Warning: Permanently added '10.128.0.133' (ED25519) to the list of known hosts. 2023/10/25 11:44:52 ignoring optional flag "sandboxArg"="0" 2023/10/25 11:44:53 parsed 1 programs 2023/10/25 11:44:53 executed programs: 0 [ 48.193517][ T1045] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 53.445641][ T1506] loop0: detected capacity change from 0 to 512 [ 53.473126][ T1506] EXT4-fs (loop0): 1 orphan inode deleted [ 53.479267][ T1506] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. 2023/10/25 11:44:58 executed programs: 1 [ 53.488466][ T1506] ext4 filesystem being mounted at /root/syzkaller-testdir3897663696/syzkaller.ZF94S2/0/file1 supports timestamps until 2038 (0x7fffffff) [ 53.514757][ T1506] EXT4-fs (loop0): re-mounted. Quota mode: writeback. [ 53.530521][ T1052] EXT4-fs (loop0): unmounting filesystem. [ 53.536816][ T1052] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5856: Corrupt filesystem [ 53.547034][ T1052] EXT4-fs (loop0): Remounting filesystem read-only [ 53.553610][ T1052] EXT4-fs error (device loop0): ext4_quota_off:7054: inode #3: comm syz-executor.0: mark_inode_dirty error [ 53.577196][ T1512] loop0: detected capacity change from 0 to 512 [ 53.602333][ T1512] EXT4-fs (loop0): 1 orphan inode deleted [ 53.608218][ T1512] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 53.617370][ T1512] ext4 filesystem being mounted at /root/syzkaller-testdir3897663696/syzkaller.ZF94S2/1/file1 supports timestamps until 2038 (0x7fffffff) [ 53.642146][ T1511] EXT4-fs error (device loop0): ext4_map_blocks:721: inode #16: block 3: comm syz-executor.0: lblock 3 mapped to illegal pblock 3 (length 1) [ 53.656966][ T1511] EXT4-fs (loop0): Remounting filesystem read-only [ 53.664316][ T1512] EXT4-fs error (device loop0): __ext4_remount:6425: comm syz-executor.0: Abort forced by user [ 53.681376][ T1052] EXT4-fs (loop0): unmounting filesystem. [ 53.700306][ T1516] loop0: detected capacity change from 0 to 512 [ 53.711962][ T1516] EXT4-fs (loop0): 1 orphan inode deleted [ 53.717704][ T1516] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 53.726871][ T1516] ext4 filesystem being mounted at /root/syzkaller-testdir3897663696/syzkaller.ZF94S2/2/file1 supports timestamps until 2038 (0x7fffffff) [ 53.751401][ T1515] EXT4-fs error (device loop0): ext4_map_blocks:721: inode #16: block 3: comm syz-executor.0: lblock 3 mapped to illegal pblock 3 (length 1) [ 53.766294][ T1515] EXT4-fs (loop0): Remounting filesystem read-only [ 53.773728][ T1516] EXT4-fs error (device loop0): __ext4_remount:6425: comm syz-executor.0: Abort forced by user [ 53.791419][ T1052] EXT4-fs (loop0): unmounting filesystem. [ 53.811088][ T1520] loop0: detected capacity change from 0 to 512 [ 53.823095][ T1520] EXT4-fs (loop0): 1 orphan inode deleted [ 53.829062][ T1520] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 53.838919][ T1520] ext4 filesystem being mounted at /root/syzkaller-testdir3897663696/syzkaller.ZF94S2/3/file1 supports timestamps until 2038 (0x7fffffff) [ 53.864100][ T1519] EXT4-fs error (device loop0): ext4_map_blocks:721: inode #16: block 3: comm syz-executor.0: lblock 3 mapped to illegal pblock 3 (length 1) [ 53.879418][ T1519] EXT4-fs (loop0): Remounting filesystem read-only [ 53.886632][ T1520] EXT4-fs error (device loop0): __ext4_remount:6425: comm syz-executor.0: Abort forced by user [ 53.903711][ T1052] EXT4-fs (loop0): unmounting filesystem. [ 53.922690][ T1524] loop0: detected capacity change from 0 to 512 [ 53.942222][ T1524] EXT4-fs (loop0): 1 orphan inode deleted [ 53.948008][ T1524] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 53.957238][ T1524] ext4 filesystem being mounted at /root/syzkaller-testdir3897663696/syzkaller.ZF94S2/4/file1 supports timestamps until 2038 (0x7fffffff) [ 53.986146][ T1523] ================================================================== [ 53.994504][ T1523] BUG: KASAN: use-after-free in ext4_find_extent+0xb24/0xcd0 [ 54.002125][ T1523] Read of size 4 at addr ffff8881255ea838 by task syz-executor.0/1523 [ 54.010248][ T1523] [ 54.012645][ T1523] CPU: 1 PID: 1523 Comm: syz-executor.0 Not tainted 6.1.59-syzkaller #0 [ 54.020941][ T1523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 54.031263][ T1523] Call Trace: [ 54.034710][ T1523] [ 54.037715][ T1523] dump_stack_lvl+0xf4/0x251 [ 54.042371][ T1523] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 54.048242][ T1523] ? panic+0x3f7/0x3f7 [ 54.052368][ T1523] ? _printk+0xca/0x10a [ 54.056493][ T1523] print_report+0x15f/0x4f0 [ 54.060968][ T1523] ? __getblk_gfp+0x1f/0x810 [ 54.065526][ T1523] ? ext4_find_extent+0xb24/0xcd0 [ 54.070785][ T1523] kasan_report+0x136/0x160 [ 54.075375][ T1523] ? ext4_find_extent+0xb24/0xcd0 [ 54.080472][ T1523] ext4_find_extent+0xb24/0xcd0 [ 54.085622][ T1523] ext4_ext_map_blocks+0x297/0x62f0 [ 54.091081][ T1523] ? mod_objcg_mlstate+0x9a/0x3e0 [ 54.096349][ T1523] ? __lock_acquire+0x607/0xb70 [ 54.101627][ T1523] ? ext4_ext_release+0x10/0x10 [ 54.106578][ T1523] ? __lock_acquire+0x607/0xb70 [ 54.111422][ T1523] ? __down_write_common+0x12a/0x1e0 [ 54.116703][ T1523] ? ext4_es_lookup_extent+0x2ce/0x780 [ 54.122168][ T1523] ext4_map_blocks+0x82a/0x1810 [ 54.127006][ T1523] ? ext4_issue_zeroout+0x140/0x140 [ 54.132180][ T1523] _ext4_get_block+0x1d0/0x540 [ 54.136986][ T1523] ? attach_page_private+0xd8/0x200 [ 54.142305][ T1523] ? ext4_get_block+0x10/0x10 [ 54.147514][ T1523] ? create_page_buffers+0x16c/0x2f0 [ 54.153073][ T1523] __block_write_begin_int+0x32a/0x1150 [ 54.159125][ T1523] ? ext4_es_is_delayed+0x40/0x40 [ 54.164136][ T1523] ? page_zero_new_buffers+0x3f0/0x3f0 [ 54.169578][ T1523] ? ext4_inline_data_truncate+0xb70/0xb70 [ 54.175360][ T1523] block_page_mkwrite+0x218/0x400 [ 54.180641][ T1523] ? ext4_es_is_delayed+0x40/0x40 [ 54.186218][ T1523] ext4_page_mkwrite+0x5d9/0xf20 [ 54.191275][ T1523] ? ext4_es_is_delayed+0x40/0x40 [ 54.196388][ T1523] ? wp_page_shared+0x13e/0x540 [ 54.201389][ T1523] ? do_page_mkwrite+0x149/0x410 [ 54.206737][ T1523] ? ext4_change_inode_journal_flag+0x520/0x520 [ 54.212957][ T1523] do_page_mkwrite+0x149/0x410 [ 54.217893][ T1523] wp_page_shared+0x146/0x540 [ 54.222739][ T1523] handle_mm_fault+0x91a/0x2bf0 [ 54.227754][ T1523] ? numa_migrate_prep+0x1a0/0x1a0 [ 54.232844][ T1523] exc_page_fault+0x22a/0x5e0 [ 54.237755][ T1523] asm_exc_page_fault+0x22/0x30 [ 54.242753][ T1523] RIP: 0033:0x7f5363dc3cc7 [ 54.247149][ T1523] Code: ce 48 ff c7 48 01 fe 48 8d 54 11 80 0f 1f 80 00 00 00 00 c5 fe 6f 0e c5 fe 6f 56 20 c5 fe 6f 5e 40 c5 fe 6f 66 60 48 83 ee 80 fd 7f 0f c5 fd 7f 57 20 c5 fd 7f 5f 40 c5 fd 7f 67 60 48 83 ef [ 54.266828][ T1523] RSP: 002b:00007fff9c14aac8 EFLAGS: 00010203 [ 54.272963][ T1523] RAX: 0000000020003600 RBX: 00007fff9c14abd8 RCX: 0000000020003600 [ 54.280997][ T1523] RDX: 00000000200036a9 RSI: 00007f53639867b0 RDI: 0000000020003620 [ 54.288942][ T1523] RBP: 0000000000000001 R08: 0000000000000000 R09: 00007f5363f01f8c [ 54.296977][ T1523] R10: 00007fff9c14ac00 R11: 0000000000000246 R12: 00007f53639866f0 [ 54.305007][ T1523] R13: fffffffffffffffe R14: 00007f5363966000 R15: 00007f53639866f8 [ 54.313254][ T1523] [ 54.316496][ T1523] [ 54.319610][ T1523] The buggy address belongs to the physical page: [ 54.326295][ T1523] page:ffffea0004957a80 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1255ea [ 54.336787][ T1523] flags: 0x200000000000000(node=0|zone=2) [ 54.342597][ T1523] raw: 0200000000000000 ffffea0004957ac8 ffffea0004957a48 0000000000000000 [ 54.351558][ T1523] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 54.360110][ T1523] page dumped because: kasan: bad access detected [ 54.366758][ T1523] page_owner tracks the page as freed [ 54.372105][ T1523] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1417, tgid 1417 (modprobe), ts 52404716437, free_ts 52414337233 [ 54.389876][ T1523] post_alloc_hook+0x286/0x2b0 [ 54.394625][ T1523] get_page_from_freelist+0x2ba7/0x2de0 [ 54.400232][ T1523] __alloc_pages+0x251/0x640 [ 54.404968][ T1523] vma_alloc_folio+0x689/0x870 [ 54.409704][ T1523] handle_mm_fault+0x1343/0x2bf0 [ 54.414614][ T1523] exc_page_fault+0x22a/0x5e0 [ 54.420130][ T1523] asm_exc_page_fault+0x22/0x30 [ 54.424956][ T1523] page last free stack trace: [ 54.429609][ T1523] free_unref_page_prepare+0xca9/0xd80 [ 54.435232][ T1523] free_unref_page_list+0xaa/0x690 [ 54.440409][ T1523] release_pages+0x1763/0x1900 [ 54.445242][ T1523] tlb_flush_mmu+0x26f/0x3d0 [ 54.449994][ T1523] tlb_finish_mmu+0xb0/0x1b0 [ 54.454665][ T1523] exit_mmap+0x311/0x700 [ 54.458998][ T1523] __mmput+0x61/0x290 [ 54.462958][ T1523] exit_mm+0x122/0x1b0 [ 54.466998][ T1523] do_exit+0x81e/0x23a0 [ 54.471126][ T1523] do_group_exit+0x1b5/0x280 [ 54.476208][ T1523] __x64_sys_exit_group+0x3b/0x40 [ 54.481292][ T1523] do_syscall_64+0x3d/0x80 [ 54.485765][ T1523] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.491646][ T1523] [ 54.493945][ T1523] Memory state around the buggy address: [ 54.499565][ T1523] ffff8881255ea700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.507689][ T1523] ffff8881255ea780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.515935][ T1523] >ffff8881255ea800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.524053][ T1523] ^ [ 54.530260][ T1523] ffff8881255ea880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.538709][ T1523] ffff8881255ea900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.546851][ T1523] ================================================================== [ 54.555259][ T1523] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 54.562864][ T1523] Kernel Offset: disabled [ 54.567219][ T1523] Rebooting in 86400 seconds..