Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.22' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 58.998142][ T28] audit: type=1800 audit(1590326867.889:2): pid=7177 uid=0 auid=0 ses=5 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor740" name="file0" dev="sda1" ino=15706 res=0 [ 59.010221][ T7177] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 59.041216][ T7177] Process accounting resumed executing program executing program executing program [ 59.056466][ T7180] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 59.060179][ T7178] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 59.077107][ T7178] Process accounting resumed [ 59.085659][ T7178] minix_free_block (loop2:27): bit already cleared [ 59.091490][ T7187] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 59.100519][ T7190] Process accounting resumed executing program [ 59.112864][ T7186] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 59.116096][ T7180] Process accounting resumed [ 59.141998][ T7180] minix_free_block (loop3:11052): bit already cleared [ 59.145478][ T7199] Process accounting resumed [ 59.155311][ T7191] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 59.172258][ T7199] minix_free_block (loop5:27): bit already cleared [ 59.187881][ T7195] Process accounting resumed [ 59.196172][ T7195] ================================================================== [ 59.204411][ T7195] BUG: KASAN: use-after-free in get_block+0x110f/0x1380 [ 59.211352][ T7195] Read of size 2 at addr ffff888085e94644 by task syz-executor740/7195 [ 59.219587][ T7195] [ 59.221926][ T7195] CPU: 1 PID: 7195 Comm: syz-executor740 Not tainted 5.7.0-rc6-syzkaller #0 [ 59.230592][ T7195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.240659][ T7195] Call Trace: [ 59.244141][ T7195] dump_stack+0x188/0x20d [ 59.248462][ T7195] print_address_description.constprop.0.cold+0xd3/0x413 [ 59.255468][ T7195] ? vprintk_func+0x81/0x17e [ 59.260131][ T7195] ? get_block+0x110f/0x1380 [ 59.268230][ T7195] __kasan_report.cold+0x20/0x38 [ 59.273171][ T7195] ? ___might_sleep+0x150/0x2b0 [ 59.278012][ T7195] ? get_block+0x110f/0x1380 [ 59.282581][ T7195] ? get_block+0x110f/0x1380 [ 59.287233][ T7195] kasan_report+0x33/0x50 [ 59.291542][ T7195] get_block+0x110f/0x1380 [ 59.295942][ T7195] ? block_to_path.isra.0+0x300/0x300 [ 59.301299][ T7195] ? create_empty_buffers+0x590/0x8c0 [ 59.306835][ T7195] ? __alloc_pages_nodemask+0x5f4/0x810 [ 59.312372][ T7195] ? do_raw_spin_unlock+0x171/0x260 [ 59.317556][ T7195] minix_get_block+0xe5/0x110 [ 59.322335][ T7195] __block_write_begin_int+0x490/0x1b00 [ 59.327859][ T7195] ? minix_rename+0x8c0/0x8c0 [ 59.332518][ T7195] ? remove_inode_buffers+0x1c0/0x1c0 [ 59.337868][ T7195] ? pagecache_get_page+0x204/0xa10 [ 59.343045][ T7195] ? wait_for_stable_page+0x11c/0x1e0 [ 59.348416][ T7195] ? minix_rename+0x8c0/0x8c0 [ 59.353090][ T7195] block_write_begin+0x58/0x2e0 [ 59.357921][ T7195] minix_write_begin+0x35/0xe0 [ 59.362681][ T7195] generic_perform_write+0x20a/0x4e0 [ 59.368317][ T7195] ? __mnt_drop_write+0x50/0x80 [ 59.373330][ T7195] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4a0/0x4a0 [ 59.381628][ T7195] ? update_time+0xc0/0xc0 [ 59.386033][ T7195] ? down_write+0xdb/0x150 [ 59.390439][ T7195] __generic_file_write_iter+0x24c/0x610 [ 59.396064][ T7195] generic_file_write_iter+0x3f3/0x630 [ 59.401598][ T7195] ? __generic_file_write_iter+0x610/0x610 [ 59.407396][ T7195] new_sync_write+0x4a2/0x700 [ 59.412049][ T7195] ? new_sync_read+0x7a0/0x7a0 [ 59.416806][ T7195] __vfs_write+0xc9/0x100 [ 59.421111][ T7195] __kernel_write+0x11c/0x3a0 [ 59.425765][ T7195] do_acct_process+0xcdc/0x10e0 [ 59.430603][ T7195] ? acct_on+0x770/0x770 [ 59.434823][ T7195] ? __mutex_unlock_slowpath+0x2ce/0x660 [ 59.440462][ T7195] acct_process+0x50e/0x5b7 [ 59.445661][ T7195] ? acct_collect+0x800/0x800 [ 59.450418][ T7195] ? fput_many+0x2f/0x1a0 [ 59.454727][ T7195] do_exit+0x1ac0/0x2dd0 [ 59.459050][ T7195] ? mm_update_next_owner+0x7a0/0x7a0 [ 59.464400][ T7195] ? up_read+0x1ab/0x750 [ 59.468730][ T7195] ? down_read_nested+0x420/0x420 [ 59.473750][ T7195] ? handle_mm_fault+0x29e/0x660 [ 59.478668][ T7195] do_group_exit+0x125/0x340 [ 59.483251][ T7195] __x64_sys_exit_group+0x3a/0x50 [ 59.488281][ T7195] do_syscall_64+0xf6/0x7d0 [ 59.492886][ T7195] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.497444][ T7201] Process accounting resumed [ 59.498878][ T7195] RIP: 0033:0x444768 [ 59.507450][ T7195] Code: 00 00 be 3c 00 00 00 eb 19 66 0f 1f 84 00 00 00 00 00 48 89 d7 89 f0 0f 05 48 3d 00 f0 ff ff 77 21 f4 48 89 d7 44 89 c0 0f 05 <48> 3d 00 f0 ff ff 76 e0 f7 d8 64 41 89 01 eb d8 0f 1f 84 00 00 00 [ 59.527057][ T7195] RSP: 002b:00007fff18f1aab8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 59.535454][ T7195] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444768 [ 59.543427][ T7195] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 59.551422][ T7195] RBP: 00000000004c43d0 R08: 00000000000000e7 R09: ffffffffffffffd4 [ 59.559373][ T7195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 59.567352][ T7195] R13: 00000000006d6180 R14: 0000000000000000 R15: 0000000000000000 [ 59.575315][ T7195] [ 59.577623][ T7195] The buggy address belongs to the page: [ 59.583251][ T7195] page:ffffea000217a500 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 [ 59.592443][ T7195] flags: 0xfffe0000000000() [ 59.596952][ T7195] raw: 00fffe0000000000 ffffea000217a488 ffffea00021abe08 0000000000000000 [ 59.605864][ T7195] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 59.615031][ T7195] page dumped because: kasan: bad access detected [ 59.621423][ T7195] [ 59.623731][ T7195] Memory state around the buggy address: [ 59.629344][ T7195] ffff888085e94500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 59.637384][ T7195] ffff888085e94580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 59.645442][ T7195] >ffff888085e94600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 59.653478][ T7195] ^ [ 59.659609][ T7195] ffff888085e94680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 59.667649][ T7195] ffff888085e94700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 59.675703][ T7195] ================================================================== [ 59.683879][ T7195] Disabling lock debugging due to kernel taint [ 59.690271][ T7195] Kernel panic - not syncing: panic_on_warn set ... [ 59.696853][ T7195] CPU: 1 PID: 7195 Comm: syz-executor740 Tainted: G B 5.7.0-rc6-syzkaller #0 [ 59.706974][ T7195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.717017][ T7195] Call Trace: [ 59.720291][ T7195] dump_stack+0x188/0x20d [ 59.724605][ T7195] panic+0x2e3/0x75c [ 59.728479][ T7195] ? add_taint.cold+0x16/0x16 [ 59.733136][ T7195] ? retint_kernel+0x2b/0x2b [ 59.737706][ T7195] ? get_block+0x110f/0x1380 [ 59.742275][ T7195] ? trace_hardirqs_on+0x55/0x220 [ 59.747274][ T7195] ? get_block+0x110f/0x1380 [ 59.751838][ T7195] end_report+0x4d/0x53 [ 59.755970][ T7195] __kasan_report.cold+0xd/0x38 [ 59.760812][ T7195] ? ___might_sleep+0x150/0x2b0 [ 59.765725][ T7195] ? get_block+0x110f/0x1380 [ 59.770290][ T7195] ? get_block+0x110f/0x1380 [ 59.774870][ T7195] kasan_report+0x33/0x50 [ 59.779175][ T7195] get_block+0x110f/0x1380 [ 59.783571][ T7195] ? block_to_path.isra.0+0x300/0x300 [ 59.788922][ T7195] ? create_empty_buffers+0x590/0x8c0 [ 59.794273][ T7195] ? __alloc_pages_nodemask+0x5f4/0x810 [ 59.799897][ T7195] ? do_raw_spin_unlock+0x171/0x260 [ 59.805071][ T7195] minix_get_block+0xe5/0x110 [ 59.809725][ T7195] __block_write_begin_int+0x490/0x1b00 [ 59.815246][ T7195] ? minix_rename+0x8c0/0x8c0 [ 59.819903][ T7195] ? remove_inode_buffers+0x1c0/0x1c0 [ 59.825254][ T7195] ? pagecache_get_page+0x204/0xa10 [ 59.830427][ T7195] ? wait_for_stable_page+0x11c/0x1e0 [ 59.835785][ T7195] ? minix_rename+0x8c0/0x8c0 [ 59.840891][ T7195] block_write_begin+0x58/0x2e0 [ 59.845809][ T7195] minix_write_begin+0x35/0xe0 [ 59.850552][ T7195] generic_perform_write+0x20a/0x4e0 [ 59.855825][ T7195] ? __mnt_drop_write+0x50/0x80 [ 59.861276][ T7195] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4a0/0x4a0 [ 59.869314][ T7195] ? update_time+0xc0/0xc0 [ 59.873711][ T7195] ? down_write+0xdb/0x150 [ 59.878105][ T7195] __generic_file_write_iter+0x24c/0x610 [ 59.884160][ T7195] generic_file_write_iter+0x3f3/0x630 [ 59.889595][ T7195] ? __generic_file_write_iter+0x610/0x610 [ 59.895405][ T7195] new_sync_write+0x4a2/0x700 [ 59.900057][ T7195] ? new_sync_read+0x7a0/0x7a0 [ 59.904803][ T7195] __vfs_write+0xc9/0x100 [ 59.909107][ T7195] __kernel_write+0x11c/0x3a0 [ 59.913766][ T7195] do_acct_process+0xcdc/0x10e0 [ 59.918596][ T7195] ? acct_on+0x770/0x770 [ 59.922816][ T7195] ? __mutex_unlock_slowpath+0x2ce/0x660 [ 59.928525][ T7195] acct_process+0x50e/0x5b7 [ 59.933010][ T7195] ? acct_collect+0x800/0x800 [ 59.937666][ T7195] ? fput_many+0x2f/0x1a0 [ 59.941976][ T7195] do_exit+0x1ac0/0x2dd0 [ 59.946198][ T7195] ? mm_update_next_owner+0x7a0/0x7a0 [ 59.951545][ T7195] ? up_read+0x1ab/0x750 [ 59.955764][ T7195] ? down_read_nested+0x420/0x420 [ 59.960797][ T7195] ? handle_mm_fault+0x29e/0x660 [ 59.965712][ T7195] do_group_exit+0x125/0x340 [ 59.970307][ T7195] __x64_sys_exit_group+0x3a/0x50 [ 59.975341][ T7195] do_syscall_64+0xf6/0x7d0 [ 59.979832][ T7195] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.985721][ T7195] RIP: 0033:0x444768 [ 59.989596][ T7195] Code: 00 00 be 3c 00 00 00 eb 19 66 0f 1f 84 00 00 00 00 00 48 89 d7 89 f0 0f 05 48 3d 00 f0 ff ff 77 21 f4 48 89 d7 44 89 c0 0f 05 <48> 3d 00 f0 ff ff 76 e0 f7 d8 64 41 89 01 eb d8 0f 1f 84 00 00 00 [ 60.009263][ T7195] RSP: 002b:00007fff18f1aab8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 60.018359][ T7195] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444768 [ 60.026450][ T7195] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 60.034420][ T7195] RBP: 00000000004c43d0 R08: 00000000000000e7 R09: ffffffffffffffd4 [ 60.042386][ T7195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 60.050353][ T7195] R13: 00000000006d6180 R14: 0000000000000000 R15: 0000000000000000 [ 60.059685][ T7195] Kernel Offset: disabled [ 60.064148][ T7195] Rebooting in 86400 seconds..