Warning: Permanently added '10.128.10.44' (ECDSA) to the list of known hosts. 2023/05/17 23:45:57 ignoring optional flag "sandboxArg"="0" 2023/05/17 23:45:57 parsed 1 programs [ 68.679934][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 68.679942][ T26] audit: type=1400 audit(1684367157.873:201): avc: denied { getattr } for pid=5321 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 68.717293][ T26] audit: type=1400 audit(1684367157.873:202): avc: denied { read } for pid=5321 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 2023/05/17 23:45:57 executed programs: 0 [ 68.757443][ T26] audit: type=1400 audit(1684367157.873:203): avc: denied { open } for pid=5321 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 68.783480][ T26] audit: type=1400 audit(1684367157.913:204): avc: denied { mounton } for pid=5326 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 68.810551][ T26] audit: type=1400 audit(1684367157.913:205): avc: denied { mount } for pid=5326 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 68.820455][ T4986] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.843210][ T4986] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.851544][ T4986] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.859679][ T4986] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.868192][ T4986] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 68.878487][ T4986] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.892959][ T26] audit: type=1400 audit(1684367158.083:206): avc: denied { mounton } for pid=5334 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 68.976546][ T5334] chnl_net:caif_netlink_parms(): no params data found [ 69.014748][ T5334] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.021909][ T5334] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.029990][ T5334] bridge_slave_0: entered allmulticast mode [ 69.036782][ T5334] bridge_slave_0: entered promiscuous mode [ 69.044346][ T5334] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.051509][ T5334] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.059117][ T5334] bridge_slave_1: entered allmulticast mode [ 69.066389][ T5334] bridge_slave_1: entered promiscuous mode [ 69.085814][ T5334] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.096869][ T5334] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.118363][ T5334] team0: Port device team_slave_0 added [ 69.126136][ T5334] team0: Port device team_slave_1 added [ 69.141847][ T5334] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.149465][ T5334] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.176499][ T5334] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.190712][ T5334] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.198153][ T5334] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.225195][ T5334] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.252748][ T5334] hsr_slave_0: entered promiscuous mode [ 69.258870][ T5334] hsr_slave_1: entered promiscuous mode [ 69.930884][ T5334] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 69.940610][ T5334] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 69.951451][ T5334] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 69.961507][ T5334] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.030683][ T5334] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.045307][ T4997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 70.054082][ T4997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 70.064908][ T5334] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.093553][ T4997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 70.103214][ T4997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 70.113149][ T4997] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.120489][ T4997] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.129530][ T4997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 70.138515][ T4997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 70.147568][ T4997] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.154872][ T4997] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.162602][ T4997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 70.171800][ T4997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 70.180856][ T4997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 70.189952][ T4997] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 70.206952][ T5334] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 70.217993][ T5334] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 70.234086][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 70.242352][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 70.252097][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 70.260842][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 70.270171][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 70.278661][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 70.288475][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 70.297933][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 70.307651][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 70.347138][ T26] audit: type=1400 audit(1684367159.543:207): avc: denied { sys_module } for pid=5334 comm="syz-executor.0" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 70.445639][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 70.453139][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 70.467278][ T5334] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.487869][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 70.497344][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 70.516000][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 70.525669][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 70.535605][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 70.545147][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 70.555317][ T5334] veth0_vlan: entered promiscuous mode [ 70.567682][ T5334] veth1_vlan: entered promiscuous mode [ 70.595263][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 70.605191][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 70.613891][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 70.623101][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 70.635997][ T5334] veth0_macvtap: entered promiscuous mode [ 70.648391][ T5334] veth1_macvtap: entered promiscuous mode [ 70.666702][ T5334] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.674815][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 70.683013][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 70.692836][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 70.702132][ T899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 70.715385][ T5334] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.725310][ T5396] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 70.734978][ T5396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 70.746727][ T5334] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.756272][ T5334] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.765932][ T5334] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.775449][ T5334] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.830887][ T1003] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.851782][ T1003] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.871893][ T5396] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 70.889320][ T1003] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.900336][ T1003] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.912061][ T5396] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 70.926374][ T26] audit: type=1400 audit(1684367160.113:208): avc: denied { mounton } for pid=5334 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=2323 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 70.951246][ T4986] Bluetooth: hci0: command 0x0409 tx timeout [ 71.005837][ T5439] loop0: detected capacity change from 0 to 16 [ 71.014721][ T26] audit: type=1400 audit(1684367160.213:209): avc: denied { mounton } for pid=5438 comm="syz-executor.0" path="/root/syzkaller-testdir3474559624/syzkaller.Mbkf3s/0/file1" dev="sda1" ino=1937 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 71.046165][ T5439] erofs: (device loop0): EXPERIMENTAL compressed fragments feature in use. Use at your own risk! [ 71.057685][ T5439] erofs: (device loop0): EXPERIMENTAL global deduplication feature in use. Use at your own risk! [ 71.070279][ T5439] general protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 [#1] PREEMPT SMP KASAN [ 71.083057][ T5439] KASAN: null-ptr-deref in range [0x00000000000000c8-0x00000000000000cf] [ 71.091557][ T5439] CPU: 0 PID: 5439 Comm: syz-executor.0 Not tainted 6.3.0-rc6-syzkaller #0 [ 71.100319][ T5439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023 [ 71.110635][ T5439] RIP: 0010:erofs_bread+0x50/0x5e0 [ 71.115829][ T5439] Code: fb 48 83 ec 10 80 3c 02 00 0f 85 f2 04 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 03 48 8d b8 ca 00 00 00 48 89 f9 48 c1 e9 03 <0f> b6 14 11 48 89 f9 83 e1 07 38 ca 7f 08 84 d2 0f 85 2e 04 00 00 [ 71.135881][ T5439] RSP: 0018:ffffc9000326f988 EFLAGS: 00010202 [ 71.142129][ T5439] RAX: 0000000000000000 RBX: ffffc9000326faf8 RCX: 0000000000000019 [ 71.150069][ T5439] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 00000000000000ca [ 71.158197][ T5439] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffff903abd67 [ 71.166766][ T5439] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001 [ 71.175160][ T5439] R13: 0000000000000000 R14: ffff88802a794b80 R15: ffff888077cee000 [ 71.183202][ T5439] FS: 00007f69cfefd700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 71.192127][ T5439] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.198880][ T5439] CR2: 00007ffe31313d28 CR3: 0000000075e96000 CR4: 00000000003506f0 [ 71.206917][ T5439] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.214862][ T5439] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.222831][ T5439] Call Trace: [ 71.226134][ T5439] [ 71.229427][ T5439] erofs_read_metadata+0x9a/0x410 [ 71.234608][ T5439] ? rcu_is_watching+0x12/0xb0 [ 71.239478][ T5439] ? __kmalloc+0xf2/0x190 [ 71.244320][ T5439] erofs_xattr_prefixes_init+0x326/0x4f0 [ 71.250021][ T5439] ? new_inode+0x1bf/0x240 [ 71.254582][ T5439] ? erofs_xattr_prefixes_cleanup+0x200/0x200 [ 71.261054][ T5439] ? do_raw_spin_lock+0x124/0x2b0 [ 71.266225][ T5439] ? do_raw_spin_unlock+0x175/0x230 [ 71.271398][ T5439] ? _raw_spin_unlock+0x28/0x40 [ 71.276497][ T5439] erofs_fc_fill_super+0x15cb/0x28d0 [ 71.281928][ T5439] ? erofs_read_metadata+0x410/0x410 [ 71.287285][ T5439] ? vsprintf+0x20/0x20 [ 71.291694][ T5439] ? sget_fc+0x539/0x700 [ 71.295927][ T5439] get_tree_bdev+0x39c/0x680 [ 71.300695][ T5439] ? erofs_read_metadata+0x410/0x410 [ 71.305953][ T5439] vfs_get_tree+0x83/0x320 [ 71.310352][ T5439] path_mount+0x82d/0x1a30 [ 71.314909][ T5439] ? finish_automount+0x7c0/0x7c0 [ 71.319902][ T5439] ? lockdep_hardirqs_on+0x7d/0x100 [ 71.325073][ T5439] ? getname_flags.part.0+0x89/0x440 [ 71.330325][ T5439] __x64_sys_mount+0x1f9/0x270 [ 71.335059][ T5439] ? copy_mnt_ns+0xa30/0xa30 [ 71.339716][ T5439] ? syscall_enter_from_user_mode+0x26/0x80 [ 71.345843][ T5439] do_syscall_64+0x39/0xb0 [ 71.350400][ T5439] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 71.356433][ T5439] RIP: 0033:0x7f69cf28d69a [ 71.360919][ T5439] Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 71.381548][ T5439] RSP: 002b:00007f69cfefcf88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 71.389951][ T5439] RAX: ffffffffffffffda RBX: 00000000000001da RCX: 00007f69cf28d69a [ 71.398135][ T5439] RDX: 0000000020000180 RSI: 0000000020000140 RDI: 00007f69cfefcfe0 [ 71.406256][ T5439] RBP: 00007f69cfefd020 R08: 00007f69cfefd020 R09: 0000000001000801 [ 71.414284][ T5439] R10: 0000000001000801 R11: 0000000000000246 R12: 0000000020000180 [ 71.422505][ T5439] R13: 0000000020000140 R14: 00007f69cfefcfe0 R15: 00000000200005c0 [ 71.430476][ T5439] [ 71.433469][ T5439] Modules linked in: [ 71.442173][ T21] cfg80211: failed to load regulatory.db [ 71.455240][ T5439] ---[ end trace 0000000000000000 ]--- [ 71.463996][ T5439] RIP: 0010:erofs_bread+0x50/0x5e0 [ 71.469492][ T5439] Code: fb 48 83 ec 10 80 3c 02 00 0f 85 f2 04 00 00 48 ba 00 00 00 00 00 fc ff df 48 8b 03 48 8d b8 ca 00 00 00 48 89 f9 48 c1 e9 03 <0f> b6 14 11 48 89 f9 83 e1 07 38 ca 7f 08 84 d2 0f 85 2e 04 00 00 [ 71.510183][ T5439] RSP: 0018:ffffc9000326f988 EFLAGS: 00010202 [ 71.519843][ T5439] RAX: 0000000000000000 RBX: ffffc9000326faf8 RCX: 0000000000000019 [ 71.533764][ T5439] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: 00000000000000ca [ 71.550396][ T5439] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffff903abd67 [ 71.558666][ T5439] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000001 [ 71.566837][ T5439] R13: 0000000000000000 R14: ffff88802a794b80 R15: ffff888077cee000 [ 71.575270][ T5439] FS: 00007f69cfefd700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 71.584348][ T5439] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.591276][ T5439] CR2: 000055843b2b4300 CR3: 0000000075e96000 CR4: 00000000003506f0 [ 71.600194][ T5439] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 71.608372][ T5439] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 71.616892][ T5439] Kernel panic - not syncing: Fatal exception [ 71.623214][ T5439] Kernel Offset: disabled [ 71.627521][ T5439] Rebooting in 86400 seconds..