[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. [ 57.948846][ T21] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:1/21 [ 57.958025][ T21] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.964483][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc1-syzkaller #0 [ 57.972735][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.982804][ T21] Workqueue: writeback wb_workfn (flush-8:0) [ 57.988783][ T21] Call Trace: [ 57.992079][ T21] dump_stack+0x18f/0x20d [ 57.996424][ T21] check_preemption_disabled+0x20d/0x220 [ 58.002065][ T21] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.007188][ T21] ? ext4_find_extent+0x81a/0xad0 [ 58.012236][ T21] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.017705][ T21] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.023532][ T21] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.028834][ T21] ? ext4_ext_release+0x10/0x10 [ 58.033714][ T21] ? down_write_killable+0x170/0x170 [ 58.039010][ T21] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.044488][ T21] ext4_map_blocks+0x4cb/0x1640 [ 58.049357][ T21] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.054571][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.060128][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.066119][ T21] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 58.071589][ T21] ext4_writepages+0x1a7b/0x33c0 [ 58.076736][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.082374][ T21] ? __lock_acquire+0x2224/0x48b0 [ 58.087423][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.093504][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.099496][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.105137][ T21] ? do_writepages+0xfa/0x2a0 [ 58.109817][ T21] do_writepages+0xfa/0x2a0 [ 58.114336][ T21] ? page_writeback_cpu_online+0x10/0x10 [ 58.119995][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.125548][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.131531][ T21] ? lock_downgrade+0x840/0x840 [ 58.136395][ T21] __writeback_single_inode+0x12a/0x13d0 [ 58.142045][ T21] ? _raw_spin_unlock+0x24/0x40 [ 58.146904][ T21] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 58.153263][ T21] writeback_sb_inodes+0x515/0xdc0 [ 58.158435][ T21] ? __writeback_single_inode+0x13d0/0x13d0 [ 58.164359][ T21] __writeback_inodes_wb+0xc3/0x250 [ 58.169575][ T21] wb_writeback+0x8db/0xd50 [ 58.174102][ T21] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 58.180524][ T21] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 58.186425][ T21] ? cpumask_next+0x3c/0x40 [ 58.190934][ T21] ? get_nr_dirty_inodes+0xd6/0x130 [ 58.196146][ T21] wb_workfn+0xab3/0x1090 [ 58.200750][ T21] ? inode_wait_for_writeback+0x30/0x30 [ 58.206326][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.211870][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.217839][ T21] process_one_work+0x965/0x1690 [ 58.222767][ T21] ? lock_release+0x800/0x800 [ 58.227426][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 58.232785][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 58.237711][ T21] worker_thread+0x96/0xe10 [ 58.242206][ T21] ? process_one_work+0x1690/0x1690 [ 58.247394][ T21] kthread+0x3b5/0x4a0 [ 58.251446][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.257145][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.262858][ T21] ret_from_fork+0x1f/0x30 Starting Load/Save RF Kill Switch Status... [ 58.481601][ T6744] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6744 [ 58.491200][ T6744] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.497104][ T6744] CPU: 0 PID: 6744 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 58.505689][ T6744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.515744][ T6744] Call Trace: [ 58.519042][ T6744] dump_stack+0x18f/0x20d [ 58.523390][ T6744] check_preemption_disabled+0x20d/0x220 [ 58.529033][ T6744] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.534607][ T6744] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.540071][ T6744] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.545807][ T6744] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.551105][ T6744] ? ext4_ext_release+0x10/0x10 [ 58.555978][ T6744] ? down_write_killable+0x170/0x170 [ 58.561269][ T6744] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.566832][ T6744] ext4_map_blocks+0x4cb/0x1640 [ 58.571700][ T6744] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.577012][ T6744] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.582571][ T6744] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.588565][ T6744] ? prandom_u32_state+0xe/0x170 [ 58.594531][ T6744] ? __brelse+0x84/0xa0 [ 58.598699][ T6744] ? __ext4_new_inode+0x144/0x55e0 [ 58.603827][ T6744] ext4_getblk+0xad/0x520 [ 58.608164][ T6744] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.613908][ T6744] ? ext4_free_inode+0x1700/0x1700 [ 58.619028][ T6744] ext4_bread+0x7c/0x380 [ 58.623297][ T6744] ? ext4_getblk+0x520/0x520 [ 58.627898][ T6744] ? dquot_get_next_dqblk+0x180/0x180 [ 58.633383][ T6744] ext4_append+0x153/0x360 [ 58.637812][ T6744] ext4_mkdir+0x5e0/0xdf0 [ 58.642153][ T6744] ? ext4_rmdir+0xde0/0xde0 [ 58.646756][ T6744] ? security_inode_permission+0xc4/0xf0 [ 58.652403][ T6744] vfs_mkdir+0x419/0x690 [ 58.656657][ T6744] do_mkdirat+0x21e/0x280 [ 58.660997][ T6744] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.665865][ T6744] ? do_syscall_64+0x1c/0xe0 [ 58.670469][ T6744] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.676547][ T6744] do_syscall_64+0x60/0xe0 [ 58.680974][ T6744] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.686870][ T6744] RIP: 0033:0x7f02fc5c7687 [ 58.691311][ T6744] Code: Bad RIP value. [ 58.695400][ T6744] RSP: 002b:00007ffc1b210648 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 58.703812][ T6744] RAX: ffffffffffffffda RBX: 0000562604ef7985 RCX: 00007f02fc5c7687 [ 58.711786][ T6744] RDX: 00007ffc1b210510 RSI: 00000000000001ed RDI: 0000562604ef7985 [ 58.719761][ T6744] RBP: 00007f02fc5c7680 R08: 0000000000000100 R09: 0000000000000000 [ 58.727737][ T6744] R10: 0000562604ef7980 R11: 0000000000000246 R12: 00000000000001ed [ 58.735711][ T6744] R13: 00007ffc1b2107d0 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.15.203' (ECDSA) to the list of known hosts. 2020/06/16 20:47:56 fuzzer started 2020/06/16 20:47:56 connecting to host at 10.128.0.26:39713 2020/06/16 20:47:56 checking machine... 2020/06/16 20:47:56 checking revisions... 2020/06/16 20:47:56 testing simple program... syzkaller login: [ 63.456529][ T6808] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6808 [ 63.466036][ T6808] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.472295][ T6808] CPU: 1 PID: 6808 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 63.481333][ T6808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.491372][ T6808] Call Trace: [ 63.494646][ T6808] dump_stack+0x18f/0x20d [ 63.498977][ T6808] check_preemption_disabled+0x20d/0x220 [ 63.504589][ T6808] ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.509690][ T6808] ? ext4_ext_search_right+0x2ca/0xb20 [ 63.515128][ T6808] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 63.520851][ T6808] ext4_ext_map_blocks+0x201b/0x33e0 [ 63.526302][ T6808] ? ext4_ext_release+0x10/0x10 [ 63.531142][ T6808] ? down_write_killable+0x170/0x170 [ 63.536665][ T6808] ? ext4_es_lookup_extent+0x41d/0xd10 [ 63.542631][ T6808] ext4_map_blocks+0x4cb/0x1640 [ 63.547554][ T6808] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 63.552745][ T6808] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.558268][ T6808] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.564223][ T6808] ? prandom_u32_state+0xe/0x170 [ 63.569161][ T6808] ? __brelse+0x84/0xa0 [ 63.573352][ T6808] ? __ext4_new_inode+0x144/0x55e0 [ 63.578502][ T6808] ext4_getblk+0xad/0x520 [ 63.582817][ T6808] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 63.588518][ T6808] ? ext4_free_inode+0x1700/0x1700 [ 63.593621][ T6808] ext4_bread+0x7c/0x380 [ 63.597847][ T6808] ? ext4_getblk+0x520/0x520 [ 63.602428][ T6808] ? dquot_get_next_dqblk+0x180/0x180 [ 63.607783][ T6808] ext4_append+0x153/0x360 [ 63.612190][ T6808] ext4_mkdir+0x5e0/0xdf0 [ 63.616503][ T6808] ? ext4_rmdir+0xde0/0xde0 [ 63.621015][ T6808] ? security_inode_permission+0xc4/0xf0 [ 63.626633][ T6808] vfs_mkdir+0x419/0x690 [ 63.630937][ T6808] do_mkdirat+0x21e/0x280 [ 63.635272][ T6808] ? __ia32_sys_mknod+0xb0/0xb0 [ 63.640188][ T6808] ? do_syscall_64+0x1c/0xe0 [ 63.645083][ T6808] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.651064][ T6808] do_syscall_64+0x60/0xe0 [ 63.655483][ T6808] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.661369][ T6808] RIP: 0033:0x4b02a0 [ 63.665253][ T6808] Code: Bad RIP value. [ 63.669384][ T6808] RSP: 002b:000000c00004f4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 63.677775][ T6808] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 63.685740][ T6808] RDX: 00000000000001c0 RSI: 000000c00009cbc0 RDI: ffffffffffffff9c [ 63.693956][ T6808] RBP: 000000c00004f510 R08: 0000000000000000 R09: 0000000000000000 [ 63.701923][ T6808] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 63.709878][ T6808] R13: 000000000000005f R14: 000000000000005e R15: 0000000000000100 [ 63.725698][ T6823] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6823 [ 63.735222][ T6823] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.741340][ T6823] CPU: 1 PID: 6823 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 63.749980][ T6823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.760120][ T6823] Call Trace: [ 63.763415][ T6823] dump_stack+0x18f/0x20d [ 63.767799][ T6823] check_preemption_disabled+0x20d/0x220 [ 63.773520][ T6823] ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.778630][ T6823] ? ext4_ext_search_right+0x2ca/0xb20 [ 63.784075][ T6823] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 63.789795][ T6823] ext4_ext_map_blocks+0x201b/0x33e0 [ 63.795080][ T6823] ? ext4_ext_release+0x10/0x10 [ 63.799935][ T6823] ? down_write_killable+0x170/0x170 [ 63.805201][ T6823] ? ext4_es_lookup_extent+0x41d/0xd10 [ 63.810643][ T6823] ext4_map_blocks+0x4cb/0x1640 [ 63.815494][ T6823] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 63.820764][ T6823] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.826440][ T6823] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.832418][ T6823] ? prandom_u32_state+0xe/0x170 [ 63.837346][ T6823] ? __brelse+0x84/0xa0 [ 63.841498][ T6823] ? __ext4_new_inode+0x144/0x55e0 [ 63.846609][ T6823] ext4_getblk+0xad/0x520 [ 63.850961][ T6823] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 63.856764][ T6823] ? ext4_free_inode+0x1700/0x1700 [ 63.861895][ T6823] ext4_bread+0x7c/0x380 [ 63.866120][ T6823] ? ext4_getblk+0x520/0x520 [ 63.870708][ T6823] ? dquot_get_next_dqblk+0x180/0x180 [ 63.876082][ T6823] ext4_append+0x153/0x360 [ 63.880483][ T6823] ext4_mkdir+0x5e0/0xdf0 [ 63.884830][ T6823] ? ext4_rmdir+0xde0/0xde0 [ 63.889328][ T6823] ? security_inode_permission+0xc4/0xf0 [ 63.894946][ T6823] vfs_mkdir+0x419/0x690 [ 63.899190][ T6823] do_mkdirat+0x21e/0x280 [ 63.903503][ T6823] ? __ia32_sys_mknod+0xb0/0xb0 [ 63.908356][ T6823] ? do_syscall_64+0x1c/0xe0 [ 63.912930][ T6823] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.918894][ T6823] do_syscall_64+0x60/0xe0 [ 63.923314][ T6823] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.929307][ T6823] RIP: 0033:0x45bed7 [ 63.933174][ T6823] Code: Bad RIP value. [ 63.937407][ T6823] RSP: 002b:00007ffef7bc1ee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 63.945808][ T6823] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 63.953953][ T6823] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffef7bc20c0 [ 63.962426][ T6823] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003040 [ 63.970557][ T6823] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 63.978518][ T6823] R13: 00007ffef7bc20c0 R14: 8421084210842109 R15: 00007ffef7bc20cc [ 64.121257][ T6825] IPVS: ftp: loaded support on port[0] = 21 [ 64.160639][ T6825] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6825 [ 64.170138][ T6825] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.176038][ T6825] CPU: 1 PID: 6825 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.184612][ T6825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.194762][ T6825] Call Trace: [ 64.198048][ T6825] dump_stack+0x18f/0x20d [ 64.202380][ T6825] check_preemption_disabled+0x20d/0x220 [ 64.208006][ T6825] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.213145][ T6825] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.218604][ T6825] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.224334][ T6825] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.229616][ T6825] ? ext4_ext_release+0x10/0x10 [ 64.234471][ T6825] ? down_write_killable+0x170/0x170 [ 64.239742][ T6825] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.245187][ T6825] ext4_map_blocks+0x4cb/0x1640 [ 64.250047][ T6825] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.255263][ T6825] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.260817][ T6825] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.266778][ T6825] ? prandom_u32_state+0xe/0x170 [ 64.271782][ T6825] ? __brelse+0x84/0xa0 [ 64.275917][ T6825] ? __ext4_new_inode+0x144/0x55e0 [ 64.281010][ T6825] ext4_getblk+0xad/0x520 [ 64.285321][ T6825] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.291023][ T6825] ? ext4_free_inode+0x1700/0x1700 [ 64.296113][ T6825] ext4_bread+0x7c/0x380 [ 64.300338][ T6825] ? ext4_getblk+0x520/0x520 [ 64.304907][ T6825] ? dquot_get_next_dqblk+0x180/0x180 [ 64.310262][ T6825] ext4_append+0x153/0x360 [ 64.314667][ T6825] ext4_mkdir+0x5e0/0xdf0 [ 64.318986][ T6825] ? ext4_rmdir+0xde0/0xde0 [ 64.323468][ T6825] ? security_inode_permission+0xc4/0xf0 [ 64.329104][ T6825] vfs_mkdir+0x419/0x690 [ 64.333329][ T6825] do_mkdirat+0x21e/0x280 [ 64.337658][ T6825] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.342577][ T6825] ? do_syscall_64+0x1c/0xe0 [ 64.347147][ T6825] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.353129][ T6825] do_syscall_64+0x60/0xe0 [ 64.357556][ T6825] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.363606][ T6825] RIP: 0033:0x45bed7 [ 64.367489][ T6825] Code: Bad RIP value. [ 64.371545][ T6825] RSP: 002b:00007ffef7bc1dd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 64.379935][ T6825] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 64.387886][ T6825] RDX: 00007ffef7bc1e23 RSI: 00000000000001ff RDI: 00007ffef7bc1e20 [ 64.395851][ T6825] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 64.403803][ T6825] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0 [ 64.411770][ T6825] R13: 00007ffef7bc1e10 R14: 0000000000000000 R15: 00007ffef7bc1e20 [ 64.472187][ T6825] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6825 [ 64.481693][ T6825] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.487697][ T6825] CPU: 1 PID: 6825 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.496321][ T6825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.506484][ T6825] Call Trace: [ 64.509782][ T6825] dump_stack+0x18f/0x20d [ 64.514139][ T6825] check_preemption_disabled+0x20d/0x220 [ 64.519784][ T6825] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.524927][ T6825] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.530400][ T6825] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.536243][ T6825] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.541550][ T6825] ? ext4_ext_release+0x10/0x10 [ 64.546431][ T6825] ? down_write_killable+0x170/0x170 [ 64.551726][ T6825] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.557203][ T6825] ext4_map_blocks+0x4cb/0x1640 [ 64.562085][ T6825] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.567282][ T6825] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.572808][ T6825] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.578766][ T6825] ? prandom_u32_state+0xe/0x170 [ 64.583705][ T6825] ? __brelse+0x84/0xa0 [ 64.587856][ T6825] ? __ext4_new_inode+0x144/0x55e0 [ 64.593249][ T6825] ext4_getblk+0xad/0x520 [ 64.597573][ T6825] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.603294][ T6825] ? ext4_free_inode+0x1700/0x1700 [ 64.608412][ T6825] ext4_bread+0x7c/0x380 [ 64.612644][ T6825] ? ext4_getblk+0x520/0x520 [ 64.617236][ T6825] ? dquot_get_next_dqblk+0x180/0x180 [ 64.622607][ T6825] ext4_append+0x153/0x360 [ 64.627096][ T6825] ext4_mkdir+0x5e0/0xdf0 [ 64.631445][ T6825] ? ext4_rmdir+0xde0/0xde0 [ 64.635955][ T6825] ? security_inode_permission+0xc4/0xf0 [ 64.641758][ T6825] vfs_mkdir+0x419/0x690 [ 64.646019][ T6825] do_mkdirat+0x21e/0x280 [ 64.650331][ T6825] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.655175][ T6825] ? do_syscall_64+0x1c/0xe0 [ 64.659866][ T6825] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.666011][ T6825] do_syscall_64+0x60/0xe0 [ 64.670429][ T6825] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.676732][ T6825] RIP: 0033:0x45bed7 [ 64.680599][ T6825] Code: Bad RIP value. [ 64.684647][ T6825] RSP: 002b:00007ffef7bc1dd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 64.693038][ T6825] RAX: ffffffffffffffda RBX: 000000000000fbcc RCX: 000000000045bed7 [ 64.701296][ T6825] RDX: 00007ffef7bc1e23 RSI: 00000000000001ff RDI: 00007ffef7bc1e20 [ 64.709242][ T6825] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/16 20:47:58 building call list... [ 64.717276][ T6825] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 64.725310][ T6825] R13: 00007ffef7bc1e10 R14: 000000000000fbb6 R15: 00007ffef7bc1e20 [ 64.956435][ T4365] tipc: TX() has been purged, node left! [ 65.448739][ T4365] ================================================================== [ 65.456990][ T4365] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 65.464902][ T4365] Write of size 1 at addr ffff88809fd3d1e4 by task kworker/u4:9/4365 [ 65.472958][ T4365] [ 65.475291][ T4365] CPU: 0 PID: 4365 Comm: kworker/u4:9 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.483691][ T4365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.493749][ T4365] Workqueue: netns cleanup_net [ 65.498861][ T4365] Call Trace: [ 65.502241][ T4365] dump_stack+0x18f/0x20d [ 65.506574][ T4365] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.512115][ T4365] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.517654][ T4365] ? afs_put_call+0xa40/0xa40 [ 65.522335][ T4365] print_address_description.constprop.0.cold+0xd3/0x413 [ 65.529372][ T4365] ? vprintk_func+0x97/0x1a6 [ 65.533970][ T4365] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.539513][ T4365] kasan_report.cold+0x1f/0x37 [ 65.544308][ T4365] ? rcu_read_lock_held_common+0x51/0xa0 [ 65.549943][ T4365] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.555573][ T4365] afs_wake_up_async_call+0x6aa/0x770 [ 65.560939][ T4365] ? afs_close_socket+0x320/0x320 [ 65.565961][ T4365] ? afs_put_call+0xa40/0xa40 [ 65.570633][ T4365] rxrpc_notify_socket+0x1db/0x5d0 [ 65.575747][ T4365] ? afs_put_call+0xa40/0xa40 [ 65.580426][ T4365] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 65.586861][ T4365] rxrpc_call_completed+0xca/0xf0 [ 65.591903][ T4365] rxrpc_discard_prealloc+0x781/0xab0 [ 65.597296][ T4365] ? lock_sock_nested+0x94/0x110 [ 65.602249][ T4365] rxrpc_listen+0x147/0x360 [ 65.606859][ T4365] afs_close_socket+0x95/0x320 [ 65.611625][ T4365] ? afs_purge_servers+0x16d/0x300 [ 65.616746][ T4365] ? afs_rx_discard_new_call+0x50/0x50 [ 65.622210][ T4365] ? init_wait_var_entry+0x200/0x200 [ 65.627496][ T4365] ? rcu_read_lock_held_common+0xa0/0xa0 [ 65.633127][ T4365] ? check_preemption_disabled+0x38/0x220 [ 65.638884][ T4365] afs_net_exit+0x1bc/0x310 [ 65.643478][ T4365] ? afs_net_init+0xe30/0xe30 [ 65.648835][ T4365] ops_exit_list.isra.0+0xa8/0x150 [ 65.653954][ T4365] cleanup_net+0x511/0xa50 [ 65.658377][ T4365] ? unregister_pernet_device+0x70/0x70 [ 65.663924][ T4365] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.669913][ T4365] process_one_work+0x965/0x1690 [ 65.674865][ T4365] ? lock_release+0x800/0x800 [ 65.679546][ T4365] ? pwq_dec_nr_in_flight+0x310/0x310 [ 65.684921][ T4365] ? rwlock_bug.part.0+0x90/0x90 [ 65.689868][ T4365] worker_thread+0x96/0xe10 [ 65.694395][ T4365] ? process_one_work+0x1690/0x1690 [ 65.699593][ T4365] kthread+0x3b5/0x4a0 [ 65.703657][ T4365] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 65.709402][ T4365] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 65.715136][ T4365] ret_from_fork+0x1f/0x30 [ 65.719560][ T4365] [ 65.721878][ T4365] Allocated by task 6825: [ 65.726202][ T4365] save_stack+0x1b/0x40 [ 65.730357][ T4365] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 65.735989][ T4365] kmem_cache_alloc_trace+0x153/0x7d0 [ 65.741480][ T4365] afs_alloc_call+0x55/0x630 [ 65.746067][ T4365] afs_charge_preallocation+0xe9/0x2d0 [ 65.751523][ T4365] afs_open_socket+0x292/0x360 [ 65.756282][ T4365] afs_net_init+0xa6c/0xe30 [ 65.760794][ T4365] ops_init+0xaf/0x420 [ 65.764882][ T4365] setup_net+0x2de/0x860 [ 65.769118][ T4365] copy_net_ns+0x293/0x590 [ 65.773554][ T4365] create_new_namespaces+0x3fb/0xb30 [ 65.778891][ T4365] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 65.784518][ T4365] ksys_unshare+0x43d/0x8e0 [ 65.789018][ T4365] __x64_sys_unshare+0x2d/0x40 [ 65.793806][ T4365] do_syscall_64+0x60/0xe0 [ 65.798218][ T4365] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.804180][ T4365] [ 65.806502][ T4365] Freed by task 4365: [ 65.810484][ T4365] save_stack+0x1b/0x40 [ 65.814633][ T4365] __kasan_slab_free+0xf7/0x140 [ 65.819484][ T4365] kfree+0x109/0x2b0 [ 65.823376][ T4365] afs_put_call+0x585/0xa40 [ 65.827878][ T4365] rxrpc_discard_prealloc+0x764/0xab0 [ 65.833248][ T4365] rxrpc_listen+0x147/0x360 [ 65.837754][ T4365] afs_close_socket+0x95/0x320 [ 65.842518][ T4365] afs_net_exit+0x1bc/0x310 [ 65.847039][ T4365] ops_exit_list.isra.0+0xa8/0x150 [ 65.852519][ T4365] cleanup_net+0x511/0xa50 [ 65.856946][ T4365] process_one_work+0x965/0x1690 [ 65.861889][ T4365] worker_thread+0x96/0xe10 [ 65.866391][ T4365] kthread+0x3b5/0x4a0 [ 65.870456][ T4365] ret_from_fork+0x1f/0x30 [ 65.874949][ T4365] [ 65.877468][ T4365] The buggy address belongs to the object at ffff88809fd3d000 [ 65.877468][ T4365] which belongs to the cache kmalloc-1k of size 1024 [ 65.891721][ T4365] The buggy address is located 484 bytes inside of [ 65.891721][ T4365] 1024-byte region [ffff88809fd3d000, ffff88809fd3d400) [ 65.905087][ T4365] The buggy address belongs to the page: [ 65.910718][ T4365] page:ffffea00027f4f40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 65.919820][ T4365] flags: 0xfffe0000000200(slab) [ 65.924759][ T4365] raw: 00fffe0000000200 ffffea00027f5008 ffffea00028a2308 ffff8880aa000c40 [ 65.933518][ T4365] raw: 0000000000000000 ffff88809fd3d000 0000000100000002 0000000000000000 [ 65.942089][ T4365] page dumped because: kasan: bad access detected [ 65.948491][ T4365] [ 65.950820][ T4365] Memory state around the buggy address: [ 65.956475][ T4365] ffff88809fd3d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.964544][ T4365] ffff88809fd3d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.972612][ T4365] >ffff88809fd3d180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.980678][ T4365] ^ [ 65.987961][ T4365] ffff88809fd3d200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.996042][ T4365] ffff88809fd3d280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.004354][ T4365] ================================================================== [ 66.012403][ T4365] Disabling lock debugging due to kernel taint [ 66.018619][ T4365] Kernel panic - not syncing: panic_on_warn set ... [ 66.025204][ T4365] CPU: 0 PID: 4365 Comm: kworker/u4:9 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 66.035170][ T4365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.045409][ T4365] Workqueue: netns cleanup_net [ 66.050174][ T4365] Call Trace: [ 66.053664][ T4365] dump_stack+0x18f/0x20d [ 66.057995][ T4365] ? afs_wake_up_async_call+0x670/0x770 [ 66.063532][ T4365] ? afs_put_call+0xa40/0xa40 [ 66.068291][ T4365] panic+0x2e3/0x75c [ 66.072192][ T4365] ? __warn_printk+0xf3/0xf3 [ 66.076869][ T4365] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 66.083110][ T4365] ? trace_hardirqs_on+0x55/0x220 [ 66.088215][ T4365] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.093747][ T4365] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.099284][ T4365] ? afs_put_call+0xa40/0xa40 [ 66.104385][ T4365] end_report+0x4d/0x53 [ 66.108532][ T4365] kasan_report.cold+0xd/0x37 [ 66.113208][ T4365] ? rcu_read_lock_held_common+0x51/0xa0 [ 66.118842][ T4365] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.124383][ T4365] afs_wake_up_async_call+0x6aa/0x770 [ 66.129751][ T4365] ? afs_close_socket+0x320/0x320 [ 66.134766][ T4365] ? afs_put_call+0xa40/0xa40 [ 66.139444][ T4365] rxrpc_notify_socket+0x1db/0x5d0 [ 66.144545][ T4365] ? afs_put_call+0xa40/0xa40 [ 66.149909][ T4365] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 66.156408][ T4365] rxrpc_call_completed+0xca/0xf0 [ 66.161518][ T4365] rxrpc_discard_prealloc+0x781/0xab0 [ 66.166901][ T4365] ? lock_sock_nested+0x94/0x110 [ 66.171839][ T4365] rxrpc_listen+0x147/0x360 [ 66.176335][ T4365] afs_close_socket+0x95/0x320 [ 66.181109][ T4365] ? afs_purge_servers+0x16d/0x300 [ 66.186226][ T4365] ? afs_rx_discard_new_call+0x50/0x50 [ 66.191766][ T4365] ? init_wait_var_entry+0x200/0x200 [ 66.197046][ T4365] ? rcu_read_lock_held_common+0xa0/0xa0 [ 66.202668][ T4365] ? check_preemption_disabled+0x38/0x220 [ 66.208377][ T4365] afs_net_exit+0x1bc/0x310 [ 66.212870][ T4365] ? afs_net_init+0xe30/0xe30 [ 66.217535][ T4365] ops_exit_list.isra.0+0xa8/0x150 [ 66.222637][ T4365] cleanup_net+0x511/0xa50 [ 66.227066][ T4365] ? unregister_pernet_device+0x70/0x70 [ 66.232624][ T4365] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.238602][ T4365] process_one_work+0x965/0x1690 [ 66.243541][ T4365] ? lock_release+0x800/0x800 [ 66.248240][ T4365] ? pwq_dec_nr_in_flight+0x310/0x310 [ 66.253607][ T4365] ? rwlock_bug.part.0+0x90/0x90 [ 66.258540][ T4365] worker_thread+0x96/0xe10 [ 66.263043][ T4365] ? process_one_work+0x1690/0x1690 [ 66.268234][ T4365] kthread+0x3b5/0x4a0 [ 66.272298][ T4365] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.278019][ T4365] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.283740][ T4365] ret_from_fork+0x1f/0x30 [ 66.289578][ T4365] Kernel Offset: disabled [ 66.293968][ T4365] Rebooting in 86400 seconds..