[ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.42' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 40.099557] audit: type=1400 audit(1589900450.867:8): avc: denied { execmem } for pid=6440 comm="syz-executor456" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 40.126098] IPVS: ftp: loaded support on port[0] = 21 [ 40.171879] audit: type=1800 audit(1589900450.937:9): pid=6441 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor456" name="file0" dev="sda1" ino=15705 res=0 [ 40.184797] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 40.203520] Process accounting resumed [ 40.211173] ================================================================== [ 40.218678] BUG: KASAN: use-after-free in get_block+0x1047/0x1300 [ 40.224917] Read of size 2 at addr ffff888088dde644 by task syz-executor456/6441 [ 40.232449] [ 40.234089] CPU: 1 PID: 6441 Comm: syz-executor456 Not tainted 4.19.123-syzkaller #0 [ 40.241972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.251325] Call Trace: [ 40.253899] dump_stack+0x188/0x20d [ 40.257509] ? get_block+0x1047/0x1300 [ 40.261575] print_address_description.cold+0x7c/0x212 [ 40.266872] ? get_block+0x1047/0x1300 [ 40.270760] kasan_report.cold+0x88/0x2b9 [ 40.274908] get_block+0x1047/0x1300 [ 40.278620] ? block_to_path.isra.0+0x300/0x300 [ 40.283277] ? create_page_buffers+0x212/0x380 [ 40.287842] ? prepend_path.isra.0+0xa4b/0xf00 [ 40.292404] ? lock_downgrade+0x740/0x740 [ 40.296532] ? do_raw_spin_lock+0xcb/0x240 [ 40.300757] ? create_empty_buffers+0x52e/0x830 [ 40.305405] ? __add_to_page_cache_locked+0x5b7/0xc50 [ 40.310572] ? do_raw_spin_unlock+0x171/0x260 [ 40.315060] minix_get_block+0xe5/0x110 [ 40.319017] __block_write_begin_int+0x480/0x17a0 [ 40.323840] ? minix_rename+0x8c0/0x8c0 [ 40.327797] ? __breadahead_gfp+0xf0/0xf0 [ 40.331935] ? pagecache_get_page+0x1b3/0xb20 [ 40.336407] ? wait_for_stable_page+0x124/0x3b0 [ 40.341108] ? minix_rename+0x8c0/0x8c0 [ 40.345075] block_write_begin+0x58/0x2e0 [ 40.349219] minix_write_begin+0x35/0xe0 [ 40.353278] generic_perform_write+0x1f8/0x4d0 [ 40.357848] ? __mnt_drop_write+0x50/0x80 [ 40.362086] ? page_endio+0x950/0x950 [ 40.365883] ? current_time+0x140/0x140 [ 40.369843] ? lock_acquire+0x170/0x400 [ 40.373808] __generic_file_write_iter+0x24c/0x610 [ 40.378726] generic_file_write_iter+0x37f/0x729 [ 40.383471] __vfs_write+0x512/0x760 [ 40.387168] ? kernel_read+0x110/0x110 [ 40.391066] __kernel_write+0x109/0x370 [ 40.395034] do_acct_process+0xcd8/0x10e0 [ 40.399211] ? acct_on+0x760/0x760 [ 40.402735] ? acct_process+0x271/0x5c0 [ 40.406701] ? check_preemption_disabled+0x41/0x280 [ 40.411710] acct_process+0x517/0x5c0 [ 40.415506] ? acct_collect+0x810/0x810 [ 40.419458] ? fput+0x2b/0x190 [ 40.422632] do_exit+0x1738/0x2f30 [ 40.426158] ? mm_update_next_owner+0x650/0x650 [ 40.430809] ? up_read+0x17/0x110 [ 40.434260] ? __do_page_fault+0x44e/0xdd0 [ 40.438487] do_group_exit+0x125/0x350 [ 40.442376] __x64_sys_exit_group+0x3a/0x50 [ 40.446689] do_syscall_64+0xf9/0x620 [ 40.450484] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.455657] RIP: 0033:0x4445d8 [ 40.458866] Code: Bad RIP value. [ 40.462206] RSP: 002b:00007ffe9d220398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 40.469911] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004445d8 [ 40.477187] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001 [ 40.484446] RBP: 00000000004c70d0 R08: 00000000000000e7 R09: ffffffffffffffd4 [ 40.491693] R10: 00007ffe9d2202b0 R11: 0000000000000246 R12: 0000000000000001 [ 40.498956] R13: 00000000006d95e0 R14: 0000000000000000 R15: 0000000000000000 [ 40.506224] [ 40.507837] The buggy address belongs to the page: [ 40.512744] page:ffffea0002237780 count:0 mapcount:-128 mapping:0000000000000000 index:0x1 [ 40.521132] flags: 0xfffe0000000000() [ 40.524925] raw: 00fffe0000000000 ffffea0002133c88 ffffea0002130ac8 0000000000000000 [ 40.532784] raw: 0000000000000001 0000000000000000 00000000ffffff7f 0000000000000000 [ 40.540637] page dumped because: kasan: bad access detected [ 40.546423] [ 40.548053] Memory state around the buggy address: [ 40.552974] ffff888088dde500: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 40.560327] ffff888088dde580: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 40.567663] >ffff888088dde600: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 40.575004] ^ [ 40.580452] ffff888088dde680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 40.587788] ffff888088dde700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 40.595119] ================================================================== [ 40.602538] Disabling lock debugging due to kernel taint [ 40.608297] Kernel panic - not syncing: panic_on_warn set ... [ 40.608297] [ 40.615671] CPU: 1 PID: 6441 Comm: syz-executor456 Tainted: G B 4.19.123-syzkaller #0 [ 40.624957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.634403] Call Trace: [ 40.636992] dump_stack+0x188/0x20d [ 40.640713] panic+0x26a/0x50e [ 40.643887] ? __warn_printk+0xf3/0xf3 [ 40.647769] ? retint_kernel+0x2d/0x2d [ 40.651649] ? trace_hardirqs_on+0x55/0x210 [ 40.655956] ? get_block+0x1047/0x1300 [ 40.659836] kasan_end_report+0x43/0x49 [ 40.663788] kasan_report.cold+0xa4/0x2b9 [ 40.667916] get_block+0x1047/0x1300 [ 40.671621] ? block_to_path.isra.0+0x300/0x300 [ 40.676270] ? create_page_buffers+0x212/0x380 [ 40.680842] ? prepend_path.isra.0+0xa4b/0xf00 [ 40.685406] ? lock_downgrade+0x740/0x740 [ 40.689529] ? do_raw_spin_lock+0xcb/0x240 [ 40.693929] ? create_empty_buffers+0x52e/0x830 [ 40.698587] ? __add_to_page_cache_locked+0x5b7/0xc50 [ 40.703767] ? do_raw_spin_unlock+0x171/0x260 [ 40.708241] minix_get_block+0xe5/0x110 [ 40.712218] __block_write_begin_int+0x480/0x17a0 [ 40.717038] ? minix_rename+0x8c0/0x8c0 [ 40.721251] ? __breadahead_gfp+0xf0/0xf0 [ 40.725387] ? pagecache_get_page+0x1b3/0xb20 [ 40.729856] ? wait_for_stable_page+0x124/0x3b0 [ 40.734503] ? minix_rename+0x8c0/0x8c0 [ 40.738453] block_write_begin+0x58/0x2e0 [ 40.742579] minix_write_begin+0x35/0xe0 [ 40.746634] generic_perform_write+0x1f8/0x4d0 [ 40.751207] ? __mnt_drop_write+0x50/0x80 [ 40.755341] ? page_endio+0x950/0x950 [ 40.759130] ? current_time+0x140/0x140 [ 40.763096] ? lock_acquire+0x170/0x400 [ 40.767048] __generic_file_write_iter+0x24c/0x610 [ 40.771970] generic_file_write_iter+0x37f/0x729 [ 40.776711] __vfs_write+0x512/0x760 [ 40.780487] ? kernel_read+0x110/0x110 [ 40.784370] __kernel_write+0x109/0x370 [ 40.788321] do_acct_process+0xcd8/0x10e0 [ 40.792456] ? acct_on+0x760/0x760 [ 40.795972] ? acct_process+0x271/0x5c0 [ 40.799943] ? check_preemption_disabled+0x41/0x280 [ 40.804950] acct_process+0x517/0x5c0 [ 40.808733] ? acct_collect+0x810/0x810 [ 40.812695] ? fput+0x2b/0x190 [ 40.815884] do_exit+0x1738/0x2f30 [ 40.819407] ? mm_update_next_owner+0x650/0x650 [ 40.824052] ? up_read+0x17/0x110 [ 40.827497] ? __do_page_fault+0x44e/0xdd0 [ 40.831719] do_group_exit+0x125/0x350 [ 40.835584] __x64_sys_exit_group+0x3a/0x50 [ 40.840925] do_syscall_64+0xf9/0x620 [ 40.844724] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 40.849918] RIP: 0033:0x4445d8 [ 40.853106] Code: Bad RIP value. [ 40.856554] RSP: 002b:00007ffe9d220398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 40.864246] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000004445d8 [ 40.871507] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001 [ 40.878755] RBP: 00000000004c70d0 R08: 00000000000000e7 R09: ffffffffffffffd4 [ 40.886016] R10: 00007ffe9d2202b0 R11: 0000000000000246 R12: 0000000000000001 [ 40.893334] R13: 00000000006d95e0 R14: 0000000000000000 R15: 0000000000000000 [ 40.902123] Kernel Offset: disabled [ 40.905789] Rebooting in 86400 seconds..