Warning: Permanently added '10.128.1.96' (ED25519) to the list of known hosts. 2024/05/26 16:15:52 ignoring optional flag "sandboxArg"="0" 2024/05/26 16:15:52 parsed 1 programs 2024/05/26 16:15:52 executed programs: 0 [ 46.199502][ T1502] loop0: detected capacity change from 0 to 2048 [ 46.229307][ T1502] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 46.245451][ T1502] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #18: comm syz-executor.0: corrupted in-inode xattr [ 46.328979][ T1508] loop0: detected capacity change from 0 to 2048 [ 46.338310][ T1508] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 46.353608][ T1508] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #18: comm syz-executor.0: corrupted in-inode xattr [ 46.418392][ T1513] loop0: detected capacity change from 0 to 2048 [ 46.438616][ T1513] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 46.456295][ T1513] ================================================================== [ 46.464436][ T1513] BUG: KASAN: use-after-free in ext4_read_inline_data+0x1e0/0x290 [ 46.472227][ T1513] Read of size 20 at addr ffff88811f0d51a3 by task syz-executor.0/1513 [ 46.480703][ T1513] [ 46.483025][ T1513] CPU: 1 PID: 1513 Comm: syz-executor.0 Not tainted 5.15.160-syzkaller #0 [ 46.491490][ T1513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 46.501522][ T1513] Call Trace: [ 46.504778][ T1513] [ 46.507689][ T1513] dump_stack_lvl+0x41/0x5e [ 46.512373][ T1513] print_address_description.constprop.0.cold+0x6c/0x309 [ 46.519463][ T1513] ? ext4_read_inline_data+0x1e0/0x290 [ 46.524921][ T1513] ? ext4_read_inline_data+0x1e0/0x290 [ 46.530390][ T1513] kasan_report.cold+0x83/0xdf [ 46.535145][ T1513] ? ext4_read_inline_data+0x1e0/0x290 [ 46.540584][ T1513] kasan_check_range+0x13d/0x180 [ 46.545518][ T1513] memcpy+0x20/0x60 [ 46.549312][ T1513] ext4_read_inline_data+0x1e0/0x290 [ 46.554582][ T1513] ext4_convert_inline_data_nolock+0xe2/0xbd0 [ 46.560679][ T1513] ? ext4_convert_inline_data+0x2ad/0x4e0 [ 46.566406][ T1513] ? ext4_prepare_inline_data+0x1b0/0x1b0 [ 46.572099][ T1513] ? down_write+0xc8/0x140 [ 46.576577][ T1513] ? down_write_killable_nested+0x160/0x160 [ 46.582437][ T1513] ? ext4_journal_check_start+0x46/0x1d0 [ 46.588037][ T1513] ? __ext4_journal_start_sb+0x226/0x2e0 [ 46.593644][ T1513] ext4_convert_inline_data+0x419/0x4e0 [ 46.599285][ T1513] ? ext4_inline_data_truncate+0xa00/0xa00 [ 46.605175][ T1513] ? down_write_killable_nested+0x160/0x160 [ 46.611075][ T1513] ? aa_path_link+0x2e0/0x2e0 [ 46.615815][ T1513] ext4_fallocate+0x13f/0x2d60 [ 46.620675][ T1513] ? __lock_acquire.constprop.0+0x478/0xb30 [ 46.626837][ T1513] ? ext4_ext_truncate+0x1c0/0x1c0 [ 46.631923][ T1513] ? lock_acquire+0x11a/0x230 [ 46.636585][ T1513] ? __x64_sys_fallocate+0xb0/0x100 [ 46.641845][ T1513] vfs_fallocate+0x2a8/0xa40 [ 46.646528][ T1513] __x64_sys_fallocate+0xb0/0x100 [ 46.651887][ T1513] do_syscall_64+0x33/0x80 [ 46.656316][ T1513] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 46.662211][ T1513] RIP: 0033:0x7fb24ed9d959 [ 46.666616][ T1513] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 46.686421][ T1513] RSP: 002b:00007fb24e9200c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 46.695525][ T1513] RAX: ffffffffffffffda RBX: 00007fb24eebcf80 RCX: 00007fb24ed9d959 [ 46.703573][ T1513] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 46.711835][ T1513] RBP: 00007fb24edf9c88 R08: 0000000000000000 R09: 0000000000000000 [ 46.720057][ T1513] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 46.728200][ T1513] R13: 0000000000000016 R14: 00007fb24eebcf80 R15: 00007ffc7ec7ff58 [ 46.736255][ T1513] [ 46.739348][ T1513] [ 46.741734][ T1513] Allocated by task 1099: [ 46.746140][ T1513] kasan_save_stack+0x1b/0x40 [ 46.750986][ T1513] __kasan_slab_alloc+0x61/0x80 [ 46.755889][ T1513] kmem_cache_alloc+0x211/0x310 [ 46.760866][ T1513] vm_area_alloc+0x17/0xf0 [ 46.765281][ T1513] mmap_region+0x618/0x1050 [ 46.769852][ T1513] do_mmap+0x5ca/0xd80 [ 46.773917][ T1513] vm_mmap_pgoff+0x160/0x200 [ 46.778481][ T1513] ksys_mmap_pgoff+0x396/0x570 [ 46.783219][ T1513] do_syscall_64+0x33/0x80 [ 46.787608][ T1513] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 46.793640][ T1513] [ 46.795938][ T1513] Freed by task 1099: [ 46.799886][ T1513] kasan_save_stack+0x1b/0x40 [ 46.804751][ T1513] kasan_set_track+0x1c/0x30 [ 46.809387][ T1513] kasan_set_free_info+0x20/0x30 [ 46.814391][ T1513] __kasan_slab_free+0xe0/0x110 [ 46.819296][ T1513] kmem_cache_free+0x7e/0x450 [ 46.823971][ T1513] remove_vma+0xeb/0x120 [ 46.828231][ T1513] exit_mmap+0x1e0/0x4e0 [ 46.832464][ T1513] mmput+0x90/0x390 [ 46.836257][ T1513] do_exit+0x87f/0x21d0 [ 46.840683][ T1513] do_group_exit+0xe7/0x290 [ 46.845196][ T1513] __x64_sys_exit_group+0x35/0x40 [ 46.850328][ T1513] do_syscall_64+0x33/0x80 [ 46.854812][ T1513] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 46.860690][ T1513] [ 46.862992][ T1513] The buggy address belongs to the object at ffff88811f0d5100 [ 46.862992][ T1513] which belongs to the cache vm_area_struct of size 192 [ 46.877280][ T1513] The buggy address is located 163 bytes inside of [ 46.877280][ T1513] 192-byte region [ffff88811f0d5100, ffff88811f0d51c0) [ 46.890547][ T1513] The buggy address belongs to the page: [ 46.896608][ T1513] page:ffffea00047c3540 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f0d5 [ 46.906911][ T1513] flags: 0x200000000000200(slab|node=0|zone=2) [ 46.913222][ T1513] raw: 0200000000000200 0000000000000000 0000000100000001 ffff888100137a00 [ 46.921921][ T1513] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 46.930832][ T1513] page dumped because: kasan: bad access detected [ 46.937279][ T1513] page_owner tracks the page as allocated [ 46.943097][ T1513] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 676, ts 24186683576, free_ts 24185602975 [ 46.959697][ T1513] get_page_from_freelist+0x166f/0x2910 [ 46.965427][ T1513] __alloc_pages+0x2b3/0x590 [ 46.970007][ T1513] allocate_slab+0x2eb/0x430 [ 46.974666][ T1513] ___slab_alloc+0xb1c/0xf80 [ 46.979246][ T1513] kmem_cache_alloc+0x2d7/0x310 [ 46.984076][ T1513] vm_area_alloc+0x17/0xf0 [ 46.988462][ T1513] __install_special_mapping+0x26/0x3c0 [ 46.993976][ T1513] map_vdso+0x17b/0x390 [ 46.998190][ T1513] load_elf_binary+0x1b53/0x3eb0 [ 47.003101][ T1513] bprm_execve+0x62a/0x1330 [ 47.007581][ T1513] kernel_execve+0x2dc/0x400 [ 47.012269][ T1513] call_usermodehelper_exec_async+0x2c1/0x500 [ 47.018315][ T1513] ret_from_fork+0x1f/0x30 [ 47.022802][ T1513] page last free stack trace: [ 47.027577][ T1513] free_pcp_prepare+0x34e/0x730 [ 47.032623][ T1513] free_unref_page+0x19/0x3b0 [ 47.037297][ T1513] tlb_finish_mmu+0x1ef/0x6c0 [ 47.042031][ T1513] exit_mmap+0x185/0x4e0 [ 47.046259][ T1513] mmput+0x90/0x390 [ 47.050083][ T1513] do_exit+0x87f/0x21d0 [ 47.054462][ T1513] do_group_exit+0xe7/0x290 [ 47.059050][ T1513] __x64_sys_exit_group+0x35/0x40 [ 47.064322][ T1513] do_syscall_64+0x33/0x80 [ 47.068720][ T1513] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 47.074676][ T1513] [ 47.077087][ T1513] Memory state around the buggy address: [ 47.082786][ T1513] ffff88811f0d5080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 47.091349][ T1513] ffff88811f0d5100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.099477][ T1513] >ffff88811f0d5180: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 47.107774][ T1513] ^ [ 47.113032][ T1513] ffff88811f0d5200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.121291][ T1513] ffff88811f0d5280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 47.129608][ T1513] ================================================================== [ 47.137731][ T1513] Disabling lock debugging due to kernel taint [ 47.144078][ T1513] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 47.151792][ T1513] Kernel Offset: disabled [ 47.156117][ T1513] Rebooting in 86400 seconds..