Warning: Permanently added '10.128.1.138' (ECDSA) to the list of known hosts. [ 42.481470][ T23] audit: type=1400 audit(1677115937.610:73): avc: denied { execmem } for pid=365 comm="syz-executor115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 42.502823][ T23] audit: type=1400 audit(1677115937.630:74): avc: denied { setattr } for pid=365 comm="syz-executor115" name="raw-gadget" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 executing program [ 42.527768][ T23] audit: type=1400 audit(1677115937.660:75): avc: denied { mounton } for pid=366 comm="syz-executor115" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 42.551936][ T23] audit: type=1400 audit(1677115937.680:76): avc: denied { mount } for pid=366 comm="syz-executor115" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 42.574539][ T23] audit: type=1400 audit(1677115937.680:77): avc: denied { mounton } for pid=366 comm="syz-executor115" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 42.596363][ T23] audit: type=1400 audit(1677115937.700:78): avc: denied { mounton } for pid=366 comm="syz-executor115" path="/dev/binderfs" dev="devtmpfs" ino=363 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 42.606761][ T366] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 42.619486][ T23] audit: type=1400 audit(1677115937.700:79): avc: denied { mount } for pid=366 comm="syz-executor115" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 42.628379][ T366] ext4 filesystem being mounted at /root/syzkaller.6gkWXP/bus supports timestamps until 2038 (0x7fffffff) [ 42.651160][ T23] audit: type=1400 audit(1677115937.710:80): avc: denied { read write } for pid=366 comm="syz-executor115" name="loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 42.672484][ T366] ================================================================== [ 42.686605][ T23] audit: type=1400 audit(1677115937.710:81): avc: denied { open } for pid=366 comm="syz-executor115" path="/dev/loop0" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 42.694343][ T366] BUG: KASAN: use-after-free in crc16+0x235/0x2d0 [ 42.718599][ T23] audit: type=1400 audit(1677115937.710:82): avc: denied { ioctl } for pid=366 comm="syz-executor115" path="/dev/loop0" dev="devtmpfs" ino=115 ioctlcmd=0x4c00 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 42.724751][ T366] Read of size 1 at addr ffff88811d865000 by task syz-executor115/366 [ 42.758356][ T366] [ 42.760683][ T366] CPU: 1 PID: 366 Comm: syz-executor115 Not tainted 5.10.161-syzkaller-00019-g416c4356f372 #0 [ 42.770892][ T366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 42.781020][ T366] Call Trace: [ 42.784301][ T366] dump_stack_lvl+0x1e2/0x24b [ 42.788969][ T366] ? printk+0xcf/0x10f [ 42.793016][ T366] ? bfq_pos_tree_add_move+0x43e/0x43e [ 42.798450][ T366] ? wake_up_klogd+0xb8/0xf0 [ 42.803018][ T366] ? panic+0x7d7/0x7d7 [ 42.807066][ T366] print_address_description+0x81/0x3c0 [ 42.812587][ T366] kasan_report+0x1a4/0x1f0 [ 42.817069][ T366] ? crc16+0x235/0x2d0 [ 42.821119][ T366] ? crc16+0x235/0x2d0 [ 42.825186][ T366] __asan_report_load1_noabort+0x14/0x20 [ 42.830812][ T366] crc16+0x235/0x2d0 [ 42.834692][ T366] ext4_group_desc_csum+0x851/0xb50 [ 42.839869][ T366] ? __kasan_check_write+0x14/0x20 [ 42.844954][ T366] ? ext4_group_desc_csum_verify+0x2a0/0x2a0 [ 42.850913][ T366] ? __kasan_check_write+0x14/0x20 [ 42.856010][ T366] ? mb_test_and_clear_bits+0x232/0x250 [ 42.861544][ T366] ? ext4_block_bitmap_csum_set+0x1c3/0x500 [ 42.867422][ T366] ? __kasan_check_read+0x11/0x20 [ 42.872431][ T366] ? ext4_block_bitmap_csum_verify+0x540/0x540 [ 42.878568][ T366] ext4_group_desc_csum_set+0x1d6/0x270 [ 42.884100][ T366] ext4_free_blocks+0x1b9e/0x2ad0 [ 42.889131][ T366] ? stack_trace_save+0x1f0/0x1f0 [ 42.894159][ T366] ? ext4_mb_release_context+0x17a0/0x17a0 [ 42.899950][ T366] ? stack_trace_snprint+0x100/0x100 [ 42.905224][ T366] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 42.911014][ T366] ? stack_depot_save+0x433/0x4a0 [ 42.916023][ T366] ? _raw_read_unlock+0x25/0x40 [ 42.920857][ T366] ? ext4_is_pending+0x196/0x1d0 [ 42.925780][ T366] ext4_remove_blocks+0xaf1/0x1180 [ 42.930908][ T366] ext4_ext_rm_leaf+0xaa8/0x18c0 [ 42.935835][ T366] ext4_ext_remove_space+0xf25/0x22a0 [ 42.941194][ T366] ? __kasan_check_write+0x14/0x20 [ 42.946293][ T366] ? ext4_ext_index_trans_blocks+0x120/0x120 [ 42.952266][ T366] ? ext4_es_remove_extent+0x1a4/0x360 [ 42.957724][ T366] ? ext4_es_lookup_extent+0x9d0/0x9d0 [ 42.963164][ T366] ? __down_write+0x119/0x320 [ 42.967839][ T366] ext4_ext_truncate+0x18a/0x210 [ 42.972760][ T366] ext4_truncate+0xba0/0x1270 [ 42.977424][ T366] ? __ext4_mark_inode_dirty+0x780/0x780 [ 42.983041][ T366] ? __kasan_check_read+0x11/0x20 [ 42.988149][ T366] ? __ext4_journal_start_sb+0x2d9/0x480 [ 42.993766][ T366] ext4_evict_inode+0xf1e/0x1730 [ 42.998689][ T366] ? _raw_spin_unlock+0x4d/0x70 [ 43.003526][ T366] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 43.009415][ T366] ? __kasan_check_write+0x14/0x20 [ 43.014688][ T366] ? _raw_spin_lock+0xa3/0x1b0 [ 43.019444][ T366] ? _raw_spin_trylock_bh+0x1d0/0x1d0 [ 43.024805][ T366] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 43.030695][ T366] evict+0x2a3/0x6c0 [ 43.034584][ T366] iput+0x61f/0x7d0 [ 43.038379][ T366] do_unlinkat+0x51a/0x920 [ 43.042780][ T366] ? try_break_deleg+0x120/0x120 [ 43.047702][ T366] ? strncpy_from_user+0x179/0x2b0 [ 43.052800][ T366] ? getname_flags+0x1fb/0x510 [ 43.057550][ T366] __x64_sys_unlink+0x49/0x50 [ 43.062210][ T366] do_syscall_64+0x34/0x70 [ 43.066610][ T366] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 43.072486][ T366] RIP: 0033:0x7f0a90ab5ea9 [ 43.076901][ T366] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 01 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 43.096487][ T366] RSP: 002b:00007ffc38cbe7d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 43.104889][ T366] RAX: ffffffffffffffda RBX: 00007f0a90b1ded0 RCX: 00007f0a90ab5ea9 [ 43.112851][ T366] RDX: ffffffffffffffc0 RSI: 0000000000000080 RDI: 0000000020000200 [ 43.120809][ T366] RBP: 00007ffc38cbe7f8 R08: 0000000000000000 R09: 0000000000000000 [ 43.128763][ T366] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc38cbe820 [ 43.136720][ T366] R13: 00007ffc38cbe820 R14: 00007f0a90af30e8 R15: 00007ffc38cbe800 [ 43.144677][ T366] [ 43.146988][ T366] Allocated by task 368: [ 43.151217][ T366] __kasan_slab_alloc+0xb2/0xe0 [ 43.156050][ T366] kmem_cache_alloc+0x16c/0x300 [ 43.160889][ T366] mempool_alloc_slab+0x1d/0x30 [ 43.165727][ T366] mempool_alloc+0x135/0x530 [ 43.170302][ T366] bio_alloc_bioset+0x1db/0x650 [ 43.175136][ T366] do_mpage_readpage+0x14e6/0x1b50 [ 43.180227][ T366] mpage_readahead+0x2d5/0x5f0 [ 43.184971][ T366] blkdev_readahead+0x1c/0x20 [ 43.189641][ T366] read_pages+0x160/0xb60 [ 43.193959][ T366] page_cache_ra_unbounded+0x6d0/0x8b0 [ 43.199398][ T366] force_page_cache_ra+0x3e6/0x440 [ 43.204502][ T366] page_cache_sync_ra+0x253/0x2c0 [ 43.209510][ T366] generic_file_buffered_read+0x65f/0x2850 [ 43.215303][ T366] generic_file_read_iter+0x106/0x6d0 [ 43.220662][ T366] blkdev_read_iter+0x135/0x190 [ 43.225508][ T366] vfs_read+0x9e2/0xbf0 [ 43.229650][ T366] ksys_read+0x198/0x2c0 [ 43.233878][ T366] __x64_sys_read+0x7b/0x90 [ 43.238373][ T366] do_syscall_64+0x34/0x70 [ 43.242773][ T366] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 43.248640][ T366] [ 43.250955][ T366] Freed by task 18: [ 43.254751][ T366] kasan_set_track+0x4c/0x80 [ 43.259326][ T366] kasan_set_free_info+0x23/0x40 [ 43.264246][ T366] ____kasan_slab_free+0x121/0x160 [ 43.269342][ T366] __kasan_slab_free+0x11/0x20 [ 43.274114][ T366] slab_free_freelist_hook+0xcc/0x1a0 [ 43.279489][ T366] kmem_cache_free+0xa9/0x1f0 [ 43.284150][ T366] mempool_free_slab+0x1d/0x30 [ 43.288917][ T366] mempool_free+0xd5/0x310 [ 43.293322][ T366] bio_put+0x34e/0x420 [ 43.297379][ T366] mpage_end_io+0x325/0x5b0 [ 43.301866][ T366] bio_endio+0x465/0x5c0 [ 43.306103][ T366] blk_update_request+0x6d5/0x1250 [ 43.311217][ T366] blk_mq_end_request+0x42/0x80 [ 43.316062][ T366] lo_complete_rq+0x151/0x2e0 [ 43.320721][ T366] blk_done_softirq+0x372/0x410 [ 43.325557][ T366] __do_softirq+0x27e/0x596 [ 43.330126][ T366] [ 43.332444][ T366] The buggy address belongs to the object at ffff88811d865000 [ 43.332444][ T366] which belongs to the cache bio-0 of size 216 [ 43.345961][ T366] The buggy address is located 0 bytes inside of [ 43.345961][ T366] 216-byte region [ffff88811d865000, ffff88811d8650d8) [ 43.359038][ T366] The buggy address belongs to the page: [ 43.364665][ T366] page:ffffea0004761940 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d865 [ 43.374883][ T366] flags: 0x8000000000000200(slab) [ 43.379984][ T366] raw: 8000000000000200 dead000000000100 dead000000000122 ffff88810017fb00 [ 43.388557][ T366] raw: 0000000000000000 00000000000c000c 00000001ffffffff 0000000000000000 [ 43.397123][ T366] page dumped because: kasan: bad access detected [ 43.403516][ T366] page_owner tracks the page as allocated [ 43.409245][ T366] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x92880(GFP_NOWAIT|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC), pid 368, ts 42599737291, free_ts 0 [ 43.426587][ T366] get_page_from_freelist+0x755/0x810 [ 43.431943][ T366] __alloc_pages_nodemask+0x3b6/0x890 [ 43.437301][ T366] allocate_slab+0x78/0x540 [ 43.441787][ T366] ___slab_alloc+0x131/0x2e0 [ 43.446360][ T366] __slab_alloc+0x63/0xa0 [ 43.450673][ T366] kmem_cache_alloc+0x1ef/0x300 [ 43.455511][ T366] mempool_alloc_slab+0x1d/0x30 [ 43.460350][ T366] mempool_alloc+0x135/0x530 [ 43.464922][ T366] bio_alloc_bioset+0x1db/0x650 [ 43.469762][ T366] do_mpage_readpage+0x14e6/0x1b50 [ 43.474858][ T366] mpage_readahead+0x2d5/0x5f0 [ 43.479713][ T366] blkdev_readahead+0x1c/0x20 [ 43.484379][ T366] read_pages+0x160/0xb60 [ 43.488709][ T366] page_cache_ra_unbounded+0x6d0/0x8b0 [ 43.494155][ T366] force_page_cache_ra+0x3e6/0x440 [ 43.499256][ T366] page_cache_sync_ra+0x253/0x2c0 [ 43.504445][ T366] page_owner free stack trace missing [ 43.509795][ T366] [ 43.512131][ T366] Memory state around the buggy address: [ 43.517747][ T366] ffff88811d864f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.525793][ T366] ffff88811d864f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory [ 43.533837][ T366] >ffff88811d865000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.541891][ T366] ^ [ 43.545960][ T366] ffff88811d865080: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc [ 43.554007][ T366] ffff88811d865100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 43.562052][ T366] ================================================================== [ 43.570096][ T366] Disabling lock debugging due to kernel taint write to /proc/sys/kernel/softlockup_all_cpu_backtrace failed: No such file or directory