================================================================== BUG: KASAN: slab-out-of-bounds in filldir+0xc8/0x170 at addr ffff88006a22560e Read of size 20 by task systemd/1 ============================================================================= BUG kmalloc-96 (Not tainted): kasan: bad access detected ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: Allocated in ext4_htree_store_dirent+0x3e/0x120 age=3 cpu=1 pid=1 [< none >] ___slab_alloc+0x636/0x6a0 mm/slub.c:2446 [< none >] __slab_alloc+0x4f/0x86 mm/slub.c:2475 [< inline >] slab_alloc_node mm/slub.c:2538 [< inline >] slab_alloc mm/slub.c:2580 [< none >] __kmalloc+0x27a/0x340 mm/slub.c:3561 [< inline >] kmalloc include/linux/slab.h:483 [< inline >] kzalloc include/linux/slab.h:622 [< none >] ext4_htree_store_dirent+0x3e/0x120 fs/ext4/dir.c:447 [< none >] htree_dirblock_to_tree+0x16a/0x190 fs/ext4/namei.c:1001 [< none >] ext4_htree_fill_tree+0xaa/0x310 fs/ext4/namei.c:1075 [< inline >] ext4_dx_readdir fs/ext4/dir.c:571 [< none >] ext4_readdir+0x698/0x950 fs/ext4/dir.c:121 [< none >] iterate_dir+0x7d/0x190 fs/readdir.c:50 [< inline >] SYSC_getdents fs/readdir.c:230 [< none >] SyS_getdents+0x91/0x120 fs/readdir.c:212 [< none >] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 INFO: Freed in ext4_ext_map_blocks+0x7f9/0x23e0 age=6 cpu=1 pid=1 [< none >] __slab_free+0x31b/0x440 mm/slub.c:2657 [< inline >] slab_free mm/slub.c:2810 [< none >] kfree+0x27f/0x2d0 mm/slub.c:3662 [< none >] ext4_ext_map_blocks+0x7f9/0x23e0 fs/ext4/extents.c:4619 [< none >] ext4_map_blocks+0x3b4/0x5b0 fs/ext4/inode.c:529 [< none >] ext4_getblk+0x54/0x1a0 fs/ext4/inode.c:929 [< none >] ext4_bread+0x13/0x90 fs/ext4/inode.c:979 [< none >] __ext4_read_dirblock+0x3f/0x380 fs/ext4/namei.c:99 [< none >] htree_dirblock_to_tree+0x48/0x190 fs/ext4/namei.c:959 [< none >] ext4_htree_fill_tree+0xaa/0x310 fs/ext4/namei.c:1075 [< inline >] ext4_dx_readdir fs/ext4/dir.c:571 [< none >] ext4_readdir+0x698/0x950 fs/ext4/dir.c:121 [< none >] iterate_dir+0x7d/0x190 fs/readdir.c:50 [< inline >] SYSC_getdents fs/readdir.c:230 [< none >] SyS_getdents+0x91/0x120 fs/readdir.c:212 [< none >] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 INFO: Slab 0xffffea0001a88900 objects=20 used=17 fp=0xffff88006a224c80 flags=0x4080 INFO: Object 0xffff88006a2255e0 @offset=5600 fp=0x45b282a2484c60d4 Bytes b4 ffff88006a2255d0: 01 00 00 00 01 00 00 00 6e b0 fb ff 00 00 00 00 ........n....... Object ffff88006a2255e0: d4 60 4c 48 a2 82 b2 45 88 8b 82 6a 00 88 ff ff .`LH...E...j.... Object ffff88006a2255f0: 38 51 22 6a 00 88 ff ff 78 98 82 6a 00 88 ff ff 8Q"j....x..j.... Object ffff88006a225600: 00 00 00 00 00 00 00 00 28 03 08 00 14 01 66 62 ........(.....fb Object ffff88006a225610: 64 65 76 2d 62 6c 61 63 6b 6c 69 73 74 2e 63 6f dev-blacklist.co Object ffff88006a225620: 6e 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 nf.............. Object ffff88006a225630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ CPU: 1 PID: 1 Comm: systemd Tainted: G B 4.7.0-nbor #188 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 0000000000000000 ffff88006cd97c58 ffffffff8146bd4c ffff8800000946c0 ffff88006a2255e0 ffff88006cd97c88 ffffffff81198d96 ffff8800000946c0 ffffea0001a88900 ffff88006a2255e0 0000000000000000 ffff88006cd97cb0 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0x85/0xc9 lib/dump_stack.c:51 [] print_trailer+0x116/0x190 mm/slub.c:667 [] object_err+0x41/0x50 mm/slub.c:674 [< inline >] print_address_description mm/kasan/report.c:180 [< inline >] kasan_report_error mm/kasan/report.c:276 [] kasan_report+0x282/0x530 mm/kasan/report.c:298 [< inline >] check_memory_region_inline mm/kasan/kasan.c:292 [] check_memory_region+0x137/0x160 mm/kasan/kasan.c:299 [] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:304 [< inline >] copy_to_user ./arch/x86/include/asm/uaccess.h:760 [] filldir+0xc8/0x170 fs/readdir.c:195 [< inline >] dir_emit include/linux/fs.h:3134 [] call_filldir+0x88/0x140 fs/ext4/dir.c:510 [< inline >] ext4_dx_readdir fs/ext4/dir.c:586 [] ext4_readdir+0x714/0x950 fs/ext4/dir.c:121 [] iterate_dir+0x7d/0x190 fs/readdir.c:50 [< inline >] SYSC_getdents fs/readdir.c:230 [] SyS_getdents+0x91/0x120 fs/readdir.c:212 [] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 Memory state around the buggy address: ffff88006a225500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88006a225580: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 >ffff88006a225600: 00 00 00 00 05 fc fc fc fc fc fc fc fc fc fc fc ^ ffff88006a225680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88006a225700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 ================================================================== ================================================================== BUG: KASAN: slab-out-of-bounds in filldir+0xc8/0x170 at addr ffff88006a224e3e Read of size 27 by task systemd/1 ============================================================================= BUG kmalloc-96 (Tainted: G B ): kasan: bad access detected ----------------------------------------------------------------------------- INFO: Allocated in ext4_htree_store_dirent+0x3e/0x120 age=39 cpu=1 pid=1 [< none >] ___slab_alloc+0x636/0x6a0 mm/slub.c:2446 [< none >] __slab_alloc+0x4f/0x86 mm/slub.c:2475 [< inline >] slab_alloc_node mm/slub.c:2538 [< inline >] slab_alloc mm/slub.c:2580 [< none >] __kmalloc+0x27a/0x340 mm/slub.c:3561 [< inline >] kmalloc include/linux/slab.h:483 [< inline >] kzalloc include/linux/slab.h:622 [< none >] ext4_htree_store_dirent+0x3e/0x120 fs/ext4/dir.c:447 [< none >] htree_dirblock_to_tree+0x16a/0x190 fs/ext4/namei.c:1001 [< none >] ext4_htree_fill_tree+0xaa/0x310 fs/ext4/namei.c:1075 [< inline >] ext4_dx_readdir fs/ext4/dir.c:571 [< none >] ext4_readdir+0x698/0x950 fs/ext4/dir.c:121 [< none >] iterate_dir+0x7d/0x190 fs/readdir.c:50 [< inline >] SYSC_getdents fs/readdir.c:230 [< none >] SyS_getdents+0x91/0x120 fs/readdir.c:212 [< none >] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 INFO: Slab 0xffffea0001a88900 objects=20 used=17 fp=0xffff88006a224c80 flags=0x4080 INFO: Object 0xffff88006a224e10 @offset=3600 fp=0x3a131cf85779a612 Bytes b4 ffff88006a224e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a224e10: 12 a6 79 57 f8 1c 13 3a 38 51 22 6a 00 88 ff ff ..yW...:8Q"j.... Object ffff88006a224e20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a224e30: 00 00 00 00 00 00 00 00 8e 02 08 00 1b 01 62 6c ..............bl Object ffff88006a224e40: 61 63 6b 6c 69 73 74 2d 72 61 72 65 2d 6e 65 74 acklist-rare-net Object ffff88006a224e50: 77 6f 72 6b 2e 63 6f 6e 66 00 00 00 00 00 00 00 work.conf....... Object ffff88006a224e60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ CPU: 1 PID: 1 Comm: systemd Tainted: G B 4.7.0-nbor #188 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 0000000000000000 ffff88006cd97c58 ffffffff8146bd4c ffff8800000946c0 ffff88006a224e10 ffff88006cd97c88 ffffffff81198d96 ffff8800000946c0 ffffea0001a88900 ffff88006a224e10 0000000000000000 ffff88006cd97cb0 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0x85/0xc9 lib/dump_stack.c:51 [] print_trailer+0x116/0x190 mm/slub.c:667 [] object_err+0x41/0x50 mm/slub.c:674 [< inline >] print_address_description mm/kasan/report.c:180 [< inline >] kasan_report_error mm/kasan/report.c:276 [] kasan_report+0x282/0x530 mm/kasan/report.c:298 [< inline >] check_memory_region_inline mm/kasan/kasan.c:292 [] check_memory_region+0x137/0x160 mm/kasan/kasan.c:299 [] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:304 [< inline >] copy_to_user ./arch/x86/include/asm/uaccess.h:760 [] filldir+0xc8/0x170 fs/readdir.c:195 [< inline >] dir_emit include/linux/fs.h:3134 [] call_filldir+0x88/0x140 fs/ext4/dir.c:510 [< inline >] ext4_dx_readdir fs/ext4/dir.c:586 [] ext4_readdir+0x714/0x950 fs/ext4/dir.c:121 [] iterate_dir+0x7d/0x190 fs/readdir.c:50 [< inline >] SYSC_getdents fs/readdir.c:230 [] SyS_getdents+0x91/0x120 fs/readdir.c:212 [] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 Memory state around the buggy address: ffff88006a224d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88006a224d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff88006a224e00: fc fc 00 00 00 00 00 00 00 00 00 04 fc fc fc fc ^ ffff88006a224e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88006a224f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== ================================================================== BUG: KASAN: slab-out-of-bounds in filldir+0xc8/0x170 at addr ffff88006a22547e Read of size 22 by task systemd/1 ============================================================================= BUG kmalloc-96 (Tainted: G B ): kasan: bad access detected ----------------------------------------------------------------------------- INFO: Allocated in ext4_htree_store_dirent+0x3e/0x120 age=66 cpu=1 pid=1 [< none >] ___slab_alloc+0x636/0x6a0 mm/slub.c:2446 [< none >] __slab_alloc+0x4f/0x86 mm/slub.c:2475 [< inline >] slab_alloc_node mm/slub.c:2538 [< inline >] slab_alloc mm/slub.c:2580 [< none >] __kmalloc+0x27a/0x340 mm/slub.c:3561 [< inline >] kmalloc include/linux/slab.h:483 [< inline >] kzalloc include/linux/slab.h:622 [< none >] ext4_htree_store_dirent+0x3e/0x120 fs/ext4/dir.c:447 [< none >] htree_dirblock_to_tree+0x16a/0x190 fs/ext4/namei.c:1001 [< none >] ext4_htree_fill_tree+0xaa/0x310 fs/ext4/namei.c:1075 [< inline >] ext4_dx_readdir fs/ext4/dir.c:571 [< none >] ext4_readdir+0x698/0x950 fs/ext4/dir.c:121 [< none >] iterate_dir+0x7d/0x190 fs/readdir.c:50 [< inline >] SYSC_getdents fs/readdir.c:230 [< none >] SyS_getdents+0x91/0x120 fs/readdir.c:212 [< none >] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 INFO: Freed in detach_buf+0x95/0xb0 age=120 cpu=1 pid=1 [< none >] __slab_free+0x31b/0x440 mm/slub.c:2657 [< inline >] slab_free mm/slub.c:2810 [< none >] kfree+0x27f/0x2d0 mm/slub.c:3662 [< none >] detach_buf+0x95/0xb0 drivers/virtio/virtio_ring.c:623 [< none >] virtqueue_get_buf+0x72/0x100 drivers/virtio/virtio_ring.c:687 [< none >] virtblk_done+0x79/0xe0 drivers/block/virtio_blk.c:146 [< none >] vring_interrupt+0x31/0x50 drivers/virtio/virtio_ring.c:892 [< none >] handle_irq_event_percpu+0x77/0x370 kernel/irq/handle.c:145 [< none >] handle_irq_event+0x44/0x70 kernel/irq/handle.c:192 [< none >] handle_edge_irq+0xa7/0x130 kernel/irq/chip.c:623 [< inline >] generic_handle_irq_desc include/linux/irqdesc.h:147 [< none >] handle_irq+0x1d/0x30 arch/x86/kernel/irq_64.c:78 do_IRQ+0x72/0x140 [< none >] ret_from_intr+0x0/0x20 arch/x86/entry/entry_64.S:482 [< inline >] slab_alloc_node mm/slub.c:2538 [< inline >] slab_alloc mm/slub.c:2580 [< none >] kmem_cache_alloc+0x229/0x2d0 mm/slub.c:2585 [< none >] mempool_alloc_slab+0x15/0x20 mm/mempool.c:461 [< none >] mempool_alloc+0x7a/0x190 mm/mempool.c:340 [< none >] bio_alloc_bioset+0x107/0x1e0 block/bio.c:469 INFO: Slab 0xffffea0001a88900 objects=20 used=17 fp=0xffff88006a224c80 flags=0x4080 INFO: Object 0xffff88006a225450 @offset=5200 fp=0x6d74c0b2854baae8 Bytes b4 ffff88006a225440: 01 00 00 00 01 00 00 00 6e b0 fb ff 00 00 00 00 ........n....... Object ffff88006a225450: e8 aa 4b 85 b2 c0 74 6d 38 51 22 6a 00 88 ff ff ..K...tm8Q"j.... Object ffff88006a225460: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a225470: 00 00 00 00 00 00 00 00 92 02 08 00 16 01 62 6c ..............bl Object ffff88006a225480: 61 63 6b 6c 69 73 74 2d 61 74 68 5f 70 63 69 2e acklist-ath_pci. Object ffff88006a225490: 63 6f 6e 66 00 00 00 00 00 00 00 00 00 00 00 00 conf............ Object ffff88006a2254a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ CPU: 1 PID: 1 Comm: systemd Tainted: G B 4.7.0-nbor #188 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 0000000000000000 ffff88006cd97c58 ffffffff8146bd4c ffff8800000946c0 ffff88006a225450 ffff88006cd97c88 ffffffff81198d96 ffff8800000946c0 ffffea0001a88900 ffff88006a225450 0000000000000000 ffff88006cd97cb0 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0x85/0xc9 lib/dump_stack.c:51 [] print_trailer+0x116/0x190 mm/slub.c:667 [] object_err+0x41/0x50 mm/slub.c:674 [< inline >] print_address_description mm/kasan/report.c:180 [< inline >] kasan_report_error mm/kasan/report.c:276 [] kasan_report+0x282/0x530 mm/kasan/report.c:298 [< inline >] check_memory_region_inline mm/kasan/kasan.c:292 [] check_memory_region+0x137/0x160 mm/kasan/kasan.c:299 [] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:304 [< inline >] copy_to_user ./arch/x86/include/asm/uaccess.h:760 [] filldir+0xc8/0x170 fs/readdir.c:195 [< inline >] dir_emit include/linux/fs.h:3134 [] call_filldir+0x88/0x140 fs/ext4/dir.c:510 [< inline >] ext4_dx_readdir fs/ext4/dir.c:586 [] ext4_readdir+0x714/0x950 fs/ext4/dir.c:121 [] iterate_dir+0x7d/0x190 fs/readdir.c:50 [< inline >] SYSC_getdents fs/readdir.c:230 [] SyS_getdents+0x91/0x120 fs/readdir.c:212 [] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 Memory state around the buggy address: ffff88006a225380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88006a225400: fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00 >ffff88006a225480: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff88006a225500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88006a225580: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 ================================================================== ================================================================== BUG: KASAN: slab-out-of-bounds in filldir+0xc8/0x170 at addr ffff88006a828e8e Read of size 14 by task systemd/1 ============================================================================= BUG kmalloc-64 (Tainted: G B ): kasan: bad access detected ----------------------------------------------------------------------------- INFO: Allocated in ext4_htree_store_dirent+0x3e/0x120 age=102 cpu=1 pid=1 [< none >] ___slab_alloc+0x636/0x6a0 mm/slub.c:2446 [< none >] __slab_alloc+0x4f/0x86 mm/slub.c:2475 [< inline >] slab_alloc_node mm/slub.c:2538 [< inline >] slab_alloc mm/slub.c:2580 [< none >] __kmalloc+0x27a/0x340 mm/slub.c:3561 [< inline >] kmalloc include/linux/slab.h:483 [< inline >] kzalloc include/linux/slab.h:622 [< none >] ext4_htree_store_dirent+0x3e/0x120 fs/ext4/dir.c:447 [< none >] htree_dirblock_to_tree+0x16a/0x190 fs/ext4/namei.c:1001 [< none >] ext4_htree_fill_tree+0xaa/0x310 fs/ext4/namei.c:1075 [< inline >] ext4_dx_readdir fs/ext4/dir.c:571 [< none >] ext4_readdir+0x698/0x950 fs/ext4/dir.c:121 [< none >] iterate_dir+0x7d/0x190 fs/readdir.c:50 [< inline >] SYSC_getdents fs/readdir.c:230 [< none >] SyS_getdents+0x91/0x120 fs/readdir.c:212 [< none >] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 INFO: Freed in detach_buf+0x95/0xb0 age=130 cpu=0 pid=0 [< none >] __slab_free+0x31b/0x440 mm/slub.c:2657 [< inline >] slab_free mm/slub.c:2810 [< none >] kfree+0x27f/0x2d0 mm/slub.c:3662 [< none >] detach_buf+0x95/0xb0 drivers/virtio/virtio_ring.c:623 [< none >] virtqueue_get_buf+0x72/0x100 drivers/virtio/virtio_ring.c:687 [< none >] virtblk_done+0x79/0xe0 drivers/block/virtio_blk.c:146 [< none >] vring_interrupt+0x31/0x50 drivers/virtio/virtio_ring.c:892 [< none >] handle_irq_event_percpu+0x77/0x370 kernel/irq/handle.c:145 [< none >] handle_irq_event+0x44/0x70 kernel/irq/handle.c:192 [< none >] handle_edge_irq+0xa7/0x130 kernel/irq/chip.c:623 [< inline >] generic_handle_irq_desc include/linux/irqdesc.h:147 [< none >] handle_irq+0x1d/0x30 arch/x86/kernel/irq_64.c:78 do_IRQ+0x72/0x140 [< none >] ret_from_intr+0x0/0x20 arch/x86/entry/entry_64.S:482 [< inline >] arch_safe_halt ./arch/x86/include/asm/paravirt.h:107 [< none >] default_idle+0x23/0x180 arch/x86/kernel/process.c:306 [< none >] arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:297 [< none >] default_idle_call+0x2f/0x50 kernel/sched/idle.c:93 [< inline >] cpuidle_idle_call kernel/sched/idle.c:151 [< inline >] cpu_idle_loop kernel/sched/idle.c:242 [< none >] cpu_startup_entry+0x2d6/0x410 kernel/sched/idle.c:291 INFO: Slab 0xffffea0001aa0a00 objects=22 used=16 fp=0xffff88006a8285c0 flags=0x4080 INFO: Object 0xffff88006a828e60 @offset=3680 fp=0x943db016b8e469b2 Bytes b4 ffff88006a828e50: 00 00 00 00 00 00 00 00 8f b0 fb ff 00 00 00 00 ................ Object ffff88006a828e60: b2 69 e4 b8 16 b0 3d 94 28 94 82 6a 00 88 ff ff .i....=.(..j.... Object ffff88006a828e70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a828e80: 00 00 00 00 00 00 00 00 8f 02 08 00 0e 01 62 6c ..............bl Object ffff88006a828e90: 61 63 6b 6c 69 73 74 2e 63 6f 6e 66 00 00 00 00 acklist.conf.... CPU: 1 PID: 1 Comm: systemd Tainted: G B 4.7.0-nbor #188 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 0000000000000000 ffff88006cd97c58 ffffffff8146bd4c ffff880000097840 ffff88006a828e60 ffff88006cd97c88 ffffffff81198d96 ffff880000097840 ffffea0001aa0a00 ffff88006a828e60 0000000000000000 ffff88006cd97cb0 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0x85/0xc9 lib/dump_stack.c:51 [] print_trailer+0x116/0x190 mm/slub.c:667 [] object_err+0x41/0x50 mm/slub.c:674 [< inline >] print_address_description mm/kasan/report.c:180 [< inline >] kasan_report_error mm/kasan/report.c:276 [] kasan_report+0x282/0x530 mm/kasan/report.c:298 [< inline >] check_memory_region_inline mm/kasan/kasan.c:292 [] check_memory_region+0x137/0x160 mm/kasan/kasan.c:299 [] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:304 [< inline >] copy_to_user ./arch/x86/include/asm/uaccess.h:760 [] filldir+0xc8/0x170 fs/readdir.c:195 [< inline >] dir_emit include/linux/fs.h:3134 [] call_filldir+0x88/0x140 fs/ext4/dir.c:510 [< inline >] ext4_dx_readdir fs/ext4/dir.c:586 [] ext4_readdir+0x714/0x950 fs/ext4/dir.c:121 [] iterate_dir+0x7d/0x190 fs/readdir.c:50 [< inline >] SYSC_getdents fs/readdir.c:230 [] SyS_getdents+0x91/0x120 fs/readdir.c:212 [] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 Memory state around the buggy address: ffff88006a828d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88006a828e00: fc fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 >ffff88006a828e80: 00 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff88006a828f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88006a828f80: fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 fc ================================================================== ================================================================== BUG: KASAN: slab-out-of-bounds in filldir+0xc8/0x170 at addr ffff88006a82944e Read of size 12 by task systemd/1 ============================================================================= BUG kmalloc-64 (Tainted: G B ): kasan: bad access detected ----------------------------------------------------------------------------- INFO: Allocated in ext4_htree_store_dirent+0x3e/0x120 age=135 cpu=1 pid=1 [< none >] ___slab_alloc+0x636/0x6a0 mm/slub.c:2446 [< none >] __slab_alloc+0x4f/0x86 mm/slub.c:2475 [< inline >] slab_alloc_node mm/slub.c:2538 [< inline >] slab_alloc mm/slub.c:2580 [< none >] __kmalloc+0x27a/0x340 mm/slub.c:3561 [< inline >] kmalloc include/linux/slab.h:483 [< inline >] kzalloc include/linux/slab.h:622 [< none >] ext4_htree_store_dirent+0x3e/0x120 fs/ext4/dir.c:447 [< none >] htree_dirblock_to_tree+0x16a/0x190 fs/ext4/namei.c:1001 [< none >] ext4_htree_fill_tree+0xaa/0x310 fs/ext4/namei.c:1075 [< inline >] ext4_dx_readdir fs/ext4/dir.c:571 [< none >] ext4_readdir+0x698/0x950 fs/ext4/dir.c:121 [< none >] iterate_dir+0x7d/0x190 fs/readdir.c:50 [< inline >] SYSC_getdents fs/readdir.c:230 [< none >] SyS_getdents+0x91/0x120 fs/readdir.c:212 [< none >] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 INFO: Freed in detach_buf+0x95/0xb0 age=153 cpu=2 pid=0 [< none >] __slab_free+0x31b/0x440 mm/slub.c:2657 [< inline >] slab_free mm/slub.c:2810 [< none >] kfree+0x27f/0x2d0 mm/slub.c:3662 [< none >] detach_buf+0x95/0xb0 drivers/virtio/virtio_ring.c:623 [< none >] virtqueue_get_buf+0x72/0x100 drivers/virtio/virtio_ring.c:687 [< none >] virtblk_done+0x79/0xe0 drivers/block/virtio_blk.c:146 [< none >] vring_interrupt+0x31/0x50 drivers/virtio/virtio_ring.c:892 [< none >] handle_irq_event_percpu+0x77/0x370 kernel/irq/handle.c:145 [< none >] handle_irq_event+0x44/0x70 kernel/irq/handle.c:192 [< none >] handle_edge_irq+0xa7/0x130 kernel/irq/chip.c:623 [< inline >] generic_handle_irq_desc include/linux/irqdesc.h:147 [< none >] handle_irq+0x1d/0x30 arch/x86/kernel/irq_64.c:78 do_IRQ+0x72/0x140 [< none >] ret_from_intr+0x0/0x20 arch/x86/entry/entry_64.S:482 [< inline >] arch_safe_halt ./arch/x86/include/asm/paravirt.h:107 [< none >] default_idle+0x23/0x180 arch/x86/kernel/process.c:306 [< none >] arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:297 [< none >] default_idle_call+0x2f/0x50 kernel/sched/idle.c:93 [< inline >] cpuidle_idle_call kernel/sched/idle.c:151 [< inline >] cpu_idle_loop kernel/sched/idle.c:242 [< none >] cpu_startup_entry+0x2d6/0x410 kernel/sched/idle.c:291 INFO: Slab 0xffffea0001aa0a00 objects=22 used=16 fp=0xffff88006a8285c0 flags=0x4080 INFO: Object 0xffff88006a829420 @offset=5152 fp=0xfb71dea2cae00e56 Bytes b4 ffff88006a829410: 02 00 00 00 00 00 00 00 8d b0 fb ff 00 00 00 00 ................ Object ffff88006a829420: 56 0e e0 ca a2 de 71 fb f9 8c 82 6a 00 88 ff ff V.....q....j.... Object ffff88006a829430: 00 00 00 00 00 00 00 00 68 8e 82 6a 00 88 ff ff ........h..j.... Object ffff88006a829440: 00 00 00 00 00 00 00 00 91 02 08 00 0c 01 69 77 ..............iw Object ffff88006a829450: 6c 77 69 66 69 2e 63 6f 6e 66 00 00 00 00 00 00 lwifi.conf...... CPU: 1 PID: 1 Comm: systemd Tainted: G B 4.7.0-nbor #188 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 0000000000000000 ffff88006cd97c58 ffffffff8146bd4c ffff880000097840 ffff88006a829420 ffff88006cd97c88 ffffffff81198d96 ffff880000097840 ffffea0001aa0a00 ffff88006a829420 0000000000000000 ffff88006cd97cb0 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0x85/0xc9 lib/dump_stack.c:51 [] print_trailer+0x116/0x190 mm/slub.c:667 [] object_err+0x41/0x50 mm/slub.c:674 [< inline >] print_address_description mm/kasan/report.c:180 [< inline >] kasan_report_error mm/kasan/report.c:276 [] kasan_report+0x282/0x530 mm/kasan/report.c:298 [< inline >] check_memory_region_inline mm/kasan/kasan.c:292 [] check_memory_region+0x137/0x160 mm/kasan/kasan.c:299 [] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:304 [< inline >] copy_to_user ./arch/x86/include/asm/uaccess.h:760 [] filldir+0xc8/0x170 fs/readdir.c:195 [< inline >] dir_emit include/linux/fs.h:3134 [] call_filldir+0x88/0x140 fs/ext4/dir.c:510 [< inline >] ext4_dx_readdir fs/ext4/dir.c:586 [] ext4_readdir+0x714/0x950 fs/ext4/dir.c:121 [] iterate_dir+0x7d/0x190 fs/readdir.c:50 [< inline >] SYSC_getdents fs/readdir.c:230 [] SyS_getdents+0x91/0x120 fs/readdir.c:212 [] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 Memory state around the buggy address: ffff88006a829300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88006a829380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff88006a829400: fc fc fc fc 00 00 00 00 00 00 00 05 fc fc fc fc ^ ffff88006a829480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88006a829500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== ================================================================== BUG: KASAN: slab-out-of-bounds in filldir+0xc8/0x170 at addr ffff88006a82847e Read of size 12 by task systemd/1 ============================================================================= BUG kmalloc-64 (Tainted: G B ): kasan: bad access detected ----------------------------------------------------------------------------- INFO: Allocated in ext4_htree_store_dirent+0x3e/0x120 age=3 cpu=1 pid=1 [< none >] ___slab_alloc+0x636/0x6a0 mm/slub.c:2446 [< none >] __slab_alloc+0x4f/0x86 mm/slub.c:2475 [< inline >] slab_alloc_node mm/slub.c:2538 [< inline >] slab_alloc mm/slub.c:2580 [< none >] __kmalloc+0x27a/0x340 mm/slub.c:3561 [< inline >] kmalloc include/linux/slab.h:483 [< inline >] kzalloc include/linux/slab.h:622 [< none >] ext4_htree_store_dirent+0x3e/0x120 fs/ext4/dir.c:447 [< none >] htree_dirblock_to_tree+0x16a/0x190 fs/ext4/namei.c:1001 [< none >] ext4_htree_fill_tree+0xaa/0x310 fs/ext4/namei.c:1075 [< inline >] ext4_dx_readdir fs/ext4/dir.c:571 [< none >] ext4_readdir+0x698/0x950 fs/ext4/dir.c:121 [< none >] iterate_dir+0x7d/0x190 fs/readdir.c:50 [< inline >] SYSC_getdents fs/readdir.c:230 [< none >] SyS_getdents+0x91/0x120 fs/readdir.c:212 [< none >] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 INFO: Freed in detach_buf+0x95/0xb0 age=188 cpu=0 pid=0 [< none >] __slab_free+0x31b/0x440 mm/slub.c:2657 [< inline >] slab_free mm/slub.c:2810 [< none >] kfree+0x27f/0x2d0 mm/slub.c:3662 [< none >] detach_buf+0x95/0xb0 drivers/virtio/virtio_ring.c:623 [< none >] virtqueue_get_buf+0x72/0x100 drivers/virtio/virtio_ring.c:687 [< none >] virtblk_done+0x79/0xe0 drivers/block/virtio_blk.c:146 [< none >] vring_interrupt+0x31/0x50 drivers/virtio/virtio_ring.c:892 [< none >] handle_irq_event_percpu+0x77/0x370 kernel/irq/handle.c:145 [< none >] handle_irq_event+0x44/0x70 kernel/irq/handle.c:192 [< none >] handle_edge_irq+0xa7/0x130 kernel/irq/chip.c:623 [< inline >] generic_handle_irq_desc include/linux/irqdesc.h:147 [< none >] handle_irq+0x1d/0x30 arch/x86/kernel/irq_64.c:78 do_IRQ+0x72/0x140 [< none >] ret_from_intr+0x0/0x20 arch/x86/entry/entry_64.S:482 [< inline >] arch_safe_halt ./arch/x86/include/asm/paravirt.h:107 [< none >] default_idle+0x23/0x180 arch/x86/kernel/process.c:306 [< none >] arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:297 [< none >] default_idle_call+0x2f/0x50 kernel/sched/idle.c:93 [< inline >] cpuidle_idle_call kernel/sched/idle.c:151 [< inline >] cpu_idle_loop kernel/sched/idle.c:242 [< none >] cpu_startup_entry+0x2d6/0x410 kernel/sched/idle.c:291 INFO: Slab 0xffffea0001aa0a00 objects=22 used=14 fp=0xffff88006a829420 flags=0x4080 INFO: Object 0xffff88006a828450 @offset=1104 fp=0xe6c5cd51031211fc Bytes b4 ffff88006a828440: 02 00 00 00 2b 00 00 00 ae ad fb ff 00 00 00 00 ....+........... Object ffff88006a828450: fc 11 12 03 51 cd c5 e6 88 8b 82 6a 00 88 ff ff ....Q......j.... Object ffff88006a828460: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a828470: 00 00 00 00 00 00 00 00 84 03 08 00 0c 01 61 6c ..............al Object ffff88006a828480: 69 61 73 65 73 2e 63 6f 6e 66 00 00 00 00 00 00 iases.conf...... CPU: 1 PID: 1 Comm: systemd Tainted: G B 4.7.0-nbor #188 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 0000000000000000 ffff88006cd97c58 ffffffff8146bd4c ffff880000097840 ffff88006a828450 ffff88006cd97c88 ffffffff81198d96 ffff880000097840 ffffea0001aa0a00 ffff88006a828450 0000000000000000 ffff88006cd97cb0 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0x85/0xc9 lib/dump_stack.c:51 [] print_trailer+0x116/0x190 mm/slub.c:667 [] object_err+0x41/0x50 mm/slub.c:674 [< inline >] print_address_description mm/kasan/report.c:180 [< inline >] kasan_report_error mm/kasan/report.c:276 [] kasan_report+0x282/0x530 mm/kasan/report.c:298 [< inline >] check_memory_region_inline mm/kasan/kasan.c:292 [] check_memory_region+0x137/0x160 mm/kasan/kasan.c:299 [] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:304 [< inline >] copy_to_user ./arch/x86/include/asm/uaccess.h:760 [] filldir+0xc8/0x170 fs/readdir.c:195 [< inline >] dir_emit include/linux/fs.h:3134 [] call_filldir+0x88/0x140 fs/ext4/dir.c:510 [< inline >] ext4_dx_readdir fs/ext4/dir.c:586 [] ext4_readdir+0x714/0x950 fs/ext4/dir.c:121 [] iterate_dir+0x7d/0x190 fs/readdir.c:50 [< inline >] SYSC_getdents fs/readdir.c:230 [] SyS_getdents+0x91/0x120 fs/readdir.c:212 [] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 Memory state around the buggy address: ffff88006a828380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88006a828400: fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00 >ffff88006a828480: 00 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff88006a828500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88006a828580: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb ================================================================== random: systemd urandom read with 60 bits of entropy available ================================================================== BUG: KASAN: slab-out-of-bounds in copy_from_iter+0x1ee/0x330 at addr ffff88006a246e00 Write of size 178 by task systemd/1 ============================================================================= BUG kmalloc-256 (Tainted: G B ): kasan: bad access detected ----------------------------------------------------------------------------- INFO: Allocated in devkmsg_write+0x42/0x110 age=2 cpu=1 pid=1 [< none >] ___slab_alloc+0x636/0x6a0 mm/slub.c:2446 [< none >] __slab_alloc+0x4f/0x86 mm/slub.c:2475 [< inline >] slab_alloc_node mm/slub.c:2538 [< inline >] slab_alloc mm/slub.c:2580 [< none >] __kmalloc+0x27a/0x340 mm/slub.c:3561 [< inline >] kmalloc include/linux/slab.h:483 [< none >] devkmsg_write+0x42/0x110 kernel/printk/printk.c:631 [< none >] do_iter_readv_writev+0x9b/0x110 fs/read_write.c:695 [< none >] do_readv_writev+0x13a/0x250 fs/read_write.c:843 [< none >] vfs_writev+0x3c/0x50 fs/read_write.c:882 [< none >] do_writev+0x5c/0xc0 fs/read_write.c:915 [< inline >] SYSC_writev fs/read_write.c:988 [< none >] SyS_writev+0x10/0x20 fs/read_write.c:986 [< none >] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 INFO: Slab 0xffffea0001a89100 objects=29 used=16 fp=0xffff88006a245180 flags=0x4080 INFO: Object 0xffff88006a246df0 @offset=11760 fp=0x747379733e30333c Bytes b4 ffff88006a246de0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a246df0: 3c 33 30 3e 73 79 73 74 65 6d 64 5b 31 5d 3a 20 <30>systemd[1]: Object ffff88006a246e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a246e10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a246e20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a246e30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a246e40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a246e50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a246e60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a246e70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a246e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a246e90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a246ea0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a246eb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a246ec0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a246ed0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006a246ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ CPU: 1 PID: 1 Comm: systemd Tainted: G B 4.7.0-nbor #188 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 0000000000000000 ffff88006cd97c18 ffffffff8146bd4c ffff8800000973c0 ffff88006a246df0 ffff88006cd97c48 ffffffff81198d96 ffff8800000973c0 ffffea0001a89100 ffff88006a246df0 0000000000000001 ffff88006cd97c70 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0x85/0xc9 lib/dump_stack.c:51 [] print_trailer+0x116/0x190 mm/slub.c:667 [] object_err+0x41/0x50 mm/slub.c:674 [< inline >] print_address_description mm/kasan/report.c:180 [< inline >] kasan_report_error mm/kasan/report.c:276 [] kasan_report+0x282/0x530 mm/kasan/report.c:298 [< inline >] check_memory_region_inline mm/kasan/kasan.c:292 [] check_memory_region+0x137/0x160 mm/kasan/kasan.c:299 [] kasan_check_write+0x14/0x20 mm/kasan/kasan.c:310 [< inline >] __copy_from_user ./arch/x86/include/asm/uaccess_64.h:113 [] copy_from_iter+0x1ee/0x330 lib/iov_iter.c:408 [] devkmsg_write+0x5c/0x110 kernel/printk/printk.c:636 [] do_iter_readv_writev+0x9b/0x110 fs/read_write.c:695 [] do_readv_writev+0x13a/0x250 fs/read_write.c:843 [] vfs_writev+0x3c/0x50 fs/read_write.c:882 [] do_writev+0x5c/0xc0 fs/read_write.c:915 [< inline >] SYSC_writev fs/read_write.c:988 [] SyS_writev+0x10/0x20 fs/read_write.c:986 [] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 Memory state around the buggy address: ffff88006a246d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc 00 00 ffff88006a246e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff88006a246e80: 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc ^ ffff88006a246f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88006a246f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================