[ 49.876939][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.897139][ T9] device veth1_macvtap left promiscuous mode [ 49.903644][ T9] device veth0_macvtap left promiscuous mode [ 49.909837][ T9] device veth1_vlan left promiscuous mode [ 49.915903][ T9] device veth0_vlan left promiscuous mode [ 50.086812][ T9] team0 (unregistering): Port device team_slave_1 removed [ 50.100100][ T9] team0 (unregistering): Port device team_slave_0 removed [ 50.111346][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 50.124088][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 50.166401][ T9] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.0.114' (ECDSA) to the list of known hosts. 2022/10/03 12:05:47 ignoring optional flag "sandboxArg"="0" 2022/10/03 12:05:47 parsed 1 programs 2022/10/03 12:05:47 executed programs: 0 [ 67.716324][ T49] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.724132][ T49] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.731551][ T49] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.739931][ T49] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.747636][ T49] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 67.755183][ T49] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.829945][ T4069] chnl_net:caif_netlink_parms(): no params data found [ 67.863495][ T4069] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.870633][ T4069] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.878422][ T4069] device bridge_slave_0 entered promiscuous mode [ 67.886189][ T4069] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.893365][ T4069] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.901003][ T4069] device bridge_slave_1 entered promiscuous mode [ 67.919103][ T4069] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.929864][ T4069] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.949339][ T4069] team0: Port device team_slave_0 added [ 67.956661][ T4069] team0: Port device team_slave_1 added [ 67.971627][ T4069] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.978647][ T4069] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.004719][ T4069] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.017089][ T4069] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.024051][ T4069] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.050404][ T4069] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.075766][ T4069] device hsr_slave_0 entered promiscuous mode [ 68.082754][ T4069] device hsr_slave_1 entered promiscuous mode [ 68.810273][ T4069] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 68.819823][ T4069] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 68.829958][ T4069] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 68.839552][ T4069] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 68.909822][ T4069] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.931270][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 68.939858][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 68.951946][ T4069] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.962172][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 68.972534][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 68.980956][ T2933] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.988066][ T2933] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.997877][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 69.010529][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 69.020432][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 69.029051][ T3618] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.036172][ T3618] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.055745][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 69.066335][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 69.076803][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 69.086775][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.102864][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 69.110775][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.121061][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.130558][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 69.140172][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 69.149024][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 69.159034][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 69.169408][ T4069] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 69.283034][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 69.290514][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 69.302448][ T4069] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.321958][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 69.333376][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 69.354919][ T4069] device veth0_vlan entered promiscuous mode [ 69.362535][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 69.370812][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 69.386160][ T4069] device veth1_vlan entered promiscuous mode [ 69.395440][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 69.403828][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 69.411755][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 69.435170][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 69.444495][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 69.454165][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 69.463544][ T4069] device veth0_macvtap entered promiscuous mode [ 69.474676][ T4069] device veth1_macvtap entered promiscuous mode [ 69.490966][ T4069] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.498955][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 69.507977][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 69.516834][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 69.525545][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 69.537578][ T4069] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.546366][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 69.555689][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 69.566789][ T4069] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.577296][ T4069] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.586458][ T4069] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.596399][ T4069] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.700965][ T4157] loop0: detected capacity change from 0 to 8189 [ 69.713352][ T4157] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 69.730490][ T4157] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 69.755689][ T4157] ================================================================== [ 69.763788][ T4157] BUG: KASAN: slab-out-of-bounds in ntfs_trim_fs+0x84b/0x940 [ 69.771170][ T4157] Read of size 2 at addr ffff888024c13822 by task syz-executor.0/4157 [ 69.779329][ T4157] [ 69.781666][ T4157] CPU: 1 PID: 4157 Comm: syz-executor.0 Not tainted 6.0.0-rc7-syzkaller-00022-gd45da67caeda #0 [ 69.792000][ T4157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 69.802059][ T4157] Call Trace: [ 69.805348][ T4157] [ 69.808287][ T4157] dump_stack_lvl+0xcd/0x134 [ 69.812897][ T4157] print_report.cold+0x2ba/0x719 [ 69.813450][ T3616] Bluetooth: hci0: command 0x0409 tx timeout [ 69.817831][ T4157] ? ntfs_trim_fs+0x84b/0x940 [ 69.828522][ T4157] kasan_report+0xb1/0x1e0 [ 69.833127][ T4157] ? ntfs_trim_fs+0x84b/0x940 [ 69.837818][ T4157] ntfs_trim_fs+0x84b/0x940 [ 69.842338][ T4157] ntfs_ioctl_fitrim+0x23e/0x340 [ 69.847287][ T4157] ? ntfs_fiemap+0x120/0x120 [ 69.851886][ T4157] ? __fget_files+0x26a/0x440 [ 69.856574][ T4157] ntfs_ioctl+0x9c/0xd0 [ 69.860735][ T4157] ? ntfs_ioctl_fitrim+0x340/0x340 [ 69.865856][ T4157] __x64_sys_ioctl+0x193/0x200 [ 69.870626][ T4157] do_syscall_64+0x35/0xb0 [ 69.875054][ T4157] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 69.880959][ T4157] RIP: 0033:0x7fe42de8a669 [ 69.885375][ T4157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 69.905007][ T4157] RSP: 002b:00007fe42ef5c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 69.913442][ T4157] RAX: ffffffffffffffda RBX: 00007fe42dfabf80 RCX: 00007fe42de8a669 [ 69.921441][ T4157] RDX: 0000000020000000 RSI: 00000000c0185879 RDI: 0000000000000003 [ 69.929437][ T4157] RBP: 00007fe42dee5560 R08: 0000000000000000 R09: 0000000000000000 [ 69.937424][ T4157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.945407][ T4157] R13: 00007ffc90a082ff R14: 00007fe42ef5c300 R15: 0000000000022000 [ 69.953398][ T4157] [ 69.956428][ T4157] [ 69.958763][ T4157] Allocated by task 4157: [ 69.963092][ T4157] kasan_save_stack+0x1e/0x40 [ 69.967784][ T4157] __kasan_kmalloc+0xa9/0xd0 [ 69.972469][ T4157] wnd_init+0x2fb/0x460 [ 69.976641][ T4157] ntfs_fill_super+0x279d/0x39b0 [ 69.981593][ T4157] get_tree_bdev+0x440/0x760 [ 69.986196][ T4157] vfs_get_tree+0x89/0x2f0 [ 69.990620][ T4157] path_mount+0x1326/0x1e20 [ 69.995134][ T4157] __x64_sys_mount+0x27f/0x300 [ 69.999916][ T4157] do_syscall_64+0x35/0xb0 [ 70.004335][ T4157] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.010239][ T4157] [ 70.012565][ T4157] The buggy address belongs to the object at ffff888024c13820 [ 70.012565][ T4157] which belongs to the cache kmalloc-8 of size 8 [ 70.026276][ T4157] The buggy address is located 2 bytes inside of [ 70.026276][ T4157] 8-byte region [ffff888024c13820, ffff888024c13828) [ 70.039212][ T4157] [ 70.041536][ T4157] The buggy address belongs to the physical page: [ 70.047947][ T4157] page:ffffea00009304c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24c13 [ 70.058096][ T4157] flags: 0xfff00000000200(slab|node=0|zone=1|lastcpupid=0x7ff) [ 70.065654][ T4157] raw: 00fff00000000200 0000000000000000 dead000000000001 ffff888011841280 [ 70.074254][ T4157] raw: 0000000000000000 0000000080660066 00000001ffffffff 0000000000000000 [ 70.082838][ T4157] page dumped because: kasan: bad access detected [ 70.089245][ T4157] page_owner tracks the page as allocated [ 70.094959][ T4157] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, tgid 1 (swapper/0), ts 8380516960, free_ts 0 [ 70.111555][ T4157] get_page_from_freelist+0x109b/0x2ce0 [ 70.117113][ T4157] __alloc_pages+0x1c7/0x510 [ 70.121710][ T4157] alloc_page_interleave+0x1e/0x200 [ 70.126910][ T4157] alloc_pages+0x22f/0x270 [ 70.131328][ T4157] allocate_slab+0x27e/0x3d0 [ 70.136098][ T4157] ___slab_alloc+0x7f1/0xe10 [ 70.140707][ T4157] __slab_alloc.constprop.0+0x4d/0xa0 [ 70.146264][ T4157] __kmalloc_track_caller+0x325/0x340 [ 70.151639][ T4157] kstrdup+0x36/0x70 [ 70.155544][ T4157] kstrdup_const+0x53/0x80 [ 70.160063][ T4157] __kernfs_new_node+0x9d/0x8b0 [ 70.164928][ T4157] kernfs_new_node+0x93/0x120 [ 70.169612][ T4157] kernfs_create_link+0xcb/0x230 [ 70.174556][ T4157] sysfs_do_create_link_sd+0x90/0x140 [ 70.179934][ T4157] sysfs_create_link+0x5f/0xc0 [ 70.184706][ T4157] bus_add_device+0x16a/0x5a0 [ 70.189389][ T4157] page_owner free stack trace missing [ 70.194748][ T4157] [ 70.197065][ T4157] Memory state around the buggy address: [ 70.202694][ T4157] ffff888024c13700: fc 07 fc fc fc fc 05 fc fc fc fc 07 fc fc fc fc [ 70.210769][ T4157] ffff888024c13780: 00 fc fc fc fc 07 fc fc fc fc 00 fc fc fc fc 00 [ 70.218837][ T4157] >ffff888024c13800: fc fc fc fc 02 fc fc fc fc 00 fc fc fc fc 06 fc [ 70.226899][ T4157] ^ [ 70.232004][ T4157] ffff888024c13880: fc fc fc 07 fc fc fc fc fb fc fc fc fc 00 fc fc [ 70.240074][ T4157] ffff888024c13900: fc fc 00 fc fc fc fc 06 fc fc fc fc 07 fc fc fc [ 70.248148][ T4157] ================================================================== [ 70.266647][ T4157] Kernel panic - not syncing: panic_on_warn set ... [ 70.273248][ T4157] CPU: 1 PID: 4157 Comm: syz-executor.0 Not tainted 6.0.0-rc7-syzkaller-00022-gd45da67caeda #0 [ 70.283594][ T4157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 70.293666][ T4157] Call Trace: [ 70.296948][ T4157] [ 70.299884][ T4157] dump_stack_lvl+0xcd/0x134 [ 70.304508][ T4157] panic+0x2c8/0x627 [ 70.308422][ T4157] ? panic_print_sys_info.part.0+0x10b/0x10b [ 70.314416][ T4157] ? preempt_schedule_common+0x59/0xc0 [ 70.319886][ T4157] ? preempt_schedule_thunk+0x16/0x18 [ 70.325282][ T4157] ? ntfs_trim_fs+0x84b/0x940 [ 70.329975][ T4157] end_report.part.0+0x3f/0x7c [ 70.334755][ T4157] kasan_report.cold+0xa/0xf [ 70.339360][ T4157] ? ntfs_trim_fs+0x84b/0x940 [ 70.344049][ T4157] ntfs_trim_fs+0x84b/0x940 [ 70.348568][ T4157] ntfs_ioctl_fitrim+0x23e/0x340 [ 70.353519][ T4157] ? ntfs_fiemap+0x120/0x120 [ 70.358122][ T4157] ? __fget_files+0x26a/0x440 [ 70.362983][ T4157] ntfs_ioctl+0x9c/0xd0 [ 70.367145][ T4157] ? ntfs_ioctl_fitrim+0x340/0x340 [ 70.372272][ T4157] __x64_sys_ioctl+0x193/0x200 [ 70.377034][ T4157] do_syscall_64+0x35/0xb0 [ 70.381443][ T4157] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 70.387325][ T4157] RIP: 0033:0x7fe42de8a669 [ 70.391727][ T4157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 70.411329][ T4157] RSP: 002b:00007fe42ef5c168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 70.419823][ T4157] RAX: ffffffffffffffda RBX: 00007fe42dfabf80 RCX: 00007fe42de8a669 [ 70.427790][ T4157] RDX: 0000000020000000 RSI: 00000000c0185879 RDI: 0000000000000003 [ 70.435749][ T4157] RBP: 00007fe42dee5560 R08: 0000000000000000 R09: 0000000000000000 [ 70.443794][ T4157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.451753][ T4157] R13: 00007ffc90a082ff R14: 00007fe42ef5c300 R15: 0000000000022000 [ 70.459744][ T4157] [ 70.463630][ T4157] Kernel Offset: disabled [ 70.468119][ T4157] Rebooting in 86400 seconds..