Warning: Permanently added '10.128.1.144' (ED25519) to the list of known hosts. 2024/08/18 12:46:21 ignoring optional flag "sandboxArg"="0" 2024/08/18 12:46:21 parsed 1 programs [ 50.398852][ T1478] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2024/08/18 12:46:24 executed programs: 0 [ 61.740900][ T4215] loop1: detected capacity change from 0 to 128 [ 61.759475][ T4215] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 61.770288][ T4215] ext4 filesystem being mounted at /root/syzkaller-testdir165188464/syzkaller.4L0QKP/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 61.806678][ T4229] loop0: detected capacity change from 0 to 128 [ 61.820796][ T4215] EXT4-fs warning (device loop1): dx_probe:890: inode #2: comm syz-executor.1: dx entry: limit 0 != root limit 124 [ 61.833170][ T4215] EXT4-fs warning (device loop1): dx_probe:964: inode #2: comm syz-executor.1: Corrupt directory, running e2fsck is recommended [ 61.847516][ T4215] EXT4-fs error (device loop1): ext4_readdir:258: inode #2: block 63: comm syz-executor.1: path (unknown): bad entry in directory: directory entry overrun - offset=1023, inode=4177066035, rec_len=63736, size=1024 fake=0 [ 61.864195][ T4229] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. 2024/08/18 12:46:32 executed programs: 5 [ 61.881439][ T4229] ext4 filesystem being mounted at /root/syzkaller-testdir2406241118/syzkaller.J1Pm2r/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 61.894037][ T2001] EXT4-fs warning (device loop1): dx_probe:890: inode #2: comm syz-executor.1: dx entry: limit 0 != root limit 124 [ 61.929995][ T2001] EXT4-fs warning (device loop1): dx_probe:964: inode #2: comm syz-executor.1: Corrupt directory, running e2fsck is recommended [ 61.943745][ T2001] EXT4-fs error (device loop1): ext4_readdir:258: inode #2: block 4: comm syz-executor.1: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 61.973483][ T2001] EXT4-fs warning (device loop1): dx_probe:890: inode #2: comm syz-executor.1: dx entry: limit 0 != root limit 124 [ 61.986458][ T2001] EXT4-fs warning (device loop1): dx_probe:964: inode #2: comm syz-executor.1: Corrupt directory, running e2fsck is recommended [ 61.996959][ T4229] EXT4-fs warning (device loop0): dx_probe:890: inode #2: comm syz-executor.0: dx entry: limit 0 != root limit 124 [ 62.013084][ T4229] EXT4-fs warning (device loop0): dx_probe:964: inode #2: comm syz-executor.0: Corrupt directory, running e2fsck is recommended [ 62.027610][ T4229] EXT4-fs error (device loop0): ext4_readdir:258: inode #2: block 63: comm syz-executor.0: path (unknown): bad entry in directory: directory entry overrun - offset=1023, inode=4177066035, rec_len=63736, size=1024 fake=0 [ 62.071323][ T2006] EXT4-fs warning (device loop0): dx_probe:890: inode #2: comm syz-executor.0: dx entry: limit 0 != root limit 124 [ 62.083571][ T2006] EXT4-fs warning (device loop0): dx_probe:964: inode #2: comm syz-executor.0: Corrupt directory, running e2fsck is recommended [ 62.107016][ T2006] EXT4-fs error (device loop0): ext4_readdir:258: inode #2: block 4: comm syz-executor.0: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 62.126809][ T4262] loop2: detected capacity change from 0 to 128 [ 62.128960][ T4260] loop3: detected capacity change from 0 to 128 [ 62.143020][ T2006] EXT4-fs warning (device loop0): dx_probe:890: inode #2: comm syz-executor.0: dx entry: limit 0 != root limit 124 [ 62.155207][ T2006] EXT4-fs warning (device loop0): dx_probe:964: inode #2: comm syz-executor.0: Corrupt directory, running e2fsck is recommended [ 62.202385][ T4262] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 62.213368][ T4262] ext4 filesystem being mounted at /root/syzkaller-testdir3942743311/syzkaller.kLc5Rd/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 62.268953][ T4260] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 62.279909][ T4260] ext4 filesystem being mounted at /root/syzkaller-testdir1543101593/syzkaller.plBzsZ/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 62.318313][ T4262] EXT4-fs warning (device loop2): dx_probe:890: inode #2: comm syz-executor.2: dx entry: limit 0 != root limit 124 [ 62.331079][ T4262] EXT4-fs warning (device loop2): dx_probe:964: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended [ 62.395704][ T4262] EXT4-fs error (device loop2): ext4_readdir:258: inode #2: block 63: comm syz-executor.2: path (unknown): bad entry in directory: directory entry overrun - offset=1023, inode=2622160947, rec_len=33036, size=1024 fake=0 [ 62.434580][ T4260] EXT4-fs warning (device loop3): dx_probe:890: inode #2: comm syz-executor.3: dx entry: limit 0 != root limit 124 [ 62.437039][ T2002] EXT4-fs warning (device loop2): dx_probe:890: inode #2: comm syz-executor.2: dx entry: limit 0 != root limit 124 [ 62.446774][ T4260] EXT4-fs warning (device loop3): dx_probe:964: inode #2: comm syz-executor.3: Corrupt directory, running e2fsck is recommended [ 62.472385][ T4260] EXT4-fs error (device loop3): ext4_readdir:258: inode #2: block 63: comm syz-executor.3: path (unknown): bad entry in directory: directory entry overrun - offset=1023, inode=4177066035, rec_len=63736, size=1024 fake=0 [ 62.472476][ T2002] EXT4-fs warning (device loop2): dx_probe:964: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended [ 62.507235][ T2002] EXT4-fs error (device loop2): ext4_readdir:258: inode #2: block 4: comm syz-executor.2: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 62.538167][ T2002] EXT4-fs warning (device loop2): dx_probe:890: inode #2: comm syz-executor.2: dx entry: limit 0 != root limit 124 [ 62.550490][ T2002] EXT4-fs warning (device loop2): dx_probe:964: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended [ 62.568034][ T2005] EXT4-fs warning (device loop3): dx_probe:890: inode #2: comm syz-executor.3: dx entry: limit 0 != root limit 124 [ 62.580760][ T2005] EXT4-fs warning (device loop3): dx_probe:964: inode #2: comm syz-executor.3: Corrupt directory, running e2fsck is recommended [ 62.606357][ T2005] EXT4-fs error (device loop3): ext4_readdir:258: inode #2: block 4: comm syz-executor.3: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 62.634149][ T2005] EXT4-fs warning (device loop3): dx_probe:890: inode #2: comm syz-executor.3: dx entry: limit 0 != root limit 124 [ 62.646533][ T2005] EXT4-fs warning (device loop3): dx_probe:964: inode #2: comm syz-executor.3: Corrupt directory, running e2fsck is recommended [ 62.661108][ T4325] loop4: detected capacity change from 0 to 128 [ 62.759339][ T4325] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 62.770299][ T4325] ext4 filesystem being mounted at /root/syzkaller-testdir2762504200/syzkaller.v77fY1/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 62.829728][ T4325] EXT4-fs warning (device loop4): dx_probe:890: inode #2: comm syz-executor.4: dx entry: limit 0 != root limit 124 [ 62.842207][ T4325] EXT4-fs warning (device loop4): dx_probe:964: inode #2: comm syz-executor.4: Corrupt directory, running e2fsck is recommended [ 62.884543][ T4325] ================================================================== [ 62.892613][ T4325] BUG: KASAN: use-after-free in __ext4_check_dir_entry+0x5ee/0x920 [ 62.900872][ T4325] Read of size 2 at addr ffff8881191d0003 by task syz-executor.4/4325 [ 62.909027][ T4325] [ 62.911367][ T4325] CPU: 0 PID: 4325 Comm: syz-executor.4 Not tainted 5.15.164-syzkaller #0 [ 62.919942][ T4325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 62.930165][ T4325] Call Trace: [ 62.933510][ T4325] [ 62.936409][ T4325] dump_stack_lvl+0x41/0x5e [ 62.941139][ T4325] print_address_description.constprop.0.cold+0x6c/0x309 [ 62.948343][ T4325] ? __ext4_check_dir_entry+0x5ee/0x920 [ 62.953950][ T4325] ? __ext4_check_dir_entry+0x5ee/0x920 [ 62.959721][ T4325] kasan_report.cold+0x83/0xdf [ 62.964713][ T4325] ? __ext4_check_dir_entry+0x5ee/0x920 [ 62.970531][ T4325] __ext4_check_dir_entry+0x5ee/0x920 [ 62.975988][ T4325] ext4_readdir+0xd2c/0x2780 [ 62.980666][ T4325] ? __ext4_check_dir_entry+0x920/0x920 [ 62.986388][ T4325] ? down_read_killable+0x157/0x330 [ 62.991654][ T4325] ? fsnotify_perm.part.0+0x118/0x4c0 [ 62.997016][ T4325] iterate_dir+0x48a/0x6d0 [ 63.001434][ T4325] __x64_sys_getdents64+0x122/0x220 [ 63.006596][ T4325] ? __ia32_sys_getdents+0x220/0x220 [ 63.011870][ T4325] ? compat_fillonedir+0x300/0x300 [ 63.017028][ T4325] ? vtime_user_exit+0xde/0x180 [ 63.021857][ T4325] do_syscall_64+0x33/0x80 [ 63.026326][ T4325] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 63.032295][ T4325] RIP: 0033:0x7f6a46367ee9 [ 63.036879][ T4325] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 63.056580][ T4325] RSP: 002b:00007f6a45eea0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 63.064971][ T4325] RAX: ffffffffffffffda RBX: 00007f6a4649efa0 RCX: 00007f6a46367ee9 [ 63.073148][ T4325] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000008 [ 63.081215][ T4325] RBP: 00007f6a463b447f R08: 0000000000000000 R09: 0000000000000000 [ 63.089357][ T4325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 63.097397][ T4325] R13: 0000000000000006 R14: 00007f6a4649efa0 R15: 00007fff42eda038 [ 63.105433][ T4325] [ 63.108445][ T4325] [ 63.110961][ T4325] Allocated by task 4003: [ 63.115309][ T4325] kasan_save_stack+0x1b/0x40 [ 63.119962][ T4325] __kasan_kmalloc+0x7c/0x90 [ 63.124608][ T4325] tomoyo_realpath_from_path+0xb0/0x6d0 [ 63.130430][ T4325] tomoyo_path_perm+0x1ed/0x320 [ 63.135430][ T4325] security_inode_getattr+0xab/0x100 [ 63.140803][ T4325] vfs_statx+0xe8/0x2e0 [ 63.145032][ T4325] __do_sys_newfstatat+0x7d/0xd0 [ 63.149953][ T4325] do_syscall_64+0x33/0x80 [ 63.154346][ T4325] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 63.160334][ T4325] [ 63.162717][ T4325] Freed by task 4003: [ 63.166694][ T4325] kasan_save_stack+0x1b/0x40 [ 63.171439][ T4325] kasan_set_track+0x1c/0x30 [ 63.175991][ T4325] kasan_set_free_info+0x20/0x30 [ 63.180981][ T4325] __kasan_slab_free+0xe0/0x110 [ 63.185793][ T4325] kfree+0xd0/0x4c0 [ 63.189754][ T4325] tomoyo_realpath_from_path+0x16b/0x6d0 [ 63.195607][ T4325] tomoyo_path_perm+0x1ed/0x320 [ 63.200882][ T4325] security_inode_getattr+0xab/0x100 [ 63.206733][ T4325] vfs_statx+0xe8/0x2e0 [ 63.212180][ T4325] __do_sys_newfstatat+0x7d/0xd0 [ 63.218202][ T4325] do_syscall_64+0x33/0x80 [ 63.222829][ T4325] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 63.229437][ T4325] [ 63.232006][ T4325] The buggy address belongs to the object at ffff8881191d0000 [ 63.232006][ T4325] which belongs to the cache kmalloc-4k of size 4096 [ 63.249248][ T4325] The buggy address is located 3 bytes inside of [ 63.249248][ T4325] 4096-byte region [ffff8881191d0000, ffff8881191d1000) [ 63.263049][ T4325] The buggy address belongs to the page: [ 63.268987][ T4325] page:ffffea0004647400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1191d0 [ 63.279587][ T4325] head:ffffea0004647400 order:3 compound_mapcount:0 compound_pincount:0 [ 63.287890][ T4325] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 63.294487][ T4325] raw: 0200000000010200 0000000000000000 0000000100000001 ffff888100042140 [ 63.303171][ T4325] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 63.311950][ T4325] page dumped because: kasan: bad access detected [ 63.318530][ T4325] page_owner tracks the page as allocated [ 63.324236][ T4325] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 417, ts 4847752367, free_ts 0 [ 63.341787][ T4325] get_page_from_freelist+0x166f/0x2910 [ 63.347493][ T4325] __alloc_pages+0x2b3/0x590 [ 63.352403][ T4325] allocate_slab+0x2eb/0x430 [ 63.356989][ T4325] ___slab_alloc+0xb1c/0xf80 [ 63.361548][ T4325] __kmalloc+0x2da/0x2f0 [ 63.365866][ T4325] tomoyo_realpath_from_path+0xb0/0x6d0 [ 63.372002][ T4325] tomoyo_realpath_nofollow+0x9c/0xc0 [ 63.377655][ T4325] tomoyo_find_next_domain+0x24b/0x1bf0 [ 63.383556][ T4325] tomoyo_bprm_check_security+0xfb/0x170 [ 63.389248][ T4325] security_bprm_check+0x34/0x70 [ 63.394163][ T4325] bprm_execve+0x59b/0x1330 [ 63.399022][ T4325] do_execveat_common+0x5fd/0x7b0 [ 63.404194][ T4325] __x64_sys_execve+0x8a/0xb0 [ 63.409392][ T4325] do_syscall_64+0x33/0x80 [ 63.414097][ T4325] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 63.419966][ T4325] page_owner free stack trace missing [ 63.425313][ T4325] [ 63.427817][ T4325] Memory state around the buggy address: [ 63.433604][ T4325] ffff8881191cff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.441838][ T4325] ffff8881191cff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.450244][ T4325] >ffff8881191d0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.459175][ T4325] ^ [ 63.463688][ T4325] ffff8881191d0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.472740][ T4325] ffff8881191d0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.481021][ T4325] ================================================================== [ 63.489656][ T4325] Disabling lock debugging due to kernel taint [ 63.495969][ T4325] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 63.503849][ T4325] Kernel Offset: disabled [ 63.508440][ T4325] Rebooting in 86400 seconds..