Warning: Permanently added '10.128.1.52' (ED25519) to the list of known hosts.
2023/11/14 14:29:36 ignoring optional flag "sandboxArg"="0"
2023/11/14 14:29:36 parsed 1 programs
2023/11/14 14:29:36 executed programs: 0
[   42.096647][   T27] audit: type=1400 audit(1699972176.508:152): avc:  denied  { mounton } for  pid=338 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   42.121590][   T27] audit: type=1400 audit(1699972176.518:153): avc:  denied  { mount } for  pid=338 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   42.179581][  T344] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.186418][  T344] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.193906][  T344] device bridge_slave_0 entered promiscuous mode
[   42.200659][  T344] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.207664][  T344] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.215100][  T344] device bridge_slave_1 entered promiscuous mode
[   42.251774][   T27] audit: type=1400 audit(1699972176.668:154): avc:  denied  { write } for  pid=344 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   42.257150][  T344] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.272149][   T27] audit: type=1400 audit(1699972176.668:155): avc:  denied  { read } for  pid=344 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   42.278943][  T344] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.279019][  T344] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.313233][  T344] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.330553][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.337660][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.344839][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   42.352177][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.370054][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   42.378071][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   42.386507][  T301] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.393361][  T301] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.400512][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   42.408523][  T301] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.415483][  T301] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.423631][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   42.431436][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   42.441834][  T344] device veth0_vlan entered promiscuous mode
[   42.448930][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   42.456560][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   42.463768][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   42.473363][   T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   42.481935][  T344] device veth1_macvtap entered promiscuous mode
[   42.490647][  T301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   42.503642][  T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   42.513731][   T27] audit: type=1400 audit(1699972176.928:156): avc:  denied  { mounton } for  pid=344 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=207 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   42.778980][  T351] loop0: detected capacity change from 0 to 131072
[   42.785670][   T27] audit: type=1400 audit(1699972177.198:157): avc:  denied  { mounton } for  pid=349 comm="syz-executor.0" path="/root/syzkaller-testdir2949469566/syzkaller.HfucZD/0/file0" dev="sda1" ino=1937 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   42.787920][  T351] F2FS-fs (loop0): invalid crc value
[   42.818642][  T351] F2FS-fs (loop0): Found nat_bits in checkpoint
[   42.842858][  T351] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[   42.850314][   T27] audit: type=1400 audit(1699972177.268:158): avc:  denied  { mount } for  pid=349 comm="syz-executor.0" name="/" dev="loop0" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   42.872806][   T27] audit: type=1400 audit(1699972177.278:159): avc:  denied  { read } for  pid=349 comm="syz-executor.0" name="file2" dev="loop0" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   42.894847][   T27] audit: type=1400 audit(1699972177.278:160): avc:  denied  { open } for  pid=349 comm="syz-executor.0" path="/root/syzkaller-testdir2949469566/syzkaller.HfucZD/0/file0/file2" dev="loop0" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   42.922119][   T27] audit: type=1400 audit(1699972177.278:161): avc:  denied  { ioctl } for  pid=349 comm="syz-executor.0" path="/root/syzkaller-testdir2949469566/syzkaller.HfucZD/0/file0/file2" dev="loop0" ino=8 ioctlcmd=0xf519 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   42.969192][  T344] ==================================================================
[   42.977069][  T344] BUG: KASAN: use-after-free in _raw_spin_lock+0x97/0x1b0
[   42.984008][  T344] Write of size 4 at addr ffff888100566358 by task syz-executor.0/344
[   42.992176][  T344] 
[   42.994349][  T344] CPU: 0 PID: 344 Comm: syz-executor.0 Not tainted 6.1.43-syzkaller #0
[   43.002430][  T344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023
[   43.012318][  T344] Call Trace:
[   43.015443][  T344]  <TASK>
[   43.018217][  T344]  dump_stack_lvl+0x105/0x148
[   43.022737][  T344]  ? panic+0x3b4/0x3b4
[   43.026810][  T344]  ? nf_tcp_handle_invalid+0x30b/0x30b
[   43.032130][  T344]  ? _printk+0xca/0x10a
[   43.036367][  T344]  print_report+0x158/0x4e0
[   43.040696][  T344]  ? preempt_schedule+0xd9/0xe0
[   43.045381][  T344]  ? kasan_complete_mode_report_info+0x90/0x1b0
[   43.051470][  T344]  ? _raw_spin_lock+0x97/0x1b0
[   43.056061][  T344]  kasan_report+0x13c/0x170
[   43.060402][  T344]  ? _raw_spin_lock+0x97/0x1b0
[   43.065008][  T344]  kasan_check_range+0x294/0x2a0
[   43.069801][  T344]  __kasan_check_write+0x14/0x20
[   43.074567][  T344]  _raw_spin_lock+0x97/0x1b0
[   43.079060][  T344]  ? _raw_spin_trylock_bh+0x190/0x190
[   43.084268][  T344]  ? _raw_spin_lock+0xa4/0x1b0
[   43.088872][  T344]  ? _raw_spin_trylock_bh+0x190/0x190
[   43.094077][  T344]  igrab+0x1b/0x80
[   43.097638][  T344]  f2fs_write_checkpoint+0xb9f/0x2050
[   43.102852][  T344]  ? f2fs_get_sectors_written+0x430/0x430
[   43.108398][  T344]  ? __kasan_check_write+0x14/0x20
[   43.113430][  T344]  ? mutex_unlock+0xb2/0x260
[   43.117858][  T344]  ? __kasan_check_write+0x14/0x20
[   43.122807][  T344]  f2fs_issue_checkpoint+0x2fb/0x460
[   43.127931][  T344]  ? f2fs_destroy_checkpoint_caches+0x20/0x20
[   43.133826][  T344]  ? sync_inodes_sb+0x711/0x7d0
[   43.138514][  T344]  ? try_to_writeback_inodes_sb+0x370/0x370
[   43.144243][  T344]  f2fs_sync_fs+0x109/0x200
[   43.148596][  T344]  sync_filesystem+0x16d/0x1b0
[   43.153286][  T344]  f2fs_quota_off_umount+0x1ba/0x1d0
[   43.158398][  T344]  f2fs_put_super+0xb8/0xc20
[   43.162816][  T344]  ? __kasan_check_read+0x11/0x20
[   43.167675][  T344]  ? fsnotify_sb_delete+0x302/0x410
[   43.172722][  T344]  ? f2fs_drop_inode+0x7f0/0x7f0
[   43.177502][  T344]  ? __fsnotify_vfsmount_delete+0x20/0x20
[   43.183412][  T344]  ? clear_inode+0x100/0x100
[   43.187830][  T344]  ? sync_blockdev+0x64/0x70
[   43.192266][  T344]  generic_shutdown_super+0x113/0x2d0
[   43.197478][  T344]  kill_block_super+0x79/0xb0
[   43.201980][  T344]  kill_f2fs_super+0x252/0x320
[   43.206580][  T344]  ? f2fs_mount+0x20/0x20
[   43.210738][  T344]  ? up_write+0x79/0x1f0
[   43.214818][  T344]  ? unregister_shrinker+0x1f7/0x290
[   43.219940][  T344]  deactivate_locked_super+0x7d/0xe0
[   43.225060][  T344]  deactivate_super+0x5d/0x80
[   43.229575][  T344]  cleanup_mnt+0x31e/0x390
[   43.233823][  T344]  ? path_umount+0x1c5/0xc00
[   43.238254][  T344]  __cleanup_mnt+0xd/0x10
[   43.242445][  T344]  task_work_run+0x208/0x260
[   43.246860][  T344]  ? task_work_cancel+0x2a0/0x2a0
[   43.251732][  T344]  ? __x64_sys_umount+0xe4/0x120
[   43.257694][  T344]  exit_to_user_mode_loop+0x8b/0xa0
[   43.262730][  T344]  exit_to_user_mode_prepare+0x5a/0xa0
[   43.268029][  T344]  syscall_exit_to_user_mode+0x26/0x130
[   43.273408][  T344]  do_syscall_64+0x49/0xb0
[   43.277654][  T344]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   43.283388][  T344] RIP: 0033:0x7fe24ce7dc87
[   43.287639][  T344] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8
[   43.307082][  T344] RSP: 002b:00007ffeda989d78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   43.315337][  T344] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007fe24ce7dc87
[   43.323321][  T344] RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffeda989e30
[   43.331121][  T344] RBP: 00007ffeda989e30 R08: 0000000000000000 R09: 0000000000000000
[   43.339017][  T344] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeda98aef0
[   43.347288][  T344] R13: 00007fe24ced7c5a R14: 000000000000a61b R15: 0000000000000003
[   43.355080][  T344]  </TASK>
[   43.357946][  T344] 
[   43.360108][  T344] Allocated by task 351:
[   43.364194][  T344]  kasan_set_track+0x4b/0x70
[   43.368614][  T344]  kasan_save_alloc_info+0x1f/0x30
[   43.373563][  T344]  __kasan_slab_alloc+0x6c/0x80
[   43.378249][  T344]  slab_post_alloc_hook+0x59/0x270
[   43.383198][  T344]  kmem_cache_alloc_lru+0x102/0x220
[   43.388493][  T344]  f2fs_alloc_inode+0x28/0x340
[   43.393094][  T344]  iget_locked+0x16d/0x750
[   43.397433][  T344]  f2fs_iget+0x50/0x4250
[   43.401518][  T344]  f2fs_lookup+0x28f/0xa10
[   43.405762][  T344]  path_openat+0xe15/0x2440
[   43.410192][  T344]  do_filp_open+0x226/0x430
[   43.414529][  T344]  do_sys_openat2+0x103/0x6c0
[   43.419130][  T344]  __x64_sys_open+0x1eb/0x240
[   43.423641][  T344]  do_syscall_64+0x3d/0xb0
[   43.427899][  T344]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   43.433624][  T344] 
[   43.435796][  T344] Freed by task 0:
[   43.439351][  T344]  kasan_set_track+0x4b/0x70
[   43.443780][  T344]  kasan_save_free_info+0x2b/0x40
[   43.448642][  T344]  ____kasan_slab_free+0x131/0x180
[   43.453587][  T344]  __kasan_slab_free+0x11/0x20
[   43.458187][  T344]  kmem_cache_free+0x264/0x450
[   43.462786][  T344]  f2fs_free_inode+0x1c/0x20
[   43.467312][  T344]  i_callback+0x41/0x60
[   43.471302][  T344]  rcu_do_batch+0x505/0xb20
[   43.475649][  T344]  rcu_core+0x4ae/0xe50
[   43.479627][  T344]  rcu_core_si+0x9/0x10
[   43.483619][  T344]  __do_softirq+0x1d2/0x5f2
[   43.487958][  T344] 
[   43.490133][  T344] Last potentially related work creation:
[   43.495692][  T344]  kasan_save_stack+0x3b/0x60
[   43.500196][  T344]  __kasan_record_aux_stack+0xb4/0xc0
[   43.505409][  T344]  kasan_record_aux_stack_noalloc+0xb/0x10
[   43.511051][  T344]  call_rcu+0xd4/0x1010
[   43.515039][  T344]  evict+0x5e0/0x620
[   43.518783][  T344]  evict_inodes+0x522/0x590
[   43.523118][  T344]  generic_shutdown_super+0x92/0x2d0
[   43.528230][  T344]  kill_block_super+0x79/0xb0
[   43.532745][  T344]  kill_f2fs_super+0x252/0x320
[   43.537342][  T344]  deactivate_locked_super+0x7d/0xe0
[   43.542556][  T344]  deactivate_super+0x5d/0x80
[   43.547068][  T344]  cleanup_mnt+0x31e/0x390
[   43.551319][  T344]  __cleanup_mnt+0xd/0x10
[   43.555483][  T344]  task_work_run+0x208/0x260
[   43.559911][  T344]  exit_to_user_mode_loop+0x8b/0xa0
[   43.564949][  T344]  exit_to_user_mode_prepare+0x5a/0xa0
[   43.570237][  T344]  syscall_exit_to_user_mode+0x26/0x130
[   43.575619][  T344]  do_syscall_64+0x49/0xb0
[   43.579874][  T344]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   43.585690][  T344] 
[   43.587859][  T344] The buggy address belongs to the object at ffff8881005662d0
[   43.587859][  T344]  which belongs to the cache f2fs_inode_cache of size 1360
[   43.602529][  T344] The buggy address is located 136 bytes inside of
[   43.602529][  T344]  1360-byte region [ffff8881005662d0, ffff888100566820)
[   43.615728][  T344] 
[   43.617889][  T344] The buggy address belongs to the physical page:
[   43.624144][  T344] page:ffffea0004015800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100560
[   43.634215][  T344] head:ffffea0004015800 order:3 compound_mapcount:0 compound_pincount:0
[   43.642366][  T344] flags: 0x4000000000010200(slab|head|zone=1)
[   43.648274][  T344] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100281500
[   43.656713][  T344] raw: 0000000000000000 0000000080160016 00000001ffffffff 0000000000000000
[   43.665195][  T344] page dumped because: kasan: bad access detected
[   43.671444][  T344] page_owner tracks the page as allocated
[   43.676995][  T344] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 351, tgid 349 (syz-executor.0), ts 42787761691, free_ts 0
[   43.699824][  T344]  prep_new_page+0x512/0x5e0
[   43.704250][  T344]  get_page_from_freelist+0x2900/0x2990
[   43.709636][  T344]  __alloc_pages+0x39f/0x780
[   43.714058][  T344]  new_slab+0xcb/0x440
[   43.717962][  T344]  ___slab_alloc+0x611/0x9a0
[   43.722554][  T344]  __slab_alloc+0x52/0x90
[   43.726712][  T344]  kmem_cache_alloc_lru+0x144/0x220
[   43.731834][  T344]  f2fs_alloc_inode+0x28/0x340
[   43.736435][  T344]  iget_locked+0x16d/0x750
[   43.740697][  T344]  f2fs_iget+0x50/0x4250
[   43.744851][  T344]  f2fs_fill_super+0x4141/0x6b90
[   43.749634][  T344]  mount_bdev+0x25d/0x340
[   43.753793][  T344]  f2fs_mount+0x10/0x20
[   43.757785][  T344]  legacy_get_tree+0xeb/0x180
[   43.762302][  T344]  vfs_get_tree+0x7c/0x170
[   43.766553][  T344]  do_new_mount+0x1e1/0x8f0
[   43.770893][  T344] page_owner free stack trace missing
[   43.776102][  T344] 
[   43.778382][  T344] Memory state around the buggy address:
[   43.783907][  T344]  ffff888100566200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   43.792070][  T344]  ffff888100566280: fc fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb
[   43.799968][  T344] >ffff888100566300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.807882][  T344]                                                     ^
[   43.814725][  T344]  ffff888100566380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.822624][  T344]  ffff888100566400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.830523][  T344] ==================================================================
[   43.838899][  T344] Disabling lock debugging due to kernel taint