Warning: Permanently added '10.128.1.26' (ED25519) to the list of known hosts. 2024/12/03 05:13:58 ignoring optional flag "sandboxArg"="0" 2024/12/03 05:13:58 ignoring optional flag "type"="gce" 2024/12/03 05:13:58 parsed 1 programs 2024/12/03 05:13:58 executed programs: 0 2024/12/03 05:14:04 executed programs: 1 [ 58.183280][ T1450] loop0: detected capacity change from 0 to 2048 [ 58.202894][ T1450] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 58.220401][ T1450] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2186: inode #18: comm syz-executor.0: corrupted in-inode xattr [ 58.237741][ T996] EXT4-fs (loop0): unmounting filesystem. [ 58.265854][ T1456] loop0: detected capacity change from 0 to 2048 [ 58.282169][ T1456] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 58.297310][ T1456] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2186: inode #18: comm syz-executor.0: corrupted in-inode xattr [ 58.314946][ T996] EXT4-fs (loop0): unmounting filesystem. [ 58.344392][ T1460] loop0: detected capacity change from 0 to 2048 [ 58.362058][ T1460] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 58.378139][ T1460] ================================================================== [ 58.386258][ T1460] BUG: KASAN: use-after-free in ext4_convert_inline_data_nolock+0x282/0xc10 [ 58.394966][ T1460] Read of size 20 at addr ffff88811b26b1a3 by task syz-executor.0/1460 [ 58.403195][ T1460] [ 58.405537][ T1460] CPU: 0 PID: 1460 Comm: syz-executor.0 Not tainted 6.1.119-syzkaller #0 [ 58.413923][ T1460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 58.423969][ T1460] Call Trace: [ 58.427332][ T1460] [ 58.430255][ T1460] dump_stack_lvl+0xf4/0x251 [ 58.434848][ T1460] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 58.440286][ T1460] ? panic+0x3fe/0x3fe [ 58.444417][ T1460] ? _printk+0xca/0x10a [ 58.448566][ T1460] ? __virt_addr_valid+0x139/0x270 [ 58.453671][ T1460] ? __virt_addr_valid+0x221/0x270 [ 58.458765][ T1460] print_report+0x15f/0x4f0 [ 58.463245][ T1460] ? __virt_addr_valid+0x139/0x270 [ 58.468329][ T1460] ? __virt_addr_valid+0x221/0x270 [ 58.473449][ T1460] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 58.479789][ T1460] kasan_report+0x136/0x160 [ 58.484277][ T1460] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 58.490605][ T1460] kasan_check_range+0x27f/0x290 [ 58.495540][ T1460] ? ext4_convert_inline_data_nolock+0x282/0xc10 [ 58.501959][ T1460] memcpy+0x25/0x60 [ 58.505751][ T1460] ext4_convert_inline_data_nolock+0x282/0xc10 [ 58.511882][ T1460] ? ext4_add_dirent_to_inline+0x390/0x390 [ 58.517668][ T1460] ? down_write+0x146/0x1d0 [ 58.522237][ T1460] ? __ext4_journal_start_sb+0xa4/0x360 [ 58.527769][ T1460] ext4_convert_inline_data+0x3b8/0x4d0 [ 58.533295][ T1460] ? ext4_inline_data_truncate+0xb70/0xb70 [ 58.539085][ T1460] ? down_write+0x146/0x1d0 [ 58.543565][ T1460] ext4_fallocate+0x136/0x17b0 [ 58.548337][ T1460] ? read_lock_is_recursive+0x10/0x10 [ 58.553713][ T1460] ? ext4_ext_truncate+0x260/0x260 [ 58.558812][ T1460] ? preempt_count_add+0x8f/0x120 [ 58.563815][ T1460] vfs_fallocate+0x30c/0x3d0 [ 58.568383][ T1460] __x64_sys_fallocate+0xa6/0xd0 [ 58.573304][ T1460] do_syscall_64+0x3b/0x80 [ 58.577699][ T1460] ? clear_bhb_loop+0x45/0xa0 [ 58.582453][ T1460] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 58.588511][ T1460] RIP: 0033:0x7f5575435959 [ 58.592932][ T1460] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 58.612694][ T1460] RSP: 002b:00007f5574fb80c8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 58.621084][ T1460] RAX: ffffffffffffffda RBX: 00007f5575554f80 RCX: 00007f5575435959 [ 58.629082][ T1460] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 58.637034][ T1460] RBP: 00007f5575491c88 R08: 0000000000000000 R09: 0000000000000000 [ 58.644991][ T1460] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 58.652989][ T1460] R13: 0000000000000016 R14: 00007f5575554f80 R15: 00007ffd12109668 [ 58.661117][ T1460] [ 58.664122][ T1460] [ 58.666440][ T1460] The buggy address belongs to the physical page: [ 58.672848][ T1460] page:ffffea00046c9ac0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11b26b [ 58.683070][ T1460] flags: 0x200000000000000(node=0|zone=2) [ 58.688875][ T1460] raw: 0200000000000000 0000000000000000 ffffea00046c9ac8 0000000000000000 [ 58.697612][ T1460] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 58.706186][ T1460] page dumped because: kasan: bad access detected [ 58.712588][ T1460] page_owner tracks the page as freed [ 58.717940][ T1460] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 419, tgid 419 (udevd), ts 5283713205, free_ts 54676963519 [ 58.738437][ T1460] post_alloc_hook+0x286/0x2b0 [ 58.743185][ T1460] get_page_from_freelist+0x373f/0x39c0 [ 58.748729][ T1460] __alloc_pages+0x251/0x640 [ 58.753294][ T1460] alloc_slab_page+0x6a/0x150 [ 58.757947][ T1460] new_slab+0x70/0x250 [ 58.761991][ T1460] ___slab_alloc+0x9df/0xe70 [ 58.766580][ T1460] kmem_cache_alloc+0x18b/0x290 [ 58.771406][ T1460] getname_flags+0x9c/0x430 [ 58.775914][ T1460] __se_sys_newfstatat+0xd7/0x790 [ 58.780931][ T1460] do_syscall_64+0x3b/0x80 [ 58.785328][ T1460] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 58.791291][ T1460] page last free stack trace: [ 58.795940][ T1460] free_unref_page_prepare+0xccc/0xdb0 [ 58.801375][ T1460] free_unref_page+0x30/0x230 [ 58.806028][ T1460] __unfreeze_partials+0x1af/0x210 [ 58.811117][ T1460] put_cpu_partial+0x150/0x1a0 [ 58.815860][ T1460] qlist_free_all+0x76/0xe0 [ 58.820340][ T1460] kasan_quarantine_reduce+0x156/0x170 [ 58.825781][ T1460] __kasan_slab_alloc+0x1f/0x70 [ 58.830607][ T1460] slab_post_alloc_hook+0x54/0x3e0 [ 58.835693][ T1460] kmem_cache_alloc+0x10c/0x290 [ 58.840520][ T1460] getname_flags+0x9c/0x430 [ 58.844998][ T1460] do_sys_openat2+0xb5/0x3f0 [ 58.849560][ T1460] __x64_sys_openat+0x209/0x250 [ 58.854384][ T1460] do_syscall_64+0x3b/0x80 [ 58.858779][ T1460] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 58.864655][ T1460] [ 58.866958][ T1460] Memory state around the buggy address: [ 58.872571][ T1460] ffff88811b26b080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.880609][ T1460] ffff88811b26b100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.888641][ T1460] >ffff88811b26b180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.896683][ T1460] ^ [ 58.901888][ T1460] ffff88811b26b200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.909925][ T1460] ffff88811b26b280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 58.917980][ T1460] ================================================================== [ 58.926268][ T1460] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 58.933922][ T1460] Kernel Offset: disabled [ 58.938233][ T1460] Rebooting in 86400 seconds..