Warning: Permanently added '10.128.0.99' (ED25519) to the list of known hosts. 2023/07/31 15:06:02 ignoring optional flag "sandboxArg"="0" 2023/07/31 15:06:02 parsed 1 programs 2023/07/31 15:06:02 executed programs: 0 [ 46.882382][ T1046] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 49.582504][ T1506] loop0: detected capacity change from 0 to 512 [ 49.591318][ T1506] EXT4-fs (loop0): Ignoring removed bh option [ 49.598147][ T1506] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 49.608517][ T1506] EXT4-fs (loop0): 1 truncate cleaned up [ 49.614310][ T1506] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 49.636110][ T1506] ================================================================== [ 49.644191][ T1506] BUG: KASAN: slab-out-of-bounds in ext4_search_dir+0x1df/0x260 [ 49.651888][ T1506] Read of size 1 at addr ffff8881119a43ed by task syz-executor.0/1506 [ 49.660011][ T1506] [ 49.662316][ T1506] CPU: 0 PID: 1506 Comm: syz-executor.0 Not tainted 5.15.123-syzkaller #0 [ 49.671137][ T1506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 49.681169][ T1506] Call Trace: [ 49.684429][ T1506] [ 49.687359][ T1506] dump_stack_lvl+0x41/0x5e [ 49.691850][ T1506] print_address_description.constprop.0.cold+0x6c/0x309 [ 49.698861][ T1506] ? ext4_search_dir+0x1df/0x260 [ 49.703775][ T1506] ? ext4_search_dir+0x1df/0x260 [ 49.708774][ T1506] kasan_report.cold+0x83/0xdf [ 49.713600][ T1506] ? ext4_search_dir+0x1df/0x260 [ 49.718508][ T1506] ext4_search_dir+0x1df/0x260 [ 49.723247][ T1506] ext4_find_inline_entry+0x355/0x440 [ 49.728591][ T1506] ? tomoyo_path_number_perm+0x1d8/0x420 [ 49.734289][ T1506] ? ext4_try_create_inline_dir+0x290/0x290 [ 49.740152][ T1506] ? lock_downgrade+0x4f0/0x4f0 [ 49.744974][ T1506] __ext4_find_entry+0x84a/0xce0 [ 49.749886][ T1506] ? find_held_lock+0x2d/0x110 [ 49.754626][ T1506] ? ext4_dx_find_entry+0x570/0x570 [ 49.759801][ T1506] ? d_alloc_parallel+0x638/0x1010 [ 49.764890][ T1506] ext4_lookup+0x156/0x570 [ 49.769287][ T1506] ? userns_owner+0x30/0x30 [ 49.773784][ T1506] ? ext4_resetent+0x280/0x280 [ 49.778547][ T1506] ? apparmor_path_link+0x3c0/0x3c0 [ 49.783904][ T1506] ? tomoyo_path_mknod+0xb5/0x130 [ 49.788937][ T1506] ? from_kgid+0x7f/0xc0 [ 49.793222][ T1506] ? ext4_resetent+0x280/0x280 [ 49.798102][ T1506] lookup_open.isra.0+0x808/0x1680 [ 49.803219][ T1506] ? vfs_tmpfile+0x2d0/0x2d0 [ 49.807880][ T1506] path_openat+0x800/0x24d0 [ 49.812385][ T1506] ? get_slabinfo+0xd1/0xf0 [ 49.816882][ T1506] ? __x64_sys_open+0xfd/0x1a0 [ 49.821702][ T1506] ? do_syscall_64+0x35/0x80 [ 49.826280][ T1506] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 49.832889][ T1506] ? path_lookupat+0x6b0/0x6b0 [ 49.837669][ T1506] ? futex_wait_restart+0x210/0x210 [ 49.842843][ T1506] ? stack_trace_save+0x8c/0xc0 [ 49.847674][ T1506] ? filter_irq_stacks+0x90/0x90 [ 49.852588][ T1506] ? kasan_save_stack+0x1b/0x40 [ 49.857416][ T1506] do_filp_open+0x199/0x3d0 [ 49.861929][ T1506] ? may_open_dev+0xd0/0xd0 [ 49.866409][ T1506] ? do_raw_spin_lock+0x120/0x2b0 [ 49.871500][ T1506] ? rwlock_bug.part.0+0x90/0x90 [ 49.876420][ T1506] ? lock_acquire+0x11a/0x230 [ 49.881185][ T1506] ? _raw_spin_unlock+0x1a/0x20 [ 49.886182][ T1506] ? alloc_fd+0x17c/0x4e0 [ 49.890485][ T1506] ? getname_flags.part.0+0x89/0x440 [ 49.895841][ T1506] do_sys_openat2+0x11e/0x400 [ 49.900491][ T1506] ? build_open_flags+0x490/0x490 [ 49.905584][ T1506] ? lock_downgrade+0x4f0/0x4f0 [ 49.910414][ T1506] __x64_sys_open+0xfd/0x1a0 [ 49.916128][ T1506] ? do_sys_open+0xe0/0xe0 [ 49.920635][ T1506] ? vtime_user_exit+0xde/0x180 [ 49.925489][ T1506] ? trace_user_exit.constprop.0+0x25/0xb0 [ 49.931282][ T1506] do_syscall_64+0x35/0x80 [ 49.936461][ T1506] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 49.942515][ T1506] RIP: 0033:0x7f787297fb29 [ 49.946906][ T1506] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 49.966888][ T1506] RSP: 002b:00007f78725020c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 49.975386][ T1506] RAX: ffffffffffffffda RBX: 00007f7872a9ef80 RCX: 00007f787297fb29 [ 49.983345][ T1506] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100 [ 49.991298][ T1506] RBP: 00007f78729cb47a R08: 0000000000000000 R09: 0000000000000000 [ 49.999260][ T1506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 50.007314][ T1506] R13: 0000000000000006 R14: 00007f7872a9ef80 R15: 00007ffe39248208 [ 50.015511][ T1506] [ 50.018517][ T1506] [ 50.020836][ T1506] Allocated by task 1494: [ 50.025400][ T1506] kasan_save_stack+0x1b/0x40 [ 50.030100][ T1506] __kasan_kmalloc+0x7c/0x90 [ 50.034681][ T1506] load_elf_binary+0x3bc/0x3eb0 [ 50.039627][ T1506] bprm_execve+0x62a/0x1330 [ 50.044113][ T1506] kernel_execve+0x2dc/0x400 [ 50.048747][ T1506] call_usermodehelper_exec_async+0x2c1/0x500 [ 50.054814][ T1506] ret_from_fork+0x1f/0x30 [ 50.059211][ T1506] [ 50.061530][ T1506] Freed by task 1494: [ 50.065485][ T1506] kasan_save_stack+0x1b/0x40 [ 50.070141][ T1506] kasan_set_track+0x1c/0x30 [ 50.074704][ T1506] kasan_set_free_info+0x20/0x30 [ 50.079615][ T1506] __kasan_slab_free+0xe0/0x110 [ 50.084446][ T1506] kfree+0xd0/0x4c0 [ 50.088237][ T1506] load_elf_binary+0x546/0x3eb0 [ 50.093248][ T1506] bprm_execve+0x62a/0x1330 [ 50.098033][ T1506] kernel_execve+0x2dc/0x400 [ 50.102615][ T1506] call_usermodehelper_exec_async+0x2c1/0x500 [ 50.108859][ T1506] ret_from_fork+0x1f/0x30 [ 50.113272][ T1506] [ 50.115679][ T1506] The buggy address belongs to the object at ffff8881119a43c0 [ 50.115679][ T1506] which belongs to the cache kmalloc-32 of size 32 [ 50.129625][ T1506] The buggy address is located 13 bytes to the right of [ 50.129625][ T1506] 32-byte region [ffff8881119a43c0, ffff8881119a43e0) [ 50.143226][ T1506] The buggy address belongs to the page: [ 50.148836][ T1506] page:ffffea0004466900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1119a4 [ 50.159154][ T1506] flags: 0x200000000000200(slab|node=0|zone=2) [ 50.165291][ T1506] raw: 0200000000000200 ffffea0004167280 0000000400000004 ffff888100041500 [ 50.173938][ T1506] raw: 0000000000000000 0000000000400040 00000001ffffffff 0000000000000000 [ 50.182494][ T1506] page dumped because: kasan: bad access detected [ 50.188876][ T1506] page_owner tracks the page as allocated [ 50.194566][ T1506] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 378, ts 4089191009, free_ts 0 [ 50.210091][ T1506] get_page_from_freelist+0x166f/0x2910 [ 50.215612][ T1506] __alloc_pages+0x2b3/0x590 [ 50.220178][ T1506] allocate_slab+0x2eb/0x430 [ 50.224825][ T1506] ___slab_alloc+0xb1c/0xf80 [ 50.229587][ T1506] __kmalloc+0x2da/0x2f0 [ 50.233811][ T1506] kobject_get_path+0x9a/0x1d0 [ 50.238749][ T1506] kobject_uevent_env+0x1e7/0x10d0 [ 50.243836][ T1506] kobject_synth_uevent+0x468/0x680 [ 50.249117][ T1506] uevent_store+0x17/0x30 [ 50.253477][ T1506] kernfs_fop_write_iter+0x313/0x510 [ 50.258749][ T1506] new_sync_write+0x35d/0x5f0 [ 50.263423][ T1506] vfs_write+0x53e/0x7b0 [ 50.267988][ T1506] ksys_write+0xf4/0x1d0 [ 50.272301][ T1506] do_syscall_64+0x35/0x80 [ 50.276718][ T1506] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 50.282688][ T1506] page_owner free stack trace missing [ 50.288156][ T1506] [ 50.290700][ T1506] Memory state around the buggy address: [ 50.296330][ T1506] ffff8881119a4280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 50.304368][ T1506] ffff8881119a4300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 50.312493][ T1506] >ffff8881119a4380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 50.320803][ T1506] ^ [ 50.328238][ T1506] ffff8881119a4400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 50.336369][ T1506] ffff8881119a4480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 50.345248][ T1506] ================================================================== [ 50.353301][ T1506] Disabling lock debugging due to kernel taint [ 50.359572][ T1506] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 50.367084][ T1506] Kernel Offset: disabled [ 50.371413][ T1506] Rebooting in 86400 seconds..