[ 54.643343][ T35] audit: type=1400 audit(1639428963.832:151): avc: denied { create } for pid=5427 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 54.725246][ T35] audit: type=1400 audit(1639428963.912:152): avc: denied { create } for pid=5427 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 54.754940][ T35] audit: type=1400 audit(1639428963.942:153): avc: denied { create } for pid=5427 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 54.831973][ T35] audit: type=1400 audit(1639428964.022:154): avc: denied { create } for pid=5427 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 55.023852][ T35] audit: type=1400 audit(1639428964.212:155): avc: denied { create } for pid=5427 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 55.099267][ T35] audit: type=1400 audit(1639428964.292:156): avc: denied { create } for pid=5427 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 55.121950][ T35] audit: type=1400 audit(1639428964.312:157): avc: denied { create } for pid=5427 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 55.141853][ T35] audit: type=1400 audit(1639428964.312:158): avc: denied { create } for pid=5427 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 55.196336][ T35] audit: type=1400 audit(1639428964.392:159): avc: denied { create } for pid=5427 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 55.216656][ T35] audit: type=1400 audit(1639428964.392:160): avc: denied { create } for pid=5427 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 71.081555][ T34] cfg80211: failed to load regulatory.db Warning: Permanently added '10.128.0.40' (ECDSA) to the list of known hosts. [ 74.730758][ T5887] loop0: detected capacity change from 252287 to 0 [ 74.740045][ T35] kauditd_printk_skb: 29 callbacks suppressed [ 74.740051][ T35] audit: type=1400 audit(1639428983.932:190): avc: denied { mounton } for pid=5887 comm="syz-executor490" path="/root/file0" dev="sda1" ino=1142 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 74.745174][ T5887] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 74.778628][ T5887] REISERFS (device loop0): using ordered data mode [ 74.785214][ T5887] reiserfs: using flush barriers [ 74.793067][ T5887] REISERFS (device loop0): journal params: device loop0, size 15748, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30 [ 74.813792][ T5887] REISERFS (device loop0): checking transaction log (loop0) [ 76.405350][ T5887] REISERFS (device loop0): Using tea hash to sort names [ 76.413316][ T5887] ================================================================== [ 76.421548][ T5887] BUG: KASAN: out-of-bounds in leaf_paste_entries+0x405/0xa10 [ 76.429155][ T5887] Read of size 18446744073709551584 at addr ffff88803ebbbfa4 by task syz-executor490/5887 [ 76.439016][ T5887] [ 76.441331][ T5887] CPU: 1 PID: 5887 Comm: syz-executor490 Not tainted 5.11.0-syzkaller #0 [ 76.449719][ T5887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.459751][ T5887] Call Trace: [ 76.463011][ T5887] dump_stack+0x9a/0xcc [ 76.467146][ T5887] ? leaf_paste_entries+0x405/0xa10 [ 76.472414][ T5887] print_address_description.constprop.0.cold+0x5b/0x2c6 [ 76.479411][ T5887] ? leaf_paste_entries+0x405/0xa10 [ 76.484579][ T5887] ? leaf_paste_entries+0x405/0xa10 [ 76.489756][ T5887] kasan_report.cold+0x79/0xd5 [ 76.494494][ T5887] ? leaf_paste_entries+0x405/0xa10 [ 76.499668][ T5887] check_memory_region+0x13d/0x180 [ 76.504753][ T5887] memmove+0x20/0x60 [ 76.508618][ T5887] leaf_paste_entries+0x405/0xa10 [ 76.513616][ T5887] balance_leaf+0x8d0d/0xd3c0 [ 76.518275][ T5887] ? fix_nodes+0x2955/0x80f0 [ 76.522954][ T5887] ? replace_key+0x160/0x160 [ 76.527569][ T5887] do_balance+0x2ee/0x760 [ 76.531878][ T5887] ? get_right_neighbor_position+0x170/0x170 [ 76.537938][ T5887] ? __mutex_unlock_slowpath+0xe2/0x610 [ 76.543547][ T5887] ? mark_held_locks+0x9f/0xe0 [ 76.548493][ T5887] reiserfs_paste_into_item+0x63c/0x7b0 [ 76.554031][ T5887] ? reiserfs_delete_object+0x1b0/0x1b0 [ 76.559560][ T5887] ? search_by_entry_key+0x980/0x980 [ 76.564830][ T5887] ? reiserfs_new_inode+0xde3/0x1e80 [ 76.570105][ T5887] reiserfs_add_entry+0x7fd/0xc40 [ 76.575206][ T5887] ? reiserfs_lookup+0x3e0/0x3e0 [ 76.580215][ T5887] ? do_journal_begin_r+0x721/0xe50 [ 76.585401][ T5887] reiserfs_mkdir+0x59c/0x860 [ 76.590063][ T5887] ? reiserfs_mknod+0x650/0x650 [ 76.594906][ T5887] ? down_write+0xdb/0x150 [ 76.599305][ T5887] ? down_write_killable_nested+0x170/0x170 [ 76.605185][ T5887] ? down_write_killable_nested+0x170/0x170 [ 76.611068][ T5887] reiserfs_xattr_init+0x412/0xa60 [ 76.616163][ T5887] reiserfs_fill_super+0x1c53/0x2670 [ 76.621423][ T5887] ? reiserfs_remount+0x1330/0x1330 [ 76.626621][ T5887] ? pointer+0x700/0x700 [ 76.630853][ T5887] ? up_write+0x191/0x560 [ 76.635158][ T5887] ? wait_for_completion_io+0x260/0x260 [ 76.640762][ T5887] ? sget+0x3db/0x4d0 [ 76.644718][ T5887] mount_bdev+0x2cb/0x3b0 [ 76.649023][ T5887] ? reiserfs_remount+0x1330/0x1330 [ 76.654197][ T5887] ? reiserfs_kill_sb+0x1d0/0x1d0 [ 76.659542][ T5887] legacy_get_tree+0xfa/0x1f0 [ 76.664197][ T5887] vfs_get_tree+0x7f/0x2c0 [ 76.668586][ T5887] path_mount+0x7f3/0x1b30 [ 76.673063][ T5887] ? strncpy_from_user+0x68/0x2d0 [ 76.678071][ T5887] ? finish_automount+0x900/0x900 [ 76.683340][ T5887] ? getname_flags.part.0+0x89/0x440 [ 76.688605][ T5887] __x64_sys_mount+0x1f5/0x260 [ 76.693367][ T5887] ? copy_mnt_ns+0xd20/0xd20 [ 76.697942][ T5887] ? lockdep_hardirqs_on_prepare+0x17b/0x400 [ 76.703905][ T5887] ? syscall_enter_from_user_mode+0x27/0x70 [ 76.709785][ T5887] do_syscall_64+0x2d/0x70 [ 76.714300][ T5887] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.720186][ T5887] RIP: 0033:0x7f446b307d0a [ 76.724581][ T5887] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 76.744176][ T5887] RSP: 002b:00007ffc224868f8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 76.752575][ T5887] RAX: ffffffffffffffda RBX: 00007ffc22486950 RCX: 00007f446b307d0a [ 76.760527][ T5887] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffc22486910 [ 76.768590][ T5887] RBP: 00007ffc22486910 R08: 00007ffc22486950 R09: 0000000000000000 [ 76.776661][ T5887] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000200002a8 [ 76.784623][ T5887] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000007 [ 76.792707][ T5887] [ 76.795024][ T5887] The buggy address belongs to the page: [ 76.801078][ T5887] page:00000000ae3e9e5d refcount:3 mapcount:0 mapping:000000009f494180 index:0x3d97 pfn:0x3ebbb [ 76.811564][ T5887] aops:def_blk_aops ino:700000 [ 76.816320][ T5887] flags: 0xfff00000002022(referenced|active|private) [ 76.822977][ T5887] raw: 00fff00000002022 dead000000000100 dead000000000122 ffff888018952b50 [ 76.831538][ T5887] raw: 0000000000003d97 ffff88803aa2e040 00000003ffffffff ffff8880101f2000 [ 76.840100][ T5887] page dumped because: kasan: bad access detected [ 76.846491][ T5887] pages's memcg:ffff8880101f2000 [ 76.851421][ T5887] page_owner tracks the page as allocated [ 76.857107][ T5887] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 5887, ts 76404963547 [ 76.872491][ T5887] post_alloc_hook+0x144/0x1c0 [ 76.877234][ T5887] get_page_from_freelist+0x1c6e/0x3f80 [ 76.882753][ T5887] __alloc_pages_nodemask+0x2d6/0x730 [ 76.888111][ T5887] pagecache_get_page+0x1fc/0xce0 [ 76.893118][ T5887] __getblk_slow+0x1b6/0x7d0 [ 76.897680][ T5887] search_by_key+0x35c/0x4240 [ 76.902330][ T5887] reiserfs_read_locked_inode+0x144/0x21c0 [ 76.908135][ T5887] reiserfs_fill_super+0x152a/0x2670 [ 76.913975][ T5887] mount_bdev+0x2cb/0x3b0 [ 76.918307][ T5887] legacy_get_tree+0xfa/0x1f0 [ 76.922957][ T5887] vfs_get_tree+0x7f/0x2c0 [ 76.927343][ T5887] path_mount+0x7f3/0x1b30 [ 76.931733][ T5887] __x64_sys_mount+0x1f5/0x260 [ 76.936464][ T5887] do_syscall_64+0x2d/0x70 [ 76.940862][ T5887] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.946728][ T5887] page_owner free stack trace missing [ 76.952068][ T5887] [ 76.954373][ T5887] Memory state around the buggy address: [ 76.960060][ T5887] ffff88803ebbbe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.968794][ T5887] ffff88803ebbbf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.976839][ T5887] >ffff88803ebbbf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.984968][ T5887] ^ [ 76.990052][ T5887] ffff88803ebbc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 76.998083][ T5887] ffff88803ebbc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 77.006112][ T5887] ================================================================== [ 77.014144][ T5887] Disabling lock debugging due to kernel taint [ 77.021304][ T5887] Kernel panic - not syncing: panic_on_warn set ... [ 77.027881][ T5887] CPU: 0 PID: 5887 Comm: syz-executor490 Tainted: G B 5.11.0-syzkaller #0 [ 77.037648][ T5887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.047669][ T5887] Call Trace: [ 77.051354][ T5887] dump_stack+0x9a/0xcc [ 77.055480][ T5887] panic+0x256/0x4eb [ 77.059358][ T5887] ? __warn_printk+0xee/0xee [ 77.063913][ T5887] ? preempt_schedule_common+0x59/0xc0 [ 77.069346][ T5887] ? leaf_paste_entries+0x405/0xa10 [ 77.074705][ T5887] ? preempt_schedule_thunk+0x16/0x18 [ 77.080054][ T5887] ? leaf_paste_entries+0x405/0xa10 [ 77.085579][ T5887] ? leaf_paste_entries+0x405/0xa10 [ 77.090748][ T5887] end_report+0x58/0x5e [ 77.094884][ T5887] kasan_report.cold+0x67/0xd5 [ 77.099626][ T5887] ? leaf_paste_entries+0x405/0xa10 [ 77.104881][ T5887] check_memory_region+0x13d/0x180 [ 77.109971][ T5887] memmove+0x20/0x60 [ 77.113843][ T5887] leaf_paste_entries+0x405/0xa10 [ 77.118967][ T5887] balance_leaf+0x8d0d/0xd3c0 [ 77.123627][ T5887] ? fix_nodes+0x2955/0x80f0 [ 77.128206][ T5887] ? replace_key+0x160/0x160 [ 77.132766][ T5887] do_balance+0x2ee/0x760 [ 77.137067][ T5887] ? get_right_neighbor_position+0x170/0x170 [ 77.143024][ T5887] ? __mutex_unlock_slowpath+0xe2/0x610 [ 77.148541][ T5887] ? mark_held_locks+0x9f/0xe0 [ 77.153394][ T5887] reiserfs_paste_into_item+0x63c/0x7b0 [ 77.158915][ T5887] ? reiserfs_delete_object+0x1b0/0x1b0 [ 77.164433][ T5887] ? search_by_entry_key+0x980/0x980 [ 77.169698][ T5887] ? reiserfs_new_inode+0xde3/0x1e80 [ 77.174954][ T5887] reiserfs_add_entry+0x7fd/0xc40 [ 77.179951][ T5887] ? reiserfs_lookup+0x3e0/0x3e0 [ 77.184861][ T5887] ? do_journal_begin_r+0x721/0xe50 [ 77.190028][ T5887] reiserfs_mkdir+0x59c/0x860 [ 77.194673][ T5887] ? reiserfs_mknod+0x650/0x650 [ 77.199491][ T5887] ? down_write+0xdb/0x150 [ 77.203879][ T5887] ? down_write_killable_nested+0x170/0x170 [ 77.209739][ T5887] ? down_write_killable_nested+0x170/0x170 [ 77.215606][ T5887] reiserfs_xattr_init+0x412/0xa60 [ 77.220953][ T5887] reiserfs_fill_super+0x1c53/0x2670 [ 77.226202][ T5887] ? reiserfs_remount+0x1330/0x1330 [ 77.231364][ T5887] ? pointer+0x700/0x700 [ 77.235572][ T5887] ? up_write+0x191/0x560 [ 77.239892][ T5887] ? wait_for_completion_io+0x260/0x260 [ 77.245434][ T5887] ? sget+0x3db/0x4d0 [ 77.249385][ T5887] mount_bdev+0x2cb/0x3b0 [ 77.253681][ T5887] ? reiserfs_remount+0x1330/0x1330 [ 77.258849][ T5887] ? reiserfs_kill_sb+0x1d0/0x1d0 [ 77.263837][ T5887] legacy_get_tree+0xfa/0x1f0 [ 77.268484][ T5887] vfs_get_tree+0x7f/0x2c0 [ 77.272864][ T5887] path_mount+0x7f3/0x1b30 [ 77.277246][ T5887] ? strncpy_from_user+0x68/0x2d0 [ 77.282235][ T5887] ? finish_automount+0x900/0x900 [ 77.287222][ T5887] ? getname_flags.part.0+0x89/0x440 [ 77.292471][ T5887] __x64_sys_mount+0x1f5/0x260 [ 77.297197][ T5887] ? copy_mnt_ns+0xd20/0xd20 [ 77.301749][ T5887] ? lockdep_hardirqs_on_prepare+0x17b/0x400 [ 77.307695][ T5887] ? syscall_enter_from_user_mode+0x27/0x70 [ 77.313552][ T5887] do_syscall_64+0x2d/0x70 [ 77.318025][ T5887] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.323967][ T5887] RIP: 0033:0x7f446b307d0a [ 77.328350][ T5887] Code: 48 c7 c2 c0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 a8 00 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 77.348010][ T5887] RSP: 002b:00007ffc224868f8 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 77.356390][ T5887] RAX: ffffffffffffffda RBX: 00007ffc22486950 RCX: 00007f446b307d0a [ 77.364341][ T5887] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffc22486910 [ 77.372343][ T5887] RBP: 00007ffc22486910 R08: 00007ffc22486950 R09: 0000000000000000 [ 77.380285][ T5887] R10: 0000000000000000 R11: 0000000000000286 R12: 00000000200002a8 [ 77.388572][ T5887] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000007 [ 77.396779][ T5887] Kernel Offset: disabled [ 77.401083][ T5887] Rebooting in 86400 seconds..