Warning: Permanently added '10.128.0.147' (ED25519) to the list of known hosts. 2024/04/21 13:23:45 ignoring optional flag "sandboxArg"="0" 2024/04/21 13:23:45 parsed 1 programs 2024/04/21 13:23:45 executed programs: 0 [ 48.320157][ T1503] loop0: detected capacity change from 0 to 2048 [ 48.346473][ T1503] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 48.363119][ T1503] ================================================================== [ 48.371190][ T1503] BUG: KASAN: use-after-free in ext4_read_inline_data+0x1e0/0x290 [ 48.379233][ T1503] Read of size 20 at addr ffff88811f12b1a3 by task syz-executor.0/1503 [ 48.387449][ T1503] [ 48.389755][ T1503] CPU: 1 PID: 1503 Comm: syz-executor.0 Not tainted 5.15.156-syzkaller #0 [ 48.398223][ T1503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 48.408365][ T1503] Call Trace: [ 48.411644][ T1503] [ 48.414550][ T1503] dump_stack_lvl+0x41/0x5e [ 48.419042][ T1503] print_address_description.constprop.0.cold+0x6c/0x309 [ 48.426144][ T1503] ? ext4_read_inline_data+0x1e0/0x290 [ 48.431585][ T1503] ? ext4_read_inline_data+0x1e0/0x290 [ 48.437010][ T1503] kasan_report.cold+0x83/0xdf [ 48.441738][ T1503] ? ext4_read_inline_data+0x1e0/0x290 [ 48.447162][ T1503] kasan_check_range+0x13d/0x180 [ 48.452077][ T1503] memcpy+0x20/0x60 [ 48.455856][ T1503] ext4_read_inline_data+0x1e0/0x290 [ 48.461111][ T1503] ext4_convert_inline_data_nolock+0xe2/0xbd0 [ 48.467163][ T1503] ? ext4_convert_inline_data+0x2ad/0x4e0 [ 48.473048][ T1503] ? ext4_prepare_inline_data+0x1b0/0x1b0 [ 48.478737][ T1503] ? down_write+0xc8/0x140 [ 48.483125][ T1503] ? down_write_killable_nested+0x160/0x160 [ 48.489075][ T1503] ? ext4_journal_check_start+0x46/0x1d0 [ 48.494685][ T1503] ? __ext4_journal_start_sb+0x226/0x2e0 [ 48.500284][ T1503] ext4_convert_inline_data+0x419/0x4e0 [ 48.505885][ T1503] ? ext4_inline_data_truncate+0xa00/0xa00 [ 48.511746][ T1503] ? down_write_killable_nested+0x160/0x160 [ 48.517783][ T1503] ? lock_acquire+0x11a/0x230 [ 48.522428][ T1503] ? aa_path_link+0x2e0/0x2e0 [ 48.527157][ T1503] ext4_fallocate+0x13f/0x2d60 [ 48.531974][ T1503] ? __lock_acquire.constprop.0+0x478/0xb30 [ 48.537833][ T1503] ? ext4_ext_truncate+0x1c0/0x1c0 [ 48.542905][ T1503] ? lock_acquire+0x11a/0x230 [ 48.547546][ T1503] ? __x64_sys_fallocate+0xb0/0x100 [ 48.552713][ T1503] vfs_fallocate+0x2a8/0xa40 [ 48.557267][ T1503] __x64_sys_fallocate+0xb0/0x100 [ 48.562302][ T1503] do_syscall_64+0x33/0x80 [ 48.566750][ T1503] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 48.572905][ T1503] RIP: 0033:0x7f4fb842d959 [ 48.577327][ T1503] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 48.597012][ T1503] RSP: 002b:00007f4fb7fb00c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 48.605776][ T1503] RAX: ffffffffffffffda RBX: 00007f4fb854cf80 RCX: 00007f4fb842d959 [ 48.613828][ T1503] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 48.622095][ T1503] RBP: 00007f4fb8489c88 R08: 0000000000000000 R09: 0000000000000000 [ 48.630135][ T1503] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 48.638312][ T1503] R13: 0000000000000006 R14: 00007f4fb854cf80 R15: 00007ffe12f61638 [ 48.646366][ T1503] [ 48.649363][ T1503] [ 48.651668][ T1503] Allocated by task 1434: [ 48.655984][ T1503] kasan_save_stack+0x1b/0x40 [ 48.661007][ T1503] __kasan_slab_alloc+0x61/0x80 [ 48.665822][ T1503] kmem_cache_alloc+0x211/0x310 [ 48.670659][ T1503] vm_area_dup+0x73/0x280 [ 48.674958][ T1503] __split_vma+0x88/0x490 [ 48.679269][ T1503] __do_munmap+0xa44/0x10c0 [ 48.683737][ T1503] mmap_region+0x1ae/0x1050 [ 48.688202][ T1503] do_mmap+0x5ca/0xd80 [ 48.692235][ T1503] vm_mmap_pgoff+0x160/0x200 [ 48.696799][ T1503] ksys_mmap_pgoff+0x396/0x570 [ 48.701540][ T1503] do_syscall_64+0x33/0x80 [ 48.705938][ T1503] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 48.711793][ T1503] [ 48.714083][ T1503] Freed by task 1434: [ 48.718410][ T1503] kasan_save_stack+0x1b/0x40 [ 48.723076][ T1503] kasan_set_track+0x1c/0x30 [ 48.727658][ T1503] kasan_set_free_info+0x20/0x30 [ 48.732573][ T1503] __kasan_slab_free+0xe0/0x110 [ 48.737404][ T1503] kmem_cache_free+0x7e/0x450 [ 48.742154][ T1503] remove_vma+0xeb/0x120 [ 48.746385][ T1503] __do_munmap+0x53f/0x10c0 [ 48.750940][ T1503] mmap_region+0x1ae/0x1050 [ 48.755408][ T1503] do_mmap+0x5ca/0xd80 [ 48.759552][ T1503] vm_mmap_pgoff+0x160/0x200 [ 48.764104][ T1503] ksys_mmap_pgoff+0x396/0x570 [ 48.768831][ T1503] do_syscall_64+0x33/0x80 [ 48.773359][ T1503] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 48.779321][ T1503] [ 48.781625][ T1503] The buggy address belongs to the object at ffff88811f12b100 [ 48.781625][ T1503] which belongs to the cache vm_area_struct of size 192 [ 48.796095][ T1503] The buggy address is located 163 bytes inside of [ 48.796095][ T1503] 192-byte region [ffff88811f12b100, ffff88811f12b1c0) [ 48.809522][ T1503] The buggy address belongs to the page: [ 48.815129][ T1503] page:ffffea00047c4ac0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f12b [ 48.825436][ T1503] flags: 0x200000000000200(slab|node=0|zone=2) [ 48.831675][ T1503] raw: 0200000000000200 0000000000000000 0000000100000001 ffff888100137a00 [ 48.840314][ T1503] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 48.849745][ T1503] page dumped because: kasan: bad access detected [ 48.856155][ T1503] page_owner tracks the page as allocated [ 48.862120][ T1503] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 555, ts 25958073854, free_ts 25955663627 [ 48.878056][ T1503] get_page_from_freelist+0x166f/0x2910 [ 48.883677][ T1503] __alloc_pages+0x2b3/0x590 [ 48.888233][ T1503] allocate_slab+0x2eb/0x430 [ 48.892890][ T1503] ___slab_alloc+0xb1c/0xf80 [ 48.897466][ T1503] kmem_cache_alloc+0x2d7/0x310 [ 48.902289][ T1503] vm_area_alloc+0x17/0xf0 [ 48.906680][ T1503] mmap_region+0x618/0x1050 [ 48.911147][ T1503] do_mmap+0x5ca/0xd80 [ 48.915179][ T1503] vm_mmap_pgoff+0x160/0x200 [ 48.919736][ T1503] ksys_mmap_pgoff+0x396/0x570 [ 48.924571][ T1503] do_syscall_64+0x33/0x80 [ 48.928976][ T1503] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 48.934893][ T1503] page last free stack trace: [ 48.939561][ T1503] free_pcp_prepare+0x34e/0x730 [ 48.944598][ T1503] free_unref_page_list+0x168/0x9a0 [ 48.949771][ T1503] release_pages+0x9f2/0x1100 [ 48.954440][ T1503] tlb_finish_mmu+0x125/0x6c0 [ 48.959086][ T1503] exit_mmap+0x185/0x4e0 [ 48.963306][ T1503] mmput+0x90/0x390 [ 48.967080][ T1503] do_exit+0x87f/0x21d0 [ 48.971201][ T1503] do_group_exit+0xe7/0x290 [ 48.975675][ T1503] __x64_sys_exit_group+0x35/0x40 [ 48.980697][ T1503] do_syscall_64+0x33/0x80 [ 48.985215][ T1503] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 48.991268][ T1503] [ 48.993578][ T1503] Memory state around the buggy address: [ 48.999178][ T1503] ffff88811f12b080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 49.007310][ T1503] ffff88811f12b100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.015345][ T1503] >ffff88811f12b180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 49.023373][ T1503] ^ [ 49.028549][ T1503] ffff88811f12b200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.036574][ T1503] ffff88811f12b280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 49.044700][ T1503] ================================================================== [ 49.053382][ T1503] Disabling lock debugging due to kernel taint [ 49.059708][ T1503] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 49.068165][ T1503] Kernel Offset: disabled [ 49.072575][ T1503] Rebooting in 86400 seconds..