Warning: Permanently added '10.128.0.232' (ED25519) to the list of known hosts. 2024/04/13 22:52:37 ignoring optional flag "sandboxArg"="0" 2024/04/13 22:52:37 parsed 1 programs 2024/04/13 22:52:38 executed programs: 0 [ 45.939144][ T1045] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 48.140666][ T1506] loop0: detected capacity change from 0 to 512 [ 48.147654][ T1506] EXT4-fs (loop0): Ignoring removed bh option [ 48.154045][ T1506] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 48.165016][ T1506] EXT4-fs (loop0): 1 truncate cleaned up [ 48.170916][ T1506] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 48.195598][ T1506] EXT4-fs error (device loop0): ext4_find_dest_de:2111: inode #12: block 7: comm syz-executor.0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0 [ 48.291081][ T1510] loop0: detected capacity change from 0 to 512 [ 48.298340][ T1510] EXT4-fs (loop0): Ignoring removed bh option [ 48.304606][ T1510] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 48.314132][ T1510] EXT4-fs (loop0): 1 truncate cleaned up [ 48.319876][ T1510] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 48.341018][ T1510] ================================================================== [ 48.349119][ T1510] BUG: KASAN: slab-out-of-bounds in ext4_search_dir+0x1df/0x260 [ 48.356861][ T1510] Read of size 1 at addr ffff88811f4163ed by task syz-executor.0/1510 [ 48.364982][ T1510] [ 48.367341][ T1510] CPU: 0 PID: 1510 Comm: syz-executor.0 Not tainted 5.15.155-syzkaller #0 [ 48.375832][ T1510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 48.386192][ T1510] Call Trace: [ 48.389449][ T1510] [ 48.392451][ T1510] dump_stack_lvl+0x41/0x5e [ 48.397041][ T1510] print_address_description.constprop.0.cold+0x6c/0x309 [ 48.404227][ T1510] ? ext4_search_dir+0x1df/0x260 [ 48.409134][ T1510] ? ext4_search_dir+0x1df/0x260 [ 48.414075][ T1510] kasan_report.cold+0x83/0xdf [ 48.418805][ T1510] ? ext4_search_dir+0x1df/0x260 [ 48.423713][ T1510] ext4_search_dir+0x1df/0x260 [ 48.428441][ T1510] ext4_find_inline_entry+0x355/0x440 [ 48.433795][ T1510] ? tomoyo_path_number_perm+0x1d8/0x420 [ 48.439392][ T1510] ? ext4_try_create_inline_dir+0x290/0x290 [ 48.450209][ T1510] ? lock_downgrade+0x4f0/0x4f0 [ 48.455256][ T1510] __ext4_find_entry+0x84a/0xce0 [ 48.460177][ T1510] ? find_held_lock+0x2d/0x110 [ 48.465020][ T1510] ? ext4_dx_find_entry+0x570/0x570 [ 48.470213][ T1510] ? d_alloc_parallel+0x638/0x1010 [ 48.475679][ T1510] ext4_lookup+0x156/0x570 [ 48.480085][ T1510] ? userns_owner+0x30/0x30 [ 48.484797][ T1510] ? ext4_resetent+0x280/0x280 [ 48.489633][ T1510] ? apparmor_capget+0x6b0/0x6b0 [ 48.494558][ T1510] ? tomoyo_path_mknod+0xb5/0x130 [ 48.499911][ T1510] ? from_kgid+0x7f/0xc0 [ 48.504142][ T1510] ? ext4_resetent+0x280/0x280 [ 48.508879][ T1510] lookup_open.isra.0+0x808/0x1680 [ 48.513985][ T1510] ? vfs_tmpfile+0x2d0/0x2d0 [ 48.518557][ T1510] path_openat+0x7e3/0x2360 [ 48.523429][ T1510] ? __kasan_slab_alloc+0x31/0x80 [ 48.528782][ T1510] ? do_syscall_64+0x33/0x80 [ 48.533344][ T1510] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 48.539657][ T1510] ? path_lookupat+0x6b0/0x6b0 [ 48.544443][ T1510] ? lock_downgrade+0x4f0/0x4f0 [ 48.549744][ T1510] ? find_held_lock+0x2d/0x110 [ 48.554820][ T1510] do_filp_open+0x199/0x3d0 [ 48.559303][ T1510] ? may_open_dev+0xd0/0xd0 [ 48.563775][ T1510] ? do_raw_spin_lock+0x120/0x2b0 [ 48.568893][ T1510] ? rwlock_bug.part.0+0x90/0x90 [ 48.574177][ T1510] ? lock_acquire+0x11a/0x230 [ 48.578852][ T1510] ? _raw_spin_unlock+0x1a/0x20 [ 48.583696][ T1510] ? alloc_fd+0x17c/0x4e0 [ 48.588039][ T1510] ? getname_flags.part.0+0x89/0x440 [ 48.593293][ T1510] do_sys_openat2+0x11e/0x400 [ 48.597968][ T1510] ? build_open_flags+0x490/0x490 [ 48.603047][ T1510] ? lock_downgrade+0x4f0/0x4f0 [ 48.607878][ T1510] __x64_sys_open+0xfd/0x1a0 [ 48.612449][ T1510] ? do_sys_open+0xe0/0xe0 [ 48.616889][ T1510] ? vtime_user_exit+0xde/0x180 [ 48.621738][ T1510] ? trace_user_exit.constprop.0+0x25/0xb0 [ 48.627510][ T1510] do_syscall_64+0x33/0x80 [ 48.631896][ T1510] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 48.637755][ T1510] RIP: 0033:0x7f6490c95b29 [ 48.642228][ T1510] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 48.662350][ T1510] RSP: 002b:00007f64908180c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 48.670740][ T1510] RAX: ffffffffffffffda RBX: 00007f6490db4f80 RCX: 00007f6490c95b29 [ 48.678826][ T1510] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100 [ 48.686791][ T1510] RBP: 00007f6490ce147a R08: 0000000000000000 R09: 0000000000000000 [ 48.694750][ T1510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 48.702737][ T1510] R13: 0000000000000006 R14: 00007f6490db4f80 R15: 00007fffdd4dd3e8 [ 48.710773][ T1510] [ 48.713771][ T1510] [ 48.716102][ T1510] Allocated by task 1133: [ 48.720403][ T1510] kasan_save_stack+0x1b/0x40 [ 48.725419][ T1510] __kasan_slab_alloc+0x61/0x80 [ 48.730427][ T1510] kmem_cache_alloc+0x211/0x310 [ 48.735899][ T1510] vm_area_dup+0x73/0x280 [ 48.740201][ T1510] __split_vma+0x88/0x490 [ 48.744601][ T1510] __do_munmap+0x23f/0x10c0 [ 48.749095][ T1510] mmap_region+0x1ae/0x1050 [ 48.753911][ T1510] do_mmap+0x5ca/0xd80 [ 48.757946][ T1510] vm_mmap_pgoff+0x160/0x200 [ 48.762501][ T1510] ksys_mmap_pgoff+0x396/0x570 [ 48.767233][ T1510] do_syscall_64+0x33/0x80 [ 48.771622][ T1510] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 48.777569][ T1510] [ 48.779881][ T1510] Freed by task 1133: [ 48.783917][ T1510] kasan_save_stack+0x1b/0x40 [ 48.788644][ T1510] kasan_set_track+0x1c/0x30 [ 48.793195][ T1510] kasan_set_free_info+0x20/0x30 [ 48.798098][ T1510] __kasan_slab_free+0xe0/0x110 [ 48.802911][ T1510] kmem_cache_free+0x7e/0x450 [ 48.807548][ T1510] remove_vma+0xeb/0x120 [ 48.811753][ T1510] __do_munmap+0x53f/0x10c0 [ 48.816218][ T1510] mmap_region+0x1ae/0x1050 [ 48.820700][ T1510] do_mmap+0x5ca/0xd80 [ 48.824753][ T1510] vm_mmap_pgoff+0x160/0x200 [ 48.829309][ T1510] ksys_mmap_pgoff+0x91/0x570 [ 48.833992][ T1510] do_syscall_64+0x33/0x80 [ 48.838475][ T1510] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 48.844604][ T1510] [ 48.846897][ T1510] The buggy address belongs to the object at ffff88811f416300 [ 48.846897][ T1510] which belongs to the cache vm_area_struct of size 192 [ 48.861529][ T1510] The buggy address is located 45 bytes to the right of [ 48.861529][ T1510] 192-byte region [ffff88811f416300, ffff88811f4163c0) [ 48.875616][ T1510] The buggy address belongs to the page: [ 48.881220][ T1510] page:ffffea00047d0580 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11f416 [ 48.891421][ T1510] flags: 0x200000000000200(slab|node=0|zone=2) [ 48.897546][ T1510] raw: 0200000000000200 ffffea00047d0540 0000000800000008 ffff888100137a00 [ 48.906284][ T1510] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 48.914829][ T1510] page dumped because: kasan: bad access detected [ 48.921293][ T1510] page_owner tracks the page as allocated [ 48.926975][ T1510] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 717, ts 26101885943, free_ts 26099903196 [ 48.943189][ T1510] get_page_from_freelist+0x166f/0x2910 [ 48.948883][ T1510] __alloc_pages+0x2b3/0x590 [ 48.953451][ T1510] allocate_slab+0x2eb/0x430 [ 48.958123][ T1510] ___slab_alloc+0xb1c/0xf80 [ 48.962677][ T1510] kmem_cache_alloc+0x2d7/0x310 [ 48.967499][ T1510] vm_area_alloc+0x17/0xf0 [ 48.971880][ T1510] mmap_region+0x618/0x1050 [ 48.976355][ T1510] do_mmap+0x5ca/0xd80 [ 48.980387][ T1510] vm_mmap_pgoff+0x160/0x200 [ 48.984943][ T1510] ksys_mmap_pgoff+0x396/0x570 [ 48.989670][ T1510] do_syscall_64+0x33/0x80 [ 48.994063][ T1510] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 48.999944][ T1510] page last free stack trace: [ 49.004721][ T1510] free_pcp_prepare+0x34e/0x730 [ 49.009549][ T1510] free_unref_page_list+0x168/0x9a0 [ 49.014855][ T1510] release_pages+0x9f2/0x1100 [ 49.019500][ T1510] tlb_finish_mmu+0x125/0x6c0 [ 49.024245][ T1510] exit_mmap+0x185/0x4e0 [ 49.028584][ T1510] mmput+0x90/0x390 [ 49.032370][ T1510] do_exit+0x87f/0x21d0 [ 49.036498][ T1510] do_group_exit+0xe7/0x290 [ 49.041227][ T1510] __x64_sys_exit_group+0x35/0x40 [ 49.046304][ T1510] do_syscall_64+0x33/0x80 [ 49.050689][ T1510] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 49.056646][ T1510] [ 49.059032][ T1510] Memory state around the buggy address: [ 49.064712][ T1510] ffff88811f416280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 49.072825][ T1510] ffff88811f416300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.080937][ T1510] >ffff88811f416380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 49.089061][ T1510] ^ [ 49.096685][ T1510] ffff88811f416400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 49.104831][ T1510] ffff88811f416480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 49.112880][ T1510] ================================================================== [ 49.121009][ T1510] Disabling lock debugging due to kernel taint [ 49.127256][ T1510] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 49.134781][ T1510] Kernel Offset: disabled [ 49.139085][ T1510] Rebooting in 86400 seconds..