Warning: Permanently added '10.128.0.5' (ED25519) to the list of known hosts. 2023/08/03 04:56:24 ignoring optional flag "sandboxArg"="0" 2023/08/03 04:56:24 parsed 1 programs 2023/08/03 04:56:24 executed programs: 0 [ 49.506789][ T1043] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 54.568707][ T1502] loop0: detected capacity change from 0 to 512 [ 54.576608][ T1502] EXT4-fs: Ignoring removed bh option [ 54.583322][ T1502] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 54.594259][ T1502] EXT4-fs (loop0): 1 truncate cleaned up [ 54.600228][ T1502] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. 2023/08/03 04:56:29 executed programs: 1 [ 54.614551][ T1502] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor.0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0 [ 54.643258][ T1048] EXT4-fs (loop0): unmounting filesystem. [ 54.662874][ T1507] loop0: detected capacity change from 0 to 512 [ 54.669947][ T1507] EXT4-fs: Ignoring removed bh option [ 54.675680][ T1507] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 54.687174][ T1507] EXT4-fs (loop0): 1 truncate cleaned up [ 54.692832][ T1507] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 54.710666][ T1507] EXT4-fs error (device loop0): ext4_find_dest_de:2108: inode #12: block 7: comm syz-executor.0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0 [ 54.742212][ T1048] EXT4-fs (loop0): unmounting filesystem. [ 54.763472][ T1510] loop0: detected capacity change from 0 to 512 [ 54.770739][ T1510] EXT4-fs: Ignoring removed bh option [ 54.776646][ T1510] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 54.787571][ T1510] EXT4-fs (loop0): 1 truncate cleaned up [ 54.793843][ T1510] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 54.813938][ T1510] ================================================================== [ 54.822222][ T1510] BUG: KASAN: use-after-free in ext4_search_dir+0x148/0x250 [ 54.829685][ T1510] Read of size 1 at addr ffff888124fa23ed by task syz-executor.0/1510 [ 54.837809][ T1510] [ 54.840136][ T1510] CPU: 0 PID: 1510 Comm: syz-executor.0 Not tainted 6.1.42-syzkaller #0 [ 54.848432][ T1510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 54.858822][ T1510] Call Trace: [ 54.862177][ T1510] [ 54.865396][ T1510] dump_stack_lvl+0xf4/0x251 [ 54.870111][ T1510] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 54.875548][ T1510] ? panic+0x3f7/0x3f7 [ 54.879593][ T1510] ? _printk+0xca/0x10a [ 54.883834][ T1510] ? __x64_sys_open+0x1eb/0x240 [ 54.888857][ T1510] print_report+0x15f/0x4f0 [ 54.893441][ T1510] ? down_read+0x8fd/0xba0 [ 54.897839][ T1510] ? ext4_search_dir+0x148/0x250 [ 54.903108][ T1510] kasan_report+0x136/0x160 [ 54.907681][ T1510] ? ext4_search_dir+0x148/0x250 [ 54.912777][ T1510] ext4_search_dir+0x148/0x250 [ 54.917609][ T1510] ext4_find_inline_entry+0x367/0x540 [ 54.923042][ T1510] ? ext4_try_create_inline_dir+0x320/0x320 [ 54.928995][ T1510] ? tomoyo_path_number_perm+0x51c/0x670 [ 54.934706][ T1510] __ext4_find_entry+0x2dc/0x1a10 [ 54.939903][ T1510] ? rcu_lock_acquire+0x30/0x30 [ 54.944763][ T1510] ? dx_node_limit+0x150/0x150 [ 54.949940][ T1510] ext4_lookup+0x1ab/0x5f0 [ 54.954457][ T1510] ? ext4_add_entry+0x2e80/0x2e80 [ 54.959593][ T1510] ? inode_permission+0x56/0x320 [ 54.965400][ T1510] ? ext4_add_entry+0x2e80/0x2e80 [ 54.970413][ T1510] path_openat+0xdb6/0x2410 [ 54.974991][ T1510] ? do_filp_open+0x430/0x430 [ 54.979715][ T1510] do_filp_open+0x226/0x430 [ 54.984305][ T1510] ? vfs_tmpfile+0x3e0/0x3e0 [ 54.988960][ T1510] ? _raw_spin_unlock+0x24/0x40 [ 54.993809][ T1510] ? alloc_fd+0x3dc/0x470 [ 54.998362][ T1510] do_sys_openat2+0x10b/0x420 [ 55.003196][ T1510] ? __switch_to_asm+0x34/0x60 [ 55.007940][ T1510] ? rcu_is_watching+0x1b/0x90 [ 55.012950][ T1510] ? do_sys_open+0x1c0/0x1c0 [ 55.017708][ T1510] ? __rseq_handle_notify_resume+0x827/0xdf0 [ 55.023950][ T1510] ? xfd_validate_state+0x12/0x50 [ 55.029155][ T1510] __x64_sys_open+0x1eb/0x240 [ 55.033836][ T1510] ? do_sys_openat2+0x420/0x420 [ 55.038790][ T1510] ? switch_fpu_return+0xc9/0x130 [ 55.043908][ T1510] do_syscall_64+0x3d/0x80 [ 55.048395][ T1510] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.054399][ T1510] RIP: 0033:0x7f91b5b7eb29 [ 55.058790][ T1510] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 55.078739][ T1510] RSP: 002b:00007f91b57010c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 55.087306][ T1510] RAX: ffffffffffffffda RBX: 00007f91b5c9df80 RCX: 00007f91b5b7eb29 [ 55.095689][ T1510] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100 [ 55.103722][ T1510] RBP: 00007f91b5bca47a R08: 0000000000000000 R09: 0000000000000000 [ 55.111843][ T1510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 55.119896][ T1510] R13: 0000000000000006 R14: 00007f91b5c9df80 R15: 00007ffc4b98fae8 [ 55.128643][ T1510] [ 55.131853][ T1510] [ 55.134342][ T1510] The buggy address belongs to the physical page: [ 55.140940][ T1510] page:ffffea000493e880 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x124fa2 [ 55.151265][ T1510] flags: 0x200000000000000(node=0|zone=2) [ 55.157048][ T1510] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 55.165631][ T1510] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 55.174205][ T1510] page dumped because: kasan: bad access detected [ 55.180664][ T1510] page_owner tracks the page as freed [ 55.186307][ T1510] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1308, tgid 1308 (modprobe), ts 52436787397, free_ts 52439627112 [ 55.204441][ T1510] post_alloc_hook+0x286/0x2b0 [ 55.209275][ T1510] get_page_from_freelist+0x2c71/0x2eb0 [ 55.214796][ T1510] __alloc_pages+0x251/0x640 [ 55.219380][ T1510] vma_alloc_folio+0x689/0x870 [ 55.224144][ T1510] wp_page_copy+0x1e6/0x1610 [ 55.228817][ T1510] handle_mm_fault+0x9c0/0x2b80 [ 55.233653][ T1510] exc_page_fault+0x22a/0x5e0 [ 55.238310][ T1510] asm_exc_page_fault+0x22/0x30 [ 55.243334][ T1510] page last free stack trace: [ 55.247990][ T1510] free_unref_page_prepare+0xca9/0xd80 [ 55.253583][ T1510] free_unref_page_list+0xb7/0x570 [ 55.258764][ T1510] release_pages+0x1763/0x1900 [ 55.263679][ T1510] tlb_flush_mmu+0x26f/0x3d0 [ 55.268246][ T1510] tlb_finish_mmu+0xb0/0x1b0 [ 55.272809][ T1510] exit_mmap+0x311/0x700 [ 55.277026][ T1510] __mmput+0x61/0x290 [ 55.281103][ T1510] exit_mm+0x122/0x1b0 [ 55.285270][ T1510] do_exit+0x81e/0x23a0 [ 55.289445][ T1510] do_group_exit+0x1b5/0x280 [ 55.294021][ T1510] __x64_sys_exit_group+0x3b/0x40 [ 55.299031][ T1510] do_syscall_64+0x3d/0x80 [ 55.303432][ T1510] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 55.309390][ T1510] [ 55.311821][ T1510] Memory state around the buggy address: [ 55.317885][ T1510] ffff888124fa2280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.325963][ T1510] ffff888124fa2300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.334004][ T1510] >ffff888124fa2380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.342041][ T1510] ^ [ 55.349483][ T1510] ffff888124fa2400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.357545][ T1510] ffff888124fa2480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 55.365579][ T1510] ================================================================== [ 55.373832][ T1510] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 55.381552][ T1510] Kernel Offset: disabled [ 55.385982][ T1510] Rebooting in 86400 seconds..