OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.50' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 32.064914] ================================================================== [ 32.072364] BUG: KASAN: slab-out-of-bounds in find_first_zero_bit+0xa8/0xb0 [ 32.079457] Read of size 8 at addr ffff8880affdde80 by task syz-executor561/8111 [ 32.086982] [ 32.088618] CPU: 1 PID: 8111 Comm: syz-executor561 Not tainted 4.19.211-syzkaller #0 [ 32.096499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.105844] Call Trace: [ 32.108420] dump_stack+0x1fc/0x2ef [ 32.112040] print_address_description.cold+0x54/0x219 [ 32.117297] kasan_report_error.cold+0x8a/0x1b9 [ 32.121947] ? find_first_zero_bit+0xa8/0xb0 [ 32.126338] __asan_report_load8_noabort+0x88/0x90 [ 32.131247] ? find_first_zero_bit+0xa8/0xb0 [ 32.135633] find_first_zero_bit+0xa8/0xb0 [ 32.139850] bfs_create+0xfb/0x610 [ 32.143372] ? bfs_add_entry.isra.0+0x520/0x520 [ 32.148023] lookup_open+0x893/0x1a20 [ 32.151812] ? vfs_mkdir+0x7a0/0x7a0 [ 32.155503] ? unlazy_walk+0x1a4/0x540 [ 32.159377] ? check_preemption_disabled+0x41/0x280 [ 32.164382] path_openat+0x1094/0x2df0 [ 32.168254] ? path_lookupat+0x8d0/0x8d0 [ 32.172297] ? mark_held_locks+0xf0/0xf0 [ 32.176338] ? mark_held_locks+0xf0/0xf0 [ 32.180376] ? __lock_acquire+0x6de/0x3ff0 [ 32.184681] do_filp_open+0x18c/0x3f0 [ 32.188462] ? may_open_dev+0xf0/0xf0 [ 32.192249] ? lock_downgrade+0x720/0x720 [ 32.196374] ? lock_acquire+0x170/0x3c0 [ 32.200328] ? __alloc_fd+0x34/0x570 [ 32.204025] ? do_raw_spin_unlock+0x171/0x230 [ 32.208500] ? _raw_spin_unlock+0x29/0x40 [ 32.212627] ? __alloc_fd+0x28d/0x570 [ 32.216412] do_sys_open+0x3b3/0x520 [ 32.220106] ? filp_open+0x70/0x70 [ 32.223628] ? fput+0x2b/0x190 [ 32.226807] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.232153] ? trace_hardirqs_off_caller+0x6e/0x210 [ 32.237150] ? do_syscall_64+0x21/0x620 [ 32.241106] do_syscall_64+0xf9/0x620 [ 32.244950] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.250119] RIP: 0033:0x7fe73b588e29 [ 32.253814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 32.272693] RSP: 002b:00007fff751b6638 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 32.280399] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe73b588e29 [ 32.287648] RDX: 00007fe73b5473f3 RSI: 0000000000000068 RDI: 0000000020000f40 [ 32.294923] RBP: 00007fe73b5486c0 R08: 0000000000000000 R09: 0000000000000000 [ 32.302169] R10: 00007fff751b6500 R11: 0000000000000246 R12: 00007fe73b548750 [ 32.309540] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 32.316798] [ 32.318407] Allocated by task 8111: [ 32.322018] __kmalloc+0x15a/0x3c0 [ 32.325542] bfs_fill_super+0x447/0xec0 [ 32.329498] mount_bdev+0x2fc/0x3b0 [ 32.333115] mount_fs+0xa3/0x310 [ 32.336463] vfs_kern_mount.part.0+0x68/0x470 [ 32.340942] do_mount+0x115c/0x2f50 [ 32.344553] ksys_mount+0xcf/0x130 [ 32.348071] __x64_sys_mount+0xba/0x150 [ 32.352024] do_syscall_64+0xf9/0x620 [ 32.355805] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.360967] [ 32.362574] Freed by task 9: [ 32.365573] kfree+0xcc/0x210 [ 32.368659] apparmor_task_free+0x143/0x1e0 [ 32.372960] security_task_free+0x3e/0x70 [ 32.377087] __put_task_struct+0xea/0x340 [ 32.381213] delayed_put_task_struct+0x1dc/0x320 [ 32.385946] rcu_process_callbacks+0x8ff/0x18b0 [ 32.390616] __do_softirq+0x265/0x980 [ 32.394393] [ 32.396000] The buggy address belongs to the object at ffff8880affdde80 [ 32.396000] which belongs to the cache kmalloc-32 of size 32 [ 32.408460] The buggy address is located 0 bytes inside of [ 32.408460] 32-byte region [ffff8880affdde80, ffff8880affddea0) [ 32.420050] The buggy address belongs to the page: [ 32.424958] page:ffffea0002bff740 count:1 mapcount:0 mapping:ffff88813bff01c0 index:0xffff8880affddfc1 [ 32.434376] flags: 0xfff00000000100(slab) [ 32.438513] raw: 00fff00000000100 ffffea0002bc0688 ffffea000263cec8 ffff88813bff01c0 [ 32.446460] raw: ffff8880affddfc1 ffff8880affdd000 0000000100000027 0000000000000000 [ 32.454315] page dumped because: kasan: bad access detected [ 32.460014] [ 32.461618] Memory state around the buggy address: [ 32.466523] ffff8880affddd80: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 32.473879] ffff8880affdde00: 00 03 fc fc fc fc fc fc 00 03 fc fc fc fc fc fc [ 32.481214] >ffff8880affdde80: 07 fc fc fc fc fc fc fc 00 00 00 00 fc fc fc fc [ 32.488546] ^ [ 32.491976] ffff8880affddf00: 06 fc fc fc fc fc fc fc 06 fc fc fc fc fc fc fc [ 32.499310] ffff8880affddf80: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 32.506643] ================================================================== [ 32.513975] Disabling lock debugging due to kernel taint [ 32.520159] Kernel panic - not syncing: panic_on_warn set ... [ 32.520159] [ 32.527532] CPU: 0 PID: 8111 Comm: syz-executor561 Tainted: G B 4.19.211-syzkaller #0 [ 32.536792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 32.546140] Call Trace: [ 32.548725] dump_stack+0x1fc/0x2ef [ 32.552333] panic+0x26a/0x50e [ 32.555504] ? __warn_printk+0xf3/0xf3 [ 32.559378] ? preempt_schedule_common+0x45/0xc0 [ 32.564113] ? ___preempt_schedule+0x16/0x18 [ 32.568502] ? trace_hardirqs_on+0x55/0x210 [ 32.572802] kasan_end_report+0x43/0x49 [ 32.576755] kasan_report_error.cold+0xa7/0x1b9 [ 32.581402] ? find_first_zero_bit+0xa8/0xb0 [ 32.585787] __asan_report_load8_noabort+0x88/0x90 [ 32.590696] ? find_first_zero_bit+0xa8/0xb0 [ 32.595080] find_first_zero_bit+0xa8/0xb0 [ 32.599297] bfs_create+0xfb/0x610 [ 32.602814] ? bfs_add_entry.isra.0+0x520/0x520 [ 32.607463] lookup_open+0x893/0x1a20 [ 32.611247] ? vfs_mkdir+0x7a0/0x7a0 [ 32.614940] ? unlazy_walk+0x1a4/0x540 [ 32.618811] ? check_preemption_disabled+0x41/0x280 [ 32.623810] path_openat+0x1094/0x2df0 [ 32.627678] ? path_lookupat+0x8d0/0x8d0 [ 32.631716] ? mark_held_locks+0xf0/0xf0 [ 32.635754] ? mark_held_locks+0xf0/0xf0 [ 32.639794] ? __lock_acquire+0x6de/0x3ff0 [ 32.644009] do_filp_open+0x18c/0x3f0 [ 32.647787] ? may_open_dev+0xf0/0xf0 [ 32.651569] ? lock_downgrade+0x720/0x720 [ 32.655694] ? lock_acquire+0x170/0x3c0 [ 32.659646] ? __alloc_fd+0x34/0x570 [ 32.663434] ? do_raw_spin_unlock+0x171/0x230 [ 32.667909] ? _raw_spin_unlock+0x29/0x40 [ 32.672033] ? __alloc_fd+0x28d/0x570 [ 32.675821] do_sys_open+0x3b3/0x520 [ 32.679512] ? filp_open+0x70/0x70 [ 32.683028] ? fput+0x2b/0x190 [ 32.686201] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 32.691547] ? trace_hardirqs_off_caller+0x6e/0x210 [ 32.696540] ? do_syscall_64+0x21/0x620 [ 32.700490] do_syscall_64+0xf9/0x620 [ 32.704270] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 32.709437] RIP: 0033:0x7fe73b588e29 [ 32.713151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 32.732035] RSP: 002b:00007fff751b6638 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 32.739723] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe73b588e29 [ 32.746973] RDX: 00007fe73b5473f3 RSI: 0000000000000068 RDI: 0000000020000f40 [ 32.754352] RBP: 00007fe73b5486c0 R08: 0000000000000000 R09: 0000000000000000 [ 32.761610] R10: 00007fff751b6500 R11: 0000000000000246 R12: 00007fe73b548750 [ 32.768879] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 32.776212] Kernel Offset: disabled [ 32.779829] Rebooting in 86400 seconds..