Warning: Permanently added '10.128.1.212' (ED25519) to the list of known hosts. executing program [ 20.679202][ T24] audit: type=1400 audit(1721600065.730:66): avc: denied { execmem } for pid=279 comm="syz-executor276" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 20.687426][ T24] audit: type=1400 audit(1721600065.740:67): avc: denied { read write } for pid=279 comm="syz-executor276" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.693067][ T24] audit: type=1400 audit(1721600065.740:68): avc: denied { open } for pid=279 comm="syz-executor276" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.699006][ T24] audit: type=1400 audit(1721600065.740:69): avc: denied { ioctl } for pid=279 comm="syz-executor276" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 20.740408][ T281] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 20.741173][ T24] audit: type=1400 audit(1721600065.800:70): avc: denied { mounton } for pid=281 comm="syz-executor276" path="/root/syzkaller.Kx4BBf/0/file0" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 20.747520][ T281] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 20.780246][ T281] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b016c118, mo2=0002] [ 20.788179][ T281] System zones: 1-12 [ 20.793404][ T281] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2204: inode #15: comm syz-executor276: corrupted in-inode xattr [ 20.805912][ T281] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz-executor276: couldn't read orphan inode 15 (err -117) [ 20.818158][ T281] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,data_err=abort,debug,noload,mblk_io_submit,commit=0x0000000000000005,init_itable=0x0000000000000601,grpquota,,errors=continue [ 20.837834][ T24] audit: type=1400 audit(1721600065.890:71): avc: denied { mount } for pid=281 comm="syz-executor276" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 20.859533][ T24] audit: type=1400 audit(1721600065.890:72): avc: denied { write } for pid=281 comm="syz-executor276" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 20.881241][ T24] audit: type=1400 audit(1721600065.890:73): avc: denied { add_name } for pid=281 comm="syz-executor276" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 20.881882][ T279] ================================================================== [ 20.901934][ T24] audit: type=1400 audit(1721600065.890:74): avc: denied { create } for pid=281 comm="syz-executor276" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 20.909623][ T279] BUG: KASAN: slab-out-of-bounds in ext4_htree_fill_tree+0x1316/0x13e0 [ 20.909641][ T279] Read of size 1 at addr ffff88811e6eea67 by task syz-executor276/279 [ 20.930118][ T24] audit: type=1400 audit(1721600065.890:75): avc: denied { write open } for pid=281 comm="syz-executor276" path="/root/syzkaller.Kx4BBf/0/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 20.937895][ T279] [ 20.972785][ T279] CPU: 0 PID: 279 Comm: syz-executor276 Not tainted 5.10.221-syzkaller-01371-g1240968f7644 #0 [ 20.982871][ T279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 20.992748][ T279] Call Trace: [ 20.995992][ T279] dump_stack_lvl+0x1e2/0x24b [ 21.000490][ T279] ? bfq_pos_tree_add_move+0x43b/0x43b [ 21.005786][ T279] ? panic+0x812/0x812 [ 21.009694][ T279] print_address_description+0x81/0x3b0 [ 21.015073][ T279] ? ext4_htree_store_dirent+0x19c/0x590 [ 21.020539][ T279] kasan_report+0x179/0x1c0 [ 21.024880][ T279] ? ext4_htree_fill_tree+0x1316/0x13e0 [ 21.030264][ T279] ? ext4_htree_fill_tree+0x1316/0x13e0 [ 21.035642][ T279] __asan_report_load1_noabort+0x14/0x20 [ 21.041108][ T279] ext4_htree_fill_tree+0x1316/0x13e0 [ 21.046319][ T279] ? ext4_handle_dirty_dirblock+0x6e0/0x6e0 [ 21.052047][ T279] ? __kasan_kmalloc+0x9/0x10 [ 21.056558][ T279] ? ext4_readdir+0x4df/0x37c0 [ 21.061156][ T279] ext4_readdir+0x2dde/0x37c0 [ 21.065674][ T279] ? handle_pte_fault+0x1472/0x3e30 [ 21.070715][ T279] ? ext4_dir_llseek+0x4c0/0x4c0 [ 21.075487][ T279] ? __kasan_check_write+0x14/0x20 [ 21.080432][ T279] ? down_read_killable+0x101/0x220 [ 21.085466][ T279] ? down_read_interruptible+0x220/0x220 [ 21.090935][ T279] ? security_file_permission+0x86/0xb0 [ 21.096309][ T279] iterate_dir+0x265/0x580 [ 21.100558][ T279] ? ext4_dir_llseek+0x4c0/0x4c0 [ 21.105335][ T279] __se_sys_getdents64+0x1c1/0x460 [ 21.110284][ T279] ? __x64_sys_getdents64+0x90/0x90 [ 21.115315][ T279] ? filldir+0x680/0x680 [ 21.119408][ T279] ? debug_smp_processor_id+0x17/0x20 [ 21.124604][ T279] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 21.130593][ T279] ? irqentry_exit_to_user_mode+0x41/0x80 [ 21.136147][ T279] __x64_sys_getdents64+0x7b/0x90 [ 21.141024][ T279] do_syscall_64+0x34/0x70 [ 21.145273][ T279] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 21.150992][ T279] RIP: 0033:0x7f21159190f3 [ 21.155245][ T279] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 42 49 fb ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 [ 21.174775][ T279] RSP: 002b:00007ffc549d7a48 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 21.183105][ T279] RAX: ffffffffffffffda RBX: 0000555555a00830 RCX: 00007f21159190f3 [ 21.191069][ T279] RDX: 0000000000008000 RSI: 0000555555a00830 RDI: 0000000000000004 [ 21.198869][ T279] RBP: 0000555555a00804 R08: 0000000000000000 R09: 0000000000000000 [ 21.206755][ T279] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffb8 [ 21.214599][ T279] R13: 0000000000000010 R14: 0000555555a00800 R15: 00007ffc549d9cc0 [ 21.222378][ T279] [ 21.224544][ T279] Allocated by task 244: [ 21.228632][ T279] __kasan_slab_alloc+0xb1/0xe0 [ 21.233414][ T279] slab_post_alloc_hook+0x61/0x2f0 [ 21.238437][ T279] kmem_cache_alloc+0x168/0x2e0 [ 21.243218][ T279] vm_area_dup+0x26/0x270 [ 21.247372][ T279] copy_mm+0x8ac/0x13a0 [ 21.251389][ T279] copy_process+0x1175/0x3340 [ 21.255983][ T279] kernel_clone+0x21e/0x9e0 [ 21.260321][ T279] __x64_sys_clone+0x23f/0x290 [ 21.265102][ T279] do_syscall_64+0x34/0x70 [ 21.269365][ T279] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 21.275068][ T279] [ 21.277240][ T279] Freed by task 255: [ 21.281069][ T279] kasan_set_track+0x4b/0x70 [ 21.285514][ T279] kasan_set_free_info+0x23/0x40 [ 21.290438][ T279] ____kasan_slab_free+0x121/0x160 [ 21.295383][ T279] __kasan_slab_free+0x11/0x20 [ 21.300006][ T279] slab_free_freelist_hook+0xc0/0x190 [ 21.305291][ T279] kmem_cache_free+0xa9/0x1e0 [ 21.310004][ T279] vm_area_free+0x52/0xf0 [ 21.314164][ T279] exit_mmap+0x494/0x5c0 [ 21.318268][ T279] __mmput+0x95/0x2d0 [ 21.322058][ T279] mmput+0x59/0x170 [ 21.325706][ T279] begin_new_exec+0xc70/0x2380 [ 21.330305][ T279] load_elf_binary+0x945/0x2750 [ 21.334988][ T279] bprm_execve+0x81b/0x1600 [ 21.339330][ T279] do_execveat_common+0x959/0xac0 [ 21.344285][ T279] __x64_sys_execve+0x92/0xb0 [ 21.348904][ T279] do_syscall_64+0x34/0x70 [ 21.353135][ T279] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 21.359067][ T279] [ 21.361268][ T279] The buggy address belongs to the object at ffff88811e6ee940 [ 21.361268][ T279] which belongs to the cache vm_area_struct of size 232 [ 21.375484][ T279] The buggy address is located 63 bytes to the right of [ 21.375484][ T279] 232-byte region [ffff88811e6ee940, ffff88811e6eea28) [ 21.389010][ T279] The buggy address belongs to the page: [ 21.394606][ T279] page:ffffea000479bb80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11e6ee [ 21.404657][ T279] flags: 0x4000000000000200(slab) [ 21.409521][ T279] raw: 4000000000000200 dead000000000100 dead000000000122 ffff888100190480 [ 21.417942][ T279] raw: 0000000000000000 00000000000d000d 00000001ffffffff 0000000000000000 [ 21.426351][ T279] page dumped because: kasan: bad access detected [ 21.432608][ T279] page_owner tracks the page as allocated [ 21.438166][ T279] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 244, ts 15911124041, free_ts 0 [ 21.453098][ T279] prep_new_page+0x166/0x180 [ 21.457513][ T279] get_page_from_freelist+0x2d8c/0x2f30 [ 21.462917][ T279] __alloc_pages_nodemask+0x435/0xaf0 [ 21.468102][ T279] new_slab+0x80/0x400 [ 21.472008][ T279] ___slab_alloc+0x302/0x4b0 [ 21.476432][ T279] __slab_alloc+0x63/0xa0 [ 21.480601][ T279] kmem_cache_alloc+0x1b9/0x2e0 [ 21.485287][ T279] vm_area_dup+0x26/0x270 [ 21.489453][ T279] copy_mm+0x8ac/0x13a0 [ 21.493442][ T279] copy_process+0x1175/0x3340 [ 21.497967][ T279] kernel_clone+0x21e/0x9e0 [ 21.502771][ T279] __x64_sys_clone+0x23f/0x290 [ 21.507364][ T279] do_syscall_64+0x34/0x70 [ 21.511621][ T279] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 21.517342][ T279] page_owner free stack trace missing [ 21.522548][ T279] [ 21.524716][ T279] Memory state around the buggy address: [ 21.530189][ T279] ffff88811e6ee900: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 21.538086][ T279] ffff88811e6ee980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.545988][ T279] >ffff88811e6eea00: fb fb fb fb fb fc fc fc fc fc fc fc fc fa fb fb [ 21.553952][ T279] ^ [ 21.560915][ T279] ffff88811e6eea80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.568813][ T279] ffff88811e6eeb00: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 21.576707][ T279] ================================================================== [ 21.584607][ T279] Disabling lock debugging due to kernel taint