Warning: Permanently added '10.128.0.235' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 519.245570] ================================================================== [ 519.253010] BUG: KASAN: slab-out-of-bounds in dbAdjTree+0x20d/0x280 [ 519.259401] Read of size 1 at addr ffff8880af2dd078 by task syz-executor423/7959 [ 519.266908] [ 519.268516] CPU: 1 PID: 7959 Comm: syz-executor423 Not tainted 4.14.295-syzkaller #0 [ 519.276368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 519.285696] Call Trace: [ 519.288261] dump_stack+0x1b2/0x281 [ 519.291864] print_address_description.cold+0x54/0x1d3 [ 519.297113] kasan_report_error.cold+0x8a/0x191 [ 519.301757] ? dbAdjTree+0x20d/0x280 [ 519.305450] __asan_report_load1_noabort+0x68/0x70 [ 519.310354] ? wake_up_page_bit+0x1b0/0x1f0 [ 519.314648] ? dbAdjTree+0x20d/0x280 [ 519.318336] dbAdjTree+0x20d/0x280 [ 519.321849] dbSplit+0xeb/0x130 [ 519.325101] dbAllocBits+0x10b/0x4a0 [ 519.328789] dbAllocDmap+0x5f/0x100 [ 519.332390] dbAlloc+0x679/0x980 [ 519.335734] diNewExt+0x5b0/0x1780 [ 519.339255] ? diAllocAG+0x1b1/0x2110 [ 519.343047] ? diAllocBit+0xd10/0xd10 [ 519.346822] diAllocAG+0x14ee/0x2110 [ 519.350510] ? diAlloc+0x89f/0x1230 [ 519.354110] ? __mutex_unlock_slowpath+0x75/0x770 [ 519.358924] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 519.364359] ? retint_kernel+0x2d/0x2d [ 519.368229] ? diUnmount+0x120/0x120 [ 519.371921] ? ___preempt_schedule_notrace+0x16/0x34 [ 519.377002] ? dbNextAG+0x2ac/0x370 [ 519.380609] diAlloc+0x69d/0x1230 [ 519.384048] ? do_raw_spin_unlock+0x164/0x220 [ 519.388522] ialloc+0x7b/0x940 [ 519.391691] jfs_mkdir.part.0+0xfd/0x7e0 [ 519.395729] ? lock_acquire+0x170/0x3f0 [ 519.399684] ? lock_downgrade+0x740/0x740 [ 519.403808] ? jfs_mknod+0x60/0x60 [ 519.407351] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 519.412428] ? debug_check_no_obj_freed+0x2c0/0x680 [ 519.417421] ? lock_acquire+0x170/0x3f0 [ 519.421368] ? lock_downgrade+0x740/0x740 [ 519.425492] ? __dquot_initialize+0x228/0xa70 [ 519.429965] ? common_perm+0x3b9/0x560 [ 519.433827] ? dquot_initialize_needed+0x240/0x240 [ 519.438733] ? map_id_up+0xe9/0x180 [ 519.442340] ? security_inode_permission+0xb5/0xf0 [ 519.447248] jfs_mkdir+0x35/0x50 [ 519.450598] vfs_mkdir+0x463/0x6e0 [ 519.454113] SyS_mkdirat+0x1fd/0x270 [ 519.457803] ? SyS_mknod+0x30/0x30 [ 519.461320] ? __close_fd+0x159/0x230 [ 519.465094] ? do_syscall_64+0x4c/0x640 [ 519.469041] ? SyS_mkdirat+0x270/0x270 [ 519.472905] do_syscall_64+0x1d5/0x640 [ 519.476769] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 519.481932] RIP: 0033:0x7f24d3892e49 [ 519.485617] RSP: 002b:00007ffc991e54c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 519.493298] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f24d3892e49 [ 519.500541] RDX: 00007f24d38513e3 RSI: 0000000000000000 RDI: 00000000200052c0 [ 519.507785] RBP: 00007f24d38526b0 R08: 00005555574f02c0 R09: 0000000000000000 [ 519.515031] R10: 00007ffc991e5390 R11: 0000000000000246 R12: 00000000f8008000 [ 519.522273] R13: 0000000000000000 R14: 00080000000000fc R15: 0000000000000000 [ 519.529521] [ 519.531122] Allocated by task 4632: [ 519.534722] kasan_kmalloc+0xeb/0x160 [ 519.538498] __kmalloc+0x15a/0x400 [ 519.542015] kernfs_fop_write+0x2fe/0x440 [ 519.546134] __vfs_write+0xe4/0x630 [ 519.549734] vfs_write+0x17f/0x4d0 [ 519.553246] SyS_write+0xf2/0x210 [ 519.556670] do_syscall_64+0x1d5/0x640 [ 519.560532] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 519.565690] [ 519.567290] Freed by task 4632: [ 519.570541] kasan_slab_free+0xc3/0x1a0 [ 519.574502] kfree+0xc9/0x250 [ 519.577580] kernfs_fop_write+0x161/0x440 [ 519.581700] __vfs_write+0xe4/0x630 [ 519.585299] vfs_write+0x17f/0x4d0 [ 519.588811] SyS_write+0xf2/0x210 [ 519.592235] do_syscall_64+0x1d5/0x640 [ 519.596094] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 519.601340] [ 519.602943] The buggy address belongs to the object at ffff8880af2dd040 [ 519.602943] which belongs to the cache kmalloc-32 of size 32 [ 519.615395] The buggy address is located 24 bytes to the right of [ 519.615395] 32-byte region [ffff8880af2dd040, ffff8880af2dd060) [ 519.627588] The buggy address belongs to the page: [ 519.632491] page:ffffea0002bcb740 count:1 mapcount:0 mapping:ffff8880af2dd000 index:0xffff8880af2ddfc1 [ 519.641906] flags: 0xfff00000000100(slab) [ 519.646028] raw: 00fff00000000100 ffff8880af2dd000 ffff8880af2ddfc1 0000000100000006 [ 519.653879] raw: ffffea0002ae6ce0 ffffea0002b06960 ffff88813fe741c0 0000000000000000 [ 519.661729] page dumped because: kasan: bad access detected [ 519.667410] [ 519.669010] Memory state around the buggy address: [ 519.673910] ffff8880af2dcf00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 519.681243] ffff8880af2dcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 519.688585] >ffff8880af2dd000: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 519.695943] ^ [ 519.703195] ffff8880af2dd080: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 519.710529] ffff8880af2dd100: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 519.717856] ================================================================== [ 519.725183] Disabling lock debugging due to kernel taint [ 519.730957] Kernel panic - not syncing: panic_on_warn set ... [ 519.730957] [ 519.738311] CPU: 1 PID: 7959 Comm: syz-executor423 Tainted: G B 4.14.295-syzkaller #0 [ 519.747481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 519.756819] Call Trace: [ 519.759399] dump_stack+0x1b2/0x281 [ 519.763022] panic+0x1f9/0x42d [ 519.766199] ? add_taint.cold+0x16/0x16 [ 519.770162] ? ___preempt_schedule+0x16/0x18 [ 519.774556] kasan_end_report+0x43/0x49 [ 519.778502] kasan_report_error.cold+0xa7/0x191 [ 519.783144] ? dbAdjTree+0x20d/0x280 [ 519.786831] __asan_report_load1_noabort+0x68/0x70 [ 519.791733] ? wake_up_page_bit+0x1b0/0x1f0 [ 519.796025] ? dbAdjTree+0x20d/0x280 [ 519.799710] dbAdjTree+0x20d/0x280 [ 519.803221] dbSplit+0xeb/0x130 [ 519.806473] dbAllocBits+0x10b/0x4a0 [ 519.810162] dbAllocDmap+0x5f/0x100 [ 519.813761] dbAlloc+0x679/0x980 [ 519.817101] diNewExt+0x5b0/0x1780 [ 519.820618] ? diAllocAG+0x1b1/0x2110 [ 519.824396] ? diAllocBit+0xd10/0xd10 [ 519.828170] diAllocAG+0x14ee/0x2110 [ 519.831854] ? diAlloc+0x89f/0x1230 [ 519.835454] ? __mutex_unlock_slowpath+0x75/0x770 [ 519.840268] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 519.845691] ? retint_kernel+0x2d/0x2d [ 519.849551] ? diUnmount+0x120/0x120 [ 519.853238] ? ___preempt_schedule_notrace+0x16/0x34 [ 519.858311] ? dbNextAG+0x2ac/0x370 [ 519.861919] diAlloc+0x69d/0x1230 [ 519.865345] ? do_raw_spin_unlock+0x164/0x220 [ 519.869811] ialloc+0x7b/0x940 [ 519.872974] jfs_mkdir.part.0+0xfd/0x7e0 [ 519.877007] ? lock_acquire+0x170/0x3f0 [ 519.880956] ? lock_downgrade+0x740/0x740 [ 519.885085] ? jfs_mknod+0x60/0x60 [ 519.888600] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 519.893677] ? debug_check_no_obj_freed+0x2c0/0x680 [ 519.898669] ? lock_acquire+0x170/0x3f0 [ 519.902618] ? lock_downgrade+0x740/0x740 [ 519.906743] ? __dquot_initialize+0x228/0xa70 [ 519.911217] ? common_perm+0x3b9/0x560 [ 519.915083] ? dquot_initialize_needed+0x240/0x240 [ 519.919985] ? map_id_up+0xe9/0x180 [ 519.923586] ? security_inode_permission+0xb5/0xf0 [ 519.928500] jfs_mkdir+0x35/0x50 [ 519.931843] vfs_mkdir+0x463/0x6e0 [ 519.935355] SyS_mkdirat+0x1fd/0x270 [ 519.939041] ? SyS_mknod+0x30/0x30 [ 519.942551] ? __close_fd+0x159/0x230 [ 519.946324] ? do_syscall_64+0x4c/0x640 [ 519.950272] ? SyS_mkdirat+0x270/0x270 [ 519.954131] do_syscall_64+0x1d5/0x640 [ 519.957995] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 519.963157] RIP: 0033:0x7f24d3892e49 [ 519.966839] RSP: 002b:00007ffc991e54c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 519.974519] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f24d3892e49 [ 519.981769] RDX: 00007f24d38513e3 RSI: 0000000000000000 RDI: 00000000200052c0 [ 519.989011] RBP: 00007f24d38526b0 R08: 00005555574f02c0 R09: 0000000000000000 [ 519.996254] R10: 00007ffc991e5390 R11: 0000000000000246 R12: 00000000f8008000 [ 520.003694] R13: 0000000000000000 R14: 00080000000000fc R15: 0000000000000000 [ 520.011124] Kernel Offset: disabled [ 520.014730] Rebooting in 86400 seconds..