[ 51.561181][ T1] R10: 000055e1eb793c80 R11: 0000000000000246 R12: 000055e1eb793c80 [ 51.569157][ T1] R13: 0000000000000000 R14: 0000000000000017 R15: 00007ffe972bd510 [ OK ] Started Daily apt download activities. [ OK ] Started Daily apt upgrade and clean activities. [ OK ] Reached target Timers. [ OK ] Started Regular background program processing daemon. [ OK ] Started System Logging Service. [ OK ] Started Permit User Sessions. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ 62.863800][ T7] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:0/7 [ 62.872781][ T7] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.878840][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.7.0-syzkaller #0 [ 62.886647][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.896717][ T7] Workqueue: writeback wb_workfn (flush-8:0) [ 62.902692][ T7] Call Trace: [ 62.906034][ T7] dump_stack+0x18f/0x20d [ 62.910374][ T7] check_preemption_disabled+0x20d/0x220 [ 62.916033][ T7] ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.921164][ T7] ? ext4_find_extent+0x81a/0xad0 [ 62.926205][ T7] ? ext4_ext_search_right+0x2ca/0xb20 [ 62.931688][ T7] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 62.937421][ T7] ext4_ext_map_blocks+0x201b/0x33e0 [ 62.942732][ T7] ? ext4_ext_release+0x10/0x10 [ 62.947608][ T7] ? down_write_killable+0x170/0x170 [ 62.952918][ T7] ? ext4_es_lookup_extent+0x41d/0xd10 [ 62.958388][ T7] ext4_map_blocks+0x4cb/0x1640 [ 62.963246][ T7] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 62.968460][ T7] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.974098][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.980105][ T7] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 62.985571][ T7] ext4_writepages+0x1a7b/0x33c0 [ 62.990557][ T7] ? __ext4_mark_inode_dirty+0x940/0x940 [ 62.996193][ T7] ? __lock_acquire+0x2224/0x48b0 [ 63.001236][ T7] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 63.007225][ T7] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 63.013210][ T7] ? __ext4_mark_inode_dirty+0x940/0x940 [ 63.018843][ T7] ? do_writepages+0xfa/0x2a0 [ 63.023524][ T7] do_writepages+0xfa/0x2a0 [ 63.028042][ T7] ? page_writeback_cpu_online+0x10/0x10 [ 63.033683][ T7] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.039233][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.045224][ T7] ? lock_downgrade+0x840/0x840 [ 63.050086][ T7] __writeback_single_inode+0x12a/0x13d0 [ 63.055727][ T7] ? _raw_spin_unlock+0x24/0x40 [ 63.060673][ T7] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 63.066677][ T7] writeback_sb_inodes+0x515/0xdc0 [ 63.071816][ T7] ? __writeback_single_inode+0x13d0/0x13d0 [ 63.077742][ T7] __writeback_inodes_wb+0xc3/0x250 [ 63.082963][ T7] wb_writeback+0x8db/0xd50 [ 63.087488][ T7] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 63.093825][ T7] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 63.099725][ T7] ? cpumask_next+0x3c/0x40 [ 63.104231][ T7] ? get_nr_dirty_inodes+0xd6/0x130 [ 63.109440][ T7] wb_workfn+0xab3/0x1090 [ 63.113796][ T7] ? inode_wait_for_writeback+0x30/0x30 [ 63.119348][ T7] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.124896][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.130886][ T7] process_one_work+0x965/0x1690 [ 63.135831][ T7] ? lock_release+0x800/0x800 [ 63.140523][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.145899][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 63.150852][ T7] worker_thread+0x96/0xe10 [ 63.155365][ T7] ? process_one_work+0x1690/0x1690 [ 63.160567][ T7] kthread+0x3b5/0x4a0 [ 63.164642][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.170365][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.176089][ T7] ret_from_fork+0x1f/0x30 [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ 65.511050][ T6738] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6738 [ 65.521840][ T6738] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.527875][ T6738] CPU: 1 PID: 6738 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 65.536541][ T6738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.546698][ T6738] Call Trace: [ 65.550193][ T6738] dump_stack+0x18f/0x20d [ 65.554689][ T6738] check_preemption_disabled+0x20d/0x220 [ 65.560534][ T6738] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.565678][ T6738] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.571160][ T6738] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.577396][ T6738] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.577422][ T6738] ? ext4_ext_release+0x10/0x10 [ 65.577456][ T6738] ? down_write_killable+0x170/0x170 [ 65.577469][ T6738] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.577492][ T6738] ext4_map_blocks+0x4cb/0x1640 [ 65.577515][ T6738] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.577531][ T6738] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.577548][ T6738] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.577562][ T6738] ? prandom_u32_state+0xe/0x170 [ 65.577580][ T6738] ? __brelse+0x84/0xa0 [ 65.577595][ T6738] ? __ext4_new_inode+0x144/0x55e0 [ 65.577615][ T6738] ext4_getblk+0xad/0x520 [ 65.577633][ T6738] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.577653][ T6738] ? ext4_free_inode+0x1700/0x1700 [ 65.577672][ T6738] ext4_bread+0x7c/0x380 [ 65.577687][ T6738] ? ext4_getblk+0x520/0x520 [ 65.577708][ T6738] ? dquot_get_next_dqblk+0x180/0x180 [ 65.577730][ T6738] ext4_append+0x153/0x360 [ 65.577751][ T6738] ext4_mkdir+0x5e0/0xdf0 [ 65.577782][ T6738] ? ext4_rmdir+0xde0/0xde0 [ 65.577811][ T6738] vfs_mkdir+0x419/0x690 [ 65.577831][ T6738] do_mkdirat+0x21e/0x280 [ 65.577849][ T6738] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.577865][ T6738] ? do_syscall_64+0x1c/0xe0 [ 65.577880][ T6738] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.577898][ T6738] do_syscall_64+0x60/0xe0 [ 65.577915][ T6738] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.577928][ T6738] RIP: 0033:0x7fda062d4687 [ 65.577933][ T6738] Code: Bad RIP value. [ 65.577941][ T6738] RSP: 002b:00007ffc05c8d568 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 65.577954][ T6738] RAX: ffffffffffffffda RBX: 0000555b7addb985 RCX: 00007fda062d4687 [ 65.577962][ T6738] RDX: 00007ffc05c8d430 RSI: 00000000000001ed RDI: 0000555b7addb985 [ 65.577971][ T6738] RBP: 00007fda062d4680 R08: 0000000000000100 R09: 0000000000000000 [ 65.577979][ T6738] R10: 0000555b7addb980 R11: 0000000000000246 R12: 00000000000001ed [ 65.577987][ T6738] R13: 00007ffc05c8d6f0 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Warning: Permanently added '10.128.15.196' (ECDSA) to the list of known hosts. Debian GNU/Linux 9 syzkaller ttyS0 2020/06/14 00:12:04 fuzzer started 2020/06/14 00:12:05 connecting to host at 10.128.0.26:36259 2020/06/14 00:12:05 checking machine... 2020/06/14 00:12:05 checking revisions... 2020/06/14 00:12:05 testing simple program... syzkaller login: [ 68.020801][ T6810] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6810 [ 68.030148][ T6810] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 68.036123][ T6810] CPU: 0 PID: 6810 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 68.044100][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.054512][ T6810] Call Trace: [ 68.057798][ T6810] dump_stack+0x18f/0x20d [ 68.062130][ T6810] check_preemption_disabled+0x20d/0x220 [ 68.067756][ T6810] ext4_mb_new_blocks+0xa4d/0x3b70 [ 68.072870][ T6810] ? ext4_ext_search_right+0x2ca/0xb20 [ 68.078315][ T6810] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 68.084211][ T6810] ext4_ext_map_blocks+0x201b/0x33e0 [ 68.089487][ T6810] ? ext4_ext_release+0x10/0x10 [ 68.094477][ T6810] ? down_write_killable+0x170/0x170 [ 68.099872][ T6810] ? ext4_es_lookup_extent+0x41d/0xd10 [ 68.105852][ T6810] ext4_map_blocks+0x4cb/0x1640 [ 68.111153][ T6810] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 68.117883][ T6810] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 68.123559][ T6810] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.129615][ T6810] ? prandom_u32_state+0xe/0x170 [ 68.134557][ T6810] ? __brelse+0x84/0xa0 [ 68.138900][ T6810] ? __ext4_new_inode+0x144/0x55e0 [ 68.144127][ T6810] ext4_getblk+0xad/0x520 [ 68.148456][ T6810] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 68.154626][ T6810] ? ext4_free_inode+0x1700/0x1700 [ 68.159864][ T6810] ext4_bread+0x7c/0x380 [ 68.164157][ T6810] ? ext4_getblk+0x520/0x520 [ 68.168863][ T6810] ? dquot_get_next_dqblk+0x180/0x180 [ 68.174386][ T6810] ext4_append+0x153/0x360 [ 68.179105][ T6810] ext4_mkdir+0x5e0/0xdf0 [ 68.183478][ T6810] ? ext4_rmdir+0xde0/0xde0 [ 68.188398][ T6810] vfs_mkdir+0x419/0x690 [ 68.193198][ T6810] do_mkdirat+0x21e/0x280 [ 68.197524][ T6810] ? __ia32_sys_mknod+0xb0/0xb0 [ 68.203077][ T6810] ? do_syscall_64+0x1c/0xe0 [ 68.207783][ T6810] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 68.213845][ T6810] do_syscall_64+0x60/0xe0 [ 68.218258][ T6810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.224230][ T6810] RIP: 0033:0x4b02a0 [ 68.228106][ T6810] Code: Bad RIP value. [ 68.232443][ T6810] RSP: 002b:000000c0000eb4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 68.241013][ T6810] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 68.249156][ T6810] RDX: 00000000000001c0 RSI: 000000c00009e8c0 RDI: ffffffffffffff9c [ 68.257652][ T6810] RBP: 000000c0000eb510 R08: 0000000000000000 R09: 0000000000000000 [ 68.265824][ T6810] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 68.274191][ T6810] R13: 0000000000000047 R14: 0000000000000046 R15: 0000000000000100 [ 68.292613][ T29] audit: type=1400 audit(1592093525.581:8): avc: denied { execmem } for pid=6813 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 68.301993][ T6813] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6813 [ 68.323061][ T6813] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 68.329127][ T6813] CPU: 1 PID: 6813 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 68.338055][ T6813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.348703][ T6813] Call Trace: [ 68.352003][ T6813] dump_stack+0x18f/0x20d [ 68.356370][ T6813] check_preemption_disabled+0x20d/0x220 [ 68.362134][ T6813] ext4_mb_new_blocks+0xa4d/0x3b70 [ 68.367408][ T6813] ? ext4_ext_search_right+0x2ca/0xb20 [ 68.373116][ T6813] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 68.378993][ T6813] ext4_ext_map_blocks+0x201b/0x33e0 [ 68.384300][ T6813] ? ext4_ext_release+0x10/0x10 [ 68.389539][ T6813] ? down_write_killable+0x170/0x170 [ 68.395096][ T6813] ? ext4_es_lookup_extent+0x41d/0xd10 [ 68.400726][ T6813] ext4_map_blocks+0x4cb/0x1640 [ 68.406151][ T6813] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 68.411345][ T6813] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 68.416950][ T6813] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.423262][ T6813] ? prandom_u32_state+0xe/0x170 [ 68.428357][ T6813] ? __brelse+0x84/0xa0 [ 68.432513][ T6813] ? __ext4_new_inode+0x144/0x55e0 [ 68.438490][ T6813] ext4_getblk+0xad/0x520 [ 68.442981][ T6813] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 68.449628][ T6813] ? ext4_free_inode+0x1700/0x1700 [ 68.455222][ T6813] ext4_bread+0x7c/0x380 [ 68.459469][ T6813] ? ext4_getblk+0x520/0x520 [ 68.464056][ T6813] ? dquot_get_next_dqblk+0x180/0x180 [ 68.469444][ T6813] ? security_transition_sid+0x123/0x190 [ 68.475238][ T6813] ? security_transition_sid+0xed/0x190 [ 68.480778][ T6813] ext4_append+0x153/0x360 [ 68.485332][ T6813] ext4_mkdir+0x5e0/0xdf0 [ 68.489662][ T6813] ? ext4_rmdir+0xde0/0xde0 [ 68.494380][ T6813] vfs_mkdir+0x419/0x690 [ 68.498840][ T6813] do_mkdirat+0x21e/0x280 [ 68.503175][ T6813] ? __ia32_sys_mknod+0xb0/0xb0 [ 68.508021][ T6813] ? do_syscall_64+0x1c/0xe0 [ 68.512606][ T6813] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 68.518814][ T6813] do_syscall_64+0x60/0xe0 [ 68.523320][ T6813] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.529554][ T6813] RIP: 0033:0x45bee7 [ 68.533917][ T6813] Code: Bad RIP value. [ 68.538264][ T6813] RSP: 002b:00007ffe1a653fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 68.547118][ T6813] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 68.555091][ T6813] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffe1a6541c0 [ 68.563190][ T6813] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 00000000000037c0 [ 68.571166][ T6813] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 68.580211][ T6813] R13: 00007ffe1a6541c0 R14: 8421084210842109 R15: 00007ffe1a6541cc [ 68.663593][ T6814] IPVS: ftp: loaded support on port[0] = 21 [ 68.701395][ T6814] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6814 [ 68.712284][ T6814] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 68.718553][ T6814] CPU: 0 PID: 6814 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 68.727227][ T6814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.738154][ T6814] Call Trace: [ 68.741856][ T6814] dump_stack+0x18f/0x20d [ 68.746198][ T6814] check_preemption_disabled+0x20d/0x220 [ 68.752598][ T6814] ext4_mb_new_blocks+0xa4d/0x3b70 [ 68.759210][ T6814] ? ext4_ext_search_right+0x2ca/0xb20 [ 68.765083][ T6814] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 68.771127][ T6814] ext4_ext_map_blocks+0x201b/0x33e0 [ 68.776546][ T6814] ? ext4_ext_release+0x10/0x10 [ 68.781538][ T6814] ? down_write_killable+0x170/0x170 [ 68.787216][ T6814] ? ext4_es_lookup_extent+0x41d/0xd10 [ 68.792675][ T6814] ext4_map_blocks+0x4cb/0x1640 [ 68.797522][ T6814] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 68.802861][ T6814] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 68.808432][ T6814] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.814583][ T6814] ? prandom_u32_state+0xe/0x170 [ 68.820054][ T6814] ? __brelse+0x84/0xa0 [ 68.824217][ T6814] ? __ext4_new_inode+0x144/0x55e0 [ 68.829535][ T6814] ext4_getblk+0xad/0x520 [ 68.834133][ T6814] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 68.840248][ T6814] ? ext4_free_inode+0x1700/0x1700 [ 68.845702][ T6814] ext4_bread+0x7c/0x380 [ 68.851024][ T6814] ? ext4_getblk+0x520/0x520 [ 68.855928][ T6814] ? dquot_get_next_dqblk+0x180/0x180 [ 68.861460][ T6814] ? security_transition_sid+0x123/0x190 [ 68.867287][ T6814] ? security_transition_sid+0xed/0x190 [ 68.872832][ T6814] ext4_append+0x153/0x360 [ 68.877247][ T6814] ext4_mkdir+0x5e0/0xdf0 [ 68.881748][ T6814] ? ext4_rmdir+0xde0/0xde0 [ 68.887230][ T6814] vfs_mkdir+0x419/0x690 [ 68.892134][ T6814] do_mkdirat+0x21e/0x280 [ 68.896592][ T6814] ? __ia32_sys_mknod+0xb0/0xb0 [ 68.901616][ T6814] ? do_syscall_64+0x1c/0xe0 [ 68.906346][ T6814] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 68.912766][ T6814] do_syscall_64+0x60/0xe0 [ 68.917202][ T6814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.923181][ T6814] RIP: 0033:0x45bee7 [ 68.927117][ T6814] Code: Bad RIP value. [ 68.931357][ T6814] RSP: 002b:00007ffe1a653ed8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 68.939943][ T6814] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 68.947923][ T6814] RDX: 00007ffe1a653f23 RSI: 00000000000001ff RDI: 00007ffe1a653f20 [ 68.955891][ T6814] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 68.963946][ T6814] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185d0 [ 68.971912][ T6814] R13: 00007ffe1a653f10 R14: 0000000000000000 R15: 00007ffe1a653f20 [ 69.024739][ T6814] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6814 [ 69.034301][ T6814] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 69.040356][ T6814] CPU: 0 PID: 6814 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 69.048867][ T6814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.059083][ T6814] Call Trace: [ 69.063047][ T6814] dump_stack+0x18f/0x20d [ 69.067535][ T6814] check_preemption_disabled+0x20d/0x220 [ 69.073202][ T6814] ext4_mb_new_blocks+0xa4d/0x3b70 [ 69.078535][ T6814] ? ext4_ext_search_right+0x2ca/0xb20 [ 69.084045][ T6814] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 69.089939][ T6814] ext4_ext_map_blocks+0x201b/0x33e0 [ 69.095581][ T6814] ? ext4_ext_release+0x10/0x10 [ 69.100554][ T6814] ? down_write_killable+0x170/0x170 [ 69.105857][ T6814] ? ext4_es_lookup_extent+0x41d/0xd10 [ 69.111624][ T6814] ext4_map_blocks+0x4cb/0x1640 [ 69.116490][ T6814] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 69.121724][ T6814] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 69.127268][ T6814] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 69.133504][ T6814] ? prandom_u32_state+0xe/0x170 [ 69.138436][ T6814] ? __brelse+0x84/0xa0 [ 69.142687][ T6814] ? __ext4_new_inode+0x144/0x55e0 [ 69.147828][ T6814] ext4_getblk+0xad/0x520 [ 69.152420][ T6814] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 69.158226][ T6814] ? ext4_free_inode+0x1700/0x1700 [ 69.163391][ T6814] ext4_bread+0x7c/0x380 [ 69.167628][ T6814] ? ext4_getblk+0x520/0x520 [ 69.172225][ T6814] ? dquot_get_next_dqblk+0x180/0x180 [ 69.177810][ T6814] ? security_transition_sid+0x123/0x190 [ 69.183446][ T6814] ? security_transition_sid+0xed/0x190 [ 69.188999][ T6814] ext4_append+0x153/0x360 [ 69.193426][ T6814] ext4_mkdir+0x5e0/0xdf0 [ 69.197747][ T6814] ? ext4_rmdir+0xde0/0xde0 [ 69.202375][ T6814] vfs_mkdir+0x419/0x690 [ 69.206796][ T6814] do_mkdirat+0x21e/0x280 [ 69.211596][ T6814] ? __ia32_sys_mknod+0xb0/0xb0 [ 69.217020][ T6814] ? do_syscall_64+0x1c/0xe0 [ 69.221666][ T6814] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 69.227733][ T6814] do_syscall_64+0x60/0xe0 [ 69.232336][ T6814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.243398][ T6814] RIP: 0033:0x45bee7 [ 69.247493][ T6814] Code: Bad RIP value. [ 69.251640][ T6814] RSP: 002b:00007ffe1a653ed8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 69.260586][ T6814] RAX: ffffffffffffffda RBX: 0000000000010d9b RCX: 000000000045bee7 2020/06/14 00:12:06 building call list... [ 69.271895][ T6814] RDX: 00007ffe1a653f23 RSI: 00000000000001ff RDI: 00007ffe1a653f20 [ 69.280784][ T6814] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 69.288917][ T6814] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 69.297640][ T6814] R13: 00007ffe1a653f10 R14: 0000000000010d92 R15: 00007ffe1a653f20 [ 69.552222][ T67] tipc: TX() has been purged, node left! [ 70.064466][ T67] ================================================================== [ 70.072866][ T67] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 70.080937][ T67] Write of size 1 at addr ffff8880a786e1e4 by task kworker/u4:3/67 [ 70.088965][ T67] [ 70.091302][ T67] CPU: 0 PID: 67 Comm: kworker/u4:3 Not tainted 5.7.0-syzkaller #0 [ 70.099279][ T67] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.109525][ T67] Workqueue: netns cleanup_net [ 70.114302][ T67] Call Trace: [ 70.117692][ T67] dump_stack+0x18f/0x20d [ 70.122188][ T67] ? afs_wake_up_async_call+0x6aa/0x770 [ 70.127740][ T67] ? afs_wake_up_async_call+0x6aa/0x770 [ 70.133376][ T67] ? afs_put_call+0xa40/0xa40 [ 70.138061][ T67] print_address_description.constprop.0.cold+0xd3/0x413 [ 70.145131][ T67] ? vprintk_func+0x97/0x1a6 [ 70.149818][ T67] ? afs_wake_up_async_call+0x6aa/0x770 [ 70.155370][ T67] kasan_report.cold+0x1f/0x37 [ 70.160149][ T67] ? rcu_read_lock_held+0x81/0xb0 [ 70.165185][ T67] ? afs_wake_up_async_call+0x6aa/0x770 [ 70.170742][ T67] afs_wake_up_async_call+0x6aa/0x770 [ 70.176122][ T67] ? afs_close_socket+0x320/0x320 [ 70.181204][ T67] ? afs_put_call+0xa40/0xa40 [ 70.185918][ T67] rxrpc_notify_socket+0x1db/0x5d0 [ 70.191137][ T67] ? afs_put_call+0xa40/0xa40 [ 70.195821][ T67] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 70.202246][ T67] rxrpc_call_completed+0xca/0xf0 [ 70.207289][ T67] rxrpc_discard_prealloc+0x781/0xab0 [ 70.212763][ T67] ? lock_sock_nested+0x94/0x110 [ 70.217807][ T67] rxrpc_listen+0x147/0x360 [ 70.222406][ T67] afs_close_socket+0x95/0x320 [ 70.227407][ T67] ? afs_purge_servers+0x16d/0x300 [ 70.232579][ T67] ? afs_rx_discard_new_call+0x50/0x50 [ 70.238065][ T67] ? init_wait_var_entry+0x200/0x200 [ 70.247971][ T67] ? rcu_read_lock_held_common+0xa0/0xa0 [ 70.253614][ T67] ? check_preemption_disabled+0x38/0x220 [ 70.259346][ T67] afs_net_exit+0x1bc/0x310 [ 70.263859][ T67] ? afs_net_init+0xe30/0xe30 [ 70.268545][ T67] ops_exit_list.isra.0+0xa8/0x150 [ 70.273992][ T67] cleanup_net+0x511/0xa50 [ 70.278447][ T67] ? unregister_pernet_device+0x70/0x70 [ 70.284758][ T67] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 70.291054][ T67] process_one_work+0x965/0x1690 [ 70.296127][ T67] ? lock_release+0x800/0x800 [ 70.300818][ T67] ? pwq_dec_nr_in_flight+0x310/0x310 [ 70.306384][ T67] ? rwlock_bug.part.0+0x90/0x90 [ 70.311346][ T67] worker_thread+0x96/0xe10 [ 70.315962][ T67] ? process_one_work+0x1690/0x1690 [ 70.321277][ T67] kthread+0x3b5/0x4a0 [ 70.325539][ T67] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 70.336227][ T67] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 70.342044][ T67] ret_from_fork+0x1f/0x30 [ 70.346476][ T67] [ 70.348808][ T67] Allocated by task 6814: [ 70.353145][ T67] save_stack+0x1b/0x40 [ 70.357437][ T67] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 70.363079][ T67] kmem_cache_alloc_trace+0x153/0x7d0 [ 70.368477][ T67] afs_alloc_call+0x55/0x630 [ 70.373184][ T67] afs_charge_preallocation+0xe9/0x2d0 [ 70.378644][ T67] afs_open_socket+0x292/0x360 [ 70.383498][ T67] afs_net_init+0xa6c/0xe30 [ 70.388003][ T67] ops_init+0xaf/0x420 [ 70.392141][ T67] setup_net+0x2de/0x860 [ 70.396539][ T67] copy_net_ns+0x293/0x590 [ 70.400972][ T67] create_new_namespaces+0x3fb/0xb30 [ 70.406270][ T67] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 70.412093][ T67] ksys_unshare+0x43d/0x8e0 [ 70.416605][ T67] __x64_sys_unshare+0x2d/0x40 [ 70.421635][ T67] do_syscall_64+0x60/0xe0 [ 70.426144][ T67] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 70.432141][ T67] [ 70.434472][ T67] Freed by task 67: [ 70.438287][ T67] save_stack+0x1b/0x40 [ 70.442926][ T67] __kasan_slab_free+0xf7/0x140 [ 70.447909][ T67] kfree+0x109/0x2b0 [ 70.451941][ T67] afs_put_call+0x585/0xa40 [ 70.456616][ T67] rxrpc_discard_prealloc+0x764/0xab0 [ 70.462100][ T67] rxrpc_listen+0x147/0x360 [ 70.466610][ T67] afs_close_socket+0x95/0x320 [ 70.471555][ T67] afs_net_exit+0x1bc/0x310 [ 70.476182][ T67] ops_exit_list.isra.0+0xa8/0x150 [ 70.481299][ T67] cleanup_net+0x511/0xa50 [ 70.485731][ T67] process_one_work+0x965/0x1690 [ 70.490684][ T67] worker_thread+0x96/0xe10 [ 70.495200][ T67] kthread+0x3b5/0x4a0 [ 70.499275][ T67] ret_from_fork+0x1f/0x30 [ 70.503940][ T67] [ 70.506310][ T67] The buggy address belongs to the object at ffff8880a786e000 [ 70.506310][ T67] which belongs to the cache kmalloc-1k of size 1024 [ 70.520456][ T67] The buggy address is located 484 bytes inside of [ 70.520456][ T67] 1024-byte region [ffff8880a786e000, ffff8880a786e400) [ 70.533815][ T67] The buggy address belongs to the page: [ 70.539454][ T67] page:ffffea00029e1b80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 70.548558][ T67] flags: 0xfffe0000000200(slab) [ 70.553421][ T67] raw: 00fffe0000000200 ffffea000280f788 ffffea0002860508 ffff8880aa000c40 [ 70.562190][ T67] raw: 0000000000000000 ffff8880a786e000 0000000100000002 0000000000000000 [ 70.570777][ T67] page dumped because: kasan: bad access detected [ 70.577197][ T67] [ 70.579525][ T67] Memory state around the buggy address: [ 70.585202][ T67] ffff8880a786e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.593269][ T67] ffff8880a786e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.601341][ T67] >ffff8880a786e180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.609550][ T67] ^ [ 70.616751][ T67] ffff8880a786e200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.625002][ T67] ffff8880a786e280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 70.633201][ T67] ================================================================== [ 70.641492][ T67] Disabling lock debugging due to kernel taint [ 70.647901][ T67] Kernel panic - not syncing: panic_on_warn set ... [ 70.654500][ T67] CPU: 0 PID: 67 Comm: kworker/u4:3 Tainted: G B 5.7.0-syzkaller #0 [ 70.664607][ T67] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.674953][ T67] Workqueue: netns cleanup_net [ 70.679722][ T67] Call Trace: [ 70.683033][ T67] dump_stack+0x18f/0x20d [ 70.687381][ T67] ? afs_wake_up_async_call+0x5f0/0x770 [ 70.693079][ T67] ? afs_put_call+0xa40/0xa40 [ 70.697768][ T67] panic+0x2e3/0x75c [ 70.701852][ T67] ? __warn_printk+0xf3/0xf3 [ 70.706818][ T67] ? asm_common_interrupt+0x1e/0x40 [ 70.712035][ T67] ? trace_hardirqs_on+0x55/0x220 [ 70.717072][ T67] ? afs_wake_up_async_call+0x6aa/0x770 [ 70.722626][ T67] ? afs_wake_up_async_call+0x6aa/0x770 [ 70.728316][ T67] ? afs_put_call+0xa40/0xa40 [ 70.733012][ T67] end_report+0x4d/0x53 [ 70.737178][ T67] kasan_report.cold+0xd/0x37 [ 70.741863][ T67] ? rcu_read_lock_held+0x81/0xb0 [ 70.747412][ T67] ? afs_wake_up_async_call+0x6aa/0x770 [ 70.753501][ T67] afs_wake_up_async_call+0x6aa/0x770 [ 70.759236][ T67] ? afs_close_socket+0x320/0x320 [ 70.764693][ T67] ? afs_put_call+0xa40/0xa40 [ 70.769369][ T67] rxrpc_notify_socket+0x1db/0x5d0 [ 70.774495][ T67] ? afs_put_call+0xa40/0xa40 [ 70.779308][ T67] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 70.785843][ T67] rxrpc_call_completed+0xca/0xf0 [ 70.791156][ T67] rxrpc_discard_prealloc+0x781/0xab0 [ 70.796984][ T67] ? lock_sock_nested+0x94/0x110 [ 70.802184][ T67] rxrpc_listen+0x147/0x360 [ 70.807200][ T67] afs_close_socket+0x95/0x320 [ 70.812145][ T67] ? afs_purge_servers+0x16d/0x300 [ 70.817345][ T67] ? afs_rx_discard_new_call+0x50/0x50 [ 70.823398][ T67] ? init_wait_var_entry+0x200/0x200 [ 70.828847][ T67] ? rcu_read_lock_held_common+0xa0/0xa0 [ 70.834482][ T67] ? check_preemption_disabled+0x38/0x220 [ 70.840513][ T67] afs_net_exit+0x1bc/0x310 [ 70.845366][ T67] ? afs_net_init+0xe30/0xe30 [ 70.850193][ T67] ops_exit_list.isra.0+0xa8/0x150 [ 70.855419][ T67] cleanup_net+0x511/0xa50 [ 70.860232][ T67] ? unregister_pernet_device+0x70/0x70 [ 70.866386][ T67] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 70.872377][ T67] process_one_work+0x965/0x1690 [ 70.877636][ T67] ? lock_release+0x800/0x800 [ 70.882562][ T67] ? pwq_dec_nr_in_flight+0x310/0x310 [ 70.888229][ T67] ? rwlock_bug.part.0+0x90/0x90 [ 70.893628][ T67] worker_thread+0x96/0xe10 [ 70.898141][ T67] ? process_one_work+0x1690/0x1690 [ 70.903717][ T67] kthread+0x3b5/0x4a0 [ 70.907929][ T67] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 70.914719][ T67] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 70.920636][ T67] ret_from_fork+0x1f/0x30 [ 70.926936][ T67] Kernel Offset: disabled [ 70.931282][ T67] Rebooting in 86400 seconds..