Starting System Logging Service... Starting getty on tty2-tty6 if dbus and logind are not available... Starting Permit User Sessions... [ OK ] Started Regular background program processing daemon. [ OK ] Started System Logging Servi[ 45.871144][ T6701] sshd (6701) used greatest stack depth: 23088 bytes left ce. [ OK ] Started Permit User Sessions. [ OK ] Found device /dev/ttyS0. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.124' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 64.257339][ T27] audit: type=1400 audit(1589613127.054:8): avc: denied { execmem } for pid=7028 comm="syz-executor843" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 64.287777][ T7029] IPVS: ftp: loaded support on port[0] = 21 [ 64.328609][ T27] audit: type=1800 audit(1589613127.124:9): pid=7050 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor843" name="file0" dev="sda1" ino=15704 res=0 [ 64.361090][ T7050] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 64.405273][ T7050] Process accounting resumed [ 64.417665][ T7050] Process accounting resumed [ 64.494769][ T7050] ================================================================== [ 64.503581][ T7050] BUG: KASAN: use-after-free in get_block+0x1202/0x1380 [ 64.510669][ T7050] Write of size 2 at addr ffff8880894397b8 by task syz-executor843/7050 [ 64.519233][ T7050] [ 64.521573][ T7050] CPU: 0 PID: 7050 Comm: syz-executor843 Not tainted 5.7.0-rc5-syzkaller #0 [ 64.530230][ T7050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.540264][ T7050] Call Trace: [ 64.543557][ T7050] dump_stack+0x188/0x20d [ 64.547988][ T7050] print_address_description.constprop.0.cold+0xd3/0x413 [ 64.555133][ T7050] ? vprintk_func+0x81/0x17e [ 64.559724][ T7050] ? get_block+0x1202/0x1380 [ 64.564297][ T7050] __kasan_report.cold+0x20/0x38 [ 64.569216][ T7050] ? get_block+0x1202/0x1380 [ 64.573810][ T7050] ? get_block+0x1202/0x1380 [ 64.578377][ T7050] kasan_report+0x33/0x50 [ 64.582704][ T7050] get_block+0x1202/0x1380 [ 64.587989][ T7050] ? block_to_path.isra.0+0x300/0x300 [ 64.593456][ T7050] ? lock_downgrade+0x840/0x840 [ 64.598401][ T7050] minix_get_block+0xe5/0x110 [ 64.603077][ T7050] __block_write_begin_int+0x490/0x1b00 [ 64.608621][ T7050] ? minix_rename+0x8c0/0x8c0 [ 64.613413][ T7050] ? remove_inode_buffers+0x1c0/0x1c0 [ 64.619040][ T7050] ? pagecache_get_page+0x204/0xa10 [ 64.624225][ T7050] ? wait_for_stable_page+0x11c/0x1e0 [ 64.629606][ T7050] ? minix_rename+0x8c0/0x8c0 [ 64.634268][ T7050] block_write_begin+0x58/0x2e0 [ 64.639103][ T7050] minix_write_begin+0x35/0xe0 [ 64.643860][ T7050] generic_perform_write+0x20a/0x4e0 [ 64.649232][ T7050] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4a0/0x4a0 [ 64.657288][ T7050] ? update_time+0xc0/0xc0 [ 64.661692][ T7050] ? down_write+0xdb/0x150 [ 64.666106][ T7050] __generic_file_write_iter+0x24c/0x610 [ 64.671719][ T7050] generic_file_write_iter+0x3f3/0x630 [ 64.677263][ T7050] ? __generic_file_write_iter+0x610/0x610 [ 64.683053][ T7050] new_sync_write+0x4a2/0x700 [ 64.687733][ T7050] ? new_sync_read+0x7a0/0x7a0 [ 64.692495][ T7050] __vfs_write+0xc9/0x100 [ 64.696933][ T7050] __kernel_write+0x11c/0x3a0 [ 64.701594][ T7050] do_acct_process+0xcdc/0x10e0 [ 64.706450][ T7050] ? acct_on+0x770/0x770 [ 64.710869][ T7050] ? pin_kill+0x12e/0x7c0 [ 64.715180][ T7050] ? do_raw_spin_lock+0x129/0x2e0 [ 64.720195][ T7050] ? rwlock_bug.part.0+0x90/0x90 [ 64.725111][ T7050] acct_pin_kill+0x29/0xf0 [ 64.729511][ T7050] pin_kill+0x175/0x7c0 [ 64.733645][ T7050] ? pin_insert+0x260/0x260 [ 64.738213][ T7050] ? lock_release+0x800/0x800 [ 64.742880][ T7050] ? finish_wait+0x260/0x260 [ 64.747468][ T7050] ? mnt_pin_kill+0x6c/0x1c0 [ 64.752161][ T7050] mnt_pin_kill+0x6c/0x1c0 [ 64.756771][ T7050] cleanup_mnt+0x3c4/0x4b0 [ 64.761471][ T7050] task_work_run+0xf4/0x1b0 [ 64.765955][ T7050] do_exit+0xb34/0x2dd0 [ 64.770130][ T7050] ? find_held_lock+0x2d/0x110 [ 64.774884][ T7050] ? mm_update_next_owner+0x7a0/0x7a0 [ 64.780236][ T7050] ? lock_downgrade+0x840/0x840 [ 64.785086][ T7050] do_group_exit+0x125/0x340 [ 64.789654][ T7050] get_signal+0x47b/0x24e0 [ 64.794050][ T7050] ? futex_exit_release+0x60/0x60 [ 64.799071][ T7050] do_signal+0x81/0x2240 [ 64.803310][ T7050] ? get_sigframe.isra.0+0x730/0x730 [ 64.808577][ T7050] ? __x64_sys_futex+0x380/0x4f0 [ 64.813513][ T7050] ? do_futex+0x1ad0/0x1ad0 [ 64.817992][ T7050] ? switch_fpu_return+0x1db/0x4b0 [ 64.823268][ T7050] ? fpregs_mark_activate+0x320/0x320 [ 64.828620][ T7050] exit_to_usermode_loop+0x26c/0x360 [ 64.833985][ T7050] do_syscall_64+0x6b1/0x7d0 [ 64.838567][ T7050] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 64.844444][ T7050] RIP: 0033:0x44a639 [ 64.848328][ T7050] Code: Bad RIP value. [ 64.852393][ T7050] RSP: 002b:00007f46cd2eccf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 64.860795][ T7050] RAX: fffffffffffffe00 RBX: 00000000006dcc28 RCX: 000000000044a639 [ 64.868753][ T7050] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dcc28 [ 64.876703][ T7050] RBP: 00000000006dcc20 R08: 0000000000000000 R09: 0000000000000000 [ 64.884651][ T7050] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc2c [ 64.892607][ T7050] R13: 00007ffd8ef602ef R14: 00007f46cd2ed9c0 R15: 00000000006dcc2c [ 64.900650][ T7050] [ 64.902968][ T7050] The buggy address belongs to the page: [ 64.908603][ T7050] page:ffffea0002250e40 refcount:0 mapcount:0 mapping:0000000029fef0ff index:0x1 [ 64.917709][ T7050] flags: 0xfffe0000000000() [ 64.922292][ T7050] raw: 00fffe0000000000 ffffea00021144c8 ffffea000224a4c8 0000000000000000 [ 64.930863][ T7050] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 64.939417][ T7050] page dumped because: kasan: bad access detected [ 64.945815][ T7050] [ 64.948183][ T7050] Memory state around the buggy address: [ 64.953811][ T7050] ffff888089439680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.961880][ T7050] ffff888089439700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.969919][ T7050] >ffff888089439780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.977974][ T7050] ^ [ 64.983857][ T7050] ffff888089439800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.991911][ T7050] ffff888089439880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 64.999956][ T7050] ================================================================== [ 65.008004][ T7050] Disabling lock debugging due to kernel taint [ 65.020656][ T7050] Kernel panic - not syncing: panic_on_warn set ... [ 65.027264][ T7050] CPU: 0 PID: 7050 Comm: syz-executor843 Tainted: G B 5.7.0-rc5-syzkaller #0 [ 65.039233][ T7050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.049278][ T7050] Call Trace: [ 65.052549][ T7050] dump_stack+0x188/0x20d [ 65.056868][ T7050] panic+0x2e3/0x75c [ 65.060747][ T7050] ? add_taint.cold+0x16/0x16 [ 65.065405][ T7050] ? preempt_schedule_common+0x5e/0xc0 [ 65.070837][ T7050] ? get_block+0x1202/0x1380 [ 65.075490][ T7050] ? preempt_schedule_thunk+0x16/0x18 [ 65.080857][ T7050] ? trace_hardirqs_on+0x55/0x220 [ 65.085853][ T7050] ? get_block+0x1202/0x1380 [ 65.090414][ T7050] end_report+0x4d/0x53 [ 65.094613][ T7050] __kasan_report.cold+0xd/0x38 [ 65.099453][ T7050] ? get_block+0x1202/0x1380 [ 65.104046][ T7050] ? get_block+0x1202/0x1380 [ 65.108628][ T7050] kasan_report+0x33/0x50 [ 65.112932][ T7050] get_block+0x1202/0x1380 [ 65.117329][ T7050] ? block_to_path.isra.0+0x300/0x300 [ 65.122705][ T7050] ? lock_downgrade+0x840/0x840 [ 65.127543][ T7050] minix_get_block+0xe5/0x110 [ 65.132204][ T7050] __block_write_begin_int+0x490/0x1b00 [ 65.137792][ T7050] ? minix_rename+0x8c0/0x8c0 [ 65.142461][ T7050] ? remove_inode_buffers+0x1c0/0x1c0 [ 65.147817][ T7050] ? pagecache_get_page+0x204/0xa10 [ 65.153093][ T7050] ? wait_for_stable_page+0x11c/0x1e0 [ 65.158450][ T7050] ? minix_rename+0x8c0/0x8c0 [ 65.163287][ T7050] block_write_begin+0x58/0x2e0 [ 65.168187][ T7050] minix_write_begin+0x35/0xe0 [ 65.172944][ T7050] generic_perform_write+0x20a/0x4e0 [ 65.178398][ T7050] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4a0/0x4a0 [ 65.186444][ T7050] ? update_time+0xc0/0xc0 [ 65.190858][ T7050] ? down_write+0xdb/0x150 [ 65.195246][ T7050] __generic_file_write_iter+0x24c/0x610 [ 65.200854][ T7050] generic_file_write_iter+0x3f3/0x630 [ 65.206574][ T7050] ? __generic_file_write_iter+0x610/0x610 [ 65.212378][ T7050] new_sync_write+0x4a2/0x700 [ 65.217049][ T7050] ? new_sync_read+0x7a0/0x7a0 [ 65.221827][ T7050] __vfs_write+0xc9/0x100 [ 65.226130][ T7050] __kernel_write+0x11c/0x3a0 [ 65.230782][ T7050] do_acct_process+0xcdc/0x10e0 [ 65.236397][ T7050] ? acct_on+0x770/0x770 [ 65.240700][ T7050] ? pin_kill+0x12e/0x7c0 [ 65.245015][ T7050] ? do_raw_spin_lock+0x129/0x2e0 [ 65.250532][ T7050] ? rwlock_bug.part.0+0x90/0x90 [ 65.255443][ T7050] acct_pin_kill+0x29/0xf0 [ 65.259846][ T7050] pin_kill+0x175/0x7c0 [ 65.263988][ T7050] ? pin_insert+0x260/0x260 [ 65.268483][ T7050] ? lock_release+0x800/0x800 [ 65.273134][ T7050] ? finish_wait+0x260/0x260 [ 65.279264][ T7050] ? mnt_pin_kill+0x6c/0x1c0 [ 65.283842][ T7050] mnt_pin_kill+0x6c/0x1c0 [ 65.288243][ T7050] cleanup_mnt+0x3c4/0x4b0 [ 65.292632][ T7050] task_work_run+0xf4/0x1b0 [ 65.297109][ T7050] do_exit+0xb34/0x2dd0 [ 65.301236][ T7050] ? find_held_lock+0x2d/0x110 [ 65.305982][ T7050] ? mm_update_next_owner+0x7a0/0x7a0 [ 65.311678][ T7050] ? lock_downgrade+0x840/0x840 [ 65.316528][ T7050] do_group_exit+0x125/0x340 [ 65.321111][ T7050] get_signal+0x47b/0x24e0 [ 65.325516][ T7050] ? futex_exit_release+0x60/0x60 [ 65.330662][ T7050] do_signal+0x81/0x2240 [ 65.334888][ T7050] ? get_sigframe.isra.0+0x730/0x730 [ 65.341723][ T7050] ? __x64_sys_futex+0x380/0x4f0 [ 65.346895][ T7050] ? do_futex+0x1ad0/0x1ad0 [ 65.351379][ T7050] ? switch_fpu_return+0x1db/0x4b0 [ 65.356476][ T7050] ? fpregs_mark_activate+0x320/0x320 [ 65.361843][ T7050] exit_to_usermode_loop+0x26c/0x360 [ 65.367116][ T7050] do_syscall_64+0x6b1/0x7d0 [ 65.371696][ T7050] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 65.378083][ T7050] RIP: 0033:0x44a639 [ 65.381961][ T7050] Code: Bad RIP value. [ 65.385999][ T7050] RSP: 002b:00007f46cd2eccf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 65.394393][ T7050] RAX: fffffffffffffe00 RBX: 00000000006dcc28 RCX: 000000000044a639 [ 65.403228][ T7050] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000006dcc28 [ 65.411219][ T7050] RBP: 00000000006dcc20 R08: 0000000000000000 R09: 0000000000000000 [ 65.419193][ T7050] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dcc2c [ 65.427151][ T7050] R13: 00007ffd8ef602ef R14: 00007f46cd2ed9c0 R15: 00000000006dcc2c [ 65.436586][ T7050] Kernel Offset: disabled [ 65.440921][ T7050] Rebooting in 86400 seconds..