[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.15.201' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 33.458325] ================================================================== [ 33.466387] BUG: KASAN: slab-out-of-bounds in dbAllocDmapLev+0x233/0x280 [ 33.474992] Read of size 1 at addr ffff888098a98fcd by task syz-executor331/7971 [ 33.485356] [ 33.487200] CPU: 1 PID: 7971 Comm: syz-executor331 Not tainted 4.14.302-syzkaller #0 [ 33.496432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 33.510276] Call Trace: [ 33.515373] dump_stack+0x1b2/0x281 [ 33.519542] print_address_description.cold+0x54/0x1d3 [ 33.525000] kasan_report_error.cold+0x8a/0x191 [ 33.529668] ? dbAllocDmapLev+0x233/0x280 [ 33.533808] __asan_report_load1_noabort+0x68/0x70 [ 33.538834] ? dbAllocDmapLev+0x233/0x280 [ 33.544043] dbAllocDmapLev+0x233/0x280 [ 33.548331] ? dbAllocNext+0x370/0x370 [ 33.553005] ? trace_hardirqs_on+0x10/0x10 [ 33.557935] dbAllocCtl+0x426/0x680 [ 33.563520] ? kernel_text_address+0xbd/0xf0 [ 33.568986] ? __mutex_unlock_slowpath+0x75/0x770 [ 33.574670] dbAllocAG+0x684/0x9f0 [ 33.579178] ? dbAlloc+0x400/0x980 [ 33.584334] ? dbAllocCtl+0x680/0x680 [ 33.588680] dbAlloc+0x415/0x980 [ 33.592928] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 33.598747] dtSplitUp+0x316/0x47d0 [ 33.603184] ? __lock_acquire+0x5fc/0x3f20 [ 33.609786] ? dtSplitRoot+0x14b0/0x14b0 [ 33.615431] ? path_openat+0xe08/0x2970 [ 33.619423] ? do_filp_open+0x179/0x3c0 [ 33.623681] ? do_sys_open+0x296/0x410 [ 33.627962] ? do_syscall_64+0x1d5/0x640 [ 33.632329] ? entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 33.637915] ? trace_hardirqs_on+0x10/0x10 [ 33.642268] ? debug_check_no_obj_freed+0x2c0/0x680 [ 33.648309] ? trace_hardirqs_on+0x10/0x10 [ 33.653677] ? lock_acquire+0x170/0x3f0 [ 33.658365] ? lock_downgrade+0x740/0x740 [ 33.663386] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 33.669859] ? debug_check_no_obj_freed+0x2c0/0x680 [ 33.676651] ? txLockAlloc+0x1c3/0x270 [ 33.681396] ? txLock+0x5e2/0x18a0 [ 33.686124] ? lock_acquire+0x170/0x3f0 [ 33.690941] ? lock_downgrade+0x740/0x740 [ 33.696068] dtInsert+0x77c/0x9e0 [ 33.700597] ? dtSearch+0x1ba0/0x1ba0 [ 33.704668] ? txEnd+0x2d0/0x2d0 [ 33.708839] jfs_create.part.0+0x364/0x800 [ 33.713217] ? jfs_mkdir+0x50/0x50 [ 33.716869] ? jfs_lookup+0x99/0x170 [ 33.720723] ? __dquot_initialize+0x228/0xa70 [ 33.725337] ? dquot_initialize_needed+0x240/0x240 [ 33.730260] ? param_get_aalockpolicy+0x70/0x70 [ 33.734920] ? map_id_up+0xe9/0x180 [ 33.738554] ? security_inode_permission+0xb5/0xf0 [ 33.743672] jfs_create+0x35/0x50 [ 33.748187] ? jfs_create.part.0+0x800/0x800 [ 33.753260] lookup_open+0x77a/0x1750 [ 33.757521] ? vfs_mkdir+0x6e0/0x6e0 [ 33.761921] path_openat+0xe08/0x2970 [ 33.766475] ? path_lookupat+0x780/0x780 [ 33.772323] ? trace_hardirqs_on+0x10/0x10 [ 33.779331] do_filp_open+0x179/0x3c0 [ 33.784665] ? may_open_dev+0xe0/0xe0 [ 33.789517] ? lock_downgrade+0x740/0x740 [ 33.794686] ? do_raw_spin_unlock+0x164/0x220 [ 33.802017] ? _raw_spin_unlock+0x29/0x40 [ 33.806702] ? __alloc_fd+0x1be/0x490 [ 33.811457] do_sys_open+0x296/0x410 [ 33.816448] ? filp_open+0x60/0x60 [ 33.820988] ? do_syscall_64+0x4c/0x640 [ 33.825088] ? SyS_open+0x30/0x30 [ 33.829230] do_syscall_64+0x1d5/0x640 [ 33.837225] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 33.842582] RIP: 0033:0x7f17f07db7e9 [ 33.846281] RSP: 002b:00007ffd49983bc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 33.855244] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f17f07db7e9 [ 33.865957] RDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c [ 33.876788] RBP: 00007f17f079b080 R08: 0000000000000000 R09: 0000000000000000 [ 33.887076] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f17f079b110 [ 33.897969] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 33.909936] [ 33.911867] Allocated by task 1: [ 33.916687] kasan_kmalloc+0xeb/0x160 [ 33.922220] kmem_cache_alloc+0x124/0x3c0 [ 33.926717] get_empty_filp+0x86/0x3f0 [ 33.930951] path_openat+0x84/0x2970 [ 33.936052] do_filp_open+0x179/0x3c0 [ 33.942248] do_sys_open+0x296/0x410 [ 33.947537] do_syscall_64+0x1d5/0x640 [ 33.951711] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 33.961911] [ 33.964855] Freed by task 7: [ 33.969279] kasan_slab_free+0xc3/0x1a0 [ 33.975945] kmem_cache_free+0x7c/0x2b0 [ 33.981315] rcu_process_callbacks+0x780/0x1180 [ 33.989181] __do_softirq+0x24d/0x9ff [ 33.996362] [ 33.998598] The buggy address belongs to the object at ffff888098a98d00 [ 33.998598] which belongs to the cache filp of size 456 [ 34.017325] The buggy address is located 261 bytes to the right of [ 34.017325] 456-byte region [ffff888098a98d00, ffff888098a98ec8) [ 34.031101] The buggy address belongs to the page: [ 34.036123] page:ffffea000262a600 count:1 mapcount:0 mapping:ffff888098a98080 index:0x0 [ 34.046359] flags: 0xfff00000000100(slab) [ 34.051219] raw: 00fff00000000100 ffff888098a98080 0000000000000000 0000000100000006 [ 34.062495] raw: ffffea000262a5a0 ffffea00025fe460 ffff8880b60c9080 0000000000000000 [ 34.074210] page dumped because: kasan: bad access detected [ 34.083653] [ 34.087003] Memory state around the buggy address: [ 34.096524] ffff888098a98e80: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 34.106994] ffff888098a98f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.115471] >ffff888098a98f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 34.122973] ^ [ 34.128692] ffff888098a99000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.136346] ffff888098a99080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 34.143703] ================================================================== [ 34.152157] Disabling lock debugging due to kernel taint [ 34.163328] Kernel panic - not syncing: panic_on_warn set ... [ 34.163328] [ 34.171863] CPU: 1 PID: 7971 Comm: syz-executor331 Tainted: G B 4.14.302-syzkaller #0 [ 34.181945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 34.195679] Call Trace: [ 34.198889] dump_stack+0x1b2/0x281 [ 34.203813] panic+0x1f9/0x42d [ 34.207102] ? add_taint.cold+0x16/0x16 [ 34.212054] ? ___preempt_schedule+0x16/0x18 [ 34.216689] kasan_end_report+0x43/0x49 [ 34.221336] kasan_report_error.cold+0xa7/0x191 [ 34.226455] ? dbAllocDmapLev+0x233/0x280 [ 34.230816] __asan_report_load1_noabort+0x68/0x70 [ 34.235749] ? dbAllocDmapLev+0x233/0x280 [ 34.239882] dbAllocDmapLev+0x233/0x280 [ 34.243844] ? dbAllocNext+0x370/0x370 [ 34.248515] ? trace_hardirqs_on+0x10/0x10 [ 34.253542] dbAllocCtl+0x426/0x680 [ 34.259179] ? kernel_text_address+0xbd/0xf0 [ 34.264035] ? __mutex_unlock_slowpath+0x75/0x770 [ 34.270018] dbAllocAG+0x684/0x9f0 [ 34.274200] ? dbAlloc+0x400/0x980 [ 34.278513] ? dbAllocCtl+0x680/0x680 [ 34.282690] dbAlloc+0x415/0x980 [ 34.287297] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 34.294624] dtSplitUp+0x316/0x47d0 [ 34.299658] ? __lock_acquire+0x5fc/0x3f20 [ 34.304534] ? dtSplitRoot+0x14b0/0x14b0 [ 34.308940] ? path_openat+0xe08/0x2970 [ 34.313087] ? do_filp_open+0x179/0x3c0 [ 34.317504] ? do_sys_open+0x296/0x410 [ 34.321645] ? do_syscall_64+0x1d5/0x640 [ 34.326028] ? entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 34.331623] ? trace_hardirqs_on+0x10/0x10 [ 34.335845] ? debug_check_no_obj_freed+0x2c0/0x680 [ 34.340861] ? trace_hardirqs_on+0x10/0x10 [ 34.345214] ? lock_acquire+0x170/0x3f0 [ 34.350141] ? lock_downgrade+0x740/0x740 [ 34.354971] ? _raw_spin_unlock_irqrestore+0x66/0xe0 [ 34.360598] ? debug_check_no_obj_freed+0x2c0/0x680 [ 34.367301] ? txLockAlloc+0x1c3/0x270 [ 34.372020] ? txLock+0x5e2/0x18a0 [ 34.376209] ? lock_acquire+0x170/0x3f0 [ 34.380821] ? lock_downgrade+0x740/0x740 [ 34.387025] dtInsert+0x77c/0x9e0 [ 34.392431] ? dtSearch+0x1ba0/0x1ba0 [ 34.398908] ? txEnd+0x2d0/0x2d0 [ 34.403999] jfs_create.part.0+0x364/0x800 [ 34.411435] ? jfs_mkdir+0x50/0x50 [ 34.414996] ? jfs_lookup+0x99/0x170 [ 34.419211] ? __dquot_initialize+0x228/0xa70 [ 34.423796] ? dquot_initialize_needed+0x240/0x240 [ 34.429069] ? param_get_aalockpolicy+0x70/0x70 [ 34.433989] ? map_id_up+0xe9/0x180 [ 34.437711] ? security_inode_permission+0xb5/0xf0 [ 34.443249] jfs_create+0x35/0x50 [ 34.448211] ? jfs_create.part.0+0x800/0x800 [ 34.454117] lookup_open+0x77a/0x1750 [ 34.458538] ? vfs_mkdir+0x6e0/0x6e0 [ 34.467474] path_openat+0xe08/0x2970 [ 34.473811] ? path_lookupat+0x780/0x780 [ 34.481263] ? trace_hardirqs_on+0x10/0x10 [ 34.486178] do_filp_open+0x179/0x3c0 [ 34.491864] ? may_open_dev+0xe0/0xe0 [ 34.496000] ? lock_downgrade+0x740/0x740 [ 34.501914] ? do_raw_spin_unlock+0x164/0x220 [ 34.508234] ? _raw_spin_unlock+0x29/0x40 [ 34.513104] ? __alloc_fd+0x1be/0x490 [ 34.516930] do_sys_open+0x296/0x410 [ 34.520962] ? filp_open+0x60/0x60 [ 34.524577] ? do_syscall_64+0x4c/0x640 [ 34.528705] ? SyS_open+0x30/0x30 [ 34.532326] do_syscall_64+0x1d5/0x640 [ 34.536451] entry_SYSCALL_64_after_hwframe+0x5e/0xd3 [ 34.541864] RIP: 0033:0x7f17f07db7e9 [ 34.547622] RSP: 002b:00007ffd49983bc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 34.563071] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f17f07db7e9 [ 34.576016] RDX: 000000000000275a RSI: 0000000020000040 RDI: 00000000ffffff9c [ 34.589612] RBP: 00007f17f079b080 R08: 0000000000000000 R09: 0000000000000000 [ 34.604111] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f17f079b110 [ 34.613471] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 34.621626] Kernel Offset: disabled [ 34.625249] Rebooting in 86400 seconds..