syzbot |
sign-in | mailing list | source | docs |
EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode ================================================================== BUG: KASAN: slab-out-of-bounds in check_igot_inode fs/ext4/inode.c:-1 [inline] BUG: KASAN: slab-out-of-bounds in __ext4_iget+0x2b8/0x3e40 fs/ext4/inode.c:4862 Read of size 8 at addr ffff88805494ff30 by task syz.3.100/4830 CPU: 1 PID: 4830 Comm: syz.3.100 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 Call Trace: <TASK> dump_stack_lvl+0x168/0x22e lib/dump_stack.c:106 print_address_description mm/kasan/report.c:316 [inline] print_report+0xa8/0x210 mm/kasan/report.c:420 kasan_report+0x10b/0x140 mm/kasan/report.c:524 check_igot_inode fs/ext4/inode.c:-1 [inline] __ext4_iget+0x2b8/0x3e40 fs/ext4/inode.c:4862 __ext4_fill_super fs/ext4/super.c:5397 [inline] ext4_fill_super+0x61bf/0x8150 fs/ext4/super.c:5661 get_tree_bdev+0x3f1/0x610 fs/super.c:1366 vfs_get_tree+0x88/0x270 fs/super.c:1573 do_new_mount+0x24a/0xa40 fs/namespace.c:3078 do_mount fs/namespace.c:3421 [inline] __do_sys_mount fs/namespace.c:3629 [inline] __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:3606 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7f9714390eea Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f97152efe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007f97152efef0 RCX: 00007f9714390eea RDX: 0000200000000040 RSI: 0000200000000680 RDI: 00007f97152efeb0 RBP: 0000200000000040 R08: 00007f97152efef0 R09: 000000000000010e R10: 000000000000010e R11: 0000000000000246 R12: 0000200000000680 R13: 00007f97152efeb0 R14: 000000000000044d R15: 000000000000002c </TASK> Allocated by task 4779: kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x4b/0x70 mm/kasan/common.c:52 __kasan_slab_alloc+0x6b/0x80 mm/kasan/common.c:328 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook+0x4b/0x480 mm/slab.h:737 slab_alloc_node mm/slub.c:3359 [inline] slab_alloc mm/slub.c:3367 [inline] __kmem_cache_alloc_lru mm/slub.c:3374 [inline] kmem_cache_alloc_lru+0x11a/0x2e0 mm/slub.c:3390 alloc_inode_sb include/linux/fs.h:3245 [inline] proc_alloc_inode+0x26/0xb0 fs/proc/inode.c:67 alloc_inode fs/inode.c:261 [inline] new_inode_pseudo+0x5f/0x1c0 fs/inode.c:1063 new_inode+0x25/0x1c0 fs/inode.c:1091 proc_sys_make_inode+0x4c/0x570 fs/proc/proc_sysctl.c:452 proc_sys_lookup+0x4d5/0x610 fs/proc/proc_sysctl.c:539 lookup_open fs/namei.c:3468 [inline] open_last_lookups fs/namei.c:3558 [inline] path_openat+0xfaf/0x2e70 fs/namei.c:3788 do_filp_open+0x1c1/0x3c0 fs/namei.c:3818 do_sys_openat2+0x142/0x490 fs/open.c:1320 do_sys_open fs/open.c:1336 [inline] __do_sys_openat fs/open.c:1352 [inline] __se_sys_openat fs/open.c:1347 [inline] __x64_sys_openat+0x135/0x160 fs/open.c:1347 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 Last potentially related work creation: kasan_save_stack+0x3a/0x60 mm/kasan/common.c:45 __kasan_record_aux_stack+0xb2/0xc0 mm/kasan/generic.c:486 call_rcu+0x154/0x980 kernel/rcu/tree.c:2849 destroy_inode fs/inode.c:316 [inline] evict+0x7da/0x870 fs/inode.c:720 __dentry_kill+0x431/0x650 fs/dcache.c:611 shrink_dentry_list+0x39b/0x6a0 fs/dcache.c:1206 shrink_dcache_parent+0xa8/0x3c0 fs/dcache.c:-1 d_invalidate+0x118/0x260 fs/dcache.c:1742 proc_invalidate_siblings_dcache+0x3cf/0x6c0 fs/proc/inode.c:148 release_task+0x1450/0x1600 kernel/exit.c:278 wait_task_zombie kernel/exit.c:1208 [inline] wait_consider_task+0x1978/0x2e40 kernel/exit.c:1435 do_wait_thread kernel/exit.c:1498 [inline] do_wait+0x31c/0xb60 kernel/exit.c:1615 kernel_wait4+0x1ab/0x270 kernel/exit.c:1778 __do_sys_wait4 kernel/exit.c:1806 [inline] __se_sys_wait4 kernel/exit.c:1802 [inline] __x64_sys_wait4+0x130/0x1e0 kernel/exit.c:1802 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 The buggy address belongs to the object at ffff88805494f590 which belongs to the cache proc_inode_cache of size 1240 The buggy address is located 1224 bytes to the right of 1240-byte region [ffff88805494f590, ffff88805494fa68) The buggy address belongs to the physical page: page:ffffea0001525200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54948 head:ffffea0001525200 order:3 compound_mapcount:0 compound_pincount:0 memcg:ffff88807b4b5901 flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888140130500 raw: 0000000000000000 0000000000170017 00000001ffffffff ffff88807b4b5901 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 4395, tgid 4395 (udevd), ts 85030569123, free_ts 23354791052 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x173/0x1a0 mm/page_alloc.c:2532 prep_new_page mm/page_alloc.c:2539 [inline] get_page_from_freelist+0x1a26/0x1ac0 mm/page_alloc.c:4328 __alloc_pages+0x1df/0x4e0 mm/page_alloc.c:5614 alloc_slab_page+0x5d/0x160 mm/slub.c:1799 allocate_slab mm/slub.c:1944 [inline] new_slab+0x87/0x2c0 mm/slub.c:1997 ___slab_alloc+0xbc6/0x1230 mm/slub.c:3154 __slab_alloc mm/slub.c:3240 [inline] slab_alloc_node mm/slub.c:3325 [inline] slab_alloc mm/slub.c:3367 [inline] __kmem_cache_alloc_lru mm/slub.c:3374 [inline] kmem_cache_alloc_lru+0x1ae/0x2e0 mm/slub.c:3390 alloc_inode_sb include/linux/fs.h:3245 [inline] proc_alloc_inode+0x26/0xb0 fs/proc/inode.c:67 alloc_inode fs/inode.c:261 [inline] new_inode_pseudo+0x5f/0x1c0 fs/inode.c:1063 new_inode+0x25/0x1c0 fs/inode.c:1091 proc_pid_make_inode+0x20/0x1c0 fs/proc/base.c:1956 proc_pident_instantiate+0x69/0x2b0 fs/proc/base.c:2703 proc_pident_lookup+0x1b8/0x260 fs/proc/base.c:2739 lookup_open fs/namei.c:3468 [inline] open_last_lookups fs/namei.c:3558 [inline] path_openat+0xfaf/0x2e70 fs/namei.c:3788 do_filp_open+0x1c1/0x3c0 fs/namei.c:3818 do_sys_openat2+0x142/0x490 fs/open.c:1320 page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1459 [inline] free_pcp_prepare mm/page_alloc.c:1509 [inline] free_unref_page_prepare+0x8b4/0x9a0 mm/page_alloc.c:3384 free_unref_page+0x2e/0x3f0 mm/page_alloc.c:3479 free_contig_range+0x9d/0x150 mm/page_alloc.c:9574 destroy_args+0x100/0xa31 mm/debug_vm_pgtable.c:1031 debug_vm_pgtable+0x32a/0x37e mm/debug_vm_pgtable.c:1359 do_one_initcall+0x214/0x7a0 init/main.c:1310 do_initcall_level+0x137/0x1e4 init/main.c:1383 do_initcalls+0x4b/0x8a init/main.c:1399 kernel_init_freeable+0x3fa/0x5ac init/main.c:1638 kernel_init+0x19/0x1b0 init/main.c:1526 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Memory state around the buggy address: ffff88805494fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88805494fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff88805494ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff88805494ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888054950000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2025/12/24 03:06 | linux-6.1.y | 50cbba13faa2 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: slab-out-of-bounds Read in __ext4_iget | ||
| 2025/07/04 14:57 | linux-6.1.y | 7e69c33e4858 | d869b261 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: slab-out-of-bounds Read in __ext4_iget | ||
| 2025/02/01 20:38 | linux-6.1.y | 0cbb5f65e52f | 568559e4 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: slab-out-of-bounds Read in __ext4_iget | ||
| 2025/04/03 18:14 | linux-6.1.y | 8e60a714ba3b | d7ae3a11 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: slab-out-of-bounds Read in __ext4_iget | ||
| 2025/04/02 05:44 | linux-6.1.y | 8e60a714ba3b | c799dfdd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: slab-out-of-bounds Read in __ext4_iget | ||
| 2025/11/26 13:46 | linux-6.1.y | f6e38ae624cf | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/11/17 18:47 | linux-6.1.y | f6e38ae624cf | ef766cd7 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/11/17 12:07 | linux-6.1.y | f6e38ae624cf | ef766cd7 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/11/12 13:20 | linux-6.1.y | f6e38ae624cf | 07e030de | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/10/20 14:11 | linux-6.1.y | 8e6e2188d949 | d422939c | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/10/20 14:11 | linux-6.1.y | 8e6e2188d949 | d422939c | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/10/17 09:35 | linux-6.1.y | c2fda4b3f577 | 7adf5298 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/08/21 13:46 | linux-6.1.y | 0bc96de781b4 | 3e79b825 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/07/31 16:02 | linux-6.1.y | 3594f306da12 | 0c075d67 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/07/28 10:48 | linux-6.1.y | 3594f306da12 | fb8f743d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/07/26 15:02 | linux-6.1.y | 3594f306da12 | fb8f743d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/06/21 02:05 | linux-6.1.y | 58485ff1a74f | d6cdfb8a | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/06/05 22:51 | linux-6.1.y | 58485ff1a74f | 6b6b5f21 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/05/21 12:00 | linux-6.1.y | 325285d9fc86 | dc5d3808 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/04/01 02:21 | linux-6.1.y | 8e60a714ba3b | 36d76a97 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/03/13 08:29 | linux-6.1.y | 6ae7ac5c4251 | 44be8b44 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/10/30 16:51 | linux-6.1.y | f6e38ae624cf | 2c50b6a9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/09/04 23:03 | linux-6.1.y | 28c695c365e1 | d291dd2d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/05/05 10:00 | linux-6.1.y | ac7079a42ea5 | b0714e37 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/04/15 10:20 | linux-6.1.y | 420102835862 | 23b969b7 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/04/01 22:53 | linux-6.1.y | 8e60a714ba3b | b8645499 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/03/29 17:06 | linux-6.1.y | 8e60a714ba3b | d3999433 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/03/13 13:25 | linux-6.1.y | 344a09659766 | 44be8b44 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: use-after-free Read in __ext4_iget |