[ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.21' (ECDSA) to the list of known hosts. 2020/07/02 09:52:50 fuzzer started 2020/07/02 09:52:50 connecting to host at 10.128.0.26:41721 2020/07/02 09:52:50 checking machine... 2020/07/02 09:52:50 checking revisions... 2020/07/02 09:52:50 testing simple program... syzkaller login: [ 61.385416][ T6809] IPVS: ftp: loaded support on port[0] = 21 2020/07/02 09:52:50 building call list... [ 61.677536][ T108] tipc: TX() has been purged, node left! [ 62.908636][ T169] ================================================================== [ 62.917090][ T169] BUG: KASAN: stack-out-of-bounds in bio_alloc_bioset+0x5b2/0x5d0 [ 62.924900][ T169] Read of size 8 at addr ffffc90000fc7150 by task kworker/u4:4/169 [ 62.933051][ T169] [ 62.935397][ T169] CPU: 0 PID: 169 Comm: kworker/u4:4 Not tainted 5.8.0-rc3-next-20200702-syzkaller #0 [ 62.944948][ T169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.955198][ T169] Workqueue: writeback wb_workfn (flush-8:0) [ 62.961177][ T169] Call Trace: [ 62.964478][ T169] dump_stack+0x18f/0x20d [ 62.968813][ T169] ? bio_alloc_bioset+0x5b2/0x5d0 [ 62.973834][ T169] ? bio_alloc_bioset+0x5b2/0x5d0 [ 62.978858][ T169] print_address_description.constprop.0.cold+0x5/0x436 [ 62.985794][ T169] ? lockdep_hardirqs_off+0x66/0xa0 [ 62.991176][ T169] ? vprintk_func+0x97/0x1a6 [ 62.995775][ T169] ? bio_alloc_bioset+0x5b2/0x5d0 [ 63.000808][ T169] kasan_report.cold+0x1f/0x37 [ 63.006795][ T169] ? mark_lock+0x90/0x1710 [ 63.011208][ T169] ? bio_alloc_bioset+0x5b2/0x5d0 [ 63.016244][ T169] bio_alloc_bioset+0x5b2/0x5d0 [ 63.021100][ T169] ? __lock_acquire+0xc1e/0x56e0 [ 63.026102][ T169] ? bvec_alloc+0x2f0/0x2f0 [ 63.030636][ T169] bio_clone_fast+0x21/0x1b0 [ 63.035410][ T169] bio_split+0xc7/0x2c0 [ 63.039586][ T169] __blk_queue_split+0x10e2/0x1650 [ 63.044714][ T169] ? bio_will_gap.part.0+0xce0/0xce0 [ 63.050093][ T169] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.056073][ T169] blk_mq_submit_bio+0x1b0/0x1760 [ 63.061186][ T169] ? blk_queue_enter+0xb5d/0xcd0 [ 63.066119][ T169] ? blk_mq_try_issue_directly+0x190/0x190 [ 63.071928][ T169] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 63.077495][ T169] submit_bio_noacct+0xc9e/0x12d0 [ 63.082524][ T169] ? blk_queue_enter+0xcd0/0xcd0 [ 63.087473][ T169] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.093451][ T169] ? lockdep_hardirqs_on+0x6a/0xe0 [ 63.098568][ T169] submit_bio+0x263/0x5b0 [ 63.102913][ T169] ? submit_bio_noacct+0x12d0/0x12d0 [ 63.108194][ T169] ? bio_add_page+0x186/0x1f0 [ 63.112867][ T169] ? __bio_add_page+0x4f0/0x4f0 [ 63.117812][ T169] ? lock_downgrade+0x820/0x820 [ 63.122661][ T169] ? mod_lruvec_page_state+0x2ae/0x3e0 [ 63.128123][ T169] ext4_bio_write_page+0x9a8/0x1c27 [ 63.133334][ T169] mpage_submit_page+0x140/0x2c0 [ 63.138267][ T169] ext4_writepages+0x237e/0x3960 [ 63.143232][ T169] ? __ext4_mark_inode_dirty+0x910/0x910 [ 63.148859][ T169] ? __brelse+0x84/0xa0 [ 63.153019][ T169] ? mark_lock+0xbc/0x1710 [ 63.157462][ T169] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 63.163440][ T169] ? __ext4_mark_inode_dirty+0x910/0x910 [ 63.169067][ T169] do_writepages+0xec/0x290 [ 63.173578][ T169] ? writeback_set_ratelimit+0x150/0x150 [ 63.179210][ T169] ? lock_downgrade+0x820/0x820 [ 63.184078][ T169] ? lock_is_held_type+0xb0/0xe0 [ 63.189021][ T169] __writeback_single_inode+0x125/0x1400 [ 63.194664][ T169] ? _raw_spin_unlock+0x24/0x40 [ 63.199507][ T169] ? wbc_attach_and_unlock_inode+0x11d/0x9d0 [ 63.206356][ T169] writeback_sb_inodes+0x53d/0xf40 [ 63.211654][ T169] ? __writeback_single_inode+0x1400/0x1400 [ 63.217564][ T169] __writeback_inodes_wb+0xc6/0x280 [ 63.222763][ T169] wb_writeback+0x8bb/0xd40 [ 63.227267][ T169] ? __writeback_inodes_wb+0x280/0x280 [ 63.232727][ T169] ? cpumask_next+0x3c/0x40 [ 63.237232][ T169] ? get_nr_dirty_inodes+0x19e/0x210 [ 63.245210][ T169] wb_workfn+0xb20/0x13e0 [ 63.249546][ T169] ? inode_wait_for_writeback+0x30/0x30 [ 63.255089][ T169] ? process_one_work+0x85f/0x1670 [ 63.260201][ T169] ? lock_release+0x8d0/0x8d0 [ 63.264916][ T169] ? _raw_spin_unlock_irq+0x1f/0x80 [ 63.270204][ T169] ? lock_is_held_type+0xb0/0xe0 [ 63.275142][ T169] process_one_work+0x94c/0x1670 [ 63.280089][ T169] ? lock_release+0x8d0/0x8d0 [ 63.284783][ T169] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 63.290158][ T169] ? rwlock_bug.part.0+0x90/0x90 [ 63.295187][ T169] ? lockdep_hardirqs_off+0x66/0xa0 [ 63.300392][ T169] worker_thread+0x64c/0x1120 [ 63.305263][ T169] ? process_one_work+0x1670/0x1670 [ 63.310462][ T169] kthread+0x3b5/0x4a0 [ 63.314533][ T169] ? __kthread_bind_mask+0xc0/0xc0 [ 63.319734][ T169] ? __kthread_bind_mask+0xc0/0xc0 [ 63.324844][ T169] ret_from_fork+0x1f/0x30 [ 63.329269][ T169] [ 63.331592][ T169] [ 63.333917][ T169] addr ffffc90000fc7150 is located in stack of task kworker/u4:4/169 at offset 80 in frame: [ 63.343981][ T169] submit_bio_noacct+0x0/0x12d0 [ 63.348828][ T169] [ 63.351183][ T169] this frame has 3 objects: [ 63.355676][ T169] [32, 40) 'bio' [ 63.355684][ T169] [64, 80) 'bio_list' [ 63.359311][ T169] [96, 128) 'bio_list_on_stack' [ 63.363372][ T169] [ 63.370630][ T169] Memory state around the buggy address: [ 63.376261][ T169] ffffc90000fc7000: 00 00 00 f2 f2 f2 00 00 00 00 00 f3 f3 f3 f3 f3 [ 63.384318][ T169] ffffc90000fc7080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.392399][ T169] >ffffc90000fc7100: f1 f1 f1 f1 00 f2 f2 f2 00 00 f2 f2 00 00 00 00 [ 63.400460][ T169] ^ [ 63.407223][ T169] ffffc90000fc7180: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 63.415287][ T169] ffffc90000fc7200: 00 00 00 f1 f1 f1 f1 00 f2 f2 f2 00 00 00 00 f3 [ 63.423715][ T169] ================================================================== [ 63.431845][ T169] Disabling lock debugging due to kernel taint [ 63.469780][ T169] Kernel panic - not syncing: panic_on_warn set ... [ 63.476498][ T169] CPU: 0 PID: 169 Comm: kworker/u4:4 Tainted: G B 5.8.0-rc3-next-20200702-syzkaller #0 [ 63.487526][ T169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.497686][ T169] Workqueue: writeback wb_workfn (flush-8:0) [ 63.503674][ T169] Call Trace: [ 63.506990][ T169] dump_stack+0x18f/0x20d [ 63.511329][ T169] ? bio_alloc_bioset+0x4f0/0x5d0 [ 63.516362][ T169] panic+0x2e3/0x75c [ 63.520267][ T169] ? __warn_printk+0xf3/0xf3 [ 63.524961][ T169] ? preempt_schedule_common+0x59/0xc0 [ 63.530426][ T169] ? bio_alloc_bioset+0x5b2/0x5d0 [ 63.535456][ T169] ? preempt_schedule_thunk+0x16/0x18 [ 63.540839][ T169] ? trace_hardirqs_on+0x55/0x220 [ 63.546045][ T169] ? bio_alloc_bioset+0x5b2/0x5d0 [ 63.551424][ T169] ? bio_alloc_bioset+0x5b2/0x5d0 [ 63.556442][ T169] end_report+0x4d/0x53 [ 63.560582][ T169] kasan_report.cold+0xd/0x37 [ 63.565370][ T169] ? mark_lock+0x90/0x1710 [ 63.569882][ T169] ? bio_alloc_bioset+0x5b2/0x5d0 [ 63.574921][ T169] bio_alloc_bioset+0x5b2/0x5d0 [ 63.579758][ T169] ? __lock_acquire+0xc1e/0x56e0 [ 63.584935][ T169] ? bvec_alloc+0x2f0/0x2f0 [ 63.589448][ T169] bio_clone_fast+0x21/0x1b0 [ 63.594137][ T169] bio_split+0xc7/0x2c0 [ 63.598362][ T169] __blk_queue_split+0x10e2/0x1650 [ 63.603483][ T169] ? bio_will_gap.part.0+0xce0/0xce0 [ 63.608750][ T169] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.614769][ T169] blk_mq_submit_bio+0x1b0/0x1760 [ 63.619775][ T169] ? blk_queue_enter+0xb5d/0xcd0 [ 63.624690][ T169] ? blk_mq_try_issue_directly+0x190/0x190 [ 63.630500][ T169] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 63.636046][ T169] submit_bio_noacct+0xc9e/0x12d0 [ 63.641147][ T169] ? blk_queue_enter+0xcd0/0xcd0 [ 63.646330][ T169] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.652442][ T169] ? lockdep_hardirqs_on+0x6a/0xe0 [ 63.657650][ T169] submit_bio+0x263/0x5b0 [ 63.661963][ T169] ? submit_bio_noacct+0x12d0/0x12d0 [ 63.667243][ T169] ? bio_add_page+0x186/0x1f0 [ 63.671907][ T169] ? __bio_add_page+0x4f0/0x4f0 [ 63.676876][ T169] ? lock_downgrade+0x820/0x820 [ 63.681802][ T169] ? mod_lruvec_page_state+0x2ae/0x3e0 [ 63.687251][ T169] ext4_bio_write_page+0x9a8/0x1c27 [ 63.692462][ T169] mpage_submit_page+0x140/0x2c0 [ 63.697395][ T169] ext4_writepages+0x237e/0x3960 [ 63.702314][ T169] ? __ext4_mark_inode_dirty+0x910/0x910 [ 63.707923][ T169] ? __brelse+0x84/0xa0 [ 63.712060][ T169] ? mark_lock+0xbc/0x1710 [ 63.716458][ T169] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 63.722421][ T169] ? __ext4_mark_inode_dirty+0x910/0x910 [ 63.728052][ T169] do_writepages+0xec/0x290 [ 63.732535][ T169] ? writeback_set_ratelimit+0x150/0x150 [ 63.738146][ T169] ? lock_downgrade+0x820/0x820 [ 63.743059][ T169] ? lock_is_held_type+0xb0/0xe0 [ 63.748007][ T169] __writeback_single_inode+0x125/0x1400 [ 63.753806][ T169] ? _raw_spin_unlock+0x24/0x40 [ 63.758652][ T169] ? wbc_attach_and_unlock_inode+0x11d/0x9d0 [ 63.764885][ T169] writeback_sb_inodes+0x53d/0xf40 [ 63.769999][ T169] ? __writeback_single_inode+0x1400/0x1400 [ 63.775878][ T169] __writeback_inodes_wb+0xc6/0x280 [ 63.781073][ T169] wb_writeback+0x8bb/0xd40 [ 63.785572][ T169] ? __writeback_inodes_wb+0x280/0x280 [ 63.791011][ T169] ? cpumask_next+0x3c/0x40 [ 63.795491][ T169] ? get_nr_dirty_inodes+0x19e/0x210 [ 63.800789][ T169] wb_workfn+0xb20/0x13e0 [ 63.805118][ T169] ? inode_wait_for_writeback+0x30/0x30 [ 63.810671][ T169] ? process_one_work+0x85f/0x1670 [ 63.815838][ T169] ? lock_release+0x8d0/0x8d0 [ 63.820521][ T169] ? _raw_spin_unlock_irq+0x1f/0x80 [ 63.825797][ T169] ? lock_is_held_type+0xb0/0xe0 [ 63.830725][ T169] process_one_work+0x94c/0x1670 [ 63.835999][ T169] ? lock_release+0x8d0/0x8d0 [ 63.841718][ T169] ? pwq_dec_nr_in_flight+0x2d0/0x2d0 [ 63.847074][ T169] ? rwlock_bug.part.0+0x90/0x90 [ 63.852083][ T169] ? lockdep_hardirqs_off+0x66/0xa0 [ 63.857279][ T169] worker_thread+0x64c/0x1120 [ 63.861947][ T169] ? process_one_work+0x1670/0x1670 [ 63.867136][ T169] kthread+0x3b5/0x4a0 [ 63.871233][ T169] ? __kthread_bind_mask+0xc0/0xc0 [ 63.876325][ T169] ? __kthread_bind_mask+0xc0/0xc0 [ 63.881526][ T169] ret_from_fork+0x1f/0x30 [ 63.887384][ T169] Kernel Offset: disabled [ 63.893176][ T169] Rebooting in 86400 seconds..