Warning: Permanently added '10.128.1.10' (ED25519) to the list of known hosts.
2023/12/31 00:10:36 ignoring optional flag "sandboxArg"="0"
2023/12/31 00:10:36 parsed 1 programs
[ 103.036479][ T27] kauditd_printk_skb: 72 callbacks suppressed
[ 103.036494][ T27] audit: type=1400 audit(1703981436.472:199): avc: denied { getattr } for pid=5406 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 103.068486][ T27] audit: type=1400 audit(1703981436.472:200): avc: denied { read } for pid=5406 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 103.090646][ T27] audit: type=1400 audit(1703981436.472:201): avc: denied { open } for pid=5406 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 103.141131][ T27] audit: type=1400 audit(1703981436.582:202): avc: denied { mounton } for pid=5411 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
2023/12/31 00:10:36 executed programs: 0
[ 103.170601][ T27] audit: type=1400 audit(1703981436.582:203): avc: denied { mount } for pid=5411 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 103.254129][ T49] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 103.262844][ T49] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 103.270869][ T49] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 103.281059][ T49] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 103.290509][ T49] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 103.297895][ T49] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 103.311041][ T27] audit: type=1400 audit(1703981436.752:204): avc: denied { mounton } for pid=5418 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 103.477562][ T5418] chnl_net:caif_netlink_parms(): no params data found
[ 103.553383][ T5418] bridge0: port 1(bridge_slave_0) entered blocking state
[ 103.560689][ T5418] bridge0: port 1(bridge_slave_0) entered disabled state
[ 103.568015][ T5418] bridge_slave_0: entered allmulticast mode
[ 103.575231][ T5418] bridge_slave_0: entered promiscuous mode
[ 103.583892][ T5418] bridge0: port 2(bridge_slave_1) entered blocking state
[ 103.591196][ T5418] bridge0: port 2(bridge_slave_1) entered disabled state
[ 103.598519][ T5418] bridge_slave_1: entered allmulticast mode
[ 103.605519][ T5418] bridge_slave_1: entered promiscuous mode
[ 103.640516][ T5418] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 103.652691][ T5418] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 103.688037][ T5418] team0: Port device team_slave_0 added
[ 103.696802][ T5418] team0: Port device team_slave_1 added
[ 103.727363][ T5418] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 103.734505][ T5418] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 103.760470][ T5418] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 103.773726][ T5418] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 103.780916][ T5418] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 103.807195][ T5418] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 103.857704][ T5418] hsr_slave_0: entered promiscuous mode
[ 103.864791][ T5418] hsr_slave_1: entered promiscuous mode
[ 104.651570][ T5418] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 104.666600][ T5418] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 104.681881][ T5418] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 104.695000][ T5418] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 104.851410][ T5418] 8021q: adding VLAN 0 to HW filter on device bond0
[ 104.885545][ T5418] 8021q: adding VLAN 0 to HW filter on device team0
[ 104.915479][ T5077] bridge0: port 1(bridge_slave_0) entered blocking state
[ 104.922766][ T5077] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 104.935920][ T5077] bridge0: port 2(bridge_slave_1) entered blocking state
[ 104.943307][ T5077] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 105.235600][ T5418] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 105.316764][ T5418] veth0_vlan: entered promiscuous mode
[ 105.330228][ T49] Bluetooth: hci0: command 0x0409 tx timeout
[ 105.347295][ T5418] veth1_vlan: entered promiscuous mode
[ 105.410019][ T5418] veth0_macvtap: entered promiscuous mode
[ 105.425415][ T5418] veth1_macvtap: entered promiscuous mode
[ 105.462015][ T5418] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 105.484942][ T5418] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 105.503661][ T5418] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 105.515416][ T5418] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 105.526940][ T5418] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 105.537332][ T5418] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 105.680392][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.700496][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 105.767865][ T948] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 105.780684][ T948] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 105.794606][ T27] audit: type=1400 audit(1703981439.232:205): avc: denied { mounton } for pid=5418 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=2323 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 106.020787][ T5485] loop0: detected capacity change from 0 to 8192
[ 106.032444][ T27] audit: type=1400 audit(1703981439.472:206): avc: denied { mounton } for pid=5484 comm="syz-executor.0" path="/root/syzkaller-testdir851543014/syzkaller.lJDJT2/0/file0" dev="sda1" ino=1937 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 106.087472][ T5485] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 106.103801][ T5485] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[ 106.113839][ T5485] REISERFS (device loop0): using ordered data mode
[ 106.121775][ T5485] reiserfs: using flush barriers
[ 106.130181][ T5485] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 106.150849][ T5485] REISERFS (device loop0): checking transaction log (loop0)
[ 106.317128][ T5485] REISERFS (device loop0): Using r5 hash to sort names
[ 106.327915][ T5485] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[ 106.342171][ T27] audit: type=1400 audit(1703981439.782:207): avc: denied { mount } for pid=5484 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[ 106.388636][ T5485] ==================================================================
[ 106.396742][ T5485] BUG: KASAN: use-after-free in strlen+0x7d/0xa0
[ 106.403117][ T5485] Read of size 1 at addr ffff88806c6ec9cc by task syz-executor.0/5485
[ 106.411290][ T5485]
[ 106.413647][ T5485] CPU: 1 PID: 5485 Comm: syz-executor.0 Not tainted 6.7.0-rc7-syzkaller-00049-g453f5db0619e #0
[ 106.423988][ T5485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 106.434144][ T5485] Call Trace:
[ 106.437435][ T5485]
[ 106.440379][ T5485] dump_stack_lvl+0xd9/0x1b0
[ 106.444991][ T5485] print_report+0xc4/0x620
[ 106.449427][ T5485] ? __virt_addr_valid+0x5e/0x2d0
[ 106.454564][ T5485] ? __phys_addr+0xc6/0x140
[ 106.459176][ T5485] kasan_report+0xda/0x110
[ 106.463702][ T5485] ? strlen+0x7d/0xa0
[ 106.467707][ T5485] ? strlen+0x7d/0xa0
[ 106.471708][ T5485] strlen+0x7d/0xa0
[ 106.475590][ T5485] set_de_name_and_namelen+0x4c8/0x6a0
[ 106.481086][ T5485] search_by_entry_key+0x473/0x940
[ 106.486375][ T5485] reiserfs_readdir_inode+0x2f0/0x14b0
[ 106.491858][ T5485] ? lockdep_unlock+0x11b/0x290
[ 106.496733][ T5485] ? __lock_acquire+0x1fc1/0x3b20
[ 106.501886][ T5485] ? reiserfs_dir_fsync+0x140/0x140
[ 106.507136][ T5485] ? rwsem_read_trylock+0x12a/0x250
[ 106.512360][ T5485] ? down_read_killable+0xcc/0x380
[ 106.517491][ T5485] iterate_dir+0x1e5/0x5b0
[ 106.521935][ T5485] __x64_sys_getdents64+0x14f/0x2e0
[ 106.527248][ T5485] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 106.532555][ T5485] ? folio_memcg_unlock+0x240/0x240
[ 106.537776][ T5485] ? fillonedir+0x400/0x400
[ 106.542296][ T5485] ? syscall_enter_from_user_mode+0x7f/0x120
[ 106.548304][ T5485] ? lockdep_hardirqs_on+0x7d/0x110
[ 106.553525][ T5485] do_syscall_64+0x40/0x110
[ 106.558054][ T5485] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 106.564070][ T5485] RIP: 0033:0x7f65d887c959
[ 106.568586][ T5485] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 106.588214][ T5485] RSP: 002b:00007f65d95e70c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 106.596744][ T5485] RAX: ffffffffffffffda RBX: 00007f65d899bf80 RCX: 00007f65d887c959
[ 106.604740][ T5485] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 106.612733][ T5485] RBP: 00007f65d88d8c88 R08: 0000000000000000 R09: 0000000000000000
[ 106.620723][ T5485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 106.628724][ T5485] R13: 000000000000000b R14: 00007f65d899bf80 R15: 00007ffca161b468
[ 106.636802][ T5485]
[ 106.639836][ T5485]
[ 106.642165][ T5485] The buggy address belongs to the physical page:
[ 106.648584][ T5485] page:ffffea0001b1bb00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x6c6ec
[ 106.658847][ T5485] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 106.666063][ T5485] page_type: 0xffffffff()
[ 106.670409][ T5485] raw: 00fff00000000000 dead000000000100 dead000000000122 0000000000000000
[ 106.679096][ T5485] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 106.687692][ T5485] page dumped because: kasan: bad access detected
[ 106.694200][ T5485] page_owner tracks the page as freed
[ 106.699582][ T5485] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 5261, tgid 5261 (dhcpcd), ts 106378841067, free_ts 106381977763
[ 106.716970][ T5485] post_alloc_hook+0x2d0/0x350
[ 106.721764][ T5485] get_page_from_freelist+0xa25/0x36d0
[ 106.727339][ T5485] __alloc_pages+0x22e/0x2420
[ 106.732054][ T5485] alloc_pages_mpol+0x258/0x5f0
[ 106.736924][ T5485] vma_alloc_folio+0xad/0x220
[ 106.741623][ T5485] do_wp_page+0xd8d/0x36b0
[ 106.746055][ T5485] __handle_mm_fault+0x1d7d/0x3d70
[ 106.751196][ T5485] handle_mm_fault+0x47a/0xa10
[ 106.755979][ T5485] do_user_addr_fault+0x30b/0x1000
[ 106.761125][ T5485] exc_page_fault+0x5d/0xc0
[ 106.765651][ T5485] asm_exc_page_fault+0x26/0x30
[ 106.770516][ T5485] page last free stack trace:
[ 106.775193][ T5485] free_unref_page_prepare+0x4fa/0xaa0
[ 106.780666][ T5485] free_unref_page_list+0xe6/0xb40
[ 106.785791][ T5485] release_pages+0x32a/0x14f0
[ 106.790658][ T5485] tlb_batch_pages_flush+0x9a/0x190
[ 106.795941][ T5485] tlb_finish_mmu+0x14b/0x6f0
[ 106.800633][ T5485] exit_mmap+0x38b/0xa70
[ 106.804867][ T5485] __mmput+0x12a/0x4d0
[ 106.808929][ T5485] mmput+0x62/0x70
[ 106.812730][ T5485] do_exit+0x9a5/0x2ad0
[ 106.816889][ T5485] do_group_exit+0xd4/0x2a0
[ 106.821477][ T5485] __x64_sys_exit_group+0x3e/0x50
[ 106.826595][ T5485] do_syscall_64+0x40/0x110
[ 106.831095][ T5485] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 106.836993][ T5485]
[ 106.839307][ T5485] Memory state around the buggy address:
[ 106.844924][ T5485] ffff88806c6ec880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 106.852983][ T5485] ffff88806c6ec900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 106.861213][ T5485] >ffff88806c6ec980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 106.869259][ T5485] ^
[ 106.875743][ T5485] ffff88806c6eca00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 106.883835][ T5485] ffff88806c6eca80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 106.891968][ T5485] ==================================================================
[ 106.903384][ T5485] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 106.910780][ T5485] CPU: 0 PID: 5485 Comm: syz-executor.0 Not tainted 6.7.0-rc7-syzkaller-00049-g453f5db0619e #0
[ 106.921126][ T5485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[ 106.931200][ T5485] Call Trace:
[ 106.934494][ T5485]
[ 106.937442][ T5485] dump_stack_lvl+0xd9/0x1b0
[ 106.942062][ T5485] panic+0x6dc/0x790
[ 106.945982][ T5485] ? panic_smp_self_stop+0xa0/0xa0
[ 106.951302][ T5485] ? irqentry_exit+0x3b/0x80
[ 106.955956][ T5485] ? lockdep_hardirqs_on+0x7d/0x110
[ 106.961182][ T5485] ? preempt_schedule_thunk+0x1a/0x30
[ 106.966609][ T5485] ? preempt_schedule_common+0x45/0xc0
[ 106.972103][ T5485] ? check_panic_on_warn+0x1f/0xb0
[ 106.977245][ T5485] check_panic_on_warn+0xab/0xb0
[ 106.982209][ T5485] end_report+0x108/0x150
[ 106.986562][ T5485] kasan_report+0xea/0x110
[ 106.991007][ T5485] ? strlen+0x7d/0xa0
[ 106.995019][ T5485] ? strlen+0x7d/0xa0
[ 106.999024][ T5485] strlen+0x7d/0xa0
[ 107.002854][ T5485] set_de_name_and_namelen+0x4c8/0x6a0
[ 107.008352][ T5485] search_by_entry_key+0x473/0x940
[ 107.013506][ T5485] reiserfs_readdir_inode+0x2f0/0x14b0
[ 107.019080][ T5485] ? lockdep_unlock+0x11b/0x290
[ 107.023957][ T5485] ? __lock_acquire+0x1fc1/0x3b20
[ 107.029096][ T5485] ? reiserfs_dir_fsync+0x140/0x140
[ 107.034324][ T5485] ? rwsem_read_trylock+0x12a/0x250
[ 107.039552][ T5485] ? down_read_killable+0xcc/0x380
[ 107.044684][ T5485] iterate_dir+0x1e5/0x5b0
[ 107.051122][ T5485] __x64_sys_getdents64+0x14f/0x2e0
[ 107.056344][ T5485] ? __ia32_sys_getdents+0x2d0/0x2d0
[ 107.061657][ T5485] ? folio_memcg_unlock+0x240/0x240
[ 107.066964][ T5485] ? fillonedir+0x400/0x400
[ 107.071499][ T5485] ? syscall_enter_from_user_mode+0x7f/0x120
[ 107.077516][ T5485] ? lockdep_hardirqs_on+0x7d/0x110
[ 107.082745][ T5485] do_syscall_64+0x40/0x110
[ 107.087277][ T5485] entry_SYSCALL_64_after_hwframe+0x63/0x6b
[ 107.093202][ T5485] RIP: 0033:0x7f65d887c959
[ 107.097628][ T5485] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 107.117428][ T5485] RSP: 002b:00007f65d95e70c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[ 107.125955][ T5485] RAX: ffffffffffffffda RBX: 00007f65d899bf80 RCX: 00007f65d887c959
[ 107.134129][ T5485] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 107.142121][ T5485] RBP: 00007f65d88d8c88 R08: 0000000000000000 R09: 0000000000000000
[ 107.150369][ T5485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 107.158357][ T5485] R13: 000000000000000b R14: 00007f65d899bf80 R15: 00007ffca161b468
[ 107.166351][ T5485]
[ 107.169587][ T5485] Kernel Offset: disabled
[ 107.173919][ T5485] Rebooting in 86400 seconds..