Warning: Permanently added '10.128.0.112' (ED25519) to the list of known hosts. 2025/04/23 20:28:19 ignoring optional flag "sandboxArg"="0" 2025/04/23 20:28:19 ignoring optional flag "type"="gce" 2025/04/23 20:28:19 parsed 1 programs [ 69.535914][ T1882] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/04/23 20:28:26 executed programs: 0 2025/04/23 20:28:31 executed programs: 2 [ 80.812354][ T2862] loop0: detected capacity change from 0 to 1024 [ 80.828837][ T2862] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.894546][ T2862] loop0: detected capacity change from 1024 to 1023 [ 80.906945][ T2408] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 16: comm syz-executor: path /0/bus: bad entry in directory: rec_len is smaller than minimal - offset=980, inode=0, rec_len=0, size=1024 fake=0 [ 80.928296][ T2408] ================================================================== [ 80.936346][ T2408] BUG: KASAN: slab-out-of-bounds in ext4_read_inline_data+0x1ab/0x280 [ 80.944489][ T2408] Read of size 68 at addr ffff8881062b651a by task syz-executor/2408 [ 80.952536][ T2408] [ 80.954849][ T2408] CPU: 1 UID: 0 PID: 2408 Comm: syz-executor Not tainted 6.15.0-rc3-syzkaller #0 PREEMPT(undef) [ 80.954855][ T2408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 80.954861][ T2408] Call Trace: [ 80.954864][ T2408] [ 80.954867][ T2408] dump_stack_lvl+0x10a/0x280 [ 80.954878][ T2408] ? __pfx_dump_stack_lvl+0x10/0x10 [ 80.954883][ T2408] ? __virt_addr_valid+0x141/0x270 [ 80.954891][ T2408] ? rcu_is_watching+0x1f/0xa0 [ 80.954898][ T2408] ? __virt_addr_valid+0x141/0x270 [ 80.954902][ T2408] ? lock_release+0x45/0x2e0 [ 80.954910][ T2408] ? lock_acquire+0x70/0x200 [ 80.954914][ T2408] ? __virt_addr_valid+0x141/0x270 [ 80.954918][ T2408] ? __virt_addr_valid+0x229/0x270 [ 80.954923][ T2408] print_report+0x16e/0x5b0 [ 80.954928][ T2408] ? __virt_addr_valid+0x141/0x270 [ 80.954932][ T2408] ? __virt_addr_valid+0x229/0x270 [ 80.954937][ T2408] ? ext4_read_inline_data+0x1ab/0x280 [ 80.954941][ T2408] kasan_report+0x143/0x180 [ 80.954944][ T2408] ? ext4_read_inline_data+0x1ab/0x280 [ 80.954948][ T2408] kasan_check_range+0x28f/0x2a0 [ 80.954952][ T2408] ? ext4_read_inline_data+0x1ab/0x280 [ 80.954955][ T2408] __asan_memcpy+0x29/0x70 [ 80.954960][ T2408] ext4_read_inline_data+0x1ab/0x280 [ 80.954964][ T2408] ext4_read_inline_dir+0x2ee/0x9f0 [ 80.954968][ T2408] ? rcu_is_watching+0x1f/0xa0 [ 80.954972][ T2408] ? __count_memcg_events+0x415/0x520 [ 80.954977][ T2408] ? __pfx_ext4_read_inline_dir+0x10/0x10 [ 80.954981][ T2408] ? register_lock_class+0x54/0x280 [ 80.954985][ T2408] ? __lock_acquire+0x5f/0x4f0 [ 80.954990][ T2408] ext4_readdir+0x293/0x2fc0 [ 80.954997][ T2408] ? iterate_dir+0xa7/0x490 [ 80.955003][ T2408] ? __pfx___mutex_lock+0x10/0x10 [ 80.955008][ T2408] ? __pfx_ext4_readdir+0x10/0x10 [ 80.955012][ T2408] ? __pfx_down_read_killable+0x10/0x10 [ 80.955016][ T2408] ? __pfx_handle_mm_fault+0x10/0x10 [ 80.955022][ T2408] ? reacquire_held_locks+0xea/0x150 [ 80.955026][ T2408] ? exc_page_fault+0x161/0x7b0 [ 80.955030][ T2408] iterate_dir+0x18e/0x490 [ 80.955034][ T2408] __se_sys_getdents64+0x1d9/0x430 [ 80.955039][ T2408] ? __pfx___se_sys_getdents64+0x10/0x10 [ 80.955042][ T2408] ? __pfx_filldir64+0x10/0x10 [ 80.955046][ T2408] ? asm_exc_page_fault+0x26/0x30 [ 80.955051][ T2408] do_syscall_64+0x8d/0x170 [ 80.955056][ T2408] ? clear_bhb_loop+0x25/0x80 [ 80.955060][ T2408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.955065][ T2408] RIP: 0033:0x7f7873789333 [ 80.955073][ T2408] Code: c1 66 0f 1f 44 00 00 48 83 c4 08 48 89 ef 5b 5d e9 02 45 f8 ff 66 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 a8 ff ff ff f7 d8 [ 80.955079][ T2408] RSP: 002b:00007ffc006cb0a8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 80.955088][ T2408] RAX: ffffffffffffffda RBX: 000055556ab49520 RCX: 00007f7873789333 [ 80.955091][ T2408] RDX: 0000000000008000 RSI: 000055556ab49520 RDI: 0000000000000006 [ 80.955094][ T2408] RBP: 000055556ab494f4 R08: 0000000000000000 R09: 0000000000000000 [ 80.955097][ T2408] R10: 0000000000001000 R11: 0000000000000293 R12: ffffffffffffffa8 [ 80.955099][ T2408] R13: 0000000000000016 R14: 000055556ab494f0 R15: 00007ffc006ce440 [ 80.955103][ T2408] [ 80.955105][ T2408] [ 81.263789][ T2408] Allocated by task 2505: [ 81.268125][ T2408] kasan_save_track+0x3f/0x80 [ 81.272792][ T2408] __kasan_slab_alloc+0x66/0x80 [ 81.277621][ T2408] kmem_cache_alloc_noprof+0x1bc/0x410 [ 81.283063][ T2408] getname_flags+0x9d/0x440 [ 81.287543][ T2408] do_sys_openat2+0xaf/0x1a0 [ 81.292127][ T2408] __x64_sys_openat+0x20f/0x260 [ 81.296958][ T2408] do_syscall_64+0x8d/0x170 [ 81.301454][ T2408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.307317][ T2408] [ 81.309617][ T2408] Freed by task 2505: [ 81.313563][ T2408] kasan_save_track+0x3f/0x80 [ 81.318223][ T2408] kasan_save_free_info+0x40/0x50 [ 81.323217][ T2408] __kasan_slab_free+0x59/0x70 [ 81.327975][ T2408] kmem_cache_free+0x180/0x470 [ 81.332728][ T2408] do_sys_openat2+0x137/0x1a0 [ 81.337385][ T2408] __x64_sys_openat+0x20f/0x260 [ 81.342206][ T2408] do_syscall_64+0x8d/0x170 [ 81.346685][ T2408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.352561][ T2408] [ 81.354862][ T2408] The buggy address belongs to the object at ffff8881062b5500 [ 81.354862][ T2408] which belongs to the cache names_cache of size 4096 [ 81.368973][ T2408] The buggy address is located 26 bytes to the right of [ 81.368973][ T2408] allocated 4096-byte region [ffff8881062b5500, ffff8881062b6500) [ 81.383631][ T2408] [ 81.385935][ T2408] The buggy address belongs to the physical page: [ 81.392343][ T2408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1062b0 [ 81.401268][ T2408] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 81.409769][ T2408] flags: 0x200000000000040(head|node=0|zone=2) [ 81.415916][ T2408] page_type: f5(slab) [ 81.419911][ T2408] raw: 0200000000000040 ffff888100a8a640 dead000000000122 0000000000000000 [ 81.428557][ T2408] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 81.437206][ T2408] head: 0200000000000040 ffff888100a8a640 dead000000000122 0000000000000000 [ 81.445926][ T2408] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 81.454573][ T2408] head: 0200000000000003 ffffea000418ac01 00000000ffffffff 00000000ffffffff [ 81.463223][ T2408] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 81.471871][ T2408] page dumped because: kasan: bad access detected [ 81.478274][ T2408] page_owner tracks the page as allocated [ 81.484137][ T2408] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 2505, tgid 2505 (modprobe), ts 76839331294, free_ts 76817855590 [ 81.505107][ T2408] post_alloc_hook+0x108/0x120 [ 81.509981][ T2408] get_page_from_freelist+0x3f0a/0x41b0 [ 81.515548][ T2408] __alloc_frozen_pages_noprof+0x252/0x700 [ 81.521353][ T2408] alloc_pages_mpol+0x14f/0x3c0 [ 81.526458][ T2408] allocate_slab+0x8b/0x360 [ 81.530955][ T2408] ___slab_alloc+0xa1d/0x1160 [ 81.535618][ T2408] kmem_cache_alloc_noprof+0x27f/0x410 [ 81.541073][ T2408] getname_flags+0x9d/0x440 [ 81.545562][ T2408] vfs_fstatat+0x26/0xe0 [ 81.549771][ T2408] __se_sys_newfstatat+0xcf/0x740 [ 81.554766][ T2408] do_syscall_64+0x8d/0x170 [ 81.559261][ T2408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.565121][ T2408] page last free pid 2503 tgid 2503 stack trace: [ 81.571426][ T2408] __free_frozen_pages+0xb64/0xda0 [ 81.576510][ T2408] __put_partials+0x156/0x1b0 [ 81.581155][ T2408] put_cpu_partial+0x157/0x1b0 [ 81.585891][ T2408] __slab_free+0x269/0x360 [ 81.590278][ T2408] qlist_free_all+0x9a/0x140 [ 81.594850][ T2408] kasan_quarantine_reduce+0x14f/0x170 [ 81.600275][ T2408] __kasan_slab_alloc+0x23/0x80 [ 81.605135][ T2408] __kmalloc_noprof+0x227/0x530 [ 81.609983][ T2408] tomoyo_realpath_from_path+0xe3/0x4e0 [ 81.615804][ T2408] tomoyo_condition+0x14d8/0x2670 [ 81.620828][ T2408] tomoyo_check_acl+0x145/0x390 [ 81.625673][ T2408] tomoyo_execute_permission+0x138/0x3b0 [ 81.631363][ T2408] tomoyo_find_next_domain+0x329/0x1760 [ 81.636874][ T2408] tomoyo_bprm_check_security+0xfd/0x130 [ 81.642473][ T2408] security_bprm_check+0x2a/0xa0 [ 81.647383][ T2408] bprm_execve+0x64d/0xee0 [ 81.651781][ T2408] [ 81.654122][ T2408] Memory state around the buggy address: [ 81.659730][ T2408] ffff8881062b6400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.667850][ T2408] ffff8881062b6480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.675882][ T2408] >ffff8881062b6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.683906][ T2408] ^ [ 81.688724][ T2408] ffff8881062b6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 81.696856][ T2408] ffff8881062b6600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 81.704984][ T2408] ================================================================== [ 81.713499][ T2408] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 81.720927][ T2408] Kernel Offset: disabled [ 81.725249][ T2408] Rebooting in 86400 seconds..