Warning: Permanently added '10.128.0.68' (ED25519) to the list of known hosts. 2024/09/03 09:16:55 ignoring optional flag "sandboxArg"="0" 2024/09/03 09:16:55 parsed 1 programs [ 56.653214][ T1473] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2024/09/03 09:16:58 executed programs: 0 [ 61.794942][ T2452] loop0: detected capacity change from 0 to 1024 [ 61.879228][ T2452] EXT4-fs (loop0): Ignoring removed orlov option [ 61.885638][ T2452] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 61.900363][ T2452] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 61.936456][ T1998] ================================================================== [ 61.944538][ T1998] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xc73/0xc90 [ 61.952504][ T1998] Read of size 4 at addr ffff88811bcc3000 by task syz-executor/1998 [ 61.960443][ T1998] [ 61.962740][ T1998] CPU: 0 PID: 1998 Comm: syz-executor Not tainted 5.15.165-syzkaller #0 [ 61.971114][ T1998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 61.981247][ T1998] Call Trace: [ 61.984503][ T1998] [ 61.987415][ T1998] dump_stack_lvl+0x41/0x5e [ 61.991994][ T1998] print_address_description.constprop.0.cold+0x6c/0x309 [ 61.999079][ T1998] ? ext4_xattr_delete_inode+0xc73/0xc90 [ 62.004696][ T1998] ? ext4_xattr_delete_inode+0xc73/0xc90 [ 62.010337][ T1998] kasan_report.cold+0x83/0xdf [ 62.015247][ T1998] ? ext4_xattr_delete_inode+0xc73/0xc90 [ 62.020843][ T1998] ext4_xattr_delete_inode+0xc73/0xc90 [ 62.026263][ T1998] ? __lock_acquire.constprop.0+0x478/0xb30 [ 62.032117][ T1998] ? ext4_expand_extra_isize_ea+0x1720/0x1720 [ 62.038252][ T1998] ? ext4_journal_check_start+0x46/0x1d0 [ 62.043850][ T1998] ? __ext4_journal_start_sb+0x226/0x2e0 [ 62.049550][ T1998] ext4_evict_inode+0x823/0x14e0 [ 62.054476][ T1998] ? lock_downgrade+0x4f0/0x4f0 [ 62.059303][ T1998] ? var_wake_function+0x130/0x130 [ 62.064379][ T1998] ? ext4_da_write_begin+0x6d0/0x6d0 [ 62.069719][ T1998] evict+0x296/0x5d0 [ 62.073586][ T1998] vfs_rmdir.part.0+0x36a/0x460 [ 62.078508][ T1998] do_rmdir+0x30b/0x3c0 [ 62.082648][ T1998] ? __ia32_sys_mkdir+0x110/0x110 [ 62.087726][ T1998] ? getname_flags.part.0+0x89/0x440 [ 62.093080][ T1998] __x64_sys_unlinkat+0xa4/0xd0 [ 62.098011][ T1998] do_syscall_64+0x33/0x80 [ 62.102390][ T1998] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 62.108277][ T1998] RIP: 0033:0x7f6dea5656c7 [ 62.112771][ T1998] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 62.132689][ T1998] RSP: 002b:00007ffcf39deaa8 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 62.141064][ T1998] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f6dea5656c7 [ 62.149197][ T1998] RDX: 0000000000000200 RSI: 00007ffcf39dfc50 RDI: 00000000ffffff9c [ 62.157152][ T1998] RBP: 00007f6dea5b1336 R08: 0000000000000000 R09: 0000000000000000 [ 62.165102][ T1998] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffcf39dfc50 [ 62.173041][ T1998] R13: 00007f6dea5b1336 R14: 000000000000f137 R15: 0000000000000007 [ 62.181068][ T1998] [ 62.184391][ T1998] [ 62.186709][ T1998] The buggy address belongs to the page: [ 62.192671][ T1998] page:ffffea00046f30c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11bcc3 [ 62.202920][ T1998] flags: 0x200000000000000(node=0|zone=2) [ 62.208636][ T1998] raw: 0200000000000000 ffffea0004813808 ffffea0004817748 0000000000000000 [ 62.217468][ T1998] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 62.226106][ T1998] page dumped because: kasan: bad access detected [ 62.232529][ T1998] page_owner tracks the page as freed [ 62.237875][ T1998] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), pid 1703, ts 57830887332, free_ts 57834681014 [ 62.253742][ T1998] get_page_from_freelist+0x166f/0x2910 [ 62.259373][ T1998] __alloc_pages+0x2b3/0x590 [ 62.263962][ T1998] pte_alloc_one+0x10/0x160 [ 62.268574][ T1998] __do_fault+0x1f8/0x360 [ 62.272886][ T1998] __handle_mm_fault+0xf0c/0x1ec0 [ 62.277893][ T1998] handle_mm_fault+0x1c0/0x5a0 [ 62.282734][ T1998] do_user_addr_fault+0x293/0xc80 [ 62.287737][ T1998] exc_page_fault+0x5a/0xb0 [ 62.292388][ T1998] asm_exc_page_fault+0x22/0x30 [ 62.297259][ T1998] __clear_user+0x20/0x50 [ 62.301569][ T1998] load_elf_binary+0x3cad/0x3eb0 [ 62.306495][ T1998] bprm_execve+0x62a/0x1330 [ 62.311180][ T1998] kernel_execve+0x2dc/0x400 [ 62.315926][ T1998] call_usermodehelper_exec_async+0x2c1/0x500 [ 62.321978][ T1998] ret_from_fork+0x1f/0x30 [ 62.326485][ T1998] page last free stack trace: [ 62.331189][ T1998] free_pcp_prepare+0x34e/0x730 [ 62.336026][ T1998] free_unref_page_list+0x168/0x9a0 [ 62.341196][ T1998] release_pages+0x9f2/0x1100 [ 62.345849][ T1998] tlb_finish_mmu+0x125/0x6c0 [ 62.350577][ T1998] exit_mmap+0x185/0x4e0 [ 62.354904][ T1998] mmput+0x90/0x390 [ 62.358712][ T1998] do_exit+0x87f/0x21d0 [ 62.363066][ T1998] do_group_exit+0xe7/0x290 [ 62.368066][ T1998] __x64_sys_exit_group+0x35/0x40 [ 62.373348][ T1998] do_syscall_64+0x33/0x80 [ 62.377774][ T1998] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 62.383666][ T1998] [ 62.385971][ T1998] Memory state around the buggy address: [ 62.391568][ T1998] ffff88811bcc2f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.399737][ T1998] ffff88811bcc2f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 62.407868][ T1998] >ffff88811bcc3000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 62.415986][ T1998] ^ [ 62.420043][ T1998] ffff88811bcc3080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 62.428086][ T1998] ffff88811bcc3100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 62.436222][ T1998] ================================================================== [ 62.444301][ T1998] Disabling lock debugging due to kernel taint [ 62.450629][ T1998] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 62.458331][ T1998] Kernel Offset: disabled [ 62.462779][ T1998] Rebooting in 86400 seconds..