Warning: Permanently added '10.128.1.120' (ED25519) to the list of known hosts. 2024/04/20 19:06:42 ignoring optional flag "sandboxArg"="0" 2024/04/20 19:06:42 parsed 1 programs [ 112.013104][ T28] kauditd_printk_skb: 74 callbacks suppressed [ 112.013123][ T28] audit: type=1400 audit(1713640002.449:206): avc: denied { getattr } for pid=5420 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 112.044022][ T28] audit: type=1400 audit(1713640002.449:207): avc: denied { read } for pid=5420 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 112.065820][ T28] audit: type=1400 audit(1713640002.449:208): avc: denied { open } for pid=5420 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 112.096524][ T28] audit: type=1400 audit(1713640002.529:209): avc: denied { mounton } for pid=5425 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 112.121891][ T28] audit: type=1400 audit(1713640002.529:210): avc: denied { mount } for pid=5425 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 112.145743][ T28] audit: type=1400 audit(1713640002.539:211): avc: denied { setattr } for pid=5425 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=733 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 112.169487][ T28] audit: type=1400 audit(1713640002.559:212): avc: denied { read write } for pid=5425 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 112.196153][ T28] audit: type=1400 audit(1713640002.559:213): avc: denied { open } for pid=5425 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 112.222924][ T28] audit: type=1400 audit(1713640002.619:214): avc: denied { unlink } for pid=5425 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 112.740108][ T28] audit: type=1400 audit(1713640003.179:215): avc: denied { relabelto } for pid=5427 comm="mkswap" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2024/04/20 19:06:44 executed programs: 0 [ 114.191534][ T5425] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 114.262622][ T4469] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 114.271170][ T4469] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 114.279169][ T4469] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 114.287497][ T4469] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 114.296043][ T4469] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 114.303602][ T4469] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 114.483741][ T5431] chnl_net:caif_netlink_parms(): no params data found [ 114.571859][ T5431] bridge0: port 1(bridge_slave_0) entered blocking state [ 114.579355][ T5431] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.586628][ T5431] bridge_slave_0: entered allmulticast mode [ 114.595050][ T5431] bridge_slave_0: entered promiscuous mode [ 114.609013][ T5431] bridge0: port 2(bridge_slave_1) entered blocking state [ 114.616195][ T5431] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.623459][ T5431] bridge_slave_1: entered allmulticast mode [ 114.631456][ T5431] bridge_slave_1: entered promiscuous mode [ 114.664451][ T5431] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 114.677434][ T5431] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 114.714262][ T5431] team0: Port device team_slave_0 added [ 114.724132][ T5431] team0: Port device team_slave_1 added [ 114.753420][ T5431] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 114.760833][ T5431] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 114.787057][ T5431] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 114.800631][ T5431] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 114.807868][ T5431] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 114.834350][ T5431] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 114.881356][ T5431] hsr_slave_0: entered promiscuous mode [ 114.889258][ T5431] hsr_slave_1: entered promiscuous mode [ 115.630655][ T5431] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 115.644166][ T5431] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 115.656253][ T5431] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 115.669476][ T5431] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 115.819802][ T5431] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.853947][ T5431] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.874719][ T7] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.882137][ T7] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.914321][ T7] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.922338][ T7] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.206719][ T5431] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 116.279418][ T5431] veth0_vlan: entered promiscuous mode [ 116.297218][ T5431] veth1_vlan: entered promiscuous mode [ 116.344033][ T5431] veth0_macvtap: entered promiscuous mode [ 116.361051][ T5431] veth1_macvtap: entered promiscuous mode [ 116.389456][ T4469] Bluetooth: hci0: command tx timeout [ 116.406206][ T5431] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 116.427015][ T5431] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 116.444258][ T5431] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.453262][ T5431] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.463042][ T5431] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.472555][ T5431] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.573140][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.593993][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.650850][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.660729][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.764306][ T5498] loop0: detected capacity change from 0 to 64 [ 117.071920][ T5498] [ 117.074297][ T5498] ============================================ [ 117.080976][ T5498] WARNING: possible recursive locking detected [ 117.087144][ T5498] 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0 Not tainted [ 117.094221][ T5498] -------------------------------------------- [ 117.100471][ T5498] syz-executor.0/5498 is trying to acquire lock: [ 117.106896][ T5498] ffff88806e03a0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x183/0x220 [ 117.116348][ T5498] [ 117.116348][ T5498] but task is already holding lock: [ 117.123907][ T5498] ffff88806e03a0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x183/0x220 [ 117.133365][ T5498] [ 117.133365][ T5498] other info that might help us debug this: [ 117.141608][ T5498] Possible unsafe locking scenario: [ 117.141608][ T5498] [ 117.149295][ T5498] CPU0 [ 117.152605][ T5498] ---- [ 117.155897][ T5498] lock(&tree->tree_lock/1); [ 117.160604][ T5498] lock(&tree->tree_lock/1); [ 117.165398][ T5498] [ 117.165398][ T5498] *** DEADLOCK *** [ 117.165398][ T5498] [ 117.173556][ T5498] May be due to missing lock nesting notation [ 117.173556][ T5498] [ 117.181976][ T5498] 6 locks held by syz-executor.0/5498: [ 117.187538][ T5498] #0: ffff88807bf240c8 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0xeb/0x180 [ 117.197045][ T5498] #1: ffff88806dde0420 (sb_writers#14){.+.+}-{0:0}, at: ksys_write+0x12f/0x260 [ 117.207511][ T5498] #2: ffff88806e041628 (&sb->s_type->i_mutex_key#21){+.+.}-{3:3}, at: generic_file_write_iter+0x92/0x350 [ 117.218971][ T5498] #3: ffff88806e041478 (&HFS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xa2/0xb10 [ 117.229639][ T5498] #4: ffff88806e03a0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x183/0x220 [ 117.239530][ T5498] #5: ffff88806e0400f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xa2/0xb10 [ 117.250970][ T5498] [ 117.250970][ T5498] stack backtrace: [ 117.256901][ T5498] CPU: 1 PID: 5498 Comm: syz-executor.0 Not tainted 6.9.0-rc4-syzkaller-00266-g977b1ef51866 #0 [ 117.267255][ T5498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 117.277423][ T5498] Call Trace: [ 117.280722][ T5498] [ 117.283669][ T5498] dump_stack_lvl+0x116/0x1f0 [ 117.288382][ T5498] __lock_acquire+0x20e6/0x3b30 [ 117.293360][ T5498] ? __pfx___lock_acquire+0x10/0x10 [ 117.298607][ T5498] ? hfs_find_init+0x95/0x220 [ 117.303316][ T5498] ? kasan_save_stack+0x42/0x60 [ 117.308289][ T5498] ? kasan_save_stack+0x33/0x60 [ 117.313179][ T5498] ? kasan_save_track+0x14/0x30 [ 117.318060][ T5498] ? __kasan_kmalloc+0xaa/0xb0 [ 117.322845][ T5498] ? __kmalloc+0x1f9/0x440 [ 117.327304][ T5498] lock_acquire+0x1b1/0x560 [ 117.331929][ T5498] ? hfs_find_init+0x183/0x220 [ 117.336730][ T5498] ? __pfx_lock_acquire+0x10/0x10 [ 117.341799][ T5498] ? __pfx___might_resched+0x10/0x10 [ 117.347120][ T5498] __mutex_lock+0x175/0x9c0 [ 117.351662][ T5498] ? hfs_find_init+0x183/0x220 [ 117.356462][ T5498] ? hfs_find_init+0x183/0x220 [ 117.361253][ T5498] ? __pfx___mutex_lock+0x10/0x10 [ 117.366324][ T5498] ? rcu_is_watching+0x12/0xc0 [ 117.371132][ T5498] ? trace_kmalloc+0x2d/0xe0 [ 117.375767][ T5498] ? __kmalloc+0x218/0x440 [ 117.380213][ T5498] ? hfs_find_init+0x183/0x220 [ 117.385052][ T5498] hfs_find_init+0x183/0x220 [ 117.389682][ T5498] hfs_ext_read_extent+0x19c/0x9e0 [ 117.394830][ T5498] ? __pfx___mutex_lock+0x10/0x10 [ 117.399895][ T5498] ? __pfx_hfs_ext_read_extent+0x10/0x10 [ 117.405568][ T5498] ? do_raw_spin_unlock+0x172/0x230 [ 117.410800][ T5498] hfs_extend_file+0x4e4/0xb10 [ 117.415598][ T5498] ? __pfx_hfs_extend_file+0x10/0x10 [ 117.420928][ T5498] ? __pfx___mutex_lock+0x10/0x10 [ 117.425989][ T5498] hfs_bmap_reserve+0x29c/0x380 [ 117.430969][ T5498] __hfs_ext_write_extent+0x3cf/0x520 [ 117.436385][ T5498] ? hfs_find_init+0x183/0x220 [ 117.441188][ T5498] hfs_ext_read_extent+0x809/0x9e0 [ 117.446342][ T5498] ? __pfx_hfs_ext_read_extent+0x10/0x10 [ 117.452015][ T5498] hfs_extend_file+0x4e4/0xb10 [ 117.456832][ T5498] ? __pfx_hfs_extend_file+0x10/0x10 [ 117.462161][ T5498] hfs_get_block+0x17f/0x830 [ 117.466792][ T5498] ? __pfx_hfs_get_block+0x10/0x10 [ 117.471952][ T5498] __block_write_begin_int+0x4fb/0x16e0 [ 117.477547][ T5498] ? __pfx_hfs_get_block+0x10/0x10 [ 117.482697][ T5498] ? __pfx___block_write_begin_int+0x10/0x10 [ 117.488719][ T5498] block_write_begin+0xb1/0x4a0 [ 117.493610][ T5498] ? __pfx_hfs_get_block+0x10/0x10 [ 117.498759][ T5498] cont_write_begin+0x53d/0x740 [ 117.503654][ T5498] ? __pfx_hfs_get_block+0x10/0x10 [ 117.508800][ T5498] ? __pfx_cont_write_begin+0x10/0x10 [ 117.514209][ T5498] ? fault_in_readable+0x150/0x200 [ 117.519362][ T5498] ? __pfx_fault_in_readable+0x10/0x10 [ 117.524863][ T5498] hfs_write_begin+0x87/0x150 [ 117.529574][ T5498] ? __pfx_hfs_get_block+0x10/0x10 [ 117.534730][ T5498] generic_perform_write+0x272/0x620 [ 117.540053][ T5498] ? __pfx_generic_perform_write+0x10/0x10 [ 117.546073][ T5498] ? generic_write_checks+0x2f3/0x460 [ 117.551480][ T5498] __generic_file_write_iter+0x1fd/0x240 [ 117.557154][ T5498] generic_file_write_iter+0xe7/0x350 [ 117.562738][ T5498] vfs_write+0x6db/0x1100 [ 117.567107][ T5498] ? __pfx_vfs_write+0x10/0x10 [ 117.571913][ T5498] ? __pfx___mutex_lock+0x10/0x10 [ 117.576979][ T5498] ? __fget_files+0x256/0x400 [ 117.581783][ T5498] ksys_write+0x12f/0x260 [ 117.586248][ T5498] ? __pfx_ksys_write+0x10/0x10 [ 117.591144][ T5498] do_syscall_64+0xcf/0x260 [ 117.595679][ T5498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.601623][ T5498] RIP: 0033:0x7f8e0907cda9 [ 117.606066][ T5498] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 117.625797][ T5498] RSP: 002b:00007f8e09d800c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 117.634251][ T5498] RAX: ffffffffffffffda RBX: 00007f8e091abf80 RCX: 00007f8e0907cda9 [ 117.642253][ T5498] RDX: 000000000208e24b RSI: 0000000020000180 RDI: 0000000000000004 [ 117.650264][ T5498] RBP: 00007f8e090c947a R08: 0000000000000000 R09: 0000000000000000 [ 117.658291][ T5498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 117.666294][ T5498] R13: 000000000000000b R14: 00007f8e091abf80 R15: 00007ffcd6c1b8b8 [ 117.674292][ T5498] [ 117.681944][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 117.681964][ T28] audit: type=1400 audit(1713640008.119:220): avc: denied { search } for pid=4507 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 118.478115][ T4469] Bluetooth: hci0: command tx timeout [ 120.548149][ T4469] Bluetooth: hci0: command tx timeout [ 121.908358][ T50] kworker/u8:3: attempt to access beyond end of device [ 121.908358][ T50] loop0: rw=1048577, sector=95, nr_sectors = 1 limit=64 [ 121.922441][ T50] Buffer I/O error on dev loop0, logical block 95, lost async page write [ 121.932232][ T50] kworker/u8:3: attempt to access beyond end of device [ 121.932232][ T50] loop0: rw=1048577, sector=96, nr_sectors = 1 limit=64 [ 121.947344][ T50] Buffer I/O error on dev loop0, logical block 96, lost async page write [ 121.956972][ T50] kworker/u8:3: attempt to access beyond end of device [ 121.956972][ T50] loop0: rw=1048577, sector=98, nr_sectors = 1 limit=64 [ 121.971102][ T50] Buffer I/O error on dev loop0, logical block 98, lost async page write [ 121.980077][ T50] kworker/u8:3: attempt to access beyond end of device [ 121.980077][ T50] loop0: rw=1048577, sector=100, nr_sectors = 1 limit=64 [ 121.996789][ T50] Buffer I/O error on dev loop0, logical block 100, lost async page write [ 122.006899][ T50] kworker/u8:3: attempt to access beyond end of device [ 122.006899][ T50] loop0: rw=1048577, sector=101, nr_sectors = 1 limit=64 [ 122.021669][ T50] Buffer I/O error on dev loop0, logical block 101, lost async page write [ 122.030771][ T50] kworker/u8:3: attempt to access beyond end of device [ 122.030771][ T50] loop0: rw=1048577, sector=102, nr_sectors = 1 limit=64 [ 122.045373][ T50] Buffer I/O error on dev loop0, logical block 102, lost async page write [ 122.055312][ T50] kworker/u8:3: attempt to access beyond end of device [ 122.055312][ T50] loop0: rw=1048577, sector=103, nr_sectors = 1 limit=64 [ 122.070608][ T50] Buffer I/O error on dev loop0, logical block 103, lost async page write [ 122.079580][ T50] kworker/u8:3: attempt to access beyond end of device [ 122.079580][ T50] loop0: rw=1048577, sector=104, nr_sectors = 1 limit=64 [ 122.093816][ T50] Buffer I/O error on dev loop0, logical block 104, lost async page write [ 122.107395][ T50] kworker/u8:3: attempt to access beyond end of device [ 122.107395][ T50] loop0: rw=1048577, sector=105, nr_sectors = 4064 limit=64 [ 122.628017][ T4469] Bluetooth: hci0: command tx timeout