Warning: Permanently added '10.128.1.145' (ED25519) to the list of known hosts. 2023/08/29 22:46:15 ignoring optional flag "sandboxArg"="0" 2023/08/29 22:46:15 parsed 1 programs 2023/08/29 22:46:15 executed programs: 0 [ 50.616965][ T1919] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 50.649534][ T43] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 50.659315][ T1258] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 50.666806][ T1258] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 50.692353][ T1933] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 50.699579][ T1933] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 50.708562][ T1933] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 50.716141][ T1933] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 50.723631][ T1933] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 50.730977][ T1933] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 50.738058][ T1933] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 50.748857][ T1941] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 50.749906][ T1946] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 50.756076][ T1941] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 50.769027][ T1408] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 50.777348][ T1408] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 50.784521][ T1946] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 50.791979][ T1952] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 50.791990][ T1946] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 50.799204][ T1952] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 50.806095][ T1408] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 50.820921][ T1946] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 50.831881][ T1946] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 50.839662][ T1408] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 50.847149][ T1408] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 50.854950][ T1408] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 50.874193][ T1933] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 50.877066][ T1408] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 50.888661][ T1933] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 50.888738][ T1408] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 50.903433][ T1933] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 50.904064][ T1408] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 50.918119][ T1933] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 50.925243][ T1933] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 50.933378][ T1933] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 50.941164][ T1933] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 50.949591][ T1408] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 51.642570][ T1925] chnl_net:caif_netlink_parms(): no params data found [ 51.652391][ T1940] chnl_net:caif_netlink_parms(): no params data found [ 51.710604][ T1931] chnl_net:caif_netlink_parms(): no params data found [ 51.757958][ T1948] chnl_net:caif_netlink_parms(): no params data found [ 51.863191][ T1945] chnl_net:caif_netlink_parms(): no params data found [ 51.872624][ T1937] chnl_net:caif_netlink_parms(): no params data found [ 52.836559][ T1408] Bluetooth: hci1: command 0x0409 tx timeout [ 52.836659][ T43] Bluetooth: hci0: command 0x0409 tx timeout [ 52.916638][ T43] Bluetooth: hci2: command 0x0409 tx timeout [ 52.916689][ T1408] Bluetooth: hci3: command 0x0409 tx timeout [ 52.996573][ T1408] Bluetooth: hci5: command 0x0409 tx timeout [ 52.996748][ T43] Bluetooth: hci4: command 0x0409 tx timeout [ 54.916733][ T43] Bluetooth: hci0: command 0x041b tx timeout [ 54.917190][ T1408] Bluetooth: hci1: command 0x041b tx timeout [ 54.996795][ T43] Bluetooth: hci2: command 0x041b tx timeout [ 54.996822][ T1408] Bluetooth: hci3: command 0x041b tx timeout [ 55.076627][ T43] Bluetooth: hci4: command 0x041b tx timeout [ 55.077519][ T1408] Bluetooth: hci5: command 0x041b tx timeout [ 56.996871][ T43] Bluetooth: hci1: command 0x040f tx timeout [ 56.996880][ T1408] Bluetooth: hci0: command 0x040f tx timeout [ 57.076704][ T43] Bluetooth: hci3: command 0x040f tx timeout [ 57.076711][ T1949] Bluetooth: hci2: command 0x040f tx timeout [ 57.156830][ T1949] Bluetooth: hci5: command 0x040f tx timeout [ 57.162866][ T1949] Bluetooth: hci4: command 0x040f tx timeout [ 59.076610][ T1949] Bluetooth: hci0: command 0x0419 tx timeout [ 59.082653][ T1949] Bluetooth: hci1: command 0x0419 tx timeout [ 59.156589][ T1949] Bluetooth: hci2: command 0x0419 tx timeout [ 59.162634][ T1949] Bluetooth: hci3: command 0x0419 tx timeout [ 59.236737][ T1949] Bluetooth: hci4: command 0x0419 tx timeout [ 59.243733][ T1949] Bluetooth: hci5: command 0x0419 tx timeout [ 59.862286][ T1925] 8021q: adding VLAN 0 to HW filter on device bond0 [ 59.900988][ T1948] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.077731][ T1940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.264167][ T1931] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.396244][ T1937] 8021q: adding VLAN 0 to HW filter on device bond0 [ 60.535031][ T1945] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.313807][ T1948] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.443174][ T1925] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.604807][ T1940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.831037][ T1937] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.990870][ T1931] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.244230][ T1945] 8021q: adding VLAN 0 to HW filter on device batadv0 2023/08/29 22:46:40 executed programs: 6 [ 77.074476][ T4579] ================================================================== [ 77.082585][ T4579] BUG: KASAN: slab-use-after-free in afs_dynroot_test_super+0x51/0xb0 [ 77.090816][ T4579] Read of size 8 at addr ffff88810ab1cdc0 by task syz-executor.5/4579 [ 77.098955][ T4579] [ 77.101259][ T4579] CPU: 0 PID: 4579 Comm: syz-executor.5 Not tainted 6.5.0-rc1-syzkaller #0 [ 77.109821][ T4579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 77.120128][ T4579] Call Trace: [ 77.123387][ T4579] [ 77.126302][ T4579] dump_stack_lvl+0xf8/0x260 [ 77.130999][ T4579] ? nf_tcp_handle_invalid+0x300/0x300 [ 77.136433][ T4579] ? panic+0x410/0x410 [ 77.140487][ T4579] ? vprintk_emit+0x119/0x1f0 [ 77.145139][ T4579] ? _printk+0xce/0x110 [ 77.149262][ T4579] print_report+0x163/0x540 [ 77.153825][ T4579] ? afs_dynroot_test_super+0x51/0xb0 [ 77.159202][ T4579] kasan_report+0x175/0x1b0 [ 77.163764][ T4579] ? afs_dynroot_test_super+0x51/0xb0 [ 77.169112][ T4579] afs_dynroot_test_super+0x51/0xb0 [ 77.174460][ T4579] ? afs_get_tree+0xe30/0xe30 [ 77.179107][ T4579] sget_fc+0x10f/0x560 [ 77.183347][ T4579] ? afs_test_super+0x1a0/0x1a0 [ 77.188183][ T4579] afs_get_tree+0x55f/0xe30 [ 77.192654][ T4579] ? security_capable+0x3f/0x90 [ 77.197486][ T4579] vfs_get_tree+0x7e/0x190 [ 77.201959][ T4579] do_new_mount+0x1e5/0x8f0 [ 77.206475][ T4579] ? do_move_mount_old+0x120/0x120 [ 77.211564][ T4579] ? user_path_at_empty+0xf1/0x140 [ 77.216648][ T4579] __se_sys_mount+0x242/0x2d0 [ 77.221382][ T4579] ? __x64_sys_mount+0xc0/0xc0 [ 77.226213][ T4579] ? switch_fpu_return+0xcd/0x130 [ 77.231277][ T4579] do_syscall_64+0x41/0xc0 [ 77.235676][ T4579] ? syscall_exit_to_user_mode+0x2b/0x1d0 [ 77.241371][ T4579] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.247327][ T4579] RIP: 0033:0x7f1fe667cae9 [ 77.251722][ T4579] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 77.271481][ T4579] RSP: 002b:00007f1fe73440c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 77.279950][ T4579] RAX: ffffffffffffffda RBX: 00007f1fe679bf80 RCX: 00007f1fe667cae9 [ 77.288100][ T4579] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 0000000000000000 [ 77.296388][ T4579] RBP: 00007f1fe66c847a R08: 0000000020000480 R09: 0000000000000000 [ 77.304418][ T4579] R10: 0000000002010800 R11: 0000000000000246 R12: 0000000000000000 [ 77.312546][ T4579] R13: 0000000000000006 R14: 00007f1fe679bf80 R15: 00007ffd5b875af8 [ 77.320490][ T4579] [ 77.323478][ T4579] [ 77.325775][ T4579] Allocated by task 4573: [ 77.330168][ T4579] kasan_set_track+0x4f/0x70 [ 77.334763][ T4579] __kasan_kmalloc+0x98/0xb0 [ 77.339496][ T4579] afs_get_tree+0xac/0xe30 [ 77.343891][ T4579] vfs_get_tree+0x7e/0x190 [ 77.348277][ T4579] do_new_mount+0x1e5/0x8f0 [ 77.352798][ T4579] __se_sys_mount+0x242/0x2d0 [ 77.357440][ T4579] do_syscall_64+0x41/0xc0 [ 77.361849][ T4579] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.367706][ T4579] [ 77.370005][ T4579] Freed by task 4573: [ 77.373950][ T4579] kasan_set_track+0x4f/0x70 [ 77.378510][ T4579] kasan_save_free_info+0x28/0x40 [ 77.383500][ T4579] ____kasan_slab_free+0x122/0x1e0 [ 77.388585][ T4579] __kmem_cache_free+0x294/0x450 [ 77.393488][ T4579] deactivate_locked_super+0x80/0x1c0 [ 77.398826][ T4579] cleanup_mnt+0x2a6/0x320 [ 77.403206][ T4579] task_work_run+0x20a/0x280 [ 77.407849][ T4579] exit_to_user_mode_loop+0xa4/0xb0 [ 77.413013][ T4579] exit_to_user_mode_prepare+0x64/0xb0 [ 77.418464][ T4579] syscall_exit_to_user_mode+0x2b/0x1d0 [ 77.423974][ T4579] do_syscall_64+0x4d/0xc0 [ 77.428361][ T4579] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 77.434307][ T4579] [ 77.436606][ T4579] The buggy address belongs to the object at ffff88810ab1cdc0 [ 77.436606][ T4579] which belongs to the cache kmalloc-32 of size 32 [ 77.450712][ T4579] The buggy address is located 0 bytes inside of [ 77.450712][ T4579] freed 32-byte region [ffff88810ab1cdc0, ffff88810ab1cde0) [ 77.464560][ T4579] [ 77.466858][ T4579] The buggy address belongs to the physical page: [ 77.473501][ T4579] page:ffffea00042ac700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ab1c [ 77.483788][ T4579] anon flags: 0x100000000000200(slab|node=0|zone=2) [ 77.490344][ T4579] page_type: 0xffffffff() [ 77.494643][ T4579] raw: 0100000000000200 ffff888100041500 0000000000000000 dead000000000001 [ 77.503206][ T4579] raw: 0000000000000000 0000000000400040 00000001ffffffff 0000000000000000 [ 77.511753][ T4579] page dumped because: kasan: bad access detected [ 77.518133][ T4579] page_owner tracks the page as allocated [ 77.523910][ T4579] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY), pid 1288, tgid 1288 (rcS), ts 7605277977, free_ts 7120379117 [ 77.541232][ T4579] post_alloc_hook+0x26e/0x290 [ 77.545965][ T4579] get_page_from_freelist+0x3f4f/0x4160 [ 77.551508][ T4579] __alloc_pages+0x255/0x650 [ 77.556064][ T4579] alloc_slab_page+0x6a/0x160 [ 77.560800][ T4579] new_slab+0x70/0x260 [ 77.564835][ T4579] ___slab_alloc+0x833/0xd60 [ 77.569388][ T4579] __kmem_cache_alloc_node+0x1a6/0x260 [ 77.574811][ T4579] __kmalloc+0x99/0x1d0 [ 77.578958][ T4579] tomoyo_encode+0xaa/0x480 [ 77.583425][ T4579] tomoyo_realpath_from_path+0x4a6/0x4e0 [ 77.589296][ T4579] tomoyo_init_log+0xff0/0x1fb0 [ 77.594226][ T4579] tomoyo_supervisor+0x312/0xfa0 [ 77.599221][ T4579] tomoyo_env_perm+0x131/0x1e0 [ 77.603950][ T4579] tomoyo_find_next_domain+0xf49/0x16f0 [ 77.609485][ T4579] tomoyo_bprm_check_security+0xd4/0x100 [ 77.615189][ T4579] security_bprm_check+0x27/0x70 [ 77.620143][ T4579] page last free stack trace: [ 77.624780][ T4579] free_unref_page_prepare+0x800/0x920 [ 77.630204][ T4579] free_unref_page+0x37/0x3c0 [ 77.634866][ T4579] kasan_depopulate_vmalloc_pte+0x74/0x90 [ 77.640724][ T4579] __apply_to_page_range+0x754/0x8c0 [ 77.645976][ T4579] kasan_release_vmalloc+0x9a/0xb0 [ 77.651067][ T4579] __purge_vmap_area_lazy+0x1324/0x1550 [ 77.656589][ T4579] _vm_unmap_aliases+0x62e/0x6b0 [ 77.661577][ T4579] change_page_attr_set_clr+0x209/0xce0 [ 77.667234][ T4579] set_memory_nx+0xcf/0x110 [ 77.671828][ T4579] free_initmem+0x83/0xb0 [ 77.676143][ T4579] kernel_init+0x2c/0x1a0 [ 77.680443][ T4579] ret_from_fork+0x1f/0x30 [ 77.684828][ T4579] [ 77.687131][ T4579] Memory state around the buggy address: [ 77.692730][ T4579] ffff88810ab1cc80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 77.700851][ T4579] ffff88810ab1cd00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 77.708876][ T4579] >ffff88810ab1cd80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 77.716989][ T4579] ^ [ 77.723125][ T4579] ffff88810ab1ce00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 77.731416][ T4579] ffff88810ab1ce80: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc [ 77.739460][ T4579] ================================================================== [ 77.747852][ T4579] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 77.755450][ T4579] Kernel Offset: disabled [ 77.759795][ T4579] Rebooting in 86400 seconds..