Warning: Permanently added '[localhost]:39307' (ED25519) to the list of known hosts.
2024/03/25 03:09:59 ignoring optional flag "sandboxArg"="0"
2024/03/25 03:09:59 parsed 1 programs
[   85.875466][   T38] kauditd_printk_skb: 73 callbacks suppressed
[   85.875496][   T38] audit: type=1400 audit(1711336199.533:207): avc:  denied  { getattr } for  pid=5406 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   85.927752][   T38] audit: type=1400 audit(1711336199.583:208): avc:  denied  { mounton } for  pid=5413 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   85.940724][   T38] audit: type=1400 audit(1711336199.593:209): avc:  denied  { mount } for  pid=5413 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   85.950739][   T38] audit: type=1400 audit(1711336199.613:210): avc:  denied  { read write } for  pid=5413 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   85.963820][   T38] audit: type=1400 audit(1711336199.613:211): avc:  denied  { open } for  pid=5413 comm="syz-executor" path="/swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   86.000115][   T38] audit: type=1400 audit(1711336199.663:212): avc:  denied  { unlink } for  pid=5413 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   86.794752][   T38] audit: type=1400 audit(1711336200.453:213): avc:  denied  { relabelto } for  pid=5417 comm="mkswap" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   87.639320][  T972] cfg80211: failed to load regulatory.db
[   88.149051][ T5413] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
2024/03/25 03:10:01 executed programs: 0
[   88.225965][ T4634] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   88.231379][ T4634] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   88.236131][ T4634] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   88.244234][ T4634] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   88.249429][ T4634] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   88.253792][ T4634] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   88.263683][   T38] audit: type=1400 audit(1711336201.923:214): avc:  denied  { mounton } for  pid=5422 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   88.411010][ T5422] chnl_net:caif_netlink_parms(): no params data found
[   88.418485][   T38] audit: type=1400 audit(1711336202.083:215): avc:  denied  { search } for  pid=4671 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   88.536353][ T5422] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.540479][ T5422] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.544491][ T5422] bridge_slave_0: entered allmulticast mode
[   88.548701][ T5422] bridge_slave_0: entered promiscuous mode
[   88.555587][ T5422] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.559589][ T5422] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.562742][ T5422] bridge_slave_1: entered allmulticast mode
[   88.567341][ T5422] bridge_slave_1: entered promiscuous mode
[   88.618711][ T5422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.625588][ T5422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.691927][ T5422] team0: Port device team_slave_0 added
[   88.698344][ T5422] team0: Port device team_slave_1 added
[   88.771157][ T5422] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.775027][ T5422] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.787941][ T5422] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.794564][ T5422] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.798581][ T5422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.809433][ T5422] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.878816][ T5422] hsr_slave_0: entered promiscuous mode
[   88.883360][ T5422] hsr_slave_1: entered promiscuous mode
[   89.525395][ T5422] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   89.535941][ T5422] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   89.542272][ T5422] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   89.548957][ T5422] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   89.622417][ T5422] 8021q: adding VLAN 0 to HW filter on device bond0
[   89.638596][ T5422] 8021q: adding VLAN 0 to HW filter on device team0
[   89.649371][  T972] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.652795][  T972] bridge0: port 1(bridge_slave_0) entered forwarding state
[   89.664843][  T972] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.668273][  T972] bridge0: port 2(bridge_slave_1) entered forwarding state
[   89.761770][   T38] audit: type=1400 audit(1711336203.423:216): avc:  denied  { sys_module } for  pid=5422 comm="syz-executor.0" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   89.873729][ T5422] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.918459][ T5422] veth0_vlan: entered promiscuous mode
[   89.928510][ T5422] veth1_vlan: entered promiscuous mode
[   89.957556][ T5422] veth0_macvtap: entered promiscuous mode
[   89.965501][ T5422] veth1_macvtap: entered promiscuous mode
[   89.979848][ T5422] batman_adv: batadv0: Interface activated: batadv_slave_0
[   89.988895][ T5422] batman_adv: batadv0: Interface activated: batadv_slave_1
[   89.995199][ T5422] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   89.999986][ T5422] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.003589][ T5422] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.007433][ T5422] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.065767][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.069934][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.096272][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.099878][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.148836][ T5473] loop0: detected capacity change from 0 to 128
[   90.163801][ T5473] VFS: Found a Xenix FS (block size = 512) on device loop0
[   90.176006][ T5473] sysv_free_block: flc_count > flc_size
[   90.179508][ T5473] sysv_free_block: flc_count > flc_size
[   90.181619][ T5473] sysv_free_block: flc_count > flc_size
[   90.183858][ T5473] sysv_free_block: flc_count > flc_size
[   90.186351][ T5473] sysv_free_block: flc_count > flc_size
[   90.190124][ T5473] sysv_free_block: flc_count > flc_size
[   90.192322][ T5473] sysv_free_block: flc_count > flc_size
[   90.194446][ T5473] sysv_free_block: flc_count > flc_size
[   90.197175][ T5473] sysv_free_block: flc_count > flc_size
[   90.200025][ T5473] sysv_free_block: flc_count > flc_size
[   90.205379][ T5473] ==================================================================
[   90.208418][ T5473] BUG: KASAN: use-after-free in sysv_new_block+0x7a7/0xa50
[   90.211215][ T5473] Read of size 4 at addr ffff888038f6c0c8 by task syz-executor.0/5473
[   90.216591][ T5473] 
[   90.217743][ T5473] CPU: 0 PID: 5473 Comm: syz-executor.0 Not tainted 6.9.0-rc1-syzkaller-g4cece7649650 #0
[   90.222242][ T5473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   90.227409][ T5473] Call Trace:
[   90.229259][ T5473]  <TASK>
[   90.230692][ T5473]  dump_stack_lvl+0x116/0x1f0
[   90.232844][ T5473]  print_report+0xc3/0x620
[   90.234938][ T5473]  ? __virt_addr_valid+0x5e/0x580
[   90.237280][ T5473]  ? __phys_addr+0xc6/0x150
[   90.239489][ T5473]  kasan_report+0xd9/0x110
[   90.241620][ T5473]  ? sysv_new_block+0x7a7/0xa50
[   90.244004][ T5473]  ? sysv_new_block+0x7a7/0xa50
[   90.246592][ T5473]  sysv_new_block+0x7a7/0xa50
[   90.249520][ T5473]  get_block+0x261/0x15a0
[   90.252360][ T5473]  ? __pfx_get_block+0x10/0x10
[   90.255069][ T5473]  ? __pfx_lock_release+0x10/0x10
[   90.257945][ T5473]  ? do_raw_spin_lock+0x12d/0x2c0
[   90.260406][ T5473]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   90.262927][ T5473]  ? _raw_spin_unlock+0x28/0x50
[   90.265360][ T5473]  ? create_empty_buffers+0x3a5/0x480
[   90.267924][ T5473]  ? __pfx_get_block+0x10/0x10
[   90.270219][ T5473]  __block_write_begin_int+0x4fb/0x16e0
[   90.272825][ T5473]  ? __pfx_get_block+0x10/0x10
[   90.275144][ T5473]  ? __pfx___block_write_begin_int+0x10/0x10
[   90.277658][   T64] Bluetooth: hci0: command tx timeout
[   90.278009][ T5473]  block_write_begin+0xb1/0x4a0
[   90.297986][ T5473]  ? __pfx_get_block+0x10/0x10
[   90.300527][ T5473]  sysv_write_begin+0x31/0xe0
[   90.303042][ T5473]  generic_perform_write+0x272/0x620
[   90.306146][ T5473]  ? __pfx_generic_perform_write+0x10/0x10
[   90.308811][ T5473]  ? generic_write_checks+0x2f3/0x460
[   90.311197][ T5473]  __generic_file_write_iter+0x1fd/0x240
[   90.313661][ T5473]  generic_file_write_iter+0xe7/0x350
[   90.315999][ T5473]  vfs_write+0x6db/0x1100
[   90.318047][ T5473]  ? __pfx_vfs_write+0x10/0x10
[   90.320430][ T5473]  ? __pfx___mutex_lock+0x10/0x10
[   90.323089][ T5473]  ? __fget_files+0x256/0x400
[   90.325456][ T5473]  ksys_write+0x12f/0x260
[   90.327292][ T5473]  ? __pfx_ksys_write+0x10/0x10
[   90.329336][ T5473]  do_syscall_64+0xd2/0x260
[   90.331381][ T5473]  entry_SYSCALL_64_after_hwframe+0x6d/0x75
[   90.334058][ T5473] RIP: 0033:0x7f289547dda9
[   90.335994][ T5473] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   90.344855][ T5473] RSP: 002b:00007f28962c30c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   90.348527][ T5473] RAX: ffffffffffffffda RBX: 00007f28955abf80 RCX: 00007f289547dda9
[   90.352087][ T5473] RDX: 00000000fffffd5e RSI: 000000002000ad00 RDI: 0000000000000004
[   90.356130][ T5473] RBP: 00007f28954ca47a R08: 0000000000000000 R09: 0000000000000000
[   90.360175][ T5473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   90.363856][ T5473] R13: 000000000000000b R14: 00007f28955abf80 R15: 00007ffe359463f8
[   90.367481][ T5473]  </TASK>
[   90.368933][ T5473] 
[   90.370056][ T5473] The buggy address belongs to the physical page:
[   90.373113][ T5473] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x38f6c
[   90.377824][ T5473] flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)
[   90.381209][ T5473] page_type: 0xffffffff()
[   90.383169][ T5473] raw: 00fff80000000000 dead000000000100 dead000000000122 0000000000000000
[   90.386676][ T5473] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   90.390348][ T5473] page dumped because: kasan: bad access detected
[   90.393581][ T5473] page_owner tracks the page as freed
[   90.396349][ T5473] page last allocated via order 0, migratetype Movable, gfp_mask 0x152c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 5198, tgid 5198 (syz-executor), ts 60568508178, free_ts 86362373354
[   90.406594][ T5473]  post_alloc_hook+0x2d4/0x350
[   90.408721][ T5473]  get_page_from_freelist+0xa28/0x3780
[   90.411344][ T5473]  __alloc_pages+0x22b/0x2460
[   90.413734][ T5473]  alloc_pages_mpol+0x275/0x610
[   90.416638][ T5473]  folio_alloc+0x1e/0x40
[   90.418688][ T5473]  filemap_alloc_folio+0x3ba/0x490
[   90.421107][ T5473]  page_cache_ra_unbounded+0x1a5/0x5a0
[   90.423703][ T5473]  page_cache_ra_order+0x64b/0x9a0
[   90.426073][ T5473]  ondemand_readahead+0x520/0x1140
[   90.428497][ T5473]  page_cache_async_ra+0x123/0x150
[   90.431129][ T5473]  filemap_get_pages+0x359/0x1840
[   90.433954][ T5473]  filemap_read+0x3a8/0xd10
[   90.436557][ T5473]  generic_file_read_iter+0x350/0x460
[   90.439355][ T5473]  ext4_file_read_iter+0x1dc/0x6c0
[   90.441637][ T5473]  __kernel_read+0x3ec/0xb20
[   90.443806][ T5473]  integrity_kernel_read+0x7f/0xb0
[   90.446231][ T5473] page last free pid 5413 tgid 5413 stack trace:
[   90.449107][ T5473]  free_unref_page_prepare+0x527/0xb10
[   90.451603][ T5473]  free_unref_folios+0x256/0xad0
[   90.453795][ T5473]  folios_put_refs+0x49c/0x750
[   90.455916][ T5473]  truncate_inode_pages_range+0x326/0xe80
[   90.458445][ T5473]  ext4_evict_inode+0x2cc/0x17a0
[   90.460851][ T5473]  evict+0x2ed/0x6c0
[   90.462859][ T5473]  iput.part.0+0x5a8/0x7f0
[   90.465016][ T5473]  iput+0x5c/0x80
[   90.466798][ T5473]  do_unlinkat+0x613/0x750
[   90.468922][ T5473]  __x64_sys_unlink+0xc7/0x110
[   90.470947][ T5473]  do_syscall_64+0xd2/0x260
[   90.473031][ T5473]  entry_SYSCALL_64_after_hwframe+0x6d/0x75
[   90.475764][ T5473] 
[   90.476933][ T5473] Memory state around the buggy address:
[   90.479444][ T5473]  ffff888038f6bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   90.483559][ T5473]  ffff888038f6c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   90.487217][ T5473] >ffff888038f6c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   90.490715][ T5473]                                               ^
[   90.493582][ T5473]  ffff888038f6c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   90.497178][ T5473]  ffff888038f6c180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   90.500750][ T5473] ==================================================================
[   90.506621][ T5473] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   90.509564][ T5473] CPU: 1 PID: 5473 Comm: syz-executor.0 Not tainted 6.9.0-rc1-syzkaller-g4cece7649650 #0
[   90.513304][ T5473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   90.517531][ T5473] Call Trace:
[   90.518846][ T5473]  <TASK>
[   90.519917][ T5473]  dump_stack_lvl+0x3d/0x1f0
[   90.521869][ T5473]  panic+0x6f5/0x7a0
[   90.523704][ T5473]  ? __pfx_panic+0x10/0x10
[   90.525741][ T5473]  ? preempt_schedule_thunk+0x1a/0x30
[   90.528024][ T5473]  ? preempt_schedule_common+0x44/0xc0
[   90.530614][ T5473]  ? check_panic_on_warn+0x1f/0xb0
[   90.533380][ T5473]  check_panic_on_warn+0xab/0xb0
[   90.535617][ T5473]  end_report+0x117/0x180
[   90.537408][ T5473]  kasan_report+0xe9/0x110
[   90.539448][ T5473]  ? sysv_new_block+0x7a7/0xa50
[   90.541488][ T5473]  ? sysv_new_block+0x7a7/0xa50
[   90.543566][ T5473]  sysv_new_block+0x7a7/0xa50
[   90.545716][ T5473]  get_block+0x261/0x15a0
[   90.547690][ T5473]  ? __pfx_get_block+0x10/0x10
[   90.549779][ T5473]  ? __pfx_lock_release+0x10/0x10
[   90.551965][ T5473]  ? do_raw_spin_lock+0x12d/0x2c0
[   90.554124][ T5473]  ? __pfx_do_raw_spin_lock+0x10/0x10
[   90.556484][ T5473]  ? _raw_spin_unlock+0x28/0x50
[   90.558282][ T5473]  ? create_empty_buffers+0x3a5/0x480
[   90.560688][ T5473]  ? __pfx_get_block+0x10/0x10
[   90.562918][ T5473]  __block_write_begin_int+0x4fb/0x16e0
[   90.565072][ T5473]  ? __pfx_get_block+0x10/0x10
[   90.566971][ T5473]  ? __pfx___block_write_begin_int+0x10/0x10
[   90.569313][ T5473]  block_write_begin+0xb1/0x4a0
[   90.571522][ T5473]  ? __pfx_get_block+0x10/0x10
[   90.573649][ T5473]  sysv_write_begin+0x31/0xe0
[   90.575795][ T5473]  generic_perform_write+0x272/0x620
[   90.578259][ T5473]  ? __pfx_generic_perform_write+0x10/0x10
[   90.580885][ T5473]  ? generic_write_checks+0x2f3/0x460
[   90.583224][ T5473]  __generic_file_write_iter+0x1fd/0x240
[   90.585911][ T5473]  generic_file_write_iter+0xe7/0x350
[   90.588546][ T5473]  vfs_write+0x6db/0x1100
[   90.590666][ T5473]  ? __pfx_vfs_write+0x10/0x10
[   90.592820][ T5473]  ? __pfx___mutex_lock+0x10/0x10
[   90.594958][ T5473]  ? __fget_files+0x256/0x400
[   90.597121][ T5473]  ksys_write+0x12f/0x260
[   90.598923][ T5473]  ? __pfx_ksys_write+0x10/0x10
[   90.600544][ T5473]  do_syscall_64+0xd2/0x260
[   90.602060][ T5473]  entry_SYSCALL_64_after_hwframe+0x6d/0x75
[   90.604525][ T5473] RIP: 0033:0x7f289547dda9
[   90.606450][ T5473] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   90.615442][ T5473] RSP: 002b:00007f28962c30c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   90.618796][ T5473] RAX: ffffffffffffffda RBX: 00007f28955abf80 RCX: 00007f289547dda9
[   90.622248][ T5473] RDX: 00000000fffffd5e RSI: 000000002000ad00 RDI: 0000000000000004
[   90.625130][ T5473] RBP: 00007f28954ca47a R08: 0000000000000000 R09: 0000000000000000
[   90.627895][ T5473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   90.631920][ T5473] R13: 000000000000000b R14: 00007f28955abf80 R15: 00007ffe359463f8
[   90.635710][ T5473]  </TASK>
[   90.640146][ T5473] Kernel Offset: disabled
[   90.642177][ T5473] Rebooting in 86400 seconds..