Warning: Permanently added '10.128.0.226' (ECDSA) to the list of known hosts. executing program [ 60.345625][ T22] audit: type=1400 audit(1672991049.069:73): avc: denied { execmem } for pid=298 comm="syz-executor374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 60.348557][ T22] audit: type=1400 audit(1672991049.069:74): avc: denied { read write } for pid=298 comm="syz-executor374" name="loop0" dev="devtmpfs" ino=9270 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 60.352325][ T22] audit: type=1400 audit(1672991049.069:75): avc: denied { open } for pid=298 comm="syz-executor374" path="/dev/loop0" dev="devtmpfs" ino=9270 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 60.355947][ T22] audit: type=1400 audit(1672991049.069:76): avc: denied { ioctl } for pid=298 comm="syz-executor374" path="/dev/loop0" dev="devtmpfs" ino=9270 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 60.361705][ T22] audit: type=1400 audit(1672991049.089:77): avc: denied { mounton } for pid=300 comm="syz-executor374" path="/root/file0" dev="sda1" ino=1137 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 60.371954][ T300] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 60.381020][ T22] audit: type=1400 audit(1672991049.109:78): avc: denied { mount } for pid=300 comm="syz-executor374" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 60.382401][ T300] EXT4-fs error (device loop0): ext4_xattr_ibody_get:591: inode #18: comm syz-executor374: corrupted in-inode xattr [ 60.407804][ T22] audit: type=1400 audit(1672991049.109:79): avc: denied { write } for pid=300 comm="syz-executor374" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 60.415319][ T300] ================================================================== [ 60.438804][ T22] audit: type=1400 audit(1672991049.109:80): avc: denied { add_name } for pid=300 comm="syz-executor374" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 60.444781][ T300] BUG: KASAN: use-after-free in get_max_inline_xattr_value_size+0x373/0x510 [ 60.444793][ T300] Read of size 4 at addr ffff8881de7e4084 by task syz-executor374/300 [ 60.465450][ T22] audit: type=1400 audit(1672991049.109:81): avc: denied { create } for pid=300 comm="syz-executor374" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 60.474038][ T300] [ 60.474048][ T300] CPU: 0 PID: 300 Comm: syz-executor374 Not tainted 5.4.219-syzkaller-00013-g4a947285bcca #0 [ 60.474052][ T300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 60.474059][ T300] Call Trace: [ 60.482207][ T22] audit: type=1400 audit(1672991049.109:82): avc: denied { write open } for pid=300 comm="syz-executor374" path="/root/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 60.502358][ T300] dump_stack+0x1d8/0x241 [ 60.502370][ T300] ? nf_ct_l4proto_log_invalid+0x26c/0x26c [ 60.562095][ T300] ? printk+0xcf/0x10f [ 60.566129][ T300] ? get_max_inline_xattr_value_size+0x373/0x510 [ 60.572423][ T300] ? vprintk_emit+0x437/0x4a0 [ 60.577068][ T300] ? get_max_inline_xattr_value_size+0x373/0x510 [ 60.583380][ T300] print_address_description+0x8c/0x630 [ 60.589013][ T300] ? panic+0x73e/0x73e [ 60.593057][ T300] ? get_max_inline_xattr_value_size+0x373/0x510 [ 60.599352][ T300] __kasan_report+0xf6/0x130 [ 60.603915][ T300] ? get_max_inline_xattr_value_size+0x373/0x510 [ 60.610213][ T300] kasan_report+0x30/0x60 [ 60.614522][ T300] get_max_inline_xattr_value_size+0x373/0x510 [ 60.620644][ T300] ext4_get_max_inline_size+0x139/0x1f0 [ 60.626155][ T300] ? asan.module_dtor+0x20/0x20 [ 60.630974][ T300] ? preempt_count_add+0x8d/0x180 [ 60.635970][ T300] ? generic_make_request+0xda4/0xe60 [ 60.641309][ T300] ? mempool_resize+0x940/0x940 [ 60.646126][ T300] ext4_try_to_write_inline_data+0xd9/0x1750 [ 60.652074][ T300] ? __bio_add_page+0x272/0x430 [ 60.656890][ T300] ? PageUptodate+0xc0/0xc0 [ 60.661367][ T300] ? submit_bio+0x142/0x640 [ 60.665835][ T300] ? ext4_ext_index_trans_blocks+0xd1/0x120 [ 60.671693][ T300] ? ext4_writepage_trans_blocks+0x506/0x620 [ 60.677638][ T300] ext4_write_begin+0x247/0x1d50 [ 60.682551][ T300] ? debug_smp_processor_id+0x20/0x20 [ 60.687888][ T300] ? debug_smp_processor_id+0x20/0x20 [ 60.693226][ T300] ? __xa_set_mark+0x378/0x4e0 [ 60.697957][ T300] ? __mod_memcg_state+0x87/0x170 [ 60.702948][ T300] ? ext4_readpages+0x110/0x110 [ 60.707771][ T300] ? account_page_dirtied+0x353/0x5d0 [ 60.713120][ T300] ? __set_page_dirty+0x1fb/0x250 [ 60.718107][ T300] ? __mark_inode_dirty+0x126/0x9f0 [ 60.723272][ T300] ? mark_buffer_dirty+0x1b2/0x360 [ 60.728348][ T300] ? __ext4_handle_dirty_metadata+0x27d/0x620 [ 60.734378][ T300] ? ext4_mark_iloc_dirty+0x24af/0x3440 [ 60.739887][ T300] ext4_da_write_begin+0x4a8/0xf80 [ 60.744970][ T300] ? ext4_chunk_trans_blocks+0x2a0/0x2a0 [ 60.750932][ T300] ? ext4_set_page_dirty+0x1a0/0x1a0 [ 60.759486][ T300] ? ext4_reserve_inode_write+0x19c/0x220 [ 60.765170][ T300] ? ext4_mark_inode_dirty+0x4ca/0x780 [ 60.770592][ T300] ? ext4_initxattrs+0x110/0x110 [ 60.775493][ T300] ? __vfs_getxattr+0x62f/0x700 [ 60.780309][ T300] ? ext4_blocks_for_truncate+0x220/0x220 [ 60.785993][ T300] ? iov_iter_fault_in_readable+0x31c/0x4d0 [ 60.791849][ T300] ? asan.module_dtor+0x20/0x20 [ 60.796665][ T300] generic_perform_write+0x2f9/0x5a0 [ 60.801916][ T300] ? __mark_inode_dirty+0x5d2/0x9f0 [ 60.807088][ T300] ? grab_cache_page_write_begin+0x90/0x90 [ 60.812857][ T300] ? file_remove_privs+0x640/0x640 [ 60.817940][ T300] ? blk_flush_plug_list+0x4c7/0x510 [ 60.823199][ T300] ? down_write_trylock+0xd8/0x130 [ 60.828281][ T300] __generic_file_write_iter+0x239/0x490 [ 60.833887][ T300] ext4_file_write_iter+0x495/0x10e0 [ 60.839143][ T300] ? ext4_file_read_iter+0x140/0x140 [ 60.844397][ T300] ? iov_iter_init+0x83/0x160 [ 60.849038][ T300] __vfs_write+0x5e3/0x780 [ 60.853445][ T300] ? __kernel_write+0x340/0x340 [ 60.858263][ T300] ? check_preemption_disabled+0x9e/0x330 [ 60.863948][ T300] ? debug_smp_processor_id+0x20/0x20 [ 60.869299][ T300] ? selinux_file_permission+0x2c2/0x530 [ 60.874896][ T300] vfs_write+0x210/0x4f0 [ 60.879107][ T300] ksys_write+0x198/0x2c0 [ 60.883399][ T300] ? __ia32_sys_read+0x80/0x80 [ 60.888129][ T300] do_syscall_64+0xcb/0x1c0 [ 60.892600][ T300] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 60.898456][ T300] [ 60.900753][ T300] Allocated by task 295: [ 60.904962][ T300] __kasan_kmalloc+0x131/0x1e0 [ 60.909689][ T300] kmem_cache_alloc+0xd0/0x210 [ 60.914418][ T300] __alloc_file+0x26/0x300 [ 60.918800][ T300] alloc_empty_file+0xa9/0x1b0 [ 60.923543][ T300] path_openat+0x116/0x3ea0 [ 60.928013][ T300] do_filp_open+0x208/0x450 [ 60.932479][ T300] do_sys_open+0x393/0x7e0 [ 60.936857][ T300] do_syscall_64+0xcb/0x1c0 [ 60.941326][ T300] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 60.947175][ T300] [ 60.949472][ T300] Freed by task 9: [ 60.953159][ T300] __kasan_slab_free+0x178/0x240 [ 60.958063][ T300] slab_free_freelist_hook+0x80/0x150 [ 60.963396][ T300] kmem_cache_free+0xa9/0x1d0 [ 60.968038][ T300] rcu_do_batch+0x49e/0xa10 [ 60.972506][ T300] rcu_core+0x4ba/0xca0 [ 60.976630][ T300] __do_softirq+0x23e/0x643 [ 60.981092][ T300] [ 60.983407][ T300] The buggy address belongs to the object at ffff8881de7e4000 [ 60.983407][ T300] which belongs to the cache filp of size 280 [ 60.996814][ T300] The buggy address is located 132 bytes inside of [ 60.996814][ T300] 280-byte region [ffff8881de7e4000, ffff8881de7e4118) [ 61.010049][ T300] The buggy address belongs to the page: [ 61.015652][ T300] page:ffffea000779f900 refcount:1 mapcount:0 mapping:ffff8881f5cf8500 index:0x0 compound_mapcount: 0 [ 61.026547][ T300] flags: 0x8000000000010200(slab|head) [ 61.031984][ T300] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cf8500 [ 61.040536][ T300] raw: 0000000000000000 0000000000150015 00000001ffffffff 0000000000000000 [ 61.049086][ T300] page dumped because: kasan: bad access detected [ 61.055463][ T300] page_owner tracks the page as allocated [ 61.061147][ T300] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC) [ 61.076128][ T300] prep_new_page+0x194/0x380 [ 61.080691][ T300] get_page_from_freelist+0x524/0x560 [ 61.086028][ T300] __alloc_pages_nodemask+0x372/0x860 [ 61.091361][ T300] alloc_slab_page+0x39/0x3e0 [ 61.096001][ T300] new_slab+0x97/0x450 [ 61.100037][ T300] ___slab_alloc+0x320/0x4a0 [ 61.104599][ T300] __slab_alloc+0x5a/0x90 [ 61.108892][ T300] kmem_cache_alloc+0x100/0x210 [ 61.113706][ T300] __alloc_file+0x26/0x300 [ 61.118085][ T300] alloc_empty_file+0xa9/0x1b0 [ 61.122814][ T300] path_openat+0x116/0x3ea0 [ 61.127280][ T300] do_filp_open+0x208/0x450 [ 61.131748][ T300] do_sys_open+0x393/0x7e0 [ 61.136128][ T300] do_syscall_64+0xcb/0x1c0 [ 61.140597][ T300] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 61.146448][ T300] page_owner free stack trace missing [ 61.151778][ T300] [ 61.154074][ T300] Memory state around the buggy address: [ 61.159667][ T300] ffff8881de7e3f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 61.167704][ T300] ffff8881de7e4000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.175731][ T300] >ffff8881de7e4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.183752][ T300] ^ [ 61.187783][ T300] ffff8881de7e4100: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc executing program executing program executing program executing program [ 61.195805][ T300] ffff8881de7e4180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.203831][ T300] ================================================================== [ 61.211853][ T300] Disabling lock debugging due to kernel taint [ 61.218605][ T300] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:430: comm syz-executor374: Invalid block bitmap block 0 in block_group 0 [ 61.233053][ T300] syz-executor374 (300) used greatest stack depth: 22872 bytes left executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 66.560443][ T101] cfg80211: failed to load regulatory.db executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program