Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.5' (ECDSA) to the list of known hosts. 2020/07/02 09:52:49 fuzzer started 2020/07/02 09:52:49 connecting to host at 10.128.0.26:43399 2020/07/02 09:52:49 checking machine... 2020/07/02 09:52:49 checking revisions... 2020/07/02 09:52:49 testing simple program... syzkaller login: [ 59.852726][ T6811] IPVS: ftp: loaded support on port[0] = 21 2020/07/02 09:52:49 building call list... [ 60.149015][ T26] tipc: TX() has been purged, node left! [ 61.725374][ T1158] ================================================================== [ 61.733650][ T1158] BUG: KASAN: stack-out-of-bounds in bio_alloc_bioset+0x5b2/0x5d0 [ 61.741746][ T1158] Read of size 8 at addr ffffc900045673a0 by task khugepaged/1158 [ 61.749626][ T1158] [ 61.751961][ T1158] CPU: 0 PID: 1158 Comm: khugepaged Not tainted 5.8.0-rc3-next-20200702-syzkaller #0 [ 61.761418][ T1158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.771785][ T1158] Call Trace: [ 61.775114][ T1158] dump_stack+0x18f/0x20d [ 61.779900][ T1158] ? bio_alloc_bioset+0x5b2/0x5d0 [ 61.784936][ T1158] ? bio_alloc_bioset+0x5b2/0x5d0 [ 61.790144][ T1158] print_address_description.constprop.0.cold+0x5/0x436 [ 61.797270][ T1158] ? stack_trace_consume_entry+0x160/0x160 [ 61.803093][ T1158] ? lockdep_hardirqs_off+0x66/0xa0 [ 61.808338][ T1158] ? vprintk_func+0x97/0x1a6 [ 61.812941][ T1158] ? bio_alloc_bioset+0x5b2/0x5d0 [ 61.817976][ T1158] kasan_report.cold+0x1f/0x37 [ 61.822753][ T1158] ? mark_lock+0x90/0x1710 [ 61.827333][ T1158] ? bio_alloc_bioset+0x5b2/0x5d0 [ 61.832364][ T1158] bio_alloc_bioset+0x5b2/0x5d0 [ 61.837203][ T1158] ? __lock_acquire+0xc1e/0x56e0 [ 61.842121][ T1158] ? bvec_alloc+0x2f0/0x2f0 [ 61.846612][ T1158] bio_clone_fast+0x21/0x1b0 [ 61.851180][ T1158] bio_split+0xc7/0x2c0 [ 61.855323][ T1158] __blk_queue_split+0x10e2/0x1650 [ 61.860430][ T1158] ? bio_will_gap.part.0+0xce0/0xce0 [ 61.865707][ T1158] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.871753][ T1158] blk_mq_submit_bio+0x1b0/0x1760 [ 61.876756][ T1158] ? blk_queue_enter+0xb5d/0xcd0 [ 61.881683][ T1158] ? blk_mq_try_issue_directly+0x190/0x190 [ 61.887551][ T1158] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 61.893083][ T1158] submit_bio_noacct+0xc9e/0x12d0 [ 61.898082][ T1158] ? blk_queue_enter+0xcd0/0xcd0 [ 61.902999][ T1158] ? __pagevec_release+0x77/0x100 [ 61.908001][ T1158] ? mpage_release_unused_pages+0x5b8/0x840 [ 61.913893][ T1158] submit_bio+0x263/0x5b0 [ 61.918216][ T1158] ? release_pages+0x641/0x17a0 [ 61.924094][ T1158] ? submit_bio_noacct+0x12d0/0x12d0 [ 61.929355][ T1158] ? ext4_bio_write_page+0x1050/0x1c27 [ 61.934789][ T1158] ? put_devmap_managed_page+0x160/0x160 [ 61.940487][ T1158] ext4_io_submit+0x181/0x210 [ 61.945157][ T1158] ext4_writepages+0x13be/0x3960 [ 61.950088][ T1158] ? __ext4_mark_inode_dirty+0x910/0x910 [ 61.955699][ T1158] ? lock_downgrade+0x820/0x820 [ 61.960526][ T1158] ? get_page_from_freelist+0x2037/0x3770 [ 61.966245][ T1158] ? find_held_lock+0x2d/0x110 [ 61.971077][ T1158] ? __ext4_mark_inode_dirty+0x910/0x910 [ 61.976680][ T1158] do_writepages+0xec/0x290 [ 61.981161][ T1158] ? writeback_set_ratelimit+0x150/0x150 [ 61.986858][ T1158] ? do_raw_spin_lock+0x120/0x2b0 [ 61.991864][ T1158] ? do_raw_spin_unlock+0x171/0x230 [ 61.997129][ T1158] ? _raw_spin_unlock+0x24/0x40 [ 62.002006][ T1158] ? wbc_attach_and_unlock_inode+0x11d/0x9d0 [ 62.007982][ T1158] __filemap_fdatawrite_range+0x2a1/0x380 [ 62.013721][ T1158] ? delete_from_page_cache_batch+0xe20/0xe20 [ 62.019870][ T1158] ? _raw_spin_unlock_irq+0x1f/0x80 [ 62.025166][ T1158] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.031319][ T1158] ? trace_hardirqs_on+0x5f/0x220 [ 62.036444][ T1158] collapse_file+0x351f/0x4080 [ 62.041203][ T1158] ? lockdep_hardirqs_on_prepare+0x4a0/0x590 [ 62.047162][ T1158] ? lock_is_held_type+0xb0/0xe0 [ 62.052078][ T1158] ? __collapse_huge_page_isolate+0x1980/0x1980 [ 62.058300][ T1158] ? xas_find+0x302/0x860 [ 62.062653][ T1158] khugepaged+0x2fb4/0x5a10 [ 62.067184][ T1158] ? collapse_pte_mapped_thp+0xb90/0xb90 [ 62.072981][ T1158] ? __kthread_parkme+0xad/0x1e0 [ 62.077913][ T1158] ? lock_downgrade+0x820/0x820 [ 62.082843][ T1158] ? finish_wait+0x260/0x260 [ 62.087411][ T1158] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 62.093206][ T1158] ? __kthread_parkme+0x4c/0x1e0 [ 62.098206][ T1158] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.104436][ T1158] ? __kthread_parkme+0x13f/0x1e0 [ 62.109479][ T1158] ? collapse_pte_mapped_thp+0xb90/0xb90 [ 62.115353][ T1158] kthread+0x3b5/0x4a0 [ 62.119397][ T1158] ? __kthread_bind_mask+0xc0/0xc0 [ 62.124481][ T1158] ? __kthread_bind_mask+0xc0/0xc0 [ 62.129663][ T1158] ret_from_fork+0x1f/0x30 [ 62.134511][ T1158] [ 62.136818][ T1158] [ 62.139230][ T1158] addr ffffc900045673a0 is located in stack of task khugepaged/1158 at offset 80 in frame: [ 62.149452][ T1158] submit_bio_noacct+0x0/0x12d0 [ 62.154297][ T1158] [ 62.156608][ T1158] this frame has 3 objects: [ 62.161173][ T1158] [32, 40) 'bio' [ 62.161177][ T1158] [64, 80) 'bio_list' [ 62.164787][ T1158] [96, 128) 'bio_list_on_stack' [ 62.168825][ T1158] [ 62.176231][ T1158] Memory state around the buggy address: [ 62.181937][ T1158] ffffc90004567280: 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 [ 62.190163][ T1158] ffffc90004567300: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f2 [ 62.198210][ T1158] >ffffc90004567380: f2 f2 00 00 f2 f2 00 00 00 00 f3 f3 f3 f3 00 00 [ 62.206261][ T1158] ^ [ 62.211351][ T1158] ffffc90004567400: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 62.219396][ T1158] ffffc90004567480: f1 00 f2 f2 f2 00 00 00 00 f3 f3 f3 f3 00 00 00 [ 62.227443][ T1158] ================================================================== [ 62.237747][ T1158] Disabling lock debugging due to kernel taint [ 62.248966][ T1158] Kernel panic - not syncing: panic_on_warn set ... [ 62.255655][ T1158] CPU: 0 PID: 1158 Comm: khugepaged Tainted: G B 5.8.0-rc3-next-20200702-syzkaller #0 [ 62.266587][ T1158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.276633][ T1158] Call Trace: [ 62.279902][ T1158] dump_stack+0x18f/0x20d [ 62.284207][ T1158] ? bio_alloc_bioset+0x4f0/0x5d0 [ 62.289378][ T1158] panic+0x2e3/0x75c [ 62.293255][ T1158] ? __warn_printk+0xf3/0xf3 [ 62.297832][ T1158] ? preempt_schedule_common+0x59/0xc0 [ 62.303268][ T1158] ? bio_alloc_bioset+0x5b2/0x5d0 [ 62.308264][ T1158] ? preempt_schedule_thunk+0x16/0x18 [ 62.313622][ T1158] ? trace_hardirqs_on+0x55/0x220 [ 62.319582][ T1158] ? bio_alloc_bioset+0x5b2/0x5d0 [ 62.324607][ T1158] ? bio_alloc_bioset+0x5b2/0x5d0 [ 62.329617][ T1158] end_report+0x4d/0x53 [ 62.333745][ T1158] kasan_report.cold+0xd/0x37 [ 62.338412][ T1158] ? mark_lock+0x90/0x1710 [ 62.342824][ T1158] ? bio_alloc_bioset+0x5b2/0x5d0 [ 62.347820][ T1158] bio_alloc_bioset+0x5b2/0x5d0 [ 62.353010][ T1158] ? __lock_acquire+0xc1e/0x56e0 [ 62.357921][ T1158] ? bvec_alloc+0x2f0/0x2f0 [ 62.362398][ T1158] bio_clone_fast+0x21/0x1b0 [ 62.366972][ T1158] bio_split+0xc7/0x2c0 [ 62.371101][ T1158] __blk_queue_split+0x10e2/0x1650 [ 62.376448][ T1158] ? bio_will_gap.part.0+0xce0/0xce0 [ 62.381708][ T1158] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.387764][ T1158] blk_mq_submit_bio+0x1b0/0x1760 [ 62.392777][ T1158] ? blk_queue_enter+0xb5d/0xcd0 [ 62.397690][ T1158] ? blk_mq_try_issue_directly+0x190/0x190 [ 62.403476][ T1158] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 62.408999][ T1158] submit_bio_noacct+0xc9e/0x12d0 [ 62.413997][ T1158] ? blk_queue_enter+0xcd0/0xcd0 [ 62.418911][ T1158] ? __pagevec_release+0x77/0x100 [ 62.423999][ T1158] ? mpage_release_unused_pages+0x5b8/0x840 [ 62.429864][ T1158] submit_bio+0x263/0x5b0 [ 62.434268][ T1158] ? release_pages+0x641/0x17a0 [ 62.439105][ T1158] ? submit_bio_noacct+0x12d0/0x12d0 [ 62.444375][ T1158] ? ext4_bio_write_page+0x1050/0x1c27 [ 62.449806][ T1158] ? put_devmap_managed_page+0x160/0x160 [ 62.455410][ T1158] ext4_io_submit+0x181/0x210 [ 62.460061][ T1158] ext4_writepages+0x13be/0x3960 [ 62.464977][ T1158] ? __ext4_mark_inode_dirty+0x910/0x910 [ 62.470601][ T1158] ? lock_downgrade+0x820/0x820 [ 62.475426][ T1158] ? get_page_from_freelist+0x2037/0x3770 [ 62.481132][ T1158] ? find_held_lock+0x2d/0x110 [ 62.485867][ T1158] ? __ext4_mark_inode_dirty+0x910/0x910 [ 62.491490][ T1158] do_writepages+0xec/0x290 [ 62.495969][ T1158] ? writeback_set_ratelimit+0x150/0x150 [ 62.501597][ T1158] ? do_raw_spin_lock+0x120/0x2b0 [ 62.506662][ T1158] ? do_raw_spin_unlock+0x171/0x230 [ 62.511833][ T1158] ? _raw_spin_unlock+0x24/0x40 [ 62.516654][ T1158] ? wbc_attach_and_unlock_inode+0x11d/0x9d0 [ 62.522610][ T1158] __filemap_fdatawrite_range+0x2a1/0x380 [ 62.528308][ T1158] ? delete_from_page_cache_batch+0xe20/0xe20 [ 62.534375][ T1158] ? _raw_spin_unlock_irq+0x1f/0x80 [ 62.540504][ T1158] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.546470][ T1158] ? trace_hardirqs_on+0x5f/0x220 [ 62.551469][ T1158] collapse_file+0x351f/0x4080 [ 62.556522][ T1158] ? lockdep_hardirqs_on_prepare+0x4a0/0x590 [ 62.562564][ T1158] ? lock_is_held_type+0xb0/0xe0 [ 62.567480][ T1158] ? __collapse_huge_page_isolate+0x1980/0x1980 [ 62.573786][ T1158] ? xas_find+0x302/0x860 [ 62.578091][ T1158] khugepaged+0x2fb4/0x5a10 [ 62.582575][ T1158] ? collapse_pte_mapped_thp+0xb90/0xb90 [ 62.588210][ T1158] ? __kthread_parkme+0xad/0x1e0 [ 62.593238][ T1158] ? lock_downgrade+0x820/0x820 [ 62.598322][ T1158] ? finish_wait+0x260/0x260 [ 62.603002][ T1158] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 62.608791][ T1158] ? __kthread_parkme+0x4c/0x1e0 [ 62.613746][ T1158] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.619714][ T1158] ? __kthread_parkme+0x13f/0x1e0 [ 62.624714][ T1158] ? collapse_pte_mapped_thp+0xb90/0xb90 [ 62.630320][ T1158] kthread+0x3b5/0x4a0 [ 62.634394][ T1158] ? __kthread_bind_mask+0xc0/0xc0 [ 62.639496][ T1158] ? __kthread_bind_mask+0xc0/0xc0 [ 62.644584][ T1158] ret_from_fork+0x1f/0x30 [ 62.650773][ T1158] Kernel Offset: disabled [ 62.655394][ T1158] Rebooting in 86400 seconds..