Warning: Permanently added '10.128.0.79' (ED25519) to the list of known hosts. 2024/02/05 12:07:26 ignoring optional flag "sandboxArg"="0" 2024/02/05 12:07:26 parsed 1 programs 2024/02/05 12:07:26 executed programs: 0 [ 52.257273][ T1055] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 54.270038][ T1516] loop0: detected capacity change from 0 to 512 [ 54.277065][ T1516] EXT4-fs (loop0): Ignoring removed bh option [ 54.283659][ T1516] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 54.293598][ T1516] EXT4-fs (loop0): 1 truncate cleaned up [ 54.299217][ T1516] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 54.319732][ T1516] EXT4-fs error (device loop0): ext4_find_dest_de:2111: inode #12: block 7: comm syz-executor.0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0 [ 54.401226][ T1520] loop0: detected capacity change from 0 to 512 [ 54.408321][ T1520] EXT4-fs (loop0): Ignoring removed bh option [ 54.414454][ T1520] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 54.423533][ T1520] EXT4-fs (loop0): 1 truncate cleaned up [ 54.429139][ T1520] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 54.448757][ T1520] ================================================================== [ 54.456806][ T1520] BUG: KASAN: slab-out-of-bounds in ext4_search_dir+0x1df/0x260 [ 54.464402][ T1520] Read of size 1 at addr ffff88811c9973ed by task syz-executor.0/1520 [ 54.472515][ T1520] [ 54.474809][ T1520] CPU: 0 PID: 1520 Comm: syz-executor.0 Not tainted 5.15.148-syzkaller #0 [ 54.483267][ T1520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 54.493290][ T1520] Call Trace: [ 54.496541][ T1520] [ 54.499440][ T1520] dump_stack_lvl+0x41/0x5e [ 54.503915][ T1520] print_address_description.constprop.0.cold+0x6c/0x309 [ 54.510902][ T1520] ? ext4_search_dir+0x1df/0x260 [ 54.515822][ T1520] ? ext4_search_dir+0x1df/0x260 [ 54.520725][ T1520] kasan_report.cold+0x83/0xdf [ 54.525456][ T1520] ? ext4_search_dir+0x1df/0x260 [ 54.530377][ T1520] ext4_search_dir+0x1df/0x260 [ 54.535103][ T1520] ext4_find_inline_entry+0x355/0x440 [ 54.540438][ T1520] ? tomoyo_path_number_perm+0x1d8/0x420 [ 54.546033][ T1520] ? ext4_try_create_inline_dir+0x290/0x290 [ 54.551889][ T1520] ? lock_downgrade+0x4f0/0x4f0 [ 54.556707][ T1520] __ext4_find_entry+0x84a/0xce0 [ 54.561607][ T1520] ? find_held_lock+0x2d/0x110 [ 54.566332][ T1520] ? ext4_dx_find_entry+0x570/0x570 [ 54.571490][ T1520] ? d_alloc_parallel+0x638/0x1010 [ 54.576564][ T1520] ext4_lookup+0x156/0x570 [ 54.580941][ T1520] ? userns_owner+0x30/0x30 [ 54.585410][ T1520] ? ext4_resetent+0x280/0x280 [ 54.590134][ T1520] ? apparmor_capget+0x6b0/0x6b0 [ 54.595030][ T1520] ? tomoyo_path_mknod+0xb5/0x130 [ 54.600019][ T1520] ? from_kgid+0x7f/0xc0 [ 54.604222][ T1520] ? ext4_resetent+0x280/0x280 [ 54.608945][ T1520] lookup_open.isra.0+0x808/0x1680 [ 54.614023][ T1520] ? vfs_tmpfile+0x2d0/0x2d0 [ 54.618576][ T1520] path_openat+0x800/0x24d0 [ 54.623041][ T1520] ? get_slabinfo+0x81/0xf0 [ 54.627513][ T1520] ? __x64_sys_open+0xfd/0x1a0 [ 54.632239][ T1520] ? do_syscall_64+0x35/0x80 [ 54.636794][ T1520] ? entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.642822][ T1520] ? path_lookupat+0x6b0/0x6b0 [ 54.647548][ T1520] ? futex_wait_restart+0x210/0x210 [ 54.652708][ T1520] ? stack_trace_save+0x8c/0xc0 [ 54.657519][ T1520] ? filter_irq_stacks+0x90/0x90 [ 54.662417][ T1520] ? kasan_save_stack+0x1b/0x40 [ 54.667228][ T1520] do_filp_open+0x199/0x3d0 [ 54.671694][ T1520] ? may_open_dev+0xd0/0xd0 [ 54.676164][ T1520] ? do_raw_spin_lock+0x120/0x2b0 [ 54.681163][ T1520] ? rwlock_bug.part.0+0x90/0x90 [ 54.686061][ T1520] ? lock_acquire+0x11a/0x230 [ 54.690698][ T1520] ? _raw_spin_unlock+0x1a/0x20 [ 54.695510][ T1520] ? alloc_fd+0x17c/0x4e0 [ 54.699800][ T1520] ? getname_flags.part.0+0x89/0x440 [ 54.705044][ T1520] do_sys_openat2+0x11e/0x400 [ 54.709685][ T1520] ? build_open_flags+0x490/0x490 [ 54.714669][ T1520] ? lock_downgrade+0x4f0/0x4f0 [ 54.719484][ T1520] __x64_sys_open+0xfd/0x1a0 [ 54.724037][ T1520] ? do_sys_open+0xe0/0xe0 [ 54.728414][ T1520] ? vtime_user_exit+0xde/0x180 [ 54.733227][ T1520] ? trace_user_exit.constprop.0+0x25/0xb0 [ 54.739002][ T1520] do_syscall_64+0x35/0x80 [ 54.743390][ T1520] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.749251][ T1520] RIP: 0033:0x7f080c7feb29 [ 54.753630][ T1520] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 54.773197][ T1520] RSP: 002b:00007f080c3810c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 54.781572][ T1520] RAX: ffffffffffffffda RBX: 00007f080c91df80 RCX: 00007f080c7feb29 [ 54.789510][ T1520] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100 [ 54.797445][ T1520] RBP: 00007f080c84a47a R08: 0000000000000000 R09: 0000000000000000 [ 54.805380][ T1520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 54.813315][ T1520] R13: 0000000000000006 R14: 00007f080c91df80 R15: 00007ffca6a35d58 [ 54.821263][ T1520] [ 54.824257][ T1520] [ 54.826551][ T1520] Allocated by task 1061: [ 54.830842][ T1520] kasan_save_stack+0x1b/0x40 [ 54.835486][ T1520] __kasan_kmalloc+0x7c/0x90 [ 54.840047][ T1520] tomoyo_realpath_from_path+0xb0/0x6d0 [ 54.845553][ T1520] tomoyo_path_number_perm+0x19c/0x420 [ 54.850977][ T1520] security_file_ioctl+0x44/0x80 [ 54.855876][ T1520] __x64_sys_ioctl+0x99/0x190 [ 54.860516][ T1520] do_syscall_64+0x35/0x80 [ 54.864898][ T1520] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.870757][ T1520] [ 54.873050][ T1520] Freed by task 1061: [ 54.876992][ T1520] kasan_save_stack+0x1b/0x40 [ 54.881632][ T1520] kasan_set_track+0x1c/0x30 [ 54.886184][ T1520] kasan_set_free_info+0x20/0x30 [ 54.891082][ T1520] __kasan_slab_free+0xe0/0x110 [ 54.895893][ T1520] kfree+0xd0/0x4c0 [ 54.899663][ T1520] tomoyo_realpath_from_path+0x16b/0x6d0 [ 54.905260][ T1520] tomoyo_path_number_perm+0x19c/0x420 [ 54.910679][ T1520] security_file_ioctl+0x44/0x80 [ 54.915577][ T1520] __x64_sys_ioctl+0x99/0x190 [ 54.920216][ T1520] do_syscall_64+0x35/0x80 [ 54.924599][ T1520] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 54.930455][ T1520] [ 54.932746][ T1520] The buggy address belongs to the object at ffff88811c996000 [ 54.932746][ T1520] which belongs to the cache kmalloc-4k of size 4096 [ 54.946757][ T1520] The buggy address is located 1005 bytes to the right of [ 54.946757][ T1520] 4096-byte region [ffff88811c996000, ffff88811c997000) [ 54.960685][ T1520] The buggy address belongs to the page: [ 54.966278][ T1520] page:ffffea0004726400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11c990 [ 54.976473][ T1520] head:ffffea0004726400 order:3 compound_mapcount:0 compound_pincount:0 [ 54.984758][ T1520] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 54.991309][ T1520] raw: 0200000000010200 dead000000000100 dead000000000122 ffff888100042140 [ 54.999859][ T1520] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 55.008403][ T1520] page dumped because: kasan: bad access detected [ 55.014781][ T1520] page_owner tracks the page as allocated [ 55.020461][ T1520] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 482, ts 31744694864, free_ts 0 [ 55.037780][ T1520] get_page_from_freelist+0x166f/0x2910 [ 55.043294][ T1520] __alloc_pages+0x2b3/0x590 [ 55.047848][ T1520] allocate_slab+0x2eb/0x430 [ 55.052405][ T1520] ___slab_alloc+0xb1c/0xf80 [ 55.056965][ T1520] __kmalloc+0x2da/0x2f0 [ 55.061170][ T1520] tomoyo_realpath_from_path+0xb0/0x6d0 [ 55.066681][ T1520] tomoyo_realpath_nofollow+0x9c/0xc0 [ 55.072019][ T1520] tomoyo_find_next_domain+0x24b/0x1bf0 [ 55.077533][ T1520] tomoyo_bprm_check_security+0xfb/0x170 [ 55.083129][ T1520] security_bprm_check+0x34/0x70 [ 55.088031][ T1520] bprm_execve+0x59b/0x1330 [ 55.092501][ T1520] kernel_execve+0x2dc/0x400 [ 55.097053][ T1520] call_usermodehelper_exec_async+0x2c1/0x500 [ 55.103084][ T1520] ret_from_fork+0x1f/0x30 [ 55.107463][ T1520] page_owner free stack trace missing [ 55.112795][ T1520] [ 55.115097][ T1520] Memory state around the buggy address: [ 55.120696][ T1520] ffff88811c997280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.128719][ T1520] ffff88811c997300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.136752][ T1520] >ffff88811c997380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.144772][ T1520] ^ [ 55.152188][ T1520] ffff88811c997400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.160221][ T1520] ffff88811c997480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.168245][ T1520] ================================================================== [ 55.176273][ T1520] Disabling lock debugging due to kernel taint [ 55.182528][ T1520] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 55.189858][ T1520] Kernel Offset: disabled [ 55.194154][ T1520] Rebooting in 86400 seconds..