Warning: Permanently added '10.128.0.135' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 38.251537] audit: type=1400 audit(1600723809.458:8): avc: denied { execmem } for pid=6367 comm="syz-executor079" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 38.260787] gfs2: fsid=loop0: Trying to join cluster "lock_nolock", "loop0" [ 38.293391] gfs2: fsid=loop0: Now mounting FS... [ 38.300144] ================================================================== [ 38.307713] BUG: KASAN: slab-out-of-bounds in init_sb+0xc60/0xd80 [ 38.314256] Write of size 8 at addr ffff888097541bd0 by task syz-executor079/6367 [ 38.321971] [ 38.323583] CPU: 0 PID: 6367 Comm: syz-executor079 Not tainted 4.14.198-syzkaller #0 [ 38.331465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.340825] Call Trace: [ 38.343407] dump_stack+0x1b2/0x283 [ 38.347056] print_address_description.cold+0x54/0x1d3 [ 38.352548] kasan_report_error.cold+0x8a/0x194 [ 38.357313] ? init_sb+0xc60/0xd80 [ 38.360838] __asan_report_store8_noabort+0x68/0x70 [ 38.365837] ? init_sb+0xc60/0xd80 [ 38.369356] init_sb+0xc60/0xd80 [ 38.372897] ? check_journal_clean+0x180/0x180 [ 38.377676] ? gfs2_glock_nq_num+0xcb/0x1e0 [ 38.382007] fill_super+0x15b0/0x2310 [ 38.386196] ? gfs2_online_uevent+0x1b0/0x1b0 [ 38.390696] ? memcpy+0x35/0x50 [ 38.393968] ? pointer+0x9e0/0x9e0 [ 38.397492] ? gfs2_glock_nq_num+0xcb/0x1e0 [ 38.401799] ? vsprintf+0x30/0x30 [ 38.405237] ? set_blocksize+0x125/0x380 [ 38.409293] gfs2_mount+0x439/0x502 [ 38.412924] ? fill_super+0x2310/0x2310 [ 38.416931] mount_fs+0x92/0x2a0 [ 38.420283] vfs_kern_mount.part.0+0x5b/0x470 [ 38.424794] do_mount+0xe53/0x2a00 [ 38.428337] ? retint_kernel+0x2d/0x2d [ 38.432328] ? copy_mount_string+0x40/0x40 [ 38.436551] ? memset+0x20/0x40 [ 38.439813] ? copy_mount_options+0x1fa/0x2f0 [ 38.444304] ? copy_mnt_ns+0xa30/0xa30 [ 38.448252] SyS_mount+0xa8/0x120 [ 38.451748] ? copy_mnt_ns+0xa30/0xa30 [ 38.455626] do_syscall_64+0x1d5/0x640 [ 38.459523] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 38.464702] RIP: 0033:0x446dba [ 38.476014] RSP: 002b:00007fffe6cdf848 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 38.483721] RAX: ffffffffffffffda RBX: 00007fffe6cdf8a0 RCX: 0000000000446dba [ 38.491077] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fffe6cdf860 [ 38.498328] RBP: 00007fffe6cdf860 R08: 00007fffe6cdf8a0 R09: 00007fff00000015 [ 38.515149] R10: 0000000002200000 R11: 0000000000000293 R12: 0000000000000001 [ 38.522943] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 38.530220] [ 38.531831] Allocated by task 6367: [ 38.535817] kasan_kmalloc+0xeb/0x160 [ 38.539602] kmem_cache_alloc_trace+0x131/0x3d0 [ 38.545022] fill_super+0xb7/0x2310 [ 38.548629] gfs2_mount+0x439/0x502 [ 38.552241] mount_fs+0x92/0x2a0 [ 38.556059] vfs_kern_mount.part.0+0x5b/0x470 [ 38.561597] do_mount+0xe53/0x2a00 [ 38.565150] SyS_mount+0xa8/0x120 [ 38.568582] do_syscall_64+0x1d5/0x640 [ 38.572464] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 38.577672] [ 38.579281] Freed by task 0: [ 38.582417] (stack is not available) [ 38.586125] [ 38.587889] The buggy address belongs to the object at ffff888097540800 [ 38.587889] which belongs to the cache kmalloc-8192 of size 8192 [ 38.604975] The buggy address is located 5072 bytes inside of [ 38.604975] 8192-byte region [ffff888097540800, ffff888097542800) [ 38.617026] The buggy address belongs to the page: [ 38.621945] page:ffffea00025d5000 count:1 mapcount:0 mapping:ffff888097540800 index:0x0 compound_mapcount: 0 [ 38.631999] flags: 0xfffe0000008100(slab|head) [ 38.636704] raw: 00fffe0000008100 ffff888097540800 0000000000000000 0000000100000001 [ 38.644641] raw: ffffea00025def20 ffff88812fe51b48 ffff88812fe48080 0000000000000000 [ 38.652524] page dumped because: kasan: bad access detected [ 38.658210] [ 38.659816] Memory state around the buggy address: [ 38.664725] ffff888097541a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.673143] ffff888097541b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.680482] >ffff888097541b80: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 38.687821] ^ [ 38.693773] ffff888097541c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.701114] ffff888097541c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 38.708463] ================================================================== [ 38.715799] Disabling lock debugging due to kernel taint [ 38.721853] Kernel panic - not syncing: panic_on_warn set ... [ 38.721853] [ 38.729232] CPU: 0 PID: 6367 Comm: syz-executor079 Tainted: G B 4.14.198-syzkaller #0 [ 38.738341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 38.747702] Call Trace: [ 38.750290] dump_stack+0x1b2/0x283 [ 38.753902] panic+0x1f9/0x42d [ 38.757073] ? add_taint.cold+0x16/0x16 [ 38.761030] ? ___preempt_schedule+0x16/0x18 [ 38.765420] kasan_end_report+0x43/0x49 [ 38.769391] kasan_report_error.cold+0xa7/0x194 [ 38.774059] ? init_sb+0xc60/0xd80 [ 38.777587] __asan_report_store8_noabort+0x68/0x70 [ 38.782585] ? init_sb+0xc60/0xd80 [ 38.786103] init_sb+0xc60/0xd80 [ 38.789448] ? check_journal_clean+0x180/0x180 [ 38.794011] ? gfs2_glock_nq_num+0xcb/0x1e0 [ 38.798331] fill_super+0x15b0/0x2310 [ 38.802175] ? gfs2_online_uevent+0x1b0/0x1b0 [ 38.806653] ? memcpy+0x35/0x50 [ 38.809921] ? pointer+0x9e0/0x9e0 [ 38.813461] ? gfs2_glock_nq_num+0xcb/0x1e0 [ 38.817783] ? vsprintf+0x30/0x30 [ 38.821233] ? set_blocksize+0x125/0x380 [ 38.825277] gfs2_mount+0x439/0x502 [ 38.828885] ? fill_super+0x2310/0x2310 [ 38.832850] mount_fs+0x92/0x2a0 [ 38.836198] vfs_kern_mount.part.0+0x5b/0x470 [ 38.840681] do_mount+0xe53/0x2a00 [ 38.844223] ? retint_kernel+0x2d/0x2d [ 38.848091] ? copy_mount_string+0x40/0x40 [ 38.852341] ? memset+0x20/0x40 [ 38.855598] ? copy_mount_options+0x1fa/0x2f0 [ 38.860184] ? copy_mnt_ns+0xa30/0xa30 [ 38.864123] SyS_mount+0xa8/0x120 [ 38.867578] ? copy_mnt_ns+0xa30/0xa30 [ 38.871450] do_syscall_64+0x1d5/0x640 [ 38.875859] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 38.881032] RIP: 0033:0x446dba [ 38.884256] RSP: 002b:00007fffe6cdf848 EFLAGS: 00000293 ORIG_RAX: 00000000000000a5 [ 38.891974] RAX: ffffffffffffffda RBX: 00007fffe6cdf8a0 RCX: 0000000000446dba [ 38.899232] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fffe6cdf860 [ 38.906515] RBP: 00007fffe6cdf860 R08: 00007fffe6cdf8a0 R09: 00007fff00000015 [ 38.913769] R10: 0000000002200000 R11: 0000000000000293 R12: 0000000000000001 [ 38.921027] R13: 0000000000000004 R14: 0000000000000003 R15: 0000000000000003 [ 38.929819] Kernel Offset: disabled [ 38.933474] Rebooting in 86400 seconds..