Warning: Permanently added '10.128.0.35' (ECDSA) to the list of known hosts. syzkaller login: [ 82.712854][ T7240] IPVS: ftp: loaded support on port[0] = 21 [ 82.729668][ T7241] IPVS: ftp: loaded support on port[0] = 21 [ 82.742688][ T7238] IPVS: ftp: loaded support on port[0] = 21 [ 82.750955][ T7236] IPVS: ftp: loaded support on port[0] = 21 [ 82.751012][ T7242] IPVS: ftp: loaded support on port[0] = 21 [ 82.761976][ T7239] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program executing program [ 82.974850][ T27] audit: type=1800 audit(1589462185.355:2): pid=7344 uid=0 auid=0 ses=5 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor935" name="file0" dev="sda1" ino=15732 res=0 [ 83.022885][ T7344] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 83.025225][ T7345] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 83.045165][ T27] audit: type=1800 audit(1589462185.395:3): pid=7343 uid=0 auid=0 ses=5 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor935" name="file0" dev="sda1" ino=15734 res=0 [ 83.064038][ T7351] MINIX-fs: mounting unchecked file system, running fsck is recommended executing program executing program [ 83.075164][ T7343] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 83.094416][ T7343] Process accounting resumed [ 83.101415][ T7344] Process accounting resumed [ 83.117375][ T7351] Process accounting resumed [ 83.117752][ T7345] Process accounting resumed [ 83.132565][ T7344] minix_free_block (loop1:54563): bit already cleared [ 83.143543][ T27] audit: type=1800 audit(1589462185.395:4): pid=7345 uid=0 auid=0 ses=5 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor935" name="file0" dev="sda1" ino=15738 res=0 [ 83.145499][ T7351] minix_free_block (loop3:28777): bit already cleared [ 83.177549][ T7375] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 83.187884][ T27] audit: type=1800 audit(1589462185.405:5): pid=7351 uid=0 auid=0 ses=5 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor935" name="file0" dev="sda1" ino=15739 res=0 [ 83.196176][ T7376] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 83.209841][ T27] audit: type=1800 audit(1589462185.505:6): pid=7375 uid=0 auid=0 ses=5 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor935" name="file0" dev="sda1" ino=15727 res=0 [ 83.236207][ T27] audit: type=1800 audit(1589462185.515:7): pid=7376 uid=0 auid=0 ses=5 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor935" name="file0" dev="sda1" ino=15752 res=0 [ 83.249070][ T7375] Process accounting resumed [ 83.261666][ T7375] ================================================================== [ 83.269960][ T7375] BUG: KASAN: use-after-free in get_block+0x110f/0x1380 [ 83.276926][ T7375] Read of size 2 at addr ffff888086e94bb8 by task syz-executor935/7375 [ 83.285168][ T7375] [ 83.287511][ T7375] CPU: 1 PID: 7375 Comm: syz-executor935 Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 83.293445][ T7376] Process accounting resumed [ 83.297416][ T7375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.297435][ T7375] Call Trace: [ 83.297458][ T7375] dump_stack+0x188/0x20d [ 83.297483][ T7375] print_address_description.constprop.0.cold+0xd3/0x315 [ 83.297500][ T7375] ? get_block+0x110f/0x1380 [ 83.297515][ T7375] __kasan_report.cold+0x35/0x4d [ 83.297534][ T7375] ? get_block+0x110f/0x1380 [ 83.297550][ T7375] ? get_block+0x110f/0x1380 [ 83.297562][ T7375] kasan_report+0x33/0x50 [ 83.297578][ T7375] get_block+0x110f/0x1380 [ 83.297607][ T7375] ? block_to_path.isra.0+0x300/0x300 [ 83.359595][ T7375] ? create_empty_buffers+0x590/0x8c0 [ 83.364956][ T7375] ? __alloc_pages_nodemask+0x5f4/0x810 [ 83.370486][ T7375] ? do_raw_spin_unlock+0x171/0x260 [ 83.375687][ T7375] minix_get_block+0xe5/0x110 [ 83.380353][ T7375] __block_write_begin_int+0x490/0x1b00 [ 83.385884][ T7375] ? minix_rename+0x8c0/0x8c0 [ 83.390570][ T7375] ? remove_inode_buffers+0x1c0/0x1c0 [ 83.395955][ T7375] ? pagecache_get_page+0x204/0xa10 [ 83.401136][ T7375] ? wait_for_stable_page+0x11c/0x1e0 [ 83.406492][ T7375] ? minix_rename+0x8c0/0x8c0 [ 83.411148][ T7375] block_write_begin+0x58/0x2e0 [ 83.415991][ T7375] minix_write_begin+0x35/0xe0 [ 83.420746][ T7375] generic_perform_write+0x20a/0x4e0 [ 83.426022][ T7375] ? __mnt_drop_write+0x50/0x80 [ 83.430881][ T7375] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4a0/0x4a0 [ 83.438933][ T7375] ? update_time+0xc0/0xc0 [ 83.443367][ T7375] ? down_write+0xdb/0x150 [ 83.447773][ T7375] __generic_file_write_iter+0x24c/0x610 [ 83.453398][ T7375] generic_file_write_iter+0x3f3/0x630 [ 83.459560][ T7375] ? __generic_file_write_iter+0x610/0x610 [ 83.465364][ T7375] new_sync_write+0x4a2/0x700 [ 83.470123][ T7375] ? new_sync_read+0x7a0/0x7a0 [ 83.474904][ T7375] __vfs_write+0xc9/0x100 [ 83.479235][ T7375] __kernel_write+0x11c/0x3a0 [ 83.484001][ T7375] do_acct_process+0xcdc/0x10e0 [ 83.488856][ T7375] ? acct_on+0x770/0x770 [ 83.493445][ T7375] acct_process+0x50e/0x5b7 [ 83.500605][ T7375] ? acct_collect+0x800/0x800 [ 83.505276][ T7375] ? kmem_cache_free+0x262/0x320 [ 83.510207][ T7375] do_exit+0x1aef/0x2e10 [ 83.514448][ T7375] ? mm_update_next_owner+0x7a0/0x7a0 [ 83.519816][ T7375] ? up_read+0x1a8/0x750 [ 83.524177][ T7375] ? down_read_nested+0x430/0x430 [ 83.529191][ T7375] ? handle_mm_fault+0x29e/0x660 [ 83.534134][ T7375] do_group_exit+0x125/0x340 [ 83.538802][ T7375] __x64_sys_exit_group+0x3a/0x50 [ 83.544428][ T7375] do_syscall_64+0xf6/0x7d0 [ 83.548947][ T7375] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 83.554826][ T7375] RIP: 0033:0x444e68 [ 83.559234][ T7375] Code: 00 00 be 3c 00 00 00 eb 19 66 0f 1f 84 00 00 00 00 00 48 89 d7 89 f0 0f 05 48 3d 00 f0 ff ff 77 21 f4 48 89 d7 44 89 c0 0f 05 <48> 3d 00 f0 ff ff 76 e0 f7 d8 64 41 89 01 eb d8 0f 1f 84 00 00 00 [ 83.580006][ T7375] RSP: 002b:00007ffc5aa7b6f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 83.588515][ T7375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444e68 [ 83.596481][ T7375] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 83.604456][ T7375] RBP: 00000000004c59f0 R08: 00000000000000e7 R09: ffffffffffffffd4 [ 83.612435][ T7375] R10: 00007ffc5aa7b610 R11: 0000000000000246 R12: 0000000000000001 [ 83.620411][ T7375] R13: 00000000006d8180 R14: 0000000000000000 R15: 0000000000000000 [ 83.628408][ T7375] [ 83.630722][ T7375] The buggy address belongs to the page: [ 83.636346][ T7375] page:ffffea00021ba500 refcount:0 mapcount:0 mapping:000000003690c6a9 index:0x1 [ 83.645469][ T7375] flags: 0xfffe0000000000() [ 83.650239][ T7375] raw: 00fffe0000000000 ffffea00021ba548 ffffea00021780c8 0000000000000000 [ 83.658899][ T7375] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 83.667743][ T7375] page dumped because: kasan: bad access detected [ 83.674262][ T7375] [ 83.676626][ T7375] Memory state around the buggy address: [ 83.682269][ T7375] ffff888086e94a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 83.690596][ T7375] ffff888086e94b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 83.698668][ T7375] >ffff888086e94b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 83.706840][ T7375] ^ [ 83.712732][ T7375] ffff888086e94c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 83.720797][ T7375] ffff888086e94c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 83.728885][ T7375] ================================================================== [ 83.738613][ T7375] Disabling lock debugging due to kernel taint [ 83.745011][ T7375] Kernel panic - not syncing: panic_on_warn set ... [ 83.751762][ T7375] CPU: 1 PID: 7375 Comm: syz-executor935 Tainted: G B 5.7.0-rc1-next-20200415-syzkaller #0 [ 83.763013][ T7375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 83.773153][ T7375] Call Trace: [ 83.776437][ T7375] dump_stack+0x188/0x20d [ 83.780747][ T7375] panic+0x2e3/0x75c [ 83.784647][ T7375] ? add_taint.cold+0x16/0x16 [ 83.789304][ T7375] ? get_block+0x110f/0x1380 [ 83.793875][ T7375] ? trace_hardirqs_on+0x55/0x220 [ 83.798880][ T7375] ? get_block+0x110f/0x1380 [ 83.803470][ T7375] end_report+0x4d/0x53 [ 83.807731][ T7375] __kasan_report.cold+0xd/0x4d [ 83.812564][ T7375] ? get_block+0x110f/0x1380 [ 83.817147][ T7375] ? get_block+0x110f/0x1380 [ 83.821716][ T7375] kasan_report+0x33/0x50 [ 83.826042][ T7375] get_block+0x110f/0x1380 [ 83.830444][ T7375] ? block_to_path.isra.0+0x300/0x300 [ 83.835814][ T7375] ? create_empty_buffers+0x590/0x8c0 [ 83.841164][ T7375] ? __alloc_pages_nodemask+0x5f4/0x810 [ 83.846693][ T7375] ? do_raw_spin_unlock+0x171/0x260 [ 83.851877][ T7375] minix_get_block+0xe5/0x110 [ 83.856539][ T7375] __block_write_begin_int+0x490/0x1b00 [ 83.862068][ T7375] ? minix_rename+0x8c0/0x8c0 [ 83.866744][ T7375] ? remove_inode_buffers+0x1c0/0x1c0 [ 83.872098][ T7375] ? pagecache_get_page+0x204/0xa10 [ 83.877275][ T7375] ? wait_for_stable_page+0x11c/0x1e0 [ 83.882637][ T7375] ? minix_rename+0x8c0/0x8c0 [ 83.887306][ T7375] block_write_begin+0x58/0x2e0 [ 83.892157][ T7375] minix_write_begin+0x35/0xe0 [ 83.896908][ T7375] generic_perform_write+0x20a/0x4e0 [ 83.902202][ T7375] ? __mnt_drop_write+0x50/0x80 [ 83.907042][ T7375] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4a0/0x4a0 [ 83.915104][ T7375] ? update_time+0xc0/0xc0 [ 83.919520][ T7375] ? down_write+0xdb/0x150 [ 83.923929][ T7375] __generic_file_write_iter+0x24c/0x610 [ 83.929557][ T7375] generic_file_write_iter+0x3f3/0x630 [ 83.935013][ T7375] ? __generic_file_write_iter+0x610/0x610 [ 83.940806][ T7375] new_sync_write+0x4a2/0x700 [ 83.945464][ T7375] ? new_sync_read+0x7a0/0x7a0 [ 83.950219][ T7375] __vfs_write+0xc9/0x100 [ 83.954532][ T7375] __kernel_write+0x11c/0x3a0 [ 83.959192][ T7375] do_acct_process+0xcdc/0x10e0 [ 83.964025][ T7375] ? acct_on+0x770/0x770 [ 83.968271][ T7375] acct_process+0x50e/0x5b7 [ 83.972764][ T7375] ? acct_collect+0x800/0x800 [ 83.977432][ T7375] ? kmem_cache_free+0x262/0x320 [ 83.982348][ T7375] do_exit+0x1aef/0x2e10 [ 83.986573][ T7375] ? mm_update_next_owner+0x7a0/0x7a0 [ 83.991921][ T7375] ? up_read+0x1a8/0x750 [ 83.996145][ T7375] ? down_read_nested+0x430/0x430 [ 84.001151][ T7375] ? handle_mm_fault+0x29e/0x660 [ 84.006082][ T7375] do_group_exit+0x125/0x340 [ 84.010653][ T7375] __x64_sys_exit_group+0x3a/0x50 [ 84.015657][ T7375] do_syscall_64+0xf6/0x7d0 [ 84.020141][ T7375] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 84.026011][ T7375] RIP: 0033:0x444e68 [ 84.029896][ T7375] Code: 00 00 be 3c 00 00 00 eb 19 66 0f 1f 84 00 00 00 00 00 48 89 d7 89 f0 0f 05 48 3d 00 f0 ff ff 77 21 f4 48 89 d7 44 89 c0 0f 05 <48> 3d 00 f0 ff ff 76 e0 f7 d8 64 41 89 01 eb d8 0f 1f 84 00 00 00 [ 84.049480][ T7375] RSP: 002b:00007ffc5aa7b6f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 84.057870][ T7375] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444e68 [ 84.065818][ T7375] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 84.073773][ T7375] RBP: 00000000004c59f0 R08: 00000000000000e7 R09: ffffffffffffffd4 [ 84.081721][ T7375] R10: 00007ffc5aa7b610 R11: 0000000000000246 R12: 0000000000000001 [ 84.089682][ T7375] R13: 00000000006d8180 R14: 0000000000000000 R15: 0000000000000000 [ 84.099038][ T7375] Kernel Offset: disabled [ 84.103357][ T7375] Rebooting in 86400 seconds..