Warning: Permanently added '10.128.0.122' (ED25519) to the list of known hosts. 2024/04/17 19:59:35 ignoring optional flag "sandboxArg"="0" 2024/04/17 19:59:35 parsed 1 programs 2024/04/17 19:59:36 executed programs: 0 [ 50.559571][ T1043] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 55.576622][ T1504] loop0: detected capacity change from 0 to 512 [ 55.583895][ T1504] EXT4-fs: Ignoring removed bh option [ 55.590054][ T1504] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 55.601350][ T1504] EXT4-fs (loop0): 1 truncate cleaned up [ 55.606995][ T1504] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. 2024/04/17 19:59:41 executed programs: 1 [ 55.621163][ T1504] EXT4-fs error (device loop0): ext4_find_dest_de:2112: inode #12: block 7: comm syz-executor.0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0 [ 55.650410][ T1049] EXT4-fs (loop0): unmounting filesystem. [ 55.670118][ T1508] loop0: detected capacity change from 0 to 512 [ 55.677783][ T1508] EXT4-fs: Ignoring removed bh option [ 55.684300][ T1508] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 55.694433][ T1508] EXT4-fs (loop0): 1 truncate cleaned up [ 55.700189][ T1508] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 55.713430][ T1508] ================================================================== [ 55.721605][ T1508] BUG: KASAN: use-after-free in ext4_search_dir+0x148/0x250 [ 55.728881][ T1508] Read of size 1 at addr ffff888124d873ed by task syz-executor.0/1508 [ 55.737362][ T1508] [ 55.739693][ T1508] CPU: 0 PID: 1508 Comm: syz-executor.0 Not tainted 6.1.87-syzkaller #0 [ 55.749399][ T1508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 55.759673][ T1508] Call Trace: [ 55.763050][ T1508] [ 55.765981][ T1508] dump_stack_lvl+0xf4/0x251 [ 55.770559][ T1508] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 55.775997][ T1508] ? panic+0x3fe/0x3fe [ 55.780058][ T1508] ? _printk+0xca/0x10a [ 55.784209][ T1508] ? __virt_addr_valid+0x139/0x260 [ 55.789485][ T1508] ? __virt_addr_valid+0x211/0x260 [ 55.794573][ T1508] print_report+0x15f/0x4f0 [ 55.799066][ T1508] ? __virt_addr_valid+0x139/0x260 [ 55.804177][ T1508] ? __virt_addr_valid+0x211/0x260 [ 55.809284][ T1508] ? ext4_search_dir+0x148/0x250 [ 55.814200][ T1508] kasan_report+0x136/0x160 [ 55.818682][ T1508] ? ext4_search_dir+0x148/0x250 [ 55.823679][ T1508] ext4_search_dir+0x148/0x250 [ 55.828422][ T1508] ext4_find_inline_entry+0x367/0x540 [ 55.833766][ T1508] ? ext4_try_create_inline_dir+0x320/0x320 [ 55.839655][ T1508] ? tomoyo_path_number_perm+0x54d/0x6a0 [ 55.845261][ T1508] ? tomoyo_path_number_perm+0x1c3/0x6a0 [ 55.851127][ T1508] __ext4_find_entry+0x2dc/0x1a10 [ 55.856478][ T1508] ? d_alloc_parallel+0x318/0x1130 [ 55.861566][ T1508] ? dx_node_limit+0x150/0x150 [ 55.866389][ T1508] ? d_alloc_parallel+0x318/0x1130 [ 55.871568][ T1508] ext4_lookup+0x1ab/0x5f0 [ 55.876216][ T1508] ? ext4_add_entry+0x2e80/0x2e80 [ 55.881227][ T1508] ? inode_permission+0x56/0x320 [ 55.886188][ T1508] ? ext4_add_entry+0x2e80/0x2e80 [ 55.891197][ T1508] path_openat+0xdb6/0x2410 [ 55.895748][ T1508] ? do_filp_open+0x430/0x430 [ 55.900424][ T1508] do_filp_open+0x226/0x430 [ 55.904962][ T1508] ? vfs_tmpfile+0x3e0/0x3e0 [ 55.909547][ T1508] ? _raw_spin_unlock+0x24/0x40 [ 55.914467][ T1508] ? alloc_fd+0x3dc/0x470 [ 55.918773][ T1508] do_sys_openat2+0x10b/0x420 [ 55.923424][ T1508] ? rcu_is_watching+0x1b/0x90 [ 55.928161][ T1508] ? do_sys_open+0x1c0/0x1c0 [ 55.932729][ T1508] ? __rseq_handle_notify_resume+0x827/0xdf0 [ 55.938894][ T1508] ? xfd_validate_state+0x12/0x50 [ 55.943948][ T1508] __x64_sys_open+0x1eb/0x240 [ 55.948993][ T1508] ? do_sys_openat2+0x420/0x420 [ 55.954004][ T1508] ? switch_fpu_return+0xc9/0x130 [ 55.959001][ T1508] do_syscall_64+0x3b/0x80 [ 55.963404][ T1508] ? clear_bhb_loop+0x45/0xa0 [ 55.968145][ T1508] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 55.974189][ T1508] RIP: 0033:0x7f083d6cbb29 [ 55.978605][ T1508] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 55.998268][ T1508] RSP: 002b:00007f083d24e0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 56.006749][ T1508] RAX: ffffffffffffffda RBX: 00007f083d7eaf80 RCX: 00007f083d6cbb29 [ 56.014816][ T1508] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100 [ 56.022944][ T1508] RBP: 00007f083d71747a R08: 0000000000000000 R09: 0000000000000000 [ 56.030888][ T1508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 56.039097][ T1508] R13: 0000000000000006 R14: 00007f083d7eaf80 R15: 00007fffde3e9da8 [ 56.047516][ T1508] [ 56.050508][ T1508] [ 56.052814][ T1508] The buggy address belongs to the physical page: [ 56.059332][ T1508] page:ffffea00049361c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x124d87 [ 56.069625][ T1508] flags: 0x200000000000000(node=0|zone=2) [ 56.075337][ T1508] raw: 0200000000000000 ffffea0004934d48 ffffea0004936708 0000000000000000 [ 56.083958][ T1508] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 56.092618][ T1508] page dumped because: kasan: bad access detected [ 56.099111][ T1508] page_owner tracks the page as freed [ 56.104575][ T1508] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 1427, tgid 1427 (modprobe), ts 54733441877, free_ts 54741888841 [ 56.122175][ T1508] post_alloc_hook+0x286/0x2b0 [ 56.127626][ T1508] get_page_from_freelist+0x2ba7/0x2de0 [ 56.133161][ T1508] __alloc_pages+0x251/0x640 [ 56.137813][ T1508] vma_alloc_folio+0x689/0x870 [ 56.142556][ T1508] wp_page_copy+0x1e6/0x1610 [ 56.147139][ T1508] handle_mm_fault+0x91a/0x2bf0 [ 56.152322][ T1508] exc_page_fault+0x22a/0x5e0 [ 56.157766][ T1508] asm_exc_page_fault+0x22/0x30 [ 56.162685][ T1508] page last free stack trace: [ 56.167509][ T1508] free_unref_page_prepare+0xca9/0xd80 [ 56.173039][ T1508] free_unref_page_list+0xaa/0x690 [ 56.178318][ T1508] release_pages+0x1763/0x1900 [ 56.184016][ T1508] tlb_flush_mmu+0x26f/0x3d0 [ 56.188759][ T1508] tlb_finish_mmu+0xb0/0x1b0 [ 56.193408][ T1508] exit_mmap+0x311/0x700 [ 56.197637][ T1508] __mmput+0x61/0x290 [ 56.202135][ T1508] exit_mm+0x122/0x1b0 [ 56.206360][ T1508] do_exit+0x81e/0x23a0 [ 56.210491][ T1508] do_group_exit+0x1b5/0x280 [ 56.215068][ T1508] __x64_sys_exit_group+0x3b/0x40 [ 56.220075][ T1508] do_syscall_64+0x3b/0x80 [ 56.224463][ T1508] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 56.230350][ T1508] [ 56.232660][ T1508] Memory state around the buggy address: [ 56.238354][ T1508] ffff888124d87280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.246388][ T1508] ffff888124d87300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.254508][ T1508] >ffff888124d87380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.262629][ T1508] ^ [ 56.270254][ T1508] ffff888124d87400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.278485][ T1508] ffff888124d87480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 56.286614][ T1508] ================================================================== [ 56.294802][ T1508] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 56.302078][ T1508] Kernel Offset: disabled [ 56.306391][ T1508] Rebooting in 86400 seconds..