id=1694 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 31.973722][ T24] audit: type=1400 audit(1691471216.818:132): avc: denied { create } for pid=1694 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 31.994774][ T24] audit: type=1400 audit(1691471216.838:133): avc: denied { create } for pid=1694 comm="syz-fuzzer" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 42.569131][ T24] kauditd_printk_skb: 20 callbacks suppressed [ 42.569138][ T24] audit: type=1400 audit(1691471227.418:154): avc: denied { write } for pid=2207 comm="sh" path="pipe:[16882]" dev="pipefs" ino=16882 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 Warning: Permanently added '10.128.0.122' (ED25519) to the list of known hosts. 2023/08/08 05:07:15 ignoring optional flag "sandboxArg"="0" 2023/08/08 05:07:15 parsed 1 programs 2023/08/08 05:07:15 executed programs: 0 [ 50.472902][ T24] audit: type=1400 audit(1691471235.318:155): avc: denied { getattr } for pid=2216 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 50.497159][ T24] audit: type=1400 audit(1691471235.318:156): avc: denied { read } for pid=2216 comm="syz-execprog" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 50.521965][ T24] audit: type=1400 audit(1691471235.318:157): avc: denied { open } for pid=2216 comm="syz-execprog" path="user:[4026531837]" dev="nsfs" ino=4026531837 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 50.545937][ T24] audit: type=1400 audit(1691471235.348:158): avc: denied { mounton } for pid=2221 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 50.571046][ T24] audit: type=1400 audit(1691471235.348:159): avc: denied { mount } for pid=2221 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 50.594955][ T24] audit: type=1400 audit(1691471235.398:160): avc: denied { mounton } for pid=2225 comm="syz-executor.0" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 51.630789][ T24] audit: type=1400 audit(1691471236.478:161): avc: denied { write } for pid=2225 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 51.653036][ T24] audit: type=1400 audit(1691471236.498:162): avc: denied { read } for pid=2225 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 54.680724][ T2637] loop0: detected capacity change from 0 to 8192 [ 54.688060][ T24] audit: type=1400 audit(1691471239.538:163): avc: denied { mounton } for pid=2636 comm="syz-executor.0" path="/root/syzkaller-testdir576259454/syzkaller.3SAJ6O/0/file0" dev="sda1" ino=1937 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 54.716203][ T2637] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 54.729866][ T2637] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 54.739149][ T2637] REISERFS (device loop0): using ordered data mode [ 54.745644][ T2637] reiserfs: using flush barriers [ 54.751316][ T2637] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 54.768047][ T2637] REISERFS (device loop0): checking transaction log (loop0) [ 54.800297][ T2637] REISERFS (device loop0): Using r5 hash to sort names [ 54.807730][ T2637] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 54.817068][ T24] audit: type=1400 audit(1691471239.658:164): avc: denied { mount } for pid=2636 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 54.818256][ T2637] ================================================================== [ 54.847595][ T2637] BUG: KASAN: out-of-bounds in strlen+0x7d/0xa0 [ 54.853830][ T2637] Read of size 1 at addr ffff8880674d99cc by task syz-executor.0/2637 [ 54.862052][ T2637] [ 54.864364][ T2637] CPU: 1 PID: 2637 Comm: syz-executor.0 Not tainted 6.5.0-rc5-syzkaller #0 [ 54.873151][ T2637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 54.883350][ T2637] Call Trace: [ 54.886622][ T2637] [ 54.890054][ T2637] dump_stack_lvl+0x3d/0x60 [ 54.894534][ T2637] print_report+0xc4/0x620 [ 54.899008][ T2637] kasan_report+0xda/0x110 [ 54.903497][ T2637] ? strlen+0x7d/0xa0 [ 54.907819][ T2637] ? strlen+0x7d/0xa0 [ 54.911781][ T2637] strlen+0x7d/0xa0 [ 54.915567][ T2637] set_de_name_and_namelen+0x477/0x670 [ 54.921305][ T2637] search_by_entry_key+0x40c/0x970 [ 54.926418][ T2637] reiserfs_readdir_inode+0x2d2/0x1460 [ 54.932456][ T2637] ? register_lock_class+0xbb/0x16a0 [ 54.937715][ T2637] ? io_schedule_timeout+0x150/0x150 [ 54.943061][ T2637] ? preempt_schedule_thunk+0x1a/0x30 [ 54.948405][ T2637] ? reiserfs_dir_fsync+0x140/0x140 [ 54.953922][ T2637] ? preempt_schedule_irq+0x58/0x80 [ 54.959097][ T2637] ? down_read_killable+0x1d4/0x380 [ 54.964265][ T2637] ? selinux_file_permission+0x324/0x420 [ 54.969894][ T2637] ? fsnotify_perm.part.0+0x141/0x4e0 [ 54.975236][ T2637] iterate_dir+0x1a7/0x510 [ 54.979644][ T2637] __x64_sys_getdents64+0x131/0x230 [ 54.984814][ T2637] ? __ia32_sys_getdents+0x230/0x230 [ 54.990251][ T2637] ? kernel_fpu_begin_mask+0x1c0/0x1c0 [ 54.995682][ T2637] ? fillonedir+0x320/0x320 [ 55.000158][ T2637] ? fpregs_restore_userregs+0x121/0x220 [ 55.005848][ T2637] do_syscall_64+0x38/0x80 [ 55.010350][ T2637] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.016229][ T2637] RIP: 0033:0x7f5c9f87c959 [ 55.020616][ T2637] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 55.040744][ T2637] RSP: 002b:00007f5ca06480c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 55.049392][ T2637] RAX: ffffffffffffffda RBX: 00007f5c9f99bf80 RCX: 00007f5c9f87c959 [ 55.057424][ T2637] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 55.065462][ T2637] RBP: 00007f5c9f8d8c88 R08: 0000000000000000 R09: 0000000000000000 [ 55.073493][ T2637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.081441][ T2637] R13: 0000000000000006 R14: 00007f5c9f99bf80 R15: 00007ffc10572fa8 [ 55.090706][ T2637] [ 55.094102][ T2637] [ 55.096855][ T2637] The buggy address belongs to the physical page: [ 55.103705][ T2637] page:ffffea00019d3640 refcount:1 mapcount:1 mapping:0000000000000000 index:0x7fffffffa pfn:0x674d9 [ 55.114799][ T2637] memcg:ffff888140a44000 [ 55.119041][ T2637] anon flags: 0xfff000000a0014(uptodate|lru|mappedtodisk|swapbacked|node=0|zone=1|lastcpupid=0x7ff) [ 55.129950][ T2637] page_type: 0x0() [ 55.133643][ T2637] raw: 00fff000000a0014 ffffea00019d3608 ffffea00019d3688 ffff888016431441 [ 55.142457][ T2637] raw: 00000007fffffffa 0000000000000000 0000000100000000 ffff888140a44000 [ 55.151266][ T2637] page dumped because: kasan: bad access detected [ 55.157757][ T2637] page_owner tracks the page as allocated [ 55.163535][ T2637] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1568, tgid 1568 (udevd), ts 54845873295, free_ts 5667690926 [ 55.180602][ T2637] post_alloc_hook+0x281/0x2f0 [ 55.185514][ T2637] get_page_from_freelist+0xfcb/0x31e0 [ 55.190947][ T2637] __alloc_pages+0x1d0/0x470 [ 55.195550][ T2637] __folio_alloc+0x16/0x40 [ 55.200025][ T2637] vma_alloc_folio+0x10e/0x610 [ 55.204757][ T2637] do_wp_page+0x697/0x2b00 [ 55.209143][ T2637] __handle_mm_fault+0x127e/0x3110 [ 55.214222][ T2637] handle_mm_fault+0x239/0x5f0 [ 55.218955][ T2637] do_user_addr_fault+0x196/0x910 [ 55.224037][ T2637] exc_page_fault+0x5d/0xb0 [ 55.228509][ T2637] asm_exc_page_fault+0x26/0x30 [ 55.233606][ T2637] page last free stack trace: [ 55.238254][ T2637] free_unref_page_prepare+0x5aa/0xc40 [ 55.243691][ T2637] free_unref_page+0x33/0x350 [ 55.248341][ T2637] free_contig_range+0xa1/0x150 [ 55.253364][ T2637] destroy_args+0x4f4/0x6b0 [ 55.257847][ T2637] debug_vm_pgtable+0x1a03/0x2ca0 [ 55.262839][ T2637] do_one_initcall+0xcd/0x3c0 [ 55.267487][ T2637] kernel_init_freeable+0x4ff/0x840 [ 55.272668][ T2637] kernel_init+0x1a/0x1c0 [ 55.276983][ T2637] ret_from_fork+0x2c/0x70 [ 55.281383][ T2637] ret_from_fork_asm+0x11/0x20 [ 55.286296][ T2637] [ 55.288598][ T2637] Memory state around the buggy address: [ 55.294284][ T2637] ffff8880674d9880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.302317][ T2637] ffff8880674d9900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.310346][ T2637] >ffff8880674d9980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.318561][ T2637] ^ [ 55.325212][ T2637] ffff8880674d9a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.333272][ T2637] ffff8880674d9a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 55.341408][ T2637] ================================================================== [ 55.350331][ T2637] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 55.357720][ T2637] Kernel Offset: disabled [ 55.362022][ T2637] Rebooting in 86400 seconds..