Warning: Permanently added '10.128.1.72' (ED25519) to the list of known hosts.
2023/09/30 20:27:04 ignoring optional flag "sandboxArg"="0"
2023/09/30 20:27:04 parsed 1 programs
[ 47.219353][ T25] audit: type=1400 audit(1696105624.888:159): avc: denied { getattr } for pid=2228 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 47.243853][ T25] audit: type=1400 audit(1696105624.888:160): avc: denied { read } for pid=2228 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 47.265299][ T25] audit: type=1400 audit(1696105624.888:161): avc: denied { open } for pid=2228 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 47.289078][ T25] audit: type=1400 audit(1696105624.888:162): avc: denied { mounton } for pid=2233 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 47.315315][ T25] audit: type=1400 audit(1696105624.888:163): avc: denied { mount } for pid=2233 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[ 47.339682][ T25] audit: type=1400 audit(1696105625.008:164): avc: denied { unlink } for pid=2233 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
2023/09/30 20:27:05 executed programs: 0
[ 47.393381][ T2233] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 47.419848][ T25] audit: type=1400 audit(1696105625.088:165): avc: denied { mounton } for pid=2238 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[ 48.280629][ T25] audit: type=1400 audit(1696105625.948:166): avc: denied { write } for pid=2238 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 48.312340][ T25] audit: type=1400 audit(1696105625.978:167): avc: denied { read } for pid=2238 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 50.832276][ T2651] loop0: detected capacity change from 0 to 8192
[ 50.839909][ T25] audit: type=1400 audit(1696105628.508:168): avc: denied { mounton } for pid=2650 comm="syz-executor.0" path="/root/syzkaller-testdir2780745764/syzkaller.NwIjKk/0/file0" dev="sda1" ino=1938 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 50.842531][ T2651] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[ 50.880423][ T2651] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[ 50.890364][ T2651] REISERFS (device loop0): using ordered data mode
[ 50.896895][ T2651] reiserfs: using flush barriers
[ 50.902476][ T2651] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[ 50.919454][ T2651] REISERFS (device loop0): checking transaction log (loop0)
[ 50.944965][ T2651] REISERFS (device loop0): Using r5 hash to sort names
[ 50.952031][ T2651] REISERFS (device loop0): using 3.5.x disk format
[ 50.959303][ T2651] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[ 51.014525][ C1] divide error: 0000 [#1] PREEMPT SMP KASAN
[ 51.020710][ C1] CPU: 1 PID: 2651 Comm: syz-executor.0 Not tainted 6.6.0-rc3-syzkaller #0
[ 51.029475][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 51.039861][ C1] RIP: 0010:reweight_entity+0x593/0x840
[ 51.045410][ C1] Code: 43 28 48 ba 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 11 00 0f 85 54 01 00 00 48 8b 4b 68 48 29 c8 49 0f af c6 48 99 <49> f7 fd 48 01 c8 48 89 43 28 e9 a8 fd ff ff 48 8d bd 88 00 00 00
[ 51.065533][ C1] RSP: 0018:ffffc900003e8c48 EFLAGS: 00010002
[ 51.071855][ C1] RAX: 0000016e7204d71f RBX: ffff888073ea2800 RCX: 00000002288e7c41
[ 51.079895][ C1] RDX: 0000000000000000 RSI: ffff888073ea28c8 RDI: ffff888073ea2868
[ 51.088025][ C1] RBP: ffff8880bad39b40 R08: 0000000000000000 R09: ffffed100d2413e8
[ 51.096225][ C1] R10: ffff888069209f47 R11: 0000000000000000 R12: 0000000000000000
[ 51.104354][ C1] R13: 0000000000000000 R14: 00000000000e5259 R15: ffff888073ea2848
[ 51.112495][ C1] FS: 00007f8df605b6c0(0000) GS:ffff8880bad00000(0000) knlGS:0000000000000000
[ 51.121414][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 51.128084][ C1] CR2: 0000000000000000 CR3: 000000007320f000 CR4: 00000000003506e0
[ 51.136029][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 51.144579][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 51.152534][ C1] Call Trace:
[ 51.155990][ C1]
[ 51.158855][ C1] ? die+0x31/0x80
[ 51.162759][ C1] ? do_trap+0x1ab/0x3b0
[ 51.166979][ C1] ? do_error_trap+0x85/0xd0
[ 51.171673][ C1] ? reweight_entity+0x593/0x840
[ 51.176800][ C1] ? exc_divide_error+0x38/0x50
[ 51.181637][ C1] ? reweight_entity+0x593/0x840
[ 51.186555][ C1] ? asm_exc_divide_error+0x1a/0x20
[ 51.192161][ C1] ? reweight_entity+0x593/0x840
[ 51.197065][ C1] ? reweight_entity+0x609/0x840
[ 51.202302][ C1] ? update_cfs_group+0x102/0x240
[ 51.207340][ C1] task_tick_fair+0xee/0xc70
[ 51.211901][ C1] ? switched_from_fair+0xfb0/0xfb0
[ 51.217063][ C1] scheduler_tick+0x1bb/0x590
[ 51.221729][ C1] update_process_times+0x152/0x1c0
[ 51.227185][ C1] ? timer_clear_idle+0x90/0x90
[ 51.232110][ C1] tick_sched_handle+0xe5/0x150
[ 51.236947][ C1] tick_sched_timer+0xa8/0xd0
[ 51.241602][ C1] ? tick_sched_do_timer+0x270/0x270
[ 51.246979][ C1] __hrtimer_run_queues+0x2df/0x7d0
[ 51.252156][ C1] ? enqueue_hrtimer+0x210/0x210
[ 51.257160][ C1] hrtimer_interrupt+0x2da/0x7d0
[ 51.262164][ C1] ? tick_nohz_stop_idle+0x13b/0x200
[ 51.267621][ C1] __sysvec_apic_timer_interrupt+0xf4/0x390
[ 51.273589][ C1] sysvec_apic_timer_interrupt+0x89/0xb0
[ 51.279336][ C1]
[ 51.282271][ C1]
[ 51.286845][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 51.293279][ C1] RIP: 0010:memmove+0x28/0x1b0
[ 51.298260][ C1] Code: c3 90 f3 0f 1e fa 48 89 f8 48 39 fe 7d 0f 49 89 f0 49 01 d0 49 39 f8 0f 8f b5 00 00 00 48 83 fa 20 0f 82 01 01 00 00 48 89 d1 a4 c3 48 81 fa a8 02 00 00 72 05 40 38 fe 74 47 48 83 ea 20 48
[ 51.319206][ C1] RSP: 0018:ffffc9000266ef78 EFLAGS: 00010286
[ 51.325518][ C1] ==================================================================
[ 51.334048][ C1] BUG: KASAN: use-after-free in __show_regs+0x610/0x680
[ 51.340969][ C1] Read of size 8 at addr ffffc9000266ef20 by task syz-executor.0/2651
[ 51.349206][ C1]
[ 51.351630][ C1] CPU: 1 PID: 2651 Comm: syz-executor.0 Not tainted 6.6.0-rc3-syzkaller #0
[ 51.360637][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
[ 51.370764][ C1] Call Trace:
[ 51.374034][ C1]
[ 51.376858][ C1] dump_stack_lvl+0x3d/0x60
[ 51.381444][ C1] print_report+0xc4/0x620
[ 51.385995][ C1] ? vprintk_emit+0xf9/0x330
[ 51.390691][ C1] kasan_report+0xda/0x110
[ 51.395218][ C1] ? __show_regs+0x610/0x680
[ 51.399954][ C1] ? __show_regs+0x610/0x680
[ 51.404596][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 51.410751][ C1] __show_regs+0x610/0x680
[ 51.415341][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 51.421850][ C1] show_trace_log_lvl+0x255/0x3b0
[ 51.427143][ C1] ? memmove+0x28/0x1b0
[ 51.431555][ C1] ? reweight_entity+0x593/0x840
[ 51.436484][ C1] die+0x31/0x80
[ 51.440023][ C1] do_trap+0x1ab/0x3b0
[ 51.444403][ C1] do_error_trap+0x85/0xd0
[ 51.448966][ C1] ? reweight_entity+0x593/0x840
[ 51.453874][ C1] exc_divide_error+0x38/0x50
[ 51.458544][ C1] ? reweight_entity+0x593/0x840
[ 51.463573][ C1] asm_exc_divide_error+0x1a/0x20
[ 51.469204][ C1] RIP: 0010:reweight_entity+0x593/0x840
[ 51.475069][ C1] Code: 43 28 48 ba 00 00 00 00 00 fc ff df 48 89 f9 48 c1 e9 03 80 3c 11 00 0f 85 54 01 00 00 48 8b 4b 68 48 29 c8 49 0f af c6 48 99 <49> f7 fd 48 01 c8 48 89 43 28 e9 a8 fd ff ff 48 8d bd 88 00 00 00
[ 51.495355][ C1] RSP: 0018:ffffc900003e8c48 EFLAGS: 00010002
[ 51.501497][ C1] RAX: 0000016e7204d71f RBX: ffff888073ea2800 RCX: 00000002288e7c41
[ 51.509539][ C1] RDX: 0000000000000000 RSI: ffff888073ea28c8 RDI: ffff888073ea2868
[ 51.517694][ C1] RBP: ffff8880bad39b40 R08: 0000000000000000 R09: ffffed100d2413e8
[ 51.525739][ C1] R10: ffff888069209f47 R11: 0000000000000000 R12: 0000000000000000
[ 51.533859][ C1] R13: 0000000000000000 R14: 00000000000e5259 R15: ffff888073ea2848
[ 51.541999][ C1] ? reweight_entity+0x609/0x840
[ 51.547059][ C1] ? update_cfs_group+0x102/0x240
[ 51.552065][ C1] task_tick_fair+0xee/0xc70
[ 51.556650][ C1] ? switched_from_fair+0xfb0/0xfb0
[ 51.561915][ C1] scheduler_tick+0x1bb/0x590
[ 51.566592][ C1] update_process_times+0x152/0x1c0
[ 51.571920][ C1] ? timer_clear_idle+0x90/0x90
[ 51.576758][ C1] tick_sched_handle+0xe5/0x150
[ 51.581685][ C1] tick_sched_timer+0xa8/0xd0
[ 51.586616][ C1] ? tick_sched_do_timer+0x270/0x270
[ 51.592130][ C1] __hrtimer_run_queues+0x2df/0x7d0
[ 51.597295][ C1] ? enqueue_hrtimer+0x210/0x210
[ 51.602400][ C1] hrtimer_interrupt+0x2da/0x7d0
[ 51.607324][ C1] ? tick_nohz_stop_idle+0x13b/0x200
[ 51.612617][ C1] __sysvec_apic_timer_interrupt+0xf4/0x390
[ 51.618664][ C1] sysvec_apic_timer_interrupt+0x89/0xb0
[ 51.624356][ C1]
[ 51.627274][ C1]
[ 51.630261][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 51.636216][ C1] RIP: 0010:memmove+0x28/0x1b0
[ 51.640947][ C1] Code: c3 90 f3 0f 1e fa 48 89 f8 48 39 fe 7d 0f 49 89 f0 49 01 d0 49 39 f8 0f 8f b5 00 00 00 48 83 fa 20 0f 82 01 01 00 00 48 89 d1 a4 c3 48 81 fa a8 02 00 00 72 05 40 38 fe 74 47 48 83 ea 20 48
[ 51.661041][ C1] RSP: 0018:ffffc9000266ef78 EFLAGS: 00010286
[ 51.667257][ C1] RAX: ffff888065d7f030 RBX: ffff888065d7f000 RCX: fffffffffb7ed24e
[ 51.675198][ C1] RDX: fffffffffffffec9 RSI: ffff88806a592c7b RDI: ffff88806a591cab
[ 51.683339][ C1] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
[ 51.691831][ C1] R10: 0000000000000008 R11: 0000000000000fd0 R12: 0000000000000fd0
[ 51.700214][ C1] R13: ffff88806bf26e80 R14: ffff888065d7f0d8 R15: ffffc9000266f140
[ 51.708341][ C1] leaf_paste_in_buffer+0x21e/0xc10
[ 51.713873][ C1] balance_leaf+0x20f9/0xcdb0
[ 51.719424][ C1] ? reiserfs_prepare_for_journal+0xfe/0x1e0
[ 51.725497][ C1] ? replace_key+0x150/0x150
[ 51.730086][ C1] do_balance+0x308/0x6f0
[ 51.734665][ C1] ? get_right_neighbor_position+0x160/0x160
[ 51.740622][ C1] ? bit_wait_io_timeout+0x160/0x160
[ 51.745879][ C1] reiserfs_paste_into_item+0x552/0x6e0
[ 51.751394][ C1] ? reiserfs_delete_object+0x1c0/0x1c0
[ 51.756904][ C1] ? __stack_depot_save+0x247/0x460
[ 51.762070][ C1] ? kasan_set_track+0x25/0x30
[ 51.766804][ C1] ? rcu_is_watching+0x15/0xb0
[ 51.771532][ C1] reiserfs_get_block+0xee2/0x4530
[ 51.776818][ C1] ? folio_alloc_buffers+0x24c/0x5f0
[ 51.782065][ C1] ? folio_create_empty_buffers+0x28/0x3b0
[ 51.788211][ C1] ? reiserfs_commit_write+0x610/0x610
[ 51.794178][ C1] ? find_held_lock+0x2d/0x110
[ 51.798954][ C1] ? is_dynamic_key+0x150/0x150
[ 51.804074][ C1] ? do_raw_spin_unlock+0x173/0x230
[ 51.809344][ C1] __block_write_begin_int+0x2a3/0x1130
[ 51.815062][ C1] ? reiserfs_commit_write+0x610/0x610
[ 51.820495][ C1] ? reiserfs_allow_writes+0x90/0x90
[ 51.825934][ C1] ? invalidate_bh_lrus_cpu+0x110/0x110
[ 51.831632][ C1] reiserfs_write_begin+0x285/0x7c0
[ 51.836797][ C1] generic_cont_expand_simple+0x105/0x1b0
[ 51.842497][ C1] ? end_bio_bh_io_sync+0xf0/0xf0
[ 51.847922][ C1] reiserfs_setattr+0x2a0/0xf70
[ 51.852868][ C1] ? reiserfs_new_inode+0x1c90/0x1c90
[ 51.858406][ C1] ? mode_strip_sgid+0x150/0x150
[ 51.863340][ C1] ? from_vfsuid+0x120/0x120
[ 51.867912][ C1] notify_change+0x525/0xde0
[ 51.872658][ C1] ? do_truncate+0x108/0x1b0
[ 51.877227][ C1] do_truncate+0x108/0x1b0
[ 51.881635][ C1] ? file_open_root+0x220/0x220
[ 51.886470][ C1] ? lock_acquire+0x12a/0x2b0
[ 51.891344][ C1] do_sys_ftruncate+0x40a/0x510
[ 51.896193][ C1] do_syscall_64+0x38/0x80
[ 51.900764][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 51.907165][ C1] RIP: 0033:0x7f8df527cb29
[ 51.911738][ C1] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 51.932170][ C1] RSP: 002b:00007f8df605b0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000004d
[ 51.941081][ C1] RAX: ffffffffffffffda RBX: 00007f8df539bf80 RCX: 00007f8df527cb29
[ 51.949633][ C1] RDX: 0000000000000000 RSI: 0000000002007fff RDI: 0000000000000005
[ 51.957700][ C1] RBP: 00007f8df52c847a R08: 0000000000000000 R09: 0000000000000000
[ 51.965677][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 51.973798][ C1] R13: 0000000000000006 R14: 00007f8df539bf80 R15: 00007fff4c57cb08
[ 51.981953][ C1]
[ 51.985040][ C1]
[ 51.987362][ C1] The buggy address belongs to stack of task syz-executor.0/2651
[ 51.995084][ C1]
[ 51.997676][ C1] The buggy address belongs to the virtual mapping at
[ 51.997676][ C1] [ffffc90002668000, ffffc90002671000) created by:
[ 51.997676][ C1] kernel_clone+0xcb/0x7d0
[ 52.016001][ C1]
[ 52.018319][ C1] The buggy address belongs to the physical page:
[ 52.024829][ C1] page:ffffea0001eb24c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7ac93
[ 52.035219][ C1] memcg:ffff88807cc1b882
[ 52.039516][ C1] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 52.046590][ C1] page_type: 0xffffffff()
[ 52.050892][ C1] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 52.059534][ C1] raw: 0000000000000000 0000000000000000 00000001ffffffff ffff88807cc1b882
[ 52.068351][ C1] page dumped because: kasan: bad access detected
[ 52.074905][ C1] page_owner tracks the page as allocated
[ 52.080680][ C1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 2650, tgid 2650 (syz-executor.0), ts 50800912593, free_ts 50449162979
[ 52.099668][ C1] post_alloc_hook+0x27e/0x2f0
[ 52.104685][ C1] get_page_from_freelist+0xe91/0x3080
[ 52.110313][ C1] __alloc_pages+0x1d0/0x470
[ 52.115098][ C1] __vmalloc_node_range+0x6f8/0x1140
[ 52.120562][ C1] copy_process+0x10ae/0x6180
[ 52.125405][ C1] kernel_clone+0xcb/0x7d0
[ 52.130084][ C1] __do_sys_clone3+0x152/0x190
[ 52.134961][ C1] do_syscall_64+0x38/0x80
[ 52.139518][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.145582][ C1] page last free stack trace:
[ 52.150259][ C1] free_unref_page_prepare+0x506/0xb90
[ 52.155900][ C1] free_unref_page_list+0xe6/0xaa0
[ 52.161088][ C1] release_pages+0x297/0x1050
[ 52.165744][ C1] tlb_batch_pages_flush+0x79/0x140
[ 52.170942][ C1] tlb_finish_mmu+0x114/0x5e0
[ 52.176027][ C1] exit_mmap+0x2e8/0x800
[ 52.180429][ C1] __mmput+0xb7/0x3e0
[ 52.184532][ C1] do_exit+0x776/0x2600
[ 52.188988][ C1] do_group_exit+0xb4/0x250
[ 52.193631][ C1] __x64_sys_exit_group+0x39/0x40
[ 52.198630][ C1] do_syscall_64+0x38/0x80
[ 52.203105][ C1] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 52.209160][ C1]
[ 52.211582][ C1] Memory state around the buggy address:
[ 52.217233][ C1] ffffc9000266ee00: 28 5d 22 69 80 88 ff ff e0 2f c1 87 ff ff ff ff
[ 52.225965][ C1] ffffc9000266ee80: a0 b7 d4 87 ff ff ff ff 00 00 00 00 00 00 00 00
[ 52.234103][ C1] >ffffc9000266ef00: 40 6f 25 85 ff ff ff ff 00 03 00 00 00 00 00 00
[ 52.242506][ C1] ^
[ 52.247605][ C1] ffffc9000266ef80: d3 09 00 00 dc 00 83 06 00 00 00 00 00 00 00 00
[ 52.255885][ C1] ffffc9000266f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 52.264025][ C1] ==================================================================
[ 52.272229][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 53.360930][ C1] Shutting down cpus with NMI
[ 53.365986][ C1] Kernel Offset: disabled
[ 53.370470][ C1] Rebooting in 86400 seconds..