Warning: Permanently added '10.128.10.6' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 39.574906] BFS-fs: bfs_fill_super(): loop0 is unclean, continuing [ 39.589772] ================================================================== [ 39.597242] BUG: KASAN: slab-out-of-bounds in find_first_zero_bit+0xa8/0xb0 [ 39.604341] Read of size 8 at addr ffff8880af4a7580 by task syz-executor346/8096 [ 39.611864] [ 39.613548] CPU: 0 PID: 8096 Comm: syz-executor346 Not tainted 4.19.211-syzkaller #0 [ 39.621522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 39.630883] Call Trace: [ 39.633459] dump_stack+0x1fc/0x2ef [ 39.637071] print_address_description.cold+0x54/0x219 [ 39.642329] kasan_report_error.cold+0x8a/0x1b9 [ 39.646982] ? find_first_zero_bit+0xa8/0xb0 [ 39.651371] __asan_report_load8_noabort+0x88/0x90 [ 39.656305] ? find_first_zero_bit+0xa8/0xb0 [ 39.660691] find_first_zero_bit+0xa8/0xb0 [ 39.664944] bfs_create+0xfb/0x610 [ 39.668487] vfs_create+0x461/0x6c0 [ 39.672116] do_mknodat.part.0+0x2ff/0x480 [ 39.676335] ? kern_path_create+0x40/0x40 [ 39.680483] ? fput+0x2b/0x190 [ 39.683670] __x64_sys_mknodat+0x116/0x160 [ 39.687917] do_syscall_64+0xf9/0x620 [ 39.691700] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.696883] RIP: 0033:0x7f402ce31dd9 [ 39.700579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 39.719470] RSP: 002b:00007ffea2303858 EFLAGS: 00000246 ORIG_RAX: 0000000000000103 [ 39.727157] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f402ce31dd9 [ 39.734402] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005 [ 39.741659] RBP: 00007f402cdf1670 R08: 0000000000000000 R09: 0000000000000000 [ 39.748908] R10: 0000000000000701 R11: 0000000000000246 R12: 00007f402cdf1700 [ 39.756165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 39.763415] [ 39.765020] Allocated by task 8096: [ 39.768635] __kmalloc+0x15a/0x3c0 [ 39.772156] bfs_fill_super+0x447/0xec0 [ 39.776107] mount_bdev+0x2fc/0x3b0 [ 39.779712] mount_fs+0xa3/0x310 [ 39.783055] vfs_kern_mount.part.0+0x68/0x470 [ 39.787524] do_mount+0x115c/0x2f50 [ 39.791129] ksys_mount+0xcf/0x130 [ 39.794646] __x64_sys_mount+0xba/0x150 [ 39.798605] do_syscall_64+0xf9/0x620 [ 39.802388] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.807564] [ 39.809178] Freed by task 9: [ 39.812185] kfree+0xcc/0x210 [ 39.815270] apparmor_task_free+0x143/0x1e0 [ 39.819571] security_task_free+0x3e/0x70 [ 39.823696] __put_task_struct+0xea/0x340 [ 39.827820] delayed_put_task_struct+0x1dc/0x320 [ 39.832552] rcu_process_callbacks+0x8ff/0x18b0 [ 39.837198] __do_softirq+0x265/0x980 [ 39.840981] [ 39.842588] The buggy address belongs to the object at ffff8880af4a7580 [ 39.842588] which belongs to the cache kmalloc-32 of size 32 [ 39.855142] The buggy address is located 0 bytes inside of [ 39.855142] 32-byte region [ffff8880af4a7580, ffff8880af4a75a0) [ 39.866728] The buggy address belongs to the page: [ 39.871633] page:ffffea0002bd29c0 count:1 mapcount:0 mapping:ffff88813bff01c0 index:0xffff8880af4a7fc1 [ 39.881051] flags: 0xfff00000000100(slab) [ 39.885179] raw: 00fff00000000100 ffffea0002bf74c8 ffff88813bff1238 ffff88813bff01c0 [ 39.893039] raw: ffff8880af4a7fc1 ffff8880af4a7000 000000010000001d 0000000000000000 [ 39.900894] page dumped because: kasan: bad access detected [ 39.906575] [ 39.908177] Memory state around the buggy address: [ 39.913089] ffff8880af4a7480: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 39.920425] ffff8880af4a7500: 00 03 fc fc fc fc fc fc 00 03 fc fc fc fc fc fc [ 39.927763] >ffff8880af4a7580: 07 fc fc fc fc fc fc fc 00 00 fc fc fc fc fc fc [ 39.935096] ^ [ 39.938450] ffff8880af4a7600: 00 00 fc fc fc fc fc fc 00 00 fc fc fc fc fc fc [ 39.945798] ffff8880af4a7680: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 39.953136] ================================================================== [ 39.960472] Disabling lock debugging due to kernel taint [ 39.968803] Kernel panic - not syncing: panic_on_warn set ... [ 39.968803] [ 39.976179] CPU: 1 PID: 8096 Comm: syz-executor346 Tainted: G B 4.19.211-syzkaller #0 [ 39.985439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 [ 39.994783] Call Trace: [ 39.997395] dump_stack+0x1fc/0x2ef [ 40.001137] panic+0x26a/0x50e [ 40.004316] ? __warn_printk+0xf3/0xf3 [ 40.008188] ? preempt_schedule_common+0x45/0xc0 [ 40.012929] ? ___preempt_schedule+0x16/0x18 [ 40.017321] ? trace_hardirqs_on+0x55/0x210 [ 40.021624] kasan_end_report+0x43/0x49 [ 40.025575] kasan_report_error.cold+0xa7/0x1b9 [ 40.030233] ? find_first_zero_bit+0xa8/0xb0 [ 40.034618] __asan_report_load8_noabort+0x88/0x90 [ 40.039524] ? find_first_zero_bit+0xa8/0xb0 [ 40.043909] find_first_zero_bit+0xa8/0xb0 [ 40.048121] bfs_create+0xfb/0x610 [ 40.051641] vfs_create+0x461/0x6c0 [ 40.055245] do_mknodat.part.0+0x2ff/0x480 [ 40.059460] ? kern_path_create+0x40/0x40 [ 40.063598] ? fput+0x2b/0x190 [ 40.066779] __x64_sys_mknodat+0x116/0x160 [ 40.070992] do_syscall_64+0xf9/0x620 [ 40.074772] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.079939] RIP: 0033:0x7f402ce31dd9 [ 40.083644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 40.102522] RSP: 002b:00007ffea2303858 EFLAGS: 00000246 ORIG_RAX: 0000000000000103 [ 40.110203] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f402ce31dd9 [ 40.117450] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005 [ 40.124695] RBP: 00007f402cdf1670 R08: 0000000000000000 R09: 0000000000000000 [ 40.131940] R10: 0000000000000701 R11: 0000000000000246 R12: 00007f402cdf1700 [ 40.139188] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 40.146509] Kernel Offset: disabled [ 40.150125] Rebooting in 86400 seconds..