[ OK ] Started Regular background program processing daemon. Starting OpenBSD Secure Shell server... [ OK ] Started Daily apt download activities. [ OK ] Started Daily apt upgrade and clean activities. [ OK ] Started Daily Cleanup of Temporary Directories. [ OK ] Reached target Timers. [ OK ] Started System Logging Service. [ OK ] Started Permit User Sessions. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.204' (ECDSA) to the list of known hosts. syzkaller login: [ 64.250124][ T27] audit: type=1400 audit(1589585345.035:8): avc: denied { execmem } for pid=7035 comm="syz-executor395" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 64.295574][ T7036] IPVS: ftp: loaded support on port[0] = 21 executing program [ 64.373155][ T27] audit: type=1800 audit(1589585345.155:9): pid=7057 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor395" name="file0" dev="sda1" ino=15717 res=0 [ 64.381981][ T7057] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 64.421479][ T7057] Process accounting resumed [ 64.488724][ T7036] ================================================================== [ 64.497093][ T7036] BUG: KASAN: use-after-free in get_block+0x1202/0x1380 [ 64.504009][ T7036] Write of size 2 at addr ffff8880844b8ba4 by task syz-executor395/7036 [ 64.512545][ T7036] [ 64.515145][ T7036] CPU: 0 PID: 7036 Comm: syz-executor395 Not tainted 5.7.0-rc5-syzkaller #0 [ 64.523817][ T7036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.533859][ T7036] Call Trace: [ 64.537144][ T7036] dump_stack+0x188/0x20d [ 64.541465][ T7036] print_address_description.constprop.0.cold+0xd3/0x413 [ 64.548465][ T7036] ? vprintk_func+0x81/0x17e [ 64.553041][ T7036] ? get_block+0x1202/0x1380 [ 64.557615][ T7036] __kasan_report.cold+0x20/0x38 [ 64.562533][ T7036] ? get_block+0x1202/0x1380 [ 64.567096][ T7036] ? get_block+0x1202/0x1380 [ 64.571659][ T7036] kasan_report+0x33/0x50 [ 64.575982][ T7036] get_block+0x1202/0x1380 [ 64.580389][ T7036] ? block_to_path.isra.0+0x300/0x300 [ 64.585741][ T7036] ? lock_downgrade+0x840/0x840 [ 64.590589][ T7036] minix_get_block+0xe5/0x110 [ 64.595254][ T7036] __block_write_begin_int+0x490/0x1b00 [ 64.600785][ T7036] ? minix_rename+0x8c0/0x8c0 [ 64.605454][ T7036] ? remove_inode_buffers+0x1c0/0x1c0 [ 64.610812][ T7036] ? pagecache_get_page+0x204/0xa10 [ 64.615984][ T7036] ? wait_for_stable_page+0x11c/0x1e0 [ 64.621375][ T7036] ? minix_rename+0x8c0/0x8c0 [ 64.626034][ T7036] block_write_begin+0x58/0x2e0 [ 64.630867][ T7036] minix_write_begin+0x35/0xe0 [ 64.635621][ T7036] generic_perform_write+0x20a/0x4e0 [ 64.640906][ T7036] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4a0/0x4a0 [ 64.648958][ T7036] ? update_time+0xc0/0xc0 [ 64.653351][ T7036] ? down_write+0xdb/0x150 [ 64.657771][ T7036] __generic_file_write_iter+0x24c/0x610 [ 64.663382][ T7036] generic_file_write_iter+0x3f3/0x630 [ 64.668829][ T7036] ? __generic_file_write_iter+0x610/0x610 [ 64.674614][ T7036] new_sync_write+0x4a2/0x700 [ 64.679375][ T7036] ? new_sync_read+0x7a0/0x7a0 [ 64.684476][ T7036] __vfs_write+0xc9/0x100 [ 64.695121][ T7036] __kernel_write+0x11c/0x3a0 [ 64.699781][ T7036] do_acct_process+0xcdc/0x10e0 [ 64.704627][ T7036] ? acct_on+0x770/0x770 [ 64.708847][ T7036] ? pin_kill+0x12e/0x7c0 [ 64.713155][ T7036] ? do_raw_spin_lock+0x129/0x2e0 [ 64.718153][ T7036] ? rwlock_bug.part.0+0x90/0x90 [ 64.723068][ T7036] acct_pin_kill+0x29/0xf0 [ 64.727808][ T7036] pin_kill+0x175/0x7c0 [ 64.731940][ T7036] ? pin_insert+0x260/0x260 [ 64.736425][ T7036] ? lock_release+0x800/0x800 [ 64.741078][ T7036] ? finish_wait+0x260/0x260 [ 64.745754][ T7036] ? mnt_pin_kill+0x6c/0x1c0 [ 64.750318][ T7036] mnt_pin_kill+0x6c/0x1c0 [ 64.754711][ T7036] cleanup_mnt+0x3c4/0x4b0 [ 64.759466][ T7036] task_work_run+0xf4/0x1b0 [ 64.763946][ T7036] do_exit+0xb34/0x2dd0 [ 64.768092][ T7036] ? mm_update_next_owner+0x7a0/0x7a0 [ 64.773441][ T7036] ? up_read+0x1ab/0x750 [ 64.777848][ T7036] ? down_read_nested+0x420/0x420 [ 64.782847][ T7036] ? handle_mm_fault+0x29e/0x660 [ 64.787908][ T7036] do_group_exit+0x125/0x340 [ 64.792484][ T7036] __x64_sys_exit_group+0x3a/0x50 [ 64.797496][ T7036] do_syscall_64+0xf6/0x7d0 [ 64.801987][ T7036] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 64.807870][ T7036] RIP: 0033:0x445e88 [ 64.811750][ T7036] Code: Bad RIP value. [ 64.815797][ T7036] RSP: 002b:00007fff3f9336b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 64.824193][ T7036] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000445e88 [ 64.832153][ T7036] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001 [ 64.840099][ T7036] RBP: 00000000004c8a50 R08: 00000000000000e7 R09: ffffffffffffffd4 [ 64.848049][ T7036] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000001 [ 64.856095][ T7036] R13: 00000000006e17e0 R14: 0000000000000000 R15: 0000000000000000 [ 64.864063][ T7036] [ 64.866365][ T7036] The buggy address belongs to the page: [ 64.871973][ T7036] page:ffffea0002112e00 refcount:0 mapcount:0 mapping:00000000411b337a index:0x1 [ 64.881063][ T7036] flags: 0xfffe0000000000() [ 64.885545][ T7036] raw: 00fffe0000000000 ffffea0002110748 ffffea0002112d88 0000000000000000 [ 64.894122][ T7036] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 64.902716][ T7036] page dumped because: kasan: bad access detected [ 64.909234][ T7036] [ 64.911541][ T7036] Memory state around the buggy address: [ 64.917147][ T7036] ffff8880844b8a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.925183][ T7036] ffff8880844b8b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.933227][ T7036] >ffff8880844b8b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.941357][ T7036] ^ [ 64.946459][ T7036] ffff8880844b8c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.954517][ T7036] ffff8880844b8c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.962564][ T7036] ================================================================== [ 64.970597][ T7036] Disabling lock debugging due to kernel taint [ 65.003541][ T7036] Kernel panic - not syncing: panic_on_warn set ... [ 65.010163][ T7036] CPU: 0 PID: 7036 Comm: syz-executor395 Tainted: G B 5.7.0-rc5-syzkaller #0 [ 65.020213][ T7036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.030261][ T7036] Call Trace: [ 65.033551][ T7036] dump_stack+0x188/0x20d [ 65.037870][ T7036] panic+0x2e3/0x75c [ 65.041741][ T7036] ? add_taint.cold+0x16/0x16 [ 65.046395][ T7036] ? preempt_schedule_common+0x5e/0xc0 [ 65.051827][ T7036] ? get_block+0x1202/0x1380 [ 65.056397][ T7036] ? preempt_schedule_thunk+0x16/0x18 [ 65.061760][ T7036] ? trace_hardirqs_on+0x55/0x220 [ 65.066761][ T7036] ? get_block+0x1202/0x1380 [ 65.071322][ T7036] end_report+0x4d/0x53 [ 65.075459][ T7036] __kasan_report.cold+0xd/0x38 [ 65.080468][ T7036] ? get_block+0x1202/0x1380 [ 65.085037][ T7036] ? get_block+0x1202/0x1380 [ 65.089596][ T7036] kasan_report+0x33/0x50 [ 65.093896][ T7036] get_block+0x1202/0x1380 [ 65.098303][ T7036] ? block_to_path.isra.0+0x300/0x300 [ 65.103662][ T7036] ? lock_downgrade+0x840/0x840 [ 65.108488][ T7036] minix_get_block+0xe5/0x110 [ 65.113141][ T7036] __block_write_begin_int+0x490/0x1b00 [ 65.118669][ T7036] ? minix_rename+0x8c0/0x8c0 [ 65.123325][ T7036] ? remove_inode_buffers+0x1c0/0x1c0 [ 65.128671][ T7036] ? pagecache_get_page+0x204/0xa10 [ 65.133869][ T7036] ? wait_for_stable_page+0x11c/0x1e0 [ 65.139221][ T7036] ? minix_rename+0x8c0/0x8c0 [ 65.143867][ T7036] block_write_begin+0x58/0x2e0 [ 65.148690][ T7036] minix_write_begin+0x35/0xe0 [ 65.153543][ T7036] generic_perform_write+0x20a/0x4e0 [ 65.159073][ T7036] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4a0/0x4a0 [ 65.167130][ T7036] ? update_time+0xc0/0xc0 [ 65.171522][ T7036] ? down_write+0xdb/0x150 [ 65.175913][ T7036] __generic_file_write_iter+0x24c/0x610 [ 65.181539][ T7036] generic_file_write_iter+0x3f3/0x630 [ 65.186971][ T7036] ? __generic_file_write_iter+0x610/0x610 [ 65.192764][ T7036] new_sync_write+0x4a2/0x700 [ 65.197448][ T7036] ? new_sync_read+0x7a0/0x7a0 [ 65.202212][ T7036] __vfs_write+0xc9/0x100 [ 65.206527][ T7036] __kernel_write+0x11c/0x3a0 [ 65.211211][ T7036] do_acct_process+0xcdc/0x10e0 [ 65.216042][ T7036] ? acct_on+0x770/0x770 [ 65.220265][ T7036] ? pin_kill+0x12e/0x7c0 [ 65.224567][ T7036] ? do_raw_spin_lock+0x129/0x2e0 [ 65.229565][ T7036] ? rwlock_bug.part.0+0x90/0x90 [ 65.235172][ T7036] acct_pin_kill+0x29/0xf0 [ 65.239564][ T7036] pin_kill+0x175/0x7c0 [ 65.243703][ T7036] ? pin_insert+0x260/0x260 [ 65.248197][ T7036] ? lock_release+0x800/0x800 [ 65.252845][ T7036] ? finish_wait+0x260/0x260 [ 65.257423][ T7036] ? mnt_pin_kill+0x6c/0x1c0 [ 65.262001][ T7036] mnt_pin_kill+0x6c/0x1c0 [ 65.266406][ T7036] cleanup_mnt+0x3c4/0x4b0 [ 65.270811][ T7036] task_work_run+0xf4/0x1b0 [ 65.275299][ T7036] do_exit+0xb34/0x2dd0 [ 65.279448][ T7036] ? mm_update_next_owner+0x7a0/0x7a0 [ 65.284801][ T7036] ? up_read+0x1ab/0x750 [ 65.289015][ T7036] ? down_read_nested+0x420/0x420 [ 65.294013][ T7036] ? handle_mm_fault+0x29e/0x660 [ 65.299109][ T7036] do_group_exit+0x125/0x340 [ 65.303702][ T7036] __x64_sys_exit_group+0x3a/0x50 [ 65.308731][ T7036] do_syscall_64+0xf6/0x7d0 [ 65.313210][ T7036] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 65.319075][ T7036] RIP: 0033:0x445e88 [ 65.322962][ T7036] Code: Bad RIP value. [ 65.327018][ T7036] RSP: 002b:00007fff3f9336b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 65.335505][ T7036] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000445e88 [ 65.343460][ T7036] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001 [ 65.351405][ T7036] RBP: 00000000004c8a50 R08: 00000000000000e7 R09: ffffffffffffffd4 [ 65.359366][ T7036] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000001 [ 65.367319][ T7036] R13: 00000000006e17e0 R14: 0000000000000000 R15: 0000000000000000 [ 65.376787][ T7036] Kernel Offset: disabled [ 65.381115][ T7036] Rebooting in 86400 seconds..