[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.43' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 53.129078][ T27] audit: type=1800 audit(1594577944.634:2): pid=6944 uid=0 auid=0 ses=5 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor154" name="file0" dev="sda1" ino=15711 res=0 [ 53.155796][ T6944] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 53.171115][ T6944] Process accounting resumed [ 53.177778][ T6944] ================================================================== [ 53.185965][ T6944] BUG: KASAN: use-after-free in get_block+0x1103/0x13a0 [ 53.192893][ T6944] Read of size 2 at addr ffff88808800f18a by task syz-executor154/6944 [ 53.201118][ T6944] [ 53.203450][ T6944] CPU: 0 PID: 6944 Comm: syz-executor154 Not tainted 5.8.0-rc4-syzkaller #0 [ 53.212109][ T6944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.222156][ T6944] Call Trace: [ 53.225451][ T6944] dump_stack+0x18f/0x20d [ 53.229794][ T6944] ? get_block+0x1103/0x13a0 [ 53.234385][ T6944] ? get_block+0x1103/0x13a0 [ 53.238980][ T6944] print_address_description.constprop.0.cold+0xae/0x436 [ 53.246003][ T6944] ? lock_release+0x8d0/0x8d0 [ 53.250680][ T6944] ? __wait_on_bit+0x190/0x190 [ 53.255446][ T6944] ? lockdep_hardirqs_off+0x66/0xa0 [ 53.260639][ T6944] ? vprintk_func+0x97/0x1a6 [ 53.265319][ T6944] ? get_block+0x1103/0x13a0 [ 53.269906][ T6944] kasan_report.cold+0x1f/0x37 [ 53.274678][ T6944] ? get_block+0x1103/0x13a0 [ 53.279271][ T6944] get_block+0x1103/0x13a0 [ 53.283701][ T6944] ? free_branches+0x270/0x270 [ 53.288481][ T6944] ? create_empty_buffers+0x58f/0x820 [ 53.293860][ T6944] ? do_raw_spin_unlock+0x171/0x230 [ 53.299065][ T6944] minix_get_block+0xe5/0x110 [ 53.303751][ T6944] ? minix_rename+0x8c0/0x8c0 [ 53.308427][ T6944] __block_write_begin_int+0x464/0x1a80 [ 53.313976][ T6944] ? minix_rename+0x8c0/0x8c0 [ 53.318658][ T6944] ? __page_cache_alloc+0x10b/0x450 [ 53.324032][ T6944] ? remove_inode_buffers+0x1b0/0x1b0 [ 53.329407][ T6944] ? lock_downgrade+0x820/0x820 [ 53.334254][ T6944] ? wait_for_stable_page+0x11c/0x1e0 [ 53.339705][ T6944] ? minix_rename+0x8c0/0x8c0 [ 53.344367][ T6944] block_write_begin+0x58/0x2e0 [ 53.349218][ T6944] minix_write_begin+0x35/0x220 [ 53.354132][ T6944] generic_perform_write+0x20a/0x4f0 [ 53.359398][ T6944] ? __mnt_drop_write_file+0x6f/0xa0 [ 53.364658][ T6944] ? generic_file_readonly_mmap+0x1b0/0x1b0 [ 53.370582][ T6944] ? current_time+0x2c0/0x2c0 [ 53.375278][ T6944] ? down_write+0xdb/0x150 [ 53.379717][ T6944] __generic_file_write_iter+0x24b/0x610 [ 53.385391][ T6944] ? __lock_acquire+0xc1e/0x56e0 [ 53.390306][ T6944] generic_file_write_iter+0x3a6/0x5c0 [ 53.396090][ T6944] ? __generic_file_write_iter+0x610/0x610 [ 53.401873][ T6944] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 53.407829][ T6944] new_sync_write+0x422/0x650 [ 53.412482][ T6944] ? new_sync_read+0x6e0/0x6e0 [ 53.417378][ T6944] ? do_acct_process+0xea7/0x10c0 [ 53.422378][ T6944] ? lock_release+0x8d0/0x8d0 [ 53.427028][ T6944] ? find_held_lock+0x2d/0x110 [ 53.432168][ T6944] ? lock_downgrade+0x820/0x820 [ 53.437003][ T6944] __kernel_write+0x3f8/0x500 [ 53.441666][ T6944] do_acct_process+0xcc2/0x10c0 [ 53.446508][ T6944] ? acct_on+0x770/0x770 [ 53.450742][ T6944] ? __mmput+0x3b4/0x470 [ 53.454967][ T6944] acct_process+0x3b7/0x4e6 [ 53.459448][ T6944] do_exit+0x197e/0x2a40 [ 53.463674][ T6944] ? lock_acquire+0x1f1/0xad0 [ 53.468502][ T6944] ? find_held_lock+0x2d/0x110 [ 53.473258][ T6944] ? mm_update_next_owner+0x7a0/0x7a0 [ 53.478675][ T6944] ? get_signal+0x332/0x1ee0 [ 53.483334][ T6944] ? lock_downgrade+0x820/0x820 [ 53.488191][ T6944] ? lock_is_held_type+0xb0/0xe0 [ 53.493233][ T6944] do_group_exit+0x125/0x310 [ 53.497816][ T6944] get_signal+0x40b/0x1ee0 [ 53.502223][ T6944] ? futex_exit_release+0x220/0x220 [ 53.508114][ T6944] ? find_held_lock+0x2d/0x110 [ 53.512871][ T6944] do_signal+0x82/0x2520 [ 53.517103][ T6944] ? lock_downgrade+0x820/0x820 [ 53.521948][ T6944] ? lockdep_hardirqs_off+0x66/0xa0 [ 53.527129][ T6944] ? trace_hardirqs_off+0x27/0x210 [ 53.532215][ T6944] ? copy_siginfo_to_user32+0xa0/0xa0 [ 53.537587][ T6944] ? __x64_sys_futex+0x378/0x4e0 [ 53.542497][ T6944] ? __x64_sys_futex+0x382/0x4e0 [ 53.547501][ T6944] ? do_futex+0x1a60/0x1a60 [ 53.552504][ T6944] ? __prepare_exit_to_usermode+0xcc/0x1f0 [ 53.558288][ T6944] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 53.564247][ T6944] __prepare_exit_to_usermode+0x156/0x1f0 [ 53.569969][ T6944] do_syscall_64+0x6c/0xe0 [ 53.574363][ T6944] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 53.580238][ T6944] RIP: 0033:0x44b1a9 [ 53.584104][ T6944] Code: Bad RIP value. [ 53.588144][ T6944] RSP: 002b:00007f4782647cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 53.596552][ T6944] RAX: 0000000000000001 RBX: 00000000006ddc28 RCX: 000000000044b1a9 [ 53.604636][ T6944] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00000000006ddc2c [ 53.612780][ T6944] RBP: 00000000006ddc20 R08: 0000000000000000 R09: 0000000000000000 [ 53.620750][ T6944] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006ddc2c [ 53.628827][ T6944] R13: 00007ffc08a70a0f R14: 00007f47826489c0 R15: 0000000000000000 [ 53.636796][ T6944] [ 53.639124][ T6944] The buggy address belongs to the page: [ 53.644755][ T6944] page:ffffea00022003c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 [ 53.653881][ T6944] flags: 0xfffe0000000000() [ 53.658485][ T6944] raw: 00fffe0000000000 ffffea000219d4c8 ffffea000219d348 0000000000000000 [ 53.667057][ T6944] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 53.675616][ T6944] page dumped because: kasan: bad access detected [ 53.682102][ T6944] [ 53.684453][ T6944] Memory state around the buggy address: [ 53.690072][ T6944] ffff88808800f080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.698463][ T6944] ffff88808800f100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.707546][ T6944] >ffff88808800f180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.715617][ T6944] ^ [ 53.719939][ T6944] ffff88808800f200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.728085][ T6944] ffff88808800f280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 53.736126][ T6944] ================================================================== [ 53.744660][ T6944] Disabling lock debugging due to kernel taint [ 53.750903][ T6944] Kernel panic - not syncing: panic_on_warn set ... [ 53.757845][ T6944] CPU: 0 PID: 6944 Comm: syz-executor154 Tainted: G B 5.8.0-rc4-syzkaller #0 [ 53.767899][ T6944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.777946][ T6944] Call Trace: [ 53.781229][ T6944] dump_stack+0x18f/0x20d [ 53.785555][ T6944] ? get_block+0x1030/0x13a0 [ 53.790121][ T6944] panic+0x2e3/0x75c [ 53.794000][ T6944] ? __warn_printk+0xf3/0xf3 [ 53.798595][ T6944] ? get_block+0x1103/0x13a0 [ 53.803159][ T6944] ? trace_hardirqs_on+0x55/0x220 [ 53.808167][ T6944] ? get_block+0x1103/0x13a0 [ 53.812731][ T6944] ? get_block+0x1103/0x13a0 [ 53.817294][ T6944] end_report+0x4d/0x53 [ 53.821436][ T6944] kasan_report.cold+0xd/0x37 [ 53.826086][ T6944] ? get_block+0x1103/0x13a0 [ 53.830649][ T6944] get_block+0x1103/0x13a0 [ 53.835040][ T6944] ? free_branches+0x270/0x270 [ 53.839779][ T6944] ? create_empty_buffers+0x58f/0x820 [ 53.845126][ T6944] ? do_raw_spin_unlock+0x171/0x230 [ 53.850298][ T6944] minix_get_block+0xe5/0x110 [ 53.855120][ T6944] ? minix_rename+0x8c0/0x8c0 [ 53.859790][ T6944] __block_write_begin_int+0x464/0x1a80 [ 53.865323][ T6944] ? minix_rename+0x8c0/0x8c0 [ 53.869974][ T6944] ? __page_cache_alloc+0x10b/0x450 [ 53.875147][ T6944] ? remove_inode_buffers+0x1b0/0x1b0 [ 53.880493][ T6944] ? lock_downgrade+0x820/0x820 [ 53.885318][ T6944] ? wait_for_stable_page+0x11c/0x1e0 [ 53.890665][ T6944] ? minix_rename+0x8c0/0x8c0 [ 53.895325][ T6944] block_write_begin+0x58/0x2e0 [ 53.900148][ T6944] minix_write_begin+0x35/0x220 [ 53.904975][ T6944] generic_perform_write+0x20a/0x4f0 [ 53.910241][ T6944] ? __mnt_drop_write_file+0x6f/0xa0 [ 53.915507][ T6944] ? generic_file_readonly_mmap+0x1b0/0x1b0 [ 53.921374][ T6944] ? current_time+0x2c0/0x2c0 [ 53.926038][ T6944] ? down_write+0xdb/0x150 [ 53.930431][ T6944] __generic_file_write_iter+0x24b/0x610 [ 53.936037][ T6944] ? __lock_acquire+0xc1e/0x56e0 [ 53.940947][ T6944] generic_file_write_iter+0x3a6/0x5c0 [ 53.946379][ T6944] ? __generic_file_write_iter+0x610/0x610 [ 53.952442][ T6944] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 53.958396][ T6944] new_sync_write+0x422/0x650 [ 53.963052][ T6944] ? new_sync_read+0x6e0/0x6e0 [ 53.967790][ T6944] ? do_acct_process+0xea7/0x10c0 [ 53.972786][ T6944] ? lock_release+0x8d0/0x8d0 [ 53.977434][ T6944] ? find_held_lock+0x2d/0x110 [ 53.982171][ T6944] ? lock_downgrade+0x820/0x820 [ 53.986995][ T6944] __kernel_write+0x3f8/0x500 [ 53.991645][ T6944] do_acct_process+0xcc2/0x10c0 [ 53.996486][ T6944] ? acct_on+0x770/0x770 [ 54.000704][ T6944] ? __mmput+0x3b4/0x470 [ 54.004952][ T6944] acct_process+0x3b7/0x4e6 [ 54.009429][ T6944] do_exit+0x197e/0x2a40 [ 54.013732][ T6944] ? lock_acquire+0x1f1/0xad0 [ 54.018396][ T6944] ? find_held_lock+0x2d/0x110 [ 54.023129][ T6944] ? mm_update_next_owner+0x7a0/0x7a0 [ 54.028474][ T6944] ? get_signal+0x332/0x1ee0 [ 54.033051][ T6944] ? lock_downgrade+0x820/0x820 [ 54.037887][ T6944] ? lock_is_held_type+0xb0/0xe0 [ 54.042797][ T6944] do_group_exit+0x125/0x310 [ 54.047359][ T6944] get_signal+0x40b/0x1ee0 [ 54.051747][ T6944] ? futex_exit_release+0x220/0x220 [ 54.056917][ T6944] ? find_held_lock+0x2d/0x110 [ 54.061660][ T6944] do_signal+0x82/0x2520 [ 54.065882][ T6944] ? lock_downgrade+0x820/0x820 [ 54.070715][ T6944] ? lockdep_hardirqs_off+0x66/0xa0 [ 54.076061][ T6944] ? trace_hardirqs_off+0x27/0x210 [ 54.081149][ T6944] ? copy_siginfo_to_user32+0xa0/0xa0 [ 54.086672][ T6944] ? __x64_sys_futex+0x378/0x4e0 [ 54.091581][ T6944] ? __x64_sys_futex+0x382/0x4e0 [ 54.096498][ T6944] ? do_futex+0x1a60/0x1a60 [ 54.100979][ T6944] ? __prepare_exit_to_usermode+0xcc/0x1f0 [ 54.106772][ T6944] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 54.112727][ T6944] __prepare_exit_to_usermode+0x156/0x1f0 [ 54.118508][ T6944] do_syscall_64+0x6c/0xe0 [ 54.124026][ T6944] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 54.129890][ T6944] RIP: 0033:0x44b1a9 [ 54.133754][ T6944] Code: Bad RIP value. [ 54.137790][ T6944] RSP: 002b:00007f4782647cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 54.146432][ T6944] RAX: 0000000000000001 RBX: 00000000006ddc28 RCX: 000000000044b1a9 [ 54.154389][ T6944] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00000000006ddc2c [ 54.162440][ T6944] RBP: 00000000006ddc20 R08: 0000000000000000 R09: 0000000000000000 [ 54.170464][ T6944] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006ddc2c [ 54.178418][ T6944] R13: 00007ffc08a70a0f R14: 00007f47826489c0 R15: 0000000000000000 [ 54.187735][ T6944] Kernel Offset: disabled [ 54.192065][ T6944] Rebooting in 86400 seconds..