Warning: Permanently added '10.128.0.227' (ED25519) to the list of known hosts. 2024/04/22 19:15:43 ignoring optional flag "sandboxArg"="0" 2024/04/22 19:15:43 parsed 1 programs 2024/04/22 19:15:43 executed programs: 0 2024/04/22 19:15:48 executed programs: 1 [ 55.297302][ T1504] loop0: detected capacity change from 0 to 2048 [ 55.311472][ T1504] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 55.330886][ T1504] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #18: comm syz-executor.0: corrupted in-inode xattr [ 55.353626][ T1050] EXT4-fs (loop0): unmounting filesystem. [ 55.381108][ T1510] loop0: detected capacity change from 0 to 2048 [ 55.390706][ T1510] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 55.410211][ T1510] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #18: comm syz-executor.0: corrupted in-inode xattr [ 55.433226][ T1050] EXT4-fs (loop0): unmounting filesystem. [ 55.464903][ T1514] loop0: detected capacity change from 0 to 2048 [ 55.480964][ T1514] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 55.501062][ T1514] ================================================================== [ 55.509128][ T1514] BUG: KASAN: use-after-free in ext4_convert_inline_data_nolock+0x282/0xc10 [ 55.517813][ T1514] Read of size 20 at addr ffff88810ba5f1a3 by task syz-executor.0/1514 [ 55.526025][ T1514] [ 55.528354][ T1514] CPU: 1 PID: 1514 Comm: syz-executor.0 Not tainted 6.1.87-syzkaller #0 [ 55.536742][ T1514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 55.546770][ T1514] Call Trace: [ 55.550028][ T1514] [ 55.553114][ T1514] dump_stack_lvl+0xf4/0x251 [ 55.557769][ T1514] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 55.563202][ T1514] ? panic+0x3fe/0x3fe [ 55.567244][ T1514] ? _printk+0xca/0x10a [ 55.571407][ T1514] ? __virt_addr_valid+0x139/0x260 [ 55.576518][ T1514] ? __virt_addr_valid+0x211/0x260 [ 55.581699][ T1514] print_report+0x15f/0x4f0 [ 55.586186][ T1514] ? __virt_addr_valid+0x139/0x260 [ 55.591289][ T1514] ? __virt_addr_valid+0x211/0x260 [ 55.596409][ T1514] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 55.602715][ T1514] kasan_report+0x136/0x160 [ 55.607220][ T1514] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 55.613527][ T1514] kasan_check_range+0x27f/0x290 [ 55.618449][ T1514] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 55.624776][ T1514] memcpy+0x25/0x60 [ 55.628572][ T1514] ext4_convert_inline_data_nolock+0x282/0xc10 [ 55.634874][ T1514] ? __down_write_common+0x12a/0x1e0 [ 55.640135][ T1514] ? ext4_add_dirent_to_inline+0x390/0x390 [ 55.646093][ T1514] ? __ext4_journal_start_sb+0xa4/0x360 [ 55.651614][ T1514] ext4_convert_inline_data+0x3b8/0x4d0 [ 55.657134][ T1514] ? ext4_inline_data_truncate+0xb70/0xb70 [ 55.662999][ T1514] ext4_fallocate+0x136/0x1790 [ 55.667740][ T1514] ? read_lock_is_recursive+0x10/0x10 [ 55.673098][ T1514] ? ext4_ext_truncate+0x260/0x260 [ 55.678194][ T1514] ? preempt_count_add+0x8f/0x120 [ 55.683190][ T1514] vfs_fallocate+0x30c/0x3d0 [ 55.687763][ T1514] __x64_sys_fallocate+0xa6/0xd0 [ 55.692692][ T1514] do_syscall_64+0x3b/0x80 [ 55.697105][ T1514] ? clear_bhb_loop+0x45/0xa0 [ 55.701767][ T1514] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 55.707721][ T1514] RIP: 0033:0x7fa2c25fe959 [ 55.712115][ T1514] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 55.732137][ T1514] RSP: 002b:00007fa2c21810c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 55.740523][ T1514] RAX: ffffffffffffffda RBX: 00007fa2c271df80 RCX: 00007fa2c25fe959 [ 55.748472][ T1514] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 55.756420][ T1514] RBP: 00007fa2c265ac88 R08: 0000000000000000 R09: 0000000000000000 [ 55.764383][ T1514] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 55.772332][ T1514] R13: 0000000000000006 R14: 00007fa2c271df80 R15: 00007ffc94118a08 [ 55.780300][ T1514] [ 55.783304][ T1514] [ 55.785630][ T1514] Allocated by task 1050: [ 55.789930][ T1514] kasan_set_track+0x4b/0x70 [ 55.794498][ T1514] __kasan_kmalloc+0x97/0xb0 [ 55.799079][ T1514] rtnl_newlink+0xe1/0x1b20 [ 55.803566][ T1514] rtnetlink_rcv_msg+0x741/0xc20 [ 55.808491][ T1514] netlink_rcv_skb+0x1c3/0x3b0 [ 55.813265][ T1514] netlink_unicast+0x5a8/0x7c0 [ 55.818016][ T1514] netlink_sendmsg+0x787/0xb60 [ 55.822768][ T1514] __sys_sendto+0x4a8/0x630 [ 55.827253][ T1514] __x64_sys_sendto+0xd5/0xf0 [ 55.832077][ T1514] do_syscall_64+0x3b/0x80 [ 55.836485][ T1514] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 55.842371][ T1514] [ 55.844681][ T1514] The buggy address belongs to the object at ffff88810ba5f000 [ 55.844681][ T1514] which belongs to the cache kmalloc-2k of size 2048 [ 55.859996][ T1514] The buggy address is located 419 bytes inside of [ 55.859996][ T1514] 2048-byte region [ffff88810ba5f000, ffff88810ba5f800) [ 55.873595][ T1514] [ 55.875896][ T1514] The buggy address belongs to the physical page: [ 55.882375][ T1514] page:ffffea00042e9600 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810ba5f000 pfn:0x10ba58 [ 55.894116][ T1514] head:ffffea00042e9600 order:3 compound_mapcount:0 compound_pincount:0 [ 55.902518][ T1514] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 55.909184][ T1514] raw: 0200000000010200 ffffea00042e9c08 ffffea00042b9608 ffff888100042000 [ 55.917773][ T1514] raw: ffff88810ba5f000 0000000000080004 00000001ffffffff 0000000000000000 [ 55.926343][ T1514] page dumped because: kasan: bad access detected [ 55.932733][ T1514] page_owner tracks the page as allocated [ 55.938432][ T1514] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 2387268438, free_ts 0 [ 55.958017][ T1514] post_alloc_hook+0x286/0x2b0 [ 55.962761][ T1514] get_page_from_freelist+0x2ba7/0x2de0 [ 55.968368][ T1514] __alloc_pages+0x251/0x640 [ 55.972927][ T1514] alloc_page_interleave+0xf/0x130 [ 55.978008][ T1514] alloc_slab_page+0x6a/0x150 [ 55.982655][ T1514] new_slab+0x70/0x250 [ 55.986697][ T1514] ___slab_alloc+0x9df/0xe70 [ 55.991259][ T1514] __kmem_cache_alloc_node+0x195/0x250 [ 55.996687][ T1514] kmalloc_trace+0x26/0xc0 [ 56.001079][ T1514] wakeup_source_sysfs_add+0x4c/0x240 [ 56.006446][ T1514] wakeup_source_register+0x108/0x1e0 [ 56.011891][ T1514] acpi_add_pm_notifier+0x119/0x210 [ 56.017094][ T1514] pci_acpi_setup+0x39a/0x830 [ 56.021753][ T1514] acpi_device_notify+0x1dc/0x2e0 [ 56.026846][ T1514] device_add+0x3ca/0xd90 [ 56.031150][ T1514] pci_device_add+0xca8/0x1670 [ 56.035884][ T1514] page_owner free stack trace missing [ 56.041221][ T1514] [ 56.043521][ T1514] Memory state around the buggy address: [ 56.049208][ T1514] ffff88810ba5f080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.057248][ T1514] ffff88810ba5f100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.065298][ T1514] >ffff88810ba5f180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.073378][ T1514] ^ [ 56.078458][ T1514] ffff88810ba5f200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.086506][ T1514] ffff88810ba5f280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.094715][ T1514] ================================================================== [ 56.102879][ T1514] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 56.110397][ T1514] Kernel Offset: disabled [ 56.114886][ T1514] Rebooting in 86400 seconds..