Warning: Permanently added '10.128.0.41' (ED25519) to the list of known hosts.
2024/04/21 14:27:38 ignoring optional flag "sandboxArg"="0"
2024/04/21 14:27:38 parsed 1 programs
[ 42.482004][ T27] audit: type=1400 audit(1713709658.766:156): avc: denied { mounton } for pid=352 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[ 42.507229][ T27] audit: type=1400 audit(1713709658.766:157): avc: denied { mount } for pid=352 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
2024/04/21 14:27:38 executed programs: 0
[ 42.557714][ T27] audit: type=1400 audit(1713709658.846:158): avc: denied { unlink } for pid=352 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 42.577323][ T352] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 42.625519][ T358] bridge0: port 1(bridge_slave_0) entered blocking state
[ 42.632557][ T358] bridge0: port 1(bridge_slave_0) entered disabled state
[ 42.639742][ T358] device bridge_slave_0 entered promiscuous mode
[ 42.646455][ T358] bridge0: port 2(bridge_slave_1) entered blocking state
[ 42.653525][ T358] bridge0: port 2(bridge_slave_1) entered disabled state
[ 42.660758][ T358] device bridge_slave_1 entered promiscuous mode
[ 42.691380][ T27] audit: type=1400 audit(1713709658.976:159): avc: denied { write } for pid=358 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 42.695673][ T358] bridge0: port 2(bridge_slave_1) entered blocking state
[ 42.712068][ T27] audit: type=1400 audit(1713709658.976:160): avc: denied { read } for pid=358 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 42.718926][ T358] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 42.719004][ T358] bridge0: port 1(bridge_slave_0) entered blocking state
[ 42.753439][ T358] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 42.769375][ T306] bridge0: port 1(bridge_slave_0) entered disabled state
[ 42.776518][ T306] bridge0: port 2(bridge_slave_1) entered disabled state
[ 42.784332][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 42.791777][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 42.808996][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 42.817564][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 42.825599][ T306] bridge0: port 1(bridge_slave_0) entered blocking state
[ 42.832541][ T306] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 42.839907][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 42.848601][ T306] bridge0: port 2(bridge_slave_1) entered blocking state
[ 42.855419][ T306] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 42.862963][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 42.870877][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 42.880157][ T358] device veth0_vlan entered promiscuous mode
[ 42.887321][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 42.895066][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 42.902523][ T310] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 42.911558][ T306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 42.920640][ T358] device veth1_macvtap entered promiscuous mode
[ 42.931107][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 42.939240][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 42.950819][ T27] audit: type=1400 audit(1713709659.236:161): avc: denied { mounton } for pid=358 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=207 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 42.981261][ T364] loop0: detected capacity change from 0 to 512
[ 42.987935][ T27] audit: type=1400 audit(1713709659.276:162): avc: denied { mounton } for pid=363 comm="syz-executor.0" path="/root/syzkaller-testdir1841321590/syzkaller.FodTQE/0/file1" dev="sda1" ino=1939 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 43.019082][ T364] EXT4-fs (loop0): 1 orphan inode deleted
[ 43.024787][ T364] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 43.033976][ T27] audit: type=1400 audit(1713709659.316:163): avc: denied { mount } for pid=363 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 43.034651][ T364] ext4 filesystem being mounted at /root/syzkaller-testdir1841321590/syzkaller.FodTQE/0/file1 supports timestamps until 2038 (0x7fffffff)
[ 43.072626][ T27] audit: type=1400 audit(1713709659.356:164): avc: denied { write } for pid=363 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 43.095007][ T27] audit: type=1400 audit(1713709659.356:165): avc: denied { add_name } for pid=363 comm="syz-executor.0" name="memory.current" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 43.095430][ T41] EXT4-fs error (device loop0): ext4_map_blocks:721: inode #16: block 41: comm kworker/u4:2: lblock 0 mapped to illegal pblock 41 (length 16)
[ 43.131264][ T41] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 0 with max blocks 16 with error 117
[ 43.143828][ T41] EXT4-fs (loop0): This should not happen!! Data will be lost
[ 43.143828][ T41]
[ 43.154394][ T358] EXT4-fs (loop0): unmounting filesystem.
[ 43.160466][ T358] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5870: Out of memory
[ 43.169720][ T358] EXT4-fs error (device loop0): ext4_quota_off:7041: inode #3: comm syz-executor.0: mark_inode_dirty error
[ 43.187915][ T371] loop0: detected capacity change from 0 to 512
[ 43.198686][ T371] EXT4-fs (loop0): 1 orphan inode deleted
[ 43.204329][ T371] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 43.213388][ T371] ext4 filesystem being mounted at /root/syzkaller-testdir1841321590/syzkaller.FodTQE/1/file1 supports timestamps until 2038 (0x7fffffff)
[ 43.236612][ T8] ==================================================================
[ 43.244749][ T8] BUG: KASAN: use-after-free in ext4_find_extent+0xb60/0xd10
[ 43.251945][ T8] Read of size 4 at addr ffff8881265bd788 by task kworker/u4:0/8
[ 43.259498][ T8]
[ 43.261667][ T8] CPU: 0 PID: 8 Comm: kworker/u4:0 Not tainted 6.1.75-syzkaller #0
[ 43.269391][ T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 43.279288][ T8] Workqueue: writeback wb_workfn (flush-7:0)
[ 43.285107][ T8] Call Trace:
[ 43.288229][ T8]
[ 43.290999][ T8] dump_stack_lvl+0x105/0x148
[ 43.295519][ T8] ? panic+0x3b4/0x3b4
[ 43.299421][ T8] ? nf_tcp_handle_invalid+0x30b/0x30b
[ 43.304710][ T8] ? _printk+0xca/0x10a
[ 43.308707][ T8] print_report+0x158/0x4e0
[ 43.313044][ T8] ? kasan_addr_to_slab+0xd/0x80
[ 43.317820][ T8] ? ext4_find_extent+0xb60/0xd10
[ 43.322677][ T8] kasan_report+0x13c/0x170
[ 43.327018][ T8] ? ext4_find_extent+0xb60/0xd10
[ 43.331887][ T8] __asan_report_load4_noabort+0x14/0x20
[ 43.337347][ T8] ext4_find_extent+0xb60/0xd10
[ 43.342032][ T8] ext4_ext_map_blocks+0x25d/0x64d0
[ 43.347066][ T8] ? stack_trace_save+0x113/0x1c0
[ 43.352106][ T8] ? uncharge_batch+0x4e0/0x4e0
[ 43.356921][ T8] ? stack_trace_snprint+0xe0/0xe0
[ 43.362273][ T8] ? __stack_depot_save+0x21/0x480
[ 43.367223][ T8] ? kasan_set_track+0x60/0x70
[ 43.371812][ T8] ? kasan_set_track+0x4b/0x70
[ 43.376430][ T8] ? kasan_save_alloc_info+0x1f/0x30
[ 43.381542][ T8] ? __kasan_slab_alloc+0x6c/0x80
[ 43.386507][ T8] ? ext4_ext_release+0x10/0x10
[ 43.391183][ T8] ? do_writepages+0x338/0x5b0
[ 43.395781][ T8] ? __writeback_single_inode+0x73/0x7a0
[ 43.401252][ T8] ? writeback_sb_inodes+0x881/0x1500
[ 43.406457][ T8] ? wb_writeback+0x357/0x810
[ 43.410970][ T8] ? wb_workfn+0x37d/0xdf0
[ 43.415225][ T8] ? process_one_work+0x6de/0xd00
[ 43.420128][ T8] ? worker_thread+0x892/0xf20
[ 43.424768][ T8] ? kthread+0x215/0x270
[ 43.428849][ T8] ? ret_from_fork+0x1f/0x30
[ 43.433364][ T8] ? ext4_es_lookup_extent+0x278/0x730
[ 43.438918][ T8] ext4_map_blocks+0x821/0x1890
[ 43.443955][ T8] ? ext4_issue_zeroout+0x170/0x170
[ 43.448986][ T8] ext4_writepages+0x13f4/0x3120
[ 43.453947][ T8] ? ext4_read_folio+0x180/0x180
[ 43.458801][ T8] ? check_preempt_wakeup+0x7c1/0xb20
[ 43.464010][ T8] ? __kasan_check_write+0x14/0x20
[ 43.469220][ T8] ? __filemap_get_folio+0x35a/0x6a0
[ 43.474346][ T8] do_writepages+0x338/0x5b0
[ 43.478791][ T8] ? __writepage+0xf0/0xf0
[ 43.483018][ T8] ? __update_load_avg_cfs_rq+0xb1/0x2f0
[ 43.488493][ T8] ? cpudl_cleanup+0x40/0x40
[ 43.492914][ T8] ? update_load_avg+0x513/0x1510
[ 43.497787][ T8] ? __kasan_check_write+0x14/0x20
[ 43.502720][ T8] ? _raw_spin_lock+0xa4/0x1b0
[ 43.507320][ T8] __writeback_single_inode+0x73/0x7a0
[ 43.512623][ T8] ? inode_io_list_move_locked+0x204/0x3c0
[ 43.518262][ T8] writeback_sb_inodes+0x881/0x1500
[ 43.523290][ T8] ? _raw_spin_lock+0xa4/0x1b0
[ 43.527937][ T8] ? queue_io+0x410/0x410
[ 43.532052][ T8] ? __writeback_inodes_wb+0x330/0x330
[ 43.537353][ T8] ? queue_io+0x28a/0x410
[ 43.541515][ T8] ? memset+0x35/0x40
[ 43.545495][ T8] ? blk_start_plug+0x8c/0x120
[ 43.550101][ T8] wb_writeback+0x357/0x810
[ 43.554436][ T8] ? inode_cgwb_move_to_attached+0x480/0x480
[ 43.560247][ T8] ? set_worker_desc+0x11c/0x180
[ 43.565020][ T8] ? cpudl_cleanup+0x40/0x40
[ 43.569452][ T8] ? __kasan_check_write+0x14/0x20
[ 43.574397][ T8] wb_workfn+0x37d/0xdf0
[ 43.578559][ T8] ? inode_wait_for_writeback+0x260/0x260
[ 43.584121][ T8] ? native_set_ldt+0x130/0x130
[ 43.588986][ T8] ? _raw_spin_unlock+0x4c/0x70
[ 43.593778][ T8] ? finish_task_switch+0x14b/0x680
[ 43.598823][ T8] ? __kasan_check_read+0x11/0x20
[ 43.603672][ T8] ? read_word_at_a_time+0x12/0x20
[ 43.608623][ T8] ? strscpy+0x99/0x260
[ 43.612623][ T8] process_one_work+0x6de/0xd00
[ 43.617386][ T8] worker_thread+0x892/0xf20
[ 43.621814][ T8] ? process_one_work+0xd00/0xd00
[ 43.626687][ T8] kthread+0x215/0x270
[ 43.630618][ T8] ? process_one_work+0xd00/0xd00
[ 43.635440][ T8] ? kthread_blkcg+0xa0/0xa0
[ 43.640215][ T8] ret_from_fork+0x1f/0x30
[ 43.644467][ T8]
[ 43.647328][ T8]
[ 43.649495][ T8] The buggy address belongs to the physical page:
[ 43.655749][ T8] page:ffffea0004996f40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1265bd
[ 43.665816][ T8] flags: 0x4000000000000000(zone=1)
[ 43.670850][ T8] raw: 4000000000000000 ffffea0004996f48 ffffea0004996f48 0000000000000000
[ 43.679268][ T8] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 43.687710][ T8] page dumped because: kasan: bad access detected
[ 43.694118][ T8] page_owner info is not present (never set?)
[ 43.700010][ T8]
[ 43.702211][ T8] Memory state around the buggy address:
[ 43.707736][ T8] ffff8881265bd680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 43.715645][ T8] ffff8881265bd700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 43.723633][ T8] >ffff8881265bd780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 43.731519][ T8] ^
[ 43.735697][ T8] ffff8881265bd800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 43.743715][ T8] ffff8881265bd880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 43.752059][ T8] ==================================================================
[ 43.762265][ T8] Disabling lock debugging due to kernel taint
[ 43.768291][ T8] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 43.774121][ T8] CPU: 1 PID: 8 Comm: kworker/u4:0 Tainted: G B 6.1.75-syzkaller #0
[ 43.783323][ T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 43.793239][ T8] Workqueue: writeback wb_workfn (flush-7:0)
[ 43.799115][ T8] RIP: 0010:ext4_writepages+0x310e/0x3120
[ 43.804680][ T8] Code: e9 45 89 f0 e8 e3 cd 06 00 65 ff 0d 54 c6 30 7e 49 bf 00 00 00 00 00 fc ff df 0f 85 7e fb ff ff e8 ff bd 2e ff e9 74 fb ff ff <0f> 0b 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 48 89 e5
[ 43.824292][ T8] RSP: 0018:ffffc90000087060 EFLAGS: 00010246
[ 43.830187][ T8] RAX: 0000000000000000 RBX: 000000000000042b RCX: 1ffff92000010e6a
[ 43.837999][ T8] RDX: 0000000000000001 RSI: 0000000000000008 RDI: 0000000000000001
[ 43.845982][ T8] RBP: ffffc90000087450 R08: dffffc0000000000 R09: ffffed10200afadf
[ 43.853793][ T8] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888110a711c0
[ 43.861598][ T8] R13: ffffc90000087320 R14: ffff88810057d730 R15: 0000000000000000
[ 43.869707][ T8] FS: 0000000000000000(0000) GS:ffff8881f7300000(0000) knlGS:0000000000000000
[ 43.878848][ T8] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 43.885264][ T8] CR2: 00007fedfe50652e CR3: 000000000540f000 CR4: 00000000003506a0
[ 43.893077][ T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 43.900886][ T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 43.908785][ T8] Call Trace:
[ 43.911910][ T8]
[ 43.914686][ T8] ? __die_body+0x62/0xb0
[ 43.918850][ T8] ? die+0x88/0xb0
[ 43.922416][ T8] ? do_trap+0x103/0x330
[ 43.926558][ T8] ? ext4_writepages+0x310e/0x3120
[ 43.931553][ T8] ? handle_invalid_op+0x95/0xc0
[ 43.936317][ T8] ? ext4_writepages+0x310e/0x3120
[ 43.941303][ T8] ? exc_invalid_op+0x2e/0x40
[ 43.945902][ T8] ? asm_exc_invalid_op+0x1b/0x20
[ 43.951293][ T8] ? ext4_writepages+0x310e/0x3120
[ 43.956242][ T8] ? ext4_read_folio+0x180/0x180
[ 43.961080][ T8] ? check_preempt_wakeup+0x7c1/0xb20
[ 43.966294][ T8] ? __kasan_check_write+0x14/0x20
[ 43.971234][ T8] ? __filemap_get_folio+0x35a/0x6a0
[ 43.977058][ T8] do_writepages+0x338/0x5b0
[ 43.981510][ T8] ? __writepage+0xf0/0xf0
[ 43.985729][ T8] ? __update_load_avg_cfs_rq+0xb1/0x2f0
[ 43.991334][ T8] ? cpudl_cleanup+0x40/0x40
[ 43.995727][ T8] ? update_load_avg+0x513/0x1510
[ 44.000582][ T8] ? __kasan_check_write+0x14/0x20
[ 44.005529][ T8] ? _raw_spin_lock+0xa4/0x1b0
[ 44.010131][ T8] __writeback_single_inode+0x73/0x7a0
[ 44.015425][ T8] ? inode_io_list_move_locked+0x204/0x3c0
[ 44.021075][ T8] writeback_sb_inodes+0x881/0x1500
[ 44.026119][ T8] ? _raw_spin_lock+0xa4/0x1b0
[ 44.030705][ T8] ? queue_io+0x410/0x410
[ 44.034866][ T8] ? __writeback_inodes_wb+0x330/0x330
[ 44.040337][ T8] ? queue_io+0x28a/0x410
[ 44.044631][ T8] ? memset+0x35/0x40
[ 44.048862][ T8] ? blk_start_plug+0x8c/0x120
[ 44.053463][ T8] wb_writeback+0x357/0x810
[ 44.057809][ T8] ? inode_cgwb_move_to_attached+0x480/0x480
[ 44.063618][ T8] ? set_worker_desc+0x11c/0x180
[ 44.068589][ T8] ? cpudl_cleanup+0x40/0x40
[ 44.073188][ T8] ? __kasan_check_write+0x14/0x20
[ 44.078143][ T8] wb_workfn+0x37d/0xdf0
[ 44.082218][ T8] ? inode_wait_for_writeback+0x260/0x260
[ 44.087775][ T8] ? native_set_ldt+0x130/0x130
[ 44.092572][ T8] ? _raw_spin_unlock+0x4c/0x70
[ 44.097255][ T8] ? finish_task_switch+0x14b/0x680
[ 44.102287][ T8] ? __kasan_check_read+0x11/0x20
[ 44.107144][ T8] ? read_word_at_a_time+0x12/0x20
[ 44.112099][ T8] ? strscpy+0x99/0x260
[ 44.116082][ T8] process_one_work+0x6de/0xd00
[ 44.120773][ T8] worker_thread+0x892/0xf20
[ 44.125199][ T8] ? process_one_work+0xd00/0xd00
[ 44.130058][ T8] kthread+0x215/0x270
[ 44.133965][ T8] ? process_one_work+0xd00/0xd00
[ 44.138822][ T8] ? kthread_blkcg+0xa0/0xa0
[ 44.143335][ T8] ret_from_fork+0x1f/0x30
[ 44.147590][ T8]
[ 44.150453][ T8] Modules linked in:
[ 44.156169][ T8] ---[ end trace 0000000000000000 ]---
[ 44.161602][ T8] RIP: 0010:ext4_writepages+0x310e/0x3120
[ 44.167139][ T8] Code: e9 45 89 f0 e8 e3 cd 06 00 65 ff 0d 54 c6 30 7e 49 bf 00 00 00 00 00 fc ff df 0f 85 7e fb ff ff e8 ff bd 2e ff e9 74 fb ff ff <0f> 0b 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 48 89 e5
[ 44.186842][ T8] RSP: 0018:ffffc90000087060 EFLAGS: 00010246
[ 44.192753][ T8] RAX: 0000000000000000 RBX: 000000000000042b RCX: 1ffff92000010e6a
[ 44.200953][ T8] RDX: 0000000000000001 RSI: 0000000000000008 RDI: 0000000000000001
[ 44.208784][ T8] RBP: ffffc90000087450 R08: dffffc0000000000 R09: ffffed10200afadf
[ 44.216533][ T8] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888110a711c0
[ 44.224477][ T8] R13: ffffc90000087320 R14: ffff88810057d730 R15: 0000000000000000
[ 44.232302][ T8] FS: 0000000000000000(0000) GS:ffff8881f7200000(0000) knlGS:0000000000000000
[ 44.241351][ T8] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 44.247877][ T8] CR2: 00007ffee28abe48 CR3: 000000010e620000 CR4: 00000000003506b0
[ 44.255741][ T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 44.263630][ T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 44.271496][ T8] Kernel panic - not syncing: Fatal exception
[ 44.277713][ T8] Kernel Offset: disabled
[ 44.281837][ T8] Rebooting in 86400 seconds..