Warning: Permanently added '10.128.1.68' (ED25519) to the list of known hosts. 2024/06/27 05:08:36 ignoring optional flag "sandboxArg"="0" 2024/06/27 05:08:36 parsed 1 programs 2024/06/27 05:08:36 executed programs: 0 [ 44.821431][ T942] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 47.103877][ T1402] loop0: detected capacity change from 0 to 512 [ 47.112050][ T1402] EXT4-fs (loop0): Ignoring removed bh option [ 47.118315][ T1402] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 47.128497][ T1402] EXT4-fs (loop0): 1 truncate cleaned up [ 47.134124][ T1402] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 47.156848][ T1402] ================================================================== [ 47.165023][ T1402] BUG: KASAN: use-after-free in ext4_search_dir+0x1df/0x260 [ 47.172476][ T1402] Read of size 1 at addr ffff8881017fc3ed by task syz-executor.0/1402 [ 47.180660][ T1402] [ 47.183003][ T1402] CPU: 1 PID: 1402 Comm: syz-executor.0 Not tainted 5.15.161-syzkaller #0 [ 47.191486][ T1402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 47.201866][ T1402] Call Trace: [ 47.205129][ T1402] [ 47.208252][ T1402] dump_stack_lvl+0x41/0x5e [ 47.212858][ T1402] print_address_description.constprop.0.cold+0x6c/0x309 [ 47.219855][ T1402] ? ext4_search_dir+0x1df/0x260 [ 47.224783][ T1402] ? ext4_search_dir+0x1df/0x260 [ 47.229825][ T1402] kasan_report.cold+0x83/0xdf [ 47.234582][ T1402] ? ext4_search_dir+0x1df/0x260 [ 47.239674][ T1402] ext4_search_dir+0x1df/0x260 [ 47.244415][ T1402] ext4_find_inline_entry+0x355/0x440 [ 47.249781][ T1402] ? tomoyo_path_number_perm+0x1d8/0x420 [ 47.255505][ T1402] ? ext4_try_create_inline_dir+0x290/0x290 [ 47.261490][ T1402] ? lock_downgrade+0x4f0/0x4f0 [ 47.266562][ T1402] __ext4_find_entry+0x84a/0xce0 [ 47.271783][ T1402] ? find_held_lock+0x2d/0x110 [ 47.276594][ T1402] ? ext4_dx_find_entry+0x570/0x570 [ 47.282024][ T1402] ? d_alloc_parallel+0x638/0x1010 [ 47.287132][ T1402] ext4_lookup+0x156/0x570 [ 47.291618][ T1402] ? userns_owner+0x30/0x30 [ 47.296094][ T1402] ? ext4_resetent+0x280/0x280 [ 47.300829][ T1402] ? apparmor_capget+0x6b0/0x6b0 [ 47.305768][ T1402] ? tomoyo_path_mknod+0xb5/0x130 [ 47.310900][ T1402] ? from_kgid+0x7f/0xc0 [ 47.315125][ T1402] ? ext4_resetent+0x280/0x280 [ 47.320282][ T1402] lookup_open.isra.0+0x808/0x1680 [ 47.325384][ T1402] ? vfs_tmpfile+0x2d0/0x2d0 [ 47.330162][ T1402] path_openat+0x7e3/0x2360 [ 47.334660][ T1402] ? __kasan_slab_free_mempool+0x1f1/0x200 [ 47.340446][ T1402] ? do_syscall_64+0x33/0x80 [ 47.345115][ T1402] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 47.351165][ T1402] ? path_lookupat+0x6b0/0x6b0 [ 47.356227][ T1402] ? lock_downgrade+0x4f0/0x4f0 [ 47.361232][ T1402] ? find_held_lock+0x2d/0x110 [ 47.365963][ T1402] do_filp_open+0x199/0x3d0 [ 47.370433][ T1402] ? may_open_dev+0xd0/0xd0 [ 47.374898][ T1402] ? do_raw_spin_lock+0x120/0x2b0 [ 47.379897][ T1402] ? rwlock_bug.part.0+0x90/0x90 [ 47.384811][ T1402] ? lock_acquire+0x11a/0x230 [ 47.389586][ T1402] ? _raw_spin_unlock+0x1a/0x20 [ 47.394437][ T1402] ? alloc_fd+0x17c/0x4e0 [ 47.398751][ T1402] ? getname_flags.part.0+0x89/0x440 [ 47.404018][ T1402] do_sys_openat2+0x11e/0x400 [ 47.408682][ T1402] ? build_open_flags+0x490/0x490 [ 47.413771][ T1402] ? lock_downgrade+0x4f0/0x4f0 [ 47.418686][ T1402] __x64_sys_open+0xfd/0x1a0 [ 47.423422][ T1402] ? do_sys_open+0xe0/0xe0 [ 47.427861][ T1402] ? vtime_user_exit+0xde/0x180 [ 47.432802][ T1402] ? trace_user_exit.constprop.0+0x25/0xb0 [ 47.438594][ T1402] do_syscall_64+0x33/0x80 [ 47.442996][ T1402] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 47.449060][ T1402] RIP: 0033:0x7f3123302b29 [ 47.453446][ T1402] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 47.473729][ T1402] RSP: 002b:00007f3122e850c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 47.482121][ T1402] RAX: ffffffffffffffda RBX: 00007f3123421f80 RCX: 00007f3123302b29 [ 47.490094][ T1402] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100 [ 47.498157][ T1402] RBP: 00007f312334e47a R08: 0000000000000000 R09: 0000000000000000 [ 47.506274][ T1402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 47.514231][ T1402] R13: 0000000000000006 R14: 00007f3123421f80 R15: 00007ffe10d015d8 [ 47.522184][ T1402] [ 47.525378][ T1402] [ 47.527750][ T1402] The buggy address belongs to the page: [ 47.533374][ T1402] page:ffffea000405ff00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017fc [ 47.543852][ T1402] flags: 0x200000000000000(node=0|zone=2) [ 47.549921][ T1402] raw: 0200000000000000 ffffea000421e7c8 ffffea00043d0c08 0000000000000000 [ 47.558916][ T1402] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 47.568089][ T1402] page dumped because: kasan: bad access detected [ 47.574679][ T1402] page_owner tracks the page as freed [ 47.580510][ T1402] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), pid 1016, ts 45186117824, free_ts 45190144945 [ 47.596680][ T1402] get_page_from_freelist+0x166f/0x2910 [ 47.602642][ T1402] __alloc_pages+0x2b3/0x590 [ 47.607961][ T1402] pte_alloc_one+0x10/0x160 [ 47.612669][ T1402] __pte_alloc+0x15/0x210 [ 47.617082][ T1402] move_page_tables.part.0+0x1039/0x1600 [ 47.623095][ T1402] shift_arg_pages+0x161/0x390 [ 47.628229][ T1402] setup_arg_pages+0x55b/0x720 [ 47.633001][ T1402] load_elf_binary+0x7ff/0x3eb0 [ 47.638213][ T1402] bprm_execve+0x62a/0x1330 [ 47.642883][ T1402] kernel_execve+0x2dc/0x400 [ 47.647556][ T1402] call_usermodehelper_exec_async+0x2c1/0x500 [ 47.653796][ T1402] ret_from_fork+0x1f/0x30 [ 47.658340][ T1402] page last free stack trace: [ 47.663199][ T1402] free_pcp_prepare+0x34e/0x730 [ 47.668051][ T1402] free_unref_page_list+0x168/0x9a0 [ 47.673372][ T1402] release_pages+0x9f2/0x1100 [ 47.678403][ T1402] tlb_finish_mmu+0x125/0x6c0 [ 47.683630][ T1402] exit_mmap+0x185/0x4e0 [ 47.688191][ T1402] mmput+0x90/0x390 [ 47.692215][ T1402] do_exit+0x87f/0x21d0 [ 47.696508][ T1402] do_group_exit+0xe7/0x290 [ 47.701100][ T1402] __x64_sys_exit_group+0x35/0x40 [ 47.706292][ T1402] do_syscall_64+0x33/0x80 [ 47.710771][ T1402] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 47.716637][ T1402] [ 47.718941][ T1402] Memory state around the buggy address: [ 47.724917][ T1402] ffff8881017fc280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.732982][ T1402] ffff8881017fc300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.741282][ T1402] >ffff8881017fc380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.749401][ T1402] ^ [ 47.757175][ T1402] ffff8881017fc400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.765242][ T1402] ffff8881017fc480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 47.773284][ T1402] ================================================================== [ 47.781583][ T1402] Disabling lock debugging due to kernel taint [ 47.787940][ T1402] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 47.795377][ T1402] Kernel Offset: disabled [ 47.799771][ T1402] Rebooting in 86400 seconds..