Warning: Permanently added '10.128.1.12' (ED25519) to the list of known hosts.
2025/02/27 21:21:06 ignoring optional flag "sandboxArg"="0"
2025/02/27 21:21:07 parsed 1 programs
[   52.548439][   T23] kauditd_printk_skb: 29 callbacks suppressed
[   52.548448][   T23] audit: type=1400 audit(1740691267.669:105): avc:  denied  { unlink } for  pid=500 comm="syz-executor" name="swap-file" dev="sda1" ino=1929 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   52.600006][  T500] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   53.022405][   T23] audit: type=1400 audit(1740691268.149:106): avc:  denied  { mounton } for  pid=505 comm="syz-executor" path="/root/syzkaller.aTJL9Y/syz-tmp/newroot/dev" dev="tmpfs" ino=13179 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   53.246553][   T23] audit: type=1401 audit(1740691268.369:107): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   53.596177][  T544] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.603053][  T544] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.610417][  T544] device bridge_slave_0 entered promiscuous mode
[   53.617025][  T544] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.624334][  T544] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.631712][  T544] device bridge_slave_1 entered promiscuous mode
[   53.673444][  T544] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.680492][  T544] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.687549][  T544] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.694431][  T544] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.714991][    T7] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.722070][    T7] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.729215][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   53.736586][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   53.745789][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   53.753983][    T7] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.760828][    T7] bridge0: port 1(bridge_slave_0) entered forwarding state
[   53.769834][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   53.778194][    T7] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.785115][    T7] bridge0: port 2(bridge_slave_1) entered forwarding state
[   53.798184][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   53.807671][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   53.823436][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   53.834605][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   53.847379][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   53.859486][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   53.870192][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
2025/02/27 21:21:09 executed programs: 0
[   54.258761][  T562] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.265916][  T562] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.274552][  T562] device bridge_slave_0 entered promiscuous mode
[   54.285506][  T562] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.292440][  T562] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.299882][  T562] device bridge_slave_1 entered promiscuous mode
[   54.344222][  T562] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.351287][  T562] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.358645][  T562] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.365541][  T562] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.387180][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   54.394793][  T103] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.402628][  T103] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.414479][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   54.422591][  T103] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.429499][  T103] bridge0: port 1(bridge_slave_0) entered forwarding state
[   54.438724][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   54.446970][  T103] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.453812][  T103] bridge0: port 2(bridge_slave_1) entered forwarding state
[   54.471881][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   54.481226][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   54.500893][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   54.519160][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   54.532794][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   54.555359][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   54.586438][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   54.600372][  T103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   54.751802][  T568] ======================================================
[   54.751802][  T568] WARNING: the mand mount option is being deprecated and
[   54.751802][  T568]          will be removed in v5.15!
[   54.751802][  T568] ======================================================
[   54.852209][  T568] EXT4-fs (loop2): 1 orphan inode deleted
[   54.857747][  T568] EXT4-fs (loop2): mounted filesystem without journal. Opts: discard,nodiscard,noquota,noinit_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,delalloc,,errors=continue
[   54.877217][   T23] audit: type=1400 audit(1740691269.999:108): avc:  denied  { mount } for  pid=567 comm="syz.2.16" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   54.880843][  T568] ext4 filesystem being mounted at /0/file1 supports timestamps until (%ptR?) (0x7fffffff)
[   54.914101][   T23] audit: type=1400 audit(1740691270.039:109): avc:  denied  { write } for  pid=567 comm="syz.2.16" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   54.934702][  T568] ==================================================================
[   54.935643][   T23] audit: type=1400 audit(1740691270.039:110): avc:  denied  { add_name } for  pid=567 comm="syz.2.16" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   54.943398][  T568] BUG: KASAN: use-after-free in ext4_find_extent+0xbc9/0xde0
[   54.943406][  T568] Read of size 4 at addr ffff8881cfb0fccc by task syz.2.16/568
[   54.943407][  T568] 
[   54.943417][  T568] CPU: 1 PID: 568 Comm: syz.2.16 Not tainted 5.4.290-syzkaller-05051-g6b07fcd94a6a #0
[   54.943427][  T568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   54.963869][   T23] audit: type=1400 audit(1740691270.039:111): avc:  denied  { create } for  pid=567 comm="syz.2.16" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   54.970640][  T568] Call Trace:
[   54.970656][  T568]  dump_stack+0x1d8/0x241
[   54.970665][  T568]  ? nf_ct_l4proto_log_invalid+0x258/0x258
[   54.970672][  T568]  ? printk+0xd1/0x111
[   54.970686][  T568]  ? ext4_find_extent+0xbc9/0xde0
[   54.978219][   T23] audit: type=1400 audit(1740691270.039:112): avc:  denied  { write open } for  pid=567 comm="syz.2.16" path="/0/file1/bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   54.980260][  T568]  ? wake_up_klogd+0xb2/0xf0
[   54.980269][  T568]  ? ext4_find_extent+0xbc9/0xde0
[   54.980276][  T568]  print_address_description+0x8c/0x600
[   54.980288][  T568]  ? panic+0x89d/0x89d
[   54.989647][   T23] audit: type=1400 audit(1740691270.039:113): avc:  denied  { read } for  pid=567 comm="syz.2.16" name="bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   54.999562][  T568]  ? ext4_find_extent+0xbc9/0xde0
[   54.999569][  T568]  __kasan_report+0xf3/0x120
[   54.999577][  T568]  ? ext4_find_extent+0xbc9/0xde0
[   54.999583][  T568]  kasan_report+0x30/0x60
[   54.999595][  T568]  ? memset+0x1f/0x40
[   55.019618][   T23] audit: type=1400 audit(1740691270.039:114): avc:  denied  { mounton } for  pid=567 comm="syz.2.16" path="/0/file1/bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   55.022544][  T568]  ext4_find_extent+0xbc9/0xde0
[   55.022556][  T568]  ext4_ext_remove_space+0x339/0x4ba0
[   55.022564][  T568]  ? ext4_issue_zeroout+0x150/0x150
[   55.022575][  T568]  ? ext4_es_insert_extent+0x2d70/0x2d70
[   55.022580][  T568]  ? _ext4_get_block+0x452/0x610
[   55.022590][  T568]  ? _raw_spin_lock+0xa4/0x1b0
[   55.022605][  T568]  ? _raw_write_lock+0xa4/0x170
[   55.182583][  T568]  ? ext4_da_release_space+0x1ba/0x4a0
[   55.187885][  T568]  ? ext4_ext_index_trans_blocks+0x120/0x120
[   55.193682][  T568]  ? ext4_es_remove_extent+0x1f2/0x420
[   55.199072][  T568]  ? ext4_zero_partial_blocks+0x1e0/0x220
[   55.204616][  T568]  ext4_punch_hole+0x6ac/0xad0
[   55.209218][  T568]  ext4_fallocate+0x265/0x570
[   55.213735][  T568]  vfs_fallocate+0x551/0x6b0
[   55.218172][  T568]  __x64_sys_fallocate+0xb9/0x100
[   55.223030][  T568]  do_syscall_64+0xca/0x1c0
[   55.227444][  T568]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   55.233341][  T568] RIP: 0033:0x7f09323b1de9
[   55.237511][  T568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   55.256957][  T568] RSP: 002b:00007f0931e24038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[   55.265197][  T568] RAX: ffffffffffffffda RBX: 00007f09325cafa0 RCX: 00007f09323b1de9
[   55.273015][  T568] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000005
[   55.280922][  T568] RBP: 00007f09324332a0 R08: 0000000000000000 R09: 0000000000000000
[   55.289251][  T568] R10: 0000000000001a00 R11: 0000000000000246 R12: 0000000000000000
[   55.297059][  T568] R13: 0000000000000000 R14: 00007f09325cafa0 R15: 00007fffa37b8e58
[   55.305093][  T568] 
[   55.307240][  T568] The buggy address belongs to the page:
[   55.312810][  T568] page:ffffea00073ec3c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1
[   55.321943][  T568] flags: 0x8000000000000000()
[   55.326626][  T568] raw: 8000000000000000 ffffea00073ec408 ffffea00073ec388 0000000000000000
[   55.335385][  T568] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   55.343827][  T568] page dumped because: kasan: bad access detected
[   55.350175][  T568] page_owner info is not present (never set?)
[   55.356235][  T568] 
[   55.358400][  T568] Memory state around the buggy address:
[   55.363875][  T568]  ffff8881cfb0fb80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.371777][  T568]  ffff8881cfb0fc00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.379759][  T568] >ffff8881cfb0fc80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.387654][  T568]                                               ^
[   55.393991][  T568]  ffff8881cfb0fd00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.401900][  T568]  ffff8881cfb0fd80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   55.409793][  T568] ==================================================================
[   55.417687][  T568] Disabling lock debugging due to kernel taint
[   55.427276][  T568] ------------[ cut here ]------------
[   55.432546][  T568] kernel BUG at fs/ext4/extents.c:3390!
[   55.438040][  T568] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   55.443836][  T568] CPU: 0 PID: 568 Comm: syz.2.16 Tainted: G    B             5.4.290-syzkaller-05051-g6b07fcd94a6a #0
[   55.454774][  T568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   55.464668][  T568] RIP: 0010:ext4_split_extent_at+0x11f4/0x1220
[   55.470835][  T568] Code: fe c1 38 c1 0f 8c 59 fa ff ff e8 f7 85 d1 ff 48 8b 54 24 58 48 8b 74 24 70 e9 45 fa ff ff e8 73 9b a1 ff 0f 0b e8 6c 9b a1 ff <0f> 0b e8 65 9b a1 ff 0f 0b e8 6e 3e 78 ff e8 59 9b a1 ff 0f 0b e8
[   55.490283][  T568] RSP: 0018:ffff8881e346f900 EFLAGS: 00010293
[   55.496180][  T568] RAX: ffffffff81c2af94 RBX: 0000000000000000 RCX: ffff8881e45f8fc0
[   55.503985][  T568] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   55.511883][  T568] RBP: ffff8881e346fa70 R08: ffffffff81c2a00f R09: ffff8881e346fa00
[   55.519875][  T568] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000000
[   55.527681][  T568] R13: 1ffff11039f62730 R14: 0000000000000000 R15: 0000000000000000
[   55.535500][  T568] FS:  00007f0931e246c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[   55.544259][  T568] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   55.550831][  T568] CR2: 000055cc5575f9f8 CR3: 00000001d2491000 CR4: 00000000003406b0
[   55.558804][  T568] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   55.566711][  T568] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   55.574569][  T568] Call Trace:
[   55.577849][  T568]  ? __die+0xb4/0x100
[   55.581651][  T568]  ? die+0x26/0x50
[   55.585209][  T568]  ? do_trap+0x1e7/0x340
[   55.589381][  T568]  ? ext4_split_extent_at+0x11f4/0x1220
[   55.594758][  T568]  ? ext4_split_extent_at+0x11f4/0x1220
[   55.600140][  T568]  ? do_invalid_op+0xfb/0x110
[   55.604648][  T568]  ? ext4_split_extent_at+0x11f4/0x1220
[   55.610045][  T568]  ? invalid_op+0x1e/0x30
[   55.614220][  T568]  ? ext4_split_extent_at+0x26f/0x1220
[   55.619495][  T568]  ? ext4_split_extent_at+0x11f4/0x1220
[   55.624875][  T568]  ? ext4_split_extent_at+0x11f4/0x1220
[   55.630260][  T568]  ? ext4_ext_shift_extents+0x16c0/0x16c0
[   55.635806][  T568]  ? ext4_find_extent+0xd94/0xde0
[   55.640671][  T568]  ext4_ext_remove_space+0x6f3/0x4ba0
[   55.645909][  T568]  ? ext4_es_insert_extent+0x2d70/0x2d70
[   55.651358][  T568]  ? _raw_spin_lock+0xa4/0x1b0
[   55.656190][  T568]  ? _raw_write_lock+0xa4/0x170
[   55.660806][  T568]  ? ext4_da_release_space+0x1ba/0x4a0
[   55.666099][  T568]  ? ext4_ext_index_trans_blocks+0x120/0x120
[   55.671917][  T568]  ? ext4_es_remove_extent+0x1f2/0x420
[   55.677210][  T568]  ? ext4_zero_partial_blocks+0x1e0/0x220
[   55.682763][  T568]  ext4_punch_hole+0x6ac/0xad0
[   55.687368][  T568]  ext4_fallocate+0x265/0x570
[   55.691876][  T568]  vfs_fallocate+0x551/0x6b0
[   55.696305][  T568]  __x64_sys_fallocate+0xb9/0x100
[   55.701197][  T568]  do_syscall_64+0xca/0x1c0
[   55.705509][  T568]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[   55.711235][  T568] RIP: 0033:0x7f09323b1de9
[   55.715488][  T568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   55.735042][  T568] RSP: 002b:00007f0931e24038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d
[   55.743382][  T568] RAX: ffffffffffffffda RBX: 00007f09325cafa0 RCX: 00007f09323b1de9
[   55.751261][  T568] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000005
[   55.759070][  T568] RBP: 00007f09324332a0 R08: 0000000000000000 R09: 0000000000000000
[   55.766893][  T568] R10: 0000000000001a00 R11: 0000000000000246 R12: 0000000000000000
[   55.774695][  T568] R13: 0000000000000000 R14: 00007f09325cafa0 R15: 00007fffa37b8e58
[   55.782514][  T568] Modules linked in:
[   55.790371][  T568] ---[ end trace 77bfaee6e23999aa ]---
[   55.798178][  T568] RIP: 0010:ext4_split_extent_at+0x11f4/0x1220
[   55.805848][  T568] Code: fe c1 38 c1 0f 8c 59 fa ff ff e8 f7 85 d1 ff 48 8b 54 24 58 48 8b 74 24 70 e9 45 fa ff ff e8 73 9b a1 ff 0f 0b e8 6c 9b a1 ff <0f> 0b e8 65 9b a1 ff 0f 0b e8 6e 3e 78 ff e8 59 9b a1 ff 0f 0b e8
[   55.825953][  T568] RSP: 0018:ffff8881e346f900 EFLAGS: 00010293
[   55.832308][  T568] RAX: ffffffff81c2af94 RBX: 0000000000000000 RCX: ffff8881e45f8fc0
[   55.841029][  T568] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   55.848915][  T568] RBP: ffff8881e346fa70 R08: ffffffff81c2a00f R09: ffff8881e346fa00
[   55.856742][  T568] R10: ffffffffffffffff R11: dffffc0000000001 R12: 0000000000000000
[   55.864635][  T568] R13: 1ffff11039f62730 R14: 0000000000000000 R15: 0000000000000000
[   55.872967][  T568] FS:  00007f0931e246c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[   55.882344][  T568] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   55.888793][  T568] CR2: 00007fded0e5f2a9 CR3: 00000001d2491000 CR4: 00000000003406a0
[   55.896823][  T568] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   55.904558][  T568] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   55.912903][  T568] Kernel panic - not syncing: Fatal exception
[   55.919621][  T568] Kernel Offset: disabled
[   55.923757][  T568] Rebooting in 86400 seconds..