Warning: Permanently added '[localhost]:62342' (ED25519) to the list of known hosts. executing program [ 62.956580][ T5095] loop0: detected capacity change from 0 to 512 [ 62.990214][ T5095] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz-executor407: corrupted in-inode xattr: invalid ea_ino [ 63.002145][ T5095] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz-executor407: couldn't read orphan inode 15 (err -117) [ 63.008587][ T5095] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 63.020491][ T5095] ================================================================== [ 63.023013][ T5095] BUG: KASAN: use-after-free in ext4_insert_dentry+0x36a/0x6d0 [ 63.026611][ T5095] Write of size 251 at addr ffff88803f1f7f14 by task syz-executor407/5095 [ 63.030765][ T5095] [ 63.031725][ T5095] CPU: 0 UID: 0 PID: 5095 Comm: syz-executor407 Not tainted 6.12.0-rc4-syzkaller #0 [ 63.034815][ T5095] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 63.038500][ T5095] Call Trace: [ 63.039800][ T5095] [ 63.041027][ T5095] dump_stack_lvl+0x241/0x360 [ 63.042960][ T5095] ? __pfx_dump_stack_lvl+0x10/0x10 [ 63.044983][ T5095] ? __pfx__printk+0x10/0x10 [ 63.046777][ T5095] ? _printk+0xd5/0x120 [ 63.048431][ T5095] ? __virt_addr_valid+0x183/0x530 [ 63.050512][ T5095] ? __virt_addr_valid+0x183/0x530 [ 63.052898][ T5095] print_report+0x169/0x550 [ 63.054922][ T5095] ? __virt_addr_valid+0x183/0x530 [ 63.057326][ T5095] ? __virt_addr_valid+0x183/0x530 [ 63.059718][ T5095] ? __virt_addr_valid+0x45f/0x530 [ 63.062053][ T5095] ? __phys_addr+0xba/0x170 [ 63.064376][ T5095] ? ext4_insert_dentry+0x36a/0x6d0 [ 63.066786][ T5095] kasan_report+0x143/0x180 [ 63.068830][ T5095] ? ext4_insert_dentry+0x36a/0x6d0 [ 63.070869][ T5095] kasan_check_range+0x282/0x290 [ 63.072877][ T5095] ? ext4_insert_dentry+0x36a/0x6d0 [ 63.074936][ T5095] __asan_memcpy+0x40/0x70 [ 63.076767][ T5095] ext4_insert_dentry+0x36a/0x6d0 [ 63.078632][ T5095] add_dirent_to_buf+0x3d9/0x750 [ 63.080449][ T5095] ? __pfx_add_dirent_to_buf+0x10/0x10 [ 63.082651][ T5095] ? __ext4_handle_dirty_metadata+0x30d/0x820 [ 63.085086][ T5095] make_indexed_dir+0xf98/0x1600 [ 63.087044][ T5095] ? __pfx_make_indexed_dir+0x10/0x10 [ 63.089185][ T5095] ? add_dirent_to_buf+0x398/0x750 [ 63.091266][ T5095] ? __pfx_add_dirent_to_buf+0x10/0x10 [ 63.093504][ T5095] ? __ext4_read_dirblock+0x527/0x890 [ 63.095562][ T5095] ext4_add_entry+0x222a/0x25d0 [ 63.097511][ T5095] ? __pfx_ext4_initxattrs+0x10/0x10 [ 63.099536][ T5095] ? __pfx_security_inode_init_security+0x10/0x10 [ 63.102056][ T5095] ? rcu_is_watching+0x15/0xb0 [ 63.103932][ T5095] ? __brelse+0x59/0xa0 [ 63.105619][ T5095] ? __ext4_new_inode+0x380f/0x4380 [ 63.107776][ T5095] ? __pfx_ext4_add_entry+0x10/0x10 [ 63.109930][ T5095] ext4_add_nondir+0x8d/0x290 [ 63.111805][ T5095] ? ext4_symlink+0x6ce/0xb50 [ 63.113635][ T5095] ext4_symlink+0x920/0xb50 [ 63.115314][ T5095] ? __pfx_ext4_symlink+0x10/0x10 [ 63.117127][ T5095] ? generic_permission+0x1e0/0x550 [ 63.119032][ T5095] ? inode_permission+0xff/0x460 [ 63.120909][ T5095] ? bpf_lsm_inode_symlink+0x9/0x10 [ 63.122879][ T5095] ? security_inode_symlink+0xbe/0x330 [ 63.125139][ T5095] vfs_symlink+0x137/0x2e0 [ 63.126968][ T5095] do_symlinkat+0x222/0x3a0 [ 63.128830][ T5095] ? __pfx_do_symlinkat+0x10/0x10 [ 63.130744][ T5095] ? strncpy_from_user+0x131/0x250 [ 63.132705][ T5095] ? getname_flags+0x1e3/0x540 [ 63.134535][ T5095] __x64_sys_symlink+0x7a/0x90 [ 63.136413][ T5095] do_syscall_64+0xf3/0x230 [ 63.138197][ T5095] ? clear_bhb_loop+0x35/0x90 [ 63.140073][ T5095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.142421][ T5095] RIP: 0033:0x7fc65cf86b99 [ 63.144173][ T5095] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.151557][ T5095] RSP: 002b:00007ffca8aeb358 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 63.154639][ T5095] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fc65cf86b99 [ 63.157592][ T5095] RDX: 0000000000000000 RSI: 0000000020000cc0 RDI: 0000000020000dc0 [ 63.160461][ T5095] RBP: 00007fc65cffa5f0 R08: 00005555889c84c0 R09: 00005555889c84c0 [ 63.163605][ T5095] R10: 00005555889c84c0 R11: 0000000000000246 R12: 00007ffca8aeb380 [ 63.166701][ T5095] R13: 00007ffca8aeb5a8 R14: 431bde82d7b634db R15: 00007fc65cfcf03b [ 63.169747][ T5095] [ 63.170870][ T5095] [ 63.171693][ T5095] The buggy address belongs to the physical page: [ 63.173853][ T5095] page: refcount:3 mapcount:0 mapping:ffff888031cb4d78 index:0x3f pfn:0x3f1f7 [ 63.176823][ T5095] memcg:ffff888030476000 [ 63.178288][ T5095] aops:def_blk_aops ino:700000 dentry name(?):"" [ 63.181341][ T5095] flags: 0x4fff08000004214(referenced|dirty|workingset|private|node=1|zone=1|lastcpupid=0x7ff) [ 63.184716][ T5095] raw: 04fff08000004214 0000000000000000 dead000000000122 ffff888031cb4d78 [ 63.188093][ T5095] raw: 000000000000003f ffff8880454cc658 00000003ffffffff ffff888030476000 [ 63.191207][ T5095] page dumped because: kasan: bad access detected [ 63.193591][ T5095] page_owner tracks the page as allocated [ 63.195804][ T5095] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 5095, tgid 5095 (syz-executor407), ts 63020312683, free_ts 62616757387 [ 63.203292][ T5095] post_alloc_hook+0x1f3/0x230 [ 63.205182][ T5095] get_page_from_freelist+0x3045/0x3190 [ 63.207176][ T5095] __alloc_pages_noprof+0x292/0x710 [ 63.209138][ T5095] alloc_pages_mpol_noprof+0x3e8/0x680 [ 63.211263][ T5095] folio_alloc_noprof+0x128/0x180 [ 63.213175][ T5095] filemap_alloc_folio_noprof+0xdf/0x500 [ 63.215259][ T5095] __filemap_get_folio+0x446/0xbd0 [ 63.217180][ T5095] bdev_getblk+0x1d8/0x550 [ 63.218879][ T5095] ext4_getblk+0x303/0x800 [ 63.220436][ T5095] ext4_bread+0x2e/0x180 [ 63.221896][ T5095] ext4_append+0x327/0x5c0 [ 63.223533][ T5095] make_indexed_dir+0x523/0x1600 [ 63.225280][ T5095] ext4_add_entry+0x222a/0x25d0 [ 63.226836][ T5095] ext4_add_nondir+0x8d/0x290 [ 63.228411][ T5095] ext4_symlink+0x920/0xb50 [ 63.230064][ T5095] vfs_symlink+0x137/0x2e0 [ 63.231674][ T5095] page last free pid 5089 tgid 5089 stack trace: [ 63.233829][ T5095] free_unref_folios+0xf12/0x18d0 [ 63.235632][ T5095] folios_put_refs+0x76c/0x860 [ 63.237379][ T5095] free_pages_and_swap_cache+0x2ea/0x690 [ 63.239576][ T5095] tlb_flush_mmu+0x3a3/0x680 [ 63.241252][ T5095] tlb_finish_mmu+0xd4/0x200 [ 63.242985][ T5095] vms_clear_ptes+0x437/0x530 [ 63.244763][ T5095] vms_complete_munmap_vmas+0x208/0x910 [ 63.246844][ T5095] do_vmi_align_munmap+0x613/0x730 [ 63.248756][ T5095] do_vmi_munmap+0x24e/0x2d0 [ 63.250371][ T5095] __vm_munmap+0x24c/0x480 [ 63.252033][ T5095] __x64_sys_munmap+0x68/0x80 [ 63.253693][ T5095] do_syscall_64+0xf3/0x230 [ 63.255405][ T5095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.257587][ T5095] [ 63.258507][ T5095] Memory state around the buggy address: [ 63.260471][ T5095] ffff88803f1f7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.263445][ T5095] ffff88803f1f7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.266517][ T5095] >ffff88803f1f8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 63.269610][ T5095] ^ [ 63.271224][ T5095] ffff88803f1f8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 63.274483][ T5095] ffff88803f1f8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 63.277510][ T5095] ================================================================== [ 63.287672][ T5095] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 63.290368][ T5095] CPU: 0 UID: 0 PID: 5095 Comm: syz-executor407 Not tainted 6.12.0-rc4-syzkaller #0 [ 63.293885][ T5095] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 63.297917][ T5095] Call Trace: [ 63.299167][ T5095] [ 63.300261][ T5095] dump_stack_lvl+0x241/0x360 [ 63.302046][ T5095] ? __pfx_dump_stack_lvl+0x10/0x10 [ 63.303873][ T5095] ? __pfx__printk+0x10/0x10 [ 63.305550][ T5095] ? preempt_schedule+0xe1/0xf0 [ 63.307331][ T5095] ? vscnprintf+0x5d/0x90 [ 63.308947][ T5095] panic+0x349/0x880 [ 63.310446][ T5095] ? check_panic_on_warn+0x21/0xb0 [ 63.312220][ T5095] ? __pfx_panic+0x10/0x10 [ 63.313816][ T5095] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 63.316202][ T5095] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 63.318418][ T5095] ? print_report+0x502/0x550 [ 63.320235][ T5095] check_panic_on_warn+0x86/0xb0 [ 63.322218][ T5095] ? ext4_insert_dentry+0x36a/0x6d0 [ 63.324249][ T5095] end_report+0x77/0x160 [ 63.325884][ T5095] kasan_report+0x154/0x180 [ 63.327602][ T5095] ? ext4_insert_dentry+0x36a/0x6d0 [ 63.329588][ T5095] kasan_check_range+0x282/0x290 [ 63.331504][ T5095] ? ext4_insert_dentry+0x36a/0x6d0 [ 63.333498][ T5095] __asan_memcpy+0x40/0x70 [ 63.335299][ T5095] ext4_insert_dentry+0x36a/0x6d0 [ 63.337190][ T5095] add_dirent_to_buf+0x3d9/0x750 [ 63.338949][ T5095] ? __pfx_add_dirent_to_buf+0x10/0x10 [ 63.340881][ T5095] ? __ext4_handle_dirty_metadata+0x30d/0x820 [ 63.343168][ T5095] make_indexed_dir+0xf98/0x1600 [ 63.345055][ T5095] ? __pfx_make_indexed_dir+0x10/0x10 [ 63.346965][ T5095] ? add_dirent_to_buf+0x398/0x750 [ 63.348786][ T5095] ? __pfx_add_dirent_to_buf+0x10/0x10 [ 63.350839][ T5095] ? __ext4_read_dirblock+0x527/0x890 [ 63.352856][ T5095] ext4_add_entry+0x222a/0x25d0 [ 63.354775][ T5095] ? __pfx_ext4_initxattrs+0x10/0x10 [ 63.356867][ T5095] ? __pfx_security_inode_init_security+0x10/0x10 [ 63.359261][ T5095] ? rcu_is_watching+0x15/0xb0 [ 63.361092][ T5095] ? __brelse+0x59/0xa0 [ 63.362682][ T5095] ? __ext4_new_inode+0x380f/0x4380 [ 63.364740][ T5095] ? __pfx_ext4_add_entry+0x10/0x10 [ 63.366396][ T5095] ext4_add_nondir+0x8d/0x290 [ 63.368092][ T5095] ? ext4_symlink+0x6ce/0xb50 [ 63.369813][ T5095] ext4_symlink+0x920/0xb50 [ 63.371411][ T5095] ? __pfx_ext4_symlink+0x10/0x10 [ 63.373129][ T5095] ? generic_permission+0x1e0/0x550 [ 63.374805][ T5095] ? inode_permission+0xff/0x460 [ 63.376452][ T5095] ? bpf_lsm_inode_symlink+0x9/0x10 [ 63.378122][ T5095] ? security_inode_symlink+0xbe/0x330 [ 63.379994][ T5095] vfs_symlink+0x137/0x2e0 [ 63.381745][ T5095] do_symlinkat+0x222/0x3a0 [ 63.383510][ T5095] ? __pfx_do_symlinkat+0x10/0x10 [ 63.385455][ T5095] ? strncpy_from_user+0x131/0x250 [ 63.387357][ T5095] ? getname_flags+0x1e3/0x540 [ 63.389185][ T5095] __x64_sys_symlink+0x7a/0x90 [ 63.391100][ T5095] do_syscall_64+0xf3/0x230 [ 63.392614][ T5095] ? clear_bhb_loop+0x35/0x90 [ 63.394599][ T5095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 63.396819][ T5095] RIP: 0033:0x7fc65cf86b99 [ 63.398365][ T5095] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.406113][ T5095] RSP: 002b:00007ffca8aeb358 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 63.409477][ T5095] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fc65cf86b99 [ 63.412646][ T5095] RDX: 0000000000000000 RSI: 0000000020000cc0 RDI: 0000000020000dc0 [ 63.415560][ T5095] RBP: 00007fc65cffa5f0 R08: 00005555889c84c0 R09: 00005555889c84c0 [ 63.418449][ T5095] R10: 00005555889c84c0 R11: 0000000000000246 R12: 00007ffca8aeb380 [ 63.421428][ T5095] R13: 00007ffca8aeb5a8 R14: 431bde82d7b634db R15: 00007fc65cfcf03b [ 63.424520][ T5095] [ 63.426067][ T5095] Kernel Offset: disabled [ 63.427683][ T5095] Rebooting in 86400 seconds.. VM DIAGNOSIS: 23:28:52 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000074 RBX=ffffffff9a715e60 RCX=0000000000000000 RDX=00000000000003f8 RSI=0000000000000000 RDI=0000000000000020 RBP=0000000000000000 RSP=ffffc9000af36d90 R8 =ffffffff854a6e5b R9 =1ffff11003d79046 R10=dffffc0000000000 R11=ffffffff854a6e10 R12=dffffc0000000000 R13=ffffffff9a410f0b R14=0000000000000074 R15=00000000000003f8 RIP=ffffffff854a6e8e RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00005555889c7380 ffffffff 00c00000 GS =0000 ffff88801fc00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000561b168abd98 CR3=000000003f9bc000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=00000000ffffffff Opmask01=0000000000000007 Opmask02=000000000000000f Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7864696f6972702e 6f6972705f74656e ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 6565656565656565 6565656565656565 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7272727272727272 7272727272727272 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffca8aea950 00007ffca8aea930 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000034747865 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000