[ 49.502964][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.514441][ T9] device veth1_macvtap left promiscuous mode [ 49.520577][ T9] device veth0_macvtap left promiscuous mode [ 49.527215][ T9] device veth1_vlan left promiscuous mode [ 49.533042][ T9] device veth0_vlan left promiscuous mode [ 49.619661][ T9] team0 (unregistering): Port device team_slave_1 removed [ 49.630892][ T9] team0 (unregistering): Port device team_slave_0 removed [ 49.645211][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 49.658760][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 49.690690][ T9] bond0 (unregistering): Released all slaves Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts. 2023/07/11 11:19:21 ignoring optional flag "sandboxArg"="0" 2023/07/11 11:19:21 parsed 1 programs 2023/07/11 11:19:21 executed programs: 0 [ 66.245986][ T47] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 66.253514][ T47] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 66.261389][ T47] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 66.269290][ T47] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 66.276975][ T47] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 66.284567][ T47] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 66.360960][ T3898] chnl_net:caif_netlink_parms(): no params data found [ 66.394505][ T3898] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.402333][ T3898] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.410038][ T3898] device bridge_slave_0 entered promiscuous mode [ 66.418254][ T3898] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.425416][ T3898] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.433320][ T3898] device bridge_slave_1 entered promiscuous mode [ 66.452614][ T3898] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.464350][ T3898] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.484325][ T3898] team0: Port device team_slave_0 added [ 66.491998][ T3898] team0: Port device team_slave_1 added [ 66.507394][ T3898] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.514542][ T3898] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.541953][ T3898] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 66.554212][ T3898] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 66.562199][ T3898] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.590261][ T3898] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 66.615761][ T3898] device hsr_slave_0 entered promiscuous mode [ 66.623132][ T3898] device hsr_slave_1 entered promiscuous mode [ 67.154446][ T3898] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 67.164004][ T3898] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 67.176658][ T3898] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 67.185943][ T3898] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 67.208065][ T3898] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.215312][ T3898] bridge0: port 2(bridge_slave_1) entered forwarding state [ 67.222937][ T3898] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.230082][ T3898] bridge0: port 1(bridge_slave_0) entered forwarding state [ 67.278851][ T3898] 8021q: adding VLAN 0 to HW filter on device bond0 [ 67.292852][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 67.302275][ T26] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.310812][ T26] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.319114][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 67.332186][ T3898] 8021q: adding VLAN 0 to HW filter on device team0 [ 67.343901][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 67.353565][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.360721][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 67.379770][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 67.389686][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 67.398711][ T3559] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.405896][ T3559] bridge0: port 2(bridge_slave_1) entered forwarding state [ 67.413883][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 67.423094][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 67.432217][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 67.442124][ T3559] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 67.465408][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 67.474374][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 67.484434][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 67.493934][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 67.503323][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 67.511945][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 67.521247][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 67.531261][ T3898] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 67.663587][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 67.672578][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 67.682968][ T3898] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 67.701412][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 67.711217][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 67.732892][ T3898] device veth0_vlan entered promiscuous mode [ 67.739728][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 67.750331][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 67.762927][ T3898] device veth1_vlan entered promiscuous mode [ 67.772465][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 67.781241][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 67.790597][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 67.812224][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 67.821338][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 67.830957][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 67.842012][ T3898] device veth0_macvtap entered promiscuous mode [ 67.855134][ T3898] device veth1_macvtap entered promiscuous mode [ 67.873548][ T3898] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.882881][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 67.895246][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 67.903762][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 67.913550][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 67.925016][ T3898] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.934242][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 67.944428][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 67.956346][ T3898] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.965510][ T3898] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.976941][ T3898] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.986098][ T3898] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.040806][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.056755][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.064421][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.073457][ T152] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.080093][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.090787][ T3932] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 68.138688][ T3977] loop0: detected capacity change from 0 to 190 [ 68.147437][ T3977] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid boot sector checksum. [ 68.160932][ T3977] ntfs: (device loop0): map_mft_record_page(): Mft record 0x1 is corrupt. Run chkdsk. [ 68.173419][ T3977] ntfs: (device loop0): map_mft_record(): Failed with error code 5. [ 68.182235][ T3977] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 68.195960][ T3977] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 68.210749][ T3977] ntfs: (device loop0): ntfs_external_attr_find(): Base inode 0xa contains corrupt attribute list attribute. Unmount and run chkdsk. [ 68.225434][ T3977] ntfs: (device loop0): ntfs_read_locked_inode(): Failed to lookup $DATA attribute. [ 68.235431][ T3977] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 68.249682][ T3977] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 68.262329][ T3977] ntfs: volume version 3.1. [ 68.267800][ T3977] syz-executor.0: attempt to access beyond end of device [ 68.267800][ T3977] loop0: rw=0, sector=2072, nr_sectors = 8 limit=190 [ 68.282681][ T3977] ntfs: (device loop0): ntfs_end_buffer_async_read(): Buffer I/O error, logical block 0x103. [ 68.294036][ T3977] syz-executor.0: attempt to access beyond end of device [ 68.294036][ T3977] loop0: rw=0, sector=552, nr_sectors = 8 limit=190 [ 68.308859][ T3977] syz-executor.0: attempt to access beyond end of device [ 68.308859][ T3977] loop0: rw=0, sector=224, nr_sectors = 8 limit=190 [ 68.327110][ T3550] Bluetooth: hci0: command 0x0409 tx timeout [ 68.353789][ T3990] loop0: detected capacity change from 0 to 190 [ 68.364671][ T3990] ================================================================== [ 68.372778][ T3990] BUG: KASAN: use-after-free in ntfs_read_folio+0x9b8/0x2770 [ 68.380615][ T3990] Read of size 1 at addr ffff88806bcb817f by task syz-executor.0/3990 [ 68.388964][ T3990] [ 68.391387][ T3990] CPU: 0 PID: 3990 Comm: syz-executor.0 Not tainted 6.1.38-syzkaller #0 [ 68.404299][ T3990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/03/2023 [ 68.414812][ T3990] Call Trace: [ 68.418320][ T3990] [ 68.421275][ T3990] dump_stack_lvl+0x210/0x2fc [ 68.425987][ T3990] ? nf_tcp_handle_invalid+0x5d0/0x5d0 [ 68.431653][ T3990] ? panic+0x56e/0x56e [ 68.435945][ T3990] ? _printk+0xd1/0x111 [ 68.440484][ T3990] print_report+0x15f/0x4f0 [ 68.445554][ T3990] ? __lock_acquire+0xb70/0xb70 [ 68.451193][ T3990] ? __virt_addr_valid+0x20d/0x2a0 [ 68.456506][ T3990] ? __phys_addr+0x8c/0x120 [ 68.461399][ T3990] ? ntfs_read_folio+0x9b8/0x2770 [ 68.466560][ T3990] kasan_report+0x136/0x160 [ 68.471094][ T3990] ? ntfs_read_folio+0x9b8/0x2770 [ 68.476345][ T3990] kasan_check_range+0x27f/0x290 [ 68.481444][ T3990] ? ntfs_read_folio+0x9b8/0x2770 [ 68.486498][ T3990] memcpy+0x25/0x60 [ 68.490335][ T3990] ntfs_read_folio+0x9b8/0x2770 [ 68.495333][ T3990] ? read_lock_is_recursive+0x10/0x10 [ 68.501184][ T3990] ? __lock_acquire+0xb70/0xb70 [ 68.506147][ T3990] ? ntfs_writepage+0x1ac0/0x1ac0 [ 68.511422][ T3990] ? folio_add_lru+0x9e0/0x9e0 [ 68.516385][ T3990] ? folio_batch_add_and_move+0x146/0x240 [ 68.522573][ T3990] ? folio_add_lru+0x3da/0x9e0 [ 68.527453][ T3990] filemap_read_folio+0x199/0x780 [ 68.532545][ T3990] ? filemap_add_folio+0x540/0x540 [ 68.539187][ T3990] ? ntfs_writepage+0x1ac0/0x1ac0 [ 68.544607][ T3990] ? maybe_unlock_mmap_for_io+0x130/0x130 [ 68.550569][ T3990] do_read_cache_folio+0x2ee/0x810 [ 68.555924][ T3990] ? ntfs_writepage+0x1ac0/0x1ac0 [ 68.560979][ T3990] do_read_cache_page+0x32/0x220 [ 68.565958][ T3990] load_system_files+0x1a14/0x4620 [ 68.571447][ T3990] ? ntfs_fill_super+0x1745/0x2760 [ 68.576850][ T3990] ? free_vm_area+0x50/0x50 [ 68.581505][ T3990] ? ntfs_setup_allocators+0x2d0/0x2d0 [ 68.587190][ T3990] ? mutex_unlock+0x10/0x10 [ 68.591721][ T3990] ? memset+0x1f/0x40 [ 68.595934][ T3990] ? generate_default_upcase+0x8c2/0x8f0 [ 68.602032][ T3990] ntfs_fill_super+0x174f/0x2760 [ 68.607099][ T3990] mount_bdev+0x2ad/0x3b0 [ 68.612060][ T3990] ? ntfs_mount+0x40/0x40 [ 68.616506][ T3990] legacy_get_tree+0xeb/0x180 [ 68.621203][ T3990] ? ntfs_rl_punch_nolock+0x15b0/0x15b0 [ 68.626771][ T3990] vfs_get_tree+0x89/0x1b0 [ 68.631211][ T3990] do_new_mount+0x291/0xa80 [ 68.635737][ T3990] ? ns_capable+0x80/0xe0 [ 68.640166][ T3990] ? do_move_mount_old+0x160/0x160 [ 68.645295][ T3990] ? user_path_at_empty+0x12b/0x180 [ 68.650513][ T3990] __se_sys_mount+0x2c4/0x3b0 [ 68.655302][ T3990] ? __x64_sys_mount+0xc0/0xc0 [ 68.660096][ T3990] ? switch_fpu_return+0x10a/0x170 [ 68.665247][ T3990] ? __x64_sys_mount+0x1c/0xc0 [ 68.670035][ T3990] do_syscall_64+0x3d/0xb0 [ 68.674912][ T3990] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 68.680913][ T3990] RIP: 0033:0x7fb4d388d69a [ 68.685432][ T3990] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 68.705327][ T3990] RSP: 002b:00007fb4d45f9f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 68.714043][ T3990] RAX: ffffffffffffffda RBX: 000000000000097e RCX: 00007fb4d388d69a [ 68.722035][ T3990] RDX: 0000000020000040 RSI: 000000002001f200 RDI: 00007fb4d45f9fe0 [ 68.730195][ T3990] RBP: 00007fb4d45fa020 R08: 00007fb4d45fa020 R09: 0000000000000000 [ 68.738273][ T3990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000020000040 [ 68.746958][ T3990] R13: 000000002001f200 R14: 00007fb4d45f9fe0 R15: 0000000020000000 [ 68.755404][ T3990] [ 68.758649][ T3990] [ 68.760981][ T3990] The buggy address belongs to the physical page: [ 68.767400][ T3990] page:ffffea0001af2e00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6bcb8 [ 68.777747][ T3990] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 68.785052][ T3990] raw: 00fff00000000000 ffffea0001af2e48 ffffea0001af2b48 0000000000000000 [ 68.793652][ T3990] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 68.802419][ T3990] page dumped because: kasan: bad access detected [ 68.808932][ T3990] page_owner tracks the page as freed [ 68.814480][ T3990] page last allocated via order 9, migratetype Movable, gfp_mask 0x3d24ca(GFP_TRANSHUGE|__GFP_NORETRY|__GFP_THISNODE), pid 3540, tgid 3534 (syz-fuzzer), ts 44605646526, free_ts 46087275111 [ 68.833195][ T3990] post_alloc_hook+0x286/0x2b0 [ 68.837980][ T3990] get_page_from_freelist+0x3100/0x32a0 [ 68.843628][ T3990] __alloc_pages+0x251/0x640 [ 68.848262][ T3990] __folio_alloc+0xf/0x30 [ 68.852772][ T3990] __folio_alloc_node+0x130/0x1b0 [ 68.858251][ T3990] vma_alloc_folio+0xc31/0xe30 [ 68.863039][ T3990] do_huge_pmd_anonymous_page+0x334/0x1bf0 [ 68.868913][ T3990] handle_mm_fault+0x19a9/0x5510 [ 68.874049][ T3990] exc_page_fault+0x22a/0x5e0 [ 68.878928][ T3990] asm_exc_page_fault+0x22/0x30 [ 68.883973][ T3990] page last free stack trace: [ 68.888836][ T3990] free_unref_page_prepare+0xd6c/0xf00 [ 68.894493][ T3990] free_unref_page+0x9a/0x500 [ 68.899290][ T3990] release_pages+0x667/0x2a40 [ 68.904172][ T3990] tlb_flush_mmu+0xfc/0x200 [ 68.908967][ T3990] tlb_finish_mmu+0xce/0x1f0 [ 68.913663][ T3990] zap_page_range_single+0x47d/0x540 [ 68.918978][ T3990] do_madvise+0x2702/0x42d0 [ 68.923498][ T3990] __x64_sys_madvise+0xa1/0xb0 [ 68.928276][ T3990] do_syscall_64+0x3d/0xb0 [ 68.933676][ T3990] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 68.939862][ T3990] [ 68.942286][ T3990] Memory state around the buggy address: [ 68.948124][ T3990] ffff88806bcb8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.956291][ T3990] ffff88806bcb8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.964535][ T3990] >ffff88806bcb8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.972782][ T3990] ^ [ 68.980942][ T3990] ffff88806bcb8180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.989282][ T3990] ffff88806bcb8200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.998147][ T3990] ================================================================== [ 69.007257][ T3990] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 69.014981][ T3990] Kernel Offset: disabled [ 69.019400][ T3990] Rebooting in 86400 seconds..