Warning: Permanently added '10.128.1.22' (ED25519) to the list of known hosts. 2024/10/24 14:01:09 ignoring optional flag "sandboxArg"="0" 2024/10/24 14:01:09 ignoring optional flag "type"="gce" 2024/10/24 14:01:09 parsed 1 programs 2024/10/24 14:01:09 executed programs: 0 [ 57.239338][ T1400] loop0: detected capacity change from 0 to 2048 [ 57.266560][ T1400] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 57.281875][ T1400] ================================================================== [ 57.289941][ T1400] BUG: KASAN: use-after-free in ext4_convert_inline_data_nolock+0x282/0xc10 [ 57.298602][ T1400] Read of size 20 at addr ffff8881233cf1a3 by task syz-executor.0/1400 [ 57.306805][ T1400] [ 57.309120][ T1400] CPU: 0 PID: 1400 Comm: syz-executor.0 Not tainted 6.1.114-syzkaller #0 [ 57.317493][ T1400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 57.327527][ T1400] Call Trace: [ 57.330779][ T1400] [ 57.333678][ T1400] dump_stack_lvl+0xf4/0x251 [ 57.338256][ T1400] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 57.343677][ T1400] ? panic+0x3fe/0x3fe [ 57.347713][ T1400] ? _printk+0xca/0x10a [ 57.351844][ T1400] ? __virt_addr_valid+0x139/0x270 [ 57.356939][ T1400] ? __virt_addr_valid+0x221/0x270 [ 57.362027][ T1400] print_report+0x15f/0x4f0 [ 57.366502][ T1400] ? __virt_addr_valid+0x139/0x270 [ 57.371593][ T1400] ? __virt_addr_valid+0x221/0x270 [ 57.376675][ T1400] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 57.382970][ T1400] kasan_report+0x136/0x160 [ 57.387442][ T1400] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 57.393739][ T1400] kasan_check_range+0x27f/0x290 [ 57.398650][ T1400] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 57.404949][ T1400] memcpy+0x25/0x60 [ 57.408809][ T1400] ext4_convert_inline_data_nolock+0x282/0xc10 [ 57.414943][ T1400] ? ext4_add_dirent_to_inline+0x390/0x390 [ 57.420727][ T1400] ? down_write+0x146/0x1d0 [ 57.425201][ T1400] ? __ext4_journal_start_sb+0xa4/0x360 [ 57.430716][ T1400] ext4_convert_inline_data+0x3b8/0x4d0 [ 57.436226][ T1400] ? ext4_inline_data_truncate+0xb70/0xb70 [ 57.441997][ T1400] ? down_write+0x146/0x1d0 [ 57.446462][ T1400] ext4_fallocate+0x136/0x17b0 [ 57.451188][ T1400] ? read_lock_is_recursive+0x10/0x10 [ 57.456541][ T1400] ? ext4_ext_truncate+0x260/0x260 [ 57.461614][ T1400] ? preempt_count_add+0x8f/0x120 [ 57.466602][ T1400] vfs_fallocate+0x30c/0x3d0 [ 57.471156][ T1400] __x64_sys_fallocate+0xa6/0xd0 [ 57.476062][ T1400] do_syscall_64+0x3b/0x80 [ 57.480442][ T1400] ? clear_bhb_loop+0x45/0xa0 [ 57.485083][ T1400] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 57.490963][ T1400] RIP: 0033:0x7f8faa260959 [ 57.495357][ T1400] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 57.514926][ T1400] RSP: 002b:00007f8fa9de30c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 57.523318][ T1400] RAX: ffffffffffffffda RBX: 00007f8faa37ff80 RCX: 00007f8faa260959 [ 57.531254][ T1400] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 57.539192][ T1400] RBP: 00007f8faa2bcc88 R08: 0000000000000000 R09: 0000000000000000 [ 57.547304][ T1400] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 57.555334][ T1400] R13: 0000000000000006 R14: 00007f8faa37ff80 R15: 00007fff65cf6dc8 [ 57.563275][ T1400] [ 57.566265][ T1400] [ 57.568557][ T1400] The buggy address belongs to the physical page: [ 57.574937][ T1400] page:ffffea00048cf3c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1233cf [ 57.585149][ T1400] flags: 0x200000000000000(node=0|zone=2) [ 57.590832][ T1400] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 57.599552][ T1400] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 57.608096][ T1400] page dumped because: kasan: bad access detected [ 57.614480][ T1400] page_owner tracks the page as freed [ 57.619809][ T1400] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102800(GFP_NOWAIT|__GFP_NOWARN|__GFP_HARDWALL), pid 1397, tgid 1397 (modprobe), ts 57213745670, free_ts 57214447436 [ 57.637912][ T1400] post_alloc_hook+0x286/0x2b0 [ 57.642646][ T1400] get_page_from_freelist+0x2ba7/0x2de0 [ 57.648152][ T1400] __alloc_pages+0x251/0x640 [ 57.652704][ T1400] __get_free_pages+0x8/0x30 [ 57.657257][ T1400] __tlb_remove_page_size+0x1b6/0x3c0 [ 57.662590][ T1400] unmap_page_range+0xb38/0x1760 [ 57.667493][ T1400] unmap_vmas+0x227/0x290 [ 57.671785][ T1400] exit_mmap+0x1fa/0x700 [ 57.675989][ T1400] __mmput+0x61/0x290 [ 57.679931][ T1400] exit_mm+0x122/0x1b0 [ 57.683962][ T1400] do_exit+0x81e/0x23a0 [ 57.688082][ T1400] do_group_exit+0x1b5/0x280 [ 57.692632][ T1400] __x64_sys_exit_group+0x3b/0x40 [ 57.697624][ T1400] do_syscall_64+0x3b/0x80 [ 57.702003][ T1400] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 57.707861][ T1400] page last free stack trace: [ 57.712498][ T1400] free_unref_page_prepare+0xccc/0xdb0 [ 57.717918][ T1400] free_unref_page+0x30/0x230 [ 57.722554][ T1400] tlb_finish_mmu+0x135/0x1b0 [ 57.727193][ T1400] exit_mmap+0x311/0x700 [ 57.731395][ T1400] __mmput+0x61/0x290 [ 57.735343][ T1400] exit_mm+0x122/0x1b0 [ 57.739372][ T1400] do_exit+0x81e/0x23a0 [ 57.743488][ T1400] do_group_exit+0x1b5/0x280 [ 57.748042][ T1400] __x64_sys_exit_group+0x3b/0x40 [ 57.753031][ T1400] do_syscall_64+0x3b/0x80 [ 57.757412][ T1400] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 57.763266][ T1400] [ 57.765558][ T1400] Memory state around the buggy address: [ 57.771147][ T1400] ffff8881233cf080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.779169][ T1400] ffff8881233cf100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.787192][ T1400] >ffff8881233cf180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.795213][ T1400] ^ [ 57.800282][ T1400] ffff8881233cf200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.808304][ T1400] ffff8881233cf280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 57.816325][ T1400] ================================================================== [ 57.824670][ T1400] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 57.832059][ T1400] Kernel Offset: disabled [ 57.836354][ T1400] Rebooting in 86400 seconds..