Warning: Permanently added '10.128.10.19' (ED25519) to the list of known hosts.
2023/08/31 08:39:51 ignoring optional flag "sandboxArg"="0"
2023/08/31 08:39:51 parsed 1 programs
2023/08/31 08:39:51 executed programs: 0
[ 71.638708][ T5374] syz-execprog[5374]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[ 71.650813][ T5374] syz-execprog[5374]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[ 71.675621][ T1238] ieee802154 phy0 wpan0: encryption failed: -22
[ 71.682105][ T1238] ieee802154 phy1 wpan1: encryption failed: -22
[ 71.702946][ T5033] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 71.710345][ T49] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 71.720896][ T49] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 71.728476][ T5033] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 71.735994][ T5033] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 71.824932][ T5382] chnl_net:caif_netlink_parms(): no params data found
[ 71.866775][ T5382] bridge0: port 1(bridge_slave_0) entered blocking state
[ 71.874988][ T5382] bridge0: port 1(bridge_slave_0) entered disabled state
[ 71.882113][ T5382] bridge_slave_0: entered allmulticast mode
[ 71.889254][ T5382] bridge_slave_0: entered promiscuous mode
[ 71.896906][ T5382] bridge0: port 2(bridge_slave_1) entered blocking state
[ 71.904234][ T5382] bridge0: port 2(bridge_slave_1) entered disabled state
[ 71.911642][ T5382] bridge_slave_1: entered allmulticast mode
[ 71.918588][ T5382] bridge_slave_1: entered promiscuous mode
[ 71.939191][ T5382] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 71.950471][ T5382] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 71.973527][ T5382] team0: Port device team_slave_0 added
[ 71.980891][ T5382] team0: Port device team_slave_1 added
[ 72.000048][ T5382] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 72.007100][ T5382] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 72.033880][ T5382] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 72.046077][ T5382] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 72.053078][ T5382] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 72.079523][ T5382] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 72.110103][ T5382] hsr_slave_0: entered promiscuous mode
[ 72.116291][ T5382] hsr_slave_1: entered promiscuous mode
[ 72.608485][ T5382] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 72.619033][ T5382] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 72.629903][ T5382] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 72.640272][ T5382] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 72.664937][ T5382] bridge0: port 2(bridge_slave_1) entered blocking state
[ 72.672300][ T5382] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 72.679990][ T5382] bridge0: port 1(bridge_slave_0) entered blocking state
[ 72.687264][ T5382] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 72.750751][ T5382] 8021q: adding VLAN 0 to HW filter on device bond0
[ 72.766698][ T26] bridge0: port 1(bridge_slave_0) entered disabled state
[ 72.775242][ T26] bridge0: port 2(bridge_slave_1) entered disabled state
[ 72.790587][ T5382] 8021q: adding VLAN 0 to HW filter on device team0
[ 72.805289][ T26] bridge0: port 1(bridge_slave_0) entered blocking state
[ 72.812523][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 72.835234][ T26] bridge0: port 2(bridge_slave_1) entered blocking state
[ 72.842584][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 72.869971][ T5382] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 72.884775][ T5382] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 73.018107][ T5382] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 73.061777][ T5382] veth0_vlan: entered promiscuous mode
[ 73.074736][ T5382] veth1_vlan: entered promiscuous mode
[ 73.106514][ T5382] veth0_macvtap: entered promiscuous mode
[ 73.117393][ T5382] veth1_macvtap: entered promiscuous mode
[ 73.140560][ T5382] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 73.157745][ T5382] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 73.170543][ T5382] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 73.180888][ T5382] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 73.190871][ T5382] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 73.200603][ T5382] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 73.259736][ T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 73.272433][ T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 73.298137][ T22] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 73.306753][ T22] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 73.341920][ T5453] syz-executor.0[5453]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[ 73.403555][ T5453] loop0: detected capacity change from 0 to 8192
[ 73.412477][ T5453] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 73.426222][ T5453] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 73.436980][ T5453] REISERFS (device loop0): using ordered data mode
[ 73.444212][ T5453] reiserfs: using flush barriers
[ 73.450664][ T5453] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 73.468246][ T5453] REISERFS (device loop0): checking transaction log (loop0)
[ 73.476763][ T5453] REISERFS (device loop0): Using r5 hash to sort names
[ 73.550383][ T5466] syz-executor.0[5466]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[ 73.613822][ T5466] loop0: detected capacity change from 0 to 8192
[ 73.623563][ T5466] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 73.638225][ T5466] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 73.649258][ T5466] REISERFS (device loop0): using ordered data mode
[ 73.656255][ T5466] reiserfs: using flush barriers
[ 73.663132][ T5466] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 73.680280][ T5466] REISERFS (device loop0): checking transaction log (loop0)
[ 73.690008][ T5466] REISERFS (device loop0): Using r5 hash to sort names
[ 73.697334][ T5466] ==================================================================
[ 73.705603][ T5466] BUG: KASAN: use-after-free in strlen+0x58/0x70
[ 73.711959][ T5466] Read of size 1 at addr ffff8880706fd0c4 by task syz-executor.0/5466
[ 73.720186][ T5466]
[ 73.722527][ T5466] CPU: 1 PID: 5466 Comm: syz-executor.0 Not tainted 6.5.0-syzkaller-08894-gb97d64c72259 #0
[ 73.732530][ T5466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 73.742607][ T5466] Call Trace:
[ 73.745900][ T5466]
[ 73.749017][ T5466] dump_stack_lvl+0x1e7/0x2d0
[ 73.753736][ T5466] ? nf_tcp_handle_invalid+0x650/0x650
[ 73.759290][ T5466] ? panic+0x770/0x770
[ 73.763379][ T5466] ? _printk+0xd5/0x120
[ 73.767566][ T5466] print_report+0x163/0x540
[ 73.772096][ T5466] ? __virt_addr_valid+0x22f/0x2e0
[ 73.777258][ T5466] ? __phys_addr+0xba/0x170
[ 73.781784][ T5466] ? strlen+0x58/0x70
[ 73.785877][ T5466] kasan_report+0x175/0x1b0
[ 73.790396][ T5466] ? strlen+0x58/0x70
[ 73.792892][ T4436] Bluetooth: hci0: command 0x0409 tx timeout
[ 73.794463][ T5466] strlen+0x58/0x70
[ 73.804314][ T5466] reiserfs_find_entry+0x982/0x19b0
[ 73.810042][ T5466] ? reiserfs_get_parent+0x2d0/0x2d0
[ 73.815318][ T5466] ? d_alloc_parallel+0x3bc/0x13a0
[ 73.820421][ T5466] ? mutex_lock_nested+0x1b/0x20
[ 73.825435][ T5466] reiserfs_lookup+0x1e2/0x580
[ 73.830284][ T5466] ? reiserfs_init_priv_inode+0x150/0x150
[ 73.835996][ T5466] ? d_hash_and_lookup+0x1b0/0x1b0
[ 73.841096][ T5466] ? __init_waitqueue_head+0xae/0x150
[ 73.846460][ T5466] __lookup_slow+0x282/0x3e0
[ 73.851047][ T5466] ? lookup_one_len+0x2d0/0x2d0
[ 73.855903][ T5466] lookup_one_len+0x18b/0x2d0
[ 73.860566][ T5466] ? lookup_one_common+0x460/0x460
[ 73.865668][ T5466] reiserfs_lookup_privroot+0x89/0x180
[ 73.871154][ T5466] reiserfs_fill_super+0x195b/0x2620
[ 73.876448][ T5466] ? reiserfs_kill_sb+0x150/0x150
[ 73.881468][ T5466] ? __down_write_common+0x161/0x200
[ 73.886831][ T5466] mount_bdev+0x237/0x300
[ 73.891235][ T5466] ? reiserfs_kill_sb+0x150/0x150
[ 73.896361][ T5466] ? set_bdev_super_fc+0xa0/0xa0
[ 73.901369][ T5466] ? vfs_parse_fs_string+0x190/0x230
[ 73.906819][ T5466] ? vfs_parse_fs_param+0x410/0x410
[ 73.912178][ T5466] ? cap_capable+0x1b4/0x240
[ 73.916775][ T5466] legacy_get_tree+0xef/0x190
[ 73.921528][ T5466] ? remove_save_link+0x540/0x540
[ 73.926723][ T5466] vfs_get_tree+0x8c/0x280
[ 73.931210][ T5466] do_new_mount+0x28f/0xae0
[ 73.935987][ T5466] ? do_move_mount_old+0x170/0x170
[ 73.941087][ T5466] ? user_path_at_empty+0x12f/0x180
[ 73.946279][ T5466] __se_sys_mount+0x2d9/0x3c0
[ 73.951205][ T5466] ? __x64_sys_mount+0xc0/0xc0
[ 73.955954][ T5466] ? rcu_is_watching+0x15/0xb0
[ 73.960704][ T5466] ? __x64_sys_mount+0x20/0xc0
[ 73.965451][ T5466] do_syscall_64+0x41/0xc0
[ 73.969860][ T5466] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 73.975915][ T5466] RIP: 0033:0x7f9e1187dfda
[ 73.980490][ T5466] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 74.000601][ T5466] RSP: 002b:00007f9e12583ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 74.009003][ T5466] RAX: ffffffffffffffda RBX: 00007f9e12583f80 RCX: 00007f9e1187dfda
[ 74.017137][ T5466] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 00007f9e12583f40
[ 74.025286][ T5466] RBP: 00000000200000c0 R08: 00007f9e12583f80 R09: 0000000000008001
[ 74.033964][ T5466] R10: 0000000000008001 R11: 0000000000000246 R12: 0000000020000040
[ 74.041933][ T5466] R13: 00007f9e12583f40 R14: 0000000000001120 R15: 0000000020000300
[ 74.049916][ T5466]
[ 74.053030][ T5466]
[ 74.055540][ T5466] The buggy address belongs to the physical page:
[ 74.062108][ T5466] page:ffffea0001c1bf40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x706fd
[ 74.072244][ T5466] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 74.079712][ T5466] page_type: 0xffffffff()
[ 74.084041][ T5466] raw: 00fff00000000000 ffffea0001c1bf88 ffffea0001c11848 0000000000000000
[ 74.092885][ T5466] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 74.101471][ T5466] page dumped because: kasan: bad access detected
[ 74.107874][ T5466] page_owner tracks the page as freed
[ 74.113226][ T5466] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 5453, tgid 5452 (syz-executor.0), ts 73387344741, free_ts 73501407978
[ 74.131289][ T5466] post_alloc_hook+0x1e6/0x210
[ 74.136059][ T5466] get_page_from_freelist+0x31ec/0x3370
[ 74.141595][ T5466] __alloc_pages+0x255/0x670
[ 74.146174][ T5466] __folio_alloc+0x13/0x30
[ 74.150578][ T5466] vma_alloc_folio+0x48a/0x9a0
[ 74.155697][ T5466] shmem_alloc_and_acct_folio+0x438/0x9b0
[ 74.161939][ T5466] shmem_get_folio_gfp+0xca4/0x2b60
[ 74.167266][ T5466] shmem_write_begin+0x170/0x300
[ 74.172379][ T5466] generic_perform_write+0x31b/0x630
[ 74.177745][ T5466] shmem_file_write_iter+0xfc/0x120
[ 74.183039][ T5466] vfs_write+0x782/0xaf0
[ 74.187385][ T5466] ksys_write+0x1a0/0x2c0
[ 74.191714][ T5466] do_syscall_64+0x41/0xc0
[ 74.196133][ T5466] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 74.202020][ T5466] page last free stack trace:
[ 74.206697][ T5466] free_unref_page_prepare+0x8c3/0x9f0
[ 74.212360][ T5466] free_unref_page_list+0x596/0x830
[ 74.217588][ T5466] release_pages+0x2113/0x23f0
[ 74.222576][ T5466] __folio_batch_release+0x84/0x100
[ 74.227818][ T5466] shmem_undo_range+0x6ad/0x19c0
[ 74.232857][ T5466] shmem_evict_inode+0x29e/0xa80
[ 74.237973][ T5466] evict+0x2a4/0x620
[ 74.242230][ T5466] __dentry_kill+0x436/0x650
[ 74.246830][ T5466] dentry_kill+0xbb/0x290
[ 74.251177][ T5466] dput+0x1f3/0x420
[ 74.255285][ T5466] __fput+0x60d/0x910
[ 74.259274][ T5466] task_work_run+0x24a/0x300
[ 74.263868][ T5466] exit_to_user_mode_loop+0xd9/0x100
[ 74.269148][ T5466] exit_to_user_mode_prepare+0xb1/0x140
[ 74.274816][ T5466] syscall_exit_to_user_mode+0x64/0x280
[ 74.280377][ T5466] do_syscall_64+0x4d/0xc0
[ 74.284837][ T5466]
[ 74.287155][ T5466] Memory state around the buggy address:
[ 74.292849][ T5466] ffff8880706fcf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 74.301101][ T5466] ffff8880706fd000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 74.309160][ T5466] >ffff8880706fd080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 74.317208][ T5466] ^
[ 74.323363][ T5466] ffff8880706fd100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 74.331532][ T5466] ffff8880706fd180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 74.339598][ T5466] ==================================================================
[ 74.381443][ T5466] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 74.388773][ T5466] CPU: 1 PID: 5466 Comm: syz-executor.0 Not tainted 6.5.0-syzkaller-08894-gb97d64c72259 #0
[ 74.398856][ T5466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023
[ 74.409106][ T5466] Call Trace:
[ 74.412405][ T5466]
[ 74.415355][ T5466] dump_stack_lvl+0x1e7/0x2d0
[ 74.420057][ T5466] ? nf_tcp_handle_invalid+0x650/0x650
[ 74.425546][ T5466] ? panic+0x770/0x770
[ 74.429629][ T5466] ? rcu_is_watching+0x15/0xb0
[ 74.434515][ T5466] ? vscnprintf+0x5d/0x80
[ 74.438871][ T5466] panic+0x30f/0x770
[ 74.442865][ T5466] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 74.449136][ T5466] ? check_panic_on_warn+0x21/0xa0
[ 74.454277][ T5466] ? __memcpy_flushcache+0x2b0/0x2b0
[ 74.459585][ T5466] ? _raw_spin_unlock_irqrestore+0x12c/0x140
[ 74.465594][ T5466] ? _raw_spin_unlock+0x40/0x40
[ 74.470470][ T5466] check_panic_on_warn+0x82/0xa0
[ 74.475429][ T5466] ? strlen+0x58/0x70
[ 74.479430][ T5466] end_report+0x6e/0x130
[ 74.483688][ T5466] kasan_report+0x186/0x1b0
[ 74.488306][ T5466] ? strlen+0x58/0x70
[ 74.492311][ T5466] strlen+0x58/0x70
[ 74.496145][ T5466] reiserfs_find_entry+0x982/0x19b0
[ 74.501389][ T5466] ? reiserfs_get_parent+0x2d0/0x2d0
[ 74.506743][ T5466] ? d_alloc_parallel+0x3bc/0x13a0
[ 74.511915][ T5466] ? mutex_lock_nested+0x1b/0x20
[ 74.516884][ T5466] reiserfs_lookup+0x1e2/0x580
[ 74.521769][ T5466] ? reiserfs_init_priv_inode+0x150/0x150
[ 74.527525][ T5466] ? d_hash_and_lookup+0x1b0/0x1b0
[ 74.532675][ T5466] ? __init_waitqueue_head+0xae/0x150
[ 74.538071][ T5466] __lookup_slow+0x282/0x3e0
[ 74.542775][ T5466] ? lookup_one_len+0x2d0/0x2d0
[ 74.547752][ T5466] lookup_one_len+0x18b/0x2d0
[ 74.552460][ T5466] ? lookup_one_common+0x460/0x460
[ 74.557714][ T5466] reiserfs_lookup_privroot+0x89/0x180
[ 74.563204][ T5466] reiserfs_fill_super+0x195b/0x2620
[ 74.568790][ T5466] ? reiserfs_kill_sb+0x150/0x150
[ 74.573951][ T5466] ? __down_write_common+0x161/0x200
[ 74.579280][ T5466] mount_bdev+0x237/0x300
[ 74.583633][ T5466] ? reiserfs_kill_sb+0x150/0x150
[ 74.588702][ T5466] ? set_bdev_super_fc+0xa0/0xa0
[ 74.594271][ T5466] ? vfs_parse_fs_string+0x190/0x230
[ 74.599589][ T5466] ? vfs_parse_fs_param+0x410/0x410
[ 74.605001][ T5466] ? cap_capable+0x1b4/0x240
[ 74.609613][ T5466] legacy_get_tree+0xef/0x190
[ 74.614311][ T5466] ? remove_save_link+0x540/0x540
[ 74.619356][ T5466] vfs_get_tree+0x8c/0x280
[ 74.623791][ T5466] do_new_mount+0x28f/0xae0
[ 74.628314][ T5466] ? do_move_mount_old+0x170/0x170
[ 74.633534][ T5466] ? user_path_at_empty+0x12f/0x180
[ 74.638942][ T5466] __se_sys_mount+0x2d9/0x3c0
[ 74.643839][ T5466] ? __x64_sys_mount+0xc0/0xc0
[ 74.648709][ T5466] ? rcu_is_watching+0x15/0xb0
[ 74.653498][ T5466] ? __x64_sys_mount+0x20/0xc0
[ 74.658288][ T5466] do_syscall_64+0x41/0xc0
[ 74.662811][ T5466] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 74.668825][ T5466] RIP: 0033:0x7f9e1187dfda
[ 74.673347][ T5466] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 74.693325][ T5466] RSP: 002b:00007f9e12583ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 74.701862][ T5466] RAX: ffffffffffffffda RBX: 00007f9e12583f80 RCX: 00007f9e1187dfda
[ 74.709943][ T5466] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 00007f9e12583f40
[ 74.717932][ T5466] RBP: 00000000200000c0 R08: 00007f9e12583f80 R09: 0000000000008001
[ 74.726017][ T5466] R10: 0000000000008001 R11: 0000000000000246 R12: 0000000020000040
[ 74.734269][ T5466] R13: 00007f9e12583f40 R14: 0000000000001120 R15: 0000000020000300
[ 74.742328][ T5466]
[ 74.746250][ T5466] Kernel Offset: disabled
[ 74.750596][ T5466] Rebooting in 86400 seconds..