Warning: Permanently added '10.128.10.25' (ED25519) to the list of known hosts. 2024/09/12 04:06:11 ignoring optional flag "sandboxArg"="0" 2024/09/12 04:06:11 parsed 1 programs 2024/09/12 04:06:12 executed programs: 0 [ 50.576142][ T940] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 55.553924][ T1400] loop0: detected capacity change from 0 to 512 [ 55.561829][ T1400] EXT4-fs: Ignoring removed bh option [ 55.568306][ T1400] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 55.578884][ T1400] EXT4-fs (loop0): 1 truncate cleaned up [ 55.584518][ T1400] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 55.597797][ T1400] ================================================================== [ 55.605864][ T1400] BUG: KASAN: use-after-free in ext4_search_dir+0x148/0x250 [ 55.613138][ T1400] Read of size 1 at addr ffff8881239363ed by task syz-executor.0/1400 [ 55.621262][ T1400] [ 55.623588][ T1400] CPU: 1 PID: 1400 Comm: syz-executor.0 Not tainted 6.1.109-syzkaller #0 [ 55.631966][ T1400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 55.642003][ T1400] Call Trace: [ 55.645258][ T1400] [ 55.648173][ T1400] dump_stack_lvl+0xf4/0x251 [ 55.652773][ T1400] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 55.658199][ T1400] ? panic+0x3fe/0x3fe [ 55.662237][ T1400] ? _printk+0xca/0x10a [ 55.666356][ T1400] ? __virt_addr_valid+0x139/0x270 [ 55.671441][ T1400] ? __virt_addr_valid+0x221/0x270 [ 55.676518][ T1400] print_report+0x15f/0x4f0 [ 55.681012][ T1400] ? __virt_addr_valid+0x139/0x270 [ 55.686089][ T1400] ? __virt_addr_valid+0x221/0x270 [ 55.691166][ T1400] ? ext4_search_dir+0x148/0x250 [ 55.696079][ T1400] kasan_report+0x136/0x160 [ 55.700551][ T1400] ? ext4_search_dir+0x148/0x250 [ 55.705453][ T1400] ext4_search_dir+0x148/0x250 [ 55.710197][ T1400] ext4_find_inline_entry+0x367/0x540 [ 55.715551][ T1400] ? ext4_try_create_inline_dir+0x320/0x320 [ 55.721430][ T1400] ? tomoyo_path_number_perm+0x54d/0x6a0 [ 55.727030][ T1400] ? tomoyo_path_number_perm+0x1c3/0x6a0 [ 55.732644][ T1400] __ext4_find_entry+0x2dc/0x1a10 [ 55.737634][ T1400] ? d_alloc_parallel+0x318/0x1130 [ 55.742712][ T1400] ? dx_node_limit+0x150/0x150 [ 55.747444][ T1400] ? d_alloc_parallel+0x318/0x1130 [ 55.752534][ T1400] ext4_lookup+0x1ab/0x5f0 [ 55.756916][ T1400] ? ext4_add_entry+0x3080/0x3080 [ 55.761905][ T1400] ? inode_permission+0x56/0x320 [ 55.766812][ T1400] ? ext4_add_entry+0x3080/0x3080 [ 55.771802][ T1400] path_openat+0xdb6/0x2410 [ 55.776294][ T1400] ? do_filp_open+0x430/0x430 [ 55.780937][ T1400] ? __virt_addr_valid+0x139/0x270 [ 55.786012][ T1400] do_filp_open+0x226/0x430 [ 55.790490][ T1400] ? vfs_tmpfile+0x3e0/0x3e0 [ 55.795132][ T1400] ? _raw_spin_unlock+0x24/0x40 [ 55.799965][ T1400] ? alloc_fd+0x3dc/0x470 [ 55.804347][ T1400] do_sys_openat2+0x10b/0x3f0 [ 55.808990][ T1400] ? rcu_is_watching+0x1b/0x90 [ 55.813719][ T1400] ? do_sys_open+0x1c0/0x1c0 [ 55.818275][ T1400] ? __rseq_handle_notify_resume+0x827/0xdf0 [ 55.824219][ T1400] __x64_sys_open+0x1eb/0x240 [ 55.828862][ T1400] ? do_sys_openat2+0x3f0/0x3f0 [ 55.833677][ T1400] ? switch_fpu_return+0xc9/0x130 [ 55.838690][ T1400] do_syscall_64+0x3b/0x80 [ 55.843075][ T1400] ? clear_bhb_loop+0x45/0xa0 [ 55.847738][ T1400] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 55.853604][ T1400] RIP: 0033:0x7f537a105b29 [ 55.857994][ T1400] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 55.877596][ T1400] RSP: 002b:00007f5379c880c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 55.885976][ T1400] RAX: ffffffffffffffda RBX: 00007f537a224f80 RCX: 00007f537a105b29 [ 55.893943][ T1400] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100 [ 55.901890][ T1400] RBP: 00007f537a15147a R08: 0000000000000000 R09: 0000000000000000 [ 55.909921][ T1400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.917864][ T1400] R13: 0000000000000006 R14: 00007f537a224f80 R15: 00007ffc8a70d248 [ 55.925807][ T1400] [ 55.928796][ T1400] [ 55.931096][ T1400] The buggy address belongs to the physical page: [ 55.937503][ T1400] page:ffffea00048e4d80 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x123936 [ 55.947791][ T1400] flags: 0x200000000000000(node=0|zone=2) [ 55.953478][ T1400] raw: 0200000000000000 ffffea00048e4dc8 ffffea00048e4d48 0000000000000000 [ 55.962029][ T1400] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 55.970579][ T1400] page dumped because: kasan: bad access detected [ 55.976966][ T1400] page_owner info is not present (never set?) [ 55.983000][ T1400] [ 55.985296][ T1400] Memory state around the buggy address: [ 55.990892][ T1400] ffff888123936280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.998937][ T1400] ffff888123936300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.006969][ T1400] >ffff888123936380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.014992][ T1400] ^ [ 56.022411][ T1400] ffff888123936400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.030436][ T1400] ffff888123936480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.038474][ T1400] ================================================================== [ 56.046569][ T1400] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 56.054212][ T1400] Kernel Offset: disabled [ 56.058513][ T1400] Rebooting in 86400 seconds..