[ 34.224452][ T27] audit: type=1400 audit(1695924981.869:154): avc: denied { rlimitinh } for pid=319 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 34.243590][ T27] audit: type=1400 audit(1695924981.869:155): avc: denied { siginh } for pid=319 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.84' (ED25519) to the list of known hosts. 2023/09/28 18:16:29 ignoring optional flag "sandboxArg"="0" 2023/09/28 18:16:29 parsed 1 programs [ 41.540091][ T27] audit: type=1400 audit(1695924989.229:156): avc: denied { mounton } for pid=341 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 41.566055][ T27] audit: type=1400 audit(1695924989.229:157): avc: denied { mount } for pid=341 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 41.640016][ T27] audit: type=1400 audit(1695924989.329:158): avc: denied { unlink } for pid=341 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2023/09/28 18:16:29 executed programs: 0 [ 41.681507][ T341] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 41.732574][ T347] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.740389][ T347] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.747679][ T347] device bridge_slave_0 entered promiscuous mode [ 41.754655][ T347] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.761746][ T347] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.768935][ T347] device bridge_slave_1 entered promiscuous mode [ 41.810130][ T27] audit: type=1400 audit(1695924989.499:159): avc: denied { write } for pid=347 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 41.824835][ T347] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.830899][ T27] audit: type=1400 audit(1695924989.509:160): avc: denied { read } for pid=347 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 41.837843][ T347] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.865522][ T347] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.872461][ T347] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.890723][ T300] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.897800][ T300] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.905188][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 41.912689][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 41.921519][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 41.929404][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.936272][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 41.950893][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 41.958842][ T300] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.965700][ T300] bridge0: port 2(bridge_slave_1) entered forwarding state [ 41.972836][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 41.981044][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 41.993039][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.004331][ T347] device veth0_vlan entered promiscuous mode [ 42.011226][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.018882][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.026160][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.037077][ T347] device veth1_macvtap entered promiscuous mode [ 42.044020][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.054465][ T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.065707][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.076820][ T27] audit: type=1400 audit(1695924989.759:161): avc: denied { mounton } for pid=347 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=207 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 42.107585][ T352] loop0: detected capacity change from 0 to 512 [ 42.114800][ T27] audit: type=1400 audit(1695924989.809:162): avc: denied { mounton } for pid=351 comm="syz-executor.0" path="/root/syzkaller-testdir1900756039/syzkaller.BPjxRw/0/file1" dev="sda1" ino=1938 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 42.121949][ T352] EXT4-fs (loop0): 1 orphan inode deleted [ 42.147542][ T352] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 42.156939][ T27] audit: type=1400 audit(1695924989.839:163): avc: denied { mount } for pid=351 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 42.156974][ T352] ext4 filesystem being mounted at /root/syzkaller-testdir1900756039/syzkaller.BPjxRw/0/file1 supports timestamps until 2038 (0x7fffffff) [ 42.195389][ T27] audit: type=1400 audit(1695924989.889:164): avc: denied { write } for pid=351 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 42.208339][ T357] EXT4-fs error (device loop0): ext4_ext_remove_space:2866: inode #16: comm syz-executor.0: path[1].p_hdr == NULL [ 42.218552][ T27] audit: type=1400 audit(1695924989.889:165): avc: denied { add_name } for pid=351 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 42.230582][ T357] EXT4-fs (loop0): Remounting filesystem read-only [ 42.258017][ T357] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm syz-executor.0: Invalid inode table block 0 in block_group 0 [ 42.271501][ T357] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5841: Corrupt filesystem [ 42.281151][ T357] EXT4-fs error (device loop0): ext4_punch_hole:4137: inode #16: comm syz-executor.0: mark_inode_dirty error [ 42.296678][ T347] EXT4-fs (loop0): unmounting filesystem. [ 42.315943][ T360] loop0: detected capacity change from 0 to 512 [ 42.341745][ T360] EXT4-fs (loop0): 1 orphan inode deleted [ 42.347802][ T360] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 42.356972][ T360] ext4 filesystem being mounted at /root/syzkaller-testdir1900756039/syzkaller.BPjxRw/1/file1 supports timestamps until 2038 (0x7fffffff) [ 42.377604][ T363] EXT4-fs error (device loop0): ext4_ext_remove_space:2866: inode #16: comm syz-executor.0: path[1].p_hdr == NULL [ 42.390194][ T363] EXT4-fs (loop0): Remounting filesystem read-only [ 42.397165][ T363] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm syz-executor.0: Invalid inode table block 0 in block_group 0 [ 42.410271][ T363] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5841: Corrupt filesystem [ 42.419840][ T363] EXT4-fs error (device loop0): ext4_punch_hole:4137: inode #16: comm syz-executor.0: mark_inode_dirty error [ 42.436200][ T347] EXT4-fs (loop0): unmounting filesystem. [ 42.450384][ T365] loop0: detected capacity change from 0 to 512 [ 42.461490][ T365] EXT4-fs (loop0): 1 orphan inode deleted [ 42.467607][ T365] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 42.478097][ T365] ext4 filesystem being mounted at /root/syzkaller-testdir1900756039/syzkaller.BPjxRw/2/file1 supports timestamps until 2038 (0x7fffffff) [ 42.498547][ T368] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor.0: Invalid block bitmap block 0 in block_group 0 [ 42.512474][ T368] EXT4-fs (loop0): Remounting filesystem read-only [ 42.518929][ T368] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6077: Corrupt filesystem [ 42.529309][ T368] ================================================================== [ 42.537618][ T368] BUG: KASAN: out-of-bounds in ext4_ext_remove_space+0x1fa0/0x4970 [ 42.546131][ T368] Read of size 18446744073709551544 at addr ffff88810fadc054 by task syz-executor.0/368 [ 42.556693][ T368] [ 42.559040][ T368] CPU: 0 PID: 368 Comm: syz-executor.0 Not tainted 6.1.25-syzkaller #0 [ 42.567484][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 [ 42.577642][ T368] Call Trace: [ 42.581130][ T368] [ 42.584110][ T368] dump_stack_lvl+0x105/0x148 [ 42.589660][ T368] ? panic+0x3b4/0x3b4 [ 42.593651][ T368] ? nf_tcp_handle_invalid+0x30b/0x30b [ 42.599131][ T368] ? _printk+0xca/0x10a [ 42.603292][ T368] print_report+0x158/0x4e0 [ 42.607838][ T368] ? kasan_addr_to_slab+0xd/0x80 [ 42.612891][ T368] ? ext4_ext_remove_space+0x1fa0/0x4970 [ 42.618628][ T368] kasan_report+0x13c/0x170 [ 42.623054][ T368] ? ext4_ext_remove_space+0x1fa0/0x4970 [ 42.628774][ T368] kasan_check_range+0x294/0x2a0 [ 42.633540][ T368] ? ext4_ext_remove_space+0x1fa0/0x4970 [ 42.639449][ T368] memmove+0x2d/0x70 [ 42.643310][ T368] ext4_ext_remove_space+0x1fa0/0x4970 [ 42.648558][ T368] ? ext4_ext_index_trans_blocks+0xe0/0xe0 [ 42.654212][ T368] ? ext4_es_remove_extent+0x16d/0x2d0 [ 42.659842][ T368] ? ext4_zero_partial_blocks+0x10f/0x190 [ 42.665674][ T368] ext4_punch_hole+0x5d7/0x8e0 [ 42.670586][ T368] ext4_fallocate+0x2b1/0x1730 [ 42.675532][ T368] ? avc_has_extended_perms+0x852/0xee0 [ 42.680909][ T368] ? ext4_ext_truncate+0x260/0x260 [ 42.686328][ T368] vfs_fallocate+0x330/0x410 [ 42.692345][ T368] do_vfs_ioctl+0x1aca/0x2350 [ 42.696952][ T368] ? __x64_compat_sys_ioctl+0x80/0x80 [ 42.703062][ T368] ? ioctl_has_perm+0x1f0/0x4c0 [ 42.708202][ T368] ? ioctl_has_perm+0x350/0x4c0 [ 42.713012][ T368] ? has_cap_mac_admin+0x360/0x360 [ 42.718213][ T368] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 42.723154][ T368] ? recalc_sigpending+0xfc/0x150 [ 42.728123][ T368] ? __set_current_blocked+0x27b/0x2d0 [ 42.733593][ T368] ? selinux_file_ioctl+0x2d6/0x420 [ 42.739156][ T368] ? set_current_blocked+0x40/0x40 [ 42.744329][ T368] ? selinux_file_alloc_security+0x120/0x120 [ 42.750639][ T368] ? __kasan_check_write+0x14/0x20 [ 42.756047][ T368] ? __fget_files+0x24b/0x280 [ 42.760763][ T368] ? security_file_ioctl+0x39/0x90 [ 42.765862][ T368] __se_sys_ioctl+0x5d/0x110 [ 42.770480][ T368] ? fpregs_assert_state_consistent+0x47/0x60 [ 42.778135][ T368] __x64_sys_ioctl+0x76/0x80 [ 42.782537][ T368] do_syscall_64+0x3d/0xb0 [ 42.787415][ T368] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 42.793374][ T368] RIP: 0033:0x7f61c6c7cae9 [ 42.797990][ T368] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 42.819151][ T368] RSP: 002b:00007f61c7a180c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 42.827739][ T368] RAX: ffffffffffffffda RBX: 00007f61c6d9c050 RCX: 00007f61c6c7cae9 [ 42.835536][ T368] RDX: 0000000020000080 RSI: 000000004030582b RDI: 0000000000000004 [ 42.843697][ T368] RBP: 00007f61c6cc847a R08: 0000000000000000 R09: 0000000000000000 [ 42.852050][ T368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 42.860253][ T368] R13: 000000000000000b R14: 00007f61c6d9c050 R15: 00007ffc3e74d008 [ 42.868711][ T368] [ 42.871959][ T368] [ 42.874603][ T368] The buggy address belongs to the physical page: [ 42.881528][ T368] page:ffffea00043eb700 refcount:2 mapcount:0 mapping:ffff888100548d50 index:0x3a pfn:0x10fadc [ 42.891757][ T368] memcg:ffff88812005c000 [ 42.895834][ T368] aops:def_blk_aops ino:700000 [ 42.900467][ T368] flags: 0x4e00000000002056(referenced|uptodate|lru|workingset|private|zone=1) [ 42.909581][ T368] raw: 4e00000000002056 ffffea0004911488 ffffea00047d7188 ffff888100548d50 [ 42.918411][ T368] raw: 000000000000003a ffff8881220ebd20 00000002ffffffff ffff88812005c000 [ 42.927087][ T368] page dumped because: kasan: bad access detected [ 42.933706][ T368] page_owner tracks the page as allocated [ 42.939402][ T368] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 365, tgid 364 (syz-executor.0), ts 42496574603, free_ts 35606624772 [ 42.959800][ T368] prep_new_page+0x512/0x5e0 [ 42.964511][ T368] get_page_from_freelist+0x273d/0x27d0 [ 42.969849][ T368] __alloc_pages+0x39f/0x780 [ 42.974277][ T368] __folio_alloc+0x15/0x40 [ 42.978612][ T368] __filemap_get_folio+0x461/0x5c0 [ 42.983560][ T368] pagecache_get_page+0x15/0xb0 [ 42.988245][ T368] __getblk_gfp+0x1ac/0x590 [ 42.992806][ T368] ext4_ext_insert_extent+0xf76/0x5490 [ 42.998636][ T368] ext4_ext_map_blocks+0x1a04/0x64d0 [ 43.003880][ T368] ext4_map_blocks+0x83a/0x18b0 [ 43.008649][ T368] _ext4_get_block+0x1d0/0x540 [ 43.013749][ T368] ext4_get_block+0x12/0x20 [ 43.018260][ T368] ext4_block_write_begin+0x399/0xbc0 [ 43.024026][ T368] ext4_write_begin+0x588/0xe00 [ 43.028888][ T368] ext4_da_write_begin+0x397/0x6f0 [ 43.034009][ T368] generic_perform_write+0x2ee/0x520 [ 43.039129][ T368] page last free stack trace: [ 43.043808][ T368] free_unref_page_prepare+0x794/0x7a0 [ 43.049099][ T368] free_unref_page_list+0xf6/0x690 [ 43.054492][ T368] release_pages+0xcfc/0xd50 [ 43.059173][ T368] free_pages_and_swap_cache+0x68/0x80 [ 43.064655][ T368] tlb_finish_mmu+0x1ba/0x3b0 [ 43.069570][ T368] unmap_region+0x2a3/0x300 [ 43.073988][ T368] do_mas_align_munmap+0xb63/0x1150 [ 43.079112][ T368] do_mas_munmap+0x199/0x1e0 [ 43.083541][ T368] __vm_munmap+0x24e/0x360 [ 43.087793][ T368] __x64_sys_munmap+0x66/0x70 [ 43.092651][ T368] do_syscall_64+0x3d/0xb0 [ 43.097726][ T368] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 43.103680][ T368] [ 43.105834][ T368] Memory state around the buggy address: [ 43.111479][ T368] ffff88810fadbf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.119386][ T368] ffff88810fadbf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.127543][ T368] >ffff88810fadc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.136008][ T368] ^ [ 43.143607][ T368] ffff88810fadc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.151658][ T368] ffff88810fadc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.159925][ T368] ================================================================== [ 43.172145][ T368] Disabling lock debugging due to kernel taint [ 43.178847][ T368] EXT4-fs error (device loop0): __ext4_get_inode_loc:4492: comm syz-executor.0: Invalid inode table block 0 in block_group 0 [ 43.194512][ T368] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5841: Corrupt filesystem [ 43.204596][ T368] EXT4-fs error (device loop0): ext4_punch_hole:4137: inode #16: comm syz-executor.0: mark_inode_dirty error [ 43.221985][ T347] EXT4-fs (loop0): unmounting filesystem. [ 43.245431][ T370] loop0: detected capacity change from 0 to 512 [ 43.261536][ T370] EXT4-fs (loop0): 1 orphan inode deleted [ 43.267438][ T370] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 43.277358][ T370] ext4 filesystem being mounted at /root/syzkaller-testdir1900756039/syzkaller.BPjxRw/3/file1 supports timestamps until 2038 (0x7fffffff) [ 43.299460][ T373] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:438: comm syz-executor.0: Invalid block bitmap block 0 in block_group 0 [ 43.313890][ T373] EXT4-fs (loop0): Remounting filesystem read-only [ 43.320372][ T373] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6077: Corrupt filesystem [ 43.333837][ T373] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 43.343284][ T373] Kernel Offset: disabled [ 43.347524][ T373] Rebooting in 86400 seconds..