[ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. [ 42.228971][ T6547] bash (6547) used greatest stack depth: 23560 bytes left Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.29' (ECDSA) to the list of known hosts. executing program executing program executing program executing program executing program executing program syzkaller login: [ 1087.082080][ T6802] IPVS: ftp: loaded support on port[0] = 21 [ 1087.085001][ T6809] IPVS: ftp: loaded support on port[0] = 21 [ 1087.098157][ T6812] IPVS: ftp: loaded support on port[0] = 21 [ 1087.098733][ T6811] IPVS: ftp: loaded support on port[0] = 21 [ 1087.118129][ T6810] IPVS: ftp: loaded support on port[0] = 21 [ 1087.127544][ T6813] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program [ 1087.308490][ T6912] IPVS: ftp: loaded support on port[0] = 21 [ 1087.328441][ T6925] IPVS: ftp: loaded support on port[0] = 21 [ 1087.349566][ T7] tipc: TX() has been purged, node left! [ 1087.364359][ T6935] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program [ 1087.488145][ T7007] IPVS: ftp: loaded support on port[0] = 21 [ 1087.518745][ T7014] IPVS: ftp: loaded support on port[0] = 21 [ 1087.529983][ T7017] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program [ 1087.641126][ T7078] IPVS: ftp: loaded support on port[0] = 21 [ 1087.669930][ T7096] IPVS: ftp: loaded support on port[0] = 21 [ 1087.713699][ T7116] IPVS: ftp: loaded support on port[0] = 21 executing program [ 1087.844398][ T7157] IPVS: ftp: loaded support on port[0] = 21 executing program [ 1088.034279][ T7206] IPVS: ftp: loaded support on port[0] = 21 executing program [ 1091.402817][ T7274] IPVS: ftp: loaded support on port[0] = 21 executing program executing program [ 1091.563063][ T7290] IPVS: ftp: loaded support on port[0] = 21 [ 1091.611322][ T7300] IPVS: ftp: loaded support on port[0] = 21 executing program [ 1091.819279][ T7340] IPVS: ftp: loaded support on port[0] = 21 [ 1091.889794][ T7] tipc: TX() has been purged, node left! [ 1091.951958][ T7] tipc: TX() has been purged, node left! executing program executing program [ 1092.037048][ T7376] IPVS: ftp: loaded support on port[0] = 21 [ 1092.079259][ T7] tipc: TX() has been purged, node left! [ 1092.109989][ T7390] IPVS: ftp: loaded support on port[0] = 21 [ 1092.117039][ T7] tipc: TX() has been purged, node left! executing program [ 1092.156957][ T7] tipc: TX() has been purged, node left! executing program [ 1092.202324][ T7] tipc: TX() has been purged, node left! [ 1092.206155][ T7413] IPVS: ftp: loaded support on port[0] = 21 [ 1092.215770][ T7] tipc: TX() has been purged, node left! [ 1092.233186][ T7] tipc: TX() has been purged, node left! executing program [ 1092.262684][ T7426] IPVS: ftp: loaded support on port[0] = 21 [ 1092.262770][ T7] tipc: TX() has been purged, node left! [ 1092.301888][ T7435] IPVS: ftp: loaded support on port[0] = 21 [ 1092.308608][ T7] tipc: TX() has been purged, node left! [ 1092.316009][ T7] tipc: TX() has been purged, node left! executing program [ 1092.517176][ T7482] IPVS: ftp: loaded support on port[0] = 21 executing program executing program executing program [ 1092.655397][ T7513] IPVS: ftp: loaded support on port[0] = 21 [ 1092.706216][ T7519] IPVS: ftp: loaded support on port[0] = 21 [ 1092.724214][ T7524] IPVS: ftp: loaded support on port[0] = 21 executing program [ 1092.851094][ T7573] IPVS: ftp: loaded support on port[0] = 21 executing program [ 1094.439498][ T7649] IPVS: ftp: loaded support on port[0] = 21 executing program [ 1096.137064][ T7681] IPVS: ftp: loaded support on port[0] = 21 executing program [ 1096.348497][ T7704] IPVS: ftp: loaded support on port[0] = 21 executing program executing program [ 1096.510617][ T7725] IPVS: ftp: loaded support on port[0] = 21 [ 1096.518606][ T7729] IPVS: ftp: loaded support on port[0] = 21 executing program executing program [ 1096.717034][ T7765] IPVS: ftp: loaded support on port[0] = 21 [ 1096.797338][ T7779] IPVS: ftp: loaded support on port[0] = 21 executing program executing program [ 1097.055356][ T7816] IPVS: ftp: loaded support on port[0] = 21 [ 1097.073768][ T7817] IPVS: ftp: loaded support on port[0] = 21 executing program [ 1097.143113][ T7833] IPVS: ftp: loaded support on port[0] = 21 executing program executing program [ 1097.268650][ T7886] IPVS: ftp: loaded support on port[0] = 21 [ 1097.327896][ T7902] IPVS: ftp: loaded support on port[0] = 21 executing program [ 1097.437786][ T7944] IPVS: ftp: loaded support on port[0] = 21 [ 1098.323070][ C1] ================================================================== [ 1098.331718][ C1] BUG: KASAN: stack-out-of-bounds in csd_lock_record+0xcb/0xe0 [ 1098.339862][ C1] Read of size 8 at addr ffffc90001837bf0 by task syz-executor053/7649 [ 1098.348184][ C1] [ 1098.350662][ C1] CPU: 1 PID: 7649 Comm: syz-executor053 Not tainted 5.8.0-rc3-next-20200703-syzkaller #0 [ 1098.360553][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1098.370804][ C1] Call Trace: [ 1098.374142][ C1] [ 1098.377086][ C1] dump_stack+0x18f/0x20d [ 1098.381706][ C1] ? csd_lock_record+0xcb/0xe0 [ 1098.386477][ C1] ? csd_lock_record+0xcb/0xe0 [ 1098.391308][ C1] print_address_description.constprop.0.cold+0x5/0x436 [ 1098.398315][ C1] ? lapic_next_event+0x4d/0x80 [ 1098.403240][ C1] ? lockdep_hardirqs_off+0x66/0xa0 [ 1098.408493][ C1] ? vprintk_func+0x97/0x1a6 [ 1098.413104][ C1] ? csd_lock_record+0xcb/0xe0 [ 1098.417914][ C1] kasan_report.cold+0x1f/0x37 [ 1098.422696][ C1] ? csd_lock_record+0xcb/0xe0 [ 1098.427469][ C1] csd_lock_record+0xcb/0xe0 [ 1098.432156][ C1] flush_smp_call_function_queue+0x285/0x730 [ 1098.438181][ C1] ? param_set_next_fqs_jiffies+0x130/0x130 [ 1098.444294][ C1] __sysvec_call_function_single+0x98/0x490 [ 1098.450353][ C1] asm_call_on_stack+0xf/0x20 [ 1098.455171][ C1] [ 1098.458238][ C1] sysvec_call_function_single+0xe0/0x120 [ 1098.464031][ C1] asm_sysvec_call_function_single+0x12/0x20 [ 1098.470156][ C1] RIP: 0010:lock_release+0xdf/0x8d0 [ 1098.475373][ C1] Code: fe b4 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 fa 06 00 00 48 83 3d c0 cb 5a 08 00 0f 84 42 05 00 00 9c <58> 0f 1f 44 00 00 48 ba 00 00 00 00 00 fc ff df 48 89 04 24 48 c7 [ 1098.495073][ C1] RSP: 0018:ffffc90002ee7ad0 EFLAGS: 00000282 [ 1098.501143][ C1] RAX: 1ffffffff1369fdf RBX: ffff88808dcac000 RCX: ffffffff86ad9438 [ 1098.509121][ C1] RDX: dffffc0000000000 RSI: ffffffff86ad926b RDI: ffff88808dcac8d4 [ 1098.517319][ C1] RBP: 1ffff920005dcf5d R08: 0000000000000000 R09: 0000000000000000 [ 1098.525296][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff89bc3040 [ 1098.533274][ C1] R13: ffffffff86ad926b R14: 000000000000000a R15: dffffc0000000000 [ 1098.541320][ C1] ? inet_twsk_purge+0x51b/0x7b0 [ 1098.546272][ C1] ? inet_twsk_purge+0x6e8/0x7b0 [ 1098.551366][ C1] ? inet_twsk_purge+0x51b/0x7b0 [ 1098.556409][ C1] ? lock_downgrade+0x820/0x820 [ 1098.561561][ C1] ? lock_is_held_type+0xb0/0xe0 [ 1098.566547][ C1] ? inet_twsk_purge+0x53d/0x7b0 [ 1098.573061][ C1] ? inet_twsk_deschedule_put+0x50/0x50 [ 1098.578702][ C1] ? iput+0x58/0x70 [ 1098.582586][ C1] ? tcp_v6_init_sock+0x80/0x80 [ 1098.587541][ C1] ? tcpv6_net_exit_batch+0x20/0x20 [ 1098.592891][ C1] ? ops_exit_list+0x10d/0x160 [ 1098.597677][ C1] ? setup_net+0x502/0x850 [ 1098.602204][ C1] ? ops_init+0x470/0x470 [ 1098.606763][ C1] ? kmem_cache_alloc_trace+0x181/0x480 [ 1098.612368][ C1] ? copy_net_ns+0x2cf/0x5e0 [ 1098.617049][ C1] ? create_new_namespaces+0x3f6/0xb10 [ 1098.622528][ C1] ? unshare_nsproxy_namespaces+0xbd/0x1f0 [ 1098.628844][ C1] ? ksys_unshare+0x445/0x8e0 [ 1098.633796][ C1] ? unshare_fd+0x1c0/0x1c0 [ 1098.638309][ C1] ? lock_is_held_type+0xb0/0xe0 [ 1098.643253][ C1] ? lock_is_held_type+0xb0/0xe0 [ 1098.648198][ C1] ? do_syscall_64+0x1c/0xe0 [ 1098.652806][ C1] ? __x64_sys_unshare+0x2d/0x40 [ 1098.657748][ C1] ? do_syscall_64+0x60/0xe0 [ 1098.662442][ C1] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1098.669098][ C1] [ 1098.671518][ C1] [ 1098.673848][ C1] Memory state around the buggy address: [ 1098.679484][ C1] ffffc90001837a80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 1098.687819][ C1] ffffc90001837b00: 00 00 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 [ 1098.695981][ C1] >ffffc90001837b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 1098.704048][ C1] ^ [ 1098.711949][ C1] ffffc90001837c00: f1 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 [ 1098.720236][ C1] ffffc90001837c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1098.728383][ C1] ================================================================== [ 1098.736533][ C1] Disabling lock debugging due to kernel taint [ 1098.742691][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 1098.749501][ C1] CPU: 1 PID: 7649 Comm: syz-executor053 Tainted: G B 5.8.0-rc3-next-20200703-syzkaller #0 [ 1098.760916][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1098.771063][ C1] Call Trace: [ 1098.774434][ C1] [ 1098.777385][ C1] dump_stack+0x18f/0x20d [ 1098.781821][ C1] ? csd_lock_record+0x30/0xe0 [ 1098.786687][ C1] panic+0x2e3/0x75c [ 1098.790583][ C1] ? __warn_printk+0xf3/0xf3 [ 1098.796047][ C1] ? _raw_spin_unlock_irqrestore+0x5b/0xe0 [ 1098.801852][ C1] ? csd_lock_record+0xcb/0xe0 [ 1098.806837][ C1] ? csd_lock_record+0xcb/0xe0 [ 1098.811699][ C1] end_report+0x4d/0x53 [ 1098.815944][ C1] kasan_report.cold+0xd/0x37 [ 1098.820622][ C1] ? csd_lock_record+0xcb/0xe0 [ 1098.825650][ C1] csd_lock_record+0xcb/0xe0 [ 1098.830244][ C1] flush_smp_call_function_queue+0x285/0x730 [ 1098.836235][ C1] ? param_set_next_fqs_jiffies+0x130/0x130 [ 1098.842134][ C1] __sysvec_call_function_single+0x98/0x490 [ 1098.848090][ C1] asm_call_on_stack+0xf/0x20 [ 1098.852780][ C1] [ 1098.855786][ C1] sysvec_call_function_single+0xe0/0x120 [ 1098.861507][ C1] asm_sysvec_call_function_single+0x12/0x20 [ 1098.867494][ C1] RIP: 0010:lock_release+0xdf/0x8d0 [ 1098.872796][ C1] Code: fe b4 89 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 fa 06 00 00 48 83 3d c0 cb 5a 08 00 0f 84 42 05 00 00 9c <58> 0f 1f 44 00 00 48 ba 00 00 00 00 00 fc ff df 48 89 04 24 48 c7 [ 1098.892626][ C1] RSP: 0018:ffffc90002ee7ad0 EFLAGS: 00000282 [ 1098.899480][ C1] RAX: 1ffffffff1369fdf RBX: ffff88808dcac000 RCX: ffffffff86ad9438 [ 1098.907451][ C1] RDX: dffffc0000000000 RSI: ffffffff86ad926b RDI: ffff88808dcac8d4 [ 1098.915520][ C1] RBP: 1ffff920005dcf5d R08: 0000000000000000 R09: 0000000000000000 [ 1098.923491][ C1] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff89bc3040 [ 1098.931462][ C1] R13: ffffffff86ad926b R14: 000000000000000a R15: dffffc0000000000 [ 1098.939445][ C1] ? inet_twsk_purge+0x51b/0x7b0 [ 1098.944488][ C1] ? inet_twsk_purge+0x6e8/0x7b0 [ 1098.949423][ C1] ? inet_twsk_purge+0x51b/0x7b0 [ 1098.954370][ C1] ? lock_downgrade+0x820/0x820 [ 1098.959223][ C1] ? lock_is_held_type+0xb0/0xe0 [ 1098.964263][ C1] ? inet_twsk_purge+0x53d/0x7b0 [ 1098.969203][ C1] ? inet_twsk_deschedule_put+0x50/0x50 [ 1098.974753][ C1] ? iput+0x58/0x70 [ 1098.978562][ C1] ? tcp_v6_init_sock+0x80/0x80 [ 1098.983597][ C1] ? tcpv6_net_exit_batch+0x20/0x20 [ 1098.988797][ C1] ? ops_exit_list+0x10d/0x160 [ 1098.993563][ C1] ? setup_net+0x502/0x850 [ 1098.997983][ C1] ? ops_init+0x470/0x470 [ 1099.002319][ C1] ? kmem_cache_alloc_trace+0x181/0x480 [ 1099.007958][ C1] ? copy_net_ns+0x2cf/0x5e0 [ 1099.012555][ C1] ? create_new_namespaces+0x3f6/0xb10 [ 1099.018018][ C1] ? unshare_nsproxy_namespaces+0xbd/0x1f0 [ 1099.024120][ C1] ? ksys_unshare+0x445/0x8e0 [ 1099.028798][ C1] ? unshare_fd+0x1c0/0x1c0 [ 1099.033394][ C1] ? lock_is_held_type+0xb0/0xe0 [ 1099.038329][ C1] ? lock_is_held_type+0xb0/0xe0 [ 1099.043266][ C1] ? do_syscall_64+0x1c/0xe0 [ 1099.047858][ C1] ? __x64_sys_unshare+0x2d/0x40 [ 1099.052942][ C1] ? do_syscall_64+0x60/0xe0 [ 1099.057532][ C1] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1099.065151][ C1] Kernel Offset: disabled [ 1099.069639][ C1] Rebooting in 86400 seconds..