syzbot |
sign-in | mailing list | source | docs |
loop1: detected capacity change from 0 to 512 ================================================================== BUG: KASAN: slab-out-of-bounds in check_igot_inode fs/ext4/inode.c:-1 [inline] BUG: KASAN: slab-out-of-bounds in __ext4_iget+0x2bb/0x3e40 fs/ext4/inode.c:4874 Read of size 8 at addr ffff888055417f30 by task syz.1.2978/11208 CPU: 1 PID: 11208 Comm: syz.1.2978 Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 Call Trace: <TASK> dump_stack_lvl+0x188/0x24e lib/dump_stack.c:106 print_address_description mm/kasan/report.c:316 [inline] print_report+0xa8/0x210 mm/kasan/report.c:420 kasan_report+0x10b/0x140 mm/kasan/report.c:524 check_igot_inode fs/ext4/inode.c:-1 [inline] __ext4_iget+0x2bb/0x3e40 fs/ext4/inode.c:4874 __ext4_fill_super fs/ext4/super.c:5465 [inline] ext4_fill_super+0x6124/0x78c0 fs/ext4/super.c:5693 get_tree_bdev+0x3f1/0x610 fs/super.c:1366 vfs_get_tree+0x88/0x270 fs/super.c:1573 do_new_mount+0x24a/0xa40 fs/namespace.c:3078 do_mount fs/namespace.c:3421 [inline] __do_sys_mount fs/namespace.c:3629 [inline] __se_sys_mount+0x2e3/0x3d0 fs/namespace.c:3606 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 RIP: 0033:0x7fd83079e04a Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd831697e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 00007fd831697ee0 RCX: 00007fd83079e04a RDX: 0000200000000080 RSI: 0000200000000000 RDI: 00007fd831697ea0 RBP: 0000200000000080 R08: 00007fd831697ee0 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000000 R13: 00007fd831697ea0 R14: 000000000000045a R15: 0000200000000340 </TASK> Allocated by task 4264: kasan_save_stack mm/kasan/common.c:46 [inline] kasan_set_track+0x4b/0x70 mm/kasan/common.c:53 __kasan_slab_alloc+0x6b/0x80 mm/kasan/common.c:329 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook+0x4b/0x480 mm/slab.h:737 slab_alloc_node mm/slub.c:3359 [inline] slab_alloc mm/slub.c:3367 [inline] __kmem_cache_alloc_lru mm/slub.c:3374 [inline] kmem_cache_alloc_lru+0x11a/0x2e0 mm/slub.c:3390 __d_alloc+0x31/0x700 fs/dcache.c:1774 d_alloc+0x4a/0x250 fs/dcache.c:1854 lookup_one_qstr_excl+0xc6/0x240 fs/namei.c:1609 filename_create+0x23a/0x470 fs/namei.c:3885 do_mkdirat+0xa5/0x440 fs/namei.c:4129 __do_sys_mkdir fs/namei.c:4159 [inline] __se_sys_mkdir fs/namei.c:4157 [inline] __x64_sys_mkdir+0x6a/0x80 fs/namei.c:4157 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 Freed by task 15: kasan_save_stack mm/kasan/common.c:46 [inline] kasan_set_track+0x4b/0x70 mm/kasan/common.c:53 kasan_save_free_info+0x2d/0x50 mm/kasan/generic.c:516 ____kasan_slab_free+0x126/0x1e0 mm/kasan/common.c:237 kasan_slab_free include/linux/kasan.h:177 [inline] slab_free_hook mm/slub.c:1729 [inline] slab_free_freelist_hook+0x131/0x1a0 mm/slub.c:1755 slab_free mm/slub.c:3687 [inline] kmem_cache_free+0xf7/0x290 mm/slub.c:3709 rcu_do_batch kernel/rcu/tree.c:2297 [inline] rcu_core+0xa99/0x1740 kernel/rcu/tree.c:2557 handle_softirqs+0x2a1/0x930 kernel/softirq.c:596 run_ksoftirqd+0xa4/0x100 kernel/softirq.c:968 smpboot_thread_fn+0x64a/0xa40 kernel/smpboot.c:164 kthread+0x29d/0x330 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Last potentially related work creation: kasan_save_stack+0x3a/0x60 mm/kasan/common.c:46 __kasan_record_aux_stack+0xb2/0xc0 mm/kasan/generic.c:486 call_rcu+0x14f/0x990 kernel/rcu/tree.c:2849 __dentry_kill+0x4ef/0x650 fs/dcache.c:625 dentry_kill+0xb8/0x290 fs/dcache.c:-1 dput+0xfa/0x1d0 fs/dcache.c:918 do_rmdir+0x2a5/0x5c0 fs/namei.c:4262 __do_sys_rmdir fs/namei.c:4279 [inline] __se_sys_rmdir fs/namei.c:4277 [inline] __x64_sys_rmdir+0x45/0x50 fs/namei.c:4277 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 Second to last potentially related work creation: kasan_save_stack+0x3a/0x60 mm/kasan/common.c:46 __kasan_record_aux_stack+0xb2/0xc0 mm/kasan/generic.c:486 call_rcu+0x14f/0x990 kernel/rcu/tree.c:2849 __dentry_kill+0x4ef/0x650 fs/dcache.c:625 dentry_kill+0xb8/0x290 fs/dcache.c:-1 dput+0xfa/0x1d0 fs/dcache.c:918 do_unlinkat+0x347/0x580 fs/namei.c:4401 __do_sys_unlink fs/namei.c:4446 [inline] __se_sys_unlink fs/namei.c:4444 [inline] __x64_sys_unlink+0x45/0x50 fs/namei.c:4444 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 The buggy address belongs to the object at ffff888055417d60 which belongs to the cache dentry of size 312 The buggy address is located 152 bytes to the right of 312-byte region [ffff888055417d60, ffff888055417e98) The buggy address belongs to the physical page: page:ffffea0001550580 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55416 head:ffffea0001550580 order:1 compound_mapcount:0 compound_pincount:0 memcg:ffff88802dd7b301 flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000010200 ffffea0001cd2d80 dead000000000003 ffff888017627780 raw: 0000000000000000 0000000000150015 00000001ffffffff ffff88802dd7b301 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 1, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 4264, tgid 4264 (udevd), ts 82458126699, free_ts 22758375553 set_page_owner include/linux/page_owner.h:31 [inline] post_alloc_hook+0x173/0x1a0 mm/page_alloc.c:2559 prep_new_page mm/page_alloc.c:2566 [inline] get_page_from_freelist+0x1a1e/0x1ab0 mm/page_alloc.c:4357 __alloc_pages+0x1ec/0x4f0 mm/page_alloc.c:5657 alloc_slab_page+0x5d/0x160 mm/slub.c:1799 allocate_slab mm/slub.c:1944 [inline] new_slab+0x87/0x2c0 mm/slub.c:1997 ___slab_alloc+0xbc6/0x1240 mm/slub.c:3154 __slab_alloc mm/slub.c:3240 [inline] slab_alloc_node mm/slub.c:3325 [inline] slab_alloc mm/slub.c:3367 [inline] __kmem_cache_alloc_lru mm/slub.c:3374 [inline] kmem_cache_alloc_lru+0x1ae/0x2e0 mm/slub.c:3390 __d_alloc+0x31/0x700 fs/dcache.c:1774 d_alloc fs/dcache.c:1854 [inline] d_alloc_parallel+0xdc/0x1530 fs/dcache.c:2647 lookup_open fs/namei.c:3415 [inline] open_last_lookups fs/namei.c:3558 [inline] path_openat+0x927/0x2ee0 fs/namei.c:3788 do_filp_open+0x1f1/0x430 fs/namei.c:3818 do_sys_openat2+0x150/0x4b0 fs/open.c:1320 do_sys_open fs/open.c:1336 [inline] __do_sys_openat fs/open.c:1352 [inline] __se_sys_openat fs/open.c:1347 [inline] __x64_sys_openat+0x135/0x160 fs/open.c:1347 do_syscall_x64 arch/x86/entry/common.c:46 [inline] do_syscall_64+0x4c/0xa0 arch/x86/entry/common.c:76 entry_SYSCALL_64_after_hwframe+0x68/0xd2 page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1486 [inline] free_pcp_prepare mm/page_alloc.c:1536 [inline] free_unref_page_prepare+0x8b4/0x9a0 mm/page_alloc.c:3413 free_unref_page+0x2e/0x3f0 mm/page_alloc.c:3508 free_contig_range+0x9d/0x150 mm/page_alloc.c:9625 destroy_args+0xf0/0xa0a mm/debug_vm_pgtable.c:1031 debug_vm_pgtable+0x33c/0x38e mm/debug_vm_pgtable.c:1359 do_one_initcall+0x26a/0x840 init/main.c:1310 do_initcall_level+0x137/0x1e4 init/main.c:1383 do_initcalls+0x4b/0x8a init/main.c:1399 kernel_init_freeable+0x415/0x5be init/main.c:1638 kernel_init+0x19/0x1b0 init/main.c:1526 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 Memory state around the buggy address: ffff888055417e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888055417e80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff888055417f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff888055417f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888055418000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2026/05/01 02:24 | linux-6.1.y | 4931e0e1673d | 753c55b9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: slab-out-of-bounds Read in __ext4_iget | ||
| 2025/12/24 03:06 | linux-6.1.y | 50cbba13faa2 | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: slab-out-of-bounds Read in __ext4_iget | ||
| 2025/07/04 14:57 | linux-6.1.y | 7e69c33e4858 | d869b261 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: slab-out-of-bounds Read in __ext4_iget | ||
| 2025/02/01 20:38 | linux-6.1.y | 0cbb5f65e52f | 568559e4 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: slab-out-of-bounds Read in __ext4_iget | ||
| 2025/04/03 18:14 | linux-6.1.y | 8e60a714ba3b | d7ae3a11 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: slab-out-of-bounds Read in __ext4_iget | ||
| 2025/04/02 05:44 | linux-6.1.y | 8e60a714ba3b | c799dfdd | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: slab-out-of-bounds Read in __ext4_iget | ||
| 2026/05/04 20:03 | linux-6.1.y | 4931e0e1673d | a898ba9c | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2026/05/02 07:18 | linux-6.1.y | 4931e0e1673d | a0d91488 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2026/04/22 09:51 | linux-6.1.y | 7c87defbd336 | 4595e353 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2026/04/13 10:28 | linux-6.1.y | 8e8fc038cad5 | 9530ccf9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2026/04/07 22:48 | linux-6.1.y | 1989cd3d56e2 | 2c961e87 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2026/01/27 22:53 | linux-6.1.y | cd9b81672742 | 3029c699 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2026/01/26 10:33 | linux-6.1.y | cd9b81672742 | a4c52dd6 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/11/26 13:46 | linux-6.1.y | f6e38ae624cf | d6526ea3 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/11/17 18:47 | linux-6.1.y | f6e38ae624cf | ef766cd7 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/11/17 12:07 | linux-6.1.y | f6e38ae624cf | ef766cd7 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/11/12 13:20 | linux-6.1.y | f6e38ae624cf | 07e030de | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/10/20 14:11 | linux-6.1.y | 8e6e2188d949 | d422939c | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/10/20 14:11 | linux-6.1.y | 8e6e2188d949 | d422939c | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/10/17 09:35 | linux-6.1.y | c2fda4b3f577 | 7adf5298 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/08/21 13:46 | linux-6.1.y | 0bc96de781b4 | 3e79b825 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/07/31 16:02 | linux-6.1.y | 3594f306da12 | 0c075d67 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/07/28 10:48 | linux-6.1.y | 3594f306da12 | fb8f743d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/07/26 15:02 | linux-6.1.y | 3594f306da12 | fb8f743d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/06/21 02:05 | linux-6.1.y | 58485ff1a74f | d6cdfb8a | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/06/05 22:51 | linux-6.1.y | 58485ff1a74f | 6b6b5f21 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/05/21 12:00 | linux-6.1.y | 325285d9fc86 | dc5d3808 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/04/01 02:21 | linux-6.1.y | 8e60a714ba3b | 36d76a97 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/03/13 08:29 | linux-6.1.y | 6ae7ac5c4251 | 44be8b44 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | KASAN: use-after-free Read in __ext4_iget | ||
| 2026/03/26 11:21 | linux-6.1.y | 1989cd3d56e2 | 766b6434 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: use-after-free Read in __ext4_iget | ||
| 2026/01/20 09:43 | linux-6.1.y | cd9b81672742 | 06648d9c | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/10/30 16:51 | linux-6.1.y | f6e38ae624cf | 2c50b6a9 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/09/04 23:03 | linux-6.1.y | 28c695c365e1 | d291dd2d | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/05/05 10:00 | linux-6.1.y | ac7079a42ea5 | b0714e37 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/04/15 10:20 | linux-6.1.y | 420102835862 | 23b969b7 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/04/01 22:53 | linux-6.1.y | 8e60a714ba3b | b8645499 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/03/29 17:06 | linux-6.1.y | 8e60a714ba3b | d3999433 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: use-after-free Read in __ext4_iget | ||
| 2025/03/13 13:25 | linux-6.1.y | 344a09659766 | 44be8b44 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: use-after-free Read in __ext4_iget |