[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.81' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 34.791315] JFS: discard option not supported on device [ 34.809853] ================================================================== [ 34.817346] BUG: KASAN: slab-out-of-bounds in dbNextAG+0x14f/0x530 [ 34.823663] Read of size 4 at addr ffff888097412750 by task syz-executor409/8106 [ 34.831169] [ 34.832781] CPU: 1 PID: 8106 Comm: syz-executor409 Not tainted 4.19.211-syzkaller #0 [ 34.840650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 34.849998] Call Trace: [ 34.852571] dump_stack+0x1fc/0x2ef [ 34.856190] print_address_description.cold+0x54/0x219 [ 34.861449] kasan_report_error.cold+0x8a/0x1b9 [ 34.866124] ? dbNextAG+0x14f/0x530 [ 34.869744] kasan_report+0x8f/0xa0 [ 34.873386] ? dbNextAG+0x14f/0x530 [ 34.876996] dbNextAG+0x14f/0x530 [ 34.880430] diAlloc+0x7ea/0x1440 [ 34.883869] ? do_raw_spin_unlock+0x171/0x230 [ 34.888344] ialloc+0x8c/0x970 [ 34.891517] jfs_mkdir.part.0+0x131/0x870 [ 34.895644] ? debug_check_no_obj_freed+0x201/0x490 [ 34.900646] ? jfs_mknod+0x60/0x60 [ 34.904607] ? lock_downgrade+0x720/0x720 [ 34.908731] ? lock_acquire+0x170/0x3c0 [ 34.912685] ? debug_check_no_obj_freed+0xb5/0x490 [ 34.917598] ? trace_hardirqs_off+0x64/0x200 [ 34.921986] ? common_perm+0x4be/0x800 [ 34.925854] ? __dquot_initialize+0x298/0xb70 [ 34.930329] ? userns_put+0xb0/0xb0 [ 34.933940] ? dquot_initialize_needed+0x290/0x290 [ 34.938855] ? generic_permission+0x116/0x4d0 [ 34.943327] ? security_inode_permission+0xc5/0xf0 [ 34.948239] jfs_mkdir+0x3f/0x60 [ 34.951586] vfs_mkdir+0x508/0x7a0 [ 34.955105] do_mkdirat+0x262/0x2d0 [ 34.958713] ? __ia32_sys_mknod+0x120/0x120 [ 34.963014] ? trace_hardirqs_off_caller+0x6e/0x210 [ 34.968009] ? do_syscall_64+0x21/0x620 [ 34.971963] do_syscall_64+0xf9/0x620 [ 34.975746] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 34.980917] RIP: 0033:0x7f899d4bd117 [ 34.984615] Code: ff ff ff ff c3 66 0f 1f 44 00 00 48 c7 c0 b8 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 35.003495] RSP: 002b:00007f899d46a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 35.011186] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f899d4bd117 [ 35.018434] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000500 [ 35.025683] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 35.032929] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 35.040177] R13: 0000000000000000 R14: 0000000020000500 R15: 0000000000000000 [ 35.047429] [ 35.049036] Allocated by task 1: [ 35.052398] kmem_cache_alloc+0x122/0x370 [ 35.056526] getname_flags+0xce/0x590 [ 35.060304] user_path_at_empty+0x2a/0x50 [ 35.064430] vfs_statx+0x113/0x210 [ 35.067947] __se_sys_newlstat+0x96/0x120 [ 35.072074] do_syscall_64+0xf9/0x620 [ 35.075857] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.081018] [ 35.082622] Freed by task 1: [ 35.085619] kmem_cache_free+0x7f/0x260 [ 35.089571] putname+0xe1/0x120 [ 35.092825] filename_lookup+0x3d0/0x5a0 [ 35.096864] vfs_statx+0x113/0x210 [ 35.100386] __se_sys_newlstat+0x96/0x120 [ 35.104512] do_syscall_64+0xf9/0x620 [ 35.108292] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.113453] [ 35.115060] The buggy address belongs to the object at ffff888097412d00 [ 35.115060] which belongs to the cache names_cache of size 4096 [ 35.127799] The buggy address is located 1456 bytes to the left of [ 35.127799] 4096-byte region [ffff888097412d00, ffff888097413d00) [ 35.140257] The buggy address belongs to the page: [ 35.145164] page:ffffea00025d0480 count:1 mapcount:0 mapping:ffff88823b843380 index:0x0 compound_mapcount: 0 [ 35.155108] flags: 0xfff00000008100(slab|head) [ 35.159668] raw: 00fff00000008100 ffffea00025d0408 ffffea00025d0508 ffff88823b843380 [ 35.167529] raw: 0000000000000000 ffff888097412d00 0000000100000001 0000000000000000 [ 35.175393] page dumped because: kasan: bad access detected [ 35.181078] [ 35.182686] Memory state around the buggy address: [ 35.187598] ffff888097412600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.194934] ffff888097412680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.202272] >ffff888097412700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.209604] ^ [ 35.215556] ffff888097412780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.222893] ffff888097412800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.230231] ================================================================== [ 35.237563] Disabling lock debugging due to kernel taint [ 35.246240] Kernel panic - not syncing: panic_on_warn set ... [ 35.246240] [ 35.253620] CPU: 1 PID: 8106 Comm: syz-executor409 Tainted: G B 4.19.211-syzkaller #0 [ 35.262885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 35.272228] Call Trace: [ 35.274799] dump_stack+0x1fc/0x2ef [ 35.278404] panic+0x26a/0x50e [ 35.281574] ? __warn_printk+0xf3/0xf3 [ 35.285441] ? preempt_schedule_common+0x45/0xc0 [ 35.290175] ? ___preempt_schedule+0x16/0x18 [ 35.294560] ? trace_hardirqs_on+0x55/0x210 [ 35.298864] kasan_end_report+0x43/0x49 [ 35.302817] kasan_report_error.cold+0xa7/0x1b9 [ 35.307464] ? dbNextAG+0x14f/0x530 [ 35.311066] kasan_report+0x8f/0xa0 [ 35.314672] ? dbNextAG+0x14f/0x530 [ 35.318277] dbNextAG+0x14f/0x530 [ 35.321708] diAlloc+0x7ea/0x1440 [ 35.325139] ? do_raw_spin_unlock+0x171/0x230 [ 35.329609] ialloc+0x8c/0x970 [ 35.332781] jfs_mkdir.part.0+0x131/0x870 [ 35.336908] ? debug_check_no_obj_freed+0x201/0x490 [ 35.341903] ? jfs_mknod+0x60/0x60 [ 35.345420] ? lock_downgrade+0x720/0x720 [ 35.349544] ? lock_acquire+0x170/0x3c0 [ 35.353494] ? debug_check_no_obj_freed+0xb5/0x490 [ 35.358423] ? trace_hardirqs_off+0x64/0x200 [ 35.362812] ? common_perm+0x4be/0x800 [ 35.366679] ? __dquot_initialize+0x298/0xb70 [ 35.371155] ? userns_put+0xb0/0xb0 [ 35.374760] ? dquot_initialize_needed+0x290/0x290 [ 35.379669] ? generic_permission+0x116/0x4d0 [ 35.384142] ? security_inode_permission+0xc5/0xf0 [ 35.389049] jfs_mkdir+0x3f/0x60 [ 35.392411] vfs_mkdir+0x508/0x7a0 [ 35.395937] do_mkdirat+0x262/0x2d0 [ 35.399551] ? __ia32_sys_mknod+0x120/0x120 [ 35.403856] ? trace_hardirqs_off_caller+0x6e/0x210 [ 35.408854] ? do_syscall_64+0x21/0x620 [ 35.412807] do_syscall_64+0xf9/0x620 [ 35.416588] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 35.421755] RIP: 0033:0x7f899d4bd117 [ 35.425447] Code: ff ff ff ff c3 66 0f 1f 44 00 00 48 c7 c0 b8 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 35.444323] RSP: 002b:00007f899d46a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 35.452008] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f899d4bd117 [ 35.459259] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020000500 [ 35.466505] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 35.473751] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 35.480995] R13: 0000000000000000 R14: 0000000020000500 R15: 0000000000000000 [ 35.488417] Kernel Offset: disabled [ 35.492027] Rebooting in 86400 seconds..