Starting sshd: OK syzkaller syzkaller login: [ 4.890974][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 12.297453][ T23] kauditd_printk_skb: 60 callbacks suppressed [ 12.297459][ T23] audit: type=1400 audit(1650176537.580:71): avc: denied { transition } for pid=290 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.309640][ T23] audit: type=1400 audit(1650176537.590:72): avc: denied { write } for pid=290 comm="sh" path="pipe:[11299]" dev="pipefs" ino=11299 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 12.990796][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 14.410806][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 14.413238][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! Warning: Permanently added '10.128.0.236' (ECDSA) to the list of known hosts. executing program [ 19.424305][ T23] audit: type=1400 audit(1650176544.710:73): avc: denied { execmem } for pid=365 comm="syz-executor251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.445140][ T365] exFAT-fs (loop0): failed to load upcase table (idx : 0x00000c00, chksum : 0x00000000, utbl_chksum : 0xe619d30d) [ 19.446439][ T23] audit: type=1400 audit(1650176544.730:74): avc: denied { read write } for pid=365 comm="syz-executor251" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 19.460074][ T365] ================================================================== [ 19.489368][ T365] BUG: KASAN: slab-out-of-bounds in exfat_clear_bitmap+0x147/0x490 [ 19.490066][ T23] audit: type=1400 audit(1650176544.730:75): avc: denied { open } for pid=365 comm="syz-executor251" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 19.497249][ T365] Read of size 8 at addr ffff888115aa9508 by task syz-executor251/365 [ 19.497252][ T365] [ 19.497262][ T365] CPU: 1 PID: 365 Comm: syz-executor251 Not tainted 5.10.109-syzkaller-00693-g414e6c8e941c #0 [ 19.497267][ T365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 19.497270][ T365] Call Trace: [ 19.497284][ T365] dump_stack_lvl+0x1e2/0x24b [ 19.497293][ T365] ? bfq_pos_tree_add_move+0x43e/0x43e [ 19.497302][ T365] ? panic+0x7d7/0x7d7 [ 19.497318][ T365] print_address_description+0x81/0x3c0 [ 19.497328][ T365] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 19.497336][ T365] kasan_report+0x1a4/0x1f0 [ 19.497354][ T365] ? exfat_clear_bitmap+0x147/0x490 [ 19.521832][ T23] audit: type=1400 audit(1650176544.730:76): avc: denied { ioctl } for pid=365 comm="syz-executor251" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 19.529518][ T365] ? exfat_clear_bitmap+0x147/0x490 [ 19.531923][ T23] audit: type=1400 audit(1650176544.730:77): avc: denied { mounton } for pid=365 comm="syz-executor251" path="/root/file0" dev="sda1" ino=1137 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 19.542026][ T365] __asan_report_load8_noabort+0x14/0x20 [ 19.542035][ T365] exfat_clear_bitmap+0x147/0x490 [ 19.542044][ T365] exfat_free_cluster+0x25a/0x4a0 [ 19.542052][ T365] ? exfat_chain_cont_cluster+0xd0/0xd0 [ 19.542059][ T365] ? _raw_spin_unlock+0x4d/0x70 [ 19.542067][ T365] ? exfat_cache_inval_inode+0x245/0x290 [ 19.542076][ T365] ? exfat_free_dentry_set+0x22f/0x2a0 [ 19.542089][ T365] __exfat_truncate+0x99e/0xe00 [ 19.553177][ T23] audit: type=1400 audit(1650176544.740:78): avc: denied { mount } for pid=365 comm="syz-executor251" name="/" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 19.555614][ T365] ? __kasan_check_write+0x14/0x20 [ 19.560276][ T23] audit: type=1400 audit(1650176544.740:79): avc: denied { write } for pid=365 comm="syz-executor251" name="/" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 19.565698][ T365] ? asan.module_dtor+0x20/0x20 [ 19.565708][ T365] ? mutex_lock+0xa6/0x110 [ 19.565715][ T365] ? mutex_trylock+0xb0/0xb0 [ 19.565725][ T365] ? unmap_mapping_pages+0x1d0/0x1d0 [ 19.565739][ T365] exfat_truncate+0x11b/0x4f0 [ 19.570259][ T23] audit: type=1400 audit(1650176544.740:80): avc: denied { add_name } for pid=365 comm="syz-executor251" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 19.575467][ T365] exfat_setattr+0xa03/0xd40 [ 19.575476][ T365] ? vfs_getxattr_alloc+0x610/0x610 [ 19.575484][ T365] ? exfat_getattr+0x1e0/0x1e0 [ 19.575493][ T365] notify_change+0xb76/0xe10 [ 19.575502][ T365] do_truncate+0x1ea/0x2d0 [ 19.575509][ T365] ? asan.module_dtor+0x20/0x20 [ 19.575524][ T365] ? __kasan_check_read+0x11/0x20 [ 19.582398][ T23] audit: type=1400 audit(1650176544.740:81): avc: denied { create } for pid=365 comm="syz-executor251" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 19.586538][ T365] path_openat+0x294e/0x2fd0 [ 19.592023][ T23] audit: type=1400 audit(1650176544.740:82): avc: denied { associate } for pid=365 comm="syz-executor251" name="file1" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 19.617513][ T365] ? do_filp_open+0x440/0x440 [ 19.617524][ T365] do_filp_open+0x200/0x440 [ 19.617533][ T365] ? vfs_tmpfile+0x230/0x230 [ 19.617545][ T365] ? get_unused_fd_flags+0x95/0xa0 [ 19.617561][ T365] do_sys_openat2+0x13b/0x470 [ 19.887057][ T365] ? path_put+0x57/0x60 [ 19.891195][ T365] ? do_sys_open+0x220/0x220 [ 19.895770][ T365] __x64_sys_creat+0x11f/0x160 [ 19.900507][ T365] ? __x32_compat_sys_openat+0x290/0x290 [ 19.906135][ T365] ? debug_smp_processor_id+0x17/0x20 [ 19.911480][ T365] do_syscall_64+0x34/0x70 [ 19.915868][ T365] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 19.921941][ T365] RIP: 0033:0x7fd02eed02d9 [ 19.926577][ T365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 19.946340][ T365] RSP: 002b:00007ffcafe06f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 19.954746][ T365] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fd02eed02d9 [ 19.962793][ T365] RDX: 00007fd02eed02d9 RSI: 0000000000000000 RDI: 0000000020000080 [ 19.970735][ T365] RBP: 00007fd02ee8fb70 R08: 0000000000000000 R09: 0000000000000000 [ 19.978693][ T365] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd02ee8fc00 [ 19.986755][ T365] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 19.994723][ T365] [ 19.997116][ T365] Allocated by task 365: [ 20.001374][ T365] ____kasan_kmalloc+0xdc/0x110 [ 20.006329][ T365] __kasan_kmalloc+0x9/0x10 [ 20.010808][ T365] __kmalloc+0x1f7/0x360 [ 20.015026][ T365] exfat_load_bitmap+0x511/0xae0 [ 20.019935][ T365] exfat_fill_super+0x1101/0x2ab0 [ 20.024936][ T365] get_tree_bdev+0x417/0x640 [ 20.029519][ T365] exfat_get_tree+0x1c/0x20 [ 20.034000][ T365] vfs_get_tree+0x88/0x290 [ 20.038505][ T365] do_new_mount+0x289/0xad0 [ 20.042997][ T365] path_mount+0x58d/0xce0 [ 20.047302][ T365] __se_sys_mount+0x2d2/0x3c0 [ 20.051950][ T365] __x64_sys_mount+0xbf/0xd0 [ 20.056699][ T365] do_syscall_64+0x34/0x70 [ 20.061105][ T365] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 20.066962][ T365] [ 20.069276][ T365] The buggy address belongs to the object at ffff888115aa9500 [ 20.069276][ T365] which belongs to the cache kmalloc-8 of size 8 [ 20.083721][ T365] The buggy address is located 0 bytes to the right of [ 20.083721][ T365] 8-byte region [ffff888115aa9500, ffff888115aa9508) [ 20.097147][ T365] The buggy address belongs to the page: [ 20.102765][ T365] page:ffffea000456aa40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x115aa9 [ 20.112988][ T365] flags: 0x8000000000000200(slab) [ 20.118187][ T365] raw: 8000000000000200 dead000000000100 dead000000000122 ffff888100043c80 [ 20.127534][ T365] raw: 0000000000000000 0000000080660066 00000001ffffffff 0000000000000000 [ 20.136406][ T365] page dumped because: kasan: bad access detected [ 20.142804][ T365] page_owner tracks the page as allocated [ 20.148794][ T365] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 198, ts 4174522057, free_ts 4174389097 [ 20.164938][ T365] get_page_from_freelist+0x745/0x760 [ 20.170436][ T365] __alloc_pages_nodemask+0x3b6/0x890 [ 20.175824][ T365] allocate_slab+0x78/0x540 [ 20.180307][ T365] ___slab_alloc+0x131/0x2e0 [ 20.184951][ T365] __slab_alloc+0x63/0xa0 [ 20.189274][ T365] __kmalloc+0x24f/0x360 [ 20.193509][ T365] kvmalloc_node+0x82/0x130 [ 20.197993][ T365] proc_sys_call_handler+0x3d5/0x870 [ 20.203437][ T365] proc_sys_write+0x22/0x30 [ 20.208167][ T365] vfs_write+0xc1c/0xf40 [ 20.212423][ T365] ksys_write+0x198/0x2c0 [ 20.216744][ T365] __x64_sys_write+0x7b/0x90 [ 20.221708][ T365] do_syscall_64+0x34/0x70 [ 20.226238][ T365] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 20.232108][ T365] page last free stack trace: [ 20.236960][ T365] free_pcp_prepare+0x18c/0x1c0 [ 20.241818][ T365] __free_pages+0x2e0/0x4a0 [ 20.246308][ T365] free_pages+0x7c/0x90 [ 20.251055][ T365] selinux_genfs_get_sid+0x209/0x250 [ 20.256539][ T365] inode_doinit_with_dentry+0x858/0x1030 [ 20.262161][ T365] selinux_d_instantiate+0x27/0x40 [ 20.267261][ T365] security_d_instantiate+0xa5/0x100 [ 20.272565][ T365] d_splice_alias+0x71/0x3b0 [ 20.277338][ T365] proc_sys_lookup+0x6d5/0x7e0 [ 20.282209][ T365] path_openat+0x119a/0x2fd0 [ 20.286869][ T365] do_filp_open+0x200/0x440 [ 20.291349][ T365] do_sys_openat2+0x13b/0x470 [ 20.296111][ T365] __x64_sys_openat+0x243/0x290 [ 20.300944][ T365] do_syscall_64+0x34/0x70 [ 20.305573][ T365] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 20.311591][ T365] [ 20.313997][ T365] Memory state around the buggy address: [ 20.319615][ T365] ffff888115aa9400: fc fc fa fc fc fc fc fa fc fc fc fc fa fc fc fc [ 20.327661][ T365] ffff888115aa9480: fc fa fc fc fc fc 00 fc fc fc fc 00 fc fc fc fc [ 20.335927][ T365] >ffff888115aa9500: 00 fc fc fc fc 00 fc fc fc fc fa fc fc fc fc 00 [ 20.343973][ T365] ^ [ 20.348286][ T365] ffff888115aa9580: fc fc fc fc fa fc fc fc fc fa fc fc fc fc fa fc [ 20.356318][ T365] ffff888115aa9600: fc fc fc fa fc fc fc fc fc fc fc fc fc fa fc fc [ 20.364379][ T365] ================================================================== [ 20.372422][ T365] Disabling lock debugging due to kernel taint [ 20.380125][ T365] general protection fault, probably for non-canonical address 0xf9bffc1cc0000032: 0000 [#1] PREEMPT SMP KASAN [ 20.391824][ T365] KASAN: maybe wild-memory-access in range [0xce0000e600000190-0xce0000e600000197] [ 20.401083][ T365] CPU: 1 PID: 365 Comm: syz-executor251 Tainted: G B 5.10.109-syzkaller-00693-g414e6c8e941c #0 [ 20.412685][ T365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 20.422825][ T365] RIP: 0010:exfat_clear_bitmap+0x163/0x490 [ 20.428692][ T365] Code: 80 3c 08 00 74 08 48 89 df e8 39 26 af ff 44 23 75 b0 4c 8b 23 49 83 c4 28 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 e7 e8 0f 26 af ff 41 8d 46 3f 45 85 f6 41 [ 20.448276][ T365] RSP: 0018:ffffc90000bf7420 EFLAGS: 00010a03 [ 20.454331][ T365] RAX: 19c0001cc0000032 RBX: ffff888115aa9508 RCX: dffffc0000000000 [ 20.462287][ T365] RDX: 0000000000000000 RSI: 0000000000000286 RDI: 0000000000000001 [ 20.470499][ T365] RBP: ffffc90000bf7490 R08: ffffffff813efad3 R09: fffffbfff0d85cf9 [ 20.478449][ T365] R10: fffffbfff0d85cf9 R11: 1ffffffff0d85cf8 R12: ce0000e600000195 [ 20.486397][ T365] R13: 1ffff11020eb500c R14: 0000000000000000 R15: 0000000000000008 [ 20.494350][ T365] FS: 0000555557200300(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 20.503334][ T365] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.509926][ T365] CR2: 000055f229b3b0d8 CR3: 00000001077ad000 CR4: 00000000003506a0 [ 20.517876][ T365] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.525823][ T365] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.533783][ T365] Call Trace: [ 20.537055][ T365] exfat_free_cluster+0x25a/0x4a0 [ 20.542054][ T365] ? exfat_chain_cont_cluster+0xd0/0xd0 [ 20.547573][ T365] ? _raw_spin_unlock+0x4d/0x70 [ 20.552400][ T365] ? exfat_cache_inval_inode+0x245/0x290 [ 20.558034][ T365] ? exfat_free_dentry_set+0x22f/0x2a0 [ 20.563480][ T365] __exfat_truncate+0x99e/0xe00 [ 20.568400][ T365] ? __kasan_check_write+0x14/0x20 [ 20.573490][ T365] ? asan.module_dtor+0x20/0x20 [ 20.578346][ T365] ? mutex_lock+0xa6/0x110 [ 20.582739][ T365] ? mutex_trylock+0xb0/0xb0 [ 20.587542][ T365] ? unmap_mapping_pages+0x1d0/0x1d0 [ 20.592803][ T365] exfat_truncate+0x11b/0x4f0 [ 20.597458][ T365] exfat_setattr+0xa03/0xd40 [ 20.602023][ T365] ? vfs_getxattr_alloc+0x610/0x610 [ 20.607203][ T365] ? exfat_getattr+0x1e0/0x1e0 [ 20.611942][ T365] notify_change+0xb76/0xe10 [ 20.616509][ T365] do_truncate+0x1ea/0x2d0 [ 20.620898][ T365] ? asan.module_dtor+0x20/0x20 [ 20.625725][ T365] ? __kasan_check_read+0x11/0x20 [ 20.630728][ T365] path_openat+0x294e/0x2fd0 [ 20.635297][ T365] ? do_filp_open+0x440/0x440 [ 20.639948][ T365] do_filp_open+0x200/0x440 [ 20.644428][ T365] ? vfs_tmpfile+0x230/0x230 [ 20.648995][ T365] ? get_unused_fd_flags+0x95/0xa0 [ 20.654078][ T365] do_sys_openat2+0x13b/0x470 [ 20.658731][ T365] ? path_put+0x57/0x60 [ 20.662864][ T365] ? do_sys_open+0x220/0x220 [ 20.667427][ T365] __x64_sys_creat+0x11f/0x160 [ 20.672168][ T365] ? __x32_compat_sys_openat+0x290/0x290 [ 20.677773][ T365] ? debug_smp_processor_id+0x17/0x20 [ 20.683121][ T365] do_syscall_64+0x34/0x70 [ 20.687514][ T365] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 20.693471][ T365] RIP: 0033:0x7fd02eed02d9 [ 20.697863][ T365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 20.717716][ T365] RSP: 002b:00007ffcafe06f88 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 20.726123][ T365] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fd02eed02d9 [ 20.734073][ T365] RDX: 00007fd02eed02d9 RSI: 0000000000000000 RDI: 0000000020000080 [ 20.742124][ T365] RBP: 00007fd02ee8fb70 R08: 0000000000000000 R09: 0000000000000000 [ 20.750162][ T365] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd02ee8fc00 [ 20.758114][ T365] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 20.766065][ T365] Modules linked in: [ 20.772009][ T365] ---[ end trace dd7d39fc867eb4c8 ]--- [ 20.777771][ T365] RIP: 0010:exfat_clear_bitmap+0x163/0x490 [ 20.783888][ T365] Code: 80 3c 08 00 74 08 48 89 df e8 39 26 af ff 44 23 75 b0 4c 8b 23 49 83 c4 28 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 e7 e8 0f 26 af ff 41 8d 46 3f 45 85 f6 41 [ 20.805670][ T365] RSP: 0018:ffffc90000bf7420 EFLAGS: 00010a03 [ 20.811746][ T365] RAX: 19c0001cc0000032 RBX: ffff888115aa9508 RCX: dffffc0000000000 [ 20.819707][ T365] RDX: 0000000000000000 RSI: 0000000000000286 RDI: 0000000000000001 [ 20.827781][ T365] RBP: ffffc90000bf7490 R08: ffffffff813efad3 R09: fffffbfff0d85cf9 [ 20.835971][ T365] R10: fffffbfff0d85cf9 R11: 1ffffffff0d85cf8 R12: ce0000e600000195 [ 20.844003][ T365] R13: 1ffff11020eb500c R14: 0000000000000000 R15: 0000000000000008 [ 20.852173][ T365] FS: 0000555557200300(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 20.861153][ T365] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.867732][ T365] CR2: 00007ffe84dd3e08 CR3: 00000001077ad000 CR4: 00000000003506b0 [ 20.875763][ T365] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.884121][ T365] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.892115][ T365] Kernel panic - not syncing: Fatal exception [ 20.898473][ T365] Kernel Offset: disabled [ 20.902794][ T365] Rebooting in 86400 seconds..