Warning: Permanently added '[localhost]:63565' (ED25519) to the list of known hosts. 2024/06/21 16:16:20 ignoring optional flag "sandboxArg"="0" 2024/06/21 16:16:20 parsed 1 programs [ 74.328450][ T39] kauditd_printk_skb: 73 callbacks suppressed [ 74.328461][ T39] audit: type=1400 audit(1718986580.315:207): avc: denied { getattr } for pid=5393 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 74.359233][ T39] audit: type=1400 audit(1718986580.345:208): avc: denied { mounton } for pid=5403 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 74.367793][ T39] audit: type=1400 audit(1718986580.345:209): avc: denied { mount } for pid=5403 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 74.377239][ T39] audit: type=1400 audit(1718986580.355:210): avc: denied { read write } for pid=5403 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 74.388222][ T39] audit: type=1400 audit(1718986580.355:211): avc: denied { open } for pid=5403 comm="syz-executor" path="/swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 74.405851][ T39] audit: type=1400 audit(1718986580.395:212): avc: denied { unlink } for pid=5403 comm="syz-executor" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 74.878430][ T39] audit: type=1400 audit(1718986580.865:213): avc: denied { relabelto } for pid=5414 comm="mkswap" name="swap-file" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 75.644005][ T5403] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2024/06/21 16:16:21 executed programs: 0 [ 75.691776][ T4635] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.695622][ T4635] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.698667][ T4635] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.702391][ T4635] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 75.707129][ T4635] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 75.710630][ T4635] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 75.718899][ T39] audit: type=1400 audit(1718986581.705:214): avc: denied { mounton } for pid=5419 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 75.883326][ T5419] chnl_net:caif_netlink_parms(): no params data found [ 75.988415][ T5419] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.991733][ T5419] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.995100][ T5419] bridge_slave_0: entered allmulticast mode [ 75.999157][ T5419] bridge_slave_0: entered promiscuous mode [ 76.005313][ T5419] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.008522][ T5419] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.011775][ T5419] bridge_slave_1: entered allmulticast mode [ 76.015486][ T39] audit: type=1400 audit(1718986582.005:215): avc: denied { search } for pid=4673 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 76.016178][ T5419] bridge_slave_1: entered promiscuous mode [ 76.090198][ T5419] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 76.098122][ T5419] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 76.168037][ T5419] team0: Port device team_slave_0 added [ 76.173977][ T5419] team0: Port device team_slave_1 added [ 76.233730][ T5419] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 76.236862][ T5419] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.249198][ T5419] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 76.256632][ T5419] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 76.260130][ T5419] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 76.271715][ T5419] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 76.356797][ T5419] hsr_slave_0: entered promiscuous mode [ 76.361339][ T5419] hsr_slave_1: entered promiscuous mode [ 77.089338][ T5419] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 77.094503][ T5419] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 77.100270][ T5419] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 77.105717][ T5419] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 77.165069][ T5419] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.179390][ T5419] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.188536][ T5210] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.191990][ T5210] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.206581][ T5210] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.209718][ T5210] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.261465][ T39] audit: type=1400 audit(1718986583.245:216): avc: denied { sys_module } for pid=5419 comm="syz-executor.0" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 77.335442][ T5419] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.369129][ T5419] veth0_vlan: entered promiscuous mode [ 77.378868][ T5419] veth1_vlan: entered promiscuous mode [ 77.406714][ T5419] veth0_macvtap: entered promiscuous mode [ 77.412934][ T5419] veth1_macvtap: entered promiscuous mode [ 77.429245][ T5419] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.438117][ T5419] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.446824][ T5419] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.450702][ T5419] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.454718][ T5419] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.458288][ T5419] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.518454][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.521482][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.547845][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.551928][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.598278][ T5473] loop0: detected capacity change from 0 to 128 [ 77.607885][ T5473] VFS: Found a Xenix FS (block size = 512) on device loop0 [ 77.620236][ T5473] sysv_free_block: flc_count > flc_size [ 77.623076][ T5473] sysv_free_block: flc_count > flc_size [ 77.626378][ T5473] sysv_free_block: flc_count > flc_size [ 77.628724][ T5473] sysv_free_block: flc_count > flc_size [ 77.631182][ T5473] sysv_free_block: flc_count > flc_size [ 77.634891][ T5473] sysv_free_block: flc_count > flc_size [ 77.637460][ T5473] sysv_free_block: flc_count > flc_size [ 77.639903][ T5473] sysv_free_block: flc_count > flc_size [ 77.641941][ T5473] sysv_free_block: flc_count > flc_size [ 77.644420][ T5473] sysv_free_block: flc_count > flc_size [ 77.650339][ T5473] ================================================================== [ 77.654134][ T5473] BUG: KASAN: use-after-free in sysv_new_block+0x7a7/0xa50 [ 77.657302][ T5473] Read of size 4 at addr ffff8880402fa0c8 by task syz-executor.0/5473 [ 77.662459][ T5473] [ 77.663356][ T5473] CPU: 3 PID: 5473 Comm: syz-executor.0 Not tainted 6.10.0-rc4-syzkaller-00148-g50736169ecc8 #0 [ 77.666983][ T5473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 77.670615][ T5473] Call Trace: [ 77.671927][ T5473] [ 77.673096][ T5473] dump_stack_lvl+0x116/0x1f0 [ 77.675137][ T5473] print_report+0xc3/0x620 [ 77.676963][ T5473] ? __virt_addr_valid+0x5e/0x580 [ 77.679125][ T5473] ? __phys_addr+0xc6/0x150 [ 77.680783][ T5473] kasan_report+0xd9/0x110 [ 77.682652][ T5473] ? sysv_new_block+0x7a7/0xa50 [ 77.684691][ T5473] ? sysv_new_block+0x7a7/0xa50 [ 77.686389][ T5473] sysv_new_block+0x7a7/0xa50 [ 77.688120][ T5473] get_block+0x261/0x1570 [ 77.689725][ T5473] ? __pfx_get_block+0x10/0x10 [ 77.691515][ T5473] ? __pfx_lock_release+0x10/0x10 [ 77.693368][ T5473] ? do_raw_spin_lock+0x12d/0x2c0 [ 77.695288][ T5473] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 77.697117][ T5473] ? _raw_spin_unlock+0x28/0x50 [ 77.698845][ T5473] ? create_empty_buffers+0x3a5/0x480 [ 77.700832][ T5473] ? __pfx_get_block+0x10/0x10 [ 77.702524][ T5473] __block_write_begin_int+0x4fb/0x16e0 [ 77.704485][ T5473] ? __pfx_get_block+0x10/0x10 [ 77.706199][ T5473] ? __pfx___block_write_begin_int+0x10/0x10 [ 77.708298][ T5473] block_write_begin+0xb1/0x4a0 [ 77.710178][ T5473] ? __pfx_get_block+0x10/0x10 [ 77.711941][ T5473] sysv_write_begin+0x31/0xe0 [ 77.714006][ T5473] generic_perform_write+0x272/0x620 [ 77.716145][ T5473] ? __pfx_generic_perform_write+0x10/0x10 [ 77.718758][ T5473] ? generic_write_checks+0x322/0x490 [ 77.721166][ T5473] __generic_file_write_iter+0x1fd/0x240 [ 77.723227][ T5473] generic_file_write_iter+0xe7/0x350 [ 77.725462][ T5473] vfs_write+0x6b6/0x1140 [ 77.727147][ T5473] ? __pfx_generic_file_write_iter+0x10/0x10 [ 77.729545][ T5473] ? __pfx___might_resched+0x10/0x10 [ 77.731455][ T5473] ? __pfx_vfs_write+0x10/0x10 [ 77.733182][ T5473] ? __pfx___mutex_lock+0x10/0x10 [ 77.734480][ T5203] Bluetooth: hci0: command tx timeout [ 77.735257][ T5473] ? __fget_files+0x256/0x400 [ 77.735282][ T5473] ksys_write+0x12f/0x260 [ 77.740695][ T5473] ? __pfx_ksys_write+0x10/0x10 [ 77.742763][ T5473] do_syscall_64+0xcd/0x250 [ 77.744865][ T5473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.747701][ T5473] RIP: 0033:0x7fcd9767dda9 [ 77.749585][ T5473] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 77.756623][ T5473] RSP: 002b:00007fcd983f10c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 77.759591][ T5473] RAX: ffffffffffffffda RBX: 00007fcd977abf80 RCX: 00007fcd9767dda9 [ 77.762494][ T5473] RDX: 00000000fffffd5e RSI: 000000002000ad00 RDI: 0000000000000004 [ 77.765367][ T5473] RBP: 00007fcd976ca47a R08: 0000000000000000 R09: 0000000000000000 [ 77.768352][ T5473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 77.771030][ T5473] R13: 000000000000000b R14: 00007fcd977abf80 R15: 00007fffa85f1ab8 [ 77.773691][ T5473] [ 77.774752][ T5473] [ 77.775578][ T5473] The buggy address belongs to the physical page: [ 77.777929][ T5473] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1a1 pfn:0x402fa [ 77.780951][ T5473] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 77.783357][ T5473] raw: 00fff00000000000 ffffea0000cab408 ffff88806b344bf0 0000000000000000 [ 77.786912][ T5473] raw: 00000000000001a1 0000000000000000 00000000ffffffff 0000000000000000 [ 77.790060][ T5473] page dumped because: kasan: bad access detected [ 77.792398][ T5473] page_owner tracks the page as freed [ 77.794551][ T5473] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 5467, tgid 5467 (dhcpcd-run-hook), ts 77465129141, free_ts 77581288849 [ 77.801070][ T5473] post_alloc_hook+0x2d1/0x350 [ 77.802708][ T5473] get_page_from_freelist+0x136a/0x2e50 [ 77.804570][ T5473] __alloc_pages_noprof+0x22b/0x2460 [ 77.806369][ T5473] alloc_pages_mpol_noprof+0x275/0x610 [ 77.808268][ T5473] vma_alloc_folio_noprof+0xad/0x1f0 [ 77.810114][ T5473] do_wp_page+0x1acd/0x3340 [ 77.811688][ T5473] __handle_mm_fault+0x2311/0x5410 [ 77.813440][ T5473] handle_mm_fault+0x476/0xa00 [ 77.815094][ T5473] do_user_addr_fault+0x426/0xe50 [ 77.816821][ T5473] exc_page_fault+0x5c/0xc0 [ 77.818484][ T5473] asm_exc_page_fault+0x26/0x30 [ 77.820303][ T5473] page last free pid 5467 tgid 5467 stack trace: [ 77.822471][ T5473] free_unref_folios+0x991/0x1310 [ 77.824283][ T5473] folios_put_refs+0x487/0x6d0 [ 77.826169][ T5473] free_pages_and_swap_cache+0x36d/0x510 [ 77.828512][ T5473] __tlb_batch_free_encoded_pages+0xf9/0x290 [ 77.830883][ T5473] tlb_finish_mmu+0x168/0x7b0 [ 77.832477][ T5473] exit_mmap+0x3d1/0xb20 [ 77.833943][ T5473] __mmput+0x12a/0x4d0 [ 77.835330][ T5473] mmput+0x62/0x70 [ 77.836607][ T5473] do_exit+0x9b7/0x2ba0 [ 77.838020][ T5473] do_group_exit+0xd3/0x2a0 [ 77.839634][ T5473] __x64_sys_exit_group+0x3e/0x50 [ 77.841466][ T5473] do_syscall_64+0xcd/0x250 [ 77.843095][ T5473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.845403][ T5473] [ 77.846271][ T5473] Memory state around the buggy address: [ 77.848334][ T5473] ffff8880402f9f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.851840][ T5473] ffff8880402fa000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.855382][ T5473] >ffff8880402fa080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.858901][ T5473] ^ [ 77.861973][ T5473] ffff8880402fa100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.865678][ T5473] ffff8880402fa180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.869127][ T5473] ================================================================== [ 77.872649][ T5473] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 77.875414][ T5473] CPU: 2 PID: 5473 Comm: syz-executor.0 Not tainted 6.10.0-rc4-syzkaller-00148-g50736169ecc8 #0 [ 77.880133][ T5473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 77.884690][ T5473] Call Trace: [ 77.886188][ T5473] [ 77.887499][ T5473] dump_stack_lvl+0x3d/0x1f0 [ 77.889565][ T5473] panic+0x6f5/0x7a0 [ 77.891317][ T5473] ? __pfx_panic+0x10/0x10 [ 77.893365][ T5473] ? irqentry_exit+0x3b/0x90 [ 77.895624][ T5473] ? lockdep_hardirqs_on+0x7c/0x110 [ 77.898142][ T5473] ? preempt_schedule_thunk+0x1a/0x30 [ 77.900614][ T5473] ? preempt_schedule_common+0x44/0xc0 [ 77.903051][ T5473] ? check_panic_on_warn+0x1f/0xb0 [ 77.905312][ T5473] check_panic_on_warn+0xab/0xb0 [ 77.907457][ T5473] end_report+0x117/0x180 [ 77.909411][ T5473] kasan_report+0xe9/0x110 [ 77.911426][ T5473] ? sysv_new_block+0x7a7/0xa50 [ 77.913541][ T5473] ? sysv_new_block+0x7a7/0xa50 [ 77.915572][ T5473] sysv_new_block+0x7a7/0xa50 [ 77.917824][ T5473] get_block+0x261/0x1570 [ 77.920023][ T5473] ? __pfx_get_block+0x10/0x10 [ 77.922257][ T5473] ? __pfx_lock_release+0x10/0x10 [ 77.924717][ T5473] ? do_raw_spin_lock+0x12d/0x2c0 [ 77.926957][ T5473] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 77.929238][ T5473] ? _raw_spin_unlock+0x28/0x50 [ 77.931413][ T5473] ? create_empty_buffers+0x3a5/0x480 [ 77.933774][ T5473] ? __pfx_get_block+0x10/0x10 [ 77.935919][ T5473] __block_write_begin_int+0x4fb/0x16e0 [ 77.938392][ T5473] ? __pfx_get_block+0x10/0x10 [ 77.940544][ T5473] ? __pfx___block_write_begin_int+0x10/0x10 [ 77.943341][ T5473] block_write_begin+0xb1/0x4a0 [ 77.945530][ T5473] ? __pfx_get_block+0x10/0x10 [ 77.947697][ T5473] sysv_write_begin+0x31/0xe0 [ 77.949798][ T5473] generic_perform_write+0x272/0x620 [ 77.952206][ T5473] ? __pfx_generic_perform_write+0x10/0x10 [ 77.954968][ T5473] ? generic_write_checks+0x322/0x490 [ 77.957553][ T5473] __generic_file_write_iter+0x1fd/0x240 [ 77.960147][ T5473] generic_file_write_iter+0xe7/0x350 [ 77.962549][ T5473] vfs_write+0x6b6/0x1140 [ 77.964474][ T5473] ? __pfx_generic_file_write_iter+0x10/0x10 [ 77.967136][ T5473] ? __pfx___might_resched+0x10/0x10 [ 77.969502][ T5473] ? __pfx_vfs_write+0x10/0x10 [ 77.971672][ T5473] ? __pfx___mutex_lock+0x10/0x10 [ 77.973939][ T5473] ? __fget_files+0x256/0x400 [ 77.976183][ T5473] ksys_write+0x12f/0x260 [ 77.978166][ T5473] ? __pfx_ksys_write+0x10/0x10 [ 77.980337][ T5473] do_syscall_64+0xcd/0x250 [ 77.982389][ T5473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.985016][ T5473] RIP: 0033:0x7fcd9767dda9 [ 77.987025][ T5473] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 77.995448][ T5473] RSP: 002b:00007fcd983f10c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 77.999085][ T5473] RAX: ffffffffffffffda RBX: 00007fcd977abf80 RCX: 00007fcd9767dda9 [ 78.002557][ T5473] RDX: 00000000fffffd5e RSI: 000000002000ad00 RDI: 0000000000000004 [ 78.006062][ T5473] RBP: 00007fcd976ca47a R08: 0000000000000000 R09: 0000000000000000 [ 78.009500][ T5473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 78.012990][ T5473] R13: 000000000000000b R14: 00007fcd977abf80 R15: 00007fffa85f1ab8 [ 78.016413][ T5473] [ 78.018266][ T5473] Kernel Offset: disabled [ 78.019758][ T5473] Rebooting in 86400 seconds..