[ 69.059129][ T26] audit: type=1400 audit(1687276330.189:78): avc: denied { noatsecure } for pid=4915 comm="sshd" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 69.078590][ T26] audit: type=1400 audit(1687276330.209:79): avc: denied { write } for pid=4915 comm="sh" path="pipe:[29710]" dev="pipefs" ino=29710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 69.101459][ T26] audit: type=1400 audit(1687276330.209:80): avc: denied { rlimitinh } for pid=4915 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 69.120698][ T26] audit: type=1400 audit(1687276330.209:81): avc: denied { siginh } for pid=4915 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 69.904485][ T26] audit: type=1400 audit(1687276331.049:82): avc: denied { read } for pid=4428 comm="syslogd" name="log" dev="sda1" ino=1915 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 92.502292][ T25] cfg80211: failed to load regulatory.db
[ 95.345735][ T26] audit: type=1400 audit(1687276356.489:83): avc: denied { append } for pid=4428 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 95.369688][ T26] audit: type=1400 audit(1687276356.489:84): avc: denied { open } for pid=4428 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 95.392214][ T26] audit: type=1400 audit(1687276356.489:85): avc: denied { getattr } for pid=4428 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 95.442549][ T26] audit: type=1400 audit(1687276356.589:86): avc: denied { write } for pid=4987 comm="sh" path="pipe:[29795]" dev="pipefs" ino=29795 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
Warning: Permanently added '10.128.1.77' (ECDSA) to the list of known hosts.
[ 101.143423][ T26] audit: type=1400 audit(1687276362.289:87): avc: denied { execmem } for pid=4992 comm="syz-executor196" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
executing program
[ 101.179628][ T26] audit: type=1400 audit(1687276362.299:88): avc: denied { read write } for pid=4992 comm="syz-executor196" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 101.212168][ T4993] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4993 'syz-executor196'
[ 101.228574][ T4993] loop0: detected capacity change from 0 to 128
[ 101.235680][ T26] audit: type=1400 audit(1687276362.299:89): avc: denied { open } for pid=4992 comm="syz-executor196" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 101.265781][ T4993] VFS: Found a Xenix FS (block size = 1024) on device loop0
[ 101.291348][ T4993] sysv_free_block: flc_count > flc_size
[ 101.298005][ T4993] sysv_free_block: flc_count > flc_size
[ 101.304209][ T26] audit: type=1400 audit(1687276362.299:90): avc: denied { ioctl } for pid=4992 comm="syz-executor196" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 101.332257][ T4993] sysv_free_block: flc_count > flc_size
[ 101.338486][ T4993] sysv_free_block: flc_count > flc_size
[ 101.344181][ T4993] sysv_free_block: flc_count > flc_size
[ 101.350129][ T26] audit: type=1400 audit(1687276362.409:91): avc: denied { mounton } for pid=4993 comm="syz-executor196" path="/root/file0" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=file permissive=1
[ 101.350540][ T4993] sysv_free_block: flc_count > flc_size
[ 101.373933][ T26] audit: type=1400 audit(1687276362.419:92): avc: denied { mount } for pid=4993 comm="syz-executor196" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysv_t tclass=filesystem permissive=1
[ 101.378758][ T4993] sysv_free_block: flc_count > flc_size
[ 101.406816][ T4993] sysv_free_block: flc_count > flc_size
[ 101.412513][ T4993] sysv_free_block: flc_count > flc_size
[ 101.418087][ T4993] sysv_free_block: flc_count > flc_size
[ 101.425015][ T4993] ==================================================================
[ 101.433184][ T4993] BUG: KASAN: use-after-free in sysv_new_block+0x7d0/0xa90
[ 101.440508][ T4993] Read of size 4 at addr ffff8880705840c8 by task syz-executor196/4993
[ 101.448759][ T4993]
[ 101.451098][ T4993] CPU: 0 PID: 4993 Comm: syz-executor196 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0
[ 101.461546][ T4993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 101.471617][ T4993] Call Trace:
[ 101.474924][ T4993]
[ 101.477866][ T4993] dump_stack_lvl+0xd9/0x150
[ 101.482500][ T4993] print_address_description.constprop.0+0x2c/0x3c0
[ 101.489116][ T4993] ? sysv_new_block+0x7d0/0xa90
[ 101.493991][ T4993] kasan_report+0x11c/0x130
[ 101.498519][ T4993] ? sysv_new_block+0x7d0/0xa90
[ 101.503394][ T4993] sysv_new_block+0x7d0/0xa90
[ 101.508094][ T4993] get_block+0x26b/0x1580
[ 101.512450][ T4993] ? free_branches+0x3d0/0x3d0
[ 101.517235][ T4993] ? folio_create_buffers+0x10b/0x160
[ 101.522633][ T4993] ? lock_downgrade+0x690/0x690
[ 101.527514][ T4993] ? folio_flags.constprop.0+0x53/0x150
[ 101.533184][ T4993] ? do_raw_spin_unlock+0x175/0x230
[ 101.538412][ T4993] ? _raw_spin_unlock+0x28/0x40
[ 101.543297][ T4993] __block_write_begin_int+0x3bd/0x14b0
[ 101.548958][ T4993] ? free_branches+0x3d0/0x3d0
[ 101.553744][ T4993] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 101.559329][ T4993] ? folio_flags.constprop.0+0x53/0x150
[ 101.564911][ T4993] ? free_branches+0x3d0/0x3d0
[ 101.569696][ T4993] block_write_begin+0xb9/0x4d0
[ 101.574573][ T4993] sysv_write_begin+0x31/0xd0
[ 101.579444][ T4993] generic_perform_write+0x256/0x570
[ 101.584776][ T4993] ? generic_file_readonly_mmap+0x180/0x180
[ 101.590709][ T4993] ? new_inode+0x280/0x280
[ 101.595160][ T4993] ? generic_write_checks+0x2c0/0x400
[ 101.600590][ T4993] __generic_file_write_iter+0x2ae/0x500
[ 101.606248][ T4993] generic_file_write_iter+0xe3/0x350
[ 101.611647][ T4993] vfs_write+0x945/0xd50
[ 101.615946][ T4993] ? kernel_write+0x670/0x670
[ 101.620656][ T4993] ? __fget_light+0x20a/0x270
[ 101.625357][ T4993] ksys_write+0x12b/0x250
[ 101.629711][ T4993] ? __ia32_sys_read+0xb0/0xb0
[ 101.634498][ T4993] ? syscall_enter_from_user_mode+0x26/0x80
[ 101.640424][ T4993] do_syscall_64+0x39/0xb0
[ 101.644949][ T4993] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 101.650888][ T4993] RIP: 0033:0x7ff54b7852b9
[ 101.655410][ T4993] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 101.675039][ T4993] RSP: 002b:00007fff45f40618 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 101.683567][ T4993] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007ff54b7852b9
[ 101.691560][ T4993] RDX: 00000000fffffe45 RSI: 00000000200000c0 RDI: 0000000000000004
[ 101.699559][ T4993] RBP: 0000000000000000 R08: 00007ff54b7fcec0 R09: 00007ff54b7fcec0
[ 101.707548][ T4993] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff45f40640
[ 101.715541][ T4993] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000
[ 101.723534][ T4993]
[ 101.726563][ T4993]
[ 101.728899][ T4993] The buggy address belongs to the physical page:
[ 101.735321][ T4993] page:ffffea0001c16100 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x70584
[ 101.745493][ T4993] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 101.752614][ T4993] page_type: 0xffffffff()
[ 101.756961][ T4993] raw: 00fff00000000000 ffffea0001c41a08 ffffea0001c41a48 0000000000000000
[ 101.765609][ T4993] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 101.774203][ T4993] page dumped because: kasan: bad access detected
[ 101.780627][ T4993] page_owner tracks the page as freed
[ 101.786001][ T4993] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 4987, tgid 4987 (scp), ts 95518024228, free_ts 95652540450
[ 101.802956][ T4993] post_alloc_hook+0x2db/0x350
[ 101.807749][ T4993] get_page_from_freelist+0xf41/0x2c00
[ 101.813239][ T4993] __alloc_pages+0x1cb/0x4a0
[ 101.817853][ T4993] __folio_alloc+0x16/0x40
[ 101.822306][ T4993] vma_alloc_folio+0x155/0x890
[ 101.827093][ T4993] __handle_mm_fault+0xf7a/0x41c0
[ 101.832146][ T4993] handle_mm_fault+0x2af/0x9f0
[ 101.836953][ T4993] do_user_addr_fault+0x51a/0x1210
[ 101.842092][ T4993] exc_page_fault+0x98/0x170
[ 101.846717][ T4993] asm_exc_page_fault+0x26/0x30
[ 101.851601][ T4993] page last free stack trace:
[ 101.856275][ T4993] free_unref_page_prepare+0x62e/0xcb0
[ 101.861758][ T4993] free_unref_page_list+0xe3/0xa70
[ 101.866896][ T4993] release_pages+0xcd8/0x1380
[ 101.871590][ T4993] tlb_batch_pages_flush+0xa8/0x1a0
[ 101.876809][ T4993] tlb_finish_mmu+0x14b/0x7e0
[ 101.881512][ T4993] exit_mmap+0x2b2/0x930
[ 101.885772][ T4993] __mmput+0x128/0x4c0
[ 101.889867][ T4993] mmput+0x60/0x70
[ 101.893612][ T4993] do_exit+0x9b0/0x29b0
[ 101.897788][ T4993] do_group_exit+0xd4/0x2a0
[ 101.902309][ T4993] __x64_sys_exit_group+0x3e/0x50
[ 101.907351][ T4993] do_syscall_64+0x39/0xb0
[ 101.911784][ T4993] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 101.917716][ T4993]
[ 101.920155][ T4993] Memory state around the buggy address:
[ 101.925801][ T4993] ffff888070583f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 101.933878][ T4993] ffff888070584000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 101.941959][ T4993] >ffff888070584080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 101.950029][ T4993] ^
[ 101.956451][ T4993] ffff888070584100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 101.964525][ T4993] ffff888070584180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 101.972594][ T4993] ==================================================================
[ 101.981249][ T4993] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 101.988493][ T4993] CPU: 1 PID: 4993 Comm: syz-executor196 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0
[ 101.998933][ T4993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 102.009006][ T4993] Call Trace:
[ 102.012301][ T4993]
[ 102.015253][ T4993] dump_stack_lvl+0xd9/0x150
[ 102.019959][ T4993] panic+0x686/0x730
[ 102.023896][ T4993] ? panic_smp_self_stop+0xa0/0xa0
[ 102.029041][ T4993] ? preempt_schedule_thunk+0x1a/0x20
[ 102.034457][ T4993] ? preempt_schedule_common+0x45/0xb0
[ 102.039948][ T4993] check_panic_on_warn+0xb1/0xc0
[ 102.044915][ T4993] end_report+0xe9/0x120
[ 102.049175][ T4993] ? sysv_new_block+0x7d0/0xa90
[ 102.054040][ T4993] kasan_report+0xf9/0x130
[ 102.058475][ T4993] ? sysv_new_block+0x7d0/0xa90
[ 102.063358][ T4993] sysv_new_block+0x7d0/0xa90
[ 102.068053][ T4993] get_block+0x26b/0x1580
[ 102.072413][ T4993] ? free_branches+0x3d0/0x3d0
[ 102.077197][ T4993] ? folio_create_buffers+0x10b/0x160
[ 102.082594][ T4993] ? lock_downgrade+0x690/0x690
[ 102.087489][ T4993] ? folio_flags.constprop.0+0x53/0x150
[ 102.093075][ T4993] ? do_raw_spin_unlock+0x175/0x230
[ 102.098332][ T4993] ? _raw_spin_unlock+0x28/0x40
[ 102.103230][ T4993] __block_write_begin_int+0x3bd/0x14b0
[ 102.108819][ T4993] ? free_branches+0x3d0/0x3d0
[ 102.113610][ T4993] ? invalidate_bh_lrus_cpu+0x140/0x140
[ 102.119190][ T4993] ? folio_flags.constprop.0+0x53/0x150
[ 102.124765][ T4993] ? free_branches+0x3d0/0x3d0
[ 102.129738][ T4993] block_write_begin+0xb9/0x4d0
[ 102.134617][ T4993] sysv_write_begin+0x31/0xd0
[ 102.139333][ T4993] generic_perform_write+0x256/0x570
[ 102.144660][ T4993] ? generic_file_readonly_mmap+0x180/0x180
[ 102.150608][ T4993] ? new_inode+0x280/0x280
[ 102.155061][ T4993] ? generic_write_checks+0x2c0/0x400
[ 102.160472][ T4993] __generic_file_write_iter+0x2ae/0x500
[ 102.166138][ T4993] generic_file_write_iter+0xe3/0x350
[ 102.171530][ T4993] vfs_write+0x945/0xd50
[ 102.175792][ T4993] ? kernel_write+0x670/0x670
[ 102.180492][ T4993] ? __fget_light+0x20a/0x270
[ 102.185188][ T4993] ksys_write+0x12b/0x250
[ 102.189714][ T4993] ? __ia32_sys_read+0xb0/0xb0
[ 102.194508][ T4993] ? syscall_enter_from_user_mode+0x26/0x80
[ 102.200519][ T4993] do_syscall_64+0x39/0xb0
[ 102.204954][ T4993] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 102.210971][ T4993] RIP: 0033:0x7ff54b7852b9
[ 102.215410][ T4993] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 102.235213][ T4993] RSP: 002b:00007fff45f40618 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 102.243647][ T4993] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007ff54b7852b9
[ 102.251634][ T4993] RDX: 00000000fffffe45 RSI: 00000000200000c0 RDI: 0000000000000004
[ 102.259622][ T4993] RBP: 0000000000000000 R08: 00007ff54b7fcec0 R09: 00007ff54b7fcec0
[ 102.267694][ T4993] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff45f40640
[ 102.275679][ T4993] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000
[ 102.283690][ T4993]
[ 102.286946][ T4993] Kernel Offset: disabled
[ 102.291282][ T4993] Rebooting in 86400 seconds..