DUID 00:04:48:2f:83:80:5e:82:2f:af:2e:03:8c:bf:d4:14:8e:03
forked to background, child pid 4658
[ 41.941676][ T4659] 8021q: adding VLAN 0 to HW filter on device bond0
[ 41.952900][ T4659] eql: remember to turn off Van-Jacobson compression on your slave devices
Starting sshd: OK
syzkaller
Warning: Permanently added '10.128.1.108' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 68.073299][ T4989] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=4989 'syz-executor303'
[ 68.089749][ T4989] loop0: detected capacity change from 0 to 512
[ 68.098403][ T4989] EXT4-fs: Ignoring removed bh option
[ 68.106240][ T4989] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 68.121694][ T4989] EXT4-fs (loop0): 1 truncate cleaned up
[ 68.127909][ T4989] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 68.200872][ T4989] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor303: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0
executing program
[ 68.253824][ T4988] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 68.305369][ T4993] loop0: detected capacity change from 0 to 512
[ 68.313089][ T4993] EXT4-fs: Ignoring removed bh option
[ 68.319609][ T4993] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 68.331732][ T4993] EXT4-fs (loop0): 1 truncate cleaned up
[ 68.337505][ T4993] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
executing program
[ 68.415980][ T4993] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor303: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0
[ 68.453309][ T4988] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 68.490926][ T4995] loop0: detected capacity change from 0 to 512
[ 68.499237][ T4995] EXT4-fs: Ignoring removed bh option
[ 68.505647][ T4995] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 68.517163][ T4995] EXT4-fs (loop0): 1 truncate cleaned up
[ 68.522861][ T4995] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 68.602939][ T4995] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor303: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0
[ 68.639294][ T4988] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
executing program
[ 68.689910][ T4997] loop0: detected capacity change from 0 to 512
[ 68.697596][ T4997] EXT4-fs: Ignoring removed bh option
[ 68.703615][ T4997] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 68.715385][ T4997] EXT4-fs (loop0): 1 truncate cleaned up
[ 68.724466][ T4997] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 68.790005][ T4997] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor303: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0
executing program
[ 68.834926][ T4988] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 68.877989][ T4999] loop0: detected capacity change from 0 to 512
[ 68.886163][ T4999] EXT4-fs: Ignoring removed bh option
[ 68.892569][ T4999] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[ 68.905621][ T4999] EXT4-fs (loop0): 1 truncate cleaned up
[ 68.911364][ T4999] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 68.978162][ T4999] ==================================================================
[ 68.986288][ T4999] BUG: KASAN: slab-out-of-bounds in ext4_search_dir+0xf2/0x1b0
[ 68.993895][ T4999] Read of size 1 at addr ffff88801f58d3ed by task syz-executor303/4999
[ 69.002137][ T4999]
[ 69.004468][ T4999] CPU: 0 PID: 4999 Comm: syz-executor303 Not tainted 6.4.0-rc2-syzkaller #0
[ 69.013230][ T4999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[ 69.023300][ T4999] Call Trace:
[ 69.026667][ T4999]
[ 69.029605][ T4999] dump_stack_lvl+0x1e7/0x2d0
[ 69.034303][ T4999] ? nf_tcp_handle_invalid+0x650/0x650
[ 69.039867][ T4999] ? panic+0x770/0x770
[ 69.044025][ T4999] ? _printk+0xd5/0x120
[ 69.048184][ T4999] print_report+0x163/0x540
[ 69.052690][ T4999] ? __virt_addr_valid+0x22f/0x2e0
[ 69.057809][ T4999] ? __phys_addr+0xba/0x170
[ 69.062319][ T4999] ? ext4_search_dir+0xf2/0x1b0
[ 69.067177][ T4999] kasan_report+0x176/0x1b0
[ 69.071682][ T4999] ? ext4_search_dir+0xf2/0x1b0
[ 69.076559][ T4999] ext4_search_dir+0xf2/0x1b0
[ 69.081256][ T4999] ext4_find_inline_entry+0x4ba/0x5e0
[ 69.086641][ T4999] ? ext4_try_create_inline_dir+0x320/0x320
[ 69.092542][ T4999] ? tomoyo_path_number_perm+0x6e4/0x840
[ 69.098183][ T4999] __ext4_find_entry+0x2b4/0x1b30
[ 69.103226][ T4999] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 69.108691][ T4999] ? ext4_fname_setup_ci_filename+0x6b/0x490
[ 69.114680][ T4999] ? ext4_ci_compare+0x660/0x660
[ 69.119638][ T4999] ? ext4_fname_prepare_lookup+0x2ee/0x400
[ 69.125476][ T4999] ? smk_tskacc+0x2ff/0x360
[ 69.129989][ T4999] ext4_lookup+0x17a/0x750
[ 69.134407][ T4999] ? smack_inode_rename+0x310/0x310
[ 69.139609][ T4999] ? ext4_add_entry+0x1010/0x1010
[ 69.144659][ T4999] ? generic_permission+0x1df/0x550
[ 69.149895][ T4999] ? bpf_lsm_inode_create+0x9/0x10
[ 69.155017][ T4999] ? security_inode_create+0xb8/0x100
[ 69.160413][ T4999] ? ext4_add_entry+0x1010/0x1010
[ 69.165445][ T4999] path_openat+0x11e9/0x3170
[ 69.170052][ T4999] ? do_filp_open+0x490/0x490
[ 69.174740][ T4999] do_filp_open+0x234/0x490
[ 69.179262][ T4999] ? vfs_tmpfile+0x4a0/0x4a0
[ 69.183892][ T4999] ? _raw_spin_unlock+0x28/0x40
[ 69.188772][ T4999] ? alloc_fd+0x59c/0x640
[ 69.193211][ T4999] do_sys_openat2+0x13f/0x500
[ 69.197897][ T4999] ? do_sys_open+0x230/0x230
[ 69.202488][ T4999] ? xfd_validate_state+0x6e/0x150
[ 69.207606][ T4999] ? restore_fpregs_from_fpstate+0x100/0x250
[ 69.213590][ T4999] __x64_sys_open+0x225/0x270
[ 69.218270][ T4999] ? do_sys_openat2+0x500/0x500
[ 69.223141][ T4999] ? syscall_enter_from_user_mode+0x32/0x230
[ 69.229123][ T4999] ? lockdep_hardirqs_on+0x98/0x140
[ 69.234319][ T4999] ? syscall_enter_from_user_mode+0x32/0x230
[ 69.240399][ T4999] do_syscall_64+0x41/0xc0
[ 69.244823][ T4999] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.250807][ T4999] RIP: 0033:0x7fd8cce6ccf9
[ 69.255233][ T4999] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 69.274847][ T4999] RSP: 002b:00007fff8e028488 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 69.283975][ T4999] RAX: ffffffffffffffda RBX: 0000000000010c1d RCX: 00007fd8cce6ccf9
[ 69.292134][ T4999] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100
[ 69.300285][ T4999] RBP: 0000000000000000 R08: 000000000001f210 R09: 00000000200012c0
[ 69.308481][ T4999] R10: 00007fd8bc65f000 R11: 0000000000000246 R12: 00007fff8e0284bc
[ 69.316457][ T4999] R13: 00007fff8e0284f0 R14: 00007fff8e0284d0 R15: 0000000000000004
[ 69.324455][ T4999]
[ 69.327478][ T4999]
[ 69.329802][ T4999] Allocated by task 4730:
[ 69.334118][ T4999] kasan_set_track+0x4f/0x70
[ 69.338728][ T4999] __kasan_slab_alloc+0x66/0x70
[ 69.343667][ T4999] slab_post_alloc_hook+0x68/0x3a0
[ 69.348773][ T4999] kmem_cache_alloc_bulk+0x3d2/0x4b0
[ 69.354053][ T4999] mas_alloc_nodes+0x3df/0x800
[ 69.358820][ T4999] mas_preallocate+0x131/0x350
[ 69.363670][ T4999] __split_vma+0x1e0/0x7f0
[ 69.368082][ T4999] do_vmi_align_munmap+0x4ac/0x1820
[ 69.373272][ T4999] do_vmi_munmap+0x24a/0x2b0
[ 69.377863][ T4999] mmap_region+0x811/0x2250
[ 69.382370][ T4999] do_mmap+0x8c9/0xf70
[ 69.386437][ T4999] vm_mmap_pgoff+0x1db/0x410
[ 69.391024][ T4999] ksys_mmap_pgoff+0x4f9/0x6d0
[ 69.395811][ T4999] do_syscall_64+0x41/0xc0
[ 69.400243][ T4999] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.406133][ T4999]
[ 69.408487][ T4999] Freed by task 4730:
[ 69.412551][ T4999] kasan_set_track+0x4f/0x70
[ 69.417140][ T4999] kasan_save_free_info+0x2b/0x40
[ 69.422182][ T4999] ____kasan_slab_free+0xd6/0x120
[ 69.427291][ T4999] kmem_cache_free_bulk+0x506/0x760
[ 69.432480][ T4999] mas_destroy+0x1c50/0x2310
[ 69.437089][ T4999] mas_store_prealloc+0x351/0x460
[ 69.442241][ T4999] vma_complete+0x1ec/0xb40
[ 69.447276][ T4999] __split_vma+0x7c2/0x7f0
[ 69.451696][ T4999] do_vmi_align_munmap+0x4ac/0x1820
[ 69.456899][ T4999] do_vmi_munmap+0x24a/0x2b0
[ 69.461504][ T4999] mmap_region+0x811/0x2250
[ 69.466025][ T4999] do_mmap+0x8c9/0xf70
[ 69.470093][ T4999] vm_mmap_pgoff+0x1db/0x410
[ 69.474706][ T4999] ksys_mmap_pgoff+0x4f9/0x6d0
[ 69.479550][ T4999] do_syscall_64+0x41/0xc0
[ 69.483995][ T4999] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.489907][ T4999]
[ 69.492230][ T4999] The buggy address belongs to the object at ffff88801f58d200
[ 69.492230][ T4999] which belongs to the cache maple_node of size 256
[ 69.507246][ T4999] The buggy address is located 237 bytes to the right of
[ 69.507246][ T4999] allocated 256-byte region [ffff88801f58d200, ffff88801f58d300)
[ 69.521911][ T4999]
[ 69.524257][ T4999] The buggy address belongs to the physical page:
[ 69.530670][ T4999] page:ffffea00007d6300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1f58c
[ 69.540832][ T4999] head:ffffea00007d6300 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 69.549775][ T4999] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 69.558534][ T4999] page_type: 0xffffffff()
[ 69.562860][ T4999] raw: 00fff00000010200 ffff888012e4d000 dead000000000122 0000000000000000
[ 69.571620][ T4999] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[ 69.580207][ T4999] page dumped because: kasan: bad access detected
[ 69.586617][ T4999] page_owner tracks the page as allocated
[ 69.592361][ T4999] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4730, tgid 4730 (S50sshd), ts 42005657182, free_ts 36967331489
[ 69.613294][ T4999] post_alloc_hook+0x1e6/0x210
[ 69.618082][ T4999] get_page_from_freelist+0x321c/0x33a0
[ 69.623626][ T4999] __alloc_pages+0x255/0x670
[ 69.628214][ T4999] alloc_slab_page+0x6a/0x160
[ 69.632896][ T4999] new_slab+0x84/0x2f0
[ 69.636985][ T4999] ___slab_alloc+0xa85/0x10a0
[ 69.641683][ T4999] kmem_cache_alloc_bulk+0x196/0x4b0
[ 69.646962][ T4999] mas_alloc_nodes+0x3df/0x800
[ 69.651748][ T4999] mas_preallocate+0x131/0x350
[ 69.656601][ T4999] mmap_region+0x1342/0x2250
[ 69.661186][ T4999] do_mmap+0x8c9/0xf70
[ 69.665260][ T4999] vm_mmap_pgoff+0x1db/0x410
[ 69.669866][ T4999] ksys_mmap_pgoff+0x4f9/0x6d0
[ 69.674641][ T4999] do_syscall_64+0x41/0xc0
[ 69.679078][ T4999] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.685003][ T4999] page last free stack trace:
[ 69.689681][ T4999] free_unref_page_prepare+0x903/0xa30
[ 69.695240][ T4999] free_unref_page+0x37/0x3f0
[ 69.699999][ T4999] qlist_free_all+0x22/0x60
[ 69.704505][ T4999] kasan_quarantine_reduce+0x14b/0x160
[ 69.709965][ T4999] __kasan_slab_alloc+0x23/0x70
[ 69.714815][ T4999] slab_post_alloc_hook+0x68/0x3a0
[ 69.720007][ T4999] kmem_cache_alloc_lru+0x11f/0x2e0
[ 69.725201][ T4999] __d_alloc+0x31/0x710
[ 69.729353][ T4999] d_alloc_parallel+0xce/0x13a0
[ 69.734285][ T4999] path_openat+0x90e/0x3170
[ 69.738798][ T4999] do_filp_open+0x234/0x490
[ 69.743384][ T4999] do_sys_openat2+0x13f/0x500
[ 69.748065][ T4999] __x64_sys_openat+0x247/0x290
[ 69.753714][ T4999] do_syscall_64+0x41/0xc0
[ 69.758133][ T4999] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 69.764033][ T4999]
[ 69.766525][ T4999] Memory state around the buggy address:
[ 69.772150][ T4999] ffff88801f58d280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.780226][ T4999] ffff88801f58d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 69.788301][ T4999] >ffff88801f58d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 69.796356][ T4999] ^
[ 69.803803][ T4999] ffff88801f58d400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.811858][ T4999] ffff88801f58d480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 69.820044][ T4999] ==================================================================
[ 69.828914][ T4999] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 69.836143][ T4999] CPU: 0 PID: 4999 Comm: syz-executor303 Not tainted 6.4.0-rc2-syzkaller #0
[ 69.844839][ T4999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/28/2023
[ 69.854903][ T4999] Call Trace:
[ 69.858293][ T4999]
[ 69.861224][ T4999] dump_stack_lvl+0x1e7/0x2d0
[ 69.866006][ T4999] ? nf_tcp_handle_invalid+0x650/0x650
[ 69.871766][ T4999] ? panic+0x770/0x770
[ 69.875853][ T4999] ? vscnprintf+0x5d/0x80
[ 69.880197][ T4999] panic+0x30f/0x770
[ 69.884352][ T4999] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 69.890514][ T4999] ? check_panic_on_warn+0x21/0xa0
[ 69.895633][ T4999] ? __memcpy_flushcache+0x2b0/0x2b0
[ 69.900934][ T4999] ? _raw_spin_unlock_irqrestore+0x12c/0x140
[ 69.906928][ T4999] ? _raw_spin_unlock+0x40/0x40
[ 69.911810][ T4999] check_panic_on_warn+0x82/0xa0
[ 69.916792][ T4999] ? ext4_search_dir+0xf2/0x1b0
[ 69.921660][ T4999] end_report+0x63/0x110
[ 69.925913][ T4999] kasan_report+0x183/0x1b0
[ 69.930424][ T4999] ? ext4_search_dir+0xf2/0x1b0
[ 69.935282][ T4999] ext4_search_dir+0xf2/0x1b0
[ 69.939990][ T4999] ext4_find_inline_entry+0x4ba/0x5e0
[ 69.945381][ T4999] ? ext4_try_create_inline_dir+0x320/0x320
[ 69.951378][ T4999] ? tomoyo_path_number_perm+0x6e4/0x840
[ 69.957024][ T4999] __ext4_find_entry+0x2b4/0x1b30
[ 69.962161][ T4999] ? tomoyo_check_path_acl+0x1c0/0x1c0
[ 69.967628][ T4999] ? ext4_fname_setup_ci_filename+0x6b/0x490
[ 69.973622][ T4999] ? ext4_ci_compare+0x660/0x660
[ 69.978563][ T4999] ? ext4_fname_prepare_lookup+0x2ee/0x400
[ 69.984467][ T4999] ? smk_tskacc+0x2ff/0x360
[ 69.988983][ T4999] ext4_lookup+0x17a/0x750
[ 69.993427][ T4999] ? smack_inode_rename+0x310/0x310
[ 69.998640][ T4999] ? ext4_add_entry+0x1010/0x1010
[ 70.003682][ T4999] ? generic_permission+0x1df/0x550
[ 70.008881][ T4999] ? bpf_lsm_inode_create+0x9/0x10
[ 70.013990][ T4999] ? security_inode_create+0xb8/0x100
[ 70.019362][ T4999] ? ext4_add_entry+0x1010/0x1010
[ 70.024390][ T4999] path_openat+0x11e9/0x3170
[ 70.029168][ T4999] ? do_filp_open+0x490/0x490
[ 70.033860][ T4999] do_filp_open+0x234/0x490
[ 70.038370][ T4999] ? vfs_tmpfile+0x4a0/0x4a0
[ 70.042971][ T4999] ? _raw_spin_unlock+0x28/0x40
[ 70.047833][ T4999] ? alloc_fd+0x59c/0x640
[ 70.052171][ T4999] do_sys_openat2+0x13f/0x500
[ 70.056864][ T4999] ? do_sys_open+0x230/0x230
[ 70.061453][ T4999] ? xfd_validate_state+0x6e/0x150
[ 70.066566][ T4999] ? restore_fpregs_from_fpstate+0x100/0x250
[ 70.072648][ T4999] __x64_sys_open+0x225/0x270
[ 70.077346][ T4999] ? do_sys_openat2+0x500/0x500
[ 70.082212][ T4999] ? syscall_enter_from_user_mode+0x32/0x230
[ 70.088204][ T4999] ? lockdep_hardirqs_on+0x98/0x140
[ 70.093421][ T4999] ? syscall_enter_from_user_mode+0x32/0x230
[ 70.099422][ T4999] do_syscall_64+0x41/0xc0
[ 70.103859][ T4999] entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 70.109770][ T4999] RIP: 0033:0x7fd8cce6ccf9
[ 70.114398][ T4999] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 70.134030][ T4999] RSP: 002b:00007fff8e028488 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 70.142454][ T4999] RAX: ffffffffffffffda RBX: 0000000000010c1d RCX: 00007fd8cce6ccf9
[ 70.150426][ T4999] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100
[ 70.158398][ T4999] RBP: 0000000000000000 R08: 000000000001f210 R09: 00000000200012c0
[ 70.166370][ T4999] R10: 00007fd8bc65f000 R11: 0000000000000246 R12: 00007fff8e0284bc
[ 70.174348][ T4999] R13: 00007fff8e0284f0 R14: 00007fff8e0284d0 R15: 0000000000000004
[ 70.182326][ T4999]
[ 70.185543][ T4999] Kernel Offset: disabled
[ 70.189876][ T4999] Rebooting in 86400 seconds..