Warning: Permanently added '10.128.1.55' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 70.161648] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 70.169897] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 70.189586] EXT4-fs (loop1): re-mounted. Opts: (null) [ 70.196656] EXT4-fs (loop1): re-mounted. Opts: (null) [ 70.210286] EXT4-fs (loop3): re-mounted. Opts: (null) [ 70.218665] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 70.228777] EXT4-fs (loop1): re-mounted. Opts: (null) [ 70.240412] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 70.243631] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 70.254403] EXT4-fs (loop1): re-mounted. Opts: (null) [ 70.267164] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 70.271213] EXT4-fs (loop1): re-mounted. Opts: (null) [ 70.279394] EXT4-fs (loop3): re-mounted. Opts: (null) [ 70.281874] EXT4-fs (loop1): re-mounted. Opts: (null) [ 70.290593] EXT4-fs (loop0): re-mounted. Opts: (null) [ 70.291824] EXT4-fs (loop1): re-mounted. Opts: (null) [ 70.301600] EXT4-fs (loop3): re-mounted. Opts: (null) [ 70.304461] EXT4-fs (loop1): re-mounted. Opts: (null) [ 70.323344] EXT4-fs (loop0): re-mounted. Opts: (null) [ 70.329000] EXT4-fs (loop1): re-mounted. Opts: (null) [ 70.337296] EXT4-fs (loop0): re-mounted. Opts: (null) [ 70.343761] EXT4-fs (loop0): re-mounted. Opts: (null) [ 70.352102] EXT4-fs (loop3): re-mounted. Opts: (null) [ 70.353519] EXT4-fs (loop1): re-mounted. Opts: (null) [ 70.368505] EXT4-fs (loop3): re-mounted. Opts: (null) executing program executing program [ 70.375126] EXT4-fs (loop3): re-mounted. Opts: (null) [ 70.386583] EXT4-fs (loop0): re-mounted. Opts: (null) [ 70.394287] EXT4-fs (loop3): re-mounted. Opts: (null) [ 70.401747] EXT4-fs (loop0): re-mounted. Opts: (null) [ 70.407193] EXT4-fs (loop3): re-mounted. Opts: (null) [ 70.413919] EXT4-fs (loop0): re-mounted. Opts: (null) executing program executing program [ 70.420581] EXT4-fs (loop3): re-mounted. Opts: (null) [ 70.425896] EXT4-fs (loop0): re-mounted. Opts: (null) [ 70.439239] EXT4-fs (loop3): re-mounted. Opts: (null) [ 70.448228] EXT4-fs (loop0): re-mounted. Opts: (null) [ 70.462408] EXT4-fs (loop0): re-mounted. Opts: (null) executing program [ 70.490495] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 70.504714] EXT4-fs (loop2): re-mounted. Opts: (null) [ 70.515182] EXT4-fs (loop2): re-mounted. Opts: (null) [ 70.522816] EXT4-fs (loop2): re-mounted. Opts: (null) [ 70.528128] EXT4-fs (loop2): re-mounted. Opts: (null) [ 70.534649] EXT4-fs (loop2): re-mounted. Opts: (null) executing program [ 70.541617] EXT4-fs (loop2): re-mounted. Opts: (null) [ 70.548727] EXT4-fs (loop2): re-mounted. Opts: (null) [ 70.561742] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 70.564942] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue executing program [ 70.585475] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 70.594879] EXT4-fs (loop2): re-mounted. Opts: (null) [ 70.603462] EXT4-fs (loop2): re-mounted. Opts: (null) [ 70.615185] EXT4-fs (loop2): re-mounted. Opts: (null) [ 70.626433] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 70.640794] EXT4-fs (loop3): re-mounted. Opts: (null) [ 70.647893] EXT4-fs (loop3): re-mounted. Opts: (null) [ 70.655047] EXT4-fs (loop3): re-mounted. Opts: (null) [ 70.661617] EXT4-fs (loop3): re-mounted. Opts: (null) [ 70.668824] EXT4-fs (loop3): re-mounted. Opts: (null) [ 70.680872] EXT4-fs (loop3): re-mounted. Opts: (null) [ 70.687348] EXT4-fs (loop3): re-mounted. Opts: (null) executing program executing program executing program executing program [ 70.694224] EXT4-fs (loop3): re-mounted. Opts: (null) [ 70.700742] EXT4-fs (loop3): re-mounted. Opts: (null) [ 70.706201] EXT4-fs (loop3): re-mounted. Opts: (null) [ 70.724129] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 70.783001] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 70.793733] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 70.804299] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue executing program executing program [ 70.842534] EXT4-fs (loop2): re-mounted. Opts: (null) [ 70.847845] EXT4-fs (loop1): re-mounted. Opts: (null) [ 70.863525] EXT4-fs (loop1): re-mounted. Opts: (null) [ 70.868973] EXT4-fs (loop2): re-mounted. Opts: (null) [ 70.878102] EXT4-fs (loop2): re-mounted. Opts: (null) [ 70.884200] EXT4-fs (loop1): re-mounted. Opts: (null) [ 70.892197] EXT4-fs (loop2): re-mounted. Opts: (null) [ 70.897699] EXT4-fs (loop1): re-mounted. Opts: (null) [ 70.904263] EXT4-fs (loop2): re-mounted. Opts: (null) [ 70.911713] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 70.921253] EXT4-fs (loop2): re-mounted. Opts: (null) [ 70.926937] EXT4-fs (loop1): re-mounted. Opts: (null) [ 70.935745] EXT4-fs (loop1): re-mounted. Opts: (null) executing program [ 70.942424] EXT4-fs (loop2): re-mounted. Opts: (null) [ 70.947879] EXT4-fs (loop1): re-mounted. Opts: (null) [ 70.956666] EXT4-fs (loop2): re-mounted. Opts: (null) [ 70.963039] EXT4-fs (loop1): re-mounted. Opts: (null) [ 70.970884] EXT4-fs (loop0): re-mounted. Opts: (null) [ 70.978896] EXT4-fs (loop0): re-mounted. Opts: (null) [ 70.988150] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue [ 70.998378] EXT4-fs (loop5): re-mounted. Opts: (null) [ 70.999611] EXT4-fs (loop2): re-mounted. Opts: (null) [ 71.010932] EXT4-fs (loop5): re-mounted. Opts: (null) [ 71.014199] EXT4-fs (loop1): re-mounted. Opts: (null) [ 71.016693] EXT4-fs (loop5): re-mounted. Opts: (null) [ 71.026993] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 71.027017] EXT4-fs (loop5): re-mounted. Opts: (null) [ 71.041025] EXT4-fs (loop2): re-mounted. Opts: (null) [ 71.041071] EXT4-fs (loop0): re-mounted. Opts: (null) [ 71.053032] EXT4-fs (loop5): re-mounted. Opts: (null) [ 71.057939] EXT4-fs (loop1): re-mounted. Opts: (null) [ 71.065122] EXT4-fs (loop0): re-mounted. Opts: (null) [ 71.075129] EXT4-fs (loop0): re-mounted. Opts: (null) [ 71.083926] EXT4-fs (loop5): re-mounted. Opts: (null) [ 71.090370] ================================================================== [ 71.090600] EXT4-fs (loop5): re-mounted. Opts: (null) [ 71.097840] BUG: KASAN: use-after-free in kthread_stop+0x72/0x6b0 [ 71.097853] Write of size 4 at addr ffff888092ef25a0 by task syz-executor308/8124 [ 71.097857] [ 71.097868] CPU: 0 PID: 8124 Comm: syz-executor308 Not tainted 4.19.211-syzkaller #0 [ 71.097879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 71.103928] EXT4-fs (loop0): re-mounted. Opts: (null) [ 71.109357] Call Trace: [ 71.109378] dump_stack+0x1fc/0x2ef [ 71.109398] print_address_description.cold+0x54/0x219 [ 71.109418] kasan_report_error.cold+0x8a/0x1b9 [ 71.109431] ? kthread_stop+0x72/0x6b0 [ 71.109441] kasan_report+0x8f/0xa0 [ 71.109454] ? kthread_stop+0x72/0x6b0 [ 71.117181] EXT4-fs (loop0): re-mounted. Opts: (null) [ 71.118667] kthread_stop+0x72/0x6b0 [ 71.118682] ext4_put_super+0x93c/0x1010 [ 71.118695] ? ext4_quota_write+0x530/0x530 [ 71.118713] generic_shutdown_super+0x144/0x370 [ 71.126858] EXT4-fs (loop5): re-mounted. Opts: (null) [ 71.135906] kill_block_super+0x97/0xf0 [ 71.135923] deactivate_locked_super+0x94/0x160 [ 71.135934] deactivate_super+0x174/0x1a0 [ 71.135948] ? deactivate_locked_super+0x160/0x160 [ 71.135963] ? dput+0x31/0x640 [ 71.135980] cleanup_mnt+0x1a8/0x290 [ 71.141315] EXT4-fs (loop0): re-mounted. Opts: (null) [ 71.143721] task_work_run+0x148/0x1c0 [ 71.143740] exit_to_usermode_loop+0x251/0x2a0 [ 71.143755] do_syscall_64+0x538/0x620 [ 71.147455] EXT4-fs (loop0): re-mounted. Opts: (null) [ 71.152614] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.152626] RIP: 0033:0x7f6d28249317 [ 71.152638] Code: ff d0 48 89 c7 b8 3c 00 00 00 0f 05 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 71.152645] RSP: 002b:00007ffc08483f08 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 71.152656] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f6d28249317 [ 71.152664] RDX: 00007ffc08483fc9 RSI: 000000000000000a RDI: 00007ffc08483fc0 [ 71.152674] RBP: 00007ffc08483fc0 R08: 00000000ffffffff R09: 00007ffc08483da0 [ 71.157424] EXT4-fs (loop5): re-mounted. Opts: (null) [ 71.161179] R10: 0000555556b57683 R11: 0000000000000202 R12: 00007ffc08485080 [ 71.161186] R13: 0000555556b575f0 R14: 00007ffc08483f30 R15: 00007ffc084850a0 [ 71.161203] [ 71.161210] Allocated by task 2: [ 71.161224] kmem_cache_alloc_node+0x146/0x3b0 [ 71.161238] copy_process.part.0+0x1ceb/0x8260 [ 71.161249] _do_fork+0x22f/0xf30 [ 71.161263] kernel_thread+0x2f/0x40 [ 71.165001] EXT4-fs (loop0): re-mounted. Opts: (null) [ 71.168743] kthreadd+0x544/0x7b0 [ 71.168756] ret_from_fork+0x24/0x30 [ 71.168759] [ 71.168765] Freed by task 8286: [ 71.168776] kmem_cache_free+0x7f/0x260 [ 71.168791] __put_task_struct+0x2ba/0x340 [ 71.174209] EXT4-fs (loop5): re-mounted. Opts: (null) [ 71.177744] delayed_put_task_struct+0x1dc/0x320 [ 71.177757] rcu_process_callbacks+0x8ff/0x18b0 [ 71.177768] __do_softirq+0x265/0x980 [ 71.177771] [ 71.177783] The buggy address belongs to the object at ffff888092ef2580 [ 71.177783] which belongs to the cache task_struct of size 6208 [ 71.399427] The buggy address is located 32 bytes inside of [ 71.399427] 6208-byte region [ffff888092ef2580, ffff888092ef3dc0) [ 71.411279] The buggy address belongs to the page: [ 71.416187] page:ffffea00024bbc80 count:1 mapcount:0 mapping:ffff88823b8337c0 index:0x0 compound_mapcount: 0 [ 71.426138] flags: 0xfff00000008100(slab|head) [ 71.430702] raw: 00fff00000008100 ffffea0002a93a08 ffffea0002aac408 ffff88823b8337c0 [ 71.438561] raw: 0000000000000000 ffff888092ef2580 0000000100000001 0000000000000000 [ 71.446414] page dumped because: kasan: bad access detected [ 71.452096] [ 71.453700] Memory state around the buggy address: [ 71.458608] ffff888092ef2480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 71.465951] ffff888092ef2500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 71.473304] >ffff888092ef2580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.480636] ^ [ 71.485024] ffff888092ef2600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.492358] ffff888092ef2680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 71.499694] ================================================================== [ 71.507023] Disabling lock debugging due to kernel taint [ 71.518430] Kernel panic - not syncing: panic_on_warn set ... [ 71.518430] [ 71.525804] CPU: 1 PID: 8124 Comm: syz-executor308 Tainted: G B 4.19.211-syzkaller #0 [ 71.535143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 [ 71.544480] Call Trace: [ 71.547060] dump_stack+0x1fc/0x2ef [ 71.550673] panic+0x26a/0x50e [ 71.553846] ? __warn_printk+0xf3/0xf3 [ 71.557718] ? preempt_schedule_common+0x45/0xc0 [ 71.562461] ? ___preempt_schedule+0x16/0x18 [ 71.566848] ? trace_hardirqs_on+0x55/0x210 [ 71.571148] kasan_end_report+0x43/0x49 [ 71.575115] kasan_report_error.cold+0xa7/0x1b9 [ 71.579779] ? kthread_stop+0x72/0x6b0 [ 71.583656] kasan_report+0x8f/0xa0 [ 71.587262] ? kthread_stop+0x72/0x6b0 [ 71.591135] kthread_stop+0x72/0x6b0 [ 71.594842] ext4_put_super+0x93c/0x1010 [ 71.598891] ? ext4_quota_write+0x530/0x530 [ 71.603236] generic_shutdown_super+0x144/0x370 [ 71.607885] kill_block_super+0x97/0xf0 [ 71.612015] deactivate_locked_super+0x94/0x160 [ 71.616666] deactivate_super+0x174/0x1a0 [ 71.620797] ? deactivate_locked_super+0x160/0x160 [ 71.625716] ? dput+0x31/0x640 [ 71.628890] cleanup_mnt+0x1a8/0x290 [ 71.632586] task_work_run+0x148/0x1c0 [ 71.636455] exit_to_usermode_loop+0x251/0x2a0 [ 71.641018] do_syscall_64+0x538/0x620 [ 71.644895] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 71.650062] RIP: 0033:0x7f6d28249317 [ 71.653760] Code: ff d0 48 89 c7 b8 3c 00 00 00 0f 05 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 71.672642] RSP: 002b:00007ffc08483f08 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 71.680326] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f6d28249317 [ 71.687576] RDX: 00007ffc08483fc9 RSI: 000000000000000a RDI: 00007ffc08483fc0 [ 71.694922] RBP: 00007ffc08483fc0 R08: 00000000ffffffff R09: 00007ffc08483da0 [ 71.702172] R10: 0000555556b57683 R11: 0000000000000202 R12: 00007ffc08485080 [ 71.709420] R13: 0000555556b575f0 R14: 00007ffc08483f30 R15: 00007ffc084850a0 [ 71.716845] Kernel Offset: disabled [ 71.720454] Rebooting in 86400 seconds..