DUID 00:04:ef:eb:16:6a:bb:4b:eb:e8:98:52:3b:5c:58:f5:72:fb
forked to background, child pid 3214
[ 33.798343][ T3215] 8021q: adding VLAN 0 to HW filter on device bond0
[ 33.818536][ T3215] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.0.157' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 65.961404][ T3543] loop0: detected capacity change from 0 to 512
[ 65.970970][ T3543] EXT4-fs: Ignoring removed bh option
[ 65.979109][ T3543] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 65.993618][ T3543] EXT4-fs (loop0): 1 truncate cleaned up
[ 65.999689][ T3543] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 66.064607][ T3543] ==================================================================
[ 66.072699][ T3543] BUG: KASAN: use-after-free in ext4_search_dir+0xee/0x1b0
[ 66.079901][ T3543] Read of size 1 at addr ffff8880707743ed by task syz-executor361/3543
[ 66.088129][ T3543]
[ 66.090443][ T3543] CPU: 0 PID: 3543 Comm: syz-executor361 Not tainted 6.1.34-syzkaller #0
[ 66.098845][ T3543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 66.108891][ T3543] Call Trace:
[ 66.112161][ T3543]
[ 66.115103][ T3543] dump_stack_lvl+0x1e3/0x2cb
[ 66.119791][ T3543] ? nf_tcp_handle_invalid+0x642/0x642
[ 66.125249][ T3543] ? panic+0x75d/0x75d
[ 66.129320][ T3543] ? _printk+0xd1/0x111
[ 66.133472][ T3543] ? _raw_spin_lock_irqsave+0xac/0x120
[ 66.138927][ T3543] print_report+0x15f/0x4f0
[ 66.143431][ T3543] ? __virt_addr_valid+0x22b/0x2e0
[ 66.148552][ T3543] ? __phys_addr+0xb6/0x170
[ 66.153049][ T3543] ? ext4_search_dir+0xee/0x1b0
[ 66.157894][ T3543] kasan_report+0x136/0x160
[ 66.162394][ T3543] ? __might_sleep+0xb0/0xb0
[ 66.166978][ T3543] ? ext4_search_dir+0xee/0x1b0
[ 66.171827][ T3543] ext4_search_dir+0xee/0x1b0
[ 66.176501][ T3543] ext4_find_inline_entry+0x4b6/0x5e0
[ 66.181874][ T3543] ? ext4_try_create_inline_dir+0x320/0x320
[ 66.187761][ T3543] ? tomoyo_path_number_perm+0x657/0x7b0
[ 66.193398][ T3543] __ext4_find_entry+0x2b0/0x1b20
[ 66.198417][ T3543] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 66.203867][ T3543] ? ext4_fname_setup_ci_filename+0x67/0x490
[ 66.209838][ T3543] ? ext4_ci_compare+0x660/0x660
[ 66.214771][ T3543] ? ext4_fname_prepare_lookup+0x2ea/0x400
[ 66.220580][ T3543] ext4_lookup+0x176/0x740
[ 66.224990][ T3543] ? ext4_add_entry+0x1010/0x1010
[ 66.230007][ T3543] ? from_kgid+0x1a3/0x730
[ 66.234426][ T3543] ? generic_permission+0x21c/0x4f0
[ 66.239622][ T3543] ? inode_permission+0xf7/0x450
[ 66.244555][ T3543] ? bpf_lsm_inode_create+0x5/0x10
[ 66.249668][ T3543] ? security_inode_create+0xb4/0x100
[ 66.255036][ T3543] ? ext4_add_entry+0x1010/0x1010
[ 66.260059][ T3543] path_openat+0x10fb/0x2e60
[ 66.264655][ T3543] ? do_filp_open+0x480/0x480
[ 66.269332][ T3543] do_filp_open+0x230/0x480
[ 66.273834][ T3543] ? vfs_tmpfile+0x4a0/0x4a0
[ 66.278429][ T3543] ? _raw_spin_unlock+0x24/0x40
[ 66.283274][ T3543] ? alloc_fd+0x59c/0x640
[ 66.287597][ T3543] do_sys_openat2+0x13b/0x500
[ 66.292275][ T3543] ? do_sys_open+0x220/0x220
[ 66.296863][ T3543] ? xfd_validate_state+0x6a/0x140
[ 66.301966][ T3543] ? restore_fpregs_from_fpstate+0xfc/0x230
[ 66.307859][ T3543] __x64_sys_open+0x221/0x270
[ 66.312537][ T3543] ? do_sys_openat2+0x500/0x500
[ 66.317408][ T3543] ? syscall_enter_from_user_mode+0x2e/0x220
[ 66.323391][ T3543] ? lockdep_hardirqs_on+0x94/0x130
[ 66.328588][ T3543] ? syscall_enter_from_user_mode+0x2e/0x220
[ 66.334580][ T3543] do_syscall_64+0x3d/0xb0
[ 66.338995][ T3543] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.344875][ T3543] RIP: 0033:0x7f32c086f2d9
[ 66.349275][ T3543] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 66.368865][ T3543] RSP: 002b:00007fff59504138 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 66.377267][ T3543] RAX: ffffffffffffffda RBX: 00007fff59504178 RCX: 00007f32c086f2d9
[ 66.385224][ T3543] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100
[ 66.393183][ T3543] RBP: 0000000000000000 R08: 000000000001f210 R09: 0000000000000000
[ 66.401136][ T3543] R10: 00007f32b0061000 R11: 0000000000000246 R12: 00007fff59504170
[ 66.409096][ T3543] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000
[ 66.417066][ T3543]
[ 66.420073][ T3543]
[ 66.422382][ T3543] The buggy address belongs to the physical page:
[ 66.428773][ T3543] page:ffffea0001c1dd00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x70774
[ 66.438915][ T3543] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 66.446007][ T3543] raw: 00fff00000000000 ffffea0001c1dd48 ffffea0001c1dc88 0000000000000000
[ 66.454574][ T3543] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
[ 66.463137][ T3543] page dumped because: kasan: bad access detected
[ 66.469529][ T3543] page_owner tracks the page as freed
[ 66.474874][ T3543] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 3543, tgid 3543 (syz-executor361), ts 66021111866, free_ts 66049240361
[ 66.493780][ T3543] post_alloc_hook+0x18d/0x1b0
[ 66.498553][ T3543] get_page_from_freelist+0x32ed/0x3480
[ 66.504091][ T3543] __alloc_pages+0x28d/0x770
[ 66.508662][ T3543] __folio_alloc+0xf/0x30
[ 66.512973][ T3543] vma_alloc_folio+0x486/0x990
[ 66.517731][ T3543] handle_mm_fault+0x2e85/0x5330
[ 66.522663][ T3543] exc_page_fault+0x58d/0x790
[ 66.527353][ T3543] asm_exc_page_fault+0x22/0x30
[ 66.532191][ T3543] page last free stack trace:
[ 66.536850][ T3543] free_unref_page_prepare+0xf63/0x1120
[ 66.542393][ T3543] free_unref_page_list+0x107/0x810
[ 66.547588][ T3543] release_pages+0x2836/0x2b40
[ 66.552349][ T3543] tlb_flush_mmu+0xfc/0x210
[ 66.556848][ T3543] tlb_finish_mmu+0xce/0x1f0
[ 66.561431][ T3543] unmap_region+0x29f/0x2f0
[ 66.565924][ T3543] do_mas_align_munmap+0xe98/0x15e0
[ 66.571116][ T3543] do_mas_munmap+0x246/0x2b0
[ 66.575698][ T3543] __vm_munmap+0x268/0x370
[ 66.580120][ T3543] __x64_sys_munmap+0x5c/0x70
[ 66.584791][ T3543] do_syscall_64+0x3d/0xb0
[ 66.589199][ T3543] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.595079][ T3543]
[ 66.597384][ T3543] Memory state around the buggy address:
[ 66.602996][ T3543] ffff888070774280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 66.611042][ T3543] ffff888070774300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 66.619092][ T3543] >ffff888070774380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 66.627130][ T3543] ^
[ 66.634564][ T3543] ffff888070774400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 66.642632][ T3543] ffff888070774480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 66.650676][ T3543] ==================================================================
[ 66.659047][ T3543] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 66.666272][ T3543] CPU: 1 PID: 3543 Comm: syz-executor361 Not tainted 6.1.34-syzkaller #0
[ 66.674701][ T3543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
[ 66.684760][ T3543] Call Trace:
[ 66.688042][ T3543]
[ 66.690970][ T3543] dump_stack_lvl+0x1e3/0x2cb
[ 66.695743][ T3543] ? nf_tcp_handle_invalid+0x642/0x642
[ 66.701208][ T3543] ? panic+0x75d/0x75d
[ 66.705281][ T3543] ? preempt_schedule_common+0xa6/0xd0
[ 66.710743][ T3543] ? vscnprintf+0x59/0x80
[ 66.715076][ T3543] panic+0x318/0x75d
[ 66.718978][ T3543] ? check_panic_on_warn+0x1d/0xa0
[ 66.724086][ T3543] ? memcpy_page_flushcache+0xfc/0xfc
[ 66.729460][ T3543] ? _raw_spin_unlock_irqrestore+0x128/0x130
[ 66.735434][ T3543] ? _raw_spin_unlock+0x40/0x40
[ 66.740281][ T3543] check_panic_on_warn+0x7e/0xa0
[ 66.745215][ T3543] ? ext4_search_dir+0xee/0x1b0
[ 66.750063][ T3543] end_report+0x66/0x110
[ 66.754307][ T3543] kasan_report+0x143/0x160
[ 66.758810][ T3543] ? __might_sleep+0xb0/0xb0
[ 66.763397][ T3543] ? ext4_search_dir+0xee/0x1b0
[ 66.768248][ T3543] ext4_search_dir+0xee/0x1b0
[ 66.772928][ T3543] ext4_find_inline_entry+0x4b6/0x5e0
[ 66.778300][ T3543] ? ext4_try_create_inline_dir+0x320/0x320
[ 66.784196][ T3543] ? tomoyo_path_number_perm+0x657/0x7b0
[ 66.789842][ T3543] __ext4_find_entry+0x2b0/0x1b20
[ 66.794872][ T3543] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 66.800342][ T3543] ? ext4_fname_setup_ci_filename+0x67/0x490
[ 66.806326][ T3543] ? ext4_ci_compare+0x660/0x660
[ 66.811288][ T3543] ? ext4_fname_prepare_lookup+0x2ea/0x400
[ 66.817106][ T3543] ext4_lookup+0x176/0x740
[ 66.821519][ T3543] ? ext4_add_entry+0x1010/0x1010
[ 66.826539][ T3543] ? from_kgid+0x1a3/0x730
[ 66.830968][ T3543] ? generic_permission+0x21c/0x4f0
[ 66.836192][ T3543] ? inode_permission+0xf7/0x450
[ 66.841136][ T3543] ? bpf_lsm_inode_create+0x5/0x10
[ 66.846253][ T3543] ? security_inode_create+0xb4/0x100
[ 66.851622][ T3543] ? ext4_add_entry+0x1010/0x1010
[ 66.856653][ T3543] path_openat+0x10fb/0x2e60
[ 66.861254][ T3543] ? do_filp_open+0x480/0x480
[ 66.865937][ T3543] do_filp_open+0x230/0x480
[ 66.870443][ T3543] ? vfs_tmpfile+0x4a0/0x4a0
[ 66.875044][ T3543] ? _raw_spin_unlock+0x24/0x40
[ 66.879893][ T3543] ? alloc_fd+0x59c/0x640
[ 66.884223][ T3543] do_sys_openat2+0x13b/0x500
[ 66.888902][ T3543] ? do_sys_open+0x220/0x220
[ 66.893489][ T3543] ? xfd_validate_state+0x6a/0x140
[ 66.898595][ T3543] ? restore_fpregs_from_fpstate+0xfc/0x230
[ 66.904489][ T3543] __x64_sys_open+0x221/0x270
[ 66.909169][ T3543] ? do_sys_openat2+0x500/0x500
[ 66.914020][ T3543] ? syscall_enter_from_user_mode+0x2e/0x220
[ 66.919998][ T3543] ? lockdep_hardirqs_on+0x94/0x130
[ 66.925197][ T3543] ? syscall_enter_from_user_mode+0x2e/0x220
[ 66.931177][ T3543] do_syscall_64+0x3d/0xb0
[ 66.935588][ T3543] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 66.941477][ T3543] RIP: 0033:0x7f32c086f2d9
[ 66.945886][ T3543] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 66.965487][ T3543] RSP: 002b:00007fff59504138 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 66.973896][ T3543] RAX: ffffffffffffffda RBX: 00007fff59504178 RCX: 00007f32c086f2d9
[ 66.981864][ T3543] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100
[ 66.989834][ T3543] RBP: 0000000000000000 R08: 000000000001f210 R09: 0000000000000000
[ 66.997797][ T3543] R10: 00007f32b0061000 R11: 0000000000000246 R12: 00007fff59504170
[ 67.005758][ T3543] R13: 0000000000000000 R14: 431bde82d7b634db R15: 0000000000000000
[ 67.013725][ T3543]
[ 67.017014][ T3543] Kernel Offset: disabled
[ 67.021336][ T3543] Rebooting in 86400 seconds..