Warning: Permanently added '10.128.0.236' (ED25519) to the list of known hosts.
[  101.241997][   T27] audit: type=1400 audit(1697564433.135:87): avc:  denied  { execmem } for  pid=5031 comm="syz-executor165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  101.263420][   T27] audit: type=1400 audit(1697564433.155:88): avc:  denied  { mounton } for  pid=5032 comm="syz-executor165" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  101.289661][   T27] audit: type=1400 audit(1697564433.155:89): avc:  denied  { mount } for  pid=5032 comm="syz-executor165" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  101.312252][   T27] audit: type=1400 audit(1697564433.155:90): avc:  denied  { mounton } for  pid=5032 comm="syz-executor165" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
executing program
[  101.405234][   T27] audit: type=1400 audit(1697564433.295:91): avc:  denied  { mounton } for  pid=5032 comm="syz-executor165" path="/dev/binderfs" dev="devtmpfs" ino=2322 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  101.425324][ T5035] syz-executor165[5035]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[  101.447296][   T27] audit: type=1400 audit(1697564433.305:92): avc:  denied  { mount } for  pid=5032 comm="syz-executor165" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  101.496720][   T27] audit: type=1400 audit(1697564433.305:93): avc:  denied  { read write } for  pid=5032 comm="syz-executor165" name="loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  101.522929][   T27] audit: type=1400 audit(1697564433.305:94): avc:  denied  { open } for  pid=5032 comm="syz-executor165" path="/dev/loop0" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  101.533633][ T5035] loop0: detected capacity change from 0 to 8192
[  101.548165][   T27] audit: type=1400 audit(1697564433.305:95): avc:  denied  { ioctl } for  pid=5032 comm="syz-executor165" path="/dev/loop0" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  101.565810][ T5035] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  101.579863][   T27] audit: type=1400 audit(1697564433.445:96): avc:  denied  { mounton } for  pid=5035 comm="syz-executor165" path="/root/file0" dev="sda1" ino=1927 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  101.592740][ T5035] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[  101.616176][ T5035] REISERFS (device loop0): using ordered data mode
[  101.631764][ T5035] reiserfs: using flush barriers
[  101.639536][ T5035] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  101.656685][ T5035] REISERFS (device loop0): checking transaction log (loop0)
[  101.749065][ T5035] REISERFS (device loop0): Using r5 hash to sort names
[  101.777620][ T5032] general protection fault, probably for non-canonical address 0xdffffc00400000c5: 0000 [#1] PREEMPT SMP KASAN
[  101.789404][ T5032] KASAN: probably user-memory-access in range [0x0000000200000628-0x000000020000062f]
[  101.798974][ T5032] CPU: 0 PID: 5032 Comm: syz-executor165 Not tainted 6.6.0-rc6-syzkaller-00029-g213f891525c2 #0
[  101.809418][ T5032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[  101.819489][ T5032] ==================================================================
[  101.819503][ T5032] BUG: KASAN: out-of-bounds in console_flush_all+0xf23/0xfb0
[  101.819561][ T5032] Read of size 8 at addr ffffc9000349ef10 by task syz-executor165/5032
[  101.819587][ T5032] 
[  101.819593][ T5032] CPU: 0 PID: 5032 Comm: syz-executor165 Not tainted 6.6.0-rc6-syzkaller-00029-g213f891525c2 #0
[  101.819619][ T5032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[  101.819633][ T5032] Call Trace:
[  101.819645][ T5032]  <TASK>
[  101.819653][ T5032]  dump_stack_lvl+0xd9/0x1b0
[  101.819688][ T5032]  print_report+0xc4/0x620
[  101.819716][ T5032]  ? __virt_addr_valid+0x5e/0x2d0
[  101.819748][ T5032]  kasan_report+0xda/0x110
[  101.819775][ T5032]  ? console_flush_all+0xf23/0xfb0
[  101.819809][ T5032]  ? console_flush_all+0xf23/0xfb0
[  101.819845][ T5032]  console_flush_all+0xf23/0xfb0
[  101.819880][ T5032]  ? rcu_is_watching+0x12/0xb0
[  101.819920][ T5032]  ? devkmsg_read+0x550/0x550
[  101.819952][ T5032]  ? rcu_is_watching+0x12/0xb0
[  101.819991][ T5032]  ? lock_sync+0x190/0x190
[  101.820022][ T5032]  ? spin_bug+0x1d0/0x1d0
[  101.820055][ T5032]  console_unlock+0x10c/0x260
[  101.820090][ T5032]  ? console_flush_all+0xfb0/0xfb0
[  101.820125][ T5032]  ? __down_trylock_console_sem+0xac/0x140
[  101.820158][ T5032]  ? __down_trylock_console_sem+0xb2/0x140
[  101.820193][ T5032]  vprintk_emit+0x17f/0x5f0
[  101.820228][ T5032]  vprintk+0x7b/0x90
[  101.820263][ T5032]  _printk+0xc8/0x100
[  101.820293][ T5032]  ? syslog_print_all+0x3f0/0x3f0
[  101.820325][ T5032]  ? _printk+0xc8/0x100
[  101.820357][ T5032]  dump_stack_print_info+0x12e/0x150
[  101.820385][ T5032]  show_regs+0x1a/0xa0
[  101.820414][ T5032]  die_addr+0x4f/0xd0
[  101.820442][ T5032]  exc_general_protection+0x154/0x230
[  101.820478][ T5032]  asm_exc_general_protection+0x26/0x30
[  101.820512][ T5032] RIP: 0010:ext4_file_write_iter+0x103/0x1860
[  101.820556][ T5032] Code: 48 c1 ea 03 80 3c 02 00 0f 85 5e 15 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 5d 28 48 8d bb 28 06 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 2e 15 00 00 4c 8b a3 28 06 00 00 be 08 00 00 00
[  101.820580][ T5032] RSP: 0000:ffffc9000349f270 EFLAGS: 00010206
[  101.820611][ T5032] RAX: dffffc0000000000 RBX: 0000000200000001 RCX: 0000000000000000
[  101.820628][ T5032] RDX: 00000000400000c5 RSI: ffffffff822ede7a RDI: 0000000200000629
[  101.820645][ T5032] RBP: ffff88807365d830 R08: 0000000000000005 R09: 0000000000000007
[  101.820661][ T5032] R10: 0000000000000004 R11: ffffffff8a601206 R12: ffffc9000349f5c8
[  101.820677][ T5032] R13: ffffc9000349f3f0 R14: 0000000000000002 R15: ffff8880267ae2d0
[  101.820695][ T5032]  ? asm_exc_page_fault+0x26/0x30
[  101.820727][ T5032]  ? ext4_file_write_iter+0x8a/0x1860
[  101.820771][ T5032]  ? __stack_depot_save+0x247/0x510
[  101.820806][ T5032]  ? ext4_buffered_write_iter+0x3c0/0x3c0
[  101.820846][ T5032]  ? _raw_spin_unlock_irqrestore+0x4e/0x70
[  101.820872][ T5032]  ? lockdep_hardirqs_on+0x7d/0x100
[  101.820906][ T5032]  ? _raw_spin_unlock_irqrestore+0x3b/0x70
[  101.820933][ T5032]  __kernel_write_iter+0x261/0x7e0
[  101.820966][ T5032]  ? vfs_read+0x930/0x930
[  101.820994][ T5032]  ? kasan_save_stack+0x43/0x50
[  101.821019][ T5032]  ? kasan_save_stack+0x33/0x50
[  101.821045][ T5032]  ? exit_to_user_mode_prepare+0x11f/0x240
[  101.821070][ T5032]  ? irqentry_exit_to_user_mode+0x9/0x40
[  101.821108][ T5032]  ? asm_exc_page_fault+0x26/0x30
[  101.821140][ T5032]  __kernel_write+0xf6/0x140
[  101.821171][ T5032]  ? __kernel_write_iter+0x7e0/0x7e0
[  101.821207][ T5032]  dump_emit+0x21d/0x330
[  101.821245][ T5032]  ? __dump_skip+0x5b0/0x5b0
[  101.821282][ T5032]  elf_core_dump+0x2082/0x3900
[  101.821317][ T5032]  ? load_elf_phdrs+0x210/0x210
[  101.821348][ T5032]  ? kvmalloc_node+0x99/0x1a0
[  101.821376][ T5032]  ? kasan_save_stack+0x43/0x50
[  101.821401][ T5032]  ? kasan_save_stack+0x33/0x50
[  101.821428][ T5032]  ? __lock_acquire+0x182f/0x5de0
[  101.821464][ T5032]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  101.821508][ T5032]  ? do_coredump+0x2c96/0x3fc0
[  101.821544][ T5032]  do_coredump+0x2c96/0x3fc0
[  101.821589][ T5032]  ? dump_emit+0x330/0x330
[  101.821623][ T5032]  ? exit_to_user_mode_prepare+0x11f/0x240
[  101.821656][ T5032]  ? find_held_lock+0x2d/0x110
[  101.821689][ T5032]  get_signal+0x2434/0x2790
[  101.821716][ T5032]  ? exit_signals+0x920/0x920
[  101.821738][ T5032]  ? force_sig+0xf0/0xf0
[  101.821759][ T5032]  ? _raw_spin_unlock_irqrestore+0x3b/0x70
[  101.821786][ T5032]  arch_do_signal_or_restart+0x90/0x7f0
[  101.821823][ T5032]  ? __bad_area_nosemaphore+0x325/0x6a0
[  101.821850][ T5032]  ? get_sigframe_size+0x20/0x20
[  101.821882][ T5032]  ? __bad_area_nosemaphore+0x325/0x6a0
[  101.821913][ T5032]  exit_to_user_mode_prepare+0x11f/0x240
[  101.821938][ T5032]  irqentry_exit_to_user_mode+0x9/0x40
[  101.821975][ T5032]  asm_exc_page_fault+0x26/0x30
[  101.822007][ T5032] RIP: 0033:0x7f1369fb0833
[  101.822026][ T5032] Code: 00 00 00 02 00 00 00 48 00 04 00 00 00 00 00 01 00 00 00 02 00 00 00 48 00 04 00 00 00 00 00 01 00 00 00 02 00 00 00 48 00 04 <00> 00 00 00 00 01 00 00 00 02 00 00 00 48 00 04 00 00 00 00 00 01
[  101.822049][ T5032] RSP: 002b:00007fffac036608 EFLAGS: 00010202
[  101.822069][ T5032] RAX: 0000000000000000 RBX: 00007fffac036690 RCX: 00007f1369fb0833
[  101.822086][ T5032] RDX: 00007fffac036620 RSI: 0000000000000000 RDI: 0000000000000000
[  101.822104][ T5032] RBP: 0000000000000002 R08: 0000000000000065 R09: 0000000000000001
[  101.822119][ T5032] R10: 0000000000000000 R11: 0000000000000202 R12: 00000000000f4240
[  101.822135][ T5032] R13: 0000000000018c01 R14: 00007fffac036664 R15: 00007fffac036680
[  101.822156][ T5032]  </TASK>
[  101.822164][ T5032] 
[  101.822168][ T5032] The buggy address belongs to stack of task syz-executor165/5032
[  101.822183][ T5032] 
[  101.822191][ T5032] The buggy address belongs to the virtual mapping at
[  101.822191][ T5032]  [ffffc90003498000, ffffc900034a1000) created by:
[  101.822191][ T5032]  kernel_clone+0xfd/0x920
[  101.822226][ T5032] 
[  101.822231][ T5032] The buggy address belongs to the physical page:
[  101.822241][ T5032] page:ffffea0001fbfac0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7efeb
[  101.822266][ T5032] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  101.822284][ T5032] page_type: 0xffffffff()
[  101.822304][ T5032] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  101.822326][ T5032] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  101.822339][ T5032] page dumped because: kasan: bad access detected
[  101.822350][ T5032] page_owner tracks the page as allocated
[  101.822356][ T5032] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 4993, tgid 4993 (dhcpcd-run-hook), ts 88329486010, free_ts 72453205616
[  101.822397][ T5032]  post_alloc_hook+0x2cf/0x340
[  101.822427][ T5032]  get_page_from_freelist+0xee0/0x2f20
[  101.822458][ T5032]  __alloc_pages+0x1d0/0x4a0
[  101.822486][ T5032]  alloc_pages+0x1a9/0x270
[  101.822510][ T5032]  __vmalloc_node_range+0xa6e/0x1540
[  101.822534][ T5032]  copy_process+0x13e3/0x73f0
[  101.822556][ T5032]  kernel_clone+0xfd/0x920
[  101.822577][ T5032]  __do_sys_clone+0xba/0x100
[  101.822606][ T5032]  do_syscall_64+0x38/0xb0
[  101.822631][ T5032]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[  101.822661][ T5032] page last free stack trace:
[  101.822666][ T5032]  free_unref_page_prepare+0x476/0xa40
[  101.822695][ T5032]  free_unref_page+0x33/0x3b0
[  101.822723][ T5032]  slabs_destroy+0x85/0xc0
[  101.822742][ T5032]  ___cache_free+0x2b7/0x420
[  101.822763][ T5032]  qlist_free_all+0x4c/0x1b0
[  101.822792][ T5032]  kasan_quarantine_reduce+0x18e/0x1d0
[  101.822824][ T5032]  __kasan_slab_alloc+0x65/0x90
[  101.822848][ T5032]  __kmem_cache_alloc_node+0x163/0x470
[  101.822871][ T5032]  __kmalloc+0x4f/0x100
[  101.822899][ T5032]  tomoyo_supervisor+0xcdb/0xea0
[  101.822922][ T5032]  tomoyo_path_permission+0x270/0x3b0
[  101.822947][ T5032]  tomoyo_path_perm+0x35a/0x450
[  101.822972][ T5032]  security_inode_getattr+0xf1/0x150
[  101.822993][ T5032]  vfs_fstat+0x4f/0xc0
[  101.823015][ T5032]  vfs_fstatat+0x130/0x140
[  101.823037][ T5032]  __do_sys_newfstatat+0x98/0x110
[  101.823062][ T5032] 
[  101.823065][ T5032] Memory state around the buggy address:
[  101.823076][ T5032]  ffffc9000349ee00: 48 00 04 00 00 00 00 00 01 00 00 00 02 00 00 00
[  101.823093][ T5032]  ffffc9000349ee80: 48 00 04 00 00 00 00 00 01 00 00 00 02 00 00 00
[  101.823109][ T5032] >ffffc9000349ef00: 48 00 04 00 00 00 00 00 01 00 00 00 02 00 00 00
[  101.823122][ T5032]                          ^
[  101.823133][ T5032]  ffffc9000349ef80: 48 00 04 00 00 00 00 00 01 00 00 00 02 00 00 00
[  101.823148][ T5032]  ffffc9000349f000: 48 00 04 00 00 00 00 00 01 00 00 00 02 00 00 00
[  101.823161][ T5032] ==================================================================
[  101.823171][ T5032] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  101.823375][ T5032] Kernel Offset: disabled