Warning: Permanently added '10.128.0.224' (ED25519) to the list of known hosts. [ 98.031504][ T4251] cgroup: Unknown subsys name 'net' [ 98.177666][ T4251] cgroup: Unknown subsys name 'rlimit' [ 98.384620][ T4253] chnl_net:caif_netlink_parms(): no params data found [ 98.434054][ T4253] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.441282][ T4253] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.449652][ T4253] device bridge_slave_0 entered promiscuous mode [ 98.459453][ T4253] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.466739][ T4253] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.475047][ T4253] device bridge_slave_1 entered promiscuous mode [ 98.501335][ T4253] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.513091][ T4253] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 98.538607][ T4253] team0: Port device team_slave_0 added [ 98.546222][ T4253] team0: Port device team_slave_1 added [ 98.565794][ T4253] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 98.572885][ T4253] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.598807][ T4253] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 98.612046][ T4253] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 98.619005][ T4253] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 98.645159][ T4253] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 98.678335][ T4253] device hsr_slave_0 entered promiscuous mode [ 98.685206][ T4253] device hsr_slave_1 entered promiscuous mode [ 98.784318][ T4253] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 98.794573][ T4253] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 98.804290][ T4253] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 98.814201][ T4253] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 98.837233][ T4253] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.844579][ T4253] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.852439][ T4253] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.859556][ T4253] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.909993][ T4253] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.923831][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 98.934307][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.943842][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.952585][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 98.967177][ T4253] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.980825][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 98.989414][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.996543][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.008416][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 99.017560][ T75] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.024714][ T75] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.046652][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 99.055329][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 99.067677][ T32] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 99.080034][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 99.093682][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 99.104639][ T4253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 99.123214][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 99.130876][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 99.145263][ T4253] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.164730][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 99.185962][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 99.194559][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 99.203344][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 99.216193][ T4253] device veth0_vlan entered promiscuous mode [ 99.228052][ T4253] device veth1_vlan entered promiscuous mode [ 99.248969][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 99.257286][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 99.265844][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 99.277491][ T4253] device veth0_macvtap entered promiscuous mode [ 99.287863][ T4253] device veth1_macvtap entered promiscuous mode [ 99.307256][ T4253] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.314778][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 99.325238][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 99.336982][ T4253] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.344641][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 99.355625][ T4253] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.365698][ T4253] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.374956][ T4253] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.384284][ T4253] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.454041][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.468909][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.482344][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 99.491898][ T4261] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 executing program [ 99.499854][ T4261] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.508363][ T4261] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 99.563045][ T4263] loop0: detected capacity change from 0 to 128 [ 99.576251][ T4263] VFS: Found a Xenix FS (block size = 1024) on device loop0 [ 99.587687][ T4263] syz-executor400: attempt to access beyond end of device [ 99.587687][ T4263] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128 [ 99.603369][ T4263] Buffer I/O error on dev loop0, logical block 3245768, async page read [ 99.615038][ T4263] unable to read i-node block [ 99.619977][ T4263] sysv_new_block: new block -54264 is not in data zone [ 99.627939][ T4263] sysv_free_inode: unable to read inode block on device loop0 [ 99.649282][ T4253] sysv_free_block: flc_count > flc_size [ 99.655453][ T4253] sysv_free_block: flc_count > flc_size executing program [ 99.661519][ T4253] sysv_free_block: flc_count > flc_size [ 99.667085][ T4253] sysv_free_block: flc_count > flc_size [ 99.673418][ T4253] sysv_free_block: flc_count > flc_size [ 99.678962][ T4253] sysv_free_block: flc_count > flc_size [ 99.684921][ T4253] sysv_free_block: flc_count > flc_size [ 99.690775][ T4253] sysv_free_block: flc_count > flc_size [ 99.696355][ T4253] sysv_free_block: flc_count > flc_size [ 99.701973][ T4253] sysv_free_block: flc_count > flc_size [ 99.708405][ T4253] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 99.735589][ T4265] loop0: detected capacity change from 0 to 128 [ 99.744502][ T4265] VFS: Found a Xenix FS (block size = 1024) on device loop0 [ 99.753512][ T4265] syz-executor400: attempt to access beyond end of device [ 99.753512][ T4265] loop0: rw=0, sector=6491536, nr_sectors = 2 limit=128 [ 99.769299][ T4265] Buffer I/O error on dev loop0, logical block 3245768, async page read [ 99.778132][ T4265] ================================================================== [ 99.786230][ T4265] BUG: KASAN: use-after-free in sysv_new_inode+0x107e/0x1210 [ 99.793637][ T4265] Read of size 2 at addr ffff88806ed3c1ce by task syz-executor400/4265 [ 99.801891][ T4265] [ 99.804224][ T4265] CPU: 0 PID: 4265 Comm: syz-executor400 Not tainted 6.1.119-syzkaller #0 [ 99.812716][ T4265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 99.822804][ T4265] Call Trace: [ 99.826127][ T4265] [ 99.829056][ T4265] dump_stack_lvl+0x1e3/0x2cb [ 99.833752][ T4265] ? nf_tcp_handle_invalid+0x642/0x642 [ 99.839226][ T4265] ? panic+0x764/0x764 [ 99.843317][ T4265] ? _printk+0xd1/0x111 [ 99.847478][ T4265] ? __virt_addr_valid+0x17f/0x530 [ 99.852595][ T4265] ? __virt_addr_valid+0x17f/0x530 [ 99.857737][ T4265] print_report+0x15f/0x4f0 [ 99.862252][ T4265] ? __virt_addr_valid+0x17f/0x530 [ 99.867369][ T4265] ? __virt_addr_valid+0x17f/0x530 [ 99.872498][ T4265] ? __virt_addr_valid+0x45b/0x530 [ 99.877635][ T4265] ? __phys_addr+0xb6/0x170 [ 99.882142][ T4265] ? sysv_new_inode+0x107e/0x1210 [ 99.887180][ T4265] kasan_report+0x136/0x160 [ 99.891685][ T4265] ? sysv_new_inode+0x107e/0x1210 [ 99.896711][ T4265] sysv_new_inode+0x107e/0x1210 [ 99.901567][ T4265] ? from_kgid+0x1a3/0x730 [ 99.906010][ T4265] ? make_kgid+0x6f0/0x6f0 [ 99.910448][ T4265] ? sysv_free_inode+0x840/0x840 [ 99.915388][ T4265] ? generic_permission+0x27c/0x4f0 [ 99.920598][ T4265] sysv_symlink+0x9b/0x180 [ 99.925035][ T4265] vfs_symlink+0x247/0x3d0 [ 99.929542][ T4265] do_symlinkat+0x21e/0x390 [ 99.934059][ T4265] ? __check_object_size+0x4dd/0xa30 [ 99.939391][ T4265] ? vfs_symlink+0x3d0/0x3d0 [ 99.944075][ T4265] ? getname_flags+0x1f9/0x4f0 [ 99.948852][ T4265] ? lockdep_hardirqs_on+0x94/0x130 [ 99.954086][ T4265] __x64_sys_symlink+0x7a/0x90 [ 99.958871][ T4265] do_syscall_64+0x3b/0xb0 [ 99.963299][ T4265] ? clear_bhb_loop+0x45/0xa0 [ 99.967982][ T4265] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 99.973898][ T4265] RIP: 0033:0x7ff627d55c89 [ 99.978343][ T4265] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 99.997980][ T4265] RSP: 002b:00007ff627d06168 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 100.006410][ T4265] RAX: ffffffffffffffda RBX: 00007ff627de06c8 RCX: 00007ff627d55c89 [ 100.014400][ T4265] RDX: 00007ff627d55c89 RSI: 0000000020000200 RDI: 00000000200049c0 [ 100.022373][ T4265] RBP: 00007ff627de06c0 R08: 00007ff627d066c0 R09: 0000000000000000 [ 100.030346][ T4265] R10: 0000000000009e7f R11: 0000000000000246 R12: 00007ff627de06cc [ 100.038313][ T4265] R13: 0000000000000006 R14: 00007fff728fcd90 R15: 00007fff728fce78 [ 100.046321][ T4265] [ 100.049341][ T4265] [ 100.051687][ T4265] The buggy address belongs to the physical page: [ 100.058100][ T4265] page:ffffea0001bb4f00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6ed3c [ 100.068268][ T4265] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 100.075411][ T4265] raw: 00fff00000000000 ffffea0001cc6bc8 ffffea0001bb4ec8 0000000000000000 [ 100.083988][ T4265] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 100.092559][ T4265] page dumped because: kasan: bad access detected [ 100.098967][ T4265] page_owner tracks the page as freed [ 100.104325][ T4265] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 4251, tgid 4251 (sshd), ts 97977268309, free_ts 97978096646 [ 100.121349][ T4265] post_alloc_hook+0x18d/0x1b0 [ 100.126135][ T4265] get_page_from_freelist+0x3731/0x38d0 [ 100.131681][ T4265] __alloc_pages+0x28d/0x770 [ 100.136264][ T4265] __folio_alloc+0xf/0x30 [ 100.140585][ T4265] vma_alloc_folio+0x486/0x990 [ 100.145338][ T4265] wp_page_copy+0x291/0x18c0 [ 100.149919][ T4265] handle_mm_fault+0x2525/0x5340 [ 100.154857][ T4265] exc_page_fault+0x26f/0x620 [ 100.159530][ T4265] asm_exc_page_fault+0x22/0x30 [ 100.164416][ T4265] page last free stack trace: [ 100.169078][ T4265] free_unref_page_prepare+0xf63/0x1120 [ 100.174634][ T4265] free_unref_page_list+0x663/0x900 [ 100.179841][ T4265] release_pages+0x2836/0x2b40 [ 100.184598][ T4265] tlb_flush_mmu+0xfc/0x210 [ 100.189118][ T4265] tlb_finish_mmu+0xce/0x1f0 [ 100.193713][ T4265] unmap_region+0x29f/0x2f0 [ 100.198207][ T4265] do_mas_align_munmap+0xef5/0x15a0 [ 100.203396][ T4265] do_mas_munmap+0x246/0x2b0 [ 100.207984][ T4265] __vm_munmap+0x268/0x370 [ 100.212406][ T4265] __x64_sys_munmap+0x5c/0x70 [ 100.217082][ T4265] do_syscall_64+0x3b/0xb0 [ 100.221496][ T4265] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 100.227401][ T4265] [ 100.229715][ T4265] Memory state around the buggy address: [ 100.235363][ T4265] ffff88806ed3c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 100.243501][ T4265] ffff88806ed3c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 100.251557][ T4265] >ffff88806ed3c180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 100.259607][ T4265] ^ [ 100.266010][ T4265] ffff88806ed3c200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 100.274080][ T4265] ffff88806ed3c280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 100.282161][ T4265] ================================================================== [ 100.301866][ T4265] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 100.309080][ T4265] CPU: 0 PID: 4265 Comm: syz-executor400 Not tainted 6.1.119-syzkaller #0 [ 100.317568][ T4265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 100.327615][ T4265] Call Trace: [ 100.330887][ T4265] [ 100.333811][ T4265] dump_stack_lvl+0x1e3/0x2cb [ 100.338489][ T4265] ? nf_tcp_handle_invalid+0x642/0x642 [ 100.343948][ T4265] ? panic+0x764/0x764 [ 100.348015][ T4265] ? preempt_schedule_common+0xa6/0xd0 [ 100.353468][ T4265] ? vscnprintf+0x59/0x80 [ 100.357808][ T4265] panic+0x318/0x764 [ 100.361724][ T4265] ? check_panic_on_warn+0x1d/0xa0 [ 100.366938][ T4265] ? memcpy_page_flushcache+0xfc/0xfc [ 100.372306][ T4265] ? _raw_spin_unlock_irqrestore+0x128/0x130 [ 100.378282][ T4265] ? _raw_spin_unlock+0x40/0x40 [ 100.383214][ T4265] ? print_report+0x4a3/0x4f0 [ 100.387888][ T4265] check_panic_on_warn+0x7e/0xa0 [ 100.392823][ T4265] ? sysv_new_inode+0x107e/0x1210 [ 100.397840][ T4265] end_report+0x66/0x110 [ 100.402071][ T4265] kasan_report+0x143/0x160 [ 100.406568][ T4265] ? sysv_new_inode+0x107e/0x1210 [ 100.411604][ T4265] sysv_new_inode+0x107e/0x1210 [ 100.416477][ T4265] ? from_kgid+0x1a3/0x730 [ 100.420900][ T4265] ? make_kgid+0x6f0/0x6f0 [ 100.425322][ T4265] ? sysv_free_inode+0x840/0x840 [ 100.430269][ T4265] ? generic_permission+0x27c/0x4f0 [ 100.435473][ T4265] sysv_symlink+0x9b/0x180 [ 100.439896][ T4265] vfs_symlink+0x247/0x3d0 [ 100.444323][ T4265] do_symlinkat+0x21e/0x390 [ 100.448830][ T4265] ? __check_object_size+0x4dd/0xa30 [ 100.454121][ T4265] ? vfs_symlink+0x3d0/0x3d0 [ 100.458720][ T4265] ? getname_flags+0x1f9/0x4f0 [ 100.463486][ T4265] ? lockdep_hardirqs_on+0x94/0x130 [ 100.468687][ T4265] __x64_sys_symlink+0x7a/0x90 [ 100.473457][ T4265] do_syscall_64+0x3b/0xb0 [ 100.477881][ T4265] ? clear_bhb_loop+0x45/0xa0 [ 100.482568][ T4265] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 100.488467][ T4265] RIP: 0033:0x7ff627d55c89 [ 100.492879][ T4265] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 1d 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 100.512485][ T4265] RSP: 002b:00007ff627d06168 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 100.520899][ T4265] RAX: ffffffffffffffda RBX: 00007ff627de06c8 RCX: 00007ff627d55c89 [ 100.528870][ T4265] RDX: 00007ff627d55c89 RSI: 0000000020000200 RDI: 00000000200049c0 [ 100.536838][ T4265] RBP: 00007ff627de06c0 R08: 00007ff627d066c0 R09: 0000000000000000 [ 100.544816][ T4265] R10: 0000000000009e7f R11: 0000000000000246 R12: 00007ff627de06cc [ 100.552783][ T4265] R13: 0000000000000006 R14: 00007fff728fcd90 R15: 00007fff728fce78 [ 100.560755][ T4265] [ 100.564076][ T4265] Kernel Offset: disabled [ 100.568401][ T4265] Rebooting in 86400 seconds..