[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.245' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 41.282235] IPVS: ftp: loaded support on port[0] = 21 [ 41.330489] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 41.351834] ================================================================== [ 41.359521] BUG: KASAN: slab-out-of-bounds in ext4_write_inline_data+0x2ae/0x380 [ 41.367057] Write of size 70 at addr ffff88809a92c016 by task syz-executor870/8019 [ 41.374843] [ 41.376598] CPU: 1 PID: 8019 Comm: syz-executor870 Not tainted 4.14.237-syzkaller #0 [ 41.384476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.393825] Call Trace: [ 41.396411] dump_stack+0x1b2/0x281 [ 41.400022] print_address_description.cold+0x54/0x1d3 [ 41.405396] kasan_report_error.cold+0x8a/0x191 [ 41.410070] ? ext4_write_inline_data+0x2ae/0x380 [ 41.414904] kasan_report+0x6f/0x80 [ 41.418635] ? ext4_write_inline_data+0x2ae/0x380 [ 41.423492] memcpy+0x35/0x50 [ 41.426582] ext4_write_inline_data+0x2ae/0x380 [ 41.431346] ext4_write_inline_data_end+0x1d3/0x490 [ 41.436343] ? ext4_try_to_write_inline_data+0x1590/0x1590 [ 41.442061] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 41.447496] ext4_write_end+0x18d/0xca0 [ 41.451464] ext4_da_write_end+0x6da/0x8e0 [ 41.455733] generic_perform_write+0x268/0x420 [ 41.460295] ? filemap_page_mkwrite+0x2d0/0x2d0 [ 41.464942] ? current_time+0xb0/0xb0 [ 41.468728] ? ext4_file_write_iter+0x1cc/0xd20 [ 41.473387] __generic_file_write_iter+0x227/0x590 [ 41.478413] ext4_file_write_iter+0x276/0xd20 [ 41.482904] ? aa_file_perm+0x304/0xab0 [ 41.486858] ? ext4_file_read_iter+0x330/0x330 [ 41.491516] ? trace_hardirqs_on+0x10/0x10 [ 41.495735] ? iov_iter_init+0xa6/0x1c0 [ 41.499693] __vfs_write+0x44c/0x630 [ 41.503410] ? mntput_no_expire+0xc7/0x910 [ 41.507762] ? kernel_read+0x110/0x110 [ 41.511810] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 41.516827] vfs_write+0x17f/0x4d0 [ 41.520370] SyS_write+0xf2/0x210 [ 41.523911] ? SyS_read+0x210/0x210 [ 41.527537] ? do_syscall_64+0x4c/0x640 [ 41.531496] ? SyS_read+0x210/0x210 [ 41.535110] do_syscall_64+0x1d5/0x640 [ 41.539007] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 41.544178] RIP: 0033:0x452809 [ 41.547430] RSP: 002b:00007f7e2bf092f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 41.555118] RAX: ffffffffffffffda RBX: 00000000004cd400 RCX: 0000000000452809 [ 41.562367] RDX: 0000000000000082 RSI: 00000000200000c0 RDI: 0000000000000008 [ 41.569622] RBP: 000000000049d3b4 R08: 0000000000000000 R09: 0000000000000000 [ 41.576871] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 41.584118] R13: 0000000300000002 R14: efd76d87389d3913 R15: 00000000004cd408 [ 41.591373] [ 41.592979] Allocated by task 1: [ 41.596326] kasan_kmalloc+0xeb/0x160 [ 41.600103] kmem_cache_alloc+0x124/0x3c0 [ 41.604229] getname_flags+0xc8/0x550 [ 41.608005] do_sys_open+0x1ce/0x410 [ 41.611709] do_syscall_64+0x1d5/0x640 [ 41.615586] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 41.620759] [ 41.622364] Freed by task 1: [ 41.625356] kasan_slab_free+0xc3/0x1a0 [ 41.629316] kmem_cache_free+0x7c/0x2b0 [ 41.633265] putname+0xcd/0x110 [ 41.636522] do_sys_open+0x203/0x410 [ 41.640232] do_syscall_64+0x1d5/0x640 [ 41.644097] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 41.649270] [ 41.650874] The buggy address belongs to the object at ffff88809a92c700 [ 41.650874] which belongs to the cache names_cache of size 4096 [ 41.663685] The buggy address is located 1770 bytes to the left of [ 41.663685] 4096-byte region [ffff88809a92c700, ffff88809a92d700) [ 41.676140] The buggy address belongs to the page: [ 41.681045] page:ffffea00026a4b00 count:1 mapcount:0 mapping:ffff88809a92c700 index:0x0 compound_mapcount: 0 [ 41.691006] flags: 0xfff00000008100(slab|head) [ 41.695578] raw: 00fff00000008100 ffff88809a92c700 0000000000000000 0000000100000001 [ 41.703449] raw: ffffea00026cc920 ffffea00026a0020 ffff88823f8bb200 0000000000000000 [ 41.711304] page dumped because: kasan: bad access detected [ 41.716987] [ 41.718589] Memory state around the buggy address: [ 41.723493] ffff88809a92bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.730833] ffff88809a92bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.738165] >ffff88809a92c000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.745495] ^ [ 41.749354] ffff88809a92c080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.756687] ffff88809a92c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 41.764020] ================================================================== [ 41.771379] Disabling lock debugging due to kernel taint write to /proc/sys/kernel/hung_task_check_interval_secs failed: No such file or directory [ 41.777306] Kernel panic - not syncing: panic_on_warn set ... [ 41.777306] [ 41.784683] CPU: 1 PID: 8019 Comm: syz-executor870 Tainted: G B 4.14.237-syzkaller #0 [ 41.794057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.803407] Call Trace: [ 41.806005] dump_stack+0x1b2/0x281 [ 41.809608] panic+0x1f9/0x42d [ 41.812775] ? add_taint.cold+0x16/0x16 [ 41.816810] kasan_end_report+0x43/0x49 [ 41.820919] kasan_report_error.cold+0xa7/0x191 [ 41.825583] ? ext4_write_inline_data+0x2ae/0x380 [ 41.830552] kasan_report+0x6f/0x80 [ 41.834179] ? ext4_write_inline_data+0x2ae/0x380 [ 41.839067] memcpy+0x35/0x50 [ 41.842276] ext4_write_inline_data+0x2ae/0x380 [ 41.846936] ext4_write_inline_data_end+0x1d3/0x490 [ 41.851959] ? ext4_try_to_write_inline_data+0x1590/0x1590 [ 41.857840] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 41.863313] ext4_write_end+0x18d/0xca0 [ 41.867283] ext4_da_write_end+0x6da/0x8e0 [ 41.871523] generic_perform_write+0x268/0x420 [ 41.876109] ? filemap_page_mkwrite+0x2d0/0x2d0 [ 41.880795] ? current_time+0xb0/0xb0 [ 41.884712] ? ext4_file_write_iter+0x1cc/0xd20 [ 41.889367] __generic_file_write_iter+0x227/0x590 [ 41.894307] ext4_file_write_iter+0x276/0xd20 [ 41.898794] ? aa_file_perm+0x304/0xab0 [ 41.902753] ? ext4_file_read_iter+0x330/0x330 [ 41.907330] ? trace_hardirqs_on+0x10/0x10 [ 41.911562] ? iov_iter_init+0xa6/0x1c0 [ 41.915523] __vfs_write+0x44c/0x630 [ 41.919215] ? mntput_no_expire+0xc7/0x910 [ 41.923433] ? kernel_read+0x110/0x110 [ 41.927303] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 41.932383] vfs_write+0x17f/0x4d0 [ 41.935910] SyS_write+0xf2/0x210 [ 41.939380] ? SyS_read+0x210/0x210 [ 41.942989] ? do_syscall_64+0x4c/0x640 [ 41.946943] ? SyS_read+0x210/0x210 [ 41.950691] do_syscall_64+0x1d5/0x640 [ 41.954611] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 41.959781] RIP: 0033:0x452809 [ 41.962950] RSP: 002b:00007f7e2bf092f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 41.970654] RAX: ffffffffffffffda RBX: 00000000004cd400 RCX: 0000000000452809 [ 41.977923] RDX: 0000000000000082 RSI: 00000000200000c0 RDI: 0000000000000008 [ 41.985172] RBP: 000000000049d3b4 R08: 0000000000000000 R09: 0000000000000000 [ 41.992792] R10: 0000000000000000 R11: 0000000000000246 R12: 0030656c69662f2e [ 42.000070] R13: 0000000300000002 R14: efd76d87389d3913 R15: 00000000004cd408 [ 42.008500] Kernel Offset: disabled [ 42.012123] Rebooting in 86400 seconds..