[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.59' (ECDSA) to the list of known hosts.
executing program
syzkaller login: [   42.814657][ T6769] IPVS: ftp: loaded support on port[0] = 21
[   42.858322][   T29] audit: type=1800 audit(1594578741.576:2): pid=6792 uid=0 auid=0 ses=5 subj=_ op=collect_data cause=failed(directio) comm="syz-executor093" name="file0" dev="sda1" ino=15705 res=0
[   42.884330][ T6792] MINIX-fs: mounting unchecked file system, running fsck is recommended
[   42.906847][ T6792] Process accounting resumed
[   42.912343][ T6792] ==================================================================
[   42.920521][ T6792] BUG: KASAN: use-after-free in get_block+0x69a/0x1600
[   42.927555][ T6792] Read of size 2 at addr ffff8880a929518a by task syz-executor093/6792
[   42.935780][ T6792] 
[   42.938104][ T6792] CPU: 1 PID: 6792 Comm: syz-executor093 Not tainted 5.8.0-rc4-syzkaller #0
[   42.946758][ T6792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   42.956793][ T6792] Call Trace:
[   42.960073][ T6792]  dump_stack+0x1f0/0x31e
[   42.964428][ T6792]  print_address_description+0x66/0x5a0
[   42.969950][ T6792]  ? vprintk_emit+0x342/0x3c0
[   42.974600][ T6792]  ? printk+0x62/0x83
[   42.978565][ T6792]  ? vprintk_emit+0x339/0x3c0
[   42.983217][ T6792]  kasan_report+0x132/0x1d0
[   42.987710][ T6792]  ? get_block+0x69a/0x1600
[   42.992207][ T6792]  get_block+0x69a/0x1600
[   42.996545][ T6792]  ? minix_get_block+0x90/0xf0
[   43.001284][ T6792]  __block_write_begin_int+0x708/0x1a00
[   43.006813][ T6792]  ? minix_prepare_chunk+0x30/0x30
[   43.011904][ T6792]  ? wait_for_stable_page+0x10f/0x150
[   43.017258][ T6792]  ? minix_prepare_chunk+0x30/0x30
[   43.022384][ T6792]  block_write_begin+0x59/0x280
[   43.027245][ T6792]  minix_write_begin+0x38/0x1f0
[   43.032072][ T6792]  generic_perform_write+0x23b/0x4e0
[   43.037441][ T6792]  __generic_file_write_iter+0x22b/0x4e0
[   43.043055][ T6792]  ? down_write+0xcd/0x130
[   43.047574][ T6792]  generic_file_write_iter+0x4a6/0x650
[   43.053016][ T6792]  __kernel_write+0x85b/0xa60
[   43.057732][ T6792]  do_acct_process+0xec6/0x12b0
[   43.062574][ T6792]  acct_process+0x398/0x4a0
[   43.067075][ T6792]  do_exit+0x593/0x1f80
[   43.071207][ T6792]  ? __up_read+0x1f1/0x6f0
[   43.075616][ T6792]  ? do_user_addr_fault+0x768/0xba0
[   43.080788][ T6792]  do_group_exit+0x161/0x2d0
[   43.085372][ T6792]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   43.091411][ T6792]  __do_sys_exit_group+0x13/0x20
[   43.096326][ T6792]  __se_sys_exit_group+0x10/0x10
[   43.101274][ T6792]  __x64_sys_exit_group+0x37/0x40
[   43.106275][ T6792]  do_syscall_64+0x73/0xe0
[   43.110678][ T6792]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   43.116587][ T6792] RIP: 0033:0x444fa8
[   43.120449][ T6792] Code: Bad RIP value.
[   43.124546][ T6792] RSP: 002b:00007ffdf96d70e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   43.132932][ T6792] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444fa8
[   43.141224][ T6792] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   43.149183][ T6792] RBP: 00000000004c74d0 R08: 00000000000000e7 R09: ffffffffffffffd4
[   43.157129][ T6792] R10: 00007ffdf96d7000 R11: 0000000000000246 R12: 0000000000000001
[   43.165096][ T6792] R13: 00000000006da5e0 R14: 0000000000000000 R15: 0000000000000000
[   43.173059][ T6792] 
[   43.175375][ T6792] Allocated by task 6750:
[   43.179681][ T6792]  __kasan_kmalloc+0x103/0x140
[   43.184431][ T6792]  kmem_cache_alloc+0x1f5/0x2d0
[   43.189268][ T6792]  dup_mmap+0x53c/0xd60
[   43.193393][ T6792]  dup_mm+0x98/0x320
[   43.197263][ T6792]  copy_process+0x1fa5/0x52f0
[   43.201917][ T6792]  _do_fork+0x134/0x650
[   43.206043][ T6792]  __x64_sys_clone+0x21c/0x260
[   43.210782][ T6792]  do_syscall_64+0x73/0xe0
[   43.215171][ T6792]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   43.221043][ T6792] 
[   43.223353][ T6792] Freed by task 6756:
[   43.227313][ T6792]  __kasan_slab_free+0x114/0x170
[   43.232235][ T6792]  kmem_cache_free+0x7e/0xf0
[   43.236805][ T6792]  exit_mmap+0x44d/0x530
[   43.241020][ T6792]  __mmput+0x113/0x370
[   43.245070][ T6792]  begin_new_exec+0xa53/0x15c0
[   43.249819][ T6792]  load_elf_binary+0x60f/0x48a0
[   43.254641][ T6792]  __do_execve_file+0x1550/0x2310
[   43.259727][ T6792]  __x64_sys_execve+0x90/0xa0
[   43.264375][ T6792]  do_syscall_64+0x73/0xe0
[   43.268764][ T6792]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   43.274630][ T6792] 
[   43.276932][ T6792] The buggy address belongs to the object at ffff8880a9295148
[   43.276932][ T6792]  which belongs to the cache vm_area_struct of size 200
[   43.291219][ T6792] The buggy address is located 66 bytes inside of
[   43.291219][ T6792]  200-byte region [ffff8880a9295148, ffff8880a9295210)
[   43.304371][ T6792] The buggy address belongs to the page:
[   43.310006][ T6792] page:ffffea0002a4a540 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[   43.319101][ T6792] flags: 0xfffe0000000200(slab)
[   43.323930][ T6792] raw: 00fffe0000000200 ffffea0002484548 ffffea00028a7088 ffff8880aa5d5700
[   43.332505][ T6792] raw: 0000000000000000 ffff8880a9295040 000000010000000f 0000000000000000
[   43.341076][ T6792] page dumped because: kasan: bad access detected
[   43.347461][ T6792] 
[   43.349764][ T6792] Memory state around the buggy address:
[   43.355368][ T6792]  ffff8880a9295080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.363400][ T6792]  ffff8880a9295100: fb fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb
[   43.371437][ T6792] >ffff8880a9295180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.379468][ T6792]                       ^
[   43.383773][ T6792]  ffff8880a9295200: fb fb fc fc fc fc fc fc fc fc fb fb fb fb fb fb
[   43.391807][ T6792]  ffff8880a9295280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   43.399838][ T6792] ==================================================================
[   43.407868][ T6792] Disabling lock debugging due to kernel taint
[   43.414376][ T6792] Kernel panic - not syncing: panic_on_warn set ...
[   43.420969][ T6792] CPU: 1 PID: 6792 Comm: syz-executor093 Tainted: G    B             5.8.0-rc4-syzkaller #0
[   43.431026][ T6792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   43.441071][ T6792] Call Trace:
[   43.444356][ T6792]  dump_stack+0x1f0/0x31e
[   43.448688][ T6792]  panic+0x264/0x7a0
[   43.452603][ T6792]  ? trace_hardirqs_on+0x30/0x80
[   43.457533][ T6792]  ? _raw_spin_unlock_irqrestore+0xa5/0xd0
[   43.463325][ T6792]  kasan_report+0x1c9/0x1d0
[   43.467816][ T6792]  ? get_block+0x69a/0x1600
[   43.472304][ T6792]  get_block+0x69a/0x1600
[   43.476607][ T6792]  ? minix_get_block+0x90/0xf0
[   43.481343][ T6792]  __block_write_begin_int+0x708/0x1a00
[   43.486862][ T6792]  ? minix_prepare_chunk+0x30/0x30
[   43.491942][ T6792]  ? wait_for_stable_page+0x10f/0x150
[   43.497284][ T6792]  ? minix_prepare_chunk+0x30/0x30
[   43.502578][ T6792]  block_write_begin+0x59/0x280
[   43.507405][ T6792]  minix_write_begin+0x38/0x1f0
[   43.512251][ T6792]  generic_perform_write+0x23b/0x4e0
[   43.517526][ T6792]  __generic_file_write_iter+0x22b/0x4e0
[   43.523129][ T6792]  ? down_write+0xcd/0x130
[   43.527523][ T6792]  generic_file_write_iter+0x4a6/0x650
[   43.532955][ T6792]  __kernel_write+0x85b/0xa60
[   43.537622][ T6792]  do_acct_process+0xec6/0x12b0
[   43.542447][ T6792]  acct_process+0x398/0x4a0
[   43.546920][ T6792]  do_exit+0x593/0x1f80
[   43.551045][ T6792]  ? __up_read+0x1f1/0x6f0
[   43.555432][ T6792]  ? do_user_addr_fault+0x768/0xba0
[   43.560600][ T6792]  do_group_exit+0x161/0x2d0
[   43.565165][ T6792]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   43.571204][ T6792]  __do_sys_exit_group+0x13/0x20
[   43.576116][ T6792]  __se_sys_exit_group+0x10/0x10
[   43.589812][ T6792]  __x64_sys_exit_group+0x37/0x40
[   43.594821][ T6792]  do_syscall_64+0x73/0xe0
[   43.599227][ T6792]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   43.605089][ T6792] RIP: 0033:0x444fa8
[   43.608951][ T6792] Code: Bad RIP value.
[   43.613024][ T6792] RSP: 002b:00007ffdf96d70e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[   43.621402][ T6792] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000444fa8
[   43.629481][ T6792] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000
[   43.637455][ T6792] RBP: 00000000004c74d0 R08: 00000000000000e7 R09: ffffffffffffffd4
[   43.645397][ T6792] R10: 00007ffdf96d7000 R11: 0000000000000246 R12: 0000000000000001
[   43.653366][ T6792] R13: 00000000006da5e0 R14: 0000000000000000 R15: 0000000000000000
[   43.662372][ T6792] Kernel Offset: disabled
[   43.666677][ T6792] Rebooting in 86400 seconds..