Warning: Permanently added '10.128.0.158' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 503.684923] ================================================================== [ 503.692412] BUG: KASAN: slab-out-of-bounds in dtSplitRoot+0x140a/0x1590 [ 503.699164] Read of size 1 at addr ffff8880b5217fc0 by task syz-executor379/8101 [ 503.706688] [ 503.708323] CPU: 0 PID: 8101 Comm: syz-executor379 Not tainted 4.19.211-syzkaller #0 [ 503.716288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 503.725624] Call Trace: [ 503.728287] dump_stack+0x1fc/0x2ef [ 503.731903] print_address_description.cold+0x54/0x219 [ 503.737168] kasan_report_error.cold+0x8a/0x1b9 [ 503.741821] ? dtSplitRoot+0x140a/0x1590 [ 503.745870] __asan_report_load1_noabort+0x88/0x90 [ 503.750784] ? dtSplitRoot+0x140a/0x1590 [ 503.754828] dtSplitRoot+0x140a/0x1590 [ 503.758704] ? dtSplitPage+0x3410/0x3410 [ 503.762748] ? up_write+0x18/0x150 [ 503.766277] ? dbAlloc+0x499/0xb00 [ 503.769800] ? kmem_cache_alloc_trace+0x323/0x380 [ 503.774624] dtSplitUp+0x10ce/0x4e70 [ 503.778324] ? __lock_acquire+0x22f9/0x3ff0 [ 503.782627] ? dtSplitRoot+0x1590/0x1590 [ 503.786668] ? kfree+0xcc/0x210 [ 503.789929] ? dtSearch+0x1612/0x1ef0 [ 503.793710] ? jfs_mkdir.part.0+0x237/0x870 [ 503.798010] ? jfs_mkdir+0x3f/0x60 [ 503.801532] ? mark_held_locks+0xf0/0xf0 [ 503.805583] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 503.810934] ? txLock+0x6b1/0x1bd0 [ 503.814456] ? lock_downgrade+0x720/0x720 [ 503.818583] ? lock_acquire+0x170/0x3c0 [ 503.822536] ? txLock+0x9e/0x1bd0 [ 503.825972] ? do_raw_spin_unlock+0x171/0x230 [ 503.830446] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 503.835619] dtInsert+0x7fd/0xa00 [ 503.839072] ? dtSearch+0x1ef0/0x1ef0 [ 503.842858] ? dtSearch+0x1617/0x1ef0 [ 503.846646] ? dtInitRoot+0x2fd/0x580 [ 503.850519] jfs_mkdir.part.0+0x3ef/0x870 [ 503.854648] ? jfs_mknod+0x60/0x60 [ 503.858169] ? lock_downgrade+0x720/0x720 [ 503.862474] ? lock_acquire+0x170/0x3c0 [ 503.866434] ? trace_hardirqs_off+0x64/0x200 [ 503.870827] ? __dquot_initialize+0x298/0xb70 [ 503.875304] ? userns_put+0xb0/0xb0 [ 503.878913] ? dquot_initialize_needed+0x290/0x290 [ 503.884000] ? generic_permission+0x116/0x4d0 [ 503.888500] ? security_inode_permission+0xc5/0xf0 [ 503.893416] jfs_mkdir+0x3f/0x60 [ 503.896770] vfs_mkdir+0x508/0x7a0 [ 503.900390] do_mkdirat+0x262/0x2d0 [ 503.904002] ? __ia32_sys_mknod+0x120/0x120 [ 503.908309] ? trace_hardirqs_off_caller+0x6e/0x210 [ 503.913317] ? do_syscall_64+0x21/0x620 [ 503.917277] do_syscall_64+0xf9/0x620 [ 503.921066] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 503.926234] RIP: 0033:0x7fdddb73ffb9 [ 503.929929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 503.948867] RSP: 002b:00007ffc410adce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 503.956824] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdddb73ffb9 [ 503.964095] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 503.971346] RBP: 00007fdddb6ff820 R08: 0000000000000000 R09: 00007fdddb6ff820 [ 503.978683] R10: 0000555555b0d2c0 R11: 0000000000000246 R12: 00000000f8008000 [ 503.985932] R13: 0000000000000000 R14: 00083878000000f8 R15: 0000000000000000 [ 503.993186] [ 503.994793] Allocated by task 1: [ 503.998164] kmem_cache_alloc+0x122/0x370 [ 504.002292] __alloc_file+0x21/0x340 [ 504.005985] alloc_empty_file+0x6d/0x170 [ 504.010024] path_openat+0xe9/0x2df0 [ 504.013717] do_filp_open+0x18c/0x3f0 [ 504.017499] do_sys_open+0x3b3/0x520 [ 504.021190] do_syscall_64+0xf9/0x620 [ 504.025056] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 504.030242] [ 504.031850] Freed by task 9: [ 504.034852] kmem_cache_free+0x7f/0x260 [ 504.038831] rcu_process_callbacks+0x8ff/0x18b0 [ 504.043476] __do_softirq+0x265/0x980 [ 504.047250] [ 504.048858] The buggy address belongs to the object at ffff8880b5217cc0 [ 504.048858] which belongs to the cache filp of size 456 [ 504.060889] The buggy address is located 312 bytes to the right of [ 504.060889] 456-byte region [ffff8880b5217cc0, ffff8880b5217e88) [ 504.073258] The buggy address belongs to the page: [ 504.078182] page:ffffea0002d485c0 count:1 mapcount:0 mapping:ffff88813be45080 index:0x0 [ 504.086299] flags: 0xfff00000000100(slab) [ 504.090427] raw: 00fff00000000100 ffffea0002d48588 ffffea0002782a88 ffff88813be45080 [ 504.098285] raw: 0000000000000000 ffff8880b5217040 0000000100000006 0000000000000000 [ 504.106140] page dumped because: kasan: bad access detected [ 504.111823] [ 504.113427] Memory state around the buggy address: [ 504.118335] ffff8880b5217e80: fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 504.125670] ffff8880b5217f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 504.133007] >ffff8880b5217f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 504.140365] ^ [ 504.145800] ffff8880b5218000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 504.153145] ffff8880b5218080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 504.160481] ================================================================== [ 504.167821] Disabling lock debugging due to kernel taint [ 504.188017] Kernel panic - not syncing: panic_on_warn set ... [ 504.188017] [ 504.195425] CPU: 0 PID: 8101 Comm: syz-executor379 Tainted: G B 4.19.211-syzkaller #0 [ 504.204685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 504.214023] Call Trace: [ 504.216597] dump_stack+0x1fc/0x2ef [ 504.220205] panic+0x26a/0x50e [ 504.223376] ? __warn_printk+0xf3/0xf3 [ 504.227243] ? preempt_schedule_common+0x45/0xc0 [ 504.231979] ? ___preempt_schedule+0x16/0x18 [ 504.236366] ? trace_hardirqs_on+0x55/0x210 [ 504.240667] kasan_end_report+0x43/0x49 [ 504.244624] kasan_report_error.cold+0xa7/0x1b9 [ 504.249273] ? dtSplitRoot+0x140a/0x1590 [ 504.253314] __asan_report_load1_noabort+0x88/0x90 [ 504.258224] ? dtSplitRoot+0x140a/0x1590 [ 504.262267] dtSplitRoot+0x140a/0x1590 [ 504.266140] ? dtSplitPage+0x3410/0x3410 [ 504.270182] ? up_write+0x18/0x150 [ 504.273699] ? dbAlloc+0x499/0xb00 [ 504.277219] ? kmem_cache_alloc_trace+0x323/0x380 [ 504.282038] dtSplitUp+0x10ce/0x4e70 [ 504.285732] ? __lock_acquire+0x22f9/0x3ff0 [ 504.290032] ? dtSplitRoot+0x1590/0x1590 [ 504.294071] ? kfree+0xcc/0x210 [ 504.297329] ? dtSearch+0x1612/0x1ef0 [ 504.301105] ? jfs_mkdir.part.0+0x237/0x870 [ 504.305401] ? jfs_mkdir+0x3f/0x60 [ 504.308918] ? mark_held_locks+0xf0/0xf0 [ 504.312958] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 504.318299] ? txLock+0x6b1/0x1bd0 [ 504.321819] ? lock_downgrade+0x720/0x720 [ 504.325944] ? lock_acquire+0x170/0x3c0 [ 504.329895] ? txLock+0x9e/0x1bd0 [ 504.333327] ? do_raw_spin_unlock+0x171/0x230 [ 504.337801] ? __sanitizer_cov_trace_switch+0x4b/0x80 [ 504.342966] dtInsert+0x7fd/0xa00 [ 504.346396] ? dtSearch+0x1ef0/0x1ef0 [ 504.350176] ? dtSearch+0x1617/0x1ef0 [ 504.353955] ? dtInitRoot+0x2fd/0x580 [ 504.357731] jfs_mkdir.part.0+0x3ef/0x870 [ 504.361857] ? jfs_mknod+0x60/0x60 [ 504.365373] ? lock_downgrade+0x720/0x720 [ 504.369502] ? lock_acquire+0x170/0x3c0 [ 504.373456] ? trace_hardirqs_off+0x64/0x200 [ 504.377846] ? __dquot_initialize+0x298/0xb70 [ 504.382317] ? userns_put+0xb0/0xb0 [ 504.385920] ? dquot_initialize_needed+0x290/0x290 [ 504.390831] ? generic_permission+0x116/0x4d0 [ 504.395302] ? security_inode_permission+0xc5/0xf0 [ 504.400209] jfs_mkdir+0x3f/0x60 [ 504.403554] vfs_mkdir+0x508/0x7a0 [ 504.407072] do_mkdirat+0x262/0x2d0 [ 504.410680] ? __ia32_sys_mknod+0x120/0x120 [ 504.414980] ? trace_hardirqs_off_caller+0x6e/0x210 [ 504.419974] ? do_syscall_64+0x21/0x620 [ 504.423926] do_syscall_64+0xf9/0x620 [ 504.427707] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 504.432872] RIP: 0033:0x7fdddb73ffb9 [ 504.436562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 504.455440] RSP: 002b:00007ffc410adce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 504.463126] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fdddb73ffb9 [ 504.470461] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 504.477707] RBP: 00007fdddb6ff820 R08: 0000000000000000 R09: 00007fdddb6ff820 [ 504.484952] R10: 0000555555b0d2c0 R11: 0000000000000246 R12: 00000000f8008000 [ 504.492199] R13: 0000000000000000 R14: 00083878000000f8 R15: 0000000000000000 [ 504.499623] Kernel Offset: disabled [ 504.503229] Rebooting in 86400 seconds..