Warning: Permanently added '10.128.1.24' (ED25519) to the list of known hosts. 2025/01/23 20:09:43 ignoring optional flag "sandboxArg"="0" 2025/01/23 20:09:43 parsed 1 programs [ 56.152753][ T1513] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/01/23 20:09:47 executed programs: 0 [ 59.650645][ T2037] loop3: detected capacity change from 0 to 512 [ 59.747642][ T2037] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.15: inode #1: comm syz.3.15: iget: illegal inode # [ 59.760527][ T2037] EXT4-fs error (device loop3): ext4_xattr_inode_iget:407: comm syz.3.15: error while reading EA inode 1 err=-117 [ 59.773377][ T2037] EXT4-fs (loop3): 1 orphan inode deleted [ 59.779573][ T2037] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 59.792352][ T2037] ================================================================== [ 59.800512][ T2037] BUG: KASAN: use-after-free in ext4_insert_dentry+0x375/0x640 [ 59.808041][ T2037] Write of size 250 at addr ffff888123f31f18 by task syz.3.15/2037 [ 59.815908][ T2037] [ 59.818215][ T2037] CPU: 1 PID: 2037 Comm: syz.3.15 Not tainted 5.15.177-syzkaller #0 [ 59.826276][ T2037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 59.836338][ T2037] Call Trace: [ 59.839601][ T2037] [ 59.842531][ T2037] dump_stack_lvl+0x41/0x5e [ 59.847034][ T2037] print_address_description.constprop.0.cold+0x6c/0x309 [ 59.854178][ T2037] ? ext4_insert_dentry+0x375/0x640 [ 59.859363][ T2037] ? ext4_insert_dentry+0x375/0x640 [ 59.864745][ T2037] kasan_report.cold+0x83/0xdf [ 59.869490][ T2037] ? ext4_insert_dentry+0x375/0x640 [ 59.874667][ T2037] kasan_check_range+0x13d/0x180 [ 59.879591][ T2037] memcpy+0x39/0x60 [ 59.883464][ T2037] ext4_insert_dentry+0x375/0x640 [ 59.888463][ T2037] add_dirent_to_buf+0x1f2/0x700 [ 59.893387][ T2037] ? ext4_handle_dirty_dirblock+0x4a0/0x4a0 [ 59.899476][ T2037] ? ext4_insert_dentry+0x640/0x640 [ 59.904659][ T2037] ? __ext4_handle_dirty_metadata+0x1b0/0x650 [ 59.910706][ T2037] make_indexed_dir+0xd8c/0x1080 [ 59.915641][ T2037] ? __ext4_handle_dirty_metadata+0x294/0x650 [ 59.921770][ T2037] ? ext4_dx_add_entry+0x16d0/0x16d0 [ 59.927377][ T2037] ? add_dirent_to_buf+0x487/0x700 [ 59.932550][ T2037] ? __ext4_read_dirblock.part.0+0x275/0xcf0 [ 59.938524][ T2037] ext4_add_entry+0x95f/0xbb0 [ 59.943196][ T2037] ? make_indexed_dir+0x1080/0x1080 [ 59.948459][ T2037] ext4_mkdir+0x366/0x860 [ 59.952765][ T2037] ? ext4_init_new_dir+0x490/0x490 [ 59.957941][ T2037] vfs_mkdir+0x1c4/0x3e0 [ 59.962251][ T2037] ? security_path_mkdir+0xc0/0x130 [ 59.967458][ T2037] do_mkdirat+0x210/0x280 [ 59.971794][ T2037] ? __ia32_sys_mknod+0xa0/0xa0 [ 59.976745][ T2037] ? getname_flags.part.0+0x89/0x440 [ 59.982004][ T2037] __x64_sys_mkdirat+0xef/0x140 [ 59.986837][ T2037] do_syscall_64+0x33/0x80 [ 59.991247][ T2037] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 59.997125][ T2037] RIP: 0033:0x7fec7683f809 [ 60.001540][ T2037] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.021143][ T2037] RSP: 002b:00007fec762be058 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 60.029649][ T2037] RAX: ffffffffffffffda RBX: 00007fec76a04fa0 RCX: 00007fec7683f809 [ 60.037611][ T2037] RDX: 5be60480b9579340 RSI: 0000000020000940 RDI: ffffffffffffff9c [ 60.045657][ T2037] RBP: 00007fec768b293e R08: 0000000000000000 R09: 0000000000000000 [ 60.053703][ T2037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.061668][ T2037] R13: 0000000000000000 R14: 00007fec76a04fa0 R15: 00007fffe3dba5c8 [ 60.069755][ T2037] [ 60.072778][ T2037] [ 60.075081][ T2037] The buggy address belongs to the page: [ 60.080685][ T2037] page:ffffea00048fcc40 refcount:3 mapcount:0 mapping:ffff8881004d1308 index:0x3f pfn:0x123f31 [ 60.091103][ T2037] memcg:ffff888111f06000 [ 60.095321][ T2037] aops:def_blk_aops ino:700003 [ 60.100086][ T2037] flags: 0x20000000000202a(referenced|dirty|active|private|node=0|zone=2) [ 60.108560][ T2037] raw: 020000000000202a 0000000000000000 dead000000000122 ffff8881004d1308 [ 60.117228][ T2037] raw: 000000000000003f ffff8881092c7000 00000003ffffffff ffff888111f06000 [ 60.125791][ T2037] page dumped because: kasan: bad access detected [ 60.132210][ T2037] page_owner tracks the page as allocated [ 60.137902][ T2037] page last allocated via order 0, migratetype Movable, gfp_mask 0x108c48(GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE), pid 2037, ts 59792106633, free_ts 59650401776 [ 60.154977][ T2037] get_page_from_freelist+0x1319/0x2e50 [ 60.160508][ T2037] __alloc_pages+0x2b3/0x590 [ 60.165193][ T2037] pagecache_get_page+0x23f/0xc00 [ 60.170256][ T2037] __getblk_slow+0x1a6/0x7a0 [ 60.174838][ T2037] ext4_getblk+0x1a0/0x560 [ 60.179243][ T2037] ext4_bread+0x8/0x120 [ 60.183393][ T2037] ext4_append+0x1d9/0x490 [ 60.187787][ T2037] make_indexed_dir+0x3de/0x1080 [ 60.192804][ T2037] ext4_add_entry+0x95f/0xbb0 [ 60.197491][ T2037] ext4_mkdir+0x366/0x860 [ 60.201809][ T2037] vfs_mkdir+0x1c4/0x3e0 [ 60.206090][ T2037] do_mkdirat+0x210/0x280 [ 60.210573][ T2037] __x64_sys_mkdirat+0xef/0x140 [ 60.215424][ T2037] do_syscall_64+0x33/0x80 [ 60.219822][ T2037] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 60.225707][ T2037] page last free stack trace: [ 60.230375][ T2037] free_pcp_prepare+0x34e/0x730 [ 60.235205][ T2037] free_unref_page_list+0x168/0x9a0 [ 60.240770][ T2037] release_pages+0x9f2/0x1100 [ 60.245441][ T2037] tlb_finish_mmu+0x125/0x6c0 [ 60.250113][ T2037] unmap_region+0x298/0x390 [ 60.254603][ T2037] __do_munmap+0x47e/0x10d0 [ 60.259349][ T2037] __vm_munmap+0xd2/0x1a0 [ 60.263667][ T2037] __x64_sys_munmap+0x5d/0x80 [ 60.268344][ T2037] do_syscall_64+0x33/0x80 [ 60.272769][ T2037] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 60.278661][ T2037] [ 60.280992][ T2037] Memory state around the buggy address: [ 60.286616][ T2037] ffff888123f31f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.294655][ T2037] ffff888123f31f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.302991][ T2037] >ffff888123f32000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.311682][ T2037] ^ [ 60.315898][ T2037] ffff888123f32080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.323966][ T2037] ffff888123f32100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 60.332095][ T2037] ================================================================== [ 60.340142][ T2037] Disabling lock debugging due to kernel taint [ 60.346463][ T2037] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 60.353904][ T2037] Kernel Offset: disabled [ 60.358224][ T2037] Rebooting in 86400 seconds..