Warning: Permanently added '10.128.1.128' (ED25519) to the list of known hosts. 2023/07/31 09:54:06 ignoring optional flag "sandboxArg"="0" 2023/07/31 09:54:06 parsed 1 programs 2023/07/31 09:54:06 executed programs: 0 [ 48.445957][ T2631] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 48.502352][ T2180] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 48.509853][ T2180] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 48.517368][ T2180] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 48.524889][ T2180] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 48.532481][ T2180] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 48.539887][ T2180] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 48.547936][ T2180] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 48.555562][ T2180] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 48.570697][ T2658] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 48.572036][ T2663] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 48.577802][ T2658] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 48.577878][ T2658] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 48.578444][ T2658] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 48.585515][ T2663] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 48.592252][ T2658] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 48.599322][ T2663] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 48.606329][ T2658] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 48.621050][ T2663] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 48.628772][ T2658] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 48.635863][ T2663] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 48.642621][ T2658] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 48.650123][ T2663] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 48.656865][ T2658] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 48.678258][ T2664] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 48.685856][ T2658] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 48.686620][ T2664] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 48.694323][ T2015] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 48.707243][ T2664] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 48.708016][ T2658] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 48.715279][ T2664] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 48.722644][ T2658] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 48.729685][ T2664] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 48.745367][ T2658] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 48.753046][ T2658] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 48.763660][ T2658] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 48.774382][ T2658] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 49.240111][ T2640] chnl_net:caif_netlink_parms(): no params data found [ 49.279424][ T2642] chnl_net:caif_netlink_parms(): no params data found [ 49.311134][ T2656] chnl_net:caif_netlink_parms(): no params data found [ 49.401275][ T2654] chnl_net:caif_netlink_parms(): no params data found [ 49.457400][ T2655] chnl_net:caif_netlink_parms(): no params data found [ 49.506314][ T2652] chnl_net:caif_netlink_parms(): no params data found [ 50.714283][ T2658] Bluetooth: hci0: command 0x0409 tx timeout [ 50.794243][ T2658] Bluetooth: hci4: command 0x0409 tx timeout [ 50.800451][ T2658] Bluetooth: hci5: command 0x0409 tx timeout [ 50.808456][ T2657] Bluetooth: hci2: command 0x0409 tx timeout [ 50.808470][ T2662] Bluetooth: hci3: command 0x0409 tx timeout [ 50.815133][ T2180] Bluetooth: hci1: command 0x0409 tx timeout [ 52.794348][ T2180] Bluetooth: hci0: command 0x041b tx timeout [ 52.874130][ T2180] Bluetooth: hci5: command 0x041b tx timeout [ 52.882776][ T2180] Bluetooth: hci3: command 0x041b tx timeout [ 52.884142][ T2658] Bluetooth: hci1: command 0x041b tx timeout [ 52.890328][ T2657] Bluetooth: hci4: command 0x041b tx timeout [ 52.896409][ T2664] Bluetooth: hci2: command 0x041b tx timeout [ 54.874317][ T2658] Bluetooth: hci0: command 0x040f tx timeout [ 54.954155][ T2658] Bluetooth: hci3: command 0x040f tx timeout [ 54.960353][ T2658] Bluetooth: hci2: command 0x040f tx timeout [ 54.966822][ T2664] Bluetooth: hci4: command 0x040f tx timeout [ 54.973946][ T2664] Bluetooth: hci1: command 0x040f tx timeout [ 54.975825][ T2662] Bluetooth: hci5: command 0x040f tx timeout [ 56.027626][ T2640] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.221260][ T2642] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.320729][ T2655] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.380419][ T2654] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.426030][ T2656] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.542225][ T2652] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.954203][ T2662] Bluetooth: hci0: command 0x0419 tx timeout [ 57.034341][ T2662] Bluetooth: hci1: command 0x0419 tx timeout [ 57.040409][ T2662] Bluetooth: hci4: command 0x0419 tx timeout [ 57.050223][ T2658] Bluetooth: hci3: command 0x0419 tx timeout [ 57.050240][ T2180] Bluetooth: hci2: command 0x0419 tx timeout [ 57.057859][ T2658] Bluetooth: hci5: command 0x0419 tx timeout [ 61.011657][ T2640] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.182733][ T2642] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.265453][ T2655] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.408625][ T2656] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.499579][ T2654] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 61.588144][ T2652] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.011785][ T4773] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 70.029282][ T4773] UDF-fs: Scanning with blocksize 512 failed [ 70.052272][ T4773] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 70.087500][ T4773] UDF-fs: Scanning with blocksize 1024 failed [ 70.107854][ T4779] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 70.135881][ T4773] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 70.152868][ T4785] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 70.162011][ T4779] /dev/nullb0: Can't open blockdev [ 70.192806][ T4773] UDF-fs: Scanning with blocksize 2048 failed [ 70.218872][ T4779] [ 70.221297][ T4779] ================================================ [ 70.228673][ T4779] WARNING: lock held when returning to user space! [ 70.235688][ T4779] 6.5.0-rc1-syzkaller #0 Not tainted [ 70.240966][ T4779] ------------------------------------------------ [ 70.248165][ T4779] syz-executor.2/4779 is leaving the kernel with locks still held! [ 70.256708][ T4779] 1 lock held by syz-executor.2/4779: [ 70.262261][ T4779] #0: ffff8880187ac0e0 (&type->s_umount_key#54){....}-{3:3}, at: get_tree_bdev+0x30d/0x600 2023/07/31 09:54:28 executed programs: 6 [ 70.296622][ T4773] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 70.316334][ T4773] UDF-fs: Scanning with blocksize 4096 failed [ 70.322930][ T4781] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 70.344196][ T4781] UDF-fs: Scanning with blocksize 512 failed [ 70.350603][ T4781] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 70.382697][ T4781] UDF-fs: Scanning with blocksize 1024 failed [ 70.389607][ T4781] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found [ 70.408734][ T4781] UDF-fs: Scanning with blocksize 2048 failed [ 70.412728][ T4810] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 70.423504][ T4810] ================================================================== [ 70.432111][ T4810] BUG: KASAN: slab-use-after-free in rwsem_down_write_slowpath+0xf24/0x1390 [ 70.441155][ T4810] Read of size 4 at addr ffff888015118034 by task syz-executor.2/4810 [ 70.449386][ T4810] [ 70.451792][ T4810] CPU: 1 PID: 4810 Comm: syz-executor.2 Not tainted 6.5.0-rc1-syzkaller #0 [ 70.461756][ T4810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 70.472427][ T4810] Call Trace: [ 70.475783][ T4810] [ 70.478932][ T4810] dump_stack_lvl+0x3d/0x60 [ 70.483593][ T4810] print_report+0xc4/0x620 [ 70.488154][ T4810] ? __x64_sys_mount+0x208/0x280 [ 70.493086][ T4810] kasan_report+0xda/0x110 [ 70.497487][ T4810] ? rwsem_down_write_slowpath+0xf24/0x1390 [ 70.503356][ T4810] ? rwsem_down_write_slowpath+0xf24/0x1390 [ 70.509619][ T4810] rwsem_down_write_slowpath+0xf24/0x1390 [ 70.515573][ T4810] ? down_read_killable+0x380/0x380 [ 70.521004][ T4810] ? lock_release+0x474/0x590 [ 70.526260][ T4810] ? mntput_no_expire+0xe0/0x7b0 [ 70.531279][ T4810] ? reacquire_held_locks+0x380/0x380 [ 70.536797][ T4810] ? rcu_is_watching+0x15/0xb0 [ 70.541540][ T4810] ? lock_release+0x474/0x590 [ 70.546286][ T4810] ? rcu_is_watching+0x15/0xb0 [ 70.551323][ T4810] ? rcu_is_watching+0x15/0xb0 [ 70.556076][ T4810] ? lock_acquire+0x238/0x2b0 [ 70.560761][ T4810] down_write+0x148/0x160 [ 70.565071][ T4810] ? down_write_killable_nested+0x1b0/0x1b0 [ 70.571374][ T4810] ? do_raw_spin_lock+0x12e/0x2b0 [ 70.576458][ T4810] ? spin_bug+0x1d0/0x1d0 [ 70.580792][ T4810] grab_super+0x50/0x1c0 [ 70.585391][ T4810] ? set_bdev_super_fc+0xb0/0xb0 [ 70.590403][ T4810] sget_fc+0x51f/0x760 [ 70.594462][ T4810] ? set_bdev_super+0x80/0x80 [ 70.599129][ T4810] get_tree_bdev+0x122/0x600 [ 70.604070][ T4810] ? romfs_iget+0x690/0x690 [ 70.609162][ T4810] ? sget_fc+0x760/0x760 [ 70.613760][ T4810] ? vfs_parse_fs_param+0x360/0x360 [ 70.619206][ T4810] vfs_get_tree+0x82/0x210 [ 70.623769][ T4810] path_mount+0x878/0x1a00 [ 70.628332][ T4810] ? finish_automount+0x720/0x720 [ 70.633706][ T4810] ? kmem_cache_free+0xe9/0x460 [ 70.638925][ T4810] ? getname_flags.part.0+0x88/0x430 [ 70.644446][ T4810] __x64_sys_mount+0x208/0x280 [ 70.649442][ T4810] ? copy_mnt_ns+0xa70/0xa70 [ 70.654111][ T4810] ? fpregs_assert_state_consistent+0x41/0x60 [ 70.660458][ T4810] do_syscall_64+0x38/0xb0 [ 70.664849][ T4810] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.670756][ T4810] RIP: 0033:0x7f22fd87cae9 [ 70.675147][ T4810] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 70.696128][ T4810] RSP: 002b:00007f22fe5a90c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 70.704519][ T4810] RAX: ffffffffffffffda RBX: 00007f22fd99c050 RCX: 00007f22fd87cae9 [ 70.712928][ T4810] RDX: 0000000020000040 RSI: 0000000020000080 RDI: 00000000200000c0 [ 70.721479][ T4810] RBP: 00007f22fd8c847a R08: 0000000000000000 R09: 0000000000000000 [ 70.729757][ T4810] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 70.738198][ T4810] R13: 000000000000006e R14: 00007f22fd99c050 R15: 00007ffec9be7678 [ 70.746767][ T4810] [ 70.749851][ T4810] [ 70.752153][ T4810] Allocated by task 4772: [ 70.756790][ T4810] kasan_save_stack+0x33/0x50 [ 70.762336][ T4810] kasan_set_track+0x25/0x30 [ 70.767463][ T4810] __kasan_slab_alloc+0x81/0x90 [ 70.772744][ T4810] kmem_cache_alloc_node+0x1ab/0x400 [ 70.778788][ T4810] copy_process+0x488/0x63e0 [ 70.783787][ T4810] kernel_clone+0xcb/0x7a0 [ 70.788352][ T4810] __do_sys_clone3+0x152/0x190 [ 70.793264][ T4810] do_syscall_64+0x38/0xb0 [ 70.798475][ T4810] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.804903][ T4810] [ 70.807211][ T4810] Freed by task 21: [ 70.811002][ T4810] kasan_save_stack+0x33/0x50 [ 70.815860][ T4810] kasan_set_track+0x25/0x30 [ 70.820425][ T4810] kasan_save_free_info+0x2b/0x40 [ 70.825509][ T4810] ____kasan_slab_free+0x15e/0x1b0 [ 70.830861][ T4810] slab_free_freelist_hook+0x10b/0x1e0 [ 70.836504][ T4810] kmem_cache_free+0xe9/0x460 [ 70.841525][ T4810] rcu_core+0xaf5/0x13b0 [ 70.846026][ T4810] __do_softirq+0x250/0x672 [ 70.850820][ T4810] [ 70.853542][ T4810] Last potentially related work creation: [ 70.859344][ T4810] kasan_save_stack+0x33/0x50 [ 70.864368][ T4810] __kasan_record_aux_stack+0xbc/0xd0 [ 70.870521][ T4810] __call_rcu_common.constprop.0+0x8e/0x6b0 [ 70.876573][ T4810] __schedule+0xd0b/0x4c50 [ 70.880980][ T4810] schedule+0xe7/0x1b0 [ 70.885041][ T4810] schedule_preempt_disabled+0x4d/0x140 [ 70.891148][ T4810] rwsem_down_write_slowpath+0x533/0x1390 [ 70.897497][ T4810] down_write+0x148/0x160 [ 70.901987][ T4810] unlink_file_vma+0x71/0xf0 [ 70.908026][ T4810] free_pgtables+0x37d/0x7f0 [ 70.912851][ T4810] exit_mmap+0x260/0x730 [ 70.917326][ T4810] __mmput+0xb7/0x3e0 [ 70.922073][ T4810] do_exit+0x776/0x2600 [ 70.926202][ T4810] do_group_exit+0xb4/0x250 [ 70.930764][ T4810] __x64_sys_exit_group+0x39/0x40 [ 70.935900][ T4810] do_syscall_64+0x38/0xb0 [ 70.940295][ T4810] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.946508][ T4810] [ 70.948810][ T4810] Second to last potentially related work creation: [ 70.955455][ T4810] kasan_save_stack+0x33/0x50 [ 70.960107][ T4810] __kasan_record_aux_stack+0xbc/0xd0 [ 70.965970][ T4810] task_work_add+0x83/0x1f0 [ 70.970715][ T4810] scheduler_tick+0x1d3/0x590 [ 70.975727][ T4810] update_process_times+0x152/0x1c0 [ 70.981258][ T4810] tick_sched_handle+0xe5/0x150 [ 70.987649][ T4810] tick_sched_timer+0xa8/0xd0 [ 70.992837][ T4810] __hrtimer_run_queues+0x2df/0x7d0 [ 70.998356][ T4810] hrtimer_interrupt+0x2da/0x7d0 [ 71.003629][ T4810] __sysvec_apic_timer_interrupt+0x139/0x3d0 [ 71.009665][ T4810] sysvec_apic_timer_interrupt+0x89/0xb0 [ 71.015445][ T4810] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 71.021657][ T4810] [ 71.023959][ T4810] The buggy address belongs to the object at ffff888015118000 [ 71.023959][ T4810] which belongs to the cache task_struct of size 7232 [ 71.038158][ T4810] The buggy address is located 52 bytes inside of [ 71.038158][ T4810] freed 7232-byte region [ffff888015118000, ffff888015119c40) [ 71.052441][ T4810] [ 71.054831][ T4810] The buggy address belongs to the physical page: [ 71.061420][ T4810] page:ffffea0000544600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x15118 [ 71.076803][ T4810] head:ffffea0000544600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 71.086263][ T4810] memcg:ffff888018e12701 [ 71.090478][ T4810] anon flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 71.099644][ T4810] page_type: 0xffffffff() [ 71.103968][ T4810] raw: 00fff00000010200 ffff88800ce64500 0000000000000000 dead000000000001 [ 71.112627][ T4810] raw: 0000000000000000 0000000000040004 00000001ffffffff ffff888018e12701 [ 71.121395][ T4810] page dumped because: kasan: bad access detected [ 71.128485][ T4810] page_owner tracks the page as allocated [ 71.134437][ T4810] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 10, tgid 10 (kworker/u4:0), ts 50628541746, free_ts 50615533195 [ 71.157266][ T4810] post_alloc_hook+0x281/0x2f0 [ 71.162113][ T4810] get_page_from_freelist+0xfcb/0x31e0 [ 71.167821][ T4810] __alloc_pages+0x1d0/0x470 [ 71.172478][ T4810] allocate_slab+0x24e/0x360 [ 71.177130][ T4810] ___slab_alloc+0x7a7/0x1000 [ 71.181782][ T4810] __slab_alloc.constprop.0+0x4d/0x90 [ 71.187328][ T4810] kmem_cache_alloc_node+0x141/0x400 [ 71.192846][ T4810] copy_process+0x488/0x63e0 [ 71.197495][ T4810] kernel_clone+0xcb/0x7a0 [ 71.201965][ T4810] user_mode_thread+0xa5/0xe0 [ 71.206610][ T4810] call_usermodehelper_exec_work+0x57/0x140 [ 71.212668][ T4810] process_one_work+0x922/0x1370 [ 71.217840][ T4810] worker_thread+0xfb/0xe40 [ 71.222752][ T4810] kthread+0x278/0x330 [ 71.226807][ T4810] ret_from_fork+0x1f/0x30 [ 71.231297][ T4810] page last free stack trace: [ 71.236045][ T4810] free_unref_page_prepare+0x5aa/0xc40 [ 71.241567][ T4810] free_unref_page+0x33/0x350 [ 71.246390][ T4810] __unfreeze_partials+0x1f1/0x210 [ 71.251836][ T4810] qlist_free_all+0x6a/0x170 [ 71.256498][ T4810] kasan_quarantine_reduce+0x17d/0x1b0 [ 71.262024][ T4810] __kasan_slab_alloc+0x65/0x90 [ 71.266946][ T4810] kmem_cache_alloc+0x1a1/0x3d0 [ 71.271855][ T4810] getname_flags.part.0+0x4a/0x430 [ 71.276942][ T4810] do_sys_openat2+0xe8/0x170 [ 71.281597][ T4810] __x64_sys_openat+0x134/0x1d0 [ 71.286437][ T4810] do_syscall_64+0x38/0xb0 [ 71.291092][ T4810] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 71.296960][ T4810] [ 71.299261][ T4810] Memory state around the buggy address: [ 71.304920][ T4810] ffff888015117f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 71.313146][ T4810] ffff888015117f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 71.321227][ T4810] >ffff888015118000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.329541][ T4810] ^ [ 71.335343][ T4810] ffff888015118080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.343488][ T4810] ffff888015118100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.351635][ T4810] ================================================================== [ 71.360123][ T4810] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 71.367789][ T4810] Kernel Offset: disabled [ 71.372479][ T4810] Rebooting in 86400 seconds..