Warning: Permanently added '10.128.0.253' (ED25519) to the list of known hosts.
[   28.271435][   T23] audit: type=1400 audit(1739480520.410:66): avc:  denied  { execmem } for  pid=354 comm="syz-executor426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   28.278198][  T354] cgroup1: Unknown subsys name 'net'
[   28.290980][   T23] audit: type=1400 audit(1739480520.420:67): avc:  denied  { mounton } for  pid=354 comm="syz-executor426" path="/syzcgroup/unified" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   28.296817][  T354] cgroup1: Unknown subsys name 'net_prio'
[   28.319469][   T23] audit: type=1400 audit(1739480520.420:68): avc:  denied  { mount } for  pid=354 comm="syz-executor426" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   28.326028][  T354] cgroup1: Unknown subsys name 'devices'
[   28.353490][   T23] audit: type=1400 audit(1739480520.500:69): avc:  denied  { unmount } for  pid=354 comm="syz-executor426" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   28.555669][  T354] cgroup1: Unknown subsys name 'hugetlb'
[   28.561323][  T354] cgroup1: Unknown subsys name 'rlimit'
[   28.747760][   T23] audit: type=1400 audit(1739480520.890:70): avc:  denied  { mounton } for  pid=357 comm="syz-executor426" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   28.771788][   T23] audit: type=1400 audit(1739480520.890:71): avc:  denied  { module_request } for  pid=357 comm="syz-executor426" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   28.798650][  T357] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.805925][  T357] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.813266][  T357] device bridge_slave_0 entered promiscuous mode
[   28.820136][  T357] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.827172][  T357] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.834470][  T357] device bridge_slave_1 entered promiscuous mode
[   28.875263][   T23] audit: type=1400 audit(1739480521.020:72): avc:  denied  { create } for  pid=357 comm="syz-executor426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   28.883036][  T357] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.895839][   T23] audit: type=1400 audit(1739480521.020:73): avc:  denied  { write } for  pid=357 comm="syz-executor426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   28.902694][  T357] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.902835][  T357] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.924417][   T23] audit: type=1400 audit(1739480521.020:74): avc:  denied  { read } for  pid=357 comm="syz-executor426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   28.931470][  T357] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.980164][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   28.987386][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   28.995250][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   29.003985][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   29.013894][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   29.022068][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.029095][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   29.038374][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   29.046488][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.053642][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   29.068315][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   29.077790][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   29.093952][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   29.105627][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   29.119370][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   29.132448][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   29.144890][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
executing program
[   29.161790][   T23] audit: type=1400 audit(1739480521.300:75): avc:  denied  { mounton } for  pid=357 comm="syz-executor426" path="/root/syzkaller.MKrLs4/syz-tmp" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   29.187711][  T357] request_module fs-gadgetfs succeeded, but still no fs?
[   29.383456][  T364] ======================================================
[   29.383456][  T364] WARNING: the mand mount option is being deprecated and
[   29.383456][  T364]          will be removed in v5.15!
[   29.383456][  T364] ======================================================
[   29.465484][  T364] EXT4-fs (loop0): 1 orphan inode deleted
[   29.471113][  T364] EXT4-fs (loop0): mounted filesystem without journal. Opts: discard,nodiscard,noquota,noinit_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,delalloc,,errors=continue
[   29.491230][  T364] ext4 filesystem being mounted at /0/file1 supports timestamps until (%ptR?) (0x7fffffff)
[   29.516651][  T364] ==================================================================
[   29.524678][  T364] BUG: KASAN: use-after-free in ext4_find_extent+0xba2/0xda0
[   29.531853][  T364] Read of size 4 at addr ffff8881d9eebccc by task syz-executor426/364
[   29.539995][  T364] 
[   29.542218][  T364] CPU: 1 PID: 364 Comm: syz-executor426 Not tainted 5.4.289-syzkaller-00011-g39762b7a60e9 #0
[   29.552496][  T364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   29.562738][  T364] Call Trace:
[   29.566092][  T364]  dump_stack+0x1d8/0x241
[   29.570216][  T364]  ? write_boundary_block+0x150/0x150
[   29.575425][  T364]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   29.581155][  T364]  ? printk+0xd1/0x111
[   29.585092][  T364]  ? ext4_find_extent+0xba2/0xda0
[   29.589909][  T364]  print_address_description+0x8c/0x600
[   29.595286][  T364]  ? ext4_find_extent+0xba2/0xda0
[   29.600148][  T364]  __kasan_report+0xf3/0x120
[   29.604653][  T364]  ? ext4_find_extent+0xba2/0xda0
[   29.609516][  T364]  kasan_report+0x30/0x60
[   29.613764][  T364]  ? memset+0x1f/0x40
[   29.617586][  T364]  ext4_find_extent+0xba2/0xda0
[   29.622283][  T364]  ext4_ext_remove_space+0x339/0x4ba0
[   29.628035][  T364]  ? ext4_issue_zeroout+0x150/0x150
[   29.633339][  T364]  ? ext4_es_insert_extent+0x2d70/0x2d70
[   29.639497][  T364]  ? _ext4_get_block+0x452/0x610
[   29.644398][  T364]  ? _raw_spin_lock+0xa4/0x1b0
[   29.649248][  T364]  ? _raw_write_lock+0xa4/0x170
[   29.654025][  T364]  ? ext4_da_release_space+0x1ba/0x4a0
[   29.659309][  T364]  ? ext4_ext_index_trans_blocks+0x120/0x120
[   29.665224][  T364]  ? ext4_es_remove_extent+0x1f2/0x420
[   29.670816][  T364]  ? ext4_zero_partial_blocks+0x1e0/0x220
[   29.676828][  T364]  ext4_punch_hole+0x6ac/0xad0
[   29.682326][  T364]  ext4_fallocate+0x265/0x570
[   29.687896][  T364]  vfs_fallocate+0x551/0x6b0
[   29.692785][  T364]  __x64_sys_fallocate+0xb9/0x100
[   29.699251][  T364]  do_syscall_64+0xca/0x1c0
[   29.704490][  T364]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   29.710629][  T364] RIP: 0033:0x7fe64e436669
[   29.714969][  T364] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   29.734493][  T364] RSP: 002b:00007fe64e3ed168 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[   29.743341][  T364] RAX: ffffffffffffffda RBX: 00007fe64e4bf728 RCX: 00007fe64e436669
[   29.751155][  T364] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000005
[   29.758964][  T364] RBP: 00007fe64e4bf720 R08: 00007fe64e3ed6c0 R09: 0000000000000000
[   29.766825][  T364] R10: 0000000000001a00 R11: 0000000000000246 R12: 00007fe64e4bf72c
[   29.774646][  T364] R13: 0000000000000006 R14: 00007ffd59e68ee0 R15: 00007ffd59e68fc8
[   29.782530][  T364] 
[   29.784689][  T364] The buggy address belongs to the page:
[   29.790167][  T364] page:ffffea000767bac0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1
[   29.799190][  T364] flags: 0x8000000000000000()
[   29.803833][  T364] raw: 8000000000000000 ffffea000767bb08 ffffea000767ba88 0000000000000000
[   29.812248][  T364] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   29.820843][  T364] page dumped because: kasan: bad access detected
[   29.827165][  T364] page_owner info is not present (never set?)
[   29.833330][  T364] 
[   29.835531][  T364] Memory state around the buggy address:
[   29.841058][  T364]  ffff8881d9eebb80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   29.849045][  T364]  ffff8881d9eebc00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   29.857106][  T364] >ffff8881d9eebc80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   29.865096][  T364]                                               ^
[   29.871542][  T364]  ffff8881d9eebd00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   29.879799][  T364]  ffff8881d9eebd80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   29.887626][  T364] ==================================================================
[   29.895554][  T364] Disabling lock debugging due to kernel taint
[   29.912854][  T364] ------------[ cut here ]------------
[   29.918229][  T364] kernel BUG at fs/ext4/extents.c:3374!
[   29.923866][  T364] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   29.929750][  T364] CPU: 0 PID: 364 Comm: syz-executor426 Tainted: G    B             5.4.289-syzkaller-00011-g39762b7a60e9 #0
[   29.941278][  T364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   29.951975][  T364] RIP: 0010:ext4_split_extent_at+0xc54/0x1110
[   29.957867][  T364] Code: ff e8 80 a2 a1 ff 4c 89 ef 48 8d b4 24 00 01 00 00 e8 60 3e 00 00 e9 2c fa ff ff b0 01 84 c0 0f 84 27 f6 ff ff e8 5c a2 a1 ff <0f> 0b 89 d9 80 e1 07 fe c1 38 c1 0f 8c be f4 ff ff 48 89 df e8 53
[   29.978501][  T364] RSP: 0018:ffff8881ee1f7900 EFLAGS: 00010293
[   29.984508][  T364] RAX: ffffffff81c2a814 RBX: 0000000000000001 RCX: ffff8881f0cfbf00
[   29.992318][  T364] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   30.000212][  T364] RBP: ffff8881ee1f7a70 R08: ffffffff81c29e1f R09: ffff8881ee1f7a00
[   30.008105][  T364] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000000
[   30.015916][  T364] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   30.024453][  T364] FS:  00007fe64e3ed6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   30.033296][  T364] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   30.039892][  T364] CR2: 00007f8a5e14bed8 CR3: 00000001dfe74000 CR4: 00000000003406b0
[   30.047705][  T364] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   30.055613][  T364] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   30.063518][  T364] Call Trace:
[   30.066635][  T364]  ? __die+0xb4/0x100
[   30.070447][  T364]  ? die+0x26/0x50
[   30.074179][  T364]  ? do_trap+0x1e7/0x340
[   30.078257][  T364]  ? ext4_split_extent_at+0xc54/0x1110
[   30.083643][  T364]  ? ext4_split_extent_at+0xc54/0x1110
[   30.088953][  T364]  ? do_invalid_op+0xfb/0x110
[   30.093661][  T364]  ? ext4_split_extent_at+0xc54/0x1110
[   30.098942][  T364]  ? invalid_op+0x1e/0x30
[   30.103106][  T364]  ? ext4_split_extent_at+0x25f/0x1110
[   30.108406][  T364]  ? ext4_split_extent_at+0xc54/0x1110
[   30.113693][  T364]  ? ext4_split_extent_at+0xc54/0x1110
[   30.119007][  T364]  ? check_panic_on_warn+0x5e/0xa0
[   30.123941][  T364]  ? ext4_ext_shift_extents+0x16c0/0x16c0
[   30.129493][  T364]  ext4_ext_remove_space+0x6f3/0x4ba0
[   30.134712][  T364]  ? ext4_es_insert_extent+0x2d70/0x2d70
[   30.140257][  T364]  ? _raw_spin_lock+0xa4/0x1b0
[   30.144941][  T364]  ? _raw_write_lock+0xa4/0x170
[   30.149640][  T364]  ? ext4_da_release_space+0x1ba/0x4a0
[   30.155009][  T364]  ? ext4_ext_index_trans_blocks+0x120/0x120
[   30.160821][  T364]  ? ext4_es_remove_extent+0x1f2/0x420
[   30.166363][  T364]  ? ext4_zero_partial_blocks+0x1e0/0x220
[   30.172114][  T364]  ext4_punch_hole+0x6ac/0xad0
[   30.176708][  T364]  ext4_fallocate+0x265/0x570
[   30.181210][  T364]  vfs_fallocate+0x551/0x6b0
[   30.185828][  T364]  __x64_sys_fallocate+0xb9/0x100
[   30.190665][  T364]  do_syscall_64+0xca/0x1c0
[   30.195103][  T364]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   30.201296][  T364] RIP: 0033:0x7fe64e436669
[   30.205552][  T364] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   30.224996][  T364] RSP: 002b:00007fe64e3ed168 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[   30.233433][  T364] RAX: ffffffffffffffda RBX: 00007fe64e4bf728 RCX: 00007fe64e436669
[   30.241605][  T364] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000005
[   30.249410][  T364] RBP: 00007fe64e4bf720 R08: 00007fe64e3ed6c0 R09: 0000000000000000
[   30.257222][  T364] R10: 0000000000001a00 R11: 0000000000000246 R12: 00007fe64e4bf72c
[   30.265031][  T364] R13: 0000000000000006 R14: 00007ffd59e68ee0 R15: 00007ffd59e68fc8
[   30.272850][  T364] Modules linked in:
[   30.277296][  T364] ---[ end trace b4a6d822cfff3d9d ]---
[   30.282718][  T364] RIP: 0010:ext4_split_extent_at+0xc54/0x1110
[   30.288637][  T364] Code: ff e8 80 a2 a1 ff 4c 89 ef 48 8d b4 24 00 01 00 00 e8 60 3e 00 00 e9 2c fa ff ff b0 01 84 c0 0f 84 27 f6 ff ff e8 5c a2 a1 ff <0f> 0b 89 d9 80 e1 07 fe c1 38 c1 0f 8c be f4 ff ff 48 89 df e8 53
[   30.308727][  T364] RSP: 0018:ffff8881ee1f7900 EFLAGS: 00010293
[   30.314649][  T364] RAX: ffffffff81c2a814 RBX: 0000000000000001 RCX: ffff8881f0cfbf00
[   30.322981][  T364] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   30.330953][  T364] RBP: ffff8881ee1f7a70 R08: ffffffff81c29e1f R09: ffff8881ee1f7a00
[   30.338809][  T364] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000000
[   30.346678][  T364] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   30.354921][  T364] FS:  00007fe64e3ed6c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   30.363709][  T364] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   30.370250][  T364] CR2: 0000559965d246a0 CR3: 00000001dfe74000 CR4: 00000000003406a0
[   30.378178][  T364] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   30.386204][  T364] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   30.394140][  T364] Kernel panic - not syncing: Fatal exception
[   30.400201][  T364] Kernel Offset: disabled
[   30.404340][  T364] Rebooting in 86400 seconds..