Starting getty on tty2-tty6 if dbus and logind are not available... Starting OpenBSD Secure Shell server... Starting Permit User Sessions... Starting System Logging Service... [ OK ] Started Regular background program processing daemon. [ OK ] Started Permit User Sessions. [ OK ] Started System Logging Service. [ OK ] Found device /dev/ttyS0. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts. syzkaller login: [ 62.489973][ T28] audit: type=1400 audit(1594577900.202:8): avc: denied { execmem } for pid=6821 comm="syz-executor001" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 62.523691][ T6828] IPVS: ftp: loaded support on port[0] = 21 [ 62.531704][ T6831] IPVS: ftp: loaded support on port[0] = 21 [ 62.538929][ T6830] IPVS: ftp: loaded support on port[0] = 21 [ 62.547386][ T6829] IPVS: ftp: loaded support on port[0] = 21 [ 62.549591][ T6833] IPVS: ftp: loaded support on port[0] = 21 [ 62.562538][ T6832] IPVS: ftp: loaded support on port[0] = 21 executing program [ 62.719858][ T28] audit: type=1800 audit(1594577900.432:9): pid=6915 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor001" name="file0" dev="sda1" ino=15710 res=0 executing program executing program executing program [ 62.768214][ T6915] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 62.797852][ T6915] Process accounting resumed executing program executing program [ 62.835148][ T28] audit: type=1800 audit(1594577900.552:10): pid=6958 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor001" name="file0" dev="sda1" ino=15712 res=0 [ 62.866708][ T6958] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 62.912072][ T6969] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 62.933268][ T28] audit: type=1800 audit(1594577900.602:11): pid=6962 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor001" name="file0" dev="sda1" ino=15717 res=0 [ 62.941385][ T6958] Process accounting resumed [ 62.961808][ T6973] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 62.966176][ T6969] Process accounting resumed [ 62.972414][ T6966] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 62.984427][ T6970] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 62.992245][ T6966] Process accounting resumed [ 62.997186][ T6973] Process accounting resumed [ 62.998088][ T6966] minix_free_block (loop3:147): bit already cleared [ 63.009725][ T28] audit: type=1800 audit(1594577900.612:12): pid=6963 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor001" name="file0" dev="sda1" ino=15718 res=0 [ 63.030860][ T6969] ================================================================== [ 63.031404][ T28] audit: type=1800 audit(1594577900.612:13): pid=6966 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor001" name="file0" dev="sda1" ino=15719 res=0 [ 63.039063][ T6969] BUG: KASAN: use-after-free in get_block+0x1103/0x13a0 [ 63.039082][ T6969] Read of size 2 at addr ffff88808573918a by task syz-executor001/6969 [ 63.039086][ T6969] [ 63.039101][ T6969] CPU: 1 PID: 6969 Comm: syz-executor001 Not tainted 5.8.0-rc4-syzkaller #0 [ 63.039109][ T6969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.039115][ T6969] Call Trace: [ 63.039133][ T6969] dump_stack+0x18f/0x20d [ 63.039152][ T6969] ? get_block+0x1103/0x13a0 [ 63.074815][ T28] audit: type=1800 audit(1594577900.612:14): pid=6973 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor001" name="file0" dev="sda1" ino=15720 res=0 [ 63.075793][ T6969] ? get_block+0x1103/0x13a0 [ 63.087130][ T6970] Process accounting resumed [ 63.147778][ T6969] print_address_description.constprop.0.cold+0xae/0x436 [ 63.154881][ T6969] ? lock_release+0x8d0/0x8d0 [ 63.159540][ T6969] ? __wait_on_bit+0x190/0x190 [ 63.164282][ T6969] ? lockdep_hardirqs_off+0x66/0xa0 [ 63.169481][ T6969] ? vprintk_func+0x97/0x1a6 [ 63.174050][ T6969] ? get_block+0x1103/0x13a0 [ 63.178617][ T6969] kasan_report.cold+0x1f/0x37 [ 63.183359][ T6969] ? get_block+0x1103/0x13a0 [ 63.187948][ T6969] get_block+0x1103/0x13a0 [ 63.192362][ T6969] ? free_branches+0x270/0x270 [ 63.197118][ T6969] ? create_empty_buffers+0x58f/0x820 [ 63.202487][ T6969] ? do_raw_spin_unlock+0x171/0x230 [ 63.208293][ T6969] minix_get_block+0xe5/0x110 [ 63.212949][ T6969] ? minix_rename+0x8c0/0x8c0 [ 63.217617][ T6969] __block_write_begin_int+0x464/0x1a80 [ 63.223142][ T6969] ? minix_rename+0x8c0/0x8c0 [ 63.227800][ T6969] ? __page_cache_alloc+0x10b/0x450 [ 63.232977][ T6969] ? remove_inode_buffers+0x1b0/0x1b0 [ 63.238333][ T6969] ? lock_downgrade+0x820/0x820 [ 63.243178][ T6969] ? wait_for_stable_page+0x11c/0x1e0 [ 63.248539][ T6969] ? minix_rename+0x8c0/0x8c0 [ 63.253211][ T6969] block_write_begin+0x58/0x2e0 [ 63.258057][ T6969] minix_write_begin+0x35/0x220 [ 63.262905][ T6969] generic_perform_write+0x20a/0x4f0 [ 63.268180][ T6969] ? __mnt_drop_write_file+0x6f/0xa0 [ 63.273470][ T6969] ? generic_file_readonly_mmap+0x1b0/0x1b0 [ 63.279348][ T6969] ? current_time+0x2c0/0x2c0 [ 63.284007][ T6969] ? down_write+0xdb/0x150 [ 63.288405][ T6969] __generic_file_write_iter+0x24b/0x610 [ 63.294018][ T6969] ? __lock_acquire+0xc1e/0x56e0 [ 63.298935][ T6969] generic_file_write_iter+0x3a6/0x5c0 [ 63.304390][ T6969] ? __generic_file_write_iter+0x610/0x610 [ 63.310192][ T6969] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 63.316156][ T6969] new_sync_write+0x422/0x650 [ 63.320809][ T6969] ? new_sync_read+0x6e0/0x6e0 [ 63.325552][ T6969] ? do_acct_process+0xea7/0x10c0 [ 63.330568][ T6969] ? lock_release+0x8d0/0x8d0 [ 63.335218][ T6969] ? find_held_lock+0x2d/0x110 [ 63.339963][ T6969] ? lock_downgrade+0x820/0x820 [ 63.344808][ T6969] __kernel_write+0x3f8/0x500 [ 63.349477][ T6969] do_acct_process+0xcc2/0x10c0 [ 63.354310][ T6969] ? acct_on+0x770/0x770 [ 63.358547][ T6969] ? __mmput+0x3b4/0x470 [ 63.362769][ T6969] acct_process+0x3b7/0x4e6 [ 63.367267][ T6969] do_exit+0x197e/0x2a40 [ 63.371513][ T6969] ? lock_acquire+0x1f1/0xad0 [ 63.376250][ T6969] ? find_held_lock+0x2d/0x110 [ 63.381014][ T6969] ? mm_update_next_owner+0x7a0/0x7a0 [ 63.386415][ T6969] ? get_signal+0x332/0x1ee0 [ 63.391003][ T6969] ? lock_downgrade+0x820/0x820 [ 63.395862][ T6969] ? lock_is_held_type+0xb0/0xe0 [ 63.400794][ T6969] do_group_exit+0x125/0x310 [ 63.405376][ T6969] get_signal+0x40b/0x1ee0 [ 63.410476][ T6969] ? futex_exit_release+0x220/0x220 [ 63.415685][ T6969] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.421658][ T6969] ? lockdep_hardirqs_on+0x6a/0xe0 [ 63.426765][ T6969] do_signal+0x82/0x2520 [ 63.431027][ T6969] ? lock_acquire+0x1f1/0xad0 [ 63.435783][ T6969] ? __close_fd+0x22/0x200 [ 63.440200][ T6969] ? find_held_lock+0x2d/0x110 [ 63.444958][ T6969] ? __close_fd+0x128/0x200 [ 63.449482][ T6969] ? copy_siginfo_to_user32+0xa0/0xa0 [ 63.454861][ T6969] ? __x64_sys_futex+0x378/0x4e0 [ 63.459789][ T6969] ? __x64_sys_futex+0x382/0x4e0 [ 63.464726][ T6969] ? do_futex+0x1a60/0x1a60 [ 63.469336][ T6969] ? __prepare_exit_to_usermode+0xcc/0x1f0 [ 63.475138][ T6969] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.481127][ T6969] __prepare_exit_to_usermode+0x156/0x1f0 [ 63.486854][ T6969] do_syscall_64+0x6c/0xe0 [ 63.491275][ T6969] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.497155][ T6969] RIP: 0033:0x44b489 [ 63.501042][ T6969] Code: Bad RIP value. [ 63.505096][ T6969] RSP: 002b:00007f77f60eacf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 63.513595][ T6969] RAX: 0000000000000001 RBX: 00000000006ddc38 RCX: 000000000044b489 [ 63.522258][ T6969] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00000000006ddc3c [ 63.530228][ T6969] RBP: 00000000006ddc30 R08: 00000000006ddc30 R09: 0000000000000000 [ 63.538470][ T6969] R10: 00007f77f60eabc0 R11: 0000000000000246 R12: 00000000006ddc3c [ 63.546430][ T6969] R13: 00007fffaf029adf R14: 00007f77f60eb9c0 R15: 0000000000000001 [ 63.554420][ T6969] [ 63.556735][ T6969] The buggy address belongs to the page: [ 63.562360][ T6969] page:ffffea000215ce40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 [ 63.571449][ T6969] flags: 0xfffe0000000000() [ 63.575945][ T6969] raw: 00fffe0000000000 ffffea000215f848 ffff8880ae739608 0000000000000000 [ 63.584521][ T6969] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 63.593180][ T6969] page dumped because: kasan: bad access detected [ 63.599576][ T6969] [ 63.601889][ T6969] Memory state around the buggy address: [ 63.607509][ T6969] ffff888085739080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 63.615574][ T6969] ffff888085739100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 63.623622][ T6969] >ffff888085739180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 63.631668][ T6969] ^ [ 63.636257][ T6969] ffff888085739200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 63.644310][ T6969] ffff888085739280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 63.652357][ T6969] ================================================================== [ 63.660408][ T6969] Disabling lock debugging due to kernel taint [ 63.666890][ T6969] Kernel panic - not syncing: panic_on_warn set ... [ 63.673479][ T6969] CPU: 1 PID: 6969 Comm: syz-executor001 Tainted: G B 5.8.0-rc4-syzkaller #0 [ 63.683519][ T6969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.693558][ T6969] Call Trace: [ 63.696842][ T6969] dump_stack+0x18f/0x20d [ 63.701160][ T6969] ? get_block+0x1030/0x13a0 [ 63.705738][ T6969] panic+0x2e3/0x75c [ 63.709621][ T6969] ? __warn_printk+0xf3/0xf3 [ 63.714199][ T6969] ? get_block+0x1103/0x13a0 [ 63.718778][ T6969] ? trace_hardirqs_on+0x55/0x220 [ 63.723811][ T6969] ? get_block+0x1103/0x13a0 [ 63.728404][ T6969] ? get_block+0x1103/0x13a0 [ 63.732979][ T6969] end_report+0x4d/0x53 [ 63.737133][ T6969] kasan_report.cold+0xd/0x37 [ 63.741797][ T6969] ? get_block+0x1103/0x13a0 [ 63.746394][ T6969] get_block+0x1103/0x13a0 [ 63.750800][ T6969] ? free_branches+0x270/0x270 [ 63.755825][ T6969] ? create_empty_buffers+0x58f/0x820 [ 63.761198][ T6969] ? do_raw_spin_unlock+0x171/0x230 [ 63.766384][ T6969] minix_get_block+0xe5/0x110 [ 63.771046][ T6969] ? minix_rename+0x8c0/0x8c0 [ 63.775727][ T6969] __block_write_begin_int+0x464/0x1a80 [ 63.781264][ T6969] ? minix_rename+0x8c0/0x8c0 [ 63.785937][ T6969] ? __page_cache_alloc+0x10b/0x450 [ 63.791120][ T6969] ? remove_inode_buffers+0x1b0/0x1b0 [ 63.796496][ T6969] ? lock_downgrade+0x820/0x820 [ 63.801332][ T6969] ? wait_for_stable_page+0x11c/0x1e0 [ 63.806694][ T6969] ? minix_rename+0x8c0/0x8c0 [ 63.811362][ T6969] block_write_begin+0x58/0x2e0 [ 63.816213][ T6969] minix_write_begin+0x35/0x220 [ 63.821049][ T6969] generic_perform_write+0x20a/0x4f0 [ 63.826328][ T6969] ? __mnt_drop_write_file+0x6f/0xa0 [ 63.831595][ T6969] ? generic_file_readonly_mmap+0x1b0/0x1b0 [ 63.837492][ T6969] ? current_time+0x2c0/0x2c0 [ 63.842154][ T6969] ? down_write+0xdb/0x150 [ 63.846556][ T6969] __generic_file_write_iter+0x24b/0x610 [ 63.852172][ T6969] ? __lock_acquire+0xc1e/0x56e0 [ 63.857094][ T6969] generic_file_write_iter+0x3a6/0x5c0 [ 63.862539][ T6969] ? __generic_file_write_iter+0x610/0x610 [ 63.868330][ T6969] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 63.874314][ T6969] new_sync_write+0x422/0x650 [ 63.878976][ T6969] ? new_sync_read+0x6e0/0x6e0 [ 63.883727][ T6969] ? do_acct_process+0xea7/0x10c0 [ 63.888738][ T6969] ? lock_release+0x8d0/0x8d0 [ 63.893399][ T6969] ? find_held_lock+0x2d/0x110 [ 63.898151][ T6969] ? lock_downgrade+0x820/0x820 [ 63.902991][ T6969] __kernel_write+0x3f8/0x500 [ 63.907657][ T6969] do_acct_process+0xcc2/0x10c0 [ 63.912496][ T6969] ? acct_on+0x770/0x770 [ 63.917273][ T6969] ? __mmput+0x3b4/0x470 [ 63.921506][ T6969] acct_process+0x3b7/0x4e6 [ 63.926003][ T6969] do_exit+0x197e/0x2a40 [ 63.930234][ T6969] ? lock_acquire+0x1f1/0xad0 [ 63.934906][ T6969] ? find_held_lock+0x2d/0x110 [ 63.939651][ T6969] ? mm_update_next_owner+0x7a0/0x7a0 [ 63.945019][ T6969] ? get_signal+0x332/0x1ee0 [ 63.949612][ T6969] ? lock_downgrade+0x820/0x820 [ 63.954460][ T6969] ? lock_is_held_type+0xb0/0xe0 [ 63.959381][ T6969] do_group_exit+0x125/0x310 [ 63.963969][ T6969] get_signal+0x40b/0x1ee0 [ 63.968385][ T6969] ? futex_exit_release+0x220/0x220 [ 63.973580][ T6969] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.979549][ T6969] ? lockdep_hardirqs_on+0x6a/0xe0 [ 63.984648][ T6969] do_signal+0x82/0x2520 [ 63.988881][ T6969] ? lock_acquire+0x1f1/0xad0 [ 63.993539][ T6969] ? __close_fd+0x22/0x200 [ 63.997944][ T6969] ? find_held_lock+0x2d/0x110 [ 64.002696][ T6969] ? __close_fd+0x128/0x200 [ 64.007187][ T6969] ? copy_siginfo_to_user32+0xa0/0xa0 [ 64.012551][ T6969] ? __x64_sys_futex+0x378/0x4e0 [ 64.017473][ T6969] ? __x64_sys_futex+0x382/0x4e0 [ 64.022403][ T6969] ? do_futex+0x1a60/0x1a60 [ 64.026982][ T6969] ? __prepare_exit_to_usermode+0xcc/0x1f0 [ 64.032776][ T6969] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.038744][ T6969] __prepare_exit_to_usermode+0x156/0x1f0 [ 64.044469][ T6969] do_syscall_64+0x6c/0xe0 [ 64.048881][ T6969] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.054760][ T6969] RIP: 0033:0x44b489 [ 64.058639][ T6969] Code: Bad RIP value. [ 64.062702][ T6969] RSP: 002b:00007f77f60eacf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 64.071114][ T6969] RAX: 0000000000000001 RBX: 00000000006ddc38 RCX: 000000000044b489 [ 64.079076][ T6969] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00000000006ddc3c [ 64.087038][ T6969] RBP: 00000000006ddc30 R08: 00000000006ddc30 R09: 0000000000000000 [ 64.095517][ T6969] R10: 00007f77f60eabc0 R11: 0000000000000246 R12: 00000000006ddc3c [ 64.103480][ T6969] R13: 00007fffaf029adf R14: 00007f77f60eb9c0 R15: 0000000000000001 [ 64.112543][ T6969] Kernel Offset: disabled [ 64.116884][ T6969] Rebooting in 86400 seconds..