Warning: Permanently added '10.128.1.64' (ED25519) to the list of known hosts. 2024/03/21 02:23:40 ignoring optional flag "sandboxArg"="0" 2024/03/21 02:23:41 parsed 1 programs 2024/03/21 02:23:41 executed programs: 0 [ 46.793116][ T1503] loop0: detected capacity change from 0 to 2048 [ 46.812259][ T1503] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 46.832858][ T1503] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #18: comm syz-executor.0: corrupted in-inode xattr [ 46.904188][ T1509] loop0: detected capacity change from 0 to 2048 [ 46.922041][ T1509] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 46.943166][ T1509] ================================================================== [ 46.951450][ T1509] BUG: KASAN: use-after-free in ext4_read_inline_data+0x1e0/0x290 [ 46.959603][ T1509] Read of size 20 at addr ffff88811f3f41a3 by task syz-executor.0/1509 [ 46.968110][ T1509] [ 46.970446][ T1509] CPU: 1 PID: 1509 Comm: syz-executor.0 Not tainted 5.15.152-syzkaller #0 [ 46.979024][ T1509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 46.990208][ T1509] Call Trace: [ 46.993517][ T1509] [ 46.996421][ T1509] dump_stack_lvl+0x41/0x5e [ 47.000897][ T1509] print_address_description.constprop.0.cold+0x6c/0x309 [ 47.008067][ T1509] ? ext4_read_inline_data+0x1e0/0x290 [ 47.013599][ T1509] ? ext4_read_inline_data+0x1e0/0x290 [ 47.019142][ T1509] kasan_report.cold+0x83/0xdf [ 47.023985][ T1509] ? ext4_read_inline_data+0x1e0/0x290 [ 47.029508][ T1509] kasan_check_range+0x13d/0x180 [ 47.034428][ T1509] memcpy+0x20/0x60 [ 47.038394][ T1509] ext4_read_inline_data+0x1e0/0x290 [ 47.043741][ T1509] ext4_convert_inline_data_nolock+0xe2/0xbd0 [ 47.049899][ T1509] ? ext4_convert_inline_data+0x2ad/0x4e0 [ 47.055679][ T1509] ? ext4_prepare_inline_data+0x1b0/0x1b0 [ 47.061472][ T1509] ? down_write+0xc8/0x130 [ 47.065874][ T1509] ? down_write_killable_nested+0x160/0x160 [ 47.071739][ T1509] ? ext4_journal_check_start+0x46/0x1d0 [ 47.077447][ T1509] ? __ext4_journal_start_sb+0x226/0x2e0 [ 47.083057][ T1509] ext4_convert_inline_data+0x419/0x4e0 [ 47.088589][ T1509] ? ext4_inline_data_truncate+0xa00/0xa00 [ 47.094473][ T1509] ? down_write_killable_nested+0x160/0x160 [ 47.100420][ T1509] ? lock_acquire+0x11a/0x230 [ 47.105349][ T1509] ? aa_path_link+0x2e0/0x2e0 [ 47.110099][ T1509] ext4_fallocate+0x13f/0x2d60 [ 47.116034][ T1509] ? __lock_acquire.constprop.0+0x478/0xb30 [ 47.122121][ T1509] ? ext4_ext_truncate+0x1c0/0x1c0 [ 47.127286][ T1509] ? lock_acquire+0x11a/0x230 [ 47.131964][ T1509] ? __x64_sys_fallocate+0xb0/0x100 [ 47.137321][ T1509] vfs_fallocate+0x2a8/0xa40 [ 47.142146][ T1509] __x64_sys_fallocate+0xb0/0x100 [ 47.147250][ T1509] do_syscall_64+0x35/0x80 [ 47.151638][ T1509] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.157498][ T1509] RIP: 0033:0x7f59492b4959 [ 47.161882][ T1509] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 47.182179][ T1509] RSP: 002b:00007f5948e370c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 47.191224][ T1509] RAX: ffffffffffffffda RBX: 00007f59493d3f80 RCX: 00007f59492b4959 [ 47.199262][ T1509] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 47.207199][ T1509] RBP: 00007f5949310c88 R08: 0000000000000000 R09: 0000000000000000 [ 47.215145][ T1509] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 47.223182][ T1509] R13: 0000000000000006 R14: 00007f59493d3f80 R15: 00007ffedbc422f8 [ 47.231305][ T1509] [ 47.234306][ T1509] [ 47.236619][ T1509] Allocated by task 1078: [ 47.241000][ T1509] kasan_save_stack+0x1b/0x40 [ 47.245652][ T1509] __kasan_slab_alloc+0x61/0x80 [ 47.250580][ T1509] kmem_cache_alloc+0x211/0x310 [ 47.255403][ T1509] vm_area_alloc+0x17/0xf0 [ 47.259786][ T1509] mmap_region+0x618/0x1050 [ 47.264431][ T1509] do_mmap+0x5ca/0xd80 [ 47.268554][ T1509] vm_mmap_pgoff+0x160/0x200 [ 47.273291][ T1509] ksys_mmap_pgoff+0x396/0x570 [ 47.278204][ T1509] do_syscall_64+0x35/0x80 [ 47.282699][ T1509] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.288908][ T1509] [ 47.291342][ T1509] Freed by task 1078: [ 47.295414][ T1509] kasan_save_stack+0x1b/0x40 [ 47.300525][ T1509] kasan_set_track+0x1c/0x30 [ 47.305952][ T1509] kasan_set_free_info+0x20/0x30 [ 47.310990][ T1509] __kasan_slab_free+0xe0/0x110 [ 47.316094][ T1509] kmem_cache_free+0x7e/0x450 [ 47.320753][ T1509] remove_vma+0xeb/0x120 [ 47.325189][ T1509] exit_mmap+0x1e0/0x4e0 [ 47.329560][ T1509] mmput+0x90/0x390 [ 47.333682][ T1509] do_exit+0x87f/0x21d0 [ 47.337832][ T1509] do_group_exit+0xe7/0x290 [ 47.342429][ T1509] __x64_sys_exit_group+0x35/0x40 [ 47.347448][ T1509] do_syscall_64+0x35/0x80 [ 47.352045][ T1509] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.358269][ T1509] [ 47.360693][ T1509] The buggy address belongs to the object at ffff88811f3f4100 [ 47.360693][ T1509] which belongs to the cache vm_area_struct of size 192 [ 47.375782][ T1509] The buggy address is located 163 bytes inside of [ 47.375782][ T1509] 192-byte region [ffff88811f3f4100, ffff88811f3f41c0) [ 47.389606][ T1509] The buggy address belongs to the page: [ 47.395739][ T1509] page:ffffea00047cfd00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f3f4 [ 47.406249][ T1509] flags: 0x200000000000200(slab|node=0|zone=2) [ 47.412674][ T1509] raw: 0200000000000200 ffffea00047ce240 0000000300000003 ffff888100137a00 [ 47.421729][ T1509] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 47.431354][ T1509] page dumped because: kasan: bad access detected [ 47.439141][ T1509] page_owner tracks the page as allocated [ 47.445201][ T1509] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 632, ts 24388383055, free_ts 24386533626 [ 47.462501][ T1509] get_page_from_freelist+0x166f/0x2910 [ 47.468045][ T1509] __alloc_pages+0x2b3/0x590 [ 47.477416][ T1509] allocate_slab+0x2eb/0x430 [ 47.482164][ T1509] ___slab_alloc+0xb1c/0xf80 [ 47.487089][ T1509] kmem_cache_alloc+0x2d7/0x310 [ 47.491937][ T1509] vm_area_alloc+0x17/0xf0 [ 47.496424][ T1509] mmap_region+0x618/0x1050 [ 47.501095][ T1509] do_mmap+0x5ca/0xd80 [ 47.505130][ T1509] vm_mmap_pgoff+0x160/0x200 [ 47.509694][ T1509] ksys_mmap_pgoff+0x396/0x570 [ 47.514439][ T1509] do_syscall_64+0x35/0x80 [ 47.519224][ T1509] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.525451][ T1509] page last free stack trace: [ 47.530183][ T1509] free_pcp_prepare+0x34e/0x730 [ 47.535567][ T1509] free_unref_page_list+0x168/0x9a0 [ 47.540891][ T1509] release_pages+0x9f2/0x1100 [ 47.546282][ T1509] tlb_finish_mmu+0x125/0x6c0 [ 47.551410][ T1509] exit_mmap+0x185/0x4e0 [ 47.555725][ T1509] mmput+0x90/0x390 [ 47.559501][ T1509] do_exit+0x87f/0x21d0 [ 47.563744][ T1509] do_group_exit+0xe7/0x290 [ 47.568267][ T1509] __x64_sys_exit_group+0x35/0x40 [ 47.573441][ T1509] do_syscall_64+0x35/0x80 [ 47.577925][ T1509] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 47.584069][ T1509] [ 47.586619][ T1509] Memory state around the buggy address: [ 47.592231][ T1509] ffff88811f3f4080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 47.600267][ T1509] ffff88811f3f4100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.608316][ T1509] >ffff88811f3f4180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 47.616576][ T1509] ^ [ 47.621671][ T1509] ffff88811f3f4200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.629707][ T1509] ffff88811f3f4280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 47.637760][ T1509] ================================================================== [ 47.645982][ T1509] Disabling lock debugging due to kernel taint [ 47.652840][ T1509] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 47.660654][ T1509] Kernel Offset: disabled [ 47.665132][ T1509] Rebooting in 86400 seconds..