[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.136' (ECDSA) to the list of known hosts. syzkaller login: [ 34.613542] audit: type=1400 audit(1587417134.705:8): avc: denied { execmem } for pid=6318 comm="syz-executor933" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 34.876324] IPVS: ftp: loaded support on port[0] = 21 executing program [ 35.698258] ================================================================== [ 35.705719] BUG: KASAN: slab-out-of-bounds in __ext4_check_dir_entry+0x2f9/0x340 [ 35.713241] Read of size 2 at addr ffff8880a0755001 by task syz-executor933/6344 [ 35.720750] [ 35.722363] CPU: 1 PID: 6344 Comm: syz-executor933 Not tainted 4.14.176-syzkaller #0 [ 35.730222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.739574] Call Trace: [ 35.742168] dump_stack+0x13e/0x194 [ 35.745803] ? __ext4_check_dir_entry+0x2f9/0x340 [ 35.750636] print_address_description.cold+0x7c/0x1e2 [ 35.755910] ? __ext4_check_dir_entry+0x2f9/0x340 [ 35.760739] kasan_report.cold+0xa9/0x2ae [ 35.764914] __ext4_check_dir_entry+0x2f9/0x340 [ 35.769611] ext4_readdir+0x822/0x27f0 [ 35.773489] ? __ext4_check_dir_entry+0x340/0x340 [ 35.778509] ? lock_acquire+0x170/0x3f0 [ 35.782481] ? iterate_dir+0xbc/0x5e0 [ 35.786275] iterate_dir+0x1a0/0x5e0 [ 35.789977] SyS_getdents+0x132/0x260 [ 35.793868] ? SyS_futex+0x1e8/0x2c0 [ 35.797573] ? SyS_futex+0x1f2/0x2c0 [ 35.801395] ? SyS_old_readdir+0x130/0x130 [ 35.805620] ? verify_dirent_name+0x50/0x50 [ 35.809941] ? do_syscall_64+0x4c/0x640 [ 35.813896] ? SyS_old_readdir+0x130/0x130 [ 35.818110] do_syscall_64+0x1d5/0x640 [ 35.821986] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 35.827263] RIP: 0033:0x446d99 [ 35.830437] RSP: 002b:00007fae5cfc9d18 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 35.838123] RAX: ffffffffffffffda RBX: 00000000006dcc28 RCX: 0000000000446d99 [ 35.845373] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 35.852632] RBP: 00000000006dcc20 R08: 65732f636f72702f R09: 65732f636f72702f [ 35.852865] EXT4-fs error (device sda1): ext4_readdir:240: inode #11: block 8230: comm syz-executor933: path /lost+found: bad entry in directory: rec_len is smaller than minimal - offset=4093, inode=0, rec_len=0, name_len=0, size=4096 [ 35.859906] R10: 65732f636f72702f R11: 0000000000000246 R12: 00000000006dcc2c [ 35.859913] R13: 00007fae5cfc9d20 R14: 00007fae5cfc9d20 R15: 00000000006dcc2c [ 35.859926] [ 35.859931] Allocated by task 6312: [ 35.859942] save_stack+0x32/0xa0 [ 35.859949] kasan_kmalloc+0xbf/0xe0 [ 35.859954] kmem_cache_alloc+0x127/0x770 [ 35.859964] sk_prot_alloc+0x5f/0x290 [ 35.915900] sk_alloc+0x36/0xd60 [ 35.919253] unix_create1+0x78/0x4f0 [ 35.922948] unix_create+0xdd/0x1c0 [ 35.926815] __sock_create+0x2f2/0x620 [ 35.930683] SyS_socket+0xd2/0x170 [ 35.934207] do_syscall_64+0x1d5/0x640 [ 35.938074] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 35.943241] [ 35.944868] Freed by task 0: [ 35.948131] (stack is not available) [ 35.951827] [ 35.953433] The buggy address belongs to the object at ffff8880a0755080 [ 35.953433] which belongs to the cache UNIX of size 1728 [ 35.965551] The buggy address is located 127 bytes to the left of [ 35.965551] 1728-byte region [ffff8880a0755080, ffff8880a0755740) [ 35.977930] The buggy address belongs to the page: [ 35.982840] page:ffffea000281d540 count:1 mapcount:0 mapping:ffff8880a0755080 index:0x0 [ 35.990978] flags: 0xfffe0000000100(slab) [ 35.995108] raw: 00fffe0000000100 ffff8880a0755080 0000000000000000 0000000100000002 [ 36.002973] raw: ffffea000281d3e0 ffffea000281a1e0 ffff8880a647e500 0000000000000000 [ 36.010854] page dumped because: kasan: bad access detected [ 36.016543] [ 36.018162] Memory state around the buggy address: [ 36.023070] ffff8880a0754f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.030409] ffff8880a0754f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.037762] >ffff8880a0755000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.045108] ^ [ 36.048462] ffff8880a0755080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.055801] ffff8880a0755100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.063135] ================================================================== [ 36.070488] Disabling lock debugging due to kernel taint [ 36.076409] Kernel panic - not syncing: panic_on_warn set ... [ 36.076409] [ 36.083802] CPU: 1 PID: 6344 Comm: syz-executor933 Tainted: G B 4.14.176-syzkaller #0 [ 36.092912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.102259] Call Trace: [ 36.104849] dump_stack+0x13e/0x194 [ 36.108468] panic+0x1f9/0x42d [ 36.111637] ? add_taint.cold+0x16/0x16 [ 36.115592] ? preempt_schedule_common+0x4a/0xc0 [ 36.120887] ? __ext4_check_dir_entry+0x2f9/0x340 [ 36.125708] ? ___preempt_schedule+0x16/0x18 [ 36.130113] ? __ext4_check_dir_entry+0x2f9/0x340 [ 36.134934] kasan_end_report+0x43/0x49 [ 36.138942] kasan_report.cold+0x12f/0x2ae [ 36.143219] __ext4_check_dir_entry+0x2f9/0x340 [ 36.147877] ext4_readdir+0x822/0x27f0 [ 36.151761] ? __ext4_check_dir_entry+0x340/0x340 [ 36.156607] ? lock_acquire+0x170/0x3f0 [ 36.160569] ? iterate_dir+0xbc/0x5e0 [ 36.164357] iterate_dir+0x1a0/0x5e0 [ 36.168053] SyS_getdents+0x132/0x260 [ 36.171833] ? SyS_futex+0x1e8/0x2c0 [ 36.175540] ? SyS_futex+0x1f2/0x2c0 [ 36.179245] ? SyS_old_readdir+0x130/0x130 [ 36.183463] ? verify_dirent_name+0x50/0x50 [ 36.187768] ? do_syscall_64+0x4c/0x640 [ 36.191816] ? SyS_old_readdir+0x130/0x130 [ 36.196031] do_syscall_64+0x1d5/0x640 [ 36.199902] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 36.205214] RIP: 0033:0x446d99 [ 36.208453] RSP: 002b:00007fae5cfc9d18 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 36.216253] RAX: ffffffffffffffda RBX: 00000000006dcc28 RCX: 0000000000446d99 [ 36.223514] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 36.230763] RBP: 00000000006dcc20 R08: 65732f636f72702f R09: 65732f636f72702f [ 36.238011] R10: 65732f636f72702f R11: 0000000000000246 R12: 00000000006dcc2c [ 36.245259] R13: 00007fae5cfc9d20 R14: 00007fae5cfc9d20 R15: 00000000006dcc2c [ 36.253883] Kernel Offset: disabled [ 36.257517] Rebooting in 86400 seconds..