Warning: Permanently added '10.128.1.212' (ED25519) to the list of known hosts.
2024/09/08 05:15:31 ignoring optional flag "sandboxArg"="0"
2024/09/08 05:15:31 parsed 1 programs
2024/09/08 05:15:31 executed programs: 0
[   44.075061][  T943] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   46.293926][ T1403] loop0: detected capacity change from 0 to 512
[   46.302434][ T1403] EXT4-fs (loop0): Ignoring removed bh option
[   46.308590][ T1403] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   46.318671][ T1403] EXT4-fs (loop0): 1 truncate cleaned up
[   46.324417][ T1403] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[   46.348457][ T1403] ==================================================================
[   46.356620][ T1403] BUG: KASAN: use-after-free in ext4_search_dir+0x1df/0x260
[   46.364060][ T1403] Read of size 1 at addr ffff88810f4543ed by task syz-executor.0/1403
[   46.372196][ T1403] 
[   46.374685][ T1403] CPU: 1 PID: 1403 Comm: syz-executor.0 Not tainted 5.15.166-syzkaller #0
[   46.383161][ T1403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   46.393713][ T1403] Call Trace:
[   46.396988][ T1403]  <TASK>
[   46.399887][ T1403]  dump_stack_lvl+0x41/0x5e
[   46.404507][ T1403]  print_address_description.constprop.0.cold+0x6c/0x309
[   46.411594][ T1403]  ? ext4_search_dir+0x1df/0x260
[   46.416511][ T1403]  ? ext4_search_dir+0x1df/0x260
[   46.421719][ T1403]  kasan_report.cold+0x83/0xdf
[   46.426568][ T1403]  ? ext4_search_dir+0x1df/0x260
[   46.431501][ T1403]  ext4_search_dir+0x1df/0x260
[   46.436415][ T1403]  ext4_find_inline_entry+0x355/0x440
[   46.441872][ T1403]  ? tomoyo_path_number_perm+0x1d8/0x420
[   46.447788][ T1403]  ? ext4_try_create_inline_dir+0x290/0x290
[   46.454275][ T1403]  ? lock_downgrade+0x4f0/0x4f0
[   46.459577][ T1403]  __ext4_find_entry+0x84a/0xce0
[   46.464928][ T1403]  ? find_held_lock+0x2d/0x110
[   46.469673][ T1403]  ? ext4_dx_find_entry+0x570/0x570
[   46.474844][ T1403]  ? d_alloc_parallel+0x638/0x1010
[   46.480223][ T1403]  ext4_lookup+0x156/0x570
[   46.484641][ T1403]  ? userns_owner+0x30/0x30
[   46.489118][ T1403]  ? ext4_resetent+0x280/0x280
[   46.494037][ T1403]  ? apparmor_capget+0x6b0/0x6b0
[   46.499139][ T1403]  ? tomoyo_path_mknod+0xb5/0x130
[   46.504246][ T1403]  ? from_kgid+0x7f/0xc0
[   46.508485][ T1403]  ? ext4_resetent+0x280/0x280
[   46.513631][ T1403]  lookup_open.isra.0+0x808/0x1680
[   46.518729][ T1403]  ? vfs_tmpfile+0x2d0/0x2d0
[   46.523455][ T1403]  path_openat+0x7e3/0x2360
[   46.527970][ T1403]  ? __kasan_slab_free_mempool+0x191/0x200
[   46.534046][ T1403]  ? do_syscall_64+0x33/0x80
[   46.538618][ T1403]  ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   46.544667][ T1403]  ? path_lookupat+0x6b0/0x6b0
[   46.549422][ T1403]  ? find_held_lock+0x2d/0x110
[   46.554385][ T1403]  do_filp_open+0x199/0x3d0
[   46.558899][ T1403]  ? may_open_dev+0xd0/0xd0
[   46.563555][ T1403]  ? do_raw_spin_lock+0x120/0x2b0
[   46.568751][ T1403]  ? rwlock_bug.part.0+0x90/0x90
[   46.573771][ T1403]  ? lock_acquire+0x11a/0x230
[   46.578784][ T1403]  ? _raw_spin_unlock+0x1a/0x20
[   46.584187][ T1403]  ? alloc_fd+0x17c/0x4e0
[   46.588585][ T1403]  ? getname_flags.part.0+0x89/0x440
[   46.593951][ T1403]  do_sys_openat2+0x11e/0x400
[   46.598607][ T1403]  ? build_open_flags+0x490/0x490
[   46.603599][ T1403]  ? lock_downgrade+0x4f0/0x4f0
[   46.608422][ T1403]  __x64_sys_open+0xfd/0x1a0
[   46.612998][ T1403]  ? do_sys_open+0xe0/0xe0
[   46.617397][ T1403]  ? vtime_user_exit+0xde/0x180
[   46.622220][ T1403]  ? trace_user_exit.constprop.0+0x25/0xb0
[   46.627994][ T1403]  do_syscall_64+0x33/0x80
[   46.632450][ T1403]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   46.638339][ T1403] RIP: 0033:0x7fcdc894cb29
[   46.642790][ T1403] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   46.662377][ T1403] RSP: 002b:00007fcdc84cf0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   46.670934][ T1403] RAX: ffffffffffffffda RBX: 00007fcdc8a6bf80 RCX: 00007fcdc894cb29
[   46.678897][ T1403] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100
[   46.686840][ T1403] RBP: 00007fcdc899847a R08: 0000000000000000 R09: 0000000000000000
[   46.694783][ T1403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   46.702834][ T1403] R13: 0000000000000006 R14: 00007fcdc8a6bf80 R15: 00007fff0ef4adc8
[   46.710990][ T1403]  </TASK>
[   46.713998][ T1403] 
[   46.716398][ T1403] Allocated by task 965:
[   46.720604][ T1403]  kasan_save_stack+0x1b/0x40
[   46.725273][ T1403]  __kasan_kmalloc+0x7c/0x90
[   46.729917][ T1403]  tomoyo_realpath_from_path+0xb0/0x6d0
[   46.735446][ T1403]  tomoyo_check_open_permission+0x1fd/0x2a0
[   46.741315][ T1403]  security_file_open+0x34/0x80
[   46.746134][ T1403]  do_dentry_open+0x33f/0xfc0
[   46.750814][ T1403]  path_openat+0x1542/0x2360
[   46.755469][ T1403]  do_filp_open+0x199/0x3d0
[   46.759966][ T1403]  do_sys_openat2+0x11e/0x400
[   46.764810][ T1403]  __x64_sys_openat+0x11b/0x1d0
[   46.769726][ T1403]  do_syscall_64+0x33/0x80
[   46.774281][ T1403]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   46.780226][ T1403] 
[   46.782618][ T1403] Freed by task 965:
[   46.786475][ T1403]  kasan_save_stack+0x1b/0x40
[   46.791122][ T1403]  kasan_set_track+0x1c/0x30
[   46.795700][ T1403]  kasan_set_free_info+0x20/0x30
[   46.800630][ T1403]  __kasan_slab_free+0xe0/0x110
[   46.805638][ T1403]  kfree+0xd0/0x4c0
[   46.809428][ T1403]  tomoyo_realpath_from_path+0x16b/0x6d0
[   46.815137][ T1403]  tomoyo_check_open_permission+0x1fd/0x2a0
[   46.821009][ T1403]  security_file_open+0x34/0x80
[   46.825825][ T1403]  do_dentry_open+0x33f/0xfc0
[   46.830556][ T1403]  path_openat+0x1542/0x2360
[   46.835311][ T1403]  do_filp_open+0x199/0x3d0
[   46.839867][ T1403]  do_sys_openat2+0x11e/0x400
[   46.844691][ T1403]  __x64_sys_openat+0x11b/0x1d0
[   46.849519][ T1403]  do_syscall_64+0x33/0x80
[   46.854005][ T1403]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   46.859887][ T1403] 
[   46.862236][ T1403] The buggy address belongs to the object at ffff88810f454000
[   46.862236][ T1403]  which belongs to the cache kmalloc-4k of size 4096
[   46.876339][ T1403] The buggy address is located 1005 bytes inside of
[   46.876339][ T1403]  4096-byte region [ffff88810f454000, ffff88810f455000)
[   46.890014][ T1403] The buggy address belongs to the page:
[   46.895610][ T1403] page:ffffea00043d1400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10f450
[   46.906164][ T1403] head:ffffea00043d1400 order:3 compound_mapcount:0 compound_pincount:0
[   46.914624][ T1403] flags: 0x200000000010200(slab|head|node=0|zone=2)
[   46.921447][ T1403] raw: 0200000000010200 ffffea00043d1600 0000000200000002 ffff888100042140
[   46.930091][ T1403] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[   46.938651][ T1403] page dumped because: kasan: bad access detected
[   46.945823][ T1403] page_owner tracks the page as allocated
[   46.951599][ T1403] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 365, ts 3793935303, free_ts 0
[   46.971160][ T1403]  get_page_from_freelist+0x166f/0x2910
[   46.976680][ T1403]  __alloc_pages+0x2b3/0x590
[   46.981240][ T1403]  allocate_slab+0x2eb/0x430
[   46.985899][ T1403]  ___slab_alloc+0xb1c/0xf80
[   46.990627][ T1403]  kmem_cache_alloc_trace+0x2db/0x310
[   46.995961][ T1403]  kobject_uevent_env+0x1c8/0x10e0
[   47.001046][ T1403]  kobject_synth_uevent+0x468/0x680
[   47.006222][ T1403]  uevent_store+0x39/0x60
[   47.010515][ T1403]  kernfs_fop_write_iter+0x313/0x510
[   47.015852][ T1403]  new_sync_write+0x35d/0x5f0
[   47.020848][ T1403]  vfs_write+0x541/0x7b0
[   47.025153][ T1403]  ksys_write+0xf4/0x1d0
[   47.029378][ T1403]  do_syscall_64+0x33/0x80
[   47.033859][ T1403]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[   47.039721][ T1403] page_owner free stack trace missing
[   47.045054][ T1403] 
[   47.047368][ T1403] Memory state around the buggy address:
[   47.052975][ T1403]  ffff88810f454280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   47.061138][ T1403]  ffff88810f454300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   47.069266][ T1403] >ffff88810f454380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   47.077301][ T1403]                                                           ^
[   47.084907][ T1403]  ffff88810f454400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   47.093049][ T1403]  ffff88810f454480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   47.101420][ T1403] ==================================================================
[   47.109565][ T1403] Disabling lock debugging due to kernel taint
[   47.116021][ T1403] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   47.123565][ T1403] Kernel Offset: disabled
[   47.127974][ T1403] Rebooting in 86400 seconds..