Warning: Permanently added '10.128.1.53' (ED25519) to the list of known hosts. 2024/07/04 09:55:13 ignoring optional flag "sandboxArg"="0" 2024/07/04 09:55:13 parsed 1 programs 2024/07/04 09:55:13 executed programs: 0 [ 60.780905][ T1401] loop0: detected capacity change from 0 to 2048 [ 60.794661][ T1401] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 60.812036][ T1401] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #18: comm syz-executor.0: corrupted in-inode xattr [ 60.887582][ T1408] loop0: detected capacity change from 0 to 2048 [ 60.903706][ T1408] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 60.919835][ T1408] ================================================================== [ 60.928485][ T1408] BUG: KASAN: use-after-free in ext4_read_inline_data+0x1e0/0x290 [ 60.936283][ T1408] Read of size 20 at addr ffff88811fdbe1a3 by task syz-executor.0/1408 [ 60.944673][ T1408] [ 60.947156][ T1408] CPU: 0 PID: 1408 Comm: syz-executor.0 Not tainted 5.15.161-syzkaller #0 [ 60.955825][ T1408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 60.966312][ T1408] Call Trace: [ 60.969659][ T1408] [ 60.972635][ T1408] dump_stack_lvl+0x41/0x5e [ 60.977220][ T1408] print_address_description.constprop.0.cold+0x6c/0x309 [ 60.984461][ T1408] ? ext4_read_inline_data+0x1e0/0x290 [ 60.990102][ T1408] ? ext4_read_inline_data+0x1e0/0x290 [ 60.996142][ T1408] kasan_report.cold+0x83/0xdf [ 61.001386][ T1408] ? ext4_read_inline_data+0x1e0/0x290 [ 61.007368][ T1408] kasan_check_range+0x13d/0x180 [ 61.012483][ T1408] memcpy+0x20/0x60 [ 61.016806][ T1408] ext4_read_inline_data+0x1e0/0x290 [ 61.022172][ T1408] ext4_convert_inline_data_nolock+0xe2/0xbd0 [ 61.029065][ T1408] ? ext4_convert_inline_data+0x2ad/0x4e0 [ 61.034778][ T1408] ? ext4_prepare_inline_data+0x1b0/0x1b0 [ 61.040644][ T1408] ? down_write+0xc8/0x140 [ 61.045041][ T1408] ? down_write_killable_nested+0x160/0x160 [ 61.051439][ T1408] ? ext4_journal_check_start+0x46/0x1d0 [ 61.057486][ T1408] ? __ext4_journal_start_sb+0x226/0x2e0 [ 61.063418][ T1408] ext4_convert_inline_data+0x419/0x4e0 [ 61.069301][ T1408] ? ext4_inline_data_truncate+0xa00/0xa00 [ 61.075413][ T1408] ? down_write_killable_nested+0x160/0x160 [ 61.081441][ T1408] ? lock_acquire+0x11a/0x230 [ 61.086358][ T1408] ? aa_path_link+0x2e0/0x2e0 [ 61.091022][ T1408] ext4_fallocate+0x13f/0x2d60 [ 61.095951][ T1408] ? __lock_acquire.constprop.0+0x478/0xb30 [ 61.102075][ T1408] ? ext4_ext_truncate+0x1c0/0x1c0 [ 61.107378][ T1408] ? lock_acquire+0x11a/0x230 [ 61.114500][ T1408] ? __x64_sys_fallocate+0xb0/0x100 [ 61.120585][ T1408] vfs_fallocate+0x2a8/0xa40 [ 61.125796][ T1408] __x64_sys_fallocate+0xb0/0x100 [ 61.131110][ T1408] do_syscall_64+0x33/0x80 [ 61.135803][ T1408] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 61.142059][ T1408] RIP: 0033:0x7f89e2330959 [ 61.146818][ T1408] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 61.168258][ T1408] RSP: 002b:00007f89e1eb30c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 61.177001][ T1408] RAX: ffffffffffffffda RBX: 00007f89e244ff80 RCX: 00007f89e2330959 [ 61.186471][ T1408] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 61.195049][ T1408] RBP: 00007f89e238cc88 R08: 0000000000000000 R09: 0000000000000000 [ 61.203456][ T1408] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 61.211585][ T1408] R13: 0000000000000006 R14: 00007f89e244ff80 R15: 00007ffe48425228 [ 61.219653][ T1408] [ 61.222869][ T1408] [ 61.225266][ T1408] Allocated by task 1379: [ 61.229591][ T1408] kasan_save_stack+0x1b/0x40 [ 61.234246][ T1408] __kasan_slab_alloc+0x61/0x80 [ 61.239212][ T1408] kmem_cache_alloc+0x211/0x310 [ 61.245175][ T1408] getname_flags.part.0+0x4a/0x440 [ 61.250712][ T1408] do_sys_openat2+0xd2/0x400 [ 61.255594][ T1408] __x64_sys_openat+0x11b/0x1d0 [ 61.260688][ T1408] do_syscall_64+0x33/0x80 [ 61.265266][ T1408] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 61.271495][ T1408] [ 61.273884][ T1408] Freed by task 1379: [ 61.277929][ T1408] kasan_save_stack+0x1b/0x40 [ 61.282585][ T1408] kasan_set_track+0x1c/0x30 [ 61.287236][ T1408] kasan_set_free_info+0x20/0x30 [ 61.292414][ T1408] __kasan_slab_free+0xe0/0x110 [ 61.297649][ T1408] kmem_cache_free+0x7e/0x450 [ 61.302528][ T1408] do_sys_openat2+0x106/0x400 [ 61.307630][ T1408] __x64_sys_openat+0x11b/0x1d0 [ 61.312561][ T1408] do_syscall_64+0x33/0x80 [ 61.317346][ T1408] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 61.324670][ T1408] [ 61.326980][ T1408] The buggy address belongs to the object at ffff88811fdbd500 [ 61.326980][ T1408] which belongs to the cache names_cache of size 4096 [ 61.341264][ T1408] The buggy address is located 3235 bytes inside of [ 61.341264][ T1408] 4096-byte region [ffff88811fdbd500, ffff88811fdbe500) [ 61.355218][ T1408] The buggy address belongs to the page: [ 61.360943][ T1408] page:ffffea00047f6e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11fdb8 [ 61.371910][ T1408] head:ffffea00047f6e00 order:3 compound_mapcount:0 compound_pincount:0 [ 61.380214][ T1408] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 61.387052][ T1408] raw: 0200000000010200 0000000000000000 dead000000000122 ffff8881001483c0 [ 61.395616][ T1408] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000 [ 61.404253][ T1408] page dumped because: kasan: bad access detected [ 61.410654][ T1408] page_owner tracks the page as allocated [ 61.416782][ T1408] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 1379, ts 60660716425, free_ts 0 [ 61.437951][ T1408] get_page_from_freelist+0x166f/0x2910 [ 61.443483][ T1408] __alloc_pages+0x2b3/0x590 [ 61.448058][ T1408] allocate_slab+0x2eb/0x430 [ 61.452621][ T1408] ___slab_alloc+0xb1c/0xf80 [ 61.457184][ T1408] kmem_cache_alloc+0x2d7/0x310 [ 61.462461][ T1408] getname_flags.part.0+0x4a/0x440 [ 61.467645][ T1408] user_path_at_empty+0x1e/0x50 [ 61.472702][ T1408] vfs_statx+0xd6/0x2e0 [ 61.476934][ T1408] __do_sys_newfstatat+0x7d/0xd0 [ 61.481854][ T1408] do_syscall_64+0x33/0x80 [ 61.486266][ T1408] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 61.492406][ T1408] page_owner free stack trace missing [ 61.497751][ T1408] [ 61.500061][ T1408] Memory state around the buggy address: [ 61.505933][ T1408] ffff88811fdbe080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.514404][ T1408] ffff88811fdbe100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.522986][ T1408] >ffff88811fdbe180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.532050][ T1408] ^ [ 61.537505][ T1408] ffff88811fdbe200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.545683][ T1408] ffff88811fdbe280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.554284][ T1408] ================================================================== [ 61.562324][ T1408] Disabling lock debugging due to kernel taint [ 61.568737][ T1408] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 61.576404][ T1408] Kernel Offset: disabled [ 61.580808][ T1408] Rebooting in 86400 seconds..