[[0;32m  OK  [0m] Started OpenBSD Secure Shell server.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.202' (ECDSA) to the list of known hosts.
syzkaller login: [   34.138199] audit: type=1400 audit(1594589501.185:8): avc:  denied  { execmem } for  pid=6334 comm="syz-executor491" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1
[   34.349165] IPVS: ftp: loaded support on port[0] = 21
executing program
[   35.111738] audit: type=1800 audit(1594589502.166:9): pid=6356 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor491" name="file0" dev="sda1" ino=15707 res=0
[   35.137759] MINIX-fs: mounting unchecked file system, running fsck is recommended
[   35.156572] Process accounting resumed
[   35.162054] ==================================================================
[   35.169509] BUG: KASAN: use-after-free in get_block+0xe06/0x1100
[   35.175647] Read of size 2 at addr ffff8880a5fa318a by task syz-executor491/6356
[   35.183181] 
[   35.184837] CPU: 0 PID: 6356 Comm: syz-executor491 Not tainted 4.14.184-syzkaller #0
[   35.192699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.202036] Call Trace:
[   35.204603]  dump_stack+0x1b2/0x283
[   35.208229]  ? get_block+0xe06/0x1100
[   35.212019]  print_address_description.cold+0x54/0x1dc
[   35.217280]  ? get_block+0xe06/0x1100
[   35.221059]  kasan_report.cold+0xa9/0x2b9
[   35.225181]  get_block+0xe06/0x1100
[   35.228800]  ? block_to_path.isra.0+0x2d0/0x2d0
[   35.233441]  ? create_page_buffers+0x14d/0x1c0
[   35.238000]  ? lock_downgrade+0x6e0/0x6e0
[   35.242123]  ? create_empty_buffers+0x264/0x470
[   35.246782]  ? do_raw_spin_unlock+0x164/0x250
[   35.251269]  minix_get_block+0xd6/0x100
[   35.255218]  __block_write_begin_int+0x33a/0x1000
[   35.260037]  ? minix_lookup+0x180/0x180
[   35.263984]  ? add_to_page_cache_lru+0x151/0x300
[   35.268714]  ? __breadahead_gfp+0xd0/0xd0
[   35.272837]  ? wait_for_stable_page+0xe3/0x260
[   35.277392]  ? minix_lookup+0x180/0x180
[   35.281341]  block_write_begin+0x58/0x260
[   35.285477]  minix_write_begin+0x35/0xc0
[   35.289527]  generic_perform_write+0x1c9/0x420
[   35.294090]  ? __mnt_drop_write+0x40/0x70
[   35.298225]  ? filemap_page_mkwrite+0x2d0/0x2d0
[   35.302880]  ? current_time+0xb0/0xb0
[   35.306656]  ? lock_acquire+0x170/0x3f0
[   35.310629]  __generic_file_write_iter+0x227/0x590
[   35.315538]  generic_file_write_iter+0x36f/0x650
[   35.320279]  ? iov_iter_init+0xa6/0x1c0
[   35.324229]  __vfs_write+0x44e/0x630
[   35.327921]  ? kernel_read+0x110/0x110
[   35.331786]  ? __task_pid_nr_ns+0x1c3/0x440
[   35.336094]  ? do_acct_process+0xc41/0xf60
[   35.340316]  __kernel_write+0xf5/0x330
[   35.344180]  do_acct_process+0xb49/0xf60
[   35.348216]  ? acct_put+0x40/0x40
[   35.351641]  ? acct_process+0x179/0x422
[   35.355603]  acct_process+0x38a/0x422
[   35.359391]  do_exit+0x1728/0x2ae0
[   35.362916]  ? __do_page_fault+0x5a0/0xb50
[   35.367128]  ? mm_update_next_owner+0x5b0/0x5b0
[   35.371787]  ? lock_downgrade+0x6e0/0x6e0
[   35.375913]  do_group_exit+0x100/0x2e0
[   35.379789]  SyS_exit_group+0x19/0x20
[   35.383562]  ? do_group_exit+0x2e0/0x2e0
[   35.387612]  do_syscall_64+0x1d5/0x640
[   35.391477]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   35.396638] RIP: 0033:0x444a18
[   35.399801] RSP: 002b:00007fff1e105b38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   35.407506] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444a18
[   35.414755] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   35.422146] RBP: 00000000004c53f0 R08: 00000000000000e7 R09: ffffffffffffffd4
[   35.429392] R10: 00007fff1e105a50 R11: 0000000000000246 R12: 0000000000000001
[   35.436638] R13: 00000000006d7180 R14: 0000000000000000 R15: 0000000000000000
[   35.443891] 
[   35.445496] Allocated by task 6089:
[   35.449111]  kasan_kmalloc.part.0+0x4f/0xd0
[   35.453420]  kmem_cache_alloc+0x124/0x3c0
[   35.457641]  dup_fd+0x81/0xa40
[   35.460822]  copy_process.part.0+0x1b58/0x6fa0
[   35.465390]  _do_fork+0x180/0xc80
[   35.468827]  do_syscall_64+0x1d5/0x640
[   35.472690]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   35.477863] 
[   35.479483] Freed by task 6116:
[   35.482736]  kasan_slab_free+0xaf/0x190
[   35.486682]  kmem_cache_free+0x7c/0x2b0
[   35.490641]  put_files_struct+0x268/0x2d0
[   35.494774]  exit_files+0x7e/0xa0
[   35.498233]  do_exit+0x9d0/0x2ae0
[   35.501659]  do_group_exit+0x100/0x2e0
[   35.505685]  SyS_exit_group+0x19/0x20
[   35.509468]  do_syscall_64+0x1d5/0x640
[   35.513333]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   35.518510] 
[   35.520113] The buggy address belongs to the object at ffff8880a5fa30c0
[   35.520113]  which belongs to the cache files_cache of size 832
[   35.532742] The buggy address is located 202 bytes inside of
[   35.532742]  832-byte region [ffff8880a5fa30c0, ffff8880a5fa3400)
[   35.544600] The buggy address belongs to the page:
[   35.549505] page:ffffea000297e8c0 count:1 mapcount:0 mapping:ffff8880a5fa30c0 index:0xffff8880a5fa3840
[   35.558927] flags: 0xfffe0000000100(slab)
[   35.563125] raw: 00fffe0000000100 ffff8880a5fa30c0 ffff8880a5fa3840 0000000100000002
[   35.571023] raw: ffffea0002a3a7a0 ffffea0002a13d20 ffff8880aa95d800 0000000000000000
[   35.578877] page dumped because: kasan: bad access detected
[   35.584556] 
[   35.586191] Memory state around the buggy address:
[   35.591114]  ffff8880a5fa3080: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[   35.598467]  ffff8880a5fa3100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.605809] >ffff8880a5fa3180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.613150]                       ^
[   35.616762]  ffff8880a5fa3200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.624094]  ffff8880a5fa3280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   35.631439] ==================================================================
[   35.638769] Disabling lock debugging due to kernel taint
[   35.644482] Kernel panic - not syncing: panic_on_warn set ...
[   35.644482] 
[   35.651846] CPU: 0 PID: 6356 Comm: syz-executor491 Tainted: G    B           4.14.184-syzkaller #0
[   35.660928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   35.670267] Call Trace:
[   35.672850]  dump_stack+0x1b2/0x283
[   35.676479]  panic+0x1f9/0x42d
[   35.679682]  ? add_taint.cold+0x16/0x16
[   35.683649]  ? get_block+0xe06/0x1100
[   35.687442]  kasan_end_report+0x43/0x49
[   35.691412]  kasan_report.cold+0x12f/0x2b9
[   35.695633]  get_block+0xe06/0x1100
[   35.699238]  ? block_to_path.isra.0+0x2d0/0x2d0
[   35.703888]  ? create_page_buffers+0x14d/0x1c0
[   35.708473]  ? lock_downgrade+0x6e0/0x6e0
[   35.712601]  ? create_empty_buffers+0x264/0x470
[   35.717295]  ? do_raw_spin_unlock+0x164/0x250
[   35.721780]  minix_get_block+0xd6/0x100
[   35.725737]  __block_write_begin_int+0x33a/0x1000
[   35.730564]  ? minix_lookup+0x180/0x180
[   35.734521]  ? add_to_page_cache_lru+0x151/0x300
[   35.739282]  ? __breadahead_gfp+0xd0/0xd0
[   35.743433]  ? wait_for_stable_page+0xe3/0x260
[   35.747990]  ? minix_lookup+0x180/0x180
[   35.751943]  block_write_begin+0x58/0x260
[   35.756068]  minix_write_begin+0x35/0xc0
[   35.760110]  generic_perform_write+0x1c9/0x420
[   35.764704]  ? __mnt_drop_write+0x40/0x70
[   35.768829]  ? filemap_page_mkwrite+0x2d0/0x2d0
[   35.773474]  ? current_time+0xb0/0xb0
[   35.777263]  ? lock_acquire+0x170/0x3f0
[   35.781214]  __generic_file_write_iter+0x227/0x590
[   35.786131]  generic_file_write_iter+0x36f/0x650
[   35.790872]  ? iov_iter_init+0xa6/0x1c0
[   35.794855]  __vfs_write+0x44e/0x630
[   35.798565]  ? kernel_read+0x110/0x110
[   35.802439]  ? __task_pid_nr_ns+0x1c3/0x440
[   35.806736]  ? do_acct_process+0xc41/0xf60
[   35.811105]  __kernel_write+0xf5/0x330
[   35.814980]  do_acct_process+0xb49/0xf60
[   35.819023]  ? acct_put+0x40/0x40
[   35.823602]  ? acct_process+0x179/0x422
[   35.827570]  acct_process+0x38a/0x422
[   35.831362]  do_exit+0x1728/0x2ae0
[   35.834880]  ? __do_page_fault+0x5a0/0xb50
[   35.839090]  ? mm_update_next_owner+0x5b0/0x5b0
[   35.843747]  ? lock_downgrade+0x6e0/0x6e0
[   35.847871]  do_group_exit+0x100/0x2e0
[   35.851745]  SyS_exit_group+0x19/0x20
[   35.855520]  ? do_group_exit+0x2e0/0x2e0
[   35.859567]  do_syscall_64+0x1d5/0x640
[   35.863438]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[   35.868612] RIP: 0033:0x444a18
[   35.871786] RSP: 002b:00007fff1e105b38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   35.879464] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444a18
[   35.886736] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   35.893980] RBP: 00000000004c53f0 R08: 00000000000000e7 R09: ffffffffffffffd4
[   35.901232] R10: 00007fff1e105a50 R11: 0000000000000246 R12: 0000000000000001
[   35.908492] R13: 00000000006d7180 R14: 0000000000000000 R15: 0000000000000000
[   35.916693] Kernel Offset: disabled
[   35.920319] Rebooting in 86400 seconds..