[ 99.465965][ T5368] rec length: 3352, buf_size: 4096, name length:19, ext4_insert_dentry Warning: Permanently added '[localhost]:59192' (ED25519) to the list of known hosts. 2024/10/27 05:06:48 ignoring optional flag "sandboxArg"="0" 2024/10/27 05:06:48 parsed 1 programs [ 104.297938][ T5375] rec length: 40, buf_size: 4096, name length:9, ext4_insert_dentry [ 105.800165][ T5375] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 108.429604][ T5375] rec length: 3328, buf_size: 4096, name length:10, ext4_insert_dentry [ 108.433751][ T5375] rec length: 3328, buf_size: 4096, name length:10, ext4_insert_dentry [ 108.449156][ T5391] rec length: 3328, buf_size: 4096, name length:16, ext4_insert_dentry [ 108.488859][ T5392] rec length: 4072, buf_size: 4096, name length:7, ext4_insert_dentry [ 108.583934][ T5396] rec length: 3300, buf_size: 4096, name length:16, ext4_insert_dentry [ 108.655794][ T5397] rec length: 4072, buf_size: 4096, name length:7, ext4_insert_dentry [ 108.736586][ T5401] rec length: 3276, buf_size: 4096, name length:16, ext4_insert_dentry [ 108.913861][ T5402] rec length: 4072, buf_size: 4096, name length:7, ext4_insert_dentry [ 109.026919][ T5406] rec length: 3252, buf_size: 4096, name length:16, ext4_insert_dentry [ 109.271995][ T5407] rec length: 4072, buf_size: 4096, name length:7, ext4_insert_dentry [ 109.403593][ T5411] rec length: 3228, buf_size: 4096, name length:16, ext4_insert_dentry [ 109.602291][ T5412] chnl_net:caif_netlink_parms(): no params data found [ 109.637230][ T5412] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.640910][ T5412] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.643752][ T5412] bridge_slave_0: entered allmulticast mode [ 109.646787][ T5412] bridge_slave_0: entered promiscuous mode [ 109.651285][ T5412] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.654015][ T5412] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.656821][ T5412] bridge_slave_1: entered allmulticast mode [ 109.661198][ T5412] bridge_slave_1: entered promiscuous mode [ 109.675083][ T5412] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 109.681194][ T5412] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 109.696930][ T5412] team0: Port device team_slave_0 added [ 109.701540][ T5412] team0: Port device team_slave_1 added [ 109.714927][ T5412] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.717644][ T5412] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.729145][ T5412] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.734441][ T5412] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.736980][ T5412] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 109.748697][ T5412] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 109.771643][ T5412] hsr_slave_0: entered promiscuous mode [ 109.774378][ T5412] hsr_slave_1: entered promiscuous mode [ 110.247014][ T5412] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 110.260492][ T5412] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 110.270713][ T5412] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 110.281506][ T5412] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 110.305028][ T5412] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.307710][ T5412] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.310701][ T5412] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.313358][ T5412] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.391547][ T5412] 8021q: adding VLAN 0 to HW filter on device bond0 [ 110.415410][ T5412] 8021q: adding VLAN 0 to HW filter on device team0 [ 110.420050][ T72] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.423332][ T72] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.449791][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.452516][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.455701][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.458375][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.697821][ T5412] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.747833][ T5412] veth0_vlan: entered promiscuous mode [ 110.763907][ T5412] veth1_vlan: entered promiscuous mode [ 110.805765][ T5412] veth0_macvtap: entered promiscuous mode [ 110.822500][ T5412] veth1_macvtap: entered promiscuous mode [ 110.842943][ T5412] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.871101][ T5412] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.877396][ T5412] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.888503][ T5412] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.892253][ T5412] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.896107][ T5412] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.962935][ T5412] rec length: 4072, buf_size: 4096, name length:7, ext4_insert_dentry [ 111.086680][ T5452] rec length: 3204, buf_size: 4096, name length:16, ext4_insert_dentry [ 111.140978][ T1030] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.240555][ T1030] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.319803][ T1030] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.351622][ T72] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.354479][ T72] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.381050][ T1030] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.430701][ T72] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.433690][ T72] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.443482][ T5453] rec length: 4072, buf_size: 4096, name length:7, ext4_insert_dentry [ 111.557445][ T5465] rec length: 3180, buf_size: 4096, name length:16, ext4_insert_dentry [ 111.852604][ T5470] rec length: 4072, buf_size: 4096, name length:7, ext4_insert_dentry [ 112.058268][ T5480] rec length: 3156, buf_size: 4096, name length:16, ext4_insert_dentry [ 112.230032][ T5481] rec length: 4072, buf_size: 4096, name length:1, ext4_insert_dentry [ 112.235295][ T5485] rec length: 4072, buf_size: 4096, name length:6, ext4_insert_dentry [ 112.247232][ T5485] rec length: 4060, buf_size: 4096, name length:10, ext4_insert_dentry [ 112.256384][ T5485] rec length: 4044, buf_size: 4096, name length:10, ext4_insert_dentry [ 112.269621][ T5485] rec length: 4024, buf_size: 4096, name length:8, ext4_insert_dentry [ 112.285316][ T5481] rec length: 4072, buf_size: 4096, name length:1, ext4_insert_dentry [ 112.306372][ T5488] rec length: 3132, buf_size: 4096, name length:16, ext4_insert_dentry [ 112.421424][ T5491] rec length: 4072, buf_size: 4096, name length:7, ext4_insert_dentry [ 112.517398][ T5497] rec length: 3108, buf_size: 4096, name length:16, ext4_insert_dentry [ 112.563375][ T4532] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 112.567142][ T4532] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 112.571692][ T4532] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 112.576026][ T4532] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 112.583236][ T4532] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 112.586210][ T4532] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 112.681405][ T5499] rec length: 4072, buf_size: 4096, name length:7, ext4_insert_dentry [ 112.819375][ T5508] rec length: 3084, buf_size: 4096, name length:16, ext4_insert_dentry [ 112.931966][ T5510] rec length: 4072, buf_size: 4096, name length:7, ext4_insert_dentry [ 113.024318][ T5517] rec length: 3060, buf_size: 4096, name length:16, ext4_insert_dentry [ 113.155755][ T5522] rec length: 3036, buf_size: 4096, name length:16, ext4_insert_dentry [ 113.271000][ T5524] rec length: 4072, buf_size: 4096, name length:7, ext4_insert_dentry [ 113.382534][ T5531] rec length: 3012, buf_size: 4096, name length:16, ext4_insert_dentry [ 113.805855][ T1030] bridge_slave_1: left allmulticast mode [ 113.808142][ T1030] bridge_slave_1: left promiscuous mode [ 113.818198][ T5536] rec length: 4072, buf_size: 4096, name length:7, ext4_insert_dentry [ 113.839203][ T1030] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.858993][ T1030] bridge_slave_0: left allmulticast mode [ 113.861312][ T1030] bridge_slave_0: left promiscuous mode [ 113.863629][ T1030] bridge0: port 1(bridge_slave_0) entered disabled state 2024/10/27 05:07:01 executed programs: 0 [ 114.188668][ T5547] rec length: 2988, buf_size: 4096, name length:16, ext4_insert_dentry [ 114.207644][ T5128] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 114.212507][ T5128] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 114.216081][ T5128] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 114.220388][ T5128] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 114.223409][ T5128] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 114.226274][ T5128] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 114.671631][ T1030] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 114.676569][ T1030] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 114.682555][ T1030] bond0 (unregistering): Released all slaves [ 114.767237][ T1030] hsr_slave_0: left promiscuous mode [ 114.777715][ T1030] hsr_slave_1: left promiscuous mode [ 114.790085][ T1030] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 114.793281][ T1030] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 114.803752][ T1030] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 114.806711][ T1030] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 114.831491][ T1030] veth1_macvtap: left promiscuous mode [ 114.833896][ T1030] veth0_macvtap: left promiscuous mode [ 114.836191][ T1030] veth1_vlan: left promiscuous mode [ 114.853891][ T1030] veth0_vlan: left promiscuous mode [ 115.363103][ T1030] team0 (unregistering): Port device team_slave_1 removed [ 115.401992][ T1030] team0 (unregistering): Port device team_slave_0 removed [ 115.820567][ T5549] chnl_net:caif_netlink_parms(): no params data found [ 115.924367][ T5549] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.927787][ T5549] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.931350][ T5549] bridge_slave_0: entered allmulticast mode [ 115.940321][ T5549] bridge_slave_0: entered promiscuous mode [ 115.952654][ T5549] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.959788][ T5549] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.962403][ T5549] bridge_slave_1: entered allmulticast mode [ 115.969345][ T5549] bridge_slave_1: entered promiscuous mode [ 116.288605][ T5128] Bluetooth: hci0: command tx timeout [ 116.380790][ T5549] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.385970][ T5549] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.485954][ T5549] team0: Port device team_slave_0 added [ 116.503952][ T5549] team0: Port device team_slave_1 added [ 116.574773][ T5549] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 116.577478][ T5549] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.623353][ T5549] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 116.679810][ T5549] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 116.683228][ T5549] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.726138][ T5549] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 116.817182][ T5549] hsr_slave_0: entered promiscuous mode [ 116.839801][ T5549] hsr_slave_1: entered promiscuous mode [ 117.339591][ T5549] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 117.345657][ T5549] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 117.361135][ T5549] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 117.366648][ T5549] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 117.475358][ T5549] 8021q: adding VLAN 0 to HW filter on device bond0 [ 117.487842][ T5549] 8021q: adding VLAN 0 to HW filter on device team0 [ 117.495151][ T72] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.497935][ T72] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.505833][ T72] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.509306][ T72] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.633201][ T5549] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.659669][ T5549] veth0_vlan: entered promiscuous mode [ 117.665511][ T5549] veth1_vlan: entered promiscuous mode [ 117.684994][ T5549] veth0_macvtap: entered promiscuous mode [ 117.691380][ T5549] veth1_macvtap: entered promiscuous mode [ 117.702127][ T5549] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 117.711711][ T5549] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 117.717253][ T5549] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.721399][ T5549] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.725243][ T5549] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.730586][ T5549] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.780064][ T72] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.782708][ T72] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.805008][ T72] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.807925][ T72] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.821302][ T5549] rec length: 4072, buf_size: 4096, name length:7, ext4_insert_dentry [ 117.866471][ T5614] loop0: detected capacity change from 0 to 512 [ 117.891051][ T5614] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.15: corrupted in-inode xattr: invalid ea_ino [ 117.897873][ T5614] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz.0.15: couldn't read orphan inode 15 (err -117) [ 117.903853][ T5614] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 117.912041][ T5614] rec length: 40, buf_size: 56, name length:16, ext4_insert_dentry [ 117.916736][ T5614] rec length: 944, buf_size: 1024, name length:252, ext4_insert_dentry [ 117.921291][ T5614] rec length: 944, buf_size: 1024, name length:254, ext4_insert_dentry [ 117.924893][ T5614] rec length: 684, buf_size: 1024, name length:247, ext4_insert_dentry [ 117.932221][ T5614] rec length: 500, buf_size: 1024, name length:251, ext4_insert_dentry [ 117.946501][ T5549] EXT4-fs (loop0): unmounting filesystem 00000007-0000-0000-0000-000000000000. [ 118.012595][ T5618] loop0: detected capacity change from 0 to 512 [ 118.040494][ T5618] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #15: comm syz.0.16: corrupted in-inode xattr: invalid ea_ino [ 118.054713][ T5618] EXT4-fs error (device loop0): ext4_orphan_get:1393: comm syz.0.16: couldn't read orphan inode 15 (err -117) [ 118.061613][ T5618] EXT4-fs (loop0): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.067387][ T5618] rec length: 40, buf_size: 56, name length:16, ext4_insert_dentry [ 118.074501][ T5618] rec length: 944, buf_size: 1024, name length:252, ext4_insert_dentry [ 118.077996][ T5618] rec length: 944, buf_size: 1024, name length:254, ext4_insert_dentry [ 118.082152][ T5618] rec length: 684, buf_size: 1024, name length:247, ext4_insert_dentry [ 118.086318][ T5618] rec length: 500, buf_size: 1024, name length:251, ext4_insert_dentry [ 118.090596][ T5618] ================================================================== [ 118.093550][ T5618] BUG: KASAN: use-after-free in ext4_insert_dentry+0x3cb/0x790 [ 118.096891][ T5618] Write of size 251 at addr ffff888043963f14 by task syz.0.16/5618 [ 118.100741][ T5618] [ 118.101841][ T5618] CPU: 0 UID: 0 PID: 5618 Comm: syz.0.16 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c-dirty #0 [ 118.106155][ T5618] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 118.110120][ T5618] Call Trace: [ 118.111448][ T5618] [ 118.112543][ T5618] dump_stack_lvl+0x241/0x360 [ 118.114252][ T5618] ? __pfx_dump_stack_lvl+0x10/0x10 [ 118.116200][ T5618] ? __pfx__printk+0x10/0x10 [ 118.117935][ T5618] ? _printk+0xd5/0x120 [ 118.119585][ T5618] ? __virt_addr_valid+0x183/0x530 [ 118.121673][ T5618] ? __virt_addr_valid+0x183/0x530 [ 118.123731][ T5618] print_report+0x169/0x550 [ 118.125485][ T5618] ? __virt_addr_valid+0x183/0x530 [ 118.127535][ T5618] ? __virt_addr_valid+0x183/0x530 [ 118.129494][ T5618] ? __virt_addr_valid+0x45f/0x530 [ 118.131532][ T5618] ? __phys_addr+0xba/0x170 [ 118.133235][ T5618] ? ext4_insert_dentry+0x3cb/0x790 [ 118.135174][ T5618] kasan_report+0x143/0x180 [ 118.136898][ T5618] ? _printk+0xd5/0x120 [ 118.138469][ T5618] ? ext4_insert_dentry+0x3cb/0x790 [ 118.140395][ T5618] kasan_check_range+0x282/0x290 [ 118.142205][ T5618] ? ext4_insert_dentry+0x3cb/0x790 [ 118.144170][ T5618] __asan_memcpy+0x40/0x70 [ 118.145803][ T5618] ext4_insert_dentry+0x3cb/0x790 [ 118.147722][ T5618] add_dirent_to_buf+0x3d9/0x750 [ 118.149545][ T5618] ? __pfx_add_dirent_to_buf+0x10/0x10 [ 118.151377][ T5618] ? __ext4_handle_dirty_metadata+0x30d/0x820 [ 118.153499][ T5618] make_indexed_dir+0xf98/0x1600 [ 118.155254][ T5618] ? __pfx_make_indexed_dir+0x10/0x10 [ 118.157363][ T5618] ? add_dirent_to_buf+0x398/0x750 [ 118.159443][ T5618] ? __pfx_add_dirent_to_buf+0x10/0x10 [ 118.161763][ T5618] ? __ext4_read_dirblock+0x527/0x890 [ 118.163851][ T5618] ext4_add_entry+0x222a/0x25d0 [ 118.165679][ T5618] ? __pfx_ext4_initxattrs+0x10/0x10 [ 118.167618][ T5618] ? __pfx_security_inode_init_security+0x10/0x10 [ 118.169704][ T5618] ? rcu_is_watching+0x15/0xb0 [ 118.171411][ T5618] ? __brelse+0x59/0xa0 [ 118.172948][ T5618] ? __ext4_new_inode+0x380f/0x4380 [ 118.174865][ T5618] ? __pfx_ext4_add_entry+0x10/0x10 [ 118.176764][ T5618] ext4_add_nondir+0x8d/0x290 [ 118.178387][ T5618] ? ext4_symlink+0x6ce/0xb50 [ 118.180105][ T5618] ext4_symlink+0x920/0xb50 [ 118.181741][ T5618] ? __pfx_ext4_symlink+0x10/0x10 [ 118.183439][ T5618] ? generic_permission+0x1e0/0x550 [ 118.185293][ T5618] ? inode_permission+0xff/0x460 [ 118.187114][ T5618] ? bpf_lsm_inode_symlink+0x9/0x10 [ 118.188991][ T5618] ? security_inode_symlink+0xbe/0x330 [ 118.190767][ T5618] vfs_symlink+0x137/0x2e0 [ 118.192220][ T5618] do_symlinkat+0x222/0x3a0 [ 118.193852][ T5618] ? __pfx_do_symlinkat+0x10/0x10 [ 118.195604][ T5618] ? strncpy_from_user+0x13a/0x260 [ 118.197330][ T5618] ? getname_flags+0x1e3/0x540 [ 118.199042][ T5618] __x64_sys_symlink+0x7a/0x90 [ 118.200759][ T5618] do_syscall_64+0xf3/0x230 [ 118.202607][ T5618] ? clear_bhb_loop+0x35/0x90 [ 118.204345][ T5618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.206537][ T5618] RIP: 0033:0x7f055e17dff9 [ 118.208288][ T5618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.216148][ T5618] RSP: 002b:00007f055ef2c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 118.219095][ T5618] RAX: ffffffffffffffda RBX: 00007f055e335f80 RCX: 00007f055e17dff9 [ 118.221841][ T5618] RDX: 0000000000000000 RSI: 0000000020000cc0 RDI: 0000000020000dc0 [ 118.224882][ T5618] RBP: 00007f055e1f0296 R08: 0000000000000000 R09: 0000000000000000 [ 118.227870][ T5618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.231019][ T5618] R13: 0000000000000000 R14: 00007f055e335f80 R15: 00007ffc1e1967c8 [ 118.233896][ T5618] [ 118.235032][ T5618] [ 118.235890][ T5618] The buggy address belongs to the physical page: [ 118.238443][ T5618] page: refcount:3 mapcount:0 mapping:ffff888031d04d78 index:0x3f pfn:0x43963 [ 118.241685][ T5618] memcg:ffff88803e45c000 [ 118.243164][ T5618] aops:def_blk_aops ino:700000 dentry name(?):"" [ 118.245516][ T5618] flags: 0x4fff08000004214(referenced|dirty|workingset|private|node=1|zone=1|lastcpupid=0x7ff) [ 118.249567][ T5618] raw: 04fff08000004214 0000000000000000 dead000000000122 ffff888031d04d78 [ 118.252631][ T5618] raw: 000000000000003f ffff88804170d9f8 00000003ffffffff ffff88803e45c000 [ 118.255674][ T5618] page dumped because: kasan: bad access detected [ 118.258231][ T5618] page_owner tracks the page as allocated [ 118.260326][ T5618] page last allocated via order 0, migratetype Movable, gfp_mask 0x148c48(GFP_NOFS|__GFP_NOFAIL|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 5618, tgid 5617 (syz.0.16), ts 118086176546, free_ts 118012117181 [ 118.267985][ T5618] post_alloc_hook+0x1f3/0x230 [ 118.269807][ T5618] get_page_from_freelist+0x3045/0x3190 [ 118.271768][ T5618] __alloc_pages_noprof+0x292/0x710 [ 118.273666][ T5618] alloc_pages_mpol_noprof+0x3e8/0x680 [ 118.275583][ T5618] folio_alloc_noprof+0x128/0x180 [ 118.277492][ T5618] filemap_alloc_folio_noprof+0xdf/0x500 [ 118.279551][ T5618] __filemap_get_folio+0x446/0xbd0 [ 118.281507][ T5618] bdev_getblk+0x1d8/0x550 [ 118.283219][ T5618] ext4_getblk+0x303/0x800 [ 118.284912][ T5618] ext4_bread+0x2e/0x180 [ 118.286447][ T5618] ext4_append+0x327/0x5c0 [ 118.288104][ T5618] make_indexed_dir+0x523/0x1600 [ 118.289912][ T5618] ext4_add_entry+0x222a/0x25d0 [ 118.291712][ T5618] ext4_add_nondir+0x8d/0x290 [ 118.293395][ T5618] ext4_symlink+0x920/0xb50 [ 118.295020][ T5618] vfs_symlink+0x137/0x2e0 [ 118.296632][ T5618] page last free pid 5618 tgid 5617 stack trace: [ 118.298904][ T5618] free_unref_folios+0xf12/0x18d0 [ 118.300642][ T5618] folios_put_refs+0x76c/0x860 [ 118.302318][ T5618] free_pages_and_swap_cache+0x5c8/0x690 [ 118.304353][ T5618] tlb_flush_mmu+0x3a3/0x680 [ 118.305979][ T5618] tlb_finish_mmu+0xd4/0x200 [ 118.307620][ T5618] vms_clear_ptes+0x437/0x530 [ 118.309413][ T5618] vms_complete_munmap_vmas+0x208/0x910 [ 118.311437][ T5618] do_vmi_align_munmap+0x613/0x730 [ 118.313269][ T5618] do_vmi_munmap+0x24e/0x2d0 [ 118.314951][ T5618] __vm_munmap+0x24c/0x480 [ 118.316559][ T5618] __x64_sys_munmap+0x68/0x80 [ 118.318247][ T5618] do_syscall_64+0xf3/0x230 [ 118.319934][ T5618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.322181][ T5618] [ 118.323098][ T5618] Memory state around the buggy address: [ 118.325066][ T5618] ffff888043963f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 118.328033][ T5618] ffff888043963f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 118.330966][ T5618] >ffff888043964000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 118.333705][ T5618] ^ [ 118.335143][ T5618] ffff888043964080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 118.337923][ T5618] ffff888043964100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 118.340723][ T5618] ================================================================== [ 118.358041][ T5618] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 118.360602][ T5618] CPU: 0 UID: 0 PID: 5618 Comm: syz.0.16 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c-dirty #0 [ 118.364391][ T5618] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 118.368193][ T5618] Call Trace: [ 118.369396][ T5618] [ 118.370309][ T5618] dump_stack_lvl+0x241/0x360 [ 118.372031][ T5618] ? __pfx_dump_stack_lvl+0x10/0x10 [ 118.373850][ T5618] ? __pfx__printk+0x10/0x10 [ 118.375544][ T5618] ? preempt_schedule+0xe1/0xf0 [ 118.377370][ T5618] ? vscnprintf+0x5d/0x90 [ 118.378922][ T5618] panic+0x349/0x880 [ 118.380384][ T5618] ? check_panic_on_warn+0x21/0xb0 [ 118.382249][ T5618] ? __pfx_panic+0x10/0x10 [ 118.383860][ T5618] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 118.385958][ T5618] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 118.388197][ T5618] ? print_report+0x502/0x550 [ 118.389869][ T5618] check_panic_on_warn+0x86/0xb0 [ 118.391614][ T5618] ? ext4_insert_dentry+0x3cb/0x790 [ 118.393441][ T5618] end_report+0x77/0x160 [ 118.395009][ T5618] kasan_report+0x154/0x180 [ 118.396662][ T5618] ? _printk+0xd5/0x120 [ 118.398149][ T5618] ? ext4_insert_dentry+0x3cb/0x790 [ 118.400071][ T5618] kasan_check_range+0x282/0x290 [ 118.401873][ T5618] ? ext4_insert_dentry+0x3cb/0x790 [ 118.403799][ T5618] __asan_memcpy+0x40/0x70 [ 118.405345][ T5618] ext4_insert_dentry+0x3cb/0x790 [ 118.407211][ T5618] add_dirent_to_buf+0x3d9/0x750 [ 118.409025][ T5618] ? __pfx_add_dirent_to_buf+0x10/0x10 [ 118.410975][ T5618] ? __ext4_handle_dirty_metadata+0x30d/0x820 [ 118.413107][ T5618] make_indexed_dir+0xf98/0x1600 [ 118.414942][ T5618] ? __pfx_make_indexed_dir+0x10/0x10 [ 118.416819][ T5618] ? add_dirent_to_buf+0x398/0x750 [ 118.418562][ T5618] ? __pfx_add_dirent_to_buf+0x10/0x10 [ 118.420665][ T5618] ? __ext4_read_dirblock+0x527/0x890 [ 118.422697][ T5618] ext4_add_entry+0x222a/0x25d0 [ 118.424473][ T5618] ? __pfx_ext4_initxattrs+0x10/0x10 [ 118.426335][ T5618] ? __pfx_security_inode_init_security+0x10/0x10 [ 118.428652][ T5618] ? rcu_is_watching+0x15/0xb0 [ 118.430364][ T5618] ? __brelse+0x59/0xa0 [ 118.431830][ T5618] ? __ext4_new_inode+0x380f/0x4380 [ 118.433663][ T5618] ? __pfx_ext4_add_entry+0x10/0x10 [ 118.435625][ T5618] ext4_add_nondir+0x8d/0x290 [ 118.437626][ T5618] ? ext4_symlink+0x6ce/0xb50 [ 118.439748][ T5618] ext4_symlink+0x920/0xb50 [ 118.441630][ T5618] ? __pfx_ext4_symlink+0x10/0x10 [ 118.443742][ T5618] ? generic_permission+0x1e0/0x550 [ 118.445898][ T5618] ? inode_permission+0xff/0x460 [ 118.448000][ T5618] ? bpf_lsm_inode_symlink+0x9/0x10 [ 118.450091][ T5618] ? security_inode_symlink+0xbe/0x330 [ 118.452355][ T5618] vfs_symlink+0x137/0x2e0 [ 118.454305][ T5618] do_symlinkat+0x222/0x3a0 [ 118.456199][ T5618] ? __pfx_do_symlinkat+0x10/0x10 [ 118.458282][ T5618] ? strncpy_from_user+0x13a/0x260 [ 118.460081][ T5618] ? getname_flags+0x1e3/0x540 [ 118.461725][ T5618] __x64_sys_symlink+0x7a/0x90 [ 118.463628][ T5618] do_syscall_64+0xf3/0x230 [ 118.465579][ T5618] ? clear_bhb_loop+0x35/0x90 [ 118.467452][ T5618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.469557][ T5618] RIP: 0033:0x7f055e17dff9 [ 118.471176][ T5618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.477811][ T5618] RSP: 002b:00007f055ef2c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 118.480698][ T5618] RAX: ffffffffffffffda RBX: 00007f055e335f80 RCX: 00007f055e17dff9 [ 118.483529][ T5618] RDX: 0000000000000000 RSI: 0000000020000cc0 RDI: 0000000020000dc0 [ 118.486478][ T5618] RBP: 00007f055e1f0296 R08: 0000000000000000 R09: 0000000000000000 [ 118.489200][ T5618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 118.492082][ T5618] R13: 0000000000000000 R14: 00007f055e335f80 R15: 00007ffc1e1967c8 [ 118.494924][ T5618] [ 118.496252][ T5618] Kernel Offset: disabled [ 118.497775][ T5618] Rebooting in 86400 seconds..