Warning: Permanently added '10.128.10.63' (ED25519) to the list of known hosts. 2023/08/01 15:39:11 ignoring optional flag "sandboxArg"="0" 2023/08/01 15:39:12 parsed 1 programs [ 50.766614][ T24] audit: type=1400 audit(1690904352.024:168): avc: denied { getattr } for pid=2101 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 50.791199][ T24] audit: type=1400 audit(1690904352.024:169): avc: denied { read } for pid=2101 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 50.813313][ T24] audit: type=1400 audit(1690904352.024:170): avc: denied { open } for pid=2101 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 50.838615][ T24] audit: type=1400 audit(1690904352.084:171): avc: denied { mounton } for pid=2106 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 50.865611][ T24] audit: type=1400 audit(1690904352.084:172): avc: denied { mount } for pid=2106 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 50.889668][ T24] audit: type=1400 audit(1690904352.084:173): avc: denied { write } for pid=2106 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 50.910729][ T24] audit: type=1400 audit(1690904352.084:174): avc: denied { read } for pid=2106 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 50.931787][ T24] audit: type=1400 audit(1690904352.104:175): avc: denied { read } for pid=1419 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 50.953439][ T24] audit: type=1400 audit(1690904352.114:176): avc: denied { read } for pid=1419 comm="dhcpcd" name="n13" dev="tmpfs" ino=300 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 50.975968][ T24] audit: type=1400 audit(1690904352.114:177): avc: denied { open } for pid=1419 comm="dhcpcd" path="/run/udev/data/n13" dev="tmpfs" ino=300 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 2023/08/01 15:39:14 executed programs: 0 [ 53.100045][ T2106] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 57.489270][ T2531] loop0: detected capacity change from 0 to 1024 [ 57.497422][ T24] kauditd_printk_skb: 2 callbacks suppressed [ 57.497428][ T24] audit: type=1400 audit(1690904358.754:180): avc: denied { mounton } for pid=2530 comm="syz-executor.0" path="/root/syzkaller-testdir644136859/syzkaller.CO0YH3/0/file0" dev="sda1" ino=1938 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 57.526181][ T2531] hfsplus: request for non-existent node 393216 in B*Tree [ 57.531932][ T24] audit: type=1400 audit(1690904358.764:181): avc: denied { mount } for pid=2530 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 57.539355][ T2531] hfsplus: request for non-existent node 393216 in B*Tree [ 57.569204][ T2531] ================================================================== [ 57.577597][ T2531] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x1d6/0x1f0 [ 57.585694][ T2531] Read of size 8 at addr ffff8881000969c0 by task syz-executor.0/2531 [ 57.594020][ T2531] [ 57.596362][ T2531] CPU: 0 PID: 2531 Comm: syz-executor.0 Not tainted 6.5.0-rc4-syzkaller #0 [ 57.605632][ T2531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 57.616280][ T2531] Call Trace: [ 57.619720][ T2531] [ 57.622740][ T2531] dump_stack_lvl+0x3d/0x60 [ 57.627494][ T2531] print_report+0xc4/0x620 [ 57.632351][ T2531] kasan_report+0xda/0x110 [ 57.636835][ T2531] ? hfsplus_bnode_read+0x1d6/0x1f0 [ 57.642454][ T2531] ? hfsplus_bnode_read+0x1d6/0x1f0 [ 57.648006][ T2531] hfsplus_bnode_read+0x1d6/0x1f0 [ 57.653456][ T2531] hfsplus_bnode_dump+0x2b6/0x360 [ 57.658940][ T2531] ? hfsplus_bnode_move+0x800/0x800 [ 57.664210][ T2531] ? hfsplus_bnode_write+0x250/0x250 [ 57.669573][ T2531] ? __mark_inode_dirty+0x6fe/0x8d0 [ 57.675024][ T2531] hfsplus_brec_remove+0x323/0x430 [ 57.680292][ T2531] __hfsplus_delete_attr+0x264/0x350 [ 57.685924][ T2531] ? hfsplus_find_exit+0xc0/0xc0 [ 57.691772][ T2531] ? hfsplus_part_find+0xb00/0xb00 [ 57.697657][ T2531] hfsplus_delete_all_attrs+0x203/0x2c0 [ 57.703828][ T2531] ? do_raw_spin_lock+0x12e/0x2b0 [ 57.709427][ T2531] ? hfsplus_delete_attr+0x290/0x290 [ 57.715653][ T2531] ? spin_bug+0x1d0/0x1d0 [ 57.720051][ T2531] ? rcu_is_watching+0x15/0xb0 [ 57.724893][ T2531] ? __mark_inode_dirty+0x799/0x8d0 [ 57.730659][ T2531] hfsplus_delete_cat+0x781/0xd90 [ 57.736753][ T2531] ? hfsplus_create_cat+0xf90/0xf90 [ 57.742313][ T2531] ? avc_has_perm_noaudit+0x10a/0x170 [ 57.748446][ T2531] ? avc_has_perm_noaudit+0x170/0x170 [ 57.755162][ T2531] ? __lock_acquire.constprop.0+0x486/0xf20 [ 57.761781][ T2531] hfsplus_unlink+0x1f2/0x790 [ 57.766564][ T2531] ? hfsplus_symlink+0x250/0x250 [ 57.771929][ T2531] vfs_unlink+0x294/0x800 [ 57.776505][ T2531] do_unlinkat+0x30e/0x590 [ 57.781188][ T2531] ? __ia32_sys_rmdir+0xf0/0xf0 [ 57.786458][ T2531] ? __check_object_size+0x305/0x520 [ 57.792442][ T2531] ? getname_flags.part.0+0x88/0x430 [ 57.798984][ T2531] __x64_sys_unlink+0xa4/0xf0 [ 57.803841][ T2531] do_syscall_64+0x38/0x80 [ 57.808719][ T2531] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.814974][ T2531] RIP: 0033:0x7f39f787cb29 [ 57.820086][ T2531] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 57.845247][ T2531] RSP: 002b:00007f39f85e50c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 57.854372][ T2531] RAX: ffffffffffffffda RBX: 00007f39f799bf80 RCX: 00007f39f787cb29 [ 57.863282][ T2531] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 57.871440][ T2531] RBP: 00007f39f78c847a R08: 0000000000000000 R09: 0000000000000000 [ 57.879505][ T2531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 57.887662][ T2531] R13: 0000000000000006 R14: 00007f39f799bf80 R15: 00007ffff0f079d8 [ 57.895988][ T2531] [ 57.899017][ T2531] [ 57.901408][ T2531] Allocated by task 2531: [ 57.906056][ T2531] kasan_save_stack+0x33/0x50 [ 57.910882][ T2531] kasan_set_track+0x25/0x30 [ 57.915719][ T2531] __kasan_kmalloc+0xa3/0xb0 [ 57.920460][ T2531] __kmalloc+0x5d/0x160 [ 57.925126][ T2531] __hfs_bnode_create+0xed/0x7e0 [ 57.930127][ T2531] hfsplus_bnode_find+0x25c/0xae0 [ 57.935142][ T2531] hfsplus_brec_find+0x258/0x490 [ 57.940244][ T2531] hfsplus_delete_all_attrs+0x1f0/0x2c0 [ 57.945916][ T2531] hfsplus_delete_cat+0x781/0xd90 [ 57.951006][ T2531] hfsplus_unlink+0x1f2/0x790 [ 57.955660][ T2531] vfs_unlink+0x294/0x800 [ 57.959972][ T2531] do_unlinkat+0x30e/0x590 [ 57.964704][ T2531] __x64_sys_unlink+0xa4/0xf0 [ 57.969775][ T2531] do_syscall_64+0x38/0x80 [ 57.974277][ T2531] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 57.980855][ T2531] [ 57.983379][ T2531] Last potentially related work creation: [ 57.989659][ T2531] kasan_save_stack+0x33/0x50 [ 57.994360][ T2531] __kasan_record_aux_stack+0x78/0x80 [ 58.000432][ T2531] insert_work+0x45/0x360 [ 58.005188][ T2531] __queue_work+0x554/0xdc0 [ 58.009925][ T2531] queue_work_on+0x5a/0x80 [ 58.015148][ T2531] call_usermodehelper_exec+0x2ba/0x430 [ 58.021219][ T2531] __request_module+0x33a/0x4e0 [ 58.026153][ T2531] __rtnl_newlink+0x61a/0x1500 [ 58.031163][ T2531] rtnl_newlink+0x5d/0x90 [ 58.035475][ T2531] rtnetlink_rcv_msg+0x3a2/0x9c0 [ 58.040407][ T2531] netlink_rcv_skb+0x137/0x3a0 [ 58.045479][ T2531] netlink_unicast+0x41f/0x730 [ 58.050510][ T2531] netlink_sendmsg+0x7cd/0xc80 [ 58.055863][ T2531] sock_sendmsg+0xc0/0x150 [ 58.060304][ T2531] __sys_sendto+0x1f1/0x2b0 [ 58.065215][ T2531] __x64_sys_sendto+0xdb/0x1b0 [ 58.070024][ T2531] do_syscall_64+0x38/0x80 [ 58.074524][ T2531] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.080486][ T2531] [ 58.082790][ T2531] Second to last potentially related work creation: [ 58.089444][ T2531] kasan_save_stack+0x33/0x50 [ 58.094199][ T2531] __kasan_record_aux_stack+0x78/0x80 [ 58.099645][ T2531] insert_work+0x45/0x360 [ 58.103969][ T2531] __queue_work+0x554/0xdc0 [ 58.108636][ T2531] queue_work_on+0x5a/0x80 [ 58.113265][ T2531] call_usermodehelper_exec+0x2ba/0x430 [ 58.118796][ T2531] __request_module+0x33a/0x4e0 [ 58.123625][ T2531] dev_load+0xa6/0xb0 [ 58.127613][ T2531] dev_ioctl+0x389/0xd50 [ 58.131924][ T2531] sock_do_ioctl+0x19f/0x200 [ 58.136680][ T2531] sock_ioctl+0x353/0x550 [ 58.141165][ T2531] __x64_sys_ioctl+0x12b/0x1a0 [ 58.146169][ T2531] do_syscall_64+0x38/0x80 [ 58.150770][ T2531] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 58.156995][ T2531] [ 58.159310][ T2531] The buggy address belongs to the object at ffff888100096900 [ 58.159310][ T2531] which belongs to the cache kmalloc-192 of size 192 [ 58.173987][ T2531] The buggy address is located 40 bytes to the right of [ 58.173987][ T2531] allocated 152-byte region [ffff888100096900, ffff888100096998) [ 58.189858][ T2531] [ 58.192350][ T2531] The buggy address belongs to the physical page: [ 58.198928][ T2531] page:ffffea0004002580 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888100096f00 pfn:0x100096 [ 58.210961][ T2531] flags: 0x100000000000200(slab|node=0|zone=2) [ 58.217208][ T2531] page_type: 0x2() [ 58.221197][ T2531] raw: 0100000000000200 ffff888100040000 ffffea000401a810 ffffea0004369d10 [ 58.230297][ T2531] raw: ffff888100096f00 ffff888100096000 0000000100000002 0000000000000000 [ 58.239294][ T2531] page dumped because: kasan: bad access detected [ 58.245950][ T2531] page_owner tracks the page as allocated [ 58.251646][ T2531] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2420c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 1, tgid 1 (swapper/0), ts 2823732026, free_ts 0 [ 58.270404][ T2531] post_alloc_hook+0x281/0x2f0 [ 58.275336][ T2531] get_page_from_freelist+0x1131/0x3d90 [ 58.281045][ T2531] __alloc_pages+0x1d0/0x470 [ 58.285863][ T2531] cache_grow_begin+0x7c/0x330 [ 58.290814][ T2531] cache_alloc_refill+0x286/0x350 [ 58.296115][ T2531] __kmem_cache_alloc_node+0x383/0x3d0 [ 58.301721][ T2531] kmalloc_trace+0x25/0xb0 [ 58.306203][ T2531] call_usermodehelper_setup+0x74/0x2d0 [ 58.311743][ T2531] kobject_uevent_env+0xc47/0x1410 [ 58.316921][ T2531] device_add+0xe8a/0x1720 [ 58.321753][ T2531] __pnp_add_device+0x220/0x630 [ 58.326880][ T2531] pnp_add_device+0xa9/0x290 [ 58.331655][ T2531] pnpacpi_add_device_handler+0x4db/0x6c0 [ 58.337799][ T2531] acpi_ns_get_device_callback+0x231/0x3c0 [ 58.343721][ T2531] acpi_ns_walk_namespace+0x2e6/0x4b0 [ 58.349180][ T2531] acpi_get_devices+0x107/0x130 [ 58.354552][ T2531] page_owner free stack trace missing [ 58.360796][ T2531] [ 58.363108][ T2531] Memory state around the buggy address: [ 58.368807][ T2531] ffff888100096880: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.377399][ T2531] ffff888100096900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 58.386298][ T2531] >ffff888100096980: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 58.395413][ T2531] ^ [ 58.402084][ T2531] ffff888100096a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 58.410319][ T2531] ffff888100096a80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 58.418898][ T2531] ================================================================== [ 58.428521][ T2531] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 58.437296][ T2531] Kernel Offset: disabled [ 58.441885][ T2531] Rebooting in 86400 seconds..