Warning: Permanently added '10.128.10.19' (ED25519) to the list of known hosts. 2025/10/11 13:21:02 ignoring optional flag "type"="gce" 2025/10/11 13:21:03 parsed 1 programs [ 69.854639][ T1884] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/10/11 13:21:10 executed programs: 0 2025/10/11 13:21:16 executed programs: 2 [ 82.592148][ T2835] loop0: detected capacity change from 0 to 1024 [ 82.615684][ T2835] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.720714][ T2835] loop0: detected capacity change from 1024 to 1023 [ 82.734480][ T2386] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 16: comm syz-executor: path /0/bus: bad entry in directory: rec_len is smaller than minimal - offset=980, inode=0, rec_len=0, size=1024 fake=0 [ 82.759199][ T2386] ================================================================== [ 82.767721][ T2386] BUG: KASAN: slab-use-after-free in ext4_read_inline_data+0x18f/0x280 [ 82.776600][ T2386] Read of size 68 at addr ffff88811c30a51a by task syz-executor/2386 [ 82.785089][ T2386] [ 82.792930][ T2386] CPU: 1 UID: 0 PID: 2386 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(none) [ 82.792940][ T2386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 82.792946][ T2386] Call Trace: [ 82.792951][ T2386] [ 82.792955][ T2386] dump_stack_lvl+0xf4/0x170 [ 82.792965][ T2386] ? __pfx_dump_stack_lvl+0x10/0x10 [ 82.792970][ T2386] ? rcu_is_watching+0x1f/0xa0 [ 82.792975][ T2386] ? __virt_addr_valid+0x176/0x2b0 [ 82.792980][ T2386] ? lock_release+0x42/0x2f0 [ 82.792985][ T2386] ? lock_acquire+0x69/0x210 [ 82.792989][ T2386] ? __virt_addr_valid+0x262/0x2b0 [ 82.792993][ T2386] print_report+0xca/0x240 [ 82.792997][ T2386] ? ext4_read_inline_data+0x18f/0x280 [ 82.793002][ T2386] kasan_report+0x118/0x150 [ 82.793008][ T2386] ? ext4_read_inline_data+0x18f/0x280 [ 82.793013][ T2386] kasan_check_range+0x2b0/0x2c0 [ 82.793017][ T2386] ? ext4_read_inline_data+0x18f/0x280 [ 82.793020][ T2386] __asan_memcpy+0x29/0x70 [ 82.793025][ T2386] ext4_read_inline_data+0x18f/0x280 [ 82.793029][ T2386] ext4_read_inline_dir+0x2cd/0x940 [ 82.793033][ T2386] ? __pfx_css_rstat_updated+0x10/0x10 [ 82.793042][ T2386] ? __pfx_ext4_read_inline_dir+0x10/0x10 [ 82.793046][ T2386] ? __lock_acquire+0x74/0x4c0 [ 82.793050][ T2386] ext4_readdir+0x252/0x2d10 [ 82.793055][ T2386] ? rcu_is_watching+0x1f/0xa0 [ 82.793058][ T2386] ? __mutex_lock+0x55d/0x1d50 [ 82.793064][ T2386] ? handle_mm_fault+0x1d0b/0x2310 [ 82.793069][ T2386] ? __pfx_ext4_readdir+0x10/0x10 [ 82.793073][ T2386] ? rwsem_read_trylock+0x18e/0x210 [ 82.793076][ T2386] ? __pfx_rwsem_read_trylock+0x10/0x10 [ 82.793081][ T2386] ? iterate_dir+0xb5/0x4c0 [ 82.793085][ T2386] ? down_read_killable+0x120/0x1a0 [ 82.793090][ T2386] iterate_dir+0x1a7/0x4c0 [ 82.793094][ T2386] __se_sys_getdents64+0xd3/0x1b0 [ 82.793099][ T2386] ? __pfx___se_sys_getdents64+0x10/0x10 [ 82.793103][ T2386] ? exc_page_fault+0x62/0xa0 [ 82.793106][ T2386] ? __pfx_filldir64+0x10/0x10 [ 82.793111][ T2386] ? do_user_addr_fault+0x378/0xc30 [ 82.793118][ T2386] do_syscall_64+0x8f/0x250 [ 82.793122][ T2386] ? fpregs_assert_state_consistent+0x48/0x60 [ 82.793128][ T2386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.793132][ T2386] RIP: 0033:0x7ff07a549333 [ 82.793142][ T2386] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 02 45 f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8 [ 82.793148][ T2386] RSP: 002b:00007ffd4a34ee78 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 82.793157][ T2386] RAX: ffffffffffffffda RBX: 000055555565c520 RCX: 00007ff07a549333 [ 82.793160][ T2386] RDX: 0000000000008000 RSI: 000055555565c520 RDI: 0000000000000006 [ 82.793162][ T2386] RBP: 000055555565c4f4 R08: 0000000000000000 R09: 0000000000000000 [ 82.793165][ T2386] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8 [ 82.793168][ T2386] R13: 0000000000000016 R14: 000055555565c4f0 R15: 00007ffd4a352210 [ 82.793172][ T2386] [ 82.793173][ T2386] [ 83.095770][ T2386] Allocated by task 2391: [ 83.100448][ T2386] kasan_save_track+0x3e/0x80 [ 83.105364][ T2386] __kasan_slab_alloc+0x6c/0x80 [ 83.111232][ T2386] kmem_cache_alloc_noprof+0x315/0x620 [ 83.116940][ T2386] getname_flags+0x9b/0x490 [ 83.121774][ T2386] user_path_at+0x1c/0x50 [ 83.126172][ T2386] do_faccessat+0x491/0x9f0 [ 83.131091][ T2386] __x64_sys_access+0x5c/0x70 [ 83.136199][ T2386] do_syscall_64+0x8f/0x250 [ 83.140765][ T2386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.146997][ T2386] [ 83.149318][ T2386] Freed by task 2391: [ 83.153372][ T2386] kasan_save_track+0x3e/0x80 [ 83.158248][ T2386] __kasan_save_free_info+0x46/0x50 [ 83.163605][ T2386] __kasan_slab_free+0x5c/0x80 [ 83.168447][ T2386] kmem_cache_free+0x186/0x610 [ 83.173358][ T2386] user_path_at+0x3c/0x50 [ 83.177733][ T2386] do_faccessat+0x491/0x9f0 [ 83.182298][ T2386] __x64_sys_access+0x5c/0x70 [ 83.187142][ T2386] do_syscall_64+0x8f/0x250 [ 83.191814][ T2386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.198208][ T2386] [ 83.200774][ T2386] The buggy address belongs to the object at ffff88811c30a200 [ 83.200774][ T2386] which belongs to the cache names_cache of size 4096 [ 83.215154][ T2386] The buggy address is located 794 bytes inside of [ 83.215154][ T2386] freed 4096-byte region [ffff88811c30a200, ffff88811c30b200) [ 83.229364][ T2386] [ 83.231672][ T2386] The buggy address belongs to the physical page: [ 83.238604][ T2386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c308 [ 83.248134][ T2386] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 83.257298][ T2386] flags: 0x200000000000040(head|node=0|zone=2) [ 83.263792][ T2386] page_type: f5(slab) [ 83.268371][ T2386] raw: 0200000000000040 ffff888100ec7640 dead000000000122 0000000000000000 [ 83.277448][ T2386] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 83.286261][ T2386] head: 0200000000000040 ffff888100ec7640 dead000000000122 0000000000000000 [ 83.295084][ T2386] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 83.304169][ T2386] head: 0200000000000003 ffffea000470c201 00000000ffffffff 00000000ffffffff [ 83.313260][ T2386] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 83.322868][ T2386] page dumped because: kasan: bad access detected [ 83.330163][ T2386] page_owner tracks the page as allocated [ 83.348300][ T2386] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2391, tgid 2391 (kworker/u8:9), ts 76772096618, free_ts 70008360403 [ 83.372940][ T2386] post_alloc_hook+0x168/0x1a0 [ 83.377790][ T2386] get_page_from_freelist+0x29f0/0x2bb0 [ 83.383616][ T2386] __alloc_frozen_pages_noprof+0x26b/0x460 [ 83.389592][ T2386] alloc_pages_mpol+0xcb/0x270 [ 83.394538][ T2386] allocate_slab+0x96/0x350 [ 83.399374][ T2386] ___slab_alloc+0xb41/0x1330 [ 83.405196][ T2386] __slab_alloc+0x54/0xc0 [ 83.409501][ T2386] kmem_cache_alloc_noprof+0x3ab/0x620 [ 83.415012][ T2386] getname_kernel+0x51/0x2a0 [ 83.419777][ T2386] kern_path+0x12/0x40 [ 83.423926][ T2386] tomoyo_realpath_nofollow+0x8a/0xe0 [ 83.432135][ T2386] tomoyo_find_next_domain+0x260/0x1a40 [ 83.437911][ T2386] tomoyo_bprm_check_security+0x101/0x140 [ 83.443604][ T2386] security_bprm_check+0x2b/0xb0 [ 83.448604][ T2386] bprm_execve+0x610/0xe80 [ 83.453186][ T2386] kernel_execve+0x4d3/0x5f0 [ 83.457754][ T2386] page last free pid 1884 tgid 1884 stack trace: [ 83.464307][ T2386] __free_frozen_pages+0xa62/0xbd0 [ 83.469566][ T2386] __folio_put+0x1b9/0x240 [ 83.473970][ T2386] skb_release_data+0x3a2/0x600 [ 83.479179][ T2386] __kfree_skb+0x48/0x50 [ 83.483586][ T2386] tcp_ack+0x1272/0x55c0 [ 83.488064][ T2386] tcp_rcv_established+0x11f1/0x2630 [ 83.493799][ T2386] tcp_v4_do_rcv+0x239/0xab0 [ 83.498628][ T2386] __release_sock+0xf3/0x1a0 [ 83.503206][ T2386] __sk_flush_backlog+0x31/0xa0 [ 83.508296][ T2386] tcp_sendmsg_locked+0x3428/0x4510 [ 83.513624][ T2386] tcp_sendmsg+0x27/0x40 [ 83.517876][ T2386] __sock_sendmsg+0x163/0x220 [ 83.522725][ T2386] sock_write_iter+0x1f5/0x2f0 [ 83.527497][ T2386] vfs_write+0x568/0xc70 [ 83.531710][ T2386] ksys_write+0x108/0x1f0 [ 83.536028][ T2386] do_syscall_64+0x8f/0x250 [ 83.540610][ T2386] [ 83.543014][ T2386] Memory state around the buggy address: [ 83.548969][ T2386] ffff88811c30a400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.557090][ T2386] ffff88811c30a480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.565423][ T2386] >ffff88811c30a500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.573718][ T2386] ^ [ 83.578863][ T2386] ffff88811c30a580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.587665][ T2386] ffff88811c30a600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 83.596013][ T2386] ================================================================== [ 83.605818][ T2386] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 83.613443][ T2386] Kernel Offset: disabled [ 83.618407][ T2386] Rebooting in 86400 seconds..