[ 19.591912][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 19.601997][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 19.612296][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 19.688566][ T407] syz-executor.0 (407) used greatest stack depth: 21856 bytes left [ 20.098655][ T9] device bridge_slave_1 left promiscuous mode [ 20.104647][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 20.112314][ T9] device bridge_slave_0 left promiscuous mode [ 20.118358][ T9] bridge0: port 1(bridge_slave_0) entered disabled state [ 20.126433][ T9] device veth1_macvtap left promiscuous mode [ 20.132321][ T9] device veth0_vlan left promiscuous mode Warning: Permanently added '10.128.0.133' (ECDSA) to the list of known hosts. 2022/12/09 17:10:34 ignoring optional flag "sandboxArg"="0" 2022/12/09 17:10:34 parsed 1 programs 2022/12/09 17:10:34 executed programs: 0 [ 37.256516][ T29] kauditd_printk_skb: 65 callbacks suppressed [ 37.256526][ T29] audit: type=1400 audit(1670605834.500:137): avc: denied { mounton } for pid=452 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 37.287222][ T29] audit: type=1400 audit(1670605834.500:138): avc: denied { mount } for pid=452 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 37.317785][ T455] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.325162][ T455] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.332554][ T455] device bridge_slave_0 entered promiscuous mode [ 37.339193][ T455] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.346023][ T455] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.358588][ T455] device bridge_slave_1 entered promiscuous mode [ 37.393791][ T455] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.400674][ T455] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.407723][ T455] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.414558][ T455] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.431094][ T405] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.438412][ T405] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.445898][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 37.459572][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 37.468787][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.476712][ T405] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.483557][ T405] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.498965][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 37.506998][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.515164][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.522070][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.529572][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 37.537280][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 37.548018][ T455] device veth0_vlan entered promiscuous mode [ 37.554013][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 37.561890][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 37.569171][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 37.580340][ T455] device veth1_macvtap entered promiscuous mode [ 37.588420][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 37.596941][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 37.607697][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 37.619826][ T29] audit: type=1400 audit(1670605834.870:139): avc: denied { mount } for pid=455 comm="syz-executor.0" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 37.649848][ T461] loop0: detected capacity change from 0 to 264192 [ 37.662194][ T29] audit: type=1400 audit(1670605834.910:140): avc: denied { mounton } for pid=460 comm="syz-executor.0" path="/root/syzkaller-testdir1498617029/syzkaller.KtFqlt/0/file0" dev="sda1" ino=1148 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 37.664091][ T461] erofs: (device loop0): mounted with root inode @ nid 36. [ 37.697446][ T461] attempt to access beyond end of device [ 37.697446][ T461] loop0: rw=0, want=2201354232, limit=264192 [ 37.709335][ T461] BUG: unable to handle page fault for address: fffff52100099e3b [ 37.716854][ T461] #PF: supervisor read access in kernel mode [ 37.722675][ T461] #PF: error_code(0x0000) - not-present page [ 37.728486][ T461] PGD 23ffef067 P4D 23ffef067 PUD 0 [ 37.733610][ T461] Oops: 0000 [#1] PREEMPT SMP KASAN [ 37.738641][ T461] CPU: 0 PID: 461 Comm: syz-executor.0 Not tainted 5.15.82-syzkaller #0 [ 37.746795][ T461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 37.756778][ T461] RIP: 0010:z_erofs_decompress_queue+0x8b3/0x1ec0 [ 37.763119][ T461] Code: 84 c0 0f 85 27 02 00 00 41 8b 07 c1 f8 02 89 c0 48 8b 4c 24 68 4c 8d 24 c1 4d 89 e7 49 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <41> 80 3c 07 00 74 08 4c 89 e7 e8 7e eb 80 ff 4d 8b 2c 24 4d 85 ed [ 37.782553][ T461] RSP: 0018:ffffc900004cf0a0 EFLAGS: 00010a02 [ 37.788456][ T461] RAX: dffffc0000000000 RBX: ffffea00048d0700 RCX: ffffc900004cf1e0 [ 37.796264][ T461] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffea00048d0728 [ 37.804079][ T461] RBP: ffffc900004cf610 R08: dffffc0000000000 R09: fffff9400091a0e6 [ 37.811948][ T461] R10: fffff9400091a0e6 R11: 1ffffd400091a0e5 R12: ffffc908004cf1d8 [ 37.819835][ T461] R13: ffffea00048d0700 R14: 0000000000000000 R15: 1ffff92100099e3b [ 37.827719][ T461] FS: 00007fb42723f700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000 [ 37.836484][ T461] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.842906][ T461] CR2: fffff52100099e3b CR3: 000000011ee39000 CR4: 00000000003506b0 [ 37.850869][ T461] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 37.858646][ T461] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 37.866443][ T461] Call Trace: [ 37.869567][ T461] [ 37.872349][ T461] ? z_erofs_onlinepage_endio+0x170/0x170 [ 37.877986][ T461] ? erofs_namei+0x178/0x1050 [ 37.882504][ T461] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 37.888142][ T461] ? z_erofs_decompress_kickoff+0x17b/0x320 [ 37.893963][ T461] ? z_erofs_decompressqueue_endio+0x520/0x520 [ 37.899952][ T461] ? submit_bio_noacct+0xa80/0xa80 [ 37.904897][ T461] ? bio_add_page+0x2cc/0x450 [ 37.909413][ T461] z_erofs_runqueue+0x138d/0x1470 [ 37.914276][ T461] ? z_erofs_do_read_page+0x2c10/0x2c10 [ 37.919660][ T461] ? __kasan_check_write+0x14/0x20 [ 37.924717][ T461] ? mutex_unlock+0xa2/0x110 [ 37.929145][ T461] ? __mutex_lock_slowpath+0x10/0x10 [ 37.934441][ T461] z_erofs_readpage+0x2fc/0x5d0 [ 37.939219][ T461] ? z_erofs_rcu_callback+0x160/0x160 [ 37.944427][ T461] ? add_to_page_cache_lru+0x225/0x2c0 [ 37.949717][ T461] ? add_to_page_cache_locked+0x40/0x40 [ 37.955097][ T461] do_read_cache_page+0x68b/0xa70 [ 37.959961][ T461] read_cache_page+0x4d/0x70 [ 37.964474][ T461] erofs_namei+0x178/0x1050 [ 37.968899][ T461] erofs_lookup+0x141/0x3b0 [ 37.973322][ T461] ? erofs_namei+0x1050/0x1050 [ 37.977929][ T461] ? _raw_spin_unlock+0x4d/0x70 [ 37.982689][ T461] ? d_alloc+0x198/0x1d0 [ 37.986873][ T461] __lookup_hash+0x141/0x290 [ 37.991301][ T461] filename_create+0x276/0x4f0 [ 37.995898][ T461] ? kern_path_create+0x1b0/0x1b0 [ 38.000750][ T461] do_mknodat+0x16c/0x5b0 [ 38.004918][ T461] ? strncpy_from_user+0x179/0x2b0 [ 38.009948][ T461] ? may_open+0x440/0x440 [ 38.014115][ T461] ? getname_flags+0x1fb/0x510 [ 38.018730][ T461] __x64_sys_mknodat+0xa9/0xc0 [ 38.023327][ T461] do_syscall_64+0x44/0xd0 [ 38.027577][ T461] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 38.033294][ T461] RIP: 0033:0x7fb4276cb5a9 [ 38.037562][ T461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 38.056991][ T461] RSP: 002b:00007fb42723f168 EFLAGS: 00000246 ORIG_RAX: 0000000000000103 [ 38.065233][ T461] RAX: ffffffffffffffda RBX: 00007fb4277ebf80 RCX: 00007fb4276cb5a9 [ 38.073044][ T461] RDX: 0000000000000004 RSI: 0000000020000080 RDI: 0000000000000005 [ 38.081063][ T461] RBP: 00007fb4277267b0 R08: 0000000000000000 R09: 0000000000000000 [ 38.088886][ T461] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 [ 38.096773][ T461] R13: 00007ffeec30e82f R14: 00007fb42723f300 R15: 0000000000022000 [ 38.104588][ T461] [ 38.107451][ T461] Modules linked in: [ 38.111181][ T461] CR2: fffff52100099e3b [ 38.115436][ T461] ---[ end trace 550dc1233130f1d4 ]--- [ 38.120726][ T461] RIP: 0010:z_erofs_decompress_queue+0x8b3/0x1ec0 [ 38.128114][ T461] Code: 84 c0 0f 85 27 02 00 00 41 8b 07 c1 f8 02 89 c0 48 8b 4c 24 68 4c 8d 24 c1 4d 89 e7 49 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <41> 80 3c 07 00 74 08 4c 89 e7 e8 7e eb 80 ff 4d 8b 2c 24 4d 85 ed [ 38.147637][ T461] RSP: 0018:ffffc900004cf0a0 EFLAGS: 00010a02 [ 38.153533][ T461] RAX: dffffc0000000000 RBX: ffffea00048d0700 RCX: ffffc900004cf1e0 [ 38.161399][ T461] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffea00048d0728 [ 38.169515][ T461] RBP: ffffc900004cf610 R08: dffffc0000000000 R09: fffff9400091a0e6 [ 38.177490][ T461] R10: fffff9400091a0e6 R11: 1ffffd400091a0e5 R12: ffffc908004cf1d8 [ 38.185296][ T461] R13: ffffea00048d0700 R14: 0000000000000000 R15: 1ffff92100099e3b [ 38.193196][ T461] FS: 00007fb42723f700(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000 [ 38.201962][ T461] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.208497][ T461] CR2: fffff52100099e3b CR3: 000000011ee39000 CR4: 00000000003506b0 [ 38.216303][ T461] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.224094][ T461] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 38.232078][ T461] Kernel panic - not syncing: Fatal exception [ 38.238235][ T461] Kernel Offset: disabled [ 38.242447][ T461] Rebooting in 86400 seconds..