[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.9' (ECDSA) to the list of known hosts. syzkaller login: [ 90.065836][ T7079] IPVS: ftp: loaded support on port[0] = 21 [ 90.101990][ T7083] IPVS: ftp: loaded support on port[0] = 21 [ 90.102195][ T7084] IPVS: ftp: loaded support on port[0] = 21 [ 90.118608][ T7085] IPVS: ftp: loaded support on port[0] = 21 [ 90.118614][ T7081] IPVS: ftp: loaded support on port[0] = 21 [ 90.126279][ T7082] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program [ 90.452980][ T27] audit: type=1800 audit(1589472400.202:2): pid=7220 uid=0 auid=0 ses=5 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor461" name="file0" dev="sda1" ino=15733 res=0 [ 90.490677][ T7220] MINIX-fs: mounting unchecked file system, running fsck is recommended executing program [ 90.506200][ T7220] Process accounting resumed [ 90.549546][ T27] audit: type=1800 audit(1589472400.272:3): pid=7223 uid=0 auid=0 ses=5 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor461" name="file0" dev="sda1" ino=15726 res=0 [ 90.558706][ T7223] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 90.590530][ T7227] MINIX-fs: mounting unchecked file system, running fsck is recommended executing program executing program [ 90.590888][ T7229] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 90.631254][ T7227] Process accounting resumed [ 90.645785][ T27] audit: type=1800 audit(1589472400.282:4): pid=7227 uid=0 auid=0 ses=5 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor461" name="file0" dev="sda1" ino=15747 res=0 [ 90.646601][ T7229] Process accounting resumed [ 90.667800][ T27] audit: type=1800 audit(1589472400.302:5): pid=7226 uid=0 auid=0 ses=5 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor461" name="file0" dev="sda1" ino=15746 res=0 [ 90.673520][ T7223] Process accounting resumed [ 90.700855][ T7244] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 90.721548][ T27] audit: type=1800 audit(1589472400.452:6): pid=7240 uid=0 auid=0 ses=5 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor461" name="file0" dev="sda1" ino=15755 res=0 [ 90.725128][ T7247] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 90.809356][ T7247] Process accounting resumed executing program [ 90.854245][ T56] tipc: TX() has been purged, node left! [ 90.898915][ T27] audit: type=1800 audit(1589472400.652:7): pid=7260 uid=0 auid=0 ses=5 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor461" name="file0" dev="sda1" ino=15749 res=0 [ 90.930734][ T7083] ================================================================== [ 90.939019][ T7083] BUG: KASAN: use-after-free in get_block+0x1202/0x1380 [ 90.945965][ T7083] Write of size 2 at addr ffff88808ae27ba4 by task syz-executor461/7083 [ 90.954273][ T7083] [ 90.956593][ T7083] CPU: 0 PID: 7083 Comm: syz-executor461 Not tainted 5.7.0-rc1-next-20200415-syzkaller #0 [ 90.966473][ T7083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 90.976511][ T7083] Call Trace: [ 90.979792][ T7083] dump_stack+0x188/0x20d [ 90.984131][ T7083] print_address_description.constprop.0.cold+0xd3/0x315 [ 90.992292][ T7083] ? get_block+0x1202/0x1380 [ 90.996869][ T7083] __kasan_report.cold+0x35/0x4d [ 91.001790][ T7083] ? get_block+0x1202/0x1380 [ 91.006381][ T7083] ? get_block+0x1202/0x1380 [ 91.010967][ T7083] kasan_report+0x33/0x50 [ 91.015288][ T7083] get_block+0x1202/0x1380 [ 91.019707][ T7083] ? block_to_path.isra.0+0x300/0x300 [ 91.025079][ T7083] ? lock_downgrade+0x840/0x840 [ 91.029922][ T7083] minix_get_block+0xe5/0x110 [ 91.034587][ T7083] __block_write_begin_int+0x490/0x1b00 [ 91.040553][ T7083] ? minix_rename+0x8c0/0x8c0 [ 91.045222][ T7083] ? remove_inode_buffers+0x1c0/0x1c0 [ 91.050580][ T7083] ? pagecache_get_page+0x204/0xa10 [ 91.055763][ T7083] ? wait_for_stable_page+0x11c/0x1e0 [ 91.061124][ T7083] ? minix_rename+0x8c0/0x8c0 [ 91.065785][ T7083] block_write_begin+0x58/0x2e0 [ 91.070623][ T7083] minix_write_begin+0x35/0xe0 [ 91.075377][ T7083] generic_perform_write+0x20a/0x4e0 [ 91.080662][ T7083] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4a0/0x4a0 [ 91.088712][ T7083] ? update_time+0xc0/0xc0 [ 91.093134][ T7083] ? down_write+0xdb/0x150 [ 91.097544][ T7083] __generic_file_write_iter+0x24c/0x610 [ 91.103167][ T7083] generic_file_write_iter+0x3f3/0x630 [ 91.108613][ T7083] ? __generic_file_write_iter+0x610/0x610 [ 91.114416][ T7083] new_sync_write+0x4a2/0x700 [ 91.119091][ T7083] ? new_sync_read+0x7a0/0x7a0 [ 91.123860][ T7083] __vfs_write+0xc9/0x100 [ 91.128190][ T7083] __kernel_write+0x11c/0x3a0 [ 91.132853][ T7083] do_acct_process+0xcdc/0x10e0 [ 91.137692][ T7083] ? acct_on+0x770/0x770 [ 91.141918][ T7083] ? pin_kill+0x12e/0x7c0 [ 91.146237][ T7083] ? do_raw_spin_lock+0x129/0x2e0 [ 91.151258][ T7083] ? rwlock_bug.part.0+0x90/0x90 [ 91.156187][ T7083] acct_pin_kill+0x29/0xf0 [ 91.160590][ T7083] pin_kill+0x175/0x7c0 [ 91.164731][ T7083] ? pin_insert+0x260/0x260 [ 91.169218][ T7083] ? lock_release+0x800/0x800 [ 91.173879][ T7083] ? finish_wait+0x260/0x260 [ 91.178470][ T7083] ? mnt_pin_kill+0x6c/0x1c0 [ 91.183151][ T7083] mnt_pin_kill+0x6c/0x1c0 [ 91.187556][ T7083] cleanup_mnt+0x3c4/0x4b0 [ 91.191960][ T7083] task_work_run+0xf4/0x1b0 [ 91.196450][ T7083] do_exit+0xb53/0x2e10 [ 91.200596][ T7083] ? mm_update_next_owner+0x7a0/0x7a0 [ 91.205947][ T7083] ? up_read+0x1a8/0x750 [ 91.210173][ T7083] ? down_read_nested+0x430/0x430 [ 91.215182][ T7083] ? handle_mm_fault+0x29e/0x660 [ 91.220110][ T7083] do_group_exit+0x125/0x340 [ 91.224686][ T7083] __x64_sys_exit_group+0x3a/0x50 [ 91.229694][ T7083] do_syscall_64+0xf6/0x7d0 [ 91.234197][ T7083] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 91.240073][ T7083] RIP: 0033:0x44b9e8 [ 91.243973][ T7083] Code: Bad RIP value. [ 91.248030][ T7083] RSP: 002b:00007fff686f4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 91.256446][ T7083] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000044b9e8 [ 91.264401][ T7083] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001 [ 91.272355][ T7083] RBP: 00000000004d0a10 R08: 00000000000000e7 R09: ffffffffffffffd4 [ 91.280310][ T7083] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000001 [ 91.288275][ T7083] R13: 00000000006ea9a0 R14: 0000000000000000 R15: 00007fff686f62d0 [ 91.296258][ T7083] [ 91.298584][ T7083] The buggy address belongs to the page: [ 91.304212][ T7083] page:ffffea00022b89c0 refcount:0 mapcount:0 mapping:00000000722a657b index:0x1 [ 91.313314][ T7083] flags: 0xfffe0000000000() [ 91.317830][ T7083] raw: 00fffe0000000000 ffffea00022b1448 ffffea000231b808 0000000000000000 [ 91.326416][ T7083] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 91.334977][ T7083] page dumped because: kasan: bad access detected [ 91.341365][ T7083] [ 91.343676][ T7083] Memory state around the buggy address: [ 91.349304][ T7083] ffff88808ae27a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 91.357365][ T7083] ffff88808ae27b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 91.365422][ T7083] >ffff88808ae27b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 91.373463][ T7083] ^ [ 91.378571][ T7083] ffff88808ae27c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 91.388007][ T7083] ffff88808ae27c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 91.396050][ T7083] ================================================================== [ 91.404092][ T7083] Disabling lock debugging due to kernel taint [ 91.422982][ T7260] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 91.441960][ T7260] Process accounting resumed [ 91.476356][ T7083] Kernel panic - not syncing: panic_on_warn set ... [ 91.482987][ T7083] CPU: 1 PID: 7083 Comm: syz-executor461 Tainted: G B 5.7.0-rc1-next-20200415-syzkaller #0 [ 91.494257][ T7083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 91.504315][ T7083] Call Trace: [ 91.507610][ T7083] dump_stack+0x188/0x20d [ 91.511951][ T7083] panic+0x2e3/0x75c [ 91.515857][ T7083] ? add_taint.cold+0x16/0x16 [ 91.520534][ T7083] ? preempt_schedule_common+0x5e/0xc0 [ 91.525990][ T7083] ? get_block+0x1202/0x1380 [ 91.530598][ T7083] ? preempt_schedule_thunk+0x16/0x18 [ 91.535947][ T7083] ? trace_hardirqs_on+0x55/0x220 [ 91.540955][ T7083] ? get_block+0x1202/0x1380 [ 91.545543][ T7083] end_report+0x4d/0x53 [ 91.549675][ T7083] __kasan_report.cold+0xd/0x4d [ 91.554526][ T7083] ? get_block+0x1202/0x1380 [ 91.559090][ T7083] ? get_block+0x1202/0x1380 [ 91.563652][ T7083] kasan_report+0x33/0x50 [ 91.567980][ T7083] get_block+0x1202/0x1380 [ 91.572439][ T7083] ? block_to_path.isra.0+0x300/0x300 [ 91.577805][ T7083] ? lock_downgrade+0x840/0x840 [ 91.582640][ T7083] minix_get_block+0xe5/0x110 [ 91.587352][ T7083] __block_write_begin_int+0x490/0x1b00 [ 91.592873][ T7083] ? minix_rename+0x8c0/0x8c0 [ 91.597545][ T7083] ? remove_inode_buffers+0x1c0/0x1c0 [ 91.602913][ T7083] ? pagecache_get_page+0x204/0xa10 [ 91.608105][ T7083] ? wait_for_stable_page+0x11c/0x1e0 [ 91.613565][ T7083] ? minix_rename+0x8c0/0x8c0 [ 91.618236][ T7083] block_write_begin+0x58/0x2e0 [ 91.623122][ T7083] minix_write_begin+0x35/0xe0 [ 91.627867][ T7083] generic_perform_write+0x20a/0x4e0 [ 91.633131][ T7083] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4a0/0x4a0 [ 91.641273][ T7083] ? update_time+0xc0/0xc0 [ 91.645697][ T7083] ? down_write+0xdb/0x150 [ 91.650122][ T7083] __generic_file_write_iter+0x24c/0x610 [ 91.655737][ T7083] generic_file_write_iter+0x3f3/0x630 [ 91.661188][ T7083] ? __generic_file_write_iter+0x610/0x610 [ 91.666988][ T7083] new_sync_write+0x4a2/0x700 [ 91.671639][ T7083] ? new_sync_read+0x7a0/0x7a0 [ 91.676389][ T7083] __vfs_write+0xc9/0x100 [ 91.680714][ T7083] __kernel_write+0x11c/0x3a0 [ 91.685364][ T7083] do_acct_process+0xcdc/0x10e0 [ 91.690188][ T7083] ? acct_on+0x770/0x770 [ 91.694417][ T7083] ? pin_kill+0x12e/0x7c0 [ 91.698743][ T7083] ? do_raw_spin_lock+0x129/0x2e0 [ 91.703756][ T7083] ? rwlock_bug.part.0+0x90/0x90 [ 91.708669][ T7083] acct_pin_kill+0x29/0xf0 [ 91.713059][ T7083] pin_kill+0x175/0x7c0 [ 91.717188][ T7083] ? pin_insert+0x260/0x260 [ 91.721679][ T7083] ? lock_release+0x800/0x800 [ 91.726332][ T7083] ? finish_wait+0x260/0x260 [ 91.730894][ T7083] ? mnt_pin_kill+0x6c/0x1c0 [ 91.735469][ T7083] mnt_pin_kill+0x6c/0x1c0 [ 91.739863][ T7083] cleanup_mnt+0x3c4/0x4b0 [ 91.744254][ T7083] task_work_run+0xf4/0x1b0 [ 91.748732][ T7083] do_exit+0xb53/0x2e10 [ 91.752861][ T7083] ? mm_update_next_owner+0x7a0/0x7a0 [ 91.758217][ T7083] ? up_read+0x1a8/0x750 [ 91.762446][ T7083] ? down_read_nested+0x430/0x430 [ 91.767459][ T7083] ? handle_mm_fault+0x29e/0x660 [ 91.772389][ T7083] do_group_exit+0x125/0x340 [ 91.776953][ T7083] __x64_sys_exit_group+0x3a/0x50 [ 91.781967][ T7083] do_syscall_64+0xf6/0x7d0 [ 91.786449][ T7083] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 91.792366][ T7083] RIP: 0033:0x44b9e8 [ 91.796257][ T7083] Code: Bad RIP value. [ 91.800303][ T7083] RSP: 002b:00007fff686f4e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 91.808689][ T7083] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000044b9e8 [ 91.816670][ T7083] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001 [ 91.824625][ T7083] RBP: 00000000004d0a10 R08: 00000000000000e7 R09: ffffffffffffffd4 [ 91.832572][ T7083] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000001 [ 91.840520][ T7083] R13: 00000000006ea9a0 R14: 0000000000000000 R15: 00007fff686f62d0 [ 91.849658][ T7083] Kernel Offset: disabled [ 91.853981][ T7083] Rebooting in 86400 seconds..