Warning: Permanently added '10.128.10.48' (ED25519) to the list of known hosts. executing program executing program executing program [ 35.076388][ T30] audit: type=1400 audit(1716951009.107:66): avc: denied { execmem } for pid=300 comm="syz-executor291" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 35.092731][ T307] loop0: detected capacity change from 0 to 2048 [ 35.102203][ T30] audit: type=1400 audit(1716951009.107:67): avc: denied { read write } for pid=302 comm="syz-executor291" name="loop1" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 executing program executing program [ 35.126477][ T306] loop1: detected capacity change from 0 to 2048 [ 35.134322][ T309] loop4: detected capacity change from 0 to 2048 [ 35.140680][ T30] audit: type=1400 audit(1716951009.107:68): avc: denied { open } for pid=302 comm="syz-executor291" path="/dev/loop1" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 35.148655][ T308] loop3: detected capacity change from 0 to 2048 [ 35.172153][ T30] audit: type=1400 audit(1716951009.117:69): avc: denied { ioctl } for pid=302 comm="syz-executor291" path="/dev/loop1" dev="devtmpfs" ino=113 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 35.172569][ T310] loop2: detected capacity change from 0 to 2048 [ 35.200566][ T30] audit: type=1400 audit(1716951009.167:70): avc: denied { mounton } for pid=307 comm="syz-executor291" path="/root/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="sda1" ino=1926 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 35.211069][ T307] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 35.261177][ T30] audit: type=1400 audit(1716951009.297:71): avc: denied { mount } for pid=307 comm="syz-executor291" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 35.286553][ T30] audit: type=1400 audit(1716951009.317:72): avc: denied { mounton } for pid=310 comm="syz-executor291" path="/root/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 35.311872][ T306] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 35.341829][ T309] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 35.381649][ T30] audit: type=1400 audit(1716951009.377:73): avc: denied { write } for pid=307 comm="syz-executor291" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 35.404303][ T309] EXT4-fs error (device loop4): ext4_check_all_de:656: inode #12: block 5: comm syz-executor291: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=124 fake=0 executing program [ 35.423845][ T30] audit: type=1400 audit(1716951009.377:74): avc: denied { add_name } for pid=307 comm="syz-executor291" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 35.440889][ T308] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 35.445295][ T30] audit: type=1400 audit(1716951009.377:75): avc: denied { create } for pid=307 comm="syz-executor291" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 35.478719][ T310] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 35.543108][ T307] EXT4-fs error (device loop0): ext4_check_all_de:656: inode #12: block 5: comm syz-executor291: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=124 fake=0 [ 35.568313][ T308] ================================================================== [ 35.576221][ T308] BUG: KASAN: use-after-free in ext4_convert_inline_data_nolock+0x319/0xda0 [ 35.584716][ T308] Read of size 68 at addr ffff88811eaa80cf by task syz-executor291/308 executing program [ 35.590402][ T310] EXT4-fs error (device loop2): ext4_check_all_de:656: inode #12: block 5: comm syz-executor291: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=124 fake=0 [ 35.592784][ T308] [ 35.592791][ T308] CPU: 1 PID: 308 Comm: syz-executor291 Not tainted 5.15.149-syzkaller-00055-g424f92bcbe8f #0 [ 35.624465][ T308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 35.634460][ T308] Call Trace: [ 35.637595][ T308] [ 35.640358][ T308] dump_stack_lvl+0x151/0x1b7 [ 35.641678][ T306] EXT4-fs error (device loop1): ext4_check_all_de:656: inode #12: block 5: comm syz-executor291: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=124 fake=0 [ 35.644946][ T308] ? io_uring_drop_tctx_refs+0x190/0x190 [ 35.670019][ T308] ? panic+0x751/0x751 [ 35.673922][ T308] print_address_description+0x87/0x3b0 [ 35.679304][ T308] kasan_report+0x179/0x1c0 [ 35.683638][ T308] ? ext4_convert_inline_data_nolock+0x319/0xda0 executing program [ 35.689807][ T308] ? ext4_convert_inline_data_nolock+0x319/0xda0 [ 35.696052][ T308] kasan_check_range+0x293/0x2a0 [ 35.700824][ T308] ? ext4_convert_inline_data_nolock+0x319/0xda0 [ 35.706988][ T308] memcpy+0x2d/0x70 [ 35.710636][ T308] ext4_convert_inline_data_nolock+0x319/0xda0 [ 35.716625][ T308] ? ext4_add_dirent_to_inline+0x540/0x540 [ 35.722266][ T308] ext4_try_add_inline_entry+0x7ff/0xb60 [ 35.727735][ T308] ? __ext4_handle_dirty_metadata+0x2f1/0x830 [ 35.733643][ T308] ? ext4_da_write_inline_data_begin+0xc40/0xc40 executing program [ 35.739798][ T308] ? ext4_fname_setup_ci_filename+0x70/0x480 [ 35.745614][ T308] ext4_add_entry+0x6c2/0x12b0 [ 35.750218][ T308] ? ext4_inc_count+0x190/0x190 [ 35.754898][ T308] ? ext4_init_new_dir+0x7c8/0xa20 [ 35.759845][ T308] ? ext4_init_dot_dotdot+0x500/0x500 [ 35.765052][ T308] ? may_create+0x3d3/0x540 [ 35.769399][ T308] ext4_mkdir+0x54f/0xce0 [ 35.773563][ T308] ? ext4_symlink+0xed0/0xed0 [ 35.778075][ T308] ? selinux_inode_mkdir+0x22/0x30 [ 35.783019][ T308] ? security_inode_mkdir+0xbc/0x100 [ 35.788139][ T308] vfs_mkdir+0x3f6/0x610 [ 35.792230][ T308] do_mkdirat+0x1eb/0x450 [ 35.796400][ T308] ? vfs_mkdir+0x610/0x610 [ 35.800639][ T308] ? getname_flags+0x1fd/0x520 [ 35.805241][ T308] __x64_sys_mkdir+0x6e/0x80 [ 35.809668][ T308] do_syscall_64+0x3d/0xb0 [ 35.813919][ T308] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 35.819653][ T308] RIP: 0033:0x7f36d6360587 [ 35.823902][ T308] Code: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 35.843687][ T308] RSP: 002b:00007ffcc5753448 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 35.851936][ T308] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f36d6360587 [ 35.859745][ T308] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000580 [ 35.867554][ T308] RBP: 0000000020000580 R08: 0000000000000000 R09: 0000000000000000 [ 35.875365][ T308] R10: 00000000000f4240 R11: 0000000000000246 R12: 0000000000000000 [ 35.883181][ T308] R13: 00007ffcc57534e0 R14: 0000000000000000 R15: 0000000000000000 [ 35.890992][ T308] [ 35.893856][ T308] [ 35.896027][ T308] The buggy address belongs to the page: [ 35.901505][ T308] page:ffffea00047aaa00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x11eaa8 [ 35.911570][ T308] flags: 0x4000000000000000(zone=1) [ 35.916603][ T308] raw: 4000000000000000 ffffea00047ab748 ffffea0004474f08 0000000000000000 [ 35.925027][ T308] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 35.933433][ T308] page dumped because: kasan: bad access detected [ 35.939692][ T308] page_owner tracks the page as freed [ 35.944884][ T308] page last allocated via order 0, migratetype Movable, gfp_mask 0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 327, ts 35498273299, free_ts 35506324883 [ 35.960075][ T308] post_alloc_hook+0x1a3/0x1b0 [ 35.964678][ T308] prep_new_page+0x1b/0x110 [ 35.969014][ T308] get_page_from_freelist+0x3550/0x35d0 [ 35.974402][ T308] __alloc_pages+0x27e/0x8f0 [ 35.978825][ T308] handle_pte_fault+0xea0/0x24d0 [ 35.983599][ T308] do_handle_mm_fault+0x1ea9/0x23a0 [ 35.988631][ T308] exc_page_fault+0x3b5/0x830 [ 35.993146][ T308] asm_exc_page_fault+0x27/0x30 [ 35.997834][ T308] page last free stack trace: [ 36.002350][ T308] free_unref_page_prepare+0x7c8/0x7d0 [ 36.007641][ T308] free_unref_page_list+0x14b/0xa60 [ 36.012672][ T308] release_pages+0x1310/0x1370 [ 36.017268][ T308] free_pages_and_swap_cache+0x8a/0xa0 [ 36.022566][ T308] tlb_finish_mmu+0x177/0x320 [ 36.027077][ T308] unmap_region+0x304/0x350 [ 36.031420][ T308] __do_munmap+0x1421/0x1a90 [ 36.035860][ T308] __vm_munmap+0x166/0x2a0 [ 36.040183][ T308] __x64_sys_munmap+0x6b/0x80 [ 36.044695][ T308] do_syscall_64+0x3d/0xb0 [ 36.048959][ T308] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 36.054682][ T308] [ 36.056844][ T308] Memory state around the buggy address: [ 36.062316][ T308] ffff88811eaa7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.070396][ T308] ffff88811eaa8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.078385][ T308] >ffff88811eaa8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.086271][ T308] ^ executing program executing program executing program executing program executing program executing program executing program [ 36.092530][ T308] ffff88811eaa8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.100581][ T308] ffff88811eaa8180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 36.108566][ T308] ================================================================== [ 36.116453][ T308] Disabling lock debugging due to kernel taint executing program [ 36.150526][ T308] EXT4-fs error (device loop3): ext4_check_all_de:656: inode #12: block 5: comm syz-executor291: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=124 fake=0 executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program [ 40.218860][ T314] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 289: padding at end of block bitmap is not set executing program executing program executing program [ 40.268672][ T314] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 289: padding at end of block bitmap is not set [ 40.339042][ T314] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 289: padding at end of block bitmap is not set executing program executing program [ 40.380997][ T314] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 289: padding at end of block bitmap is not set executing program executing program executing program [ 40.461149][ T314] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 289: padding at end of block bitmap is not set executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program executing program