forked to background, child pid 3185 no interfaces have a carri[ 24.355246][ T3186] 8021q: adding VLAN 0 to HW filter on device bond0 er [ 24.369318][ T3186] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.250' (ECDSA) to the list of known hosts. executing program executing program syzkaller login: [ 41.735584][ T3601] loop0: detected capacity change from 0 to 2048 [ 41.748127][ T3601] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/09/12 12:00 (1000) [ 41.792983][ T3603] ================================================================== [ 41.801086][ T3603] BUG: KASAN: out-of-bounds in udf_write_fi+0x910/0xf20 [ 41.808016][ T3603] Write of size 18446744073709551572 at addr ffff88807b13e02c by task syz-executor373/3603 [ 41.818146][ T3603] [ 41.820451][ T3603] CPU: 1 PID: 3603 Comm: syz-executor373 Not tainted 6.1.0-rc4-syzkaller-00372-gaf7a05689189 #0 [ 41.830848][ T3603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 41.841595][ T3603] Call Trace: [ 41.844862][ T3603] [ 41.847774][ T3603] dump_stack_lvl+0xcd/0x134 [ 41.852381][ T3603] print_report+0x15e/0x45d [ 41.856890][ T3603] ? __phys_addr+0xc4/0x140 [ 41.861377][ T3603] ? udf_write_fi+0x910/0xf20 [ 41.866060][ T3603] kasan_report+0xbb/0x1f0 [ 41.870486][ T3603] ? udf_write_fi+0x910/0xf20 [ 41.875154][ T3603] kasan_check_range+0x13d/0x180 [ 41.880084][ T3603] memset+0x20/0x40 [ 41.883895][ T3603] udf_write_fi+0x910/0xf20 [ 41.888385][ T3603] ? udf_delete_entry+0xf8/0x150 [ 41.893321][ T3603] udf_rename+0xd9f/0x1250 [ 41.897735][ T3603] ? udf_unlink+0x480/0x480 [ 41.902252][ T3603] ? find_held_lock+0x2d/0x110 [ 41.907004][ T3603] ? vfs_rename+0x49b/0x1a90 [ 41.911607][ T3603] ? lock_downgrade+0x6e0/0x6e0 [ 41.916447][ T3603] ? do_raw_spin_lock+0x120/0x2a0 [ 41.921464][ T3603] ? udf_unlink+0x480/0x480 [ 41.925974][ T3603] vfs_rename+0x115e/0x1a90 [ 41.930470][ T3603] ? path_openat+0x2860/0x2860 [ 41.935225][ T3603] ? do_raw_spin_unlock+0x171/0x230 [ 41.940413][ T3603] ? _raw_spin_unlock+0x24/0x40 [ 41.945256][ T3603] ? bpf_lsm_path_rename+0x5/0x10 [ 41.950268][ T3603] ? security_path_rename+0x154/0x220 [ 41.955720][ T3603] do_renameat2+0xb5e/0xc80 [ 41.960216][ T3603] ? __ia32_sys_link+0xa0/0xa0 [ 41.965057][ T3603] ? __virt_addr_valid+0x5d/0x2d0 [ 41.970068][ T3603] ? __phys_addr_symbol+0x2c/0x70 [ 41.975098][ T3603] ? strncpy_from_user+0x287/0x3c0 [ 41.980205][ T3603] __x64_sys_renameat2+0xe4/0x120 [ 41.985230][ T3603] do_syscall_64+0x35/0xb0 [ 41.989642][ T3603] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 41.995532][ T3603] RIP: 0033:0x7fdc1e04d2f9 [ 42.000023][ T3603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 42.019619][ T3603] RSP: 002b:00007ffeb524d758 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 42.028020][ T3603] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fdc1e04d2f9 [ 42.035976][ T3603] RDX: 0000000000000004 RSI: 00000000200001c0 RDI: 0000000000000004 [ 42.043931][ T3603] RBP: 00007ffeb524d770 R08: 0000000000000000 R09: 00007ffeb524d6f0 [ 42.051885][ T3603] R10: 0000000020000200 R11: 0000000000000246 R12: 0000000000000005 [ 42.059858][ T3603] R13: 00007ffeb524d76c R14: 431bde82d7b634db R15: 00007ffeb524d780 [ 42.067819][ T3603] [ 42.070819][ T3603] [ 42.073141][ T3603] The buggy address belongs to the physical page: [ 42.079535][ T3603] page:ffffea0001ec4f80 refcount:2 mapcount:0 mapping:ffff888011c533f8 index:0xa8 pfn:0x7b13e [ 42.089757][ T3603] memcg:ffff888140188000 [ 42.093976][ T3603] aops:def_blk_aops ino:700000 [ 42.098725][ T3603] flags: 0xfff0000000203a(referenced|dirty|lru|active|private|node=0|zone=1|lastcpupid=0x7ff) [ 42.108956][ T3603] raw: 00fff0000000203a ffffea0001be8208 ffffea0001c65808 ffff888011c533f8 [ 42.117784][ T3603] raw: 00000000000000a8 ffff888071f292b8 00000002ffffffff ffff888140188000 [ 42.126350][ T3603] page dumped because: kasan: bad access detected [ 42.132742][ T3603] page_owner tracks the page as allocated [ 42.138437][ T3603] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 3601, tgid 3601 (syz-executor373), ts 41759669909, free_ts 41699988066 [ 42.159017][ T3603] get_page_from_freelist+0x10b5/0x2d50 [ 42.164585][ T3603] __alloc_pages+0x1c7/0x5a0 [ 42.169166][ T3603] alloc_pages+0x1a6/0x270 [ 42.173577][ T3603] folio_alloc+0x1c/0x70 [ 42.177808][ T3603] filemap_alloc_folio+0x306/0x3a0 [ 42.182903][ T3603] __filemap_get_folio+0x328/0xd90 [ 42.187998][ T3603] pagecache_get_page+0x2e/0x280 [ 42.193016][ T3603] __getblk_slow+0x1f4/0x1030 [ 42.197682][ T3603] __bread_gfp+0x228/0x320 [ 42.202085][ T3603] udf_tread+0x165/0x1d0 [ 42.206315][ T3603] udf_find_entry+0xc99/0x1230 [ 42.211236][ T3603] udf_lookup+0x156/0x270 [ 42.215552][ T3603] lookup_open.isra.0+0x76a/0x12a0 [ 42.220646][ T3603] path_openat+0x996/0x2860 [ 42.225132][ T3603] do_filp_open+0x1b6/0x400 [ 42.229637][ T3603] do_sys_openat2+0x16d/0x4c0 [ 42.234389][ T3603] page last free stack trace: [ 42.239045][ T3603] free_pcp_prepare+0x65c/0xd90 [ 42.243891][ T3603] free_unref_page_list+0x172/0xc40 [ 42.249073][ T3603] release_pages+0xc86/0x1360 [ 42.253820][ T3603] tlb_batch_pages_flush+0xa8/0x1a0 [ 42.259176][ T3603] tlb_finish_mmu+0x147/0x7e0 [ 42.263838][ T3603] exit_mmap+0x1fe/0x7a0 [ 42.268070][ T3603] __mmput+0x128/0x4c0 [ 42.272130][ T3603] mmput+0x5c/0x70 [ 42.275837][ T3603] begin_new_exec+0xf92/0x2e70 [ 42.280594][ T3603] load_elf_binary+0x7fd/0x4f00 [ 42.285441][ T3603] bprm_execve+0x7ef/0x19f0 [ 42.290193][ T3603] do_execveat_common+0x724/0x890 [ 42.295210][ T3603] __x64_sys_execve+0x8f/0xc0 [ 42.299964][ T3603] do_syscall_64+0x35/0xb0 [ 42.304371][ T3603] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.310259][ T3603] [ 42.312564][ T3603] Memory state around the buggy address: [ 42.318174][ T3603] ffff88807b13df00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 42.326220][ T3603] ffff88807b13df80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 42.334352][ T3603] >ffff88807b13e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.342499][ T3603] ^ [ 42.347857][ T3603] ffff88807b13e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.355902][ T3603] ffff88807b13e100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 42.363946][ T3603] ================================================================== [ 42.372236][ T3603] Kernel panic - not syncing: panic_on_warn set ... [ 42.378834][ T3603] CPU: 0 PID: 3603 Comm: syz-executor373 Not tainted 6.1.0-rc4-syzkaller-00372-gaf7a05689189 #0 [ 42.389264][ T3603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 42.399329][ T3603] Call Trace: [ 42.402602][ T3603] [ 42.405519][ T3603] dump_stack_lvl+0xcd/0x134 [ 42.410112][ T3603] panic+0x2c8/0x622 [ 42.414009][ T3603] ? panic_print_sys_info.part.0+0x110/0x110 [ 42.419985][ T3603] ? preempt_schedule_common+0x59/0xc0 [ 42.425433][ T3603] ? preempt_schedule_thunk+0x16/0x18 [ 42.430802][ T3603] end_report.part.0+0x3f/0x7c [ 42.435558][ T3603] ? udf_write_fi+0x910/0xf20 [ 42.440242][ T3603] kasan_report.cold+0xa/0xf [ 42.444853][ T3603] ? udf_write_fi+0x910/0xf20 [ 42.449605][ T3603] kasan_check_range+0x13d/0x180 [ 42.454541][ T3603] memset+0x20/0x40 [ 42.458353][ T3603] udf_write_fi+0x910/0xf20 [ 42.462847][ T3603] ? udf_delete_entry+0xf8/0x150 [ 42.467773][ T3603] udf_rename+0xd9f/0x1250 [ 42.472354][ T3603] ? udf_unlink+0x480/0x480 [ 42.476851][ T3603] ? find_held_lock+0x2d/0x110 [ 42.481689][ T3603] ? vfs_rename+0x49b/0x1a90 [ 42.486270][ T3603] ? lock_downgrade+0x6e0/0x6e0 [ 42.491107][ T3603] ? do_raw_spin_lock+0x120/0x2a0 [ 42.496124][ T3603] ? udf_unlink+0x480/0x480 [ 42.500618][ T3603] vfs_rename+0x115e/0x1a90 [ 42.505114][ T3603] ? path_openat+0x2860/0x2860 [ 42.509863][ T3603] ? do_raw_spin_unlock+0x171/0x230 [ 42.515139][ T3603] ? _raw_spin_unlock+0x24/0x40 [ 42.520068][ T3603] ? bpf_lsm_path_rename+0x5/0x10 [ 42.525077][ T3603] ? security_path_rename+0x154/0x220 [ 42.530441][ T3603] do_renameat2+0xb5e/0xc80 [ 42.534941][ T3603] ? __ia32_sys_link+0xa0/0xa0 [ 42.539871][ T3603] ? __virt_addr_valid+0x5d/0x2d0 [ 42.544886][ T3603] ? __phys_addr_symbol+0x2c/0x70 [ 42.549986][ T3603] ? strncpy_from_user+0x287/0x3c0 [ 42.555089][ T3603] __x64_sys_renameat2+0xe4/0x120 [ 42.560104][ T3603] do_syscall_64+0x35/0xb0 [ 42.564518][ T3603] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.570407][ T3603] RIP: 0033:0x7fdc1e04d2f9 [ 42.574810][ T3603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 42.594581][ T3603] RSP: 002b:00007ffeb524d758 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 42.602979][ T3603] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fdc1e04d2f9 [ 42.610936][ T3603] RDX: 0000000000000004 RSI: 00000000200001c0 RDI: 0000000000000004 [ 42.618891][ T3603] RBP: 00007ffeb524d770 R08: 0000000000000000 R09: 00007ffeb524d6f0 [ 42.626853][ T3603] R10: 0000000020000200 R11: 0000000000000246 R12: 0000000000000005 [ 42.634810][ T3603] R13: 00007ffeb524d76c R14: 431bde82d7b634db R15: 00007ffeb524d780 [ 42.642771][ T3603] [ 42.646430][ T3603] Kernel Offset: disabled [ 42.650737][ T3603] Rebooting in 86400 seconds..