Warning: Permanently added '[localhost]:34652' (ED25519) to the list of known hosts.
2023/10/10 14:19:43 ignoring optional flag "sandboxArg"="0"
2023/10/10 14:19:43 parsed 1 programs
[ 85.489845][ T37] kauditd_printk_skb: 75 callbacks suppressed
[ 85.489859][ T37] audit: type=1400 audit(1696947583.989:206): avc: denied { getattr } for pid=5371 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 85.501590][ T37] audit: type=1400 audit(1696947583.989:207): avc: denied { read } for pid=5371 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 85.516092][ T37] audit: type=1400 audit(1696947583.989:208): avc: denied { open } for pid=5371 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 85.544869][ T37] audit: type=1400 audit(1696947584.039:209): avc: denied { mounton } for pid=5384 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 85.566424][ T37] audit: type=1400 audit(1696947584.049:210): avc: denied { mount } for pid=5384 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 85.578940][ T37] audit: type=1400 audit(1696947584.069:211): avc: denied { read write } for pid=5384 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 85.591975][ T37] audit: type=1400 audit(1696947584.069:212): avc: denied { open } for pid=5384 comm="syz-executor" path="/swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 85.648426][ T37] audit: type=1400 audit(1696947584.149:213): avc: denied { unlink } for pid=5384 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 86.278767][ T37] audit: type=1400 audit(1696947584.779:214): avc: denied { relabelto } for pid=5387 comm="mkswap" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 87.346922][ T822] cfg80211: failed to load regulatory.db
[ 87.516728][ T5384] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
2023/10/10 14:19:46 executed programs: 0
[ 87.587510][ T5167] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 87.592249][ T5167] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 87.613229][ T5167] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 87.618552][ T5167] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 87.622720][ T5167] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 87.641581][ T37] audit: type=1400 audit(1696947586.139:215): avc: denied { mounton } for pid=5394 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 87.855107][ T5394] chnl_net:caif_netlink_parms(): no params data found
[ 88.000255][ T5394] bridge0: port 1(bridge_slave_0) entered blocking state
[ 88.003717][ T5394] bridge0: port 1(bridge_slave_0) entered disabled state
[ 88.008396][ T5394] bridge_slave_0: entered allmulticast mode
[ 88.012548][ T5394] bridge_slave_0: entered promiscuous mode
[ 88.020183][ T5394] bridge0: port 2(bridge_slave_1) entered blocking state
[ 88.024011][ T5394] bridge0: port 2(bridge_slave_1) entered disabled state
[ 88.027674][ T5394] bridge_slave_1: entered allmulticast mode
[ 88.032040][ T5394] bridge_slave_1: entered promiscuous mode
[ 88.104665][ T5394] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 88.116473][ T5394] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 88.197980][ T5394] team0: Port device team_slave_0 added
[ 88.204874][ T5394] team0: Port device team_slave_1 added
[ 88.287749][ T5394] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 88.290607][ T5394] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 88.302386][ T5394] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 88.310000][ T5394] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 88.312885][ T5394] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 88.340095][ T5394] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 88.421298][ T5394] hsr_slave_0: entered promiscuous mode
[ 88.425256][ T5394] hsr_slave_1: entered promiscuous mode
[ 89.129236][ T5394] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 89.138135][ T5394] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 89.147558][ T5394] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 89.158206][ T5394] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 89.251037][ T5394] 8021q: adding VLAN 0 to HW filter on device bond0
[ 89.277385][ T5394] 8021q: adding VLAN 0 to HW filter on device team0
[ 89.287615][ T32] bridge0: port 1(bridge_slave_0) entered blocking state
[ 89.291571][ T32] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 89.311034][ T27] bridge0: port 2(bridge_slave_1) entered blocking state
[ 89.314611][ T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 89.350765][ T5394] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 89.524194][ T5394] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 89.567544][ T5394] veth0_vlan: entered promiscuous mode
[ 89.578685][ T5394] veth1_vlan: entered promiscuous mode
[ 89.612382][ T5394] veth0_macvtap: entered promiscuous mode
[ 89.621280][ T5394] veth1_macvtap: entered promiscuous mode
[ 89.641897][ T5394] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 89.654548][ T5394] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 89.664414][ T5394] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 89.668254][ T5394] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 89.675836][ T5167] Bluetooth: hci0: command 0x0409 tx timeout
[ 89.689188][ T5394] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 89.689253][ T5394] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 89.764236][ T5178] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 89.768144][ T5178] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 89.797758][ T5263] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 89.801460][ T5263] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 89.908116][ T5443] loop0: detected capacity change from 0 to 4096
[ 89.919147][ T5443] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512).
[ 89.923624][ T5443] ntfs3: loop0: NTFS 0.00 Gb is too big to use 32 bits per cluster.
[ 89.944441][ T5443] ==================================================================
[ 89.948031][ T5443] BUG: KASAN: use-after-free in memcmp+0x172/0x1c0
[ 89.950946][ T5443] Read of size 8 at addr ffff888033666002 by task syz-executor.0/5443
[ 89.955197][ T5443]
[ 89.956661][ T5443] CPU: 3 PID: 5443 Comm: syz-executor.0 Not tainted 6.6.0-rc5-syzkaller-g94f6f0550c62 #0
[ 89.962702][ T5443] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 89.967796][ T5443] Call Trace:
[ 89.969481][ T5443]
[ 89.970854][ T5443] dump_stack_lvl+0xd9/0x1b0
[ 89.973339][ T5443] print_report+0xc4/0x620
[ 89.975523][ T5443] ? __virt_addr_valid+0x5e/0x2d0
[ 89.977850][ T5443] ? __phys_addr+0xc6/0x140
[ 89.980118][ T5443] kasan_report+0xda/0x110
[ 89.982187][ T5443] ? memcmp+0x172/0x1c0
[ 89.983984][ T5443] ? memcmp+0x172/0x1c0
[ 89.985526][ T5443] memcmp+0x172/0x1c0
[ 89.987084][ T5443] ? __bread_gfp+0x79/0x310
[ 89.989114][ T5443] ntfs_fill_super+0x6f2/0x4350
[ 89.991096][ T5443] ? ntfs_set_shared+0x460/0x460
[ 89.993166][ T5443] ? do_raw_spin_lock+0x12e/0x2b0
[ 89.995195][ T5443] ? down_write+0x14f/0x200
[ 89.997458][ T5443] ? sb_set_blocksize+0xf6/0x120
[ 89.999985][ T5443] ? setup_bdev_super+0x366/0x6f0
[ 90.002967][ T5443] get_tree_bdev+0x3b5/0x650
[ 90.005236][ T5443] ? ntfs_set_shared+0x460/0x460
[ 90.007683][ T5443] ? sget_dev+0xe0/0xe0
[ 90.009861][ T5443] ? cap_capable+0x1d8/0x240
[ 90.012058][ T5443] ? security_capable+0x92/0xc0
[ 90.013967][ T5443] vfs_get_tree+0x8c/0x370
[ 90.015717][ T5443] path_mount+0x1492/0x1ed0
[ 90.017885][ T5443] ? lockdep_hardirqs_on+0x7d/0x100
[ 90.020454][ T5443] ? finish_automount+0xa40/0xa40
[ 90.022899][ T5443] ? putname+0x101/0x140
[ 90.025096][ T5443] __x64_sys_mount+0x293/0x310
[ 90.027462][ T5443] ? copy_mnt_ns+0xb60/0xb60
[ 90.029769][ T5443] ? syscall_enter_from_user_mode+0x26/0x80
[ 90.032631][ T5443] do_syscall_64+0x38/0xb0
[ 90.034844][ T5443] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 90.037761][ T5443] RIP: 0033:0x7f931587e22a
[ 90.040030][ T5443] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 90.049988][ T5443] RSP: 002b:00007f9316662ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 90.053634][ T5443] RAX: ffffffffffffffda RBX: 00007f9316662f80 RCX: 00007f931587e22a
[ 90.057280][ T5443] RDX: 0000000020000180 RSI: 0000000020000040 RDI: 00007f9316662f40
[ 90.060862][ T5443] RBP: 0000000020000180 R08: 00007f9316662f80 R09: 0000000001000018
[ 90.063975][ T5443] R10: 0000000001000018 R11: 0000000000000246 R12: 0000000020000040
[ 90.066547][ T5443] R13: 00007f9316662f40 R14: 000000000001f3f5 R15: 00000000200000c0
[ 90.069786][ T5443]
[ 90.071043][ T5443]
[ 90.072102][ T5443] The buggy address belongs to the physical page:
[ 90.075311][ T5443] page:ffffea0000cd9980 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x33666
[ 90.079560][ T5443] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 90.082436][ T5443] page_type: 0xffffffff()
[ 90.084259][ T5443] raw: 00fff00000000000 ffffea0000cd6308 ffffea0000c01688 0000000000000000
[ 90.087800][ T5443] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 90.092260][ T5443] page dumped because: kasan: bad access detected
[ 90.095154][ T5443] page_owner tracks the page as freed
[ 90.097757][ T5443] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 5434, tgid 5434 (dhcpcd-run-hook), ts 89619551613, free_ts 89770848241
[ 90.106519][ T5443] post_alloc_hook+0x2cf/0x340
[ 90.108770][ T5443] get_page_from_freelist+0xee0/0x2f20
[ 90.111226][ T5443] __alloc_pages+0x1d0/0x4a0
[ 90.113283][ T5443] __folio_alloc+0x16/0x40
[ 90.115072][ T5443] vma_alloc_folio+0x156/0x890
[ 90.116818][ T5443] __handle_mm_fault+0xe67/0x3e10
[ 90.119093][ T5443] handle_mm_fault+0x478/0xa00
[ 90.121275][ T5443] do_user_addr_fault+0x3d1/0x1000
[ 90.124135][ T5443] exc_page_fault+0x5c/0xd0
[ 90.126314][ T5443] asm_exc_page_fault+0x26/0x30
[ 90.128704][ T5443] page last free stack trace:
[ 90.130978][ T5443] free_unref_page_prepare+0x476/0xa40
[ 90.133569][ T5443] free_unref_page_list+0xe6/0xb30
[ 90.136061][ T5443] release_pages+0x32a/0x14e0
[ 90.138369][ T5443] tlb_batch_pages_flush+0x9a/0x190
[ 90.140841][ T5443] tlb_finish_mmu+0x14b/0x6f0
[ 90.142901][ T5443] exit_mmap+0x38b/0xa60
[ 90.144691][ T5443] __mmput+0x12a/0x4d0
[ 90.146345][ T5443] mmput+0x62/0x70
[ 90.147952][ T5443] do_exit+0x9ad/0x2a20
[ 90.149704][ T5443] do_group_exit+0xd4/0x2a0
[ 90.151614][ T5443] __x64_sys_exit_group+0x3e/0x50
[ 90.154084][ T5443] do_syscall_64+0x38/0xb0
[ 90.156263][ T5443] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 90.159436][ T5443]
[ 90.160611][ T5443] Memory state around the buggy address:
[ 90.164136][ T5443] ffff888033665f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 90.168269][ T5443] ffff888033665f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 90.172105][ T5443] >ffff888033666000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 90.176559][ T5443] ^
[ 90.178506][ T5443] ffff888033666080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 90.182254][ T5443] ffff888033666100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 90.186042][ T5443] ==================================================================
[ 90.192849][ T5443] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 90.196272][ T5443] CPU: 3 PID: 5443 Comm: syz-executor.0 Not tainted 6.6.0-rc5-syzkaller-g94f6f0550c62 #0
[ 90.200880][ T5443] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 90.206355][ T5443] Call Trace:
[ 90.208024][ T5443]
[ 90.210404][ T5443] dump_stack_lvl+0xd9/0x1b0
[ 90.213048][ T5443] panic+0x6a6/0x750
[ 90.215060][ T5443] ? panic_smp_self_stop+0xa0/0xa0
[ 90.217819][ T5443] ? preempt_schedule_thunk+0x1a/0x30
[ 90.220304][ T5443] ? preempt_schedule_common+0x45/0xc0
[ 90.222980][ T5443] check_panic_on_warn+0xab/0xb0
[ 90.225346][ T5443] end_report+0x108/0x150
[ 90.227394][ T5443] kasan_report+0xea/0x110
[ 90.229409][ T5443] ? memcmp+0x172/0x1c0
[ 90.231375][ T5443] ? memcmp+0x172/0x1c0
[ 90.233346][ T5443] memcmp+0x172/0x1c0
[ 90.235276][ T5443] ? __bread_gfp+0x79/0x310
[ 90.237693][ T5443] ntfs_fill_super+0x6f2/0x4350
[ 90.240340][ T5443] ? ntfs_set_shared+0x460/0x460
[ 90.242893][ T5443] ? do_raw_spin_lock+0x12e/0x2b0
[ 90.245221][ T5443] ? down_write+0x14f/0x200
[ 90.247332][ T5443] ? sb_set_blocksize+0xf6/0x120
[ 90.249719][ T5443] ? setup_bdev_super+0x366/0x6f0
[ 90.252244][ T5443] get_tree_bdev+0x3b5/0x650
[ 90.256227][ T5443] ? ntfs_set_shared+0x460/0x460
[ 90.259790][ T5443] ? sget_dev+0xe0/0xe0
[ 90.262016][ T5443] ? cap_capable+0x1d8/0x240
[ 90.264242][ T5443] ? security_capable+0x92/0xc0
[ 90.266678][ T5443] vfs_get_tree+0x8c/0x370
[ 90.268997][ T5443] path_mount+0x1492/0x1ed0
[ 90.271277][ T5443] ? lockdep_hardirqs_on+0x7d/0x100
[ 90.273730][ T5443] ? finish_automount+0xa40/0xa40
[ 90.276139][ T5443] ? putname+0x101/0x140
[ 90.277908][ T5443] __x64_sys_mount+0x293/0x310
[ 90.279955][ T5443] ? copy_mnt_ns+0xb60/0xb60
[ 90.282256][ T5443] ? syscall_enter_from_user_mode+0x26/0x80
[ 90.285126][ T5443] do_syscall_64+0x38/0xb0
[ 90.287025][ T5443] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 90.289554][ T5443] RIP: 0033:0x7f931587e22a
[ 90.291470][ T5443] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 90.300343][ T5443] RSP: 002b:00007f9316662ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 90.304201][ T5443] RAX: ffffffffffffffda RBX: 00007f9316662f80 RCX: 00007f931587e22a
[ 90.307976][ T5443] RDX: 0000000020000180 RSI: 0000000020000040 RDI: 00007f9316662f40
[ 90.311393][ T5443] RBP: 0000000020000180 R08: 00007f9316662f80 R09: 0000000001000018
[ 90.314666][ T5443] R10: 0000000001000018 R11: 0000000000000246 R12: 0000000020000040
[ 90.317810][ T5443] R13: 00007f9316662f40 R14: 000000000001f3f5 R15: 00000000200000c0
[ 90.321057][ T5443]
[ 90.324636][ T5443] Kernel Offset: disabled
[ 90.326357][ T5443] Rebooting in 86400 seconds..