Warning: Permanently added '10.128.0.176' (ECDSA) to the list of known hosts. [ 50.580290][ T5064] chnl_net:caif_netlink_parms(): no params data found [ 50.621906][ T5064] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.629866][ T5064] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.638053][ T5064] device bridge_slave_0 entered promiscuous mode [ 50.646743][ T5064] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.653953][ T5064] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.661820][ T5064] device bridge_slave_1 entered promiscuous mode [ 50.681584][ T5064] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.692444][ T5064] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 50.715351][ T5064] team0: Port device team_slave_0 added [ 50.722730][ T5064] team0: Port device team_slave_1 added [ 50.739545][ T5064] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 50.746490][ T5064] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 50.772560][ T5064] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 50.784877][ T5064] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 50.791867][ T5064] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 50.817803][ T5064] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 50.846990][ T5064] device hsr_slave_0 entered promiscuous mode [ 50.853736][ T5064] device hsr_slave_1 entered promiscuous mode [ 50.932280][ T5064] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 50.942510][ T5064] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 50.951811][ T5064] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 50.960467][ T5064] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 50.981120][ T5064] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.988469][ T5064] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.996065][ T5064] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.003196][ T5064] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.042849][ T5064] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.057270][ T5071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.066791][ T5071] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.076166][ T5071] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.084285][ T5071] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 51.097556][ T5064] 8021q: adding VLAN 0 to HW filter on device team0 [ 51.109433][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.118188][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.125241][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.149272][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.158235][ T14] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.165289][ T14] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.175032][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.183287][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.193131][ T5064] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.203693][ T5072] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.223008][ T5064] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 51.231614][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 51.239347][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 51.256798][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 51.274525][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 51.282839][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 51.290809][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 51.302346][ T5064] device veth0_vlan entered promiscuous mode [ 51.312957][ T5064] device veth1_vlan entered promiscuous mode [ 51.331193][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 51.340210][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 51.348556][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 51.360282][ T5064] device veth0_macvtap entered promiscuous mode [ 51.369543][ T5064] device veth1_macvtap entered promiscuous mode [ 51.385044][ T5064] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 51.393437][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 51.403410][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 51.414067][ T5064] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 51.422467][ T5071] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 51.433523][ T5064] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.442704][ T5064] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.451506][ T5064] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 executing program [ 51.460235][ T5064] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 51.519119][ T5064] loop0: detected capacity change from 0 to 4096 [ 51.530168][ T5064] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 0) do not match. Run ntfsfix or chkdsk. [ 51.542794][ T5064] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 51.561742][ T5064] ntfs: volume version 3.1. [ 51.568002][ T5064] ================================================================== [ 51.576155][ T5064] BUG: KASAN: use-after-free in ntfs_lookup_inode_by_name+0xe90/0x2ce0 [ 51.584401][ T5064] Read of size 8 at addr ffff88807fcb4b80 by task syz-executor169/5064 [ 51.592618][ T5064] [ 51.594925][ T5064] CPU: 1 PID: 5064 Comm: syz-executor169 Not tainted 6.2.0-rc1-syzkaller #0 [ 51.603572][ T5064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 51.613610][ T5064] Call Trace: [ 51.616870][ T5064] [ 51.619804][ T5064] dump_stack_lvl+0x1b1/0x290 [ 51.624597][ T5064] ? nf_tcp_handle_invalid+0x630/0x630 [ 51.630060][ T5064] ? __wake_up_klogd+0xcd/0x100 [ 51.634899][ T5064] ? panic+0x710/0x710 [ 51.638954][ T5064] ? _printk+0xc0/0x100 [ 51.643092][ T5064] ? _raw_spin_lock_irqsave+0x8e/0x100 [ 51.648546][ T5064] print_address_description+0x74/0x340 [ 51.654106][ T5064] print_report+0x107/0x1f0 [ 51.658598][ T5064] ? __virt_addr_valid+0x21b/0x2d0 [ 51.663696][ T5064] ? __phys_addr+0xb5/0x160 [ 51.668195][ T5064] ? ntfs_lookup_inode_by_name+0xe90/0x2ce0 [ 51.674093][ T5064] kasan_report+0xcd/0x100 [ 51.678501][ T5064] ? kmem_cache_alloc+0x20a/0x350 [ 51.683508][ T5064] ? ntfs_lookup_inode_by_name+0xe90/0x2ce0 [ 51.689392][ T5064] ntfs_lookup_inode_by_name+0xe90/0x2ce0 [ 51.695097][ T5064] ? down_read_killable+0x80/0x80 [ 51.700106][ T5064] check_windows_hibernation_status+0xec/0x4d0 [ 51.706244][ T5064] ? load_and_check_logfile+0xd0/0xd0 [ 51.711603][ T5064] ? load_system_files+0x3408/0x4870 [ 51.716870][ T5064] load_system_files+0x34e0/0x4870 [ 51.721968][ T5064] ? free_vm_area+0x50/0x50 [ 51.726453][ T5064] ? ntfs_setup_allocators+0x2d0/0x2d0 [ 51.731896][ T5064] ? mutex_unlock+0x10/0x10 [ 51.736392][ T5064] ? memset+0x1f/0x40 [ 51.740365][ T5064] ? generate_default_upcase+0x7a3/0x7f0 [ 51.745989][ T5064] ntfs_fill_super+0x19a9/0x2bf0 [ 51.750956][ T5064] mount_bdev+0x26c/0x3a0 [ 51.755366][ T5064] ? ntfs_mount+0x40/0x40 [ 51.759686][ T5064] legacy_get_tree+0xea/0x180 [ 51.764348][ T5064] ? ntfs_rl_punch_nolock+0x1160/0x1160 [ 51.769883][ T5064] vfs_get_tree+0x88/0x270 [ 51.774282][ T5064] do_new_mount+0x289/0xad0 [ 51.778767][ T5064] ? do_move_mount_old+0x150/0x150 [ 51.783865][ T5064] ? user_path_at_empty+0x149/0x1a0 [ 51.789069][ T5064] __se_sys_mount+0x2d3/0x3c0 [ 51.793726][ T5064] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 51.799688][ T5064] ? __x64_sys_mount+0xc0/0xc0 [ 51.804432][ T5064] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 51.810399][ T5064] ? lockdep_hardirqs_on+0x8d/0x130 [ 51.815598][ T5064] ? __x64_sys_mount+0x1c/0xc0 [ 51.820345][ T5064] do_syscall_64+0x3d/0xb0 [ 51.824743][ T5064] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 51.830626][ T5064] RIP: 0033:0x7fc7b7d9644a [ 51.835027][ T5064] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 08 01 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 51.854799][ T5064] RSP: 002b:00007ffc447f93f8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 51.863216][ T5064] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc7b7d9644a [ 51.871193][ T5064] RDX: 0000000020000000 RSI: 000000002001ee80 RDI: 00007ffc447f9410 [ 51.879156][ T5064] RBP: 00007ffc447f9410 R08: 00007ffc447f9450 R09: 000000000001ee3c [ 51.887110][ T5064] R10: 0000000000004010 R11: 0000000000000286 R12: 0000000000000004 [ 51.895095][ T5064] R13: 00005555560972c0 R14: 0000000000004010 R15: 00007ffc447f9450 [ 51.903056][ T5064] [ 51.906054][ T5064] [ 51.908363][ T5064] The buggy address belongs to the physical page: [ 51.914762][ T5064] page:ffffea0001ff2d00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x7fcb4 [ 51.924891][ T5064] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 51.931985][ T5064] raw: 00fff00000000000 ffffea0001cb9c08 ffffea0001ff64c8 0000000000000000 [ 51.940553][ T5064] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 51.949125][ T5064] page dumped because: kasan: bad access detected [ 51.955522][ T5064] page_owner tracks the page as freed [ 51.960869][ T5064] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 4861, tgid 4861 (scp), ts 42437088117, free_ts 42604079701 [ 51.978060][ T5064] get_page_from_freelist+0x742/0x7c0 [ 51.983419][ T5064] __alloc_pages+0x259/0x560 [ 51.987998][ T5064] __folio_alloc+0xf/0x30 [ 51.992329][ T5064] vma_alloc_folio+0x660/0xb60 [ 51.997074][ T5064] do_cow_fault+0xa3/0x5d0 [ 52.001468][ T5064] handle_mm_fault+0x189d/0x26b0 [ 52.006384][ T5064] do_user_addr_fault+0x69b/0xcb0 [ 52.011396][ T5064] exc_page_fault+0x7a/0x110 [ 52.015971][ T5064] asm_exc_page_fault+0x22/0x30 [ 52.020820][ T5064] page last free stack trace: [ 52.025755][ T5064] free_pcp_prepare+0x751/0x780 [ 52.030596][ T5064] free_unref_page_list+0xb2/0x830 [ 52.035690][ T5064] release_pages+0x233e/0x25e0 [ 52.040438][ T5064] tlb_flush_mmu+0x860/0xa80 [ 52.045019][ T5064] tlb_finish_mmu+0xcd/0x200 [ 52.049599][ T5064] exit_mmap+0x275/0x630 [ 52.053825][ T5064] __mmput+0x114/0x3b0 [ 52.057883][ T5064] exit_mm+0x1ec/0x2c0 [ 52.061970][ T5064] do_exit+0x5c7/0x2150 [ 52.066131][ T5064] do_group_exit+0x1fd/0x2b0 [ 52.070711][ T5064] __x64_sys_exit_group+0x3b/0x40 [ 52.075722][ T5064] do_syscall_64+0x3d/0xb0 [ 52.080127][ T5064] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.086067][ T5064] [ 52.088387][ T5064] Memory state around the buggy address: [ 52.094013][ T5064] ffff88807fcb4a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.102060][ T5064] ffff88807fcb4b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.110102][ T5064] >ffff88807fcb4b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.118140][ T5064] ^ [ 52.122197][ T5064] ffff88807fcb4c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.130254][ T5064] ffff88807fcb4c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.138300][ T5064] ================================================================== [ 52.150324][ T5064] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 52.157541][ T5064] CPU: 0 PID: 5064 Comm: syz-executor169 Not tainted 6.2.0-rc1-syzkaller #0 [ 52.166234][ T5064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 52.176289][ T5064] Call Trace: [ 52.179573][ T5064] [ 52.182494][ T5064] dump_stack_lvl+0x1b1/0x290 [ 52.187177][ T5064] ? nf_tcp_handle_invalid+0x630/0x630 [ 52.192632][ T5064] ? panic+0x710/0x710 [ 52.196690][ T5064] ? lock_release+0x81/0x820 [ 52.201276][ T5064] ? vscnprintf+0x59/0x80 [ 52.205605][ T5064] panic+0x2d6/0x710 [ 52.209489][ T5064] ? check_panic_on_warn+0x1d/0xa0 [ 52.214597][ T5064] ? memcpy_page_flushcache+0x100/0x100 [ 52.220135][ T5064] ? _raw_spin_unlock_irqrestore+0x110/0x120 [ 52.226107][ T5064] ? _raw_spin_unlock+0x40/0x40 [ 52.230947][ T5064] ? rcu_read_lock_sched_held+0x5d/0x110 [ 52.236578][ T5064] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 52.242552][ T5064] check_panic_on_warn+0x80/0xa0 [ 52.247479][ T5064] ? ntfs_lookup_inode_by_name+0xe90/0x2ce0 [ 52.253370][ T5064] end_report+0x47/0x90 [ 52.257522][ T5064] kasan_report+0xda/0x100 [ 52.261929][ T5064] ? kmem_cache_alloc+0x20a/0x350 [ 52.266949][ T5064] ? ntfs_lookup_inode_by_name+0xe90/0x2ce0 [ 52.272923][ T5064] ntfs_lookup_inode_by_name+0xe90/0x2ce0 [ 52.278637][ T5064] ? down_read_killable+0x80/0x80 [ 52.283658][ T5064] check_windows_hibernation_status+0xec/0x4d0 [ 52.289807][ T5064] ? load_and_check_logfile+0xd0/0xd0 [ 52.295171][ T5064] ? load_system_files+0x3408/0x4870 [ 52.300446][ T5064] load_system_files+0x34e0/0x4870 [ 52.305555][ T5064] ? free_vm_area+0x50/0x50 [ 52.310047][ T5064] ? ntfs_setup_allocators+0x2d0/0x2d0 [ 52.315500][ T5064] ? mutex_unlock+0x10/0x10 [ 52.320018][ T5064] ? memset+0x1f/0x40 [ 52.323990][ T5064] ? generate_default_upcase+0x7a3/0x7f0 [ 52.329614][ T5064] ntfs_fill_super+0x19a9/0x2bf0 [ 52.334550][ T5064] mount_bdev+0x26c/0x3a0 [ 52.338878][ T5064] ? ntfs_mount+0x40/0x40 [ 52.343213][ T5064] legacy_get_tree+0xea/0x180 [ 52.347879][ T5064] ? ntfs_rl_punch_nolock+0x1160/0x1160 [ 52.353422][ T5064] vfs_get_tree+0x88/0x270 [ 52.357830][ T5064] do_new_mount+0x289/0xad0 [ 52.362325][ T5064] ? do_move_mount_old+0x150/0x150 [ 52.367424][ T5064] ? user_path_at_empty+0x149/0x1a0 [ 52.372620][ T5064] __se_sys_mount+0x2d3/0x3c0 [ 52.377287][ T5064] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 52.383350][ T5064] ? __x64_sys_mount+0xc0/0xc0 [ 52.388101][ T5064] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 52.394072][ T5064] ? lockdep_hardirqs_on+0x8d/0x130 [ 52.399257][ T5064] ? __x64_sys_mount+0x1c/0xc0 [ 52.404010][ T5064] do_syscall_64+0x3d/0xb0 [ 52.408419][ T5064] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 52.414303][ T5064] RIP: 0033:0x7fc7b7d9644a [ 52.418707][ T5064] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 08 01 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 52.438300][ T5064] RSP: 002b:00007ffc447f93f8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 52.446704][ T5064] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fc7b7d9644a [ 52.454665][ T5064] RDX: 0000000020000000 RSI: 000000002001ee80 RDI: 00007ffc447f9410 [ 52.462624][ T5064] RBP: 00007ffc447f9410 R08: 00007ffc447f9450 R09: 000000000001ee3c [ 52.470585][ T5064] R10: 0000000000004010 R11: 0000000000000286 R12: 0000000000000004 [ 52.478544][ T5064] R13: 00005555560972c0 R14: 0000000000004010 R15: 00007ffc447f9450 [ 52.486508][ T5064] [ 52.489737][ T5064] Kernel Offset: disabled [ 52.494051][ T5064] Rebooting in 86400 seconds..