Warning: Permanently added '[localhost]:5268' (ED25519) to the list of known hosts.
executing program
syzkaller login: [ 85.795593][ T5092] loop0: detected capacity change from 0 to 2048
[ 85.803231][ T5092] EXT4-fs: Ignoring removed mblk_io_submit option
[ 85.813371][ T5092] EXT4-fs: Ignoring removed i_version option
[ 85.848212][ T5092] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 85.881783][ T5092] loop0: detected capacity change from 2048 to 2047
[ 85.901113][ T5091] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
executing program
[ 85.974424][ T5097] loop0: detected capacity change from 0 to 2048
[ 85.988653][ T5097] EXT4-fs: Ignoring removed mblk_io_submit option
[ 85.991229][ T5097] EXT4-fs: Ignoring removed i_version option
[ 86.014991][ T5097] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 86.051730][ T5097] loop0: detected capacity change from 2048 to 2047
[ 86.071110][ T5091] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
executing program
[ 86.133174][ T5100] loop0: detected capacity change from 0 to 2048
[ 86.143687][ T5100] EXT4-fs: Ignoring removed mblk_io_submit option
[ 86.146296][ T5100] EXT4-fs: Ignoring removed i_version option
[ 86.164577][ T5100] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 86.201820][ T5100] loop0: detected capacity change from 2048 to 2047
[ 86.214139][ T5091] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
executing program
[ 86.251264][ T5103] loop0: detected capacity change from 0 to 2048
[ 86.261339][ T5103] EXT4-fs: Ignoring removed mblk_io_submit option
[ 86.268405][ T5103] EXT4-fs: Ignoring removed i_version option
[ 86.284055][ T5103] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 86.311735][ T5103] loop0: detected capacity change from 2048 to 2047
[ 86.319414][ T5103] ==================================================================
[ 86.322940][ T5103] BUG: KASAN: use-after-free in ext4_search_dir+0xf2/0x1c0
[ 86.326133][ T5103] Read of size 1 at addr ffff88803e91130f by task syz-executor269/5103
[ 86.330582][ T5103]
[ 86.331694][ T5103] CPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0
[ 86.335622][ T5103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 86.339838][ T5103] Call Trace:
[ 86.341115][ T5103]
[ 86.342150][ T5103] dump_stack_lvl+0x241/0x360
[ 86.343701][ T5103] ? __pfx_dump_stack_lvl+0x10/0x10
[ 86.345472][ T5103] ? __pfx__printk+0x10/0x10
[ 86.347076][ T5103] ? _printk+0xd5/0x120
[ 86.348337][ T5103] ? __virt_addr_valid+0x183/0x530
[ 86.349802][ T5103] ? __virt_addr_valid+0x183/0x530
[ 86.351447][ T5103] print_report+0x169/0x550
[ 86.353116][ T5103] ? __virt_addr_valid+0x183/0x530
[ 86.354841][ T5103] ? __virt_addr_valid+0x183/0x530
[ 86.356729][ T5103] ? __virt_addr_valid+0x45f/0x530
[ 86.358585][ T5103] ? __phys_addr+0xba/0x170
[ 86.360258][ T5103] ? ext4_search_dir+0xf2/0x1c0
[ 86.362013][ T5103] kasan_report+0x143/0x180
[ 86.363697][ T5103] ? ext4_search_dir+0xf2/0x1c0
[ 86.365529][ T5103] ext4_search_dir+0xf2/0x1c0
[ 86.367307][ T5103] ext4_find_inline_entry+0x4be/0x5e0
[ 86.369325][ T5103] ? __pfx_ext4_find_inline_entry+0x10/0x10
[ 86.371612][ T5103] __ext4_find_entry+0x2b4/0x1b30
[ 86.373577][ T5103] ? ext4_fname_prepare_lookup+0x297/0x610
[ 86.375893][ T5103] ? __pfx_lock_release+0x10/0x10
[ 86.377774][ T5103] ? do_raw_spin_lock+0x14f/0x370
[ 86.379649][ T5103] ? __pfx___ext4_find_entry+0x10/0x10
[ 86.381640][ T5103] ? ext4_fname_prepare_lookup+0x47b/0x610
[ 86.383804][ T5103] ext4_lookup+0x15f/0x750
[ 86.385520][ T5103] ? d_alloc+0x142/0x190
[ 86.387161][ T5103] ? __pfx_lock_release+0x10/0x10
[ 86.389074][ T5103] ? do_raw_spin_lock+0x14f/0x370
[ 86.391015][ T5103] ? __pfx_ext4_lookup+0x10/0x10
[ 86.392883][ T5103] ? _raw_spin_unlock+0x28/0x50
[ 86.394746][ T5103] ? d_alloc+0x142/0x190
[ 86.396414][ T5103] lookup_one_qstr_excl+0x11f/0x260
[ 86.398453][ T5103] filename_create+0x297/0x540
[ 86.400240][ T5103] ? __pfx_filename_create+0x10/0x10
[ 86.402322][ T5103] ? __pfx_lock_release+0x10/0x10
[ 86.404190][ T5103] do_symlinkat+0xf9/0x3a0
[ 86.405907][ T5103] ? __phys_addr_symbol+0x2f/0x70
[ 86.407779][ T5103] ? __pfx_do_symlinkat+0x10/0x10
[ 86.409644][ T5103] ? getname_flags+0x1e3/0x540
[ 86.411400][ T5103] __x64_sys_symlinkat+0x95/0xb0
[ 86.413252][ T5103] do_syscall_64+0xf3/0x230
[ 86.414946][ T5103] ? clear_bhb_loop+0x35/0x90
[ 86.416762][ T5103] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.418965][ T5103] RIP: 0033:0x7f3e73ced469
[ 86.420612][ T5103] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 86.427754][ T5103] RSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a
[ 86.430989][ T5103] RAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469
[ 86.433861][ T5103] RDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0
[ 86.436772][ T5103] RBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290
[ 86.439721][ T5103] R10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c
[ 86.442572][ T5103] R13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0
[ 86.445205][ T5103]
[ 86.446306][ T5103]
[ 86.447156][ T5103] The buggy address belongs to the physical page:
[ 86.449422][ T5103] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x7fb7091d9 pfn:0x3e911
[ 86.452461][ T5103] flags: 0x4fff00000000000(node=1|zone=1|lastcpupid=0x7ff)
[ 86.454973][ T5103] raw: 04fff00000000000 dead000000000100 dead000000000122 0000000000000000
[ 86.458051][ T5103] raw: 00000007fb7091d9 0000000000000000 00000000ffffffff 0000000000000000
[ 86.461166][ T5103] page dumped because: kasan: bad access detected
[ 86.463671][ T5103] page_owner tracks the page as freed
[ 86.465683][ T5103] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 5083, tgid 5083 (sshd), ts 84338308196, free_ts 84419190442
[ 86.471271][ T5103] post_alloc_hook+0x1f3/0x230
[ 86.472757][ T5103] get_page_from_freelist+0x2e4c/0x2f10
[ 86.474592][ T5103] __alloc_pages_noprof+0x256/0x6c0
[ 86.476338][ T5103] alloc_pages_mpol_noprof+0x3e8/0x680
[ 86.478174][ T5103] vma_alloc_folio_noprof+0x12e/0x230
[ 86.479930][ T5103] folio_prealloc+0x31/0x170
[ 86.481659][ T5103] handle_pte_fault+0x255e/0x6fc0
[ 86.483504][ T5103] handle_mm_fault+0x1029/0x1980
[ 86.485329][ T5103] exc_page_fault+0x459/0x8c0
[ 86.487007][ T5103] asm_exc_page_fault+0x26/0x30
[ 86.488823][ T5103] page last free pid 5083 tgid 5083 stack trace:
[ 86.491110][ T5103] free_unref_folios+0x103a/0x1b00
[ 86.493005][ T5103] folios_put_refs+0x76e/0x860
[ 86.494772][ T5103] free_pages_and_swap_cache+0x2ea/0x690
[ 86.496891][ T5103] tlb_flush_mmu+0x3a3/0x680
[ 86.498626][ T5103] tlb_finish_mmu+0xd4/0x200
[ 86.500343][ T5103] unmap_region+0x2df/0x350
[ 86.501994][ T5103] do_vmi_align_munmap+0x1122/0x18c0
[ 86.503907][ T5103] do_vmi_munmap+0x261/0x2f0
[ 86.505635][ T5103] __vm_munmap+0x1fc/0x400
[ 86.507311][ T5103] __x64_sys_munmap+0x68/0x80
[ 86.509061][ T5103] do_syscall_64+0xf3/0x230
[ 86.510744][ T5103] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.512972][ T5103]
[ 86.513850][ T5103] Memory state around the buggy address:
[ 86.515965][ T5103] ffff88803e911200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 86.518969][ T5103] ffff88803e911280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 86.522016][ T5103] >ffff88803e911300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 86.525063][ T5103] ^
[ 86.526751][ T5103] ffff88803e911380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 86.529683][ T5103] ffff88803e911400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 86.532762][ T5103] ==================================================================
[ 86.547799][ T5103] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 86.550323][ T5103] CPU: 0 UID: 0 PID: 5103 Comm: syz-executor269 Not tainted 6.11.0-rc4-syzkaller #0
[ 86.553762][ T5103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 86.557508][ T5103] Call Trace:
[ 86.558646][ T5103]
[ 86.559651][ T5103] dump_stack_lvl+0x241/0x360
[ 86.561444][ T5103] ? __pfx_dump_stack_lvl+0x10/0x10
[ 86.563263][ T5103] ? __pfx__printk+0x10/0x10
[ 86.564905][ T5103] ? preempt_schedule+0xe1/0xf0
[ 86.566645][ T5103] ? vscnprintf+0x5d/0x90
[ 86.568147][ T5103] panic+0x349/0x860
[ 86.569631][ T5103] ? check_panic_on_warn+0x21/0xb0
[ 86.571615][ T5103] ? __pfx_panic+0x10/0x10
[ 86.572980][ T5103] ? _raw_spin_unlock_irqrestore+0x130/0x140
[ 86.574832][ T5103] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 86.577385][ T5103] ? print_report+0x502/0x550
[ 86.579123][ T5103] check_panic_on_warn+0x86/0xb0
[ 86.581054][ T5103] ? ext4_search_dir+0xf2/0x1c0
[ 86.582950][ T5103] end_report+0x77/0x160
[ 86.584547][ T5103] kasan_report+0x154/0x180
[ 86.586220][ T5103] ? ext4_search_dir+0xf2/0x1c0
[ 86.587933][ T5103] ext4_search_dir+0xf2/0x1c0
[ 86.589528][ T5103] ext4_find_inline_entry+0x4be/0x5e0
[ 86.591443][ T5103] ? __pfx_ext4_find_inline_entry+0x10/0x10
[ 86.593559][ T5103] __ext4_find_entry+0x2b4/0x1b30
[ 86.595282][ T5103] ? ext4_fname_prepare_lookup+0x297/0x610
[ 86.597431][ T5103] ? __pfx_lock_release+0x10/0x10
[ 86.599180][ T5103] ? do_raw_spin_lock+0x14f/0x370
[ 86.600958][ T5103] ? __pfx___ext4_find_entry+0x10/0x10
[ 86.602669][ T5103] ? ext4_fname_prepare_lookup+0x47b/0x610
[ 86.604541][ T5103] ext4_lookup+0x15f/0x750
[ 86.605945][ T5103] ? d_alloc+0x142/0x190
[ 86.607213][ T5103] ? __pfx_lock_release+0x10/0x10
[ 86.608610][ T5103] ? do_raw_spin_lock+0x14f/0x370
[ 86.609966][ T5103] ? __pfx_ext4_lookup+0x10/0x10
[ 86.611298][ T5103] ? _raw_spin_unlock+0x28/0x50
[ 86.612602][ T5103] ? d_alloc+0x142/0x190
[ 86.613766][ T5103] lookup_one_qstr_excl+0x11f/0x260
[ 86.615148][ T5103] filename_create+0x297/0x540
[ 86.616797][ T5103] ? __pfx_filename_create+0x10/0x10
[ 86.618605][ T5103] ? __pfx_lock_release+0x10/0x10
[ 86.620321][ T5103] do_symlinkat+0xf9/0x3a0
[ 86.621940][ T5103] ? __phys_addr_symbol+0x2f/0x70
[ 86.623797][ T5103] ? __pfx_do_symlinkat+0x10/0x10
[ 86.625569][ T5103] ? getname_flags+0x1e3/0x540
[ 86.627414][ T5103] __x64_sys_symlinkat+0x95/0xb0
[ 86.629221][ T5103] do_syscall_64+0xf3/0x230
[ 86.630787][ T5103] ? clear_bhb_loop+0x35/0x90
[ 86.632719][ T5103] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 86.635437][ T5103] RIP: 0033:0x7f3e73ced469
[ 86.637329][ T5103] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 86.644816][ T5103] RSP: 002b:00007fff4d40c258 EFLAGS: 00000246 ORIG_RAX: 000000000000010a
[ 86.647700][ T5103] RAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f3e73ced469
[ 86.651233][ T5103] RDX: 0000000020000200 RSI: 00000000ffffff9c RDI: 00000000200001c0
[ 86.654008][ T5103] RBP: 0000000000000000 R08: 00007fff4d40c290 R09: 00007fff4d40c290
[ 86.656820][ T5103] R10: 0023706f6f6c2f76 R11: 0000000000000246 R12: 00007fff4d40c27c
[ 86.659651][ T5103] R13: 0000000000000003 R14: 431bde82d7b634db R15: 00007fff4d40c2b0
[ 86.662503][ T5103]
[ 86.663862][ T5103] Kernel Offset: disabled
[ 86.665392][ T5103] Rebooting in 86400 seconds..
VM DIAGNOSIS:
07:24:59 Registers:
info registers vcpu 0
CPU#0
RAX=0000000000000066 RBX=ffffffff95258d40 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc9000b00ef50
R8 =ffffffff853f11bb R9 =1ffff110031bb046 R10=dffffc0000000000 R11=ffffffff853f1170
R12=dffffc0000000000 R13=0000000000000066 R14=0000000000000066 R15=00000000000003f8
RIP=ffffffff853f11ee RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055555d5a9380 ffffffff 00c00000
GS =0000 ffff888020800000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT= fffffe0000001000 0000007f
IDT= fffffe0000000000 00000fff
CR0=80050033 CR2=00007f3e73d650f8 CR3=00000000367d8000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fffffc00 Opmask01=0000000000000007 Opmask02=000000000000000f Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 085abe417f3400ec 93a8a362dfc84d90
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7272727272727272 7272727272727272
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffff000000 000000ff00000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffff000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff4d40b850 00007fff4d40b830
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 2323232323232323 2323232323232323
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000003070 6f6f6c2f7665642f
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001353 4c4c4f0c5546470c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000