[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.93' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 39.516766] audit: type=1400 audit(1602258842.646:8): avc: denied { execmem } for pid=6489 comm="syz-executor834" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 39.528050] ================================================================================ [ 39.545316] UBSAN: Undefined behaviour in fs/jfs/jfs_mount.c:385:25 [ 39.551710] shift exponent 6156 is too large for 32-bit type 'int' [ 39.558048] CPU: 0 PID: 6489 Comm: syz-executor834 Not tainted 4.19.150-syzkaller #0 [ 39.565935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.575353] Call Trace: [ 39.577928] dump_stack+0x22c/0x33e [ 39.581540] ubsan_epilogue+0xe/0x3a [ 39.585275] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 39.591847] ? __bread_gfp+0x81/0x300 [ 39.595655] ? readSuper+0xf2/0x290 [ 39.599268] chkSuper.cold+0x1e/0x98 [ 39.602967] ? readSuper+0x290/0x290 [ 39.606665] ? do_raw_spin_lock+0xcb/0x220 [ 39.610882] jfs_mount+0x47/0x3d0 [ 39.614318] jfs_fill_super+0x55c/0xb50 [ 39.618361] ? parse_options+0xf50/0xf50 [ 39.622409] ? set_blocksize+0x163/0x3f0 [ 39.626454] mount_bdev+0x2fc/0x3b0 [ 39.630077] ? parse_options+0xf50/0xf50 [ 39.634117] mount_fs+0xa3/0x318 [ 39.637481] vfs_kern_mount.part.0+0x68/0x470 [ 39.641974] do_mount+0x51c/0x2f10 [ 39.645508] ? do_raw_spin_unlock+0x171/0x240 [ 39.649998] ? check_preemption_disabled+0x41/0x2b0 [ 39.654996] ? copy_mount_string+0x40/0x40 [ 39.659216] ? kmem_cache_alloc_trace+0x379/0x4b0 [ 39.664038] ? copy_mount_options+0x261/0x370 [ 39.668515] ksys_mount+0xcf/0x130 [ 39.672066] __x64_sys_mount+0xba/0x150 [ 39.676020] ? lockdep_hardirqs_on+0x3c1/0x5e0 [ 39.680583] do_syscall_64+0xf9/0x670 [ 39.684396] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.689566] RIP: 0033:0x446d4a [ 39.692826] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 39.712747] RSP: 002b:00007fff527f6dc8 EFLAGS: 00000283 ORIG_RAX: 00000000000000a5 [ 39.720433] RAX: ffffffffffffffda RBX: 00007fff527f6e20 RCX: 0000000000446d4a [ 39.727679] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff527f6de0 [ 39.734941] RBP: 00007fff527f6de0 R08: 00007fff527f6e20 R09: 00007fff00000015 [ 39.742189] R10: 0000000000000000 R11: 0000000000000283 R12: 0000000000000001 [ 39.749436] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 39.756689] ================================================================================ [ 39.767557] ================================================================================ [ 39.776150] UBSAN: Undefined behaviour in fs/jfs/jfs_imap.c:458:7 [ 39.782380] shift exponent -6144 is negative [ 39.786782] CPU: 0 PID: 6489 Comm: syz-executor834 Not tainted 4.19.150-syzkaller #0 [ 39.794639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 39.803969] Call Trace: [ 39.806553] dump_stack+0x22c/0x33e [ 39.810173] ubsan_epilogue+0xe/0x3a [ 39.813867] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 39.820007] ? do_raw_spin_unlock+0x171/0x240 [ 39.824501] diReadSpecial.cold+0x1b/0x3e [ 39.828640] jfs_mount+0x83/0x3d0 [ 39.832083] jfs_fill_super+0x55c/0xb50 [ 39.836048] ? parse_options+0xf50/0xf50 [ 39.840091] ? set_blocksize+0x163/0x3f0 [ 39.844146] mount_bdev+0x2fc/0x3b0 [ 39.847753] ? parse_options+0xf50/0xf50 [ 39.851806] mount_fs+0xa3/0x318 [ 39.855153] vfs_kern_mount.part.0+0x68/0x470 [ 39.859628] do_mount+0x51c/0x2f10 [ 39.863157] ? do_raw_spin_unlock+0x171/0x240 [ 39.867631] ? check_preemption_disabled+0x41/0x2b0 [ 39.872624] ? copy_mount_string+0x40/0x40 [ 39.876855] ? kmem_cache_alloc_trace+0x379/0x4b0 [ 39.881682] ? copy_mount_options+0x261/0x370 [ 39.886164] ksys_mount+0xcf/0x130 [ 39.889690] __x64_sys_mount+0xba/0x150 [ 39.893678] ? lockdep_hardirqs_on+0x3c1/0x5e0 [ 39.898278] do_syscall_64+0xf9/0x670 [ 39.902077] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 39.907256] RIP: 0033:0x446d4a [ 39.910430] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 39.929313] RSP: 002b:00007fff527f6dc8 EFLAGS: 00000283 ORIG_RAX: 00000000000000a5 [ 39.937096] RAX: ffffffffffffffda RBX: 00007fff527f6e20 RCX: 0000000000446d4a [ 39.944358] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff527f6de0 [ 39.951622] RBP: 00007fff527f6de0 R08: 00007fff527f6e20 R09: 00007fff00000015 [ 39.958873] R10: 0000000000000000 R11: 0000000000000283 R12: 0000000000000001 [ 39.966122] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 39.973417] ================================================================================ [ 39.984213] ================================================================================ [ 39.992803] UBSAN: Undefined behaviour in fs/jfs/jfs_imap.c:126:7 [ 39.999035] shift exponent -6144 is negative [ 40.003469] CPU: 0 PID: 6489 Comm: syz-executor834 Not tainted 4.19.150-syzkaller #0 [ 40.011354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.020705] Call Trace: [ 40.023298] dump_stack+0x22c/0x33e [ 40.026934] ubsan_epilogue+0xe/0x3a [ 40.030649] __ubsan_handle_shift_out_of_bounds.cold+0x1c4/0x250 [ 40.036811] ? diMount+0x4b/0x860 [ 40.040244] ? rcu_read_lock_sched_held+0x174/0x1e0 [ 40.045240] ? kmem_cache_alloc_trace+0x379/0x4b0 [ 40.050132] ? release_metapage+0x24b/0x9e0 [ 40.054440] diMount.cold+0x17/0x1c [ 40.058051] ? diReadSpecial+0x2ed/0x670 [ 40.062098] jfs_mount+0xbf/0x3d0 [ 40.065545] jfs_fill_super+0x55c/0xb50 [ 40.069505] ? parse_options+0xf50/0xf50 [ 40.073552] ? set_blocksize+0x163/0x3f0 [ 40.077612] mount_bdev+0x2fc/0x3b0 [ 40.081235] ? parse_options+0xf50/0xf50 [ 40.085277] mount_fs+0xa3/0x318 [ 40.088627] vfs_kern_mount.part.0+0x68/0x470 [ 40.093103] do_mount+0x51c/0x2f10 [ 40.096624] ? do_raw_spin_unlock+0x171/0x240 [ 40.101097] ? check_preemption_disabled+0x41/0x2b0 [ 40.106197] ? copy_mount_string+0x40/0x40 [ 40.110415] ? kmem_cache_alloc_trace+0x379/0x4b0 [ 40.115237] ? copy_mount_options+0x261/0x370 [ 40.119712] ksys_mount+0xcf/0x130 [ 40.123231] __x64_sys_mount+0xba/0x150 [ 40.127183] ? lockdep_hardirqs_on+0x3c1/0x5e0 [ 40.131743] do_syscall_64+0xf9/0x670 [ 40.135526] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.140699] RIP: 0033:0x446d4a [ 40.143870] Code: b8 08 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 fd ad fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 da ad fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 40.162772] RSP: 002b:00007fff527f6dc8 EFLAGS: 00000283 ORIG_RAX: 00000000000000a5 [ 40.170470] RAX: ffffffffffffffda RBX: 00007fff527f6e20 RCX: 0000000000446d4a [ 40.177729] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fff527f6de0 [ 40.184977] RBP: 00007fff527f6de0 R08: 00007fff527f6e20 R09: 00007fff00000015 [ 40.192223] R10: 0000000000000000 R11: 0000000000000283 R12: 0000000000000001 [ 40.199477] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 40.206734] ================================================================================