audit: type=1400 audit(1587417134.705:8): avc: denied { execmem } for pid=6318 comm="syz-executor933" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 IPVS: ftp: loaded support on port[0] = 21 ================================================================== BUG: KASAN: slab-out-of-bounds in __ext4_check_dir_entry+0x2f9/0x340 fs/ext4/dir.c:68 Read of size 2 at addr ffff8880a0755001 by task syz-executor933/6344 CPU: 1 PID: 6344 Comm: syz-executor933 Not tainted 4.14.176-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x13e/0x194 lib/dump_stack.c:58 print_address_description.cold+0x7c/0x1e2 mm/kasan/report.c:252 kasan_report_error mm/kasan/report.c:351 [inline] kasan_report mm/kasan/report.c:409 [inline] kasan_report.cold+0xa9/0x2ae mm/kasan/report.c:393 __ext4_check_dir_entry+0x2f9/0x340 fs/ext4/dir.c:68 ext4_readdir+0x822/0x27f0 fs/ext4/dir.c:240 iterate_dir+0x1a0/0x5e0 fs/readdir.c:52 SYSC_getdents fs/readdir.c:269 [inline] SyS_getdents+0x132/0x260 fs/readdir.c:250 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x446d99 RSP: 002b:00007fae5cfc9d18 EFLAGS: 00000246 ORIG_RAX: 000000000000004e RAX: ffffffffffffffda RBX: 00000000006dcc28 RCX: 0000000000446d99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 00000000006dcc20 R08: 65732f636f72702f R09: 65732f636f72702f EXT4-fs error (device sda1): ext4_readdir:240: inode #11: block 8230: comm syz-executor933: path /lost+found: bad entry in directory: rec_len is smaller than minimal - offset=4093, inode=0, rec_len=0, name_len=0, size=4096 R10: 65732f636f72702f R11: 0000000000000246 R12: 00000000006dcc2c R13: 00007fae5cfc9d20 R14: 00007fae5cfc9d20 R15: 00000000006dcc2c Allocated by task 6312: save_stack+0x32/0xa0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc mm/kasan/kasan.c:551 [inline] kasan_kmalloc+0xbf/0xe0 mm/kasan/kasan.c:529 kmem_cache_alloc+0x127/0x770 mm/slab.c:3552 sk_prot_alloc+0x5f/0x290 net/core/sock.c:1461 sk_alloc+0x36/0xd60 net/core/sock.c:1521 unix_create1+0x78/0x4f0 net/unix/af_unix.c:779 unix_create+0xdd/0x1c0 net/unix/af_unix.c:841 __sock_create+0x2f2/0x620 net/socket.c:1275 sock_create net/socket.c:1315 [inline] SYSC_socket net/socket.c:1345 [inline] SyS_socket+0xd2/0x170 net/socket.c:1325 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Freed by task 0: (stack is not available) The buggy address belongs to the object at ffff8880a0755080 which belongs to the cache UNIX of size 1728 The buggy address is located 127 bytes to the left of 1728-byte region [ffff8880a0755080, ffff8880a0755740) The buggy address belongs to the page: page:ffffea000281d540 count:1 mapcount:0 mapping:ffff8880a0755080 index:0x0 flags: 0xfffe0000000100(slab) raw: 00fffe0000000100 ffff8880a0755080 0000000000000000 0000000100000002 raw: ffffea000281d3e0 ffffea000281a1e0 ffff8880a647e500 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8880a0754f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8880a0754f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8880a0755000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff8880a0755080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8880a0755100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ==================================================================