Warning: Permanently added '10.128.0.244' (ED25519) to the list of known hosts. 2023/11/26 14:34:56 ignoring optional flag "sandboxArg"="0" 2023/11/26 14:34:57 parsed 1 programs 2023/11/26 14:34:57 executed programs: 0 [ 47.065807][ T1044] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 51.913215][ T1505] loop0: detected capacity change from 0 to 512 [ 51.928128][ T1505] EXT4-fs (loop0): 1 orphan inode deleted [ 51.933956][ T1505] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 51.942944][ T1505] ext4 filesystem being mounted at /root/syzkaller-testdir2158843331/syzkaller.qvxHvn/0/file1 supports timestamps until 2038 (0x7fffffff) [ 51.968204][ T1505] EXT4-fs (loop0): re-mounted. Quota mode: writeback. [ 51.983761][ T1050] EXT4-fs (loop0): unmounting filesystem. [ 51.990051][ T1050] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5856: Corrupt filesystem [ 51.999774][ T1050] EXT4-fs (loop0): Remounting filesystem read-only [ 52.006404][ T1050] EXT4-fs error (device loop0): ext4_quota_off:7054: inode #3: comm syz-executor.0: mark_inode_dirty error [ 52.029112][ T1510] loop0: detected capacity change from 0 to 512 [ 52.047582][ T1510] EXT4-fs (loop0): 1 orphan inode deleted [ 52.053482][ T1510] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 52.062436][ T1510] ext4 filesystem being mounted at /root/syzkaller-testdir2158843331/syzkaller.qvxHvn/1/file1 supports timestamps until 2038 (0x7fffffff) [ 52.086132][ T1509] ================================================================== [ 52.094291][ T1509] BUG: KASAN: use-after-free in ext4_find_extent+0xb24/0xcd0 [ 52.101727][ T1509] Read of size 4 at addr ffff888124e7ca5c by task syz-executor.0/1509 [ 52.109847][ T1509] [ 52.112171][ T1509] CPU: 0 PID: 1509 Comm: syz-executor.0 Not tainted 6.1.63-syzkaller #0 [ 52.120466][ T1509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 [ 52.130596][ T1509] Call Trace: [ 52.133864][ T1509] [ 52.136780][ T1509] dump_stack_lvl+0xf4/0x251 [ 52.141367][ T1509] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 52.146816][ T1509] ? panic+0x3f7/0x3f7 [ 52.150874][ T1509] ? _printk+0xca/0x10a [ 52.155002][ T1509] print_report+0x15f/0x4f0 [ 52.159665][ T1509] ? __getblk_gfp+0x1f/0x810 [ 52.164315][ T1509] ? ext4_find_extent+0xb24/0xcd0 [ 52.169319][ T1509] kasan_report+0x136/0x160 [ 52.173944][ T1509] ? ext4_find_extent+0xb24/0xcd0 [ 52.178957][ T1509] ext4_find_extent+0xb24/0xcd0 [ 52.184066][ T1509] ext4_ext_map_blocks+0x297/0x62f0 [ 52.189252][ T1509] ? __lock_acquire+0x607/0xb70 [ 52.194083][ T1509] ? ext4_ext_release+0x10/0x10 [ 52.198925][ T1509] ? __lock_acquire+0x607/0xb70 [ 52.203776][ T1509] ? __down_write_common+0x12a/0x1e0 [ 52.209244][ T1509] ? ext4_es_lookup_extent+0x2ce/0x780 [ 52.214677][ T1509] ext4_map_blocks+0x82a/0x1810 [ 52.219506][ T1509] ? ext4_issue_zeroout+0x140/0x140 [ 52.224694][ T1509] _ext4_get_block+0x1d0/0x540 [ 52.229449][ T1509] ? attach_page_private+0xd8/0x200 [ 52.234704][ T1509] ? ext4_get_block+0x10/0x10 [ 52.239356][ T1509] ? create_page_buffers+0x16c/0x2f0 [ 52.244720][ T1509] __block_write_begin_int+0x32a/0x1150 [ 52.250249][ T1509] ? ext4_es_is_delayed+0x40/0x40 [ 52.255250][ T1509] ? page_zero_new_buffers+0x3f0/0x3f0 [ 52.260692][ T1509] ? ext4_inline_data_truncate+0xb70/0xb70 [ 52.266511][ T1509] block_page_mkwrite+0x218/0x400 [ 52.271815][ T1509] ? ext4_es_is_delayed+0x40/0x40 [ 52.276835][ T1509] ext4_page_mkwrite+0x5d9/0xf20 [ 52.281758][ T1509] ? ext4_es_is_delayed+0x40/0x40 [ 52.286777][ T1509] ? wp_page_shared+0x13e/0x540 [ 52.291611][ T1509] ? do_page_mkwrite+0x149/0x410 [ 52.296528][ T1509] ? ext4_change_inode_journal_flag+0x520/0x520 [ 52.302744][ T1509] do_page_mkwrite+0x149/0x410 [ 52.307572][ T1509] wp_page_shared+0x146/0x540 [ 52.312310][ T1509] handle_mm_fault+0x91a/0x2bf0 [ 52.317134][ T1509] ? numa_migrate_prep+0x1a0/0x1a0 [ 52.322220][ T1509] exc_page_fault+0x22a/0x5e0 [ 52.327572][ T1509] asm_exc_page_fault+0x22/0x30 [ 52.332414][ T1509] RIP: 0033:0x7f9b88dcfcc7 [ 52.336829][ T1509] Code: ce 48 ff c7 48 01 fe 48 8d 54 11 80 0f 1f 80 00 00 00 00 c5 fe 6f 0e c5 fe 6f 56 20 c5 fe 6f 5e 40 c5 fe 6f 66 60 48 83 ee 80 fd 7f 0f c5 fd 7f 57 20 c5 fd 7f 5f 40 c5 fd 7f 67 60 48 83 ef [ 52.356737][ T1509] RSP: 002b:00007fff65a262e8 EFLAGS: 00010203 [ 52.362823][ T1509] RAX: 0000000020003600 RBX: 00007fff65a263f8 RCX: 0000000020003600 [ 52.370873][ T1509] RDX: 00000000200036a9 RSI: 00007f9b889927b0 RDI: 0000000020003620 [ 52.378939][ T1509] RBP: 0000000000000001 R08: 0000000000000000 R09: 00007f9b88f0df8c [ 52.386993][ T1509] R10: 00007fff65a26420 R11: 0000000000000246 R12: 00007f9b889926f0 [ 52.394966][ T1509] R13: fffffffffffffffe R14: 00007f9b88972000 R15: 00007f9b889926f8 [ 52.403124][ T1509] [ 52.406149][ T1509] [ 52.408587][ T1509] The buggy address belongs to the physical page: [ 52.415350][ T1509] page:ffffea0004939f00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x124e7c [ 52.425994][ T1509] flags: 0x200000000000000(node=0|zone=2) [ 52.431701][ T1509] raw: 0200000000000000 ffffea000493a1c8 ffffea000493a6c8 0000000000000000 [ 52.440274][ T1509] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 52.448944][ T1509] page dumped because: kasan: bad access detected [ 52.455431][ T1509] page_owner tracks the page as freed [ 52.461049][ T1509] page last allocated via order 0, migratetype Movable, gfp_mask 0x152c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 1503, tgid 1503 (syz-executor.0), ts 51960974404, free_ts 51980188823 [ 52.484473][ T1509] post_alloc_hook+0x286/0x2b0 [ 52.489309][ T1509] get_page_from_freelist+0x2ba7/0x2de0 [ 52.494850][ T1509] __alloc_pages+0x251/0x640 [ 52.499420][ T1509] filemap_alloc_folio+0xc2/0x390 [ 52.504440][ T1509] page_cache_ra_unbounded+0x1d1/0x650 [ 52.509961][ T1509] do_sync_mmap_readahead+0x5fc/0x7d0 [ 52.515365][ T1509] filemap_fault+0x650/0x1230 [ 52.520123][ T1509] __do_fault+0x10f/0x380 [ 52.524426][ T1509] handle_mm_fault+0x1558/0x2bf0 [ 52.529332][ T1509] exc_page_fault+0x22a/0x5e0 [ 52.533981][ T1509] asm_exc_page_fault+0x22/0x30 [ 52.538894][ T1509] page last free stack trace: [ 52.543750][ T1509] free_unref_page_prepare+0xca9/0xd80 [ 52.550519][ T1509] free_unref_page_list+0xaa/0x690 [ 52.555635][ T1509] release_pages+0x1763/0x1900 [ 52.560593][ T1509] __pagevec_release+0x62/0xd0 [ 52.565328][ T1509] truncate_inode_pages_range+0x351/0xbf0 [ 52.571022][ T1509] ext4_evict_inode+0x26a/0x1240 [ 52.575926][ T1509] evict+0x263/0x630 [ 52.579787][ T1509] evict_inodes+0x52c/0x590 [ 52.584269][ T1509] generic_shutdown_super+0x8e/0x2c0 [ 52.589536][ T1509] kill_block_super+0x75/0xb0 [ 52.594297][ T1509] deactivate_locked_super+0x71/0xd0 [ 52.599662][ T1509] cleanup_mnt+0x2bd/0x330 [ 52.604060][ T1509] task_work_run+0x206/0x280 [ 52.608624][ T1509] exit_to_user_mode_loop+0xa9/0xc0 [ 52.613811][ T1509] exit_to_user_mode_prepare+0x64/0xb0 [ 52.619312][ T1509] syscall_exit_to_user_mode+0x27/0x1c0 [ 52.624926][ T1509] [ 52.627228][ T1509] Memory state around the buggy address: [ 52.632849][ T1509] ffff888124e7c900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.640891][ T1509] ffff888124e7c980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.649014][ T1509] >ffff888124e7ca00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.657055][ T1509] ^ [ 52.663970][ T1509] ffff888124e7ca80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.672274][ T1509] ffff888124e7cb00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 52.680416][ T1509] ================================================================== [ 52.688728][ T1509] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 52.696203][ T1509] Kernel Offset: disabled [ 52.700505][ T1509] Rebooting in 86400 seconds..