Warning: Permanently added '10.128.1.8' (ED25519) to the list of known hosts. 2025/04/27 05:41:25 ignoring optional flag "sandboxArg"="0" 2025/04/27 05:41:26 parsed 1 programs [ 52.019952][ T24] kauditd_printk_skb: 31 callbacks suppressed [ 52.019970][ T24] audit: type=1400 audit(1745732487.490:107): avc: denied { unlink } for pid=446 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 52.059539][ T446] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.563504][ T460] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.570660][ T460] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.578280][ T460] device bridge_slave_0 entered promiscuous mode [ 52.593289][ T460] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.610036][ T460] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.627565][ T460] device bridge_slave_1 entered promiscuous mode [ 52.663696][ T460] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.670573][ T460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.677836][ T460] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.684655][ T460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.703489][ T360] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.710654][ T360] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.717803][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.725243][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.734663][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.742787][ T360] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.749707][ T360] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.758946][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.766999][ T360] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.774009][ T360] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.786113][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.795099][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.808981][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 52.820343][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 52.828213][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 52.835731][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 52.844158][ T460] device veth0_vlan entered promiscuous mode [ 52.854599][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 52.863658][ T460] device veth1_macvtap entered promiscuous mode [ 52.872731][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 52.882490][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 52.916895][ T24] audit: type=1400 audit(1745732488.390:108): avc: denied { create } for pid=467 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 53.062706][ T24] audit: type=1401 audit(1745732488.540:109): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" 2025/04/27 05:41:29 executed programs: 0 [ 53.640984][ T7] device bridge_slave_1 left promiscuous mode [ 53.647305][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.655436][ T7] device bridge_slave_0 left promiscuous mode [ 53.662256][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.671402][ T7] device veth1_macvtap left promiscuous mode [ 53.677406][ T7] device veth0_vlan left promiscuous mode [ 53.825323][ T508] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.832250][ T508] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.839457][ T508] device bridge_slave_0 entered promiscuous mode [ 53.846643][ T508] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.853735][ T508] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.861435][ T508] device bridge_slave_1 entered promiscuous mode [ 53.897696][ T508] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.904787][ T508] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.911990][ T508] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.918725][ T508] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.936546][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.943912][ T360] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.951254][ T360] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.959838][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.968361][ T360] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.975370][ T360] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.983880][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.992175][ T360] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.999016][ T360] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.010809][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.019866][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.033346][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 54.046987][ T508] device veth0_vlan entered promiscuous mode [ 54.053320][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 54.061223][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 54.068394][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 54.080745][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 54.090420][ T508] device veth1_macvtap entered promiscuous mode [ 54.100668][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 54.113448][ T360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 54.174152][ T513] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 54.187190][ T513] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 54.198482][ T513] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2806: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 54.211782][ T513] EXT4-fs (loop2): 1 truncate cleaned up [ 54.217413][ T513] EXT4-fs (loop2): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,nobarrier,nodiscard,quota,,errors=continue [ 54.236112][ T24] audit: type=1400 audit(1745732489.710:110): avc: denied { mount } for pid=512 comm="syz.2.16" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 54.240557][ T513] ================================================================== [ 54.263725][ T24] audit: type=1400 audit(1745732489.710:111): avc: denied { write } for pid=512 comm="syz.2.16" name="file2" dev="loop2" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 54.265110][ T513] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x1339/0x36c0 [ 54.287554][ T24] audit: type=1400 audit(1745732489.710:112): avc: denied { open } for pid=512 comm="syz.2.16" name="file2" dev="loop2" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 54.294333][ T513] Read of size 18446744073709551540 at addr ffff888118308070 by task syz.2.16/513 [ 54.294336][ T513] [ 54.294357][ T513] CPU: 1 PID: 513 Comm: syz.2.16 Not tainted 5.10.236-syzkaller-1007360-gba8b8b193394 #0 [ 54.294372][ T513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 54.316515][ T24] audit: type=1400 audit(1745732489.710:113): avc: denied { setattr } for pid=512 comm="syz.2.16" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 54.325012][ T513] Call Trace: [ 54.325032][ T513] __dump_stack+0x21/0x24 [ 54.325044][ T513] dump_stack_lvl+0x169/0x1d8 [ 54.325056][ T513] ? show_regs_print_info+0x18/0x18 [ 54.325068][ T513] ? thaw_kernel_threads+0x220/0x220 [ 54.325087][ T513] print_address_description+0x7f/0x2c0 [ 54.396675][ T513] ? ext4_xattr_set_entry+0x1339/0x36c0 [ 54.402045][ T513] kasan_report+0xe2/0x130 [ 54.406296][ T513] ? ext4_xattr_set_entry+0x1339/0x36c0 [ 54.411676][ T513] ? ext4_xattr_set_entry+0x1339/0x36c0 [ 54.417057][ T513] kasan_check_range+0x280/0x290 [ 54.421834][ T513] memmove+0x2d/0x70 [ 54.425569][ T513] ext4_xattr_set_entry+0x1339/0x36c0 [ 54.430776][ T513] ? fscrypt_drop_inode+0xad/0x110 [ 54.435721][ T513] ? ext4_xattr_ibody_set+0x360/0x360 [ 54.440948][ T513] ? slab_post_alloc_hook+0x7d/0x2f0 [ 54.446055][ T513] ? ext4_xattr_block_set+0x847/0x2a50 [ 54.451359][ T513] ? ext4_xattr_block_set+0x847/0x2a50 [ 54.456637][ T513] ? __kmalloc_track_caller+0x181/0x320 [ 54.462018][ T513] ? memcpy+0x56/0x70 [ 54.465844][ T513] ext4_xattr_block_set+0x92f/0x2a50 [ 54.470967][ T513] ? __kasan_check_read+0x11/0x20 [ 54.475828][ T513] ? __ext4_xattr_check_block+0x265/0x8e0 [ 54.481374][ T513] ? ext4_xattr_block_find+0x4f0/0x4f0 [ 54.486757][ T513] ? __kasan_check_write+0x14/0x20 [ 54.491701][ T513] ext4_xattr_set_handle+0xba5/0x12a0 [ 54.497001][ T513] ? ext4_xattr_set_entry+0x36c0/0x36c0 [ 54.502558][ T513] ? __kasan_check_read+0x11/0x20 [ 54.507425][ T513] ? __ext4_journal_start_sb+0x2e2/0x490 [ 54.512965][ T513] ext4_xattr_set+0x1ec/0x320 [ 54.517485][ T513] ? ext4_xattr_set_credits+0x290/0x290 [ 54.522884][ T513] ext4_xattr_trusted_set+0x3b/0x50 [ 54.527905][ T513] ? ext4_xattr_trusted_get+0x40/0x40 [ 54.533108][ T513] __vfs_setxattr+0x42a/0x480 [ 54.537629][ T513] __vfs_setxattr_noperm+0x11e/0x4e0 [ 54.542755][ T513] __vfs_setxattr_locked+0x203/0x220 [ 54.548031][ T513] vfs_setxattr+0x8d/0x1c0 [ 54.552295][ T513] setxattr+0x1a9/0x370 [ 54.556278][ T513] ? path_setxattr+0x210/0x210 [ 54.560889][ T513] ? __mnt_want_write+0x1e6/0x260 [ 54.565749][ T513] ? mnt_want_write+0x19d/0x270 [ 54.570432][ T513] path_setxattr+0x110/0x210 [ 54.574862][ T513] ? simple_xattr_list_add+0x120/0x120 [ 54.580151][ T513] ? fpu__clear_all+0x20/0x20 [ 54.584661][ T513] __x64_sys_lsetxattr+0xc2/0xe0 [ 54.589520][ T513] do_syscall_64+0x31/0x40 [ 54.593940][ T513] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.599785][ T513] RIP: 0033:0x7f513899c169 [ 54.604022][ T513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 54.623512][ T513] RSP: 002b:00007f513840e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 54.631838][ T513] RAX: ffffffffffffffda RBX: 00007f5138bb4fa0 RCX: 00007f513899c169 [ 54.639744][ T513] RDX: 0000200000000040 RSI: 00002000000000c0 RDI: 0000200000000100 [ 54.647649][ T513] RBP: 00007f5138a1d990 R08: 0000000000000000 R09: 0000000000000000 [ 54.655459][ T513] R10: 000000000000fe37 R11: 0000000000000246 R12: 0000000000000000 [ 54.663709][ T513] R13: 0000000000000000 R14: 00007f5138bb4fa0 R15: 00007ffdd91a0658 [ 54.671780][ T513] [ 54.673948][ T513] Allocated by task 0: [ 54.677850][ T513] (stack is not available) [ 54.682102][ T513] [ 54.684281][ T513] The buggy address belongs to the object at ffff888118308000 [ 54.684281][ T513] which belongs to the cache kmalloc-1k of size 1024 [ 54.698263][ T513] The buggy address is located 112 bytes inside of [ 54.698263][ T513] 1024-byte region [ffff888118308000, ffff888118308400) [ 54.711526][ T513] The buggy address belongs to the page: [ 54.717021][ T513] page:ffffea000460c200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118308 [ 54.727158][ T513] head:ffffea000460c200 order:3 compound_mapcount:0 compound_pincount:0 [ 54.735328][ T513] flags: 0x4000000000010200(slab|head) [ 54.740703][ T513] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100042f00 [ 54.749125][ T513] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 54.757530][ T513] page dumped because: kasan: bad access detected [ 54.763781][ T513] page_owner tracks the page as allocated [ 54.769347][ T513] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 439, ts 54132152545, free_ts 54121575094 [ 54.789078][ T513] prep_new_page+0x179/0x180 [ 54.793471][ T513] get_page_from_freelist+0x2235/0x23d0 [ 54.798863][ T513] __alloc_pages_nodemask+0x268/0x5f0 [ 54.804070][ T513] new_slab+0x84/0x3f0 [ 54.807963][ T513] ___slab_alloc+0x2a6/0x450 [ 54.812388][ T513] __slab_alloc+0x63/0xa0 [ 54.816555][ T513] __kmalloc_track_caller+0x1ef/0x320 [ 54.821922][ T513] __alloc_skb+0xdc/0x520 [ 54.826038][ T513] __tcp_send_ack+0x9b/0x650 [ 54.830473][ T513] tcp_send_ack+0x3b/0x60 [ 54.834628][ T513] __tcp_ack_snd_check+0x3fd/0x8f0 [ 54.839575][ T513] tcp_rcv_established+0x1178/0x1980 [ 54.844727][ T513] tcp_v4_do_rcv+0x4c1/0x7c0 [ 54.849122][ T513] tcp_v4_rcv+0x2157/0x26b0 [ 54.853468][ T513] ip_protocol_deliver_rcu+0x2f0/0x640 [ 54.858862][ T513] ip_local_deliver+0x2de/0x530 [ 54.863762][ T513] page last free stack trace: [ 54.868355][ T513] __free_pages_ok+0x7fc/0x820 [ 54.872955][ T513] __free_pages+0xdd/0x380 [ 54.877213][ T513] __free_slab+0xcf/0x190 [ 54.881383][ T513] discard_slab+0x29/0x40 [ 54.885631][ T513] __slab_free+0x313/0x3a0 [ 54.889969][ T513] ___cache_free+0x111/0x130 [ 54.894392][ T513] qlink_free+0x50/0x90 [ 54.898383][ T513] qlist_free_all+0x5f/0xb0 [ 54.902725][ T513] kasan_quarantine_reduce+0x14a/0x160 [ 54.908042][ T513] __kasan_slab_alloc+0x2f/0xf0 [ 54.912707][ T513] slab_post_alloc_hook+0x5d/0x2f0 [ 54.917660][ T513] __kmalloc+0x183/0x330 [ 54.921745][ T513] fib6_info_alloc+0x34/0xe0 [ 54.926155][ T513] ip6_route_info_create+0x4d2/0x1490 [ 54.931364][ T513] ip6_route_add+0x27/0x130 [ 54.935825][ T513] addrconf_add_dev+0x329/0x430 [ 54.940504][ T513] [ 54.942712][ T513] Memory state around the buggy address: [ 54.948156][ T513] ffff888118307f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.956047][ T513] ffff888118307f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.963941][ T513] >ffff888118308000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.971839][ T513] ^ [ 54.979400][ T513] ffff888118308080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.987292][ T513] ffff888118308100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 54.995281][ T513] ================================================================== [ 55.003168][ T513] Disabling lock debugging due to kernel taint [ 55.135424][ T518] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 55.146475][ T518] EXT4-fs (loop2): 1 truncate cleaned up [ 55.151971][ T518] EXT4-fs (loop2): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,nobarrier,nodiscard,quota,,errors=continue [ 55.175415][ T454] general protection fault, probably for non-canonical address 0xf5effc1960000009: 0000 [#1] PREEMPT SMP KASAN [ 55.186950][ T454] KASAN: maybe wild-memory-access in range [0xaf8000cb00000048-0xaf8000cb0000004f] [ 55.196070][ T454] CPU: 0 PID: 454 Comm: udevd Tainted: G B 5.10.236-syzkaller-1007360-gba8b8b193394 #0 [ 55.206912][ T454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 55.216809][ T454] RIP: 0010:avc_lookup+0x98/0x2e0 [ 55.221661][ T454] Code: 48 85 db 0f 94 c0 48 83 c3 d8 0f 94 c1 08 c1 74 0a e8 fc 43 4e ff e9 37 01 00 00 45 0f b7 e4 44 89 65 d4 48 89 d8 48 c1 e8 03 <42> 0f b6 04 30 84 c0 0f 85 be 00 00 00 44 8b 2b 44 89 ff 44 89 ee [ 55.241230][ T454] RSP: 0018:ffffc90000bc7578 EFLAGS: 00010a07 [ 55.247119][ T454] RAX: 15f0001960000009 RBX: af8000cb0000004c RCX: ffff8881143c2780 [ 55.254933][ T454] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000042 [ 55.262772][ T454] RBP: ffffc90000bc75b0 R08: dffffc0000000000 R09: ffffc90000bc7600 [ 55.270640][ T454] R10: fffff52000178ec7 R11: 1ffff92000178ec0 R12: 0000000000000008 [ 55.278545][ T454] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000042 [ 55.286735][ T454] FS: 00007f20ce626c80(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 55.295452][ T454] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.301875][ T454] CR2: 00007f5138bb6bac CR3: 0000000112040000 CR4: 00000000003506b0 [ 55.309684][ T454] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 55.317529][ T454] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 55.325508][ T454] Call Trace: [ 55.328695][ T454] avc_has_perm_noaudit+0xf6/0x240 [ 55.333862][ T454] ? avc_denied+0x1b0/0x1b0 [ 55.338192][ T454] selinux_inode_permission+0x37c/0x5e0 [ 55.343668][ T454] ? selinux_inode_follow_link+0x350/0x350 [ 55.349301][ T454] ? set_root+0x3f0/0x3f0 [ 55.353468][ T454] security_inode_permission+0xa0/0x100 [ 55.358846][ T454] inode_permission+0xf1/0x520 [ 55.363451][ T454] link_path_walk+0x1ee/0xb80 [ 55.367963][ T454] ? handle_lookup_down+0x130/0x130 [ 55.372996][ T454] path_lookupat+0x95/0x490 [ 55.377337][ T454] filename_lookup+0x1d5/0x600 [ 55.381937][ T454] ? hashlen_string+0x120/0x120 [ 55.386623][ T454] ? getname_flags+0x206/0x500 [ 55.391229][ T454] user_path_at_empty+0x43/0x50 [ 55.395920][ T454] vfs_statx+0xff/0x520 [ 55.399990][ T454] ? __kasan_check_write+0x14/0x20 [ 55.405207][ T454] ? vfs_fstatat+0x40/0x40 [ 55.409456][ T454] ? _raw_spin_lock+0x8e/0xe0 [ 55.413959][ T454] ? __kasan_check_write+0x14/0x20 [ 55.418901][ T454] __se_sys_newfstatat+0xc6/0x340 [ 55.423761][ T454] ? __x64_sys_newfstatat+0xb0/0xb0 [ 55.428794][ T454] ? __kasan_check_write+0x14/0x20 [ 55.433740][ T454] ? mntput+0x5f/0xc0 [ 55.437566][ T454] ? path_put+0x57/0x60 [ 55.441553][ T454] ? fsnotify_move+0x2a0/0x2a0 [ 55.446150][ T454] __x64_sys_newfstatat+0x9b/0xb0 [ 55.451011][ T454] do_syscall_64+0x31/0x40 [ 55.455264][ T454] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 55.460990][ T454] RIP: 0033:0x7f20ce7515f4 [ 55.465264][ T454] Code: 64 c7 00 09 00 00 00 83 c8 ff c3 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 00 00 00 00 41 89 ca b8 06 01 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 10 48 8b 15 03 a8 0d 00 f7 d8 41 83 c8 [ 55.484720][ T454] RSP: 002b:00007fffbd010ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 [ 55.492928][ T454] RAX: ffffffffffffffda RBX: 000000000000000f RCX: 00007f20ce7515f4 [ 55.500751][ T454] RDX: 00007fffbd010ed8 RSI: 00007fffbd010fa7 RDI: 00000000ffffff9c [ 55.508551][ T454] RBP: 00007fffbd011fe0 R08: 0000000000000000 R09: 00007fffbd011968 [ 55.516622][ T454] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffbd011ff8 [ 55.524827][ T454] R13: 0000000000000000 R14: 0000000000000008 R15: 000056523f5b42c0 [ 55.532637][ T454] Modules linked in: [ 55.536429][ T518] BUG: unable to handle page fault for address: ffff888118bfc000 [ 55.543900][ T518] #PF: supervisor read access in kernel mode [ 55.549711][ T518] #PF: error_code(0x0000) - not-present page [ 55.555526][ T518] PGD 6e01067 P4D 6e01067 PUD 1087e3063 PMD 118b54063 PTE 0 [ 55.562649][ T518] Oops: 0000 [#2] PREEMPT SMP KASAN [ 55.567687][ T518] CPU: 1 PID: 518 Comm: syz.2.17 Tainted: G B D 5.10.236-syzkaller-1007360-gba8b8b193394 #0 [ 55.578791][ T518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 55.588691][ T518] RIP: 0010:__memmove+0x19c/0x1a0 [ 55.593559][ T518] Code: fa 02 72 16 66 44 8b 1e 66 44 8b 54 16 fe 66 44 89 1f 66 44 89 54 17 fe eb 0c 48 83 fa 01 72 06 44 8a 1e 44 88 1f c3 48 89 d1 a4 c3 00 eb 2e 0f 1f 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 [ 55.612997][ T518] RSP: 0018:ffffc90002147380 EFLAGS: 00010282 [ 55.618899][ T518] RAX: ffff8881185fb050 RBX: ffffffffffffffb4 RCX: ffffffffff9ff024 [ 55.626716][ T518] RDX: ffffffffffffffb4 RSI: ffff888118bfc000 RDI: ffff888118bfbfe0 [ 55.634613][ T518] RBP: ffffc900021473b0 R08: ffff8881185fb004 R09: ffffed10230bf680 [ 55.642419][ T518] R10: 0000000000000000 R11: 0000000000000080 R12: 0000000000000000 [ 55.650226][ T518] R13: ffffffff81dd9d29 R14: ffff8881185fb070 R15: ffff8881185fb050 [ 55.658077][ T518] FS: 00007f513840e6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 55.666849][ T518] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.673231][ T518] CR2: ffff888118bfc000 CR3: 000000011ce05000 CR4: 00000000003506a0 [ 55.681043][ T518] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 55.689001][ T518] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 55.696800][ T518] Call Trace: [ 55.699930][ T518] ? memmove+0x56/0x70 [ 55.704114][ T518] ext4_xattr_set_entry+0x1339/0x36c0 [ 55.709321][ T518] ? fscrypt_drop_inode+0xad/0x110 [ 55.714269][ T518] ? ext4_xattr_ibody_set+0x360/0x360 [ 55.719478][ T518] ? slab_post_alloc_hook+0x7d/0x2f0 [ 55.724593][ T518] ? ext4_xattr_block_set+0x847/0x2a50 [ 55.729888][ T518] ? ext4_xattr_block_set+0x847/0x2a50 [ 55.735183][ T518] ? __kmalloc_track_caller+0x181/0x320 [ 55.740560][ T518] ? memcpy+0x56/0x70 [ 55.744384][ T518] ext4_xattr_block_set+0x92f/0x2a50 [ 55.749504][ T518] ? __kasan_check_read+0x11/0x20 [ 55.754450][ T518] ? __ext4_xattr_check_block+0x265/0x8e0 [ 55.760020][ T518] ? ext4_xattr_block_find+0x4f0/0x4f0 [ 55.765302][ T518] ? __kasan_check_write+0x14/0x20 [ 55.770249][ T518] ext4_xattr_set_handle+0xba5/0x12a0 [ 55.775458][ T518] ? ext4_xattr_set_entry+0x36c0/0x36c0 [ 55.780839][ T518] ? __kasan_check_read+0x11/0x20 [ 55.785697][ T518] ? __ext4_journal_start_sb+0x2e2/0x490 [ 55.791164][ T518] ext4_xattr_set+0x1ec/0x320 [ 55.795679][ T518] ? ext4_xattr_set_credits+0x290/0x290 [ 55.801058][ T518] ext4_xattr_trusted_set+0x3b/0x50 [ 55.806091][ T518] ? ext4_xattr_trusted_get+0x40/0x40 [ 55.811301][ T518] __vfs_setxattr+0x42a/0x480 [ 55.815818][ T518] __vfs_setxattr_noperm+0x11e/0x4e0 [ 55.820936][ T518] __vfs_setxattr_locked+0x203/0x220 [ 55.826063][ T518] vfs_setxattr+0x8d/0x1c0 [ 55.830333][ T518] setxattr+0x1a9/0x370 [ 55.834299][ T518] ? path_setxattr+0x210/0x210 [ 55.838903][ T518] ? __mnt_want_write+0x1e6/0x260 [ 55.843808][ T518] ? mnt_want_write+0x19d/0x270 [ 55.848445][ T518] path_setxattr+0x110/0x210 [ 55.852971][ T518] ? simple_xattr_list_add+0x120/0x120 [ 55.858257][ T518] ? fpu__clear_all+0x20/0x20 [ 55.863075][ T518] __x64_sys_lsetxattr+0xc2/0xe0 [ 55.867803][ T518] do_syscall_64+0x31/0x40 [ 55.872159][ T518] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 55.877870][ T518] RIP: 0033:0x7f513899c169 [ 55.882126][ T518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.901665][ T518] RSP: 002b:00007f513840e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 55.909983][ T518] RAX: ffffffffffffffda RBX: 00007f5138bb4fa0 RCX: 00007f513899c169 [ 55.917817][ T518] RDX: 0000200000000040 RSI: 00002000000000c0 RDI: 0000200000000100 [ 55.925614][ T518] RBP: 00007f5138a1d990 R08: 0000000000000000 R09: 0000000000000000 [ 55.933617][ T518] R10: 000000000000fe37 R11: 0000000000000246 R12: 0000000000000000 [ 55.941435][ T518] R13: 0000000000000000 R14: 00007f5138bb4fa0 R15: 00007ffdd91a0658 [ 55.949338][ T518] Modules linked in: [ 55.953063][ T518] CR2: ffff888118bfc000 [ 55.957066][ T518] ---[ end trace bd8f47202bffe43a ]--- [ 55.957117][ C0] kernel tried to execute NX-protected page - exploit attempt? (uid: 0) [ 55.962381][ T518] RIP: 0010:avc_lookup+0x98/0x2e0 [ 55.970607][ C0] BUG: unable to handle page fault for address: ffffffff85092960 [ 55.975554][ T518] Code: 48 85 db 0f 94 c0 48 83 c3 d8 0f 94 c1 08 c1 74 0a e8 fc 43 4e ff e9 37 01 00 00 45 0f b7 e4 44 89 65 d4 48 89 d8 48 c1 e8 03 <42> 0f b6 04 30 84 c0 0f 85 be 00 00 00 44 8b 2b 44 89 ff 44 89 ee [ 55.983221][ C0] #PF: supervisor instruction fetch in kernel mode [ 56.003042][ T518] RSP: 0018:ffffc90000bc7578 EFLAGS: 00010a07 [ 56.009380][ C0] #PF: error_code(0x0011) - permissions violation [ 56.009390][ T518] [ 56.015276][ C0] PGD 6212067 [ 56.021542][ T518] RAX: 15f0001960000009 RBX: af8000cb0000004c RCX: ffff8881143c2780 [ 56.023732][ C0] P4D 6212067 [ 56.026911][ T518] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000042 [ 56.034936][ C0] PUD 6213063 [ 56.038147][ T518] RBP: ffffc90000bc75b0 R08: dffffc0000000000 R09: ffffc90000bc7600 [ 56.045955][ C0] PMD 80000000050001e1 [ 56.049169][ T518] R10: fffff52000178ec7 R11: 1ffff92000178ec0 R12: 0000000000000008 [ 56.057052][ C0] [ 56.057069][ C0] Oops: 0011 [#3] PREEMPT SMP KASAN [ 56.061063][ T518] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000042 [ 56.068891][ C0] CPU: 0 PID: 454 Comm: udevd Tainted: G B D 5.10.236-syzkaller-1007360-gba8b8b193394 #0 [ 56.071048][ T518] FS: 00007f513840e6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 56.076082][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 56.083891][ T518] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.094657][ C0] RIP: 0010:def_blk_fops+0x0/0x160 [ 56.103418][ T518] CR2: ffff888118bfc000 CR3: 000000011ce05000 CR4: 00000000003506a0 [ 56.113327][ C0] Code: 00 00 00 00 00 00 00 00 00 00 66 73 2f 62 6c 6f 63 6b 5f 64 65 76 2e 63 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <00> 00 00 00 00 00 00 00 60 5d b4 81 ff ff ff ff 00 00 00 00 00 00 [ 56.119743][ T518] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.124678][ C0] RSP: 0018:ffffc90000007c58 EFLAGS: 00010246 [ 56.132491][ T518] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.151925][ C0] [ 56.159785][ T518] Kernel panic - not syncing: Fatal exception [ 56.165777][ C0] RAX: ffffffff85092960 RBX: ffff8881143c2bb0 RCX: ffffc90000007be0 [ 56.189738][ C0] RDX: ffff888115b03500 RSI: ffffc90000007be8 RDI: ffff8881186ab200 [ 56.197541][ C0] RBP: ffffc90000007e10 R08: 000000000000000b R09: ffffffff84a00255 [ 56.205353][ C0] R10: 0000000000000001 R11: 00000000df42ba48 R12: 1ffff11022878576 [ 56.213161][ C0] R13: dffffc0000000000 R14: ffff8881143c2780 R15: ffff8881186ab200 [ 56.220977][ C0] FS: 00007f20ce626c80(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 56.229740][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.236165][ C0] CR2: ffffffff85092960 CR3: 0000000112040000 CR4: 00000000003506b0 [ 56.244149][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.251961][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.259853][ C0] Call Trace: [ 56.262992][ C0] [ 56.265688][ C0] ? rcu_do_batch+0x4df/0xa80 [ 56.270198][ C0] ? ttwu_do_activate+0x1e2/0x2b0 [ 56.275053][ C0] ? local_bh_enable+0x20/0x20 [ 56.279737][ C0] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 56.285381][ C0] ? rcu_report_qs_rnp+0x2dc/0x3b0 [ 56.290328][ C0] rcu_core+0x55f/0xd60 [ 56.294338][ C0] ? rcu_cpu_kthread_park+0x90/0x90 [ 56.299447][ C0] ? kvm_sched_clock_read+0x2f/0x40 [ 56.304677][ C0] ? sched_clock+0x3a/0x40 [ 56.308914][ C0] ? sched_clock_cpu+0x1b/0x3d0 [ 56.313603][ C0] rcu_core_si+0x9/0x10 [ 56.317708][ C0] __do_softirq+0x255/0x563 [ 56.322058][ C0] asm_call_irq_on_stack+0xf/0x20 [ 56.326952][ C0] [ 56.329686][ C0] do_softirq_own_stack+0x60/0x80 [ 56.334652][ C0] __irq_exit_rcu+0x128/0x150 [ 56.339178][ C0] irq_exit_rcu+0x9/0x10 [ 56.343256][ C0] sysvec_apic_timer_interrupt+0xbf/0xe0 [ 56.348756][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 56.354543][ C0] RIP: 0010:oops_end+0x5c/0xd0 [ 56.359228][ C0] Code: 7e 02 9f 05 75 1c 48 83 3d 60 8f 05 05 00 0f 84 83 00 00 00 48 c7 c7 c0 dd c5 86 e8 a2 22 24 00 66 90 4c 89 75 e8 ff 75 e8 9d 7f cf 44 03 48 c7 c7 c8 dd c5 86 be 02 00 00 00 48 c7 c2 f4 33 [ 56.378670][ C0] RSP: 0018:ffffc90000bc73b0 EFLAGS: 00000293 [ 56.384579][ C0] RAX: 0000000000000000 RBX: 000000000000000b RCX: ffff8881143c2780 [ 56.392640][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff86c5ddc0 [ 56.400450][ C0] RBP: ffffc90000bc73c8 R08: dffffc0000000000 R09: fffffbfff0d8e4f9 [ 56.408415][ C0] R10: fffffbfff0d8e4f9 R11: 1ffffffff0d8e4f8 R12: ffffc90000bc7420 [ 56.416213][ C0] R13: f5effc1960000009 R14: 0000000000000293 R15: 0000000000000000 [ 56.424054][ C0] die_addr+0x61/0x70 [ 56.427848][ C0] exc_general_protection+0x1b6/0x250 [ 56.433058][ C0] asm_exc_general_protection+0x1e/0x30 [ 56.438549][ C0] RIP: 0010:avc_lookup+0x98/0x2e0 [ 56.443403][ C0] Code: 48 85 db 0f 94 c0 48 83 c3 d8 0f 94 c1 08 c1 74 0a e8 fc 43 4e ff e9 37 01 00 00 45 0f b7 e4 44 89 65 d4 48 89 d8 48 c1 e8 03 <42> 0f b6 04 30 84 c0 0f 85 be 00 00 00 44 8b 2b 44 89 ff 44 89 ee [ 56.463020][ C0] RSP: 0018:ffffc90000bc7578 EFLAGS: 00010a07 [ 56.468920][ C0] RAX: 15f0001960000009 RBX: af8000cb0000004c RCX: ffff8881143c2780 [ 56.476883][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000042 [ 56.484833][ C0] RBP: ffffc90000bc75b0 R08: dffffc0000000000 R09: ffffc90000bc7600 [ 56.492651][ C0] R10: fffff52000178ec7 R11: 1ffff92000178ec0 R12: 0000000000000008 [ 56.500457][ C0] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000042 [ 56.508271][ C0] ? avc_lookup+0x15e/0x2e0 [ 56.512606][ C0] avc_has_perm_noaudit+0xf6/0x240 [ 56.517568][ C0] ? avc_denied+0x1b0/0x1b0 [ 56.521895][ C0] selinux_inode_permission+0x37c/0x5e0 [ 56.527274][ C0] ? selinux_inode_follow_link+0x350/0x350 [ 56.532916][ C0] ? set_root+0x3f0/0x3f0 [ 56.537083][ C0] security_inode_permission+0xa0/0x100 [ 56.542461][ C0] inode_permission+0xf1/0x520 [ 56.547070][ C0] link_path_walk+0x1ee/0xb80 [ 56.551740][ C0] ? handle_lookup_down+0x130/0x130 [ 56.556744][ C0] path_lookupat+0x95/0x490 [ 56.561087][ C0] filename_lookup+0x1d5/0x600 [ 56.566458][ C0] ? hashlen_string+0x120/0x120 [ 56.571146][ C0] ? getname_flags+0x206/0x500 [ 56.575843][ C0] user_path_at_empty+0x43/0x50 [ 56.580517][ C0] vfs_statx+0xff/0x520 [ 56.584509][ C0] ? __kasan_check_write+0x14/0x20 [ 56.589451][ C0] ? vfs_fstatat+0x40/0x40 [ 56.593854][ C0] ? _raw_spin_lock+0x8e/0xe0 [ 56.598369][ C0] ? __kasan_check_write+0x14/0x20 [ 56.603307][ C0] __se_sys_newfstatat+0xc6/0x340 [ 56.608250][ C0] ? __x64_sys_newfstatat+0xb0/0xb0 [ 56.613284][ C0] ? __kasan_check_write+0x14/0x20 [ 56.618238][ C0] ? mntput+0x5f/0xc0 [ 56.622046][ C0] ? path_put+0x57/0x60 [ 56.626129][ C0] ? fsnotify_move+0x2a0/0x2a0 [ 56.630757][ C0] __x64_sys_newfstatat+0x9b/0xb0 [ 56.635586][ C0] do_syscall_64+0x31/0x40 [ 56.639929][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 56.645667][ C0] RIP: 0033:0x7f20ce7515f4 [ 56.649908][ C0] Code: 64 c7 00 09 00 00 00 83 c8 ff c3 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 00 00 00 00 41 89 ca b8 06 01 00 00 0f 05 <45> 31 c0 3d 00 f0 ff ff 76 10 48 8b 15 03 a8 0d 00 f7 d8 41 83 c8 [ 56.669443][ C0] RSP: 002b:00007fffbd010ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 [ 56.677855][ C0] RAX: ffffffffffffffda RBX: 000000000000000f RCX: 00007f20ce7515f4 [ 56.685675][ C0] RDX: 00007fffbd010ed8 RSI: 00007fffbd010fa7 RDI: 00000000ffffff9c [ 56.693478][ C0] RBP: 00007fffbd011fe0 R08: 0000000000000000 R09: 00007fffbd011968 [ 56.701284][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffbd011ff8 [ 56.709108][ C0] R13: 0000000000000000 R14: 0000000000000008 R15: 000056523f5b42c0 [ 56.716910][ C0] Modules linked in: [ 56.720683][ C0] CR2: ffffffff85092960 [ 56.724635][ C0] ---[ end trace bd8f47202bffe43b ]--- [ 56.729934][ C0] RIP: 0010:avc_lookup+0x98/0x2e0 [ 56.734792][ C0] Code: 48 85 db 0f 94 c0 48 83 c3 d8 0f 94 c1 08 c1 74 0a e8 fc 43 4e ff e9 37 01 00 00 45 0f b7 e4 44 89 65 d4 48 89 d8 48 c1 e8 03 <42> 0f b6 04 30 84 c0 0f 85 be 00 00 00 44 8b 2b 44 89 ff 44 89 ee [ 56.754529][ C0] RSP: 0018:ffffc90000bc7578 EFLAGS: 00010a07 [ 56.760618][ C0] RAX: 15f0001960000009 RBX: af8000cb0000004c RCX: ffff8881143c2780 [ 56.768424][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000042 [ 56.776248][ C0] RBP: ffffc90000bc75b0 R08: dffffc0000000000 R09: ffffc90000bc7600 [ 56.784045][ C0] R10: fffff52000178ec7 R11: 1ffff92000178ec0 R12: 0000000000000008 [ 56.791860][ C0] R13: 0000000000000000 R14: dffffc0000000000 R15: 0000000000000042 [ 56.799697][ C0] FS: 00007f20ce626c80(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 56.808437][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.814859][ C0] CR2: ffffffff85092960 CR3: 0000000112040000 CR4: 00000000003506b0 [ 56.822673][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.830484][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 57.380992][ T518] Shutting down cpus with NMI [ 57.385706][ T518] Kernel Offset: disabled [ 57.389866][ T518] Rebooting in 86400 seconds..