DUID 00:04:19:c0:d1:0e:d7:c0:27:6c:e7:df:2b:fb:70:54:6d:6b
forked to background, child pid 3214
[ 27.941203][ T3215] 8021q: adding VLAN 0 to HW filter on device bond0
[ 27.950524][ T3215] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.183' (ECDSA) to the list of known hosts.
syzkaller login: [ 53.567532][ T3544] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 53.575660][ T3546] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 53.583079][ T3546] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 53.591836][ T3546] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 53.599260][ T3546] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 53.606808][ T3546] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 53.682831][ T3542] chnl_net:caif_netlink_parms(): no params data found
[ 53.720675][ T3542] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.729186][ T3542] bridge0: port 1(bridge_slave_0) entered disabled state
[ 53.737229][ T3542] device bridge_slave_0 entered promiscuous mode
[ 53.746067][ T3542] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.753339][ T3542] bridge0: port 2(bridge_slave_1) entered disabled state
[ 53.760942][ T3542] device bridge_slave_1 entered promiscuous mode
[ 53.780235][ T3542] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 53.790724][ T3542] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 53.811823][ T3542] team0: Port device team_slave_0 added
[ 53.818593][ T3542] team0: Port device team_slave_1 added
[ 53.834126][ T3542] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 53.841168][ T3542] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 53.867342][ T3542] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 53.879407][ T3542] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 53.886475][ T3542] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 53.912928][ T3542] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 53.940119][ T3542] device hsr_slave_0 entered promiscuous mode
[ 53.946988][ T3542] device hsr_slave_1 entered promiscuous mode
[ 54.020185][ T3542] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 54.029809][ T3542] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 54.038855][ T3542] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 54.047271][ T3542] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 54.065904][ T3542] bridge0: port 2(bridge_slave_1) entered blocking state
[ 54.073051][ T3542] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 54.080599][ T3542] bridge0: port 1(bridge_slave_0) entered blocking state
[ 54.087814][ T3542] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 54.126834][ T3542] 8021q: adding VLAN 0 to HW filter on device bond0
[ 54.139604][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 54.149214][ T26] bridge0: port 1(bridge_slave_0) entered disabled state
[ 54.158559][ T26] bridge0: port 2(bridge_slave_1) entered disabled state
[ 54.166510][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 54.178598][ T3542] 8021q: adding VLAN 0 to HW filter on device team0
[ 54.188713][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 54.197852][ T7] bridge0: port 1(bridge_slave_0) entered blocking state
[ 54.204955][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 54.223024][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 54.231993][ T7] bridge0: port 2(bridge_slave_1) entered blocking state
[ 54.239053][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 54.248770][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 54.265259][ T3542] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 54.276159][ T3542] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 54.290094][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 54.298227][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 54.306559][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 54.315112][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 54.323397][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 54.342087][ T3542] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 54.349057][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 54.356833][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 54.381985][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 54.390556][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 54.399246][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 54.407400][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 54.417297][ T3542] device veth0_vlan entered promiscuous mode
[ 54.427371][ T3542] device veth1_vlan entered promiscuous mode
[ 54.443981][ T3553] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 54.452585][ T3553] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 54.460514][ T3553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 54.473313][ T3542] device veth0_macvtap entered promiscuous mode
[ 54.482013][ T3542] device veth1_macvtap entered promiscuous mode
[ 54.497546][ T3542] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 54.504948][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 54.514164][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 54.524783][ T3542] batman_adv: batadv0: Interface activated: batadv_slave_1
executing program
[ 54.532833][ T150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 54.543250][ T3542] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 54.552847][ T3542] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 54.561636][ T3542] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 54.570318][ T3542] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 54.623637][ T3542] loop0: detected capacity change from 0 to 4096
[ 54.649931][ T3542] ntfs: volume version 3.1.
[ 54.658236][ T3542] ==================================================================
[ 54.666285][ T3542] BUG: KASAN: use-after-free in ntfs_lookup_inode_by_name+0xe82/0x2ca0
[ 54.674516][ T3542] Read of size 8 at addr ffff8880bff1c55a by task syz-executor268/3542
[ 54.682729][ T3542]
[ 54.685032][ T3542] CPU: 0 PID: 3542 Comm: syz-executor268 Not tainted 6.1.33-syzkaller #0
[ 54.693417][ T3542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 54.703449][ T3542] Call Trace:
[ 54.706707][ T3542]
[ 54.709616][ T3542] dump_stack_lvl+0x1e3/0x2cb
[ 54.714302][ T3542] ? nf_tcp_handle_invalid+0x642/0x642
[ 54.719761][ T3542] ? panic+0x75d/0x75d
[ 54.723818][ T3542] ? _printk+0xd1/0x111
[ 54.727959][ T3542] ? _raw_spin_lock_irqsave+0xac/0x120
[ 54.733404][ T3542] print_report+0x15f/0x4f0
[ 54.737898][ T3542] ? __virt_addr_valid+0x22b/0x2e0
[ 54.743001][ T3542] ? __phys_addr+0xb6/0x170
[ 54.747500][ T3542] ? ntfs_lookup_inode_by_name+0xe82/0x2ca0
[ 54.753378][ T3542] kasan_report+0x136/0x160
[ 54.757868][ T3542] ? ntfs_attr_reinit_search_ctx+0x2e0/0x2e0
[ 54.763836][ T3542] ? ntfs_lookup_inode_by_name+0xe82/0x2ca0
[ 54.769808][ T3542] ntfs_lookup_inode_by_name+0xe82/0x2ca0
[ 54.775520][ T3542] ? rwsem_write_trylock+0x166/0x210
[ 54.780793][ T3542] ? __rwlock_init+0x140/0x140
[ 54.785547][ T3542] ? clear_nonspinnable+0x60/0x60
[ 54.790561][ T3542] check_windows_hibernation_status+0xec/0x4c0
[ 54.796700][ T3542] ? load_and_check_logfile+0xd0/0xd0
[ 54.802056][ T3542] ? load_system_files+0x3515/0x4830
[ 54.807324][ T3542] ? rcu_is_watching+0x11/0xb0
[ 54.812076][ T3542] load_system_files+0x35d7/0x4830
[ 54.817173][ T3542] ? ntfs_setup_allocators+0x2d0/0x2d0
[ 54.822615][ T3542] ? free_vm_area+0x50/0x50
[ 54.827106][ T3542] ? generate_default_upcase+0x8e9/0x930
[ 54.832721][ T3542] ntfs_fill_super+0x19b0/0x2bd0
[ 54.837649][ T3542] mount_bdev+0x2c9/0x3f0
[ 54.841968][ T3542] ? ntfs_mount+0x40/0x40
[ 54.846279][ T3542] legacy_get_tree+0xeb/0x180
[ 54.850947][ T3542] ? ntfs_rl_punch_nolock+0x15b0/0x15b0
[ 54.856476][ T3542] vfs_get_tree+0x88/0x270
[ 54.860885][ T3542] do_new_mount+0x28b/0xae0
[ 54.865379][ T3542] ? do_move_mount_old+0x160/0x160
[ 54.870483][ T3542] ? user_path_at_empty+0x12b/0x180
[ 54.875667][ T3542] __se_sys_mount+0x2d5/0x3c0
[ 54.880336][ T3542] ? __x64_sys_mount+0xc0/0xc0
[ 54.885085][ T3542] ? syscall_enter_from_user_mode+0x2e/0x220
[ 54.891054][ T3542] ? lockdep_hardirqs_on+0x94/0x130
[ 54.896239][ T3542] ? __x64_sys_mount+0x1c/0xc0
[ 54.900995][ T3542] do_syscall_64+0x3d/0xb0
[ 54.905400][ T3542] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 54.911278][ T3542] RIP: 0033:0x7f5b0cd85faa
[ 54.915679][ T3542] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 f8 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 54.935266][ T3542] RSP: 002b:00007ffc14cded58 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 54.943663][ T3542] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5b0cd85faa
[ 54.951619][ T3542] RDX: 000000002001ec80 RSI: 000000002001ecc0 RDI: 00007ffc14cded70
[ 54.959575][ T3542] RBP: 00007ffc14cded70 R08: 00007ffc14cdedb0 R09: 000000000001ec63
[ 54.967528][ T3542] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
[ 54.975485][ T3542] R13: 000055555741d3b8 R14: 0000000000000000 R15: 00007ffc14cdedb0
[ 54.983447][ T3542]
[ 54.986454][ T3542]
[ 54.988761][ T3542] The buggy address belongs to the physical page:
[ 54.995147][ T3542] page:ffffea0002ffc700 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0xbff1c
[ 55.005279][ T3542] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 55.012374][ T3542] raw: 00fff00000000000 ffffea0001c34848 ffffea0001225848 0000000000000000
[ 55.020942][ T3542] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 55.029502][ T3542] page dumped because: kasan: bad access detected
[ 55.035890][ T3542] page_owner tracks the page as freed
[ 55.041237][ T3542] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 3535, tgid 3535 (sshd), ts 47612014875, free_ts 48149742640
[ 55.058232][ T3542] post_alloc_hook+0x18d/0x1b0
[ 55.062990][ T3542] get_page_from_freelist+0x32ed/0x3480
[ 55.068525][ T3542] __alloc_pages+0x28d/0x770
[ 55.073094][ T3542] __folio_alloc+0xf/0x30
[ 55.077405][ T3542] vma_alloc_folio+0x486/0x990
[ 55.082156][ T3542] handle_mm_fault+0x2109/0x5330
[ 55.087074][ T3542] exc_page_fault+0x58d/0x790
[ 55.091737][ T3542] asm_exc_page_fault+0x22/0x30
[ 55.096569][ T3542] page last free stack trace:
[ 55.101220][ T3542] free_unref_page_prepare+0xf63/0x1120
[ 55.106752][ T3542] free_unref_page_list+0x107/0x810
[ 55.111938][ T3542] release_pages+0x2836/0x2b40
[ 55.116689][ T3542] tlb_flush_mmu+0xfc/0x210
[ 55.121179][ T3542] tlb_finish_mmu+0xce/0x1f0
[ 55.125755][ T3542] exit_mmap+0x3c3/0x9f0
[ 55.129982][ T3542] __mmput+0x115/0x3c0
[ 55.134039][ T3542] exit_mm+0x226/0x300
[ 55.138095][ T3542] do_exit+0x67e/0x2300
[ 55.142236][ T3542] do_group_exit+0x202/0x2b0
[ 55.146813][ T3542] __x64_sys_exit_group+0x3b/0x40
[ 55.151821][ T3542] do_syscall_64+0x3d/0xb0
[ 55.156223][ T3542] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.162100][ T3542]
[ 55.164408][ T3542] Memory state around the buggy address:
[ 55.170015][ T3542] ffff8880bff1c400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 55.178055][ T3542] ffff8880bff1c480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 55.186094][ T3542] >ffff8880bff1c500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 55.194131][ T3542] ^
[ 55.201041][ T3542] ffff8880bff1c580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 55.209080][ T3542] ffff8880bff1c600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 55.217117][ T3542] ==================================================================
[ 55.230104][ T3542] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 55.237312][ T3542] CPU: 1 PID: 3542 Comm: syz-executor268 Not tainted 6.1.33-syzkaller #0
[ 55.245726][ T3542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023
[ 55.255785][ T3542] Call Trace:
[ 55.259065][ T3542]
[ 55.261994][ T3542] dump_stack_lvl+0x1e3/0x2cb
[ 55.266663][ T3542] ? nf_tcp_handle_invalid+0x642/0x642
[ 55.272108][ T3542] ? panic+0x75d/0x75d
[ 55.276164][ T3542] ? preempt_schedule_common+0xa6/0xd0
[ 55.281615][ T3542] ? vscnprintf+0x59/0x80
[ 55.285933][ T3542] panic+0x318/0x75d
[ 55.289820][ T3542] ? check_panic_on_warn+0x1d/0xa0
[ 55.294921][ T3542] ? memcpy_page_flushcache+0xfc/0xfc
[ 55.300286][ T3542] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 55.306257][ T3542] ? _raw_spin_unlock+0x40/0x40
[ 55.311090][ T3542] check_panic_on_warn+0x7e/0xa0
[ 55.316012][ T3542] ? ntfs_lookup_inode_by_name+0xe82/0x2ca0
[ 55.321892][ T3542] end_report+0x66/0x110
[ 55.326126][ T3542] kasan_report+0x143/0x160
[ 55.330620][ T3542] ? ntfs_attr_reinit_search_ctx+0x2e0/0x2e0
[ 55.336587][ T3542] ? ntfs_lookup_inode_by_name+0xe82/0x2ca0
[ 55.342469][ T3542] ntfs_lookup_inode_by_name+0xe82/0x2ca0
[ 55.348179][ T3542] ? rwsem_write_trylock+0x166/0x210
[ 55.353454][ T3542] ? __rwlock_init+0x140/0x140
[ 55.358204][ T3542] ? clear_nonspinnable+0x60/0x60
[ 55.363221][ T3542] check_windows_hibernation_status+0xec/0x4c0
[ 55.369358][ T3542] ? load_and_check_logfile+0xd0/0xd0
[ 55.374712][ T3542] ? load_system_files+0x3515/0x4830
[ 55.379980][ T3542] ? rcu_is_watching+0x11/0xb0
[ 55.384743][ T3542] load_system_files+0x35d7/0x4830
[ 55.389842][ T3542] ? ntfs_setup_allocators+0x2d0/0x2d0
[ 55.395284][ T3542] ? free_vm_area+0x50/0x50
[ 55.399777][ T3542] ? generate_default_upcase+0x8e9/0x930
[ 55.405392][ T3542] ntfs_fill_super+0x19b0/0x2bd0
[ 55.410320][ T3542] mount_bdev+0x2c9/0x3f0
[ 55.414636][ T3542] ? ntfs_mount+0x40/0x40
[ 55.418951][ T3542] legacy_get_tree+0xeb/0x180
[ 55.423621][ T3542] ? ntfs_rl_punch_nolock+0x15b0/0x15b0
[ 55.429148][ T3542] vfs_get_tree+0x88/0x270
[ 55.433574][ T3542] do_new_mount+0x28b/0xae0
[ 55.438090][ T3542] ? do_move_mount_old+0x160/0x160
[ 55.443205][ T3542] ? user_path_at_empty+0x12b/0x180
[ 55.448396][ T3542] __se_sys_mount+0x2d5/0x3c0
[ 55.453071][ T3542] ? __x64_sys_mount+0xc0/0xc0
[ 55.457832][ T3542] ? syscall_enter_from_user_mode+0x2e/0x220
[ 55.463814][ T3542] ? lockdep_hardirqs_on+0x94/0x130
[ 55.469005][ T3542] ? __x64_sys_mount+0x1c/0xc0
[ 55.473765][ T3542] do_syscall_64+0x3d/0xb0
[ 55.478258][ T3542] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 55.484137][ T3542] RIP: 0033:0x7f5b0cd85faa
[ 55.488537][ T3542] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 f8 03 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 55.508125][ T3542] RSP: 002b:00007ffc14cded58 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5
[ 55.516526][ T3542] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f5b0cd85faa
[ 55.524483][ T3542] RDX: 000000002001ec80 RSI: 000000002001ecc0 RDI: 00007ffc14cded70
[ 55.532443][ T3542] RBP: 00007ffc14cded70 R08: 00007ffc14cdedb0 R09: 000000000001ec63
[ 55.540400][ T3542] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000004
[ 55.548362][ T3542] R13: 000055555741d3b8 R14: 0000000000000000 R15: 00007ffc14cdedb0
[ 55.556322][ T3542]
[ 55.559490][ T3542] Kernel Offset: disabled
[ 55.563804][ T3542] Rebooting in 86400 seconds..