Warning: Permanently added '[localhost]:39307' (ED25519) to the list of known hosts.
2024/03/25 03:09:59 ignoring optional flag "sandboxArg"="0"
2024/03/25 03:09:59 parsed 1 programs
[ 85.875466][ T38] kauditd_printk_skb: 73 callbacks suppressed
[ 85.875496][ T38] audit: type=1400 audit(1711336199.533:207): avc: denied { getattr } for pid=5406 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 85.927752][ T38] audit: type=1400 audit(1711336199.583:208): avc: denied { mounton } for pid=5413 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 85.940724][ T38] audit: type=1400 audit(1711336199.593:209): avc: denied { mount } for pid=5413 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 85.950739][ T38] audit: type=1400 audit(1711336199.613:210): avc: denied { read write } for pid=5413 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 85.963820][ T38] audit: type=1400 audit(1711336199.613:211): avc: denied { open } for pid=5413 comm="syz-executor" path="/swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 86.000115][ T38] audit: type=1400 audit(1711336199.663:212): avc: denied { unlink } for pid=5413 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 86.794752][ T38] audit: type=1400 audit(1711336200.453:213): avc: denied { relabelto } for pid=5417 comm="mkswap" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 87.639320][ T972] cfg80211: failed to load regulatory.db
[ 88.149051][ T5413] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
2024/03/25 03:10:01 executed programs: 0
[ 88.225965][ T4634] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 88.231379][ T4634] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 88.236131][ T4634] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 88.244234][ T4634] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 88.249429][ T4634] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 88.253792][ T4634] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 88.263683][ T38] audit: type=1400 audit(1711336201.923:214): avc: denied { mounton } for pid=5422 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 88.411010][ T5422] chnl_net:caif_netlink_parms(): no params data found
[ 88.418485][ T38] audit: type=1400 audit(1711336202.083:215): avc: denied { search } for pid=4671 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 88.536353][ T5422] bridge0: port 1(bridge_slave_0) entered blocking state
[ 88.540479][ T5422] bridge0: port 1(bridge_slave_0) entered disabled state
[ 88.544491][ T5422] bridge_slave_0: entered allmulticast mode
[ 88.548701][ T5422] bridge_slave_0: entered promiscuous mode
[ 88.555587][ T5422] bridge0: port 2(bridge_slave_1) entered blocking state
[ 88.559589][ T5422] bridge0: port 2(bridge_slave_1) entered disabled state
[ 88.562742][ T5422] bridge_slave_1: entered allmulticast mode
[ 88.567341][ T5422] bridge_slave_1: entered promiscuous mode
[ 88.618711][ T5422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 88.625588][ T5422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 88.691927][ T5422] team0: Port device team_slave_0 added
[ 88.698344][ T5422] team0: Port device team_slave_1 added
[ 88.771157][ T5422] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 88.775027][ T5422] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 88.787941][ T5422] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 88.794564][ T5422] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 88.798581][ T5422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 88.809433][ T5422] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 88.878816][ T5422] hsr_slave_0: entered promiscuous mode
[ 88.883360][ T5422] hsr_slave_1: entered promiscuous mode
[ 89.525395][ T5422] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 89.535941][ T5422] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 89.542272][ T5422] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 89.548957][ T5422] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 89.622417][ T5422] 8021q: adding VLAN 0 to HW filter on device bond0
[ 89.638596][ T5422] 8021q: adding VLAN 0 to HW filter on device team0
[ 89.649371][ T972] bridge0: port 1(bridge_slave_0) entered blocking state
[ 89.652795][ T972] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 89.664843][ T972] bridge0: port 2(bridge_slave_1) entered blocking state
[ 89.668273][ T972] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 89.761770][ T38] audit: type=1400 audit(1711336203.423:216): avc: denied { sys_module } for pid=5422 comm="syz-executor.0" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 89.873729][ T5422] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 89.918459][ T5422] veth0_vlan: entered promiscuous mode
[ 89.928510][ T5422] veth1_vlan: entered promiscuous mode
[ 89.957556][ T5422] veth0_macvtap: entered promiscuous mode
[ 89.965501][ T5422] veth1_macvtap: entered promiscuous mode
[ 89.979848][ T5422] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 89.988895][ T5422] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 89.995199][ T5422] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 89.999986][ T5422] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 90.003589][ T5422] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 90.007433][ T5422] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 90.065767][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 90.069934][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 90.096272][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 90.099878][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 90.148836][ T5473] loop0: detected capacity change from 0 to 128
[ 90.163801][ T5473] VFS: Found a Xenix FS (block size = 512) on device loop0
[ 90.176006][ T5473] sysv_free_block: flc_count > flc_size
[ 90.179508][ T5473] sysv_free_block: flc_count > flc_size
[ 90.181619][ T5473] sysv_free_block: flc_count > flc_size
[ 90.183858][ T5473] sysv_free_block: flc_count > flc_size
[ 90.186351][ T5473] sysv_free_block: flc_count > flc_size
[ 90.190124][ T5473] sysv_free_block: flc_count > flc_size
[ 90.192322][ T5473] sysv_free_block: flc_count > flc_size
[ 90.194446][ T5473] sysv_free_block: flc_count > flc_size
[ 90.197175][ T5473] sysv_free_block: flc_count > flc_size
[ 90.200025][ T5473] sysv_free_block: flc_count > flc_size
[ 90.205379][ T5473] ==================================================================
[ 90.208418][ T5473] BUG: KASAN: use-after-free in sysv_new_block+0x7a7/0xa50
[ 90.211215][ T5473] Read of size 4 at addr ffff888038f6c0c8 by task syz-executor.0/5473
[ 90.216591][ T5473]
[ 90.217743][ T5473] CPU: 0 PID: 5473 Comm: syz-executor.0 Not tainted 6.9.0-rc1-syzkaller-g4cece7649650 #0
[ 90.222242][ T5473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 90.227409][ T5473] Call Trace:
[ 90.229259][ T5473]
[ 90.230692][ T5473] dump_stack_lvl+0x116/0x1f0
[ 90.232844][ T5473] print_report+0xc3/0x620
[ 90.234938][ T5473] ? __virt_addr_valid+0x5e/0x580
[ 90.237280][ T5473] ? __phys_addr+0xc6/0x150
[ 90.239489][ T5473] kasan_report+0xd9/0x110
[ 90.241620][ T5473] ? sysv_new_block+0x7a7/0xa50
[ 90.244004][ T5473] ? sysv_new_block+0x7a7/0xa50
[ 90.246592][ T5473] sysv_new_block+0x7a7/0xa50
[ 90.249520][ T5473] get_block+0x261/0x15a0
[ 90.252360][ T5473] ? __pfx_get_block+0x10/0x10
[ 90.255069][ T5473] ? __pfx_lock_release+0x10/0x10
[ 90.257945][ T5473] ? do_raw_spin_lock+0x12d/0x2c0
[ 90.260406][ T5473] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 90.262927][ T5473] ? _raw_spin_unlock+0x28/0x50
[ 90.265360][ T5473] ? create_empty_buffers+0x3a5/0x480
[ 90.267924][ T5473] ? __pfx_get_block+0x10/0x10
[ 90.270219][ T5473] __block_write_begin_int+0x4fb/0x16e0
[ 90.272825][ T5473] ? __pfx_get_block+0x10/0x10
[ 90.275144][ T5473] ? __pfx___block_write_begin_int+0x10/0x10
[ 90.277658][ T64] Bluetooth: hci0: command tx timeout
[ 90.278009][ T5473] block_write_begin+0xb1/0x4a0
[ 90.297986][ T5473] ? __pfx_get_block+0x10/0x10
[ 90.300527][ T5473] sysv_write_begin+0x31/0xe0
[ 90.303042][ T5473] generic_perform_write+0x272/0x620
[ 90.306146][ T5473] ? __pfx_generic_perform_write+0x10/0x10
[ 90.308811][ T5473] ? generic_write_checks+0x2f3/0x460
[ 90.311197][ T5473] __generic_file_write_iter+0x1fd/0x240
[ 90.313661][ T5473] generic_file_write_iter+0xe7/0x350
[ 90.315999][ T5473] vfs_write+0x6db/0x1100
[ 90.318047][ T5473] ? __pfx_vfs_write+0x10/0x10
[ 90.320430][ T5473] ? __pfx___mutex_lock+0x10/0x10
[ 90.323089][ T5473] ? __fget_files+0x256/0x400
[ 90.325456][ T5473] ksys_write+0x12f/0x260
[ 90.327292][ T5473] ? __pfx_ksys_write+0x10/0x10
[ 90.329336][ T5473] do_syscall_64+0xd2/0x260
[ 90.331381][ T5473] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 90.334058][ T5473] RIP: 0033:0x7f289547dda9
[ 90.335994][ T5473] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 90.344855][ T5473] RSP: 002b:00007f28962c30c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 90.348527][ T5473] RAX: ffffffffffffffda RBX: 00007f28955abf80 RCX: 00007f289547dda9
[ 90.352087][ T5473] RDX: 00000000fffffd5e RSI: 000000002000ad00 RDI: 0000000000000004
[ 90.356130][ T5473] RBP: 00007f28954ca47a R08: 0000000000000000 R09: 0000000000000000
[ 90.360175][ T5473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 90.363856][ T5473] R13: 000000000000000b R14: 00007f28955abf80 R15: 00007ffe359463f8
[ 90.367481][ T5473]
[ 90.368933][ T5473]
[ 90.370056][ T5473] The buggy address belongs to the physical page:
[ 90.373113][ T5473] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x38f6c
[ 90.377824][ T5473] flags: 0xfff80000000000(node=0|zone=1|lastcpupid=0xfff)
[ 90.381209][ T5473] page_type: 0xffffffff()
[ 90.383169][ T5473] raw: 00fff80000000000 dead000000000100 dead000000000122 0000000000000000
[ 90.386676][ T5473] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 90.390348][ T5473] page dumped because: kasan: bad access detected
[ 90.393581][ T5473] page_owner tracks the page as freed
[ 90.396349][ T5473] page last allocated via order 0, migratetype Movable, gfp_mask 0x152c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 5198, tgid 5198 (syz-executor), ts 60568508178, free_ts 86362373354
[ 90.406594][ T5473] post_alloc_hook+0x2d4/0x350
[ 90.408721][ T5473] get_page_from_freelist+0xa28/0x3780
[ 90.411344][ T5473] __alloc_pages+0x22b/0x2460
[ 90.413734][ T5473] alloc_pages_mpol+0x275/0x610
[ 90.416638][ T5473] folio_alloc+0x1e/0x40
[ 90.418688][ T5473] filemap_alloc_folio+0x3ba/0x490
[ 90.421107][ T5473] page_cache_ra_unbounded+0x1a5/0x5a0
[ 90.423703][ T5473] page_cache_ra_order+0x64b/0x9a0
[ 90.426073][ T5473] ondemand_readahead+0x520/0x1140
[ 90.428497][ T5473] page_cache_async_ra+0x123/0x150
[ 90.431129][ T5473] filemap_get_pages+0x359/0x1840
[ 90.433954][ T5473] filemap_read+0x3a8/0xd10
[ 90.436557][ T5473] generic_file_read_iter+0x350/0x460
[ 90.439355][ T5473] ext4_file_read_iter+0x1dc/0x6c0
[ 90.441637][ T5473] __kernel_read+0x3ec/0xb20
[ 90.443806][ T5473] integrity_kernel_read+0x7f/0xb0
[ 90.446231][ T5473] page last free pid 5413 tgid 5413 stack trace:
[ 90.449107][ T5473] free_unref_page_prepare+0x527/0xb10
[ 90.451603][ T5473] free_unref_folios+0x256/0xad0
[ 90.453795][ T5473] folios_put_refs+0x49c/0x750
[ 90.455916][ T5473] truncate_inode_pages_range+0x326/0xe80
[ 90.458445][ T5473] ext4_evict_inode+0x2cc/0x17a0
[ 90.460851][ T5473] evict+0x2ed/0x6c0
[ 90.462859][ T5473] iput.part.0+0x5a8/0x7f0
[ 90.465016][ T5473] iput+0x5c/0x80
[ 90.466798][ T5473] do_unlinkat+0x613/0x750
[ 90.468922][ T5473] __x64_sys_unlink+0xc7/0x110
[ 90.470947][ T5473] do_syscall_64+0xd2/0x260
[ 90.473031][ T5473] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 90.475764][ T5473]
[ 90.476933][ T5473] Memory state around the buggy address:
[ 90.479444][ T5473] ffff888038f6bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 90.483559][ T5473] ffff888038f6c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 90.487217][ T5473] >ffff888038f6c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 90.490715][ T5473] ^
[ 90.493582][ T5473] ffff888038f6c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 90.497178][ T5473] ffff888038f6c180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 90.500750][ T5473] ==================================================================
[ 90.506621][ T5473] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 90.509564][ T5473] CPU: 1 PID: 5473 Comm: syz-executor.0 Not tainted 6.9.0-rc1-syzkaller-g4cece7649650 #0
[ 90.513304][ T5473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 90.517531][ T5473] Call Trace:
[ 90.518846][ T5473]
[ 90.519917][ T5473] dump_stack_lvl+0x3d/0x1f0
[ 90.521869][ T5473] panic+0x6f5/0x7a0
[ 90.523704][ T5473] ? __pfx_panic+0x10/0x10
[ 90.525741][ T5473] ? preempt_schedule_thunk+0x1a/0x30
[ 90.528024][ T5473] ? preempt_schedule_common+0x44/0xc0
[ 90.530614][ T5473] ? check_panic_on_warn+0x1f/0xb0
[ 90.533380][ T5473] check_panic_on_warn+0xab/0xb0
[ 90.535617][ T5473] end_report+0x117/0x180
[ 90.537408][ T5473] kasan_report+0xe9/0x110
[ 90.539448][ T5473] ? sysv_new_block+0x7a7/0xa50
[ 90.541488][ T5473] ? sysv_new_block+0x7a7/0xa50
[ 90.543566][ T5473] sysv_new_block+0x7a7/0xa50
[ 90.545716][ T5473] get_block+0x261/0x15a0
[ 90.547690][ T5473] ? __pfx_get_block+0x10/0x10
[ 90.549779][ T5473] ? __pfx_lock_release+0x10/0x10
[ 90.551965][ T5473] ? do_raw_spin_lock+0x12d/0x2c0
[ 90.554124][ T5473] ? __pfx_do_raw_spin_lock+0x10/0x10
[ 90.556484][ T5473] ? _raw_spin_unlock+0x28/0x50
[ 90.558282][ T5473] ? create_empty_buffers+0x3a5/0x480
[ 90.560688][ T5473] ? __pfx_get_block+0x10/0x10
[ 90.562918][ T5473] __block_write_begin_int+0x4fb/0x16e0
[ 90.565072][ T5473] ? __pfx_get_block+0x10/0x10
[ 90.566971][ T5473] ? __pfx___block_write_begin_int+0x10/0x10
[ 90.569313][ T5473] block_write_begin+0xb1/0x4a0
[ 90.571522][ T5473] ? __pfx_get_block+0x10/0x10
[ 90.573649][ T5473] sysv_write_begin+0x31/0xe0
[ 90.575795][ T5473] generic_perform_write+0x272/0x620
[ 90.578259][ T5473] ? __pfx_generic_perform_write+0x10/0x10
[ 90.580885][ T5473] ? generic_write_checks+0x2f3/0x460
[ 90.583224][ T5473] __generic_file_write_iter+0x1fd/0x240
[ 90.585911][ T5473] generic_file_write_iter+0xe7/0x350
[ 90.588546][ T5473] vfs_write+0x6db/0x1100
[ 90.590666][ T5473] ? __pfx_vfs_write+0x10/0x10
[ 90.592820][ T5473] ? __pfx___mutex_lock+0x10/0x10
[ 90.594958][ T5473] ? __fget_files+0x256/0x400
[ 90.597121][ T5473] ksys_write+0x12f/0x260
[ 90.598923][ T5473] ? __pfx_ksys_write+0x10/0x10
[ 90.600544][ T5473] do_syscall_64+0xd2/0x260
[ 90.602060][ T5473] entry_SYSCALL_64_after_hwframe+0x6d/0x75
[ 90.604525][ T5473] RIP: 0033:0x7f289547dda9
[ 90.606450][ T5473] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 90.615442][ T5473] RSP: 002b:00007f28962c30c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 90.618796][ T5473] RAX: ffffffffffffffda RBX: 00007f28955abf80 RCX: 00007f289547dda9
[ 90.622248][ T5473] RDX: 00000000fffffd5e RSI: 000000002000ad00 RDI: 0000000000000004
[ 90.625130][ T5473] RBP: 00007f28954ca47a R08: 0000000000000000 R09: 0000000000000000
[ 90.627895][ T5473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 90.631920][ T5473] R13: 000000000000000b R14: 00007f28955abf80 R15: 00007ffe359463f8
[ 90.635710][ T5473]
[ 90.640146][ T5473] Kernel Offset: disabled
[ 90.642177][ T5473] Rebooting in 86400 seconds..