Warning: Permanently added '10.128.0.54' (ED25519) to the list of known hosts. executing program [ 29.853951][ T30] audit: type=1400 audit(1746850010.732:64): avc: denied { execmem } for pid=281 comm="syz-executor593" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 29.888766][ T30] audit: type=1400 audit(1746850010.742:65): avc: denied { read write } for pid=281 comm="syz-executor593" name="loop0" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 29.892222][ T285] loop0: detected capacity change from 0 to 512 [ 29.926597][ T30] audit: type=1400 audit(1746850010.742:66): avc: denied { open } for pid=281 comm="syz-executor593" path="/dev/loop0" dev="devtmpfs" ino=116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 29.972570][ T30] audit: type=1400 audit(1746850010.742:67): avc: denied { ioctl } for pid=281 comm="syz-executor593" path="/dev/loop0" dev="devtmpfs" ino=116 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 30.037897][ T30] audit: type=1400 audit(1746850010.922:68): avc: denied { mounton } for pid=284 comm="syz-executor593" path="/root/syzkaller.dzd10u/0/file1" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 30.050965][ T285] EXT4-fs (loop0): 1 orphan inode deleted [ 30.082550][ T285] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,bsddf,lazytime,. Quota mode: writeback. [ 30.114705][ T30] audit: type=1400 audit(1746850011.002:69): avc: denied { mount } for pid=284 comm="syz-executor593" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 30.114715][ T285] ext4 filesystem being mounted at /root/syzkaller.dzd10u/0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 30.161248][ T30] audit: type=1400 audit(1746850011.042:70): avc: denied { write } for pid=284 comm="syz-executor593" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 30.191381][ T30] audit: type=1400 audit(1746850011.042:71): avc: denied { add_name } for pid=284 comm="syz-executor593" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 30.215423][ T30] audit: type=1400 audit(1746850011.042:72): avc: denied { create } for pid=284 comm="syz-executor593" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 30.240895][ T30] audit: type=1400 audit(1746850011.102:73): avc: denied { write open } for pid=284 comm="syz-executor593" path="/root/syzkaller.dzd10u/0/file1/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 30.299773][ T290] ================================================================== [ 30.311211][ T290] BUG: KASAN: use-after-free in ext4_find_extent+0xbeb/0xe20 [ 30.325150][ T290] Read of size 4 at addr ffff888112f84610 by task syz-executor593/290 [ 30.338123][ T290] [ 30.342298][ T290] CPU: 1 PID: 290 Comm: syz-executor593 Not tainted 5.15.181-syzkaller-00405-gf93c8b5a9e60 #0 [ 30.354440][ T290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 30.365031][ T290] Call Trace: [ 30.368318][ T290] [ 30.371781][ T290] __dump_stack+0x21/0x30 [ 30.377817][ T290] dump_stack_lvl+0xee/0x150 [ 30.382776][ T290] ? show_regs_print_info+0x20/0x20 [ 30.388841][ T290] ? load_image+0x3a0/0x3a0 [ 30.394825][ T290] print_address_description+0x7f/0x2c0 [ 30.403602][ T290] ? ext4_find_extent+0xbeb/0xe20 [ 30.409641][ T290] kasan_report+0xf1/0x140 [ 30.414333][ T290] ? ext4_find_extent+0xbeb/0xe20 [ 30.419912][ T290] __asan_report_load4_noabort+0x14/0x20 [ 30.426347][ T290] ext4_find_extent+0xbeb/0xe20 [ 30.431349][ T290] ? ext4_ext_remove_space+0x1a0/0x4180 [ 30.437851][ T290] ext4_ext_remove_space+0x2bc/0x4180 [ 30.443970][ T290] ? ext4_es_free_extent+0x3de/0x4c0 [ 30.449815][ T290] ? _raw_spin_unlock+0x4d/0x70 [ 30.455234][ T290] ? ext4_da_release_space+0x1d6/0x480 [ 30.462887][ T290] ? ext4_ext_index_trans_blocks+0x120/0x120 [ 30.470196][ T290] ? ext4_es_remove_extent+0x1d9/0x330 [ 30.476532][ T290] ext4_punch_hole+0x77c/0xbd0 [ 30.482597][ T290] ext4_fallocate+0x2b6/0x1de0 [ 30.488483][ T290] ? selinux_file_permission+0x2aa/0x510 [ 30.494860][ T290] ? fsnotify_perm+0x67/0x5b0 [ 30.499962][ T290] vfs_fallocate+0x4b4/0x590 [ 30.504748][ T290] __x64_sys_fallocate+0xc0/0x110 [ 30.509966][ T290] x64_sys_call+0x7ec/0x9a0 [ 30.514580][ T290] do_syscall_64+0x4c/0xa0 [ 30.519753][ T290] ? clear_bhb_loop+0x35/0x90 [ 30.524931][ T290] ? clear_bhb_loop+0x35/0x90 [ 30.531243][ T290] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 30.540422][ T290] RIP: 0033:0x7fea8e6f0c09 [ 30.545592][ T290] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 30.567495][ T290] RSP: 002b:00007fea8e687168 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 30.577780][ T290] RAX: ffffffffffffffda RBX: 00007fea8e779718 RCX: 00007fea8e6f0c09 [ 30.587830][ T290] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 30.598086][ T290] RBP: 00007fea8e779710 R08: 00007fea8e6876c0 R09: 0000000000000000 [ 30.606799][ T290] R10: 0000000000001a00 R11: 0000000000000246 R12: 00007fea8e77971c [ 30.615997][ T290] R13: 000000000000006e R14: 00007fff58981830 R15: 00007fff58981918 [ 30.626707][ T290] [ 30.630364][ T290] [ 30.633316][ T290] The buggy address belongs to the page: [ 30.640920][ T290] page:ffffea00044be100 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x112f84 [ 30.652396][ T290] flags: 0x4000000000000000(zone=1) [ 30.657970][ T290] raw: 4000000000000000 ffffea00044bdfc8 ffffea00044be208 0000000000000000 [ 30.666933][ T290] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 30.675520][ T290] page dumped because: kasan: bad access detected [ 30.682007][ T290] page_owner tracks the page as freed [ 30.688008][ T290] page last allocated via order 0, migratetype Movable, gfp_mask 0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 272, ts 22960372679, free_ts 22984140913 [ 30.703874][ T290] post_alloc_hook+0x192/0x1b0 [ 30.708653][ T290] prep_new_page+0x1c/0x110 [ 30.713174][ T290] get_page_from_freelist+0x2cc5/0x2d50 [ 30.718925][ T290] __alloc_pages+0x18f/0x440 [ 30.723565][ T290] handle_pte_fault+0xe89/0x2680 [ 30.728694][ T290] do_handle_mm_fault+0x1a6d/0x1d50 [ 30.734983][ T290] do_user_addr_fault+0x841/0x1180 [ 30.740626][ T290] exc_page_fault+0x51/0xb0 [ 30.746499][ T290] asm_exc_page_fault+0x27/0x30 [ 30.751890][ T290] page last free stack trace: [ 30.756733][ T290] free_unref_page_prepare+0x542/0x550 [ 30.762381][ T290] free_unref_page_list+0x134/0x9d0 [ 30.768729][ T290] release_pages+0x1076/0x10d0 [ 30.773935][ T290] free_pages_and_swap_cache+0x86/0xa0 [ 30.779714][ T290] tlb_finish_mmu+0x175/0x300 [ 30.784694][ T290] unmap_region+0x315/0x360 [ 30.789561][ T290] __do_munmap+0xa0e/0xfe0 [ 30.794087][ T290] __vm_munmap+0x15b/0x2a0 [ 30.798713][ T290] __x64_sys_munmap+0x6b/0x80 [ 30.803782][ T290] x64_sys_call+0xc9/0x9a0 [ 30.808375][ T290] do_syscall_64+0x4c/0xa0 [ 30.813420][ T290] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 30.820151][ T290] [ 30.823919][ T290] Memory state around the buggy address: [ 30.830867][ T290] ffff888112f84500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.840209][ T290] ffff888112f84580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.849345][ T290] >ffff888112f84600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.857855][ T290] ^ [ 30.862550][ T290] ffff888112f84680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.871166][ T290] ffff888112f84700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.879731][ T290] ================================================================== [ 30.889141][ T290] Disabling lock debugging due to kernel taint [ 30.904574][ T290] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5866: Corrupt filesystem [ 30.916813][ T290] EXT4-fs (loop0): Remounting filesystem read-only [ 30.925306][ T290] EXT4-fs error (device loop0): ext4_dirty_inode:6070: inode #18: comm syz-executor593: mark_inode_dirty error [ 30.941097][ T290] EXT4-fs (loop0): Remounting filesystem read-only [ 30.950298][ T290] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:476: comm syz-executor593: Invalid block bitmap block 0 in block_group 0 [ 30.967601][ T290] EXT4-fs (loop0): Remounting filesystem read-only [ 30.975061][ T290] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5866: Corrupt filesystem [ 30.986517][ T290] EXT4-fs (loop0): Remounting filesystem read-only [ 30.993687][ T290] EXT4-fs error (device loop0): ext4_dirty_inode:6070: inode #18: comm syz-executor593: mark_inode_dirty error [ 31.006544][ T290] EXT4-fs (loop0): Remounting filesystem read-only [ 31.013626][ T290] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5866: Corrupt filesystem [ 31.024150][ T290] EXT4-fs (loop0): Remounting filesystem read-only [ 31.030777][ T290] EXT4-fs error (device loop0): ext4_punch_hole:4144: inode #18: comm syz-executor593: mark_inode_dirty error [ 31.043303][ T290] EXT4-fs (loop0): Remounting filesystem read-only [ 31.145004][ T281] EXT4-fs error (device loop0): ext4_map_blocks:630: inode #2: block 3: comm syz-executor593: lblock 0 mapped to illegal pblock 3 (length 1) [ 31.160579][ T281] EXT4-fs (loop0): Remounting filesystem read-only [ 35.096582][ T286] EXT4-fs warning (device loop0): kmmpd:170: kmmpd being stopped since MMP feature has been disabled.