Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.255' (ECDSA) to the list of known hosts. syzkaller login: [ 32.711936] IPVS: ftp: loaded support on port[0] = 21 [ 32.781927] chnl_net:caif_netlink_parms(): no params data found [ 32.883926] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.890616] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.897599] device bridge_slave_0 entered promiscuous mode [ 32.905507] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.912158] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.919482] device bridge_slave_1 entered promiscuous mode [ 32.936368] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 32.945082] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 32.962728] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 32.970047] team0: Port device team_slave_0 added [ 32.975363] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 32.983280] team0: Port device team_slave_1 added [ 32.998375] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 33.004598] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.029805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 33.041059] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 33.047280] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 33.072489] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 33.085856] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 33.093397] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 33.111825] device hsr_slave_0 entered promiscuous mode [ 33.117448] device hsr_slave_1 entered promiscuous mode [ 33.123672] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 33.130758] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 33.192672] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.199094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.205796] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.212184] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.242362] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 33.249500] 8021q: adding VLAN 0 to HW filter on device bond0 [ 33.257035] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 33.266442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.274647] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.281786] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.289081] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 33.299717] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 33.305766] 8021q: adding VLAN 0 to HW filter on device team0 [ 33.314438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.322851] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.329231] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.338688] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.346381] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.352758] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.370193] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 33.378680] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 33.386119] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.396121] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 33.404253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.413754] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 33.419924] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 33.431991] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 33.440090] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 33.446716] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 33.457030] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 33.488197] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 33.497950] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.526301] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 33.533770] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 33.540822] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 33.551813] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.559967] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.567011] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.576030] device veth0_vlan entered promiscuous mode [ 33.585058] device veth1_vlan entered promiscuous mode [ 33.591325] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 33.601052] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 33.612218] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 33.622695] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 33.630233] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 33.637659] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.647004] device veth0_macvtap entered promiscuous mode [ 33.653198] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 33.661887] device veth1_macvtap entered promiscuous mode [ 33.670655] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 33.680481] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 33.689985] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 33.696634] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 33.705167] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 33.715693] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 33.722767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready executing program [ 33.814627] ====================================================== [ 33.814627] WARNING: the mand mount option is being deprecated and [ 33.814627] will be removed in v5.15! [ 33.814627] ====================================================== [ 33.843317] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 33.859677] audit: type=1800 audit(1670064629.119:2): pid=8095 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor678" name="bus" dev="loop0" ino=1357 res=0 [ 33.922144] ================================================================== [ 33.929616] BUG: KASAN: use-after-free in crc_itu_t+0xce/0xe0 [ 33.935498] Read of size 1 at addr ffff88808b891000 by task syz-executor678/8095 [ 33.943019] [ 33.944650] CPU: 0 PID: 8095 Comm: syz-executor678 Not tainted 4.19.211-syzkaller #0 [ 33.952515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 33.961850] Call Trace: [ 33.964420] dump_stack+0x1fc/0x2ef [ 33.968036] print_address_description.cold+0x54/0x219 [ 33.973296] kasan_report_error.cold+0x8a/0x1b9 [ 33.977956] ? crc_itu_t+0xce/0xe0 [ 33.981487] __asan_report_load1_noabort+0x88/0x90 [ 33.986400] ? kvm_register_clock+0x70/0xc0 [ 33.990701] ? crc_itu_t+0xce/0xe0 [ 33.994222] crc_itu_t+0xce/0xe0 [ 33.997581] udf_close_lvid+0x47a/0x770 [ 34.001546] ? udf_open_lvid+0x4f0/0x4f0 [ 34.005598] ? dispose_list+0x1f0/0x1f0 [ 34.009554] ? iput+0x16/0x860 [ 34.012732] udf_put_super+0x217/0x290 [ 34.016602] ? udf_sb_free_partitions.isra.0+0xba0/0xba0 [ 34.022036] generic_shutdown_super+0x144/0x370 [ 34.026687] kill_block_super+0x97/0xf0 [ 34.030648] deactivate_locked_super+0x94/0x160 [ 34.035295] deactivate_super+0x174/0x1a0 [ 34.039423] ? deactivate_locked_super+0x160/0x160 [ 34.044335] ? dput+0x31/0x640 [ 34.047510] cleanup_mnt+0x1a8/0x290 [ 34.051209] task_work_run+0x148/0x1c0 [ 34.055079] do_exit+0xbf3/0x2be0 [ 34.058514] ? lock_downgrade+0x720/0x720 [ 34.062644] ? mm_update_next_owner+0x650/0x650 [ 34.067302] ? up_read+0x17/0x110 [ 34.070746] ? __do_page_fault+0x180/0xd60 [ 34.074963] do_group_exit+0x125/0x310 [ 34.078833] __x64_sys_exit_group+0x3a/0x50 [ 34.083136] do_syscall_64+0xf9/0x620 [ 34.086921] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.092091] RIP: 0033:0x7fc31a6584f9 [ 34.095811] Code: Bad RIP value. [ 34.099152] RSP: 002b:00007ffe505bbc28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.106837] RAX: ffffffffffffffda RBX: 00007fc31a6d0430 RCX: 00007fc31a6584f9 [ 34.114085] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 34.121332] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000 [ 34.128579] R10: 000080001d00c0d0 R11: 0000000000000246 R12: 00007fc31a6d0430 [ 34.135831] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 34.143084] [ 34.144686] The buggy address belongs to the page: [ 34.149595] page:ffffea00022e2440 count:0 mapcount:0 mapping:0000000000000000 index:0x1 [ 34.157719] flags: 0xfff00000000000() [ 34.161511] raw: 00fff00000000000 ffffea00023b4888 ffffea00022e3748 0000000000000000 [ 34.169371] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 34.177236] page dumped because: kasan: bad access detected [ 34.182924] [ 34.184529] Memory state around the buggy address: [ 34.189435] ffff88808b890f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.196799] ffff88808b890f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.204137] >ffff88808b891000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.211469] ^ [ 34.214812] ffff88808b891080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.222146] ffff88808b891100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 34.229479] ================================================================== [ 34.236812] Disabling lock debugging due to kernel taint [ 34.244141] Kernel panic - not syncing: panic_on_warn set ... [ 34.244141] [ 34.251517] CPU: 0 PID: 8095 Comm: syz-executor678 Tainted: G B 4.19.211-syzkaller #0 [ 34.260783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 34.270121] Call Trace: [ 34.272689] dump_stack+0x1fc/0x2ef [ 34.276297] panic+0x26a/0x50e [ 34.279493] ? __warn_printk+0xf3/0xf3 [ 34.283357] ? preempt_schedule_common+0x45/0xc0 [ 34.288093] ? ___preempt_schedule+0x16/0x18 [ 34.292479] ? trace_hardirqs_on+0x55/0x210 [ 34.296784] kasan_end_report+0x43/0x49 [ 34.300736] kasan_report_error.cold+0xa7/0x1b9 [ 34.305381] ? crc_itu_t+0xce/0xe0 [ 34.308900] __asan_report_load1_noabort+0x88/0x90 [ 34.313806] ? kvm_register_clock+0x70/0xc0 [ 34.318103] ? crc_itu_t+0xce/0xe0 [ 34.321618] crc_itu_t+0xce/0xe0 [ 34.324965] udf_close_lvid+0x47a/0x770 [ 34.328918] ? udf_open_lvid+0x4f0/0x4f0 [ 34.332958] ? dispose_list+0x1f0/0x1f0 [ 34.336914] ? iput+0x16/0x860 [ 34.340095] udf_put_super+0x217/0x290 [ 34.343960] ? udf_sb_free_partitions.isra.0+0xba0/0xba0 [ 34.349390] generic_shutdown_super+0x144/0x370 [ 34.354037] kill_block_super+0x97/0xf0 [ 34.357992] deactivate_locked_super+0x94/0x160 [ 34.362639] deactivate_super+0x174/0x1a0 [ 34.366769] ? deactivate_locked_super+0x160/0x160 [ 34.371677] ? dput+0x31/0x640 [ 34.374852] cleanup_mnt+0x1a8/0x290 [ 34.378548] task_work_run+0x148/0x1c0 [ 34.382416] do_exit+0xbf3/0x2be0 [ 34.385849] ? lock_downgrade+0x720/0x720 [ 34.389975] ? mm_update_next_owner+0x650/0x650 [ 34.394619] ? up_read+0x17/0x110 [ 34.398054] ? __do_page_fault+0x180/0xd60 [ 34.402266] do_group_exit+0x125/0x310 [ 34.406136] __x64_sys_exit_group+0x3a/0x50 [ 34.410435] do_syscall_64+0xf9/0x620 [ 34.414243] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.419498] RIP: 0033:0x7fc31a6584f9 [ 34.423191] Code: Bad RIP value. [ 34.426531] RSP: 002b:00007ffe505bbc28 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 34.434215] RAX: ffffffffffffffda RBX: 00007fc31a6d0430 RCX: 00007fc31a6584f9 [ 34.441719] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001 [ 34.448964] RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000 [ 34.456210] R10: 000080001d00c0d0 R11: 0000000000000246 R12: 00007fc31a6d0430 [ 34.463455] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 34.470875] Kernel Offset: disabled [ 34.474485] Rebooting in 86400 seconds..