Warning: Permanently added '10.128.0.239' (ED25519) to the list of known hosts. 2023/11/20 09:01:33 ignoring optional flag "sandboxArg"="0" 2023/11/20 09:01:33 parsed 1 programs [ 69.173166][ T25] audit: type=1400 audit(1700470893.212:159): avc: denied { getattr } for pid=2243 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 69.197175][ T25] audit: type=1400 audit(1700470893.212:160): avc: denied { read } for pid=2243 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 69.219219][ T25] audit: type=1400 audit(1700470893.212:161): avc: denied { open } for pid=2243 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 69.243180][ T25] audit: type=1400 audit(1700470893.242:162): avc: denied { mounton } for pid=2248 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 69.268574][ T25] audit: type=1400 audit(1700470893.242:163): avc: denied { mount } for pid=2248 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 69.311217][ T25] audit: type=1400 audit(1700470893.352:164): avc: denied { unlink } for pid=2248 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2023/11/20 09:01:33 executed programs: 0 [ 69.375537][ T2248] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 69.404062][ T25] audit: type=1400 audit(1700470893.442:165): avc: denied { mounton } for pid=2253 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 70.525426][ T25] audit: type=1400 audit(1700470894.562:166): avc: denied { write } for pid=2253 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 70.546440][ T25] audit: type=1400 audit(1700470894.582:167): avc: denied { read } for pid=2253 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 73.948521][ T2665] loop0: detected capacity change from 0 to 8192 [ 73.958703][ T25] audit: type=1400 audit(1700470897.992:168): avc: denied { mounton } for pid=2664 comm="syz-executor.0" path="/root/syzkaller-testdir840581500/syzkaller.ca26OL/0/file0" dev="sda1" ino=1939 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 73.964235][ T2665] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 74.000585][ T2665] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 74.009874][ T2665] REISERFS (device loop0): using ordered data mode [ 74.016553][ T2665] reiserfs: using flush barriers [ 74.022475][ T2665] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 74.039072][ T2665] REISERFS (device loop0): checking transaction log (loop0) [ 74.076898][ T2665] REISERFS (device loop0): Using r5 hash to sort names [ 74.141616][ T2665] BUG: unable to handle page fault for address: ffff888071e00000 [ 74.149714][ T2665] #PF: supervisor write access in kernel mode [ 74.155838][ T2665] #PF: error_code(0x0002) - not-present page [ 74.161881][ T2665] PGD a401067 P4D a401067 PUD 16833063 PMD 6adb7063 PTE 40048 [ 74.169487][ T2665] Oops: 0002 [#1] PREEMPT SMP KASAN [ 74.174736][ T2665] CPU: 0 PID: 2665 Comm: syz-executor.0 Not tainted 6.7.0-rc2-syzkaller #0 [ 74.183381][ T2665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 74.193509][ T2665] RIP: 0010:memmove+0x28/0x1b0 [ 74.198241][ T2665] Code: c3 90 f3 0f 1e fa 48 89 f8 48 39 fe 7d 0f 49 89 f0 49 01 d0 49 39 f8 0f 8f b5 00 00 00 48 83 fa 20 0f 82 01 01 00 00 48 89 d1 a4 c3 48 81 fa a8 02 00 00 72 05 40 38 fe 74 47 48 83 ea 20 48 [ 74.199828][ C1] ================================================================== [ 74.218783][ T2665] RSP: 0018:ffffc9000267ef28 EFLAGS: 00010282 [ 74.226954][ C1] BUG: KASAN: out-of-bounds in __hrtimer_run_queues+0x868/0x9d0 [ 74.226966][ T2665] [ 74.233011][ T2665] RAX: ffff888069c4dfb4 RBX: 0000000000000010 RCX: fffffffff7e4df95 [ 74.240701][ C1] Read of size 8 at addr ffffc90001fefd40 by task swapper/1/0 [ 74.243020][ T2665] RDX: ffffffffffffffe1 RSI: ffff888071dffff0 RDI: ffff888071e00000 [ 74.250956][ C1] [ 74.250961][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.7.0-rc2-syzkaller #0 [ 74.258819][ T2665] RBP: ffff888069c4d030 R08: ffff888069c4df85 R09: 0000766972705f73 [ 74.266886][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 74.269193][ T2665] R10: 667265736965722e R11: 0000766972705f73 R12: 0000000000000001 [ 74.277311][ C1] Call Trace: [ 74.285251][ T2665] R13: ffff888069c4dfa4 R14: ffff888069c4df84 R15: 0000000000000010 [ 74.295280][ C1] [ 74.303336][ T2665] FS: 00007f50f01446c0(0000) GS:ffff8880ba800000(0000) knlGS:0000000000000000 [ 74.306772][ C1] dump_stack_lvl+0x5c/0xb0 [ 74.315072][ T2665] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.317918][ C1] print_report+0xc4/0x620 [ 74.327003][ T2665] CR2: ffff888071e00000 CR3: 00000000727a3000 CR4: 00000000003506f0 [ 74.331498][ C1] kasan_report+0xda/0x110 [ 74.338240][ T2665] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 74.342639][ C1] ? __hrtimer_run_queues+0x868/0x9d0 [ 74.351019][ T2665] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 74.355536][ C1] ? __hrtimer_run_queues+0x868/0x9d0 [ 74.363688][ T2665] Call Trace: [ 74.369295][ C1] __hrtimer_run_queues+0x868/0x9d0 [ 74.377519][ T2665] [ 74.383058][ C1] ? enqueue_hrtimer+0x270/0x270 [ 74.386319][ T2665] ? __die+0x1e/0x60 [ 74.391577][ C1] hrtimer_interrupt+0x2e4/0x7e0 [ 74.394497][ T2665] ? page_fault_oops+0x273/0x820 [ 74.399421][ C1] __sysvec_apic_timer_interrupt+0x105/0x400 [ 74.403299][ T2665] ? dump_pagetable+0x420/0x420 [ 74.408307][ C1] sysvec_apic_timer_interrupt+0x8b/0xb0 [ 74.413289][ T2665] ? pgtable_bad+0x70/0x70 [ 74.419336][ C1] [ 74.424351][ T2665] ? preempt_count_add+0x72/0x140 [ 74.430216][ C1] [ 74.434687][ T2665] ? memmove+0x28/0x1b0 [ 74.437596][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 74.443021][ T2665] ? search_module_extables+0x98/0xf0 [ 74.446281][ C1] RIP: 0010:acpi_safe_halt+0x1b/0x20 [ 74.450502][ T2665] ? memmove+0x28/0x1b0 [ 74.457105][ C1] Code: ed c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 65 48 8b 04 25 80 93 03 00 48 8b 00 a8 08 75 0c 66 90 0f 00 2d e7 89 69 00 fb f4 c3 0f 1f 00 0f b6 47 08 3c 01 74 0b 3c 02 74 05 8b 7f 04 eb 9f [ 74.462643][ T2665] ? exc_page_fault+0xae/0xc0 [ 74.467987][ C1] RSP: 0018:ffffc9000037fd58 EFLAGS: 00000246 [ 74.472282][ T2665] ? asm_exc_page_fault+0x26/0x30 [ 74.492218][ C1] [ 74.492224][ C1] RAX: 0000000000004000 RBX: 0000000000000001 RCX: ffffffff851a0b27 [ 74.496895][ T2665] ? memmove+0x28/0x1b0 [ 74.503075][ C1] RDX: 0000000000000001 RSI: ffff888145a57000 RDI: ffff888145a57064 [ 74.508196][ T2665] ? get_num_ver.constprop.0+0x10b0/0x10b0 [ 74.510488][ C1] RBP: ffff888145a57064 R08: 0000000000000001 R09: ffffed10175269a5 [ 74.518432][ T2665] ? rcu_is_watching+0x12/0xb0 [ 74.523348][ C1] R10: ffff8880ba934d2b R11: 000000114578f900 R12: ffff8880106ef800 [ 74.531842][ T2665] ? reiserfs_prepare_for_journal+0xfe/0x200 [ 74.539263][ C1] R13: ffffffff86c55ba0 R14: 0000000000000001 R15: 0000000000000000 [ 74.547292][ T2665] ? replace_key+0x150/0x150 [ 74.552035][ C1] ? ct_kernel_exit+0x137/0x190 [ 74.560608][ T2665] ? do_balance+0x30b/0x7b0 [ 74.567099][ C1] acpi_idle_enter+0xc5/0x160 [ 74.575131][ T2665] ? get_right_neighbor_position+0x160/0x160 [ 74.579696][ C1] cpuidle_enter_state+0x83/0x500 [ 74.584671][ T2665] ? bit_wait_io_timeout+0x160/0x160 [ 74.589141][ C1] ? tick_nohz_idle_stop_tick+0x147/0xa60 [ 74.593877][ T2665] ? reiserfs_paste_into_item+0x553/0x6e0 [ 74.599819][ C1] cpuidle_enter+0x49/0xa0 [ 74.604810][ T2665] ? reiserfs_delete_object+0x1c0/0x1c0 [ 74.610056][ C1] do_idle+0x319/0x400 [ 74.615753][ T2665] ? search_by_key+0x56b/0x4a20 [ 74.621435][ C1] ? arch_cpu_idle_exit+0x30/0x30 [ 74.625851][ T2665] ? search_by_entry_key+0x970/0x970 [ 74.631873][ C1] cpu_startup_entry+0x50/0x60 [ 74.635904][ T2665] ? reiserfs_add_entry+0x837/0xc40 [ 74.640906][ C1] start_secondary+0x200/0x290 [ 74.645899][ T2665] ? reiserfs_lookup+0x580/0x580 [ 74.651150][ C1] ? set_cpu_sibling_map+0x1e40/0x1e40 [ 74.655962][ T2665] ? bit_wait_io_timeout+0x160/0x160 [ 74.661301][ C1] secondary_startup_64_no_verify+0x166/0x16b [ 74.666044][ T2665] ? reiserfs_mkdir+0x5de/0x8a0 [ 74.670954][ C1] [ 74.676663][ T2665] ? reiserfs_mknod+0x6c0/0x6c0 [ 74.682091][ C1] [ 74.688207][ T2665] ? lock_sync+0x190/0x190 [ 74.693199][ C1] The buggy address belongs to the virtual mapping at [ 74.693199][ C1] [ffffc90001fe8000, ffffc90001ff1000) created by: [ 74.693199][ C1] kernel_clone+0xcb/0x650 [ 74.696188][ T2665] ? preempt_count_sub+0x160/0x160 [ 74.700997][ C1] [ 74.700999][ C1] The buggy address belongs to the physical page: [ 74.703293][ T2665] ? reiserfs_xattr_init+0x418/0x9f0 [ 74.707934][ C1] page:ffffea0001c42540 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x71095 [ 74.725592][ T2665] ? reiserfs_fill_super+0x1bb8/0x28b0 [ 74.730839][ C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 74.733134][ T2665] ? reiserfs_remount+0x1490/0x1490 [ 74.739516][ C1] page_type: 0xffffffff() [ 74.744779][ T2665] ? up_write+0x510/0x510 [ 74.755011][ C1] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 74.760621][ T2665] ? lock_sync+0x190/0x190 [ 74.767975][ C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 74.773139][ T2665] ? sb_set_blocksize+0x3d/0xe0 [ 74.777433][ C1] page dumped because: kasan: bad access detected [ 74.781730][ T2665] ? reiserfs_remount+0x1490/0x1490 [ 74.790368][ C1] page_owner tracks the page as allocated [ 74.795015][ T2665] ? mount_bdev+0x19e/0x270 [ 74.804006][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), pid 1722, tgid 1719 (syz-fuzzer), ts 43110643351, free_ts 42768943913 [ 74.808838][ T2665] ? sget+0x540/0x540 [ 74.815320][ C1] post_alloc_hook+0x2d0/0x350 [ 74.820482][ T2665] ? vfs_parse_fs_string+0xd3/0x120 [ 74.826263][ C1] get_page_from_freelist+0xa28/0x36d0 [ 74.830730][ T2665] ? reiserfs_kill_sb+0x1d0/0x1d0 [ 74.849952][ C1] __alloc_pages+0x22e/0x2420 [ 74.853998][ T2665] ? legacy_get_tree+0xfe/0x1f0 [ 74.858728][ C1] alloc_pages_mpol+0x175/0x4c0 [ 74.863888][ T2665] ? vfs_get_tree+0x82/0x340 [ 74.869411][ C1] __vmalloc_node_range+0x728/0x1180 [ 74.874523][ T2665] ? path_mount+0x878/0x1a00 [ 74.879163][ C1] copy_process+0x1142/0x64e0 [ 74.884153][ T2665] ? finish_automount+0x830/0x830 [ 74.889001][ C1] kernel_clone+0xcb/0x650 [ 74.893646][ T2665] ? kmem_cache_free+0x225/0x390 [ 74.898907][ C1] __do_sys_clone+0xa1/0xe0 [ 74.903474][ T2665] ? lockdep_hardirqs_on+0x7d/0x110 [ 74.908207][ C1] do_syscall_64+0x40/0xe0 [ 74.913296][ T2665] ? getname_flags.part.0+0xb2/0x440 [ 74.917886][ C1] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 74.922826][ T2665] ? __x64_sys_mount+0x208/0x280 [ 74.927481][ C1] page last free stack trace: [ 74.927492][ C1] free_unref_page_prepare+0x4e7/0xa20 [ 74.933099][ T2665] ? copy_mnt_ns+0xa70/0xa70 [ 74.938061][ C1] free_unref_page+0x33/0x3b0 [ 74.943485][ T2665] ? syscall_enter_from_user_mode+0x7f/0x120 [ 74.949338][ C1] slabs_destroy+0x85/0xc0 [ 74.954333][ T2665] ? do_syscall_64+0x40/0xe0 [ 74.959152][ C1] ___cache_free+0x2b7/0x420 [ 74.964572][ T2665] ? entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 74.969212][ C1] qlist_free_all+0x4c/0x1b0 [ 74.973940][ T2665] [ 74.979879][ C1] kasan_quarantine_reduce+0x18e/0x1d0 [ 74.984348][ T2665] Modules linked in: [ 74.988990][ C1] __kasan_slab_alloc+0x65/0x90 [ 74.993584][ T2665] [ 74.999800][ C1] kmem_cache_alloc+0x159/0x360 [ 75.004395][ T2665] CR2: ffff888071e00000 [ 75.007467][ C1] getname_flags.part.0+0x4a/0x440 [ 75.012979][ T2665] ---[ end trace 0000000000000000 ]--- [ 75.017008][ C1] vfs_fstatat+0x77/0xb0 [ 75.021840][ T2665] RIP: 0010:memmove+0x28/0x1b0 [ 75.024138][ C1] __do_sys_newfstatat+0x85/0xe0 [ 75.028963][ T2665] Code: c3 90 f3 0f 1e fa 48 89 f8 48 39 fe 7d 0f 49 89 f0 49 01 d0 49 39 f8 0f 8f b5 00 00 00 48 83 fa 20 0f 82 01 01 00 00 48 89 d1 a4 c3 48 81 fa a8 02 00 00 72 05 40 38 fe 74 47 48 83 ea 20 48 [ 75.033109][ C1] do_syscall_64+0x40/0xe0 [ 75.038365][ T2665] RSP: 0018:ffffc9000267ef28 EFLAGS: 00010282 [ 75.043788][ C1] entry_SYSCALL_64_after_hwframe+0x63/0x6b [ 75.048298][ T2665] [ 75.053115][ C1] [ 75.058104][ T2665] RAX: ffff888069c4dfb4 RBX: 0000000000000010 RCX: fffffffff7e4df95 [ 75.079085][ C1] Memory state around the buggy address: [ 75.079094][ C1] ffffc90001fefc00: 48 00 04 00 00 00 00 00 01 00 00 00 02 00 00 00 [ 75.083472][ T2665] RDX: ffffffffffffffe1 RSI: ffff888071dffff0 RDI: ffff888071e00000 [ 75.089591][ C1] ffffc90001fefc80: 48 00 04 00 00 00 00 00 01 00 00 00 02 00 00 00 [ 75.095533][ T2665] RBP: ffff888069c4d030 R08: ffff888069c4df85 R09: 0000766972705f73 [ 75.097919][ C1] >ffffc90001fefd00: 48 00 04 00 00 00 00 00 01 00 00 00 02 00 00 00 [ 75.100212][ T2665] R10: 667265736965722e R11: 0000766972705f73 R12: 0000000000000001 [ 75.108262][ C1] ^ [ 75.108267][ C1] ffffc90001fefd80: 48 00 04 00 00 00 00 00 01 00 00 00 02 00 00 00 [ 75.113868][ T2665] R13: ffff888069c4dfa4 R14: ffff888069c4df84 R15: 0000000000000010 [ 75.121983][ C1] ffffc90001fefe00: 48 00 04 00 00 00 00 00 01 00 00 00 02 00 00 00 [ 75.129928][ T2665] FS: 00007f50f01446c0(0000) GS:ffff8880ba800000(0000) knlGS:0000000000000000 [ 75.138152][ C1] ================================================================== [ 75.146118][ T2665] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.154846][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 75.162807][ T2665] CR2: ffff888071e00000 CR3: 00000000727a3000 CR4: 00000000003506f0 [ 75.162818][ T2665] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 75.162821][ T2665] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 76.251550][ C1] Shutting down cpus with NMI [ 76.343170][ C1] Kernel Offset: disabled [ 76.347475][ C1] Rebooting in 86400 seconds..