Warning: Permanently added '10.128.1.37' (ED25519) to the list of known hosts.
executing program
[  128.592482][ T3523] loop0: detected capacity change from 0 to 1024
[  128.610992][ T3523] EXT4-fs (loop0): Ignoring removed orlov option
[  128.618080][ T3523] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  128.647439][ T3523] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
executing program
[  128.793655][ T3528] loop0: detected capacity change from 0 to 1024
[  128.802695][ T3528] EXT4-fs (loop0): Ignoring removed orlov option
[  128.809639][ T3528] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  128.824804][ T3528] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  128.866876][ T3522] ==================================================================
[  128.874989][ T3522] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0
[  128.882967][ T3522] Read of size 4 at addr ffff88807a0ee000 by task syz-executor295/3522
[  128.891187][ T3522] 
[  128.893503][ T3522] CPU: 0 PID: 3522 Comm: syz-executor295 Not tainted 5.15.160-syzkaller #0
[  128.902188][ T3522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  128.912229][ T3522] Call Trace:
[  128.915490][ T3522]  <TASK>
[  128.918397][ T3522]  dump_stack_lvl+0x1e3/0x2d0
[  128.923060][ T3522]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  128.928692][ T3522]  ? _printk+0xd1/0x120
[  128.932859][ T3522]  ? __wake_up_klogd+0xcc/0x100
[  128.937711][ T3522]  ? panic+0x860/0x860
[  128.941758][ T3522]  ? _raw_spin_lock_irqsave+0xdd/0x120
[  128.947308][ T3522]  print_address_description+0x63/0x3b0
[  128.952847][ T3522]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[  128.958466][ T3522]  kasan_report+0x16b/0x1c0
[  128.962945][ T3522]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[  128.968554][ T3522]  ext4_xattr_delete_inode+0xcd0/0xce0
[  128.973992][ T3522]  ? ext4_blocks_for_truncate+0x270/0x270
[  128.979690][ T3522]  ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0
[  128.985859][ T3522]  ? rcu_read_lock_any_held+0xb3/0x160
[  128.991304][ T3522]  ? ext4_inode_is_fast_symlink+0x262/0x390
[  128.997180][ T3522]  ext4_evict_inode+0xcb7/0x1100
[  129.002105][ T3522]  ? _raw_spin_unlock+0x24/0x40
[  129.006953][ T3522]  ? ext4_inode_is_fast_symlink+0x390/0x390
[  129.012825][ T3522]  ? do_raw_spin_unlock+0x137/0x8b0
[  129.017998][ T3522]  ? _raw_spin_unlock+0x24/0x40
[  129.022822][ T3522]  ? ext4_inode_is_fast_symlink+0x390/0x390
[  129.028689][ T3522]  evict+0x2a4/0x620
[  129.032563][ T3522]  vfs_rmdir+0x33c/0x460
[  129.036782][ T3522]  do_rmdir+0x368/0x670
[  129.040912][ T3522]  ? d_delete_notify+0x150/0x150
[  129.045820][ T3522]  ? strncpy_from_user+0x209/0x370
[  129.050913][ T3522]  __x64_sys_rmdir+0x45/0x50
[  129.055473][ T3522]  do_syscall_64+0x3b/0xb0
[  129.059864][ T3522]  ? clear_bhb_loop+0x15/0x70
[  129.064515][ T3522]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  129.070383][ T3522] RIP: 0033:0x7f6041935dc7
[  129.074782][ T3522] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 54 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  129.094363][ T3522] RSP: 002b:00007ffcfb5e5ab8 EFLAGS: 00000207 ORIG_RAX: 0000000000000054
[  129.102756][ T3522] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6041935dc7
[  129.110707][ T3522] RDX: 0000000000008890 RSI: 0000000000000000 RDI: 00007ffcfb5e6c60
[  129.118654][ T3522] RBP: 0000000000000065 R08: 0000000000000000 R09: 0000000000000000
[  129.126602][ T3522] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffcfb5e6c60
[  129.134547][ T3522] R13: 00005555565df740 R14: 431bde82d7b634db R15: 00007ffcfb5e8de0
[  129.142514][ T3522]  </TASK>
[  129.145519][ T3522] 
[  129.147815][ T3522] The buggy address belongs to the page:
[  129.153425][ T3522] page:ffffea0001e83b80 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7a0ee
[  129.163549][ T3522] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  129.170638][ T3522] raw: 00fff00000000000 ffffea000077ecc8 ffffea0001e5dfc8 0000000000000000
[  129.179193][ T3522] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  129.187743][ T3522] page dumped because: kasan: bad access detected
[  129.194132][ T3522] page_owner tracks the page as freed
[  129.199474][ T3522] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), pid 3362, ts 32094703347, free_ts 32094881963
[  129.214633][ T3522]  get_page_from_freelist+0x322a/0x33c0
[  129.220160][ T3522]  __alloc_pages+0x272/0x700
[  129.224808][ T3522]  pipe_write+0x5c7/0x1b90
[  129.229213][ T3522]  vfs_write+0xacf/0xe50
[  129.233429][ T3522]  ksys_write+0x1a2/0x2c0
[  129.237731][ T3522]  do_syscall_64+0x3b/0xb0
[  129.242119][ T3522]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  129.247981][ T3522] page last free stack trace:
[  129.252623][ T3522]  free_unref_page_prepare+0xc34/0xcf0
[  129.258054][ T3522]  free_unref_page+0x95/0x2d0
[  129.262702][ T3522]  pipe_read+0x6e4/0x12b0
[  129.267001][ T3522]  vfs_read+0xa9f/0xe10
[  129.271126][ T3522]  ksys_read+0x1a2/0x2c0
[  129.275339][ T3522]  do_syscall_64+0x3b/0xb0
[  129.279728][ T3522]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  129.285595][ T3522] 
[  129.287893][ T3522] Memory state around the buggy address:
[  129.293502][ T3522]  ffff88807a0edf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  129.301534][ T3522]  ffff88807a0edf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  129.309563][ T3522] >ffff88807a0ee000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  129.317594][ T3522]                    ^
[  129.321631][ T3522]  ffff88807a0ee080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  129.329659][ T3522]  ffff88807a0ee100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  129.337688][ T3522] ==================================================================
[  129.345717][ T3522] Disabling lock debugging due to kernel taint
[  129.352039][ T3522] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  129.359219][ T3522] CPU: 0 PID: 3522 Comm: syz-executor295 Tainted: G    B             5.15.160-syzkaller #0
[  129.369163][ T3522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  129.379189][ T3522] Call Trace:
[  129.382439][ T3522]  <TASK>
[  129.385340][ T3522]  dump_stack_lvl+0x1e3/0x2d0
[  129.389992][ T3522]  ? io_uring_drop_tctx_refs+0x1a0/0x1a0
[  129.395594][ T3522]  ? panic+0x860/0x860
[  129.399635][ T3522]  ? rcu_is_watching+0x11/0xa0
[  129.404371][ T3522]  ? preempt_schedule_common+0xa6/0xd0
[  129.409804][ T3522]  panic+0x318/0x860
[  129.413672][ T3522]  ? asm_sysvec_apic_timer_interrupt+0x16/0x20
[  129.419795][ T3522]  ? check_panic_on_warn+0x1d/0xa0
[  129.424878][ T3522]  ? fb_is_primary_device+0xd0/0xd0
[  129.430049][ T3522]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[  129.436014][ T3522]  ? _raw_spin_unlock+0x40/0x40
[  129.440835][ T3522]  check_panic_on_warn+0x7e/0xa0
[  129.445742][ T3522]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[  129.451345][ T3522]  end_report+0x6d/0xf0
[  129.455472][ T3522]  kasan_report+0x18e/0x1c0
[  129.459945][ T3522]  ? ext4_xattr_delete_inode+0xcd0/0xce0
[  129.465550][ T3522]  ext4_xattr_delete_inode+0xcd0/0xce0
[  129.470980][ T3522]  ? ext4_blocks_for_truncate+0x270/0x270
[  129.476669][ T3522]  ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0
[  129.482707][ T3522]  ? rcu_read_lock_any_held+0xb3/0x160
[  129.488137][ T3522]  ? ext4_inode_is_fast_symlink+0x262/0x390
[  129.494002][ T3522]  ext4_evict_inode+0xcb7/0x1100
[  129.498924][ T3522]  ? _raw_spin_unlock+0x24/0x40
[  129.503748][ T3522]  ? ext4_inode_is_fast_symlink+0x390/0x390
[  129.509612][ T3522]  ? do_raw_spin_unlock+0x137/0x8b0
[  129.514778][ T3522]  ? _raw_spin_unlock+0x24/0x40
[  129.519602][ T3522]  ? ext4_inode_is_fast_symlink+0x390/0x390
[  129.525464][ T3522]  evict+0x2a4/0x620
[  129.529329][ T3522]  vfs_rmdir+0x33c/0x460
[  129.533542][ T3522]  do_rmdir+0x368/0x670
[  129.537671][ T3522]  ? d_delete_notify+0x150/0x150
[  129.542575][ T3522]  ? strncpy_from_user+0x209/0x370
[  129.547657][ T3522]  __x64_sys_rmdir+0x45/0x50
[  129.552216][ T3522]  do_syscall_64+0x3b/0xb0
[  129.556603][ T3522]  ? clear_bhb_loop+0x15/0x70
[  129.561250][ T3522]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  129.567111][ T3522] RIP: 0033:0x7f6041935dc7
[  129.571495][ T3522] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 54 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[  129.591068][ T3522] RSP: 002b:00007ffcfb5e5ab8 EFLAGS: 00000207 ORIG_RAX: 0000000000000054
[  129.599449][ T3522] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6041935dc7
[  129.607394][ T3522] RDX: 0000000000008890 RSI: 0000000000000000 RDI: 00007ffcfb5e6c60
[  129.615335][ T3522] RBP: 0000000000000065 R08: 0000000000000000 R09: 0000000000000000
[  129.623275][ T3522] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffcfb5e6c60
[  129.631219][ T3522] R13: 00005555565df740 R14: 431bde82d7b634db R15: 00007ffcfb5e8de0
[  129.639164][ T3522]  </TASK>
[  129.642372][ T3522] Kernel Offset: disabled
[  129.646682][ T3522] Rebooting in 86400 seconds..