Warning: Permanently added '10.128.10.20' (ED25519) to the list of known hosts. 2023/08/18 03:52:45 ignoring optional flag "sandboxArg"="0" 2023/08/18 03:52:46 parsed 1 programs 2023/08/18 03:52:46 executed programs: 0 [ 54.042600][ T1500] loop0: detected capacity change from 0 to 2048 [ 54.063453][ T1500] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. 2023/08/18 03:52:51 executed programs: 1 [ 54.082952][ T1500] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #18: comm syz-executor.0: corrupted in-inode xattr [ 54.105241][ T1045] EXT4-fs (loop0): unmounting filesystem. [ 54.137057][ T1505] loop0: detected capacity change from 0 to 2048 [ 54.152486][ T1505] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 54.174395][ T1505] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #18: comm syz-executor.0: corrupted in-inode xattr [ 54.196048][ T1045] EXT4-fs (loop0): unmounting filesystem. [ 54.227532][ T1509] loop0: detected capacity change from 0 to 2048 [ 54.242628][ T1509] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 54.264187][ T1509] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #18: comm syz-executor.0: corrupted in-inode xattr [ 54.286131][ T1045] EXT4-fs (loop0): unmounting filesystem. [ 54.317864][ T1513] loop0: detected capacity change from 0 to 2048 [ 54.332472][ T1513] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 54.347118][ T1513] ================================================================== [ 54.355629][ T1513] BUG: KASAN: use-after-free in ext4_convert_inline_data_nolock+0x282/0xc10 [ 54.364573][ T1513] Read of size 20 at addr ffff888103fcc1a3 by task syz-executor.0/1513 [ 54.373408][ T1513] [ 54.375813][ T1513] CPU: 0 PID: 1513 Comm: syz-executor.0 Not tainted 6.1.46-syzkaller #0 [ 54.384504][ T1513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 54.394641][ T1513] Call Trace: [ 54.398262][ T1513] [ 54.401352][ T1513] dump_stack_lvl+0xf4/0x251 [ 54.405920][ T1513] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 54.411359][ T1513] ? panic+0x3f7/0x3f7 [ 54.415419][ T1513] ? _printk+0xca/0x10a [ 54.419750][ T1513] print_report+0x15f/0x4f0 [ 54.424323][ T1513] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 54.430820][ T1513] kasan_report+0x136/0x160 [ 54.435406][ T1513] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 54.441913][ T1513] kasan_check_range+0x27f/0x290 [ 54.447015][ T1513] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 54.453498][ T1513] memcpy+0x25/0x60 [ 54.457354][ T1513] ext4_convert_inline_data_nolock+0x282/0xc10 [ 54.463614][ T1513] ? __down_write_common+0x12a/0x1e0 [ 54.469138][ T1513] ? ext4_add_dirent_to_inline+0x390/0x390 [ 54.475003][ T1513] ? __ext4_journal_start_sb+0xa4/0x360 [ 54.480610][ T1513] ext4_convert_inline_data+0x3b8/0x4d0 [ 54.486313][ T1513] ? ext4_inline_data_truncate+0xb70/0xb70 [ 54.492369][ T1513] ext4_fallocate+0x136/0x1790 [ 54.497217][ T1513] ? read_lock_is_recursive+0x10/0x10 [ 54.502599][ T1513] ? ext4_ext_truncate+0x260/0x260 [ 54.507945][ T1513] ? preempt_count_add+0x8f/0x120 [ 54.513317][ T1513] vfs_fallocate+0x30c/0x3d0 [ 54.517887][ T1513] __x64_sys_fallocate+0xa6/0xd0 [ 54.522802][ T1513] do_syscall_64+0x3d/0x80 [ 54.527400][ T1513] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.533377][ T1513] RIP: 0033:0x7f2a009f3959 [ 54.537790][ T1513] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 54.558254][ T1513] RSP: 002b:00007f2a005760c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 54.566857][ T1513] RAX: ffffffffffffffda RBX: 00007f2a00b12f80 RCX: 00007f2a009f3959 [ 54.575511][ T1513] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 54.583732][ T1513] RBP: 00007f2a00a4fc88 R08: 0000000000000000 R09: 0000000000000000 [ 54.591858][ T1513] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 54.599892][ T1513] R13: 0000000000000006 R14: 00007f2a00b12f80 R15: 00007ffd2385c5a8 [ 54.608020][ T1513] [ 54.611022][ T1513] [ 54.613320][ T1513] The buggy address belongs to the physical page: [ 54.619704][ T1513] page:ffffea00040ff300 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103fcc [ 54.630085][ T1513] flags: 0x200000000000000(node=0|zone=2) [ 54.635882][ T1513] raw: 0200000000000000 ffffea0004604248 ffffea00040cc4c8 0000000000000000 [ 54.644892][ T1513] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 54.653450][ T1513] page dumped because: kasan: bad access detected [ 54.659835][ T1513] page_owner tracks the page as freed [ 54.665268][ T1513] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), pid 1045, tgid 1045 (syz-executor.0), ts 54128401343, free_ts 54188685643 [ 54.684255][ T1513] post_alloc_hook+0x286/0x2b0 [ 54.689190][ T1513] get_page_from_freelist+0x2c71/0x2eb0 [ 54.695351][ T1513] __alloc_pages+0x251/0x640 [ 54.699922][ T1513] get_zeroed_page+0x13/0x30 [ 54.704670][ T1513] __pud_alloc+0x87/0x1e0 [ 54.709177][ T1513] copy_page_range+0x326a/0x3690 [ 54.714088][ T1513] copy_mm+0xd9e/0x1570 [ 54.718496][ T1513] copy_process+0x128e/0x3570 [ 54.723343][ T1513] kernel_clone+0x18b/0x660 [ 54.728005][ T1513] __x64_sys_clone+0x22c/0x270 [ 54.732842][ T1513] do_syscall_64+0x3d/0x80 [ 54.737320][ T1513] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.743279][ T1513] page last free stack trace: [ 54.747936][ T1513] free_unref_page_prepare+0xca9/0xd80 [ 54.753735][ T1513] free_unref_page_list+0xb7/0x570 [ 54.758821][ T1513] release_pages+0x1763/0x1900 [ 54.763641][ T1513] tlb_flush_mmu+0x26f/0x3d0 [ 54.768201][ T1513] tlb_finish_mmu+0xb0/0x1b0 [ 54.772761][ T1513] exit_mmap+0x311/0x700 [ 54.776999][ T1513] __mmput+0x61/0x290 [ 54.780950][ T1513] exit_mm+0x122/0x1b0 [ 54.785098][ T1513] do_exit+0x81e/0x23a0 [ 54.789624][ T1513] do_group_exit+0x1b5/0x280 [ 54.794483][ T1513] get_signal+0x1117/0x1260 [ 54.799064][ T1513] arch_do_signal_or_restart+0xb3/0x1240 [ 54.805289][ T1513] exit_to_user_mode_loop+0x61/0xb0 [ 54.810934][ T1513] exit_to_user_mode_prepare+0x64/0xb0 [ 54.817083][ T1513] syscall_exit_to_user_mode+0x27/0x1c0 [ 54.822695][ T1513] do_syscall_64+0x49/0x80 [ 54.827437][ T1513] [ 54.830203][ T1513] Memory state around the buggy address: [ 54.835992][ T1513] ffff888103fcc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.844663][ T1513] ffff888103fcc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.853494][ T1513] >ffff888103fcc180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.861878][ T1513] ^ [ 54.867160][ T1513] ffff888103fcc200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.875539][ T1513] ffff888103fcc280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.883759][ T1513] ================================================================== [ 54.892660][ T1513] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 54.900208][ T1513] Kernel Offset: disabled [ 54.904548][ T1513] Rebooting in 86400 seconds..