Warning: Permanently added '10.128.1.104' (ED25519) to the list of known hosts. [ 23.191442][ T24] audit: type=1400 audit(1721595145.520:66): avc: denied { execmem } for pid=283 comm="syz-executor255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.196844][ T283] cgroup: Unknown subsys name 'net' [ 23.210749][ T24] audit: type=1400 audit(1721595145.520:67): avc: denied { mounton } for pid=283 comm="syz-executor255" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 23.238437][ T24] audit: type=1400 audit(1721595145.520:68): avc: denied { mount } for pid=283 comm="syz-executor255" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.238594][ T283] cgroup: Unknown subsys name 'devices' [ 23.260651][ T24] audit: type=1400 audit(1721595145.550:69): avc: denied { unmount } for pid=283 comm="syz-executor255" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.407769][ T283] cgroup: Unknown subsys name 'hugetlb' [ 23.413152][ T283] cgroup: Unknown subsys name 'rlimit' [ 23.591514][ T285] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 23.600187][ T24] audit: type=1400 audit(1721595145.930:70): avc: denied { relabelto } for pid=285 comm="mkswap" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.625366][ T24] audit: type=1400 audit(1721595145.930:71): avc: denied { write } for pid=285 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" Setting up swapspace version 1, size = 127995904 bytes [ 23.710856][ T24] audit: type=1400 audit(1721595146.040:72): avc: denied { read } for pid=283 comm="syz-executor255" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.736412][ T24] audit: type=1400 audit(1721595146.040:73): avc: denied { open } for pid=283 comm="syz-executor255" path="/root/swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.736439][ T283] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 23.772248][ T24] audit: type=1400 audit(1721595146.100:74): avc: denied { mounton } for pid=286 comm="syz-executor255" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 23.795961][ T24] audit: type=1400 audit(1721595146.100:75): avc: denied { mount } for pid=286 comm="syz-executor255" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 23.812408][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.824938][ T286] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.832157][ T286] device bridge_slave_0 entered promiscuous mode [ 23.838774][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.845585][ T286] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.852887][ T286] device bridge_slave_1 entered promiscuous mode [ 23.886094][ T286] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.892935][ T286] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.900030][ T286] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.906822][ T286] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.924485][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.931711][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.939088][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.947120][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.955397][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.963374][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.970210][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.978231][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.986080][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.992885][ T287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.004589][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.019834][ T286] device veth0_vlan entered promiscuous mode [ 24.026634][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.034728][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.042668][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 24.050131][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 24.057297][ T287] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.067612][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 24.076081][ T286] device veth1_macvtap entered promiscuous mode executing program [ 24.088005][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.096138][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.111810][ T286] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 24.147246][ T294] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 24.154264][ T294] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 24.162719][ T294] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b016c118, mo2=0002] [ 24.170476][ T294] System zones: 1-12 [ 24.175139][ T294] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2204: inode #15: comm syz-executor255: corrupted in-inode xattr [ 24.187712][ T294] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz-executor255: couldn't read orphan inode 15 (err -117) [ 24.199980][ T294] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,data_err=abort,debug,noload,mblk_io_submit,commit=0x0000000000000005,init_itable=0x0000000000000601,grpquota,,errors=continue [ 24.232175][ T286] ================================================================== [ 24.240146][ T286] BUG: KASAN: slab-out-of-bounds in ext4_htree_fill_tree+0x1316/0x13e0 [ 24.248196][ T286] Read of size 1 at addr ffff8881085a5a67 by task syz-executor255/286 [ 24.256172][ T286] [ 24.258348][ T286] CPU: 0 PID: 286 Comm: syz-executor255 Not tainted 5.10.221-syzkaller-01371-g1240968f7644 #0 [ 24.268412][ T286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 24.278310][ T286] Call Trace: [ 24.281436][ T286] dump_stack_lvl+0x1e2/0x24b [ 24.285948][ T286] ? bfq_pos_tree_add_move+0x43b/0x43b [ 24.291244][ T286] ? panic+0x812/0x812 [ 24.295160][ T286] print_address_description+0x81/0x3b0 [ 24.300529][ T286] ? ext4_htree_store_dirent+0x19c/0x590 [ 24.305996][ T286] kasan_report+0x179/0x1c0 [ 24.310337][ T286] ? ext4_htree_fill_tree+0x1316/0x13e0 [ 24.315719][ T286] ? ext4_htree_fill_tree+0x1316/0x13e0 [ 24.321099][ T286] __asan_report_load1_noabort+0x14/0x20 [ 24.326569][ T286] ext4_htree_fill_tree+0x1316/0x13e0 [ 24.331774][ T286] ? ext4_handle_dirty_dirblock+0x6e0/0x6e0 [ 24.337506][ T286] ? __kasan_kmalloc+0x9/0x10 [ 24.342015][ T286] ? ext4_readdir+0x4df/0x37c0 [ 24.346615][ T286] ext4_readdir+0x2dde/0x37c0 [ 24.351132][ T286] ? handle_pte_fault+0x1472/0x3e30 [ 24.356164][ T286] ? ext4_dir_llseek+0x4c0/0x4c0 [ 24.360940][ T286] ? __kasan_check_write+0x14/0x20 [ 24.365885][ T286] ? down_read_killable+0x101/0x220 [ 24.370919][ T286] ? down_read_interruptible+0x220/0x220 [ 24.376387][ T286] ? security_file_permission+0x86/0xb0 [ 24.381768][ T286] iterate_dir+0x265/0x580 [ 24.386018][ T286] ? ext4_dir_llseek+0x4c0/0x4c0 [ 24.390804][ T286] __se_sys_getdents64+0x1c1/0x460 [ 24.395768][ T286] ? __x64_sys_getdents64+0x90/0x90 [ 24.400775][ T286] ? filldir+0x680/0x680 [ 24.404857][ T286] ? debug_smp_processor_id+0x17/0x20 [ 24.410066][ T286] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 24.415977][ T286] ? irqentry_exit_to_user_mode+0x41/0x80 [ 24.421523][ T286] __x64_sys_getdents64+0x7b/0x90 [ 24.426385][ T286] do_syscall_64+0x34/0x70 [ 24.430637][ T286] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.436361][ T286] RIP: 0033:0x7f7a12597ca3 [ 24.440617][ T286] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 e2 0f fb ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 [ 24.460056][ T286] RSP: 002b:00007ffdddbaf8b8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 24.468298][ T286] RAX: ffffffffffffffda RBX: 0000555556787730 RCX: 00007f7a12597ca3 [ 24.476106][ T286] RDX: 0000000000008000 RSI: 0000555556787730 RDI: 0000000000000004 [ 24.483929][ T286] RBP: 0000555556787704 R08: 0000000000000000 R09: 0000000000000000 [ 24.491730][ T286] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffb8 [ 24.499541][ T286] R13: 0000000000000010 R14: 0000555556787700 R15: 0000000000000001 [ 24.507354][ T286] [ 24.509524][ T286] Allocated by task 1: [ 24.513435][ T286] __kasan_slab_alloc+0xb1/0xe0 [ 24.518123][ T286] slab_post_alloc_hook+0x61/0x2f0 [ 24.523068][ T286] kmem_cache_alloc+0x168/0x2e0 [ 24.527962][ T286] __kernfs_new_node+0xdb/0x700 [ 24.532646][ T286] kernfs_new_node+0x130/0x230 [ 24.537246][ T286] kernfs_create_dir_ns+0x44/0x130 [ 24.542196][ T286] sysfs_create_dir_ns+0x185/0x390 [ 24.547143][ T286] kobject_add_internal+0x763/0xd90 [ 24.552178][ T286] kobject_init_and_add+0x120/0x190 [ 24.557210][ T286] locate_module_kobject+0xe4/0x164 [ 24.562241][ T286] kernel_add_sysfs_param+0x24/0x12d [ 24.567362][ T286] param_sysfs_builtin+0x16a/0x1e2 [ 24.572309][ T286] param_sysfs_init+0x6a/0x6f [ 24.576835][ T286] do_one_initcall+0x189/0x620 [ 24.581428][ T286] do_initcall_level+0x186/0x304 [ 24.586200][ T286] do_initcalls+0x4e/0x8e [ 24.590365][ T286] do_basic_setup+0x88/0x91 [ 24.594710][ T286] kernel_init_freeable+0x2be/0x3f5 [ 24.599739][ T286] kernel_init+0x11/0x280 [ 24.603926][ T286] ret_from_fork+0x1f/0x30 [ 24.608154][ T286] [ 24.610329][ T286] The buggy address belongs to the object at ffff8881085a59c0 [ 24.610329][ T286] which belongs to the cache kernfs_node_cache of size 144 [ 24.624742][ T286] The buggy address is located 23 bytes to the right of [ 24.624742][ T286] 144-byte region [ffff8881085a59c0, ffff8881085a5a50) [ 24.638270][ T286] The buggy address belongs to the page: [ 24.643758][ T286] page:ffffea0004216940 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8881085a5680 pfn:0x1085a5 [ 24.655121][ T286] flags: 0x4000000000000200(slab) [ 24.659975][ T286] raw: 4000000000000200 ffffea0004216988 ffffea0004216888 ffff888100192000 [ 24.668392][ T286] raw: ffff8881085a5680 000000000013000e 00000001ffffffff 0000000000000000 [ 24.676804][ T286] page dumped because: kasan: bad access detected [ 24.683060][ T286] page_owner tracks the page as allocated [ 24.688616][ T286] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 985291219, free_ts 0 [ 24.703196][ T286] prep_new_page+0x166/0x180 [ 24.707622][ T286] get_page_from_freelist+0x2d8c/0x2f30 [ 24.713002][ T286] __alloc_pages_nodemask+0x435/0xaf0 [ 24.718210][ T286] new_slab+0x80/0x400 [ 24.722117][ T286] ___slab_alloc+0x302/0x4b0 [ 24.726544][ T286] __slab_alloc+0x63/0xa0 [ 24.730709][ T286] kmem_cache_alloc+0x1b9/0x2e0 [ 24.735392][ T286] __kernfs_new_node+0xdb/0x700 [ 24.740078][ T286] kernfs_new_node+0x130/0x230 [ 24.744685][ T286] __kernfs_create_file+0x4a/0x270 [ 24.749627][ T286] sysfs_add_file_mode_ns+0x273/0x320 [ 24.754839][ T286] internal_create_group+0x573/0xf00 [ 24.759959][ T286] sysfs_create_group+0x1f/0x30 [ 24.764648][ T286] kernel_add_sysfs_param+0xea/0x12d [ 24.769763][ T286] param_sysfs_builtin+0x16a/0x1e2 [ 24.774713][ T286] param_sysfs_init+0x6a/0x6f [ 24.779218][ T286] page_owner free stack trace missing [ 24.784431][ T286] [ 24.786605][ T286] Memory state around the buggy address: [ 24.792080][ T286] ffff8881085a5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 24.799968][ T286] ffff8881085a5980: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 24.807866][ T286] >ffff8881085a5a00: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 24.815758][ T286] ^ [ 24.822793][ T286] ffff8881085a5a80: fc fc fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.830692][ T286] ffff8881085a5b00: fb fb fb fb fc fc fc fc fc fc fc fc 00 00 00 00 [ 24.838586][ T286] ================================================================== [ 24.846485][ T286] Disabling lock debugging due to kernel taint