Warning: Permanently added '10.128.0.33' (ED25519) to the list of known hosts. 2025/04/29 02:27:27 ignoring optional flag "sandboxArg"="0" 2025/04/29 02:27:28 parsed 1 programs [ 61.175813][ T1514] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/04/29 02:27:32 executed programs: 0 [ 67.701372][ T2494] loop3: detected capacity change from 0 to 512 [ 67.710925][ T2494] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.15: inode #1: comm syz.3.15: iget: illegal inode # [ 67.724871][ T2494] EXT4-fs error (device loop3): ext4_xattr_inode_iget:407: comm syz.3.15: error while reading EA inode 1 err=-117 [ 67.737157][ T2494] EXT4-fs (loop3): 1 orphan inode deleted [ 67.743021][ T2494] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 67.755775][ T2494] ================================================================== [ 67.763852][ T2494] BUG: KASAN: use-after-free in ext4_insert_dentry+0x375/0x640 [ 67.771409][ T2494] Write of size 250 at addr ffff888120f6df18 by task syz.3.15/2494 [ 67.779474][ T2494] [ 67.781786][ T2494] CPU: 1 PID: 2494 Comm: syz.3.15 Not tainted 5.15.180-syzkaller #0 [ 67.789823][ T2494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 67.799858][ T2494] Call Trace: [ 67.803120][ T2494] [ 67.806032][ T2494] dump_stack_lvl+0x41/0x5e [ 67.810967][ T2494] print_address_description.constprop.0.cold+0x6c/0x309 [ 67.818155][ T2494] ? ext4_insert_dentry+0x375/0x640 [ 67.823491][ T2494] ? ext4_insert_dentry+0x375/0x640 [ 67.828747][ T2494] kasan_report.cold+0x83/0xdf [ 67.833657][ T2494] ? ext4_insert_dentry+0x375/0x640 [ 67.838826][ T2494] kasan_check_range+0x13d/0x180 [ 67.843914][ T2494] memcpy+0x39/0x60 [ 67.847695][ T2494] ext4_insert_dentry+0x375/0x640 [ 67.852953][ T2494] add_dirent_to_buf+0x1f2/0x700 [ 67.857951][ T2494] ? ext4_handle_dirty_dirblock+0x4a0/0x4a0 [ 67.863978][ T2494] ? ext4_insert_dentry+0x640/0x640 [ 67.869147][ T2494] ? __ext4_handle_dirty_metadata+0x1b0/0x650 [ 67.875340][ T2494] make_indexed_dir+0xd8c/0x1080 [ 67.880392][ T2494] ? __ext4_handle_dirty_metadata+0x294/0x650 [ 67.886432][ T2494] ? ext4_dx_add_entry+0x16d0/0x16d0 [ 67.891804][ T2494] ? add_dirent_to_buf+0x487/0x700 [ 67.896981][ T2494] ? __ext4_read_dirblock.part.0+0x275/0xcf0 [ 67.902934][ T2494] ext4_add_entry+0x95f/0xbb0 [ 67.907586][ T2494] ? make_indexed_dir+0x1080/0x1080 [ 67.912852][ T2494] ext4_mkdir+0x366/0x860 [ 67.917160][ T2494] ? ext4_init_new_dir+0x490/0x490 [ 67.922240][ T2494] vfs_mkdir+0x1c4/0x3e0 [ 67.926467][ T2494] ? security_path_mkdir+0xc0/0x130 [ 67.931639][ T2494] do_mkdirat+0x210/0x280 [ 67.935953][ T2494] ? __ia32_sys_mknod+0xa0/0xa0 [ 67.940781][ T2494] ? getname_flags.part.0+0x89/0x440 [ 67.946044][ T2494] __x64_sys_mkdirat+0xef/0x140 [ 67.950885][ T2494] do_syscall_64+0x33/0x80 [ 67.955278][ T2494] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 67.961246][ T2494] RIP: 0033:0x7f69b3e21809 [ 67.965732][ T2494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.985422][ T2494] RSP: 002b:00007f69b38a0058 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 67.993993][ T2494] RAX: ffffffffffffffda RBX: 00007f69b3fe6fa0 RCX: 00007f69b3e21809 [ 68.001964][ T2494] RDX: 5be60480b9579340 RSI: 0000000020000940 RDI: ffffffffffffff9c [ 68.009914][ T2494] RBP: 00007f69b3e9493e R08: 0000000000000000 R09: 0000000000000000 [ 68.017859][ T2494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.025804][ T2494] R13: 0000000000000000 R14: 00007f69b3fe6fa0 R15: 00007fff4b3a3578 [ 68.033757][ T2494] [ 68.036831][ T2494] [ 68.039296][ T2494] The buggy address belongs to the page: [ 68.044950][ T2494] page:ffffea000483db40 refcount:3 mapcount:0 mapping:ffff888100481308 index:0x3f pfn:0x120f6d [ 68.055490][ T2494] memcg:ffff88810aa9a000 [ 68.059755][ T2494] aops:def_blk_aops ino:700003 [ 68.064642][ T2494] flags: 0x20000000000202a(referenced|dirty|active|private|node=0|zone=2) [ 68.073171][ T2494] raw: 020000000000202a 0000000000000000 dead000000000122 ffff888100481308 [ 68.082000][ T2494] raw: 000000000000003f ffff88810067e1d0 00000003ffffffff ffff88810aa9a000 [ 68.090940][ T2494] page dumped because: kasan: bad access detected [ 68.097880][ T2494] page_owner tracks the page as allocated [ 68.103586][ T2494] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 2494, ts 67755550251, free_ts 67682832132 [ 68.120758][ T2494] get_page_from_freelist+0x1319/0x2e50 [ 68.126293][ T2494] __alloc_pages+0x2b3/0x590 [ 68.130862][ T2494] pagecache_get_page+0x23f/0xc00 [ 68.135871][ T2494] __getblk_slow+0x1a6/0x7a0 [ 68.140526][ T2494] ext4_getblk+0x1a0/0x560 [ 68.144949][ T2494] ext4_bread+0x8/0x120 [ 68.149078][ T2494] ext4_append+0x1d9/0x490 [ 68.153466][ T2494] make_indexed_dir+0x3de/0x1080 [ 68.158386][ T2494] ext4_add_entry+0x95f/0xbb0 [ 68.163038][ T2494] ext4_mkdir+0x366/0x860 [ 68.167341][ T2494] vfs_mkdir+0x1c4/0x3e0 [ 68.171560][ T2494] do_mkdirat+0x210/0x280 [ 68.175862][ T2494] __x64_sys_mkdirat+0xef/0x140 [ 68.180715][ T2494] do_syscall_64+0x33/0x80 [ 68.185192][ T2494] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 68.191174][ T2494] page last free stack trace: [ 68.195821][ T2494] free_pcp_prepare+0x34e/0x730 [ 68.200646][ T2494] free_unref_page_list+0x168/0x9a0 [ 68.205825][ T2494] release_pages+0x9f2/0x1100 [ 68.210568][ T2494] tlb_finish_mmu+0x125/0x6c0 [ 68.215489][ T2494] exit_mmap+0x185/0x580 [ 68.219834][ T2494] mmput+0x90/0x390 [ 68.223621][ T2494] do_exit+0x87f/0x21d0 [ 68.227848][ T2494] do_group_exit+0xe7/0x290 [ 68.232481][ T2494] __x64_sys_exit_group+0x35/0x40 [ 68.237488][ T2494] do_syscall_64+0x33/0x80 [ 68.241975][ T2494] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 68.247839][ T2494] [ 68.250173][ T2494] Memory state around the buggy address: [ 68.255802][ T2494] ffff888120f6df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.263928][ T2494] ffff888120f6df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 68.272061][ T2494] >ffff888120f6e000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.280177][ T2494] ^ [ 68.284218][ T2494] ffff888120f6e080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.292351][ T2494] ffff888120f6e100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 68.300403][ T2494] ================================================================== [ 68.308566][ T2494] Disabling lock debugging due to kernel taint [ 68.314913][ T2494] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 68.322565][ T2494] Kernel Offset: disabled [ 68.326999][ T2494] Rebooting in 86400 seconds..