Warning: Permanently added '10.128.0.140' (ED25519) to the list of known hosts. 2023/11/10 12:14:40 ignoring optional flag "sandboxArg"="0" 2023/11/10 12:14:40 parsed 1 programs 2023/11/10 12:14:40 executed programs: 0 [ 45.520771][ T1505] loop0: detected capacity change from 0 to 2048 [ 45.534907][ T1505] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 45.550787][ T1505] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #18: comm syz-executor.0: corrupted in-inode xattr [ 45.626829][ T1510] loop0: detected capacity change from 0 to 2048 [ 45.644344][ T1510] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 45.660860][ T1510] ================================================================== [ 45.669019][ T1510] BUG: KASAN: slab-out-of-bounds in ext4_read_inline_data+0x1e0/0x290 [ 45.677706][ T1510] Read of size 20 at addr ffff88811c3971a3 by task syz-executor.0/1510 [ 45.686098][ T1510] [ 45.688404][ T1510] CPU: 0 PID: 1510 Comm: syz-executor.0 Not tainted 5.15.138-syzkaller #0 [ 45.697168][ T1510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 45.707421][ T1510] Call Trace: [ 45.711039][ T1510] [ 45.714100][ T1510] dump_stack_lvl+0x41/0x5e [ 45.718834][ T1510] print_address_description.constprop.0.cold+0x6c/0x309 [ 45.726202][ T1510] ? ext4_read_inline_data+0x1e0/0x290 [ 45.731715][ T1510] ? ext4_read_inline_data+0x1e0/0x290 [ 45.737666][ T1510] kasan_report.cold+0x83/0xdf [ 45.742398][ T1510] ? ext4_read_inline_data+0x1e0/0x290 [ 45.748092][ T1510] kasan_check_range+0x13d/0x180 [ 45.752997][ T1510] memcpy+0x20/0x60 [ 45.757057][ T1510] ext4_read_inline_data+0x1e0/0x290 [ 45.762333][ T1510] ext4_convert_inline_data_nolock+0xe2/0xbd0 [ 45.768541][ T1510] ? ext4_convert_inline_data+0x2ad/0x4e0 [ 45.774238][ T1510] ? ext4_prepare_inline_data+0x1b0/0x1b0 [ 45.779923][ T1510] ? down_write+0xc8/0x130 [ 45.784337][ T1510] ? down_write_killable_nested+0x160/0x160 [ 45.790292][ T1510] ? ext4_journal_check_start+0x46/0x1d0 [ 45.796077][ T1510] ? __ext4_journal_start_sb+0x226/0x2e0 [ 45.801704][ T1510] ext4_convert_inline_data+0x419/0x4e0 [ 45.807215][ T1510] ? ext4_inline_data_truncate+0xa00/0xa00 [ 45.812987][ T1510] ? down_write_killable_nested+0x160/0x160 [ 45.818929][ T1510] ? lock_acquire+0x11a/0x230 [ 45.824006][ T1510] ? aa_path_link+0x2e0/0x2e0 [ 45.828764][ T1510] ext4_fallocate+0x13f/0x2d60 [ 45.833865][ T1510] ? __lock_acquire.constprop.0+0x478/0xb30 [ 45.839984][ T1510] ? ext4_ext_truncate+0x1c0/0x1c0 [ 45.845059][ T1510] ? lock_acquire+0x11a/0x230 [ 45.850047][ T1510] ? __x64_sys_fallocate+0xb0/0x100 [ 45.855470][ T1510] vfs_fallocate+0x2a8/0xa40 [ 45.860051][ T1510] __x64_sys_fallocate+0xb0/0x100 [ 45.865125][ T1510] do_syscall_64+0x35/0x80 [ 45.869628][ T1510] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 45.875665][ T1510] RIP: 0033:0x7fb35aa05959 [ 45.880140][ T1510] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 45.900350][ T1510] RSP: 002b:00007fb35a5880c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 45.908965][ T1510] RAX: ffffffffffffffda RBX: 00007fb35ab24f80 RCX: 00007fb35aa05959 [ 45.917077][ T1510] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 45.925109][ T1510] RBP: 00007fb35aa61c88 R08: 0000000000000000 R09: 0000000000000000 [ 45.933226][ T1510] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 45.941337][ T1510] R13: 0000000000000006 R14: 00007fb35ab24f80 R15: 00007ffcff7e1628 [ 45.949634][ T1510] [ 45.952645][ T1510] [ 45.955202][ T1510] Allocated by task 1454: [ 45.959609][ T1510] kasan_save_stack+0x1b/0x40 [ 45.964785][ T1510] __kasan_slab_alloc+0x61/0x80 [ 45.969712][ T1510] kmem_cache_alloc+0x211/0x310 [ 45.975341][ T1510] __anon_vma_prepare+0x45/0x4d0 [ 45.980768][ T1510] __handle_mm_fault+0x18c8/0x1ec0 [ 45.986109][ T1510] handle_mm_fault+0x1c0/0x5a0 [ 45.990854][ T1510] do_user_addr_fault+0x293/0xcb0 [ 45.996145][ T1510] exc_page_fault+0x5a/0xb0 [ 46.001064][ T1510] asm_exc_page_fault+0x22/0x30 [ 46.005986][ T1510] [ 46.008290][ T1510] Freed by task 1454: [ 46.012393][ T1510] kasan_save_stack+0x1b/0x40 [ 46.017321][ T1510] kasan_set_track+0x1c/0x30 [ 46.021969][ T1510] kasan_set_free_info+0x20/0x30 [ 46.027140][ T1510] __kasan_slab_free+0xe0/0x110 [ 46.032255][ T1510] kmem_cache_free+0x7e/0x450 [ 46.036924][ T1510] unlink_anon_vmas+0x149/0x770 [ 46.041747][ T1510] free_pgtables+0x131/0x2b0 [ 46.046305][ T1510] exit_mmap+0x17a/0x4e0 [ 46.050517][ T1510] mmput+0x90/0x390 [ 46.054413][ T1510] do_exit+0x87f/0x21d0 [ 46.058632][ T1510] do_group_exit+0xe7/0x290 [ 46.063191][ T1510] __x64_sys_exit_group+0x35/0x40 [ 46.068275][ T1510] do_syscall_64+0x35/0x80 [ 46.072749][ T1510] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 46.079010][ T1510] [ 46.081402][ T1510] The buggy address belongs to the object at ffff88811c397150 [ 46.081402][ T1510] which belongs to the cache anon_vma_chain of size 80 [ 46.096508][ T1510] The buggy address is located 3 bytes to the right of [ 46.096508][ T1510] 80-byte region [ffff88811c397150, ffff88811c3971a0) [ 46.110222][ T1510] The buggy address belongs to the page: [ 46.116006][ T1510] page:ffffea000470e5c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c397 [ 46.126578][ T1510] flags: 0x200000000000200(slab|node=0|zone=2) [ 46.132888][ T1510] raw: 0200000000000200 0000000000000000 0000000100000001 ffff88810013d140 [ 46.141635][ T1510] raw: 0000000000000000 0000000000240024 00000001ffffffff 0000000000000000 [ 46.150357][ T1510] page dumped because: kasan: bad access detected [ 46.157006][ T1510] page_owner tracks the page as allocated [ 46.162780][ T1510] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 573, ts 23122440664, free_ts 23121113416 [ 46.179196][ T1510] get_page_from_freelist+0x166f/0x2910 [ 46.184985][ T1510] __alloc_pages+0x2b3/0x590 [ 46.189566][ T1510] allocate_slab+0x2eb/0x430 [ 46.194440][ T1510] ___slab_alloc+0xb1c/0xf80 [ 46.199352][ T1510] kmem_cache_alloc+0x2d7/0x310 [ 46.204258][ T1510] __anon_vma_prepare+0x45/0x4d0 [ 46.209283][ T1510] __handle_mm_fault+0x1976/0x1ec0 [ 46.214570][ T1510] handle_mm_fault+0x1c0/0x5a0 [ 46.219302][ T1510] do_user_addr_fault+0x293/0xcb0 [ 46.224553][ T1510] exc_page_fault+0x5a/0xb0 [ 46.229136][ T1510] asm_exc_page_fault+0x22/0x30 [ 46.234129][ T1510] page last free stack trace: [ 46.238946][ T1510] free_pcp_prepare+0x34e/0x730 [ 46.243954][ T1510] free_unref_page+0x19/0x3b0 [ 46.248601][ T1510] tlb_finish_mmu+0x1ef/0x6c0 [ 46.253510][ T1510] exit_mmap+0x185/0x4e0 [ 46.257725][ T1510] mmput+0x90/0x390 [ 46.261618][ T1510] do_exit+0x87f/0x21d0 [ 46.265743][ T1510] do_group_exit+0xe7/0x290 [ 46.270214][ T1510] __x64_sys_exit_group+0x35/0x40 [ 46.275218][ T1510] do_syscall_64+0x35/0x80 [ 46.279713][ T1510] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 46.285660][ T1510] [ 46.288050][ T1510] Memory state around the buggy address: [ 46.293643][ T1510] ffff88811c397080: fb fb fb fb fb fb fb fb fc fc fc fc fa fb fb fb [ 46.301861][ T1510] ffff88811c397100: fb fb fb fb fb fb fc fc fc fc fa fb fb fb fb fb [ 46.310076][ T1510] >ffff88811c397180: fb fb fb fb fc fc fc fc fa fb fb fb fb fb fb fb [ 46.318482][ T1510] ^ [ 46.323562][ T1510] ffff88811c397200: fb fb fc fc fc fc fa fb fb fb fb fb fb fb fb fb [ 46.331673][ T1510] ffff88811c397280: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fc fc [ 46.339948][ T1510] ================================================================== [ 46.348164][ T1510] Disabling lock debugging due to kernel taint [ 46.354495][ T1510] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 46.362189][ T1510] Kernel Offset: disabled [ 46.366847][ T1510] Rebooting in 86400 seconds..