Warning: Permanently added '10.128.1.54' (ED25519) to the list of known hosts. 2024/07/06 22:20:44 ignoring optional flag "sandboxArg"="0" 2024/07/06 22:20:44 parsed 1 programs 2024/07/06 22:20:44 executed programs: 0 2024/07/06 22:20:50 executed programs: 1 [ 67.668562][ T1400] loop0: detected capacity change from 0 to 2048 [ 67.686285][ T1400] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 67.701367][ T1400] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #18: comm syz-executor.0: corrupted in-inode xattr [ 67.720054][ T946] EXT4-fs (loop0): unmounting filesystem. [ 67.750848][ T1406] loop0: detected capacity change from 0 to 2048 [ 67.765726][ T1406] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 67.780968][ T1406] ================================================================== [ 67.789515][ T1406] BUG: KASAN: use-after-free in ext4_convert_inline_data_nolock+0x282/0xc10 [ 67.798464][ T1406] Read of size 20 at addr ffff888102b5d1a3 by task syz-executor.0/1406 [ 67.806873][ T1406] [ 67.809212][ T1406] CPU: 0 PID: 1406 Comm: syz-executor.0 Not tainted 6.1.97-syzkaller #0 [ 67.817720][ T1406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 67.827885][ T1406] Call Trace: [ 67.831146][ T1406] [ 67.834106][ T1406] dump_stack_lvl+0xf4/0x251 [ 67.838753][ T1406] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 67.844218][ T1406] ? panic+0x3fe/0x3fe [ 67.848529][ T1406] ? _printk+0xca/0x10a [ 67.852778][ T1406] ? __virt_addr_valid+0x139/0x260 [ 67.857966][ T1406] ? __virt_addr_valid+0x211/0x260 [ 67.863161][ T1406] print_report+0x15f/0x4f0 [ 67.867760][ T1406] ? __virt_addr_valid+0x139/0x260 [ 67.872873][ T1406] ? __virt_addr_valid+0x211/0x260 [ 67.878001][ T1406] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 67.884573][ T1406] kasan_report+0x136/0x160 [ 67.889076][ T1406] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 67.895372][ T1406] kasan_check_range+0x27f/0x290 [ 67.900282][ T1406] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 67.906590][ T1406] memcpy+0x25/0x60 [ 67.910749][ T1406] ext4_convert_inline_data_nolock+0x282/0xc10 [ 67.917117][ T1406] ? __down_write_common+0x12a/0x1e0 [ 67.922404][ T1406] ? ext4_add_dirent_to_inline+0x390/0x390 [ 67.928382][ T1406] ? __ext4_journal_start_sb+0xa4/0x360 [ 67.933935][ T1406] ext4_convert_inline_data+0x3b8/0x4d0 [ 67.939576][ T1406] ? ext4_inline_data_truncate+0xb70/0xb70 [ 67.945647][ T1406] ext4_fallocate+0x136/0x1790 [ 67.950405][ T1406] ? read_lock_is_recursive+0x10/0x10 [ 67.955835][ T1406] ? ext4_ext_truncate+0x260/0x260 [ 67.961019][ T1406] ? preempt_count_add+0x8f/0x120 [ 67.966023][ T1406] vfs_fallocate+0x30c/0x3d0 [ 67.970721][ T1406] __x64_sys_fallocate+0xa6/0xd0 [ 67.975633][ T1406] do_syscall_64+0x3b/0x80 [ 67.980030][ T1406] ? clear_bhb_loop+0x45/0xa0 [ 67.984696][ T1406] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 67.990583][ T1406] RIP: 0033:0x7f8a4e770959 [ 67.994978][ T1406] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 68.015062][ T1406] RSP: 002b:00007f8a4e2f30c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 68.023459][ T1406] RAX: ffffffffffffffda RBX: 00007f8a4e88ff80 RCX: 00007f8a4e770959 [ 68.031435][ T1406] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 68.039480][ T1406] RBP: 00007f8a4e7ccc88 R08: 0000000000000000 R09: 0000000000000000 [ 68.047518][ T1406] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 68.055470][ T1406] R13: 0000000000000006 R14: 00007f8a4e88ff80 R15: 00007ffdeae9e388 [ 68.063429][ T1406] [ 68.066437][ T1406] [ 68.068734][ T1406] Allocated by task 1325: [ 68.073036][ T1406] kasan_set_track+0x4b/0x70 [ 68.077610][ T1406] __kasan_slab_alloc+0x65/0x70 [ 68.082430][ T1406] slab_post_alloc_hook+0x54/0x3e0 [ 68.087509][ T1406] kmem_cache_alloc+0x10c/0x290 [ 68.092692][ T1406] vm_area_alloc+0x1b/0xd0 [ 68.097086][ T1406] mmap_region+0x9fe/0x1780 [ 68.101669][ T1406] do_mmap+0x69e/0xb60 [ 68.105816][ T1406] vm_mmap_pgoff+0x1b7/0x280 [ 68.110389][ T1406] ksys_mmap_pgoff+0x2cf/0x3b0 [ 68.115166][ T1406] do_syscall_64+0x3b/0x80 [ 68.119576][ T1406] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 68.125831][ T1406] [ 68.128168][ T1406] Freed by task 1325: [ 68.132581][ T1406] kasan_set_track+0x4b/0x70 [ 68.137162][ T1406] kasan_save_free_info+0x27/0x40 [ 68.142185][ T1406] ____kasan_slab_free+0x122/0x1e0 [ 68.147276][ T1406] kmem_cache_free+0x2e8/0x510 [ 68.152105][ T1406] exit_mmap+0x31e/0x700 [ 68.156435][ T1406] __mmput+0x61/0x290 [ 68.160561][ T1406] exit_mm+0x122/0x1b0 [ 68.164653][ T1406] do_exit+0x81e/0x23a0 [ 68.168795][ T1406] do_group_exit+0x1b5/0x280 [ 68.173429][ T1406] __x64_sys_exit_group+0x3b/0x40 [ 68.178466][ T1406] do_syscall_64+0x3b/0x80 [ 68.182876][ T1406] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 68.188944][ T1406] [ 68.191272][ T1406] The buggy address belongs to the object at ffff888102b5d1a0 [ 68.191272][ T1406] which belongs to the cache vm_area_struct of size 144 [ 68.205770][ T1406] The buggy address is located 3 bytes inside of [ 68.205770][ T1406] 144-byte region [ffff888102b5d1a0, ffff888102b5d230) [ 68.218884][ T1406] [ 68.221196][ T1406] The buggy address belongs to the physical page: [ 68.227673][ T1406] page:ffffea00040ad740 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b5d [ 68.238238][ T1406] flags: 0x200000000000200(slab|node=0|zone=2) [ 68.244387][ T1406] raw: 0200000000000200 ffffea00047e0540 dead000000000006 ffff888100163b40 [ 68.253230][ T1406] raw: 0000000000000000 0000000000130013 00000001ffffffff 0000000000000000 [ 68.261797][ T1406] page dumped because: kasan: bad access detected [ 68.268204][ T1406] page_owner tracks the page as allocated [ 68.274014][ T1406] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 493, tgid 493 (modprobe), ts 28908667130, free_ts 28908592430 [ 68.292142][ T1406] post_alloc_hook+0x286/0x2b0 [ 68.296925][ T1406] get_page_from_freelist+0x2ba7/0x2de0 [ 68.302442][ T1406] __alloc_pages+0x251/0x640 [ 68.307002][ T1406] alloc_slab_page+0x6a/0x150 [ 68.311809][ T1406] new_slab+0x70/0x250 [ 68.316224][ T1406] ___slab_alloc+0x9df/0xe70 [ 68.320798][ T1406] kmem_cache_alloc+0x18b/0x290 [ 68.325714][ T1406] vm_area_alloc+0x1b/0xd0 [ 68.330119][ T1406] __install_special_mapping+0x2f/0x290 [ 68.335659][ T1406] map_vdso+0x1aa/0x2e0 [ 68.339834][ T1406] load_elf_binary+0x1a6d/0x23a0 [ 68.344770][ T1406] bprm_execve+0x7e7/0x1210 [ 68.349279][ T1406] kernel_execve+0x53b/0x610 [ 68.353956][ T1406] call_usermodehelper_exec_async+0x1fc/0x310 [ 68.360083][ T1406] ret_from_fork+0x1f/0x30 [ 68.364682][ T1406] page last free stack trace: [ 68.369415][ T1406] free_unref_page_prepare+0xca9/0xd80 [ 68.374969][ T1406] free_unref_page+0x30/0x230 [ 68.379651][ T1406] qlist_free_all+0x76/0xe0 [ 68.384329][ T1406] kasan_quarantine_reduce+0x156/0x170 [ 68.389790][ T1406] __kasan_slab_alloc+0x1f/0x70 [ 68.394626][ T1406] slab_post_alloc_hook+0x54/0x3e0 [ 68.399715][ T1406] kmem_cache_alloc+0x10c/0x290 [ 68.404546][ T1406] vm_area_alloc+0x1b/0xd0 [ 68.408937][ T1406] __install_special_mapping+0x2f/0x290 [ 68.414587][ T1406] map_vdso+0x15b/0x2e0 [ 68.418868][ T1406] load_elf_binary+0x1a6d/0x23a0 [ 68.423812][ T1406] bprm_execve+0x7e7/0x1210 [ 68.428308][ T1406] kernel_execve+0x53b/0x610 [ 68.432907][ T1406] call_usermodehelper_exec_async+0x1fc/0x310 [ 68.438970][ T1406] ret_from_fork+0x1f/0x30 [ 68.443454][ T1406] [ 68.445750][ T1406] Memory state around the buggy address: [ 68.451452][ T1406] ffff888102b5d080: fb fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb [ 68.459495][ T1406] ffff888102b5d100: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 68.467531][ T1406] >ffff888102b5d180: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb [ 68.475649][ T1406] ^ [ 68.480836][ T1406] ffff888102b5d200: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fa fb [ 68.488880][ T1406] ffff888102b5d280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.496912][ T1406] ================================================================== [ 68.505133][ T1406] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 68.512554][ T1406] Kernel Offset: disabled [ 68.516858][ T1406] Rebooting in 86400 seconds..