[[0;32m OK [0m] Started Getty on tty4.
[[0;32m OK [0m] Started Getty on tty3.
[[0;32m OK [0m] Started Getty on tty1.
[[0;32m OK [0m] Started Getty on tty2.
[[0;32m OK [0m] Started Serial Getty on ttyS0.
[[0;32m OK [0m] Reached target Login Prompts.
[[0;32m OK [0m] Reached target Multi-User System.
[[0;32m OK [0m] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[[0;32m OK [0m] Started Update UTMP about System Runlevel Changes.
Starting Load/Save RF Kill Switch Status...
[[0;32m OK [0m] Started Load/Save RF Kill Switch Status.
Debian GNU/Linux 9 syzkaller ttyS0
Warning: Permanently added '10.128.0.54' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [ 66.910447][ T6529] loop0: detected capacity change from 0 to 224
executing program
[ 67.037045][ T6537] loop0: detected capacity change from 0 to 224
[ 67.069661][ T6537] syz-executor936: attempt to access beyond end of device
[ 67.069661][ T6537] loop0: rw=524288, want=856162336, limit=224
[ 67.083457][ T6537] syz-executor936: attempt to access beyond end of device
[ 67.083457][ T6537] loop0: rw=0, want=856162312, limit=224
[ 67.097114][ T25] audit: type=1800 audit(1633999771.414:2): pid=6537 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor936" name="/" dev="loop0" ino=255 res=0 errno=0
executing program
executing program
[ 67.217190][ T6544] loop0: detected capacity change from 0 to 224
executing program
executing program
[ 67.357323][ T6552] loop0: detected capacity change from 0 to 224
executing program
[ 67.440844][ T6558] loop0: detected capacity change from 0 to 224
executing program
[ 67.535424][ T6564] loop0: detected capacity change from 0 to 224
[ 67.550931][ T6564] syz-executor936: attempt to access beyond end of device
[ 67.550931][ T6564] loop0: rw=524288, want=480, limit=224
[ 67.565602][ T6564] syz-executor936: attempt to access beyond end of device
[ 67.565602][ T6564] loop0: rw=524288, want=736, limit=224
[ 67.578457][ T6564] syz-executor936: attempt to access beyond end of device
executing program
executing program
[ 67.578457][ T6564] loop0: rw=0, want=232, limit=224
[ 67.591644][ T6564] syz-executor936: attempt to access beyond end of device
[ 67.591644][ T6564] loop0: rw=0, want=232, limit=224
[ 67.604451][ T25] audit: type=1800 audit(1633999771.924:3): pid=6564 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor936" name="/" dev="loop0" ino=255 res=0 errno=0
executing program
[ 67.683160][ T6572] loop0: detected capacity change from 0 to 224
executing program
[ 67.747668][ T6578] loop0: detected capacity change from 0 to 224
[ 67.775454][ T6578] syz-executor936: attempt to access beyond end of device
[ 67.775454][ T6578] loop0: rw=524288, want=15179186208, limit=224
[ 67.788846][ T6578] syz-executor936: attempt to access beyond end of device
[ 67.788846][ T6578] loop0: rw=0, want=15179186184, limit=224
[ 67.803110][ T25] audit: type=1800 audit(1633999772.124:4): pid=6578 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor936" name="/" dev="loop0" ino=255 res=0 errno=0
executing program
[ 67.886620][ T6586] loop0: detected capacity change from 0 to 224
[ 67.900243][ T6586] syz-executor936: attempt to access beyond end of device
[ 67.900243][ T6586] loop0: rw=524288, want=14092599328, limit=224
[ 67.913990][ T6586] syz-executor936: attempt to access beyond end of device
[ 67.913990][ T6586] loop0: rw=0, want=14092599304, limit=224
executing program
[ 67.928968][ T25] audit: type=1800 audit(1633999772.244:5): pid=6586 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor936" name="/" dev="loop0" ino=255 res=0 errno=0
[ 67.986928][ T6592] loop0: detected capacity change from 0 to 224
[ 67.990155][ T6533] blk_update_request: I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[ 68.007235][ T6592] ==================================================================
[ 68.015376][ T6592] BUG: KASAN: use-after-free in __isofs_iget+0x1c84/0x2100
[ 68.022592][ T6592] Read of size 1 at addr ffff88806ece6015 by task syz-executor936/6592
[ 68.030907][ T6592]
[ 68.033235][ T6592] CPU: 0 PID: 6592 Comm: syz-executor936 Not tainted 5.15.0-rc4-next-20211011-syzkaller #0
[ 68.043222][ T6592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 68.053281][ T6592] Call Trace:
[ 68.056563][ T6592]
[ 68.059506][ T6592] dump_stack_lvl+0xcd/0x134
[ 68.064125][ T6592] print_address_description.constprop.0.cold+0x8d/0x320
[ 68.071257][ T6592] ? __isofs_iget+0x1c84/0x2100
[ 68.076121][ T6592] ? __isofs_iget+0x1c84/0x2100
[ 68.080981][ T6592] kasan_report.cold+0x83/0xdf
[ 68.085846][ T6592] ? __bread_gfp+0x40/0x3c0
[ 68.090364][ T6592] ? __isofs_iget+0x1c84/0x2100
[ 68.095233][ T6592] __isofs_iget+0x1c84/0x2100
[ 68.099930][ T6592] ? lock_chain_count+0x20/0x20
[ 68.104804][ T6592] ? isofs_dentry_cmp_ms+0x210/0x210
[ 68.110116][ T6592] ? stack_trace_save+0x8c/0xc0
[ 68.114984][ T6592] isofs_fh_to_dentry+0x117/0x1f0
[ 68.120024][ T6592] exportfs_decode_fh_raw+0x127/0x7a0
[ 68.125582][ T6592] ? drop_caches_sysctl_handler+0x110/0x110
[ 68.131490][ T6592] ? isofs_fh_to_parent+0x230/0x230
[ 68.136701][ T6592] ? reconnect_path+0x7e0/0x7e0
[ 68.141654][ T6592] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 68.147693][ T6592] ? find_held_lock+0x2d/0x110
[ 68.152643][ T6592] ? __might_fault+0xd1/0x170
[ 68.157335][ T6592] ? lock_downgrade+0x6e0/0x6e0
[ 68.162210][ T6592] ? drop_caches_sysctl_handler+0x110/0x110
[ 68.168382][ T6592] exportfs_decode_fh+0x38/0x90
[ 68.173251][ T6592] do_handle_open+0x2b6/0x8b0
[ 68.177957][ T6592] ? vfs_dentry_acceptable+0x10/0x10
[ 68.183262][ T6592] ? syscall_enter_from_user_mode+0x21/0x70
[ 68.189178][ T6592] do_syscall_64+0x35/0xb0
[ 68.194318][ T6592] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 68.200400][ T6592] RIP: 0033:0x7fa002798fb9
[ 68.204823][ T6592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 68.224615][ T6592] RSP: 002b:00007ffffcd5a438 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[ 68.233042][ T6592] RAX: ffffffffffffffda RBX: 0000000000010939 RCX: 00007fa002798fb9
[ 68.241136][ T6592] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000005
[ 68.249116][ T6592] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffffcd5a460
[ 68.257217][ T6592] R10: 00007ffffcd5a300 R11: 0000000000000246 R12: 00007ffffcd5a45c
[ 68.265433][ T6592] R13: 00007ffffcd5a490 R14: 00007ffffcd5a470 R15: 000000000000000d
[ 68.273523][ T6592]
[ 68.276554][ T6592]
[ 68.278876][ T6592] The buggy address belongs to the page:
[ 68.284499][ T6592] page:ffffea0001bb3980 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6ece6
[ 68.294756][ T6592] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 68.301882][ T6592] raw: 00fff00000000000 ffffea0001beb708 ffffea0001f38e48 0000000000000000
[ 68.310489][ T6592] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 68.319105][ T6592] page dumped because: kasan: bad access detected
[ 68.325514][ T6592] page_owner tracks the page as freed
[ 68.330875][ T6592] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), pid 6450, ts 55488123071, free_ts 55808040837
[ 68.346339][ T6592] get_page_from_freelist+0xa72/0x2f50
[ 68.352189][ T6592] __alloc_pages+0x1b2/0x500
[ 68.356804][ T6592] alloc_pages+0x1a7/0x300
[ 68.361266][ T6592] __get_free_pages+0x8/0x40
[ 68.365870][ T6592] pgd_alloc+0x81/0x360
[ 68.370043][ T6592] mm_init+0x60a/0xab0
[ 68.374120][ T6592] mm_alloc+0x99/0xc0
[ 68.378121][ T6592] alloc_bprm+0x1c3/0x8f0
[ 68.382460][ T6592] do_execveat_common+0x232/0x780
[ 68.387497][ T6592] __x64_sys_execve+0x8f/0xc0
[ 68.392189][ T6592] do_syscall_64+0x35/0xb0
[ 68.396611][ T6592] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 68.402522][ T6592] page last free stack trace:
[ 68.407198][ T6592] free_pcp_prepare+0x373/0x870
[ 68.412111][ T6592] free_unref_page+0x19/0x690
[ 68.416804][ T6592] __mmdrop+0xcb/0x3f0
[ 68.420882][ T6592] __mmput+0x3f1/0x4b0
[ 68.424966][ T6592] mmput+0x56/0x60
[ 68.428699][ T6592] do_exit+0xb29/0x2b40
[ 68.432864][ T6592] do_group_exit+0x125/0x310
[ 68.437460][ T6592] __x64_sys_exit_group+0x3a/0x50
[ 68.442494][ T6592] do_syscall_64+0x35/0xb0
[ 68.446956][ T6592] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 68.452862][ T6592]
[ 68.455185][ T6592] Memory state around the buggy address:
[ 68.460985][ T6592] ffff88806ece5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 68.469221][ T6592] ffff88806ece5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 68.477472][ T6592] >ffff88806ece6000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 68.485537][ T6592] ^
[ 68.490225][ T6592] ffff88806ece6080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 68.498378][ T6592] ffff88806ece6100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 68.506879][ T6592] ==================================================================
[ 68.514943][ T6592] Disabling lock debugging due to kernel taint
[ 68.521510][ T6592] Kernel panic - not syncing: panic_on_warn set ...
[ 68.528091][ T6592] CPU: 0 PID: 6592 Comm: syz-executor936 Tainted: G B 5.15.0-rc4-next-20211011-syzkaller #0
[ 68.539461][ T6592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 68.549508][ T6592] Call Trace:
[ 68.552783][ T6592]
[ 68.555717][ T6592] dump_stack_lvl+0xcd/0x134
[ 68.560319][ T6592] panic+0x2b0/0x6dd
[ 68.564212][ T6592] ? __warn_printk+0xf3/0xf3
[ 68.569043][ T6592] ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[ 68.575992][ T6592] ? trace_hardirqs_on+0x38/0x1c0
[ 68.581032][ T6592] ? trace_hardirqs_on+0x51/0x1c0
[ 68.586066][ T6592] ? __isofs_iget+0x1c84/0x2100
[ 68.590911][ T6592] ? __isofs_iget+0x1c84/0x2100
[ 68.595763][ T6592] end_report.cold+0x63/0x6f
[ 68.600448][ T6592] kasan_report.cold+0x71/0xdf
[ 68.605223][ T6592] ? __bread_gfp+0x40/0x3c0
[ 68.609722][ T6592] ? __isofs_iget+0x1c84/0x2100
[ 68.614579][ T6592] __isofs_iget+0x1c84/0x2100
[ 68.619257][ T6592] ? lock_chain_count+0x20/0x20
[ 68.624281][ T6592] ? isofs_dentry_cmp_ms+0x210/0x210
[ 68.629956][ T6592] ? stack_trace_save+0x8c/0xc0
[ 68.634895][ T6592] isofs_fh_to_dentry+0x117/0x1f0
[ 68.639914][ T6592] exportfs_decode_fh_raw+0x127/0x7a0
[ 68.645450][ T6592] ? drop_caches_sysctl_handler+0x110/0x110
[ 68.651334][ T6592] ? isofs_fh_to_parent+0x230/0x230
[ 68.656545][ T6592] ? reconnect_path+0x7e0/0x7e0
[ 68.661387][ T6592] ? lockdep_hardirqs_on_prepare+0x400/0x400
[ 68.667375][ T6592] ? find_held_lock+0x2d/0x110
[ 68.672168][ T6592] ? __might_fault+0xd1/0x170
[ 68.676869][ T6592] ? lock_downgrade+0x6e0/0x6e0
[ 68.681720][ T6592] ? drop_caches_sysctl_handler+0x110/0x110
[ 68.687649][ T6592] exportfs_decode_fh+0x38/0x90
[ 68.692517][ T6592] do_handle_open+0x2b6/0x8b0
[ 68.697202][ T6592] ? vfs_dentry_acceptable+0x10/0x10
[ 68.702568][ T6592] ? syscall_enter_from_user_mode+0x21/0x70
[ 68.708465][ T6592] do_syscall_64+0x35/0xb0
[ 68.712882][ T6592] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 68.718774][ T6592] RIP: 0033:0x7fa002798fb9
[ 68.723273][ T6592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
[ 68.743015][ T6592] RSP: 002b:00007ffffcd5a438 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[ 68.751433][ T6592] RAX: ffffffffffffffda RBX: 0000000000010939 RCX: 00007fa002798fb9
[ 68.759401][ T6592] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000005
[ 68.767386][ T6592] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffffcd5a460
[ 68.775350][ T6592] R10: 00007ffffcd5a300 R11: 0000000000000246 R12: 00007ffffcd5a45c
[ 68.783326][ T6592] R13: 00007ffffcd5a490 R14: 00007ffffcd5a470 R15: 000000000000000d
[ 68.791322][ T6592]
[ 68.794585][ T6592] Kernel Offset: disabled
[ 68.798901][ T6592] Rebooting in 86400 seconds..