[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.214' (ECDSA) to the list of known hosts.
syzkaller login: [   33.106935] audit: type=1400 audit(1592406889.731:8): avc:  denied  { execmem } for  pid=6342 comm="syz-executor293" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   33.360212] IPVS: ftp: loaded support on port[0] = 21
executing program
[   34.129174] ==================================================================
[   34.136708] BUG: KASAN: use-after-free in __ext4_check_dir_entry+0x2f9/0x340
[   34.143888] Read of size 2 at addr ffff8880902be001 by task syz-executor293/6343
[   34.151407] 
[   34.153065] CPU: 0 PID: 6343 Comm: syz-executor293 Not tainted 4.14.184-syzkaller #0
[   34.160958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.170326] Call Trace:
[   34.172902]  dump_stack+0x1b2/0x283
[   34.176514]  ? __ext4_check_dir_entry+0x2f9/0x340
[   34.181345]  print_address_description.cold+0x54/0x1dc
[   34.186742]  ? __ext4_check_dir_entry+0x2f9/0x340
[   34.191580]  kasan_report.cold+0xa9/0x2b9
[   34.195770]  __ext4_check_dir_entry+0x2f9/0x340
[   34.200956]  ext4_readdir+0x819/0x27e0
[   34.205040]  ? __ext4_check_dir_entry+0x340/0x340
[   34.209869]  ? lock_acquire+0x170/0x3f0
[   34.213943]  ? iterate_dir+0xbc/0x5e0
[   34.217779]  iterate_dir+0x1a0/0x5e0
[   34.221478]  SyS_getdents64+0x130/0x240
[   34.225441]  ? SyS_getdents+0x260/0x260
[   34.229660]  ? filldir+0x390/0x390
[   34.233185]  ? ext4_dir_llseek+0x1af/0x200
[   34.237460]  ? do_syscall_64+0x4c/0x640
[   34.241419]  ? SyS_getdents+0x260/0x260
[   34.245381]  do_syscall_64+0x1d5/0x640
[   34.249258]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   34.254473] RIP: 0033:0x441369
[   34.257661] RSP: 002b:00007ffc66332028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   34.265356] RAX: ffffffffffffffda RBX: 00007ffc663320a0 RCX: 0000000000441369
[   34.272700] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[   34.279954] RBP: 00007ffc66332040 R08: 00000000bb1414ac R09: 00000000bb1414ac
[   34.287211] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000003
[   34.294495] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   34.301757] 
[   34.303369] Allocated by task 4799:
[   34.307101]  kasan_kmalloc.part.0+0x4f/0xd0
[   34.311406]  __kmalloc_track_caller+0x155/0x400
[   34.316074]  kmemdup_nul+0x2d/0xa0
[   34.319600]  security_context_to_sid_core+0x94/0x3d0
[   34.324824]  selinux_inode_setsecurity+0x155/0x350
[   34.329751]  selinux_inode_notifysecctx+0x2b/0x50
[   34.334617]  security_inode_notifysecctx+0x76/0xb0
[   34.339582]  kernfs_refresh_inode+0x328/0x4a0
[   34.344062]  kernfs_iop_permission+0x59/0x90
[   34.348463]  __inode_permission+0x1f1/0x2f0
[   34.352808]  inode_permission+0x23/0x100
[   34.356867]  link_path_walk+0x851/0x1080
[   34.360927]  path_lookupat.isra.0+0xcb/0x7b0
[   34.365386]  filename_lookup+0x18e/0x380
[   34.369436]  vfs_statx+0xd1/0x160
[   34.373018]  SyS_newlstat+0x83/0xe0
[   34.376629]  do_syscall_64+0x1d5/0x640
[   34.380688]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   34.385869] 
[   34.387491] Freed by task 4799:
[   34.390769]  kasan_slab_free+0xaf/0x190
[   34.394879]  kfree+0xcb/0x260
[   34.398116]  security_context_to_sid_core+0x284/0x3d0
[   34.403409]  selinux_inode_setsecurity+0x155/0x350
[   34.408369]  selinux_inode_notifysecctx+0x2b/0x50
[   34.413222]  security_inode_notifysecctx+0x76/0xb0
[   34.418262]  kernfs_refresh_inode+0x328/0x4a0
[   34.422750]  kernfs_iop_permission+0x59/0x90
[   34.427140]  __inode_permission+0x1f1/0x2f0
[   34.431476]  inode_permission+0x23/0x100
[   34.435555]  link_path_walk+0x851/0x1080
[   34.439599]  path_lookupat.isra.0+0xcb/0x7b0
[   34.444002]  filename_lookup+0x18e/0x380
[   34.448057]  vfs_statx+0xd1/0x160
[   34.451528]  SyS_newlstat+0x83/0xe0
[   34.455140]  do_syscall_64+0x1d5/0x640
[   34.459044]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   34.464211] 
[   34.465909] The buggy address belongs to the object at ffff8880902be000
[   34.465909]  which belongs to the cache kmalloc-32 of size 32
[   34.478463] The buggy address is located 1 bytes inside of
[   34.478463]  32-byte region [ffff8880902be000, ffff8880902be020)
[   34.490089] The buggy address belongs to the page:
[   34.495001] page:ffffea000240af80 count:1 mapcount:0 mapping:ffff8880902be000 index:0xffff8880902befc1
[   34.504444] flags: 0xfffe0000000100(slab)
[   34.508612] raw: 00fffe0000000100 ffff8880902be000 ffff8880902befc1 000000010000003f
[   34.516489] raw: ffffea00024079e0 ffffea0002aa6720 ffff8880aa8001c0 0000000000000000
[   34.524351] page dumped because: kasan: bad access detected
[   34.530075] 
[   34.531724] Memory state around the buggy address:
[   34.536641]  ffff8880902bdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.544178]  ffff8880902bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   34.551883] >ffff8880902be000: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   34.559227]                    ^
[   34.562581]  ffff8880902be080: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc
[   34.569925]  ffff8880902be100: 00 00 01 fc fc fc fc fc 00 00 01 fc fc fc fc fc
[   34.577314] ==================================================================
[   34.584759] Disabling lock debugging due to kernel taint
[   34.592987] Kernel panic - not syncing: panic_on_warn set ...
[   34.592987] 
[   34.600373] CPU: 1 PID: 6343 Comm: syz-executor293 Tainted: G    B           4.14.184-syzkaller #0
[   34.609464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   34.619056] Call Trace:
[   34.621638]  dump_stack+0x1b2/0x283
[   34.625296]  panic+0x1f9/0x42d
[   34.628473]  ? add_taint.cold+0x16/0x16
[   34.632433]  ? preempt_schedule_common+0x4a/0xc0
[   34.637183]  ? __ext4_check_dir_entry+0x2f9/0x340
[   34.642012]  ? ___preempt_schedule+0x16/0x18
[   34.646402]  ? __ext4_check_dir_entry+0x2f9/0x340
[   34.651240]  kasan_end_report+0x43/0x49
[   34.655234]  kasan_report.cold+0x12f/0x2b9
[   34.659456]  __ext4_check_dir_entry+0x2f9/0x340
[   34.664112]  ext4_readdir+0x819/0x27e0
[   34.668008]  ? __ext4_check_dir_entry+0x340/0x340
[   34.672839]  ? lock_acquire+0x170/0x3f0
[   34.676830]  ? iterate_dir+0xbc/0x5e0
[   34.680684]  iterate_dir+0x1a0/0x5e0
[   34.684414]  SyS_getdents64+0x130/0x240
[   34.688382]  ? SyS_getdents+0x260/0x260
[   34.692672]  ? filldir+0x390/0x390
[   34.696318]  ? ext4_dir_llseek+0x1af/0x200
[   34.700578]  ? do_syscall_64+0x4c/0x640
[   34.704538]  ? SyS_getdents+0x260/0x260
[   34.708495]  do_syscall_64+0x1d5/0x640
[   34.712506]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   34.717798] RIP: 0033:0x441369
[   34.720974] RSP: 002b:00007ffc66332028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[   34.728666] RAX: ffffffffffffffda RBX: 00007ffc663320a0 RCX: 0000000000441369
[   34.736048] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[   34.743390] RBP: 00007ffc66332040 R08: 00000000bb1414ac R09: 00000000bb1414ac
[   34.750695] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000003
[   34.757980] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   34.766827] Kernel Offset: disabled
[   34.770450] Rebooting in 86400 seconds..