Warning: Permanently added '10.128.0.132' (ED25519) to the list of known hosts. 2023/12/27 09:40:44 ignoring optional flag "sandboxArg"="0" 2023/12/27 09:40:44 parsed 1 programs 2023/12/27 09:40:44 executed programs: 0 [ 48.154934][ T1041] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.375889][ T1501] loop0: detected capacity change from 0 to 512 [ 53.396815][ T1501] EXT4-fs (loop0): 1 orphan inode deleted [ 53.402628][ T1501] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 53.411597][ T1501] ext4 filesystem being mounted at /root/syzkaller-testdir688443925/syzkaller.hx4LxW/0/file1 supports timestamps until 2038 (0x7fffffff) [ 53.439512][ T1500] ================================================================== [ 53.447873][ T1500] BUG: KASAN: use-after-free in ext4_find_extent+0xb24/0xcd0 [ 53.455848][ T1500] Read of size 4 at addr ffff88812517f838 by task syz-executor.0/1500 [ 53.463978][ T1500] [ 53.466301][ T1500] CPU: 0 PID: 1500 Comm: syz-executor.0 Not tainted 6.1.69-syzkaller #0 [ 53.475010][ T1500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 53.485489][ T1500] Call Trace: [ 53.488953][ T1500] [ 53.491868][ T1500] dump_stack_lvl+0xf4/0x251 [ 53.496807][ T1500] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 53.502246][ T1500] ? panic+0x3f7/0x3f7 [ 53.506380][ T1500] ? _printk+0xca/0x10a [ 53.510509][ T1500] print_report+0x15f/0x4f0 [ 53.515069][ T1500] ? __getblk_gfp+0x1f/0x810 [ 53.519643][ T1500] ? ext4_find_extent+0xb24/0xcd0 [ 53.524636][ T1500] kasan_report+0x136/0x160 [ 53.529299][ T1500] ? ext4_find_extent+0xb24/0xcd0 [ 53.534486][ T1500] ext4_find_extent+0xb24/0xcd0 [ 53.539391][ T1500] ext4_ext_map_blocks+0x297/0x62f0 [ 53.544580][ T1500] ? _raw_spin_unlock+0x40/0x40 [ 53.549853][ T1500] ? __lock_acquire+0x607/0xb70 [ 53.554784][ T1500] ? ext4_ext_release+0x10/0x10 [ 53.559720][ T1500] ? __lock_acquire+0x607/0xb70 [ 53.564728][ T1500] ? __down_write_common+0x12a/0x1e0 [ 53.570481][ T1500] ? ext4_es_lookup_extent+0x2ce/0x780 [ 53.576576][ T1500] ext4_map_blocks+0x82a/0x1810 [ 53.581611][ T1500] ? ext4_issue_zeroout+0x140/0x140 [ 53.587121][ T1500] _ext4_get_block+0x1d0/0x540 [ 53.592431][ T1500] ? attach_page_private+0xd8/0x200 [ 53.598066][ T1500] ? ext4_get_block+0x10/0x10 [ 53.603008][ T1500] ? create_page_buffers+0x16c/0x2f0 [ 53.608706][ T1500] __block_write_begin_int+0x32a/0x1150 [ 53.614403][ T1500] ? ext4_es_is_delayed+0x40/0x40 [ 53.619405][ T1500] ? page_zero_new_buffers+0x3f0/0x3f0 [ 53.625365][ T1500] ? ext4_inline_data_truncate+0xb70/0xb70 [ 53.631404][ T1500] block_page_mkwrite+0x218/0x400 [ 53.636701][ T1500] ? ext4_es_is_delayed+0x40/0x40 [ 53.641995][ T1500] ext4_page_mkwrite+0x5d9/0xf20 [ 53.647083][ T1500] ? ext4_es_is_delayed+0x40/0x40 [ 53.652194][ T1500] ? wp_page_shared+0x13e/0x540 [ 53.657021][ T1500] ? do_page_mkwrite+0x149/0x410 [ 53.662127][ T1500] ? ext4_change_inode_journal_flag+0x520/0x520 [ 53.668618][ T1500] do_page_mkwrite+0x149/0x410 [ 53.673951][ T1500] wp_page_shared+0x146/0x540 [ 53.679340][ T1500] handle_mm_fault+0x91a/0x2bf0 [ 53.684267][ T1500] ? numa_migrate_prep+0x1a0/0x1a0 [ 53.689528][ T1500] ? __x64_sys_futex+0xe0/0xe0 [ 53.694468][ T1500] exc_page_fault+0x22a/0x5e0 [ 53.699230][ T1500] asm_exc_page_fault+0x22/0x30 [ 53.704092][ T1500] RIP: 0033:0x7fa0902d0cc7 [ 53.708726][ T1500] Code: ce 48 ff c7 48 01 fe 48 8d 54 11 80 0f 1f 80 00 00 00 00 c5 fe 6f 0e c5 fe 6f 56 20 c5 fe 6f 5e 40 c5 fe 6f 66 60 48 83 ee 80 fd 7f 0f c5 fd 7f 57 20 c5 fd 7f 5f 40 c5 fd 7f 67 60 48 83 ef [ 53.729151][ T1500] RSP: 002b:00007ffedec217d8 EFLAGS: 00010203 [ 53.735218][ T1500] RAX: 0000000020003600 RBX: 00007ffedec218e8 RCX: 0000000020003600 [ 53.743448][ T1500] RDX: 00000000200036a9 RSI: 00007fa08fe937b0 RDI: 0000000020003620 [ 53.751572][ T1500] RBP: 0000000000000001 R08: 0000000000000000 R09: 00007fa09040ef8c [ 53.759896][ T1500] R10: 00007ffedec21910 R11: 0000000000000246 R12: 00007fa08fe936f0 [ 53.768256][ T1500] R13: fffffffffffffffe R14: 00007fa08fe73000 R15: 00007fa08fe936f8 [ 53.776536][ T1500] [ 53.779641][ T1500] [ 53.781964][ T1500] The buggy address belongs to the physical page: [ 53.788728][ T1500] page:ffffea0004945fc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x12517f [ 53.799591][ T1500] flags: 0x200000000000000(node=0|zone=2) [ 53.806608][ T1500] raw: 0200000000000000 ffffea0004945f48 ffffea0004945cc8 0000000000000000 [ 53.815892][ T1500] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 53.824737][ T1500] page dumped because: kasan: bad access detected [ 53.831450][ T1500] page_owner tracks the page as freed [ 53.836818][ T1500] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1453, tgid 1453 (modprobe), ts 52848196599, free_ts 52855285072 [ 53.854352][ T1500] post_alloc_hook+0x286/0x2b0 [ 53.859226][ T1500] get_page_from_freelist+0x2ba7/0x2de0 [ 53.865118][ T1500] __alloc_pages+0x251/0x640 [ 53.870058][ T1500] vma_alloc_folio+0x689/0x870 [ 53.875251][ T1500] handle_mm_fault+0x1343/0x2bf0 [ 53.880250][ T1500] exc_page_fault+0x22a/0x5e0 [ 53.884919][ T1500] asm_exc_page_fault+0x22/0x30 [ 53.889840][ T1500] page last free stack trace: [ 53.894681][ T1500] free_unref_page_prepare+0xca9/0xd80 [ 53.900126][ T1500] free_unref_page_list+0xaa/0x690 [ 53.905208][ T1500] release_pages+0x1763/0x1900 [ 53.910204][ T1500] tlb_flush_mmu+0x26f/0x3d0 [ 53.914766][ T1500] tlb_finish_mmu+0xb0/0x1b0 [ 53.919594][ T1500] exit_mmap+0x311/0x700 [ 53.923906][ T1500] __mmput+0x61/0x290 [ 53.928061][ T1500] exit_mm+0x122/0x1b0 [ 53.932314][ T1500] do_exit+0x81e/0x23a0 [ 53.936484][ T1500] do_group_exit+0x1b5/0x280 [ 53.941437][ T1500] __x64_sys_exit_group+0x3b/0x40 [ 53.947060][ T1500] do_syscall_64+0x3d/0x80 [ 53.952621][ T1500] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 53.959480][ T1500] [ 53.961789][ T1500] Memory state around the buggy address: [ 53.967683][ T1500] ffff88812517f700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.976166][ T1500] ffff88812517f780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.985456][ T1500] >ffff88812517f800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.993599][ T1500] ^ [ 53.999673][ T1500] ffff88812517f880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.008261][ T1500] ffff88812517f900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.016600][ T1500] ================================================================== [ 54.025243][ T1500] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 54.033116][ T1500] Kernel Offset: disabled [ 54.037875][ T1500] Rebooting in 86400 seconds..