Warning: Permanently added '10.128.1.50' (ED25519) to the list of known hosts. 2025/04/12 00:02:03 ignoring optional flag "sandboxArg"="0" 2025/04/12 00:02:03 ignoring optional flag "type"="gce" 2025/04/12 00:02:03 parsed 1 programs [ 63.333977][ T1883] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/04/12 00:02:10 executed programs: 0 [ 69.753234][ T2410] loop0: detected capacity change from 0 to 512 [ 69.768711][ T2410] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 69.795878][ T2410] loop0: detected capacity change from 512 to 511 [ 69.807902][ T1953] EXT4-fs error (device loop0): htree_dirblock_to_tree:1082: inode #2: block 21: comm syz-executor: bad entry in directory: directory entry overrun - offset=1004, inode=0, rec_len=1000, size=1024 fake=0 [ 69.828869][ T1953] ================================================================== [ 69.836935][ T1953] BUG: KASAN: use-after-free in ext4_read_inline_data+0x1ab/0x280 [ 69.844736][ T1953] Read of size 324 at addr ffff888128acec05 by task syz-executor/1953 [ 69.852856][ T1953] [ 69.855165][ T1953] CPU: 0 UID: 0 PID: 1953 Comm: syz-executor Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(undef) [ 69.855171][ T1953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 69.855177][ T1953] Call Trace: [ 69.855181][ T1953] [ 69.855184][ T1953] dump_stack_lvl+0x10a/0x280 [ 69.855193][ T1953] ? __pfx_dump_stack_lvl+0x10/0x10 [ 69.855197][ T1953] ? __virt_addr_valid+0x141/0x270 [ 69.855203][ T1953] ? rcu_is_watching+0x1f/0xa0 [ 69.855209][ T1953] ? __virt_addr_valid+0x141/0x270 [ 69.855213][ T1953] ? lock_release+0x45/0x2e0 [ 69.855218][ T1953] ? lock_acquire+0x70/0x200 [ 69.855222][ T1953] ? __virt_addr_valid+0x141/0x270 [ 69.855227][ T1953] ? __virt_addr_valid+0x229/0x270 [ 69.855231][ T1953] print_report+0x16e/0x5b0 [ 69.855236][ T1953] ? __virt_addr_valid+0x141/0x270 [ 69.855240][ T1953] ? __virt_addr_valid+0x229/0x270 [ 69.855244][ T1953] ? ext4_read_inline_data+0x1ab/0x280 [ 69.855249][ T1953] kasan_report+0x143/0x180 [ 69.855252][ T1953] ? ext4_read_inline_data+0x1ab/0x280 [ 69.855256][ T1953] kasan_check_range+0x28f/0x2a0 [ 69.855260][ T1953] ? ext4_read_inline_data+0x1ab/0x280 [ 69.855263][ T1953] __asan_memcpy+0x29/0x70 [ 69.855269][ T1953] ext4_read_inline_data+0x1ab/0x280 [ 69.855273][ T1953] ext4_inlinedir_to_tree+0x2fa/0xe30 [ 69.855278][ T1953] ? __pfx_ext4_inlinedir_to_tree+0x10/0x10 [ 69.855282][ T1953] ? vsnprintf+0x153/0x11e0 [ 69.855288][ T1953] ? kasan_save_track+0x51/0x80 [ 69.855295][ T1953] ? __pfx_get_page_from_freelist+0x10/0x10 [ 69.855301][ T1953] ext4_htree_fill_tree+0x4dd/0x1240 [ 69.855307][ T1953] ? rcu_is_watching+0x1f/0xa0 [ 69.855311][ T1953] ? __pfx_cgroup_rstat_updated+0x10/0x10 [ 69.855316][ T1953] ? __count_memcg_events+0x415/0x520 [ 69.855320][ T1953] ? __pfx_cgroup_rstat_updated+0x10/0x10 [ 69.855324][ T1953] ? __pfx_ext4_htree_fill_tree+0x10/0x10 [ 69.855327][ T1953] ? do_raw_spin_lock+0x150/0x3b0 [ 69.855331][ T1953] ? rcu_is_watching+0x1f/0xa0 [ 69.855335][ T1953] ? inode_query_iversion+0xd4/0x170 [ 69.855340][ T1953] ? __lock_acquire+0x5f/0x4f0 [ 69.855345][ T1953] ext4_readdir+0x2545/0x2fc0 [ 69.855351][ T1953] ? iterate_dir+0xa7/0x490 [ 69.855357][ T1953] ? __pfx___mutex_lock+0x10/0x10 [ 69.855361][ T1953] ? __pfx_ext4_readdir+0x10/0x10 [ 69.855366][ T1953] ? __pfx_down_read_killable+0x10/0x10 [ 69.855370][ T1953] ? __pfx_handle_mm_fault+0x10/0x10 [ 69.855374][ T1953] ? reacquire_held_locks+0xea/0x150 [ 69.855377][ T1953] ? exc_page_fault+0x161/0x7b0 [ 69.855381][ T1953] iterate_dir+0x18e/0x490 [ 69.855385][ T1953] __se_sys_getdents64+0x1d9/0x430 [ 69.855390][ T1953] ? __pfx___se_sys_getdents64+0x10/0x10 [ 69.855393][ T1953] ? __pfx_filldir64+0x10/0x10 [ 69.855398][ T1953] ? asm_exc_page_fault+0x26/0x30 [ 69.855402][ T1953] do_syscall_64+0x8d/0x170 [ 69.855407][ T1953] ? clear_bhb_loop+0x25/0x80 [ 69.855411][ T1953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.855417][ T1953] RIP: 0033:0x7f914517c013 [ 69.855424][ T1953] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 52 43 f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8 [ 69.855433][ T1953] RSP: 002b:00007ffd5834f3d8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 69.855445][ T1953] RAX: ffffffffffffffda RBX: 0000555594f66520 RCX: 00007f914517c013 [ 69.855450][ T1953] RDX: 0000000000008000 RSI: 0000555594f66520 RDI: 0000000000000006 [ 69.855454][ T1953] RBP: 0000555594f664f4 R08: 0000000000000000 R09: 0000000000000000 [ 69.855458][ T1953] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8 [ 69.855461][ T1953] R13: 0000000000000016 R14: 0000555594f664f0 R15: 00007ffd58352770 [ 69.855466][ T1953] [ 69.855467][ T1953] [ 70.212994][ T1953] The buggy address belongs to the physical page: [ 70.219396][ T1953] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x55f71b48f pfn:0x128ace [ 70.229000][ T1953] flags: 0x200000000000000(node=0|zone=2) [ 70.234693][ T1953] raw: 0200000000000000 ffffea0004a2b3c8 ffffea0004994448 0000000000000000 [ 70.243305][ T1953] raw: 000000055f71b48f 0000000000000000 00000000ffffffff 0000000000000000 [ 70.251873][ T1953] page dumped because: kasan: bad access detected [ 70.258289][ T1953] page_owner tracks the page as freed [ 70.263651][ T1953] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1906, tgid 1906 (udevd), ts 64058792529, free_ts 67769773608 [ 70.280746][ T1953] post_alloc_hook+0x108/0x120 [ 70.285502][ T1953] get_page_from_freelist+0x3e26/0x40c0 [ 70.291031][ T1953] __alloc_frozen_pages_noprof+0x252/0x700 [ 70.296985][ T1953] alloc_pages_mpol+0x14f/0x3c0 [ 70.302069][ T1953] vma_alloc_folio_noprof+0x2b8/0x430 [ 70.307406][ T1953] folio_prealloc+0x23/0xf0 [ 70.312060][ T1953] do_wp_page+0xb6c/0x3080 [ 70.316466][ T1953] handle_mm_fault+0x1823/0x34e0 [ 70.321380][ T1953] exc_page_fault+0x3fa/0x7b0 [ 70.326028][ T1953] asm_exc_page_fault+0x26/0x30 [ 70.330845][ T1953] page last free pid 1906 tgid 1906 stack trace: [ 70.337227][ T1953] free_unref_folios+0xbfb/0x1450 [ 70.342219][ T1953] folios_put_refs+0x429/0x530 [ 70.346955][ T1953] free_pages_and_swap_cache+0x27a/0x4e0 [ 70.352564][ T1953] tlb_flush_mmu+0x2b3/0x500 [ 70.357136][ T1953] tlb_finish_mmu+0xb6/0x1c0 [ 70.362053][ T1953] exit_mmap+0x48b/0xa50 [ 70.366270][ T1953] __mmput+0x61/0x290 [ 70.370223][ T1953] exit_mm+0x114/0x1b0 [ 70.374258][ T1953] do_exit+0x7bb/0x24f0 [ 70.378378][ T1953] do_group_exit+0x1ba/0x280 [ 70.382945][ T1953] __x64_sys_exit_group+0x3f/0x40 [ 70.388029][ T1953] x64_sys_call+0x26c3/0x26d0 [ 70.392776][ T1953] do_syscall_64+0x8d/0x170 [ 70.397245][ T1953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.403140][ T1953] [ 70.405443][ T1953] Memory state around the buggy address: [ 70.411042][ T1953] ffff888128aceb00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 70.419203][ T1953] ffff888128aceb80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 70.427245][ T1953] >ffff888128acec00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 70.435277][ T1953] ^ [ 70.439315][ T1953] ffff888128acec80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 70.447372][ T1953] ffff888128aced00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 70.455419][ T1953] ================================================================== [ 70.463929][ T1953] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 70.471462][ T1953] Kernel Offset: disabled [ 70.475772][ T1953] Rebooting in 86400 seconds..