[ 16.697365] ext4_ext_map_blocks:freeing ffff88006a978e10 [ 16.762156] ext4_ext_map_blocks:freeing ffff88006a978fa0 [ 16.780245] ext4_ext_map_blocks:freeing ffff88006ae8fdb0 ================================================================== BUG: KASAN: slab-out-of-bounds in filldir+0xc8/0x170 at addr ffff88006ae8fdde Read of size 20 by task systemd/1 ============================================================================= BUG kmalloc-96 (Not tainted): kasan: bad access detected ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: Allocated in ext4_htree_store_dirent+0x3e/0x120 age=3 cpu=0 pid=1 [< none >] ___slab_alloc+0x636/0x6a0 mm/slub.c:2446 [< none >] __slab_alloc+0x4f/0x86 mm/slub.c:2475 [< inline >] slab_alloc_node mm/slub.c:2538 [< inline >] slab_alloc mm/slub.c:2580 [< none >] __kmalloc+0x27a/0x340 mm/slub.c:3561 [< inline >] kmalloc include/linux/slab.h:483 [< inline >] kzalloc include/linux/slab.h:622 [< none >] ext4_htree_store_dirent+0x3e/0x120 fs/ext4/dir.c:447 [< none >] htree_dirblock_to_tree+0x16a/0x190 fs/ext4/namei.c:1001 [< none >] ext4_htree_fill_tree+0xaa/0x310 fs/ext4/namei.c:1075 [< inline >] ext4_dx_readdir fs/ext4/dir.c:571 [< none >] ext4_readdir+0x698/0x950 fs/ext4/dir.c:121 [< none >] iterate_dir+0x7d/0x190 fs/readdir.c:50 [< inline >] SYSC_getdents fs/readdir.c:230 [< none >] SyS_getdents+0x91/0x120 fs/readdir.c:212 [< none >] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 INFO: Freed in ext4_ext_map_blocks+0x434/0x2020 age=6 cpu=0 pid=1 [< none >] __slab_free+0x31b/0x480 mm/slub.c:2657 [< inline >] slab_free mm/slub.c:2810 [< none >] kfree+0x27f/0x2d0 mm/slub.c:3662 [< none >] ext4_ext_map_blocks+0x434/0x2020 fs/ext4/extents.c:4620 [< none >] ext4_map_blocks+0x3b4/0x5b0 fs/ext4/inode.c:529 [< none >] ext4_getblk+0x54/0x1a0 fs/ext4/inode.c:929 [< none >] ext4_bread+0x13/0x90 fs/ext4/inode.c:979 [< none >] __ext4_read_dirblock+0x3f/0x380 fs/ext4/namei.c:99 [< none >] htree_dirblock_to_tree+0x48/0x190 fs/ext4/namei.c:959 [< none >] ext4_htree_fill_tree+0xaa/0x310 fs/ext4/namei.c:1075 [< inline >] ext4_dx_readdir fs/ext4/dir.c:571 [< none >] ext4_readdir+0x698/0x950 fs/ext4/dir.c:121 [< none >] iterate_dir+0x7d/0x190 fs/readdir.c:50 [< inline >] SYSC_getdents fs/readdir.c:230 [< none >] SyS_getdents+0x91/0x120 fs/readdir.c:212 [< none >] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 INFO: Slab 0xffffea0001aba380 objects=20 used=20 fp=0x (null) flags=0x4080 INFO: Object 0xffff88006ae8fdb0 @offset=7600 fp=0x45b282a2484c60d4 Bytes b4 ffff88006ae8fda0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006ae8fdb0: d4 60 4c 48 a2 82 b2 45 38 be 84 6a 00 88 ff ff .`LH...E8..j.... Object ffff88006ae8fdc0: 08 f9 e8 6a 00 88 ff ff c8 bc 84 6a 00 88 ff ff ...j.......j.... Object ffff88006ae8fdd0: 00 00 00 00 00 00 00 00 28 03 08 00 14 01 66 62 ........(.....fb Object ffff88006ae8fde0: 64 65 76 2d 62 6c 61 63 6b 6c 69 73 74 2e 63 6f dev-blacklist.co Object ffff88006ae8fdf0: 6e 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 nf.............. Object ffff88006ae8fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ CPU: 0 PID: 1 Comm: systemd Tainted: G B 4.7.0-nbor #189 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 0000000000000000 ffff88006cd97c58 ffffffff81477dfc ffff8800000946c0 ffff88006ae8fdb0 ffff88006cd97c88 ffffffff8119f0e6 ffff8800000946c0 ffffea0001aba380 ffff88006ae8fdb0 0000000000000000 ffff88006cd97cb0 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0x85/0xc9 lib/dump_stack.c:51 [] print_trailer+0x116/0x190 mm/slub.c:667 [] object_err+0x41/0x50 mm/slub.c:674 [< inline >] print_address_description mm/kasan/report.c:180 [< inline >] kasan_report_error mm/kasan/report.c:276 [] kasan_report+0x282/0x530 mm/kasan/report.c:298 [< inline >] check_memory_region_inline mm/kasan/kasan.c:292 [] check_memory_region+0x137/0x160 mm/kasan/kasan.c:299 [] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:304 [< inline >] copy_to_user ./arch/x86/include/asm/uaccess.h:760 [] filldir+0xc8/0x170 fs/readdir.c:195 [< inline >] dir_emit include/linux/fs.h:3134 [] call_filldir+0x88/0x140 fs/ext4/dir.c:510 [< inline >] ext4_dx_readdir fs/ext4/dir.c:586 [] ext4_readdir+0x714/0x950 fs/ext4/dir.c:121 [] iterate_dir+0x7d/0x190 fs/readdir.c:50 [< inline >] SYSC_getdents fs/readdir.c:230 [] SyS_getdents+0x91/0x120 fs/readdir.c:212 [] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 Memory state around the buggy address: ffff88006ae8fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88006ae8fd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff88006ae8fd80: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 05 fc ^ ffff88006ae8fe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88006ae8fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ================================================================== ================================================================== BUG: KASAN: slab-out-of-bounds in filldir+0xc8/0x170 at addr ffff88006ac29dde Read of size 27 by task systemd/1 ============================================================================= BUG kmalloc-96 (Tainted: G B ): kasan: bad access detected ----------------------------------------------------------------------------- INFO: Allocated in ext4_htree_store_dirent+0x3e/0x120 age=36 cpu=0 pid=1 [< none >] ___slab_alloc+0x636/0x6a0 mm/slub.c:2446 [< none >] __slab_alloc+0x4f/0x86 mm/slub.c:2475 [< inline >] slab_alloc_node mm/slub.c:2538 [< inline >] slab_alloc mm/slub.c:2580 [< none >] __kmalloc+0x27a/0x340 mm/slub.c:3561 [< inline >] kmalloc include/linux/slab.h:483 [< inline >] kzalloc include/linux/slab.h:622 [< none >] ext4_htree_store_dirent+0x3e/0x120 fs/ext4/dir.c:447 [< none >] htree_dirblock_to_tree+0x16a/0x190 fs/ext4/namei.c:1001 [< none >] ext4_htree_fill_tree+0xaa/0x310 fs/ext4/namei.c:1075 [< inline >] ext4_dx_readdir fs/ext4/dir.c:571 [< none >] ext4_readdir+0x698/0x950 fs/ext4/dir.c:121 [< none >] iterate_dir+0x7d/0x190 fs/readdir.c:50 [< inline >] SYSC_getdents fs/readdir.c:230 [< none >] SyS_getdents+0x91/0x120 fs/readdir.c:212 [< none >] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 INFO: Freed in rcu_process_callbacks+0x271/0x880 age=119 cpu=0 pid=1 [< none >] __slab_free+0x31b/0x480 mm/slub.c:2657 [< inline >] slab_free mm/slub.c:2810 [< none >] kfree+0x27f/0x2d0 mm/slub.c:3662 [< inline >] __rcu_reclaim kernel/rcu/rcu.h:113 [< inline >] rcu_do_batch kernel/rcu/tree.c:2765 [< inline >] invoke_rcu_callbacks kernel/rcu/tree.c:3031 [< inline >] __rcu_process_callbacks kernel/rcu/tree.c:2998 [< none >] rcu_process_callbacks+0x271/0x880 kernel/rcu/tree.c:3015 [< none >] __do_softirq+0xc7/0x4bd kernel/softirq.c:273 [< inline >] invoke_softirq kernel/softirq.c:350 [< none >] irq_exit+0x90/0xb0 kernel/softirq.c:391 [< inline >] exiting_irq ./arch/x86/include/asm/apic.h:658 [< none >] smp_apic_timer_interrupt+0x42/0x50 arch/x86/kernel/apic/apic.c:932 [< none >] apic_timer_interrupt+0x8c/0xa0 arch/x86/entry/entry_64.S:618 [< inline >] slab_alloc_node mm/slub.c:2538 [< inline >] slab_alloc mm/slub.c:2580 [< none >] kmem_cache_alloc+0x229/0x2d0 mm/slub.c:2585 [< none >] mempool_alloc_slab+0x15/0x20 mm/mempool.c:461 [< none >] mempool_alloc+0x7a/0x190 mm/mempool.c:340 [< none >] bio_alloc_bioset+0x107/0x1e0 block/bio.c:469 [< inline >] bio_alloc include/linux/bio.h:446 [< none >] submit_bh_wbc.isra.32+0x73/0x130 fs/buffer.c:3009 [< none >] submit_bh+0x10/0x20 fs/buffer.c:3046 [< none >] ll_rw_block+0x62/0xa0 fs/buffer.c:3095 [< none >] __breadahead+0x33/0x50 fs/buffer.c:1398 [< inline >] sb_breadahead include/linux/buffer_head.h:309 [< none >] __ext4_get_inode_loc+0x41b/0x4f0 fs/ext4/inode.c:4273 INFO: Slab 0xffffea0001ab0a00 objects=20 used=18 fp=0xffff88006ac29900 flags=0x4080 INFO: Object 0xffff88006ac29db0 @offset=7600 fp=0x3a131cf85779a612 Bytes b4 ffff88006ac29da0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006ac29db0: 12 a6 79 57 f8 1c 13 3a 08 f9 e8 6a 00 88 ff ff ..yW...:...j.... Object ffff88006ac29dc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff88006ac29dd0: 00 00 00 00 00 00 00 00 8e 02 08 00 1b 01 62 6c ..............bl Object ffff88006ac29de0: 61 63 6b 6c 69 73 74 2d 72 61 72 65 2d 6e 65 74 acklist-rare-net Object ffff88006ac29df0: 77 6f 72 6b 2e 63 6f 6e 66 00 00 00 00 00 00 00 work.conf....... Object ffff88006ac29e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ CPU: 0 PID: 1 Comm: systemd Tainted: G B 4.7.0-nbor #189 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 0000000000000000 ffff88006cd97c58 ffffffff81477dfc ffff8800000946c0 ffff88006ac29db0 ffff88006cd97c88 ffffffff8119f0e6 ffff8800000946c0 ffffea0001ab0a00 ffff88006ac29db0 0000000000000000 ffff88006cd97cb0 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0x85/0xc9 lib/dump_stack.c:51 [] print_trailer+0x116/0x190 mm/slub.c:667 [] object_err+0x41/0x50 mm/slub.c:674 [< inline >] print_address_description mm/kasan/report.c:180 [< inline >] kasan_report_error mm/kasan/report.c:276 [] kasan_report+0x282/0x530 mm/kasan/report.c:298 [< inline >] check_memory_region_inline mm/kasan/kasan.c:292 [] check_memory_region+0x137/0x160 mm/kasan/kasan.c:299 [] kasan_check_read+0x11/0x20 mm/kasan/kasan.c:304 [< inline >] copy_to_user ./arch/x86/include/asm/uaccess.h:760 [] filldir+0xc8/0x170 fs/readdir.c:195 [< inline >] dir_emit include/linux/fs.h:3134 [] call_filldir+0x88/0x140 fs/ext4/dir.c:510 [< inline >] ext4_dx_readdir fs/ext4/dir.c:586 [] ext4_readdir+0x714/0x950 fs/ext4/dir.c:121 [] iterate_dir+0x7d/0x190 fs/readdir.c:50 [< inline >] SYSC_getdents fs/readdir.c:230 [] SyS_getdents+0x91/0x120 fs/readdir.c:212 [] entry_SYSCALL_64_fastpath+0x23/0xc1 arch/x86/entry/entry_64.S:207 Memory state around the buggy address: ffff88006ac29c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88006ac29d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff88006ac29d80: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 04 ^ ffff88006ac29e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88006ac29e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================