audit: type=1400 audit(1585792453.371:40): avc: denied { associate } for pid=8195 comm="syz-executor516" name="file0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 NOHZ: local_softirq_pending 08 NOHZ: local_softirq_pending 08 ================================================================== BUG: KASAN: use-after-free in add_chain fs/minix/itree_common.c:14 [inline] BUG: KASAN: use-after-free in get_branch fs/minix/itree_common.c:52 [inline] BUG: KASAN: use-after-free in get_block+0x1047/0x1300 fs/minix/itree_common.c:160 Read of size 2 at addr ffff88808fbd1130 by task syz-executor516/8195 CPU: 0 PID: 8195 Comm: syz-executor516 Not tainted 4.19.113-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x188/0x20d lib/dump_stack.c:118 print_address_description.cold+0x7c/0x212 mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report mm/kasan/report.c:412 [inline] kasan_report.cold+0x88/0x2b9 mm/kasan/report.c:396 add_chain fs/minix/itree_common.c:14 [inline] get_branch fs/minix/itree_common.c:52 [inline] get_block+0x1047/0x1300 fs/minix/itree_common.c:160 minix_get_block+0xe5/0x110 fs/minix/inode.c:379 block_read_full_page+0x28e/0xef0 fs/buffer.c:2248 do_read_cache_page+0x916/0x1700 mm/filemap.c:2828 read_mapping_page include/linux/pagemap.h:402 [inline] dir_get_page.isra.0+0x62/0xb0 fs/minix/dir.c:70 minix_find_entry+0x200/0x7b0 fs/minix/dir.c:170 minix_inode_by_name+0x6d/0x452 fs/minix/dir.c:454 minix_lookup fs/minix/namei.c:30 [inline] minix_lookup+0x103/0x190 fs/minix/namei.c:22 lookup_open+0x681/0x19b0 fs/namei.c:3214 do_last fs/namei.c:3327 [inline] path_openat+0x13cb/0x4200 fs/namei.c:3537 do_filp_open+0x1a1/0x280 fs/namei.c:3567 do_sys_open+0x3c0/0x500 fs/open.c:1085 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x4481b9 Code: dd d1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab d1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffc05065848 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004481b9 RDX: 0000000000000000 RSI: 0000000000020040 RDI: 0000000020000040 RBP: 00007ffc05065870 R08: 00007ffc05065870 R09: 0000000000000000 R10: 00007ffc05065730 R11: 0000000000000246 R12: 00007ffc050658a0 R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000 The buggy address belongs to the page: page:ffffea00023ef440 count:0 mapcount:0 mapping:0000000000000000 index:0x1 flags: 0xfffe0000000000() raw: 00fffe0000000000 dead000000000100 dead000000000200 0000000000000000 raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88808fbd1000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88808fbd1080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff88808fbd1100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff88808fbd1180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff88808fbd1200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ==================================================================