Warning: Permanently added '10.128.0.203' (ED25519) to the list of known hosts. 2023/10/30 15:44:42 ignoring optional flag "sandboxArg"="0" 2023/10/30 15:44:42 parsed 1 programs 2023/10/30 15:44:42 executed programs: 0 [ 44.915578][ T1387] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 48.695085][ T1847] loop0: detected capacity change from 0 to 512 [ 48.716336][ T1847] EXT4-fs (loop0): 1 orphan inode deleted [ 48.722267][ T1847] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 48.735245][ T1847] ext4 filesystem being mounted at /root/syzkaller-testdir1153873242/syzkaller.EQsuTu/0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.761607][ T1846] ================================================================== [ 48.769870][ T1846] BUG: KASAN: use-after-free in ext4_find_extent+0xb28/0xcd0 [ 48.777398][ T1846] Read of size 4 at addr ffff88812490d070 by task syz-executor.0/1846 [ 48.786452][ T1846] [ 48.788848][ T1846] CPU: 0 PID: 1846 Comm: syz-executor.0 Not tainted 6.6.0-syzkaller #0 [ 48.797339][ T1846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 48.807665][ T1846] Call Trace: [ 48.811375][ T1846] [ 48.814327][ T1846] dump_stack_lvl+0xf8/0x260 [ 48.819056][ T1846] ? nf_tcp_handle_invalid+0x300/0x300 [ 48.824589][ T1846] ? panic+0x410/0x410 [ 48.828917][ T1846] ? _printk+0xce/0x110 [ 48.833239][ T1846] print_report+0x163/0x540 [ 48.838173][ T1846] ? ext4_find_extent+0xb28/0xcd0 [ 48.843475][ T1846] kasan_report+0x175/0x1b0 [ 48.848112][ T1846] ? ext4_find_extent+0xb28/0xcd0 [ 48.853592][ T1846] ext4_find_extent+0xb28/0xcd0 [ 48.858697][ T1846] ext4_ext_map_blocks+0x282/0x6380 [ 48.864501][ T1846] ? do_raw_spin_trylock+0xc8/0x1f0 [ 48.869966][ T1846] ? do_raw_spin_unlock+0x13b/0x8b0 [ 48.875568][ T1846] ? free_unref_page_commit+0x1dd/0x460 [ 48.881610][ T1846] ? __lock_acquire+0x5c3/0xbe0 [ 48.886453][ T1846] ? ext4_ext_release+0x10/0x10 [ 48.891682][ T1846] ? read_lock_is_recursive+0x20/0x20 [ 48.897211][ T1846] ? ext4_es_lookup_extent+0x486/0x780 [ 48.902742][ T1846] ext4_map_blocks+0x831/0x1800 [ 48.907587][ T1846] ? ext4_issue_zeroout+0x140/0x140 [ 48.913219][ T1846] _ext4_get_block+0x1dc/0x5a0 [ 48.917979][ T1846] ? folio_create_buffers+0xc8/0x180 [ 48.923567][ T1846] ? __rwlock_init+0x150/0x150 [ 48.929682][ T1846] ? ext4_get_block+0x10/0x10 [ 48.934809][ T1846] ? do_raw_spin_unlock+0x13b/0x8b0 [ 48.940073][ T1846] ? _raw_spin_unlock+0x28/0x40 [ 48.945170][ T1846] ? folio_create_buffers+0xc8/0x180 [ 48.951060][ T1846] __block_write_begin_int+0x3b7/0x1380 [ 48.956595][ T1846] ? ext4_es_is_delayed+0x40/0x40 [ 48.961711][ T1846] ? folio_zero_new_buffers+0x510/0x510 [ 48.967498][ T1846] ? file_update_time+0x160/0x160 [ 48.972843][ T1846] ? ext4_inline_data_truncate+0xaf0/0xaf0 [ 48.978639][ T1846] ? ext4_page_mkwrite+0x621/0x1140 [ 48.984405][ T1846] block_page_mkwrite+0x272/0x4a0 [ 48.989973][ T1846] ? ext4_es_is_delayed+0x40/0x40 [ 48.995355][ T1846] ext4_page_mkwrite+0x654/0x1140 [ 49.000895][ T1846] ? ext4_es_is_delayed+0x40/0x40 [ 49.005990][ T1846] ? do_page_mkwrite+0x144/0x370 [ 49.011207][ T1846] ? ext4_change_inode_journal_flag+0x740/0x740 [ 49.017527][ T1846] do_page_mkwrite+0x144/0x370 [ 49.022626][ T1846] ? do_wp_page+0x3b3/0x26f0 [ 49.027539][ T1846] do_wp_page+0x3fc/0x26f0 [ 49.032026][ T1846] ? __lock_acquire+0x5c3/0xbe0 [ 49.037115][ T1846] ? folio_put+0x80/0x80 [ 49.041340][ T1846] ? do_raw_spin_lock+0x14d/0x3a0 [ 49.046528][ T1846] ? read_lock_is_recursive+0x20/0x20 [ 49.052074][ T1846] ? __rwlock_init+0x150/0x150 [ 49.056933][ T1846] handle_mm_fault+0x15c3/0x31e0 [ 49.062040][ T1846] ? __lock_acquire+0xbe0/0xbe0 [ 49.067136][ T1846] ? numa_migrate_prep+0x1b0/0x1b0 [ 49.074131][ T1846] ? mt_find+0x3b3/0x640 [ 49.078547][ T1846] ? mt_find+0x245/0x640 [ 49.082773][ T1846] ? mtree_destroy+0x120/0x120 [ 49.087533][ T1846] exc_page_fault+0x354/0x8b0 [ 49.092464][ T1846] asm_exc_page_fault+0x26/0x30 [ 49.097398][ T1846] RIP: 0033:0x7ffa3abb2d07 [ 49.102430][ T1846] Code: ce 48 ff c7 48 01 fe 48 8d 54 11 80 0f 1f 80 00 00 00 00 c5 fe 6f 0e c5 fe 6f 56 20 c5 fe 6f 5e 40 c5 fe 6f 66 60 48 83 ee 80 fd 7f 0f c5 fd 7f 57 20 c5 fd 7f 5f 40 c5 fd 7f 67 60 48 83 ef [ 49.122918][ T1846] RSP: 002b:00007ffed58ffc38 EFLAGS: 00010203 [ 49.129231][ T1846] RAX: 0000000020003600 RBX: 00007ffed58ffd48 RCX: 0000000020003600 [ 49.137186][ T1846] RDX: 00000000200036a9 RSI: 00007ffa3a7757b0 RDI: 0000000020003620 [ 49.145324][ T1846] RBP: 0000000000000001 R08: 0000000000000000 R09: 00007ffa3acf0f8c [ 49.153291][ T1846] R10: 00007ffed58ffd70 R11: 0000000000000246 R12: 00007ffa3a7756f0 [ 49.161667][ T1846] R13: fffffffffffffffe R14: 00007ffa3a755000 R15: 00007ffa3a7756f8 [ 49.170241][ T1846] [ 49.173264][ T1846] [ 49.175746][ T1846] The buggy address belongs to the physical page: [ 49.182217][ T1846] page:ffffea0004924340 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x12490d [ 49.192956][ T1846] flags: 0x200000000000000(node=0|zone=2) [ 49.198950][ T1846] page_type: 0xffffffff() [ 49.203358][ T1846] raw: 0200000000000000 ffffea0004924388 ffff8881f743e6e0 0000000000000000 [ 49.212493][ T1846] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 49.221930][ T1846] page dumped because: kasan: bad access detected [ 49.228536][ T1846] page_owner info is not present (never set?) [ 49.234683][ T1846] [ 49.237432][ T1846] Memory state around the buggy address: [ 49.243404][ T1846] ffff88812490cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.251717][ T1846] ffff88812490cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 49.260575][ T1846] >ffff88812490d000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.268854][ T1846] ^ [ 49.276905][ T1846] ffff88812490d080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.285217][ T1846] ffff88812490d100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 49.293431][ T1846] ================================================================== [ 49.301932][ T1846] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 49.309448][ T1846] Kernel Offset: disabled [ 49.313868][ T1846] Rebooting in 86400 seconds..