Warning: Permanently added '10.128.0.228' (ECDSA) to the list of known hosts. executing program [ 63.346759][ T23] audit: type=1400 audit(1673854420.369:73): avc: denied { execmem } for pid=365 comm="syz-executor246" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 63.351140][ T23] audit: type=1400 audit(1673854420.369:74): avc: denied { read write } for pid=365 comm="syz-executor246" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 63.358950][ T23] audit: type=1400 audit(1673854420.369:75): avc: denied { open } for pid=365 comm="syz-executor246" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 63.364569][ T23] audit: type=1400 audit(1673854420.369:76): avc: denied { ioctl } for pid=365 comm="syz-executor246" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 63.379424][ T23] audit: type=1400 audit(1673854420.389:77): avc: denied { mounton } for pid=366 comm="syz-executor246" path="/root/file0" dev="sda1" ino=1137 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 63.394640][ T367] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 63.411220][ T23] audit: type=1400 audit(1673854420.439:78): avc: denied { mount } for pid=366 comm="syz-executor246" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 63.433187][ T23] audit: type=1400 audit(1673854420.449:79): avc: denied { write } for pid=366 comm="syz-executor246" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 63.455203][ T23] audit: type=1400 audit(1673854420.449:80): avc: denied { add_name } for pid=366 comm="syz-executor246" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 63.475912][ T23] audit: type=1400 audit(1673854420.449:81): avc: denied { create } for pid=366 comm="syz-executor246" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 63.496225][ T23] audit: type=1400 audit(1673854420.449:82): avc: denied { write open } for pid=366 comm="syz-executor246" path="/root/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [ 63.586927][ T24] ================================================================== [ 63.595021][ T24] BUG: KASAN: use-after-free in get_max_inline_xattr_value_size+0x387/0x530 [ 63.603665][ T24] Read of size 4 at addr ffff8881051c1084 by task kworker/0:1/24 [ 63.611349][ T24] [ 63.613656][ T24] CPU: 0 PID: 24 Comm: kworker/0:1 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0 [ 63.623423][ T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 63.633455][ T24] Workqueue: events p9_write_work [ 63.638450][ T24] Call Trace: [ 63.641727][ T24] dump_stack_lvl+0x1e2/0x24b [ 63.646397][ T24] ? bfq_pos_tree_add_move+0x43e/0x43e [ 63.651844][ T24] ? panic+0x7d7/0x7d7 [ 63.655895][ T24] print_address_description+0x81/0x3c0 [ 63.661502][ T24] ? __kasan_check_write+0x14/0x20 [ 63.666586][ T24] kasan_report+0x1a4/0x1f0 [ 63.671063][ T24] ? __down_read+0xe0/0x2c0 [ 63.675538][ T24] ? get_max_inline_xattr_value_size+0x387/0x530 [ 63.681836][ T24] ? get_max_inline_xattr_value_size+0x387/0x530 [ 63.688138][ T24] __asan_report_load4_noabort+0x14/0x20 [ 63.693745][ T24] get_max_inline_xattr_value_size+0x387/0x530 [ 63.699873][ T24] ext4_get_max_inline_size+0x142/0x200 [ 63.705388][ T24] ? asan.module_dtor+0x20/0x20 [ 63.710210][ T24] ? page_ext_put+0x1c/0x30 [ 63.714710][ T24] ? __page_pinner_migration_failed+0xe5/0x250 [ 63.720843][ T24] ext4_try_to_write_inline_data+0xb1/0x570 [ 63.726714][ T24] ? PageUptodate+0xc0/0xc0 [ 63.731194][ T24] ? ext4_writepage_trans_blocks+0x2f2/0x370 [ 63.737150][ T24] ext4_write_begin+0x243/0x16f0 [ 63.742062][ T24] ? __getblk_gfp+0x3c/0x2a0 [ 63.746632][ T24] ? ext4_readahead+0x110/0x110 [ 63.751482][ T24] ? __ext4_get_inode_loc+0x44c/0xd20 [ 63.756830][ T24] ? unlock_page_memcg+0x10b/0x130 [ 63.761926][ T24] ? mark_buffer_dirty+0x1f2/0x310 [ 63.767193][ T24] ? mark_buffer_dirty+0x201/0x310 [ 63.772301][ T24] ? __ext4_handle_dirty_metadata+0x2d0/0x800 [ 63.778345][ T24] ? ext4_mark_iloc_dirty+0x2183/0x3350 [ 63.783868][ T24] ext4_da_write_begin+0x4a8/0xf10 [ 63.788954][ T24] ? ext4_set_page_dirty+0x1d0/0x1d0 [ 63.794214][ T24] ? ext4_blocks_for_truncate+0x240/0x240 [ 63.799907][ T24] ? load_balance+0x8d8/0x3360 [ 63.804653][ T24] ? iov_iter_fault_in_readable+0x261/0x500 [ 63.810520][ T24] ? __ext4_journal_stop+0x36/0x1c0 [ 63.815695][ T24] ? asan.module_dtor+0x20/0x20 [ 63.820519][ T24] ? ext4_dirty_inode+0xf0/0x120 [ 63.825433][ T24] ? __ext4_expand_extra_isize+0x3d0/0x3d0 [ 63.831213][ T24] ? __mark_inode_dirty+0x12f/0x930 [ 63.836406][ T24] generic_perform_write+0x309/0x5b0 [ 63.841667][ T24] ? file_remove_privs+0x640/0x640 [ 63.846755][ T24] ? grab_cache_page_write_begin+0xa0/0xa0 [ 63.852535][ T24] ? generic_write_checks+0x3d8/0x490 [ 63.857883][ T24] ext4_buffered_write_iter+0x47c/0x610 [ 63.863406][ T24] ext4_file_write_iter+0x192/0x1c70 [ 63.868670][ T24] ? avc_has_perm_noaudit+0x4c0/0x4c0 [ 63.874019][ T24] ? _raw_spin_lock+0xa3/0x1b0 [ 63.878761][ T24] ? kvm_sched_clock_read+0x18/0x40 [ 63.883935][ T24] ? sched_clock+0x3a/0x40 [ 63.888329][ T24] ? sched_clock_cpu+0x1b/0x3b0 [ 63.893253][ T24] ? ext4_file_read_iter+0x4d0/0x4d0 [ 63.898518][ T24] ? file_has_perm+0x4fd/0x6b0 [ 63.903256][ T24] ? iov_iter_kvec+0x3f/0x120 [ 63.907927][ T24] __kernel_write+0x5ad/0x9d0 [ 63.912593][ T24] ? vfs_read+0xbf0/0xbf0 [ 63.916911][ T24] ? fsnotify_perm+0x67/0x4e0 [ 63.921572][ T24] ? security_file_permission+0x9d/0xc0 [ 63.927097][ T24] ? security_file_permission+0xa8/0xc0 [ 63.932620][ T24] ? rw_verify_area+0x1c2/0x360 [ 63.937449][ T24] kernel_write+0x1e2/0x420 [ 63.941935][ T24] p9_write_work+0x5bc/0xce0 [ 63.946504][ T24] process_one_work+0x726/0xc10 [ 63.951349][ T24] worker_thread+0xb27/0x1550 [ 63.956005][ T24] ? __kthread_parkme+0xba/0x1d0 [ 63.960917][ T24] kthread+0x349/0x3d0 [ 63.964961][ T24] ? worker_clr_flags+0x180/0x180 [ 63.969967][ T24] ? kthread_blkcg+0xd0/0xd0 [ 63.974536][ T24] ret_from_fork+0x1f/0x30 [ 63.978927][ T24] [ 63.981268][ T24] Allocated by task 1: [ 63.985317][ T24] __kasan_slab_alloc+0xb2/0xe0 [ 63.990142][ T24] kmem_cache_alloc+0x16c/0x300 [ 63.994970][ T24] acpi_ps_alloc_op+0x18d/0x38d [ 63.999800][ T24] acpi_ps_create_op+0x3f4/0xc67 [ 64.004712][ T24] acpi_ps_parse_loop+0x635/0x1be0 [ 64.009802][ T24] acpi_ps_parse_aml+0x1d8/0x95d [ 64.014717][ T24] acpi_ps_execute_method+0x5ad/0x6c4 [ 64.020068][ T24] acpi_ns_evaluate+0x637/0xa10 [ 64.024897][ T24] acpi_ut_evaluate_object+0x14d/0x479 [ 64.030360][ T24] acpi_ut_execute_STA+0xa8/0x1ae [ 64.035360][ T24] acpi_ns_get_device_callback+0x25d/0x5d1 [ 64.041142][ T24] acpi_ns_walk_namespace+0x242/0x4ad [ 64.046486][ T24] acpi_get_devices+0x13b/0x18e [ 64.051313][ T24] pnpacpi_init+0x84/0x11d [ 64.055705][ T24] do_one_initcall+0x1b5/0x610 [ 64.060445][ T24] do_initcall_level+0x192/0x2f0 [ 64.065355][ T24] do_initcalls+0x50/0x94 [ 64.069657][ T24] do_basic_setup+0x88/0x91 [ 64.074135][ T24] kernel_init_freeable+0x2ba/0x3f1 [ 64.079307][ T24] kernel_init+0x11/0x290 [ 64.083628][ T24] ret_from_fork+0x1f/0x30 [ 64.088021][ T24] [ 64.090342][ T24] The buggy address belongs to the object at ffff8881051c1058 [ 64.090342][ T24] which belongs to the cache Acpi-Parse of size 56 [ 64.104201][ T24] The buggy address is located 44 bytes inside of [ 64.104201][ T24] 56-byte region [ffff8881051c1058, ffff8881051c1090) [ 64.117271][ T24] The buggy address belongs to the page: [ 64.122883][ T24] page:ffffea0004147040 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8881051c1e70 pfn:0x1051c1 [ 64.134391][ T24] flags: 0x8000000000000200(slab) [ 64.139394][ T24] raw: 8000000000000200 ffffea0004146e00 0000001200000012 ffff888100066a80 [ 64.147965][ T24] raw: ffff8881051c1e70 00000000802e0000 00000001ffffffff 0000000000000000 [ 64.156530][ T24] page dumped because: kasan: bad access detected [ 64.162926][ T24] page_owner tracks the page as allocated [ 64.168632][ T24] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 1, ts 1699670540, free_ts 0 [ 64.183443][ T24] get_page_from_freelist+0x755/0x810 [ 64.188789][ T24] __alloc_pages_nodemask+0x3b6/0x890 [ 64.194133][ T24] allocate_slab+0x78/0x540 [ 64.198609][ T24] ___slab_alloc+0x131/0x2e0 [ 64.203187][ T24] __slab_alloc+0x63/0xa0 [ 64.207491][ T24] kmem_cache_alloc+0x1ef/0x300 [ 64.212842][ T24] acpi_ps_alloc_op+0x18d/0x38d [ 64.217684][ T24] acpi_ps_create_op+0x3f4/0xc67 [ 64.222596][ T24] acpi_ps_parse_loop+0x635/0x1be0 [ 64.227684][ T24] acpi_ps_parse_aml+0x1d8/0x95d [ 64.232598][ T24] acpi_ps_execute_method+0x5ad/0x6c4 [ 64.237942][ T24] acpi_ns_evaluate+0x637/0xa10 [ 64.242768][ T24] acpi_ut_evaluate_object+0x14d/0x479 [ 64.248201][ T24] acpi_ut_execute_STA+0xa8/0x1ae [ 64.253204][ T24] acpi_ns_get_device_callback+0x25d/0x5d1 [ 64.258985][ T24] acpi_ns_walk_namespace+0x242/0x4ad [ 64.264324][ T24] page_owner free stack trace missing [ 64.269662][ T24] [ 64.271970][ T24] Memory state around the buggy address: [ 64.277590][ T24] ffff8881051c0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 64.285638][ T24] ffff8881051c1000: fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb fb [ 64.293679][ T24] >ffff8881051c1080: fb fb fc fc fc fc fb fb fb fb fb fb fb fc fc fc [ 64.301726][ T24] ^ [ 64.305785][ T24] ffff8881051c1100: fc fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb [ 64.313843][ T24] ffff8881051c1180: fb fb fb fc fc fc fc fb fb fb fb fb fb fb fc fc [ 64.321880][ T24] ================================================================== [ 64.329913][ T24] Disabling lock debugging due to kernel taint executing program [ 64.339262][ T24] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2179: inode #18: comm kworker/0:1: corrupted in-inode xattr write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory