[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. [ 59.137990][ T129] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:4/129 [ 59.147233][ T129] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.153674][ T129] CPU: 0 PID: 129 Comm: kworker/u4:4 Not tainted 5.8.0-rc1-syzkaller #0 [ 59.162044][ T129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.172120][ T129] Workqueue: writeback wb_workfn (flush-8:0) [ 59.178195][ T129] Call Trace: [ 59.181527][ T129] dump_stack+0x18f/0x20d [ 59.185879][ T129] check_preemption_disabled+0x20d/0x220 [ 59.191526][ T129] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.196655][ T129] ? ext4_find_extent+0x81a/0xad0 [ 59.201788][ T129] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.207606][ T129] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.207633][ T129] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.207659][ T129] ? ext4_ext_release+0x10/0x10 [ 59.207697][ T129] ? down_write_killable+0x170/0x170 [ 59.207713][ T129] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.207738][ T129] ext4_map_blocks+0x4cb/0x1640 [ 59.207763][ T129] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.207788][ T129] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.207807][ T129] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.207823][ T129] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 59.207843][ T129] ext4_writepages+0x1a7b/0x33c0 [ 59.207884][ T129] ? __ext4_mark_inode_dirty+0x940/0x940 [ 59.272711][ T129] ? __lock_acquire+0x2224/0x48b0 [ 59.272747][ T129] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 59.272770][ T129] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 59.272793][ T129] ? __ext4_mark_inode_dirty+0x940/0x940 [ 59.272810][ T129] ? do_writepages+0xfa/0x2a0 [ 59.272826][ T129] do_writepages+0xfa/0x2a0 [ 59.272851][ T129] ? page_writeback_cpu_online+0x10/0x10 [ 59.272877][ T129] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.272901][ T129] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.272917][ T129] ? lock_downgrade+0x840/0x840 [ 59.272941][ T129] __writeback_single_inode+0x12a/0x13d0 [ 59.272960][ T129] ? _raw_spin_unlock+0x24/0x40 [ 59.272977][ T129] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 59.272999][ T129] writeback_sb_inodes+0x515/0xdc0 [ 59.273031][ T129] ? __writeback_single_inode+0x13d0/0x13d0 [ 59.273068][ T129] __writeback_inodes_wb+0xc3/0x250 [ 59.273093][ T129] wb_writeback+0x8db/0xd50 [ 59.273119][ T129] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 59.273140][ T129] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 59.273163][ T129] ? cpumask_next+0x3c/0x40 [ 59.273179][ T129] ? get_nr_dirty_inodes+0xd6/0x130 [ 59.273202][ T129] wb_workfn+0xab3/0x1090 [ 59.273226][ T129] ? inode_wait_for_writeback+0x30/0x30 [ 59.273250][ T129] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.273267][ T129] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.273291][ T129] process_one_work+0x965/0x1690 [ 59.273315][ T129] ? lock_release+0x800/0x800 [ 59.273331][ T129] ? pwq_dec_nr_in_flight+0x310/0x310 [ 59.273352][ T129] ? rwlock_bug.part.0+0x90/0x90 [ 59.273381][ T129] worker_thread+0x96/0xe10 [ 59.273408][ T129] ? process_one_work+0x1690/0x1690 [ 59.273426][ T129] kthread+0x3b5/0x4a0 [ 59.273441][ T129] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 59.273455][ T129] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 59.273476][ T129] ret_from_fork+0x1f/0x30 [ 59.354714][ T6780] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6780 [ 59.494211][ T6780] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.494229][ T6780] CPU: 0 PID: 6780 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 59.494237][ T6780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.494242][ T6780] Call Trace: [ 59.494263][ T6780] dump_stack+0x18f/0x20d [ 59.526348][ T6780] check_preemption_disabled+0x20d/0x220 [ 59.526367][ T6780] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.526396][ T6780] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.542798][ T6780] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.542822][ T6780] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.542848][ T6780] ? ext4_ext_release+0x10/0x10 [ 59.558668][ T6780] ? down_write_killable+0x170/0x170 [ 59.558687][ T6780] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.569428][ T6780] ext4_map_blocks+0x4cb/0x1640 [ 59.569451][ T6780] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.569467][ T6780] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.569484][ T6780] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.569498][ T6780] ? prandom_u32_state+0xe/0x170 [ 59.569516][ T6780] ? __brelse+0x84/0xa0 [ 59.569531][ T6780] ? __ext4_new_inode+0x144/0x55e0 [ 59.569548][ T6780] ext4_getblk+0xad/0x520 [ 59.569574][ T6780] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.615366][ T6780] ? ext4_free_inode+0x1700/0x1700 [ 59.615386][ T6780] ext4_bread+0x7c/0x380 [ 59.615404][ T6780] ? ext4_getblk+0x520/0x520 [ 59.629420][ T6780] ? dquot_get_next_dqblk+0x180/0x180 [ 59.629449][ T6780] ext4_append+0x153/0x360 [ 59.639213][ T6780] ext4_mkdir+0x5e0/0xdf0 [ 59.639237][ T6780] ? ext4_rmdir+0xde0/0xde0 [ 59.648078][ T6780] ? security_inode_permission+0xc4/0xf0 [ 59.648101][ T6780] vfs_mkdir+0x419/0x690 [ 59.648121][ T6780] do_mkdirat+0x21e/0x280 [ 59.662569][ T6780] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.662593][ T6780] ? do_syscall_64+0x1c/0xe0 [ 59.672032][ T6780] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.672052][ T6780] do_syscall_64+0x60/0xe0 [ 59.672070][ T6780] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.672083][ T6780] RIP: 0033:0x7f5377fdb687 [ 59.672089][ T6780] Code: Bad RIP value. [ 59.672097][ T6780] RSP: 002b:00007ffecdfac4f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.672111][ T6780] RAX: ffffffffffffffda RBX: 000055edbbbb4985 RCX: 00007f5377fdb687 [ 59.672120][ T6780] RDX: 00007ffecdfac3c0 RSI: 00000000000001ed RDI: 000055edbbbb4985 [ 59.672129][ T6780] RBP: 00007f5377fdb680 R08: 0000000000000100 R09: 0000000000000000 [ 59.672137][ T6780] R10: 000055edbbbb4980 R11: 0000000000000246 R12: 00000000000001ed [ 59.672146][ T6780] R13: 00007ffecdfac680 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.201' (ECDSA) to the list of known hosts. 2020/06/17 18:50:41 fuzzer started 2020/06/17 18:50:41 connecting to host at 10.128.0.26:33397 2020/06/17 18:50:41 checking machine... 2020/06/17 18:50:41 checking revisions... 2020/06/17 18:50:41 testing simple program... syzkaller login: [ 64.818126][ T6789] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6789 [ 64.829185][ T6789] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.835283][ T6789] CPU: 0 PID: 6789 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 64.844225][ T6789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.854982][ T6789] Call Trace: [ 64.858792][ T6789] dump_stack+0x18f/0x20d [ 64.863376][ T6789] check_preemption_disabled+0x20d/0x220 [ 64.869188][ T6789] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.874419][ T6789] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.880538][ T6789] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.887236][ T6789] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.893278][ T6789] ? ext4_ext_release+0x10/0x10 [ 64.898891][ T6789] ? down_write_killable+0x170/0x170 [ 64.904640][ T6789] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.910519][ T6789] ext4_map_blocks+0x4cb/0x1640 [ 64.916150][ T6789] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.921353][ T6789] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.927465][ T6789] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.934018][ T6789] ? prandom_u32_state+0xe/0x170 [ 64.939529][ T6789] ? __brelse+0x84/0xa0 [ 64.944056][ T6789] ? __ext4_new_inode+0x144/0x55e0 [ 64.949665][ T6789] ext4_getblk+0xad/0x520 [ 64.954265][ T6789] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.960123][ T6789] ? ext4_free_inode+0x1700/0x1700 [ 64.965346][ T6789] ext4_bread+0x7c/0x380 [ 64.969805][ T6789] ? ext4_getblk+0x520/0x520 [ 64.974453][ T6789] ? dquot_get_next_dqblk+0x180/0x180 [ 64.982280][ T6789] ext4_append+0x153/0x360 [ 64.986802][ T6789] ext4_mkdir+0x5e0/0xdf0 [ 64.991568][ T6789] ? ext4_rmdir+0xde0/0xde0 [ 64.996447][ T6789] ? security_inode_permission+0xc4/0xf0 [ 65.002400][ T6789] vfs_mkdir+0x419/0x690 [ 65.006891][ T6789] do_mkdirat+0x21e/0x280 [ 65.011917][ T6789] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.017869][ T6789] ? do_syscall_64+0x1c/0xe0 [ 65.022688][ T6789] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.028670][ T6789] do_syscall_64+0x60/0xe0 [ 65.033614][ T6789] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.039857][ T6789] RIP: 0033:0x4b02a0 [ 65.043838][ T6789] Code: Bad RIP value. [ 65.047898][ T6789] RSP: 002b:000000c0000c94b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 65.056964][ T6789] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 65.066644][ T6789] RDX: 00000000000001c0 RSI: 000000c0000dc9e0 RDI: ffffffffffffff9c [ 65.074705][ T6789] RBP: 000000c0000c9510 R08: 0000000000000000 R09: 0000000000000000 [ 65.082679][ T6789] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 65.090880][ T6789] R13: 0000000000000050 R14: 000000000000004f R15: 0000000000000100 [ 65.121138][ T6805] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6805 [ 65.131638][ T6805] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.138051][ T6805] CPU: 1 PID: 6805 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.146841][ T6805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.156975][ T6805] Call Trace: [ 65.160282][ T6805] dump_stack+0x18f/0x20d [ 65.164611][ T6805] check_preemption_disabled+0x20d/0x220 [ 65.170273][ T6805] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.175385][ T6805] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.180893][ T6805] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.187649][ T6805] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.193235][ T6805] ? ext4_ext_release+0x10/0x10 [ 65.198420][ T6805] ? down_write_killable+0x170/0x170 [ 65.203726][ T6805] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.209312][ T6805] ext4_map_blocks+0x4cb/0x1640 [ 65.214194][ T6805] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.219949][ T6805] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.225728][ T6805] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.231791][ T6805] ? prandom_u32_state+0xe/0x170 [ 65.236849][ T6805] ? __brelse+0x84/0xa0 [ 65.241690][ T6805] ? __ext4_new_inode+0x144/0x55e0 [ 65.247149][ T6805] ext4_getblk+0xad/0x520 [ 65.251608][ T6805] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.257640][ T6805] ? ext4_free_inode+0x1700/0x1700 [ 65.262749][ T6805] ext4_bread+0x7c/0x380 [ 65.266981][ T6805] ? ext4_getblk+0x520/0x520 [ 65.271692][ T6805] ? dquot_get_next_dqblk+0x180/0x180 [ 65.277566][ T6805] ext4_append+0x153/0x360 [ 65.282870][ T6805] ext4_mkdir+0x5e0/0xdf0 [ 65.287325][ T6805] ? ext4_rmdir+0xde0/0xde0 [ 65.292040][ T6805] ? security_inode_permission+0xc4/0xf0 [ 65.298373][ T6805] vfs_mkdir+0x419/0x690 [ 65.302838][ T6805] do_mkdirat+0x21e/0x280 [ 65.307405][ T6805] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.312306][ T6805] ? do_syscall_64+0x1c/0xe0 [ 65.316899][ T6805] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.322872][ T6805] do_syscall_64+0x60/0xe0 [ 65.328074][ T6805] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.334234][ T6805] RIP: 0033:0x45bed7 [ 65.339109][ T6805] Code: Bad RIP value. [ 65.343337][ T6805] RSP: 002b:00007ffdd03a4b08 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 65.352033][ T6805] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 65.360378][ T6805] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffdd03a4ce0 [ 65.368343][ T6805] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002f40 [ 65.376726][ T6805] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 65.385417][ T6805] R13: 00007ffdd03a4ce0 R14: 8421084210842109 R15: 00007ffdd03a4cec [ 65.476806][ T6806] IPVS: ftp: loaded support on port[0] = 21 [ 65.517833][ T6806] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6806 [ 65.527757][ T6806] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.534930][ T6806] CPU: 0 PID: 6806 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.543874][ T6806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.554662][ T6806] Call Trace: [ 65.558079][ T6806] dump_stack+0x18f/0x20d [ 65.562687][ T6806] check_preemption_disabled+0x20d/0x220 [ 65.568338][ T6806] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.574129][ T6806] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.580287][ T6806] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.586250][ T6806] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.591673][ T6806] ? ext4_ext_release+0x10/0x10 [ 65.596945][ T6806] ? down_write_killable+0x170/0x170 [ 65.602941][ T6806] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.608588][ T6806] ext4_map_blocks+0x4cb/0x1640 [ 65.613448][ T6806] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.618787][ T6806] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.624327][ T6806] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.630531][ T6806] ? prandom_u32_state+0xe/0x170 [ 65.635757][ T6806] ? __brelse+0x84/0xa0 [ 65.640156][ T6806] ? __ext4_new_inode+0x144/0x55e0 [ 65.645264][ T6806] ext4_getblk+0xad/0x520 [ 65.649599][ T6806] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.655656][ T6806] ? ext4_free_inode+0x1700/0x1700 [ 65.661238][ T6806] ext4_bread+0x7c/0x380 [ 65.665894][ T6806] ? ext4_getblk+0x520/0x520 [ 65.670493][ T6806] ? dquot_get_next_dqblk+0x180/0x180 [ 65.676264][ T6806] ext4_append+0x153/0x360 [ 65.681375][ T6806] ext4_mkdir+0x5e0/0xdf0 [ 65.685860][ T6806] ? ext4_rmdir+0xde0/0xde0 [ 65.690581][ T6806] ? security_inode_permission+0xc4/0xf0 [ 65.696574][ T6806] vfs_mkdir+0x419/0x690 [ 65.700816][ T6806] do_mkdirat+0x21e/0x280 [ 65.705145][ T6806] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.710408][ T6806] ? do_syscall_64+0x1c/0xe0 [ 65.715107][ T6806] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.721886][ T6806] do_syscall_64+0x60/0xe0 [ 65.726874][ T6806] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.732983][ T6806] RIP: 0033:0x45bed7 [ 65.736919][ T6806] Code: Bad RIP value. [ 65.740975][ T6806] RSP: 002b:00007ffdd03a49f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 65.749666][ T6806] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 65.757993][ T6806] RDX: 00007ffdd03a4a43 RSI: 00000000000001ff RDI: 00007ffdd03a4a40 [ 65.765960][ T6806] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 65.774044][ T6806] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185c0 [ 65.782056][ T6806] R13: 00007ffdd03a4a30 R14: 0000000000000000 R15: 00007ffdd03a4a40 [ 65.836195][ T6806] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6806 [ 65.845837][ T6806] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.851884][ T6806] CPU: 0 PID: 6806 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.860610][ T6806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.871045][ T6806] Call Trace: [ 65.874355][ T6806] dump_stack+0x18f/0x20d [ 65.878846][ T6806] check_preemption_disabled+0x20d/0x220 [ 65.884633][ T6806] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.889893][ T6806] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.895590][ T6806] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.901483][ T6806] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.906924][ T6806] ? ext4_ext_release+0x10/0x10 [ 65.911816][ T6806] ? down_write_killable+0x170/0x170 [ 65.917207][ T6806] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.922714][ T6806] ext4_map_blocks+0x4cb/0x1640 [ 65.927926][ T6806] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.933154][ T6806] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.938906][ T6806] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.944921][ T6806] ? prandom_u32_state+0xe/0x170 [ 65.949879][ T6806] ? __brelse+0x84/0xa0 [ 65.954319][ T6806] ? __ext4_new_inode+0x144/0x55e0 [ 65.959495][ T6806] ext4_getblk+0xad/0x520 [ 65.964194][ T6806] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.969916][ T6806] ? ext4_free_inode+0x1700/0x1700 [ 65.975306][ T6806] ext4_bread+0x7c/0x380 [ 65.979574][ T6806] ? ext4_getblk+0x520/0x520 [ 65.984321][ T6806] ? dquot_get_next_dqblk+0x180/0x180 [ 65.989923][ T6806] ext4_append+0x153/0x360 [ 65.994405][ T6806] ext4_mkdir+0x5e0/0xdf0 [ 65.998913][ T6806] ? ext4_rmdir+0xde0/0xde0 [ 66.003527][ T6806] ? security_inode_permission+0xc4/0xf0 [ 66.009418][ T6806] vfs_mkdir+0x419/0x690 [ 66.013797][ T6806] do_mkdirat+0x21e/0x280 [ 66.018129][ T6806] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.023271][ T6806] ? do_syscall_64+0x1c/0xe0 [ 66.028566][ T6806] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.034576][ T6806] do_syscall_64+0x60/0xe0 [ 66.039286][ T6806] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.045206][ T6806] RIP: 0033:0x45bed7 [ 66.049085][ T6806] Code: Bad RIP value. [ 66.053488][ T6806] RSP: 002b:00007ffdd03a49f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 66.061890][ T6806] RAX: ffffffffffffffda RBX: 000000000001011d RCX: 000000000045bed7 [ 66.070146][ T6806] RDX: 00007ffdd03a4a43 RSI: 00000000000001ff RDI: 00007ffdd03a4a40 [ 66.078346][ T6806] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 66.087035][ T6806] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 66.095211][ T6806] R13: 00007ffdd03a4a30 R14: 0000000000010117 R15: 00007ffdd03a4a40 2020/06/17 18:50:43 building call list... [ 66.356534][ T7] tipc: TX() has been purged, node left! [ 66.859876][ T7] ================================================================== [ 66.868447][ T7] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 66.876346][ T7] Write of size 1 at addr ffff8880a25671e4 by task kworker/u4:0/7 [ 66.884490][ T7] [ 66.886935][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.895110][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.905447][ T7] Workqueue: netns cleanup_net [ 66.910212][ T7] Call Trace: [ 66.913512][ T7] dump_stack+0x18f/0x20d [ 66.917977][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.923528][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.929088][ T7] ? afs_put_call+0xa40/0xa40 [ 66.937480][ T7] print_address_description.constprop.0.cold+0xd3/0x413 [ 66.944931][ T7] ? vprintk_func+0x97/0x1a6 [ 66.949546][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.955119][ T7] kasan_report.cold+0x1f/0x37 [ 66.959905][ T7] ? rcu_read_lock_held_common+0x51/0xa0 [ 66.965688][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.971683][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 66.977238][ T7] ? afs_close_socket+0x320/0x320 [ 66.982271][ T7] ? afs_put_call+0xa40/0xa40 [ 66.987083][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 66.992560][ T7] ? afs_put_call+0xa40/0xa40 [ 66.997252][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.003871][ T7] rxrpc_call_completed+0xca/0xf0 [ 67.008969][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 67.014540][ T7] ? lock_sock_nested+0x94/0x110 [ 67.019516][ T7] rxrpc_listen+0x147/0x360 [ 67.024161][ T7] afs_close_socket+0x95/0x320 [ 67.029141][ T7] ? afs_purge_servers+0x16d/0x300 [ 67.034523][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 67.040091][ T7] ? init_wait_var_entry+0x200/0x200 [ 67.045475][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.051368][ T7] ? check_preemption_disabled+0x38/0x220 [ 67.057319][ T7] afs_net_exit+0x1bc/0x310 [ 67.061944][ T7] ? afs_net_init+0xe30/0xe30 [ 67.066719][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 67.071845][ T7] cleanup_net+0x511/0xa50 [ 67.076379][ T7] ? unregister_pernet_device+0x70/0x70 [ 67.082027][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.088676][ T7] process_one_work+0x965/0x1690 [ 67.093631][ T7] ? lock_release+0x800/0x800 [ 67.098406][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.103789][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 67.108746][ T7] worker_thread+0x96/0xe10 [ 67.113273][ T7] ? process_one_work+0x1690/0x1690 [ 67.118485][ T7] kthread+0x3b5/0x4a0 [ 67.122566][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.128290][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.134189][ T7] ret_from_fork+0x1f/0x30 [ 67.138639][ T7] [ 67.141093][ T7] Allocated by task 6806: [ 67.145509][ T7] save_stack+0x1b/0x40 [ 67.149672][ T7] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 67.155311][ T7] kmem_cache_alloc_trace+0x153/0x7d0 [ 67.160693][ T7] afs_alloc_call+0x55/0x630 [ 67.165372][ T7] afs_charge_preallocation+0xe9/0x2d0 [ 67.172038][ T7] afs_open_socket+0x292/0x360 [ 67.176969][ T7] afs_net_init+0xa6c/0xe30 [ 67.181484][ T7] ops_init+0xaf/0x420 [ 67.185562][ T7] setup_net+0x2de/0x860 [ 67.190170][ T7] copy_net_ns+0x293/0x590 [ 67.194740][ T7] create_new_namespaces+0x3fb/0xb30 [ 67.200197][ T7] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 67.205844][ T7] ksys_unshare+0x43d/0x8e0 [ 67.210480][ T7] __x64_sys_unshare+0x2d/0x40 [ 67.215368][ T7] do_syscall_64+0x60/0xe0 [ 67.219986][ T7] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.225874][ T7] [ 67.228389][ T7] Freed by task 7: [ 67.232121][ T7] save_stack+0x1b/0x40 [ 67.236389][ T7] __kasan_slab_free+0xf7/0x140 [ 67.241244][ T7] kfree+0x109/0x2b0 [ 67.245146][ T7] afs_put_call+0x585/0xa40 [ 67.249660][ T7] rxrpc_discard_prealloc+0x764/0xab0 [ 67.255749][ T7] rxrpc_listen+0x147/0x360 [ 67.260272][ T7] afs_close_socket+0x95/0x320 [ 67.265160][ T7] afs_net_exit+0x1bc/0x310 [ 67.269709][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 67.274828][ T7] cleanup_net+0x511/0xa50 [ 67.279342][ T7] process_one_work+0x965/0x1690 [ 67.284418][ T7] worker_thread+0x96/0xe10 [ 67.289105][ T7] kthread+0x3b5/0x4a0 [ 67.293269][ T7] ret_from_fork+0x1f/0x30 [ 67.300030][ T7] [ 67.302508][ T7] The buggy address belongs to the object at ffff8880a2567000 [ 67.302508][ T7] which belongs to the cache kmalloc-1k of size 1024 [ 67.316834][ T7] The buggy address is located 484 bytes inside of [ 67.316834][ T7] 1024-byte region [ffff8880a2567000, ffff8880a2567400) [ 67.330861][ T7] The buggy address belongs to the page: [ 67.336683][ T7] page:ffffea00028959c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 67.345799][ T7] flags: 0xfffe0000000200(slab) [ 67.350761][ T7] raw: 00fffe0000000200 ffffea00029ac588 ffffea00028cea48 ffff8880aa000c40 [ 67.359459][ T7] raw: 0000000000000000 ffff8880a2567000 0000000100000002 0000000000000000 [ 67.368244][ T7] page dumped because: kasan: bad access detected [ 67.374752][ T7] [ 67.377093][ T7] Memory state around the buggy address: [ 67.382742][ T7] ffff8880a2567080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.391233][ T7] ffff8880a2567100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.399319][ T7] >ffff8880a2567180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.407387][ T7] ^ [ 67.414804][ T7] ffff8880a2567200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.423177][ T7] ffff8880a2567280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.431371][ T7] ================================================================== [ 67.440170][ T7] Disabling lock debugging due to kernel taint [ 67.447249][ T7] Kernel panic - not syncing: panic_on_warn set ... [ 67.454210][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 67.464071][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.474273][ T7] Workqueue: netns cleanup_net [ 67.479382][ T7] Call Trace: [ 67.483169][ T7] dump_stack+0x18f/0x20d [ 67.487509][ T7] ? afs_wake_up_async_call+0x690/0x770 [ 67.493059][ T7] ? afs_put_call+0xa40/0xa40 [ 67.497753][ T7] panic+0x2e3/0x75c [ 67.501742][ T7] ? __warn_printk+0xf3/0xf3 [ 67.507071][ T7] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 67.513231][ T7] ? trace_hardirqs_on+0x55/0x220 [ 67.518576][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.524303][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.529997][ T7] ? afs_put_call+0xa40/0xa40 [ 67.534682][ T7] end_report+0x4d/0x53 [ 67.539019][ T7] kasan_report.cold+0xd/0x37 [ 67.543813][ T7] ? rcu_read_lock_held_common+0x51/0xa0 [ 67.549658][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.555384][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 67.560905][ T7] ? afs_close_socket+0x320/0x320 [ 67.565931][ T7] ? afs_put_call+0xa40/0xa40 [ 67.572051][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 67.577957][ T7] ? afs_put_call+0xa40/0xa40 [ 67.582643][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.590288][ T7] rxrpc_call_completed+0xca/0xf0 [ 67.595385][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 67.600766][ T7] ? lock_sock_nested+0x94/0x110 [ 67.606808][ T7] rxrpc_listen+0x147/0x360 [ 67.611318][ T7] afs_close_socket+0x95/0x320 [ 67.616353][ T7] ? afs_purge_servers+0x16d/0x300 [ 67.621470][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 67.627012][ T7] ? init_wait_var_entry+0x200/0x200 [ 67.632634][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.638273][ T7] ? check_preemption_disabled+0x38/0x220 [ 67.643998][ T7] afs_net_exit+0x1bc/0x310 [ 67.648506][ T7] ? afs_net_init+0xe30/0xe30 [ 67.653347][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 67.658466][ T7] cleanup_net+0x511/0xa50 [ 67.663021][ T7] ? unregister_pernet_device+0x70/0x70 [ 67.668599][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.674745][ T7] process_one_work+0x965/0x1690 [ 67.680172][ T7] ? lock_release+0x800/0x800 [ 67.685085][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.690466][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 67.695771][ T7] worker_thread+0x96/0xe10 [ 67.700597][ T7] ? process_one_work+0x1690/0x1690 [ 67.705900][ T7] kthread+0x3b5/0x4a0 [ 67.710120][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.719497][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.725600][ T7] ret_from_fork+0x1f/0x30 [ 67.732181][ T7] Kernel Offset: disabled [ 67.736653][ T7] Rebooting in 86400 seconds..