Warning: Permanently added '10.128.1.114' (ECDSA) to the list of known hosts. 2023/02/07 01:07:56 ignoring optional flag "sandboxArg"="0" 2023/02/07 01:07:56 parsed 1 programs 2023/02/07 01:07:56 executed programs: 0 [ 90.294928][ T4398] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.304387][ T4398] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.312660][ T4398] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.322387][ T4398] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.330134][ T4398] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 90.337964][ T4398] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.456150][ T5548] chnl_net:caif_netlink_parms(): no params data found [ 90.501074][ T5548] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.508332][ T5548] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.517032][ T5548] device bridge_slave_0 entered promiscuous mode [ 90.526341][ T5548] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.533505][ T5548] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.542353][ T5548] device bridge_slave_1 entered promiscuous mode [ 90.567414][ T5548] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.580512][ T5548] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.605693][ T5548] team0: Port device team_slave_0 added [ 90.614578][ T5548] team0: Port device team_slave_1 added [ 90.636127][ T5548] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.643652][ T5548] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.671212][ T5548] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.683948][ T5548] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.691145][ T5548] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.718082][ T5548] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.749318][ T5548] device hsr_slave_0 entered promiscuous mode [ 90.756667][ T5548] device hsr_slave_1 entered promiscuous mode [ 91.440794][ T5548] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.451709][ T5548] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.469342][ T5548] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.480345][ T5548] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.578330][ T5548] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.595140][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 91.603438][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 91.615620][ T5548] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.630136][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 91.640156][ T5093] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 91.650967][ T5093] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.658219][ T5093] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.677702][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 91.687729][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 91.698766][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 91.709688][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.716913][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.726829][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 91.753093][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 91.766411][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 91.777220][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 91.788540][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 91.797653][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 91.814288][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 91.823684][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 91.833365][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 91.842293][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 91.851516][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 91.863833][ T5548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 92.114736][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 92.122750][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 92.136290][ T5548] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.161814][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 92.173685][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 92.198936][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 92.209719][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 92.220843][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 92.229289][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 92.242057][ T5548] device veth0_vlan entered promiscuous mode [ 92.257671][ T5548] device veth1_vlan entered promiscuous mode [ 92.288059][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 92.298231][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 92.307095][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 92.316252][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 92.329290][ T5548] device veth0_macvtap entered promiscuous mode [ 92.342736][ T5548] device veth1_macvtap entered promiscuous mode [ 92.362990][ T5548] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.372609][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 92.382691][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 92.394385][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 92.403420][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 92.416980][ T5548] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.425604][ T4398] Bluetooth: hci0: command 0x0409 tx timeout [ 92.434059][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 92.443607][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 92.456907][ T5548] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.469442][ T5548] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.479250][ T5548] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.488449][ T5548] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.598515][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.612195][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.629411][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 92.645183][ T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.653508][ T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.665908][ T5096] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 92.734492][ T27] audit: type=1804 audit(1675732079.176:2): pid=5605 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir168808504/syzkaller.5Ws8RD/0/bus" dev="sda1" ino=1148 res=1 errno=0 [ 92.768168][ T27] audit: type=1800 audit(1675732079.206:3): pid=5605 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1148 res=0 errno=0 [ 92.917615][ T27] audit: type=1804 audit(1675732079.366:4): pid=5612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir168808504/syzkaller.5Ws8RD/1/bus" dev="sda1" ino=1148 res=1 errno=0 [ 92.945973][ T27] audit: type=1800 audit(1675732079.396:5): pid=5612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1148 res=0 errno=0 [ 93.082428][ T27] audit: type=1804 audit(1675732079.526:6): pid=5618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir168808504/syzkaller.5Ws8RD/2/bus" dev="sda1" ino=1148 res=1 errno=0 [ 93.110102][ T27] audit: type=1800 audit(1675732079.556:7): pid=5618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1148 res=0 errno=0 [ 93.250520][ T27] audit: type=1804 audit(1675732079.696:8): pid=5625 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir168808504/syzkaller.5Ws8RD/3/bus" dev="sda1" ino=1148 res=1 errno=0 [ 93.281637][ T27] audit: type=1800 audit(1675732079.696:9): pid=5625 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1148 res=0 errno=0 [ 93.405949][ T27] audit: type=1804 audit(1675732079.856:10): pid=5629 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir168808504/syzkaller.5Ws8RD/4/bus" dev="sda1" ino=1148 res=1 errno=0 [ 93.430950][ T27] audit: type=1800 audit(1675732079.856:11): pid=5629 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1148 res=0 errno=0 [ 94.494346][ T4398] Bluetooth: hci0: command 0x041b tx timeout 2023/02/07 01:08:01 executed programs: 20 [ 95.841503][ T5736] page:ffffea0000ab5f80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2ad7e [ 95.852250][ T5736] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 95.860964][ T5736] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 95.870114][ T5736] raw: 0000000000000000 ffff8880215e26c0 00000001ffffffff 0000000000000000 [ 95.879078][ T5736] page dumped because: VM_BUG_ON_PAGE(batch->nr > batch->max) [ 95.886921][ T5736] page_owner tracks the page as allocated [ 95.893190][ T5736] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), pid 5735, tgid 5735 (dhcpcd-run-hook), ts 95835553862, free_ts 95828221954 [ 95.912495][ T5736] get_page_from_freelist+0x11bb/0x2d50 [ 95.918766][ T5736] __alloc_pages+0x1cb/0x5c0 [ 95.926019][ T5736] alloc_pages+0x1aa/0x270 [ 95.939609][ T5736] pte_alloc_one+0x1a/0x230 [ 95.945663][ T5736] __pte_alloc+0x6d/0x260 [ 95.950277][ T5736] copy_page_range+0x15fe/0x3970 [ 95.955852][ T5736] dup_mmap+0xd33/0x1230 [ 95.960312][ T5736] copy_process+0x71ab/0x76b0 [ 95.965521][ T5736] kernel_clone+0xeb/0x9a0 [ 95.970164][ T5736] __do_sys_clone+0xba/0x100 [ 95.975817][ T5736] do_syscall_64+0x39/0xb0 [ 95.980474][ T5736] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 95.986932][ T5736] page last free stack trace: [ 95.991866][ T5736] free_pcp_prepare+0x4d0/0x910 [ 95.997511][ T5736] free_unref_page+0x1d/0x490 [ 96.002466][ T5736] __folio_put+0xc5/0x140 [ 96.007548][ T5736] generic_pipe_buf_release+0x23d/0x2b0 [ 96.013364][ T5736] iov_iter_revert.part.0+0x402/0x730 [ 96.019305][ T5736] iov_iter_revert+0x4c/0x60 [ 96.024994][ T5736] __iomap_dio_rw+0x16cb/0x1d80 [ 96.030029][ T5736] iomap_dio_rw+0x40/0xa0 [ 96.035474][ T5736] ext4_file_read_iter+0x4be/0x690 [ 96.040741][ T5736] generic_file_splice_read+0x182/0x4b0 [ 96.047792][ T5736] do_splice_to+0x1b9/0x240 [ 96.052731][ T5736] splice_direct_to_actor+0x2ab/0x8a0 [ 96.058377][ T5736] do_splice_direct+0x1ab/0x280 [ 96.063553][ T5736] do_sendfile+0xb19/0x12c0 [ 96.069326][ T5736] __x64_sys_sendfile64+0x1d0/0x210 [ 96.075087][ T5736] do_syscall_64+0x39/0xb0 [ 96.079867][ T5736] ------------[ cut here ]------------ [ 96.085531][ T5736] kernel BUG at mm/mmu_gather.c:143! [ 96.091792][ T5736] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 96.097988][ T5736] CPU: 0 PID: 5736 Comm: dhcpcd-run-hook Not tainted 6.2.0-rc6-next-20230203-syzkaller #0 [ 96.107988][ T5736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 96.118239][ T5736] RIP: 0010:__tlb_remove_page_size+0x25b/0x480 [ 96.124531][ T5736] Code: 0f 82 d6 fe ff ff e9 4e ff ff ff e8 9f 63 c1 ff 0f 0b e8 98 63 c1 ff 4c 89 f7 48 c7 c6 c0 77 58 8a 48 83 e7 fc e8 55 0b fa ff <0f> 0b e8 8e 66 10 00 e9 94 fe ff ff e8 84 66 10 00 e9 2b fe ff ff [ 96.144253][ T5736] RSP: 0018:ffffc90005207700 EFLAGS: 00010293 [ 96.150345][ T5736] RAX: 0000000000000000 RBX: ffffc900052079d0 RCX: 0000000000000000 [ 96.158377][ T5736] RDX: ffff888020ac3a80 RSI: ffffffff81c3071b RDI: 0000000000000000 [ 96.166443][ T5736] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffff8e751757 [ 96.174765][ T5736] R10: fffffbfff1cea2ea R11: 0000000000000001 R12: 0000000000000001 [ 96.182916][ T5736] R13: 0000000000000000 R14: ffffea0000ab5f80 R15: ffffc900052079f8 [ 96.191064][ T5736] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 96.200097][ T5736] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 96.206686][ T5736] CR2: 00007fb7e7115829 CR3: 0000000070a22000 CR4: 00000000003506f0 [ 96.214659][ T5736] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 96.222643][ T5736] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 96.230792][ T5736] Call Trace: [ 96.234068][ T5736] [ 96.237004][ T5736] tlb_remove_page+0x12/0x30 [ 96.241693][ T5736] ___pte_free_tlb+0x123/0x1a0 [ 96.246735][ T5736] free_pgd_range+0x497/0xbf0 [ 96.251429][ T5736] free_pgtables+0x2d6/0x420 [ 96.256221][ T5736] ? free_pgd_range+0xbf0/0xbf0 [ 96.261084][ T5736] ? down_write_killable_nested+0x250/0x250 [ 96.266992][ T5736] exit_mmap+0x1f3/0x7d0 [ 96.271280][ T5736] ? do_vma_munmap+0xa0/0xa0 [ 96.275900][ T5736] __mmput+0x128/0x4c0 [ 96.280111][ T5736] mmput+0x60/0x70 [ 96.283885][ T5736] begin_new_exec+0xf69/0x2e60 [ 96.288775][ T5736] ? kernel_read+0xcb/0x1c0 [ 96.293312][ T5736] load_elf_binary+0x801/0x4ff0 [ 96.298202][ T5736] ? find_held_lock+0x2d/0x110 [ 96.303067][ T5736] ? bprm_execve+0x7e2/0x1b00 [ 96.307782][ T5736] ? elf_map+0x320/0x320 [ 96.312059][ T5736] ? bprm_execve+0x80c/0x1b00 [ 96.316772][ T5736] ? lock_acquire+0x32/0xc0 [ 96.321295][ T5736] ? bprm_execve+0x80c/0x1b00 [ 96.325995][ T5736] bprm_execve+0x7fd/0x1b00 [ 96.330528][ T5736] ? open_exec+0x70/0x70 [ 96.334826][ T5736] do_execveat_common+0x72c/0x8e0 [ 96.340509][ T5736] ? copy_strings.isra.0+0x410/0x410 [ 96.345844][ T5736] ? getname_flags.part.0+0x1dd/0x4f0 [ 96.351331][ T5736] __x64_sys_execve+0x93/0xc0 [ 96.356053][ T5736] do_syscall_64+0x39/0xb0 [ 96.360836][ T5736] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 96.366753][ T5736] RIP: 0033:0x7f9716b02337 [ 96.371443][ T5736] Code: Unable to access opcode bytes at 0x7f9716b0230d. [ 96.378463][ T5736] RSP: 002b:00007ffd26cedb58 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 96.386980][ T5736] RAX: ffffffffffffffda RBX: 0000558ec09bde40 RCX: 00007f9716b02337 [ 96.395129][ T5736] RDX: 0000558ec09bde68 RSI: 0000558ec09bde40 RDI: 0000558ec09bdef8 [ 96.403195][ T5736] RBP: 0000558ec09bdef8 R08: 0000558ec09bdefd R09: 00007f9716cf4000 [ 96.411308][ T5736] R10: 00007f9716998800 R11: 0000000000000246 R12: 0000558ec09bde68 [ 96.419293][ T5736] R13: 00007f9716ca7ff4 R14: 0000558ec09bde68 R15: 0000000000000000 [ 96.427300][ T5736] [ 96.430317][ T5736] Modules linked in: [ 96.438205][ T5736] ---[ end trace 0000000000000000 ]--- [ 96.443905][ T5736] RIP: 0010:__tlb_remove_page_size+0x25b/0x480 [ 96.450479][ T5736] Code: 0f 82 d6 fe ff ff e9 4e ff ff ff e8 9f 63 c1 ff 0f 0b e8 98 63 c1 ff 4c 89 f7 48 c7 c6 c0 77 58 8a 48 83 e7 fc e8 55 0b fa ff <0f> 0b e8 8e 66 10 00 e9 94 fe ff ff e8 84 66 10 00 e9 2b fe ff ff [ 96.470588][ T5736] RSP: 0018:ffffc90005207700 EFLAGS: 00010293 [ 96.478125][ T5736] RAX: 0000000000000000 RBX: ffffc900052079d0 RCX: 0000000000000000 [ 96.486526][ T5736] RDX: ffff888020ac3a80 RSI: ffffffff81c3071b RDI: 0000000000000000 [ 96.495002][ T5736] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffff8e751757 [ 96.503098][ T5736] R10: fffffbfff1cea2ea R11: 0000000000000001 R12: 0000000000000001 [ 96.511233][ T5736] R13: 0000000000000000 R14: ffffea0000ab5f80 R15: ffffc900052079f8 [ 96.519651][ T5736] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 96.528922][ T5736] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 96.535789][ T5736] CR2: 00007fb7e7115829 CR3: 0000000070a22000 CR4: 00000000003506e0 [ 96.544111][ T5736] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 96.552386][ T5736] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 96.560584][ T5736] Kernel panic - not syncing: Fatal exception [ 96.567155][ T5736] Kernel Offset: disabled [ 96.571501][ T5736] Rebooting in 86400 seconds..