Warning: Permanently added '10.128.0.194' (ED25519) to the list of known hosts. executing program [ 42.913104][ T6466] loop0: detected capacity change from 0 to 164 [ 42.924631][ T6466] ================================================================== [ 42.926656][ T6466] BUG: KASAN: slab-out-of-bounds in isofs_fh_to_parent+0x1b8/0x210 [ 42.928597][ T6466] Read of size 4 at addr ffff0000cc030d94 by task syz-executor215/6466 [ 42.930642][ T6466] [ 42.931216][ T6466] CPU: 1 UID: 0 PID: 6466 Comm: syz-executor215 Not tainted 6.14.0-rc7-syzkaller-ga2392f333575 #0 [ 42.931230][ T6466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 42.931237][ T6466] Call trace: [ 42.931240][ T6466] show_stack+0x2c/0x3c (C) [ 42.931255][ T6466] dump_stack_lvl+0xe4/0x150 [ 42.931267][ T6466] print_report+0x198/0x550 [ 42.931281][ T6466] kasan_report+0xd8/0x138 [ 42.931293][ T6466] __asan_report_load4_noabort+0x20/0x2c [ 42.931304][ T6466] isofs_fh_to_parent+0x1b8/0x210 [ 42.931316][ T6466] exportfs_decode_fh_raw+0x2dc/0x608 [ 42.931328][ T6466] do_handle_to_path+0xa0/0x198 [ 42.931340][ T6466] do_handle_open+0x8cc/0xb8c [ 42.931351][ T6466] __arm64_sys_open_by_handle_at+0x80/0x94 [ 42.931362][ T6466] invoke_syscall+0x98/0x2b8 [ 42.931373][ T6466] el0_svc_common+0x130/0x23c [ 42.931383][ T6466] do_el0_svc+0x48/0x58 [ 42.931393][ T6466] el0_svc+0x54/0x168 [ 42.931405][ T6466] el0t_64_sync_handler+0x84/0x108 [ 42.931417][ T6466] el0t_64_sync+0x198/0x19c [ 42.931429][ T6466] [ 42.957302][ T6466] Allocated by task 6466: [ 42.958421][ T6466] kasan_save_track+0x40/0x78 [ 42.959639][ T6466] kasan_save_alloc_info+0x40/0x50 [ 42.960946][ T6466] __kasan_kmalloc+0xac/0xc4 [ 42.962076][ T6466] __kmalloc_noprof+0x32c/0x54c [ 42.963426][ T6466] do_handle_open+0x5a4/0xb8c [ 42.964677][ T6466] __arm64_sys_open_by_handle_at+0x80/0x94 [ 42.966178][ T6466] invoke_syscall+0x98/0x2b8 [ 42.967319][ T6466] el0_svc_common+0x130/0x23c [ 42.968550][ T6466] do_el0_svc+0x48/0x58 [ 42.969658][ T6466] el0_svc+0x54/0x168 [ 42.970675][ T6466] el0t_64_sync_handler+0x84/0x108 [ 42.972035][ T6466] el0t_64_sync+0x198/0x19c [ 42.973161][ T6466] [ 42.973730][ T6466] The buggy address belongs to the object at ffff0000cc030d80 [ 42.973730][ T6466] which belongs to the cache kmalloc-32 of size 32 [ 42.977343][ T6466] The buggy address is located 0 bytes to the right of [ 42.977343][ T6466] allocated 20-byte region [ffff0000cc030d80, ffff0000cc030d94) [ 42.980934][ T6466] [ 42.981518][ T6466] The buggy address belongs to the physical page: [ 42.983201][ T6466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10c030 [ 42.985453][ T6466] anon flags: 0x5ffc00000000000(node=0|zone=2|lastcpupid=0x7ff) [ 42.987402][ T6466] page_type: f5(slab) [ 42.988407][ T6466] raw: 05ffc00000000000 ffff0000c0001780 0000000000000000 dead000000000001 [ 42.990631][ T6466] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 42.992840][ T6466] page dumped because: kasan: bad access detected [ 42.994496][ T6466] [ 42.995073][ T6466] Memory state around the buggy address: [ 42.996532][ T6466] ffff0000cc030c80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 42.998686][ T6466] ffff0000cc030d00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 43.000756][ T6466] >ffff0000cc030d80: 00 00 04 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 43.002772][ T6466] ^ [ 43.003962][ T6466] ffff0000cc030e00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 43.005965][ T6466] ffff0000cc030e80: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 43.007997][ T6466] ================================================================== [ 43.010695][ T6466] Disabling lock debugging due to kernel taint