Warning: Permanently added '10.128.1.143' (ED25519) to the list of known hosts.
2023/12/29 07:06:01 ignoring optional flag "sandboxArg"="0"
2023/12/29 07:06:02 parsed 1 programs
[  108.653784][   T27] kauditd_printk_skb: 74 callbacks suppressed
[  108.653803][   T27] audit: type=1400 audit(1703833562.124:203): avc:  denied  { getattr } for  pid=5406 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  108.685675][   T27] audit: type=1400 audit(1703833562.124:204): avc:  denied  { read } for  pid=5406 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  108.708449][   T27] audit: type=1400 audit(1703833562.124:205): avc:  denied  { open } for  pid=5406 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  108.735773][   T27] audit: type=1400 audit(1703833562.204:206): avc:  denied  { mounton } for  pid=5411 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[  108.762797][   T27] audit: type=1400 audit(1703833562.204:207): avc:  denied  { mount } for  pid=5411 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[  108.787936][   T27] audit: type=1400 audit(1703833562.204:208): avc:  denied  { read write } for  pid=5411 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  108.815096][   T27] audit: type=1400 audit(1703833562.234:209): avc:  denied  { open } for  pid=5411 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  108.866811][   T27] audit: type=1400 audit(1703833562.334:210): avc:  denied  { unlink } for  pid=5411 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[  109.371448][   T27] audit: type=1400 audit(1703833562.844:211): avc:  denied  { relabelto } for  pid=5413 comm="mkswap" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
2023/12/29 07:06:04 executed programs: 0
[  110.773208][ T5411] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  110.840325][ T5065] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  110.849109][ T5065] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  110.857510][ T5065] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  110.865545][ T5065] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  110.874257][ T5065] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  110.881671][ T5065] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  110.899667][   T27] audit: type=1400 audit(1703833564.364:212): avc:  denied  { mounton } for  pid=5417 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  111.062414][ T5417] chnl_net:caif_netlink_parms(): no params data found
[  111.140512][ T5417] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.147910][ T5417] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.155993][ T5417] bridge_slave_0: entered allmulticast mode
[  111.163600][ T5417] bridge_slave_0: entered promiscuous mode
[  111.172511][ T5417] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.180149][ T5417] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.187531][ T5417] bridge_slave_1: entered allmulticast mode
[  111.194923][ T5417] bridge_slave_1: entered promiscuous mode
[  111.234807][ T5417] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.247342][ T5417] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  111.284918][ T5417] team0: Port device team_slave_0 added
[  111.293952][ T5417] team0: Port device team_slave_1 added
[  111.328350][ T5417] batman_adv: batadv0: Adding interface: batadv_slave_0
[  111.335425][ T5417] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  111.362420][ T5417] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  111.375581][ T5417] batman_adv: batadv0: Adding interface: batadv_slave_1
[  111.382679][ T5417] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  111.408885][ T5417] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  111.460072][ T5417] hsr_slave_0: entered promiscuous mode
[  111.467558][ T5417] hsr_slave_1: entered promiscuous mode
[  112.361284][ T5417] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  112.377175][ T5417] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  112.390649][ T5417] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  112.404320][ T5417] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  112.551272][ T5417] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.588717][ T5417] 8021q: adding VLAN 0 to HW filter on device team0
[  112.603938][  T781] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.611219][  T781] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.642578][  T781] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.649846][  T781] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.919287][ T5417] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.950852][ T5065] Bluetooth: hci0: command 0x0409 tx timeout
[  113.007607][ T5417] veth0_vlan: entered promiscuous mode
[  113.029475][ T5417] veth1_vlan: entered promiscuous mode
[  113.084287][ T5417] veth0_macvtap: entered promiscuous mode
[  113.100125][ T5417] veth1_macvtap: entered promiscuous mode
[  113.129747][ T5417] batman_adv: batadv0: Interface activated: batadv_slave_0
[  113.153445][ T5417] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.171596][ T5417] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.187415][ T5417] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.197644][ T5417] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.207109][ T5417] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.327947][  T741] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.336096][  T741] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.404215][   T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.417934][   T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.574603][ T5480] loop0: detected capacity change from 0 to 4096
[  113.643953][ T5480] ntfs: volume version 3.1.
[  113.658838][ T5480] ==================================================================
[  113.668358][ T5480] BUG: KASAN: use-after-free in ntfs_lookup_inode_by_name+0x2fe2/0x3120
[  113.676823][ T5480] Read of size 8 at addr ffff88805edef55a by task syz-executor.0/5480
[  113.685282][ T5480] 
[  113.687618][ T5480] CPU: 0 PID: 5480 Comm: syz-executor.0 Not tainted 6.7.0-rc7-syzkaller-00029-g8735c7c84d1b #0
[  113.698146][ T5480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[  113.709623][ T5480] Call Trace:
[  113.712946][ T5480]  <TASK>
[  113.716186][ T5480]  dump_stack_lvl+0xd9/0x1b0
[  113.720916][ T5480]  print_report+0xc4/0x620
[  113.725368][ T5480]  ? __virt_addr_valid+0x5e/0x2d0
[  113.730434][ T5480]  ? __phys_addr+0xc6/0x140
[  113.734973][ T5480]  kasan_report+0xda/0x110
[  113.739418][ T5480]  ? ntfs_lookup_inode_by_name+0x2fe2/0x3120
[  113.745439][ T5480]  ? ntfs_lookup_inode_by_name+0x2fe2/0x3120
[  113.751715][ T5480]  ntfs_lookup_inode_by_name+0x2fe2/0x3120
[  113.757568][ T5480]  ? _raw_spin_unlock+0x28/0x40
[  113.762455][ T5480]  ? ntfs_read_locked_inode+0x5860/0x5860
[  113.768210][ T5480]  ? preempt_count_sub+0x160/0x160
[  113.773529][ T5480]  ntfs_fill_super+0x4622/0x9100
[  113.779492][ T5480]  ? parse_options+0x1db0/0x1db0
[  113.784649][ T5480]  ? lock_sync+0x190/0x190
[  113.789747][ T5480]  ? parse_options+0x1db0/0x1db0
[  113.795604][ T5480]  ? preempt_count_sub+0x160/0x160
[  113.801271][ T5480]  ? sb_set_blocksize+0xf6/0x120
[  113.806513][ T5480]  ? parse_options+0x1db0/0x1db0
[  113.811672][ T5480]  mount_bdev+0x1f3/0x2e0
[  113.816297][ T5480]  ? sget+0x640/0x640
[  113.820847][ T5480]  ? selinux_sb_eat_lsm_opts+0x594/0x700
[  113.826641][ T5480]  ? cap_capable+0x1cf/0x230
[  113.831623][ T5480]  ? ntfs_rl_punch_nolock+0x15d0/0x15d0
[  113.837301][ T5480]  legacy_get_tree+0x109/0x220
[  113.842358][ T5480]  vfs_get_tree+0x8c/0x370
[  113.850303][ T5480]  path_mount+0x1492/0x1ed0
[  113.855282][ T5480]  ? lockdep_hardirqs_on+0x7d/0x110
[  113.860698][ T5480]  ? finish_automount+0xa40/0xa40
[  113.865943][ T5480]  ? putname+0x12e/0x170
[  113.870223][ T5480]  __x64_sys_mount+0x293/0x310
[  113.875118][ T5480]  ? copy_mnt_ns+0xb60/0xb60
[  113.880015][ T5480]  ? syscall_enter_from_user_mode+0x7f/0x120
[  113.886143][ T5480]  do_syscall_64+0x40/0x110
[  113.890752][ T5480]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[  113.897144][ T5480] RIP: 0033:0x7f3f1be7e2aa
[  113.902304][ T5480] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  113.923623][ T5480] RSP: 002b:00007f3f1cb97ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  113.932433][ T5480] RAX: ffffffffffffffda RBX: 00007f3f1cb97f80 RCX: 00007f3f1be7e2aa
[  113.941592][ T5480] RDX: 000000002001ec80 RSI: 000000002001ecc0 RDI: 00007f3f1cb97f40
[  113.949947][ T5480] RBP: 000000002001ec80 R08: 00007f3f1cb97f80 R09: 0000000000000000
[  113.958400][ T5480] R10: 0000000000000000 R11: 0000000000000246 R12: 000000002001ecc0
[  113.967750][ T5480] R13: 00007f3f1cb97f40 R14: 000000000001ec6a R15: 000000002001ed00
[  113.976731][ T5480]  </TASK>
[  113.979876][ T5480] 
[  113.982212][ T5480] The buggy address belongs to the physical page:
[  113.988994][ T5480] page:ffffea00017b7bc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x5edef
[  114.000674][ T5480] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  114.008635][ T5480] page_type: 0xffffffff()
[  114.013268][ T5480] raw: 00fff00000000000 ffffea00017b7c08 ffffea00017b7b88 0000000000000000
[  114.021975][ T5480] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[  114.030848][ T5480] page dumped because: kasan: bad access detected
[  114.037721][ T5480] page_owner tracks the page as freed
[  114.043283][ T5480] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 5480, tgid 5479 (syz-executor.0), ts 113523344000, free_ts 113571161518
[  114.062957][ T5480]  post_alloc_hook+0x2d0/0x350
[  114.067757][ T5480]  get_page_from_freelist+0xa25/0x36d0
[  114.073439][ T5480]  __alloc_pages+0x22e/0x2420
[  114.078268][ T5480]  alloc_pages_mpol+0x258/0x5f0
[  114.083178][ T5480]  vma_alloc_folio+0xad/0x220
[  114.087883][ T5480]  __handle_mm_fault+0xe07/0x3d70
[  114.093084][ T5480]  handle_mm_fault+0x47a/0xa10
[  114.097990][ T5480]  do_user_addr_fault+0x30b/0x1000
[  114.103584][ T5480]  exc_page_fault+0x5d/0xc0
[  114.108387][ T5480]  asm_exc_page_fault+0x26/0x30
[  114.113262][ T5480] page last free stack trace:
[  114.117938][ T5480]  free_unref_page_prepare+0x4fa/0xaa0
[  114.123866][ T5480]  free_unref_page_list+0xe6/0xb40
[  114.129099][ T5480]  release_pages+0x32a/0x14f0
[  114.133990][ T5480]  tlb_batch_pages_flush+0x9a/0x190
[  114.139567][ T5480]  tlb_finish_mmu+0x14b/0x6f0
[  114.145150][ T5480]  unmap_region.constprop.0+0x2e6/0x3b0
[  114.151020][ T5480]  do_vmi_align_munmap+0xde6/0x1600
[  114.156584][ T5480]  do_vmi_munmap+0x20e/0x450
[  114.161724][ T5480]  __vm_munmap+0x144/0x390
[  114.166363][ T5480]  __x64_sys_munmap+0x62/0x80
[  114.171358][ T5480]  do_syscall_64+0x40/0x110
[  114.175904][ T5480]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[  114.181847][ T5480] 
[  114.184457][ T5480] Memory state around the buggy address:
[  114.190375][ T5480]  ffff88805edef400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  114.199777][ T5480]  ffff88805edef480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  114.208480][ T5480] >ffff88805edef500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  114.216835][ T5480]                                                     ^
[  114.223968][ T5480]  ffff88805edef580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  114.232602][ T5480]  ffff88805edef600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  114.240974][ T5480] ==================================================================
[  114.278038][ T5480] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  114.286074][ T5480] CPU: 0 PID: 5480 Comm: syz-executor.0 Not tainted 6.7.0-rc7-syzkaller-00029-g8735c7c84d1b #0
[  114.296604][ T5480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
[  114.307550][ T5480] Call Trace:
[  114.310994][ T5480]  <TASK>
[  114.314128][ T5480]  dump_stack_lvl+0xd9/0x1b0
[  114.318768][ T5480]  panic+0x6dc/0x790
[  114.322782][ T5480]  ? panic_smp_self_stop+0xa0/0xa0
[  114.328088][ T5480]  ? irqentry_exit+0x3b/0x80
[  114.332798][ T5480]  ? lockdep_hardirqs_on+0x7d/0x110
[  114.338197][ T5480]  ? preempt_schedule_thunk+0x1a/0x30
[  114.343593][ T5480]  ? preempt_schedule_common+0x45/0xc0
[  114.349253][ T5480]  ? check_panic_on_warn+0x1f/0xb0
[  114.354567][ T5480]  check_panic_on_warn+0xab/0xb0
[  114.359538][ T5480]  end_report+0x108/0x150
[  114.363963][ T5480]  kasan_report+0xea/0x110
[  114.368380][ T5480]  ? ntfs_lookup_inode_by_name+0x2fe2/0x3120
[  114.374570][ T5480]  ? ntfs_lookup_inode_by_name+0x2fe2/0x3120
[  114.380753][ T5480]  ntfs_lookup_inode_by_name+0x2fe2/0x3120
[  114.387032][ T5480]  ? _raw_spin_unlock+0x28/0x40
[  114.391981][ T5480]  ? ntfs_read_locked_inode+0x5860/0x5860
[  114.398156][ T5480]  ? preempt_count_sub+0x160/0x160
[  114.403279][ T5480]  ntfs_fill_super+0x4622/0x9100
[  114.408505][ T5480]  ? parse_options+0x1db0/0x1db0
[  114.413473][ T5480]  ? lock_sync+0x190/0x190
[  114.418195][ T5480]  ? parse_options+0x1db0/0x1db0
[  114.423237][ T5480]  ? preempt_count_sub+0x160/0x160
[  114.428343][ T5480]  ? sb_set_blocksize+0xf6/0x120
[  114.433581][ T5480]  ? parse_options+0x1db0/0x1db0
[  114.438603][ T5480]  mount_bdev+0x1f3/0x2e0
[  114.442937][ T5480]  ? sget+0x640/0x640
[  114.446919][ T5480]  ? selinux_sb_eat_lsm_opts+0x594/0x700
[  114.452578][ T5480]  ? cap_capable+0x1cf/0x230
[  114.457294][ T5480]  ? ntfs_rl_punch_nolock+0x15d0/0x15d0
[  114.463637][ T5480]  legacy_get_tree+0x109/0x220
[  114.468430][ T5480]  vfs_get_tree+0x8c/0x370
[  114.472891][ T5480]  path_mount+0x1492/0x1ed0
[  114.477418][ T5480]  ? lockdep_hardirqs_on+0x7d/0x110
[  114.482662][ T5480]  ? finish_automount+0xa40/0xa40
[  114.488650][ T5480]  ? putname+0x12e/0x170
[  114.492987][ T5480]  __x64_sys_mount+0x293/0x310
[  114.497754][ T5480]  ? copy_mnt_ns+0xb60/0xb60
[  114.502693][ T5480]  ? syscall_enter_from_user_mode+0x7f/0x120
[  114.508682][ T5480]  do_syscall_64+0x40/0x110
[  114.513186][ T5480]  entry_SYSCALL_64_after_hwframe+0x63/0x6b
[  114.519652][ T5480] RIP: 0033:0x7f3f1be7e2aa
[  114.524357][ T5480] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 09 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  114.544084][ T5480] RSP: 002b:00007f3f1cb97ee8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  114.552640][ T5480] RAX: ffffffffffffffda RBX: 00007f3f1cb97f80 RCX: 00007f3f1be7e2aa
[  114.561078][ T5480] RDX: 000000002001ec80 RSI: 000000002001ecc0 RDI: 00007f3f1cb97f40
[  114.569135][ T5480] RBP: 000000002001ec80 R08: 00007f3f1cb97f80 R09: 0000000000000000
[  114.577473][ T5480] R10: 0000000000000000 R11: 0000000000000246 R12: 000000002001ecc0
[  114.585738][ T5480] R13: 00007f3f1cb97f40 R14: 000000000001ec6a R15: 000000002001ed00
[  114.594151][ T5480]  </TASK>
[  114.598022][ T5480] Kernel Offset: disabled
[  114.602787][ T5480] Rebooting in 86400 seconds..