Warning: Permanently added '10.128.1.57' (ED25519) to the list of known hosts. 2023/07/28 09:40:17 ignoring optional flag "sandboxArg"="0" 2023/07/28 09:40:17 parsed 1 programs 2023/07/28 09:40:17 executed programs: 0 [ 53.899091][ T1840] loop0: detected capacity change from 0 to 512 [ 53.907031][ T1840] EXT4-fs: Ignoring removed bh option [ 53.913126][ T1840] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 53.924188][ T1840] EXT4-fs (loop0): 1 truncate cleaned up [ 53.929816][ T1840] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 53.947033][ T1840] ================================================================== [ 53.955105][ T1840] BUG: KASAN: use-after-free in ext4_search_dir+0x14c/0x260 [ 53.962373][ T1840] Read of size 1 at addr ffff888125dd13ed by task syz-executor.0/1840 [ 53.970677][ T1840] [ 53.973383][ T1840] CPU: 0 PID: 1840 Comm: syz-executor.0 Not tainted 6.5.0-rc3-syzkaller #0 [ 53.982133][ T1840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 53.992453][ T1840] Call Trace: [ 53.995844][ T1840] [ 53.998766][ T1840] dump_stack_lvl+0xf8/0x260 [ 54.003352][ T1840] ? nf_tcp_handle_invalid+0x300/0x300 [ 54.008791][ T1840] ? panic+0x410/0x410 [ 54.012842][ T1840] ? vprintk_emit+0x119/0x1f0 [ 54.017504][ T1840] ? _printk+0xce/0x110 [ 54.021742][ T1840] ? __x64_sys_open+0x1ef/0x240 [ 54.026718][ T1840] print_report+0x163/0x540 [ 54.031680][ T1840] ? down_read+0x901/0xba0 [ 54.036175][ T1840] ? ext4_search_dir+0x14c/0x260 [ 54.041152][ T1840] kasan_report+0x175/0x1b0 [ 54.045810][ T1840] ? ext4_search_dir+0x14c/0x260 [ 54.050809][ T1840] ext4_search_dir+0x14c/0x260 [ 54.055669][ T1840] ext4_find_inline_entry+0x36b/0x540 [ 54.061204][ T1840] ? ext4_try_create_inline_dir+0x320/0x320 [ 54.068009][ T1840] ? tomoyo_path_number_perm+0x52b/0x680 [ 54.074112][ T1840] __ext4_find_entry+0x2e0/0x1a10 [ 54.079356][ T1840] ? rcu_lock_acquire+0x30/0x30 [ 54.084300][ T1840] ? dx_node_limit+0x150/0x150 [ 54.089401][ T1840] ? smk_access+0x310/0x310 [ 54.093984][ T1840] ext4_lookup+0x1af/0x600 [ 54.098395][ T1840] ? ext4_add_entry+0x2e80/0x2e80 [ 54.103402][ T1840] ? security_inode_permission+0x4c/0xc0 [ 54.109197][ T1840] ? ext4_add_entry+0x2e80/0x2e80 [ 54.114238][ T1840] path_openat+0xd69/0x2820 [ 54.119262][ T1840] ? try_to_wake_up+0x7b5/0x13e0 [ 54.124804][ T1840] ? do_filp_open+0x440/0x440 [ 54.129660][ T1840] do_filp_open+0x22a/0x440 [ 54.134189][ T1840] ? vfs_tmpfile+0x3f0/0x3f0 [ 54.138933][ T1840] ? _raw_spin_unlock+0x28/0x40 [ 54.143807][ T1840] ? alloc_fd+0x3dc/0x470 [ 54.148120][ T1840] do_sys_openat2+0xf6/0x170 [ 54.153097][ T1840] ? do_sys_open+0x1c0/0x1c0 [ 54.157861][ T1840] ? __rseq_handle_notify_resume+0x86d/0xe60 [ 54.163823][ T1840] ? xfd_validate_state+0x16/0x50 [ 54.168833][ T1840] __x64_sys_open+0x1ef/0x240 [ 54.173593][ T1840] ? do_sys_openat2+0x170/0x170 [ 54.178529][ T1840] ? switch_fpu_return+0xcd/0x130 [ 54.183638][ T1840] do_syscall_64+0x41/0x90 [ 54.188125][ T1840] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.194208][ T1840] RIP: 0033:0x7f9567667959 [ 54.198600][ T1840] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 54.218188][ T1840] RSP: 002b:00007f95671ea0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 54.226670][ T1840] RAX: ffffffffffffffda RBX: 00007f9567786f80 RCX: 00007f9567667959 [ 54.234641][ T1840] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100 [ 54.242596][ T1840] RBP: 00007f95676c3c88 R08: 0000000000000000 R09: 0000000000000000 [ 54.250542][ T1840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 54.258938][ T1840] R13: 0000000000000006 R14: 00007f9567786f80 R15: 00007ffe2722dba8 [ 54.266982][ T1840] [ 54.270074][ T1840] [ 54.272379][ T1840] The buggy address belongs to the physical page: [ 54.279808][ T1840] page:ffffea0004977440 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x125dd1 [ 54.290013][ T1840] flags: 0x200000000000000(node=0|zone=2) [ 54.295791][ T1840] page_type: 0xffffffff() [ 54.300091][ T1840] raw: 0200000000000000 ffffea0004971cc8 ffffea000496fc88 0000000000000000 [ 54.308735][ T1840] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 54.317304][ T1840] page dumped because: kasan: bad access detected [ 54.324043][ T1840] page_owner tracks the page as freed [ 54.329386][ T1840] page last allocated via order 0, migratetype Movable, gfp_mask 0x140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO), pid 1814, tgid 1814 (modprobe), ts 53630284498, free_ts 53631534879 [ 54.347852][ T1840] post_alloc_hook+0x26e/0x290 [ 54.352634][ T1840] get_page_from_freelist+0x332d/0x3590 [ 54.358273][ T1840] __alloc_pages+0x255/0x650 [ 54.362956][ T1840] vma_alloc_folio+0x693/0x870 [ 54.367810][ T1840] handle_mm_fault+0x1734/0x30e0 [ 54.372762][ T1840] exc_page_fault+0x3cf/0x750 [ 54.377437][ T1840] asm_exc_page_fault+0x26/0x30 [ 54.382535][ T1840] page last free stack trace: [ 54.387270][ T1840] free_unref_page_prepare+0x800/0x920 [ 54.392974][ T1840] free_unref_page_list+0xb3/0x630 [ 54.398078][ T1840] release_pages+0x16af/0x1850 [ 54.402926][ T1840] tlb_flush_mmu+0x273/0x3d0 [ 54.407683][ T1840] tlb_finish_mmu+0xb6/0x1c0 [ 54.412270][ T1840] exit_mmap+0x345/0x830 [ 54.416492][ T1840] __mmput+0x61/0x290 [ 54.420640][ T1840] exit_mm+0x113/0x1b0 [ 54.425032][ T1840] do_exit+0x7cf/0x2350 [ 54.429704][ T1840] do_group_exit+0x1b9/0x280 [ 54.434284][ T1840] __x64_sys_exit_group+0x3f/0x40 [ 54.439309][ T1840] do_syscall_64+0x41/0x90 [ 54.443898][ T1840] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 54.450040][ T1840] [ 54.452526][ T1840] Memory state around the buggy address: [ 54.458528][ T1840] ffff888125dd1280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.466961][ T1840] ffff888125dd1300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.475465][ T1840] >ffff888125dd1380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.483949][ T1840] ^ [ 54.491396][ T1840] ffff888125dd1400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.499496][ T1840] ffff888125dd1480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 54.507704][ T1840] ================================================================== [ 54.515956][ T1840] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 54.523514][ T1840] Kernel Offset: disabled [ 54.527822][ T1840] Rebooting in 86400 seconds..