Warning: Permanently added '10.128.10.43' (ED25519) to the list of known hosts. 2024/05/19 14:06:42 ignoring optional flag "sandboxArg"="0" 2024/05/19 14:06:42 parsed 1 programs 2024/05/19 14:06:42 executed programs: 0 [ 44.808561][ T1047] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 47.022690][ T1507] loop0: detected capacity change from 0 to 512 [ 47.030495][ T1507] EXT4-fs (loop0): Ignoring removed bh option [ 47.036632][ T1507] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 47.046909][ T1507] EXT4-fs (loop0): 1 truncate cleaned up [ 47.052668][ T1507] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none. [ 47.077787][ T1507] ================================================================== [ 47.086667][ T1507] BUG: KASAN: slab-out-of-bounds in ext4_search_dir+0x1df/0x260 [ 47.094310][ T1507] Read of size 1 at addr ffff88811f1603ed by task syz-executor.0/1507 [ 47.102739][ T1507] [ 47.105138][ T1507] CPU: 1 PID: 1507 Comm: syz-executor.0 Not tainted 5.15.159-syzkaller #0 [ 47.113620][ T1507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 47.124490][ T1507] Call Trace: [ 47.128210][ T1507] [ 47.131316][ T1507] dump_stack_lvl+0x41/0x5e [ 47.136188][ T1507] print_address_description.constprop.0.cold+0x6c/0x309 [ 47.143294][ T1507] ? ext4_search_dir+0x1df/0x260 [ 47.148487][ T1507] ? ext4_search_dir+0x1df/0x260 [ 47.153920][ T1507] kasan_report.cold+0x83/0xdf [ 47.159012][ T1507] ? ext4_search_dir+0x1df/0x260 [ 47.164116][ T1507] ext4_search_dir+0x1df/0x260 [ 47.168997][ T1507] ext4_find_inline_entry+0x355/0x440 [ 47.174356][ T1507] ? tomoyo_path_number_perm+0x1d8/0x420 [ 47.180046][ T1507] ? ext4_try_create_inline_dir+0x290/0x290 [ 47.186000][ T1507] ? lock_downgrade+0x4f0/0x4f0 [ 47.190830][ T1507] __ext4_find_entry+0x84a/0xce0 [ 47.195751][ T1507] ? find_held_lock+0x2d/0x110 [ 47.200696][ T1507] ? ext4_dx_find_entry+0x570/0x570 [ 47.205871][ T1507] ? d_alloc_parallel+0x638/0x1010 [ 47.212396][ T1507] ext4_lookup+0x156/0x570 [ 47.216875][ T1507] ? userns_owner+0x30/0x30 [ 47.221469][ T1507] ? ext4_resetent+0x280/0x280 [ 47.226316][ T1507] ? apparmor_capget+0x6b0/0x6b0 [ 47.231391][ T1507] ? tomoyo_path_mknod+0xb5/0x130 [ 47.236705][ T1507] ? from_kgid+0x7f/0xc0 [ 47.241207][ T1507] ? ext4_resetent+0x280/0x280 [ 47.245951][ T1507] lookup_open.isra.0+0x808/0x1680 [ 47.251036][ T1507] ? vfs_tmpfile+0x2d0/0x2d0 [ 47.255606][ T1507] path_openat+0x7e3/0x2360 [ 47.260096][ T1507] ? __kasan_slab_free_mempool+0x1c1/0x200 [ 47.266050][ T1507] ? do_syscall_64+0x33/0x80 [ 47.270608][ T1507] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 47.276814][ T1507] ? path_lookupat+0x6b0/0x6b0 [ 47.281566][ T1507] ? futex_wait_restart+0x210/0x210 [ 47.286870][ T1507] ? stack_trace_save+0x8c/0xc0 [ 47.291714][ T1507] ? find_held_lock+0x2d/0x110 [ 47.296531][ T1507] do_filp_open+0x199/0x3d0 [ 47.301105][ T1507] ? may_open_dev+0xd0/0xd0 [ 47.305579][ T1507] ? do_raw_spin_lock+0x120/0x2b0 [ 47.310609][ T1507] ? rwlock_bug.part.0+0x90/0x90 [ 47.315536][ T1507] ? lock_acquire+0x11a/0x230 [ 47.320314][ T1507] ? _raw_spin_unlock+0x1a/0x20 [ 47.325366][ T1507] ? alloc_fd+0x17c/0x4e0 [ 47.329762][ T1507] ? getname_flags.part.0+0x89/0x440 [ 47.335032][ T1507] do_sys_openat2+0x11e/0x400 [ 47.339691][ T1507] ? build_open_flags+0x490/0x490 [ 47.344683][ T1507] ? lock_downgrade+0x4f0/0x4f0 [ 47.349589][ T1507] __x64_sys_open+0xfd/0x1a0 [ 47.354145][ T1507] ? do_sys_open+0xe0/0xe0 [ 47.358543][ T1507] ? vtime_user_exit+0xde/0x180 [ 47.363371][ T1507] ? trace_user_exit.constprop.0+0x25/0xb0 [ 47.369211][ T1507] do_syscall_64+0x33/0x80 [ 47.373611][ T1507] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 47.379561][ T1507] RIP: 0033:0x7f78030fcb29 [ 47.383998][ T1507] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 47.403672][ T1507] RSP: 002b:00007f7802c7f0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 47.412071][ T1507] RAX: ffffffffffffffda RBX: 00007f780321bf80 RCX: 00007f78030fcb29 [ 47.420101][ T1507] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100 [ 47.428042][ T1507] RBP: 00007f780314847a R08: 0000000000000000 R09: 0000000000000000 [ 47.436000][ T1507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 47.444047][ T1507] R13: 0000000000000006 R14: 00007f780321bf80 R15: 00007ffdd223d228 [ 47.452127][ T1507] [ 47.455205][ T1507] [ 47.457500][ T1507] Allocated by task 1058: [ 47.461794][ T1507] kasan_save_stack+0x1b/0x40 [ 47.466436][ T1507] __kasan_slab_alloc+0x61/0x80 [ 47.471258][ T1507] kmem_cache_alloc+0x211/0x310 [ 47.476071][ T1507] anon_vma_clone+0xc4/0x540 [ 47.480732][ T1507] __split_vma+0x135/0x490 [ 47.485128][ T1507] mprotect_fixup+0x595/0x820 [ 47.489795][ T1507] do_mprotect_pkey+0x3c5/0x750 [ 47.494638][ T1507] __x64_sys_mprotect+0x6f/0xb0 [ 47.499463][ T1507] do_syscall_64+0x33/0x80 [ 47.503849][ T1507] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 47.509706][ T1507] [ 47.512112][ T1507] The buggy address belongs to the object at ffff88811f160380 [ 47.512112][ T1507] which belongs to the cache anon_vma_chain of size 80 [ 47.526319][ T1507] The buggy address is located 29 bytes to the right of [ 47.526319][ T1507] 80-byte region [ffff88811f160380, ffff88811f1603d0) [ 47.540007][ T1507] The buggy address belongs to the page: [ 47.545806][ T1507] page:ffffea00047c5800 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88811f160230 pfn:0x11f160 [ 47.557414][ T1507] flags: 0x200000000000200(slab|node=0|zone=2) [ 47.563636][ T1507] raw: 0200000000000200 ffffea0004472dc0 0000000300000003 ffff888100137140 [ 47.572356][ T1507] raw: ffff88811f160230 0000000080240000 00000001ffffffff 0000000000000000 [ 47.581016][ T1507] page dumped because: kasan: bad access detected [ 47.587573][ T1507] page_owner tracks the page as allocated [ 47.593253][ T1507] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 637, ts 24918580049, free_ts 24917698958 [ 47.609201][ T1507] get_page_from_freelist+0x166f/0x2910 [ 47.614802][ T1507] __alloc_pages+0x2b3/0x590 [ 47.619359][ T1507] allocate_slab+0x2eb/0x430 [ 47.624365][ T1507] ___slab_alloc+0xb1c/0xf80 [ 47.628988][ T1507] kmem_cache_alloc+0x2d7/0x310 [ 47.634008][ T1507] __anon_vma_prepare+0x45/0x4d0 [ 47.639048][ T1507] __handle_mm_fault+0x18c8/0x1ec0 [ 47.644168][ T1507] handle_mm_fault+0x1c0/0x5a0 [ 47.649194][ T1507] do_user_addr_fault+0x293/0xcb0 [ 47.654260][ T1507] exc_page_fault+0x5a/0xb0 [ 47.658845][ T1507] asm_exc_page_fault+0x22/0x30 [ 47.663875][ T1507] __clear_user+0x20/0x50 [ 47.668366][ T1507] load_elf_binary+0x3cad/0x3eb0 [ 47.673567][ T1507] bprm_execve+0x62a/0x1330 [ 47.678699][ T1507] kernel_execve+0x2dc/0x400 [ 47.684390][ T1507] call_usermodehelper_exec_async+0x2c1/0x500 [ 47.690899][ T1507] page last free stack trace: [ 47.695564][ T1507] free_pcp_prepare+0x34e/0x730 [ 47.700406][ T1507] free_unref_page+0x19/0x3b0 [ 47.706026][ T1507] tlb_finish_mmu+0x1ef/0x6c0 [ 47.710931][ T1507] exit_mmap+0x185/0x4e0 [ 47.715324][ T1507] mmput+0x90/0x390 [ 47.719185][ T1507] do_exit+0x87f/0x21d0 [ 47.723345][ T1507] do_group_exit+0xe7/0x290 [ 47.727819][ T1507] __x64_sys_exit_group+0x35/0x40 [ 47.732914][ T1507] do_syscall_64+0x33/0x80 [ 47.737613][ T1507] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 47.743675][ T1507] [ 47.745995][ T1507] Memory state around the buggy address: [ 47.752046][ T1507] ffff88811f160280: fc fc fc fc fb fb fb fb fb fb fb fb fb fb fc fc [ 47.760196][ T1507] ffff88811f160300: fc fc fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 47.768360][ T1507] >ffff88811f160380: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fb fb [ 47.776843][ T1507] ^ [ 47.784537][ T1507] ffff88811f160400: fb fb fb fb fb fb fb fb fc fc fc fc fb fb fb fb [ 47.793150][ T1507] ffff88811f160480: fb fb fb fb fb fb fc fc fc fc fb fb fb fb fb fb [ 47.801568][ T1507] ================================================================== [ 47.810017][ T1507] Disabling lock debugging due to kernel taint [ 47.816601][ T1507] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 47.824407][ T1507] Kernel Offset: disabled [ 47.828832][ T1507] Rebooting in 86400 seconds..