Warning: Permanently added '10.128.1.106' (ED25519) to the list of known hosts. 2024/10/24 05:45:43 ignoring optional flag "sandboxArg"="0" 2024/10/24 05:45:43 ignoring optional flag "type"="gce" 2024/10/24 05:45:43 parsed 1 programs [ 48.587080][ T1491] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2024/10/24 05:45:46 executed programs: 0 [ 59.983350][ T4240] loop2: detected capacity change from 0 to 128 [ 60.009190][ T4246] loop3: detected capacity change from 0 to 128 [ 60.036044][ T4253] loop0: detected capacity change from 0 to 128 [ 60.044713][ T4246] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 60.055348][ T4246] ext4 filesystem being mounted at /root/syzkaller-testdir3168806287/syzkaller.TgKLlN/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 60.060473][ T4240] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 60.102502][ T4240] ext4 filesystem being mounted at /root/syzkaller-testdir2594943077/syzkaller.gBhBTv/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 60.107363][ T4246] EXT4-fs warning (device loop3): dx_probe:891: inode #2: comm syz-executor.3: dx entry: limit 0 != root limit 124 [ 60.151056][ T4246] EXT4-fs warning (device loop3): dx_probe:965: inode #2: comm syz-executor.3: Corrupt directory, running e2fsck is recommended [ 60.164889][ T4246] ================================================================== [ 60.168668][ T4253] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 60.173027][ T4246] BUG: KASAN: use-after-free in __ext4_check_dir_entry+0x5ee/0x920 [ 60.173053][ T4246] Read of size 2 at addr ffff888120205003 by task syz-executor.3/4246 [ 60.173058][ T4246] [ 60.173062][ T4246] CPU: 0 PID: 4246 Comm: syz-executor.3 Not tainted 5.15.169-syzkaller #0 [ 60.173068][ T4246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 60.173077][ T4246] Call Trace: [ 60.173085][ T4246] [ 60.173088][ T4246] dump_stack_lvl+0x41/0x5e [ 60.173101][ T4246] print_address_description.constprop.0.cold+0x6c/0x309 [ 60.173109][ T4246] ? __ext4_check_dir_entry+0x5ee/0x920 [ 60.173116][ T4246] ? __ext4_check_dir_entry+0x5ee/0x920 [ 60.173123][ T4246] kasan_report.cold+0x83/0xdf [ 60.173129][ T4246] ? __ext4_check_dir_entry+0x5ee/0x920 [ 60.173136][ T4246] __ext4_check_dir_entry+0x5ee/0x920 [ 60.173143][ T4246] ext4_readdir+0xd2c/0x2780 [ 60.173151][ T4246] ? __ext4_check_dir_entry+0x920/0x920 [ 60.173158][ T4246] ? down_read_killable+0x157/0x330 [ 60.173166][ T4246] ? fsnotify_perm.part.0+0x118/0x4c0 2024/10/24 05:45:55 executed programs: 5 [ 60.173176][ T4246] iterate_dir+0x48a/0x6d0 [ 60.173182][ T4246] __x64_sys_getdents64+0x122/0x220 [ 60.173189][ T4246] ? __ia32_sys_getdents+0x220/0x220 [ 60.173194][ T4246] ? compat_fillonedir+0x300/0x300 [ 60.173199][ T4246] ? vtime_user_exit+0xde/0x180 [ 60.173208][ T4246] do_syscall_64+0x33/0x80 [ 60.173213][ T4246] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 60.173223][ T4246] RIP: 0033:0x7f5a1b45fee9 [ 60.173233][ T4246] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 60.173239][ T4246] RSP: 002b:00007f5a1afe20c8 EFLAGS: 00000246 [ 60.183899][ T4253] ext4 filesystem being mounted at /root/syzkaller-testdir3004215407/syzkaller.ip5MAV/0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 60.191790][ T4246] ORIG_RAX: 00000000000000d9 [ 60.191794][ T4246] RAX: ffffffffffffffda RBX: 00007f5a1b596fa0 RCX: 00007f5a1b45fee9 [ 60.191798][ T4246] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000008 [ 60.191801][ T4246] RBP: 00007f5a1b4ac47f R08: 0000000000000000 R09: 0000000000000000 [ 60.191804][ T4246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 60.191808][ T4246] R13: 0000000000000006 R14: 00007f5a1b596fa0 R15: 00007ffc709c6a38 [ 60.191813][ T4246] [ 60.191816][ T4246] [ 60.227316][ T4253] EXT4-fs warning (device loop0): dx_probe:891: inode #2: comm syz-executor.0: dx entry: limit 0 != root limit 124 [ 60.227377][ T4246] Allocated by task 3899: [ 60.232045][ T4253] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor.0: Corrupt directory, running e2fsck is recommended [ 60.238988][ T4246] kasan_save_stack+0x1b/0x40 [ 60.245103][ T4253] EXT4-fs error (device loop0): ext4_readdir:258: inode #2: block 63: comm syz-executor.0: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=51, rec_len=0, size=1024 fake=0 [ 60.250271][ T4246] __kasan_slab_alloc+0x61/0x80 [ 60.250282][ T4246] kmem_cache_alloc+0x211/0x310 [ 60.250287][ T4246] __anon_vma_prepare+0x45/0x4d0 [ 60.250294][ T4246] __handle_mm_fault+0x18c8/0x1ec0 [ 60.250299][ T4246] handle_mm_fault+0x1c0/0x5a0 [ 60.250303][ T4246] do_user_addr_fault+0x293/0xc80 [ 60.271271][ T2000] EXT4-fs warning (device loop0): dx_probe:891: inode #2: comm syz-executor.0: dx entry: limit 0 != root limit 124 [ 60.276108][ T4246] exc_page_fault+0x5a/0xb0 [ 60.281366][ T2000] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor.0: Corrupt directory, running e2fsck is recommended [ 60.286637][ T4246] asm_exc_page_fault+0x22/0x30 [ 60.298592][ T2000] EXT4-fs error (device loop0): ext4_readdir:258: inode #2: block 4: comm syz-executor.0: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 60.301712][ T4246] [ 60.301716][ T4246] Freed by task 3899: [ 60.301720][ T4246] kasan_save_stack+0x1b/0x40 [ 60.301732][ T4246] kasan_set_track+0x1c/0x30 [ 60.301736][ T4246] kasan_set_free_info+0x20/0x30 [ 60.301741][ T4246] __kasan_slab_free+0xe0/0x110 [ 60.301746][ T4246] kmem_cache_free+0x7e/0x450 [ 60.301750][ T4246] unlink_anon_vmas+0x149/0x770 [ 60.307360][ T2000] EXT4-fs warning (device loop0): dx_probe:891: inode #2: comm syz-executor.0: dx entry: limit 0 != root limit 124 [ 60.311725][ T4246] free_pgtables+0x131/0x2b0 [ 60.311739][ T4246] exit_mmap+0x17a/0x4e0 [ 60.311744][ T4246] mmput+0x90/0x390 [ 60.311750][ T4246] do_exit+0x87f/0x21d0 [ 60.311755][ T4246] do_group_exit+0xe7/0x290 [ 60.311767][ T4246] __x64_sys_exit_group+0x35/0x40 [ 60.311772][ T4246] do_syscall_64+0x33/0x80 [ 60.311778][ T4246] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 60.311785][ T4246] [ 60.311788][ T4246] The buggy address belongs to the object at ffff888120205000 [ 60.311788][ T4246] which belongs to the cache anon_vma_chain of size 80 [ 60.311793][ T4246] The buggy address is located 3 bytes inside of [ 60.311793][ T4246] 80-byte region [ffff888120205000, ffff888120205050) [ 60.316193][ T2000] EXT4-fs warning (device loop0): dx_probe:965: inode #2: comm syz-executor.0: Corrupt directory, running e2fsck is recommended [ 60.322225][ T4246] The buggy address belongs to the page: [ 60.322238][ T4246] page:ffffea0004808140 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x120205 [ 60.322252][ T4246] memcg:ffff888114163c01 [ 60.322255][ T4246] flags: 0x200000000000200(slab|node=0|zone=2) [ 60.322268][ T4246] raw: 0200000000000200 ffffea00046e2c40 0000001700000013 ffff88810012f140 [ 60.322273][ T4246] raw: 0000000000000000 0000000000240024 00000001ffffffff ffff888114163c01 [ 60.322276][ T4246] page dumped because: kasan: bad access detected [ 60.322280][ T4246] page_owner tracks the page as allocated [ 60.322282][ T4246] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 697, ts 26604975958, free_ts 0 [ 60.479607][ T4240] EXT4-fs warning (device loop2): dx_probe:891: inode #2: comm syz-executor.2: dx entry: limit 0 != root limit 124 [ 60.495100][ T4246] get_page_from_freelist+0x166f/0x2910 [ 60.495116][ T4246] __alloc_pages+0x2b3/0x590 [ 60.495120][ T4246] allocate_slab+0x2eb/0x430 [ 60.495124][ T4246] ___slab_alloc+0xb1c/0xf80 [ 60.495128][ T4246] kmem_cache_alloc+0x2d7/0x310 [ 60.495132][ T4246] __anon_vma_prepare+0x45/0x4d0 [ 60.495139][ T4246] __handle_mm_fault+0x1976/0x1ec0 [ 60.495143][ T4246] handle_mm_fault+0x1c0/0x5a0 [ 60.495147][ T4246] do_user_addr_fault+0x293/0xc80 [ 60.495153][ T4246] exc_page_fault+0x5a/0xb0 [ 60.495160][ T4246] asm_exc_page_fault+0x22/0x30 [ 60.495166][ T4246] page_owner free stack trace missing [ 60.495168][ T4246] [ 60.495170][ T4246] Memory state around the buggy address: [ 60.495174][ T4246] ffff888120204f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.495179][ T4246] ffff888120204f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.495183][ T4246] >ffff888120205000: fa fb fb fb fb fb fb fb fb fb fc fc fc fc fa fb [ 60.495185][ T4246] ^ [ 60.495189][ T4246] ffff888120205080: fb fb fb fb fb fb fb fb fc fc fc fc fa fb fb fb [ 60.500072][ T4240] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended [ 60.504846][ T4246] ffff888120205100: fb fb fb fb fb fb fc fc fc fc fa fb fb fb fb fb [ 60.511279][ T4240] EXT4-fs error (device loop2): ext4_readdir:258: inode #2: block 63: comm syz-executor.2: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=1023, inode=51, rec_len=0, size=1024 fake=0 [ 60.515090][ T4246] ================================================================== [ 60.515095][ T4246] Disabling lock debugging due to kernel taint [ 60.515202][ T4246] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 60.533526][ T2010] EXT4-fs warning (device loop2): dx_probe:891: inode #2: comm syz-executor.2: dx entry: limit 0 != root limit 124 [ 60.537417][ T4246] Kernel Offset: disabled [ 60.974247][ T4246] Rebooting in 86400 seconds..