[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.186' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 685.181214] ================================================================== [ 685.188687] BUG: KASAN: slab-out-of-bounds in dtSearch+0x192d/0x1ba0 [ 685.195174] Read of size 1 at addr ffff88808e2d310d by task syz-executor194/7989 [ 685.202697] [ 685.204325] CPU: 1 PID: 7989 Comm: syz-executor194 Not tainted 4.14.294-syzkaller #0 [ 685.212205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 685.221829] Call Trace: [ 685.224428] dump_stack+0x1b2/0x281 [ 685.228040] print_address_description.cold+0x54/0x1d3 [ 685.233324] kasan_report_error.cold+0x8a/0x191 [ 685.237978] ? dtSearch+0x192d/0x1ba0 [ 685.241756] __asan_report_load1_noabort+0x68/0x70 [ 685.246670] ? dtSearch+0x192d/0x1ba0 [ 685.250447] dtSearch+0x192d/0x1ba0 [ 685.254060] jfs_lookup+0xf7/0x170 [ 685.257595] ? jfs_link+0x3d0/0x3d0 [ 685.261199] ? d_alloc_parallel+0x82e/0x16b0 [ 685.265594] ? lock_downgrade+0x740/0x740 [ 685.269819] ? __d_lookup_rcu+0x640/0x640 [ 685.273967] ? mark_held_locks+0xa6/0xf0 [ 685.278016] ? d_lookup+0x172/0x220 [ 685.281621] ? d_lookup+0x156/0x220 [ 685.285228] ? jfs_link+0x3d0/0x3d0 [ 685.288831] lookup_open+0x5c4/0x1750 [ 685.292611] ? vfs_mkdir+0x6e0/0x6e0 [ 685.296307] path_openat+0x14bb/0x2970 [ 685.300173] ? path_lookupat+0x780/0x780 [ 685.304212] ? trace_hardirqs_on+0x10/0x10 [ 685.308426] ? __lock_acquire+0x5fc/0x3f20 [ 685.312637] do_filp_open+0x179/0x3c0 [ 685.316416] ? may_open_dev+0xe0/0xe0 [ 685.320197] ? lock_downgrade+0x740/0x740 [ 685.324325] ? do_raw_spin_unlock+0x164/0x220 [ 685.328797] ? _raw_spin_unlock+0x29/0x40 [ 685.332923] ? __alloc_fd+0x1be/0x490 [ 685.336718] do_sys_open+0x296/0x410 [ 685.340494] ? filp_open+0x60/0x60 [ 685.344010] ? __close_fd+0x159/0x230 [ 685.347789] ? do_syscall_64+0x4c/0x640 [ 685.351743] ? do_sys_open+0x410/0x410 [ 685.355605] do_syscall_64+0x1d5/0x640 [ 685.359486] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 685.364651] RIP: 0033:0x7f2dd34c40c9 [ 685.368336] RSP: 002b:00007ffffdafe728 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 685.376019] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2dd34c40c9 [ 685.383265] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0 [ 685.390523] RBP: 00007f2dd3483930 R08: 0000000000000000 R09: 0000000000000000 [ 685.397775] R10: 00007ffffdafe5f0 R11: 0000000000000246 R12: 00000000f8008000 [ 685.405040] R13: 0000000000000000 R14: 00083878000000f4 R15: 0000000000000000 [ 685.412291] [ 685.413894] Allocated by task 7989: [ 685.417507] kasan_kmalloc+0xeb/0x160 [ 685.421287] kmem_cache_alloc+0x124/0x3c0 [ 685.425406] jfs_alloc_inode+0x18/0x50 [ 685.429339] alloc_inode+0x5d/0x170 [ 685.432958] iget_locked+0x151/0x400 [ 685.436654] jfs_iget+0x1e/0x480 [ 685.439999] jfs_lookup+0x156/0x170 [ 685.443609] lookup_slow+0x20a/0x400 [ 685.447342] walk_component+0x6a1/0xbc0 [ 685.451293] link_path_walk+0x823/0x10a0 [ 685.455341] path_openat+0x15e/0x2970 [ 685.459135] do_filp_open+0x179/0x3c0 [ 685.462915] do_sys_open+0x296/0x410 [ 685.466605] do_syscall_64+0x1d5/0x640 [ 685.470468] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 685.475628] [ 685.477231] Freed by task 0: [ 685.480238] (stack is not available) [ 685.483934] [ 685.485540] The buggy address belongs to the object at ffff88808e2d31c0 [ 685.485540] which belongs to the cache jfs_ip of size 1952 [ 685.497827] The buggy address is located 179 bytes to the left of [ 685.497827] 1952-byte region [ffff88808e2d31c0, ffff88808e2d3960) [ 685.510196] The buggy address belongs to the page: [ 685.515103] page:ffffea000238b4c0 count:1 mapcount:0 mapping:ffff88808e2d31c0 index:0xffff88808e2d3fff [ 685.524521] flags: 0xfff00000000100(slab) [ 685.528654] raw: 00fff00000000100 ffff88808e2d31c0 ffff88808e2d3fff 0000000100000001 [ 685.536508] raw: ffffea000238b4a0 ffff8880b0c1f348 ffff8880b0c1d680 0000000000000000 [ 685.544360] page dumped because: kasan: bad access detected [ 685.550042] [ 685.551646] Memory state around the buggy address: [ 685.556549] ffff88808e2d3000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 685.563883] ffff88808e2d3080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 685.571225] >ffff88808e2d3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 685.578557] ^ [ 685.582159] ffff88808e2d3180: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 685.589493] ffff88808e2d3200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 685.596824] ================================================================== [ 685.604166] Disabling lock debugging due to kernel taint [ 685.610095] Kernel panic - not syncing: panic_on_warn set ... [ 685.610095] [ 685.617462] CPU: 1 PID: 7989 Comm: syz-executor194 Tainted: G B 4.14.294-syzkaller #0 [ 685.626548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 685.635891] Call Trace: [ 685.638486] dump_stack+0x1b2/0x281 [ 685.642197] panic+0x1f9/0x42d [ 685.645381] ? add_taint.cold+0x16/0x16 [ 685.649343] ? ___preempt_schedule+0x16/0x18 [ 685.653731] kasan_end_report+0x43/0x49 [ 685.657681] kasan_report_error.cold+0xa7/0x191 [ 685.662323] ? dtSearch+0x192d/0x1ba0 [ 685.666103] __asan_report_load1_noabort+0x68/0x70 [ 685.671006] ? dtSearch+0x192d/0x1ba0 [ 685.674782] dtSearch+0x192d/0x1ba0 [ 685.678398] jfs_lookup+0xf7/0x170 [ 685.681911] ? jfs_link+0x3d0/0x3d0 [ 685.685514] ? d_alloc_parallel+0x82e/0x16b0 [ 685.689900] ? lock_downgrade+0x740/0x740 [ 685.694078] ? __d_lookup_rcu+0x640/0x640 [ 685.698231] ? mark_held_locks+0xa6/0xf0 [ 685.702265] ? d_lookup+0x172/0x220 [ 685.705868] ? d_lookup+0x156/0x220 [ 685.709468] ? jfs_link+0x3d0/0x3d0 [ 685.713072] lookup_open+0x5c4/0x1750 [ 685.716849] ? vfs_mkdir+0x6e0/0x6e0 [ 685.720539] path_openat+0x14bb/0x2970 [ 685.724415] ? path_lookupat+0x780/0x780 [ 685.728451] ? trace_hardirqs_on+0x10/0x10 [ 685.732658] ? __lock_acquire+0x5fc/0x3f20 [ 685.736868] do_filp_open+0x179/0x3c0 [ 685.741170] ? may_open_dev+0xe0/0xe0 [ 685.744944] ? lock_downgrade+0x740/0x740 [ 685.749066] ? do_raw_spin_unlock+0x164/0x220 [ 685.753533] ? _raw_spin_unlock+0x29/0x40 [ 685.757653] ? __alloc_fd+0x1be/0x490 [ 685.761431] do_sys_open+0x296/0x410 [ 685.765116] ? filp_open+0x60/0x60 [ 685.768647] ? __close_fd+0x159/0x230 [ 685.772422] ? do_syscall_64+0x4c/0x640 [ 685.776369] ? do_sys_open+0x410/0x410 [ 685.780255] do_syscall_64+0x1d5/0x640 [ 685.784118] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 685.789291] RIP: 0033:0x7f2dd34c40c9 [ 685.793028] RSP: 002b:00007ffffdafe728 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 685.800709] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2dd34c40c9 [ 685.807954] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0 [ 685.815196] RBP: 00007f2dd3483930 R08: 0000000000000000 R09: 0000000000000000 [ 685.822437] R10: 00007ffffdafe5f0 R11: 0000000000000246 R12: 00000000f8008000 [ 685.829685] R13: 0000000000000000 R14: 00083878000000f4 R15: 0000000000000000 [ 685.837127] Kernel Offset: disabled [ 685.840732] Rebooting in 86400 seconds..