Warning: Permanently added '10.128.1.201' (ED25519) to the list of known hosts. 2024/06/29 12:25:22 ignoring optional flag "sandboxArg"="0" 2024/06/29 12:25:22 parsed 1 programs 2024/06/29 12:25:22 executed programs: 0 [ 47.379405][ T943] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.529775][ T1403] loop0: detected capacity change from 0 to 512 [ 52.536901][ T1403] EXT4-fs: Ignoring removed bh option [ 52.543315][ T1403] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 52.554236][ T1403] EXT4-fs (loop0): 1 truncate cleaned up [ 52.559881][ T1403] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. 2024/06/29 12:25:27 executed programs: 1 [ 52.573702][ T1403] EXT4-fs error (device loop0): ext4_find_dest_de:2112: inode #12: block 7: comm syz-executor.0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0 [ 52.602680][ T949] EXT4-fs (loop0): unmounting filesystem. [ 52.621402][ T1408] loop0: detected capacity change from 0 to 512 [ 52.628340][ T1408] EXT4-fs: Ignoring removed bh option [ 52.634424][ T1408] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 52.644756][ T1408] EXT4-fs (loop0): 1 truncate cleaned up [ 52.650962][ T1408] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 52.664742][ T1408] EXT4-fs error (device loop0): ext4_find_dest_de:2112: inode #12: block 7: comm syz-executor.0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0 [ 52.698150][ T949] EXT4-fs (loop0): unmounting filesystem. [ 52.715671][ T1412] loop0: detected capacity change from 0 to 512 [ 52.722624][ T1412] EXT4-fs: Ignoring removed bh option [ 52.728508][ T1412] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 52.738899][ T1412] EXT4-fs (loop0): 1 truncate cleaned up [ 52.744737][ T1412] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 52.763156][ T1412] ================================================================== [ 52.771403][ T1412] BUG: KASAN: use-after-free in ext4_search_dir+0x148/0x250 [ 52.778801][ T1412] Read of size 1 at addr ffff88812352f3ed by task syz-executor.0/1412 [ 52.787360][ T1412] [ 52.789700][ T1412] CPU: 1 PID: 1412 Comm: syz-executor.0 Not tainted 6.1.96-syzkaller #0 [ 52.798116][ T1412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 52.808773][ T1412] Call Trace: [ 52.812135][ T1412] [ 52.815435][ T1412] dump_stack_lvl+0xf4/0x251 [ 52.820187][ T1412] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 52.825748][ T1412] ? panic+0x3fe/0x3fe [ 52.829810][ T1412] ? _printk+0xca/0x10a [ 52.834028][ T1412] ? __virt_addr_valid+0x139/0x260 [ 52.839213][ T1412] ? __virt_addr_valid+0x211/0x260 [ 52.844397][ T1412] print_report+0x15f/0x4f0 [ 52.848876][ T1412] ? __virt_addr_valid+0x139/0x260 [ 52.853961][ T1412] ? __virt_addr_valid+0x211/0x260 [ 52.859144][ T1412] ? ext4_search_dir+0x148/0x250 [ 52.864057][ T1412] kasan_report+0x136/0x160 [ 52.868564][ T1412] ? ext4_search_dir+0x148/0x250 [ 52.873477][ T1412] ext4_search_dir+0x148/0x250 [ 52.878220][ T1412] ext4_find_inline_entry+0x367/0x540 [ 52.883568][ T1412] ? ext4_try_create_inline_dir+0x320/0x320 [ 52.889451][ T1412] ? tomoyo_path_number_perm+0x54d/0x6a0 [ 52.895242][ T1412] ? tomoyo_path_number_perm+0x1c3/0x6a0 [ 52.901023][ T1412] __ext4_find_entry+0x2dc/0x1a10 [ 52.906028][ T1412] ? d_alloc_parallel+0x318/0x1130 [ 52.911188][ T1412] ? dx_node_limit+0x150/0x150 [ 52.915952][ T1412] ? d_alloc_parallel+0x318/0x1130 [ 52.921055][ T1412] ext4_lookup+0x1ab/0x5f0 [ 52.925498][ T1412] ? ext4_add_entry+0x2e80/0x2e80 [ 52.930590][ T1412] ? inode_permission+0x56/0x320 [ 52.935609][ T1412] ? ext4_add_entry+0x2e80/0x2e80 [ 52.940743][ T1412] path_openat+0xdb6/0x2410 [ 52.945368][ T1412] ? do_raw_spin_unlock+0x137/0x8a0 [ 52.950547][ T1412] ? do_filp_open+0x430/0x430 [ 52.955202][ T1412] do_filp_open+0x226/0x430 [ 52.959681][ T1412] ? vfs_tmpfile+0x3e0/0x3e0 [ 52.964249][ T1412] ? _raw_spin_unlock+0x24/0x40 [ 52.969156][ T1412] ? alloc_fd+0x3dc/0x470 [ 52.973561][ T1412] do_sys_openat2+0x10b/0x420 [ 52.978390][ T1412] ? rcu_is_watching+0x1b/0x90 [ 52.983130][ T1412] ? do_sys_open+0x1c0/0x1c0 [ 52.987877][ T1412] ? __rseq_handle_notify_resume+0x827/0xdf0 [ 52.993935][ T1412] ? xfd_validate_state+0x12/0x50 [ 52.999017][ T1412] __x64_sys_open+0x1eb/0x240 [ 53.003771][ T1412] ? do_sys_openat2+0x420/0x420 [ 53.008794][ T1412] ? switch_fpu_return+0xc9/0x130 [ 53.014264][ T1412] do_syscall_64+0x3b/0x80 [ 53.018778][ T1412] ? clear_bhb_loop+0x45/0xa0 [ 53.023460][ T1412] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 53.029455][ T1412] RIP: 0033:0x7fb4167d7b29 [ 53.033957][ T1412] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 53.054425][ T1412] RSP: 002b:00007fb41635a0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 53.063176][ T1412] RAX: ffffffffffffffda RBX: 00007fb4168f6f80 RCX: 00007fb4167d7b29 [ 53.071332][ T1412] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100 [ 53.079639][ T1412] RBP: 00007fb41682347a R08: 0000000000000000 R09: 0000000000000000 [ 53.087781][ T1412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 53.096441][ T1412] R13: 0000000000000006 R14: 00007fb4168f6f80 R15: 00007ffde665b1f8 [ 53.104490][ T1412] [ 53.107498][ T1412] [ 53.109868][ T1412] The buggy address belongs to the physical page: [ 53.116345][ T1412] page:ffffea00048d4bc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x12352f [ 53.126649][ T1412] flags: 0x200000000000000(node=0|zone=2) [ 53.132356][ T1412] raw: 0200000000000000 ffffea00048d9548 ffffea00048d4588 0000000000000000 [ 53.141044][ T1412] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 53.149861][ T1412] page dumped because: kasan: bad access detected [ 53.156299][ T1412] page_owner tracks the page as freed [ 53.161644][ T1412] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1408, tgid 1407 (syz-executor.0), ts 52620810720, free_ts 52706549767 [ 53.179852][ T1412] post_alloc_hook+0x286/0x2b0 [ 53.184694][ T1412] get_page_from_freelist+0x2ba7/0x2de0 [ 53.190513][ T1412] __alloc_pages+0x251/0x640 [ 53.195554][ T1412] vma_alloc_folio+0x689/0x870 [ 53.200302][ T1412] shmem_get_folio_gfp+0x7af/0x23b0 [ 53.205483][ T1412] shmem_write_begin+0x159/0x400 [ 53.210580][ T1412] generic_perform_write+0x2f1/0x530 [ 53.215851][ T1412] __generic_file_write_iter+0x13e/0x2f0 [ 53.221466][ T1412] generic_file_write_iter+0x99/0x230 [ 53.226811][ T1412] vfs_write+0x9c2/0xcf0 [ 53.231043][ T1412] ksys_write+0x15f/0x240 [ 53.235378][ T1412] do_syscall_64+0x3b/0x80 [ 53.239863][ T1412] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 53.245823][ T1412] page last free stack trace: [ 53.250469][ T1412] free_unref_page_prepare+0xca9/0xd80 [ 53.255900][ T1412] free_unref_page_list+0xaa/0x690 [ 53.261071][ T1412] release_pages+0x1763/0x1900 [ 53.265898][ T1412] __pagevec_release+0x62/0xd0 [ 53.270737][ T1412] shmem_undo_range+0x66b/0x1b00 [ 53.275790][ T1412] shmem_evict_inode+0x354/0x860 [ 53.281158][ T1412] evict+0x263/0x630 [ 53.285034][ T1412] __dentry_kill+0x380/0x5d0 [ 53.289594][ T1412] dentry_kill+0xbb/0x1e0 [ 53.294358][ T1412] dput+0x154/0x2d0 [ 53.298143][ T1412] __fput+0x4bd/0x700 [ 53.302101][ T1412] task_work_run+0x206/0x280 [ 53.306683][ T1412] exit_to_user_mode_loop+0xa9/0xc0 [ 53.311853][ T1412] exit_to_user_mode_prepare+0x64/0xb0 [ 53.317385][ T1412] syscall_exit_to_user_mode+0x27/0x1b0 [ 53.322900][ T1412] do_syscall_64+0x47/0x80 [ 53.327375][ T1412] [ 53.329677][ T1412] Memory state around the buggy address: [ 53.335338][ T1412] ffff88812352f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.343405][ T1412] ffff88812352f300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.351441][ T1412] >ffff88812352f380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.359738][ T1412] ^ [ 53.367254][ T1412] ffff88812352f400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.375377][ T1412] ffff88812352f480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.383469][ T1412] ================================================================== [ 53.391631][ T1412] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 53.399230][ T1412] Kernel Offset: disabled [ 53.403574][ T1412] Rebooting in 86400 seconds..