Warning: Permanently added '10.128.0.203' (ED25519) to the list of known hosts. [ 149.132876][ T27] audit: type=1400 audit(1703763818.045:83): avc: denied { execmem } for pid=5071 comm="syz-executor243" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 149.152957][ T27] audit: type=1400 audit(1703763818.055:84): avc: denied { read write } for pid=5071 comm="syz-executor243" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 executing program [ 149.177971][ T27] audit: type=1400 audit(1703763818.065:85): avc: denied { open } for pid=5071 comm="syz-executor243" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 149.222927][ T5072] loop0: detected capacity change from 0 to 2048 [ 149.227512][ T27] audit: type=1400 audit(1703763818.065:86): avc: denied { ioctl } for pid=5071 comm="syz-executor243" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 149.238481][ T5072] ======================================================= [ 149.238481][ T5072] WARNING: The mand mount option has been deprecated and [ 149.238481][ T5072] and is ignored by this kernel. Remove the mand [ 149.238481][ T5072] option from the mount to silence this warning. [ 149.238481][ T5072] ======================================================= [ 149.257537][ T27] audit: type=1400 audit(1703763818.125:87): avc: denied { append } for pid=4494 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 149.313620][ T27] audit: type=1400 audit(1703763818.125:88): avc: denied { open } for pid=4494 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 149.336523][ T27] audit: type=1400 audit(1703763818.125:89): avc: denied { getattr } for pid=4494 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 149.360959][ T27] audit: type=1400 audit(1703763818.145:90): avc: denied { mounton } for pid=5072 comm="syz-executor243" path="/root/syzkaller.hpbPQh/0/bus" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 149.408995][ T27] audit: type=1400 audit(1703763818.275:91): avc: denied { mount } for pid=5072 comm="syz-executor243" name="/" dev="loop0" ino=1376 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1 [ 149.432876][ T27] audit: type=1400 audit(1703763818.275:92): avc: denied { mounton } for pid=5072 comm="syz-executor243" path="/root/syzkaller.hpbPQh/0/bus/bus" dev="loop0" ino=1367 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=file permissive=1 executing program [ 149.822952][ T5074] loop0: detected capacity change from 0 to 2048 executing program [ 150.242390][ T5075] loop0: detected capacity change from 0 to 2048 executing program [ 150.671790][ T5076] loop0: detected capacity change from 0 to 2048 executing program [ 151.088246][ T5077] loop0: detected capacity change from 0 to 2048 executing program [ 151.513275][ T5078] loop0: detected capacity change from 0 to 2048 executing program [ 151.928992][ T5079] loop0: detected capacity change from 0 to 2048 [ 152.216217][ T5071] ================================================================== [ 152.224341][ T5071] BUG: KASAN: slab-out-of-bounds in crc_itu_t+0xd7/0xe0 [ 152.231446][ T5071] Read of size 1 at addr ffff888021f6b080 by task syz-executor243/5071 [ 152.239730][ T5071] [ 152.242085][ T5071] CPU: 1 PID: 5071 Comm: syz-executor243 Not tainted 6.7.0-rc7-syzkaller-00016-gf5837722ffec #0 [ 152.252538][ T5071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 152.262628][ T5071] Call Trace: [ 152.265915][ T5071] [ 152.268870][ T5071] dump_stack_lvl+0xd9/0x1b0 [ 152.273481][ T5071] print_report+0xc4/0x620 [ 152.277911][ T5071] ? __virt_addr_valid+0x5e/0x2d0 [ 152.282955][ T5071] ? __phys_addr+0xc6/0x140 [ 152.287477][ T5071] kasan_report+0xda/0x110 [ 152.291906][ T5071] ? crc_itu_t+0xd7/0xe0 [ 152.296168][ T5071] ? crc_itu_t+0xd7/0xe0 [ 152.300450][ T5071] crc_itu_t+0xd7/0xe0 [ 152.304557][ T5071] udf_finalize_lvid+0xf2/0x1f0 [ 152.309444][ T5071] ? udf_mount+0x40/0x40 [ 152.313708][ T5071] udf_sync_fs+0xea/0x150 [ 152.318079][ T5071] ? udf_finalize_lvid+0x1f0/0x1f0 [ 152.323212][ T5071] sync_filesystem+0x109/0x280 [ 152.328005][ T5071] generic_shutdown_super+0x7e/0x3d0 [ 152.333313][ T5071] kill_block_super+0x3b/0x90 [ 152.338011][ T5071] deactivate_locked_super+0xbc/0x1a0 [ 152.343406][ T5071] deactivate_super+0xde/0x100 [ 152.348216][ T5071] cleanup_mnt+0x222/0x450 [ 152.352655][ T5071] task_work_run+0x14d/0x240 [ 152.357359][ T5071] ? task_work_cancel+0x30/0x30 [ 152.362233][ T5071] ? __x64_sys_umount+0x128/0x1a0 [ 152.367296][ T5071] exit_to_user_mode_prepare+0x217/0x240 [ 152.372951][ T5071] syscall_exit_to_user_mode+0x1e/0x60 [ 152.378453][ T5071] do_syscall_64+0x4d/0x110 [ 152.383031][ T5071] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 152.388977][ T5071] RIP: 0033:0x7f5e46fd9647 [ 152.393424][ T5071] Code: 09 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 152.413137][ T5071] RSP: 002b:00007ffe42f91e68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 152.421568][ T5071] RAX: 0000000000000000 RBX: 0000000000025117 RCX: 00007f5e46fd9647 [ 152.429598][ T5071] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffe42f91f20 [ 152.437616][ T5071] RBP: 00007ffe42f91f20 R08: 0000000000000000 R09: 0000000000000000 [ 152.445602][ T5071] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffe42f92f90 [ 152.453691][ T5071] R13: 00005555571216c0 R14: 431bde82d7b634db R15: 00007ffe42f92fb0 [ 152.461681][ T5071] [ 152.464705][ T5071] [ 152.467030][ T5071] Allocated by task 4513: [ 152.471370][ T5071] kasan_save_stack+0x33/0x50 [ 152.476060][ T5071] kasan_set_track+0x25/0x30 [ 152.480664][ T5071] __kasan_slab_alloc+0x81/0x90 [ 152.485523][ T5071] kmem_cache_alloc+0x159/0x360 [ 152.490461][ T5071] security_inode_alloc+0x38/0x180 [ 152.495608][ T5071] inode_init_always+0xc2f/0xf50 [ 152.500574][ T5071] alloc_inode+0x7a/0x220 [ 152.504937][ T5071] iget_locked+0x1b3/0x700 [ 152.509433][ T5071] kernfs_get_inode+0x48/0x450 [ 152.514215][ T5071] kernfs_iop_lookup+0x1e9/0x330 [ 152.519202][ T5071] lookup_open.isra.0+0x926/0x13b0 [ 152.524343][ T5071] path_openat+0x922/0x2c50 [ 152.528874][ T5071] do_filp_open+0x1de/0x430 [ 152.533440][ T5071] do_sys_openat2+0x176/0x1e0 [ 152.538168][ T5071] __x64_sys_openat+0x175/0x210 [ 152.543032][ T5071] do_syscall_64+0x40/0x110 [ 152.547554][ T5071] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 152.553665][ T5071] [ 152.556002][ T5071] The buggy address belongs to the object at ffff888021f6b000 [ 152.556002][ T5071] which belongs to the cache lsm_inode_cache of size 128 [ 152.570436][ T5071] The buggy address is located 0 bytes to the right of [ 152.570436][ T5071] allocated 128-byte region [ffff888021f6b000, ffff888021f6b080) [ 152.584950][ T5071] [ 152.587300][ T5071] The buggy address belongs to the physical page: [ 152.593706][ T5071] page:ffffea000087dac0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21f6b [ 152.603865][ T5071] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff) [ 152.611413][ T5071] page_type: 0x15() [ 152.615230][ T5071] raw: 00fff00000000800 ffff888140051a00 ffffea0000958190 ffffea00009829d0 [ 152.623840][ T5071] raw: 0000000000000000 ffff888021f6b000 0000000100000015 0000000000000000 [ 152.632438][ T5071] page dumped because: kasan: bad access detected [ 152.638852][ T5071] page_owner tracks the page as allocated [ 152.644586][ T5071] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x242040(__GFP_IO|__GFP_NOWARN|__GFP_COMP|__GFP_THISNODE), pid 4513, tgid 4513 (udevadm), ts 43633194969, free_ts 43531418633 [ 152.663530][ T5071] post_alloc_hook+0x2d0/0x350 [ 152.668320][ T5071] get_page_from_freelist+0xa25/0x36d0 [ 152.674070][ T5071] __alloc_pages+0x22e/0x2420 [ 152.678849][ T5071] cache_grow_begin+0x99/0x3a0 [ 152.683644][ T5071] cache_alloc_refill+0x295/0x3b0 [ 152.688701][ T5071] kmem_cache_alloc+0x307/0x360 [ 152.693594][ T5071] security_inode_alloc+0x38/0x180 [ 152.698728][ T5071] inode_init_always+0xc2f/0xf50 [ 152.703690][ T5071] alloc_inode+0x7a/0x220 [ 152.708043][ T5071] iget_locked+0x1b3/0x700 [ 152.712484][ T5071] kernfs_get_inode+0x48/0x450 [ 152.717276][ T5071] kernfs_iop_lookup+0x1e9/0x330 [ 152.722246][ T5071] lookup_open.isra.0+0x926/0x13b0 [ 152.727377][ T5071] path_openat+0x922/0x2c50 [ 152.731903][ T5071] do_filp_open+0x1de/0x430 [ 152.736428][ T5071] do_sys_openat2+0x176/0x1e0 [ 152.741116][ T5071] page last free stack trace: [ 152.745785][ T5071] free_unref_page_prepare+0x4fa/0xaa0 [ 152.751289][ T5071] free_unref_page+0x33/0x3b0 [ 152.755984][ T5071] slabs_destroy+0x85/0xc0 [ 152.760419][ T5071] ___cache_free+0x2b7/0x420 [ 152.765029][ T5071] qlist_free_all+0x4c/0x1b0 [ 152.769665][ T5071] kasan_quarantine_reduce+0x18e/0x1d0 [ 152.775168][ T5071] __kasan_slab_alloc+0x65/0x90 [ 152.780162][ T5071] __kmem_cache_alloc_node+0x163/0x460 [ 152.785649][ T5071] kmalloc_trace+0x25/0x60 [ 152.790076][ T5071] inode_doinit_use_xattr+0x54/0x410 [ 152.795375][ T5071] inode_doinit_with_dentry+0x10c2/0x12c0 [ 152.801120][ T5071] selinux_d_instantiate+0x26/0x30 [ 152.806277][ T5071] security_d_instantiate+0x54/0xe0 [ 152.811573][ T5071] d_splice_alias+0x94/0xdf0 [ 152.816185][ T5071] kernfs_iop_lookup+0x283/0x330 [ 152.821221][ T5071] lookup_open.isra.0+0x926/0x13b0 [ 152.826354][ T5071] [ 152.828697][ T5071] Memory state around the buggy address: [ 152.834412][ T5071] ffff888021f6af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 152.842584][ T5071] ffff888021f6b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 152.850650][ T5071] >ffff888021f6b080: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 152.858714][ T5071] ^ [ 152.862782][ T5071] ffff888021f6b100: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 152.870935][ T5071] ffff888021f6b180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 152.879000][ T5071] ================================================================== [ 152.890885][ T5071] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 152.898111][ T5071] CPU: 0 PID: 5071 Comm: syz-executor243 Not tainted 6.7.0-rc7-syzkaller-00016-gf5837722ffec #0 [ 152.908561][ T5071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 152.918647][ T5071] Call Trace: [ 152.921936][ T5071] [ 152.924874][ T5071] dump_stack_lvl+0xd9/0x1b0 [ 152.929500][ T5071] panic+0x6dc/0x790 [ 152.933429][ T5071] ? panic_smp_self_stop+0xa0/0xa0 [ 152.938558][ T5071] ? irqentry_exit+0x3b/0x80 [ 152.943175][ T5071] ? lockdep_hardirqs_on+0x7d/0x110 [ 152.948398][ T5071] ? preempt_schedule_thunk+0x1a/0x30 [ 152.953813][ T5071] ? preempt_schedule_common+0x45/0xc0 [ 152.959316][ T5071] ? check_panic_on_warn+0x1f/0xb0 [ 152.964456][ T5071] check_panic_on_warn+0xab/0xb0 [ 152.969412][ T5071] end_report+0x108/0x150 [ 152.973751][ T5071] kasan_report+0xea/0x110 [ 152.978197][ T5071] ? crc_itu_t+0xd7/0xe0 [ 152.982481][ T5071] ? crc_itu_t+0xd7/0xe0 [ 152.986749][ T5071] crc_itu_t+0xd7/0xe0 [ 152.990840][ T5071] udf_finalize_lvid+0xf2/0x1f0 [ 152.995795][ T5071] ? udf_mount+0x40/0x40 [ 153.000053][ T5071] udf_sync_fs+0xea/0x150 [ 153.004409][ T5071] ? udf_finalize_lvid+0x1f0/0x1f0 [ 153.009623][ T5071] sync_filesystem+0x109/0x280 [ 153.014432][ T5071] generic_shutdown_super+0x7e/0x3d0 [ 153.019739][ T5071] kill_block_super+0x3b/0x90 [ 153.024487][ T5071] deactivate_locked_super+0xbc/0x1a0 [ 153.029890][ T5071] deactivate_super+0xde/0x100 [ 153.034774][ T5071] cleanup_mnt+0x222/0x450 [ 153.039218][ T5071] task_work_run+0x14d/0x240 [ 153.043890][ T5071] ? task_work_cancel+0x30/0x30 [ 153.048800][ T5071] ? __x64_sys_umount+0x128/0x1a0 [ 153.053861][ T5071] exit_to_user_mode_prepare+0x217/0x240 [ 153.059522][ T5071] syscall_exit_to_user_mode+0x1e/0x60 [ 153.065019][ T5071] do_syscall_64+0x4d/0x110 [ 153.069665][ T5071] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 153.075596][ T5071] RIP: 0033:0x7f5e46fd9647 [ 153.080024][ T5071] Code: 09 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 [ 153.099663][ T5071] RSP: 002b:00007ffe42f91e68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 153.108103][ T5071] RAX: 0000000000000000 RBX: 0000000000025117 RCX: 00007f5e46fd9647 [ 153.116296][ T5071] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffe42f91f20 [ 153.124288][ T5071] RBP: 00007ffe42f91f20 R08: 0000000000000000 R09: 0000000000000000 [ 153.132278][ T5071] R10: 00000000ffffffff R11: 0000000000000202 R12: 00007ffe42f92f90 [ 153.140265][ T5071] R13: 00005555571216c0 R14: 431bde82d7b634db R15: 00007ffe42f92fb0 [ 153.148256][ T5071] [ 153.151678][ T5071] Kernel Offset: disabled [ 153.156014][ T5071] Rebooting in 86400 seconds..