Warning: Permanently added '10.128.0.94' (ED25519) to the list of known hosts. 2024/03/07 22:45:41 ignoring optional flag "sandboxArg"="0" 2024/03/07 22:45:41 parsed 1 programs 2024/03/07 22:45:41 executed programs: 0 [ 50.881104][ T1045] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 55.866723][ T1504] loop0: detected capacity change from 0 to 512 [ 55.888516][ T1504] EXT4-fs (loop0): 1 orphan inode deleted [ 55.894257][ T1504] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. 2024/03/07 22:45:46 executed programs: 1 [ 55.903367][ T1504] ext4 filesystem being mounted at /root/syzkaller-testdir3798756187/syzkaller.j7Bt5W/0/file1 supports timestamps until 2038 (0x7fffffff) [ 55.930233][ T1503] EXT4-fs error (device loop0): ext4_map_blocks:721: inode #16: block 3: comm syz-executor.0: lblock 3 mapped to illegal pblock 3 (length 1) [ 55.944923][ T1503] EXT4-fs (loop0): Remounting filesystem read-only [ 55.951862][ T1504] EXT4-fs error (device loop0): __ext4_remount:6425: comm syz-executor.0: Abort forced by user [ 55.974952][ T1050] EXT4-fs (loop0): unmounting filesystem. [ 55.999646][ T1510] loop0: detected capacity change from 0 to 512 [ 56.017541][ T1510] EXT4-fs (loop0): 1 orphan inode deleted [ 56.023297][ T1510] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 56.032322][ T1510] ext4 filesystem being mounted at /root/syzkaller-testdir3798756187/syzkaller.j7Bt5W/1/file1 supports timestamps until 2038 (0x7fffffff) [ 56.058588][ T1509] ================================================================== [ 56.066674][ T1509] BUG: KASAN: use-after-free in ext4_find_extent+0xb24/0xcd0 [ 56.074041][ T1509] Read of size 4 at addr ffff888124dd5070 by task syz-executor.0/1509 [ 56.082261][ T1509] [ 56.084576][ T1509] CPU: 0 PID: 1509 Comm: syz-executor.0 Not tainted 6.1.81-syzkaller #0 [ 56.092875][ T1509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 56.102907][ T1509] Call Trace: [ 56.106171][ T1509] [ 56.109084][ T1509] dump_stack_lvl+0xf4/0x251 [ 56.113649][ T1509] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 56.119079][ T1509] ? panic+0x3f7/0x3f7 [ 56.123125][ T1509] ? lock_acquire+0xbe/0x390 [ 56.127686][ T1509] ? read_lock_is_recursive+0x10/0x10 [ 56.133030][ T1509] ? __virt_addr_valid+0x139/0x260 [ 56.138113][ T1509] ? __virt_addr_valid+0x211/0x260 [ 56.143197][ T1509] print_report+0x15f/0x4f0 [ 56.147672][ T1509] ? __virt_addr_valid+0x139/0x260 [ 56.152755][ T1509] ? __virt_addr_valid+0x211/0x260 [ 56.157836][ T1509] ? ext4_find_extent+0xb24/0xcd0 [ 56.162961][ T1509] kasan_report+0x136/0x160 [ 56.167445][ T1509] ? ext4_find_extent+0xb24/0xcd0 [ 56.172443][ T1509] ext4_find_extent+0xb24/0xcd0 [ 56.177264][ T1509] ext4_ext_map_blocks+0x28b/0x65c0 [ 56.182437][ T1509] ? stack_trace_save+0x113/0x1c0 [ 56.187432][ T1509] ? __lock_acquire+0x607/0xb70 [ 56.192257][ T1509] ? ext4_ext_release+0x10/0x10 [ 56.197082][ T1509] ? __lock_acquire+0x607/0xb70 [ 56.201911][ T1509] ? __down_write_common+0x12a/0x1e0 [ 56.207167][ T1509] ? ext4_es_lookup_extent+0x2ce/0x780 [ 56.212595][ T1509] ext4_map_blocks+0x82a/0x1810 [ 56.217415][ T1509] ? ext4_issue_zeroout+0x140/0x140 [ 56.222670][ T1509] _ext4_get_block+0x1d0/0x540 [ 56.227407][ T1509] ? attach_page_private+0xd8/0x200 [ 56.232587][ T1509] ? ext4_get_block+0x10/0x10 [ 56.237268][ T1509] ? create_page_buffers+0x16c/0x2f0 [ 56.242547][ T1509] __block_write_begin_int+0x32a/0x1150 [ 56.248080][ T1509] ? ext4_es_is_delayed+0x40/0x40 [ 56.253091][ T1509] ? page_zero_new_buffers+0x3f0/0x3f0 [ 56.258523][ T1509] ? ext4_inline_data_truncate+0xb70/0xb70 [ 56.264306][ T1509] block_page_mkwrite+0x218/0x400 [ 56.269304][ T1509] ? ext4_es_is_delayed+0x40/0x40 [ 56.274398][ T1509] ext4_page_mkwrite+0x5d9/0xf20 [ 56.279344][ T1509] ? ext4_es_is_delayed+0x40/0x40 [ 56.284517][ T1509] ? wp_page_shared+0x13e/0x540 [ 56.289370][ T1509] ? do_page_mkwrite+0x149/0x410 [ 56.294287][ T1509] ? ext4_change_inode_journal_flag+0x520/0x520 [ 56.300504][ T1509] do_page_mkwrite+0x149/0x410 [ 56.305272][ T1509] wp_page_shared+0x146/0x540 [ 56.309926][ T1509] handle_mm_fault+0x91a/0x2bf0 [ 56.314752][ T1509] ? numa_migrate_prep+0x1a0/0x1a0 [ 56.319858][ T1509] exc_page_fault+0x22a/0x5e0 [ 56.324596][ T1509] asm_exc_page_fault+0x22/0x30 [ 56.329431][ T1509] RIP: 0033:0x7f03f00e4cc7 [ 56.333997][ T1509] Code: ce 48 ff c7 48 01 fe 48 8d 54 11 80 0f 1f 80 00 00 00 00 c5 fe 6f 0e c5 fe 6f 56 20 c5 fe 6f 5e 40 c5 fe 6f 66 60 48 83 ee 80 fd 7f 0f c5 fd 7f 57 20 c5 fd 7f 5f 40 c5 fd 7f 67 60 48 83 ef [ 56.353665][ T1509] RSP: 002b:00007ffc0d145d18 EFLAGS: 00010203 [ 56.359706][ T1509] RAX: 0000000020003600 RBX: 00007ffc0d145e28 RCX: 0000000020003600 [ 56.367651][ T1509] RDX: 00000000200036a9 RSI: 00007f03efca77b0 RDI: 0000000020003620 [ 56.375689][ T1509] RBP: 0000000000000001 R08: 0000000000000000 R09: 00007f03f0222f8c [ 56.383633][ T1509] R10: 00007ffc0d145e50 R11: 0000000000000246 R12: 00007f03efca76f0 [ 56.391575][ T1509] R13: fffffffffffffffe R14: 00007f03efc87000 R15: 00007f03efca76f8 [ 56.399527][ T1509] [ 56.402615][ T1509] [ 56.404913][ T1509] The buggy address belongs to the physical page: [ 56.411468][ T1509] page:ffffea0004937540 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x124dd5 [ 56.421672][ T1509] flags: 0x200000000000000(node=0|zone=2) [ 56.427502][ T1509] raw: 0200000000000000 ffffea0004937588 ffffea0004937508 0000000000000000 [ 56.436097][ T1509] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 56.444659][ T1509] page dumped because: kasan: bad access detected [ 56.451049][ T1509] page_owner tracks the page as freed [ 56.456668][ T1509] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 1449, tgid 1449 (modprobe), ts 55265911326, free_ts 55274125851 [ 56.474971][ T1509] post_alloc_hook+0x286/0x2b0 [ 56.479716][ T1509] get_page_from_freelist+0x2ba7/0x2de0 [ 56.485235][ T1509] __alloc_pages+0x251/0x640 [ 56.489797][ T1509] vma_alloc_folio+0x689/0x870 [ 56.494535][ T1509] handle_mm_fault+0x184b/0x2bf0 [ 56.499467][ T1509] exc_page_fault+0x22a/0x5e0 [ 56.504116][ T1509] asm_exc_page_fault+0x22/0x30 [ 56.508938][ T1509] page last free stack trace: [ 56.513757][ T1509] free_unref_page_prepare+0xca9/0xd80 [ 56.519194][ T1509] free_unref_page_list+0xaa/0x690 [ 56.524278][ T1509] release_pages+0x1763/0x1900 [ 56.529015][ T1509] tlb_flush_mmu+0x26f/0x3d0 [ 56.533575][ T1509] tlb_finish_mmu+0xb0/0x1b0 [ 56.538133][ T1509] exit_mmap+0x311/0x700 [ 56.542343][ T1509] __mmput+0x61/0x290 [ 56.546386][ T1509] exit_mm+0x122/0x1b0 [ 56.550431][ T1509] do_exit+0x81e/0x23a0 [ 56.554562][ T1509] do_group_exit+0x1b5/0x280 [ 56.559124][ T1509] __x64_sys_exit_group+0x3b/0x40 [ 56.564118][ T1509] do_syscall_64+0x3d/0x80 [ 56.568592][ T1509] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.574458][ T1509] [ 56.576789][ T1509] Memory state around the buggy address: [ 56.582390][ T1509] ffff888124dd4f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.590433][ T1509] ffff888124dd4f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.598481][ T1509] >ffff888124dd5000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.606515][ T1509] ^ [ 56.614202][ T1509] ffff888124dd5080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.622234][ T1509] ffff888124dd5100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.630273][ T1509] ================================================================== [ 56.638587][ T1509] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 56.646228][ T1509] Kernel Offset: disabled [ 56.650546][ T1509] Rebooting in 86400 seconds..