Warning: Permanently added '10.128.1.52' (ED25519) to the list of known hosts. 2023/10/31 05:07:57 ignoring optional flag "sandboxArg"="0" 2023/10/31 05:07:57 parsed 1 programs 2023/10/31 05:07:57 executed programs: 0 [ 43.676951][ T1046] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 46.059290][ T1506] loop0: detected capacity change from 0 to 512 [ 46.067928][ T1506] EXT4-fs (loop0): Ignoring removed bh option [ 46.074351][ T1506] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 46.085291][ T1506] EXT4-fs (loop0): 1 truncate cleaned up [ 46.091867][ T1506] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 46.115287][ T1506] EXT4-fs error (device loop0): ext4_find_dest_de:2111: inode #12: block 7: comm syz-executor.0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0 [ 46.204333][ T1512] loop0: detected capacity change from 0 to 512 [ 46.211687][ T1512] EXT4-fs (loop0): Ignoring removed bh option [ 46.218328][ T1512] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 46.227936][ T1512] EXT4-fs (loop0): 1 truncate cleaned up [ 46.233946][ T1512] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 46.257042][ T1512] ================================================================== [ 46.265656][ T1512] BUG: KASAN: use-after-free in ext4_search_dir+0x1df/0x260 [ 46.273551][ T1512] Read of size 1 at addr ffff8881221933ed by task syz-executor.0/1512 [ 46.282029][ T1512] [ 46.284749][ T1512] CPU: 1 PID: 1512 Comm: syz-executor.0 Not tainted 5.15.137-syzkaller #0 [ 46.293515][ T1512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 [ 46.304301][ T1512] Call Trace: [ 46.307910][ T1512] [ 46.311429][ T1512] dump_stack_lvl+0x41/0x5e [ 46.316447][ T1512] print_address_description.constprop.0.cold+0x6c/0x309 [ 46.323875][ T1512] ? ext4_search_dir+0x1df/0x260 [ 46.328826][ T1512] ? ext4_search_dir+0x1df/0x260 [ 46.334586][ T1512] kasan_report.cold+0x83/0xdf [ 46.339426][ T1512] ? ext4_search_dir+0x1df/0x260 [ 46.344931][ T1512] ext4_search_dir+0x1df/0x260 [ 46.350666][ T1512] ext4_find_inline_entry+0x355/0x440 [ 46.356288][ T1512] ? tomoyo_path_number_perm+0x1d8/0x420 [ 46.362740][ T1512] ? ext4_try_create_inline_dir+0x290/0x290 [ 46.368708][ T1512] ? lock_downgrade+0x4f0/0x4f0 [ 46.373728][ T1512] __ext4_find_entry+0x84a/0xce0 [ 46.378991][ T1512] ? find_held_lock+0x2d/0x110 [ 46.384058][ T1512] ? ext4_dx_find_entry+0x570/0x570 [ 46.389290][ T1512] ? d_alloc_parallel+0x638/0x1010 [ 46.394842][ T1512] ext4_lookup+0x156/0x570 [ 46.399829][ T1512] ? userns_owner+0x30/0x30 [ 46.404319][ T1512] ? ext4_resetent+0x280/0x280 [ 46.409059][ T1512] ? apparmor_path_link+0x3c0/0x3c0 [ 46.414341][ T1512] ? tomoyo_path_mknod+0xb5/0x130 [ 46.419733][ T1512] ? from_kgid+0x7f/0xc0 [ 46.423973][ T1512] ? ext4_resetent+0x280/0x280 [ 46.428724][ T1512] lookup_open.isra.0+0x808/0x1680 [ 46.433823][ T1512] ? vfs_tmpfile+0x2d0/0x2d0 [ 46.438407][ T1512] path_openat+0x800/0x24d0 [ 46.442896][ T1512] ? kasan_disable_current+0x11/0x20 [ 46.448729][ T1512] ? __x64_sys_open+0xfd/0x1a0 [ 46.453837][ T1512] ? do_syscall_64+0x35/0x80 [ 46.458661][ T1512] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 46.464843][ T1512] ? path_lookupat+0x6b0/0x6b0 [ 46.471113][ T1512] ? futex_wait_restart+0x210/0x210 [ 46.477754][ T1512] ? stack_trace_save+0x8c/0xc0 [ 46.484293][ T1512] ? filter_irq_stacks+0x90/0x90 [ 46.489623][ T1512] ? kasan_save_stack+0x1b/0x40 [ 46.495060][ T1512] do_filp_open+0x199/0x3d0 [ 46.500008][ T1512] ? may_open_dev+0xd0/0xd0 [ 46.504796][ T1512] ? do_raw_spin_lock+0x120/0x2b0 [ 46.510138][ T1512] ? rwlock_bug.part.0+0x90/0x90 [ 46.515864][ T1512] ? lock_acquire+0x11a/0x230 [ 46.520737][ T1512] ? _raw_spin_unlock+0x1a/0x20 [ 46.525763][ T1512] ? alloc_fd+0x17c/0x4e0 [ 46.530215][ T1512] ? getname_flags.part.0+0x89/0x440 [ 46.535598][ T1512] do_sys_openat2+0x11e/0x400 [ 46.540377][ T1512] ? build_open_flags+0x490/0x490 [ 46.545561][ T1512] ? lock_downgrade+0x4f0/0x4f0 [ 46.550624][ T1512] __x64_sys_open+0xfd/0x1a0 [ 46.555290][ T1512] ? do_sys_open+0xe0/0xe0 [ 46.559857][ T1512] ? vtime_user_exit+0xde/0x180 [ 46.564682][ T1512] ? trace_user_exit.constprop.0+0x25/0xb0 [ 46.570680][ T1512] do_syscall_64+0x35/0x80 [ 46.575311][ T1512] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 46.581331][ T1512] RIP: 0033:0x7fc4341a4b29 [ 46.586001][ T1512] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 46.607302][ T1512] RSP: 002b:00007fc433d270c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 46.616120][ T1512] RAX: ffffffffffffffda RBX: 00007fc4342c3f80 RCX: 00007fc4341a4b29 [ 46.624516][ T1512] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100 [ 46.634645][ T1512] RBP: 00007fc4341f047a R08: 0000000000000000 R09: 0000000000000000 [ 46.642727][ T1512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 46.650891][ T1512] R13: 0000000000000006 R14: 00007fc4342c3f80 R15: 00007ffeb25ffed8 [ 46.659171][ T1512] [ 46.662371][ T1512] [ 46.664844][ T1512] The buggy address belongs to the page: [ 46.670795][ T1512] page:ffffea00048864c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x100 pfn:0x122193 [ 46.681460][ T1512] flags: 0x200000000000000(node=0|zone=2) [ 46.687375][ T1512] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 46.696027][ T1512] raw: 0000000000000100 0000000000000000 00000000ffffffff 0000000000000000 [ 46.704860][ T1512] page dumped because: kasan: bad access detected [ 46.711606][ T1512] page_owner tracks the page as freed [ 46.717124][ T1512] page last allocated via order 0, migratetype Movable, gfp_mask 0x1100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), pid 1088, ts 43897159989, free_ts 43898521947 [ 46.733327][ T1512] get_page_from_freelist+0x166f/0x2910 [ 46.738847][ T1512] __alloc_pages+0x2b3/0x590 [ 46.743734][ T1512] alloc_pages_vma+0xcf/0x4b0 [ 46.748539][ T1512] __handle_mm_fault+0xdf5/0x1ec0 [ 46.753614][ T1512] handle_mm_fault+0x1c0/0x5a0 [ 46.758724][ T1512] do_user_addr_fault+0x293/0xcb0 [ 46.763824][ T1512] exc_page_fault+0x5a/0xb0 [ 46.768401][ T1512] asm_exc_page_fault+0x22/0x30 [ 46.773256][ T1512] page last free stack trace: [ 46.778108][ T1512] free_pcp_prepare+0x34e/0x730 [ 46.782976][ T1512] free_unref_page_list+0x168/0x9a0 [ 46.788264][ T1512] release_pages+0x9f2/0x1100 [ 46.792913][ T1512] tlb_finish_mmu+0x125/0x6c0 [ 46.797559][ T1512] exit_mmap+0x185/0x4e0 [ 46.801858][ T1512] mmput+0x90/0x390 [ 46.805938][ T1512] do_exit+0x87f/0x21d0 [ 46.810333][ T1512] do_group_exit+0xe7/0x290 [ 46.814906][ T1512] __x64_sys_exit_group+0x35/0x40 [ 46.819980][ T1512] do_syscall_64+0x35/0x80 [ 46.824646][ T1512] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 46.831432][ T1512] [ 46.833763][ T1512] Memory state around the buggy address: [ 46.839595][ T1512] ffff888122193280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.847920][ T1512] ffff888122193300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.856330][ T1512] >ffff888122193380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.865195][ T1512] ^ [ 46.873432][ T1512] ffff888122193400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.883035][ T1512] ffff888122193480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 46.892022][ T1512] ================================================================== [ 46.900084][ T1512] Disabling lock debugging due to kernel taint [ 46.906788][ T1512] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 46.914412][ T1512] Kernel Offset: disabled [ 46.918904][ T1512] Rebooting in 86400 seconds..