Warning: Permanently added '10.128.1.73' (ED25519) to the list of known hosts.
2024/04/07 09:58:16 ignoring optional flag "sandboxArg"="0"
2024/04/07 09:58:16 parsed 1 programs
2024/04/07 09:58:16 executed programs: 0
[   50.959808][ T1043] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   56.368060][ T1504] loop0: detected capacity change from 0 to 512
[   56.398286][ T1504] EXT4-fs (loop0): 1 orphan inode deleted
[   56.404051][ T1504] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   56.413018][ T1504] ext4 filesystem being mounted at /root/syzkaller-testdir3043556497/syzkaller.kesnaE/0/file1 supports timestamps until 2038 (0x7fffffff)
[   56.438494][ T1502] ==================================================================
[   56.446692][ T1502] BUG: KASAN: use-after-free in ext4_find_extent+0xb24/0xcd0
[   56.454483][ T1502] Read of size 4 at addr ffff888125119070 by task syz-executor.0/1502
[   56.462629][ T1502] 
[   56.465011][ T1502] CPU: 1 PID: 1502 Comm: syz-executor.0 Not tainted 6.1.84-syzkaller #0
[   56.474039][ T1502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[   56.484190][ T1502] Call Trace:
[   56.487467][ T1502]  <TASK>
[   56.490392][ T1502]  dump_stack_lvl+0xf4/0x251
[   56.494979][ T1502]  ? nf_tcp_handle_invalid+0x2f3/0x2f3
[   56.500463][ T1502]  ? panic+0x3f7/0x3f7
[   56.504511][ T1502]  ? lock_acquire+0xbe/0x390
[   56.509099][ T1502]  ? read_lock_is_recursive+0x10/0x10
[   56.514512][ T1502]  ? __virt_addr_valid+0x139/0x260
[   56.519816][ T1502]  ? __virt_addr_valid+0x211/0x260
[   56.524929][ T1502]  print_report+0x15f/0x4f0
[   56.529437][ T1502]  ? __virt_addr_valid+0x139/0x260
[   56.534529][ T1502]  ? __virt_addr_valid+0x211/0x260
[   56.539610][ T1502]  ? ext4_find_extent+0xb24/0xcd0
[   56.544692][ T1502]  kasan_report+0x136/0x160
[   56.549278][ T1502]  ? ext4_find_extent+0xb24/0xcd0
[   56.554271][ T1502]  ext4_find_extent+0xb24/0xcd0
[   56.559174][ T1502]  ext4_ext_map_blocks+0x28b/0x65c0
[   56.564350][ T1502]  ? do_raw_spin_unlock+0x137/0x8a0
[   56.569520][ T1502]  ? _raw_spin_unlock_irqrestore+0xcb/0x130
[   56.575388][ T1502]  ? __lock_acquire+0x607/0xb70
[   56.580335][ T1502]  ? ext4_ext_release+0x10/0x10
[   56.585618][ T1502]  ? __lock_acquire+0x607/0xb70
[   56.590461][ T1502]  ? __down_write_common+0x12a/0x1e0
[   56.595739][ T1502]  ? ext4_es_lookup_extent+0x2ce/0x780
[   56.601190][ T1502]  ext4_map_blocks+0x82a/0x1810
[   56.606196][ T1502]  ? ext4_issue_zeroout+0x140/0x140
[   56.611380][ T1502]  _ext4_get_block+0x1d0/0x540
[   56.616132][ T1502]  ? attach_page_private+0xd8/0x200
[   56.621303][ T1502]  ? ext4_get_block+0x10/0x10
[   56.625950][ T1502]  ? create_page_buffers+0x16c/0x2f0
[   56.631200][ T1502]  __block_write_begin_int+0x32a/0x1150
[   56.636788][ T1502]  ? ext4_es_is_delayed+0x40/0x40
[   56.641883][ T1502]  ? page_zero_new_buffers+0x3f0/0x3f0
[   56.647346][ T1502]  ? ext4_inline_data_truncate+0xb70/0xb70
[   56.653159][ T1502]  block_page_mkwrite+0x218/0x400
[   56.658178][ T1502]  ? ext4_es_is_delayed+0x40/0x40
[   56.663172][ T1502]  ext4_page_mkwrite+0x5d9/0xf20
[   56.668084][ T1502]  ? ext4_es_is_delayed+0x40/0x40
[   56.673078][ T1502]  ? wp_page_shared+0x13e/0x540
[   56.678076][ T1502]  ? do_page_mkwrite+0x149/0x410
[   56.683002][ T1502]  ? ext4_change_inode_journal_flag+0x520/0x520
[   56.689246][ T1502]  do_page_mkwrite+0x149/0x410
[   56.694090][ T1502]  wp_page_shared+0x146/0x540
[   56.698808][ T1502]  handle_mm_fault+0x91a/0x2bf0
[   56.703635][ T1502]  ? numa_migrate_prep+0x1a0/0x1a0
[   56.708808][ T1502]  exc_page_fault+0x22a/0x5e0
[   56.713477][ T1502]  asm_exc_page_fault+0x22/0x30
[   56.718299][ T1502] RIP: 0033:0x7f2b8aacacc7
[   56.722683][ T1502] Code: ce 48 ff c7 48 01 fe 48 8d 54 11 80 0f 1f 80 00 00 00 00 c5 fe 6f 0e c5 fe 6f 56 20 c5 fe 6f 5e 40 c5 fe 6f 66 60 48 83 ee 80 <c5> fd 7f 0f c5 fd 7f 57 20 c5 fd 7f 5f 40 c5 fd 7f 67 60 48 83 ef
[   56.742368][ T1502] RSP: 002b:00007ffdf4c13378 EFLAGS: 00010203
[   56.748512][ T1502] RAX: 0000000020003600 RBX: 00007ffdf4c13488 RCX: 0000000020003600
[   56.757066][ T1502] RDX: 00000000200036a9 RSI: 00007f2b8a68d7b0 RDI: 0000000020003620
[   56.765112][ T1502] RBP: 0000000000000001 R08: 0000000000000000 R09: 00007f2b8ac08f8c
[   56.773164][ T1502] R10: 00007ffdf4c134b0 R11: 0000000000000246 R12: 00007f2b8a68d6f0
[   56.781121][ T1502] R13: fffffffffffffffe R14: 00007f2b8a66d000 R15: 00007f2b8a68d6f8
[   56.789172][ T1502]  </TASK>
[   56.792167][ T1502] 
[   56.794492][ T1502] The buggy address belongs to the physical page:
[   56.801087][ T1502] page:ffffea0004944640 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x125119
[   56.811602][ T1502] flags: 0x200000000000000(node=0|zone=2)
[   56.817475][ T1502] raw: 0200000000000000 ffffea0004944688 ffffea0004940b88 0000000000000000
[   56.826236][ T1502] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[   56.834886][ T1502] page dumped because: kasan: bad access detected
[   56.841285][ T1502] page_owner tracks the page as freed
[   56.846627][ T1502] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 1475, tgid 1475 (modprobe), ts 56036413771, free_ts 56037584485
[   56.865270][ T1502]  post_alloc_hook+0x286/0x2b0
[   56.870095][ T1502]  get_page_from_freelist+0x2ba7/0x2de0
[   56.875630][ T1502]  __alloc_pages+0x251/0x640
[   56.880203][ T1502]  vma_alloc_folio+0x689/0x870
[   56.885043][ T1502]  handle_mm_fault+0x184b/0x2bf0
[   56.890589][ T1502]  exc_page_fault+0x22a/0x5e0
[   56.895372][ T1502]  asm_exc_page_fault+0x22/0x30
[   56.900299][ T1502] page last free stack trace:
[   56.905120][ T1502]  free_unref_page_prepare+0xca9/0xd80
[   56.910660][ T1502]  free_unref_page_list+0xaa/0x690
[   56.915841][ T1502]  release_pages+0x1763/0x1900
[   56.920776][ T1502]  tlb_flush_mmu+0x26f/0x3d0
[   56.925342][ T1502]  tlb_finish_mmu+0xb0/0x1b0
[   56.930163][ T1502]  exit_mmap+0x311/0x700
[   56.934394][ T1502]  __mmput+0x61/0x290
[   56.938378][ T1502]  exit_mm+0x122/0x1b0
[   56.942425][ T1502]  do_exit+0x81e/0x23a0
[   56.946730][ T1502]  do_group_exit+0x1b5/0x280
[   56.951561][ T1502]  __x64_sys_exit_group+0x3b/0x40
[   56.956553][ T1502]  do_syscall_64+0x3d/0x80
[   56.961047][ T1502]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[   56.966922][ T1502] 
[   56.969225][ T1502] Memory state around the buggy address:
[   56.974854][ T1502]  ffff888125118f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   56.983245][ T1502]  ffff888125118f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   56.991384][ T1502] >ffff888125119000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   56.999512][ T1502]                                                              ^
[   57.008153][ T1502]  ffff888125119080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   57.016488][ T1502]  ffff888125119100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   57.024638][ T1502] ==================================================================
[   57.033283][ T1502] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   57.040949][ T1502] Kernel Offset: disabled
[   57.045353][ T1502] Rebooting in 86400 seconds..