Warning: Permanently added '10.128.10.47' (ED25519) to the list of known hosts. 2025/03/27 00:06:50 ignoring optional flag "sandboxArg"="0" 2025/03/27 00:06:50 parsed 1 programs [ 61.148474][ T1512] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/03/27 00:06:54 executed programs: 0 [ 67.482022][ T2491] loop3: detected capacity change from 0 to 512 [ 67.491781][ T2491] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.15: inode #1: comm syz.3.15: iget: illegal inode # [ 67.505386][ T2491] EXT4-fs error (device loop3): ext4_xattr_inode_iget:407: comm syz.3.15: error while reading EA inode 1 err=-117 [ 67.518275][ T2491] EXT4-fs (loop3): 1 orphan inode deleted [ 67.523987][ T2491] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 67.595052][ T2495] loop3: detected capacity change from 0 to 512 [ 67.677550][ T2495] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.16: inode #1: comm syz.3.16: iget: illegal inode # [ 67.690415][ T2495] EXT4-fs error (device loop3): ext4_xattr_inode_iget:407: comm syz.3.16: error while reading EA inode 1 err=-117 [ 67.702893][ T2495] EXT4-fs (loop3): 1 orphan inode deleted [ 67.708725][ T2495] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 67.721509][ T2495] ================================================================== [ 67.729673][ T2495] BUG: KASAN: use-after-free in ext4_insert_dentry+0x375/0x640 [ 67.737221][ T2495] Write of size 250 at addr ffff888120f01f18 by task syz.3.16/2495 [ 67.745091][ T2495] [ 67.747395][ T2495] CPU: 0 PID: 2495 Comm: syz.3.16 Not tainted 5.15.179-syzkaller #0 [ 67.755342][ T2495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 67.765415][ T2495] Call Trace: [ 67.768700][ T2495] [ 67.771894][ T2495] dump_stack_lvl+0x41/0x5e [ 67.776387][ T2495] print_address_description.constprop.0.cold+0x6c/0x309 [ 67.783588][ T2495] ? ext4_insert_dentry+0x375/0x640 [ 67.789033][ T2495] ? ext4_insert_dentry+0x375/0x640 [ 67.794207][ T2495] kasan_report.cold+0x83/0xdf [ 67.798968][ T2495] ? ext4_insert_dentry+0x375/0x640 [ 67.804398][ T2495] kasan_check_range+0x13d/0x180 [ 67.809326][ T2495] memcpy+0x39/0x60 [ 67.813123][ T2495] ext4_insert_dentry+0x375/0x640 [ 67.818163][ T2495] add_dirent_to_buf+0x1f2/0x700 [ 67.823189][ T2495] ? ext4_handle_dirty_dirblock+0x4a0/0x4a0 [ 67.829064][ T2495] ? ext4_insert_dentry+0x640/0x640 [ 67.834362][ T2495] ? __ext4_handle_dirty_metadata+0x1b0/0x650 [ 67.840409][ T2495] make_indexed_dir+0xd8c/0x1080 [ 67.845503][ T2495] ? __ext4_handle_dirty_metadata+0x294/0x650 [ 67.851556][ T2495] ? ext4_dx_add_entry+0x16d0/0x16d0 [ 67.856830][ T2495] ? add_dirent_to_buf+0x487/0x700 [ 67.861925][ T2495] ? __ext4_read_dirblock.part.0+0x275/0xcf0 [ 67.867881][ T2495] ext4_add_entry+0x95f/0xbb0 [ 67.872548][ T2495] ? make_indexed_dir+0x1080/0x1080 [ 67.877737][ T2495] ext4_mkdir+0x366/0x860 [ 67.882039][ T2495] ? ext4_init_new_dir+0x490/0x490 [ 67.887295][ T2495] vfs_mkdir+0x1c4/0x3e0 [ 67.891628][ T2495] ? security_path_mkdir+0xc0/0x130 [ 67.896816][ T2495] do_mkdirat+0x210/0x280 [ 67.901136][ T2495] ? __ia32_sys_mknod+0xa0/0xa0 [ 67.905963][ T2495] ? getname_flags.part.0+0x89/0x440 [ 67.911222][ T2495] __x64_sys_mkdirat+0xef/0x140 [ 67.916048][ T2495] do_syscall_64+0x33/0x80 [ 67.920449][ T2495] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 67.926325][ T2495] RIP: 0033:0x7ff2901e3809 [ 67.930822][ T2495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.950435][ T2495] RSP: 002b:00007ff28fc62058 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 67.958838][ T2495] RAX: ffffffffffffffda RBX: 00007ff2903a8fa0 RCX: 00007ff2901e3809 [ 67.966792][ T2495] RDX: 5be60480b9579340 RSI: 0000000020000940 RDI: ffffffffffffff9c [ 67.974757][ T2495] RBP: 00007ff29025693e R08: 0000000000000000 R09: 0000000000000000 [ 67.982719][ T2495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 67.990684][ T2495] R13: 0000000000000000 R14: 00007ff2903a8fa0 R15: 00007ffd47b37da8 [ 67.998744][ T2495] [ 68.001744][ T2495] [ 68.004042][ T2495] The buggy address belongs to the page: [ 68.009677][ T2495] page:ffffea000483c040 refcount:3 mapcount:0 mapping:ffff8881004d1308 index:0x3f pfn:0x120f01 [ 68.020016][ T2495] memcg:ffff88811192a000 [ 68.024233][ T2495] aops:def_blk_aops ino:700003 [ 68.028972][ T2495] flags: 0x20000000000202a(referenced|dirty|active|private|node=0|zone=2) [ 68.037484][ T2495] raw: 020000000000202a 0000000000000000 dead000000000122 ffff8881004d1308 [ 68.046078][ T2495] raw: 000000000000003f ffff888100680570 00000003ffffffff ffff88811192a000 [ 68.054669][ T2495] page dumped because: kasan: bad access detected [ 68.061338][ T2495] page_owner tracks the page as allocated [ 68.067230][ T2495] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 2495, ts 67721290376, free_ts 61422449928 [ 68.084626][ T2495] get_page_from_freelist+0x1319/0x2e50 [ 68.090164][ T2495] __alloc_pages+0x2b3/0x590 [ 68.094735][ T2495] pagecache_get_page+0x23f/0xc00 [ 68.099856][ T2495] __getblk_slow+0x1a6/0x7a0 [ 68.104420][ T2495] ext4_getblk+0x1a0/0x560 [ 68.108914][ T2495] ext4_bread+0x8/0x120 [ 68.113149][ T2495] ext4_append+0x1d9/0x490 [ 68.117557][ T2495] make_indexed_dir+0x3de/0x1080 [ 68.122482][ T2495] ext4_add_entry+0x95f/0xbb0 [ 68.127220][ T2495] ext4_mkdir+0x366/0x860 [ 68.131606][ T2495] vfs_mkdir+0x1c4/0x3e0 [ 68.135913][ T2495] do_mkdirat+0x210/0x280 [ 68.140302][ T2495] __x64_sys_mkdirat+0xef/0x140 [ 68.145125][ T2495] do_syscall_64+0x33/0x80 [ 68.149737][ T2495] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 68.155706][ T2495] page last free stack trace: [ 68.161713][ T2495] free_pcp_prepare+0x34e/0x730 [ 68.166979][ T2495] free_unref_page_list+0x168/0x9a0 [ 68.172293][ T2495] release_pages+0x9f2/0x1100 [ 68.177029][ T2495] tlb_finish_mmu+0x125/0x6c0 [ 68.181696][ T2495] unmap_region+0x298/0x390 [ 68.186217][ T2495] __do_munmap+0x47e/0x10d0 [ 68.190735][ T2495] __vm_munmap+0xd2/0x1a0 [ 68.195086][ T2495] __x64_sys_munmap+0x5d/0x80 [ 68.199740][ T2495] do_syscall_64+0x33/0x80 [ 68.204249][ T2495] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 68.210250][ T2495] [ 68.212645][ T2495] Memory state around the buggy address: [ 68.218378][ T2495] ffff888120f01f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.226437][ T2495] ffff888120f01f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.234557][ T2495] >ffff888120f02000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.242595][ T2495] ^ [ 68.246835][ T2495] ffff888120f02080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.254894][ T2495] ffff888120f02100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.262957][ T2495] ================================================================== [ 68.271016][ T2495] Disabling lock debugging due to kernel taint [ 68.277318][ T2495] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 68.284807][ T2495] Kernel Offset: disabled [ 68.289147][ T2495] Rebooting in 86400 seconds..