Warning: Permanently added '10.128.1.215' (ED25519) to the list of known hosts. 2025/08/04 05:07:07 ignoring optional flag "sandboxArg"="0" 2025/08/04 05:07:08 parsed 1 programs [ 49.987751][ T28] kauditd_printk_skb: 31 callbacks suppressed [ 49.987764][ T28] audit: type=1400 audit(1754284029.288:105): avc: denied { unlink } for pid=395 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 50.024434][ T395] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 50.863834][ T415] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.870894][ T415] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.878595][ T415] device bridge_slave_0 entered promiscuous mode [ 50.885657][ T415] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.892709][ T415] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.899954][ T415] device bridge_slave_1 entered promiscuous mode [ 50.933165][ T415] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.940212][ T415] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.947483][ T415] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.954492][ T415] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.971091][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.978840][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.985935][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.994673][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.002989][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.010075][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.018850][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.027055][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.034115][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.048003][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.055875][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.066077][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 51.076599][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 51.084907][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 51.092526][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 51.101292][ T415] device veth0_vlan entered promiscuous mode [ 51.110498][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 51.119336][ T415] device veth1_macvtap entered promiscuous mode [ 51.127972][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 51.138554][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 51.312628][ T28] audit: type=1401 audit(1754284030.608:106): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 51.439237][ T28] audit: type=1400 audit(1754284030.738:107): avc: denied { create } for pid=449 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 2025/08/04 05:07:10 executed programs: 0 [ 51.660115][ T28] audit: type=1400 audit(1754284030.958:108): avc: denied { write } for pid=386 comm="syz-execprog" path="pipe:[15074]" dev="pipefs" ino=15074 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 51.701891][ T462] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.709130][ T462] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.716363][ T462] device bridge_slave_0 entered promiscuous mode [ 51.723215][ T462] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.730275][ T462] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.738322][ T462] device bridge_slave_1 entered promiscuous mode [ 51.777143][ T462] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.784644][ T462] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.791893][ T462] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.798963][ T462] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.820706][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.828894][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.836100][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.844995][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.854015][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.862182][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.869213][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.880941][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.889541][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.897821][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.904944][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.915030][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.923081][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.934030][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 51.942226][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 51.954294][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 51.962813][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 51.971967][ T8] device bridge_slave_1 left promiscuous mode [ 51.978149][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.985486][ T8] device bridge_slave_0 left promiscuous mode [ 51.991804][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.999500][ T8] device veth1_macvtap left promiscuous mode [ 52.005480][ T8] device veth0_vlan left promiscuous mode [ 52.072772][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 52.080901][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 52.089269][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 52.096695][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 52.104451][ T462] device veth0_vlan entered promiscuous mode [ 52.115266][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 52.123401][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 52.132153][ T462] device veth1_macvtap entered promiscuous mode [ 52.140444][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 52.148574][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 52.156681][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 52.166196][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 52.174652][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 52.199570][ T473] loop2: detected capacity change from 0 to 1024 [ 52.206280][ T473] ======================================================= [ 52.206280][ T473] WARNING: The mand mount option has been deprecated and [ 52.206280][ T473] and is ignored by this kernel. Remove the mand [ 52.206280][ T473] option from the mount to silence this warning. [ 52.206280][ T473] ======================================================= [ 52.248629][ T473] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 52.257205][ T28] audit: type=1400 audit(1754284031.548:109): avc: denied { mount } for pid=472 comm="syz.2.16" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 52.275567][ T473] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3841: comm syz.2.16: Allocating blocks 497-513 which overlap fs metadata [ 52.278724][ T28] audit: type=1400 audit(1754284031.558:110): avc: denied { write } for pid=472 comm="syz.2.16" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 52.294013][ T473] EXT4-fs (loop2): pa ffff88810e47d150: logic 256, phys. 385, len 8 [ 52.321737][ T473] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 52.323840][ T28] audit: type=1400 audit(1754284031.558:111): avc: denied { add_name } for pid=472 comm="syz.2.16" name="memory.stat" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 52.340289][ T462] ================================================================== [ 52.353154][ T28] audit: type=1400 audit(1754284031.558:112): avc: denied { create } for pid=472 comm="syz.2.16" name="memory.stat" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 52.360590][ T462] BUG: KASAN: use-after-free in ext4_ext_remove_space+0x2f43/0x3fb0 [ 52.360618][ T462] Read of size 4 at addr ffff88812ddf5db8 by task syz-executor/462 [ 52.360633][ T462] [ 52.360639][ T462] CPU: 0 PID: 462 Comm: syz-executor Not tainted 6.1.145-syzkaller-1169984-g3b4ff5af8d36 #0 [ 52.360657][ T462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 52.360667][ T462] Call Trace: [ 52.381460][ T28] audit: type=1400 audit(1754284031.558:113): avc: denied { read append open } for pid=472 comm="syz.2.16" path="/0/file1/memory.stat" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 52.389012][ T462] [ 52.389022][ T462] __dump_stack+0x21/0x24 [ 52.397182][ T28] audit: type=1400 audit(1754284031.628:114): avc: denied { write } for pid=472 comm="syz.2.16" name="memory.stat" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 52.399377][ T462] dump_stack_lvl+0xee/0x150 [ 52.399402][ T462] ? __cfi_dump_stack_lvl+0x8/0x8 [ 52.485153][ T462] ? ext4_inode_block_valid+0x2d7/0x3f0 [ 52.490693][ T462] ? ext4_ext_remove_space+0x2f43/0x3fb0 [ 52.496313][ T462] print_address_description+0x71/0x210 [ 52.501922][ T462] print_report+0x4a/0x60 [ 52.506254][ T462] kasan_report+0x122/0x150 [ 52.510734][ T462] ? ext4_ext_remove_space+0x2f43/0x3fb0 [ 52.516346][ T462] __asan_report_load4_noabort+0x14/0x20 [ 52.521969][ T462] ext4_ext_remove_space+0x2f43/0x3fb0 [ 52.527427][ T462] ? ext4_es_free_extent+0x3de/0x4c0 [ 52.532701][ T462] ? ext4_es_insert_extent+0x2d70/0x2d70 [ 52.538326][ T462] ? ext4_da_release_space+0x1d6/0x480 [ 52.543773][ T462] ? __cfi_ext4_ext_remove_space+0x10/0x10 [ 52.549568][ T462] ? ext4_es_remove_extent+0x1d9/0x330 [ 52.555006][ T462] ext4_ext_truncate+0x200/0x320 [ 52.559921][ T462] ext4_truncate+0x9a6/0xf90 [ 52.564488][ T462] ? __cfi_ext4_truncate+0x10/0x10 [ 52.569568][ T462] ext4_evict_inode+0xcc3/0x1460 [ 52.574477][ T462] ? _raw_spin_unlock+0x4c/0x70 [ 52.579317][ T462] ? __cfi_ext4_evict_inode+0x10/0x10 [ 52.584668][ T462] ? _raw_spin_unlock+0x4c/0x70 [ 52.589519][ T462] ? inode_io_list_del+0x19b/0x1b0 [ 52.594616][ T462] ? __cfi_ext4_evict_inode+0x10/0x10 [ 52.599959][ T462] evict+0x493/0x890 [ 52.603828][ T462] ? __kasan_check_write+0x14/0x20 [ 52.608915][ T462] ? proc_nr_inodes+0x2f0/0x2f0 [ 52.613784][ T462] ? lockref_put_return+0x152/0x1c0 [ 52.618957][ T462] ? __cfi_lockref_put_return+0x10/0x10 [ 52.624475][ T462] ? __kasan_check_write+0x14/0x20 [ 52.629559][ T462] iput+0x620/0x670 [ 52.633339][ T462] do_unlinkat+0x375/0x6b0 [ 52.637728][ T462] ? __cfi_do_unlinkat+0x10/0x10 [ 52.642639][ T462] ? getname_flags+0x206/0x500 [ 52.647376][ T462] __x64_sys_unlink+0x49/0x50 [ 52.652024][ T462] x64_sys_call+0x958/0x9a0 [ 52.656497][ T462] do_syscall_64+0x4c/0xa0 [ 52.660881][ T462] ? clear_bhb_loop+0x30/0x80 [ 52.665533][ T462] ? clear_bhb_loop+0x30/0x80 [ 52.670184][ T462] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 52.676051][ T462] RIP: 0033:0x7fa423b8df57 [ 52.680440][ T462] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 52.700023][ T462] RSP: 002b:00007ffd767b7f38 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 52.708412][ T462] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa423b8df57 [ 52.716371][ T462] RDX: 00007ffd767b7f60 RSI: 00007ffd767b7ff0 RDI: 00007ffd767b7ff0 [ 52.724315][ T462] RBP: 00007ffd767b7ff0 R08: 0000000000000000 R09: 0000000000000000 [ 52.732259][ T462] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffd767b90e0 [ 52.740205][ T462] R13: 00007fa423c10b55 R14: 000000000000cc19 R15: 00007ffd767ba1b0 [ 52.748160][ T462] [ 52.751165][ T462] [ 52.753475][ T462] The buggy address belongs to the physical page: [ 52.759978][ T462] page:ffffea0004b77d40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12ddf5 [ 52.770210][ T462] flags: 0x4000000000000000(zone=1) [ 52.775406][ T462] raw: 4000000000000000 ffffea0004b77d48 ffffea0004b77d48 0000000000000000 [ 52.783990][ T462] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 52.792556][ T462] page dumped because: kasan: bad access detected [ 52.798964][ T462] page_owner info is not present (never set?) [ 52.805032][ T462] [ 52.807360][ T462] Memory state around the buggy address: [ 52.812977][ T462] ffff88812ddf5c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.821292][ T462] ffff88812ddf5d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.829351][ T462] >ffff88812ddf5d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.837490][ T462] ^ [ 52.843371][ T462] ffff88812ddf5e00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.851422][ T462] ffff88812ddf5e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.859472][ T462] ================================================================== [ 52.869538][ T462] Disabling lock debugging due to kernel taint [ 52.879723][ T462] EXT4-fs (loop2): unmounting filesystem. [ 52.894327][ T479] loop2: detected capacity change from 0 to 1024 [ 52.913578][ T479] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 52.932684][ T479] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3841: comm syz.2.17: Allocating blocks 497-513 which overlap fs metadata [ 52.946909][ T479] EXT4-fs (loop2): pa ffff88810b42dbd0: logic 256, phys. 385, len 8 [ 52.954925][ T479] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 52.969767][ T462] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 130220965612224, count = 16 [ 52.984455][ T462] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 130220965586783, count = 25454 [ 52.999592][ T462] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 130220965586768, count = 16 [ 53.014275][ T462] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 56311859664480, count = 16 [ 53.029023][ T462] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 56311859650608, count = 13878 [ 53.043919][ T462] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 56311859650608, count = 16 [ 53.058481][ T462] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 112589990710368, count = 16 [ 53.073501][ T462] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 112589990684262, count = 26122 [ 57.937309][ T462] EXT4-fs error: 34866 callbacks suppressed [ 57.937328][ T462] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 104927652638560, count = 16 [ 57.957914][ T462] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 104592895498096, count = 16 [ 57.972673][ T462] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 104592895472479, count = 25632 [ 57.987645][ T462] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 104592895472464, count = 16 [ 58.002377][ T462] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 112589198695824, count = 16 [ 58.017300][ T462] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 112589198669624, count = 26214 [ 58.032456][ T462] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 112589198669616, count = 16 [ 58.047313][ T462] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 126877799852432, count = 16 [ 58.061991][ T462] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 126877799822382, count = 30060 [ 58.077019][ T462] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz-executor: Freeing blocks not in datazone - block = 126877799822368, count = 16