Warning: Permanently added '[localhost]:43541' (ED25519) to the list of known hosts. 2024/07/05 20:33:22 ignoring optional flag "sandboxArg"="0" 2024/07/05 20:33:22 parsed 1 programs [ 79.218683][ T39] audit: type=1400 audit(1720211603.001:134): avc: denied { getattr } for pid=5359 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 79.331088][ T39] audit: type=1400 audit(1720211603.111:135): avc: denied { unlink } for pid=5365 comm="syz-executor" name="swap-file" dev="sda1" ino=1931 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 81.565021][ T5365] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2024/07/05 20:33:25 executed programs: 0 [ 81.616991][ T65] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.622844][ T65] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.631524][ T65] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.643405][ T65] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.649647][ T65] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 81.653797][ T65] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.664111][ T39] audit: type=1400 audit(1720211605.441:136): avc: denied { mounton } for pid=5370 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 81.820160][ T5370] chnl_net:caif_netlink_parms(): no params data found [ 81.900396][ T10] cfg80211: failed to load regulatory.db [ 81.960051][ T5370] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.963248][ T5370] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.966468][ T5370] bridge_slave_0: entered allmulticast mode [ 81.971035][ T5370] bridge_slave_0: entered promiscuous mode [ 81.977174][ T5370] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.980930][ T5370] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.984266][ T5370] bridge_slave_1: entered allmulticast mode [ 81.988221][ T5370] bridge_slave_1: entered promiscuous mode [ 82.047185][ T5370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.054311][ T5370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.100814][ T5370] team0: Port device team_slave_0 added [ 82.106566][ T5370] team0: Port device team_slave_1 added [ 82.150093][ T5370] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.152669][ T5370] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.162126][ T5370] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.170073][ T5370] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.172953][ T5370] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.181625][ T5370] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.248836][ T5370] hsr_slave_0: entered promiscuous mode [ 82.251528][ T5370] hsr_slave_1: entered promiscuous mode [ 82.964579][ T5370] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.974189][ T5370] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.978721][ T5370] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.984133][ T5370] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.068217][ T5370] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.084872][ T5370] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.102698][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.105778][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.112205][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.114833][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.278877][ T5370] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.320901][ T5370] veth0_vlan: entered promiscuous mode [ 83.330919][ T5370] veth1_vlan: entered promiscuous mode [ 83.359572][ T5370] veth0_macvtap: entered promiscuous mode [ 83.364493][ T5370] veth1_macvtap: entered promiscuous mode [ 83.377759][ T5370] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.387526][ T5370] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.395284][ T5370] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.399470][ T5370] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.403041][ T5370] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.406262][ T5370] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.467307][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.471270][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.506014][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.510850][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.556903][ T5427] loop0: detected capacity change from 0 to 1024 [ 83.580314][ T39] audit: type=1400 audit(1720211607.361:137): avc: denied { mount } for pid=5426 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 83.587155][ T5427] hfsplus: request for non-existent node 184549376 in B*Tree [ 83.594530][ T5427] hfsplus: request for non-existent node 184549376 in B*Tree [ 83.599091][ T5427] ================================================================== [ 83.602259][ T5427] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x22a/0x240 [ 83.605611][ T5427] Read of size 8 at addr ffff88801aab0fc0 by task syz-executor.0/5427 [ 83.611121][ T5427] [ 83.612246][ T5427] CPU: 1 PID: 5427 Comm: syz-executor.0 Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0 [ 83.616860][ T5427] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 83.620678][ T5427] Call Trace: [ 83.621848][ T5427] [ 83.622956][ T5427] dump_stack_lvl+0x116/0x1f0 [ 83.624750][ T5427] print_report+0xc3/0x620 [ 83.626536][ T5427] ? __virt_addr_valid+0x5e/0x580 [ 83.628441][ T5427] ? __phys_addr+0xc6/0x150 [ 83.629988][ T5427] kasan_report+0xd9/0x110 [ 83.631713][ T5427] ? hfsplus_bnode_read+0x22a/0x240 [ 83.633919][ T5427] ? hfsplus_bnode_read+0x22a/0x240 [ 83.635652][ T5427] hfsplus_bnode_read+0x22a/0x240 [ 83.637438][ T5427] hfsplus_bnode_dump+0x2a2/0x3e0 [ 83.639304][ T5427] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 83.641484][ T5427] ? hfsplus_bnode_write_u16+0x84/0xb0 [ 83.643324][ T5427] ? hfsplus_bnode_move+0x2a/0x930 [ 83.645311][ T5427] ? __mark_inode_dirty+0x2a6/0xe70 [ 83.647186][ T5427] hfsplus_brec_remove+0x3e2/0x4f0 [ 83.648932][ T5427] __hfsplus_delete_attr+0x2a2/0x3b0 [ 83.651077][ T5427] ? __pfx_hfs_find_1st_rec_by_cnid+0x10/0x10 [ 83.653684][ T5427] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 83.655659][ T5427] ? __asan_memset+0x23/0x50 [ 83.657625][ T5427] hfsplus_delete_all_attrs+0x271/0x330 [ 83.659939][ T5427] ? __pfx_hfsplus_delete_all_attrs+0x10/0x10 [ 83.662503][ T5427] ? rcu_is_watching+0x12/0xc0 [ 83.664390][ T5427] ? __mark_inode_dirty+0x5c1/0xe70 [ 83.666445][ T5427] hfsplus_delete_cat+0x844/0xdd0 [ 83.668499][ T5427] ? __pfx_hfsplus_delete_cat+0x10/0x10 [ 83.670520][ T5427] ? __pfx___mutex_lock+0x10/0x10 [ 83.672326][ T5427] hfsplus_unlink+0x213/0x7f0 [ 83.674306][ T5427] ? __pfx_hfsplus_unlink+0x10/0x10 [ 83.676556][ T5427] ? __pfx___might_resched+0x10/0x10 [ 83.678932][ T5427] vfs_unlink+0x2fb/0x9b0 [ 83.680913][ T5427] do_unlinkat+0x5c0/0x750 [ 83.682885][ T5427] ? __pfx_do_unlinkat+0x10/0x10 [ 83.685059][ T5427] ? __check_object_size+0x48e/0x720 [ 83.687360][ T5427] ? getname_flags.part.0+0x1e1/0x4f0 [ 83.689606][ T5427] __x64_sys_unlink+0xc7/0x110 [ 83.691227][ T5427] do_syscall_64+0xcd/0x250 [ 83.692799][ T5427] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.695297][ T5427] RIP: 0033:0x7f42a267dda9 [ 83.697203][ T5427] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 83.705239][ T5427] RSP: 002b:00007f42a347e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 83.708937][ T5427] RAX: ffffffffffffffda RBX: 00007f42a27abf80 RCX: 00007f42a267dda9 [ 83.712454][ T5427] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000140 [ 83.716226][ T5427] RBP: 00007f42a26ca47a R08: 0000000000000000 R09: 0000000000000000 [ 83.719340][ T5427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 83.722469][ T5427] R13: 000000000000000b R14: 00007f42a27abf80 R15: 00007ffc75185e28 [ 83.725882][ T5427] [ 83.727302][ T5427] [ 83.728436][ T5427] Allocated by task 5427: [ 83.730159][ T5427] kasan_save_stack+0x33/0x60 [ 83.732247][ T5427] kasan_save_track+0x14/0x30 [ 83.734082][ T5427] __kasan_kmalloc+0xaa/0xb0 [ 83.735747][ T5427] __kmalloc_noprof+0x1ec/0x410 [ 83.737792][ T5427] __hfs_bnode_create+0x108/0x870 [ 83.739822][ T5427] hfsplus_bnode_find+0x2c8/0xcb0 [ 83.741784][ T5427] hfsplus_brec_find+0x2b9/0x520 [ 83.743841][ T5427] hfsplus_delete_all_attrs+0x24a/0x330 [ 83.746063][ T5427] hfsplus_delete_cat+0x844/0xdd0 [ 83.747981][ T5427] hfsplus_unlink+0x213/0x7f0 [ 83.749929][ T5427] vfs_unlink+0x2fb/0x9b0 [ 83.751770][ T5427] do_unlinkat+0x5c0/0x750 [ 83.753577][ T5427] __x64_sys_unlink+0xc7/0x110 [ 83.755498][ T5427] do_syscall_64+0xcd/0x250 [ 83.757591][ T5427] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.760466][ T5427] [ 83.761789][ T5427] The buggy address belongs to the object at ffff88801aab0f00 [ 83.761789][ T5427] which belongs to the cache kmalloc-192 of size 192 [ 83.768650][ T5427] The buggy address is located 40 bytes to the right of [ 83.768650][ T5427] allocated 152-byte region [ffff88801aab0f00, ffff88801aab0f98) [ 83.775105][ T5427] [ 83.776253][ T5427] The buggy address belongs to the physical page: [ 83.779151][ T5427] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1aab0 [ 83.782582][ T5427] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 83.785431][ T5427] page_type: 0xffffefff(slab) [ 83.787577][ T5427] raw: 00fff00000000000 ffff8880154423c0 ffffea0000684180 dead000000000004 [ 83.791158][ T5427] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 83.794794][ T5427] page dumped because: kasan: bad access detected [ 83.797592][ T5427] page_owner tracks the page as allocated [ 83.800164][ T5427] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 3568994252, free_ts 3405011454 [ 83.808044][ T5427] post_alloc_hook+0x2d1/0x350 [ 83.810193][ T5427] get_page_from_freelist+0x1353/0x2e50 [ 83.812652][ T5427] __alloc_pages_noprof+0x22b/0x2460 [ 83.814810][ T5427] alloc_slab_page+0x56/0x110 [ 83.816582][ T5427] new_slab+0x84/0x260 [ 83.818400][ T5427] ___slab_alloc+0xdac/0x1870 [ 83.820382][ T5427] __slab_alloc.constprop.0+0x56/0xb0 [ 83.822355][ T5427] kmalloc_trace_noprof+0x2b4/0x300 [ 83.824655][ T5427] call_usermodehelper_setup+0x9a/0x340 [ 83.827013][ T5427] kobject_uevent_env+0x14f1/0x1810 [ 83.829341][ T5427] acpi_add_single_object+0xadf/0x1b50 [ 83.831730][ T5427] acpi_bus_check_add+0x233/0xca0 [ 83.833962][ T5427] acpi_ns_walk_namespace+0x405/0x5b0 [ 83.836324][ T5427] acpi_walk_namespace+0x110/0x130 [ 83.838598][ T5427] acpi_bus_scan+0x3ea/0x4a0 [ 83.840624][ T5427] acpi_scan_init+0x245/0x760 [ 83.842689][ T5427] page last free pid 1 tgid 1 stack trace: [ 83.845240][ T5427] free_unref_page+0x64a/0xe40 [ 83.847354][ T5427] __put_partials+0x14c/0x170 [ 83.849436][ T5427] qlist_free_all+0x4e/0x140 [ 83.851491][ T5427] kasan_quarantine_remove_cache+0x167/0x180 [ 83.854088][ T5427] kmem_cache_shrink+0xd/0x20 [ 83.856177][ T5427] acpi_os_purge_cache+0x15/0x20 [ 83.858298][ T5427] acpi_purge_cached_objects+0x34/0x100 [ 83.860599][ T5427] acpi_initialize_objects+0x47/0xa0 [ 83.862402][ T5427] acpi_init+0x169/0xb80 [ 83.864144][ T5427] do_one_initcall+0x128/0x700 [ 83.866226][ T5427] kernel_init_freeable+0x69d/0xca0 [ 83.868535][ T5427] kernel_init+0x1c/0x2b0 [ 83.870365][ T5427] ret_from_fork+0x45/0x80 [ 83.872366][ T5427] ret_from_fork_asm+0x1a/0x30 [ 83.874545][ T5427] [ 83.875616][ T5427] Memory state around the buggy address: [ 83.878163][ T5427] ffff88801aab0e80: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.881869][ T5427] ffff88801aab0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 83.885492][ T5427] >ffff88801aab0f80: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 83.888963][ T5427] ^ [ 83.891412][ T5427] ffff88801aab1000: fa fb fb fb fb fb fb fb fb fc fc fc fc 00 00 00 [ 83.894731][ T5427] ffff88801aab1080: 00 00 00 00 00 00 fc fc fc fc 00 00 00 00 00 00 [ 83.898137][ T5427] ================================================================== [ 83.902092][ T4635] Bluetooth: hci0: command tx timeout [ 83.903705][ T5427] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 83.903716][ T5427] CPU: 3 PID: 5427 Comm: syz-executor.0 Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0 [ 83.903735][ T5427] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 83.903746][ T5427] Call Trace: [ 83.903753][ T5427] [ 83.903759][ T5427] dump_stack_lvl+0x3d/0x1f0 [ 83.903782][ T5427] panic+0x6f5/0x7a0 [ 83.903802][ T5427] ? __pfx_panic+0x10/0x10 [ 83.903825][ T5427] ? preempt_schedule_thunk+0x1a/0x30 [ 83.903843][ T5427] ? preempt_schedule_common+0x44/0xc0 [ 83.903862][ T5427] ? check_panic_on_warn+0x1f/0xb0 [ 83.903886][ T5427] check_panic_on_warn+0xab/0xb0 [ 83.903905][ T5427] end_report+0x117/0x180 [ 83.903930][ T5427] kasan_report+0xe9/0x110 [ 83.903953][ T5427] ? hfsplus_bnode_read+0x22a/0x240 [ 83.903979][ T5427] ? hfsplus_bnode_read+0x22a/0x240 [ 83.904029][ T5427] hfsplus_bnode_read+0x22a/0x240 [ 83.904054][ T5427] hfsplus_bnode_dump+0x2a2/0x3e0 [ 83.904080][ T5427] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 83.904100][ T5427] ? hfsplus_bnode_write_u16+0x84/0xb0 [ 83.904124][ T5427] ? hfsplus_bnode_move+0x2a/0x930 [ 83.904148][ T5427] ? __mark_inode_dirty+0x2a6/0xe70 [ 83.904169][ T5427] hfsplus_brec_remove+0x3e2/0x4f0 [ 83.904186][ T5427] __hfsplus_delete_attr+0x2a2/0x3b0 [ 83.904205][ T5427] ? __pfx_hfs_find_1st_rec_by_cnid+0x10/0x10 [ 83.904222][ T5427] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 83.904241][ T5427] ? __asan_memset+0x23/0x50 [ 83.904261][ T5427] hfsplus_delete_all_attrs+0x271/0x330 [ 83.904281][ T5427] ? __pfx_hfsplus_delete_all_attrs+0x10/0x10 [ 83.904297][ T5427] ? rcu_is_watching+0x12/0xc0 [ 83.904313][ T5427] ? __mark_inode_dirty+0x5c1/0xe70 [ 83.904334][ T5427] hfsplus_delete_cat+0x844/0xdd0 [ 83.904357][ T5427] ? __pfx_hfsplus_delete_cat+0x10/0x10 [ 83.904380][ T5427] ? __pfx___mutex_lock+0x10/0x10 [ 83.904398][ T5427] hfsplus_unlink+0x213/0x7f0 [ 83.904420][ T5427] ? __pfx_hfsplus_unlink+0x10/0x10 [ 83.904449][ T5427] ? __pfx___might_resched+0x10/0x10 [ 83.904468][ T5427] vfs_unlink+0x2fb/0x9b0 [ 83.904488][ T5427] do_unlinkat+0x5c0/0x750 [ 83.904507][ T5427] ? __pfx_do_unlinkat+0x10/0x10 [ 83.904529][ T5427] ? __check_object_size+0x48e/0x720 [ 83.904548][ T5427] ? getname_flags.part.0+0x1e1/0x4f0 [ 83.904566][ T5427] __x64_sys_unlink+0xc7/0x110 [ 83.904590][ T5427] do_syscall_64+0xcd/0x250 [ 83.904610][ T5427] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.904634][ T5427] RIP: 0033:0x7f42a267dda9 [ 83.904647][ T5427] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 83.904662][ T5427] RSP: 002b:00007f42a347e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 83.904693][ T5427] RAX: ffffffffffffffda RBX: 00007f42a27abf80 RCX: 00007f42a267dda9 [ 83.904704][ T5427] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000140 [ 83.904715][ T5427] RBP: 00007f42a26ca47a R08: 0000000000000000 R09: 0000000000000000 [ 83.904721][ T5427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 83.904730][ T5427] R13: 000000000000000b R14: 00007f42a27abf80 R15: 00007ffc75185e28 [ 83.904743][ T5427] [ 83.905416][ T5427] Kernel Offset: disabled