] xfs_fs_get_tree+0x28/0x38 [ 64.492070][ T6557] vfs_get_tree+0x90/0x274 [ 64.493155][ T6557] do_new_mount+0x25c/0x8c8 [ 64.494187][ T6557] path_mount+0x590/0xe20 [ 64.495178][ T6557] __arm64_sys_mount+0x45c/0x594 [ 64.496320][ T6557] invoke_syscall+0x98/0x2c0 [ 64.497368][ T6557] el0_svc_common+0x138/0x258 [ 64.498536][ T6557] do_el0_svc+0x64/0x198 [ 64.499536][ T6557] el0_svc+0x58/0x168 [ 64.500460][ T6557] el0t_64_sync_handler+0x84/0xf0 [ 64.501637][ T6557] el0t_64_sync+0x190/0x194 [ 64.502618][ T6557] Code: f2fbfff7 97a164a1 9107c275 d343fea8 (38776908) [ 64.504250][ T6557] ---[ end trace 0000000000000000 ]--- [ 64.873294][ T6557] Kernel panic - not syncing: Oops: Fatal exception [ 64.874976][ T6557] SMP: stopping secondary CPUs [ 64.876101][ T6557] Kernel Offset: disabled [ 64.877102][ T6557] CPU features: 0x000000,20700402,32017203 [ 64.878456][ T6557] Memory Limit: none [ 65.247162][ T6557] Rebooting in 86400 seconds..