Warning: Permanently added '10.128.0.243' (ECDSA) to the list of known hosts.
executing program
[[0m[0;31m*     [0m] A start job is running for dev-ttyS0.device (8s / 1min 30s)[K[[0;1;31m*[0m[0;31m*    [0m] A start job is running for dev-ttyS0.device (9s / 1min 30s)[K[[0;31m*[0;1;31m*[0m[0;31m*   [0m] A start job is running for dev-ttyS0.device (10s / 1min 30s)[K[ [0;31m*[0;1;31m*[0m[0;31m*  [0m] A start job is running for dev-ttyS0.device (10s / 1min 30s)[K[  [0;31m*[0;1;31m*[0m[0;31m* [0m] A start job is running for dev-ttyS0.device (10s / 1min 30s)[K[   [0;31m*[0;1;31m*[0m[0;31m*[0m] A start job is running for dev-ttyS0.device (11s / 1min 30s)[K[    [0;31m*[0;1;31m*[0m] A start job is running for dev-ttyS0.device (11s / 1min 30s)[K[     [0;31m*[0m] A start job is running for dev-ttyS0.device (12s / 1min 30s)[K[    [0;31m*[0;1;31m*[0m] A start job is running for dev-ttyS0.device (12s / 1min 30s)[   20.101532][   T22] audit: type=1400 audit(1620255783.218:8): avc:  denied  { execmem } for  pid=335 comm="syz-executor777" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   20.125169][  T336] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   20.145007][  T343] ==================================================================
[   20.153935][  T343] BUG: KASAN: use-after-free in ext4_write_inline_data_end+0x500/0x8c0
[   20.162489][  T343] Write of size 70 at addr ffff8881e89d8016 by task syz-executor777/343
[   20.170870][  T343] 
[   20.173176][  T343] CPU: 1 PID: 343 Comm: syz-executor777 Not tainted 5.4.116-syzkaller-00001-g6aabee0aa2de #0
[   20.187609][  T343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   20.197795][  T343] Call Trace:
[   20.201270][  T343]  dump_stack+0x1d8/0x24e
[   20.205722][  T343]  ? __getblk_gfp+0x3a/0x750
[   20.211376][  T343]  ? show_regs_print_info+0x12/0x12
[   20.216820][  T343]  ? printk+0xcf/0x114
[   20.221827][  T343]  print_address_description+0x9b/0x650
[   20.228072][  T343]  ? devkmsg_release+0x11c/0x11c
[   20.234054][  T343]  __kasan_report+0x182/0x260
[   20.239664][  T343]  ? ext4_write_inline_data_end+0x500/0x8c0
[   20.246184][  T343]  kasan_report+0x30/0x60
[   20.251135][  T343]  check_memory_region+0x2a5/0x2e0
[   20.256247][  T343]  ? ext4_write_inline_data_end+0x500/0x8c0
[   20.262215][  T343]  memcpy+0x38/0x50
[   20.266767][  T343]  ext4_write_inline_data_end+0x500/0x8c0
[   20.273572][  T343]  ? ext4_prepare_inline_data+0x1f0/0x1f0
[   20.279283][  T343]  ? ext4_evict_inode+0x1b10/0x1b10
[   20.284459][  T343]  ? futex_wake+0x6b5/0x820
[   20.288939][  T343]  ext4_write_end+0x1d5/0xe50
[   20.294544][  T343]  ? ext4_da_write_end+0x9e/0xb90
[   20.299571][  T343]  ? ext4_da_write_begin+0x1010/0x1010
[   20.306663][  T343]  generic_perform_write+0x403/0x5a0
[   20.314334][  T343]  ? __mark_inode_dirty+0x14e/0xcf0
[   20.319682][  T343]  ? grab_cache_page_write_begin+0x90/0x90
[   20.325559][  T343]  ? file_remove_privs+0x630/0x630
[   20.330649][  T343]  ? down_write_trylock+0xd8/0x150
[   20.336339][  T343]  __generic_file_write_iter+0x239/0x480
[   20.342382][  T343]  ext4_file_write_iter+0x49e/0x10e0
[   20.347653][  T343]  ? slab_free_freelist_hook+0x7b/0x150
[   20.353192][  T343]  ? ext4_file_read_iter+0x140/0x140
[   20.358472][  T343]  ? setxattr+0x28f/0x3f0
[   20.362770][  T343]  ? iov_iter_init+0x83/0x160
[   20.367444][  T343]  __vfs_write+0x5ec/0x780
[   20.371835][  T343]  ? __kernel_write+0x340/0x340
[   20.377086][  T343]  ? check_preemption_disabled+0x9e/0x330
[   20.382801][  T343]  ? debug_smp_processor_id+0x20/0x20
[   20.388249][  T343]  vfs_write+0x212/0x4e0
[   20.392655][  T343]  ksys_write+0x186/0x2b0
[   20.396959][  T343]  ? __ia32_sys_read+0x80/0x80
[   20.401710][  T343]  do_syscall_64+0xcb/0x1e0
[   20.406292][  T343]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   20.412425][  T343] RIP: 0033:0x449c09
[   20.416314][  T343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[   20.436543][  T343] RSP: 002b:00007f6388c4f2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   20.445553][  T343] RAX: ffffffffffffffda RBX: 00000000004cb420 RCX: 0000000000449c09
[   20.453640][  T343] RDX: 0000000000000082 RSI: 00000000200000c0 RDI: 0000000000000008
[   20.461668][  T343] RBP: 000000000049b064 R08: 0000000000000000 R09: 0000000000000000
[   20.469612][  T343] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e
[   20.477571][  T343] R13: 0000000300000002 R14: efd76d87389d3913 R15: 00000000004cb428
[   20.485515][  T343] 
[   20.487811][  T343] Allocated by task 1:
[   20.492259][  T343]  __kasan_kmalloc+0x137/0x1e0
[   20.497176][  T343]  kmem_cache_alloc+0x115/0x290
[   20.501999][  T343]  getname_flags+0xba/0x640
[   20.506493][  T343]  user_path_at_empty+0x28/0x50
[   20.511315][  T343]  __se_sys_newlstat+0xde/0x860
[   20.516480][  T343]  do_syscall_64+0xcb/0x1e0
[   20.521047][  T343]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   20.527375][  T343] 
[   20.529705][  T343] Freed by task 1:
[   20.533806][  T343]  __kasan_slab_free+0x18a/0x240
[   20.539693][  T343]  slab_free_freelist_hook+0x7b/0x150
[   20.545134][  T343]  kmem_cache_free+0xb8/0x5f0
[   20.551204][  T343]  filename_lookup+0x4bb/0x6a0
[   20.556043][  T343]  __se_sys_newlstat+0xde/0x860
[   20.561317][  T343]  do_syscall_64+0xcb/0x1e0
[   20.566599][  T343]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   20.572455][  T343] 
[   20.574927][  T343] The buggy address belongs to the object at ffff8881e89d8000
[   20.574927][  T343]  which belongs to the cache names_cache of size 4096
[   20.589736][  T343] The buggy address is located 22 bytes inside of
[   20.589736][  T343]  4096-byte region [ffff8881e89d8000, ffff8881e89d9000)
[   20.603297][  T343] The buggy address belongs to the page:
[   20.608904][  T343] page:ffffea0007a27600 refcount:1 mapcount:0 mapping:ffff8881f5cfb400 index:0x0 compound_mapcount: 0
[   20.621765][  T343] flags: 0x8000000000010200(slab|head)
[   20.627832][  T343] raw: 8000000000010200 dead000000000100 dead000000000122 ffff8881f5cfb400
[   20.637129][  T343] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000
[   20.646681][  T343] page dumped because: kasan: bad access detected
[   20.653868][  T343] page_owner tracks the page as allocated
[   20.659594][  T343] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC)
[   20.674999][  T343]  prep_new_page+0x19a/0x380
[   20.679563][  T343]  get_page_from_freelist+0x550/0x8b0
[   20.685011][  T343]  __alloc_pages_nodemask+0x3a2/0x880
[   20.690652][  T343]  alloc_slab_page+0x39/0x3e0
[   20.695351][  T343]  new_slab+0x97/0x460
[   20.699502][  T343]  ___slab_alloc+0x330/0x4c0
[   20.704070][  T343]  kmem_cache_alloc+0x18b/0x290
[   20.708920][  T343]  getname_flags+0xba/0x640
[   20.713481][  T343]  do_sys_open+0x33e/0x7c0
[   20.717876][  T343]  do_syscall_64+0xcb/0x1e0
[   20.722360][  T343]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   20.728228][  T343] page_owner free stack trace missing
[   20.733598][  T343] 
[   20.735912][  T343] Memory state around the buggy address:
[   20.742040][  T343]  ffff8881e89d7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.752885][  T343]  ffff8881e89d7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   20.761678][  T343] >ffff8881e89d8000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.769883][  T343]                          ^
[   20.774441][  T343]  ffff8881e89d8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.782627][  T343]  ffff8881e89d8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   20.790668][  T343] ==================================================================
[   20.799007][  T343] Disabling lock debugging due to kernel taint