[ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.254' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 42.021839] audit: type=1400 audit(1602829836.250:8): avc: denied { execmem } for pid=6490 comm="syz-executor001" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 42.047035] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 42.058143] Quota error (device loop0): qtree_write_dquot: Error -669470953 occurred while creating quota [ 42.072583] Quota error (device loop0): qtree_write_dquot: Error -1224736762 occurred while creating quota [ 42.084433] EXT4-fs error (device loop0): __ext4_new_inode:922: comm syz-executor001: reserved inode found cleared - inode=1 [ 42.097545] BUG: unable to handle kernel paging request at fffffbfff6e0001f [ 42.104659] PGD 21ffed067 P4D 21ffed067 PUD 21ffec067 PMD 0 [ 42.110487] Oops: 0000 [#1] PREEMPT SMP KASAN [ 42.114992] CPU: 0 PID: 6490 Comm: syz-executor001 Not tainted 4.19.150-syzkaller #0 [ 42.122865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.132214] RIP: 0010:check_memory_region+0xc8/0x170 [ 42.137309] Code: 39 d0 74 0e 80 38 00 74 f2 48 85 c0 0f 85 9c 00 00 00 5b 5d 41 5c c3 48 85 d2 74 f6 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 e8 <80> 38 00 74 f2 eb d8 41 bc 08 00 00 00 48 89 ea 45 29 dc 4e 8d 5c [ 42.156197] RSP: 0018:ffff888094d37710 EFLAGS: 00010296 [ 42.161630] RAX: fffffbfff6e0001f RBX: fffffbfff6e00021 RCX: ffffffff81d2475e [ 42.168932] RDX: fffffbfff6e00021 RSI: 0000000000000004 RDI: ffffffffb70000fe [ 42.176192] RBP: fffffbfff6e0001f R08: 0000000000000000 R09: fffffbfff6e00020 [ 42.183444] R10: ffffffffb7000101 R11: 0000000000000001 R12: ffffffffb70000fe [ 42.190708] R13: 0000000000000009 R14: fffffbfff6e0001f R15: ffff8880a6118080 [ 42.197960] FS: 000000000091d880(0000) GS:ffff8880ae200000(0000) knlGS:0000000000000000 [ 42.206181] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.212045] CR2: fffffbfff6e0001f CR3: 000000009133f000 CR4: 00000000001406f0 [ 42.219301] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 42.226556] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 42.233808] Call Trace: [ 42.237089] dqput.part.0+0xae/0x850 [ 42.240790] __dquot_drop+0x1c6/0x2a0 [ 42.244571] ? dquot_scan_active+0x310/0x310 [ 42.248966] ? ext4_mark_group_bitmap_corrupted+0x4b3/0x750 [ 42.254677] dquot_drop+0x14b/0x1a0 [ 42.258290] __ext4_new_inode+0x3016/0x5e40 [ 42.262601] ? ext4_free_inode+0x18d0/0x18d0 [ 42.267005] ? __dquot_initialize+0x2b2/0xd40 [ 42.271503] ? dquot_initialize_needed+0x290/0x290 [ 42.276430] ? find_held_lock+0x2d/0x110 [ 42.280479] ext4_tmpfile+0x208/0x480 [ 42.284276] ? ext4_orphan_add+0xb90/0xb90 [ 42.288507] ? _raw_spin_unlock+0x29/0x40 [ 42.292644] ? d_alloc+0x1bc/0x230 [ 42.296185] vfs_tmpfile+0x12c/0x280 [ 42.299886] path_openat+0x1e85/0x2e90 [ 42.303759] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.309111] ? lock_acquire+0x170/0x3f0 [ 42.313068] ? path_lookupat+0x8d0/0x8d0 [ 42.317111] ? mark_held_locks+0xf0/0xf0 [ 42.321155] ? find_held_lock+0x2d/0x110 [ 42.325214] do_filp_open+0x18c/0x3f0 [ 42.328999] ? may_open_dev+0xf0/0xf0 [ 42.332796] ? lock_downgrade+0x750/0x750 [ 42.336924] ? lock_acquire+0x170/0x3f0 [ 42.340879] ? do_raw_spin_unlock+0x171/0x240 [ 42.345356] ? _raw_spin_unlock+0x29/0x40 [ 42.349488] ? __alloc_fd+0x2ab/0x590 [ 42.353272] do_sys_open+0x3b3/0x520 [ 42.356966] ? filp_open+0x70/0x70 [ 42.360583] ? fput+0x2b/0x190 [ 42.363763] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 42.369111] ? trace_hardirqs_off_caller+0x6e/0x210 [ 42.374129] ? do_syscall_64+0x21/0x670 [ 42.378085] do_syscall_64+0xf9/0x670 [ 42.381887] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 42.387056] RIP: 0033:0x444969 [ 42.390239] Code: 8d d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 5b d7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 42.409147] RSP: 002b:00007fff3f1b2888 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 42.416851] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 0000000000444969 [ 42.424109] RDX: 0000000000410481 RSI: 0000000020000000 RDI: ffffffffffffff9c [ 42.431364] RBP: 00000000006cf018 R08: 0000000000000000 R09: 0000000000000000 [ 42.438623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000402550 [ 42.445878] R13: 00000000004025e0 R14: 0000000000000000 R15: 0000000000000000 [ 42.453136] Modules linked in: [ 42.456309] CR2: fffffbfff6e0001f [ 42.459758] ---[ end trace 4e9dbc8156a81e19 ]--- [ 42.464531] RIP: 0010:check_memory_region+0xc8/0x170 [ 42.469640] Code: 39 d0 74 0e 80 38 00 74 f2 48 85 c0 0f 85 9c 00 00 00 5b 5d 41 5c c3 48 85 d2 74 f6 48 01 ea eb 09 48 83 c0 01 48 39 d0 74 e8 <80> 38 00 74 f2 eb d8 41 bc 08 00 00 00 48 89 ea 45 29 dc 4e 8d 5c [ 42.488541] RSP: 0018:ffff888094d37710 EFLAGS: 00010296 [ 42.493886] RAX: fffffbfff6e0001f RBX: fffffbfff6e00021 RCX: ffffffff81d2475e [ 42.501167] RDX: fffffbfff6e00021 RSI: 0000000000000004 RDI: ffffffffb70000fe [ 42.508421] RBP: fffffbfff6e0001f R08: 0000000000000000 R09: fffffbfff6e00020 [ 42.515685] R10: ffffffffb7000101 R11: 0000000000000001 R12: ffffffffb70000fe [ 42.522940] R13: 0000000000000009 R14: fffffbfff6e0001f R15: ffff8880a6118080 [ 42.530208] FS: 000000000091d880(0000) GS:ffff8880ae200000(0000) knlGS:0000000000000000 [ 42.538418] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 42.544287] CR2: fffffbfff6e0001f CR3: 000000009133f000 CR4: 00000000001406f0 [ 42.551585] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 42.558873] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 42.566157] Kernel panic - not syncing: Fatal exception [ 42.572646] Kernel Offset: disabled [ 42.576290] Rebooting in 86400 seconds..