Warning: Permanently added '10.128.1.27' (ED25519) to the list of known hosts. 2023/09/30 19:18:11 ignoring optional flag "sandboxArg"="0" 2023/09/30 19:18:12 parsed 1 programs 2023/09/30 19:18:12 executed programs: 0 [ 41.296471][ T1047] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 43.466929][ T1506] loop0: detected capacity change from 0 to 512 [ 43.475265][ T1506] EXT4-fs (loop0): Ignoring removed bh option [ 43.481405][ T1506] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 43.491410][ T1506] EXT4-fs (loop0): 1 truncate cleaned up [ 43.497238][ T1506] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 43.522445][ T1506] ================================================================== [ 43.530611][ T1506] BUG: KASAN: slab-out-of-bounds in ext4_search_dir+0x1df/0x260 [ 43.538440][ T1506] Read of size 1 at addr ffff88810f74e3ed by task syz-executor.0/1506 [ 43.547015][ T1506] [ 43.549411][ T1506] CPU: 0 PID: 1506 Comm: syz-executor.0 Not tainted 5.15.133-syzkaller #0 [ 43.558116][ T1506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 43.568603][ T1506] Call Trace: [ 43.571966][ T1506] [ 43.574983][ T1506] dump_stack_lvl+0x41/0x5e [ 43.579763][ T1506] print_address_description.constprop.0.cold+0x6c/0x309 [ 43.586900][ T1506] ? ext4_search_dir+0x1df/0x260 [ 43.592081][ T1506] ? ext4_search_dir+0x1df/0x260 [ 43.597124][ T1506] kasan_report.cold+0x83/0xdf [ 43.602188][ T1506] ? ext4_search_dir+0x1df/0x260 [ 43.607104][ T1506] ext4_search_dir+0x1df/0x260 [ 43.611846][ T1506] ext4_find_inline_entry+0x355/0x440 [ 43.617393][ T1506] ? tomoyo_path_number_perm+0x1d8/0x420 [ 43.623008][ T1506] ? ext4_try_create_inline_dir+0x290/0x290 [ 43.628956][ T1506] ? lock_downgrade+0x4f0/0x4f0 [ 43.634156][ T1506] __ext4_find_entry+0x84a/0xce0 [ 43.639228][ T1506] ? find_held_lock+0x2d/0x110 [ 43.644150][ T1506] ? ext4_dx_find_entry+0x570/0x570 [ 43.649410][ T1506] ? d_alloc_parallel+0x638/0x1010 [ 43.654498][ T1506] ext4_lookup+0x156/0x570 [ 43.658913][ T1506] ? userns_owner+0x30/0x30 [ 43.663431][ T1506] ? ext4_resetent+0x280/0x280 [ 43.668247][ T1506] ? apparmor_path_link+0x3c0/0x3c0 [ 43.673584][ T1506] ? tomoyo_path_mknod+0xb5/0x130 [ 43.678594][ T1506] ? from_kgid+0x7f/0xc0 [ 43.683090][ T1506] ? ext4_resetent+0x280/0x280 [ 43.687840][ T1506] lookup_open.isra.0+0x808/0x1680 [ 43.693142][ T1506] ? vfs_tmpfile+0x2d0/0x2d0 [ 43.697713][ T1506] path_openat+0x800/0x24d0 [ 43.702377][ T1506] ? get_slabinfo+0xa1/0xf0 [ 43.706852][ T1506] ? __x64_sys_open+0xfd/0x1a0 [ 43.711673][ T1506] ? do_syscall_64+0x35/0x80 [ 43.716330][ T1506] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 43.722523][ T1506] ? path_lookupat+0x6b0/0x6b0 [ 43.727591][ T1506] ? futex_wait_restart+0x210/0x210 [ 43.732921][ T1506] ? stack_trace_save+0x8c/0xc0 [ 43.737757][ T1506] ? filter_irq_stacks+0x90/0x90 [ 43.742823][ T1506] ? kasan_save_stack+0x1b/0x40 [ 43.747750][ T1506] do_filp_open+0x199/0x3d0 [ 43.752361][ T1506] ? may_open_dev+0xd0/0xd0 [ 43.757195][ T1506] ? do_raw_spin_lock+0x120/0x2b0 [ 43.762242][ T1506] ? rwlock_bug.part.0+0x90/0x90 [ 43.767247][ T1506] ? lock_acquire+0x11a/0x230 [ 43.772597][ T1506] ? _raw_spin_unlock+0x1a/0x20 [ 43.777540][ T1506] ? alloc_fd+0x17c/0x4e0 [ 43.782024][ T1506] ? getname_flags.part.0+0x89/0x440 [ 43.787376][ T1506] do_sys_openat2+0x11e/0x400 [ 43.792475][ T1506] ? build_open_flags+0x490/0x490 [ 43.797562][ T1506] ? lock_downgrade+0x4f0/0x4f0 [ 43.803014][ T1506] __x64_sys_open+0xfd/0x1a0 [ 43.807709][ T1506] ? do_sys_open+0xe0/0xe0 [ 43.812486][ T1506] ? vtime_user_exit+0xde/0x180 [ 43.817405][ T1506] ? trace_user_exit.constprop.0+0x25/0xb0 [ 43.823293][ T1506] do_syscall_64+0x35/0x80 [ 43.827698][ T1506] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 43.833577][ T1506] RIP: 0033:0x7f71a3b18b29 [ 43.837966][ T1506] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 43.857662][ T1506] RSP: 002b:00007f71a369b0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 43.866533][ T1506] RAX: ffffffffffffffda RBX: 00007f71a3c37f80 RCX: 00007f71a3b18b29 [ 43.874501][ T1506] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100 [ 43.882652][ T1506] RBP: 00007f71a3b6447a R08: 0000000000000000 R09: 0000000000000000 [ 43.890807][ T1506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 43.898936][ T1506] R13: 0000000000000006 R14: 00007f71a3c37f80 R15: 00007ffee88b4468 [ 43.907157][ T1506] [ 43.910163][ T1506] [ 43.912574][ T1506] Allocated by task 1052: [ 43.916961][ T1506] kasan_save_stack+0x1b/0x40 [ 43.921704][ T1506] __kasan_kmalloc+0x7c/0x90 [ 43.927151][ T1506] __alloc_skb+0x8b/0x280 [ 43.931465][ T1506] netlink_ack+0x11b/0x910 [ 43.936025][ T1506] netlink_rcv_skb+0x255/0x340 [ 43.940857][ T1506] netlink_unicast+0x4f2/0x7d0 [ 43.945678][ T1506] netlink_sendmsg+0x770/0xc20 [ 43.950525][ T1506] sock_sendmsg+0xab/0xe0 [ 43.954958][ T1506] __sys_sendto+0x1a4/0x270 [ 43.959637][ T1506] __x64_sys_sendto+0xd8/0x1b0 [ 43.964545][ T1506] do_syscall_64+0x35/0x80 [ 43.968935][ T1506] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 43.974901][ T1506] [ 43.977200][ T1506] Freed by task 1052: [ 43.981147][ T1506] kasan_save_stack+0x1b/0x40 [ 43.985881][ T1506] kasan_set_track+0x1c/0x30 [ 43.990526][ T1506] kasan_set_free_info+0x20/0x30 [ 43.995519][ T1506] __kasan_slab_free+0xe0/0x110 [ 44.000335][ T1506] kfree+0xd0/0x4c0 [ 44.004213][ T1506] skb_release_data+0x479/0x590 [ 44.009038][ T1506] consume_skb+0xcc/0x1e0 [ 44.013340][ T1506] skb_free_datagram+0xd/0xb0 [ 44.018164][ T1506] netlink_recvmsg+0x421/0xb70 [ 44.022904][ T1506] __sys_recvfrom+0x1ea/0x2f0 [ 44.027552][ T1506] __x64_sys_recvfrom+0xd8/0x1b0 [ 44.032599][ T1506] do_syscall_64+0x35/0x80 [ 44.037056][ T1506] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 44.043489][ T1506] [ 44.045796][ T1506] The buggy address belongs to the object at ffff88810f74e000 [ 44.045796][ T1506] which belongs to the cache kmalloc-512 of size 512 [ 44.060117][ T1506] The buggy address is located 493 bytes to the right of [ 44.060117][ T1506] 512-byte region [ffff88810f74e000, ffff88810f74e200) [ 44.074122][ T1506] The buggy address belongs to the page: [ 44.079742][ T1506] page:ffffea00043dd300 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810f74c400 pfn:0x10f74c [ 44.091471][ T1506] head:ffffea00043dd300 order:2 compound_mapcount:0 compound_pincount:0 [ 44.099884][ T1506] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 44.106591][ T1506] raw: 0200000000010200 ffffea00043d0608 ffffea0004330f08 ffff888100041c80 [ 44.115236][ T1506] raw: ffff88810f74c400 000000000010000f 00000001ffffffff 0000000000000000 [ 44.124235][ T1506] page dumped because: kasan: bad access detected [ 44.130706][ T1506] page_owner tracks the page as allocated [ 44.136389][ T1506] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 366, ts 4203678397, free_ts 0 [ 44.154531][ T1506] get_page_from_freelist+0x166f/0x2910 [ 44.160070][ T1506] __alloc_pages+0x2b3/0x590 [ 44.164646][ T1506] allocate_slab+0x2eb/0x430 [ 44.169405][ T1506] ___slab_alloc+0xb1c/0xf80 [ 44.174237][ T1506] __kmalloc_node_track_caller+0x16d/0x420 [ 44.180018][ T1506] __alloc_skb+0x8b/0x280 [ 44.184328][ T1506] alloc_uevent_skb+0x76/0x200 [ 44.189151][ T1506] kobject_uevent_env+0x833/0x10d0 [ 44.194437][ T1506] kobject_synth_uevent+0x468/0x680 [ 44.199645][ T1506] store_uevent+0x12/0x20 [ 44.204037][ T1506] module_attr_store+0x39/0x70 [ 44.208774][ T1506] kernfs_fop_write_iter+0x313/0x510 [ 44.214219][ T1506] new_sync_write+0x35d/0x5f0 [ 44.219127][ T1506] vfs_write+0x53e/0x7b0 [ 44.223372][ T1506] ksys_write+0xf4/0x1d0 [ 44.227668][ T1506] do_syscall_64+0x35/0x80 [ 44.232148][ T1506] page_owner free stack trace missing [ 44.237744][ T1506] [ 44.240161][ T1506] Memory state around the buggy address: [ 44.246492][ T1506] ffff88810f74e280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.254710][ T1506] ffff88810f74e300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.262836][ T1506] >ffff88810f74e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.270948][ T1506] ^ [ 44.278386][ T1506] ffff88810f74e400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.286617][ T1506] ffff88810f74e480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.294684][ T1506] ================================================================== [ 44.302915][ T1506] Disabling lock debugging due to kernel taint [ 44.309177][ T1506] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 44.317076][ T1506] Kernel Offset: disabled [ 44.321381][ T1506] Rebooting in 86400 seconds..