[ 18.774864][ T408] device veth1_macvtap entered promiscuous mode [ 18.783422][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 18.794167][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 18.882875][ T408] syz-executor.0 (408) used greatest stack depth: 21472 bytes left [ 19.363098][ T7] device bridge_slave_1 left promiscuous mode [ 19.369045][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 19.376794][ T7] device bridge_slave_0 left promiscuous mode [ 19.383021][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 19.390768][ T7] device veth1_macvtap left promiscuous mode [ 19.396949][ T7] device veth0_vlan left promiscuous mode Warning: Permanently added '10.128.1.85' (ECDSA) to the list of known hosts. 2022/12/14 15:27:43 ignoring optional flag "sandboxArg"="0" 2022/12/14 15:27:43 parsed 1 programs 2022/12/14 15:27:43 executed programs: 0 [ 36.379848][ T28] kauditd_printk_skb: 64 callbacks suppressed [ 36.379861][ T28] audit: type=1400 audit(1671031663.680:136): avc: denied { mounton } for pid=452 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 36.410366][ T28] audit: type=1400 audit(1671031663.680:137): avc: denied { mount } for pid=452 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 36.439651][ T455] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.446948][ T455] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.454208][ T455] device bridge_slave_0 entered promiscuous mode [ 36.460877][ T455] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.468411][ T455] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.475730][ T455] device bridge_slave_1 entered promiscuous mode [ 36.506026][ T455] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.512883][ T455] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.520230][ T455] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.527217][ T455] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.541405][ T409] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.548603][ T409] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.555880][ T409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 36.563273][ T409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 36.571843][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 36.580143][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.587106][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.602268][ T455] device veth0_vlan entered promiscuous mode [ 36.609017][ T409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 36.617365][ T409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 36.625101][ T409] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 36.632280][ T409] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 36.639570][ T409] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 36.647592][ T409] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.654537][ T409] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.662080][ T409] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 36.670461][ T409] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 36.681967][ T455] device veth1_macvtap entered promiscuous mode [ 36.688602][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 36.700317][ T409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 36.708652][ T409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 36.720501][ T28] audit: type=1400 audit(1671031664.020:138): avc: denied { mount } for pid=455 comm="syz-executor.0" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 36.749497][ T462] loop0: detected capacity change from 0 to 264192 [ 36.756369][ T28] audit: type=1400 audit(1671031664.060:139): avc: denied { mounton } for pid=461 comm="syz-executor.0" path="/root/syzkaller-testdir1180814396/syzkaller.HqjeMv/0/file0" dev="sda1" ino=1148 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 36.757150][ T462] erofs: (device loop0): mounted with root inode @ nid 36. [ 36.790615][ T462] erofs: (device loop0): z_erofs_pcluster_readmore: readmore error at page 3 @ nid 36 [ 36.800430][ T462] syz-executor.0: attempt to access beyond end of device [ 36.800430][ T462] loop0: rw=0, sector=2201354224, nr_sectors = 8 limit=264192 [ 36.814779][ T462] syz-executor.0: attempt to access beyond end of device [ 36.814779][ T462] loop0: rw=0, sector=20841953376, nr_sectors = 8 limit=264192 [ 36.829193][ T462] BUG: unable to handle page fault for address: fffff5210055de61 [ 36.836959][ T462] #PF: supervisor read access in kernel mode [ 36.842778][ T462] #PF: error_code(0x0000) - not-present page [ 36.848726][ T462] PGD 23ffef067 P4D 23ffef067 PUD 0 [ 36.853821][ T462] Oops: 0000 [#1] PREEMPT SMP KASAN [ 36.858865][ T462] CPU: 0 PID: 462 Comm: syz-executor.0 Not tainted 5.19.0-rc4-syzkaller-00019-g2bfab9c0edac #0 [ 36.869009][ T462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 36.878909][ T462] RIP: 0010:z_erofs_decompress_queue+0x132b/0x29e0 [ 36.885248][ T462] Code: 48 8b 7c 24 50 e8 85 84 7e ff 44 89 f3 48 c1 e3 03 48 03 9c 24 00 03 00 00 49 89 dc 49 c1 ec 03 48 b8 00 00 00 00 00 fc ff df <41> 80 3c 04 00 74 08 48 89 df e8 56 84 7e ff 4c 8b 33 48 b8 00 00 [ 36.905756][ T462] RSP: 0018:ffffc90002aef120 EFLAGS: 00010a02 [ 36.911745][ T462] RAX: dffffc0000000000 RBX: ffffc90802aef308 RCX: dffffc0000000000 [ 36.919710][ T462] RDX: ffff88810e613240 RSI: 0000000000000001 RDI: fffffffffffffffc [ 36.927521][ T462] RBP: ffffc90002aef4d0 R08: ffffffff82375e25 R09: ffffc90002aef310 [ 36.935330][ T462] R10: fffff5200055de86 R11: 1ffff9200055de84 R12: 1ffff9210055de61 [ 36.943147][ T462] R13: ffff888123491910 R14: 00000000ffffffff R15: 0000000000000000 [ 36.951231][ T462] FS: 00007ff86a53a700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 36.962486][ T462] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 36.968849][ T462] CR2: fffff5210055de61 CR3: 000000011c6e9000 CR4: 00000000003506b0 [ 36.977014][ T462] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 36.985177][ T462] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 36.992976][ T462] Call Trace: [ 36.996098][ T462] [ 36.999120][ T462] ? z_erofs_decompressqueue_endio+0x4c0/0x520 [ 37.005040][ T462] ? z_erofs_runqueue+0x14f0/0x14f0 [ 37.010084][ T462] ? __kasan_check_write+0x14/0x20 [ 37.016163][ T462] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 37.021029][ T462] ? _raw_spin_lock_irqsave+0x210/0x210 [ 37.026530][ T462] ? blk_partition_remap+0x310/0x310 [ 37.031648][ T462] ? bio_alloc_bioset+0x897/0x11a0 [ 37.036717][ T462] z_erofs_runqueue+0x13ce/0x14f0 [ 37.041679][ T462] ? z_erofs_do_read_page+0x3710/0x3710 [ 37.047200][ T462] ? __mutex_lock_slowpath+0x10/0x10 [ 37.052318][ T462] ? z_erofs_pcluster_readmore+0x431/0x520 [ 37.058053][ T462] z_erofs_read_folio+0x3cf/0x5f0 [ 37.062908][ T462] ? z_erofs_rcu_callback+0x190/0x190 [ 37.068113][ T462] ? filemap_add_folio+0x18f/0x200 [ 37.073065][ T462] ? add_to_page_cache_locked+0x90/0x90 [ 37.078444][ T462] ? __stack_depot_save+0x428/0x490 [ 37.083505][ T462] do_read_cache_folio+0x28a/0x480 [ 37.088432][ T462] ? z_erofs_rcu_callback+0x190/0x190 [ 37.093630][ T462] read_cache_folio+0x4d/0x70 [ 37.098148][ T462] erofs_bread+0x13a/0x480 [ 37.102429][ T462] erofs_namei+0x1bd/0xda0 [ 37.106655][ T462] ? erofs_iomap_end+0x210/0x210 [ 37.111446][ T462] erofs_lookup+0x141/0x3b0 [ 37.115846][ T462] ? erofs_namei+0xda0/0xda0 [ 37.120278][ T462] ? _raw_spin_unlock+0x4c/0x70 [ 37.124918][ T462] ? d_alloc+0x198/0x1d0 [ 37.128973][ T462] __lookup_hash+0x141/0x290 [ 37.133576][ T462] filename_create+0x276/0x4f0 [ 37.138173][ T462] ? kern_path_create+0x1b0/0x1b0 [ 37.143035][ T462] do_mknodat+0x16c/0x5b0 [ 37.147203][ T462] ? strncpy_from_user+0x169/0x2a0 [ 37.152145][ T462] ? may_open+0x440/0x440 [ 37.156322][ T462] ? getname_flags+0x1fb/0x510 [ 37.161019][ T462] __x64_sys_mknodat+0xa9/0xc0 [ 37.165615][ T462] do_syscall_64+0x2f/0x50 [ 37.169870][ T462] entry_SYSCALL_64_after_hwframe+0x46/0xb0 [ 37.175601][ T462] RIP: 0033:0x7ff86988b5a9 [ 37.179843][ T462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 37.199667][ T462] RSP: 002b:00007ff86a53a168 EFLAGS: 00000246 ORIG_RAX: 0000000000000103 [ 37.208042][ T462] RAX: ffffffffffffffda RBX: 00007ff8699abf80 RCX: 00007ff86988b5a9 [ 37.215953][ T462] RDX: 0000000000000004 RSI: 0000000020000080 RDI: 0000000000000005 [ 37.223753][ T462] RBP: 00007ff8698e67b0 R08: 0000000000000000 R09: 0000000000000000 [ 37.231650][ T462] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 [ 37.239551][ T462] R13: 00007fff05db3c4f R14: 00007ff86a53a300 R15: 0000000000022000 [ 37.247610][ T462] [ 37.250450][ T462] Modules linked in: [ 37.254188][ T462] CR2: fffff5210055de61 [ 37.258179][ T462] ---[ end trace 0000000000000000 ]--- [ 37.263562][ T462] RIP: 0010:z_erofs_decompress_queue+0x132b/0x29e0 [ 37.270148][ T462] Code: 48 8b 7c 24 50 e8 85 84 7e ff 44 89 f3 48 c1 e3 03 48 03 9c 24 00 03 00 00 49 89 dc 49 c1 ec 03 48 b8 00 00 00 00 00 fc ff df <41> 80 3c 04 00 74 08 48 89 df e8 56 84 7e ff 4c 8b 33 48 b8 00 00 [ 37.289766][ T462] RSP: 0018:ffffc90002aef120 EFLAGS: 00010a02 [ 37.295667][ T462] RAX: dffffc0000000000 RBX: ffffc90802aef308 RCX: dffffc0000000000 [ 37.303684][ T462] RDX: ffff88810e613240 RSI: 0000000000000001 RDI: fffffffffffffffc [ 37.311505][ T462] RBP: ffffc90002aef4d0 R08: ffffffff82375e25 R09: ffffc90002aef310 [ 37.319300][ T462] R10: fffff5200055de86 R11: 1ffff9200055de84 R12: 1ffff9210055de61 [ 37.327105][ T462] R13: ffff888123491910 R14: 00000000ffffffff R15: 0000000000000000 [ 37.334918][ T462] FS: 00007ff86a53a700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 37.343702][ T462] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.350108][ T462] CR2: fffff5210055de61 CR3: 000000011c6e9000 CR4: 00000000003506b0 [ 37.358185][ T462] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 37.365984][ T462] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 37.373882][ T462] Kernel panic - not syncing: Fatal exception [ 37.379841][ T462] Kernel Offset: disabled [ 37.384075][ T462] Rebooting in 86400 seconds..