[ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.35' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.586090] audit: type=1400 audit(1600749551.596:8): avc: denied { execmem } for pid=6476 comm="syz-executor088" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 40.601218] ================================================================================ [ 40.614669] UBSAN: Undefined behaviour in fs/jfs/jfs_mount.c:385:25 [ 40.621267] shift exponent 6156 is too large for 32-bit type 'int' [ 40.627584] CPU: 1 PID: 6476 Comm: syz-executor088 Not tainted 4.19.146-syzkaller #0 [ 40.635441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.644776] Call Trace: [ 40.647356] dump_stack+0x22c/0x33e [ 40.651007] ubsan_epilogue+0xe/0x3a [ 40.654702] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 40.660829] ? __bread_gfp+0x81/0x300 [ 40.664612] ? readSuper+0xf2/0x290 [ 40.668222] chkSuper.cold+0x1e/0x98 [ 40.671922] ? readSuper+0x290/0x290 [ 40.675616] ? do_raw_spin_lock+0xcb/0x220 [ 40.679831] jfs_mount+0x47/0x3d0 [ 40.683274] jfs_fill_super+0x55c/0xb50 [ 40.687239] ? parse_options+0xf50/0xf50 [ 40.691288] ? set_blocksize+0x163/0x3f0 [ 40.695369] mount_bdev+0x2fc/0x3b0 [ 40.699011] ? parse_options+0xf50/0xf50 [ 40.703056] mount_fs+0xa3/0x318 [ 40.706405] vfs_kern_mount.part.0+0x68/0x470 [ 40.710884] do_mount+0x51c/0x2f10 [ 40.714407] ? check_preemption_disabled+0x41/0x2b0 [ 40.719405] ? copy_mount_string+0x40/0x40 [ 40.723635] ? kmem_cache_alloc_trace+0x379/0x4b0 [ 40.728466] ? _copy_from_user+0xd2/0x130 [ 40.732605] ? copy_mount_options+0x261/0x370 [ 40.737079] ksys_mount+0xcf/0x130 [ 40.740599] __x64_sys_mount+0xba/0x150 [ 40.744563] ? lockdep_hardirqs_on+0x3c1/0x5e0 [ 40.749129] do_syscall_64+0xf9/0x670 [ 40.752914] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.758097] RIP: 0033:0x446d4a [ 40.761283] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 40.780171] RSP: 002b:00007ffdd8c8cc18 EFLAGS: 00000283 ORIG_RAX: 00000000000000a5 [ 40.787860] RAX: ffffffffffffffda RBX: 00007ffdd8c8cc70 RCX: 0000000000446d4a [ 40.795108] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffdd8c8cc30 [ 40.802353] RBP: 00007ffdd8c8cc30 R08: 00007ffdd8c8cc70 R09: 00007ffd00000015 [ 40.809611] R10: 0000000000000000 R11: 0000000000000283 R12: 0000000000000001 [ 40.816866] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 40.824134] ================================================================================ [ 40.834990] ================================================================================ [ 40.843584] UBSAN: Undefined behaviour in fs/jfs/jfs_imap.c:458:7 [ 40.849813] shift exponent -6144 is negative [ 40.854224] CPU: 1 PID: 6476 Comm: syz-executor088 Not tainted 4.19.146-syzkaller #0 [ 40.862100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.871447] Call Trace: [ 40.874022] dump_stack+0x22c/0x33e [ 40.877633] ubsan_epilogue+0xe/0x3a [ 40.881333] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 40.887460] ? do_raw_spin_unlock+0x171/0x240 [ 40.891951] diReadSpecial.cold+0x1b/0x3e [ 40.896515] jfs_mount+0x83/0x3d0 [ 40.899954] jfs_fill_super+0x55c/0xb50 [ 40.903921] ? parse_options+0xf50/0xf50 [ 40.907966] ? set_blocksize+0x163/0x3f0 [ 40.912011] mount_bdev+0x2fc/0x3b0 [ 40.915626] ? parse_options+0xf50/0xf50 [ 40.919670] mount_fs+0xa3/0x318 [ 40.923020] vfs_kern_mount.part.0+0x68/0x470 [ 40.927504] do_mount+0x51c/0x2f10 [ 40.931028] ? check_preemption_disabled+0x41/0x2b0 [ 40.936021] ? copy_mount_string+0x40/0x40 [ 40.940239] ? kmem_cache_alloc_trace+0x379/0x4b0 [ 40.945063] ? _copy_from_user+0xd2/0x130 [ 40.949194] ? copy_mount_options+0x261/0x370 [ 40.953709] ksys_mount+0xcf/0x130 [ 40.957244] __x64_sys_mount+0xba/0x150 [ 40.961204] ? lockdep_hardirqs_on+0x3c1/0x5e0 [ 40.965766] do_syscall_64+0xf9/0x670 [ 40.969551] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.974751] RIP: 0033:0x446d4a [ 40.977943] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 40.996829] RSP: 002b:00007ffdd8c8cc18 EFLAGS: 00000283 ORIG_RAX: 00000000000000a5 [ 41.004612] RAX: ffffffffffffffda RBX: 00007ffdd8c8cc70 RCX: 0000000000446d4a [ 41.011865] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffdd8c8cc30 [ 41.019118] RBP: 00007ffdd8c8cc30 R08: 00007ffdd8c8cc70 R09: 00007ffd00000015 [ 41.026368] R10: 0000000000000000 R11: 0000000000000283 R12: 0000000000000001 [ 41.033632] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 41.040896] ================================================================================ [ 41.051474] ================================================================================ [ 41.060069] UBSAN: Undefined behaviour in fs/jfs/jfs_imap.c:126:7 [ 41.066297] shift exponent -6144 is negative [ 41.070714] CPU: 1 PID: 6476 Comm: syz-executor088 Not tainted 4.19.146-syzkaller #0 [ 41.078591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.087922] Call Trace: [ 41.090523] dump_stack+0x22c/0x33e [ 41.094153] ubsan_epilogue+0xe/0x3a [ 41.097859] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 41.103985] ? diMount+0x4b/0x860 [ 41.107419] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 41.112417] ? kmem_cache_alloc_trace+0x379/0x4b0 [ 41.117240] ? release_metapage+0x24b/0x9e0 [ 41.121555] diMount.cold+0x17/0x1c [ 41.125164] ? diReadSpecial+0x2ed/0x670 [ 41.129209] jfs_mount+0xbf/0x3d0 [ 41.132670] jfs_fill_super+0x55c/0xb50 [ 41.136638] ? parse_options+0xf50/0xf50 [ 41.140695] ? set_blocksize+0x163/0x3f0 [ 41.144749] mount_bdev+0x2fc/0x3b0 [ 41.148359] ? parse_options+0xf50/0xf50 [ 41.152419] mount_fs+0xa3/0x318 [ 41.155769] vfs_kern_mount.part.0+0x68/0x470 [ 41.160259] do_mount+0x51c/0x2f10 [ 41.163782] ? check_preemption_disabled+0x41/0x2b0 [ 41.168803] ? copy_mount_string+0x40/0x40 [ 41.173023] ? kmem_cache_alloc_trace+0x379/0x4b0 [ 41.177845] ? _copy_from_user+0xd2/0x130 [ 41.182002] ? copy_mount_options+0x261/0x370 [ 41.186476] ksys_mount+0xcf/0x130 [ 41.189997] __x64_sys_mount+0xba/0x150 [ 41.193966] ? lockdep_hardirqs_on+0x3c1/0x5e0 [ 41.198544] do_syscall_64+0xf9/0x670 [ 41.202328] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.207503] RIP: 0033:0x446d4a [ 41.210688] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 41.229569] RSP: 002b:00007ffdd8c8cc18 EFLAGS: 00000283 ORIG_RAX: 00000000000000a5 [ 41.237255] RAX: ff