Warning: Permanently added '10.128.10.49' (ED25519) to the list of known hosts. 2023/10/04 00:36:51 ignoring optional flag "sandboxArg"="0" 2023/10/04 00:36:51 parsed 1 programs 2023/10/04 00:36:51 executed programs: 0 [ 56.287941][ T1388] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 56.913777][ T1481] modprobe (1481) used greatest stack depth: 21240 bytes left [ 75.315595][ T4094] loop1: detected capacity change from 0 to 512 [ 75.418372][ T4094] EXT4-fs (loop1): 1 orphan inode deleted [ 75.424169][ T4094] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.437055][ T4094] ext4 filesystem being mounted at /root/syzkaller-testdir1992855710/syzkaller.1UijRo/0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 75.517452][ T4119] loop4: detected capacity change from 0 to 512 [ 75.567778][ T4094] EXT4-fs error (device loop1): ext4_ext_remove_space:2865: inode #16: comm syz-executor.1: path[1].p_hdr == NULL [ 75.573981][ T4119] EXT4-fs (loop4): 1 orphan inode deleted [ 75.585833][ T4119] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.587747][ T4126] loop3: detected capacity change from 0 to 512 2023/10/04 00:37:11 executed programs: 6 [ 75.598441][ T4119] ext4 filesystem being mounted at /root/syzkaller-testdir3205863604/syzkaller.QXzaXA/0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 75.620650][ T4094] EXT4-fs (loop1): Remounting filesystem read-only [ 75.634394][ T1398] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.655386][ T4133] loop2: detected capacity change from 0 to 512 [ 75.667125][ T4126] EXT4-fs (loop3): 1 orphan inode deleted [ 75.673080][ T4126] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.685829][ T4126] ext4 filesystem being mounted at /root/syzkaller-testdir1346465229/syzkaller.mspMaE/0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 75.737946][ T4119] EXT4-fs error (device loop4): ext4_ext_remove_space:2865: inode #18: comm syz-executor.4: path[1].p_hdr == NULL [ 75.745318][ T4133] EXT4-fs (loop2): 1 orphan inode deleted [ 75.755799][ T4133] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.768367][ T4133] ext4 filesystem being mounted at /root/syzkaller-testdir1478312731/syzkaller.yPErfl/0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 75.771360][ T4142] loop1: detected capacity change from 0 to 512 [ 75.796515][ T4144] loop5: detected capacity change from 0 to 512 [ 75.807102][ T4119] EXT4-fs (loop4): Remounting filesystem read-only [ 75.830766][ T1407] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.859499][ T4144] EXT4-fs (loop5): 1 orphan inode deleted [ 75.865294][ T4144] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.877847][ T4144] ext4 filesystem being mounted at /root/syzkaller-testdir2990685275/syzkaller.DE1RfI/0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 75.881815][ T4149] loop0: detected capacity change from 0 to 512 [ 75.904088][ T4133] EXT4-fs error (device loop2): __ext4_get_inode_loc:4379: comm syz-executor.2: Invalid inode table block 0 in block_group 0 [ 75.920049][ T4133] EXT4-fs (loop2): Remounting filesystem read-only [ 75.928900][ T4126] EXT4-fs error (device loop3): ext4_ext_remove_space:2865: inode #16: comm syz-executor.3: path[1].p_hdr == NULL [ 75.951514][ T4153] loop4: detected capacity change from 0 to 512 [ 75.961094][ T4126] EXT4-fs (loop3): Remounting filesystem read-only [ 75.969106][ T1394] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 75.989107][ T4149] EXT4-fs (loop0): 1 orphan inode deleted [ 75.994876][ T4149] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.006719][ T1408] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 76.007497][ T4149] ext4 filesystem being mounted at /root/syzkaller-testdir207721264/syzkaller.F9wcGD/0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 76.038904][ T4142] EXT4-fs (loop1): 1 orphan inode deleted [ 76.044706][ T4142] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 76.057457][ T4142] ext4 filesystem being mounted at /root/syzkaller-testdir1992855710/syzkaller.1UijRo/1/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 76.087472][ T4162] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:478: comm syz-executor.5: Invalid block bitmap block 0 in block_group 0 [ 76.116990][ T4163] loop2: detected capacity change from 0 to 512 [ 76.136675][ T4162] EXT4-fs (loop5): Remounting filesystem read-only [ 76.143571][ T4162] ================================================================== [ 76.146237][ T4149] EXT4-fs error (device loop0): ext4_ext_remove_space:2865: inode #16: comm syz-executor.0: path[1].p_hdr == NULL [ 76.151624][ T4162] BUG: KASAN: out-of-bounds in ext4_ext_remove_space+0x1ae7/0x49c0 [ 76.151639][ T4162] Read of size 18446744073709551508 at addr ffff888125d63078 by task syz-executor.5/4162 [ 76.151646][ T4162] [ 76.151650][ T4162] CPU: 1 PID: 4162 Comm: syz-executor.5 Not tainted 6.6.0-rc4-syzkaller #0 [ 76.151657][ T4162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 76.151662][ T4162] Call Trace: [ 76.151666][ T4162] [ 76.151670][ T4162] dump_stack_lvl+0xf8/0x260 [ 76.151679][ T4162] ? nf_tcp_handle_invalid+0x300/0x300 [ 76.151685][ T4162] ? panic+0x410/0x410 [ 76.151693][ T4162] ? _printk+0xce/0x110 [ 76.151701][ T4162] print_report+0x163/0x540 [ 76.151708][ T4162] ? ext4_ext_remove_space+0x1ae7/0x49c0 [ 76.151714][ T4162] kasan_report+0x175/0x1b0 [ 76.151721][ T4162] ? ext4_ext_remove_space+0x1ae7/0x49c0 [ 76.151728][ T4162] ? ext4_ext_remove_space+0x1ae7/0x49c0 [ 76.151734][ T4162] kasan_check_range+0x27e/0x290 [ 76.151740][ T4162] ? ext4_ext_remove_space+0x1ae7/0x49c0 [ 76.151746][ T4162] __asan_memmove+0x29/0x70 [ 76.151754][ T4162] ext4_ext_remove_space+0x1ae7/0x49c0 [ 76.273753][ T4162] ? ext4_ext_index_trans_blocks+0xd0/0xd0 [ 76.279550][ T4162] ? ext4_es_remove_extent+0x232/0x380 [ 76.284990][ T4162] ? ext4_zero_partial_blocks+0x108/0x190 [ 76.290951][ T4162] ext4_punch_hole+0x5b9/0x8b0 [ 76.295698][ T4162] ext4_fallocate+0x2c3/0x16c0 [ 76.300527][ T4162] ? read_lock_is_recursive+0x20/0x20 [ 76.305968][ T4162] ? ext4_ext_truncate+0x210/0x210 [ 76.311145][ T4162] ? preempt_count_add+0x93/0x130 [ 76.316247][ T4162] vfs_fallocate+0x316/0x3d0 [ 76.320823][ T4162] do_vfs_ioctl+0x1b7e/0x2400 [ 76.325481][ T4162] ? __ia32_compat_sys_ioctl+0xaa0/0xaa0 [ 76.331264][ T4162] ? __lock_acquire+0xbe0/0xbe0 [ 76.336100][ T4162] ? tomoyo_path_number_perm+0x531/0x6c0 [ 76.341719][ T4162] ? tomoyo_path_number_perm+0x561/0x6c0 [ 76.347329][ T4162] ? tomoyo_path_number_perm+0x1c7/0x6c0 [ 76.352942][ T4162] ? tomoyo_check_path_acl+0x150/0x150 [ 76.358392][ T4162] ? smk_access+0x340/0x340 [ 76.362877][ T4162] ? smk_tskacc+0x273/0x2d0 [ 76.367361][ T4162] ? smack_file_ioctl+0x256/0x350 [ 76.372366][ T4162] ? smack_file_alloc_security+0xd0/0xd0 [ 76.377980][ T4162] ? __fget_files+0x285/0x2c0 [ 76.382898][ T4162] ? __fget_files+0x2d/0x2c0 [ 76.387465][ T4162] ? security_file_ioctl+0x35/0x90 [ 76.392573][ T4162] __se_sys_ioctl+0x4c/0xf0 [ 76.397059][ T4162] do_syscall_64+0x41/0x90 [ 76.401546][ T4162] ? syscall_exit_to_user_mode+0x2b/0x1d0 [ 76.407334][ T4162] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.414470][ T4162] RIP: 0033:0x7fafd2960ae9 [ 76.418865][ T4162] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 76.438835][ T4162] RSP: 002b:00007fafca1020c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.447315][ T4162] RAX: ffffffffffffffda RBX: 00007fafd2a80050 RCX: 00007fafd2960ae9 [ 76.455270][ T4162] RDX: 0000000020000080 RSI: 000000004030582b RDI: 0000000000000004 [ 76.463228][ T4162] RBP: 00007fafd29ac47a R08: 0000000000000000 R09: 0000000000000000 [ 76.471187][ T4162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.479142][ T4162] R13: 000000000000006e R14: 00007fafd2a80050 R15: 00007ffdde76c1d8 [ 76.487095][ T4162] [ 76.490103][ T4162] [ 76.492415][ T4162] The buggy address belongs to the physical page: [ 76.498893][ T4162] page:ffffea00049758c0 refcount:2 mapcount:0 mapping:ffff8881104faa30 index:0x2b pfn:0x125d63 [ 76.509197][ T4162] memcg:ffff88811a2b6000 [ 76.513419][ T4162] aops:def_blk_aops ino:700005 [ 76.518166][ T4162] flags: 0x20000000000812c(referenced|uptodate|lru|active|private|node=0|zone=2) [ 76.527510][ T4162] page_type: 0xffffffff() [ 76.531821][ T4162] raw: 020000000000812c ffffea0004975a48 ffff88810c732030 ffff8881104faa30 [ 76.540386][ T4162] raw: 000000000000002b ffff888120be11d0 00000002ffffffff ffff88811a2b6000 [ 76.548948][ T4162] page dumped because: kasan: bad access detected [ 76.555385][ T4162] page_owner tracks the page as allocated [ 76.561093][ T4162] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 4144, tgid 4143 (syz-executor.5), ts 75982454757, free_ts 75928538436 [ 76.581649][ T4162] post_alloc_hook+0x26e/0x290 [ 76.586405][ T4162] get_page_from_freelist+0x3074/0x3430 [ 76.592019][ T4162] __alloc_pages+0x255/0x650 [ 76.596591][ T4162] filemap_alloc_folio+0xc6/0x3a0 [ 76.601768][ T4162] __filemap_get_folio+0x306/0x600 [ 76.606871][ T4162] __getblk_gfp+0x1a4/0x460 [ 76.611364][ T4162] ext4_ext_insert_extent+0xf9b/0x54e0 [ 76.616891][ T4162] ext4_ext_map_blocks+0x1b81/0x6380 [ 76.622159][ T4162] ext4_map_blocks+0x831/0x1800 [ 76.626994][ T4162] _ext4_get_block+0x1dc/0x5a0 [ 76.631844][ T4162] __block_write_begin_int+0x3b7/0x1380 [ 76.637370][ T4162] ext4_write_begin+0x5f8/0xfd0 [ 76.642289][ T4162] ext4_da_write_begin+0x2b8/0x7a0 [ 76.647382][ T4162] generic_perform_write+0x30c/0x580 [ 76.652653][ T4162] ext4_buffered_write_iter+0x2bd/0x4d0 [ 76.658445][ T4162] ext4_file_write_iter+0x171/0x1540 [ 76.663711][ T4162] page last free stack trace: [ 76.668366][ T4162] free_unref_page_prepare+0x7b6/0x8d0 [ 76.673978][ T4162] free_unref_page_list+0xb3/0x630 [ 76.679247][ T4162] release_pages+0x174d/0x18f0 [ 76.683994][ T4162] __folio_batch_release+0x66/0xe0 [ 76.689183][ T4162] truncate_inode_pages_range+0x331/0xaf0 [ 76.694959][ T4162] ext4_punch_hole+0x37b/0x8b0 [ 76.699823][ T4162] ext4_fallocate+0x2c3/0x16c0 [ 76.704578][ T4162] vfs_fallocate+0x316/0x3d0 [ 76.709163][ T4162] do_vfs_ioctl+0x1b7e/0x2400 [ 76.713826][ T4162] __se_sys_ioctl+0x4c/0xf0 [ 76.718310][ T4162] do_syscall_64+0x41/0x90 [ 76.722708][ T4162] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 76.728594][ T4162] [ 76.730916][ T4162] Memory state around the buggy address: [ 76.736612][ T4162] ffff888125d62f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 76.744654][ T4162] ffff888125d62f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 76.752782][ T4162] >ffff888125d63000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.760826][ T4162] ^ [ 76.768779][ T4162] ffff888125d63080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.777522][ T4162] ffff888125d63100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 76.785561][ T4162] ================================================================== [ 76.793757][ T4162] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 76.801277][ T4162] Kernel Offset: disabled [ 76.805713][ T4162] Rebooting in 86400 seconds..