Warning: Permanently added '10.128.0.78' (ED25519) to the list of known hosts. [ 35.467402][ T4235] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 35.469937][ T4235] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 35.472530][ T4235] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 35.475003][ T4235] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 35.477209][ T4235] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 35.479367][ T4235] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 35.551432][ T4230] chnl_net:caif_netlink_parms(): no params data found [ 35.584464][ T4230] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.586212][ T4230] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.588661][ T4230] device bridge_slave_0 entered promiscuous mode [ 35.593612][ T4230] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.595474][ T4230] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.597760][ T4230] device bridge_slave_1 entered promiscuous mode [ 35.611911][ T4230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 35.615832][ T4230] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 35.629212][ T4230] team0: Port device team_slave_0 added [ 35.632174][ T4230] team0: Port device team_slave_1 added [ 35.642796][ T4230] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 35.644430][ T4230] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.650808][ T4230] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 35.654997][ T4230] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 35.656779][ T4230] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 35.663381][ T4230] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 35.721845][ T4230] device hsr_slave_0 entered promiscuous mode [ 35.760402][ T4230] device hsr_slave_1 entered promiscuous mode [ 35.882734][ T4230] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 35.931929][ T4230] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 35.983292][ T4230] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 36.031789][ T4230] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 36.085525][ T4230] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.087465][ T4230] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.089624][ T4230] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.091421][ T4230] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.128180][ T4230] 8021q: adding VLAN 0 to HW filter on device bond0 [ 36.134644][ T110] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 36.138250][ T110] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.142216][ T110] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.144904][ T110] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 36.152308][ T4230] 8021q: adding VLAN 0 to HW filter on device team0 [ 36.162953][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 36.165193][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.166930][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.169051][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 36.171732][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.173469][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.182516][ T110] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 36.185179][ T110] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 36.189146][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 36.198362][ T110] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 36.201380][ T110] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 36.204335][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 36.215330][ T110] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 36.217329][ T110] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 36.223886][ T4230] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 36.234855][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 36.247737][ T110] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 36.251508][ T110] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 36.253895][ T110] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 36.257585][ T4230] device veth0_vlan entered promiscuous mode [ 36.264886][ T4230] device veth1_vlan entered promiscuous mode [ 36.278946][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 36.281463][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 36.283890][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 36.287815][ T4230] device veth0_macvtap entered promiscuous mode [ 36.293408][ T4230] device veth1_macvtap entered promiscuous mode [ 36.302886][ T4230] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 36.304804][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 36.308236][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 36.314176][ T4230] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 36.316335][ T110] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 36.321820][ T4230] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.323918][ T4230] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.326095][ T4230] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.328300][ T4230] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 36.367422][ T1770] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.369548][ T1770] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.376383][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 36.387014][ T1770] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 36.389172][ T1770] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 36.392476][ T4243] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready executing program [ 36.425643][ T4230] loop0: detected capacity change from 0 to 4096 [ 36.428115][ T4230] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 36.442847][ T4230] ntfs: volume version 3.1. [ 36.452213][ T4230] ================================================================== [ 36.454221][ T4230] BUG: KASAN: use-after-free in ntfs_perform_write+0x4288/0x6ef4 [ 36.456150][ T4230] Write of size 1 at addr ffff0000e29d8170 by task syz-executor309/4230 [ 36.458125][ T4230] [ 36.458746][ T4230] CPU: 1 PID: 4230 Comm: syz-executor309 Not tainted 6.1.70-syzkaller #0 [ 36.460663][ T4230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 36.463290][ T4230] Call trace: [ 36.464092][ T4230] dump_backtrace+0x1c8/0x1f4 [ 36.465226][ T4230] show_stack+0x2c/0x3c [ 36.466232][ T4230] dump_stack_lvl+0x108/0x170 [ 36.467373][ T4230] print_report+0x174/0x4c0 [ 36.468419][ T4230] kasan_report+0xd4/0x130 [ 36.469560][ T4230] kasan_check_range+0x264/0x2a4 [ 36.470757][ T4230] memcpy+0x60/0x90 [ 36.471751][ T4230] ntfs_perform_write+0x4288/0x6ef4 [ 36.473077][ T4230] ntfs_file_write_iter+0xf78/0x17b0 [ 36.474390][ T4230] vfs_write+0x610/0x914 [ 36.475517][ T4230] ksys_write+0x15c/0x26c [ 36.476602][ T4230] __arm64_sys_write+0x7c/0x90 [ 36.477722][ T4230] invoke_syscall+0x98/0x2c0 [ 36.478845][ T4230] el0_svc_common+0x138/0x258 [ 36.480049][ T4230] do_el0_svc+0x64/0x218 [ 36.481043][ T4230] el0_svc+0x58/0x168 [ 36.482025][ T4230] el0t_64_sync_handler+0x84/0xf0 [ 36.483270][ T4230] el0t_64_sync+0x18c/0x190 [ 36.484343][ T4230] [ 36.484974][ T4230] The buggy address belongs to the physical page: [ 36.486603][ T4230] page:00000000689effa6 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1229d8 [ 36.489036][ T4230] flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 36.490859][ T4230] raw: 05ffc00000000000 fffffc00038a7648 fffffc00038a75c8 0000000000000000 [ 36.493078][ T4230] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 36.495106][ T4230] page dumped because: kasan: bad access detected [ 36.496612][ T4230] [ 36.497178][ T4230] Memory state around the buggy address: [ 36.498452][ T4230] ffff0000e29d8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.500457][ T4230] ffff0000e29d8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.502438][ T4230] >ffff0000e29d8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.504413][ T4230] ^ [ 36.506315][ T4230] ffff0000e29d8180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.508447][ T4230] ffff0000e29d8200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.510352][ T4230] ================================================================== [ 36.512653][ T4230] Disabling lock debugging due to kernel taint