[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.195' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 501.001965] ================================================================== [ 501.009457] BUG: KASAN: slab-out-of-bounds in dtSearch+0x1c7d/0x1ef0 [ 501.015958] Read of size 1 at addr ffff88808db2610d by task syz-executor235/8103 [ 501.023465] [ 501.025079] CPU: 0 PID: 8103 Comm: syz-executor235 Not tainted 4.19.211-syzkaller #0 [ 501.032938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 501.042356] Call Trace: [ 501.044999] dump_stack+0x1fc/0x2ef [ 501.048642] print_address_description.cold+0x54/0x219 [ 501.053914] kasan_report_error.cold+0x8a/0x1b9 [ 501.058572] ? dtSearch+0x1c7d/0x1ef0 [ 501.062374] __asan_report_load1_noabort+0x88/0x90 [ 501.067296] ? dtSearch+0x1c7d/0x1ef0 [ 501.071103] dtSearch+0x1c7d/0x1ef0 [ 501.074759] ? __kmalloc+0x38e/0x3c0 [ 501.078552] jfs_lookup+0x12a/0x1c0 [ 501.082165] ? jfs_link+0x430/0x430 [ 501.085777] ? d_alloc_parallel+0x954/0x19e0 [ 501.090194] ? check_preemption_disabled+0x41/0x280 [ 501.095200] ? __d_lookup_rcu+0x6b0/0x6b0 [ 501.099329] ? __d_lookup+0x411/0x710 [ 501.103116] ? mark_held_locks+0xa6/0xf0 [ 501.107406] ? d_lookup+0x1aa/0x250 [ 501.111029] ? d_lookup+0x18e/0x250 [ 501.114671] ? jfs_link+0x430/0x430 [ 501.118297] lookup_open+0x698/0x1a20 [ 501.122109] ? vfs_mkdir+0x7a0/0x7a0 [ 501.125822] ? lookup_fast+0x4e9/0x1080 [ 501.129785] ? path_openat+0x17ec/0x2df0 [ 501.133839] path_openat+0x1804/0x2df0 [ 501.137713] ? path_lookupat+0x8d0/0x8d0 [ 501.141757] ? mark_held_locks+0xf0/0xf0 [ 501.145799] ? __lock_acquire+0x6de/0x3ff0 [ 501.150018] do_filp_open+0x18c/0x3f0 [ 501.153797] ? may_open_dev+0xf0/0xf0 [ 501.157583] ? lock_downgrade+0x720/0x720 [ 501.161712] ? lock_acquire+0x170/0x3c0 [ 501.165668] ? __alloc_fd+0x34/0x570 [ 501.169363] ? do_raw_spin_unlock+0x171/0x230 [ 501.173840] ? _raw_spin_unlock+0x29/0x40 [ 501.178055] ? __alloc_fd+0x28d/0x570 [ 501.181840] do_sys_open+0x3b3/0x520 [ 501.185536] ? filp_open+0x70/0x70 [ 501.189071] ? fput+0x2b/0x190 [ 501.192250] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 501.197598] ? trace_hardirqs_off_caller+0x6e/0x210 [ 501.202594] ? do_syscall_64+0x21/0x620 [ 501.206553] do_syscall_64+0xf9/0x620 [ 501.210342] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 501.215512] RIP: 0033:0x7f325b1f20c9 [ 501.219206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 501.238096] RSP: 002b:00007ffea7c1ff78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 501.245788] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f325b1f20c9 [ 501.253041] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0 [ 501.260296] RBP: 00007f325b1b1930 R08: 0000000000000000 R09: 0000000000000000 [ 501.267552] R10: 00007ffea7c1fe40 R11: 0000000000000246 R12: 00000000f8008000 [ 501.274814] R13: 0000000000000000 R14: 00083878000000f4 R15: 0000000000000000 [ 501.282592] [ 501.284204] Allocated by task 8103: [ 501.287820] kmem_cache_alloc+0x122/0x370 [ 501.291948] jfs_alloc_inode+0x18/0x50 [ 501.295813] alloc_inode+0x5d/0x180 [ 501.299418] iget_locked+0x193/0x480 [ 501.303109] jfs_iget+0x1a/0x4d0 [ 501.306472] jfs_lookup+0x19e/0x1c0 [ 501.310096] __lookup_slow+0x246/0x4a0 [ 501.313961] walk_component+0x7ac/0xda0 [ 501.317914] link_path_walk.part.0+0x901/0x1230 [ 501.322572] path_openat+0x1db/0x2df0 [ 501.326366] do_filp_open+0x18c/0x3f0 [ 501.330149] do_sys_open+0x3b3/0x520 [ 501.333862] do_syscall_64+0xf9/0x620 [ 501.337661] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 501.342930] [ 501.344542] Freed by task 0: [ 501.347538] (stack is not available) [ 501.351230] [ 501.352851] The buggy address belongs to the object at ffff88808db261c0 [ 501.352851] which belongs to the cache jfs_ip of size 1944 [ 501.365144] The buggy address is located 179 bytes to the left of [ 501.365144] 1944-byte region [ffff88808db261c0, ffff88808db26958) [ 501.377516] The buggy address belongs to the page: [ 501.382426] page:ffffea000236c980 count:1 mapcount:0 mapping:ffff8880b0f15600 index:0xffff88808db26fff [ 501.391869] flags: 0xfff00000000100(slab) [ 501.395998] raw: 00fff00000000100 ffffea000236c908 ffff8880b0f20a48 ffff8880b0f15600 [ 501.403947] raw: ffff88808db26fff ffff88808db261c0 0000000100000001 0000000000000000 [ 501.411909] page dumped because: kasan: bad access detected [ 501.417594] [ 501.419197] Memory state around the buggy address: [ 501.424111] ffff88808db26000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 501.431467] ffff88808db26080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 501.438821] >ffff88808db26100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 501.446154] ^ [ 501.449766] ffff88808db26180: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 501.457120] ffff88808db26200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 501.464456] ================================================================== [ 501.471803] Disabling lock debugging due to kernel taint [ 501.484183] Kernel panic - not syncing: panic_on_warn set ... [ 501.484183] [ 501.491569] CPU: 0 PID: 8103 Comm: syz-executor235 Tainted: G B 4.19.211-syzkaller #0 [ 501.500834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/26/2022 [ 501.510183] Call Trace: [ 501.512770] dump_stack+0x1fc/0x2ef [ 501.516395] panic+0x26a/0x50e [ 501.519573] ? __warn_printk+0xf3/0xf3 [ 501.523444] ? preempt_schedule_common+0x45/0xc0 [ 501.528185] ? ___preempt_schedule+0x16/0x18 [ 501.532576] ? trace_hardirqs_on+0x55/0x210 [ 501.536892] kasan_end_report+0x43/0x49 [ 501.540845] kasan_report_error.cold+0xa7/0x1b9 [ 501.545493] ? dtSearch+0x1c7d/0x1ef0 [ 501.549278] __asan_report_load1_noabort+0x88/0x90 [ 501.554198] ? dtSearch+0x1c7d/0x1ef0 [ 501.557975] dtSearch+0x1c7d/0x1ef0 [ 501.561578] ? __kmalloc+0x38e/0x3c0 [ 501.565283] jfs_lookup+0x12a/0x1c0 [ 501.568901] ? jfs_link+0x430/0x430 [ 501.572506] ? d_alloc_parallel+0x954/0x19e0 [ 501.576911] ? check_preemption_disabled+0x41/0x280 [ 501.581906] ? __d_lookup_rcu+0x6b0/0x6b0 [ 501.586031] ? __d_lookup+0x411/0x710 [ 501.589826] ? mark_held_locks+0xa6/0xf0 [ 501.593861] ? d_lookup+0x1aa/0x250 [ 501.597464] ? d_lookup+0x18e/0x250 [ 501.601080] ? jfs_link+0x430/0x430 [ 501.604697] lookup_open+0x698/0x1a20 [ 501.608477] ? vfs_mkdir+0x7a0/0x7a0 [ 501.612167] ? lookup_fast+0x4e9/0x1080 [ 501.616122] ? path_openat+0x17ec/0x2df0 [ 501.620161] path_openat+0x1804/0x2df0 [ 501.624032] ? path_lookupat+0x8d0/0x8d0 [ 501.628071] ? mark_held_locks+0xf0/0xf0 [ 501.632111] ? __lock_acquire+0x6de/0x3ff0 [ 501.636326] do_filp_open+0x18c/0x3f0 [ 501.640103] ? may_open_dev+0xf0/0xf0 [ 501.644491] ? lock_downgrade+0x720/0x720 [ 501.648652] ? lock_acquire+0x170/0x3c0 [ 501.652603] ? __alloc_fd+0x34/0x570 [ 501.656296] ? do_raw_spin_unlock+0x171/0x230 [ 501.660771] ? _raw_spin_unlock+0x29/0x40 [ 501.664912] ? __alloc_fd+0x28d/0x570 [ 501.668692] do_sys_open+0x3b3/0x520 [ 501.672385] ? filp_open+0x70/0x70 [ 501.675903] ? fput+0x2b/0x190 [ 501.679171] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 501.684515] ? trace_hardirqs_off_caller+0x6e/0x210 [ 501.689519] ? do_syscall_64+0x21/0x620 [ 501.693474] do_syscall_64+0xf9/0x620 [ 501.697278] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 501.702451] RIP: 0033:0x7f325b1f20c9 [ 501.706154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 501.725049] RSP: 002b:00007ffea7c1ff78 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 501.732736] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f325b1f20c9 [ 501.739981] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0 [ 501.747230] RBP: 00007f325b1b1930 R08: 0000000000000000 R09: 0000000000000000 [ 501.754474] R10: 00007ffea7c1fe40 R11: 0000000000000246 R12: 00000000f8008000 [ 501.761720] R13: 0000000000000000 R14: 00083878000000f4 R15: 0000000000000000 [ 501.769176] Kernel Offset: disabled [ 501.772793] Rebooting in 86400 seconds..