[ 149.044260][ T1360] ieee802154 phy0 wpan0: encryption failed: -22 [ 149.048015][ T1360] ieee802154 phy1 wpan1: encryption failed: -22 Warning: Permanently added '[localhost]:58457' (ED25519) to the list of known hosts. 2024/07/05 19:51:38 ignoring optional flag "sandboxArg"="0" 2024/07/05 19:51:39 parsed 1 programs [ 154.142546][ T39] audit: type=1400 audit(1720209099.258:134): avc: denied { getattr } for pid=5386 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 154.322572][ T39] audit: type=1400 audit(1720209099.428:135): avc: denied { unlink } for pid=5392 comm="syz-executor" name="swap-file" dev="sda1" ino=1931 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 157.913172][ T5392] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2024/07/05 19:51:43 executed programs: 0 [ 158.059734][ T5217] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 158.065983][ T5217] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 158.075553][ T5217] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 158.084797][ T5217] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 158.092273][ T5217] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 158.097724][ T5217] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 158.128431][ T39] audit: type=1400 audit(1720209103.248:136): avc: denied { mounton } for pid=5398 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 158.454348][ T5398] chnl_net:caif_netlink_parms(): no params data found [ 158.883728][ T5398] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.899840][ T5398] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.903376][ T5398] bridge_slave_0: entered allmulticast mode [ 158.907340][ T5398] bridge_slave_0: entered promiscuous mode [ 158.918336][ T5398] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.923478][ T5398] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.927709][ T5398] bridge_slave_1: entered allmulticast mode [ 158.936377][ T5398] bridge_slave_1: entered promiscuous mode [ 159.106567][ T5398] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 159.117503][ T5398] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 159.236355][ T5398] team0: Port device team_slave_0 added [ 159.260627][ T5398] team0: Port device team_slave_1 added [ 159.359229][ T5398] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 159.366124][ T5398] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 159.387230][ T5398] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 159.401781][ T5398] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 159.412311][ T5398] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 159.431221][ T5398] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 159.657905][ T5398] hsr_slave_0: entered promiscuous mode [ 159.744738][ T5398] hsr_slave_1: entered promiscuous mode [ 160.143352][ T5217] Bluetooth: hci0: command tx timeout [ 161.688666][ T5398] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 161.699582][ T5398] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 161.741932][ T5398] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 161.800426][ T5398] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 162.049359][ T5398] 8021q: adding VLAN 0 to HW filter on device bond0 [ 162.077755][ T5398] 8021q: adding VLAN 0 to HW filter on device team0 [ 162.104675][ T829] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.109755][ T829] bridge0: port 1(bridge_slave_0) entered forwarding state [ 162.121677][ T829] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.126564][ T829] bridge0: port 2(bridge_slave_1) entered forwarding state [ 162.232838][ T5217] Bluetooth: hci0: command tx timeout [ 162.699156][ T5398] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 162.844112][ T5398] veth0_vlan: entered promiscuous mode [ 162.886309][ T5398] veth1_vlan: entered promiscuous mode [ 162.970467][ T5398] veth0_macvtap: entered promiscuous mode [ 162.990909][ T5398] veth1_macvtap: entered promiscuous mode [ 163.038225][ T5398] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 163.072923][ T5398] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 163.116078][ T5398] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.120159][ T5398] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.157647][ T5398] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.174059][ T5398] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.362573][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.381342][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.454991][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.458164][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.603532][ T5458] loop0: detected capacity change from 0 to 1024 [ 163.701470][ T39] audit: type=1400 audit(1720209108.788:137): avc: denied { mount } for pid=5457 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 163.760597][ T5458] hfsplus: request for non-existent node 393216 in B*Tree [ 163.783024][ T5458] hfsplus: request for non-existent node 393216 in B*Tree [ 163.789032][ T5458] ================================================================== [ 163.795836][ T5458] BUG: KASAN: slab-out-of-bounds in hfsplus_bnode_read+0x22a/0x240 [ 163.806918][ T5458] Read of size 8 at addr ffff888019c027c0 by task syz-executor.0/5458 [ 163.841413][ T5458] [ 163.842284][ T5458] CPU: 3 PID: 5458 Comm: syz-executor.0 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 163.845920][ T5458] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 163.859511][ T5458] Call Trace: [ 163.860849][ T5458] [ 163.862030][ T5458] dump_stack_lvl+0x116/0x1f0 [ 163.864106][ T5458] print_report+0xc3/0x620 [ 163.866705][ T5458] ? __virt_addr_valid+0x5e/0x580 [ 163.873265][ T5458] ? __phys_addr+0xc6/0x150 [ 163.875710][ T5458] kasan_report+0xd9/0x110 [ 163.882400][ T5458] ? hfsplus_bnode_read+0x22a/0x240 [ 163.900285][ T5458] ? hfsplus_bnode_read+0x22a/0x240 [ 163.903088][ T5458] hfsplus_bnode_read+0x22a/0x240 [ 163.906011][ T5458] hfsplus_bnode_dump+0x2a2/0x3e0 [ 163.909032][ T5458] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 163.913663][ T5458] ? hfsplus_bnode_write_u16+0x84/0xb0 [ 163.918765][ T5458] ? hfsplus_bnode_move+0x2a/0x930 [ 163.920667][ T5458] ? __mark_inode_dirty+0x2a6/0xe70 [ 163.935290][ T5458] hfsplus_brec_remove+0x3e2/0x4f0 [ 163.938541][ T5458] __hfsplus_delete_attr+0x2a2/0x3b0 [ 163.941740][ T5458] ? __pfx_hfs_find_1st_rec_by_cnid+0x10/0x10 [ 163.945769][ T5458] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 163.951114][ T5458] ? __asan_memset+0x23/0x50 [ 163.960106][ T5458] hfsplus_delete_all_attrs+0x271/0x330 [ 163.962519][ T5458] ? __pfx_hfsplus_delete_all_attrs+0x10/0x10 [ 163.970539][ T5458] ? rcu_is_watching+0x12/0xc0 [ 163.973370][ T5458] ? __mark_inode_dirty+0x5c1/0xe70 [ 163.975537][ T5458] hfsplus_delete_cat+0x844/0xdd0 [ 163.977567][ T5458] ? __pfx_hfsplus_delete_cat+0x10/0x10 [ 163.979922][ T5458] ? __pfx___mutex_lock+0x10/0x10 [ 163.996539][ T5458] hfsplus_unlink+0x213/0x7f0 [ 163.999050][ T5458] ? __pfx_hfsplus_unlink+0x10/0x10 [ 164.001949][ T5458] ? __pfx___might_resched+0x10/0x10 [ 164.010016][ T5458] vfs_unlink+0x2fb/0x9b0 [ 164.012258][ T5458] do_unlinkat+0x5c0/0x750 [ 164.015567][ T5458] ? __pfx_do_unlinkat+0x10/0x10 [ 164.034155][ T5458] ? __check_object_size+0x48e/0x720 [ 164.037139][ T5458] ? getname_flags.part.0+0x1e1/0x4f0 [ 164.039659][ T5458] __x64_sys_unlink+0xc7/0x110 [ 164.041441][ T5458] do_syscall_64+0xcd/0x250 [ 164.046276][ T5458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.053622][ T5458] RIP: 0033:0x7f9780e7dda9 [ 164.056199][ T5458] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 164.088496][ T5458] RSP: 002b:00007f9781bac0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 164.093158][ T5458] RAX: ffffffffffffffda RBX: 00007f9780fabf80 RCX: 00007f9780e7dda9 [ 164.097369][ T5458] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 164.113553][ T5458] RBP: 00007f9780eca47a R08: 0000000000000000 R09: 0000000000000000 [ 164.122471][ T5458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 164.133688][ T5458] R13: 000000000000000b R14: 00007f9780fabf80 R15: 00007ffe1e81b6e8 [ 164.160804][ T5458] [ 164.162664][ T5458] [ 164.163923][ T5458] Allocated by task 5458: [ 164.167366][ T5458] kasan_save_stack+0x33/0x60 [ 164.173469][ T5458] kasan_save_track+0x14/0x30 [ 164.178302][ T5458] __kasan_kmalloc+0xaa/0xb0 [ 164.180463][ T5458] __kmalloc_noprof+0x1ec/0x410 [ 164.183065][ T5458] __hfs_bnode_create+0x108/0x870 [ 164.185241][ T5458] hfsplus_bnode_find+0x2c8/0xcb0 [ 164.191766][ T5458] hfsplus_brec_find+0x2b9/0x520 [ 164.210642][ T5458] hfsplus_delete_all_attrs+0x24a/0x330 [ 164.215033][ T5458] hfsplus_delete_cat+0x844/0xdd0 [ 164.219414][ T5458] hfsplus_unlink+0x213/0x7f0 [ 164.223798][ T5458] vfs_unlink+0x2fb/0x9b0 [ 164.229715][ T5458] do_unlinkat+0x5c0/0x750 [ 164.232521][ T5458] __x64_sys_unlink+0xc7/0x110 [ 164.239984][ T5458] do_syscall_64+0xcd/0x250 [ 164.249498][ T5458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.252399][ T5458] [ 164.253512][ T5458] The buggy address belongs to the object at ffff888019c02700 [ 164.253512][ T5458] which belongs to the cache kmalloc-192 of size 192 [ 164.280619][ T5458] The buggy address is located 40 bytes to the right of [ 164.280619][ T5458] allocated 152-byte region [ffff888019c02700, ffff888019c02798) [ 164.295456][ T5458] [ 164.296870][ T5458] The buggy address belongs to the physical page: [ 164.300262][ T5458] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x19c02 [ 164.315075][ T5458] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 164.318220][ T5458] page_type: 0xffffefff(slab) [ 164.320114][ T5458] raw: 00fff00000000000 ffff8880154423c0 dead000000000100 dead000000000122 [ 164.327386][ T5458] raw: 0000000000000000 0000000080100010 00000001ffffefff 0000000000000000 [ 164.335572][ T5458] page dumped because: kasan: bad access detected [ 164.343955][ T5458] page_owner tracks the page as allocated [ 164.347939][ T5217] Bluetooth: hci0: command tx timeout [ 164.350354][ T5458] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 44310601033, free_ts 44267491732 [ 164.376433][ T5458] post_alloc_hook+0x2d1/0x350 [ 164.379888][ T5458] get_page_from_freelist+0x1353/0x2e50 [ 164.391549][ T5458] __alloc_pages_noprof+0x22b/0x2460 [ 164.393905][ T5458] alloc_slab_page+0x56/0x110 [ 164.395882][ T5458] new_slab+0x84/0x260 [ 164.397642][ T5458] ___slab_alloc+0xdac/0x1870 [ 164.404652][ T5458] __slab_alloc.constprop.0+0x56/0xb0 [ 164.409327][ T5458] kmalloc_trace_noprof+0x2b4/0x300 [ 164.418007][ T5458] call_usermodehelper_setup+0x9a/0x340 [ 164.420489][ T5458] kobject_uevent_env+0x14f1/0x1810 [ 164.444868][ T5458] param_sysfs_builtin_init+0x32b/0x460 [ 164.447209][ T5458] do_one_initcall+0x128/0x700 [ 164.449584][ T5458] kernel_init_freeable+0x69d/0xca0 [ 164.452276][ T5458] kernel_init+0x1c/0x2b0 [ 164.454136][ T5458] ret_from_fork+0x45/0x80 [ 164.455994][ T5458] ret_from_fork_asm+0x1a/0x30 [ 164.458026][ T5458] page last free pid 55 tgid 55 stack trace: [ 164.492633][ T5458] free_unref_page+0x64a/0xe40 [ 164.494819][ T5458] vfree+0x181/0x7a0 [ 164.496440][ T5458] delayed_vfree_work+0x56/0x70 [ 164.498495][ T5458] process_one_work+0x9c5/0x1b40 [ 164.500538][ T5458] worker_thread+0x6c8/0xf30 [ 164.502351][ T5458] kthread+0x2c1/0x3a0 [ 164.504078][ T5458] ret_from_fork+0x45/0x80 [ 164.524847][ T5458] ret_from_fork_asm+0x1a/0x30 [ 164.526888][ T5458] [ 164.527929][ T5458] Memory state around the buggy address: [ 164.540893][ T5458] ffff888019c02680: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 164.544112][ T5458] ffff888019c02700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 164.558424][ T5458] >ffff888019c02780: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 164.561869][ T5458] ^ [ 164.564466][ T5458] ffff888019c02800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 164.594396][ T5458] ffff888019c02880: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 164.597257][ T5458] ================================================================== [ 164.626486][ T5458] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 164.629343][ T5458] CPU: 3 PID: 5458 Comm: syz-executor.0 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 164.633506][ T5458] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 164.653965][ T5458] Call Trace: [ 164.655276][ T5458] [ 164.656458][ T5458] dump_stack_lvl+0x3d/0x1f0 [ 164.658330][ T5458] panic+0x6f5/0x7a0 [ 164.659915][ T5458] ? __pfx_panic+0x10/0x10 [ 164.662020][ T5458] ? preempt_schedule_thunk+0x1a/0x30 [ 164.664194][ T5458] ? preempt_schedule_common+0x44/0xc0 [ 164.666442][ T5458] ? check_panic_on_warn+0x1f/0xb0 [ 164.680131][ T5458] check_panic_on_warn+0xab/0xb0 [ 164.682072][ T5458] end_report+0x117/0x180 [ 164.683773][ T5458] kasan_report+0xe9/0x110 [ 164.694072][ T5458] ? hfsplus_bnode_read+0x22a/0x240 [ 164.696180][ T5458] ? hfsplus_bnode_read+0x22a/0x240 [ 164.706761][ T5458] hfsplus_bnode_read+0x22a/0x240 [ 164.708664][ T5458] hfsplus_bnode_dump+0x2a2/0x3e0 [ 164.710583][ T5458] ? __pfx_hfsplus_bnode_dump+0x10/0x10 [ 164.712768][ T5458] ? hfsplus_bnode_write_u16+0x84/0xb0 [ 164.714814][ T5458] ? hfsplus_bnode_move+0x2a/0x930 [ 164.740913][ T5458] ? __mark_inode_dirty+0x2a6/0xe70 [ 164.743075][ T5458] hfsplus_brec_remove+0x3e2/0x4f0 [ 164.745148][ T5458] __hfsplus_delete_attr+0x2a2/0x3b0 [ 164.747234][ T5458] ? __pfx_hfs_find_1st_rec_by_cnid+0x10/0x10 [ 164.768642][ T5458] ? __pfx___hfsplus_delete_attr+0x10/0x10 [ 164.770970][ T5458] ? __asan_memset+0x23/0x50 [ 164.772790][ T5458] hfsplus_delete_all_attrs+0x271/0x330 [ 164.784261][ T5458] ? __pfx_hfsplus_delete_all_attrs+0x10/0x10 [ 164.797184][ T5458] ? rcu_is_watching+0x12/0xc0 [ 164.799130][ T5458] ? __mark_inode_dirty+0x5c1/0xe70 [ 164.801361][ T5458] hfsplus_delete_cat+0x844/0xdd0 [ 164.810431][ T5458] ? __pfx_hfsplus_delete_cat+0x10/0x10 [ 164.812662][ T5458] ? __pfx___mutex_lock+0x10/0x10 [ 164.825694][ T5458] hfsplus_unlink+0x213/0x7f0 [ 164.827407][ T5458] ? __pfx_hfsplus_unlink+0x10/0x10 [ 164.829414][ T5458] ? __pfx___might_resched+0x10/0x10 [ 164.831443][ T5458] vfs_unlink+0x2fb/0x9b0 [ 164.833105][ T5458] do_unlinkat+0x5c0/0x750 [ 164.834832][ T5458] ? __pfx_do_unlinkat+0x10/0x10 [ 164.847357][ T5458] ? __check_object_size+0x48e/0x720 [ 164.849532][ T5458] ? getname_flags.part.0+0x1e1/0x4f0 [ 164.851573][ T5458] __x64_sys_unlink+0xc7/0x110 [ 164.853949][ T5458] do_syscall_64+0xcd/0x250 [ 164.862292][ T5458] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.871596][ T5458] RIP: 0033:0x7f9780e7dda9 [ 164.873345][ T5458] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 164.905143][ T5458] RSP: 002b:00007f9781bac0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 164.909023][ T5458] RAX: ffffffffffffffda RBX: 00007f9780fabf80 RCX: 00007f9780e7dda9 [ 164.934086][ T5458] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 164.937007][ T5458] RBP: 00007f9780eca47a R08: 0000000000000000 R09: 0000000000000000 [ 164.948678][ T5458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 164.952376][ T5458] R13: 000000000000000b R14: 00007f9780fabf80 R15: 00007ffe1e81b6e8 [ 164.955877][ T5458] [ 164.967916][ T5458] Kernel Offset: disabled [ 164.969891][ T5458] Rebooting in 86400 seconds..