Warning: Permanently added '10.128.1.15' (ED25519) to the list of known hosts.
2024/02/26 04:10:25 ignoring optional flag "sandboxArg"="0"
2024/02/26 04:10:25 parsed 1 programs
[   42.166874][   T30] audit: type=1400 audit(1708920625.499:157): avc:  denied  { mounton } for  pid=340 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   42.191574][   T30] audit: type=1400 audit(1708920625.499:158): avc:  denied  { mount } for  pid=340 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
2024/02/26 04:10:25 executed programs: 0
[   42.237007][   T30] audit: type=1400 audit(1708920625.569:159): avc:  denied  { unlink } for  pid=340 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   42.274519][  T340] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   42.328760][  T346] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.335730][  T346] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.343260][  T346] device bridge_slave_0 entered promiscuous mode
[   42.350151][  T346] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.357184][  T346] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.364750][  T346] device bridge_slave_1 entered promiscuous mode
[   42.408992][   T30] audit: type=1400 audit(1708920625.739:160): avc:  denied  { write } for  pid=346 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   42.430202][   T30] audit: type=1400 audit(1708920625.759:161): avc:  denied  { read } for  pid=346 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   42.435470][  T346] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.457763][  T346] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.464835][  T346] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.471660][  T346] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.491119][   T39] bridge0: port 1(bridge_slave_0) entered disabled state
[   42.498468][   T39] bridge0: port 2(bridge_slave_1) entered disabled state
[   42.505994][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   42.513424][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   42.522644][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   42.530763][   T20] bridge0: port 1(bridge_slave_0) entered blocking state
[   42.537617][   T20] bridge0: port 1(bridge_slave_0) entered forwarding state
[   42.557637][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   42.566220][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   42.575227][   T20] bridge0: port 2(bridge_slave_1) entered blocking state
[   42.582096][   T20] bridge0: port 2(bridge_slave_1) entered forwarding state
[   42.589245][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   42.597059][   T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   42.606438][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   42.614459][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   42.621916][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   42.630201][  T346] device veth0_vlan entered promiscuous mode
[   42.640946][  T346] device veth1_macvtap entered promiscuous mode
[   42.647999][   T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   42.662336][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   42.671115][   T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   42.684972][   T30] audit: type=1400 audit(1708920626.009:162): avc:  denied  { mounton } for  pid=346 comm="syz-executor.0" path="/dev/binderfs" dev="devtmpfs" ino=362 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   42.718970][  T352] loop0: detected capacity change from 0 to 512
[   42.725666][   T30] audit: type=1400 audit(1708920626.049:163): avc:  denied  { mounton } for  pid=351 comm="syz-executor.0" path="/root/syzkaller-testdir2827039947/syzkaller.LjxATV/0/file1" dev="sda1" ino=1938 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[   42.758880][  T352] EXT4-fs (loop0): 1 orphan inode deleted
[   42.764523][  T352] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   42.775883][  T352] ext4 filesystem being mounted at /root/syzkaller-testdir2827039947/syzkaller.LjxATV/0/file1 supports timestamps until 2038 (0x7fffffff)
[   42.775936][   T30] audit: type=1400 audit(1708920626.099:164): avc:  denied  { mount } for  pid=351 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   42.812663][   T30] audit: type=1400 audit(1708920626.129:165): avc:  denied  { write } for  pid=351 comm="syz-executor.0" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   42.834675][   T30] audit: type=1400 audit(1708920626.129:166): avc:  denied  { add_name } for  pid=351 comm="syz-executor.0" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   42.834819][    T8] ==================================================================
[   42.863257][    T8] BUG: KASAN: use-after-free in ext4_find_extent+0xbab/0xdb0
[   42.870465][    T8] Read of size 4 at addr ffff88812464b064 by task kworker/u4:0/8
[   42.878015][    T8] 
[   42.880180][    T8] CPU: 0 PID: 8 Comm: kworker/u4:0 Not tainted 5.15.148-syzkaller-1069047-g993bed180178 #0
[   42.889988][    T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   42.900058][    T8] Workqueue: writeback wb_workfn (flush-7:0)
[   42.905869][    T8] Call Trace:
[   42.909088][    T8]  <TASK>
[   42.911872][    T8]  dump_stack_lvl+0x151/0x1b7
[   42.916393][    T8]  ? io_uring_drop_tctx_refs+0x190/0x190
[   42.922741][    T8]  ? __wake_up_klogd+0xd5/0x110
[   42.927594][    T8]  ? panic+0x751/0x751
[   42.931487][    T8]  print_address_description+0x87/0x3b0
[   42.936879][    T8]  kasan_report+0x179/0x1c0
[   42.941589][    T8]  ? __read_extent_tree_block+0x1e0/0x7b0
[   42.947468][    T8]  ? ext4_find_extent+0xbab/0xdb0
[   42.952419][    T8]  ? ext4_find_extent+0xbab/0xdb0
[   42.959160][    T8]  __asan_report_load4_noabort+0x14/0x20
[   42.965261][    T8]  ext4_find_extent+0xbab/0xdb0
[   42.970006][    T8]  ext4_ext_map_blocks+0x254/0x7250
[   42.975026][    T8]  ? __kasan_check_write+0x14/0x20
[   42.980138][    T8]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   42.985617][    T8]  ? ret_from_fork+0x1f/0x30
[   42.990123][    T8]  ? uncharge_batch+0x4b0/0x4b0
[   42.994815][    T8]  ? stack_trace_snprint+0xf0/0xf0
[   42.999875][    T8]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[   43.005520][    T8]  ? __stack_depot_save+0x40d/0x470
[   43.011033][    T8]  ? ext4_ext_release+0x10/0x10
[   43.015976][    T8]  ? __kasan_slab_alloc+0xc3/0xe0
[   43.021051][    T8]  ? __kasan_slab_alloc+0xb1/0xe0
[   43.026028][    T8]  ? slab_post_alloc_hook+0x53/0x2c0
[   43.031397][    T8]  ? kmem_cache_alloc+0xf5/0x200
[   43.036387][    T8]  ? ext4_alloc_io_end_vec+0x2a/0x170
[   43.041616][    T8]  ? ext4_writepages+0x13b4/0x4000
[   43.046734][    T8]  ? do_writepages+0x40e/0x670
[   43.051686][    T8]  ? __writeback_single_inode+0xdf/0xa70
[   43.057199][    T8]  ? writeback_sb_inodes+0xb2a/0x1920
[   43.062443][    T8]  ? wb_writeback+0x3b9/0x9e0
[   43.066960][    T8]  ? wb_workfn+0x3d9/0x1110
[   43.071512][    T8]  ? process_one_work+0x6bb/0xc10
[   43.076343][    T8]  ? worker_thread+0xad5/0x12a0
[   43.081594][    T8]  ? kthread+0x421/0x510
[   43.085767][    T8]  ? ret_from_fork+0x1f/0x30
[   43.090188][    T8]  ? _raw_read_unlock+0x25/0x40
[   43.094870][    T8]  ? ext4_es_lookup_extent+0x33b/0x940
[   43.100462][    T8]  ext4_map_blocks+0xaa7/0x1e00
[   43.105139][    T8]  ? ext4_issue_zeroout+0x250/0x250
[   43.110186][    T8]  ? ext4_inode_journal_mode+0x1a5/0x470
[   43.115648][    T8]  ext4_writepages+0x1628/0x4000
[   43.120421][    T8]  ? ext4_readpage+0x230/0x230
[   43.125108][    T8]  ? psi_task_change+0x22c/0x360
[   43.129878][    T8]  ? enqueue_task+0x195/0x1430
[   43.134479][    T8]  ? yield_to_task_fair+0x190/0x190
[   43.139510][    T8]  ? __sched_clock_gtod_offset+0xd0/0x100
[   43.145061][    T8]  ? check_preempt_curr+0xd9/0x1b0
[   43.150022][    T8]  ? ext4_readpage+0x230/0x230
[   43.154695][    T8]  do_writepages+0x40e/0x670
[   43.159348][    T8]  ? __writepage+0x130/0x130
[   43.163763][    T8]  ? __update_load_avg_cfs_rq+0xb1/0x2f0
[   43.169381][    T8]  ? __kasan_check_write+0x14/0x20
[   43.174277][    T8]  ? _raw_spin_lock+0xa4/0x1b0
[   43.179302][    T8]  __writeback_single_inode+0xdf/0xa70
[   43.184597][    T8]  writeback_sb_inodes+0xb2a/0x1920
[   43.189717][    T8]  ? _raw_spin_lock+0xa4/0x1b0
[   43.194318][    T8]  ? queue_io+0x520/0x520
[   43.198481][    T8]  ? __writeback_inodes_wb+0x3f0/0x3f0
[   43.203776][    T8]  ? queue_io+0x3d0/0x520
[   43.207959][    T8]  wb_writeback+0x3b9/0x9e0
[   43.212296][    T8]  ? inode_cgwb_move_to_attached+0x3c0/0x3c0
[   43.218099][    T8]  ? set_worker_desc+0x158/0x1c0
[   43.222869][    T8]  ? __update_load_avg_cfs_rq+0xb1/0x2f0
[   43.228348][    T8]  ? __kasan_check_write+0x14/0x20
[   43.233398][    T8]  wb_workfn+0x3d9/0x1110
[   43.237655][    T8]  ? inode_wait_for_writeback+0x280/0x280
[   43.243303][    T8]  ? sched_clock+0x9/0x10
[   43.247450][    T8]  ? _raw_spin_unlock+0x4d/0x70
[   43.252313][    T8]  ? finish_task_switch+0x167/0x7b0
[   43.257630][    T8]  ? __kasan_check_read+0x11/0x20
[   43.262483][    T8]  ? read_word_at_a_time+0x12/0x20
[   43.267431][    T8]  ? strscpy+0x9c/0x260
[   43.271422][    T8]  process_one_work+0x6bb/0xc10
[   43.276373][    T8]  worker_thread+0xad5/0x12a0
[   43.280869][    T8]  kthread+0x421/0x510
[   43.284768][    T8]  ? worker_clr_flags+0x180/0x180
[   43.289629][    T8]  ? kthread_blkcg+0xd0/0xd0
[   43.294056][    T8]  ret_from_fork+0x1f/0x30
[   43.298321][    T8]  </TASK>
[   43.301190][    T8] 
[   43.303445][    T8] The buggy address belongs to the page:
[   43.310735][    T8] page:ffffea00049192c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x12464b
[   43.321436][    T8] flags: 0x4000000000000000(zone=1)
[   43.326642][    T8] raw: 4000000000000000 ffffea0004919308 ffffea0004919288 0000000000000000
[   43.335417][    T8] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   43.343916][    T8] page dumped because: kasan: bad access detected
[   43.350241][    T8] page_owner info is not present (never set?)
[   43.356270][    T8] 
[   43.358433][    T8] Memory state around the buggy address:
[   43.363922][    T8]  ffff88812464af00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   43.373201][    T8]  ffff88812464af80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   43.381762][    T8] >ffff88812464b000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   43.389708][    T8]                                                        ^
[   43.396937][    T8]  ffff88812464b080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   43.404836][    T8]  ffff88812464b100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   43.412687][    T8] ==================================================================
[   43.421009][    T8] Disabling lock debugging due to kernel taint
[   43.429618][    T8] ------------[ cut here ]------------
[   43.434894][    T8] kernel BUG at fs/ext4/inode.c:2421!
[   43.440348][    T8] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[   43.446458][    T8] CPU: 0 PID: 8 Comm: kworker/u4:0 Tainted: G    B             5.15.148-syzkaller-1069047-g993bed180178 #0
[   43.457912][    T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[   43.467895][    T8] Workqueue: writeback wb_workfn (flush-7:0)
[   43.473708][    T8] RIP: 0010:ext4_writepages+0x3f4b/0x4000
[   43.479256][    T8] Code: 00 74 08 48 89 df e8 f4 d7 c9 ff 48 8b 3b 48 8b 74 24 48 48 8b 54 24 28 44 89 e9 45 89 f8 e8 cc 2d 08 00 eb 58 e8 05 db 87 ff <0f> 0b e8 fe da 87 ff eb 3b e8 f7 da 87 ff eb 72 e8 f0 da 87 ff 31
[   43.499223][    T8] RSP: 0018:ffffc90000087000 EFLAGS: 00010293
[   43.505128][    T8] RAX: ffffffff81e8444b RBX: dffffc0000000000 RCX: ffff8881002662c0
[   43.513029][    T8] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   43.520987][    T8] RBP: ffffc90000087410 R08: ffffffff81e81e0b R09: ffffed1021f4dd4a
[   43.528887][    T8] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[   43.536688][    T8] R13: ffffc900000872e0 R14: 0000000000000000 R15: 0000000000000000
[   43.545658][    T8] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   43.554423][    T8] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   43.560838][    T8] CR2: 00007ffe8567df08 CR3: 000000000620f000 CR4: 00000000003506b0
[   43.568653][    T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   43.576590][    T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   43.584356][    T8] Call Trace:
[   43.587513][    T8]  <TASK>
[   43.590261][    T8]  ? __die_body+0x62/0xb0
[   43.594428][    T8]  ? die+0x88/0xb0
[   43.597990][    T8]  ? do_trap+0x103/0x330
[   43.602076][    T8]  ? ext4_writepages+0x3f4b/0x4000
[   43.607019][    T8]  ? handle_invalid_op+0x95/0xc0
[   43.611870][    T8]  ? ext4_writepages+0x3f4b/0x4000
[   43.616906][    T8]  ? exc_invalid_op+0x32/0x50
[   43.621418][    T8]  ? asm_exc_invalid_op+0x1b/0x20
[   43.626375][    T8]  ? ext4_writepages+0x190b/0x4000
[   43.631383][    T8]  ? ext4_writepages+0x3f4b/0x4000
[   43.636609][    T8]  ? ext4_writepages+0x3f4b/0x4000
[   43.641585][    T8]  ? ext4_readpage+0x230/0x230
[   43.646155][    T8]  ? psi_task_change+0x22c/0x360
[   43.651203][    T8]  ? enqueue_task+0x195/0x1430
[   43.655985][    T8]  ? yield_to_task_fair+0x190/0x190
[   43.660999][    T8]  ? __sched_clock_gtod_offset+0xd0/0x100
[   43.666737][    T8]  ? check_preempt_curr+0xd9/0x1b0
[   43.671672][    T8]  ? ext4_readpage+0x230/0x230
[   43.676393][    T8]  do_writepages+0x40e/0x670
[   43.680818][    T8]  ? __writepage+0x130/0x130
[   43.685362][    T8]  ? __update_load_avg_cfs_rq+0xb1/0x2f0
[   43.691079][    T8]  ? __kasan_check_write+0x14/0x20
[   43.696026][    T8]  ? _raw_spin_lock+0xa4/0x1b0
[   43.701142][    T8]  __writeback_single_inode+0xdf/0xa70
[   43.707062][    T8]  writeback_sb_inodes+0xb2a/0x1920
[   43.712106][    T8]  ? _raw_spin_lock+0xa4/0x1b0
[   43.717061][    T8]  ? queue_io+0x520/0x520
[   43.721303][    T8]  ? __writeback_inodes_wb+0x3f0/0x3f0
[   43.727036][    T8]  ? queue_io+0x3d0/0x520
[   43.731400][    T8]  wb_writeback+0x3b9/0x9e0
[   43.735702][    T8]  ? inode_cgwb_move_to_attached+0x3c0/0x3c0
[   43.741515][    T8]  ? set_worker_desc+0x158/0x1c0
[   43.746288][    T8]  ? __update_load_avg_cfs_rq+0xb1/0x2f0
[   43.751896][    T8]  ? __kasan_check_write+0x14/0x20
[   43.756978][    T8]  wb_workfn+0x3d9/0x1110
[   43.761137][    T8]  ? inode_wait_for_writeback+0x280/0x280
[   43.767063][    T8]  ? sched_clock+0x9/0x10
[   43.771537][    T8]  ? _raw_spin_unlock+0x4d/0x70
[   43.776196][    T8]  ? finish_task_switch+0x167/0x7b0
[   43.781943][    T8]  ? __kasan_check_read+0x11/0x20
[   43.787615][    T8]  ? read_word_at_a_time+0x12/0x20
[   43.792659][    T8]  ? strscpy+0x9c/0x260
[   43.796763][    T8]  process_one_work+0x6bb/0xc10
[   43.801892][    T8]  worker_thread+0xad5/0x12a0
[   43.806384][    T8]  kthread+0x421/0x510
[   43.810471][    T8]  ? worker_clr_flags+0x180/0x180
[   43.815461][    T8]  ? kthread_blkcg+0xd0/0xd0
[   43.820043][    T8]  ret_from_fork+0x1f/0x30
[   43.824278][    T8]  </TASK>
[   43.827149][    T8] Modules linked in:
[   43.832347][    T8] ---[ end trace 7d2630c67b1bad62 ]---
[   43.837663][    T8] RIP: 0010:ext4_writepages+0x3f4b/0x4000
[   43.844062][    T8] Code: 00 74 08 48 89 df e8 f4 d7 c9 ff 48 8b 3b 48 8b 74 24 48 48 8b 54 24 28 44 89 e9 45 89 f8 e8 cc 2d 08 00 eb 58 e8 05 db 87 ff <0f> 0b e8 fe da 87 ff eb 3b e8 f7 da 87 ff eb 72 e8 f0 da 87 ff 31
[   43.863777][    T8] RSP: 0018:ffffc90000087000 EFLAGS: 00010293
[   43.869630][    T8] RAX: ffffffff81e8444b RBX: dffffc0000000000 RCX: ffff8881002662c0
[   43.877651][    T8] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   43.885448][    T8] RBP: ffffc90000087410 R08: ffffffff81e81e0b R09: ffffed1021f4dd4a
[   43.893686][    T8] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000
[   43.901719][    T8] R13: ffffc900000872e0 R14: 0000000000000000 R15: 0000000000000000
[   43.909772][    T8] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[   43.918541][    T8] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   43.925154][    T8] CR2: 0000564ef0de1018 CR3: 000000010c920000 CR4: 00000000003506a0
[   43.933117][    T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   43.940887][    T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   43.948677][    T8] Kernel panic - not syncing: Fatal exception
[   43.954756][    T8] Kernel Offset: disabled
[   43.958922][    T8] Rebooting in 86400 seconds..