Warning: Permanently added '10.128.0.162' (ED25519) to the list of known hosts. 2024/02/28 14:49:25 ignoring optional flag "sandboxArg"="0" 2024/02/28 14:49:25 parsed 1 programs [ 38.175197][ T24] audit: type=1400 audit(1709131765.630:154): avc: denied { mounton } for pid=345 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 38.201447][ T24] audit: type=1400 audit(1709131765.630:155): avc: denied { mount } for pid=345 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 2024/02/28 14:49:25 executed programs: 0 [ 38.224755][ T24] audit: type=1400 audit(1709131765.660:156): avc: denied { unlink } for pid=345 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 38.258901][ T345] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 38.294624][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.301522][ T351] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.308736][ T351] device bridge_slave_0 entered promiscuous mode [ 38.315212][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.322371][ T351] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.329794][ T351] device bridge_slave_1 entered promiscuous mode [ 38.351543][ T24] audit: type=1400 audit(1709131765.810:157): avc: denied { write } for pid=351 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 38.373473][ T24] audit: type=1400 audit(1709131765.830:158): avc: denied { read } for pid=351 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 38.377431][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.402076][ T351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.409172][ T351] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.416169][ T351] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.431212][ T300] bridge0: port 1(bridge_slave_0) entered disabled state [ 38.438427][ T300] bridge0: port 2(bridge_slave_1) entered disabled state [ 38.445609][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 38.453398][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 38.468737][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 38.476907][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 38.485240][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 38.492260][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 38.500437][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 38.508759][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 38.515671][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 38.523125][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 38.531078][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 38.540542][ T351] device veth0_vlan entered promiscuous mode [ 38.548566][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 38.556328][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 38.563598][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 38.571482][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 38.580347][ T351] device veth1_macvtap entered promiscuous mode [ 38.588495][ T300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 38.598418][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 38.611720][ T24] audit: type=1400 audit(1709131766.070:159): avc: denied { mounton } for pid=351 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=357 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 38.639593][ T24] audit: type=1400 audit(1709131766.100:160): avc: denied { mounton } for pid=356 comm="syz-executor.0" path="/root/syzkaller-testdir1049812997/syzkaller.46D1YF/0/file1" dev="sda1" ino=1939 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 38.669578][ T357] EXT4-fs (loop0): 1 orphan inode deleted [ 38.675187][ T357] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 38.684376][ T357] ext4 filesystem being mounted at /root/syzkaller-testdir1049812997/syzkaller.46D1YF/0/file1 supports timestamps until 2038 (0x7fffffff) [ 38.684613][ T24] audit: type=1400 audit(1709131766.140:161): avc: denied { mount } for pid=356 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 38.712161][ T356] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:476: comm syz-executor.0: Invalid block bitmap block 0 in block_group 0 [ 38.721346][ T24] audit: type=1400 audit(1709131766.160:162): avc: denied { write } for pid=356 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 38.734998][ T356] EXT4-fs error (device loop0): ext4_discard_preallocations:4567: comm syz-executor.0: Error -117 reading block bitmap for 0 [ 38.757404][ T24] audit: type=1400 audit(1709131766.160:163): avc: denied { add_name } for pid=356 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 38.791108][ T7] ================================================================== [ 38.799078][ T7] BUG: KASAN: use-after-free in ext4_find_extent+0xbab/0xdb0 [ 38.806444][ T7] Read of size 4 at addr ffff8881228a5058 by task kworker/u4:0/7 [ 38.813988][ T7] [ 38.816309][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.10.209-syzkaller-999849-gdd976ecce2ce #0 [ 38.826043][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 38.837667][ T7] Workqueue: writeback wb_workfn (flush-7:0) [ 38.843655][ T7] Call Trace: [ 38.846789][ T7] dump_stack_lvl+0x1e2/0x24b [ 38.851479][ T7] ? bfq_pos_tree_add_move+0x43b/0x43b [ 38.856937][ T7] ? panic+0x80b/0x80b [ 38.860842][ T7] ? __getblk_gfp+0x3d/0x7e0 [ 38.865269][ T7] print_address_description+0x81/0x3b0 [ 38.870651][ T7] kasan_report+0x179/0x1c0 [ 38.875270][ T7] ? ext4_find_extent+0xbab/0xdb0 [ 38.880144][ T7] ? ext4_find_extent+0xbab/0xdb0 [ 38.886106][ T7] __asan_report_load4_noabort+0x14/0x20 [ 38.892134][ T7] ext4_find_extent+0xbab/0xdb0 [ 38.896828][ T7] ext4_ext_map_blocks+0x26d/0x6be0 [ 38.901961][ T7] ? _raw_spin_lock+0x1b0/0x1b0 [ 38.906621][ T7] ? stack_trace_save+0x113/0x1c0 [ 38.911613][ T7] ? __stack_depot_save+0x468/0x4d0 [ 38.916630][ T7] ? ext4_ext_release+0x10/0x10 [ 38.921338][ T7] ? slab_post_alloc_hook+0x61/0x2f0 [ 38.926528][ T7] ? kmem_cache_alloc+0x168/0x2e0 [ 38.931393][ T7] ? ext4_alloc_io_end_vec+0x2a/0x170 [ 38.936705][ T7] ? ext4_writepages+0x122f/0x3c00 [ 38.941631][ T7] ? do_writepages+0x12e/0x270 [ 38.946227][ T7] ? __writeback_single_inode+0xd7/0xac0 [ 38.951797][ T7] ? writeback_sb_inodes+0x99c/0x16b0 [ 38.957085][ T7] ? wb_writeback+0x404/0xc60 [ 38.970185][ T7] ? wb_workfn+0x3d9/0x1110 [ 38.974502][ T7] ? process_one_work+0x6dc/0xbd0 [ 38.979390][ T7] ? worker_thread+0xaea/0x1510 [ 38.984047][ T7] ? kthread+0x34b/0x3d0 [ 38.988576][ T7] ? ret_from_fork+0x1f/0x30 [ 38.992990][ T7] ? _raw_read_unlock+0x25/0x40 [ 38.997675][ T7] ? ext4_es_lookup_extent+0x33b/0x940 [ 39.003405][ T7] ext4_map_blocks+0xaa7/0x1ec0 [ 39.008098][ T7] ? ext4_issue_zeroout+0x1b0/0x1b0 [ 39.013131][ T7] ? ext4_inode_journal_mode+0x1a5/0x470 [ 39.018702][ T7] ext4_writepages+0x148b/0x3c00 [ 39.023652][ T7] ? ext4_readpage+0x230/0x230 [ 39.028320][ T7] ? psi_task_change+0x1e6/0x360 [ 39.033525][ T7] ? check_preempt_wakeup+0x6b3/0xbb0 [ 39.038866][ T7] ? __update_load_avg_cfs_rq+0xb1/0x2f0 [ 39.044315][ T7] ? update_load_avg+0x541/0x1690 [ 39.049326][ T7] ? ext4_readpage+0x230/0x230 [ 39.054096][ T7] do_writepages+0x12e/0x270 [ 39.058551][ T7] ? __writepage+0x130/0x130 [ 39.062946][ T7] ? __kasan_check_write+0x14/0x20 [ 39.067981][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 39.072668][ T7] ? __kasan_check_write+0x14/0x20 [ 39.077615][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 39.082395][ T7] __writeback_single_inode+0xd7/0xac0 [ 39.087706][ T7] writeback_sb_inodes+0x99c/0x16b0 [ 39.092734][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 39.097495][ T7] ? queue_io+0x520/0x520 [ 39.101747][ T7] ? writeback_sb_inodes+0x16b0/0x16b0 [ 39.107153][ T7] ? queue_io+0x3d3/0x520 [ 39.111754][ T7] wb_writeback+0x404/0xc60 [ 39.116612][ T7] ? wb_io_lists_depopulated+0x180/0x180 [ 39.122260][ T7] ? set_worker_desc+0x158/0x1c0 [ 39.127018][ T7] ? update_load_avg+0x541/0x1690 [ 39.132028][ T7] ? __kasan_check_write+0x14/0x20 [ 39.137148][ T7] wb_workfn+0x3d9/0x1110 [ 39.141312][ T7] ? inode_wait_for_writeback+0x280/0x280 [ 39.147507][ T7] ? _raw_spin_unlock_irq+0x4e/0x70 [ 39.152661][ T7] ? finish_task_switch+0x130/0x5a0 [ 39.157772][ T7] ? __switch_to_asm+0x34/0x60 [ 39.162992][ T7] ? __kasan_check_read+0x11/0x20 [ 39.167920][ T7] ? read_word_at_a_time+0x12/0x20 [ 39.172963][ T7] ? strscpy+0x9c/0x260 [ 39.176967][ T7] process_one_work+0x6dc/0xbd0 [ 39.181846][ T7] worker_thread+0xaea/0x1510 [ 39.186443][ T7] kthread+0x34b/0x3d0 [ 39.190425][ T7] ? worker_clr_flags+0x180/0x180 [ 39.195703][ T7] ? kthread_blkcg+0xd0/0xd0 [ 39.200411][ T7] ret_from_fork+0x1f/0x30 [ 39.204711][ T7] [ 39.206924][ T7] The buggy address belongs to the page: [ 39.212353][ T7] page:ffffea00048a2940 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1228a5 [ 39.222520][ T7] flags: 0x4000000000000000() [ 39.227137][ T7] raw: 4000000000000000 ffffea00048a2988 ffffea00048a2908 0000000000000000 [ 39.235801][ T7] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 39.244783][ T7] page dumped because: kasan: bad access detected [ 39.251119][ T7] page_owner info is not present (never set?) [ 39.257184][ T7] [ 39.259376][ T7] Memory state around the buggy address: [ 39.265220][ T7] ffff8881228a4f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.273639][ T7] ffff8881228a4f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.282007][ T7] >ffff8881228a5000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.290068][ T7] ^ [ 39.297189][ T7] ffff8881228a5080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.305008][ T7] ffff8881228a5100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 39.312920][ T7] ================================================================== [ 39.320970][ T7] Disabling lock debugging due to kernel taint [ 39.328944][ T7] ------------[ cut here ]------------ [ 39.334307][ T7] kernel BUG at fs/ext4/inode.c:2452! [ 39.339764][ T7] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 39.345549][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Tainted: G B 5.10.209-syzkaller-999849-gdd976ecce2ce #0 [ 39.357281][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 39.367718][ T7] Workqueue: writeback wb_workfn (flush-7:0) [ 39.373639][ T7] RIP: 0010:ext4_writepages+0x3b44/0x3c00 [ 39.379535][ T7] Code: 00 74 08 48 89 df e8 8b f0 c9 ff 48 8b 3b 48 8b 74 24 28 48 8b 54 24 50 44 89 e1 45 89 f8 e8 13 d2 07 00 eb 5d e8 ec 78 8c ff <0f> 0b e8 e5 78 8c ff eb 3b e8 de 78 8c ff eb 77 e8 d7 78 8c ff 31 [ 39.398975][ T7] RSP: 0018:ffffc900000770a0 EFLAGS: 00010293 [ 39.405137][ T7] RAX: ffffffff81de2f04 RBX: dffffc0000000000 RCX: ffff888100252780 [ 39.412975][ T7] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 39.420908][ T7] RBP: ffffc90000077490 R08: ffffffff81de0b09 R09: ffffed1023804d6e [ 39.428664][ T7] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc900000773b0 [ 39.436474][ T7] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 39.444278][ T7] FS: 0000000000000000(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000 [ 39.453057][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.459671][ T7] CR2: 0000555555c64818 CR3: 000000010ba14000 CR4: 00000000003506a0 [ 39.467479][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 39.475389][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 39.483907][ T7] Call Trace: [ 39.487129][ T7] ? __die_body+0x62/0xb0 [ 39.491474][ T7] ? die+0x88/0xb0 [ 39.495017][ T7] ? do_trap+0x1a4/0x310 [ 39.499181][ T7] ? ext4_writepages+0x3b44/0x3c00 [ 39.504213][ T7] ? handle_invalid_op+0x95/0xc0 [ 39.509076][ T7] ? ext4_writepages+0x3b44/0x3c00 [ 39.514110][ T7] ? exc_invalid_op+0x32/0x50 [ 39.518649][ T7] ? asm_exc_invalid_op+0x12/0x20 [ 39.523561][ T7] ? ext4_writepages+0x1749/0x3c00 [ 39.528629][ T7] ? ext4_writepages+0x3b44/0x3c00 [ 39.533565][ T7] ? ext4_writepages+0x3b44/0x3c00 [ 39.538630][ T7] ? ext4_readpage+0x230/0x230 [ 39.543184][ T7] ? psi_task_change+0x1e6/0x360 [ 39.548044][ T7] ? check_preempt_wakeup+0x6b3/0xbb0 [ 39.553356][ T7] ? __update_load_avg_cfs_rq+0xb1/0x2f0 [ 39.559066][ T7] ? update_load_avg+0x541/0x1690 [ 39.564636][ T7] ? ext4_readpage+0x230/0x230 [ 39.569237][ T7] do_writepages+0x12e/0x270 [ 39.573683][ T7] ? __writepage+0x130/0x130 [ 39.578320][ T7] ? __kasan_check_write+0x14/0x20 [ 39.583243][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 39.587924][ T7] ? __kasan_check_write+0x14/0x20 [ 39.593130][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 39.597720][ T7] __writeback_single_inode+0xd7/0xac0 [ 39.604120][ T7] writeback_sb_inodes+0x99c/0x16b0 [ 39.609366][ T7] ? _raw_spin_lock+0xa4/0x1b0 [ 39.614182][ T7] ? queue_io+0x520/0x520 [ 39.618462][ T7] ? writeback_sb_inodes+0x16b0/0x16b0 [ 39.623734][ T7] ? queue_io+0x3d3/0x520 [ 39.628010][ T7] wb_writeback+0x404/0xc60 [ 39.632336][ T7] ? wb_io_lists_depopulated+0x180/0x180 [ 39.637974][ T7] ? set_worker_desc+0x158/0x1c0 [ 39.643005][ T7] ? update_load_avg+0x541/0x1690 [ 39.648069][ T7] ? __kasan_check_write+0x14/0x20 [ 39.653194][ T7] wb_workfn+0x3d9/0x1110 [ 39.658266][ T7] ? inode_wait_for_writeback+0x280/0x280 [ 39.663811][ T7] ? _raw_spin_unlock_irq+0x4e/0x70 [ 39.669020][ T7] ? finish_task_switch+0x130/0x5a0 [ 39.674222][ T7] ? __switch_to_asm+0x34/0x60 [ 39.679221][ T7] ? __kasan_check_read+0x11/0x20 [ 39.684074][ T7] ? read_word_at_a_time+0x12/0x20 [ 39.689157][ T7] ? strscpy+0x9c/0x260 [ 39.693602][ T7] process_one_work+0x6dc/0xbd0 [ 39.698907][ T7] worker_thread+0xaea/0x1510 [ 39.703415][ T7] kthread+0x34b/0x3d0 [ 39.707315][ T7] ? worker_clr_flags+0x180/0x180 [ 39.712361][ T7] ? kthread_blkcg+0xd0/0xd0 [ 39.716769][ T7] ret_from_fork+0x1f/0x30 [ 39.721208][ T7] Modules linked in: [ 39.725425][ T7] ---[ end trace 1090497bdf8e2dc0 ]--- [ 39.730802][ T7] RIP: 0010:ext4_writepages+0x3b44/0x3c00 [ 39.736437][ T7] Code: 00 74 08 48 89 df e8 8b f0 c9 ff 48 8b 3b 48 8b 74 24 28 48 8b 54 24 50 44 89 e1 45 89 f8 e8 13 d2 07 00 eb 5d e8 ec 78 8c ff <0f> 0b e8 e5 78 8c ff eb 3b e8 de 78 8c ff eb 77 e8 d7 78 8c ff 31 [ 39.756543][ T7] RSP: 0018:ffffc900000770a0 EFLAGS: 00010293 [ 39.762787][ T7] RAX: ffffffff81de2f04 RBX: dffffc0000000000 RCX: ffff888100252780 [ 39.770695][ T7] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 39.778921][ T7] RBP: ffffc90000077490 R08: ffffffff81de0b09 R09: ffffed1023804d6e [ 39.786699][ T7] R10: 0000000000000000 R11: dffffc0000000001 R12: ffffc900000773b0 [ 39.794885][ T7] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 39.803417][ T7] FS: 0000000000000000(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000 [ 39.812545][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.820586][ T7] CR2: 0000560fcd347ab0 CR3: 000000010bb06000 CR4: 00000000003506b0 [ 39.828802][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 39.836752][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 39.844639][ T7] Kernel panic - not syncing: Fatal exception [ 39.850809][ T7] Kernel Offset: disabled [ 39.855510][ T7] Rebooting in 86400 seconds..