Warning: Permanently added '10.128.0.174' (ED25519) to the list of known hosts. 2024/12/05 12:24:54 ignoring optional flag "sandboxArg"="0" 2024/12/05 12:24:54 ignoring optional flag "type"="gce" 2024/12/05 12:24:54 parsed 1 programs [ 61.172732][ T1536] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2024/12/05 12:24:57 executed programs: 0 [ 73.798927][ T4286] loop1: detected capacity change from 0 to 128 [ 73.816046][ T4289] loop4: detected capacity change from 0 to 128 [ 73.833312][ T4291] loop2: detected capacity change from 0 to 128 [ 73.855059][ T4289] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 73.865774][ T4289] ext4 filesystem being mounted at /root/syzkaller-testdir1487932296/syzkaller.4iFwcE/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 73.920683][ T4291] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 73.931395][ T4291] ext4 filesystem being mounted at /root/syzkaller-testdir3524282168/syzkaller.4dv4nC/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 73.941364][ T4289] EXT4-fs warning (device loop4): dx_probe:891: inode #2: comm syz-executor.4: dx entry: limit 0 != root limit 124 [ 73.973867][ T4286] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 73.980023][ T4289] EXT4-fs warning (device loop4): dx_probe:965: inode #2: comm syz-executor.4: Corrupt directory, running e2fsck is recommended [ 73.990458][ T4286] ext4 filesystem being mounted at /root/syzkaller-testdir3675881173/syzkaller.tT6z1X/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 74.004708][ T4289] ================================================================== [ 74.047765][ T4289] BUG: KASAN: use-after-free in __ext4_check_dir_entry+0x5ee/0x920 [ 74.055662][ T4289] Read of size 2 at addr ffff888118ae0003 by task syz-executor.4/4289 [ 74.063808][ T4289] [ 74.066132][ T4289] CPU: 0 PID: 4289 Comm: syz-executor.4 Not tainted 5.15.173-syzkaller #0 [ 74.074655][ T4289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 74.084762][ T4289] Call Trace: [ 74.088221][ T4289] [ 74.091215][ T4289] dump_stack_lvl+0x41/0x5e [ 74.095726][ T4289] print_address_description.constprop.0.cold+0x6c/0x309 [ 74.102755][ T4289] ? __ext4_check_dir_entry+0x5ee/0x920 [ 74.104228][ T4291] EXT4-fs warning (device loop2): dx_probe:891: inode #2: comm syz-executor.2: dx entry: limit 0 != root limit 124 [ 74.108332][ T4289] ? __ext4_check_dir_entry+0x5ee/0x920 [ 74.108346][ T4289] kasan_report.cold+0x83/0xdf [ 74.108354][ T4289] ? __ext4_check_dir_entry+0x5ee/0x920 [ 74.108362][ T4289] __ext4_check_dir_entry+0x5ee/0x920 [ 74.108370][ T4289] ext4_readdir+0xd2c/0x2780 [ 74.108378][ T4289] ? __ext4_check_dir_entry+0x920/0x920 [ 74.120581][ T4291] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended [ 74.126175][ T4289] ? down_read_killable+0x157/0x330 2024/12/05 12:25:07 executed programs: 5 [ 74.126188][ T4289] ? fsnotify_perm.part.0+0x118/0x4c0 [ 74.126198][ T4289] iterate_dir+0x48a/0x6d0 [ 74.126205][ T4289] __x64_sys_getdents64+0x122/0x220 [ 74.126212][ T4289] ? __ia32_sys_getdents+0x220/0x220 [ 74.152952][ T4291] EXT4-fs error (device loop2): ext4_readdir:258: inode #2: block 63: comm syz-executor.2: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=51, rec_len=0, size=1024 fake=0 [ 74.165119][ T4289] ? compat_fillonedir+0x300/0x300 [ 74.165133][ T4289] ? vtime_user_exit+0xde/0x180 [ 74.165143][ T4289] do_syscall_64+0x33/0x80 [ 74.165153][ T4289] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 74.165170][ T4289] RIP: 0033:0x7f6fc65d7ee9 [ 74.165185][ T4289] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 74.165191][ T4289] RSP: 002b:00007f6fc615a0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 74.165200][ T4289] RAX: ffffffffffffffda RBX: 00007f6fc670efa0 RCX: 00007f6fc65d7ee9 [ 74.165205][ T4289] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000008 [ 74.188396][ T2047] EXT4-fs warning (device loop2): dx_probe:891: inode #2: comm syz-executor.2: dx entry: limit 0 != root limit 124 [ 74.190747][ T4289] RBP: 00007f6fc662447f R08: 0000000000000000 R09: 0000000000000000 [ 74.190754][ T4289] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.190759][ T4289] R13: 0000000000000006 R14: 00007f6fc670efa0 R15: 00007ffda6dcae28 [ 74.190765][ T4289] [ 74.190768][ T4289] [ 74.190771][ T4289] Allocated by task 3905: [ 74.190775][ T4289] kasan_save_stack+0x1b/0x40 [ 74.190786][ T4289] __kasan_slab_alloc+0x61/0x80 [ 74.190792][ T4289] kmem_cache_alloc+0x211/0x310 [ 74.190796][ T4289] __alloc_file+0x20/0x240 [ 74.190803][ T4289] alloc_empty_file+0x3c/0xf0 [ 74.190808][ T4289] path_openat+0xdd/0x2360 [ 74.190814][ T4289] do_filp_open+0x199/0x3d0 [ 74.190819][ T4289] do_sys_openat2+0x11e/0x400 [ 74.190824][ T4289] __x64_sys_openat+0x11b/0x1d0 [ 74.190828][ T4289] do_syscall_64+0x33/0x80 [ 74.190835][ T4289] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 74.190842][ T4289] [ 74.190844][ T4289] Freed by task 17: [ 74.190848][ T4289] kasan_save_stack+0x1b/0x40 [ 74.190854][ T4289] kasan_set_track+0x1c/0x30 [ 74.190858][ T4289] kasan_set_free_info+0x20/0x30 [ 74.190865][ T4289] __kasan_slab_free+0xe0/0x110 [ 74.190871][ T4289] kmem_cache_free+0x7e/0x450 [ 74.190876][ T4289] rcu_core+0x58c/0x1190 [ 74.190885][ T4289] handle_softirqs+0x14f/0x4f0 [ 74.211872][ T2047] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended [ 74.216886][ T4289] run_ksoftirqd+0x1a/0x20 [ 74.216893][ T4289] smpboot_thread_fn+0x2b9/0x650 [ 74.216901][ T4289] kthread+0x2f8/0x3b0 [ 74.216908][ T4289] ret_from_fork+0x1f/0x30 [ 74.223631][ T2047] EXT4-fs error (device loop2): ext4_readdir:258: inode #2: block 4: comm syz-executor.2: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 74.226132][ T4289] [ 74.226135][ T4289] Last potentially related work creation: [ 74.226138][ T4289] kasan_save_stack+0x1b/0x40 [ 74.226148][ T4289] kasan_record_aux_stack+0xc5/0xf0 [ 74.226155][ T4289] call_rcu+0x98/0x6d0 [ 74.226163][ T4289] task_work_run+0xb8/0x140 [ 74.226169][ T4289] exit_to_user_mode_prepare+0x15d/0x160 [ 74.232554][ T2047] EXT4-fs warning (device loop2): dx_probe:891: inode #2: comm syz-executor.2: dx entry: limit 0 != root limit 124 [ 74.236435][ T4289] syscall_exit_to_user_mode+0x12/0x30 [ 74.236447][ T4289] do_syscall_64+0x40/0x80 [ 74.236453][ T4289] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 74.236459][ T4289] [ 74.236461][ T4289] Second to last potentially related work creation: [ 74.236464][ T4289] kasan_save_stack+0x1b/0x40 [ 74.236470][ T4289] kasan_record_aux_stack+0xc5/0xf0 [ 74.236476][ T4289] task_work_add+0x36/0x130 [ 74.236483][ T4289] fput_many+0xa5/0x120 [ 74.256213][ T2047] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended [ 74.264554][ T4289] path_openat+0x1504/0x2360 [ 74.404638][ T4286] EXT4-fs warning (device loop1): dx_probe:891: inode #2: comm syz-executor.1: dx entry: limit 0 != root limit 124 [ 74.408341][ T4289] do_filp_open+0x199/0x3d0 [ 74.408355][ T4289] do_sys_openat2+0x11e/0x400 [ 74.408361][ T4289] __x64_sys_openat+0x11b/0x1d0 [ 74.408365][ T4289] do_syscall_64+0x33/0x80 [ 74.408372][ T4289] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 74.408380][ T4289] [ 74.408382][ T4289] The buggy address belongs to the object at ffff888118ae0000 [ 74.408382][ T4289] which belongs to the cache filp of size 464 [ 74.408388][ T4289] The buggy address is located 3 bytes inside of [ 74.408388][ T4289] 464-byte region [ffff888118ae0000, ffff888118ae01d0) [ 74.408394][ T4289] The buggy address belongs to the page: [ 74.408411][ T4289] page:ffffea000462b800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x118ae0 [ 74.412639][ T4286] EXT4-fs warning (device loop1): dx_probe:965: inode #2: comm syz-executor.1: Corrupt directory, running e2fsck is recommended [ 74.417400][ T4289] head:ffffea000462b800 order:1 compound_mapcount:0 [ 74.417410][ T4289] memcg:ffff888112068181 [ 74.417412][ T4289] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 74.417431][ T4289] raw: 0200000000010200 ffffea00043fe080 0000000600000006 ffff888100140780 [ 74.417437][ T4289] raw: 0000000000000000 00000000000c000c 00000001ffffffff ffff888112068181 [ 74.432305][ T4286] EXT4-fs error (device loop1): ext4_readdir:258: inode #2: block 63: comm syz-executor.1: path (unknown): bad entry in directory: directory entry overrun - offset=1023, inode=4177066035, rec_len=63736, size=1024 fake=0 [ 74.435160][ T4289] page dumped because: kasan: bad access detected [ 74.435166][ T4289] page_owner tracks the page as allocated [ 74.435168][ T4289] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 3443, ts 70218845018, free_ts 70176692692 [ 74.435181][ T4289] get_page_from_freelist+0x1319/0x2e50 [ 74.435192][ T4289] __alloc_pages+0x2b3/0x590 [ 74.435198][ T4289] allocate_slab+0x2eb/0x430 [ 74.455401][ T4324] loop3: detected capacity change from 0 to 128 [ 74.469067][ T4289] ___slab_alloc+0xb1c/0xf80 [ 74.469080][ T4289] kmem_cache_alloc+0x2d7/0x310 [ 74.469086][ T4289] __alloc_file+0x20/0x240 [ 74.469093][ T4289] alloc_empty_file+0x3c/0xf0 [ 74.469104][ T4289] path_openat+0xdd/0x2360 [ 74.469110][ T4289] do_filp_open+0x199/0x3d0 [ 74.469116][ T4289] do_sys_openat2+0x11e/0x400 [ 74.469121][ T4289] __x64_sys_openat+0x11b/0x1d0 [ 74.469126][ T4289] do_syscall_64+0x33/0x80 [ 74.474767][ T2051] EXT4-fs warning (device loop1): dx_probe:891: inode #2: comm syz-executor.1: dx entry: limit 0 != root limit 124 [ 74.477145][ T4289] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 74.477158][ T4289] page last free stack trace: [ 74.477160][ T4289] free_pcp_prepare+0x34e/0x730 [ 74.477167][ T4289] free_unref_page+0x19/0x3b0 [ 74.477173][ T4289] qlist_free_all+0x68/0x110 [ 74.477181][ T4289] kasan_quarantine_reduce+0x180/0x1f0 [ 74.481848][ T2051] EXT4-fs warning (device loop1): dx_probe:965: inode #2: comm syz-executor.1: Corrupt directory, running e2fsck is recommended [ 74.487053][ T4289] __kasan_slab_alloc+0x73/0x80 [ 74.487063][ T4289] kmem_cache_alloc+0x211/0x310 [ 74.487068][ T4289] getname_flags.part.0+0x4a/0x440 [ 74.487075][ T4289] do_sys_openat2+0xd2/0x400 [ 74.487080][ T4289] __x64_sys_openat+0x11b/0x1d0 [ 74.487085][ T4289] do_syscall_64+0x33/0x80 [ 74.487092][ T4289] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 74.493818][ T2051] EXT4-fs error (device loop1): ext4_readdir:258: inode #2: block 4: comm syz-executor.1: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 74.495655][ T4289] [ 74.495659][ T4289] Memory state around the buggy address: [ 74.495664][ T4289] ffff888118adff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.495669][ T4289] ffff888118adff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 74.495673][ T4289] >ffff888118ae0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.495675][ T4289] ^ [ 74.495679][ T4289] ffff888118ae0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.495682][ T4289] ffff888118ae0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 74.495686][ T4289] ================================================================== [ 74.495689][ T4289] Disabling lock debugging due to kernel taint [ 74.495778][ T4289] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 74.501773][ T2051] EXT4-fs warning (device loop1): dx_probe:891: inode #2: comm syz-executor.1: dx entry: limit 0 != root limit 124 [ 74.513678][ T4289] Kernel Offset: disabled [ 75.020683][ T4289] Rebooting in 86400 seconds..