Warning: Permanently added '10.128.1.78' (ECDSA) to the list of known hosts. executing program [ 60.470017] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 60.653238] ================================================================== [ 60.660714] BUG: KASAN: slab-out-of-bounds in get_max_inline_xattr_value_size+0x46a/0x4d0 [ 60.669039] Read of size 4 at addr ffff8880aab02084 by task kworker/1:2/3531 [ 60.676200] [ 60.677811] CPU: 1 PID: 3531 Comm: kworker/1:2 Not tainted 4.19.211-syzkaller #0 [ 60.685384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 60.694723] Workqueue: events p9_write_work [ 60.699023] Call Trace: [ 60.701591] dump_stack+0x1fc/0x2ef [ 60.705204] print_address_description.cold+0x54/0x219 [ 60.710482] kasan_report_error.cold+0x8a/0x1b9 [ 60.715130] ? get_max_inline_xattr_value_size+0x46a/0x4d0 [ 60.720734] __asan_report_load4_noabort+0x88/0x90 [ 60.725645] ? ext4_get_max_inline_size.part.0+0x60/0x170 [ 60.731162] ? get_max_inline_xattr_value_size+0x46a/0x4d0 [ 60.736766] get_max_inline_xattr_value_size+0x46a/0x4d0 [ 60.742199] ext4_get_max_inline_size.part.0+0xa8/0x170 [ 60.747545] ? ext4_get_inline_xattr_pos+0x1b0/0x1b0 [ 60.752634] ext4_try_to_write_inline_data+0xf2/0x1a20 [ 60.757896] ? lock_downgrade+0x720/0x720 [ 60.762027] ? check_preemption_disabled+0x41/0x280 [ 60.767021] ? ext4_readpage_inline+0x370/0x370 [ 60.771672] ? mark_buffer_dirty+0x3f2/0x5c0 [ 60.776058] ? __ext4_handle_dirty_metadata+0x1e0/0x590 [ 60.781411] ? ext4_ind_trans_blocks+0xd/0x70 [ 60.785886] ? ext4_meta_trans_blocks+0x24f/0x300 [ 60.790714] ext4_write_begin+0xe41/0x1610 [ 60.794936] ? ext4_truncate+0x1380/0x1380 [ 60.799149] ? ext4_mark_inode_dirty+0x222/0x870 [ 60.803884] ? ext4_expand_extra_isize+0x500/0x500 [ 60.808802] ext4_da_write_begin+0x737/0x10e0 [ 60.813290] ? check_preemption_disabled+0x41/0x280 [ 60.818287] ? iov_iter_fault_in_readable+0x1fc/0x3f0 [ 60.823456] ? ext4_write_begin+0x1610/0x1610 [ 60.827927] ? iov_iter_init+0x1d0/0x1d0 [ 60.831972] generic_perform_write+0x1f8/0x4d0 [ 60.836548] ? __mnt_drop_write_file+0x6f/0xa0 [ 60.841112] ? filemap_page_mkwrite+0x2f0/0x2f0 [ 60.845762] ? current_time+0x1c0/0x1c0 [ 60.849714] ? lock_acquire+0x170/0x3c0 [ 60.853666] __generic_file_write_iter+0x24b/0x610 [ 60.858575] ext4_file_write_iter+0x2fe/0xf20 [ 60.863050] ? ext4_file_open+0x600/0x600 [ 60.867189] ? __lock_acquire+0x6de/0x3ff0 [ 60.871489] ? mark_held_locks+0xf0/0xf0 [ 60.875536] __vfs_write+0x51b/0x770 [ 60.879232] ? kernel_read+0x110/0x110 [ 60.883106] ? check_preemption_disabled+0x41/0x280 [ 60.888107] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 60.893107] vfs_write+0x1f3/0x540 [ 60.896628] kernel_write+0xa6/0x110 [ 60.900324] p9_write_work+0x23f/0xb90 [ 60.904194] process_one_work+0x864/0x1570 [ 60.908418] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 60.913082] worker_thread+0x64c/0x1130 [ 60.917039] ? __kthread_parkme+0x133/0x1e0 [ 60.921360] ? process_one_work+0x1570/0x1570 [ 60.925833] kthread+0x33f/0x460 [ 60.929194] ? kthread_park+0x180/0x180 [ 60.933149] ret_from_fork+0x24/0x30 [ 60.936841] [ 60.938444] Allocated by task 1: [ 60.941795] kmem_cache_alloc+0x122/0x370 [ 60.945921] getname_flags+0xce/0x590 [ 60.949699] do_sys_open+0x26c/0x520 [ 60.953390] do_syscall_64+0xf9/0x620 [ 60.957171] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.962331] [ 60.963936] Freed by task 1: [ 60.966941] kmem_cache_free+0x7f/0x260 [ 60.970906] putname+0xe1/0x120 [ 60.974164] do_sys_open+0x2ba/0x520 [ 60.977864] do_syscall_64+0xf9/0x620 [ 60.981666] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 60.986826] [ 60.988431] The buggy address belongs to the object at ffff8880aab02100 [ 60.988431] which belongs to the cache names_cache of size 4096 [ 61.001168] The buggy address is located 124 bytes to the left of [ 61.001168] 4096-byte region [ffff8880aab02100, ffff8880aab03100) [ 61.013540] The buggy address belongs to the page: [ 61.018454] page:ffffea0002aac080 count:1 mapcount:0 mapping:ffff88823b843380 index:0x0 compound_mapcount: 0 [ 61.028414] flags: 0xfff00000008100(slab|head) [ 61.032990] raw: 00fff00000008100 ffffea00024bbe88 ffffea0002a5ce08 ffff88823b843380 [ 61.040850] raw: 0000000000000000 ffff8880aab02100 0000000100000001 0000000000000000 [ 61.048702] page dumped because: kasan: bad access detected [ 61.054384] [ 61.055986] Memory state around the buggy address: [ 61.060892] ffff8880aab01f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 61.068228] ffff8880aab02000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.075564] >ffff8880aab02080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 61.082899] ^ [ 61.086243] ffff8880aab02100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.093584] ffff8880aab02180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.100921] ================================================================== [ 61.108253] Disabling lock debugging due to kernel taint [ 61.127526] Kernel panic - not syncing: panic_on_warn set ... [ 61.127526] [ 61.134909] CPU: 1 PID: 3531 Comm: kworker/1:2 Tainted: G B 4.19.211-syzkaller #0 [ 61.143814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 [ 61.153153] Workqueue: events p9_write_work [ 61.157447] Call Trace: [ 61.160019] dump_stack+0x1fc/0x2ef [ 61.163629] panic+0x26a/0x50e [ 61.166801] ? __warn_printk+0xf3/0xf3 [ 61.170666] ? preempt_schedule_common+0x45/0xc0 [ 61.175408] ? ___preempt_schedule+0x16/0x18 [ 61.179800] ? trace_hardirqs_on+0x55/0x210 [ 61.184103] kasan_end_report+0x43/0x49 [ 61.188059] kasan_report_error.cold+0xa7/0x1b9 [ 61.192706] ? get_max_inline_xattr_value_size+0x46a/0x4d0 [ 61.198309] __asan_report_load4_noabort+0x88/0x90 [ 61.203215] ? ext4_get_max_inline_size.part.0+0x60/0x170 [ 61.208732] ? get_max_inline_xattr_value_size+0x46a/0x4d0 [ 61.214333] get_max_inline_xattr_value_size+0x46a/0x4d0 [ 61.219763] ext4_get_max_inline_size.part.0+0xa8/0x170 [ 61.225125] ? ext4_get_inline_xattr_pos+0x1b0/0x1b0 [ 61.230209] ext4_try_to_write_inline_data+0xf2/0x1a20 [ 61.235463] ? lock_downgrade+0x720/0x720 [ 61.239605] ? check_preemption_disabled+0x41/0x280 [ 61.244600] ? ext4_readpage_inline+0x370/0x370 [ 61.249248] ? mark_buffer_dirty+0x3f2/0x5c0 [ 61.253632] ? __ext4_handle_dirty_metadata+0x1e0/0x590 [ 61.258971] ? ext4_ind_trans_blocks+0xd/0x70 [ 61.263443] ? ext4_meta_trans_blocks+0x24f/0x300 [ 61.268266] ext4_write_begin+0xe41/0x1610 [ 61.272482] ? ext4_truncate+0x1380/0x1380 [ 61.276693] ? ext4_mark_inode_dirty+0x222/0x870 [ 61.281444] ? ext4_expand_extra_isize+0x500/0x500 [ 61.286349] ext4_da_write_begin+0x737/0x10e0 [ 61.290826] ? check_preemption_disabled+0x41/0x280 [ 61.295818] ? iov_iter_fault_in_readable+0x1fc/0x3f0 [ 61.300983] ? ext4_write_begin+0x1610/0x1610 [ 61.305457] ? iov_iter_init+0x1d0/0x1d0 [ 61.309500] generic_perform_write+0x1f8/0x4d0 [ 61.314075] ? __mnt_drop_write_file+0x6f/0xa0 [ 61.318646] ? filemap_page_mkwrite+0x2f0/0x2f0 [ 61.323292] ? current_time+0x1c0/0x1c0 [ 61.327245] ? lock_acquire+0x170/0x3c0 [ 61.331199] __generic_file_write_iter+0x24b/0x610 [ 61.336108] ext4_file_write_iter+0x2fe/0xf20 [ 61.340583] ? ext4_file_open+0x600/0x600 [ 61.344708] ? __lock_acquire+0x6de/0x3ff0 [ 61.348927] ? mark_held_locks+0xf0/0xf0 [ 61.352968] __vfs_write+0x51b/0x770 [ 61.356662] ? kernel_read+0x110/0x110 [ 61.360534] ? check_preemption_disabled+0x41/0x280 [ 61.365529] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 61.370521] vfs_write+0x1f3/0x540 [ 61.374038] kernel_write+0xa6/0x110 [ 61.377732] p9_write_work+0x23f/0xb90 [ 61.381597] process_one_work+0x864/0x1570 [ 61.385813] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 61.390462] worker_thread+0x64c/0x1130 [ 61.394415] ? __kthread_parkme+0x133/0x1e0 [ 61.398715] ? process_one_work+0x1570/0x1570 [ 61.403184] kthread+0x33f/0x460 [ 61.406530] ? kthread_park+0x180/0x180 [ 61.410491] ret_from_fork+0x24/0x30 [ 61.414356] Kernel Offset: disabled [ 61.417964] Rebooting in 86400 seconds..