[ OK ] Started Getty on tty3. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 36.836110][ T6775] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6775 [ 36.845867][ T6775] caller is ext4_mb_new_blocks+0x301/0x1620 [ 36.852266][ T6775] CPU: 1 PID: 6775 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 36.860843][ T6775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.870877][ T6775] Call Trace: [ 36.874493][ T6775] dump_stack+0x1f0/0x31e [ 36.878819][ T6775] check_preemption_disabled+0x1c9/0x240 [ 36.884542][ T6775] ext4_mb_new_blocks+0x301/0x1620 [ 36.889639][ T6775] ext4_ext_map_blocks+0x2ad5/0x6d20 [ 36.894910][ T6775] ? ext4_map_blocks+0x7ea/0x19e0 [ 36.899920][ T6775] ext4_map_blocks+0x8c1/0x19e0 [ 36.904760][ T6775] ext4_getblk+0xa4/0x460 [ 36.909259][ T6775] ext4_bread+0x48/0x330 [ 36.913508][ T6775] ext4_append+0x153/0x2d0 [ 36.917901][ T6775] ext4_mkdir+0x75f/0x14c0 [ 36.922304][ T6775] vfs_mkdir+0x42a/0x620 [ 36.926545][ T6775] do_mkdirat+0x1b9/0x310 [ 36.930851][ T6775] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 36.936889][ T6775] do_syscall_64+0x73/0xe0 [ 36.941342][ T6775] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 36.947329][ T6775] RIP: 0033:0x7fca63fdf687 [ 36.951720][ T6775] Code: Bad RIP value. [ 36.955858][ T6775] RSP: 002b:00007ffe68272c38 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 36.964242][ T6775] RAX: ffffffffffffffda RBX: 00005645df78a985 RCX: 00007fca63fdf687 [ 36.972478][ T6775] RDX: 00007ffe68272b00 RSI: 00000000000001ed RDI: 00005645df78a985 [ 36.980449][ T6775] RBP: 00007fca63fdf680 R08: 0000000000000100 R09: 0000000000000000 [ 36.988406][ T6775] R10: 00005645df78a980 R11: 0000000000000246 R12: 00000000000001ed [ 36.996351][ T6775] R13: 00007ffe68272dc0 R14: 0000000000000000 R15: 0000000000000000 Warning: Permanently added '10.128.10.24' (ECDSA) to the list of known hosts. 2020/06/14 22:13:24 fuzzer started 2020/06/14 22:13:25 connecting to host at 10.128.0.26:38283 2020/06/14 22:13:25 checking machine... 2020/06/14 22:13:25 checking revisions... 2020/06/14 22:13:25 testing simple program... [ 42.245930][ T6784] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6784 [ 42.255396][ T6784] caller is ext4_mb_new_blocks+0x301/0x1620 [ 42.261362][ T6784] CPU: 0 PID: 6784 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 42.269702][ T6784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.279909][ T6784] Call Trace: [ 42.283209][ T6784] dump_stack+0x1f0/0x31e [ 42.287517][ T6784] check_preemption_disabled+0x1c9/0x240 [ 42.293126][ T6784] ext4_mb_new_blocks+0x301/0x1620 [ 42.298245][ T6784] ext4_ext_map_blocks+0x2ad5/0x6d20 [ 42.303521][ T6784] ? ext4_map_blocks+0x7ea/0x19e0 [ 42.308527][ T6784] ext4_map_blocks+0x8c1/0x19e0 [ 42.313364][ T6784] ext4_getblk+0xa4/0x460 [ 42.317668][ T6784] ext4_bread+0x48/0x330 [ 42.321894][ T6784] ext4_append+0x153/0x2d0 [ 42.326298][ T6784] ext4_mkdir+0x75f/0x14c0 [ 42.330695][ T6784] vfs_mkdir+0x42a/0x620 [ 42.334911][ T6784] do_mkdirat+0x1b9/0x310 [ 42.339230][ T6784] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 42.345270][ T6784] do_syscall_64+0x73/0xe0 [ 42.349659][ T6784] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 42.355523][ T6784] RIP: 0033:0x4b02a0 [ 42.359394][ T6784] Code: Bad RIP value. [ 42.363429][ T6784] RSP: 002b:000000c0000fb4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 42.371810][ T6784] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 42.379760][ T6784] RDX: 00000000000001c0 RSI: 000000c000294300 RDI: ffffffffffffff9c [ 42.387716][ T6784] RBP: 000000c0000fb510 R08: 0000000000000000 R09: 0000000000000000 [ 42.395671][ T6784] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 42.403625][ T6784] R13: 0000000000000019 R14: 0000000000000018 R15: 0000000000000100 [ 42.419988][ T6803] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6803 [ 42.429449][ T6803] caller is ext4_mb_new_blocks+0x301/0x1620 [ 42.435333][ T6803] CPU: 0 PID: 6803 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 42.443891][ T6803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.453960][ T6803] Call Trace: [ 42.457236][ T6803] dump_stack+0x1f0/0x31e [ 42.461544][ T6803] check_preemption_disabled+0x1c9/0x240 [ 42.467155][ T6803] ext4_mb_new_blocks+0x301/0x1620 [ 42.472247][ T6803] ext4_ext_map_blocks+0x2ad5/0x6d20 [ 42.477531][ T6803] ? ext4_map_blocks+0x7ea/0x19e0 [ 42.482537][ T6803] ext4_map_blocks+0x8c1/0x19e0 [ 42.487369][ T6803] ext4_getblk+0xa4/0x460 [ 42.491672][ T6803] ext4_bread+0x48/0x330 [ 42.496175][ T6803] ext4_append+0x153/0x2d0 [ 42.500588][ T6803] ext4_mkdir+0x75f/0x14c0 [ 42.504988][ T6803] vfs_mkdir+0x42a/0x620 [ 42.509236][ T6803] do_mkdirat+0x1b9/0x310 [ 42.513540][ T6803] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 42.519579][ T6803] do_syscall_64+0x73/0xe0 [ 42.523966][ T6803] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 42.529829][ T6803] RIP: 0033:0x45bee7 [ 42.533689][ T6803] Code: Bad RIP value. [ 42.537736][ T6803] RSP: 002b:00007fff4b562368 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 42.546117][ T6803] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 42.554073][ T6803] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007fff4b562540 [ 42.562017][ T6803] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002780 [ 42.569960][ T6803] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 42.577904][ T6803] R13: 00007fff4b562540 R14: 8421084210842109 R15: 00007fff4b56254c [ 42.648843][ T6804] IPVS: ftp: loaded support on port[0] = 21 [ 42.679880][ T6804] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6804 [ 42.689330][ T6804] caller is ext4_mb_new_blocks+0x301/0x1620 [ 42.695315][ T6804] CPU: 1 PID: 6804 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 42.703867][ T6804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.714588][ T6804] Call Trace: [ 42.717852][ T6804] dump_stack+0x1f0/0x31e [ 42.722158][ T6804] check_preemption_disabled+0x1c9/0x240 [ 42.727764][ T6804] ext4_mb_new_blocks+0x301/0x1620 [ 42.732855][ T6804] ext4_ext_map_blocks+0x2ad5/0x6d20 [ 42.738138][ T6804] ? ext4_map_blocks+0x7ea/0x19e0 [ 42.743261][ T6804] ext4_map_blocks+0x8c1/0x19e0 [ 42.748265][ T6804] ext4_getblk+0xa4/0x460 [ 42.752580][ T6804] ext4_bread+0x48/0x330 [ 42.756795][ T6804] ext4_append+0x153/0x2d0 [ 42.761185][ T6804] ext4_mkdir+0x75f/0x14c0 [ 42.765582][ T6804] vfs_mkdir+0x42a/0x620 [ 42.769830][ T6804] do_mkdirat+0x1b9/0x310 [ 42.774150][ T6804] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 42.780185][ T6804] do_syscall_64+0x73/0xe0 [ 42.784577][ T6804] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 42.790453][ T6804] RIP: 0033:0x45bee7 [ 42.794324][ T6804] Code: Bad RIP value. [ 42.798369][ T6804] RSP: 002b:00007fff4b562258 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 42.806816][ T6804] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 42.814765][ T6804] RDX: 00007fff4b5622a3 RSI: 00000000000001ff RDI: 00007fff4b5622a0 [ 42.822712][ T6804] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 42.830668][ T6804] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 42.838644][ T6804] R13: 00007fff4b562290 R14: 0000000000000000 R15: 00007fff4b5622a0 [ 42.898547][ T6804] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6804 [ 42.908175][ T6804] caller is ext4_mb_new_blocks+0x301/0x1620 [ 42.914071][ T6804] CPU: 1 PID: 6804 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 42.922640][ T6804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.932683][ T6804] Call Trace: [ 42.935971][ T6804] dump_stack+0x1f0/0x31e [ 42.940282][ T6804] check_preemption_disabled+0x1c9/0x240 [ 42.945890][ T6804] ext4_mb_new_blocks+0x301/0x1620 [ 42.950980][ T6804] ext4_ext_map_blocks+0x2ad5/0x6d20 [ 42.956260][ T6804] ? ext4_map_blocks+0x7ea/0x19e0 [ 42.961302][ T6804] ext4_map_blocks+0x8c1/0x19e0 [ 42.966143][ T6804] ext4_getblk+0xa4/0x460 [ 42.970487][ T6804] ext4_bread+0x48/0x330 [ 42.974712][ T6804] ext4_append+0x153/0x2d0 [ 42.979107][ T6804] ext4_mkdir+0x75f/0x14c0 [ 42.983505][ T6804] vfs_mkdir+0x42a/0x620 [ 42.987725][ T6804] do_mkdirat+0x1b9/0x310 [ 42.992029][ T6804] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 42.998069][ T6804] do_syscall_64+0x73/0xe0 [ 43.002455][ T6804] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.008317][ T6804] RIP: 0033:0x45bee7 [ 43.012179][ T6804] Code: Bad RIP value. [ 43.016215][ T6804] RSP: 002b:00007fff4b562258 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 43.024592][ T6804] RAX: ffffffffffffffda RBX: 000000000000a784 RCX: 000000000045bee7 [ 43.032535][ T6804] RDX: 00007fff4b5622a3 RSI: 00000000000001ff RDI: 00007fff4b5622a0 [ 43.040488][ T6804] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/14 22:13:26 building call list... [ 43.048446][ T6804] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 43.056400][ T6804] R13: 00007fff4b562290 R14: 000000000000a77e R15: 00007fff4b5622a0 [ 43.305816][ T21] tipc: TX() has been purged, node left! [ 43.787673][ T21] ================================================================== [ 43.795880][ T21] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x16f/0x1c0 [ 43.803760][ T21] Write of size 1 at addr ffff8880973ab1e4 by task kworker/u4:1/21 [ 43.811646][ T21] [ 43.813977][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc1-syzkaller #0 [ 43.822201][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.832254][ T21] Workqueue: netns cleanup_net [ 43.837004][ T21] Call Trace: [ 43.840287][ T21] dump_stack+0x1f0/0x31e [ 43.844617][ T21] print_address_description+0x66/0x5a0 [ 43.850152][ T21] ? vprintk_emit+0x342/0x3c0 [ 43.854825][ T21] ? printk+0x62/0x83 [ 43.859151][ T21] ? vprintk_emit+0x339/0x3c0 [ 43.863824][ T21] kasan_report+0x132/0x1d0 [ 43.868323][ T21] ? afs_wake_up_async_call+0x16f/0x1c0 [ 43.873870][ T21] ? afs_make_call+0x24f0/0x24f0 [ 43.878805][ T21] afs_wake_up_async_call+0x16f/0x1c0 [ 43.884179][ T21] ? afs_make_call+0x24f0/0x24f0 [ 43.889109][ T21] rxrpc_notify_socket+0x1e7/0x4a0 [ 43.894218][ T21] rxrpc_call_completed+0x131/0x210 [ 43.899404][ T21] ? afs_rx_new_call+0x240/0x240 [ 43.904336][ T21] rxrpc_discard_prealloc+0x60d/0x710 [ 43.909710][ T21] rxrpc_listen+0x246/0x370 [ 43.914210][ T21] afs_close_socket+0x57/0x280 [ 43.918963][ T21] ? afs_purge_servers+0x21f/0x280 [ 43.924065][ T21] ? init_wait_var_entry+0x150/0x150 [ 43.929348][ T21] afs_net_exit+0x4f/0x90 [ 43.933671][ T21] cleanup_net+0x708/0xba0 [ 43.938088][ T21] process_one_work+0x789/0xfc0 [ 43.942956][ T21] worker_thread+0xaa4/0x1460 [ 43.947739][ T21] kthread+0x37e/0x3a0 [ 43.951800][ T21] ? rcu_lock_release+0x20/0x20 [ 43.956640][ T21] ? kthread_blkcg+0xd0/0xd0 [ 43.961226][ T21] ret_from_fork+0x1f/0x30 [ 43.965642][ T21] [ 43.967959][ T21] Allocated by task 6804: [ 43.972279][ T21] __kasan_kmalloc+0x103/0x140 [ 43.977029][ T21] kmem_cache_alloc_trace+0x234/0x300 [ 43.982388][ T21] afs_alloc_call+0x89/0x2f0 [ 43.987140][ T21] afs_charge_preallocation+0xf0/0x2a0 [ 43.992590][ T21] afs_open_socket+0x3c7/0x510 [ 43.997346][ T21] afs_net_init+0x772/0x940 [ 44.001836][ T21] ops_init+0x320/0x410 [ 44.005978][ T21] setup_net+0x1cb/0x770 [ 44.010209][ T21] copy_net_ns+0x339/0x540 [ 44.014622][ T21] create_new_namespaces+0x52e/0x9f0 [ 44.019898][ T21] unshare_nsproxy_namespaces+0x123/0x190 [ 44.025608][ T21] ksys_unshare+0x463/0x950 [ 44.030099][ T21] __x64_sys_unshare+0x34/0x40 [ 44.034943][ T21] do_syscall_64+0x73/0xe0 [ 44.039350][ T21] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 44.045223][ T21] [ 44.047542][ T21] Freed by task 21: [ 44.051352][ T21] __kasan_slab_free+0x114/0x170 [ 44.056275][ T21] kfree+0x10a/0x220 [ 44.060160][ T21] afs_put_call+0x30e/0x420 [ 44.064649][ T21] rxrpc_discard_prealloc+0x5e2/0x710 [ 44.070014][ T21] rxrpc_listen+0x246/0x370 [ 44.074502][ T21] afs_close_socket+0x57/0x280 [ 44.079254][ T21] afs_net_exit+0x4f/0x90 [ 44.083572][ T21] cleanup_net+0x708/0xba0 [ 44.087979][ T21] process_one_work+0x789/0xfc0 [ 44.092816][ T21] worker_thread+0xaa4/0x1460 [ 44.097480][ T21] kthread+0x37e/0x3a0 [ 44.101535][ T21] ret_from_fork+0x1f/0x30 [ 44.105930][ T21] [ 44.108246][ T21] The buggy address belongs to the object at ffff8880973ab000 [ 44.108246][ T21] which belongs to the cache kmalloc-1k of size 1024 [ 44.122287][ T21] The buggy address is located 484 bytes inside of [ 44.122287][ T21] 1024-byte region [ffff8880973ab000, ffff8880973ab400) [ 44.135633][ T21] The buggy address belongs to the page: [ 44.141448][ T21] page:ffffea00025ceac0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 44.150552][ T21] flags: 0xfffe0000000200(slab) [ 44.155400][ T21] raw: 00fffe0000000200 ffffea00025c5548 ffffea00028bd748 ffff8880aa400c40 [ 44.163984][ T21] raw: 0000000000000000 ffff8880973ab000 0000000100000002 0000000000000000 [ 44.172557][ T21] page dumped because: kasan: bad access detected [ 44.178958][ T21] [ 44.181275][ T21] Memory state around the buggy address: [ 44.186897][ T21] ffff8880973ab080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.194952][ T21] ffff8880973ab100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.203005][ T21] >ffff8880973ab180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.211236][ T21] ^ [ 44.218404][ T21] ffff8880973ab200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.226450][ T21] ffff8880973ab280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.234479][ T21] ================================================================== [ 44.242530][ T21] Disabling lock debugging due to kernel taint [ 44.248716][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 44.255288][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 44.264895][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.274947][ T21] Workqueue: netns cleanup_net [ 44.279778][ T21] Call Trace: [ 44.283039][ T21] dump_stack+0x1f0/0x31e [ 44.287337][ T21] panic+0x264/0x7a0 [ 44.291204][ T21] ? trace_hardirqs_on+0x30/0x80 [ 44.296358][ T21] ? _raw_spin_unlock_irqrestore+0xa5/0xd0 [ 44.302134][ T21] kasan_report+0x1c9/0x1d0 [ 44.306632][ T21] ? afs_wake_up_async_call+0x16f/0x1c0 [ 44.312173][ T21] ? afs_make_call+0x24f0/0x24f0 [ 44.317076][ T21] afs_wake_up_async_call+0x16f/0x1c0 [ 44.322416][ T21] ? afs_make_call+0x24f0/0x24f0 [ 44.327323][ T21] rxrpc_notify_socket+0x1e7/0x4a0 [ 44.332416][ T21] rxrpc_call_completed+0x131/0x210 [ 44.337591][ T21] ? afs_rx_new_call+0x240/0x240 [ 44.342508][ T21] rxrpc_discard_prealloc+0x60d/0x710 [ 44.347849][ T21] rxrpc_listen+0x246/0x370 [ 44.352331][ T21] afs_close_socket+0x57/0x280 [ 44.357063][ T21] ? afs_purge_servers+0x21f/0x280 [ 44.362155][ T21] ? init_wait_var_entry+0x150/0x150 [ 44.367408][ T21] afs_net_exit+0x4f/0x90 [ 44.371716][ T21] cleanup_net+0x708/0xba0 [ 44.376114][ T21] process_one_work+0x789/0xfc0 [ 44.380948][ T21] worker_thread+0xaa4/0x1460 [ 44.385598][ T21] kthread+0x37e/0x3a0 [ 44.389636][ T21] ? rcu_lock_release+0x20/0x20 [ 44.394452][ T21] ? kthread_blkcg+0xd0/0xd0 [ 44.399018][ T21] ret_from_fork+0x1f/0x30 [ 44.404690][ T21] Kernel Offset: disabled [ 44.409017][ T21] Rebooting in 86400 seconds..