Warning: Permanently added '10.128.0.114' (ED25519) to the list of known hosts. 2024/06/08 18:01:36 ignoring optional flag "sandboxArg"="0" 2024/06/08 18:01:37 parsed 1 programs [ 32.805407][ T300] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 32.807531][ T24] audit: type=1400 audit(1717869697.080:66): avc: denied { relabelto } for pid=300 comm="mkswap" name="swap-file" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 32.811193][ T24] audit: type=1400 audit(1717869697.080:67): avc: denied { write } for pid=300 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 32.826045][ T24] audit: type=1400 audit(1717869697.090:68): avc: denied { read } for pid=299 comm="syz-executor" name="swap-file" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 32.844958][ T308] cgroup: Unknown subsys name 'net' [ 32.857184][ T299] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 32.861314][ T24] audit: type=1400 audit(1717869697.090:69): avc: denied { open } for pid=299 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 32.891799][ T308] cgroup: Unknown subsys name 'devices' [ 32.898618][ T24] audit: type=1400 audit(1717869697.100:70): avc: denied { create } for pid=307 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 32.918843][ T24] audit: type=1400 audit(1717869697.100:71): avc: denied { write } for pid=307 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 32.938878][ T24] audit: type=1400 audit(1717869697.100:72): avc: denied { read } for pid=307 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 32.958878][ T24] audit: type=1400 audit(1717869697.100:73): avc: denied { module_request } for pid=307 comm="syz-executor" kmod="netdev-wpan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 32.980427][ T24] audit: type=1400 audit(1717869697.110:74): avc: denied { mounton } for pid=309 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 33.004902][ T24] audit: type=1400 audit(1717869697.110:75): avc: denied { mount } for pid=309 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 33.148274][ T308] cgroup: Unknown subsys name 'hugetlb' [ 33.153718][ T308] cgroup: Unknown subsys name 'rlimit' [ 33.336761][ T323] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 33.476831][ T341] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.483673][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.490969][ T341] device bridge_slave_0 entered promiscuous mode [ 33.498373][ T341] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.505460][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.512880][ T341] device bridge_slave_1 entered promiscuous mode [ 33.543529][ T341] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.550384][ T341] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.557549][ T341] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.564364][ T341] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.580027][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 33.588017][ T15] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.595189][ T15] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.613533][ T341] device veth0_vlan entered promiscuous mode [ 33.620026][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.628247][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.635963][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.643935][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.651153][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 33.659094][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 33.665906][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 33.673092][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 33.681001][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 33.687742][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 33.695003][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 33.702741][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.713628][ T341] device veth1_macvtap entered promiscuous mode [ 33.721107][ T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.731805][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 33.739987][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 2024/06/08 18:01:38 executed programs: 0 [ 34.028576][ T375] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.035671][ T375] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.043064][ T375] device bridge_slave_0 entered promiscuous mode [ 34.049686][ T375] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.056586][ T375] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.063811][ T375] device bridge_slave_1 entered promiscuous mode [ 34.091929][ T375] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.098785][ T375] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.105851][ T375] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.112675][ T375] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.127986][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 34.135791][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.142852][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.157236][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 34.165419][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.172362][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 34.179648][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 34.188082][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.195032][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.202404][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 34.210292][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 34.224889][ T346] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 34.235126][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 34.243052][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 34.250986][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 34.262200][ T375] device veth0_vlan entered promiscuous mode [ 34.270875][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 34.279607][ T375] device veth1_macvtap entered promiscuous mode [ 34.289847][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 34.298503][ T53] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 34.339147][ T380] ====================================================== [ 34.339147][ T380] WARNING: the mand mount option is being deprecated and [ 34.339147][ T380] will be removed in v5.15! [ 34.339147][ T380] ====================================================== [ 34.428614][ T380] EXT4-fs (loop0): 1 orphan inode deleted [ 34.434236][ T380] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota, [ 34.453355][ T380] ext4 filesystem being mounted at /root/syzkaller-testdir3280391795/syzkaller.CgvULX/0/file1 supports timestamps until 2038 (0x7fffffff) [ 34.475540][ T384] EXT4-fs error (device loop0): ext4_free_blocks:5683: comm syz-executor: Freeing blocks not in datazone - block = 41, count = 1 [ 34.489036][ T384] EXT4-fs (loop0): Remounting filesystem read-only [ 34.495444][ T384] ================================================================== [ 34.503346][ T384] BUG: KASAN: out-of-bounds in ext4_ext_remove_space+0x1fbc/0x4e10 [ 34.511049][ T384] Read of size 18446744073709551604 at addr ffff88811f668018 by task syz-executor/384 [ 34.520531][ T384] [ 34.522918][ T384] CPU: 1 PID: 384 Comm: syz-executor Not tainted 5.10.214-syzkaller-00114-gd3c4d815bf09 #0 [ 34.532940][ T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 34.542842][ T384] Call Trace: [ 34.545964][ T384] dump_stack_lvl+0x1e2/0x24b [ 34.550536][ T384] ? bfq_pos_tree_add_move+0x43b/0x43b [ 34.555776][ T384] ? panic+0x80b/0x80b [ 34.559679][ T384] print_address_description+0x81/0x3b0 [ 34.565055][ T384] kasan_report+0x179/0x1c0 [ 34.569394][ T384] ? ext4_ext_remove_space+0x1fbc/0x4e10 [ 34.574866][ T384] ? ext4_ext_remove_space+0x1fbc/0x4e10 [ 34.580338][ T384] kasan_check_range+0x293/0x2a0 [ 34.585099][ T384] ? ext4_ext_remove_space+0x1fbc/0x4e10 [ 34.590566][ T384] memmove+0x2d/0x70 [ 34.594296][ T384] ext4_ext_remove_space+0x1fbc/0x4e10 [ 34.599597][ T384] ? _raw_spin_trylock_bh+0x190/0x190 [ 34.604800][ T384] ? _raw_write_lock+0xa4/0x170 [ 34.609489][ T384] ? ext4_ext_index_trans_blocks+0x120/0x120 [ 34.615300][ T384] ? ext4_es_remove_extent+0x297/0x460 [ 34.620596][ T384] ? ext4_zero_partial_blocks+0x1e5/0x220 [ 34.626151][ T384] ext4_punch_hole+0x720/0xb10 [ 34.630760][ T384] ext4_fallocate+0x2e8/0x1ca0 [ 34.635352][ T384] ? _copy_from_user+0x96/0xd0 [ 34.639952][ T384] ? ext4_ext_truncate+0x200/0x200 [ 34.644909][ T384] ? fsnotify_perm+0x67/0x4e0 [ 34.649414][ T384] ? security_file_permission+0x7b/0xb0 [ 34.654806][ T384] ? preempt_count_add+0x92/0x1a0 [ 34.659657][ T384] vfs_fallocate+0x492/0x570 [ 34.664082][ T384] __x64_sys_fallocate+0xc0/0x110 [ 34.668952][ T384] do_syscall_64+0x34/0x70 [ 34.673195][ T384] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 34.678941][ T384] RIP: 0033:0x7f672b8c7f69 [ 34.683176][ T384] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 34.702646][ T384] RSP: 002b:00007f672b4290c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 34.710861][ T384] RAX: ffffffffffffffda RBX: 00007f672b9ff050 RCX: 00007f672b8c7f69 [ 34.718675][ T384] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 34.726480][ T384] RBP: 00007f672b9256fe R08: 0000000000000000 R09: 0000000000000000 [ 34.734297][ T384] R10: 0000000000001a00 R11: 0000000000000246 R12: 0000000000000000 [ 34.742104][ T384] R13: 000000000000000b R14: 00007f672b9ff050 R15: 00007fffbb612aa8 [ 34.749924][ T384] [ 34.752082][ T384] The buggy address belongs to the page: [ 34.757571][ T384] page:ffffea00047d9a00 refcount:2 mapcount:0 mapping:ffff8881092a0f50 index:0x27 pfn:0x11f668 [ 34.767711][ T384] aops:def_blk_aops ino:0 [ 34.771879][ T384] flags: 0x4000000000002036(referenced|uptodate|lru|active|private) [ 34.779688][ T384] raw: 4000000000002036 ffffea00047d9988 ffff88811fec6030 ffff8881092a0f50 [ 34.788105][ T384] raw: 0000000000000027 ffff88811ccf6348 00000002ffffffff ffff88811ff2a000 [ 34.796517][ T384] page dumped because: kasan: bad access detected [ 34.802768][ T384] page->mem_cgroup:ffff88811ff2a000 [ 34.807813][ T384] page_owner tracks the page as allocated [ 34.813365][ T384] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 380, ts 34474279470, free_ts 34321881160 [ 34.830204][ T384] prep_new_page+0x166/0x180 [ 34.834635][ T384] get_page_from_freelist+0x2d8c/0x2f30 [ 34.840024][ T384] __alloc_pages_nodemask+0x435/0xaf0 [ 34.845228][ T384] pagecache_get_page+0x669/0x950 [ 34.850083][ T384] __getblk_gfp+0x221/0x7e0 [ 34.854417][ T384] ext4_ext_insert_extent+0xf88/0x4d20 [ 34.859803][ T384] ext4_split_extent_at+0x812/0x1110 [ 34.864916][ T384] ext4_split_extent+0x1bd/0x4e0 [ 34.869689][ T384] ext4_ext_map_blocks+0x2206/0x6ee0 [ 34.874811][ T384] ext4_map_blocks+0xa65/0x1d10 [ 34.879498][ T384] _ext4_get_block+0x21b/0x610 [ 34.884096][ T384] ext4_get_block_unwritten+0x2a/0x40 [ 34.889307][ T384] ext4_block_write_begin+0x61e/0x13b0 [ 34.894602][ T384] ext4_write_begin+0x6fa/0x1730 [ 34.899370][ T384] ext4_da_write_begin+0x49d/0xf60 [ 34.904318][ T384] generic_perform_write+0x2cd/0x570 [ 34.909434][ T384] page last free stack trace: [ 34.913954][ T384] free_unref_page_prepare+0x2ae/0x2d0 [ 34.919247][ T384] free_unref_page_list+0x122/0xb20 [ 34.924280][ T384] release_pages+0xea0/0xef0 [ 34.928707][ T384] free_pages_and_swap_cache+0x8a/0xa0 [ 34.934000][ T384] tlb_finish_mmu+0x177/0x320 [ 34.938513][ T384] unmap_region+0x31c/0x370 [ 34.942853][ T384] __do_munmap+0x699/0x8c0 [ 34.947105][ T384] __se_sys_munmap+0x120/0x1a0 [ 34.951706][ T384] __x64_sys_munmap+0x5b/0x70 [ 34.956744][ T384] do_syscall_64+0x34/0x70 [ 34.960995][ T384] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 34.966719][ T384] [ 34.968900][ T384] Memory state around the buggy address: [ 34.974358][ T384] ffff88811f667f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.982342][ T384] ffff88811f667f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.990245][ T384] >ffff88811f668000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.998134][ T384] ^ [ 35.002828][ T384] ffff88811f668080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.010728][ T384] ffff88811f668100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 35.018706][ T384] ================================================================== [ 35.026602][ T384] Disabling lock debugging due to kernel taint [ 35.036162][ T384] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm syz-executor: Invalid inode table block 0 in block_group 0 [ 35.048980][ T384] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5869: Corrupt filesystem [ 35.058453][ T384] EXT4-fs error (device loop0): __ext4_ext_dirty:182: inode #16: comm syz-executor: mark_inode_dirty error [ 35.069964][ T384] EXT4-fs error (device loop0): __ext4_get_inode_loc:4409: comm syz-executor: Invalid inode table block 0 in block_