Warning: Permanently added '10.128.1.199' (ED25519) to the list of known hosts. 2024/08/08 10:01:04 ignoring optional flag "sandboxArg"="0" 2024/08/08 10:01:05 parsed 1 programs 2024/08/08 10:01:05 executed programs: 0 [ 55.326229][ T944] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 60.689998][ T1404] loop0: detected capacity change from 0 to 512 [ 60.697486][ T1404] EXT4-fs: Ignoring removed bh option [ 60.703714][ T1404] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 60.715200][ T1404] EXT4-fs (loop0): 1 truncate cleaned up [ 60.720996][ T1404] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. 2024/08/08 10:01:10 executed programs: 1 [ 60.735549][ T1404] EXT4-fs error (device loop0): ext4_find_dest_de:2113: inode #12: block 7: comm syz-executor.0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=4061898738, rec_len=7079, size=56 fake=0 [ 60.761165][ T950] EXT4-fs (loop0): unmounting filesystem. [ 60.782706][ T1410] loop0: detected capacity change from 0 to 512 [ 60.789878][ T1410] EXT4-fs: Ignoring removed bh option [ 60.796076][ T1410] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 60.806531][ T1410] EXT4-fs (loop0): 1 truncate cleaned up [ 60.813017][ T1410] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 60.833700][ T1410] ================================================================== [ 60.842138][ T1410] BUG: KASAN: slab-out-of-bounds in ext4_search_dir+0x148/0x250 [ 60.849984][ T1410] Read of size 1 at addr ffff8881140ef3ed by task syz-executor.0/1410 [ 60.858224][ T1410] [ 60.860563][ T1410] CPU: 0 PID: 1410 Comm: syz-executor.0 Not tainted 6.1.103-syzkaller #0 [ 60.869323][ T1410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 60.879566][ T1410] Call Trace: [ 60.882932][ T1410] [ 60.885845][ T1410] dump_stack_lvl+0xf4/0x251 [ 60.890545][ T1410] ? nf_tcp_handle_invalid+0x2f3/0x2f3 [ 60.895996][ T1410] ? panic+0x3fe/0x3fe [ 60.900042][ T1410] ? _printk+0xca/0x10a [ 60.904189][ T1410] ? __virt_addr_valid+0x139/0x270 [ 60.909302][ T1410] ? __virt_addr_valid+0x221/0x270 [ 60.914493][ T1410] print_report+0x15f/0x4f0 [ 60.919088][ T1410] ? __virt_addr_valid+0x139/0x270 [ 60.924290][ T1410] ? __virt_addr_valid+0x221/0x270 [ 60.929491][ T1410] ? ext4_search_dir+0x148/0x250 [ 60.934430][ T1410] kasan_report+0x136/0x160 [ 60.939013][ T1410] ? ext4_search_dir+0x148/0x250 [ 60.943930][ T1410] ext4_search_dir+0x148/0x250 [ 60.948668][ T1410] ext4_find_inline_entry+0x367/0x540 [ 60.954220][ T1410] ? ext4_try_create_inline_dir+0x320/0x320 [ 60.960369][ T1410] ? tomoyo_path_number_perm+0x54d/0x6a0 [ 60.965978][ T1410] ? tomoyo_path_number_perm+0x1c3/0x6a0 [ 60.971612][ T1410] __ext4_find_entry+0x2dc/0x1a10 [ 60.976642][ T1410] ? d_alloc_parallel+0x318/0x1130 [ 60.981745][ T1410] ? dx_node_limit+0x150/0x150 [ 60.987028][ T1410] ? d_alloc_parallel+0x318/0x1130 [ 60.992591][ T1410] ext4_lookup+0x1ab/0x5f0 [ 60.997092][ T1410] ? ext4_add_entry+0x3080/0x3080 [ 61.002546][ T1410] ? inode_permission+0x56/0x320 [ 61.007480][ T1410] ? ext4_add_entry+0x3080/0x3080 [ 61.012608][ T1410] path_openat+0xdb6/0x2410 [ 61.017094][ T1410] ? do_filp_open+0x430/0x430 [ 61.021923][ T1410] ? __virt_addr_valid+0x139/0x270 [ 61.027038][ T1410] do_filp_open+0x226/0x430 [ 61.031796][ T1410] ? vfs_tmpfile+0x3e0/0x3e0 [ 61.037089][ T1410] ? _raw_spin_unlock+0x24/0x40 [ 61.042292][ T1410] ? alloc_fd+0x3dc/0x470 [ 61.046635][ T1410] do_sys_openat2+0x10b/0x3f0 [ 61.051387][ T1410] ? rcu_is_watching+0x1b/0x90 [ 61.056417][ T1410] ? do_sys_open+0x1c0/0x1c0 [ 61.061078][ T1410] ? __rseq_handle_notify_resume+0x827/0xdf0 [ 61.067154][ T1410] __x64_sys_open+0x1eb/0x240 [ 61.072398][ T1410] ? do_sys_openat2+0x3f0/0x3f0 [ 61.077339][ T1410] ? switch_fpu_return+0xc9/0x130 [ 61.083900][ T1410] do_syscall_64+0x3b/0x80 [ 61.088392][ T1410] ? clear_bhb_loop+0x45/0xa0 [ 61.093152][ T1410] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 61.099133][ T1410] RIP: 0033:0x7fd4f32b6b29 [ 61.103541][ T1410] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 61.124356][ T1410] RSP: 002b:00007fd4f2e390c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 61.133735][ T1410] RAX: ffffffffffffffda RBX: 00007fd4f33d5f80 RCX: 00007fd4f32b6b29 [ 61.142673][ T1410] RDX: 0000000000000000 RSI: 0000000000141042 RDI: 0000000020000100 [ 61.152439][ T1410] RBP: 00007fd4f330247a R08: 0000000000000000 R09: 0000000000000000 [ 61.161065][ T1410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 61.170946][ T1410] R13: 0000000000000016 R14: 00007fd4f33d5f80 R15: 00007ffc542d1ca8 [ 61.179509][ T1410] [ 61.182510][ T1410] [ 61.184899][ T1410] Allocated by task 1327: [ 61.189306][ T1410] kasan_set_track+0x4b/0x70 [ 61.193889][ T1410] __kasan_slab_alloc+0x65/0x70 [ 61.198772][ T1410] slab_post_alloc_hook+0x54/0x3e0 [ 61.203958][ T1410] kmem_cache_alloc+0x10c/0x290 [ 61.208819][ T1410] vm_area_dup+0x1b/0x90 [ 61.213134][ T1410] __split_vma+0x95/0x4a0 [ 61.217545][ T1410] do_mas_align_munmap+0x3fe/0x11e0 [ 61.222719][ T1410] do_mas_munmap+0x195/0x1f0 [ 61.227661][ T1410] mmap_region+0x708/0x1780 [ 61.232240][ T1410] do_mmap+0x69e/0xb60 [ 61.236474][ T1410] vm_mmap_pgoff+0x1b7/0x280 [ 61.241750][ T1410] ksys_mmap_pgoff+0x2cf/0x3b0 [ 61.247422][ T1410] do_syscall_64+0x3b/0x80 [ 61.252467][ T1410] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 61.258730][ T1410] [ 61.261116][ T1410] Freed by task 1327: [ 61.265638][ T1410] kasan_set_track+0x4b/0x70 [ 61.270215][ T1410] kasan_save_free_info+0x27/0x40 [ 61.275248][ T1410] ____kasan_slab_free+0x122/0x1e0 [ 61.281155][ T1410] kmem_cache_free+0x2e8/0x510 [ 61.286362][ T1410] do_mas_align_munmap+0xbb6/0x11e0 [ 61.291914][ T1410] do_mas_munmap+0x195/0x1f0 [ 61.296613][ T1410] mmap_region+0x708/0x1780 [ 61.301197][ T1410] do_mmap+0x69e/0xb60 [ 61.305279][ T1410] vm_mmap_pgoff+0x1b7/0x280 [ 61.309934][ T1410] ksys_mmap_pgoff+0x2cf/0x3b0 [ 61.314674][ T1410] do_syscall_64+0x3b/0x80 [ 61.319142][ T1410] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 61.325011][ T1410] [ 61.327597][ T1410] The buggy address belongs to the object at ffff8881140ef340 [ 61.327597][ T1410] which belongs to the cache vm_area_struct of size 144 [ 61.342163][ T1410] The buggy address is located 29 bytes to the right of [ 61.342163][ T1410] 144-byte region [ffff8881140ef340, ffff8881140ef3d0) [ 61.355930][ T1410] [ 61.358245][ T1410] The buggy address belongs to the physical page: [ 61.364932][ T1410] page:ffffea0004503bc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1140ef [ 61.375230][ T1410] flags: 0x200000000000200(slab|node=0|zone=2) [ 61.381417][ T1410] raw: 0200000000000200 ffffea000420e580 dead000000000006 ffff888100163b40 [ 61.390070][ T1410] raw: 0000000000000000 0000000000130013 00000001ffffffff 0000000000000000 [ 61.398739][ T1410] page dumped because: kasan: bad access detected [ 61.405243][ T1410] page_owner tracks the page as allocated [ 61.411770][ T1410] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 495, tgid 495 (modprobe), ts 30764894116, free_ts 30761269502 [ 61.429724][ T1410] post_alloc_hook+0x286/0x2b0 [ 61.434740][ T1410] get_page_from_freelist+0x2ba7/0x2de0 [ 61.440724][ T1410] __alloc_pages+0x251/0x640 [ 61.445738][ T1410] alloc_slab_page+0x6a/0x150 [ 61.450396][ T1410] new_slab+0x70/0x250 [ 61.454622][ T1410] ___slab_alloc+0x9df/0xe70 [ 61.459236][ T1410] kmem_cache_alloc+0x18b/0x290 [ 61.464337][ T1410] vm_area_dup+0x1b/0x90 [ 61.468848][ T1410] __split_vma+0x95/0x4a0 [ 61.473323][ T1410] do_mas_align_munmap+0xd67/0x11e0 [ 61.478511][ T1410] do_mas_munmap+0x195/0x1f0 [ 61.483252][ T1410] mmap_region+0x708/0x1780 [ 61.487822][ T1410] do_mmap+0x69e/0xb60 [ 61.491867][ T1410] vm_mmap_pgoff+0x1b7/0x280 [ 61.496436][ T1410] ksys_mmap_pgoff+0x2cf/0x3b0 [ 61.501180][ T1410] do_syscall_64+0x3b/0x80 [ 61.505588][ T1410] page last free stack trace: [ 61.510234][ T1410] free_unref_page_prepare+0xccc/0xdb0 [ 61.516226][ T1410] free_unref_page_list+0xaa/0x690 [ 61.521310][ T1410] release_pages+0x1a9e/0x1c60 [ 61.526145][ T1410] tlb_flush_mmu+0x26f/0x3d0 [ 61.530808][ T1410] tlb_finish_mmu+0xb0/0x1b0 [ 61.535611][ T1410] exit_mmap+0x311/0x700 [ 61.539918][ T1410] __mmput+0x61/0x290 [ 61.543883][ T1410] exit_mm+0x122/0x1b0 [ 61.548146][ T1410] do_exit+0x81e/0x23a0 [ 61.552285][ T1410] do_group_exit+0x1b5/0x280 [ 61.556872][ T1410] __x64_sys_exit_group+0x3b/0x40 [ 61.562115][ T1410] do_syscall_64+0x3b/0x80 [ 61.566631][ T1410] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 61.572676][ T1410] [ 61.575062][ T1410] Memory state around the buggy address: [ 61.580761][ T1410] ffff8881140ef280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.589033][ T1410] ffff8881140ef300: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 61.597348][ T1410] >ffff8881140ef380: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 61.605510][ T1410] ^ [ 61.613219][ T1410] ffff8881140ef400: fc fc fa fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.621365][ T1410] ffff8881140ef480: fb fb fb fb fc fc fc fc fc fc fc fc fa fb fb fb [ 61.629489][ T1410] ================================================================== [ 61.637876][ T1410] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 61.645390][ T1410] Kernel Offset: disabled [ 61.649788][ T1410] Rebooting in 86400 seconds..