[ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. [ 50.914131][ T4774] systemd-udevd (4774) used greatest stack depth: 21856 bytes left [ 51.938688][ T6719] scp (6719) used greatest stack depth: 21184 bytes left Starting Load/Save RF Kill Switch Status... [ 52.883140][ T6727] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6727 [ 52.892616][ T6727] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 52.898624][ T6727] CPU: 0 PID: 6727 Comm: systemd-rfkill Not tainted 5.7.0-next-20200611-syzkaller #0 [ 52.908150][ T6727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.918375][ T6727] Call Trace: [ 52.921678][ T6727] dump_stack+0x18f/0x20d [ 52.926017][ T6727] check_preemption_disabled+0x20d/0x220 [ 52.931757][ T6727] ext4_mb_new_blocks+0xa4d/0x3b70 [ 52.936866][ T6727] ? ext4_ext_search_right+0x2ca/0xb20 [ 52.942373][ T6727] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 52.948095][ T6727] ext4_ext_map_blocks+0x201b/0x33e0 [ 52.953380][ T6727] ? ext4_ext_release+0x10/0x10 [ 52.958242][ T6727] ? down_write_killable+0x170/0x170 [ 52.963504][ T6727] ? ext4_es_lookup_extent+0x41d/0xd10 [ 52.968981][ T6727] ext4_map_blocks+0x4cb/0x1640 [ 52.973860][ T6727] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 52.979636][ T6727] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 52.985194][ T6727] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 52.991279][ T6727] ? prandom_u32_state+0xe/0x170 [ 52.996224][ T6727] ? __brelse+0x84/0xa0 [ 53.000361][ T6727] ? __ext4_new_inode+0x144/0x55e0 [ 53.005972][ T6727] ext4_getblk+0xad/0x520 [ 53.010307][ T6727] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 53.016266][ T6727] ? ext4_free_inode+0x1700/0x1700 [ 53.021368][ T6727] ext4_bread+0x7c/0x380 [ 53.025601][ T6727] ? ext4_getblk+0x520/0x520 [ 53.030170][ T6727] ? dquot_get_next_dqblk+0x180/0x180 [ 53.035538][ T6727] ext4_append+0x153/0x360 [ 53.039936][ T6727] ext4_mkdir+0x5e0/0xdf0 [ 53.044245][ T6727] ? ext4_rmdir+0xde0/0xde0 [ 53.048730][ T6727] ? security_inode_permission+0xc4/0xf0 [ 53.054342][ T6727] vfs_mkdir+0x419/0x690 [ 53.058587][ T6727] do_mkdirat+0x21e/0x280 [ 53.062914][ T6727] ? __ia32_sys_mknod+0xb0/0xb0 [ 53.067746][ T6727] ? do_syscall_64+0x1c/0xe0 [ 53.072325][ T6727] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 53.078299][ T6727] do_syscall_64+0x60/0xe0 [ 53.082914][ T6727] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 53.088782][ T6727] RIP: 0033:0x7f5d78bb8687 [ 53.093168][ T6727] Code: Bad RIP value. [ 53.097403][ T6727] RSP: 002b:00007ffe56d41ae8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 53.106296][ T6727] RAX: ffffffffffffffda RBX: 0000556a319f4985 RCX: 00007f5d78bb8687 [ 53.114293][ T6727] RDX: 00007ffe56d419b0 RSI: 00000000000001ed RDI: 0000556a319f4985 [ 53.122250][ T6727] RBP: 00007f5d78bb8680 R08: 0000000000000100 R09: 0000000000000000 [ 53.130201][ T6727] R10: 0000556a319f4980 R11: 0000000000000246 R12: 00000000000001ed [ 53.138150][ T6727] R13: 00007ffe56d41c70 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 56.906797][ T2513] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:4/2513 [ 56.916172][ T2513] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.922223][ T2513] CPU: 0 PID: 2513 Comm: kworker/u4:4 Not tainted 5.7.0-next-20200611-syzkaller #0 [ 56.931482][ T2513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.941801][ T2513] Workqueue: writeback wb_workfn (flush-8:0) [ 56.947894][ T2513] Call Trace: [ 56.951169][ T2513] dump_stack+0x18f/0x20d [ 56.955483][ T2513] check_preemption_disabled+0x20d/0x220 [ 56.961226][ T2513] ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.966320][ T2513] ? ext4_find_extent+0x81a/0xad0 [ 56.971345][ T2513] ? ext4_ext_search_right+0x2ca/0xb20 [ 56.976795][ T2513] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 56.982550][ T2513] ext4_ext_map_blocks+0x201b/0x33e0 [ 56.987850][ T2513] ? ext4_ext_release+0x10/0x10 [ 56.992697][ T2513] ? down_write_killable+0x170/0x170 [ 56.998486][ T2513] ? ext4_es_lookup_extent+0x41d/0xd10 [ 57.003943][ T2513] ext4_map_blocks+0x4cb/0x1640 [ 57.008775][ T2513] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 57.013970][ T2513] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.019493][ T2513] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.025449][ T2513] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 57.030904][ T2513] ext4_writepages+0x1a83/0x33c0 [ 57.037320][ T2513] ? __ext4_mark_inode_dirty+0x940/0x940 [ 57.042928][ T2513] ? __lock_acquire+0x2224/0x48b0 [ 57.047957][ T2513] ? ext4_da_get_block_prep+0x1120/0x1120 [ 57.053671][ T2513] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.059631][ T2513] ? __ext4_mark_inode_dirty+0x940/0x940 [ 57.065253][ T2513] ? do_writepages+0xf3/0x2a0 [ 57.069905][ T2513] do_writepages+0xf3/0x2a0 [ 57.074391][ T2513] ? page_writeback_cpu_online+0x10/0x10 [ 57.080001][ T2513] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.085536][ T2513] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.091504][ T2513] ? lock_downgrade+0x840/0x840 [ 57.096353][ T2513] __writeback_single_inode+0x12a/0x13d0 [ 57.101979][ T2513] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 57.107938][ T2513] writeback_sb_inodes+0x541/0xe40 [ 57.113034][ T2513] ? __writeback_single_inode+0x13d0/0x13d0 [ 57.118917][ T2513] __writeback_inodes_wb+0xc6/0x280 [ 57.124120][ T2513] wb_writeback+0x8c9/0xd40 [ 57.128622][ T2513] ? find_held_lock+0x2d/0x110 [ 57.133367][ T2513] ? writeback_inodes_wb.constprop.0+0x1d0/0x1d0 [ 57.139697][ T2513] ? cpumask_next+0x3c/0x40 [ 57.144183][ T2513] ? get_nr_dirty_inodes+0xd6/0x130 [ 57.149359][ T2513] wb_workfn+0xab5/0x1090 [ 57.153685][ T2513] ? inode_wait_for_writeback+0x30/0x30 [ 57.159209][ T2513] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.164812][ T2513] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.170794][ T2513] process_one_work+0x965/0x1690 [ 57.175726][ T2513] ? lock_release+0x800/0x800 [ 57.180386][ T2513] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.185998][ T2513] ? rwlock_bug.part.0+0x90/0x90 [ 57.191103][ T2513] worker_thread+0x96/0xe10 [ 57.195715][ T2513] ? process_one_work+0x1690/0x1690 [ 57.200902][ T2513] kthread+0x3b5/0x4a0 [ 57.204955][ T2513] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.210756][ T2513] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.216484][ T2513] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.15.197' (ECDSA) to the list of known hosts. 2020/06/11 12:28:19 fuzzer started 2020/06/11 12:28:19 connecting to host at 10.128.0.26:41867 2020/06/11 12:28:19 checking machine... 2020/06/11 12:28:19 checking revisions... 2020/06/11 12:28:19 testing simple program... [ 58.614816][ T6789] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6789 [ 58.624691][ T6789] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.630843][ T6789] CPU: 0 PID: 6789 Comm: syz-fuzzer Not tainted 5.7.0-next-20200611-syzkaller #0 [ 58.639987][ T6789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.650139][ T6789] Call Trace: [ 58.653433][ T6789] dump_stack+0x18f/0x20d [ 58.657831][ T6789] check_preemption_disabled+0x20d/0x220 [ 58.663457][ T6789] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.668563][ T6789] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.674009][ T6789] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.679820][ T6789] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.685117][ T6789] ? ext4_ext_release+0x10/0x10 [ 58.689967][ T6789] ? down_write_killable+0x170/0x170 [ 58.695260][ T6789] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.700715][ T6789] ext4_map_blocks+0x4cb/0x1640 [ 58.705577][ T6789] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.710758][ T6789] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.716395][ T6789] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.722362][ T6789] ? prandom_u32_state+0xe/0x170 [ 58.728097][ T6789] ? __brelse+0x84/0xa0 [ 58.732257][ T6789] ? __ext4_new_inode+0x144/0x55e0 [ 58.737348][ T6789] ext4_getblk+0xad/0x520 [ 58.741674][ T6789] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.747447][ T6789] ? ext4_free_inode+0x1700/0x1700 [ 58.752560][ T6789] ext4_bread+0x7c/0x380 [ 58.756966][ T6789] ? ext4_getblk+0x520/0x520 [ 58.761558][ T6789] ? dquot_get_next_dqblk+0x180/0x180 [ 58.767041][ T6789] ext4_append+0x153/0x360 [ 58.771811][ T6789] ext4_mkdir+0x5e0/0xdf0 [ 58.776123][ T6789] ? ext4_rmdir+0xde0/0xde0 [ 58.780876][ T6789] ? security_inode_permission+0xc4/0xf0 [ 58.786503][ T6789] vfs_mkdir+0x419/0x690 [ 58.790754][ T6789] do_mkdirat+0x21e/0x280 [ 58.795070][ T6789] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.799929][ T6789] ? do_syscall_64+0x1c/0xe0 [ 58.804691][ T6789] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.810683][ T6789] do_syscall_64+0x60/0xe0 [ 58.815357][ T6789] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.822835][ T6789] RIP: 0033:0x4b02a0 [ 58.826708][ T6789] Code: Bad RIP value. [ 58.830750][ T6789] RSP: 002b:000000c0000db4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 58.839137][ T6789] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 58.847085][ T6789] RDX: 00000000000001c0 RSI: 000000c00009ed60 RDI: ffffffffffffff9c [ 58.855031][ T6789] RBP: 000000c0000db510 R08: 0000000000000000 R09: 0000000000000000 [ 58.863087][ T6789] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 58.871056][ T6789] R13: 000000000000006c R14: 000000000000006b R15: 0000000000000100 [ 58.888512][ T6792] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6792 [ 58.898384][ T6792] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.904258][ T6792] CPU: 0 PID: 6792 Comm: syz-executor.0 Not tainted 5.7.0-next-20200611-syzkaller #0 [ 58.913702][ T6792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.923749][ T6792] Call Trace: [ 58.927023][ T6792] dump_stack+0x18f/0x20d [ 58.931336][ T6792] check_preemption_disabled+0x20d/0x220 [ 58.936949][ T6792] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.942148][ T6792] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.947587][ T6792] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.953287][ T6792] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.958554][ T6792] ? ext4_ext_release+0x10/0x10 [ 58.963398][ T6792] ? down_write_killable+0x170/0x170 [ 58.968662][ T6792] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.974123][ T6792] ext4_map_blocks+0x4cb/0x1640 [ 58.978977][ T6792] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.984239][ T6792] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.989967][ T6792] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.995941][ T6792] ? prandom_u32_state+0xe/0x170 [ 59.000873][ T6792] ? __brelse+0x84/0xa0 [ 59.005017][ T6792] ? __ext4_new_inode+0x144/0x55e0 [ 59.010138][ T6792] ext4_getblk+0xad/0x520 [ 59.014456][ T6792] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.020155][ T6792] ? ext4_free_inode+0x1700/0x1700 [ 59.025248][ T6792] ext4_bread+0x7c/0x380 [ 59.029471][ T6792] ? ext4_getblk+0x520/0x520 [ 59.034038][ T6792] ? dquot_get_next_dqblk+0x180/0x180 [ 59.039410][ T6792] ext4_append+0x153/0x360 [ 59.043823][ T6792] ext4_mkdir+0x5e0/0xdf0 [ 59.048154][ T6792] ? ext4_rmdir+0xde0/0xde0 [ 59.052656][ T6792] ? security_inode_permission+0xc4/0xf0 [ 59.058284][ T6792] vfs_mkdir+0x419/0x690 [ 59.062519][ T6792] do_mkdirat+0x21e/0x280 [ 59.067003][ T6792] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.071837][ T6792] ? do_syscall_64+0x1c/0xe0 [ 59.076416][ T6792] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.082566][ T6792] do_syscall_64+0x60/0xe0 [ 59.086962][ T6792] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.092834][ T6792] RIP: 0033:0x45bee7 [ 59.096814][ T6792] Code: Bad RIP value. [ 59.100874][ T6792] RSP: 002b:00007ffd9ef3ba68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.109282][ T6792] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 59.118024][ T6792] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007ffd9ef3bc40 [ 59.125995][ T6792] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002c80 [ 59.134043][ T6792] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 59.141992][ T6792] R13: 00007ffd9ef3bc40 R14: 8421084210842109 R15: 00007ffd9ef3bc4c [ 59.226440][ T6793] IPVS: ftp: loaded support on port[0] = 21 [ 59.262411][ T6793] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6793 [ 59.271923][ T6793] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.277996][ T6793] CPU: 1 PID: 6793 Comm: syz-executor.0 Not tainted 5.7.0-next-20200611-syzkaller #0 [ 59.287530][ T6793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.297653][ T6793] Call Trace: [ 59.301013][ T6793] dump_stack+0x18f/0x20d [ 59.305370][ T6793] check_preemption_disabled+0x20d/0x220 [ 59.310983][ T6793] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.316107][ T6793] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.322081][ T6793] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.327781][ T6793] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.333071][ T6793] ? ext4_ext_release+0x10/0x10 [ 59.337931][ T6793] ? down_write_killable+0x170/0x170 [ 59.343818][ T6793] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.349259][ T6793] ext4_map_blocks+0x4cb/0x1640 [ 59.354105][ T6793] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.359282][ T6793] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.364825][ T6793] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.370780][ T6793] ? prandom_u32_state+0xe/0x170 [ 59.375696][ T6793] ? __brelse+0x84/0xa0 [ 59.379836][ T6793] ? __ext4_new_inode+0x144/0x55e0 [ 59.385013][ T6793] ext4_getblk+0xad/0x520 [ 59.389324][ T6793] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.395040][ T6793] ? ext4_free_inode+0x1700/0x1700 [ 59.400562][ T6793] ext4_bread+0x7c/0x380 [ 59.404786][ T6793] ? ext4_getblk+0x520/0x520 [ 59.409373][ T6793] ? dquot_get_next_dqblk+0x180/0x180 [ 59.414722][ T6793] ext4_append+0x153/0x360 [ 59.419142][ T6793] ext4_mkdir+0x5e0/0xdf0 [ 59.423453][ T6793] ? ext4_rmdir+0xde0/0xde0 [ 59.427937][ T6793] ? security_inode_permission+0xc4/0xf0 [ 59.434607][ T6793] vfs_mkdir+0x419/0x690 [ 59.438949][ T6793] do_mkdirat+0x21e/0x280 [ 59.443280][ T6793] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.448116][ T6793] ? do_syscall_64+0x1c/0xe0 [ 59.452690][ T6793] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.458670][ T6793] do_syscall_64+0x60/0xe0 [ 59.463189][ T6793] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.469077][ T6793] RIP: 0033:0x45bee7 [ 59.472946][ T6793] Code: Bad RIP value. [ 59.477045][ T6793] RSP: 002b:00007ffd9ef3b958 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 59.485808][ T6793] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 59.496178][ T6793] RDX: 00007ffd9ef3b9a3 RSI: 00000000000001ff RDI: 00007ffd9ef3b9a0 [ 59.504342][ T6793] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 59.512294][ T6793] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 59.520337][ T6793] R13: 00007ffd9ef3b990 R14: 0000000000000000 R15: 00007ffd9ef3b9a0 [ 59.570263][ T6793] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6793 [ 59.579761][ T6793] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.585677][ T6793] CPU: 1 PID: 6793 Comm: syz-executor.0 Not tainted 5.7.0-next-20200611-syzkaller #0 [ 59.595120][ T6793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.605258][ T6793] Call Trace: [ 59.608558][ T6793] dump_stack+0x18f/0x20d [ 59.612990][ T6793] check_preemption_disabled+0x20d/0x220 [ 59.618641][ T6793] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.623782][ T6793] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.629255][ T6793] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.635004][ T6793] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.640318][ T6793] ? ext4_ext_release+0x10/0x10 [ 59.645219][ T6793] ? down_write_killable+0x170/0x170 [ 59.650504][ T6793] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.655965][ T6793] ext4_map_blocks+0x4cb/0x1640 [ 59.660810][ T6793] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.666184][ T6793] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.672042][ T6793] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.678026][ T6793] ? prandom_u32_state+0xe/0x170 [ 59.683227][ T6793] ? __brelse+0x84/0xa0 [ 59.687380][ T6793] ? __ext4_new_inode+0x144/0x55e0 [ 59.692493][ T6793] ext4_getblk+0xad/0x520 [ 59.696811][ T6793] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.702535][ T6793] ? ext4_free_inode+0x1700/0x1700 [ 59.707649][ T6793] ext4_bread+0x7c/0x380 [ 59.711873][ T6793] ? ext4_getblk+0x520/0x520 [ 59.716448][ T6793] ? dquot_get_next_dqblk+0x180/0x180 [ 59.721801][ T6793] ext4_append+0x153/0x360 [ 59.726198][ T6793] ext4_mkdir+0x5e0/0xdf0 [ 59.730509][ T6793] ? ext4_rmdir+0xde0/0xde0 [ 59.734994][ T6793] ? security_inode_permission+0xc4/0xf0 [ 59.740623][ T6793] vfs_mkdir+0x419/0x690 [ 59.744846][ T6793] do_mkdirat+0x21e/0x280 [ 59.749246][ T6793] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.754338][ T6793] ? do_syscall_64+0x1c/0xe0 [ 59.759014][ T6793] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.764975][ T6793] do_syscall_64+0x60/0xe0 [ 59.769471][ T6793] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.775339][ T6793] RIP: 0033:0x45bee7 [ 59.779209][ T6793] Code: Bad RIP value. [ 59.783249][ T6793] RSP: 002b:00007ffd9ef3b958 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 59.791783][ T6793] RAX: ffffffffffffffda RBX: 000000000000e8a7 RCX: 000000000045bee7 [ 59.799774][ T6793] RDX: 00007ffd9ef3b9a3 RSI: 00000000000001ff RDI: 00007ffd9ef3b9a0 [ 59.807754][ T6793] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/11 12:28:21 building call list... [ 59.815712][ T6793] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 59.823663][ T6793] R13: 00007ffd9ef3b990 R14: 000000000000e8a4 R15: 00007ffd9ef3b9a0 [ 60.045962][ T2513] tipc: TX() has been purged, node left! [ 60.568015][ T2513] ================================================================== [ 60.576243][ T2513] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 60.584390][ T2513] Write of size 1 at addr ffff8880a60271e4 by task kworker/u4:4/2513 [ 60.592457][ T2513] [ 60.594788][ T2513] CPU: 1 PID: 2513 Comm: kworker/u4:4 Not tainted 5.7.0-next-20200611-syzkaller #0 [ 60.604143][ T2513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.614230][ T2513] Workqueue: netns cleanup_net [ 60.618990][ T2513] Call Trace: [ 60.622287][ T2513] dump_stack+0x18f/0x20d [ 60.626635][ T2513] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.632187][ T2513] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.637734][ T2513] ? afs_put_call+0xa40/0xa40 [ 60.642748][ T2513] print_address_description.constprop.0.cold+0xd3/0x413 [ 60.649961][ T2513] ? vprintk_func+0x97/0x1a6 [ 60.654574][ T2513] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.660205][ T2513] kasan_report.cold+0x1f/0x37 [ 60.664977][ T2513] ? rcu_read_lock_held_common+0x71/0xa0 [ 60.670606][ T2513] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.676161][ T2513] afs_wake_up_async_call+0x6aa/0x770 [ 60.681529][ T2513] ? afs_close_socket+0x320/0x320 [ 60.686553][ T2513] ? afs_put_call+0xa40/0xa40 [ 60.691227][ T2513] rxrpc_notify_socket+0x1db/0x5d0 [ 60.696342][ T2513] ? afs_put_call+0xa40/0xa40 [ 60.701041][ T2513] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 60.707460][ T2513] rxrpc_call_completed+0xca/0xf0 [ 60.712484][ T2513] rxrpc_discard_prealloc+0x781/0xab0 [ 60.717857][ T2513] ? lock_sock_nested+0x94/0x110 [ 60.723068][ T2513] rxrpc_listen+0x147/0x360 [ 60.727576][ T2513] afs_close_socket+0x95/0x320 [ 60.732334][ T2513] ? afs_purge_servers+0x16d/0x300 [ 60.737444][ T2513] ? afs_rx_discard_new_call+0x50/0x50 [ 60.743528][ T2513] ? init_wait_var_entry+0x200/0x200 [ 60.748816][ T2513] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.754461][ T2513] ? check_preemption_disabled+0x38/0x220 [ 60.760443][ T2513] afs_net_exit+0x1bc/0x310 [ 60.764942][ T2513] ? afs_net_init+0xe30/0xe30 [ 60.769643][ T2513] ops_exit_list.isra.0+0xa8/0x150 [ 60.774757][ T2513] cleanup_net+0x511/0xa50 [ 60.779186][ T2513] ? unregister_pernet_device+0x70/0x70 [ 60.784752][ T2513] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.790761][ T2513] process_one_work+0x965/0x1690 [ 60.795725][ T2513] ? lock_release+0x800/0x800 [ 60.800436][ T2513] ? pwq_dec_nr_in_flight+0x310/0x310 [ 60.805810][ T2513] ? rwlock_bug.part.0+0x90/0x90 [ 60.811236][ T2513] worker_thread+0x96/0xe10 [ 60.815754][ T2513] ? process_one_work+0x1690/0x1690 [ 60.820963][ T2513] kthread+0x3b5/0x4a0 [ 60.825035][ T2513] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.830758][ T2513] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.836493][ T2513] ret_from_fork+0x1f/0x30 [ 60.840920][ T2513] [ 60.843242][ T2513] Allocated by task 6793: [ 60.847573][ T2513] save_stack+0x1b/0x40 [ 60.851729][ T2513] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 60.857366][ T2513] kmem_cache_alloc_trace+0x153/0x7d0 [ 60.862741][ T2513] afs_alloc_call+0x55/0x630 [ 60.867332][ T2513] afs_charge_preallocation+0xe9/0x2d0 [ 60.872791][ T2513] afs_open_socket+0x292/0x360 [ 60.877555][ T2513] afs_net_init+0xa6c/0xe30 [ 60.882075][ T2513] ops_init+0xaf/0x420 [ 60.886145][ T2513] setup_net+0x2de/0x860 [ 60.890383][ T2513] copy_net_ns+0x293/0x590 [ 60.894794][ T2513] create_new_namespaces+0x3fb/0xb30 [ 60.900098][ T2513] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 60.905729][ T2513] ksys_unshare+0x43d/0x8e0 [ 60.910228][ T2513] __x64_sys_unshare+0x2d/0x40 [ 60.914990][ T2513] do_syscall_64+0x60/0xe0 [ 60.919400][ T2513] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.925277][ T2513] [ 60.927596][ T2513] Freed by task 2513: [ 60.931575][ T2513] save_stack+0x1b/0x40 [ 60.935725][ T2513] __kasan_slab_free+0xf7/0x140 [ 60.940569][ T2513] kfree+0x109/0x2b0 [ 60.944459][ T2513] afs_put_call+0x585/0xa40 [ 60.948962][ T2513] rxrpc_discard_prealloc+0x764/0xab0 [ 60.954327][ T2513] rxrpc_listen+0x147/0x360 [ 60.958825][ T2513] afs_close_socket+0x95/0x320 [ 60.963583][ T2513] afs_net_exit+0x1bc/0x310 [ 60.968082][ T2513] ops_exit_list.isra.0+0xa8/0x150 [ 60.973198][ T2513] cleanup_net+0x511/0xa50 [ 60.977785][ T2513] process_one_work+0x965/0x1690 [ 60.982725][ T2513] worker_thread+0x96/0xe10 [ 60.987223][ T2513] kthread+0x3b5/0x4a0 [ 60.991290][ T2513] ret_from_fork+0x1f/0x30 [ 60.995691][ T2513] [ 60.998019][ T2513] The buggy address belongs to the object at ffff8880a6027000 [ 60.998019][ T2513] which belongs to the cache kmalloc-1k of size 1024 [ 61.012063][ T2513] The buggy address is located 484 bytes inside of [ 61.012063][ T2513] 1024-byte region [ffff8880a6027000, ffff8880a6027400) [ 61.025407][ T2513] The buggy address belongs to the page: [ 61.031473][ T2513] page:ffffea00029809c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 61.040571][ T2513] flags: 0xfffe0000000200(slab) [ 61.045424][ T2513] raw: 00fffe0000000200 ffffea00028c3ac8 ffffea0002988548 ffff8880aa000c40 [ 61.054006][ T2513] raw: 0000000000000000 ffff8880a6027000 0000000100000002 0000000000000000 [ 61.062579][ T2513] page dumped because: kasan: bad access detected [ 61.069078][ T2513] [ 61.071404][ T2513] Memory state around the buggy address: [ 61.077028][ T2513] ffff8880a6027080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.085089][ T2513] ffff8880a6027100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.093155][ T2513] >ffff8880a6027180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.101218][ T2513] ^ [ 61.109189][ T2513] ffff8880a6027200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.117246][ T2513] ffff8880a6027280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.125730][ T2513] ================================================================== [ 61.133786][ T2513] Disabling lock debugging due to kernel taint [ 61.139977][ T2513] Kernel panic - not syncing: panic_on_warn set ... [ 61.146696][ T2513] CPU: 1 PID: 2513 Comm: kworker/u4:4 Tainted: G B 5.7.0-next-20200611-syzkaller #0 [ 61.157347][ T2513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.167419][ T2513] Workqueue: netns cleanup_net [ 61.172167][ T2513] Call Trace: [ 61.175452][ T2513] dump_stack+0x18f/0x20d [ 61.179777][ T2513] ? afs_wake_up_async_call+0x660/0x770 [ 61.185311][ T2513] ? afs_put_call+0xa40/0xa40 [ 61.189978][ T2513] panic+0x2e3/0x75c [ 61.193864][ T2513] ? __warn_printk+0xf3/0xf3 [ 61.198444][ T2513] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 61.204592][ T2513] ? trace_hardirqs_on+0x55/0x220 [ 61.209608][ T2513] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.215230][ T2513] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.220786][ T2513] ? afs_put_call+0xa40/0xa40 [ 61.225455][ T2513] end_report+0x4d/0x53 [ 61.229617][ T2513] kasan_report.cold+0xd/0x37 [ 61.234292][ T2513] ? rcu_read_lock_held_common+0x71/0xa0 [ 61.239918][ T2513] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.245457][ T2513] afs_wake_up_async_call+0x6aa/0x770 [ 61.250826][ T2513] ? afs_close_socket+0x320/0x320 [ 61.255843][ T2513] ? afs_put_call+0xa40/0xa40 [ 61.260511][ T2513] rxrpc_notify_socket+0x1db/0x5d0 [ 61.265616][ T2513] ? afs_put_call+0xa40/0xa40 [ 61.270285][ T2513] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 61.276698][ T2513] rxrpc_call_completed+0xca/0xf0 [ 61.281716][ T2513] rxrpc_discard_prealloc+0x781/0xab0 [ 61.287081][ T2513] ? lock_sock_nested+0x94/0x110 [ 61.292014][ T2513] rxrpc_listen+0x147/0x360 [ 61.296597][ T2513] afs_close_socket+0x95/0x320 [ 61.301352][ T2513] ? afs_purge_servers+0x16d/0x300 [ 61.306457][ T2513] ? afs_rx_discard_new_call+0x50/0x50 [ 61.311914][ T2513] ? init_wait_var_entry+0x200/0x200 [ 61.317194][ T2513] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.322822][ T2513] ? check_preemption_disabled+0x38/0x220 [ 61.328533][ T2513] afs_net_exit+0x1bc/0x310 [ 61.333040][ T2513] ? afs_net_init+0xe30/0xe30 [ 61.337745][ T2513] ops_exit_list.isra.0+0xa8/0x150 [ 61.342889][ T2513] cleanup_net+0x511/0xa50 [ 61.347318][ T2513] ? unregister_pernet_device+0x70/0x70 [ 61.352954][ T2513] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.358940][ T2513] process_one_work+0x965/0x1690 [ 61.363884][ T2513] ? lock_release+0x800/0x800 [ 61.368567][ T2513] ? pwq_dec_nr_in_flight+0x310/0x310 [ 61.373943][ T2513] ? rwlock_bug.part.0+0x90/0x90 [ 61.378885][ T2513] worker_thread+0x96/0xe10 [ 61.383400][ T2513] ? process_one_work+0x1690/0x1690 [ 61.388604][ T2513] kthread+0x3b5/0x4a0 [ 61.392675][ T2513] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.398434][ T2513] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.404284][ T2513] ret_from_fork+0x1f/0x30 [ 61.409847][ T2513] Kernel Offset: disabled [ 61.414174][ T2513] Rebooting in 86400 seconds..