Warning: Permanently added '10.128.1.178' (ED25519) to the list of known hosts.
2025/05/17 23:33:59 ignoring optional flag "sandboxArg"="0"
2025/05/17 23:33:59 ignoring optional flag "type"="gce"
2025/05/17 23:33:59 parsed 1 programs
2025/05/17 23:33:59 executed programs: 0
[   44.233954][  T320] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.240996][  T320] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.248565][  T320] device bridge_slave_0 entered promiscuous mode
[   44.255502][  T320] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.262524][  T320] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.270006][  T320] device bridge_slave_1 entered promiscuous mode
[   44.305271][  T320] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.312353][  T320] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.319708][  T320] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.326755][  T320] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.343694][  T112] bridge0: port 1(bridge_slave_0) entered disabled state
[   44.350964][  T112] bridge0: port 2(bridge_slave_1) entered disabled state
[   44.358865][  T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   44.367117][  T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   44.376184][  T112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   44.384510][  T112] bridge0: port 1(bridge_slave_0) entered blocking state
[   44.391539][  T112] bridge0: port 1(bridge_slave_0) entered forwarding state
[   44.400285][  T112] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   44.408622][  T112] bridge0: port 2(bridge_slave_1) entered blocking state
[   44.415674][  T112] bridge0: port 2(bridge_slave_1) entered forwarding state
[   44.426874][  T112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   44.436470][  T112] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   44.450069][  T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   44.461062][  T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   44.469282][  T112] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   44.476876][  T112] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   44.485250][  T320] device veth0_vlan entered promiscuous mode
[   44.495345][  T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   44.504401][  T320] device veth1_macvtap entered promiscuous mode
[   44.513781][  T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   44.523579][  T112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   44.551367][   T24] kauditd_printk_skb: 14 callbacks suppressed
[   44.551380][   T24] audit: type=1400 audit(1747524840.000:88): avc:  denied  { mounton } for  pid=324 comm="syz-executor.0" path="/root/syzkaller-testdir4150430299/syzkaller.5OWy97/0/bus" dev="sda1" ino=2034 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   44.594906][  T325] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   44.605518][   T24] audit: type=1400 audit(1747524840.060:89): avc:  denied  { mount } for  pid=324 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   44.605542][  T325] ext4 filesystem being mounted at /root/syzkaller-testdir4150430299/syzkaller.5OWy97/0/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   44.642707][   T24] audit: type=1400 audit(1747524840.080:90): avc:  denied  { write } for  pid=324 comm="syz-executor.0" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   44.664935][   T24] audit: type=1400 audit(1747524840.080:91): avc:  denied  { add_name } for  pid=324 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   44.685886][   T24] audit: type=1400 audit(1747524840.080:92): avc:  denied  { create } for  pid=324 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   44.706688][  T112] EXT4-fs error (device loop0): __ext4_get_inode_loc:4438: comm kworker/u4:2: Invalid inode table block 0 in block_group 0
[   44.706698][   T24] audit: type=1400 audit(1747524840.080:93): avc:  denied  { read write open } for  pid=324 comm="syz-executor.0" path="/root/syzkaller-testdir4150430299/syzkaller.5OWy97/0/bus/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   44.706718][   T24] audit: type=1400 audit(1747524840.080:94): avc:  denied  { mounton } for  pid=324 comm="syz-executor.0" path="/root/syzkaller-testdir4150430299/syzkaller.5OWy97/0/bus/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   44.720595][  T112] ==================================================================
[   44.747949][   T24] audit: type=1400 audit(1747524840.080:95): avc:  denied  { append } for  pid=324 comm="syz-executor.0" path="/root/syzkaller-testdir4150430299/syzkaller.5OWy97/0/bus/file0/memory.current" dev="loop0" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   44.775644][  T112] BUG: KASAN: use-after-free in ext4_find_extent+0xbeb/0xe20
[   44.775656][  T112] Read of size 4 at addr ffff888121d5d078 by task kworker/u4:2/112
[   44.775659][  T112] 
[   44.775676][  T112] CPU: 0 PID: 112 Comm: kworker/u4:2 Not tainted 5.10.237-syzkaller-1007464-g7e2543346ff7 #0
[   44.775681][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   44.775701][  T112] Workqueue: writeback wb_workfn
[   44.784582][   T24] audit: type=1400 audit(1747524840.080:96): avc:  denied  { map } for  pid=324 comm="syz-executor.0" path="/root/syzkaller-testdir4150430299/syzkaller.5OWy97/0/bus/file0/memory.current" dev="loop0" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   44.812351][  T112]  (flush-7:0)
[   44.812372][  T112] Call Trace:
[   44.812393][  T112]  __dump_stack+0x21/0x24
[   44.812404][  T112]  dump_stack_lvl+0x169/0x1d8
[   44.812416][  T112]  ? show_regs_print_info+0x18/0x18
[   44.812427][  T112]  ? thaw_kernel_threads+0x220/0x220
[   44.812439][  T112]  print_address_description+0x7f/0x2c0
[   44.812449][  T112]  ? ext4_find_extent+0xbeb/0xe20
[   44.812459][  T112]  kasan_report+0xe2/0x130
[   44.812471][  T112]  ? __read_extent_tree_block+0x1e8/0x790
[   44.812481][  T112]  ? ext4_find_extent+0xbeb/0xe20
[   44.812493][  T112]  __asan_report_load4_noabort+0x14/0x20
[   44.812502][  T112]  ext4_find_extent+0xbeb/0xe20
[   44.812512][  T112]  ext4_ext_map_blocks+0x1de/0x5d40
[   44.812542][  T112]  ? __stack_depot_save+0x479/0x4c0
[   44.956119][  T112]  ? __kasan_slab_alloc+0xcf/0xf0
[   44.961263][  T112]  ? __kasan_slab_alloc+0xbd/0xf0
[   44.966299][  T112]  ? slab_post_alloc_hook+0x5d/0x2f0
[   44.971602][  T112]  ? kmem_cache_alloc+0x165/0x2e0
[   44.976642][  T112]  ? ext4_alloc_io_end_vec+0x2a/0x160
[   44.982443][  T112]  ? ext4_writepages+0xebd/0x2e00
[   44.987499][  T112]  ? do_writepages+0x12a/0x270
[   44.992251][  T112]  ? __writeback_single_inode+0xd5/0xa20
[   44.997887][  T112]  ? writeback_sb_inodes+0x860/0x1400
[   45.003245][  T112]  ? worker_thread+0xa6a/0x13b0
[   45.008121][  T112]  ? kthread+0x346/0x3d0
[   45.012437][  T112]  ? ret_from_fork+0x1f/0x30
[   45.017012][  T112]  ? ext4_ext_release+0x10/0x10
[   45.022025][  T112]  ? ext4_es_lookup_extent+0x32d/0x8c0
[   45.027503][  T112]  ext4_map_blocks+0x978/0x1bc0
[   45.032347][  T112]  ? ext4_issue_zeroout+0x1a0/0x1a0
[   45.037550][  T112]  ? ext4_inode_journal_mode+0x19a/0x480
[   45.043171][  T112]  ext4_writepages+0x11d5/0x2e00
[   45.048220][  T112]  ? ext4_readpage+0x220/0x220
[   45.053144][  T112]  ? enqueue_task_fair+0xac3/0x2250
[   45.058341][  T112]  ? ext4_itable_unused_set+0x100/0x100
[   45.063962][  T112]  ? ext4_readpage+0x220/0x220
[   45.068817][  T112]  do_writepages+0x12a/0x270
[   45.073395][  T112]  ? __writepage+0x130/0x130
[   45.077997][  T112]  ? _raw_spin_lock+0x8e/0xe0
[   45.082929][  T112]  ? __kasan_check_write+0x14/0x20
[   45.088025][  T112]  ? _raw_spin_lock+0x8e/0xe0
[   45.092773][  T112]  __writeback_single_inode+0xd5/0xa20
[   45.098341][  T112]  ? wbc_attach_and_unlock_inode+0x171/0x590
[   45.104311][  T112]  ? inode_add_lru+0x12f/0x190
[   45.109063][  T112]  writeback_sb_inodes+0x860/0x1400
[   45.114249][  T112]  ? queue_io+0x4c0/0x4c0
[   45.118568][  T112]  ? __kasan_check_read+0x11/0x20
[   45.123666][  T112]  ? queue_io+0x385/0x4c0
[   45.127989][  T112]  wb_writeback+0x3e3/0xb90
[   45.132500][  T112]  ? wb_io_lists_depopulated+0x180/0x180
[   45.138119][  T112]  ? set_worker_desc+0x155/0x1c0
[   45.143057][  T112]  ? update_load_avg+0x4dc/0x14f0
[   45.148354][  T112]  ? __kasan_check_write+0x14/0x20
[   45.153538][  T112]  wb_workfn+0x38f/0xe20
[   45.157854][  T112]  ? inode_wait_for_writeback+0x200/0x200
[   45.163559][  T112]  ? _raw_spin_unlock_irq+0x4e/0x70
[   45.168741][  T112]  ? finish_task_switch+0x12e/0x5a0
[   45.174034][  T112]  ? __switch_to_asm+0x34/0x60
[   45.178781][  T112]  ? __schedule+0xb4f/0x1310
[   45.183361][  T112]  ? __kasan_check_read+0x11/0x20
[   45.188457][  T112]  ? read_word_at_a_time+0x12/0x20
[   45.193644][  T112]  ? strscpy+0x9b/0x290
[   45.197816][  T112]  process_one_work+0x6e1/0xba0
[   45.202652][  T112]  worker_thread+0xa6a/0x13b0
[   45.207317][  T112]  ? _raw_spin_lock_irqsave+0xb0/0x110
[   45.212774][  T112]  ? __kasan_check_read+0x11/0x20
[   45.217784][  T112]  kthread+0x346/0x3d0
[   45.221836][  T112]  ? worker_clr_flags+0x190/0x190
[   45.226845][  T112]  ? kthread_blkcg+0xd0/0xd0
[   45.231509][  T112]  ret_from_fork+0x1f/0x30
[   45.235993][  T112] 
[   45.238330][  T112] The buggy address belongs to the page:
[   45.244070][  T112] page:ffffea0004875740 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x121d5d
[   45.254294][  T112] flags: 0x4000000000000000()
[   45.258976][  T112] raw: 4000000000000000 ffffea0004875708 ffffea0004875788 0000000000000000
[   45.267546][  T112] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   45.276122][  T112] page dumped because: kasan: bad access detected
[   45.282625][  T112] page_owner tracks the page as freed
[   45.288089][  T112] page last allocated via order 0, migratetype Movable, gfp_mask 0x8100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO|0x8000000), pid 326, ts 44653709530, free_ts 44654800897
[   45.304477][  T112]  prep_new_page+0x179/0x180
[   45.309055][  T112]  get_page_from_freelist+0x2235/0x23d0
[   45.314585][  T112]  __alloc_pages_nodemask+0x268/0x5f0
[   45.319950][  T112]  handle_pte_fault+0x1719/0x3750
[   45.325059][  T112]  handle_mm_fault+0xf3f/0x16a0
[   45.329898][  T112]  do_user_addr_fault+0x5a2/0xc80
[   45.335097][  T112]  exc_page_fault+0x5a/0xc0
[   45.339606][  T112]  asm_exc_page_fault+0x1e/0x30
[   45.344434][  T112] page last free stack trace:
[   45.349099][  T112]  free_unref_page_prepare+0x2b7/0x2d0
[   45.354631][  T112]  free_unref_page_list+0x12e/0x9b0
[   45.359814][  T112]  release_pages+0xe38/0xe80
[   45.364389][  T112]  free_pages_and_swap_cache+0x86/0xa0
[   45.369929][  T112]  tlb_finish_mmu+0x175/0x300
[   45.374590][  T112]  unmap_region+0x32c/0x380
[   45.379248][  T112]  __do_munmap+0x63c/0x850
[   45.383824][  T112]  __se_sys_munmap+0x127/0x1b0
[   45.388571][  T112]  __x64_sys_munmap+0x5b/0x70
[   45.393321][  T112]  do_syscall_64+0x31/0x40
[   45.397747][  T112]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   45.403716][  T112] 
[   45.406054][  T112] Memory state around the buggy address:
[   45.411678][  T112]  ffff888121d5cf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   45.419729][  T112]  ffff888121d5cf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   45.427775][  T112] >ffff888121d5d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   45.435918][  T112]                                                                 ^
[   45.443989][  T112]  ffff888121d5d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   45.452031][  T112]  ffff888121d5d100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   45.460069][  T112] ==================================================================
[   45.468122][  T112] Disabling lock debugging due to kernel taint
[   45.477290][  T112] ------------[ cut here ]------------
[   45.479064][   T24] audit: type=1400 audit(1747524840.140:97): avc:  denied  { unmount } for  pid=320 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   45.487941][  T112] kernel BUG at fs/ext4/inode.c:2464!
[   45.508196][  T112] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   45.514273][  T112] CPU: 0 PID: 112 Comm: kworker/u4:2 Tainted: G    B             5.10.237-syzkaller-1007464-g7e2543346ff7 #0
[   45.525784][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[   45.535824][  T112] Workqueue: writeback wb_workfn (flush-7:0)
[   45.541804][  T112] RIP: 0010:ext4_writepages+0x2d49/0x2e00
[   45.547502][  T112] Code: 08 48 89 df e8 68 27 ce ff 48 8b 3b 48 8b 74 24 40 48 8b 54 24 28 48 8b 4c 24 20 45 89 f0 e8 7e 41 07 00 eb 56 e8 87 37 94 ff <0f> 0b e8 80 37 94 ff eb 2f e8 79 37 94 ff eb 64 e8 72 37 94 ff 31
[   45.567086][  T112] RSP: 0018:ffffc90000cd7180 EFLAGS: 00010293
[   45.573137][  T112] RAX: ffffffff81cf5b79 RBX: 0000000000000000 RCX: ffff888117e462c0
[   45.581095][  T112] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   45.589055][  T112] RBP: ffffc90000cd74f0 R08: dffffc0000000000 R09: ffffed1024304786
[   45.597038][  T112] R10: ffffed1024304786 R11: 1ffff11024304785 R12: dffffc0000000000
[   45.605110][  T112] R13: 0000000000000000 R14: 0000000000000000 R15: 000000000000042b
[   45.613073][  T112] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   45.622014][  T112] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   45.628593][  T112] CR2: 00007ffd5f22afb8 CR3: 000000000620f000 CR4: 00000000003506b0
[   45.636634][  T112] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   45.644589][  T112] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   45.652539][  T112] Call Trace:
[   45.655823][  T112]  ? ext4_readpage+0x220/0x220
[   45.660584][  T112]  ? enqueue_task_fair+0xac3/0x2250
[   45.665783][  T112]  ? ext4_itable_unused_set+0x100/0x100
[   45.671326][  T112]  ? ext4_readpage+0x220/0x220
[   45.676117][  T112]  do_writepages+0x12a/0x270
[   45.680702][  T112]  ? __writepage+0x130/0x130
[   45.685288][  T112]  ? _raw_spin_lock+0x8e/0xe0
[   45.690035][  T112]  ? __kasan_check_write+0x14/0x20
[   45.695129][  T112]  ? _raw_spin_lock+0x8e/0xe0
[   45.699801][  T112]  __writeback_single_inode+0xd5/0xa20
[   45.705243][  T112]  ? wbc_attach_and_unlock_inode+0x171/0x590
[   45.711221][  T112]  ? inode_add_lru+0x12f/0x190
[   45.716081][  T112]  writeback_sb_inodes+0x860/0x1400
[   45.721473][  T112]  ? queue_io+0x4c0/0x4c0
[   45.725967][  T112]  ? __kasan_check_read+0x11/0x20
[   45.731022][  T112]  ? queue_io+0x385/0x4c0
[   45.735547][  T112]  wb_writeback+0x3e3/0xb90
[   45.740071][  T112]  ? wb_io_lists_depopulated+0x180/0x180
[   45.745707][  T112]  ? set_worker_desc+0x155/0x1c0
[   45.750628][  T112]  ? update_load_avg+0x4dc/0x14f0
[   45.755650][  T112]  ? __kasan_check_write+0x14/0x20
[   45.760742][  T112]  wb_workfn+0x38f/0xe20
[   45.764983][  T112]  ? inode_wait_for_writeback+0x200/0x200
[   45.770696][  T112]  ? _raw_spin_unlock_irq+0x4e/0x70
[   45.775915][  T112]  ? finish_task_switch+0x12e/0x5a0
[   45.781203][  T112]  ? __switch_to_asm+0x34/0x60
[   45.785975][  T112]  ? __schedule+0xb4f/0x1310
[   45.790564][  T112]  ? __kasan_check_read+0x11/0x20
[   45.795844][  T112]  ? read_word_at_a_time+0x12/0x20
[   45.800941][  T112]  ? strscpy+0x9b/0x290
[   45.805077][  T112]  process_one_work+0x6e1/0xba0
[   45.809927][  T112]  worker_thread+0xa6a/0x13b0
[   45.814601][  T112]  ? _raw_spin_lock_irqsave+0xb0/0x110
[   45.820060][  T112]  ? __kasan_check_read+0x11/0x20
[   45.825080][  T112]  kthread+0x346/0x3d0
[   45.829191][  T112]  ? worker_clr_flags+0x190/0x190
[   45.834196][  T112]  ? kthread_blkcg+0xd0/0xd0
[   45.838768][  T112]  ret_from_fork+0x1f/0x30
[   45.843158][  T112] Modules linked in:
[   45.849078][  T112] ---[ end trace 142fe27745f217fd ]---
[   45.854589][  T112] RIP: 0010:ext4_writepages+0x2d49/0x2e00
[   45.860295][  T112] Code: 08 48 89 df e8 68 27 ce ff 48 8b 3b 48 8b 74 24 40 48 8b 54 24 28 48 8b 4c 24 20 45 89 f0 e8 7e 41 07 00 eb 56 e8 87 37 94 ff <0f> 0b e8 80 37 94 ff eb 2f e8 79 37 94 ff eb 64 e8 72 37 94 ff 31
[   45.880063][  T112] RSP: 0018:ffffc90000cd7180 EFLAGS: 00010293
[   45.886152][  T112] RAX: ffffffff81cf5b79 RBX: 0000000000000000 RCX: ffff888117e462c0
[   45.895481][  T112] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   45.903480][  T112] RBP: ffffc90000cd74f0 R08: dffffc0000000000 R09: ffffed1024304786
[   45.911959][  T112] R10: ffffed1024304786 R11: 1ffff11024304785 R12: dffffc0000000000
[   45.920087][  T112] R13: 0000000000000000 R14: 0000000000000000 R15: 000000000000042b
[   45.928105][  T112] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   45.937215][  T112] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   45.943931][  T112] CR2: 00007ffd5f22afb8 CR3: 000000000620f000 CR4: 00000000003506b0
[   45.951973][  T112] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   45.959978][  T112] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   45.967964][  T112] Kernel panic - not syncing: Fatal exception
[   45.974301][  T112] Kernel Offset: disabled
[   45.978624][  T112] Rebooting in 86400 seconds..