Warning: Permanently added '10.128.1.160' (ED25519) to the list of known hosts. 2024/01/30 07:03:43 ignoring optional flag "sandboxArg"="0" 2024/01/30 07:03:43 parsed 1 programs 2024/01/30 07:03:43 executed programs: 0 [ 42.572402][ T23] kauditd_printk_skb: 68 callbacks suppressed [ 42.572411][ T23] audit: type=1400 audit(1706598223.660:144): avc: denied { mounton } for pid=403 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 42.607110][ T23] audit: type=1400 audit(1706598223.670:145): avc: denied { mount } for pid=403 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 42.761117][ T415] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.768255][ T415] bridge0: port 1(bridge_slave_0) entered disabled state [ 42.776531][ T415] device bridge_slave_0 entered promiscuous mode [ 42.787097][ T415] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.794331][ T415] bridge0: port 2(bridge_slave_1) entered disabled state [ 42.802603][ T415] device bridge_slave_1 entered promiscuous mode [ 42.997753][ T420] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.004749][ T420] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.012071][ T420] device bridge_slave_0 entered promiscuous mode [ 43.021098][ T420] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.028084][ T420] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.035540][ T420] device bridge_slave_1 entered promiscuous mode [ 43.045991][ T413] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.052832][ T413] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.060429][ T413] device bridge_slave_0 entered promiscuous mode [ 43.085764][ T23] audit: type=1400 audit(1706598224.180:146): avc: denied { create } for pid=415 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 43.087650][ T413] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.107409][ T23] audit: type=1400 audit(1706598224.180:147): avc: denied { write } for pid=415 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 43.107427][ T23] audit: type=1400 audit(1706598224.180:148): avc: denied { read } for pid=415 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 43.156795][ T413] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.164461][ T413] device bridge_slave_1 entered promiscuous mode [ 43.171050][ T421] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.178612][ T421] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.186319][ T421] device bridge_slave_0 entered promiscuous mode [ 43.195495][ T411] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.202688][ T411] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.210667][ T411] device bridge_slave_0 entered promiscuous mode [ 43.221451][ T421] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.228614][ T421] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.236151][ T421] device bridge_slave_1 entered promiscuous mode [ 43.260314][ T411] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.267248][ T411] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.274635][ T411] device bridge_slave_1 entered promiscuous mode [ 43.337050][ T415] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.343983][ T415] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.351370][ T415] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.358652][ T415] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.412639][ T422] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.419775][ T422] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.427546][ T422] device bridge_slave_0 entered promiscuous mode [ 43.440052][ T422] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.446987][ T422] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.454256][ T422] device bridge_slave_1 entered promiscuous mode [ 43.594448][ T124] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.601535][ T124] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.610757][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.618635][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.657832][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.666456][ T363] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.673372][ T363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.711751][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.720542][ T363] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.727490][ T363] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.736326][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 43.786480][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 43.794438][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 43.822733][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.830289][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.837986][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.847149][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.855308][ T363] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.863004][ T363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 43.870412][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 43.897441][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 43.905733][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 43.913713][ T363] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.920578][ T363] bridge0: port 2(bridge_slave_1) entered forwarding state [ 43.929105][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 43.937677][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 43.946953][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.954330][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.961858][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 43.969466][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 43.976997][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 43.985284][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 43.993426][ T363] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.000438][ T363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.007816][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.016213][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.024326][ T363] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.031493][ T363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.038839][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.047402][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.056228][ T363] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.063196][ T363] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.070749][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.079106][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.087543][ T363] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.094465][ T363] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.101984][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.110030][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.118519][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 44.126482][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 44.143138][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.151573][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.160249][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.168518][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.190279][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.198903][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.207738][ T356] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.214872][ T356] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.222394][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.231710][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.240264][ T356] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.247985][ T356] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.265128][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 44.273114][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.281319][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.289429][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.297726][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.325457][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.333633][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.342031][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 44.351430][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.359334][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.368533][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 44.376839][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.395603][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.403745][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.412560][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.420828][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.429316][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.444994][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 44.453252][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.461746][ T124] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.468710][ T124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.476446][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 44.484688][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.492790][ T124] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.500113][ T124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.507479][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 44.541708][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.551964][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.560567][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.569780][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.578359][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 44.586817][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.594872][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 44.602952][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.611266][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 44.619651][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.635185][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.657383][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.666660][ T124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.682479][ T23] audit: type=1400 audit(1706598225.770:149): avc: denied { mounton } for pid=415 comm="syz-executor.4" path="/dev/binderfs" dev="devtmpfs" ino=813 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 44.712424][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.726081][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 44.734342][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.743303][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 44.748600][ T23] audit: type=1400 audit(1706598225.840:150): avc: denied { mounton } for pid=445 comm="syz-executor.4" path="/root/syzkaller-testdir3666385994/syzkaller.UkOlwP/0/file0" dev="sda1" ino=1947 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 44.752362][ T107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.799665][ T446] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 44.812953][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.816474][ T23] audit: type=1400 audit(1706598225.910:151): avc: denied { mount } for pid=445 comm="syz-executor.4" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 44.823133][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.854096][ T446] EXT4-fs (loop4): re-mounted. Opts: (null) [ 44.869625][ T23] audit: type=1400 audit(1706598225.940:152): avc: denied { mounton } for pid=445 comm="syz-executor.4" path="/root/syzkaller-testdir3666385994/syzkaller.UkOlwP/0/file0/file0" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 44.898852][ T23] audit: type=1400 audit(1706598225.940:153): avc: denied { prog_load } for pid=445 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 44.924119][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 44.933398][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.941984][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 44.942366][ T452] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 44.951129][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.968824][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 44.977419][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.985716][ T452] EXT4-fs (loop0): re-mounted. Opts: (null) [ 44.986122][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.999911][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.009137][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.017349][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.025331][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.033495][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.042253][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.050875][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.084885][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 45.094124][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.102756][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.112198][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.120542][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.128886][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.137574][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.155387][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.164359][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.174523][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.196753][ T459] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 45.207346][ T460] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 45.209813][ T464] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 45.229677][ T459] EXT4-fs (loop4): re-mounted. Opts: (null) [ 45.242162][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.253146][ T460] EXT4-fs (loop3): re-mounted. Opts: (null) [ 45.260214][ T464] EXT4-fs (loop0): re-mounted. Opts: (null) [ 45.261248][ T363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.317407][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.319058][ T474] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 45.326929][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.345658][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.353813][ T368] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.480441][ T474] EXT4-fs (loop1): re-mounted. Opts: (null) [ 45.500810][ T480] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 45.525376][ T483] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 45.548913][ T483] EXT4-fs (loop2): re-mounted. Opts: (null) [ 45.557905][ T480] EXT4-fs (loop4): re-mounted. Opts: (null) [ 45.573740][ T493] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 45.576975][ T492] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 45.585023][ T493] EXT4-fs (loop0): re-mounted. Opts: (null) [ 45.600763][ T495] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 45.628106][ T492] EXT4-fs (loop5): re-mounted. Opts: (null) [ 45.762133][ T495] EXT4-fs (loop3): re-mounted. Opts: (null) [ 45.896429][ T508] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 45.897571][ T513] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 45.906270][ T514] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 45.916598][ T513] EXT4-fs (loop0): re-mounted. Opts: (null) [ 45.930258][ T515] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 45.930331][ T524] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 45.961706][ T508] EXT4-fs (loop2): re-mounted. Opts: (null) [ 45.966142][ T516] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 45.978632][ T515] EXT4-fs (loop4): re-mounted. Opts: (null) [ 45.979341][ T516] EXT4-fs (loop1): re-mounted. Opts: (null) [ 45.991967][ T524] EXT4-fs (loop3): re-mounted. Opts: (null) [ 46.006918][ T514] EXT4-fs (loop5): re-mounted. Opts: (null) [ 46.361920][ T542] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 46.403124][ T545] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 46.419188][ T542] EXT4-fs (loop0): re-mounted. Opts: (null) [ 46.429341][ T547] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 46.431365][ T551] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 46.449139][ T552] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 46.450257][ T545] EXT4-fs (loop2): re-mounted. Opts: (null) [ 46.462344][ T547] EXT4-fs (loop5): re-mounted. Opts: (null) [ 46.475318][ T557] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 46.517171][ T552] EXT4-fs (loop1): re-mounted. Opts: (null) [ 46.569264][ T551] EXT4-fs (loop4): re-mounted. Opts: (null) [ 46.569530][ T557] EXT4-fs (loop3): re-mounted. Opts: (null) [ 46.636530][ T573] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 46.725089][ T573] EXT4-fs (loop0): re-mounted. Opts: (null) [ 46.736989][ T577] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 46.764184][ T579] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 46.789743][ T577] EXT4-fs (loop5): re-mounted. Opts: (null) [ 46.806618][ T579] EXT4-fs (loop2): re-mounted. Opts: (null) [ 46.820473][ T590] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 46.831400][ T591] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 46.841503][ T585] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 46.864607][ T591] EXT4-fs (loop3): re-mounted. Opts: (null) [ 46.871473][ T585] EXT4-fs (loop1): re-mounted. Opts: (null) [ 46.874170][ T598] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 46.887970][ T590] EXT4-fs (loop4): re-mounted. Opts: (null) [ 47.014898][ T598] EXT4-fs (loop0): re-mounted. Opts: (null) [ 47.044439][ T609] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 47.095876][ T609] EXT4-fs (loop5): re-mounted. Opts: (null) [ 47.114858][ T616] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 47.130233][ T617] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 47.147939][ T621] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 47.148220][ T624] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 47.167085][ T622] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 47.190936][ T616] EXT4-fs (loop2): re-mounted. Opts: (null) [ 47.190941][ T617] EXT4-fs (loop1): re-mounted. Opts: (null) [ 47.206756][ T621] EXT4-fs (loop4): re-mounted. Opts: (null) [ 47.216039][ T622] EXT4-fs (loop0): re-mounted. Opts: (null) [ 47.224422][ T624] EXT4-fs (loop3): re-mounted. Opts: (null) [ 47.402838][ T641] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 47.466002][ T641] EXT4-fs (loop5): re-mounted. Opts: (null) [ 47.494358][ T650] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 47.509909][ T646] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 47.538185][ T655] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 47.547142][ T643] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 47.561410][ T658] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 47.572675][ T655] EXT4-fs (loop4): re-mounted. Opts: (null) 2024/01/30 07:03:48 executed programs: 44 [ 47.585556][ T646] EXT4-fs (loop1): re-mounted. Opts: (null) [ 47.591614][ T643] EXT4-fs (loop0): re-mounted. Opts: (null) [ 47.598548][ T650] EXT4-fs (loop2): re-mounted. Opts: (null) [ 47.635675][ T658] EXT4-fs (loop3): re-mounted. Opts: (null) [ 47.649261][ T672] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 47.800519][ T672] EXT4-fs (loop5): re-mounted. Opts: (null) [ 47.828116][ T683] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 47.843470][ T675] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 47.845866][ T682] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 47.862211][ T685] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 47.884566][ T683] EXT4-fs (loop1): re-mounted. Opts: (null) [ 47.885690][ T675] EXT4-fs (loop4): re-mounted. Opts: (null) [ 47.896716][ T682] EXT4-fs (loop3): re-mounted. Opts: (null) [ 47.909333][ T681] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 47.909491][ T685] EXT4-fs (loop2): re-mounted. Opts: (null) [ 47.946486][ T697] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 47.975736][ T681] EXT4-fs (loop0): re-mounted. Opts: (null) [ 48.034911][ T697] EXT4-fs (loop5): re-mounted. Opts: (null) [ 48.245150][ T708] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 48.266574][ T714] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 48.266617][ T712] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 48.290239][ T719] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 48.299715][ T710] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 48.309105][ T714] EXT4-fs (loop0): re-mounted. Opts: (null) [ 48.309888][ T708] EXT4-fs (loop2): re-mounted. Opts: (null) [ 48.330060][ T712] EXT4-fs (loop1): re-mounted. Opts: (null) [ 48.339237][ T719] EXT4-fs (loop4): re-mounted. Opts: (null) [ 48.345840][ T710] EXT4-fs (loop3): re-mounted. Opts: (null) [ 48.354588][ T724] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 48.363831][ T413] ================================================================== [ 48.371926][ T413] BUG: KASAN: use-after-free in kthread_stop+0x37/0x4a0 [ 48.379207][ T413] Write of size 4 at addr ffff8881e311cee0 by task syz-executor.0/413 [ 48.387259][ T413] [ 48.389443][ T413] CPU: 1 PID: 413 Comm: syz-executor.0 Not tainted 5.4.265-syzkaller-04833-gddf988672de1 #0 [ 48.399609][ T413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 48.409743][ T413] Call Trace: [ 48.412943][ T413] dump_stack+0x1d8/0x241 [ 48.417216][ T413] ? prepare_exit_to_usermode+0x199/0x200 [ 48.423151][ T413] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 48.428908][ T413] ? printk+0xd1/0x111 [ 48.432863][ T413] ? kthread_stop+0x37/0x4a0 [ 48.437303][ T413] print_address_description+0x8c/0x600 [ 48.442676][ T413] ? kthread_stop+0x37/0x4a0 [ 48.447098][ T413] __kasan_report+0xf3/0x120 [ 48.451528][ T413] ? kthread_stop+0x37/0x4a0 [ 48.455947][ T413] kasan_report+0x30/0x60 [ 48.460381][ T413] check_memory_region+0x272/0x280 [ 48.465338][ T413] kthread_stop+0x37/0x4a0 [ 48.469580][ T413] ext4_put_super+0x790/0xbb0 [ 48.474090][ T413] ? ext4_drop_inode+0x1f0/0x1f0 [ 48.478862][ T413] generic_shutdown_super+0x120/0x2a0 [ 48.484166][ T413] kill_block_super+0x7a/0xe0 [ 48.488676][ T413] deactivate_locked_super+0xa8/0x110 [ 48.494017][ T413] deactivate_super+0x1e2/0x2a0 [ 48.498701][ T413] ? deactivate_locked_super+0x110/0x110 [ 48.504174][ T413] ? retain_dentry+0x1ac/0x270 [ 48.508941][ T413] ? dput+0x2bf/0x2f0 [ 48.512864][ T413] cleanup_mnt+0x44e/0x500 [ 48.517198][ T413] task_work_run+0x140/0x170 [ 48.521707][ T413] exit_to_usermode_loop+0x190/0x1a0 [ 48.526835][ T413] prepare_exit_to_usermode+0x199/0x200 [ 48.532230][ T413] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 48.537936][ T413] [ 48.540183][ T413] Allocated by task 2: [ 48.544103][ T413] __kasan_kmalloc+0x171/0x210 [ 48.549480][ T413] kmem_cache_alloc+0xd9/0x250 [ 48.554081][ T413] dup_task_struct+0x4f/0x600 [ 48.558725][ T413] copy_process+0x56d/0x3230 [ 48.563338][ T413] _do_fork+0x197/0x900 [ 48.567318][ T413] kernel_thread+0x16a/0x1d0 [ 48.571754][ T413] kthreadd+0x3b1/0x4f0 [ 48.575734][ T413] ret_from_fork+0x1f/0x30 [ 48.579985][ T413] [ 48.582238][ T413] Freed by task 10: [ 48.585894][ T413] __kasan_slab_free+0x1b5/0x270 [ 48.590666][ T413] kmem_cache_free+0x10b/0x2c0 [ 48.595286][ T413] rcu_do_batch+0x492/0xa00 [ 48.599617][ T413] rcu_core+0x4c8/0xcb0 [ 48.603596][ T413] __do_softirq+0x23b/0x6b7 [ 48.607927][ T413] [ 48.610104][ T413] The buggy address belongs to the object at ffff8881e311cec0 [ 48.610104][ T413] which belongs to the cache task_struct of size 3904 [ 48.624352][ T413] The buggy address is located 32 bytes inside of [ 48.624352][ T413] 3904-byte region [ffff8881e311cec0, ffff8881e311de00) [ 48.638136][ T413] The buggy address belongs to the page: [ 48.644017][ T413] page:ffffea00078c4600 refcount:1 mapcount:0 mapping:ffff8881f5cf9b80 index:0x0 compound_mapcount: 0 [ 48.655203][ T413] flags: 0x8000000000010200(slab|head) [ 48.660589][ T413] raw: 8000000000010200 0000000000000000 0000000500000001 ffff8881f5cf9b80 [ 48.669215][ T413] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000 [ 48.677942][ T413] page dumped because: kasan: bad access detected [ 48.684455][ T413] page_owner tracks the page as allocated [ 48.690006][ T413] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC) [ 48.705323][ T413] prep_new_page+0x18f/0x370 [ 48.709907][ T413] get_page_from_freelist+0x2d13/0x2d90 [ 48.715313][ T413] __alloc_pages_nodemask+0x393/0x840 [ 48.720489][ T413] alloc_slab_page+0x39/0x3c0 [ 48.725015][ T413] new_slab+0x97/0x440 [ 48.729370][ T413] ___slab_alloc+0x2fe/0x490 [ 48.733805][ T413] __slab_alloc+0x62/0xa0 [ 48.737965][ T413] kmem_cache_alloc+0x109/0x250 [ 48.742625][ T413] dup_task_struct+0x4f/0x600 [ 48.747139][ T413] copy_process+0x56d/0x3230 [ 48.751655][ T413] _do_fork+0x197/0x900 [ 48.755856][ T413] __x64_sys_clone+0x26b/0x2c0 [ 48.760447][ T413] do_syscall_64+0xca/0x1c0 [ 48.764785][ T413] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 48.770595][ T413] page last free stack trace: [ 48.775117][ T413] __free_pages_ok+0x847/0x950 [ 48.779841][ T413] __free_pages+0x91/0x140 [ 48.784093][ T413] put_task_stack+0x212/0x260 [ 48.789268][ T413] finish_task_switch+0x24a/0x590 [ 48.794234][ T413] __schedule+0xb0d/0x1320 [ 48.798469][ T413] schedule_idle+0x50/0x80 [ 48.802793][ T413] do_idle+0x609/0x660 [ 48.807652][ T413] cpu_startup_entry+0x14/0x20 [ 48.814030][ T413] start_kernel+0x6d9/0x81d [ 48.818747][ T413] secondary_startup_64+0xa4/0xb0 [ 48.823564][ T413] [ 48.825809][ T413] Memory state around the buggy address: [ 48.831295][ T413] ffff8881e311cd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.839284][ T413] ffff8881e311ce00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 48.847213][ T413] >ffff8881e311ce80: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 48.855192][ T413] ^ [ 48.862540][ T413] ffff8881e311cf00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.870824][ T413] ffff8881e311cf80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 48.878804][ T413] ================================================================== [ 48.886697][ T413] Disabling lock debugging due to kernel taint [ 48.902114][ T413] ------------[ cut here ]------------ [ 48.915384][ T413] refcount_t: addition on 0; use-after-free. [ 48.921864][ T413] WARNING: CPU: 1 PID: 413 at lib/refcount.c:25 refcount_warn_saturate+0x132/0x1a0 [ 48.931377][ T413] Modules linked in: [ 48.935110][ T413] CPU: 1 PID: 413 Comm: syz-executor.0 Tainted: G B 5.4.265-syzkaller-04833-gddf988672de1 #0 [ 48.946570][ T413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 48.956935][ T413] RIP: 0010:refcount_warn_saturate+0x132/0x1a0 [ 48.963027][ T413] Code: 03 01 48 c7 c7 a0 03 fa 84 e8 aa 1b 0e ff 0f 0b eb a9 e8 f1 63 37 ff c6 05 e4 ac bc 03 01 48 c7 c7 20 04 fa 84 e8 8e 1b 0e ff <0f> 0b eb 8d e8 d5 63 37 ff c6 05 c9 ac bc 03 01 48 c7 c7 80 04 fa [ 48.982623][ T413] RSP: 0000:ffff8881d80bfc30 EFLAGS: 00010246 [ 48.988826][ T413] RAX: bc7d45bdfd7bcc00 RBX: 0000000000000002 RCX: ffff8881ef7d9f80 [ 48.996738][ T413] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 49.004652][ T413] RBP: 0000000000000002 R08: ffffffff814d68b2 R09: ffffed103edea9b8 [ 49.012562][ T413] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 49.020365][ T413] R13: ffff8881e311cec0 R14: dffffc0000000000 R15: ffff8881e311cee0 [ 49.028179][ T413] FS: 00005555558fd480(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 49.037028][ T413] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 49.043455][ T413] CR2: 00007ff3d1047000 CR3: 00000001ef7ae000 CR4: 00000000003406a0 [ 49.051358][ T413] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 49.059167][ T413] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 49.067278][ T413] Call Trace: [ 49.070397][ T413] ? __warn+0x162/0x250 [ 49.074512][ T413] ? report_bug+0x3a1/0x4e0 [ 49.078990][ T413] ? refcount_warn_saturate+0x132/0x1a0 [ 49.084459][ T413] ? refcount_warn_saturate+0x132/0x1a0 [ 49.090184][ T413] ? do_invalid_op+0x6e/0x110 [ 49.094825][ T413] ? invalid_op+0x1e/0x30 [ 49.099061][ T413] ? wake_up_klogd+0xb2/0xf0 [ 49.103488][ T413] ? refcount_warn_saturate+0x132/0x1a0 [ 49.109047][ T413] kthread_stop+0x1a5/0x4a0 [ 49.113383][ T413] ext4_put_super+0x790/0xbb0 [ 49.118028][ T413] ? ext4_drop_inode+0x1f0/0x1f0 [ 49.122789][ T413] generic_shutdown_super+0x120/0x2a0 [ 49.127982][ T413] kill_block_super+0x7a/0xe0 [ 49.132745][ T413] deactivate_locked_super+0xa8/0x110 [ 49.137882][ T413] deactivate_super+0x1e2/0x2a0 [ 49.142667][ T413] ? deactivate_locked_super+0x110/0x110 [ 49.148280][ T413] ? retain_dentry+0x1ac/0x270 [ 49.152887][ T413] ? dput+0x2bf/0x2f0 [ 49.156689][ T413] cleanup_mnt+0x44e/0x500 [ 49.160939][ T413] task_work_run+0x140/0x170 [ 49.165552][ T413] exit_to_usermode_loop+0x190/0x1a0 [ 49.170657][ T413] prepare_exit_to_usermode+0x199/0x200 [ 49.176138][ T413] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 49.182051][ T413] ---[ end trace 785c17f42f7e3456 ]--- [ 49.200534][ T724] EXT4-fs (loop5): re-mounted. Opts: (null) [ 49.429548][ T740] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 49.445855][ T745] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 49.471685][ T740] EXT4-fs (loop2): re-mounted. Opts: (null) [ 49.478184][ T745] EXT4-fs (loop4): re-mounted. Opts: (null) [ 49.485449][ T743] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 49.505486][ T743] EXT4-fs (loop1): re-mounted. Opts: (null) [ 49.509134][ T747] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 49.521975][ T756] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 49.523054][ T747] EXT4-fs (loop3): re-mounted. Opts: (null) [ 49.621090][ T756] EXT4-fs (loop5): re-mounted. Opts: (null) [ 49.758714][ T765] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 49.795525][ T765] EXT4-fs (loop2): re-mounted. Opts: (null) [ 49.806209][ T768] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 49.822718][ T768] EXT4-fs (loop4): re-mounted. Opts: (null) [ 49.833372][ T774] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 49.839358][ T775] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 49.871126][ T775] EXT4-fs (loop1): re-mounted. Opts: (null) [ 49.890900][ T774] EXT4-fs (loop3): re-mounted. Opts: (null) [ 49.914413][ T777] EXT4-fs (loop5): re-mounted. Opts: (null) [ 50.111234][ T790] EXT4-fs (loop2): re-mounted. Opts: (null) [ 50.124020][ T789] EXT4-fs (loop4): re-mounted. Opts: (null)