Warning: Permanently added '10.128.1.168' (ED25519) to the list of known hosts. 2024/01/09 19:46:19 ignoring optional flag "sandboxArg"="0" 2024/01/09 19:46:19 parsed 1 programs 2024/01/09 19:46:19 executed programs: 0 [ 45.258585][ T1503] loop0: detected capacity change from 0 to 2048 [ 45.269676][ T1503] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 45.289700][ T1503] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #18: comm syz-executor.0: corrupted in-inode xattr [ 45.352285][ T1509] loop0: detected capacity change from 0 to 2048 [ 45.369018][ T1509] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 45.389310][ T1509] ================================================================== [ 45.397371][ T1509] BUG: KASAN: use-after-free in ext4_read_inline_data+0x1e0/0x290 [ 45.405169][ T1509] Read of size 20 at addr ffff88810ec441a3 by task syz-executor.0/1509 [ 45.413469][ T1509] [ 45.415974][ T1509] CPU: 1 PID: 1509 Comm: syz-executor.0 Not tainted 5.15.146-syzkaller #0 [ 45.424787][ T1509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 [ 45.435045][ T1509] Call Trace: [ 45.438540][ T1509] [ 45.441539][ T1509] dump_stack_lvl+0x41/0x5e [ 45.446224][ T1509] print_address_description.constprop.0.cold+0x6c/0x309 [ 45.453233][ T1509] ? ext4_read_inline_data+0x1e0/0x290 [ 45.458780][ T1509] ? ext4_read_inline_data+0x1e0/0x290 [ 45.464215][ T1509] kasan_report.cold+0x83/0xdf [ 45.468965][ T1509] ? ext4_read_inline_data+0x1e0/0x290 [ 45.474859][ T1509] kasan_check_range+0x13d/0x180 [ 45.479775][ T1509] memcpy+0x20/0x60 [ 45.483642][ T1509] ext4_read_inline_data+0x1e0/0x290 [ 45.488904][ T1509] ext4_convert_inline_data_nolock+0xe2/0xbd0 [ 45.495028][ T1509] ? ext4_convert_inline_data+0x2ad/0x4e0 [ 45.500806][ T1509] ? ext4_prepare_inline_data+0x1b0/0x1b0 [ 45.506498][ T1509] ? down_write+0xc8/0x130 [ 45.510888][ T1509] ? down_write_killable_nested+0x160/0x160 [ 45.516777][ T1509] ? ext4_journal_check_start+0x46/0x1d0 [ 45.522399][ T1509] ? __ext4_journal_start_sb+0x226/0x2e0 [ 45.528136][ T1509] ext4_convert_inline_data+0x419/0x4e0 [ 45.533677][ T1509] ? ext4_inline_data_truncate+0xa00/0xa00 [ 45.539464][ T1509] ? down_write_killable_nested+0x160/0x160 [ 45.545513][ T1509] ? aa_path_link+0x2e0/0x2e0 [ 45.550187][ T1509] ext4_fallocate+0x13f/0x2d60 [ 45.554924][ T1509] ? __lock_acquire.constprop.0+0x478/0xb30 [ 45.560884][ T1509] ? ext4_ext_truncate+0x1c0/0x1c0 [ 45.565973][ T1509] ? lock_acquire+0x11a/0x230 [ 45.570683][ T1509] ? __x64_sys_fallocate+0xb0/0x100 [ 45.576086][ T1509] vfs_fallocate+0x2a8/0xa40 [ 45.580652][ T1509] __x64_sys_fallocate+0xb0/0x100 [ 45.585651][ T1509] do_syscall_64+0x35/0x80 [ 45.590048][ T1509] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 45.596005][ T1509] RIP: 0033:0x7feae699a959 [ 45.600391][ T1509] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 45.620323][ T1509] RSP: 002b:00007feae651d0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 45.628785][ T1509] RAX: ffffffffffffffda RBX: 00007feae6ab9f80 RCX: 00007feae699a959 [ 45.636775][ T1509] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 45.644813][ T1509] RBP: 00007feae69f6c88 R08: 0000000000000000 R09: 0000000000000000 [ 45.653094][ T1509] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 45.661098][ T1509] R13: 0000000000000006 R14: 00007feae6ab9f80 R15: 00007ffc061b8868 [ 45.669136][ T1509] [ 45.672309][ T1509] [ 45.674614][ T1509] Allocated by task 1285: [ 45.679018][ T1509] kasan_save_stack+0x1b/0x40 [ 45.683745][ T1509] __kasan_kmalloc+0x7c/0x90 [ 45.688303][ T1509] tomoyo_realpath_from_path+0xb0/0x6d0 [ 45.693909][ T1509] tomoyo_path_perm+0x1ed/0x320 [ 45.698832][ T1509] security_inode_getattr+0xab/0x100 [ 45.704196][ T1509] vfs_statx+0xe8/0x2e0 [ 45.709799][ T1509] __do_sys_newfstatat+0x7d/0xd0 [ 45.714704][ T1509] do_syscall_64+0x35/0x80 [ 45.719087][ T1509] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 45.724964][ T1509] [ 45.727260][ T1509] Freed by task 1285: [ 45.731235][ T1509] kasan_save_stack+0x1b/0x40 [ 45.735877][ T1509] kasan_set_track+0x1c/0x30 [ 45.740441][ T1509] kasan_set_free_info+0x20/0x30 [ 45.745356][ T1509] __kasan_slab_free+0xe0/0x110 [ 45.750174][ T1509] kfree+0xd0/0x4c0 [ 45.753992][ T1509] tomoyo_realpath_from_path+0x16b/0x6d0 [ 45.759966][ T1509] tomoyo_path_perm+0x1ed/0x320 [ 45.764900][ T1509] security_inode_getattr+0xab/0x100 [ 45.770158][ T1509] vfs_statx+0xe8/0x2e0 [ 45.774288][ T1509] __do_sys_newfstatat+0x7d/0xd0 [ 45.779311][ T1509] do_syscall_64+0x35/0x80 [ 45.783714][ T1509] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 45.789687][ T1509] [ 45.792009][ T1509] The buggy address belongs to the object at ffff88810ec44000 [ 45.792009][ T1509] which belongs to the cache kmalloc-4k of size 4096 [ 45.806409][ T1509] The buggy address is located 419 bytes inside of [ 45.806409][ T1509] 4096-byte region [ffff88810ec44000, ffff88810ec45000) [ 45.819812][ T1509] The buggy address belongs to the page: [ 45.825590][ T1509] page:ffffea00043b1000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ec40 [ 45.836059][ T1509] head:ffffea00043b1000 order:3 compound_mapcount:0 compound_pincount:0 [ 45.844371][ T1509] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 45.851022][ T1509] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100042140 [ 45.859666][ T1509] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 45.868218][ T1509] page dumped because: kasan: bad access detected [ 45.874838][ T1509] page_owner tracks the page as allocated [ 45.880854][ T1509] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 1285, ts 44250814835, free_ts 44242458672 [ 45.900714][ T1509] get_page_from_freelist+0x166f/0x2910 [ 45.906413][ T1509] __alloc_pages+0x2b3/0x590 [ 45.910981][ T1509] allocate_slab+0x2eb/0x430 [ 45.915815][ T1509] ___slab_alloc+0xb1c/0xf80 [ 45.920562][ T1509] __kmalloc+0x2da/0x2f0 [ 45.924774][ T1509] tomoyo_realpath_from_path+0xb0/0x6d0 [ 45.930382][ T1509] tomoyo_path_perm+0x1ed/0x320 [ 45.935553][ T1509] security_inode_getattr+0xab/0x100 [ 45.941001][ T1509] vfs_statx+0xe8/0x2e0 [ 45.945271][ T1509] __do_sys_newfstatat+0x7d/0xd0 [ 45.950487][ T1509] do_syscall_64+0x35/0x80 [ 45.954976][ T1509] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 45.961015][ T1509] page last free stack trace: [ 45.965664][ T1509] free_pcp_prepare+0x34e/0x730 [ 45.970647][ T1509] free_unref_page+0x19/0x3b0 [ 45.975332][ T1509] __unfreeze_partials+0x27d/0x2a0 [ 45.980436][ T1509] qlist_free_all+0x68/0x110 [ 45.985389][ T1509] kasan_quarantine_reduce+0x180/0x1f0 [ 45.990822][ T1509] __kasan_slab_alloc+0x73/0x80 [ 45.995641][ T1509] kmem_cache_alloc+0x211/0x310 [ 46.000468][ T1509] getname_flags.part.0+0x4a/0x440 [ 46.005661][ T1509] user_path_at_empty+0x1e/0x50 [ 46.010778][ T1509] vfs_statx+0xd6/0x2e0 [ 46.014928][ T1509] __do_sys_newfstatat+0x7d/0xd0 [ 46.020038][ T1509] do_syscall_64+0x35/0x80 [ 46.024627][ T1509] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 46.030494][ T1509] [ 46.032789][ T1509] Memory state around the buggy address: [ 46.038388][ T1509] ffff88810ec44080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.046502][ T1509] ffff88810ec44100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.054530][ T1509] >ffff88810ec44180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.062658][ T1509] ^ [ 46.067746][ T1509] ffff88810ec44200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.075904][ T1509] ffff88810ec44280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.083934][ T1509] ================================================================== [ 46.092052][ T1509] Disabling lock debugging due to kernel taint [ 46.098299][ T1509] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 46.105688][ T1509] Kernel Offset: disabled [ 46.110532][ T1509] Rebooting in 86400 seconds..