Warning: Permanently added '10.128.0.71' (ED25519) to the list of known hosts. 2023/07/30 00:59:46 ignoring optional flag "sandboxArg"="0" 2023/07/30 00:59:47 parsed 1 programs 2023/07/30 00:59:47 executed programs: 0 [ 55.474436][ T1840] loop0: detected capacity change from 0 to 2048 [ 55.492223][ T1840] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. 2023/07/30 00:59:52 executed programs: 1 [ 55.511718][ T1840] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2263: inode #18: comm syz-executor.0: corrupted in-inode xattr: bad magic number in in-inode xattr [ 55.533409][ T1385] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.562360][ T1846] loop0: detected capacity change from 0 to 2048 [ 55.581954][ T1846] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 55.602252][ T1846] ================================================================== [ 55.610695][ T1846] BUG: KASAN: slab-use-after-free in ext4_convert_inline_data_nolock+0x286/0xbf0 [ 55.621079][ T1846] Read of size 20 at addr ffff88811495e1a3 by task syz-executor.0/1846 [ 55.631221][ T1846] [ 55.633658][ T1846] CPU: 0 PID: 1846 Comm: syz-executor.0 Not tainted 6.5.0-rc3-syzkaller #0 [ 55.644466][ T1846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 55.655676][ T1846] Call Trace: [ 55.660692][ T1846] [ 55.663790][ T1846] dump_stack_lvl+0xf8/0x260 [ 55.668697][ T1846] ? nf_tcp_handle_invalid+0x300/0x300 [ 55.674504][ T1846] ? panic+0x410/0x410 [ 55.679005][ T1846] ? vprintk_emit+0x119/0x1f0 [ 55.683938][ T1846] ? _printk+0xce/0x110 [ 55.688291][ T1846] print_report+0x163/0x540 [ 55.692825][ T1846] ? ext4_convert_inline_data_nolock+0x286/0xbf0 [ 55.699261][ T1846] kasan_report+0x175/0x1b0 [ 55.703878][ T1846] ? ext4_convert_inline_data_nolock+0x286/0xbf0 [ 55.710479][ T1846] kasan_check_range+0x27e/0x290 [ 55.715701][ T1846] ? ext4_convert_inline_data_nolock+0x286/0xbf0 [ 55.722381][ T1846] __asan_memcpy+0x29/0x70 [ 55.726966][ T1846] ext4_convert_inline_data_nolock+0x286/0xbf0 [ 55.733304][ T1846] ? ext4_add_dirent_to_inline+0x3a0/0x3a0 [ 55.739362][ T1846] ? down_write+0x12d/0x190 [ 55.743952][ T1846] ext4_convert_inline_data+0x3c4/0x4e0 [ 55.750170][ T1846] ? ext4_inline_data_truncate+0xb00/0xb00 [ 55.756583][ T1846] ? down_write+0x12d/0x190 [ 55.761509][ T1846] ext4_fallocate+0x141/0x1710 [ 55.766367][ T1846] ? read_lock_is_recursive+0x20/0x20 [ 55.771988][ T1846] ? ext4_ext_truncate+0x210/0x210 [ 55.777349][ T1846] ? preempt_count_add+0x93/0x130 [ 55.782789][ T1846] vfs_fallocate+0x316/0x3d0 [ 55.787983][ T1846] __x64_sys_fallocate+0xaa/0xe0 [ 55.793107][ T1846] do_syscall_64+0x41/0x90 [ 55.797688][ T1846] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.804006][ T1846] RIP: 0033:0x7f07c321a8d9 [ 55.809741][ T1846] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 55.829688][ T1846] RSP: 002b:00007f07c2d9d0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 55.839782][ T1846] RAX: ffffffffffffffda RBX: 00007f07c3339f80 RCX: 00007f07c321a8d9 [ 55.848472][ T1846] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 55.857072][ T1846] RBP: 00007f07c3276b20 R08: 0000000000000000 R09: 0000000000000000 [ 55.865560][ T1846] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 55.873944][ T1846] R13: 0000000000000006 R14: 00007f07c3339f80 R15: 00007ffca37ee068 [ 55.882238][ T1846] [ 55.885322][ T1846] [ 55.887792][ T1846] Allocated by task 31: [ 55.892018][ T1846] kasan_set_track+0x4f/0x70 [ 55.897017][ T1846] __kasan_slab_alloc+0x66/0x70 [ 55.901839][ T1846] slab_post_alloc_hook+0x67/0x3c0 [ 55.909137][ T1846] kmem_cache_alloc_node+0x149/0x2f0 [ 55.914579][ T1846] dup_task_struct+0x9f/0x990 [ 55.919578][ T1846] copy_process+0x40a/0x3630 [ 55.924311][ T1846] kernel_clone+0x18f/0x660 [ 55.928871][ T1846] user_mode_thread+0x12d/0x190 [ 55.933708][ T1846] call_usermodehelper_exec_work+0x74/0x1c0 [ 55.939746][ T1846] process_one_work+0x7e4/0xf40 [ 55.944572][ T1846] worker_thread+0x80a/0xe70 [ 55.949155][ T1846] kthread+0x233/0x280 [ 55.953206][ T1846] ret_from_fork+0x2e/0x60 [ 55.957681][ T1846] ret_from_fork_asm+0x11/0x20 [ 55.962607][ T1846] [ 55.965285][ T1846] Freed by task 0: [ 55.969064][ T1846] kasan_set_track+0x4f/0x70 [ 55.973636][ T1846] kasan_save_free_info+0x28/0x40 [ 55.978719][ T1846] ____kasan_slab_free+0x122/0x1e0 [ 55.983801][ T1846] kmem_cache_free+0x2ba/0x4e0 [ 55.988534][ T1846] rcu_core+0xa06/0x14a0 [ 55.993309][ T1846] __do_softirq+0x1bb/0x563 [ 55.998327][ T1846] [ 56.000633][ T1846] Last potentially related work creation: [ 56.006356][ T1846] kasan_save_stack+0x3f/0x60 [ 56.011192][ T1846] __kasan_record_aux_stack+0xad/0xc0 [ 56.017087][ T1846] call_rcu+0x159/0x8e0 [ 56.021913][ T1846] release_task+0x11c8/0x1240 [ 56.026566][ T1846] wait_consider_task+0x1688/0x23a0 [ 56.032189][ T1846] do_wait+0x43a/0x890 [ 56.036485][ T1846] kernel_wait+0xea/0x210 [ 56.040806][ T1846] call_usermodehelper_exec_work+0x88/0x1c0 [ 56.046784][ T1846] process_one_work+0x7e4/0xf40 [ 56.051720][ T1846] worker_thread+0x80a/0xe70 [ 56.056309][ T1846] kthread+0x233/0x280 [ 56.060359][ T1846] ret_from_fork+0x2e/0x60 [ 56.064928][ T1846] ret_from_fork_asm+0x11/0x20 [ 56.069753][ T1846] [ 56.072053][ T1846] Second to last potentially related work creation: [ 56.078621][ T1846] kasan_save_stack+0x3f/0x60 [ 56.083292][ T1846] __kasan_record_aux_stack+0xad/0xc0 [ 56.088677][ T1846] task_work_add+0x7d/0x260 [ 56.093364][ T1846] scheduler_tick+0x241/0x460 [ 56.098113][ T1846] update_process_times+0x114/0x130 [ 56.103397][ T1846] tick_sched_timer+0x264/0x430 [ 56.108362][ T1846] __hrtimer_run_queues+0x413/0x810 [ 56.113733][ T1846] hrtimer_interrupt+0x2e6/0xbc0 [ 56.118756][ T1846] __sysvec_apic_timer_interrupt+0x125/0x410 [ 56.125022][ T1846] sysvec_apic_timer_interrupt+0x8b/0xb0 [ 56.130778][ T1846] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 56.136850][ T1846] [ 56.139295][ T1846] The buggy address belongs to the object at ffff88811495d400 [ 56.139295][ T1846] which belongs to the cache task_struct of size 6912 [ 56.154033][ T1846] The buggy address is located 3491 bytes inside of [ 56.154033][ T1846] freed 6912-byte region [ffff88811495d400, ffff88811495ef00) [ 56.168162][ T1846] [ 56.170474][ T1846] The buggy address belongs to the physical page: [ 56.177043][ T1846] page:ffffea0004525600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x114958 [ 56.187727][ T1846] head:ffffea0004525600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 56.197004][ T1846] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 56.203687][ T1846] page_type: 0xffffffff() [ 56.208115][ T1846] raw: 0200000000010200 ffff888101262500 ffffea000457c600 dead000000000002 [ 56.216694][ T1846] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 56.225473][ T1846] page dumped because: kasan: bad access detected [ 56.232054][ T1846] page_owner tracks the page as allocated [ 56.237856][ T1846] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 31, tgid 31 (kworker/u4:2), ts 24918614972, free_ts 24900655427 [ 56.258929][ T1846] post_alloc_hook+0x26e/0x290 [ 56.263676][ T1846] get_page_from_freelist+0x332d/0x3590 [ 56.269323][ T1846] __alloc_pages+0x255/0x650 [ 56.273914][ T1846] alloc_slab_page+0x6a/0x160 [ 56.278590][ T1846] new_slab+0x70/0x260 [ 56.282895][ T1846] ___slab_alloc+0x833/0xd60 [ 56.287634][ T1846] kmem_cache_alloc_node+0x1cc/0x2f0 [ 56.292892][ T1846] dup_task_struct+0x9f/0x990 [ 56.297584][ T1846] copy_process+0x40a/0x3630 [ 56.302318][ T1846] kernel_clone+0x18f/0x660 [ 56.306911][ T1846] user_mode_thread+0x12d/0x190 [ 56.311906][ T1846] call_usermodehelper_exec_work+0x74/0x1c0 [ 56.317865][ T1846] process_one_work+0x7e4/0xf40 [ 56.322773][ T1846] worker_thread+0x80a/0xe70 [ 56.327439][ T1846] kthread+0x233/0x280 [ 56.331507][ T1846] ret_from_fork+0x2e/0x60 [ 56.336085][ T1846] page last free stack trace: [ 56.340744][ T1846] free_unref_page_prepare+0x800/0x920 [ 56.346414][ T1846] free_unref_page+0x34/0x220 [ 56.351177][ T1846] __unfreeze_partials+0x1b1/0x1f0 [ 56.356354][ T1846] put_cpu_partial+0xdc/0x120 [ 56.361113][ T1846] __slab_free+0x26b/0x330 [ 56.365515][ T1846] qlist_free_all+0x22/0x60 [ 56.370098][ T1846] kasan_quarantine_reduce+0x157/0x180 [ 56.375918][ T1846] __kasan_slab_alloc+0x23/0x70 [ 56.380846][ T1846] slab_post_alloc_hook+0x67/0x3c0 [ 56.386534][ T1846] kmem_cache_alloc+0x11f/0x2a0 [ 56.391355][ T1846] getname_flags+0xa0/0x430 [ 56.395830][ T1846] do_sys_openat2+0xb0/0x170 [ 56.400399][ T1846] __x64_sys_openat+0x20d/0x260 [ 56.406057][ T1846] do_syscall_64+0x41/0x90 [ 56.410892][ T1846] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 56.416942][ T1846] [ 56.419244][ T1846] Memory state around the buggy address: [ 56.425020][ T1846] ffff88811495e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.433140][ T1846] ffff88811495e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.441195][ T1846] >ffff88811495e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.449608][ T1846] ^ [ 56.455262][ T1846] ffff88811495e200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.463651][ T1846] ffff88811495e280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 56.472038][ T1846] ================================================================== [ 56.480487][ T1846] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 56.488357][ T1846] Kernel Offset: disabled [ 56.492808][ T1846] Rebooting in 86400 seconds..