[ 76.597077][ T27] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.1.180' (ED25519) to the list of known hosts. 2023/09/30 13:21:53 ignoring optional flag "sandboxArg"="0" 2023/09/30 13:21:53 parsed 1 programs 2023/09/30 13:21:55 executed programs: 0 [ 79.078253][ T5378] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 79.129062][ T4436] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.136966][ T4436] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.144521][ T4436] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.153252][ T4436] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.160915][ T4436] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 79.168248][ T4436] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.281517][ T5384] chnl_net:caif_netlink_parms(): no params data found [ 79.333904][ T5384] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.341152][ T5384] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.348501][ T5384] bridge_slave_0: entered allmulticast mode [ 79.356487][ T5384] bridge_slave_0: entered promiscuous mode [ 79.364156][ T5384] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.371592][ T5384] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.379395][ T5384] bridge_slave_1: entered allmulticast mode [ 79.386872][ T5384] bridge_slave_1: entered promiscuous mode [ 79.410773][ T5384] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.422035][ T5384] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.450491][ T5384] team0: Port device team_slave_0 added [ 79.459148][ T5384] team0: Port device team_slave_1 added [ 79.481314][ T5384] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.488425][ T5384] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.514373][ T5384] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.526945][ T5384] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.533893][ T5384] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.559956][ T5384] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.593785][ T5384] hsr_slave_0: entered promiscuous mode [ 79.600695][ T5384] hsr_slave_1: entered promiscuous mode [ 80.391401][ T5384] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.403231][ T5384] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.416982][ T5384] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.430326][ T5384] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.534784][ T5384] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.560960][ T5384] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.576347][ T780] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.583503][ T780] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.606442][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.613599][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.828641][ T5384] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.883426][ T5384] veth0_vlan: entered promiscuous mode [ 80.899877][ T5384] veth1_vlan: entered promiscuous mode [ 80.941948][ T5384] veth0_macvtap: entered promiscuous mode [ 80.953063][ T5384] veth1_macvtap: entered promiscuous mode [ 80.977266][ T5384] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.993398][ T5384] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.008316][ T5384] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.021061][ T5384] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.030882][ T5384] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.041643][ T5384] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.126354][ T5046] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.134300][ T5046] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.177749][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.188229][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.243605][ T4436] Bluetooth: hci0: command 0x0409 tx timeout [ 81.651535][ T5450] loop0: detected capacity change from 0 to 32768 [ 81.671410][ T5450] gfs2: fsid=„½%b­i’~N-SS“: Trying to join cluster "lock_nolock", "„½%b­i’~N-SS“" [ 81.681694][ T5450] gfs2: fsid=„½%b­i’~N-SS“: Now mounting FS (format 1801)... [ 81.707044][ T5450] gfs2: fsid=„½%b­i’~N-SS“.0: journal 0 mapped with 18 extents in 2ms [ 81.720903][ T8] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0, already locked for use [ 81.729184][ T8] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Looking at journal... [ 81.803445][ T8] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Journal head lookup took 74ms [ 81.812892][ T8] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Done [ 81.820587][ T5450] gfs2: fsid=„½%b­i’~N-SS“.0: first mount done, others may mount [ 82.419763][ T5478] loop0: detected capacity change from 0 to 32768 [ 82.431452][ T5478] gfs2: fsid=„½%b­i’~N-SS“: Trying to join cluster "lock_nolock", "„½%b­i’~N-SS“" [ 82.450250][ T5478] gfs2: fsid=„½%b­i’~N-SS“: Now mounting FS (format 1801)... [ 82.463591][ T5478] gfs2: fsid=„½%b­i’~N-SS“.0: journal 0 mapped with 18 extents in 0ms [ 82.474224][ T27] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0, already locked for use [ 82.483696][ T27] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Looking at journal... [ 82.559112][ T27] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Journal head lookup took 75ms [ 82.569561][ T27] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Done [ 82.578068][ T5478] gfs2: fsid=„½%b­i’~N-SS“.0: first mount done, others may mount [ 83.230882][ T5510] loop0: detected capacity change from 0 to 32768 [ 83.244518][ T5510] gfs2: fsid=„½%b­i’~N-SS“: Trying to join cluster "lock_nolock", "„½%b­i’~N-SS“" [ 83.254745][ T5510] gfs2: fsid=„½%b­i’~N-SS“: Now mounting FS (format 1801)... [ 83.268156][ T5510] gfs2: fsid=„½%b­i’~N-SS“.0: journal 0 mapped with 18 extents in 0ms [ 83.281238][ T5045] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0, already locked for use [ 83.288849][ T5045] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Looking at journal... [ 83.325340][ T4436] Bluetooth: hci0: command 0x041b tx timeout [ 83.354347][ T5045] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Journal head lookup took 65ms [ 83.363923][ T5045] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Done [ 83.370063][ T5510] gfs2: fsid=„½%b­i’~N-SS“.0: first mount done, others may mount [ 84.032343][ T5541] loop0: detected capacity change from 0 to 32768 [ 84.046527][ T5541] gfs2: fsid=„½%b­i’~N-SS“: Trying to join cluster "lock_nolock", "„½%b­i’~N-SS“" [ 84.057186][ T5541] gfs2: fsid=„½%b­i’~N-SS“: Now mounting FS (format 1801)... [ 84.069969][ T5541] gfs2: fsid=„½%b­i’~N-SS“.0: journal 0 mapped with 18 extents in 0ms [ 84.081146][ T5045] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0, already locked for use [ 84.089684][ T5045] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Looking at journal... 2023/09/30 13:22:00 executed programs: 4 [ 84.163659][ T5045] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Journal head lookup took 73ms [ 84.174937][ T5045] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Done [ 84.182693][ T5541] gfs2: fsid=„½%b­i’~N-SS“.0: first mount done, others may mount [ 84.839688][ T5572] loop0: detected capacity change from 0 to 32768 [ 84.850525][ T5572] gfs2: fsid=„½%b­i’~N-SS“: Trying to join cluster "lock_nolock", "„½%b­i’~N-SS“" [ 84.860446][ T5572] gfs2: fsid=„½%b­i’~N-SS“: Now mounting FS (format 1801)... [ 84.879084][ T5572] gfs2: fsid=„½%b­i’~N-SS“.0: journal 0 mapped with 18 extents in 0ms [ 84.890348][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0, already locked for use [ 84.898095][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Looking at journal... [ 84.967584][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Journal head lookup took 69ms [ 84.976616][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Done [ 84.982648][ T5572] gfs2: fsid=„½%b­i’~N-SS“.0: first mount done, others may mount [ 85.395518][ T4436] Bluetooth: hci0: command 0x040f tx timeout [ 85.542732][ T5597] loop0: detected capacity change from 0 to 32768 [ 85.555426][ T5597] gfs2: fsid=„½%b­i’~N-SS“: Trying to join cluster "lock_nolock", "„½%b­i’~N-SS“" [ 85.565077][ T5597] gfs2: fsid=„½%b­i’~N-SS“: Now mounting FS (format 1801)... [ 85.580070][ T5597] gfs2: fsid=„½%b­i’~N-SS“.0: journal 0 mapped with 18 extents in 0ms [ 85.590843][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0, already locked for use [ 85.598856][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Looking at journal... [ 85.676894][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Journal head lookup took 78ms [ 85.688042][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Done [ 85.694962][ T5597] gfs2: fsid=„½%b­i’~N-SS“.0: first mount done, others may mount [ 86.300887][ T5624] loop0: detected capacity change from 0 to 32768 [ 86.313491][ T5624] gfs2: fsid=„½%b­i’~N-SS“: Trying to join cluster "lock_nolock", "„½%b­i’~N-SS“" [ 86.325666][ T5624] gfs2: fsid=„½%b­i’~N-SS“: Now mounting FS (format 1801)... [ 86.339805][ T5624] gfs2: fsid=„½%b­i’~N-SS“.0: journal 0 mapped with 18 extents in 0ms [ 86.349973][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0, already locked for use [ 86.360012][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Looking at journal... [ 86.429131][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Journal head lookup took 69ms [ 86.441607][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Done [ 86.448153][ T5624] gfs2: fsid=„½%b­i’~N-SS“.0: first mount done, others may mount [ 87.076475][ T5654] loop0: detected capacity change from 0 to 32768 [ 87.087818][ T5654] gfs2: fsid=„½%b­i’~N-SS“: Trying to join cluster "lock_nolock", "„½%b­i’~N-SS“" [ 87.102230][ T5654] gfs2: fsid=„½%b­i’~N-SS“: Now mounting FS (format 1801)... [ 87.117982][ T5654] gfs2: fsid=„½%b­i’~N-SS“.0: journal 0 mapped with 18 extents in 0ms [ 87.128108][ T5046] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0, already locked for use [ 87.137418][ T5046] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Looking at journal... [ 87.206955][ T5046] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Journal head lookup took 69ms [ 87.219550][ T5046] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Done [ 87.226087][ T5654] gfs2: fsid=„½%b­i’~N-SS“.0: first mount done, others may mount [ 87.484643][ T4436] Bluetooth: hci0: command 0x0419 tx timeout [ 87.867914][ T5686] loop0: detected capacity change from 0 to 32768 [ 87.880978][ T5686] gfs2: fsid=„½%b­i’~N-SS“: Trying to join cluster "lock_nolock", "„½%b­i’~N-SS“" [ 87.891930][ T5686] gfs2: fsid=„½%b­i’~N-SS“: Now mounting FS (format 1801)... [ 87.904995][ T5686] gfs2: fsid=„½%b­i’~N-SS“.0: journal 0 mapped with 18 extents in 0ms [ 87.916897][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0, already locked for use [ 87.924522][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Looking at journal... [ 87.995804][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Journal head lookup took 71ms [ 88.009412][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Done [ 88.015570][ T5686] gfs2: fsid=„½%b­i’~N-SS“.0: first mount done, others may mount [ 88.664643][ T5719] loop0: detected capacity change from 0 to 32768 [ 88.680439][ T5719] gfs2: fsid=„½%b­i’~N-SS“: Trying to join cluster "lock_nolock", "„½%b­i’~N-SS“" [ 88.695324][ T5719] gfs2: fsid=„½%b­i’~N-SS“: Now mounting FS (format 1801)... [ 88.709141][ T5719] gfs2: fsid=„½%b­i’~N-SS“.0: journal 0 mapped with 18 extents in 0ms [ 88.719215][ T5046] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0, already locked for use [ 88.728594][ T5046] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Looking at journal... [ 88.793259][ T5046] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Journal head lookup took 64ms [ 88.803848][ T5046] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Done [ 88.811397][ T5719] gfs2: fsid=„½%b­i’~N-SS“.0: first mount done, others may mount [ 89.456956][ T5747] loop0: detected capacity change from 0 to 32768 [ 89.473460][ T5747] gfs2: fsid=„½%b­i’~N-SS“: Trying to join cluster "lock_nolock", "„½%b­i’~N-SS“" [ 89.484086][ T5747] gfs2: fsid=„½%b­i’~N-SS“: Now mounting FS (format 1801)... [ 89.498183][ T5747] gfs2: fsid=„½%b­i’~N-SS“.0: journal 0 mapped with 18 extents in 0ms [ 89.509546][ T27] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0, already locked for use [ 89.517575][ T27] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Looking at journal... 2023/09/30 13:22:05 executed programs: 11 [ 89.587881][ T27] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Journal head lookup took 70ms [ 89.600555][ T27] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Done [ 89.608267][ T5747] gfs2: fsid=„½%b­i’~N-SS“.0: first mount done, others may mount [ 90.127603][ T5781] loop0: detected capacity change from 0 to 32768 [ 90.138339][ T5781] gfs2: fsid=„½%b­i’~N-SS“: Trying to join cluster "lock_nolock", "„½%b­i’~N-SS“" [ 90.149708][ T5781] gfs2: fsid=„½%b­i’~N-SS“: Now mounting FS (format 1801)... [ 90.160701][ T5781] gfs2: fsid=„½%b­i’~N-SS“.0: journal 0 mapped with 18 extents in 0ms [ 90.170914][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0, already locked for use [ 90.178506][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Looking at journal... [ 90.217979][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Journal head lookup took 39ms [ 90.226301][ T9] gfs2: fsid=„½%b­i’~N-SS“.0: jid=0: Done [ 90.232222][ T5781] gfs2: fsid=„½%b­i’~N-SS“.0: first mount done, others may mount [ 90.295293][ C0] ================================================================== [ 90.303400][ C0] BUG: KASAN: slab-use-after-free in gfs2_qd_dealloc+0x83/0xf0 [ 90.311069][ C0] Write of size 4 at addr ffff888021940a78 by task syz-executor.0/5384 [ 90.319321][ C0] [ 90.321643][ C0] CPU: 0 PID: 5384 Comm: syz-executor.0 Not tainted 6.6.0-rc3-syzkaller-dirty #0 [ 90.330735][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 90.340863][ C0] Call Trace: [ 90.344128][ C0] [ 90.346960][ C0] dump_stack_lvl+0x1e7/0x2d0 [ 90.351622][ C0] ? nf_tcp_handle_invalid+0x650/0x650 [ 90.357074][ C0] ? panic+0x770/0x770 [ 90.361241][ C0] ? _printk+0xd5/0x120 [ 90.365384][ C0] print_report+0x163/0x540 [ 90.369873][ C0] ? print_irqtrace_events+0x220/0x220 [ 90.375311][ C0] ? __virt_addr_valid+0x22f/0x2e0 [ 90.380400][ C0] ? __phys_addr+0xba/0x170 [ 90.384880][ C0] ? gfs2_qd_dealloc+0x83/0xf0 [ 90.389628][ C0] kasan_report+0x175/0x1b0 [ 90.394124][ C0] ? gfs2_qd_dealloc+0x83/0xf0 [ 90.398896][ C0] kasan_check_range+0x27e/0x290 [ 90.403907][ C0] gfs2_qd_dealloc+0x83/0xf0 [ 90.408577][ C0] ? gfs2_qd_dispose+0x5b0/0x5b0 [ 90.413498][ C0] ? rcu_core+0xa61/0x1790 [ 90.417893][ C0] rcu_core+0xacf/0x1790 [ 90.422118][ C0] ? rcu_cpu_kthread_park+0x90/0x90 [ 90.427296][ C0] ? rebalance_domains+0x949/0xac0 [ 90.432387][ C0] ? rebalance_domains+0x1b9/0xac0 [ 90.437478][ C0] ? pick_eevdf+0x660/0x660 [ 90.441958][ C0] __do_softirq+0x2ab/0x908 [ 90.446455][ C0] ? __irq_exit_rcu+0xf1/0x1b0 [ 90.451200][ C0] ? __lock_text_end+0xc/0xc [ 90.455788][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 90.460994][ C0] __irq_exit_rcu+0xf1/0x1b0 [ 90.465568][ C0] ? irq_exit_rcu+0x20/0x20 [ 90.470056][ C0] irq_exit_rcu+0x9/0x20 [ 90.474278][ C0] sysvec_apic_timer_interrupt+0x95/0xb0 [ 90.479908][ C0] [ 90.482828][ C0] [ 90.485748][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 90.491725][ C0] RIP: 0010:preempt_count_add+0x5c/0x180 [ 90.497359][ C0] Code: 10 00 75 07 65 8b 05 4b 4a a3 7e 65 01 1d 44 4a a3 7e 48 c7 c0 20 33 ef 91 48 c1 e8 03 42 0f b6 04 38 84 c0 0f 85 d9 00 00 00 <83> 3d 7d c4 8e 10 00 75 11 65 8b 05 1c 4a a3 7e 0f b6 c0 3d f5 00 [ 90.516964][ C0] RSP: 0018:ffffc90004d1f1c8 EFLAGS: 00000297 [ 90.523015][ C0] RAX: 0000000000000004 RBX: 0000000000000001 RCX: ffffffff91ef3303 [ 90.530975][ C0] RDX: ffff888078b05940 RSI: 0000000000000001 RDI: 0000000000000001 [ 90.539018][ C0] RBP: ffffc90004d1f2c0 R08: ffffffff813d9ec1 R09: ffffc90004d1f3b0 [ 90.546972][ C0] R10: 0000000000000003 R11: ffff888078b05940 R12: ffff888078b05940 [ 90.554925][ C0] R13: dffffc0000000000 R14: 0000000000000001 R15: dffffc0000000000 [ 90.562887][ C0] ? unwind_next_frame+0xa1/0x29e0 [ 90.567994][ C0] ? shmem_evict_inode+0x29e/0xa80 [ 90.573107][ C0] unwind_next_frame+0xc1/0x29e0 [ 90.578031][ C0] ? shmem_undo_range+0x6ad/0x19c0 [ 90.583124][ C0] ? shmem_evict_inode+0x29e/0xa80 [ 90.588214][ C0] ? __kernel_text_address+0xd/0x40 [ 90.593392][ C0] ? shmem_evict_inode+0x29e/0xa80 [ 90.598488][ C0] ? stack_trace_save+0x1c0/0x1c0 [ 90.603546][ C0] arch_stack_walk+0x146/0x1a0 [ 90.608300][ C0] ? shmem_evict_inode+0x29e/0xa80 [ 90.613396][ C0] stack_trace_save+0x117/0x1c0 [ 90.618233][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 90.623330][ C0] save_stack+0xfa/0x1e0 [ 90.627576][ C0] ? __reset_page_owner+0x190/0x190 [ 90.632758][ C0] ? free_unref_page_prepare+0x8c3/0x9f0 [ 90.638370][ C0] ? free_unref_page_list+0x596/0x830 [ 90.643722][ C0] ? release_pages+0x2113/0x23f0 [ 90.648644][ C0] ? __folio_batch_release+0x84/0x100 [ 90.653993][ C0] ? shmem_undo_range+0x6ad/0x19c0 [ 90.659089][ C0] ? shmem_evict_inode+0x29e/0xa80 [ 90.664182][ C0] ? page_ext_get+0x20/0x2a0 [ 90.668761][ C0] __reset_page_owner+0x4f/0x190 [ 90.673783][ C0] free_unref_page_prepare+0x8c3/0x9f0 [ 90.679230][ C0] free_unref_page_list+0x596/0x830 [ 90.684409][ C0] ? __mod_zone_page_state+0xda/0x140 [ 90.689764][ C0] release_pages+0x2113/0x23f0 [ 90.694528][ C0] ? lru_cache_disable+0x30/0x30 [ 90.699445][ C0] ? do_raw_spin_unlock+0x13b/0x8b0 [ 90.704632][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 90.709821][ C0] __folio_batch_release+0x84/0x100 [ 90.715002][ C0] shmem_undo_range+0x6ad/0x19c0 [ 90.719933][ C0] ? shmem_truncate_range+0xa0/0xa0 [ 90.725218][ C0] ? __lock_acquire+0x7f70/0x7f70 [ 90.730254][ C0] ? do_raw_spin_lock+0x14d/0x3a0 [ 90.735271][ C0] shmem_evict_inode+0x29e/0xa80 [ 90.740207][ C0] ? inode_wait_for_writeback+0x223/0x290 [ 90.745911][ C0] ? shmem_free_in_core_inode+0xb0/0xb0 [ 90.751436][ C0] ? sb_clear_inode_writeback+0x370/0x370 [ 90.757144][ C0] ? bit_waitqueue+0x30/0x30 [ 90.761741][ C0] ? do_raw_spin_unlock+0x13b/0x8b0 [ 90.766937][ C0] ? shmem_free_in_core_inode+0xb0/0xb0 [ 90.772472][ C0] evict+0x2a4/0x620 [ 90.776399][ C0] __dentry_kill+0x436/0x650 [ 90.780988][ C0] dentry_kill+0xbb/0x290 [ 90.785317][ C0] ? dput+0x52/0x470 [ 90.789197][ C0] dput+0x21e/0x470 [ 90.792989][ C0] __fput+0x60d/0x910 [ 90.796958][ C0] task_work_run+0x24a/0x300 [ 90.801562][ C0] ? task_work_cancel+0x2b0/0x2b0 [ 90.806577][ C0] ? exit_to_user_mode_loop+0x39/0x100 [ 90.812046][ C0] exit_to_user_mode_loop+0xde/0x100 [ 90.817319][ C0] exit_to_user_mode_prepare+0xb1/0x140 [ 90.822848][ C0] syscall_exit_to_user_mode+0x64/0x280 [ 90.828383][ C0] do_syscall_64+0x4d/0xc0 [ 90.832780][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 90.838674][ C0] RIP: 0033:0x7efcc847de17 [ 90.843072][ C0] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 90.862682][ C0] RSP: 002b:00007fff37ab65f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 90.871081][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007efcc847de17 [ 90.879035][ C0] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007fff37ab66b0 [ 90.887055][ C0] RBP: 00007fff37ab66b0 R08: 0000000000000000 R09: 0000000000000000 [ 90.895032][ C0] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff37ab7770 [ 90.902995][ C0] R13: 00007efcc84c73b9 R14: 0000000000015ee0 R15: 0000000000000003 [ 90.910965][ C0] [ 90.913968][ C0] [ 90.916290][ C0] Allocated by task 5781: [ 90.920593][ C0] kasan_set_track+0x4f/0x70 [ 90.925166][ C0] __kasan_kmalloc+0x98/0xb0 [ 90.929738][ C0] gfs2_fill_super+0x136/0x26c0 [ 90.934575][ C0] get_tree_bdev+0x416/0x5b0 [ 90.939144][ C0] gfs2_get_tree+0x54/0x210 [ 90.943651][ C0] vfs_get_tree+0x8c/0x280 [ 90.948046][ C0] do_new_mount+0x28f/0xae0 [ 90.952530][ C0] __se_sys_mount+0x2d9/0x3c0 [ 90.957191][ C0] do_syscall_64+0x41/0xc0 [ 90.961588][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 90.967472][ C0] [ 90.969781][ C0] Freed by task 5384: [ 90.973745][ C0] kasan_set_track+0x4f/0x70 [ 90.978361][ C0] kasan_save_free_info+0x28/0x40 [ 90.983380][ C0] ____kasan_slab_free+0xd6/0x120 [ 90.988394][ C0] __kmem_cache_free+0x25f/0x3b0 [ 90.993311][ C0] generic_shutdown_super+0x13a/0x2c0 [ 90.998686][ C0] kill_block_super+0x41/0x70 [ 91.003342][ C0] deactivate_locked_super+0xa4/0x110 [ 91.008708][ C0] cleanup_mnt+0x426/0x4c0 [ 91.013129][ C0] task_work_run+0x24a/0x300 [ 91.017702][ C0] exit_to_user_mode_loop+0xde/0x100 [ 91.022965][ C0] exit_to_user_mode_prepare+0xb1/0x140 [ 91.028492][ C0] syscall_exit_to_user_mode+0x64/0x280 [ 91.034019][ C0] do_syscall_64+0x4d/0xc0 [ 91.038414][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 91.044295][ C0] [ 91.046615][ C0] The buggy address belongs to the object at ffff888021940000 [ 91.046615][ C0] which belongs to the cache kmalloc-8k of size 8192 [ 91.060648][ C0] The buggy address is located 2680 bytes inside of [ 91.060648][ C0] freed 8192-byte region [ffff888021940000, ffff888021942000) [ 91.074596][ C0] [ 91.076901][ C0] The buggy address belongs to the physical page: [ 91.083288][ C0] page:ffffea0000865000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21940 [ 91.093418][ C0] head:ffffea0000865000 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 91.102343][ C0] ksm flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 91.110650][ C0] page_type: 0xffffffff() [ 91.114971][ C0] raw: 00fff00000000840 ffff888012842280 ffffea000090a600 0000000000000003 [ 91.123535][ C0] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 91.132112][ C0] page dumped because: kasan: bad access detected [ 91.138504][ C0] page_owner tracks the page as allocated [ 91.144192][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5380, tgid 5380 (sh), ts 77913728905, free_ts 77903163637 [ 91.165268][ C0] post_alloc_hook+0x1e6/0x210 [ 91.170016][ C0] get_page_from_freelist+0x31db/0x3360 [ 91.175545][ C0] __alloc_pages+0x255/0x670 [ 91.180113][ C0] alloc_slab_page+0x6a/0x160 [ 91.184769][ C0] new_slab+0x84/0x2f0 [ 91.188822][ C0] ___slab_alloc+0xc85/0x1310 [ 91.193479][ C0] __kmem_cache_alloc_node+0x1af/0x270 [ 91.198929][ C0] kmalloc_trace+0x2a/0xe0 [ 91.203343][ C0] tomoyo_init_log+0x11cd/0x2040 [ 91.208277][ C0] tomoyo_supervisor+0x386/0x11f0 [ 91.213301][ C0] tomoyo_env_perm+0x178/0x210 [ 91.218069][ C0] tomoyo_find_next_domain+0x1383/0x1cf0 [ 91.223687][ C0] tomoyo_bprm_check_security+0x114/0x170 [ 91.229396][ C0] security_bprm_check+0x63/0xa0 [ 91.234317][ C0] bprm_execve+0x8c7/0x17c0 [ 91.238807][ C0] do_execveat_common+0x580/0x720 [ 91.243813][ C0] page last free stack trace: [ 91.248468][ C0] free_unref_page_prepare+0x8c3/0x9f0 [ 91.253906][ C0] free_unref_page+0x37/0x3f0 [ 91.258676][ C0] __unfreeze_partials+0x1dc/0x220 [ 91.263792][ C0] put_cpu_partial+0x17b/0x250 [ 91.268542][ C0] __slab_free+0x2b6/0x390 [ 91.272939][ C0] qlist_free_all+0x75/0xe0 [ 91.277424][ C0] kasan_quarantine_reduce+0x14b/0x160 [ 91.282862][ C0] __kasan_slab_alloc+0x23/0x70 [ 91.287728][ C0] slab_post_alloc_hook+0x67/0x3d0 [ 91.292836][ C0] __kmem_cache_alloc_node+0x141/0x270 [ 91.298285][ C0] kmalloc_trace+0x2a/0xe0 [ 91.302691][ C0] tomoyo_init_log+0x1c9/0x2040 [ 91.307524][ C0] tomoyo_supervisor+0x386/0x11f0 [ 91.312531][ C0] tomoyo_path_permission+0x243/0x360 [ 91.317884][ C0] tomoyo_check_open_permission+0x2fb/0x500 [ 91.323782][ C0] security_file_open+0x63/0xa0 [ 91.328616][ C0] [ 91.330917][ C0] Memory state around the buggy address: [ 91.336530][ C0] ffff888021940900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 91.344577][ C0] ffff888021940980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 91.352614][ C0] >ffff888021940a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 91.360661][ C0] ^ [ 91.368625][ C0] ffff888021940a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 91.376677][ C0] ffff888021940b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 91.384742][ C0] ================================================================== [ 91.392893][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 91.400100][ C0] CPU: 0 PID: 5384 Comm: syz-executor.0 Not tainted 6.6.0-rc3-syzkaller-dirty #0 [ 91.409228][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 91.419334][ C0] Call Trace: [ 91.422709][ C0] [ 91.425544][ C0] dump_stack_lvl+0x1e7/0x2d0 [ 91.430206][ C0] ? nf_tcp_handle_invalid+0x650/0x650 [ 91.435649][ C0] ? panic+0x770/0x770 [ 91.439717][ C0] ? vscnprintf+0x5d/0x80 [ 91.444047][ C0] panic+0x30f/0x770 [ 91.447933][ C0] ? check_panic_on_warn+0x21/0xa0 [ 91.453037][ C0] ? __memcpy_flushcache+0x2b0/0x2b0 [ 91.458310][ C0] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 91.464191][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 91.470586][ C0] ? _raw_spin_unlock+0x40/0x40 [ 91.475433][ C0] ? print_report+0x4fb/0x540 [ 91.480090][ C0] check_panic_on_warn+0x82/0xa0 [ 91.485100][ C0] ? gfs2_qd_dealloc+0x83/0xf0 [ 91.489844][ C0] end_report+0x6e/0x130 [ 91.494069][ C0] kasan_report+0x186/0x1b0 [ 91.498556][ C0] ? gfs2_qd_dealloc+0x83/0xf0 [ 91.503395][ C0] kasan_check_range+0x27e/0x290 [ 91.508320][ C0] gfs2_qd_dealloc+0x83/0xf0 [ 91.512893][ C0] ? gfs2_qd_dispose+0x5b0/0x5b0 [ 91.517812][ C0] ? rcu_core+0xa61/0x1790 [ 91.522218][ C0] rcu_core+0xacf/0x1790 [ 91.526446][ C0] ? rcu_cpu_kthread_park+0x90/0x90 [ 91.531626][ C0] ? rebalance_domains+0x949/0xac0 [ 91.536726][ C0] ? rebalance_domains+0x1b9/0xac0 [ 91.541837][ C0] ? pick_eevdf+0x660/0x660 [ 91.546337][ C0] __do_softirq+0x2ab/0x908 [ 91.550846][ C0] ? __irq_exit_rcu+0xf1/0x1b0 [ 91.555595][ C0] ? __lock_text_end+0xc/0xc [ 91.560164][ C0] ? irqtime_account_irq+0xd4/0x1e0 [ 91.565349][ C0] __irq_exit_rcu+0xf1/0x1b0 [ 91.569931][ C0] ? irq_exit_rcu+0x20/0x20 [ 91.574414][ C0] irq_exit_rcu+0x9/0x20 [ 91.578649][ C0] sysvec_apic_timer_interrupt+0x95/0xb0 [ 91.584263][ C0] [ 91.587272][ C0] [ 91.590183][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 91.596153][ C0] RIP: 0010:preempt_count_add+0x5c/0x180 [ 91.601792][ C0] Code: 10 00 75 07 65 8b 05 4b 4a a3 7e 65 01 1d 44 4a a3 7e 48 c7 c0 20 33 ef 91 48 c1 e8 03 42 0f b6 04 38 84 c0 0f 85 d9 00 00 00 <83> 3d 7d c4 8e 10 00 75 11 65 8b 05 1c 4a a3 7e 0f b6 c0 3d f5 00 [ 91.621379][ C0] RSP: 0018:ffffc90004d1f1c8 EFLAGS: 00000297 [ 91.627430][ C0] RAX: 0000000000000004 RBX: 0000000000000001 RCX: ffffffff91ef3303 [ 91.635384][ C0] RDX: ffff888078b05940 RSI: 0000000000000001 RDI: 0000000000000001 [ 91.643333][ C0] RBP: ffffc90004d1f2c0 R08: ffffffff813d9ec1 R09: ffffc90004d1f3b0 [ 91.651510][ C0] R10: 0000000000000003 R11: ffff888078b05940 R12: ffff888078b05940 [ 91.659562][ C0] R13: dffffc0000000000 R14: 0000000000000001 R15: dffffc0000000000 [ 91.667523][ C0] ? unwind_next_frame+0xa1/0x29e0 [ 91.672625][ C0] ? shmem_evict_inode+0x29e/0xa80 [ 91.677721][ C0] unwind_next_frame+0xc1/0x29e0 [ 91.682714][ C0] ? shmem_undo_range+0x6ad/0x19c0 [ 91.687839][ C0] ? shmem_evict_inode+0x29e/0xa80 [ 91.692926][ C0] ? __kernel_text_address+0xd/0x40 [ 91.698105][ C0] ? shmem_evict_inode+0x29e/0xa80 [ 91.703193][ C0] ? stack_trace_save+0x1c0/0x1c0 [ 91.708216][ C0] arch_stack_walk+0x146/0x1a0 [ 91.712959][ C0] ? shmem_evict_inode+0x29e/0xa80 [ 91.718048][ C0] stack_trace_save+0x117/0x1c0 [ 91.722876][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 91.727974][ C0] save_stack+0xfa/0x1e0 [ 91.732284][ C0] ? __reset_page_owner+0x190/0x190 [ 91.737489][ C0] ? free_unref_page_prepare+0x8c3/0x9f0 [ 91.743101][ C0] ? free_unref_page_list+0x596/0x830 [ 91.748455][ C0] ? release_pages+0x2113/0x23f0 [ 91.753731][ C0] ? __folio_batch_release+0x84/0x100 [ 91.759092][ C0] ? shmem_undo_range+0x6ad/0x19c0 [ 91.764351][ C0] ? shmem_evict_inode+0x29e/0xa80 [ 91.769444][ C0] ? page_ext_get+0x20/0x2a0 [ 91.774015][ C0] __reset_page_owner+0x4f/0x190 [ 91.778934][ C0] free_unref_page_prepare+0x8c3/0x9f0 [ 91.784374][ C0] free_unref_page_list+0x596/0x830 [ 91.789556][ C0] ? __mod_zone_page_state+0xda/0x140 [ 91.794907][ C0] release_pages+0x2113/0x23f0 [ 91.799662][ C0] ? lru_cache_disable+0x30/0x30 [ 91.804578][ C0] ? do_raw_spin_unlock+0x13b/0x8b0 [ 91.809765][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 91.815052][ C0] __folio_batch_release+0x84/0x100 [ 91.820228][ C0] shmem_undo_range+0x6ad/0x19c0 [ 91.825152][ C0] ? shmem_truncate_range+0xa0/0xa0 [ 91.830354][ C0] ? __lock_acquire+0x7f70/0x7f70 [ 91.835371][ C0] ? do_raw_spin_lock+0x14d/0x3a0 [ 91.840380][ C0] shmem_evict_inode+0x29e/0xa80 [ 91.845314][ C0] ? inode_wait_for_writeback+0x223/0x290 [ 91.851039][ C0] ? shmem_free_in_core_inode+0xb0/0xb0 [ 91.856565][ C0] ? sb_clear_inode_writeback+0x370/0x370 [ 91.862264][ C0] ? bit_waitqueue+0x30/0x30 [ 91.866832][ C0] ? do_raw_spin_unlock+0x13b/0x8b0 [ 91.872022][ C0] ? shmem_free_in_core_inode+0xb0/0xb0 [ 91.877545][ C0] evict+0x2a4/0x620 [ 91.881436][ C0] __dentry_kill+0x436/0x650 [ 91.886005][ C0] dentry_kill+0xbb/0x290 [ 91.890330][ C0] ? dput+0x52/0x470 [ 91.894202][ C0] dput+0x21e/0x470 [ 91.897996][ C0] __fput+0x60d/0x910 [ 91.901973][ C0] task_work_run+0x24a/0x300 [ 91.906547][ C0] ? task_work_cancel+0x2b0/0x2b0 [ 91.911552][ C0] ? exit_to_user_mode_loop+0x39/0x100 [ 91.916996][ C0] exit_to_user_mode_loop+0xde/0x100 [ 91.922261][ C0] exit_to_user_mode_prepare+0xb1/0x140 [ 91.927793][ C0] syscall_exit_to_user_mode+0x64/0x280 [ 91.933325][ C0] do_syscall_64+0x4d/0xc0 [ 91.937725][ C0] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 91.943597][ C0] RIP: 0033:0x7efcc847de17 [ 91.948002][ C0] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 91.967606][ C0] RSP: 002b:00007fff37ab65f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 91.976003][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007efcc847de17 [ 91.983951][ C0] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007fff37ab66b0 [ 91.991903][ C0] RBP: 00007fff37ab66b0 R08: 0000000000000000 R09: 0000000000000000 [ 91.999891][ C0] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff37ab7770 [ 92.007851][ C0] R13: 00007efcc84c73b9 R14: 0000000000015ee0 R15: 0000000000000003 [ 92.015811][ C0] [ 92.019183][ C0] Kernel Offset: disabled [ 92.023492][ C0] Rebooting in 86400 seconds..