Warning: Permanently added '10.128.1.2' (ED25519) to the list of known hosts. 2024/04/22 05:19:19 ignoring optional flag "sandboxArg"="0" 2024/04/22 05:19:19 parsed 1 programs 2024/04/22 05:19:19 executed programs: 0 [ 46.363278] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 46.452084] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.458426] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.465137] device bridge_slave_0 entered promiscuous mode [ 46.471850] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.478160] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.484817] device bridge_slave_1 entered promiscuous mode [ 46.510492] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 46.517433] team0: Port device team_slave_0 added [ 46.522724] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 46.529583] team0: Port device team_slave_1 added [ 46.552151] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 46.559207] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 46.569877] device hsr_slave_0 entered promiscuous mode [ 46.575455] device hsr_slave_1 entered promiscuous mode [ 46.581120] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 46.588223] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 46.628388] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.634751] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.641307] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.647712] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.758690] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 46.765854] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 46.772163] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.778791] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.785501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 46.792210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 46.799588] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 46.805679] 8021q: adding VLAN 0 to HW filter on device team0 [ 46.812735] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 46.820175] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.826540] bridge0: port 1(bridge_slave_0) entered forwarding state [ 46.834101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 46.841756] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.848292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 46.855737] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 46.864116] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 46.872528] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 46.880103] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 46.887922] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 46.897408] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 46.907268] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 46.917394] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 46.923892] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 46.931164] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 46.938803] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 47.109774] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 47.117937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 47.146585] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 47.153279] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 47.159519] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 47.167165] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 47.174335] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 47.180989] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 47.188684] device veth0_vlan entered promiscuous mode [ 47.195320] device veth1_vlan entered promiscuous mode [ 47.200917] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 47.208290] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 47.258843] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 47.266837] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 47.273912] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 47.280843] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 47.288805] device veth0_macvtap entered promiscuous mode [ 47.294710] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 47.301972] device veth1_macvtap entered promiscuous mode [ 47.308499] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 47.316465] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 47.324351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 47.332102] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 47.339879] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 47.458288] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 47.464720] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.471901] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.474490] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 47.484926] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 47.491729] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 47.499073] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 47.506021] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 47.630903] ================================================================== [ 47.638297] BUG: KASAN: use-after-free in diWrite+0x90e/0x12a0 [ 47.644246] Write of size 32 at addr ffff8801de5a20c0 by task syz-executor.0/3810 [ 47.652119] [ 47.653732] CPU: 1 PID: 3810 Comm: syz-executor.0 Not tainted 4.19.0-syzkaller #0 [ 47.661545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 47.670968] Call Trace: [ 47.673541] dump_stack+0x10c/0x17a [ 47.677158] print_address_description.cold.6+0x9/0x244 [ 47.682690] kasan_report.cold.7+0x242/0x305 [ 47.687073] ? diWrite+0x90e/0x12a0 [ 47.690672] check_memory_region+0x13c/0x1b0 [ 47.695176] memcpy+0x37/0x50 [ 47.698393] diWrite+0x90e/0x12a0 [ 47.701828] txCommit+0x55f/0x3f40 [ 47.705375] ? _raw_spin_unlock+0x22/0x30 [ 47.709518] ? dtDeleteEntry+0x9a0/0x9a0 [ 47.713558] ? txAbort+0x520/0x520 [ 47.717189] ? __check_heap_object+0x2/0x120 [ 47.721583] ? __mark_inode_dirty+0xdd/0xae0 [ 47.725984] jfs_readdir+0x23b2/0x3af0 [ 47.729857] ? dtDelete+0x2d00/0x2d00 [ 47.733816] ? kasan_check_write+0x14/0x20 [ 47.738073] ? __mutex_lock+0x623/0xd80 [ 47.742033] ? __fdget_pos+0xa7/0xd0 [ 47.745720] ? lock_acquire+0x177/0x310 [ 47.749756] ? iterate_dir+0x353/0x5f0 [ 47.753706] iterate_dir+0x1b0/0x5f0 [ 47.757414] ksys_getdents64+0x102/0x1d0 [ 47.761450] ? lock_downgrade+0x590/0x590 [ 47.765573] ? __ia32_sys_getdents+0xa0/0xa0 [ 47.770042] ? filldir+0x450/0x450 [ 47.773579] ? vtime_user_exit+0xe9/0x190 [ 47.777954] __x64_sys_getdents64+0x6e/0xb0 [ 47.782367] do_syscall_64+0xd0/0x340 [ 47.786148] ? prepare_exit_to_usermode+0xec/0x130 [ 47.791237] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 47.796581] RIP: 0033:0x7f7e27af0ea9 [ 47.800276] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 47.819164] RSP: 002b:00007f7e276720c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 47.827543] RAX: ffffffffffffffda RBX: 00007f7e27c1ef80 RCX: 00007f7e27af0ea9 [ 47.835321] RDX: 000000000000005d RSI: 00000000200002c0 RDI: 0000000000000005 [ 47.842574] RBP: 00007f7e27b3d4a4 R08: 0000000000000000 R09: 0000000000000000 [ 47.849830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 47.857076] R13: 000000000000000b R14: 00007f7e27c1ef80 R15: 00007ffd0811deb8 [ 47.864326] [ 47.865926] The buggy address belongs to the page: [ 47.870827] page:ffffea0007796880 count:0 mapcount:0 mapping:0000000000000000 index:0x0 [ 47.879040] flags: 0x200000000000000() [ 47.882992] raw: 0200000000000000 ffffea00077968c8 ffff8801f6d302c8 0000000000000000 [ 47.890966] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 47.898827] page dumped because: kasan: bad access detected [ 47.904520] page_owner info is not active (free page?) [ 47.909867] [ 47.911471] Memory state around the buggy address: [ 47.916373] ffff8801de5a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 47.923793] ffff8801de5a2000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.931129] >ffff8801de5a2080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.938555] ^ [ 47.943981] ffff8801de5a2100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.951428] ffff8801de5a2180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.958772] ================================================================== [ 47.966110] Disabling lock debugging due to kernel taint [ 47.971879] Kernel panic - not syncing: panic_on_warn set ... [ 47.971879] [ 47.979690] Kernel Offset: disabled [ 47.983297] Rebooting in 86400 seconds..