Warning: Permanently added '10.128.0.180' (ECDSA) to the list of known hosts. 2023/04/03 15:22:46 ignoring optional flag "sandboxArg"="0" 2023/04/03 15:22:47 parsed 1 programs 2023/04/03 15:22:47 executed programs: 0 [ 36.974762][ T30] kauditd_printk_skb: 65 callbacks suppressed [ 36.974779][ T30] audit: type=1400 audit(1680535367.060:137): avc: denied { mounton } for pid=451 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 37.006300][ T30] audit: type=1400 audit(1680535367.060:138): avc: denied { mount } for pid=451 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 37.037367][ T455] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.044602][ T455] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.052003][ T455] device bridge_slave_0 entered promiscuous mode [ 37.058867][ T455] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.065748][ T455] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.072847][ T455] device bridge_slave_1 entered promiscuous mode [ 37.105788][ T455] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.112731][ T455] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.120018][ T455] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.127055][ T455] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.142248][ T414] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.149553][ T414] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.157184][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 37.164498][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 37.173096][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.181407][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.188408][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.204854][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 37.212975][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 37.220937][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 37.228297][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 37.236075][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.244151][ T414] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.251071][ T414] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.258349][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 37.266263][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 37.274709][ T455] device veth0_vlan entered promiscuous mode [ 37.284080][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 37.292669][ T455] device veth1_macvtap entered promiscuous mode [ 37.300852][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 37.311784][ T414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 37.323493][ T30] audit: type=1400 audit(1680535367.410:139): avc: denied { mount } for pid=455 comm="syz-executor.0" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 37.352533][ T460] loop0: detected capacity change from 0 to 131072 [ 37.360773][ T30] audit: type=1400 audit(1680535367.440:140): avc: denied { mounton } for pid=459 comm="syz-executor.0" path="/root/syzkaller-testdir3019299683/syzkaller.4zyjAm/0/file0" dev="sda1" ino=1148 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 37.361578][ T460] F2FS-fs (loop0): Invalid log_blocksize (16), supports only 12 [ 37.396587][ T460] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 37.407365][ T460] F2FS-fs (loop0): Found nat_bits in checkpoint [ 37.427212][ T460] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 37.435377][ T460] F2FS-fs (loop0): Mounted with checkpoint version = 3e17dab1 [ 37.442876][ T30] audit: type=1400 audit(1680535367.520:141): avc: denied { mount } for pid=459 comm="syz-executor.0" name="/" dev="loop0" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 37.465049][ T30] audit: type=1400 audit(1680535367.550:142): avc: denied { write } for pid=459 comm="syz-executor.0" name="/" dev="loop0" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 37.487604][ T30] audit: type=1400 audit(1680535367.550:143): avc: denied { add_name } for pid=459 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 37.509044][ T30] audit: type=1400 audit(1680535367.550:144): avc: denied { create } for pid=459 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 37.529650][ T30] audit: type=1400 audit(1680535367.550:145): avc: denied { read write open } for pid=459 comm="syz-executor.0" path="/root/syzkaller-testdir3019299683/syzkaller.4zyjAm/0/file0/bus" dev="loop0" ino=455 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 37.702797][ T30] audit: type=1400 audit(1680535367.780:146): avc: denied { unmount } for pid=455 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 37.725067][ T10] ================================================================== [ 37.733030][ T10] BUG: KASAN: use-after-free in do_garbage_collect+0x4fff/0x62f0 [ 37.740583][ T10] Read of size 4 at addr ffff88812564f150 by task kworker/u4:1/10 [ 37.748213][ T10] [ 37.750644][ T10] CPU: 1 PID: 10 Comm: kworker/u4:1 Not tainted 5.15.74-syzkaller #0 [ 37.758730][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 37.768821][ T10] Workqueue: writeback wb_workfn (flush-7:0) [ 37.774725][ T10] Call Trace: [ 37.778274][ T10] [ 37.781033][ T10] dump_stack_lvl+0x151/0x1b7 [ 37.785907][ T10] ? bfq_pos_tree_add_move+0x43b/0x43b [ 37.791203][ T10] ? panic+0x728/0x728 [ 37.795112][ T10] ? _raw_spin_unlock+0x4d/0x70 [ 37.799822][ T10] print_address_description+0x87/0x3b0 [ 37.805267][ T10] ? up_read+0x14/0x90 [ 37.809257][ T10] kasan_report+0x179/0x1c0 [ 37.813792][ T10] ? do_garbage_collect+0x4fff/0x62f0 [ 37.819190][ T10] ? do_garbage_collect+0x4fff/0x62f0 [ 37.824389][ T10] __asan_report_load4_noabort+0x14/0x20 [ 37.829870][ T10] do_garbage_collect+0x4fff/0x62f0 [ 37.834985][ T10] ? has_not_enough_free_secs+0x940/0x940 [ 37.840657][ T10] ? f2fs_write_data_pages+0x423/0x2d00 [ 37.846091][ T10] ? si_meminfo+0x13b/0x180 [ 37.850513][ T10] ? f2fs_check_nid_range+0x120/0x120 [ 37.855726][ T10] ? set_page_private_gcing+0x130/0x130 [ 37.861217][ T10] ? __kasan_check_write+0x14/0x20 [ 37.866163][ T10] f2fs_gc+0x8aa/0x17e0 [ 37.870150][ T10] ? f2fs_start_bidx_of_node+0x370/0x370 [ 37.875812][ T10] ? __kasan_check_write+0x14/0x20 [ 37.880756][ T10] ? __kasan_check_write+0x14/0x20 [ 37.886362][ T10] ? down_read_killable+0x30/0x30 [ 37.891674][ T10] ? has_not_enough_free_secs+0x40d/0x920 [ 37.897221][ T10] f2fs_balance_fs+0x341/0x3f0 [ 37.902096][ T10] ? f2fs_commit_inmem_pages+0xd00/0xd00 [ 37.907589][ T10] ? __kasan_check_write+0x14/0x20 [ 37.912759][ T10] ? f2fs_put_page+0x13b/0x190 [ 37.917356][ T10] ? f2fs_update_inode_page+0x101/0x130 [ 37.922839][ T10] f2fs_write_inode+0x553/0x5d0 [ 37.927751][ T10] __writeback_single_inode+0x4c2/0xa70 [ 37.933148][ T10] writeback_sb_inodes+0xb2e/0x1910 [ 37.938513][ T10] ? queue_io+0x520/0x520 [ 37.942684][ T10] ? __writeback_inodes_wb+0x3f0/0x3f0 [ 37.948176][ T10] ? queue_io+0x3d0/0x520 [ 37.952423][ T10] wb_writeback+0x3b9/0x9e0 [ 37.956875][ T10] ? inode_cgwb_move_to_attached+0x3c0/0x3c0 [ 37.962782][ T10] ? set_worker_desc+0x158/0x1c0 [ 37.967548][ T10] ? __kasan_check_write+0x14/0x20 [ 37.972490][ T10] wb_workfn+0x3d9/0x1110 [ 37.976656][ T10] ? inode_wait_for_writeback+0x280/0x280 [ 37.982235][ T10] ? sched_clock+0x9/0x10 [ 37.986649][ T10] ? _raw_spin_unlock+0x4d/0x70 [ 37.991509][ T10] ? finish_task_switch+0x167/0x7b0 [ 37.996632][ T10] ? __kasan_check_read+0x11/0x20 [ 38.001691][ T10] ? read_word_at_a_time+0x12/0x20 [ 38.006630][ T10] ? strscpy+0x9c/0x260 [ 38.010837][ T10] process_one_work+0x6bb/0xc10 [ 38.015682][ T10] worker_thread+0xad5/0x12a0 [ 38.020302][ T10] kthread+0x421/0x510 [ 38.024498][ T10] ? worker_clr_flags+0x180/0x180 [ 38.029383][ T10] ? kthread_blkcg+0xd0/0xd0 [ 38.033871][ T10] ret_from_fork+0x1f/0x30 [ 38.038138][ T10] [ 38.040988][ T10] [ 38.043155][ T10] The buggy address belongs to the page: [ 38.048627][ T10] page:ffffea00049593c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12564f [ 38.058741][ T10] flags: 0x4000000000000000(zone=1) [ 38.063732][ T10] raw: 4000000000000000 ffffea00049593c8 ffffea00049593c8 0000000000000000 [ 38.072157][ T10] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 38.080651][ T10] page dumped because: kasan: bad access detected [ 38.086995][ T10] page_owner info is not present (never set?) [ 38.098015][ T10] [ 38.100268][ T10] Memory state around the buggy address: [ 38.105742][ T10] ffff88812564f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.113947][ T10] ffff88812564f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.122096][ T10] >ffff88812564f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.130575][ T10] ^ [ 38.137169][ T10] ffff88812564f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.145533][ T10] ffff88812564f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 38.153874][ T10] ================================================================== [ 38.162160][ T10] Disabling lock debugging due to kernel taint