Warning: Permanently added '10.128.1.83' (ED25519) to the list of known hosts. 2025/01/17 18:48:03 ignoring optional flag "sandboxArg"="0" 2025/01/17 18:48:03 ignoring optional flag "type"="gce" 2025/01/17 18:48:03 parsed 1 programs 2025/01/17 18:48:03 executed programs: 0 [ 60.557416][ T1450] loop0: detected capacity change from 0 to 2048 [ 60.571126][ T1450] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 60.586056][ T1450] ================================================================== [ 60.594225][ T1450] BUG: KASAN: slab-out-of-bounds in ext4_convert_inline_data_nolock+0x282/0xc10 [ 60.603252][ T1450] Read of size 20 at addr ffff8881057db1a3 by task syz-executor.0/1450 [ 60.611476][ T1450] [ 60.613803][ T1450] CPU: 0 PID: 1450 Comm: syz-executor.0 Not tainted 6.1.125-syzkaller #0 [ 60.622557][ T1450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 60.632604][ T1450] Call Trace: [ 60.635871][ T1450] [ 60.638785][ T1450] dump_stack_lvl+0xf4/0x251 [ 60.643365][ T1450] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 60.648909][ T1450] ? panic+0x3fe/0x3fe [ 60.652964][ T1450] ? _printk+0xca/0x10a [ 60.657105][ T1450] ? __virt_addr_valid+0x139/0x270 [ 60.662201][ T1450] ? __virt_addr_valid+0x221/0x270 [ 60.667292][ T1450] print_report+0x15f/0x4f0 [ 60.671793][ T1450] ? __virt_addr_valid+0x139/0x270 [ 60.676912][ T1450] ? __virt_addr_valid+0x221/0x270 [ 60.682100][ T1450] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 60.688417][ T1450] kasan_report+0x136/0x160 [ 60.692906][ T1450] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 60.699245][ T1450] kasan_check_range+0x27f/0x290 [ 60.704270][ T1450] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 60.710617][ T1450] memcpy+0x25/0x60 [ 60.714412][ T1450] ext4_convert_inline_data_nolock+0x282/0xc10 [ 60.720576][ T1450] ? ext4_add_dirent_to_inline+0x390/0x390 [ 60.726456][ T1450] ? down_write+0x146/0x1d0 [ 60.730940][ T1450] ? __ext4_journal_start_sb+0xa4/0x360 [ 60.736468][ T1450] ext4_convert_inline_data+0x3b8/0x4d0 [ 60.741995][ T1450] ? ext4_inline_data_truncate+0xb70/0xb70 [ 60.747783][ T1450] ? down_write+0x146/0x1d0 [ 60.752273][ T1450] ext4_fallocate+0x136/0x17b0 [ 60.757106][ T1450] ? read_lock_is_recursive+0x10/0x10 [ 60.762459][ T1450] ? ext4_ext_truncate+0x260/0x260 [ 60.767549][ T1450] ? preempt_count_add+0x8f/0x120 [ 60.772574][ T1450] vfs_fallocate+0x30c/0x3d0 [ 60.777145][ T1450] __x64_sys_fallocate+0xa6/0xd0 [ 60.782075][ T1450] do_syscall_64+0x3b/0x80 [ 60.786471][ T1450] ? clear_bhb_loop+0x45/0xa0 [ 60.791214][ T1450] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 60.797100][ T1450] RIP: 0033:0x7feaf8d1b959 [ 60.801518][ T1450] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 60.821203][ T1450] RSP: 002b:00007feaf889e0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 60.829608][ T1450] RAX: ffffffffffffffda RBX: 00007feaf8e3af80 RCX: 00007feaf8d1b959 [ 60.837570][ T1450] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 60.845527][ T1450] RBP: 00007feaf8d77c88 R08: 0000000000000000 R09: 0000000000000000 [ 60.853495][ T1450] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 60.861560][ T1450] R13: 0000000000000006 R14: 00007feaf8e3af80 R15: 00007ffea05eff18 [ 60.869536][ T1450] [ 60.872548][ T1450] [ 60.874859][ T1450] Allocated by task 1270: [ 60.879172][ T1450] kasan_set_track+0x4b/0x70 [ 60.883747][ T1450] __kasan_kmalloc+0x97/0xb0 [ 60.888323][ T1450] __kmalloc+0xa6/0x1c0 [ 60.892469][ T1450] tomoyo_realpath_from_path+0xdc/0x4e0 [ 60.897994][ T1450] tomoyo_condition+0x11f2/0x2550 [ 60.903055][ T1450] tomoyo_check_acl+0x13b/0x380 [ 60.907886][ T1450] tomoyo_execute_permission+0x134/0x3b0 [ 60.913508][ T1450] tomoyo_find_next_domain+0x303/0x1720 [ 60.919056][ T1450] tomoyo_bprm_check_security+0xf2/0x120 [ 60.924689][ T1450] security_bprm_check+0x23/0x70 [ 60.929622][ T1450] bprm_execve+0x740/0x1210 [ 60.934280][ T1450] kernel_execve+0x53b/0x610 [ 60.938858][ T1450] call_usermodehelper_exec_async+0x1fc/0x310 [ 60.944913][ T1450] ret_from_fork+0x1f/0x30 [ 60.949393][ T1450] [ 60.951701][ T1450] Freed by task 1270: [ 60.955673][ T1450] kasan_set_track+0x4b/0x70 [ 60.960242][ T1450] kasan_save_free_info+0x27/0x40 [ 60.965280][ T1450] ____kasan_slab_free+0x122/0x1e0 [ 60.970462][ T1450] __kmem_cache_free+0x2b4/0x470 [ 60.975378][ T1450] tomoyo_realpath_from_path+0x4ad/0x4e0 [ 60.981249][ T1450] tomoyo_condition+0x11f2/0x2550 [ 60.986260][ T1450] tomoyo_check_acl+0x13b/0x380 [ 60.991090][ T1450] tomoyo_execute_permission+0x134/0x3b0 [ 60.996794][ T1450] tomoyo_find_next_domain+0x303/0x1720 [ 61.002348][ T1450] tomoyo_bprm_check_security+0xf2/0x120 [ 61.007981][ T1450] security_bprm_check+0x23/0x70 [ 61.012903][ T1450] bprm_execve+0x740/0x1210 [ 61.017386][ T1450] kernel_execve+0x53b/0x610 [ 61.021968][ T1450] call_usermodehelper_exec_async+0x1fc/0x310 [ 61.028017][ T1450] ret_from_fork+0x1f/0x30 [ 61.032498][ T1450] [ 61.034814][ T1450] The buggy address belongs to the object at ffff8881057da000 [ 61.034814][ T1450] which belongs to the cache kmalloc-4k of size 4096 [ 61.048846][ T1450] The buggy address is located 419 bytes to the right of [ 61.048846][ T1450] 4096-byte region [ffff8881057da000, ffff8881057db000) [ 61.062703][ T1450] [ 61.065014][ T1450] The buggy address belongs to the physical page: [ 61.071410][ T1450] page:ffffea000415f600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1057d8 [ 61.081621][ T1450] head:ffffea000415f600 order:3 compound_mapcount:0 compound_pincount:0 [ 61.089919][ T1450] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 61.096498][ T1450] raw: 0200000000010200 ffffea000417e800 dead000000000002 ffff888100042140 [ 61.105155][ T1450] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 61.113711][ T1450] page dumped because: kasan: bad access detected [ 61.120127][ T1450] page_owner tracks the page as allocated [ 61.126028][ T1450] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 382, tgid 382 (mount), ts 4173654060, free_ts 0 [ 61.145956][ T1450] post_alloc_hook+0x286/0x2b0 [ 61.150713][ T1450] get_page_from_freelist+0x373f/0x39c0 [ 61.156263][ T1450] __alloc_pages+0x251/0x640 [ 61.160830][ T1450] alloc_slab_page+0x6a/0x150 [ 61.165582][ T1450] new_slab+0x70/0x250 [ 61.169627][ T1450] ___slab_alloc+0x9df/0xe70 [ 61.174199][ T1450] __kmem_cache_alloc_node+0x195/0x250 [ 61.179637][ T1450] kmalloc_trace+0x26/0xc0 [ 61.184047][ T1450] __se_sys_mount+0x113/0x2d0 [ 61.188707][ T1450] do_syscall_64+0x3b/0x80 [ 61.193099][ T1450] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 61.199007][ T1450] page_owner free stack trace missing [ 61.204356][ T1450] [ 61.206664][ T1450] Memory state around the buggy address: [ 61.212275][ T1450] ffff8881057db080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.220402][ T1450] ffff8881057db100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.228531][ T1450] >ffff8881057db180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.236573][ T1450] ^ [ 61.241661][ T1450] ffff8881057db200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.249696][ T1450] ffff8881057db280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.257821][ T1450] ================================================================== [ 61.265989][ T1450] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 61.273422][ T1450] Kernel Offset: disabled [ 61.277829][ T1450] Rebooting in 86400 seconds..