[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.47' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 336.651023] ea_get: invalid extended attribute [ 336.655751] ffff88809ed65468: 22 00 00 00 ff 05 66 00 69 00 6c 00 65 00 31 00 ".....f.i.l.e.1. [ 336.664945] ffff88809ed65478: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 336.673788] ffff88809ed65488: 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 336.682712] ffff88809ed65498: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 336.691624] ffff88809ed654a8: 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 336.700876] ffff88809ed654b8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 336.709780] ffff88809ed654c8: 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 336.718663] ffff88809ed654d8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 336.727551] ffff88809ed654e8: 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 336.736810] ffff88809ed654f8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 336.745869] ffff88809ed65508: 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 336.754776] ffff88809ed65518: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 336.763591] ffff88809ed65528: ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 336.772466] ffff88809ed65538: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 336.781353] ffff88809ed65548: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 336.790228] ffff88809ed65558: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 336.799107] ffff88809ed65568: ed 41 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 .A.............. [ 336.807990] ffff88809ed65578: ff ff ff ff ff ff ff ff 01 22 31 b3 80 88 ff ff ........."1..... [ 336.816871] ffff88809ed65588: c0 91 b6 87 ff ff ff ff c0 a7 e9 b2 80 88 ff ff ................ [ 336.825765] ffff88809ed65598: 78 57 d6 9e 80 88 ff ff 00 00 00 00 00 00 00 00 xW.............. [ 336.834654] ffff88809ed655a8: 20 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 ............... [ 336.843480] ffff88809ed655b8: 00 01 00 00 00 00 00 00 6e 1f 1f 63 00 00 00 00 ........n..c.... [ 336.852614] ffff88809ed655c8: 45 ef 28 21 00 00 00 00 6e 1f 1f 63 00 00 00 00 E.(!....n..c.... [ 336.861677] ffff88809ed655d8: 45 ef 28 21 00 00 00 00 6e 1f 1f 63 00 00 00 00 E.(!....n..c.... [ 336.870898] ffff88809ed655e8: 45 ef 28 21 00 00 00 00 00 00 00 00 ad 4e ad de E.(!.........N.. [ 336.879778] ffff88809ed655f8: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................ [ 336.888672] ffff88809ed65608: c8 24 20 89 ff ff ff ff 30 d7 a5 8b ff ff ff ff .$ .....0....... [ 336.897535] ffff88809ed65618: 00 00 00 00 00 00 00 00 00 2a 93 87 ff ff ff ff .........*...... [ 336.906427] ffff88809ed65628: 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 ................ [ 336.915311] ffff88809ed65638: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 336.924135] ffff88809ed65648: 01 00 00 00 ff ff ff ff 50 56 d6 9e 80 88 ff ff ........PV...... [ 336.933022] ffff88809ed65658: 50 56 d6 9e 80 88 ff ff 00 00 00 00 ad 4e ad de PV...........N.. [ 336.941932] ffff88809ed65668: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................ [ 336.950807] ffff88809ed65678: c0 9b e8 8b ff ff ff ff 00 00 00 00 00 00 00 00 ................ [ 336.959705] ffff88809ed65688: 00 00 00 00 00 00 00 00 00 4e 8a 87 ff ff ff ff .........N...... [ 336.968621] ffff88809ed65698: 00 00 00 00 00 00 00 00 00 22 31 b3 80 88 ff ff ........."1..... [ 336.977594] ffff88809ed656a8: d8 24 20 89 ff ff ff ff 00 00 00 00 00 00 00 00 .$ ............. [ 336.986479] ffff88809ed656b8: 50 e4 a5 8b ff ff ff ff 60 2e 93 87 ff ff ff ff P.......`....... [ 336.995684] ffff88809ed656c8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 337.004565] ffff88809ed656d8: 00 00 00 00 00 00 00 00 00 f7 ba 00 00 c9 ff ff ................ [ 337.013390] ffff88809ed656e8: e8 56 d6 9e 80 88 ff ff e8 56 d6 9e 80 88 ff ff .V.......V...... [ 337.022285] ffff88809ed656f8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 337.031196] ffff88809ed65708: 08 57 d6 9e 80 88 ff ff 08 57 d6 9e 80 88 ff ff .W.......W...... [ 337.040095] ffff88809ed65718: d8 46 6b 94 80 88 ff ff 58 67 f5 8d 80 88 ff ff .Fk.....Xg...... [ 337.049003] ffff88809ed65728: 28 57 d6 9e 80 88 ff ff 28 57 d6 9e 80 88 ff ff (W......(W...... [ 337.057962] ffff88809ed65738: 30 f8 f0 9e 80 88 ff ff 00 00 00 00 00 00 00 00 0............... [ 337.067145] ffff88809ed65748: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 337.076111] ffff88809ed65758: 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 337.085010] ffff88809ed65768: a0 90 b6 87 ff ff ff ff 00 00 00 00 00 00 00 00 ................ [ 337.093832] ffff88809ed65778: 68 55 d6 9e 80 88 ff ff 20 00 18 01 00 00 00 00 hU...... ....... [ 337.102707] ffff88809ed65788: 00 00 00 00 00 00 00 00 00 00 00 00 ad 4e ad de .............N.. [ 337.111609] ffff88809ed65798: ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ................ [ 337.120477] ffff88809ed657a8: 80 d8 ee 8b ff ff ff ff 00 00 00 00 00 00 00 00 ................ [ 337.129698] ffff88809ed657b8: 00 00 00 00 00 00 00 00 a0 2c 93 87 ff ff ff ff .........,...... [ 337.138794] ffff88809ed657c8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 337.147700] ffff88809ed657d8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 337.156572] ffff88809ed657e8: e8 57 d6 9e 80 88 ff ff e8 57 d6 9e 80 88 ff ff .W.......W...... [ 337.165476] ffff88809ed657f8: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... [ 337.174299] ffff88809ed65808: ff ff ff ff ff ff ff ff c0 9b e8 8b ff ff ff ff ................ [ 337.183155] ffff88809ed65818: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 337.192059] ffff88809ed65828: 00 4e 8a 87 ff ff ff ff 00 00 00 00 00 00 00 00 .N.............. [ 337.201017] ffff88809ed65838: 00 00 00 00 00 00 00 00 40 d8 ee 8b ff ff ff ff ........@....... [ 337.209927] ffff88809ed65848: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 337.218802] ffff88809ed65858: e0 2c 93 87 ff ff ff ff 00 00 00 00 00 00 00 00 .,.............. [ 337.227704] ffff88809ed65868: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 337.236570] ffff88809ed65878: a0 32 93 87 ff ff ff ff 00 00 00 00 00 00 00 00 .2.............. [ 337.245476] ffff88809ed65888: 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... [ 337.254298] ffff88809ed65898: ff ff ff ff ff ff ff ff 00 d8 ee 8b ff ff ff ff ................ [ 337.263656] ffff88809ed658a8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 337.272597] ffff88809ed658b8: 20 2d 93 87 ff ff ff ff ca 00 42 01 00 00 00 00 -........B..... [ 337.281508] ffff88809ed658c8: c8 58 d6 9e 80 88 ff ff c8 58 d6 9e 80 88 ff ff .X.......X...... [ 337.290397] ffff88809ed658d8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 337.299280] ffff88809ed658e8: e8 58 d6 9e 80 88 ff ff e8 58 d6 9e 80 88 ff ff .X.......X...... [ 337.308170] ffff88809ed658f8: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................ [ 337.317047] ffff88809ed65908: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 337.326073] ================================================================== [ 337.333541] BUG: KASAN: slab-out-of-bounds in hex_dump_to_buffer+0x9d1/0xaa0 [ 337.340708] Read of size 1 at addr ffff88809ed65920 by task syz-executor100/7983 [ 337.348216] [ 337.349830] CPU: 0 PID: 7983 Comm: syz-executor100 Not tainted 4.14.295-syzkaller #0 [ 337.357684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 337.367012] Call Trace: [ 337.369581] dump_stack+0x1b2/0x281 [ 337.373193] print_address_description.cold+0x54/0x1d3 [ 337.378451] kasan_report_error.cold+0x8a/0x191 [ 337.383096] ? hex_dump_to_buffer+0x9d1/0xaa0 [ 337.387599] __asan_report_load1_noabort+0x68/0x70 [ 337.392506] ? hex_dump_to_buffer+0x9d1/0xaa0 [ 337.396974] hex_dump_to_buffer+0x9d1/0xaa0 [ 337.401291] print_hex_dump+0xef/0x170 [ 337.405155] ? hex_dump_to_buffer+0xaa0/0xaa0 [ 337.409624] ? vprintk_emit+0x170/0x620 [ 337.413577] ? printk+0x9e/0xbc [ 337.416833] ? log_store.cold+0x16/0x16 [ 337.420788] ea_get.cold+0x59/0x75 [ 337.424306] ? lock_acquire+0x170/0x3f0 [ 337.428256] ? __jfs_getxattr+0x9f/0x340 [ 337.432293] ? ea_release+0x1d0/0x1d0 [ 337.436071] __jfs_getxattr+0xae/0x340 [ 337.439934] ? jfs_initxattrs+0x210/0x210 [ 337.444059] ? lock_acquire+0x170/0x3f0 [ 337.448006] ? lock_downgrade+0x740/0x740 [ 337.452129] ? __jfs_set_acl+0x170/0x170 [ 337.456165] jfs_get_acl+0xf3/0x150 [ 337.459768] ? __jfs_set_acl+0x170/0x170 [ 337.463805] get_acl+0x11f/0x210 [ 337.467146] posix_acl_create.part.0+0x2c/0x250 [ 337.471793] ? current_kernel_time64+0x17c/0x230 [ 337.476525] posix_acl_create+0x10a/0x150 [ 337.480649] jfs_init_acl+0x71/0x230 [ 337.484336] ? jfs_set_acl+0x2a0/0x2a0 [ 337.488204] ? ialloc+0xa9/0x940 [ 337.491548] jfs_mkdir.part.0+0x175/0x7e0 [ 337.495672] ? lock_acquire+0x170/0x3f0 [ 337.499623] ? jfs_mknod+0x60/0x60 [ 337.503150] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 337.508227] ? debug_check_no_obj_freed+0x2c0/0x680 [ 337.513224] ? lock_acquire+0x170/0x3f0 [ 337.517171] ? lock_downgrade+0x740/0x740 [ 337.521295] ? __dquot_initialize+0x228/0xa70 [ 337.525766] ? common_perm+0x3b9/0x560 [ 337.529627] ? dquot_initialize_needed+0x240/0x240 [ 337.534531] ? map_id_up+0xe9/0x180 [ 337.538136] ? security_inode_permission+0xb5/0xf0 [ 337.543054] jfs_mkdir+0x35/0x50 [ 337.546396] vfs_mkdir+0x463/0x6e0 [ 337.549913] SyS_mkdirat+0x1fd/0x270 [ 337.553600] ? SyS_mknod+0x30/0x30 [ 337.557113] ? __close_fd+0x159/0x230 [ 337.560888] ? do_syscall_64+0x4c/0x640 [ 337.564834] ? SyS_mknod+0x30/0x30 [ 337.568353] do_syscall_64+0x1d5/0x640 [ 337.572242] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 337.577405] RIP: 0033:0x7fc171493d69 [ 337.581089] RSP: 002b:00007ffe621de068 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 337.588774] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fc171493d69 [ 337.596018] RDX: 0000000000000050 RSI: 0000000020000040 RDI: 0000000000000003 [ 337.603262] RBP: 00007fc1714535d0 R08: 0000000000000000 R09: 0000000000000000 [ 337.610506] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000f8008000 [ 337.617750] R13: 0000000000000000 R14: 00080000000000f4 R15: 0000000000000000 [ 337.625001] [ 337.626611] Allocated by task 7983: [ 337.630216] kasan_kmalloc+0xeb/0x160 [ 337.633992] kmem_cache_alloc+0x124/0x3c0 [ 337.638114] jfs_alloc_inode+0x18/0x50 [ 337.641977] alloc_inode+0x5d/0x170 [ 337.645578] iget_locked+0x151/0x400 [ 337.649266] jfs_iget+0x1e/0x480 [ 337.652604] jfs_lookup+0x156/0x170 [ 337.656207] lookup_open+0x5c4/0x1750 [ 337.659979] path_openat+0x14bb/0x2970 [ 337.663840] do_filp_open+0x179/0x3c0 [ 337.667615] do_sys_open+0x296/0x410 [ 337.671306] do_syscall_64+0x1d5/0x640 [ 337.675170] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 337.680331] [ 337.681931] Freed by task 0: [ 337.684921] (stack is not available) [ 337.688607] [ 337.690212] The buggy address belongs to the object at ffff88809ed65180 [ 337.690212] which belongs to the cache jfs_ip of size 1952 [ 337.702494] The buggy address is located 0 bytes to the right of [ 337.702494] 1952-byte region [ffff88809ed65180, ffff88809ed65920) [ 337.714774] The buggy address belongs to the page: [ 337.719681] page:ffffea00027b5940 count:1 mapcount:0 mapping:ffff88809ed65180 index:0xffff88809ed65fff [ 337.729112] flags: 0xfff00000000100(slab) [ 337.733239] raw: 00fff00000000100 ffff88809ed65180 ffff88809ed65fff 0000000100000001 [ 337.741098] raw: ffffea000251ad20 ffffea000237d5a0 ffff8882393f36c0 0000000000000000 [ 337.748963] page dumped because: kasan: bad access detected [ 337.754648] [ 337.756250] Memory state around the buggy address: [ 337.761156] ffff88809ed65800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 337.768501] ffff88809ed65880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 337.775837] >ffff88809ed65900: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 337.783177] ^ [ 337.787569] ffff88809ed65980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 337.794926] ffff88809ed65a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 337.802276] ================================================================== [ 337.809619] Disabling lock debugging due to kernel taint [ 337.815336] Kernel panic - not syncing: panic_on_warn set ... [ 337.815336] [ 337.822692] CPU: 0 PID: 7983 Comm: syz-executor100 Tainted: G B 4.14.295-syzkaller #0 [ 337.831773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 337.841116] Call Trace: [ 337.843699] dump_stack+0x1b2/0x281 [ 337.847312] panic+0x1f9/0x42d [ 337.850477] ? add_taint.cold+0x16/0x16 [ 337.854430] ? ___preempt_schedule+0x16/0x18 [ 337.858817] kasan_end_report+0x43/0x49 [ 337.862773] kasan_report_error.cold+0xa7/0x191 [ 337.867418] ? hex_dump_to_buffer+0x9d1/0xaa0 [ 337.871891] __asan_report_load1_noabort+0x68/0x70 [ 337.876793] ? hex_dump_to_buffer+0x9d1/0xaa0 [ 337.881260] hex_dump_to_buffer+0x9d1/0xaa0 [ 337.885585] print_hex_dump+0xef/0x170 [ 337.889453] ? hex_dump_to_buffer+0xaa0/0xaa0 [ 337.893921] ? vprintk_emit+0x170/0x620 [ 337.897871] ? printk+0x9e/0xbc [ 337.901125] ? log_store.cold+0x16/0x16 [ 337.905078] ea_get.cold+0x59/0x75 [ 337.908595] ? lock_acquire+0x170/0x3f0 [ 337.912543] ? __jfs_getxattr+0x9f/0x340 [ 337.916579] ? ea_release+0x1d0/0x1d0 [ 337.920355] __jfs_getxattr+0xae/0x340 [ 337.924217] ? jfs_initxattrs+0x210/0x210 [ 337.928338] ? lock_acquire+0x170/0x3f0 [ 337.932283] ? lock_downgrade+0x740/0x740 [ 337.936404] ? __jfs_set_acl+0x170/0x170 [ 337.940436] jfs_get_acl+0xf3/0x150 [ 337.944036] ? __jfs_set_acl+0x170/0x170 [ 337.948078] get_acl+0x11f/0x210 [ 337.951419] posix_acl_create.part.0+0x2c/0x250 [ 337.956063] ? current_kernel_time64+0x17c/0x230 [ 337.960791] posix_acl_create+0x10a/0x150 [ 337.964919] jfs_init_acl+0x71/0x230 [ 337.968611] ? jfs_set_acl+0x2a0/0x2a0 [ 337.972490] ? ialloc+0xa9/0x940 [ 337.975838] jfs_mkdir.part.0+0x175/0x7e0 [ 337.979995] ? lock_acquire+0x170/0x3f0 [ 337.983956] ? jfs_mknod+0x60/0x60 [ 337.987476] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 337.992563] ? debug_check_no_obj_freed+0x2c0/0x680 [ 337.997561] ? lock_acquire+0x170/0x3f0 [ 338.001600] ? lock_downgrade+0x740/0x740 [ 338.005725] ? __dquot_initialize+0x228/0xa70 [ 338.010202] ? common_perm+0x3b9/0x560 [ 338.014065] ? dquot_initialize_needed+0x240/0x240 [ 338.018971] ? map_id_up+0xe9/0x180 [ 338.022572] ? security_inode_permission+0xb5/0xf0 [ 338.027472] jfs_mkdir+0x35/0x50 [ 338.030812] vfs_mkdir+0x463/0x6e0 [ 338.034325] SyS_mkdirat+0x1fd/0x270 [ 338.038010] ? SyS_mknod+0x30/0x30 [ 338.041521] ? __close_fd+0x159/0x230 [ 338.045296] ? do_syscall_64+0x4c/0x640 [ 338.049243] ? SyS_mknod+0x30/0x30 [ 338.052759] do_syscall_64+0x1d5/0x640 [ 338.056650] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 338.061812] RIP: 0033:0x7fc171493d69 [ 338.065493] RSP: 002b:00007ffe621de068 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 338.073174] RAX: ffffffffffffffda RBX: 0030656c69662f2e RCX: 00007fc171493d69 [ 338.080415] RDX: 0000000000000050 RSI: 0000000020000040 RDI: 0000000000000003 [ 338.087657] RBP: 00007fc1714535d0 R08: 0000000000000000 R09: 0000000000000000 [ 338.094898] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000f8008000 [ 338.102142] R13: 0000000000000000 R14: 00080000000000f4 R15: 0000000000000000 [ 338.109562] Kernel Offset: disabled [ 338.113166] Rebooting in 86400 seconds..