[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Ch[ 37.595979][ T6728] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6728 anges. [ 37.606328][ T6728] caller is ext4_mb_new_blocks+0x301/0x1620 [ 37.612608][ T6728] CPU: 1 PID: 6728 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 37.621162][ T6728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.631226][ T6728] Call Trace: [ 37.634489][ T6728] dump_stack+0x1f0/0x31e [ 37.638805][ T6728] check_preemption_disabled+0x1c9/0x240 [ 37.644446][ T6728] ext4_mb_new_blocks+0x301/0x1620 [ 37.649535][ T6728] ext4_ext_map_blocks+0x2ad5/0x6d20 [ 37.654798][ T6728] ? ext4_map_blocks+0x7ea/0x19e0 [ 37.659800][ T6728] ext4_map_blocks+0x8c1/0x19e0 [ 37.664639][ T6728] ext4_getblk+0xa4/0x460 [ 37.668968][ T6728] ext4_bread+0x48/0x330 [ 37.673180][ T6728] ext4_append+0x153/0x2d0 [ 37.677569][ T6728] ext4_mkdir+0x75f/0x14c0 [ 37.681964][ T6728] vfs_mkdir+0x42a/0x620 [ 37.686180][ T6728] do_mkdirat+0x1b9/0x310 [ 37.690491][ T6728] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 37.696537][ T6728] do_syscall_64+0x73/0xe0 [ 37.700926][ T6728] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 37.706805][ T6728] RIP: 0033:0x7fb0da20f687 [ 37.711185][ T6728] Code: Bad RIP value. [ 37.715219][ T6728] RSP: 002b:00007ffd8c414168 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 37.723597][ T6728] RAX: ffffffffffffffda RBX: 0000562b5c181985 RCX: 00007fb0da20f687 [ 37.731553][ T6728] RDX: 00007ffd8c414030 RSI: 00000000000001ed RDI: 0000562b5c181985 [ 37.739508][ T6728] RBP: 00007fb0da20f680 R08: 0000000000000100 R09: 0000000000000000 [ 37.747453][ T6728] R10: 0000562b5c181980 R11: 0000000000000246 R12: 00000000000001ed [ 37.755395][ T6728] R13: 00007ffd8c4142f0 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.57' (ECDSA) to the list of known hosts. 2020/06/15 19:37:10 fuzzer started 2020/06/15 19:37:10 connecting to host at 10.128.0.26:40171 2020/06/15 19:37:10 checking machine... 2020/06/15 19:37:10 checking revisions... 2020/06/15 19:37:10 testing simple program... syzkaller login: [ 42.872906][ T6796] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6796 [ 42.882059][ T6796] caller is ext4_mb_new_blocks+0x301/0x1620 [ 42.887940][ T6796] CPU: 1 PID: 6796 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 42.896149][ T6796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 42.906215][ T6796] Call Trace: [ 42.909526][ T6796] dump_stack+0x1f0/0x31e [ 42.913833][ T6796] check_preemption_disabled+0x1c9/0x240 [ 42.919446][ T6796] ext4_mb_new_blocks+0x301/0x1620 [ 42.924588][ T6796] ext4_ext_map_blocks+0x2ad5/0x6d20 [ 42.929859][ T6796] ? ext4_map_blocks+0x7ea/0x19e0 [ 42.934906][ T6796] ext4_map_blocks+0x8c1/0x19e0 [ 42.939751][ T6796] ext4_getblk+0xa4/0x460 [ 42.944197][ T6796] ext4_bread+0x48/0x330 [ 42.948420][ T6796] ext4_append+0x153/0x2d0 [ 42.952823][ T6796] ext4_mkdir+0x75f/0x14c0 [ 42.957225][ T6796] vfs_mkdir+0x42a/0x620 [ 42.961467][ T6796] do_mkdirat+0x1b9/0x310 [ 42.965785][ T6796] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 42.971824][ T6796] do_syscall_64+0x73/0xe0 [ 42.976217][ T6796] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 42.982085][ T6796] RIP: 0033:0x4b02a0 [ 42.985949][ T6796] Code: Bad RIP value. [ 42.990118][ T6796] RSP: 002b:000000c00004f4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 42.998499][ T6796] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 43.006443][ T6796] RDX: 00000000000001c0 RSI: 000000c0000ca980 RDI: ffffffffffffff9c [ 43.014426][ T6796] RBP: 000000c00004f510 R08: 0000000000000000 R09: 0000000000000000 [ 43.022481][ T6796] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 43.030436][ T6796] R13: 000000000000004d R14: 000000000000004c R15: 0000000000000100 [ 43.049854][ T6810] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6810 [ 43.059311][ T6810] caller is ext4_mb_new_blocks+0x301/0x1620 [ 43.065611][ T6810] CPU: 0 PID: 6810 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 43.074188][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.084220][ T6810] Call Trace: [ 43.087596][ T6810] dump_stack+0x1f0/0x31e [ 43.091910][ T6810] check_preemption_disabled+0x1c9/0x240 [ 43.097518][ T6810] ext4_mb_new_blocks+0x301/0x1620 [ 43.102633][ T6810] ext4_ext_map_blocks+0x2ad5/0x6d20 [ 43.107899][ T6810] ? ext4_map_blocks+0x7ea/0x19e0 [ 43.112905][ T6810] ext4_map_blocks+0x8c1/0x19e0 [ 43.117735][ T6810] ext4_getblk+0xa4/0x460 [ 43.122039][ T6810] ext4_bread+0x48/0x330 [ 43.126253][ T6810] ext4_append+0x153/0x2d0 [ 43.130641][ T6810] ext4_mkdir+0x75f/0x14c0 [ 43.135048][ T6810] vfs_mkdir+0x42a/0x620 [ 43.139280][ T6810] do_mkdirat+0x1b9/0x310 [ 43.143598][ T6810] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.149656][ T6810] do_syscall_64+0x73/0xe0 [ 43.154046][ T6810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.159908][ T6810] RIP: 0033:0x45bed7 [ 43.163769][ T6810] Code: Bad RIP value. [ 43.167805][ T6810] RSP: 002b:00007ffe7a426718 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 43.176196][ T6810] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 43.184151][ T6810] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007ffe7a4268f0 [ 43.192105][ T6810] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 00000000000021c0 [ 43.200056][ T6810] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 43.208010][ T6810] R13: 00007ffe7a4268f0 R14: 8421084210842109 R15: 00007ffe7a4268fc [ 43.275598][ T6811] IPVS: ftp: loaded support on port[0] = 21 [ 43.307767][ T6811] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6811 [ 43.317251][ T6811] caller is ext4_mb_new_blocks+0x301/0x1620 [ 43.323320][ T6811] CPU: 1 PID: 6811 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 43.331890][ T6811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.341925][ T6811] Call Trace: [ 43.345199][ T6811] dump_stack+0x1f0/0x31e [ 43.349504][ T6811] check_preemption_disabled+0x1c9/0x240 [ 43.355115][ T6811] ext4_mb_new_blocks+0x301/0x1620 [ 43.360207][ T6811] ext4_ext_map_blocks+0x2ad5/0x6d20 [ 43.365471][ T6811] ? ext4_map_blocks+0x7ea/0x19e0 [ 43.370472][ T6811] ext4_map_blocks+0x8c1/0x19e0 [ 43.375303][ T6811] ext4_getblk+0xa4/0x460 [ 43.379607][ T6811] ext4_bread+0x48/0x330 [ 43.383822][ T6811] ext4_append+0x153/0x2d0 [ 43.388221][ T6811] ext4_mkdir+0x75f/0x14c0 [ 43.392619][ T6811] vfs_mkdir+0x42a/0x620 [ 43.396836][ T6811] do_mkdirat+0x1b9/0x310 [ 43.401144][ T6811] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.407189][ T6811] do_syscall_64+0x73/0xe0 [ 43.411578][ T6811] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.417456][ T6811] RIP: 0033:0x45bed7 [ 43.421329][ T6811] Code: Bad RIP value. [ 43.425364][ T6811] RSP: 002b:00007ffe7a426608 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 43.433745][ T6811] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 43.441689][ T6811] RDX: 00007ffe7a426653 RSI: 00000000000001ff RDI: 00007ffe7a426650 [ 43.449631][ T6811] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 43.457575][ T6811] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185c0 [ 43.465517][ T6811] R13: 00007ffe7a426640 R14: 0000000000000000 R15: 00007ffe7a426650 [ 43.522585][ T6811] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6811 [ 43.532182][ T6811] caller is ext4_mb_new_blocks+0x301/0x1620 [ 43.538078][ T6811] CPU: 1 PID: 6811 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 43.546639][ T6811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 43.556666][ T6811] Call Trace: [ 43.559943][ T6811] dump_stack+0x1f0/0x31e [ 43.564263][ T6811] check_preemption_disabled+0x1c9/0x240 [ 43.569868][ T6811] ext4_mb_new_blocks+0x301/0x1620 [ 43.574959][ T6811] ext4_ext_map_blocks+0x2ad5/0x6d20 [ 43.580223][ T6811] ? ext4_map_blocks+0x7ea/0x19e0 [ 43.585228][ T6811] ext4_map_blocks+0x8c1/0x19e0 [ 43.590058][ T6811] ext4_getblk+0xa4/0x460 [ 43.594376][ T6811] ext4_bread+0x48/0x330 [ 43.598592][ T6811] ext4_append+0x153/0x2d0 [ 43.602982][ T6811] ext4_mkdir+0x75f/0x14c0 [ 43.607383][ T6811] vfs_mkdir+0x42a/0x620 [ 43.611605][ T6811] do_mkdirat+0x1b9/0x310 [ 43.615909][ T6811] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.622060][ T6811] do_syscall_64+0x73/0xe0 [ 43.626451][ T6811] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 43.632332][ T6811] RIP: 0033:0x45bed7 [ 43.636207][ T6811] Code: Bad RIP value. [ 43.640243][ T6811] RSP: 002b:00007ffe7a426608 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 43.648620][ T6811] RAX: ffffffffffffffda RBX: 000000000000a9f8 RCX: 000000000045bed7 [ 43.656565][ T6811] RDX: 00007ffe7a426653 RSI: 00000000000001ff RDI: 00007ffe7a426650 [ 43.664508][ T6811] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/15 19:37:11 building call list... [ 43.672458][ T6811] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 43.680408][ T6811] R13: 00007ffe7a426640 R14: 000000000000a9de R15: 00007ffe7a426650 [ 43.891048][ T21] tipc: TX() has been purged, node left! [ 44.402919][ T21] ================================================================== [ 44.411113][ T21] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x16f/0x1c0 [ 44.418987][ T21] Write of size 1 at addr ffff8880a01029e4 by task kworker/u4:1/21 [ 44.426855][ T21] [ 44.429173][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc1-syzkaller #0 [ 44.437389][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.447436][ T21] Workqueue: netns cleanup_net [ 44.452208][ T21] Call Trace: [ 44.455501][ T21] dump_stack+0x1f0/0x31e [ 44.459828][ T21] print_address_description+0x66/0x5a0 [ 44.465358][ T21] ? vprintk_emit+0x342/0x3c0 [ 44.470031][ T21] ? printk+0x62/0x83 [ 44.474004][ T21] ? vprintk_emit+0x339/0x3c0 [ 44.478673][ T21] kasan_report+0x132/0x1d0 [ 44.483167][ T21] ? afs_wake_up_async_call+0x16f/0x1c0 [ 44.488702][ T21] ? afs_make_call+0x24f0/0x24f0 [ 44.493624][ T21] afs_wake_up_async_call+0x16f/0x1c0 [ 44.498983][ T21] ? afs_make_call+0x24f0/0x24f0 [ 44.503907][ T21] rxrpc_notify_socket+0x1e7/0x4a0 [ 44.509039][ T21] rxrpc_call_completed+0x131/0x210 [ 44.514222][ T21] ? afs_rx_new_call+0x240/0x240 [ 44.519160][ T21] rxrpc_discard_prealloc+0x60d/0x710 [ 44.524549][ T21] rxrpc_listen+0x246/0x370 [ 44.529043][ T21] afs_close_socket+0x57/0x280 [ 44.533799][ T21] ? afs_purge_servers+0x21f/0x280 [ 44.538900][ T21] ? init_wait_var_entry+0x150/0x150 [ 44.544184][ T21] afs_net_exit+0x4f/0x90 [ 44.548502][ T21] cleanup_net+0x708/0xba0 [ 44.552917][ T21] process_one_work+0x789/0xfc0 [ 44.557782][ T21] worker_thread+0xaa4/0x1460 [ 44.562489][ T21] kthread+0x37e/0x3a0 [ 44.566550][ T21] ? rcu_lock_release+0x20/0x20 [ 44.571386][ T21] ? kthread_blkcg+0xd0/0xd0 [ 44.575964][ T21] ret_from_fork+0x1f/0x30 [ 44.580379][ T21] [ 44.582695][ T21] Allocated by task 6811: [ 44.587009][ T21] __kasan_kmalloc+0x103/0x140 [ 44.591758][ T21] kmem_cache_alloc_trace+0x234/0x300 [ 44.597115][ T21] afs_alloc_call+0x89/0x2f0 [ 44.601692][ T21] afs_charge_preallocation+0xf0/0x2a0 [ 44.607132][ T21] afs_open_socket+0x3c7/0x510 [ 44.611881][ T21] afs_net_init+0x772/0x940 [ 44.616376][ T21] ops_init+0x320/0x410 [ 44.620519][ T21] setup_net+0x1cb/0x770 [ 44.624751][ T21] copy_net_ns+0x339/0x540 [ 44.629155][ T21] create_new_namespaces+0x52e/0x9f0 [ 44.634428][ T21] unshare_nsproxy_namespaces+0x123/0x190 [ 44.640138][ T21] ksys_unshare+0x463/0x950 [ 44.644628][ T21] __x64_sys_unshare+0x34/0x40 [ 44.649380][ T21] do_syscall_64+0x73/0xe0 [ 44.653794][ T21] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 44.659674][ T21] [ 44.661996][ T21] Freed by task 21: [ 44.665806][ T21] __kasan_slab_free+0x114/0x170 [ 44.670734][ T21] kfree+0x10a/0x220 [ 44.674624][ T21] afs_put_call+0x30e/0x420 [ 44.679126][ T21] rxrpc_discard_prealloc+0x5e2/0x710 [ 44.684492][ T21] rxrpc_listen+0x246/0x370 [ 44.689053][ T21] afs_close_socket+0x57/0x280 [ 44.693844][ T21] afs_net_exit+0x4f/0x90 [ 44.698145][ T21] cleanup_net+0x708/0xba0 [ 44.702534][ T21] process_one_work+0x789/0xfc0 [ 44.707356][ T21] worker_thread+0xaa4/0x1460 [ 44.712001][ T21] kthread+0x37e/0x3a0 [ 44.716047][ T21] ret_from_fork+0x1f/0x30 [ 44.720428][ T21] [ 44.722731][ T21] The buggy address belongs to the object at ffff8880a0102800 [ 44.722731][ T21] which belongs to the cache kmalloc-1k of size 1024 [ 44.736754][ T21] The buggy address is located 484 bytes inside of [ 44.736754][ T21] 1024-byte region [ffff8880a0102800, ffff8880a0102c00) [ 44.750080][ T21] The buggy address belongs to the page: [ 44.755683][ T21] page:ffffea0002804080 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 44.764783][ T21] flags: 0xfffe0000000200(slab) [ 44.769607][ T21] raw: 00fffe0000000200 ffffea00028adcc8 ffffea00027e4c88 ffff8880aa400c40 [ 44.778160][ T21] raw: 0000000000000000 ffff8880a0102000 0000000100000002 0000000000000000 [ 44.786709][ T21] page dumped because: kasan: bad access detected [ 44.793097][ T21] [ 44.795394][ T21] Memory state around the buggy address: [ 44.801003][ T21] ffff8880a0102880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.809056][ T21] ffff8880a0102900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.817086][ T21] >ffff8880a0102980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.825114][ T21] ^ [ 44.832298][ T21] ffff8880a0102a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.840329][ T21] ffff8880a0102a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.848366][ T21] ================================================================== [ 44.856398][ T21] Disabling lock debugging due to kernel taint [ 44.862586][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 44.869160][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 44.878767][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 44.888811][ T21] Workqueue: netns cleanup_net [ 44.893539][ T21] Call Trace: [ 44.896809][ T21] dump_stack+0x1f0/0x31e [ 44.901111][ T21] panic+0x264/0x7a0 [ 44.904987][ T21] ? trace_hardirqs_on+0x30/0x80 [ 44.909895][ T21] ? _raw_spin_unlock_irqrestore+0xa5/0xd0 [ 44.915681][ T21] kasan_report+0x1c9/0x1d0 [ 44.920155][ T21] ? afs_wake_up_async_call+0x16f/0x1c0 [ 44.925686][ T21] ? afs_make_call+0x24f0/0x24f0 [ 44.930604][ T21] afs_wake_up_async_call+0x16f/0x1c0 [ 44.935960][ T21] ? afs_make_call+0x24f0/0x24f0 [ 44.940873][ T21] rxrpc_notify_socket+0x1e7/0x4a0 [ 44.946011][ T21] rxrpc_call_completed+0x131/0x210 [ 44.951222][ T21] ? afs_rx_new_call+0x240/0x240 [ 44.956166][ T21] rxrpc_discard_prealloc+0x60d/0x710 [ 44.961508][ T21] rxrpc_listen+0x246/0x370 [ 44.965982][ T21] afs_close_socket+0x57/0x280 [ 44.970757][ T21] ? afs_purge_servers+0x21f/0x280 [ 44.975837][ T21] ? init_wait_var_entry+0x150/0x150 [ 44.981090][ T21] afs_net_exit+0x4f/0x90 [ 44.985388][ T21] cleanup_net+0x708/0xba0 [ 44.989776][ T21] process_one_work+0x789/0xfc0 [ 44.994599][ T21] worker_thread+0xaa4/0x1460 [ 44.999249][ T21] kthread+0x37e/0x3a0 [ 45.003288][ T21] ? rcu_lock_release+0x20/0x20 [ 45.008106][ T21] ? kthread_blkcg+0xd0/0xd0 [ 45.012676][ T21] ret_from_fork+0x1f/0x30 [ 45.018368][ T21] Kernel Offset: disabled [ 45.022688][ T21] Rebooting in 86400 seconds..