Warning: Permanently added '10.128.0.74' (ED25519) to the list of known hosts. 2025/05/26 17:40:35 ignoring optional flag "sandboxArg"="0" 2025/05/26 17:40:36 parsed 1 programs [ 72.499073][ T2676] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k 2025/05/26 17:40:45 executed programs: 0 2025/05/26 17:40:50 executed programs: 2 [ 85.235322][ T3568] loop3: detected capacity change from 0 to 262144 [ 85.249429][ T3568] ================================================================== [ 85.257525][ T3568] BUG: KASAN: slab-out-of-bounds in build_sit_entries+0x1a19/0x1c10 [ 85.265518][ T3568] Read of size 4 at addr ffff88815f844a20 by task syz.3.16/3568 [ 85.273317][ T3568] [ 85.275672][ T3568] CPU: 1 UID: 0 PID: 3568 Comm: syz.3.16 Not tainted 6.15.0-rc1-syzkaller #0 PREEMPT(undef) [ 85.275681][ T3568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 85.275686][ T3568] Call Trace: [ 85.275691][ T3568] [ 85.275695][ T3568] dump_stack_lvl+0xf4/0x170 [ 85.275708][ T3568] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.275714][ T3568] ? rcu_is_watching+0x1f/0xa0 [ 85.275722][ T3568] ? lock_release+0x42/0x2f0 [ 85.275729][ T3568] ? lock_acquire+0x69/0x210 [ 85.275736][ T3568] ? __virt_addr_valid+0x142/0x270 [ 85.275744][ T3568] ? __virt_addr_valid+0x223/0x270 [ 85.275757][ T3568] print_report+0xb4/0x290 [ 85.275764][ T3568] ? build_sit_entries+0x1a19/0x1c10 [ 85.275771][ T3568] kasan_report+0x118/0x150 [ 85.275778][ T3568] ? __up_read+0x21b/0x2f0 [ 85.275784][ T3568] ? build_sit_entries+0x1a19/0x1c10 [ 85.275791][ T3568] build_sit_entries+0x1a19/0x1c10 [ 85.275801][ T3568] ? __pfx_build_sit_entries+0x10/0x10 [ 85.275808][ T3568] ? build_curseg+0x202d/0x3250 [ 85.275817][ T3568] f2fs_build_segment_manager+0x2ac6/0x4560 [ 85.275825][ T3568] ? f2fs_fill_super+0x39a9/0x5ea0 [ 85.275834][ T3568] f2fs_fill_super+0x39a9/0x5ea0 [ 85.275847][ T3568] mount_bdev+0x1df/0x270 [ 85.275855][ T3568] ? kfree+0x44/0x3e0 [ 85.275863][ T3568] ? __pfx_f2fs_fill_super+0x10/0x10 [ 85.275869][ T3568] ? __pfx_mount_bdev+0x10/0x10 [ 85.275877][ T3568] legacy_get_tree+0xf5/0x190 [ 85.275885][ T3568] ? __pfx_f2fs_mount+0x10/0x10 [ 85.275892][ T3568] vfs_get_tree+0x84/0x1a0 [ 85.275899][ T3568] do_new_mount+0x1c7/0x850 [ 85.275907][ T3568] __se_sys_mount+0x218/0x2b0 [ 85.275914][ T3568] ? __pfx___se_sys_mount+0x10/0x10 [ 85.275921][ T3568] do_syscall_64+0x8f/0x170 [ 85.275929][ T3568] ? fpregs_assert_state_consistent+0x48/0x60 [ 85.275938][ T3568] ? clear_bhb_loop+0x25/0x80 [ 85.275945][ T3568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.275952][ T3568] RIP: 0033:0x7fa46159010a [ 85.275965][ T3568] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.275971][ T3568] RSP: 002b:00007fa4624d8e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 85.275979][ T3568] RAX: ffffffffffffffda RBX: 00007fa4624d8ef0 RCX: 00007fa46159010a [ 85.275983][ T3568] RDX: 0000200000020440 RSI: 0000200000020480 RDI: 00007fa4624d8eb0 [ 85.275987][ T3568] RBP: 0000200000020440 R08: 00007fa4624d8ef0 R09: 0000000000000000 [ 85.275991][ T3568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000020480 [ 85.275995][ T3568] R13: 00007fa4624d8eb0 R14: 000000000002041f R15: 00002000000204c0 [ 85.276001][ T3568] [ 85.276004][ T3568] [ 85.537285][ T3568] Allocated by task 3568: [ 85.541670][ T3568] kasan_save_track+0x3e/0x80 [ 85.546322][ T3568] __kasan_kmalloc+0x93/0xb0 [ 85.550884][ T3568] __kvmalloc_node_noprof+0x2e8/0x5a0 [ 85.556310][ T3568] f2fs_build_segment_manager+0x11c4/0x4560 [ 85.562268][ T3568] f2fs_fill_super+0x39a9/0x5ea0 [ 85.567180][ T3568] mount_bdev+0x1df/0x270 [ 85.571478][ T3568] legacy_get_tree+0xf5/0x190 [ 85.576129][ T3568] vfs_get_tree+0x84/0x1a0 [ 85.580572][ T3568] do_new_mount+0x1c7/0x850 [ 85.585046][ T3568] __se_sys_mount+0x218/0x2b0 [ 85.589691][ T3568] do_syscall_64+0x8f/0x170 [ 85.594167][ T3568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.600028][ T3568] [ 85.602360][ T3568] The buggy address belongs to the object at ffff88815f844000 [ 85.602360][ T3568] which belongs to the cache kmalloc-4k of size 4096 [ 85.616381][ T3568] The buggy address is located 0 bytes to the right of [ 85.616381][ T3568] allocated 2592-byte region [ffff88815f844000, ffff88815f844a20) [ 85.630939][ T3568] [ 85.633513][ T3568] The buggy address belongs to the physical page: [ 85.639895][ T3568] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x15f840 [ 85.648718][ T3568] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 85.657195][ T3568] flags: 0x100000000000040(head|node=0|zone=2) [ 85.663325][ T3568] page_type: f5(slab) [ 85.667279][ T3568] raw: 0100000000000040 ffff888100042140 ffffea0004443400 dead000000000002 [ 85.675839][ T3568] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 85.684414][ T3568] head: 0100000000000040 ffff888100042140 ffffea0004443400 dead000000000002 [ 85.693064][ T3568] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 85.701724][ T3568] head: 0100000000000003 ffffea00057e1001 00000000ffffffff 00000000ffffffff [ 85.710362][ T3568] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 85.719018][ T3568] page dumped because: kasan: bad access detected [ 85.725514][ T3568] page_owner tracks the page as allocated [ 85.731201][ T3568] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3146, tgid 3146 (syz-executor), ts 79157622825, free_ts 50082754089 [ 85.751916][ T3568] post_alloc_hook+0xec/0x120 [ 85.756567][ T3568] get_page_from_freelist+0x3bee/0x3d50 [ 85.762082][ T3568] __alloc_frozen_pages_noprof+0x26b/0x460 [ 85.767944][ T3568] alloc_pages_mpol+0x150/0x320 [ 85.772764][ T3568] allocate_slab+0x8a/0x350 [ 85.777411][ T3568] ___slab_alloc+0x9dc/0x10e0 [ 85.782066][ T3568] __kmalloc_noprof+0x2e8/0x500 [ 85.786974][ T3568] tomoyo_realpath_from_path+0xf5/0x550 [ 85.792550][ T3568] tomoyo_check_open_permission+0x1a6/0x520 [ 85.798409][ T3568] security_file_open+0x4d/0x100 [ 85.803317][ T3568] do_dentry_open+0x304/0x1520 [ 85.808065][ T3568] vfs_open+0x36/0x2b0 [ 85.812103][ T3568] path_openat+0x23e3/0x2bb0 [ 85.816672][ T3568] do_filp_open+0x1e4/0x3c0 [ 85.821142][ T3568] do_sys_openat2+0xfa/0x180 [ 85.825696][ T3568] __x64_sys_openat+0xf3/0x120 [ 85.830431][ T3568] page last free pid 1754 tgid 1748 stack trace: [ 85.836828][ T3568] free_unref_folios+0xb52/0x12c0 [ 85.841921][ T3568] folios_put_refs+0x3af/0x4b0 [ 85.846751][ T3568] free_pages_and_swap_cache+0x20d/0x3c0 [ 85.852363][ T3568] tlb_flush_mmu+0x2ba/0x500 [ 85.856924][ T3568] tlb_finish_mmu+0xaa/0x190 [ 85.861773][ T3568] exit_mmap+0x3b5/0x8b0 [ 85.865982][ T3568] __mmput+0x9c/0x320 [ 85.869930][ T3568] exit_mm+0x11b/0x1b0 [ 85.873968][ T3568] do_exit+0x66b/0x2020 [ 85.878091][ T3568] do_group_exit+0x1b1/0x280 [ 85.882649][ T3568] get_signal+0xd79/0xeb0 [ 85.886947][ T3568] arch_do_signal_or_restart+0x90/0x5c0 [ 85.892459][ T3568] syscall_exit_to_user_mode+0x68/0xc0 [ 85.897889][ T3568] do_syscall_64+0x9c/0x170 [ 85.902706][ T3568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.908571][ T3568] [ 85.910868][ T3568] Memory state around the buggy address: [ 85.916555][ T3568] ffff88815f844900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.924672][ T3568] ffff88815f844980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 85.932712][ T3568] >ffff88815f844a00: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 85.940748][ T3568] ^ [ 85.945924][ T3568] ffff88815f844a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 85.953952][ T3568] ffff88815f844b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 85.961982][ T3568] ================================================================== [ 85.970159][ T3568] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 85.977637][ T3568] Kernel Offset: disabled [ 85.981942][ T3568] Rebooting in 86400 seconds..