[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 35.673093] audit: type=1400 audit(1589126371.466:8): avc: denied { execmem } for pid=6334 comm="syz-executor795" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 35.695024] ================================================================== [ 35.702566] BUG: KASAN: slab-out-of-bounds in __ext4_check_dir_entry+0x2f9/0x340 [ 35.710113] Read of size 2 at addr ffff88808bd16003 by task syz-executor795/6334 [ 35.717747] [ 35.719410] CPU: 0 PID: 6334 Comm: syz-executor795 Not tainted 4.14.180-syzkaller #0 [ 35.727791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.737337] Call Trace: [ 35.739916] dump_stack+0x13e/0x194 [ 35.743526] ? __ext4_check_dir_entry+0x2f9/0x340 [ 35.748410] print_address_description.cold+0x7c/0x1e2 [ 35.753676] ? __ext4_check_dir_entry+0x2f9/0x340 [ 35.758599] kasan_report.cold+0xa9/0x2ae [ 35.762727] __ext4_check_dir_entry+0x2f9/0x340 [ 35.767442] ext4_readdir+0x822/0x27f0 [ 35.771363] ? __ext4_check_dir_entry+0x340/0x340 [ 35.776191] ? lock_acquire+0x170/0x3f0 [ 35.780144] ? iterate_dir+0xbc/0x5e0 [ 35.783925] iterate_dir+0x1a0/0x5e0 [ 35.787637] SyS_getdents64+0x130/0x240 [ 35.791589] ? SyS_getdents+0x260/0x260 [ 35.795558] ? filldir+0x390/0x390 [ 35.799082] ? ext4_dir_llseek+0x1af/0x200 [ 35.803324] ? do_syscall_64+0x4c/0x640 [ 35.807291] ? SyS_getdents+0x260/0x260 [ 35.811240] do_syscall_64+0x1d5/0x640 [ 35.815296] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 35.820460] RIP: 0033:0x440699 [ 35.823643] RSP: 002b:00007ffe38dc98c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 35.831326] RAX: ffffffffffffffda RBX: 00007ffe38dc98d0 RCX: 0000000000440699 [ 35.838588] RDX: 00000000c0002521 RSI: 0000000000000000 RDI: 0000000000000004 [ 35.845834] RBP: 0000000000000000 R08: 0000000000400c20 R09: 0000000000400c20 [ 35.853097] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000401f80 [ 35.860498] R13: 0000000000402010 R14: 0000000000000000 R15: 0000000000000000 [ 35.867851] [ 35.869573] Allocated by task 1: [ 35.872944] save_stack+0x32/0xa0 [ 35.876388] kasan_kmalloc+0xbf/0xe0 [ 35.880083] kmem_cache_alloc+0x127/0x770 [ 35.884212] get_empty_filp+0x86/0x3e0 [ 35.888078] path_openat+0x8d/0x3c50 [ 35.891768] do_filp_open+0x18e/0x250 [ 35.895546] do_sys_open+0x29d/0x3f0 [ 35.899264] do_syscall_64+0x1d5/0x640 [ 35.903131] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 35.908296] [ 35.909906] Freed by task 17: [ 35.912986] save_stack+0x32/0xa0 [ 35.916416] kasan_slab_free+0x75/0xc0 [ 35.920290] kmem_cache_free+0x7c/0x2b0 [ 35.924239] rcu_process_callbacks+0x792/0x1190 [ 35.928889] __do_softirq+0x254/0x9bf [ 35.932662] [ 35.934265] The buggy address belongs to the object at ffff88808bd16040 [ 35.934265] which belongs to the cache filp of size 456 [ 35.946305] The buggy address is located 61 bytes to the left of [ 35.946305] 456-byte region [ffff88808bd16040, ffff88808bd16208) [ 35.958573] The buggy address belongs to the page: [ 35.963494] page:ffffea00022f4580 count:1 mapcount:0 mapping:ffff88808bd16040 index:0x0 [ 35.971630] flags: 0xfffe0000000100(slab) [ 35.975771] raw: 00fffe0000000100 ffff88808bd16040 0000000000000000 0000000100000006 [ 35.983643] raw: ffffea0002370820 ffffea00022f4520 ffff8880aa587b40 0000000000000000 [ 35.991519] page dumped because: kasan: bad access detected [ 35.997225] [ 35.998828] Memory state around the buggy address: [ 36.003756] ffff88808bd15f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.011117] ffff88808bd15f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 36.018469] >ffff88808bd16000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 36.025804] ^ [ 36.029145] ffff88808bd16080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.036478] ffff88808bd16100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.043912] ================================================================== [ 36.051245] Disabling lock debugging due to kernel taint [ 36.057639] Kernel panic - not syncing: panic_on_warn set ... [ 36.057639] [ 36.065013] CPU: 0 PID: 6334 Comm: syz-executor795 Tainted: G B 4.14.180-syzkaller #0 [ 36.074118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.083460] Call Trace: [ 36.086939] dump_stack+0x13e/0x194 [ 36.090557] panic+0x1f9/0x42d [ 36.093726] ? add_taint.cold+0x16/0x16 [ 36.097686] ? preempt_schedule_common+0x4a/0xc0 [ 36.102421] ? __ext4_check_dir_entry+0x2f9/0x340 [ 36.107255] ? ___preempt_schedule+0x16/0x18 [ 36.111827] ? __ext4_check_dir_entry+0x2f9/0x340 [ 36.116660] kasan_end_report+0x43/0x49 [ 36.120617] kasan_report.cold+0x12f/0x2ae [ 36.125022] __ext4_check_dir_entry+0x2f9/0x340 [ 36.129676] ext4_readdir+0x822/0x27f0 [ 36.133562] ? __ext4_check_dir_entry+0x340/0x340 [ 36.138383] ? lock_acquire+0x170/0x3f0 [ 36.142334] ? iterate_dir+0xbc/0x5e0 [ 36.146166] iterate_dir+0x1a0/0x5e0 [ 36.149882] SyS_getdents64+0x130/0x240 [ 36.153860] ? SyS_getdents+0x260/0x260 [ 36.157826] ? filldir+0x390/0x390 [ 36.161361] ? ext4_dir_llseek+0x1af/0x200 [ 36.165717] ? do_syscall_64+0x4c/0x640 [ 36.169688] ? SyS_getdents+0x260/0x260 [ 36.173653] do_syscall_64+0x1d5/0x640 [ 36.177530] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 36.182798] RIP: 0033:0x440699 [ 36.185979] RSP: 002b:00007ffe38dc98c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 36.193677] RAX: ffffffffffffffda RBX: 00007ffe38dc98d0 RCX: 0000000000440699 [ 36.201119] RDX: 00000000c0002521 RSI: 0000000000000000 RDI: 0000000000000004 [ 36.208382] RBP: 0000000000000000 R08: 0000000000400c20 R09: 0000000000400c20 [ 36.215630] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000401f80 [ 36.222895] R13: 0000000000402010 R14: 0000000000000000 R15: 0000000000000000 [ 36.231579] Kernel Offset: disabled [ 36.235198] Rebooting in 86400 seconds..