[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ 40.124480][ T6733] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6733 [ 40.134362][ T6733] caller is ext4_mb_new_blocks+0x301/0x1620 [ 40.140285][ T6733] CPU: 1 PID: 6733 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 40.148867][ T6733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 40.159099][ T6733] Call Trace: [ 40.162411][ T6733] dump_stack+0x1f0/0x31e [ 40.166752][ T6733] check_preemption_disabled+0x1c9/0x240 [ 40.172488][ T6733] ext4_mb_new_blocks+0x301/0x1620 [ 40.177629][ T6733] ext4_ext_map_blocks+0x2ad5/0x6d20 [ 40.183357][ T6733] ? ext4_map_blocks+0x7ea/0x19e0 [ 40.188410][ T6733] ext4_map_blocks+0x8c1/0x19e0 [ 40.193374][ T6733] ext4_getblk+0xa4/0x460 [ 40.197732][ T6733] ext4_bread+0x48/0x330 [ 40.202133][ T6733] ext4_append+0x153/0x2d0 [ 40.206656][ T6733] ext4_mkdir+0x75f/0x14c0 [ 40.211191][ T6733] vfs_mkdir+0x42a/0x620 [ 40.215467][ T6733] do_mkdirat+0x1b9/0x310 [ 40.220116][ T6733] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 40.226180][ T6733] do_syscall_64+0x73/0xe0 [ 40.230659][ T6733] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 40.237650][ T6733] RIP: 0033:0x7fdfe8e59687 [ 40.242057][ T6733] Code: Bad RIP value. [ 40.246159][ T6733] RSP: 002b:00007fffe1cd9608 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 40.255065][ T6733] RAX: ffffffffffffffda RBX: 00005634a06b2985 RCX: 00007fdfe8e59687 [ 40.263031][ T6733] RDX: 00007fffe1cd94d0 RSI: 00000000000001ed RDI: 00005634a06b2985 [ 40.270990][ T6733] RBP: 00007fdfe8e59680 R08: 0000000000000100 R09: 0000000000000000 [ 40.279482][ T6733] R10: 00005634a06b2980 R11: 0000000000000246 R12: 00000000000001ed [ 40.287527][ T6733] R13: 00007fffe1cd9790 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.49' (ECDSA) to the list of known hosts. 2020/06/15 16:03:26 fuzzer started 2020/06/15 16:03:27 connecting to host at 10.128.0.26:46871 2020/06/15 16:03:27 checking machine... 2020/06/15 16:03:27 checking revisions... 2020/06/15 16:03:27 testing simple program... syzkaller login: [ 45.043912][ T6807] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6807 [ 45.054113][ T6807] caller is ext4_mb_new_blocks+0x301/0x1620 [ 45.060489][ T6807] CPU: 0 PID: 6807 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 45.070039][ T6807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.082431][ T6807] Call Trace: [ 45.086440][ T6807] dump_stack+0x1f0/0x31e [ 45.091611][ T6807] check_preemption_disabled+0x1c9/0x240 [ 45.097707][ T6807] ext4_mb_new_blocks+0x301/0x1620 [ 45.103966][ T6807] ext4_ext_map_blocks+0x2ad5/0x6d20 [ 45.109280][ T6807] ? ext4_map_blocks+0x7ea/0x19e0 [ 45.114709][ T6807] ext4_map_blocks+0x8c1/0x19e0 [ 45.120137][ T6807] ext4_getblk+0xa4/0x460 [ 45.124905][ T6807] ext4_bread+0x48/0x330 [ 45.129368][ T6807] ext4_append+0x153/0x2d0 [ 45.133799][ T6807] ext4_mkdir+0x75f/0x14c0 [ 45.138263][ T6807] vfs_mkdir+0x42a/0x620 [ 45.143112][ T6807] do_mkdirat+0x1b9/0x310 [ 45.147464][ T6807] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.156965][ T6807] do_syscall_64+0x73/0xe0 [ 45.161387][ T6807] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.167373][ T6807] RIP: 0033:0x4b02a0 [ 45.171972][ T6807] Code: Bad RIP value. [ 45.176020][ T6807] RSP: 002b:000000c0000dd4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 45.184785][ T6807] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 45.193858][ T6807] RDX: 00000000000001c0 RSI: 000000c000026c40 RDI: ffffffffffffff9c [ 45.202472][ T6807] RBP: 000000c0000dd510 R08: 0000000000000000 R09: 0000000000000000 [ 45.211707][ T6807] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 45.220427][ T6807] R13: 0000000000000063 R14: 0000000000000062 R15: 0000000000000100 [ 45.246656][ T6810] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6810 [ 45.256546][ T6810] caller is ext4_mb_new_blocks+0x301/0x1620 [ 45.262826][ T6810] CPU: 1 PID: 6810 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 45.271413][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.281542][ T6810] Call Trace: [ 45.284817][ T6810] dump_stack+0x1f0/0x31e [ 45.292093][ T6810] check_preemption_disabled+0x1c9/0x240 [ 45.297792][ T6810] ext4_mb_new_blocks+0x301/0x1620 [ 45.302886][ T6810] ext4_ext_map_blocks+0x2ad5/0x6d20 [ 45.308198][ T6810] ? ext4_map_blocks+0x7ea/0x19e0 [ 45.313299][ T6810] ext4_map_blocks+0x8c1/0x19e0 [ 45.319212][ T6810] ext4_getblk+0xa4/0x460 [ 45.324046][ T6810] ext4_bread+0x48/0x330 [ 45.328294][ T6810] ext4_append+0x153/0x2d0 [ 45.332866][ T6810] ext4_mkdir+0x75f/0x14c0 [ 45.337309][ T6810] vfs_mkdir+0x42a/0x620 [ 45.341558][ T6810] do_mkdirat+0x1b9/0x310 [ 45.346477][ T6810] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.352525][ T6810] do_syscall_64+0x73/0xe0 [ 45.356920][ T6810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.362801][ T6810] RIP: 0033:0x45bed7 [ 45.366913][ T6810] Code: Bad RIP value. [ 45.371063][ T6810] RSP: 002b:00007ffeb4d5c5e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 45.379464][ T6810] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 45.387435][ T6810] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007ffeb4d5c7c0 [ 45.395423][ T6810] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002700 [ 45.403495][ T6810] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 45.411460][ T6810] R13: 00007ffeb4d5c7c0 R14: 8421084210842109 R15: 00007ffeb4d5c7cc [ 45.512762][ T6812] IPVS: ftp: loaded support on port[0] = 21 [ 45.545743][ T6812] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6812 [ 45.555485][ T6812] caller is ext4_mb_new_blocks+0x301/0x1620 [ 45.562523][ T6812] CPU: 0 PID: 6812 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 45.571295][ T6812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.581519][ T6812] Call Trace: [ 45.585120][ T6812] dump_stack+0x1f0/0x31e [ 45.589467][ T6812] check_preemption_disabled+0x1c9/0x240 [ 45.595321][ T6812] ext4_mb_new_blocks+0x301/0x1620 [ 45.600583][ T6812] ext4_ext_map_blocks+0x2ad5/0x6d20 [ 45.605909][ T6812] ? ext4_map_blocks+0x7ea/0x19e0 [ 45.611107][ T6812] ext4_map_blocks+0x8c1/0x19e0 [ 45.616072][ T6812] ext4_getblk+0xa4/0x460 [ 45.620545][ T6812] ext4_bread+0x48/0x330 [ 45.624773][ T6812] ext4_append+0x153/0x2d0 [ 45.629212][ T6812] ext4_mkdir+0x75f/0x14c0 [ 45.633615][ T6812] vfs_mkdir+0x42a/0x620 [ 45.638966][ T6812] do_mkdirat+0x1b9/0x310 [ 45.643463][ T6812] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.649878][ T6812] do_syscall_64+0x73/0xe0 [ 45.654286][ T6812] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.660554][ T6812] RIP: 0033:0x45bed7 [ 45.664513][ T6812] Code: Bad RIP value. [ 45.668701][ T6812] RSP: 002b:00007ffeb4d5c4d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 45.677366][ T6812] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 45.685531][ T6812] RDX: 00007ffeb4d5c523 RSI: 00000000000001ff RDI: 00007ffeb4d5c520 [ 45.693517][ T6812] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 45.701671][ T6812] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0 [ 45.709692][ T6812] R13: 00007ffeb4d5c510 R14: 0000000000000000 R15: 00007ffeb4d5c520 [ 45.752130][ T6812] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6812 [ 45.761846][ T6812] caller is ext4_mb_new_blocks+0x301/0x1620 [ 45.768003][ T6812] CPU: 1 PID: 6812 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 45.777285][ T6812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 45.788100][ T6812] Call Trace: [ 45.791588][ T6812] dump_stack+0x1f0/0x31e [ 45.796518][ T6812] check_preemption_disabled+0x1c9/0x240 [ 45.802623][ T6812] ext4_mb_new_blocks+0x301/0x1620 [ 45.809048][ T6812] ext4_ext_map_blocks+0x2ad5/0x6d20 [ 45.814386][ T6812] ? ext4_map_blocks+0x7ea/0x19e0 [ 45.819440][ T6812] ext4_map_blocks+0x8c1/0x19e0 [ 45.824416][ T6812] ext4_getblk+0xa4/0x460 [ 45.829022][ T6812] ext4_bread+0x48/0x330 [ 45.833339][ T6812] ext4_append+0x153/0x2d0 [ 45.837761][ T6812] ext4_mkdir+0x75f/0x14c0 [ 45.842274][ T6812] vfs_mkdir+0x42a/0x620 [ 45.849034][ T6812] do_mkdirat+0x1b9/0x310 [ 45.853354][ T6812] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.859702][ T6812] do_syscall_64+0x73/0xe0 [ 45.864104][ T6812] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 45.870060][ T6812] RIP: 0033:0x45bed7 [ 45.873977][ T6812] Code: Bad RIP value. [ 45.878132][ T6812] RSP: 002b:00007ffeb4d5c4d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 45.886621][ T6812] RAX: ffffffffffffffda RBX: 000000000000b2b8 RCX: 000000000045bed7 [ 45.895096][ T6812] RDX: 00007ffeb4d5c523 RSI: 00000000000001ff RDI: 00007ffeb4d5c520 2020/06/15 16:03:28 building call list... [ 45.903152][ T6812] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 45.911263][ T6812] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 45.919643][ T6812] R13: 00007ffeb4d5c510 R14: 000000000000b2b1 R15: 00007ffeb4d5c520 [ 46.157317][ T82] tipc: TX() has been purged, node left! [ 46.669072][ T82] ================================================================== [ 46.678566][ T82] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x16f/0x1c0 [ 46.686552][ T82] Write of size 1 at addr ffff88809469c9e4 by task kworker/u4:3/82 [ 46.694775][ T82] [ 46.697115][ T82] CPU: 1 PID: 82 Comm: kworker/u4:3 Not tainted 5.8.0-rc1-syzkaller #0 [ 46.705525][ T82] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 46.716029][ T82] Workqueue: netns cleanup_net [ 46.720961][ T82] Call Trace: [ 46.724526][ T82] dump_stack+0x1f0/0x31e [ 46.728884][ T82] print_address_description+0x66/0x5a0 [ 46.734707][ T82] ? vprintk_emit+0x342/0x3c0 [ 46.739383][ T82] ? printk+0x62/0x83 [ 46.743361][ T82] ? vprintk_emit+0x339/0x3c0 [ 46.748047][ T82] kasan_report+0x132/0x1d0 [ 46.752566][ T82] ? afs_wake_up_async_call+0x16f/0x1c0 [ 46.758562][ T82] ? afs_make_call+0x24f0/0x24f0 [ 46.763498][ T82] afs_wake_up_async_call+0x16f/0x1c0 [ 46.768870][ T82] ? afs_make_call+0x24f0/0x24f0 [ 46.773995][ T82] rxrpc_notify_socket+0x1e7/0x4a0 [ 46.779111][ T82] rxrpc_call_completed+0x131/0x210 [ 46.784331][ T82] ? afs_rx_new_call+0x240/0x240 [ 46.789286][ T82] rxrpc_discard_prealloc+0x60d/0x710 [ 46.794692][ T82] rxrpc_listen+0x246/0x370 [ 46.799197][ T82] afs_close_socket+0x57/0x280 [ 46.803952][ T82] ? afs_purge_servers+0x21f/0x280 [ 46.809582][ T82] ? init_wait_var_entry+0x150/0x150 [ 46.814894][ T82] afs_net_exit+0x4f/0x90 [ 46.819221][ T82] cleanup_net+0x708/0xba0 [ 46.823647][ T82] process_one_work+0x789/0xfc0 [ 46.828540][ T82] worker_thread+0xaa4/0x1460 [ 46.833259][ T82] kthread+0x37e/0x3a0 [ 46.837324][ T82] ? rcu_lock_release+0x20/0x20 [ 46.842274][ T82] ? kthread_blkcg+0xd0/0xd0 [ 46.846880][ T82] ret_from_fork+0x1f/0x30 [ 46.851398][ T82] [ 46.853723][ T82] Allocated by task 6812: [ 46.858132][ T82] __kasan_kmalloc+0x103/0x140 [ 46.862983][ T82] kmem_cache_alloc_trace+0x234/0x300 [ 46.868547][ T82] afs_alloc_call+0x89/0x2f0 [ 46.873312][ T82] afs_charge_preallocation+0xf0/0x2a0 [ 46.878870][ T82] afs_open_socket+0x3c7/0x510 [ 46.883736][ T82] afs_net_init+0x772/0x940 [ 46.888336][ T82] ops_init+0x320/0x410 [ 46.892532][ T82] setup_net+0x1cb/0x770 [ 46.896788][ T82] copy_net_ns+0x339/0x540 [ 46.901244][ T82] create_new_namespaces+0x52e/0x9f0 [ 46.906638][ T82] unshare_nsproxy_namespaces+0x123/0x190 [ 46.912551][ T82] ksys_unshare+0x463/0x950 [ 46.917068][ T82] __x64_sys_unshare+0x34/0x40 [ 46.921842][ T82] do_syscall_64+0x73/0xe0 [ 46.926287][ T82] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 46.932698][ T82] [ 46.935030][ T82] Freed by task 82: [ 46.938848][ T82] __kasan_slab_free+0x114/0x170 [ 46.943785][ T82] kfree+0x10a/0x220 [ 46.948098][ T82] afs_put_call+0x30e/0x420 [ 46.952831][ T82] rxrpc_discard_prealloc+0x5e2/0x710 [ 46.958205][ T82] rxrpc_listen+0x246/0x370 [ 46.962838][ T82] afs_close_socket+0x57/0x280 [ 46.967622][ T82] afs_net_exit+0x4f/0x90 [ 46.971945][ T82] cleanup_net+0x708/0xba0 [ 46.976423][ T82] process_one_work+0x789/0xfc0 [ 46.981255][ T82] worker_thread+0xaa4/0x1460 [ 46.986012][ T82] kthread+0x37e/0x3a0 [ 46.990075][ T82] ret_from_fork+0x1f/0x30 [ 46.994702][ T82] [ 46.997196][ T82] The buggy address belongs to the object at ffff88809469c800 [ 46.997196][ T82] which belongs to the cache kmalloc-1k of size 1024 [ 47.011355][ T82] The buggy address is located 484 bytes inside of [ 47.011355][ T82] 1024-byte region [ffff88809469c800, ffff88809469cc00) [ 47.024882][ T82] The buggy address belongs to the page: [ 47.030652][ T82] page:ffffea000251a700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 47.039765][ T82] flags: 0xfffe0000000200(slab) [ 47.044768][ T82] raw: 00fffe0000000200 ffffea00025185c8 ffffea00024f7608 ffff8880aa400c40 [ 47.053357][ T82] raw: 0000000000000000 ffff88809469c000 0000000100000002 0000000000000000 [ 47.062117][ T82] page dumped because: kasan: bad access detected [ 47.068507][ T82] [ 47.070832][ T82] Memory state around the buggy address: [ 47.076463][ T82] ffff88809469c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.084509][ T82] ffff88809469c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.092550][ T82] >ffff88809469c980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.100807][ T82] ^ [ 47.108536][ T82] ffff88809469ca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.116684][ T82] ffff88809469ca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.125593][ T82] ================================================================== [ 47.134002][ T82] Disabling lock debugging due to kernel taint [ 47.140549][ T82] Kernel panic - not syncing: panic_on_warn set ... [ 47.147161][ T82] CPU: 1 PID: 82 Comm: kworker/u4:3 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 47.156779][ T82] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 47.167160][ T82] Workqueue: netns cleanup_net [ 47.171971][ T82] Call Trace: [ 47.175254][ T82] dump_stack+0x1f0/0x31e [ 47.179572][ T82] panic+0x264/0x7a0 [ 47.184141][ T82] ? trace_hardirqs_on+0x30/0x80 [ 47.189079][ T82] ? _raw_spin_unlock_irqrestore+0xa5/0xd0 [ 47.195035][ T82] kasan_report+0x1c9/0x1d0 [ 47.199689][ T82] ? afs_wake_up_async_call+0x16f/0x1c0 [ 47.205346][ T82] ? afs_make_call+0x24f0/0x24f0 [ 47.210269][ T82] afs_wake_up_async_call+0x16f/0x1c0 [ 47.215636][ T82] ? afs_make_call+0x24f0/0x24f0 [ 47.220550][ T82] rxrpc_notify_socket+0x1e7/0x4a0 [ 47.225658][ T82] rxrpc_call_completed+0x131/0x210 [ 47.231635][ T82] ? afs_rx_new_call+0x240/0x240 [ 47.236688][ T82] rxrpc_discard_prealloc+0x60d/0x710 [ 47.242151][ T82] rxrpc_listen+0x246/0x370 [ 47.246658][ T82] afs_close_socket+0x57/0x280 [ 47.251723][ T82] ? afs_purge_servers+0x21f/0x280 [ 47.256841][ T82] ? init_wait_var_entry+0x150/0x150 [ 47.262290][ T82] afs_net_exit+0x4f/0x90 [ 47.266764][ T82] cleanup_net+0x708/0xba0 [ 47.271207][ T82] process_one_work+0x789/0xfc0 [ 47.276156][ T82] worker_thread+0xaa4/0x1460 [ 47.280835][ T82] kthread+0x37e/0x3a0 [ 47.285145][ T82] ? rcu_lock_release+0x20/0x20 [ 47.290290][ T82] ? kthread_blkcg+0xd0/0xd0 [ 47.295106][ T82] ret_from_fork+0x1f/0x30 [ 47.301181][ T82] Kernel Offset: disabled [ 47.305621][ T82] Rebooting in 86400 seconds..