[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.30' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 40.656167] audit: type=1400 audit(1588515548.396:8): avc: denied { execmem } for pid=6428 comm="syz-executor526" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 40.677160] audit: type=1800 audit(1588515548.406:9): pid=6435 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor526" name="file0" dev="sda1" ino=15706 res=0 [ 40.699692] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 40.699695] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 40.717415] Process accounting resumed [ 40.718081] Process accounting resumed [ 40.729043] MINIX-fs: mounting unchecked file system, running fsck is recommended executing program executing program executing program [ 40.749714] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 40.759762] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 40.760957] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 40.776648] Process accounting resumed [ 40.779429] Process accounting resumed [ 40.795454] Process accounting resumed executing program executing program executing program executing program executing program executing program [ 40.807500] Process accounting resumed [ 40.813047] Process accounting resumed [ 40.820066] Process accounting resumed [ 40.833788] Process accounting resumed [ 40.843322] Process accounting resumed [ 40.848639] Process accounting resumed executing program executing program executing program executing program executing program executing program [ 40.855144] Process accounting resumed [ 40.859648] Process accounting resumed [ 40.865705] Process accounting resumed [ 40.876583] Process accounting resumed [ 40.877267] Process accounting resumed [ 40.889556] Process accounting resumed [ 40.899438] Process accounting resumed executing program executing program executing program executing program executing program executing program [ 40.904911] Process accounting resumed [ 40.911533] Process accounting resumed [ 40.925127] Process accounting resumed [ 40.925807] Process accounting resumed [ 40.939280] Process accounting resumed [ 40.950864] Process accounting resumed executing program executing program executing program executing program executing program executing program executing program [ 40.957326] Process accounting resumed [ 40.967061] Process accounting resumed [ 40.977321] Process accounting resumed [ 40.982758] Process accounting resumed [ 40.991608] Process accounting resumed [ 40.997643] Process accounting resumed executing program [ 41.010623] Process accounting resumed [ 41.017652] Process accounting resumed [ 41.024033] ================================================================== [ 41.031557] BUG: KASAN: use-after-free in get_block+0x1047/0x1300 [ 41.039621] Read of size 2 at addr ffff8880842527b8 by task syz-executor526/6486 [ 41.047147] [ 41.048784] CPU: 1 PID: 6486 Comm: syz-executor526 Not tainted 4.19.120-syzkaller #0 [ 41.056662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.066015] Call Trace: [ 41.068614] dump_stack+0x188/0x20d [ 41.072266] ? get_block+0x1047/0x1300 [ 41.076165] print_address_description.cold+0x7c/0x212 [ 41.081453] ? get_block+0x1047/0x1300 [ 41.085350] kasan_report.cold+0x88/0x2b9 [ 41.089520] get_block+0x1047/0x1300 [ 41.093254] ? block_to_path.isra.0+0x300/0x300 [ 41.097951] ? find_get_entry+0x370/0x900 [ 41.102113] ? lock_downgrade+0x740/0x740 [ 41.106272] minix_get_block+0xe5/0x110 [ 41.110259] __block_write_begin_int+0x480/0x17a0 [ 41.115116] ? minix_rename+0x8c0/0x8c0 [ 41.119106] ? __breadahead_gfp+0xf0/0xf0 [ 41.123260] ? pagecache_get_page+0x1b3/0xb20 [ 41.127767] ? wait_for_stable_page+0x124/0x3b0 [ 41.132458] ? minix_rename+0x8c0/0x8c0 [ 41.136441] block_write_begin+0x58/0x2e0 [ 41.140601] minix_write_begin+0x35/0xe0 [ 41.144677] generic_perform_write+0x1f8/0x4d0 [ 41.149287] ? page_endio+0x950/0x950 [ 41.153095] ? current_time+0x140/0x140 [ 41.157081] ? lock_acquire+0x170/0x400 [ 41.161077] __generic_file_write_iter+0x24c/0x610 [ 41.166017] generic_file_write_iter+0x37f/0x729 [ 41.170784] __vfs_write+0x512/0x760 [ 41.174507] ? kernel_read+0x110/0x110 [ 41.178416] ? lock_acquire+0x170/0x400 [ 41.182400] ? do_acct_process+0xebd/0x10e0 [ 41.186738] __kernel_write+0x109/0x370 [ 41.190740] do_acct_process+0xcd8/0x10e0 [ 41.194892] ? acct_on+0x760/0x760 [ 41.198438] ? acct_process+0x271/0x5c0 [ 41.202430] ? check_preemption_disabled+0x41/0x280 [ 41.207466] acct_process+0x517/0x5c0 [ 41.211318] ? acct_collect+0x810/0x810 [ 41.215303] ? rcu_read_lock_sched_held+0x10a/0x130 [ 41.220322] ? kmem_cache_free+0x218/0x260 [ 41.224572] do_exit+0x1738/0x2f30 [ 41.228139] ? mm_update_next_owner+0x650/0x650 [ 41.232817] ? up_read+0x17/0x110 [ 41.236283] ? __do_page_fault+0x44e/0xdd0 [ 41.240534] do_group_exit+0x125/0x350 [ 41.244436] __x64_sys_exit_group+0x3a/0x50 [ 41.248767] do_syscall_64+0xf9/0x620 [ 41.252577] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.257792] RIP: 0033:0x444798 [ 41.260988] Code: 00 00 be 3c 00 00 00 eb 19 66 0f 1f 84 00 00 00 00 00 48 89 d7 89 f0 0f 05 48 3d 00 f0 ff ff 77 21 f4 48 89 d7 44 89 c0 0f 05 <48> 3d 00 f0 ff ff 76 e0 f7 d8 64 41 89 01 eb d8 0f 1f 84 00 00 00 [ 41.279893] RSP: 002b:00007ffcd1393c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 41.287613] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444798 [ 41.295023] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 41.302296] RBP: 00000000004c4410 R08: 00000000000000e7 R09: ffffffffffffffd4 [ 41.309571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 41.316844] R13: 00000000006d6180 R14: 0000000000000000 R15: 0000000000000000 [ 41.324135] [ 41.325761] The buggy address belongs to the page: [ 41.330694] page:ffffea0002109480 count:0 mapcount:0 mapping:0000000000000000 index:0x1 [ 41.338839] flags: 0xfffe0000000000() [ 41.342648] raw: 00fffe0000000000 ffffea0002103e88 ffffea000210cc08 0000000000000000 [ 41.350537] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 41.358418] page dumped because: kasan: bad access detected [ 41.364126] [ 41.365748] Memory state around the buggy address: [ 41.370682] ffff888084252680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 41.378043] ffff888084252700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 41.385405] >ffff888084252780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 41.392773] ^ [ 41.397967] ffff888084252800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 41.405330] ffff888084252880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 41.412690] ================================================================== [ 41.420046] Disabling lock debugging due to kernel taint [ 41.425701] Kernel panic - not syncing: panic_on_warn set ... [ 41.425701] [ 41.433072] CPU: 1 PID: 6486 Comm: syz-executor526 Tainted: G B 4.19.120-syzkaller #0 [ 41.442339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 41.451691] Call Trace: [ 41.454286] dump_stack+0x188/0x20d [ 41.457922] panic+0x26a/0x50e [ 41.461120] ? __warn_printk+0xf3/0xf3 [ 41.465005] ? retint_kernel+0x2d/0x2d [ 41.468892] ? trace_hardirqs_on+0x55/0x210 [ 41.473218] ? get_block+0x1047/0x1300 [ 41.477114] kasan_end_report+0x43/0x49 [ 41.481090] kasan_report.cold+0xa4/0x2b9 [ 41.485246] get_block+0x1047/0x1300 [ 41.488972] ? block_to_path.isra.0+0x300/0x300 [ 41.493643] ? find_get_entry+0x370/0x900 [ 41.497799] ? lock_downgrade+0x740/0x740 [ 41.501951] minix_get_block+0xe5/0x110 [ 41.505932] __block_write_begin_int+0x480/0x17a0 [ 41.510781] ? minix_rename+0x8c0/0x8c0 [ 41.514762] ? __breadahead_gfp+0xf0/0xf0 [ 41.518913] ? pagecache_get_page+0x1b3/0xb20 [ 41.523498] ? wait_for_stable_page+0x124/0x3b0 [ 41.528177] ? minix_rename+0x8c0/0x8c0 [ 41.532154] block_write_begin+0x58/0x2e0 [ 41.536314] minix_write_begin+0x35/0xe0 [ 41.540945] generic_perform_write+0x1f8/0x4d0 [ 41.545538] ? page_endio+0x950/0x950 [ 41.549604] ? current_time+0x140/0x140 [ 41.553586] ? lock_acquire+0x170/0x400 [ 41.557565] __generic_file_write_iter+0x24c/0x610 [ 41.562501] generic_file_write_iter+0x37f/0x729 [ 41.567260] __vfs_write+0x512/0x760 [ 41.571074] ? kernel_read+0x110/0x110 [ 41.574965] ? lock_acquire+0x170/0x400 [ 41.578937] ? do_acct_process+0xebd/0x10e0 [ 41.583346] __kernel_write+0x109/0x370 [ 41.587315] do_acct_process+0xcd8/0x10e0 [ 41.591468] ? acct_on+0x760/0x760 [ 41.595013] ? acct_process+0x271/0x5c0 [ 41.599018] ? check_preemption_disabled+0x41/0x280 [ 41.604046] acct_process+0x517/0x5c0 [ 41.607841] ? acct_collect+0x810/0x810 [ 41.611804] ? rcu_read_lock_sched_held+0x10a/0x130 [ 41.617945] ? kmem_cache_free+0x218/0x260 [ 41.622576] do_exit+0x1738/0x2f30 [ 41.626118] ? mm_update_next_owner+0x650/0x650 [ 41.631999] ? up_read+0x17/0x110 [ 41.635434] ? __do_page_fault+0x44e/0xdd0 [ 41.639652] do_group_exit+0x125/0x350 [ 41.643524] __x64_sys_exit_group+0x3a/0x50 [ 41.647832] do_syscall_64+0xf9/0x620 [ 41.651624] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 41.657756] RIP: 0033:0x444798 [ 41.660978] Code: 00 00 be 3c 00 00 00 eb 19 66 0f 1f 84 00 00 00 00 00 48 89 d7 89 f0 0f 05 48 3d 00 f0 ff ff 77 21 f4 48 89 d7 44 89 c0 0f 05 <48> 3d 00 f0 ff ff 76 e0 f7 d8 64 41 89 01 eb d8 0f 1f 84 00 00 00 [ 41.679871] RSP: 002b:00007ffcd1393c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 41.687582] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444798 [ 41.694833] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 41.702081] RBP: 00000000004c4410 R08: 00000000000000e7 R09: ffffffffffffffd4 [ 41.709344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 41.716593] R13: 00000000006d6180 R14: 0000000000000000 R15: 0000000000000000 [ 41.726367] Kernel Offset: disabled [ 41.729998] Rebooting in 86400 seconds..