Warning: Permanently added '10.128.1.153' (ED25519) to the list of known hosts. 2024/03/24 10:58:03 ignoring optional flag "sandboxArg"="0" 2024/03/24 10:58:03 parsed 1 programs [ 42.291255][ T23] kauditd_printk_skb: 75 callbacks suppressed [ 42.291260][ T23] audit: type=1400 audit(1711277883.460:151): avc: denied { mounton } for pid=335 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 42.322167][ T23] audit: type=1400 audit(1711277883.460:152): avc: denied { mount } for pid=335 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 42.345485][ T23] audit: type=1400 audit(1711277883.460:153): avc: denied { setattr } for pid=335 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 42.368586][ T23] audit: type=1400 audit(1711277883.460:154): avc: denied { read write } for pid=335 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 42.394979][ T23] audit: type=1400 audit(1711277883.460:155): avc: denied { open } for pid=335 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" 2024/03/24 10:58:03 executed programs: 0 [ 42.420870][ T23] audit: type=1400 audit(1711277883.490:156): avc: denied { unlink } for pid=335 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 42.446722][ T23] audit: type=1400 audit(1711277883.490:157): avc: denied { relabelto } for pid=336 comm="mkswap" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 42.472539][ T335] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 42.490460][ T23] audit: type=1400 audit(1711277883.660:158): avc: denied { mounton } for pid=341 comm="syz-executor.0" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 42.528053][ T341] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.534936][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.542244][ T341] device bridge_slave_0 entered promiscuous mode [ 42.548952][ T341] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.556016][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.563264][ T341] device bridge_slave_1 entered promiscuous mode [ 42.596702][ T341] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.603680][ T341] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.611110][ T341] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.618019][ T341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.634743][ T302] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.642247][ T302] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.650051][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.657250][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.665979][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.673922][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.680771][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.698469][ T341] device veth0_vlan entered promiscuous mode [ 42.704856][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 42.713184][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 42.721201][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 42.728972][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 42.736557][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.745324][ T302] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.752182][ T302] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.759323][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.767181][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.779246][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 42.787954][ T341] device veth1_macvtap entered promiscuous mode [ 42.797604][ T302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 42.807666][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 42.829005][ T23] audit: type=1400 audit(1711277883.990:159): avc: denied { mounton } for pid=346 comm="syz-executor.0" path="/root/syzkaller-testdir1415993288/syzkaller.TOPBmf/0/file1" dev="sda1" ino=1939 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 42.861536][ T347] EXT4-fs (loop0): 1 orphan inode deleted [ 42.867227][ T347] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,norecovery,dioread_lock,errors=remount-ro,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_alloc,max_dir_size_kb=0x00000000000004e1, [ 42.889001][ T347] ext4 filesystem being mounted at /root/syzkaller-testdir1415993288/syzkaller.TOPBmf/0/file1 supports timestamps until 2038 (0x7fffffff) [ 42.889123][ T23] audit: type=1400 audit(1711277884.050:160): avc: denied { mount } for pid=346 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 42.926914][ T352] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:475: comm syz-executor.0: Invalid block bitmap block 0 in block_group 0 [ 42.940963][ T352] EXT4-fs (loop0): Remounting filesystem read-only [ 42.947266][ T352] EXT4-fs error (device loop0) in ext4_mb_clear_bb:5612: Corrupt filesystem [ 42.956367][ T352] ================================================================== [ 42.964464][ T352] BUG: KASAN: out-of-bounds in ext4_ext_remove_space+0xfae/0x3c70 [ 42.972172][ T352] Read of size 18446744073709551544 at addr ffff888120ded054 by task syz-executor.0/352 [ 42.981896][ T352] [ 42.984074][ T352] CPU: 1 PID: 352 Comm: syz-executor.0 Not tainted 5.10.209-syzkaller #0 [ 42.992358][ T352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 43.002220][ T352] Call Trace: [ 43.005332][ T352] dump_stack_lvl+0x81/0xac [ 43.009710][ T352] print_address_description.constprop.0+0x24/0x160 [ 43.016314][ T352] ? ext4_ext_remove_space+0xfae/0x3c70 [ 43.021852][ T352] kasan_report.cold+0x82/0xdb [ 43.026534][ T352] ? ext4_ext_remove_space+0xfae/0x3c70 [ 43.032070][ T352] kasan_check_range+0x148/0x190 [ 43.037031][ T352] memmove+0x24/0x60 [ 43.040774][ T352] ext4_ext_remove_space+0xfae/0x3c70 [ 43.046067][ T352] ? ext4_ext_index_trans_blocks+0x100/0x100 [ 43.052527][ T352] ? _raw_write_unlock+0x38/0x60 [ 43.057452][ T352] ? ext4_es_lookup_extent+0x9b0/0x9b0 [ 43.062782][ T352] ? ext4_zero_partial_blocks+0x21b/0x520 [ 43.068301][ T352] ? __ext4_journal_start_sb+0x33/0x2d0 [ 43.073680][ T352] ext4_punch_hole+0x783/0xf90 [ 43.078679][ T352] ? rwsem_down_write_slowpath+0x1160/0x1160 [ 43.084480][ T352] ? avc_has_extended_perms+0x646/0xeb0 [ 43.089884][ T352] ext4_fallocate+0x6fb/0x2c90 [ 43.094658][ T352] ? avc_ss_reset+0x120/0x120 [ 43.099368][ T352] ? ext4_ext_truncate+0x1c0/0x1c0 [ 43.104520][ T352] ? security_file_permission+0x4c/0x460 [ 43.109961][ T352] vfs_fallocate+0x2b1/0xb10 [ 43.114569][ T352] ioctl_preallocate+0x149/0x1c0 [ 43.119330][ T352] ? fiemap_prep+0x200/0x200 [ 43.123804][ T352] ? __kasan_check_write+0x14/0x20 [ 43.128742][ T352] ? _raw_spin_lock_irq+0x87/0x110 [ 43.133746][ T352] do_vfs_ioctl+0xaec/0xd10 [ 43.138243][ T352] ? generic_block_fiemap+0x70/0x70 [ 43.143675][ T352] ? sigsuspend+0x250/0x250 [ 43.148021][ T352] ? __kasan_check_write+0x14/0x20 [ 43.153048][ T352] ? selinux_file_ioctl+0xee/0x240 [ 43.158117][ T352] __x64_sys_ioctl+0xce/0x1a0 [ 43.163379][ T352] do_syscall_64+0x32/0x80 [ 43.168059][ T352] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 43.174042][ T352] RIP: 0033:0x7fee532e9ae9 [ 43.179107][ T352] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 43.199011][ T352] RSP: 002b:00007fee4aa8b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 43.207586][ T352] RAX: ffffffffffffffda RBX: 00007fee53409050 RCX: 00007fee532e9ae9 [ 43.215389][ T352] RDX: 0000000020000080 RSI: 000000004030582b RDI: 0000000000000004 [ 43.223200][ T352] RBP: 00007fee5333547a R08: 0000000000000000 R09: 0000000000000000 [ 43.231008][ T352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 43.239191][ T352] R13: 000000000000000b R14: 00007fee53409050 R15: 00007ffdf314e788 [ 43.247243][ T352] [ 43.249604][ T352] The buggy address belongs to the page: [ 43.255156][ T352] page:ffffea0004837b40 refcount:2 mapcount:0 mapping:ffff888108fafe10 index:0x3a pfn:0x120ded [ 43.265410][ T352] aops:def_blk_aops ino:0 [ 43.269645][ T352] flags: 0x4000000000002036(referenced|uptodate|lru|active|private) [ 43.277641][ T352] raw: 4000000000002036 ffffea00048371c8 ffffea0004833ec8 ffff888108fafe10 [ 43.286145][ T352] raw: 000000000000003a ffff88811a3dd1f8 00000002ffffffff ffff88811ceae000 [ 43.294733][ T352] page dumped because: kasan: bad access detected [ 43.300998][ T352] page->mem_cgroup:ffff88811ceae000 [ 43.306293][ T352] page_owner tracks the page as allocated [ 43.311855][ T352] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 347, ts 42924911665, free_ts 0 [ 43.327913][ T352] get_page_from_freelist+0x1fee/0x2ad0 [ 43.333294][ T352] __alloc_pages_nodemask+0x2ae/0x2360 [ 43.338673][ T352] pagecache_get_page+0x169/0x6f0 [ 43.343535][ T352] __getblk_slow+0x1ad/0x580 [ 43.347956][ T352] __getblk_gfp+0x3d/0x50 [ 43.352207][ T352] ext4_ext_insert_extent+0xe64/0x3ec0 [ 43.357533][ T352] ext4_ext_map_blocks+0xf09/0x5100 [ 43.362610][ T352] ext4_map_blocks+0x593/0x1450 [ 43.367384][ T352] _ext4_get_block+0x206/0x5b0 [ 43.372169][ T352] ext4_get_block+0x11/0x20 [ 43.376757][ T352] ext4_block_write_begin+0x3b9/0xdc0 [ 43.382053][ T352] ext4_write_begin+0x484/0xf00 [ 43.386735][ T352] ext4_da_write_begin+0x52b/0xc30 [ 43.391685][ T352] generic_perform_write+0x202/0x4a0 [ 43.396800][ T352] ext4_buffered_write_iter+0x1e5/0x420 [ 43.402198][ T352] ext4_file_write_iter+0x358/0x18e0 [ 43.407305][ T352] page_owner free stack trace missing [ 43.412525][ T352] [ 43.414682][ T352] Memory state around the buggy address: [ 43.420160][ T352] ffff888120decf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 43.428153][ T352] ffff888120decf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 43.436313][ T352] >ffff888120ded000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.444231][ T352] ^ [ 43.450790][ T352] ffff888120ded080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.458793][ T352] ffff888120ded100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 43.466695][ T352] ================================================================== [ 43.474603][ T352] Disabling lock debugging due to kernel taint [ 43.481607][ T352] EXT4-fs error (device loop0): __ext4_get_inode_loc:4425: comm syz-executor.0: Invalid inode table block 0 in block_group 0 [ 43.495293][ T352] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5886: Corrupt filesystem [ 43.504987][ T352] EXT4-fs error (device loop0): ext4_punch_hole:4218: inode #16: comm syz-executor.0: mark_inode_dirty error [ 43.631884][ T355] EXT4-fs (loop0): 1 orphan inode deleted [ 43.637565][ T355] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,norecovery,dioread_lock,errors=remount-ro,noauto_da_alloc,resgid=0x0000000000000000,barrier,auto_da_alloc,max_dir_size_kb=0x00000000000004e1, [ 43.659385][ T355] ext4 filesystem being mounted at /root/syzkaller-testdir1415993288/syzkaller.TOPBmf/1/file1 supports timestamps until 2038 (0x7fffffff) [ 43.678894][ T359] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:475: comm syz-executor.0: Invalid block bitmap block 0 in block_group 0 [ 43.693112][ T359] EXT4-fs (loop0): Remounting filesystem read-only [ 43.699559][ T359] EXT4-fs error (device loop0) in ext4_mb_clear_bb:5612: Corrupt filesystem [ 43.718210][ T341] general protection fault, probably for non-canonical address 0xe5a912bc60000003: 0000 [#1] PREEMPT SMP KASAN [ 43.729938][ T341] KASAN: maybe wild-memory-access in range [0x2d48b5e300000018-0x2d48b5e30000001f] [ 43.739394][ T341] CPU: 1 PID: 341 Comm: syz-executor.0 Tainted: G B 5.10.209-syzkaller #0 [ 43.749017][ T341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 43.758967][ T341] RIP: 0010:timerqueue_add+0x81/0x300 [ 43.764143][ T341] Code: 0f 85 6a 02 00 00 4d 8b 7e 18 41 b8 01 00 00 00 49 bd 00 00 00 00 00 fc ff df eb 03 48 89 c3 48 8d 7b 18 48 89 f8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 6c 01 00 00 4c 3b 7b 18 4c 8d 63 10 7c 07 4c [ 43.783651][ T341] RSP: 0018:ffffc900007f7b50 EFLAGS: 00010006 [ 43.789549][ T341] RAX: 05a916bc60000003 RBX: 2d48b5e300000000 RCX: ffffffff82395b33 [ 43.797912][ T341] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 2d48b5e300000018 [ 43.805719][ T341] RBP: ffffc900007f7b88 R08: 0000000000000000 R09: ffff8881f7549ae0 [ 43.813712][ T341] R10: fffffbfff0a98205 R11: 0000000000000000 R12: ffffc90000907ad8 [ 43.821734][ T341] R13: dffffc0000000000 R14: ffffc900007f7d90 R15: 0000000a2cbbc7c8 [ 43.829550][ T341] FS: 0000555555586480(0000) GS:ffff8881f7500000(0000) knlGS:0000000000000000 [ 43.838423][ T341] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.844932][ T341] CR2: 00007fee4aa8bd58 CR3: 000000011fa33000 CR4: 00000000003506a0 [ 43.852756][ T341] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 43.860569][ T341] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 43.868743][ T341] Call Trace: [ 43.871869][ T341] ? show_regs.part.0+0x1e/0x20 [ 43.876636][ T341] ? die_addr.cold+0x8/0xd [ 43.880930][ T341] ? exc_general_protection+0x19b/0x2e0 [ 43.886380][ T341] ? asm_exc_general_protection+0x1e/0x30 [ 43.892159][ T341] ? timerqueue_add+0x223/0x300 [ 43.896821][ T341] ? timerqueue_add+0x81/0x300 [ 43.901414][ T341] enqueue_hrtimer+0xcb/0x1c0 [ 43.905945][ T341] hrtimer_start_range_ns+0x5a5/0xae0 [ 43.911231][ T341] ? remove_wait_queue+0x10f/0x190 [ 43.916168][ T341] do_nanosleep+0x197/0x540 [ 43.920505][ T341] ? wait_consider_task+0x4080/0x4080 [ 43.925725][ T341] ? schedule_hrtimeout+0x20/0x20 [ 43.930573][ T341] ? memset+0x3c/0x50 [ 43.934603][ T341] ? __hrtimer_init+0x2f/0x1d0 [ 43.939195][ T341] ? __ia32_sys_waitid+0x140/0x140 [ 43.944263][ T341] hrtimer_nanosleep+0x191/0x3b0 [ 43.949025][ T341] ? nanosleep_copyout+0xd0/0xd0 [ 43.953940][ T341] ? __hrtimer_init+0x1d0/0x1d0 [ 43.958674][ T341] ? get_timespec64+0x72/0x220 [ 43.963341][ T341] ? put_timespec64+0x100/0x100 [ 43.968110][ T341] common_nsleep+0x78/0xb0 [ 43.972461][ T341] __x64_sys_clock_nanosleep+0x2a4/0x440 [ 43.977923][ T341] ? __ia32_sys_clock_getres_time32+0x1d0/0x1d0 [ 43.983990][ T341] ? debug_smp_processor_id+0x17/0x20 [ 43.989196][ T341] ? exit_to_user_mode_prepare+0x32/0x120 [ 43.994849][ T341] do_syscall_64+0x32/0x80 [ 43.999092][ T341] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 44.004819][ T341] RIP: 0033:0x7fee53314eb3 [ 44.009166][ T341] Code: 00 00 00 00 0f 1f 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 4e 40 0d 00 00 74 14 b8 e6 00 00 00 0f 05 d8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 [ 44.029010][ T341] RSP: 002b:00007ffdf314ea58 EFLAGS: 00000202 ORIG_RAX: 00000000000000e6 [ 44.037272][ T341] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fee53314eb3 [ 44.045168][ T341] RDX: 00007ffdf314ea70 RSI: 0000000000000000 RDI: 0000000000000000 [ 44.053189][ T341] RBP: 00007ffdf314eafc R08: 000000000000002b R09: 00007ffdf315a080 [ 44.061081][ T341] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000032 [ 44.068979][ T341] R13: 000000000000aa8b R14: 000000000000aa41 R15: 0000000000000005 [ 44.076912][ T341] Modules linked in: [ 44.080645][ T341] ---[ end trace c86f7dbb41cf8187 ]--- [ 44.080715][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 44.086185][ T341] RIP: 0010:timerqueue_add+0x81/0x300 [ 44.093896][ C0] #PF: supervisor instruction fetch in kernel mode [ 44.099106][ T341] Code: 0f 85 6a 02 00 00 4d 8b 7e 18 41 b8 01 00 00 00 49 bd 00 00 00 00 00 fc ff df eb 03 48 89 c3 48 8d 7b 18 48 89 f8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 6c 01 00 00 4c 3b 7b 18 4c 8d 63 10 7c 07 4c [ 44.105531][ C0] #PF: error_code(0x0010) - not-present page [ 44.125080][ T341] RSP: 0018:ffffc900007f7b50 EFLAGS: 00010006 [ 44.130874][ C0] PGD 1039e4067 P4D 1039e4067 [ 44.136945][ T341] RAX: 05a916bc60000003 RBX: 2d48b5e300000000 RCX: ffffffff82395b33 [ 44.136950][ C0] PUD 1039e2067 [ 44.141544][ T341] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 2d48b5e300000018 [ 44.149550][ C0] PMD 0 [ 44.152939][ T341] RBP: ffffc900007f7b88 R08: 0000000000000000 R09: ffff8881f7549ae0 [ 44.160832][ C0] [ 44.163537][ T341] R10: fffffbfff0a98205 R11: 0000000000000000 R12: ffffc90000907ad8 [ 44.171432][ C0] Oops: 0010 [#2] PREEMPT SMP KASAN [ 44.173609][ T341] R13: dffffc0000000000 R14: ffffc900007f7d90 R15: 0000000a2cbbc7c8 [ 44.181395][ C0] CPU: 0 PID: 359 Comm: syz-executor.0 Tainted: G B D 5.10.209-syzkaller #0 [ 44.186447][ T341] FS: 0000555555586480(0000) GS:ffff8881f7500000(0000) knlGS:0000000000000000 [ 44.194246][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 44.203884][ T341] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.212675][ C0] RIP: 0010:0x0 [ 44.222536][ T341] CR2: 00007fee4aa8bd58 CR3: 000000011fa33000 CR4: 00000000003506a0 [ 44.229059][ C0] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. [ 44.232426][ T341] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.240340][ C0] RSP: 0018:ffffc90000007e10 EFLAGS: 00010246 [ 44.247899][ T341] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.255685][ C0] [ 44.261685][ T341] Kernel panic - not syncing: Fatal exception [ 44.269518][ C0] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffff8881025dce00 [ 44.285545][ C0] RDX: 00000000ffffffff RSI: ffffc90000007e90 RDI: ffff888121725058 [ 44.293456][ C0] RBP: ffffc90000007f18 R08: ffff888121725058 R09: ffff8881f74574cf [ 44.301343][ C0] R10: ffffed103ee8ae99 R11: 0000000000000000 R12: ffff8881025dce00 [ 44.309155][ C0] R13: ffffc90000007e90 R14: ffffc90000007ef0 R15: 0000000000000000 [ 44.317050][ C0] FS: 00007fee4aa8b6c0(0000) GS:ffff8881f7400000(0000) knlGS:0000000000000000 [ 44.325816][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.332252][ C0] CR2: ffffffffffffffd6 CR3: 0000000103595000 CR4: 00000000003506b0 [ 44.340248][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.348157][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 44.355931][ C0] Call Trace: [ 44.359239][ C0] [ 44.361931][ C0] ? show_regs.part.0+0x1e/0x20 [ 44.366615][ C0] ? __die+0x5d/0x9e [ 44.370347][ C0] ? no_context+0x428/0x7e0 [ 44.374680][ C0] ? is_prefetch.constprop.0+0x330/0x330 [ 44.380249][ C0] ? reweight_entity+0x3f5/0x580 [ 44.385103][ C0] ? __bad_area_nosemaphore+0x72/0x330 [ 44.390388][ C0] ? update_cfs_group+0x1ac/0x240 [ 44.395252][ C0] ? bad_area_nosemaphore+0x11/0x20 [ 44.400294][ C0] ? do_user_addr_fault+0x3e3/0xa30 [ 44.405432][ C0] ? trigger_load_balance+0x1e3/0x920 [ 44.410697][ C0] ? dequeue_task_fair+0x1770/0x1770 [ 44.415818][ C0] ? mm_fault_error+0x240/0x240 [ 44.420509][ C0] ? exc_page_fault+0x65/0xc0 [ 44.425111][ C0] ? asm_exc_page_fault+0x1e/0x30 [ 44.430057][ C0] rcu_do_batch+0x34e/0xb90 [ 44.434407][ C0] ? rcu_nocb_gp_kthread+0x1030/0x1030 [ 44.439691][ C0] ? _raw_spin_unlock_irqrestore+0x47/0x80 [ 44.445333][ C0] rcu_core+0x3fa/0xa40 [ 44.449510][ C0] rcu_core_si+0x9/0x10 [ 44.453535][ C0] __do_softirq+0x1bc/0x5f3 [ 44.457853][ C0] asm_call_irq_on_stack+0xf/0x20 [ 44.462690][ C0] [ 44.465505][ C0] do_softirq_own_stack+0x61/0x80 [ 44.470523][ C0] irq_exit_rcu+0x95/0x170 [ 44.474769][ C0] sysvec_apic_timer_interrupt+0x3f/0xe0 [ 44.480235][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 44.486140][ C0] RIP: 0010:__memmove+0x19c/0x1a0 [ 44.490993][ C0] Code: fa 02 72 16 66 44 8b 1e 66 44 8b 54 16 fe 66 44 89 1f 66 44 89 54 17 fe eb 0c 48 83 fa 01 72 06 44 8a 1e 44 88 1f c3 48 89 d1 a4 c3 cc eb 2e 0f 1f 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 [ 44.511050][ C0] RSP: 0018:ffffc90000957898 EFLAGS: 00010282 [ 44.516952][ C0] RAX: ffff888120de1048 RBX: ffff88811a3e2508 RCX: fffffffffef6500c [ 44.524844][ C0] RDX: ffffffffffffffb8 RSI: ffff888121e7c000 RDI: ffff888121e7bff4 [ 44.532653][ C0] RBP: ffffc900009578b8 R08: 0000000000000001 R09: ffff888120de1000 [ 44.541028][ C0] R10: dffffc0000000000 R11: 0000000000000000 R12: ffffffffffffffb8 [ 44.548892][ C0] R13: ffff888120de1054 R14: ffff888120de1048 R15: ffff888120de104c [ 44.556798][ C0] ? memmove+0x4e/0x60 [ 44.560694][ C0] ext4_ext_remove_space+0xfae/0x3c70 [ 44.565900][ C0] ? ext4_ext_index_trans_blocks+0x100/0x100 [ 44.571737][ C0] ? _raw_write_unlock+0x38/0x60 [ 44.576493][ C0] ? ext4_es_lookup_extent+0x9b0/0x9b0 [ 44.581802][ C0] ? ext4_zero_partial_blocks+0x21b/0x520 [ 44.587349][ C0] ? __ext4_journal_start_sb+0x33/0x2d0 [ 44.593257][ C0] ext4_punch_hole+0x783/0xf90 [ 44.598184][ C0] ? rwsem_down_write_slowpath+0x1160/0x1160 [ 44.603995][ C0] ext4_fallocate+0x6fb/0x2c90 [ 44.608671][ C0] ? avc_ss_reset+0x120/0x120 [ 44.613112][ C0] ? ext4_ext_truncate+0x1c0/0x1c0 [ 44.618057][ C0] ? security_file_permission+0x4c/0x460 [ 44.623615][ C0] vfs_fallocate+0x2b1/0xb10 [ 44.628038][ C0] ioctl_preallocate+0x149/0x1c0 [ 44.632860][ C0] ? fiemap_prep+0x200/0x200 [ 44.637252][ C0] ? __kasan_check_write+0x14/0x20 [ 44.642278][ C0] ? _raw_spin_lock_irq+0x87/0x110 [ 44.647219][ C0] do_vfs_ioctl+0xaec/0xd10 [ 44.651731][ C0] ? generic_block_fiemap+0x70/0x70 [ 44.656764][ C0] ? sigsuspend+0x250/0x250 [ 44.661084][ C0] ? __kasan_check_write+0x14/0x20 [ 44.666032][ C0] ? selinux_file_ioctl+0xee/0x240 [ 44.671149][ C0] __x64_sys_ioctl+0xce/0x1a0 [ 44.675674][ C0] do_syscall_64+0x32/0x80 [ 44.679906][ C0] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 44.685636][ C0] RIP: 0033:0x7fee532e9ae9 [ 44.690048][ C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 44.709691][ C0] RSP: 002b:00007fee4aa8b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 44.718483][ C0] RAX: ffffffffffffffda RBX: 00007fee53409050 RCX: 00007fee532e9ae9 [ 44.726292][ C0] RDX: 0000000020000080 RSI: 000000004030582b RDI: 0000000000000004 [ 44.734361][ C0] RBP: 00007fee5333547a R08: 0000000000000000 R09: 0000000000000000 [ 44.742258][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 44.750062][ C0] R13: 000000000000000b R14: 00007fee53409050 R15: 00007ffdf314e788 [ 44.758055][ C0] Modules linked in: [ 44.762093][ C0] CR2: 0000000000000000 [ 44.766160][ C0] ---[ end trace c86f7dbb41cf8188 ]--- [ 44.771628][ C0] RIP: 0010:timerqueue_add+0x81/0x300 [ 44.776745][ C0] Code: 0f 85 6a 02 00 00 4d 8b 7e 18 41 b8 01 00 00 00 49 bd 00 00 00 00 00 fc ff df eb 03 48 89 c3 48 8d 7b 18 48 89 f8 48 c1 e8 03 <42> 80 3c 28 00 0f 85 6c 01 00 00 4c 3b 7b 18 4c 8d 63 10 7c 07 4c [ 44.796501][ C0] RSP: 0018:ffffc900007f7b50 EFLAGS: 00010006 [ 44.802525][ C0] RAX: 05a916bc60000003 RBX: 2d48b5e300000000 RCX: ffffffff82395b33 [ 44.810418][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 2d48b5e300000018 [ 44.818233][ C0] RBP: ffffc900007f7b88 R08: 0000000000000000 R09: ffff8881f7549ae0 [ 44.826563][ C0] R10: fffffbfff0a98205 R11: 0000000000000000 R12: ffffc90000907ad8 [ 44.834455][ C0] R13: dffffc0000000000 R14: ffffc900007f7d90 R15: 0000000a2cbbc7c8 [ 44.842454][ C0] FS: 00007fee4aa8b6c0(0000) GS:ffff8881f7400000(0000) knlGS:0000000000000000 [ 44.851311][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.857733][ C0] CR2: ffffffffffffffd6 CR3: 0000000103595000 CR4: 00000000003506b0 [ 44.865629][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 44.873708][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 45.460833][ T341] Shutting down cpus with NMI [ 45.465635][ T341] Kernel Offset: disabled [ 45.469771][ T341] Rebooting in 86400 seconds..