Warning: Permanently added '10.128.10.15' (ECDSA) to the list of known hosts. executing program [ 34.247475] ================================================================== [ 34.255029] BUG: KASAN: slab-out-of-bounds in __ext4_check_dir_entry+0x2f9/0x340 [ 34.262570] Read of size 2 at addr ffff88808ad82003 by task syz-executor689/6335 [ 34.270102] [ 34.272171] CPU: 0 PID: 6335 Comm: syz-executor689 Not tainted 4.14.175-syzkaller #0 [ 34.280035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.289461] Call Trace: [ 34.292035] dump_stack+0x13e/0x194 [ 34.295671] ? __ext4_check_dir_entry+0x2f9/0x340 [ 34.300498] print_address_description.cold+0x7c/0x1e2 [ 34.305788] ? __ext4_check_dir_entry+0x2f9/0x340 [ 34.311498] kasan_report.cold+0xa9/0x2ae [ 34.315719] __ext4_check_dir_entry+0x2f9/0x340 [ 34.320389] ext4_readdir+0x822/0x27f0 [ 34.324275] ? __ext4_check_dir_entry+0x340/0x340 [ 34.329098] ? lock_acquire+0x170/0x3f0 [ 34.333053] ? iterate_dir+0xbc/0x5e0 [ 34.336845] iterate_dir+0x1a0/0x5e0 [ 34.340895] SyS_getdents64+0x130/0x240 [ 34.344861] ? SyS_getdents+0x260/0x260 [ 34.348813] ? filldir+0x390/0x390 [ 34.352341] ? ext4_dir_llseek+0x1af/0x200 [ 34.356602] ? do_syscall_64+0x4c/0x640 [ 34.361552] ? SyS_getdents+0x260/0x260 [ 34.365570] do_syscall_64+0x1d5/0x640 [ 34.369465] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 34.374638] RIP: 0033:0x4402d9 [ 34.378104] RSP: 002b:00007fff8440f568 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 34.385812] RAX: ffffffffffffffda RBX: 00007fff8440f570 RCX: 00000000004402d9 [ 34.393241] RDX: 00000000c0000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 34.400499] RBP: 00007fff8440f570 R08: 65732f636f72702f R09: 65732f636f72702f [ 34.407755] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000401b60 [ 34.415009] R13: 0000000000401bf0 R14: 0000000000000000 R15: 0000000000000000 [ 34.422282] [ 34.423891] Allocated by task 1: [ 34.427253] save_stack+0x32/0xa0 [ 34.430689] kasan_kmalloc+0xbf/0xe0 [ 34.434382] kmem_cache_alloc+0x127/0x770 [ 34.438505] getname_flags+0xc8/0x560 [ 34.442296] user_path_at_empty+0x2a/0x50 [ 34.446512] vfs_statx+0xd1/0x160 [ 34.449951] SYSC_newlstat+0x83/0xe0 [ 34.453654] do_syscall_64+0x1d5/0x640 [ 34.457531] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 34.462790] [ 34.465085] Freed by task 1: [ 34.468089] save_stack+0x32/0xa0 [ 34.471533] kasan_slab_free+0x75/0xc0 [ 34.475398] kmem_cache_free+0x7c/0x2b0 [ 34.480317] putname+0xcd/0x110 [ 34.483588] filename_lookup+0x23a/0x380 [ 34.487708] vfs_statx+0xd1/0x160 [ 34.491287] SYSC_newlstat+0x83/0xe0 [ 34.495013] do_syscall_64+0x1d5/0x640 [ 34.498900] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 34.504181] [ 34.505857] The buggy address belongs to the object at ffff88808ad82080 [ 34.505857] which belongs to the cache names_cache of size 4096 [ 34.518605] The buggy address is located 125 bytes to the left of [ 34.518605] 4096-byte region [ffff88808ad82080, ffff88808ad83080) [ 34.530993] The buggy address belongs to the page: [ 34.535922] page:ffffea00022b6080 count:1 mapcount:0 mapping:ffff88808ad82080 index:0x0 compound_mapcount: 0 [ 34.545873] flags: 0xfffe0000008100(slab|head) [ 34.550435] raw: 00fffe0000008100 ffff88808ad82080 0000000000000000 0000000100000001 [ 34.558603] raw: ffffea0002a4f7a0 ffffea0002a31120 ffff8880aa586e40 0000000000000000 [ 34.566613] page dumped because: kasan: bad access detected [ 34.572304] [ 34.573920] Memory state around the buggy address: [ 34.578921] ffff88808ad81f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.586435] ffff88808ad81f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.593877] >ffff88808ad82000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.601220] ^ [ 34.604564] ffff88808ad82080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.611906] ffff88808ad82100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 34.619253] ================================================================== [ 34.626600] Disabling lock debugging due to kernel taint [ 34.632411] Kernel panic - not syncing: panic_on_warn set ... [ 34.632411] [ 34.639869] CPU: 0 PID: 6335 Comm: syz-executor689 Tainted: G B 4.14.175-syzkaller #0 [ 34.649070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 34.658596] Call Trace: [ 34.661186] dump_stack+0x13e/0x194 [ 34.664794] panic+0x1f9/0x42d [ 34.668328] ? add_taint.cold+0x16/0x16 [ 34.672295] ? preempt_schedule_common+0x4a/0xc0 [ 34.677045] ? __ext4_check_dir_entry+0x2f9/0x340 [ 34.681881] ? ___preempt_schedule+0x16/0x18 [ 34.686306] ? __ext4_check_dir_entry+0x2f9/0x340 [ 34.691147] kasan_end_report+0x43/0x49 [ 34.695115] kasan_report.cold+0x12f/0x2ae [ 34.699344] __ext4_check_dir_entry+0x2f9/0x340 [ 34.704019] ext4_readdir+0x822/0x27f0 [ 34.707933] ? __ext4_check_dir_entry+0x340/0x340 [ 34.712942] ? lock_acquire+0x170/0x3f0 [ 34.716946] ? iterate_dir+0xbc/0x5e0 [ 34.720741] iterate_dir+0x1a0/0x5e0 [ 34.724447] SyS_getdents64+0x130/0x240 [ 34.728530] ? SyS_getdents+0x260/0x260 [ 34.732709] ? filldir+0x390/0x390 [ 34.736236] ? ext4_dir_llseek+0x1af/0x200 [ 34.740451] ? do_syscall_64+0x4c/0x640 [ 34.744415] ? SyS_getdents+0x260/0x260 [ 34.748372] do_syscall_64+0x1d5/0x640 [ 34.752395] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 34.757580] RIP: 0033:0x4402d9 [ 34.760753] RSP: 002b:00007fff8440f568 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 34.768453] RAX: ffffffffffffffda RBX: 00007fff8440f570 RCX: 00000000004402d9 [ 34.775724] RDX: 00000000c0000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 34.782984] RBP: 00007fff8440f570 R08: 65732f636f72702f R09: 65732f636f72702f [ 34.790256] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000401b60 [ 34.797523] R13: 0000000000401bf0 R14: 0000000000000000 R15: 0000000000000000 [ 34.806660] Kernel Offset: disabled [ 34.810294] Rebooting in 86400 seconds..