Warning: Permanently added '10.128.0.215' (ECDSA) to the list of known hosts. syzkaller login: [ 34.600463] audit: type=1400 audit(1594576602.252:8): avc: denied { execmem } for pid=6355 comm="syz-executor063" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 34.895516] IPVS: ftp: loaded support on port[0] = 21 executing program [ 35.685403] audit: type=1800 audit(1594576603.343:9): pid=6356 uid=0 auid=0 ses=5 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor063" name="file0" dev="sda1" ino=15707 res=0 [ 35.691062] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 35.724562] Process accounting resumed [ 35.735004] ================================================================== [ 35.742469] BUG: KASAN: slab-out-of-bounds in get_block+0xe06/0x1100 [ 35.748966] Read of size 2 at addr ffff88808f8a018a by task syz-executor063/6356 [ 35.756502] [ 35.758117] CPU: 1 PID: 6356 Comm: syz-executor063 Not tainted 4.14.184-syzkaller #0 [ 35.765976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 35.775330] Call Trace: [ 35.777909] dump_stack+0x1b2/0x283 [ 35.781516] ? get_block+0xe06/0x1100 [ 35.785295] print_address_description.cold+0x54/0x1dc [ 35.791901] ? get_block+0xe06/0x1100 [ 35.795680] kasan_report.cold+0xa9/0x2b9 [ 35.799817] get_block+0xe06/0x1100 [ 35.803440] ? block_to_path.isra.0+0x2d0/0x2d0 [ 35.808099] ? create_page_buffers+0x14d/0x1c0 [ 35.812662] ? lock_downgrade+0x6e0/0x6e0 [ 35.817481] ? create_empty_buffers+0x264/0x470 [ 35.822140] ? do_raw_spin_unlock+0x164/0x250 [ 35.826627] minix_get_block+0xd6/0x100 [ 35.830580] __block_write_begin_int+0x33a/0x1000 [ 35.835417] ? minix_lookup+0x180/0x180 [ 35.839367] ? add_to_page_cache_lru+0x151/0x300 [ 35.844119] ? __breadahead_gfp+0xd0/0xd0 [ 35.848245] ? wait_for_stable_page+0xe3/0x260 [ 35.852816] ? minix_lookup+0x180/0x180 [ 35.856765] block_write_begin+0x58/0x260 [ 35.860905] minix_write_begin+0x35/0xc0 [ 35.864965] generic_perform_write+0x1c9/0x420 [ 35.869525] ? __mnt_drop_write+0x40/0x70 [ 35.873651] ? filemap_page_mkwrite+0x2d0/0x2d0 [ 35.878295] ? current_time+0xb0/0xb0 [ 35.882072] ? lock_acquire+0x170/0x3f0 [ 35.886036] __generic_file_write_iter+0x227/0x590 [ 35.890965] generic_file_write_iter+0x36f/0x650 [ 35.895704] ? iov_iter_init+0xa6/0x1c0 [ 35.899664] __vfs_write+0x44e/0x630 [ 35.903373] ? kernel_read+0x110/0x110 [ 35.907256] ? __task_pid_nr_ns+0x1c3/0x440 [ 35.911567] ? do_acct_process+0xc41/0xf60 [ 35.916477] __kernel_write+0xf5/0x330 [ 35.920343] do_acct_process+0xb49/0xf60 [ 35.924383] ? acct_put+0x40/0x40 [ 35.927810] ? acct_process+0x179/0x422 [ 35.931768] acct_process+0x38a/0x422 [ 35.936516] do_exit+0x1728/0x2ae0 [ 35.940038] ? __do_page_fault+0x5a0/0xb50 [ 35.944597] ? mm_update_next_owner+0x5b0/0x5b0 [ 35.949256] ? lock_downgrade+0x6e0/0x6e0 [ 35.953665] do_group_exit+0x100/0x2e0 [ 35.957538] SyS_exit_group+0x19/0x20 [ 35.961342] ? do_group_exit+0x2e0/0x2e0 [ 35.965384] do_syscall_64+0x1d5/0x640 [ 35.969267] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 35.974438] RIP: 0033:0x443e28 [ 35.977616] RSP: 002b:00007ffcab085fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 35.985316] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000443e28 [ 35.992581] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001 [ 35.999858] RBP: 00000000004c4af0 R08: 00000000000000e7 R09: ffffffffffffffd4 [ 36.007125] R10: 00007ffcab085ef0 R11: 0000000000000246 R12: 0000000000000001 [ 36.014382] R13: 00000000006d7180 R14: 0000000000000000 R15: 0000000000000000 [ 36.022525] [ 36.024146] Allocated by task 6284: [ 36.027756] kasan_kmalloc.part.0+0x4f/0xd0 [ 36.032063] kmem_cache_alloc+0x124/0x3c0 [ 36.036200] getname_flags+0xc8/0x550 [ 36.039987] do_sys_open+0x202/0x3e0 [ 36.043693] do_syscall_64+0x1d5/0x640 [ 36.047568] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 36.052732] [ 36.054355] Freed by task 6284: [ 36.057614] kasan_slab_free+0xaf/0x190 [ 36.061569] kmem_cache_free+0x7c/0x2b0 [ 36.065526] putname+0xcd/0x110 [ 36.068794] do_sys_open+0x233/0x3e0 [ 36.072507] do_syscall_64+0x1d5/0x640 [ 36.076384] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 36.081554] [ 36.083156] The buggy address belongs to the object at ffff88808f8a0580 [ 36.083156] which belongs to the cache names_cache of size 4096 [ 36.096057] The buggy address is located 1014 bytes to the left of [ 36.096057] 4096-byte region [ffff88808f8a0580, ffff88808f8a1580) [ 36.108530] The buggy address belongs to the page: [ 36.113451] page:ffffea00023e2800 count:1 mapcount:0 mapping:ffff88808f8a0580 index:0x0 compound_mapcount: 0 [ 36.123394] flags: 0xfffe0000008100(slab|head) [ 36.127951] raw: 00fffe0000008100 ffff88808f8a0580 0000000000000000 0000000100000001 [ 36.135816] raw: ffffea00023e47a0 ffffea00023e2920 ffff8880aa9dacc0 0000000000000000 [ 36.143687] page dumped because: kasan: bad access detected [ 36.149368] [ 36.150967] Memory state around the buggy address: [ 36.155882] ffff88808f8a0080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.163228] ffff88808f8a0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.170563] >ffff88808f8a0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.177894] ^ [ 36.181493] ffff88808f8a0200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.188837] ffff88808f8a0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.196178] ================================================================== [ 36.203525] Disabling lock debugging due to kernel taint [ 36.209069] Kernel panic - not syncing: panic_on_warn set ... [ 36.209069] [ 36.216434] CPU: 1 PID: 6356 Comm: syz-executor063 Tainted: G B 4.14.184-syzkaller #0 [ 36.225518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.234856] Call Trace: [ 36.237446] dump_stack+0x1b2/0x283 [ 36.241068] panic+0x1f9/0x42d [ 36.244252] ? add_taint.cold+0x16/0x16 [ 36.248234] ? get_block+0xe06/0x1100 [ 36.252009] kasan_end_report+0x43/0x49 [ 36.255956] kasan_report.cold+0x12f/0x2b9 [ 36.260178] get_block+0xe06/0x1100 [ 36.263783] ? block_to_path.isra.0+0x2d0/0x2d0 [ 36.268422] ? create_page_buffers+0x14d/0x1c0 [ 36.272981] ? lock_downgrade+0x6e0/0x6e0 [ 36.277123] ? create_empty_buffers+0x264/0x470 [ 36.281780] ? do_raw_spin_unlock+0x164/0x250 [ 36.286252] minix_get_block+0xd6/0x100 [ 36.290203] __block_write_begin_int+0x33a/0x1000 [ 36.295022] ? minix_lookup+0x180/0x180 [ 36.298985] ? add_to_page_cache_lru+0x151/0x300 [ 36.303723] ? __breadahead_gfp+0xd0/0xd0 [ 36.307854] ? wait_for_stable_page+0xe3/0x260 [ 36.312408] ? minix_lookup+0x180/0x180 [ 36.316355] block_write_begin+0x58/0x260 [ 36.320486] minix_write_begin+0x35/0xc0 [ 36.324520] generic_perform_write+0x1c9/0x420 [ 36.329078] ? __mnt_drop_write+0x40/0x70 [ 36.333208] ? filemap_page_mkwrite+0x2d0/0x2d0 [ 36.337851] ? current_time+0xb0/0xb0 [ 36.341628] ? lock_acquire+0x170/0x3f0 [ 36.345578] __generic_file_write_iter+0x227/0x590 [ 36.350482] generic_file_write_iter+0x36f/0x650 [ 36.355213] ? iov_iter_init+0xa6/0x1c0 [ 36.359161] __vfs_write+0x44e/0x630 [ 36.362854] ? kernel_read+0x110/0x110 [ 36.366716] ? __task_pid_nr_ns+0x1c3/0x440 [ 36.371013] ? do_acct_process+0xc41/0xf60 [ 36.375232] __kernel_write+0xf5/0x330 [ 36.379102] do_acct_process+0xb49/0xf60 [ 36.383133] ? acct_put+0x40/0x40 [ 36.386559] ? acct_process+0x179/0x422 [ 36.390507] acct_process+0x38a/0x422 [ 36.394281] do_exit+0x1728/0x2ae0 [ 36.397819] ? __do_page_fault+0x5a0/0xb50 [ 36.402026] ? mm_update_next_owner+0x5b0/0x5b0 [ 36.406677] ? lock_downgrade+0x6e0/0x6e0 [ 36.410810] do_group_exit+0x100/0x2e0 [ 36.414670] SyS_exit_group+0x19/0x20 [ 36.418439] ? do_group_exit+0x2e0/0x2e0 [ 36.422472] do_syscall_64+0x1d5/0x640 [ 36.426335] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 36.431513] RIP: 0033:0x443e28 [ 36.434684] RSP: 002b:00007ffcab085fd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.442373] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000443e28 [ 36.449628] RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001 [ 36.456875] RBP: 00000000004c4af0 R08: 00000000000000e7 R09: ffffffffffffffd4 [ 36.464131] R10: 00007ffcab085ef0 R11: 0000000000000246 R12: 0000000000000001 [ 36.471383] R13: 00000000006d7180 R14: 0000000000000000 R15: 0000000000000000 [ 36.479304] Kernel Offset: disabled [ 36.482926] Rebooting in 86400 seconds..