[ 3.154358][ T30] audit: type=1400 audit(1668336197.449:9): avc: denied { append open } for pid=164 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3.158232][ T30] audit: type=1400 audit(1668336197.449:10): avc: denied { getattr } for pid=164 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3.170981][ T166] acpid (166) used greatest stack depth: 24200 bytes left [ 3.407259][ T181] udevd[181]: starting version 3.2.10 [ 3.446240][ T182] udevd[182]: starting eudev-3.2.10 [ 3.448273][ T181] udevd (181) used greatest stack depth: 22976 bytes left [ 11.876590][ T30] kauditd_printk_skb: 49 callbacks suppressed [ 11.876603][ T30] audit: type=1400 audit(1668336206.189:60): avc: denied { transition } for pid=318 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.883174][ T30] audit: type=1400 audit(1668336206.189:61): avc: denied { write } for pid=318 comm="sh" path="pipe:[12514]" dev="pipefs" ino=12514 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 12.948766][ T319] sshd (319) used greatest stack depth: 22720 bytes left Warning: Permanently added '10.128.1.14' (ECDSA) to the list of known hosts. [ 23.544324][ T30] audit: type=1400 audit(1668336217.859:62): avc: denied { execmem } for pid=404 comm="syz-executor226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.547742][ T30] audit: type=1400 audit(1668336217.859:63): avc: denied { integrity } for pid=404 comm="syz-executor226" lockdown_reason="debugfs access" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lockdown permissive=1 [ 23.551959][ T30] audit: type=1400 audit(1668336217.859:64): avc: denied { setattr } for pid=404 comm="syz-executor226" name="raw-gadget" dev="devtmpfs" ino=161 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.555812][ T30] audit: type=1400 audit(1668336217.859:65): avc: denied { mounton } for pid=405 comm="syz-executor226" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 23.559552][ T30] audit: type=1400 audit(1668336217.859:66): avc: denied { mount } for pid=405 comm="syz-executor226" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 23.563413][ T30] audit: type=1400 audit(1668336217.859:67): avc: denied { mounton } for pid=405 comm="syz-executor226" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 23.577532][ T30] audit: type=1400 audit(1668336217.859:68): avc: denied { module_request } for pid=405 comm="syz-executor226" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 23.602393][ T405] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.609350][ T405] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.616594][ T405] device bridge_slave_0 entered promiscuous mode [ 23.623368][ T405] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.630201][ T405] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.637540][ T405] device bridge_slave_1 entered promiscuous mode [ 23.669714][ T30] audit: type=1400 audit(1668336217.979:69): avc: denied { create } for pid=405 comm="syz-executor226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.674050][ T405] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.690288][ T30] audit: type=1400 audit(1668336217.979:70): avc: denied { write } for pid=405 comm="syz-executor226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.697071][ T405] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.697160][ T405] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.718154][ T30] audit: type=1400 audit(1668336217.979:71): avc: denied { read } for pid=405 comm="syz-executor226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 23.724780][ T405] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.768673][ T41] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.775707][ T41] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.783194][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 23.790708][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 23.799632][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 23.807614][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.814558][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 23.830668][ T405] device veth0_vlan entered promiscuous mode [ 23.837398][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 23.845829][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 23.853764][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 23.861301][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 23.869061][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 23.877813][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.884678][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.892046][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 23.899784][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 23.911244][ T405] device veth1_macvtap entered promiscuous mode executing program [ 23.918317][ T126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 23.928734][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 23.940660][ T406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 23.955836][ T405] loop0: detected capacity change from 0 to 131072 [ 23.963738][ T405] F2FS-fs (loop0): Invalid log_blocksize (16), supports only 12 [ 23.971304][ T405] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 23.980694][ T405] F2FS-fs (loop0): invalid crc_offset: 0 [ 23.987468][ T405] F2FS-fs (loop0): Found nat_bits in checkpoint [ 24.008623][ T405] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 24.015560][ T405] F2FS-fs (loop0): Mounted with checkpoint version = 3e17dab1 [ 24.258739][ T419] ================================================================== [ 24.266629][ T419] BUG: KASAN: slab-out-of-bounds in do_garbage_collect+0x4f59/0x6370 [ 24.274631][ T419] Read of size 4 at addr ffff88811cab7568 by task kworker/u4:3/419 [ 24.282352][ T419] [ 24.284524][ T419] CPU: 0 PID: 419 Comm: kworker/u4:3 Not tainted 5.15.74-syzkaller #0 [ 24.292508][ T419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 24.302405][ T419] Workqueue: writeback wb_workfn (flush-7:0) [ 24.308222][ T419] Call Trace: [ 24.311362][ T419] [ 24.314207][ T419] dump_stack_lvl+0x151/0x1b7 [ 24.318804][ T419] ? bfq_pos_tree_add_move+0x43e/0x43e [ 24.324104][ T419] ? panic+0x727/0x727 [ 24.328014][ T419] ? _raw_spin_lock+0xa3/0x1b0 [ 24.332605][ T419] print_address_description+0x87/0x3d0 [ 24.337992][ T419] ? up_read+0x14/0x90 [ 24.341893][ T419] kasan_report+0x1a6/0x1f0 [ 24.346340][ T419] ? do_garbage_collect+0x4f59/0x6370 [ 24.351705][ T419] ? do_garbage_collect+0x4f59/0x6370 [ 24.356921][ T419] __asan_report_load4_noabort+0x14/0x20 [ 24.362390][ T419] do_garbage_collect+0x4f59/0x6370 [ 24.367426][ T419] ? stack_trace_snprint+0x100/0x100 [ 24.372616][ T419] ? f2fs_write_node_pages+0x13f/0x870 [ 24.378105][ T419] ? do_writepages+0x442/0x6c0 [ 24.382687][ T419] ? has_not_enough_free_secs+0x930/0x930 [ 24.388357][ T419] ? f2fs_available_free_memory+0x7f4/0xb10 [ 24.394094][ T419] ? set_page_private_gcing+0x130/0x130 [ 24.399467][ T419] ? f2fs_check_nid_range+0x120/0x120 [ 24.404672][ T419] ? __kasan_check_write+0x14/0x20 [ 24.409619][ T419] f2fs_gc+0x8aa/0x17c0 [ 24.413614][ T419] ? xas_set_mark+0x241/0x390 [ 24.418126][ T419] ? __kasan_check_write+0x14/0x20 [ 24.423081][ T419] ? f2fs_start_bidx_of_node+0x370/0x370 [ 24.428538][ T419] ? __kasan_check_write+0x14/0x20 [ 24.433487][ T419] ? __kasan_check_write+0x14/0x20 [ 24.438440][ T419] ? down_read_killable+0x250/0x250 [ 24.443811][ T419] ? has_not_enough_free_secs+0x3ff/0x910 [ 24.449372][ T419] f2fs_balance_fs+0x339/0x3e0 [ 24.453963][ T419] ? f2fs_update_inode+0x1155/0x1aa0 [ 24.459082][ T419] ? f2fs_commit_inmem_pages+0x100/0x100 [ 24.464556][ T419] ? __kasan_check_write+0x14/0x20 [ 24.469499][ T419] ? f2fs_put_page+0x117/0x180 [ 24.474115][ T419] ? f2fs_update_inode_page+0x101/0x130 [ 24.479487][ T419] f2fs_write_inode+0x4fc/0x580 [ 24.484422][ T419] write_inode+0xf5/0x2a0 [ 24.488566][ T419] __writeback_single_inode+0x38b/0x6d0 [ 24.494033][ T419] writeback_sb_inodes+0xb1d/0x1910 [ 24.499074][ T419] ? queue_io+0x500/0x500 [ 24.503258][ T419] ? __writeback_inodes_wb+0x410/0x410 [ 24.508736][ T419] ? queue_io+0x3c7/0x500 [ 24.512988][ T419] ? __kasan_check_write+0x14/0x20 [ 24.517932][ T419] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 24.522885][ T419] wb_writeback+0x401/0x9e0 [ 24.527227][ T419] ? inode_cgwb_move_to_attached+0x400/0x400 [ 24.533032][ T419] ? widen_string+0x41/0x3a0 [ 24.537458][ T419] ? __kasan_check_write+0x14/0x20 [ 24.542404][ T419] ? vsnprintf+0x1c02/0x1ce0 [ 24.546830][ T419] wb_do_writeback+0x222/0xbd0 [ 24.551433][ T419] ? wb_workfn+0x3e0/0x3e0 [ 24.555682][ T419] ? compat_start_thread+0x20/0x20 [ 24.560639][ T419] ? set_worker_desc+0x158/0x1c0 [ 24.565404][ T419] ? work_busy+0x250/0x250 [ 24.569655][ T419] ? finish_task_switch+0x173/0x710 [ 24.574698][ T419] ? kthread_data+0x52/0xc0 [ 24.579117][ T419] wb_workfn+0xf8/0x3e0 [ 24.583110][ T419] process_one_work+0x6db/0xc00 [ 24.587800][ T419] worker_thread+0xb3e/0x1340 [ 24.592314][ T419] ? schedule+0x142/0x1f0 [ 24.596476][ T419] kthread+0x41c/0x500 [ 24.600380][ T419] ? worker_clr_flags+0x180/0x180 [ 24.605244][ T419] ? kthread_blkcg+0xd0/0xd0 [ 24.609671][ T419] ret_from_fork+0x1f/0x30 [ 24.613926][ T419] [ 24.616788][ T419] [ 24.618967][ T419] Allocated by task 0: [ 24.622952][ T419] (stack is not available) [ 24.627209][ T419] [ 24.629393][ T419] The buggy address belongs to the object at ffff88811cab7540 [ 24.629393][ T419] which belongs to the cache pid_2 of size 128 [ 24.642740][ T419] The buggy address is located 40 bytes inside of [ 24.642740][ T419] 128-byte region [ffff88811cab7540, ffff88811cab75c0) [ 24.655770][ T419] The buggy address belongs to the page: [ 24.661235][ T419] page:ffffea000472adc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11cab7 [ 24.671392][ T419] flags: 0x4000000000000200(slab|zone=1) [ 24.676852][ T419] raw: 4000000000000200 0000000000000000 dead000000000122 ffff88810b020480 [ 24.685280][ T419] raw: 0000000000000000 0000000080150015 00000001ffffffff 0000000000000000 [ 24.693690][ T419] page dumped because: kasan: bad access detected [ 24.699937][ T419] page_owner tracks the page as allocated [ 24.705492][ T419] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 404, ts 23547730596, free_ts 12660595864 [ 24.721461][ T419] post_alloc_hook+0x1ab/0x1b0 [ 24.726064][ T419] get_page_from_freelist+0x38b/0x400 [ 24.731268][ T419] __alloc_pages+0x3a8/0x7c0 [ 24.735695][ T419] allocate_slab+0x62/0x580 [ 24.740034][ T419] ___slab_alloc+0x2e2/0x6f0 [ 24.744459][ T419] __slab_alloc+0x4a/0x90 [ 24.748626][ T419] kmem_cache_alloc+0x205/0x2f0 [ 24.753313][ T419] alloc_pid+0x9c/0xad0 [ 24.757479][ T419] copy_process+0x1658/0x3250 [ 24.761992][ T419] kernel_clone+0x22d/0x990 [ 24.766339][ T419] __x64_sys_clone+0x289/0x310 [ 24.770934][ T419] do_syscall_64+0x44/0xd0 [ 24.775188][ T419] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.780913][ T419] page last free stack trace: [ 24.785859][ T419] free_pcp_prepare+0x448/0x450 [ 24.790545][ T419] free_unref_page+0x9c/0x370 [ 24.795059][ T419] __put_page+0xb0/0xd0 [ 24.799053][ T419] anon_pipe_buf_release+0x17b/0x1e0 [ 24.804176][ T419] pipe_read+0x5c1/0x1060 [ 24.808407][ T419] vfs_read+0xabc/0xd80 [ 24.812387][ T419] ksys_read+0x198/0x2c0 [ 24.816445][ T419] __x64_sys_read+0x7b/0x90 [ 24.820753][ T419] do_syscall_64+0x44/0xd0 [ 24.825004][ T419] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 24.831175][ T419] [ 24.833338][ T419] Memory state around the buggy address: [ 24.838822][ T419] ffff88811cab7400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.846715][ T419] ffff88811cab7480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.854606][ T419] >ffff88811cab7500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.862509][ T419] ^ [ 24.869804][ T419] ffff88811cab7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.877702][ T419] ffff88811cab7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.885595][ T419] ================================================================== [ 24.893494][ T419] Disabling lock debugging due to kernel taint [ 25.472026][ T94] device bridge_slave_1 left promiscuous mode [ 25.478066][ T94] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.485747][ T94] device bridge_slave_0 left promiscuous mode [ 25.491769][ T94] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.499657][ T94] device veth1_macvtap left promiscuous mode [ 25.505846][ T94] device veth0_vlan left promiscuous mode