Warning: Permanently added '10.128.1.9' (ECDSA) to the list of known hosts. syzkaller login: [ 41.211856][ T48] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 41.214315][ T48] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 41.216788][ T48] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 41.219492][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 41.222234][ T5956] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 41.224448][ T5956] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 41.304174][ T5953] chnl_net:caif_netlink_parms(): no params data found [ 41.341856][ T5953] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.343851][ T5953] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.345836][ T5953] bridge_slave_0: entered allmulticast mode [ 41.347995][ T5953] bridge_slave_0: entered promiscuous mode [ 41.352033][ T5953] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.353830][ T5953] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.355732][ T5953] bridge_slave_1: entered allmulticast mode [ 41.357730][ T5953] bridge_slave_1: entered promiscuous mode [ 41.374266][ T5953] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 41.378286][ T5953] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 41.393362][ T5953] team0: Port device team_slave_0 added [ 41.396344][ T5953] team0: Port device team_slave_1 added [ 41.410214][ T5953] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 41.412197][ T5953] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 41.418831][ T5953] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 41.423561][ T5953] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 41.425378][ T5953] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 41.431976][ T5953] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 41.492531][ T5953] hsr_slave_0: entered promiscuous mode [ 41.530877][ T5953] hsr_slave_1: entered promiscuous mode [ 41.661473][ T5953] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 41.703271][ T5953] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 41.753858][ T5953] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 41.792887][ T5953] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 41.846248][ T5953] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.848199][ T5953] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.850391][ T5953] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.852381][ T5953] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.893040][ T5953] 8021q: adding VLAN 0 to HW filter on device bond0 [ 41.899765][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.904087][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.907301][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.910100][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 41.918873][ T5953] 8021q: adding VLAN 0 to HW filter on device team0 [ 41.925200][ T1523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.927651][ T1523] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.929579][ T1523] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.935395][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.938108][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.940018][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.954509][ T1523] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 41.957675][ T1523] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 41.964012][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 41.969955][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.978104][ T5953] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 41.982051][ T5953] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 41.984659][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.996373][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 41.998446][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 42.006273][ T5953] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 42.020849][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.034447][ T1523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.037111][ T1523] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.039479][ T1523] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.045676][ T5953] veth0_vlan: entered promiscuous mode [ 42.052138][ T5953] veth1_vlan: entered promiscuous mode [ 42.065879][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 42.068267][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 42.071544][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.076499][ T5953] veth0_macvtap: entered promiscuous mode [ 42.080476][ T5953] veth1_macvtap: entered promiscuous mode [ 42.094258][ T5953] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 42.096316][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.099463][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 42.105496][ T5953] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 42.107637][ T1523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.113347][ T5953] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.115634][ T5953] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.117905][ T5953] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 42.120133][ T5953] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 42.153083][ T5953] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5953 'syz-executor943' [ 42.186187][ T5953] loop0: detected capacity change from 0 to 4096 [ 42.191591][ T5953] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512) [ 42.221858][ T5953] FAULT_INJECTION: forcing a failure. [ 42.221858][ T5953] name failslab, interval 1, probability 0, space 0, times 1 [ 42.225219][ T5953] CPU: 1 PID: 5953 Comm: syz-executor943 Not tainted 6.3.0-rc1-syzkaller-gfe15c26ee26e #0 [ 42.227861][ T5953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 42.230462][ T5953] Call trace: [ 42.231324][ T5953] dump_backtrace+0x1c8/0x1f4 [ 42.232566][ T5953] show_stack+0x2c/0x3c [ 42.233662][ T5953] dump_stack_lvl+0xd0/0x124 [ 42.234837][ T5953] dump_stack+0x1c/0x28 [ 42.235945][ T5953] should_fail_ex+0x408/0x5d4 [ 42.237197][ T5953] __should_failslab+0xc8/0x128 [ 42.238461][ T5953] should_failslab+0x10/0x28 [ 42.239642][ T5953] __kmem_cache_alloc_node+0x80/0x388 [ 42.241054][ T5953] __kmalloc+0xc4/0x1c4 [ 42.242163][ T5953] mi_format_new+0xcc/0x514 [ 42.243331][ T5953] ntfs_new_inode+0x78/0x110 [ 42.244560][ T5953] ntfs_create_inode+0x4ac/0x2bfc [ 42.245869][ T5953] ntfs_atomic_open+0x388/0x4dc [ 42.247159][ T5953] path_openat+0xb10/0x2810 [ 42.248393][ T5953] do_filp_open+0x1bc/0x3cc [ 42.249571][ T5953] do_sys_openat2+0x128/0x3d8 [ 42.250758][ T5953] __arm64_sys_openat+0x1f0/0x240 [ 42.252027][ T5953] invoke_syscall+0x98/0x2c0 [ 42.253221][ T5953] el0_svc_common+0x138/0x258 [ 42.254397][ T5953] do_el0_svc+0x64/0x198 [ 42.255497][ T5953] el0_svc+0x58/0x168 [ 42.256550][ T5953] el0t_64_sync_handler+0x84/0xf0 [ 42.257883][ T5953] el0t_64_sync+0x190/0x194 [ 42.259920][ T5953] Unable to handle kernel paging request at virtual address dfff800000000002 [ 42.262760][ T5953] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] [ 42.264945][ T5953] Mem abort info: [ 42.265845][ T5953] ESR = 0x0000000096000006 [ 42.267007][ T5953] EC = 0x25: DABT (current EL), IL = 32 bits [ 42.268544][ T5953] SET = 0, FnV = 0 [ 42.269506][ T5953] EA = 0, S1PTW = 0 [ 42.270845][ T5953] FSC = 0x06: level 2 translation fault [ 42.272323][ T5953] Data abort info: [ 42.273297][ T5953] ISV = 0, ISS = 0x00000006 [ 42.274484][ T5953] CM = 0, WnR = 0 [ 42.275411][ T5953] [dfff800000000002] address between user and kernel address ranges [ 42.277507][ T5953] Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP [ 42.279339][ T5953] Modules linked in: [ 42.280332][ T5953] CPU: 1 PID: 5953 Comm: syz-executor943 Not tainted 6.3.0-rc1-syzkaller-gfe15c26ee26e #0 [ 42.282873][ T5953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 42.285437][ T5953] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 42.287403][ T5953] pc : ni_write_inode+0x178/0xfb8 [ 42.288687][ T5953] lr : ni_write_inode+0x144/0xfb8 [ 42.289969][ T5953] sp : ffff80001e327180 [ 42.291019][ T5953] x29: ffff80001e327290 x28: 1fffe000198a4c0a x27: ffff0000cc526050 [ 42.293099][ T5953] x26: ffff80001e327200 x25: 0000000000000016 x24: ffff0000e0e83b20 [ 42.295171][ T5953] x23: 0000000000000000 x22: dfff800000000000 x21: ffff0000cc526000 [ 42.297228][ T5953] x20: ffff0000e0e83d50 x19: ffff700003c64e3c x18: ffff80001e3268e0 [ 42.299330][ T5953] x17: 0000000000000000 x16: ffff80001246263c x15: 0000000000000000 [ 42.301389][ T5953] x14: 1ffff00002b9c0b2 x13: dfff800000000000 x12: 000000003726deaa [ 42.303458][ T5953] x11: ff808000096e8e30 x10: 0000000000000000 x9 : ffff0000e0e83b00 [ 42.305538][ T5953] x8 : 0000000000000002 x7 : ffff8000096e8e20 x6 : 0000000000000000 [ 42.307613][ T5953] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff8000128cfda0 [ 42.309629][ T5953] x2 : 0000000000000008 x1 : 0000000000000001 x0 : 0000000000000000 [ 42.311647][ T5953] Call trace: [ 42.312493][ T5953] ni_write_inode+0x178/0xfb8 [ 42.313744][ T5953] ntfs_evict_inode+0x70/0xc8 [ 42.314987][ T5953] evict+0x260/0x68c [ 42.315995][ T5953] iput+0x988/0xa6c [ 42.316967][ T5953] ntfs_new_inode+0x98/0x110 [ 42.318192][ T5953] ntfs_create_inode+0x4ac/0x2bfc [ 42.319456][ T5953] ntfs_atomic_open+0x388/0x4dc [ 42.320721][ T5953] path_openat+0xb10/0x2810 [ 42.321858][ T5953] do_filp_open+0x1bc/0x3cc [ 42.323009][ T5953] do_sys_openat2+0x128/0x3d8 [ 42.324212][ T5953] __arm64_sys_openat+0x1f0/0x240 [ 42.325520][ T5953] invoke_syscall+0x98/0x2c0 [ 42.326676][ T5953] el0_svc_common+0x138/0x258 [ 42.327890][ T5953] do_el0_svc+0x64/0x198 [ 42.328996][ T5953] el0_svc+0x58/0x168 [ 42.330040][ T5953] el0t_64_sync_handler+0x84/0xf0 [ 42.331381][ T5953] el0t_64_sync+0x190/0x194 [ 42.332529][ T5953] Code: d1094289 91005919 f9001fe9 d343ff28 (38f66908) [ 42.334258][ T5953] ---[ end trace 0000000000000000 ]--- [ 42.676844][ T5953] Kernel panic - not syncing: Oops: Fatal exception [ 42.678623][ T5953] SMP: stopping secondary CPUs [ 42.679848][ T5953] Kernel Offset: disabled [ 42.680924][ T5953] CPU features: 0x000000,20700402,32017203 [ 42.682389][ T5953] Memory Limit: none [ 43.003850][ T5953] Rebooting in 86400 seconds..