Warning: Permanently added '10.128.1.17' (ED25519) to the list of known hosts. 2024/11/06 15:05:51 ignoring optional flag "sandboxArg"="0" 2024/11/06 15:05:51 parsed 1 programs [ 54.474164][ T2056] swapon: swapfile has holes 2024/11/06 15:05:54 executed programs: 0 [ 59.961747][ T3038] EXT4-fs error (device loop3): ext4_xattr_inode_iget:389: comm syz.3.15: inode #1: comm syz.3.15: iget: illegal inode # [ 59.975265][ T3038] EXT4-fs error (device loop3): ext4_xattr_inode_iget:394: comm syz.3.15: error while reading EA inode 1 err=-117 [ 59.987608][ T3038] EXT4-fs (loop3): 1 orphan inode deleted [ 59.993459][ T3038] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 60.005112][ T3038] ================================================================== [ 60.013174][ T3038] BUG: KASAN: use-after-free in add_dirent_to_buf+0x2a1/0x650 [ 60.020595][ T3038] Write of size 251 at addr ffff8881d879ef14 by task syz.3.15/3038 [ 60.028447][ T3038] [ 60.030751][ T3038] CPU: 1 PID: 3038 Comm: syz.3.15 Not tainted 5.8.0-rc4-syzkaller #0 [ 60.038783][ T3038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 60.048959][ T3038] Call Trace: [ 60.052227][ T3038] dump_stack+0x7c/0xb0 [ 60.056350][ T3038] ? add_dirent_to_buf+0x2a1/0x650 [ 60.061429][ T3038] print_address_description.constprop.8.cold.10+0x9/0x456 [ 60.068591][ T3038] ? add_dirent_to_buf+0x2a1/0x650 [ 60.073827][ T3038] ? add_dirent_to_buf+0x2a1/0x650 [ 60.078916][ T3038] kasan_report.cold.11+0x1f/0x37 [ 60.083910][ T3038] ? add_dirent_to_buf+0x2a1/0x650 [ 60.089039][ T3038] check_memory_region+0x1c1/0x1e0 [ 60.094138][ T3038] memcpy+0x38/0x60 [ 60.098011][ T3038] add_dirent_to_buf+0x2a1/0x650 [ 60.102917][ T3038] ? ext4_rename_dir_finish+0x410/0x410 [ 60.108685][ T3038] ? ext4_insert_dentry+0x490/0x490 [ 60.113845][ T3038] ? ext4_rename_dir_prepare+0x410/0x410 [ 60.119439][ T3038] ? __ext4_handle_dirty_metadata+0x1a0/0x660 [ 60.125466][ T3038] ? ext4_append+0x1f7/0x330 [ 60.130015][ T3038] make_indexed_dir+0x987/0xc90 [ 60.134824][ T3038] ? ext4_dx_add_entry+0x16c0/0x16c0 [ 60.140069][ T3038] ? add_dirent_to_buf+0x1fe/0x650 [ 60.145400][ T3038] ? __ext4_read_dirblock+0x289/0xc40 [ 60.150731][ T3038] ext4_add_entry+0x830/0xa70 [ 60.155384][ T3038] ? make_indexed_dir+0xc90/0xc90 [ 60.160373][ T3038] ? do_raw_spin_lock+0x121/0x2d0 [ 60.165795][ T3038] ? do_raw_spin_unlock+0x172/0x260 [ 60.170971][ T3038] ext4_add_nondir+0x8a/0x220 [ 60.175625][ T3038] ext4_symlink+0x561/0xab0 [ 60.180094][ T3038] ? ext4_orphan_del+0x870/0x870 [ 60.184994][ T3038] ? from_kgid+0x7e/0xc0 [ 60.189205][ T3038] vfs_symlink+0x2d6/0x4c0 [ 60.193588][ T3038] do_symlinkat+0x176/0x1b0 [ 60.198149][ T3038] ? __ia32_sys_unlink+0x40/0x40 [ 60.203048][ T3038] do_syscall_64+0x4a/0x90 [ 60.207443][ T3038] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.213311][ T3038] RIP: 0033:0x7f9ce8247719 [ 60.217692][ T3038] Code: Bad RIP value. [ 60.221724][ T3038] RSP: 002b:00007f9ce7cc8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 60.230100][ T3038] RAX: ffffffffffffffda RBX: 00007f9ce83fef80 RCX: 00007f9ce8247719 [ 60.238033][ T3038] RDX: 0000000000000000 RSI: 0000000020000cc0 RDI: 0000000020000dc0 [ 60.245989][ T3038] RBP: 00007f9ce82ba39e R08: 0000000000000000 R09: 0000000000000000 [ 60.254029][ T3038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.262002][ T3038] R13: 0000000000000000 R14: 00007f9ce83fef80 R15: 00007ffd40d75828 [ 60.269940][ T3038] [ 60.272241][ T3038] The buggy address belongs to the page: [ 60.277866][ T3038] page:ffffea000761e780 refcount:3 mapcount:0 mapping:0000000076178367 index:0x3f [ 60.287027][ T3038] mapping->a_ops:def_blk_aops [ 60.291666][ T3038] flags: 0x20000000000202a(referenced|dirty|active|private) [ 60.298922][ T3038] raw: 020000000000202a dead000000000100 dead000000000122 ffff8881f6014260 [ 60.307501][ T3038] raw: 000000000000003f ffff8881db82c658 00000003ffffffff ffff8881e7776000 [ 60.316043][ T3038] page dumped because: kasan: bad access detected [ 60.322590][ T3038] page->mem_cgroup:ffff8881e7776000 [ 60.327748][ T3038] page_owner tracks the page as allocated [ 60.333432][ T3038] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE) [ 60.346408][ T3038] prep_new_page+0x21e/0x320 [ 60.350962][ T3038] get_page_from_freelist+0x105e/0x3100 [ 60.356470][ T3038] __alloc_pages_nodemask+0x26d/0x6b0 [ 60.361804][ T3038] pagecache_get_page+0x15e/0x6c0 [ 60.366789][ T3038] __getblk_gfp+0x1dd/0x760 [ 60.371261][ T3038] ext4_getblk+0x123/0x3b0 [ 60.375639][ T3038] ext4_bread+0x5a/0x280 [ 60.379839][ T3038] ext4_append+0x132/0x330 [ 60.384215][ T3038] make_indexed_dir+0x265/0xc90 [ 60.389041][ T3038] ext4_add_entry+0x830/0xa70 [ 60.393675][ T3038] ext4_add_nondir+0x8a/0x220 [ 60.398310][ T3038] ext4_symlink+0x561/0xab0 [ 60.402788][ T3038] vfs_symlink+0x2d6/0x4c0 [ 60.407166][ T3038] do_symlinkat+0x176/0x1b0 [ 60.411628][ T3038] do_syscall_64+0x4a/0x90 [ 60.416008][ T3038] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.421962][ T3038] page last free stack trace: [ 60.426598][ T3038] free_pcp_prepare+0x3d8/0x4c0 [ 60.431426][ T3038] free_unref_page_list+0xdb/0x4b0 [ 60.436609][ T3038] release_pages+0x7e1/0xff0 [ 60.441164][ T3038] tlb_flush_mmu+0xc1/0x480 [ 60.445641][ T3038] tlb_finish_mmu+0x84/0x370 [ 60.450191][ T3038] exit_mmap+0x23a/0x410 [ 60.454395][ T3038] mmput+0x8c/0x340 [ 60.458164][ T3038] do_exit+0x8c6/0x2830 [ 60.462281][ T3038] do_group_exit+0xeb/0x2d0 [ 60.466750][ T3038] __x64_sys_exit_group+0x35/0x40 [ 60.471741][ T3038] do_syscall_64+0x4a/0x90 [ 60.476129][ T3038] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.481986][ T3038] [ 60.484279][ T3038] Memory state around the buggy address: [ 60.489873][ T3038] ffff8881d879ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.497896][ T3038] ffff8881d879ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.505920][ T3038] >ffff8881d879f000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.513943][ T3038] ^ [ 60.517972][ T3038] ffff8881d879f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.525995][ T3038] ffff8881d879f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.534026][ T3038] ================================================================== [ 60.542053][ T3038] Disabling lock debugging due to kernel taint [ 60.548347][ T3038] Kernel panic - not syncing: panic_on_warn set ... [ 60.555233][ T3038] Kernel Offset: disabled [ 60.559561][ T3038] Rebooting in 86400 seconds..