[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ 55.052578][ T6747] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6747 [ 55.062164][ T6747] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 55.068089][ T6747] CPU: 1 PID: 6747 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 55.076327][ T6747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.086388][ T6747] Call Trace: [ 55.089692][ T6747] dump_stack+0x18f/0x20d [ 55.094544][ T6747] check_preemption_disabled+0x20d/0x220 [ 55.094571][ T6747] ext4_mb_new_blocks+0xa4d/0x3b70 [ 55.105349][ T6747] ? ext4_ext_search_right+0x2ca/0xb20 [ 55.110954][ T6747] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 55.116707][ T6747] ext4_ext_map_blocks+0x201b/0x33e0 [ 55.122028][ T6747] ? ext4_ext_release+0x10/0x10 [ 55.126916][ T6747] ? down_write_killable+0x170/0x170 [ 55.132220][ T6747] ? ext4_es_lookup_extent+0x41d/0xd10 [ 55.137803][ T6747] ext4_map_blocks+0x4cb/0x1640 [ 55.142660][ T6747] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 55.147875][ T6747] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 55.153446][ T6747] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 55.159434][ T6747] ? prandom_u32_state+0xe/0x170 [ 55.164381][ T6747] ? __brelse+0x84/0xa0 [ 55.168845][ T6747] ? __ext4_new_inode+0x144/0x55e0 [ 55.174000][ T6747] ext4_getblk+0xad/0x520 [ 55.178468][ T6747] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 55.184218][ T6747] ? ext4_free_inode+0x1700/0x1700 [ 55.189335][ T6747] ext4_bread+0x7c/0x380 [ 55.193583][ T6747] ? ext4_getblk+0x520/0x520 [ 55.198322][ T6747] ? dquot_get_next_dqblk+0x180/0x180 [ 55.203829][ T6747] ext4_append+0x153/0x360 [ 55.208249][ T6747] ext4_mkdir+0x5e0/0xdf0 [ 55.212573][ T6747] ? ext4_rmdir+0xde0/0xde0 [ 55.217083][ T6747] ? security_inode_permission+0xc4/0xf0 [ 55.222714][ T6747] vfs_mkdir+0x419/0x690 [ 55.226952][ T6747] do_mkdirat+0x21e/0x280 [ 55.231273][ T6747] ? __ia32_sys_mknod+0xb0/0xb0 [ 55.236116][ T6747] ? do_syscall_64+0x1c/0xe0 [ 55.240699][ T6747] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 55.246666][ T6747] do_syscall_64+0x60/0xe0 [ 55.251122][ T6747] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.257246][ T6747] RIP: 0033:0x7fcbdc2a0687 [ 55.261671][ T6747] Code: Bad RIP value. [ 55.265741][ T6747] RSP: 002b:00007ffebfceb228 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 55.274143][ T6747] RAX: ffffffffffffffda RBX: 00005635acaa5985 RCX: 00007fcbdc2a0687 [ 55.282104][ T6747] RDX: 00007ffebfceb0f0 RSI: 00000000000001ed RDI: 00005635acaa5985 [ 55.290075][ T6747] RBP: 00007fcbdc2a0680 R08: 0000000000000100 R09: 0000000000000000 [ 55.298033][ T6747] R10: 00005635acaa5980 R11: 0000000000000246 R12: 00000000000001ed [ 55.306010][ T6747] R13: 00007ffebfceb3b0 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 57.788729][ T27] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:2/27 [ 57.797780][ T27] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.803772][ T27] CPU: 1 PID: 27 Comm: kworker/u4:2 Not tainted 5.7.0-syzkaller #0 [ 57.811678][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.821723][ T27] Workqueue: writeback wb_workfn (flush-8:0) [ 57.827694][ T27] Call Trace: [ 57.830968][ T27] dump_stack+0x18f/0x20d [ 57.835287][ T27] check_preemption_disabled+0x20d/0x220 [ 57.840901][ T27] ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.846005][ T27] ? ext4_find_extent+0x81a/0xad0 [ 57.851045][ T27] ? ext4_ext_search_right+0x2ca/0xb20 [ 57.856486][ T27] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 57.862196][ T27] ext4_ext_map_blocks+0x201b/0x33e0 [ 57.867467][ T27] ? ext4_ext_release+0x10/0x10 [ 57.872351][ T27] ? down_write_killable+0x170/0x170 [ 57.877633][ T27] ? ext4_es_lookup_extent+0x41d/0xd10 [ 57.883078][ T27] ext4_map_blocks+0x4cb/0x1640 [ 57.888045][ T27] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 57.893229][ T27] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.898785][ T27] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.904747][ T27] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 57.910187][ T27] ext4_writepages+0x1a7b/0x33c0 [ 57.915137][ T27] ? __ext4_mark_inode_dirty+0x940/0x940 [ 57.920751][ T27] ? __lock_acquire+0x2224/0x48b0 [ 57.925819][ T27] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.931785][ T27] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.937770][ T27] ? __ext4_mark_inode_dirty+0x940/0x940 [ 57.943390][ T27] ? do_writepages+0xfa/0x2a0 [ 57.948089][ T27] do_writepages+0xfa/0x2a0 [ 57.952584][ T27] ? page_writeback_cpu_online+0x10/0x10 [ 57.958226][ T27] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.963758][ T27] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.969719][ T27] ? lock_downgrade+0x840/0x840 [ 57.974557][ T27] __writeback_single_inode+0x12a/0x13d0 [ 57.980195][ T27] ? _raw_spin_unlock+0x24/0x40 [ 57.985026][ T27] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 57.990993][ T27] writeback_sb_inodes+0x515/0xdc0 [ 57.996102][ T27] ? __writeback_single_inode+0x13d0/0x13d0 [ 58.002019][ T27] __writeback_inodes_wb+0xc3/0x250 [ 58.007282][ T27] wb_writeback+0x8db/0xd50 [ 58.011941][ T27] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 58.018289][ T27] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 58.024175][ T27] ? cpumask_next+0x3c/0x40 [ 58.028671][ T27] ? get_nr_dirty_inodes+0xd6/0x130 [ 58.033919][ T27] wb_workfn+0xab3/0x1090 [ 58.038243][ T27] ? inode_wait_for_writeback+0x30/0x30 [ 58.043787][ T27] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.049317][ T27] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.055298][ T27] process_one_work+0x965/0x1690 [ 58.060242][ T27] ? lock_release+0x800/0x800 [ 58.064906][ T27] ? pwq_dec_nr_in_flight+0x310/0x310 [ 58.070291][ T27] ? rwlock_bug.part.0+0x90/0x90 [ 58.075234][ T27] worker_thread+0x96/0xe10 [ 58.079743][ T27] ? process_one_work+0x1690/0x1690 [ 58.084918][ T27] kthread+0x3b5/0x4a0 [ 58.088983][ T27] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.094764][ T27] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.100960][ T27] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.15.197' (ECDSA) to the list of known hosts. 2020/06/14 11:45:13 fuzzer started 2020/06/14 11:45:13 connecting to host at 10.128.0.26:41085 2020/06/14 11:45:13 checking machine... 2020/06/14 11:45:13 checking revisions... 2020/06/14 11:45:13 testing simple program... [ 59.809965][ T6823] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6823 [ 59.819241][ T6823] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.825120][ T6823] CPU: 1 PID: 6823 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 59.833102][ T6823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.843233][ T6823] Call Trace: [ 59.846527][ T6823] dump_stack+0x18f/0x20d [ 59.850919][ T6823] check_preemption_disabled+0x20d/0x220 [ 59.856573][ T6823] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.861693][ T6823] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.867148][ T6823] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.872858][ T6823] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.878129][ T6823] ? ext4_ext_release+0x10/0x10 [ 59.882970][ T6823] ? down_write_killable+0x170/0x170 [ 59.888234][ T6823] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.893676][ T6823] ext4_map_blocks+0x4cb/0x1640 [ 59.898879][ T6823] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.904053][ T6823] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.909650][ T6823] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.915627][ T6823] ? prandom_u32_state+0xe/0x170 [ 59.920614][ T6823] ? __brelse+0x84/0xa0 [ 59.924807][ T6823] ? __ext4_new_inode+0x144/0x55e0 [ 59.929956][ T6823] ext4_getblk+0xad/0x520 [ 59.934275][ T6823] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.939982][ T6823] ? ext4_free_inode+0x1700/0x1700 [ 59.945095][ T6823] ext4_bread+0x7c/0x380 [ 59.949342][ T6823] ? ext4_getblk+0x520/0x520 [ 59.953916][ T6823] ? dquot_get_next_dqblk+0x180/0x180 [ 59.959289][ T6823] ext4_append+0x153/0x360 [ 59.963687][ T6823] ext4_mkdir+0x5e0/0xdf0 [ 59.968016][ T6823] ? ext4_rmdir+0xde0/0xde0 [ 59.972520][ T6823] ? security_inode_permission+0xc4/0xf0 [ 59.978153][ T6823] vfs_mkdir+0x419/0x690 [ 59.982812][ T6823] do_mkdirat+0x21e/0x280 [ 59.987121][ T6823] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.991956][ T6823] ? do_syscall_64+0x1c/0xe0 [ 59.996987][ T6823] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.002972][ T6823] do_syscall_64+0x60/0xe0 [ 60.007374][ T6823] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.013261][ T6823] RIP: 0033:0x4b02a0 [ 60.017129][ T6823] Code: Bad RIP value. [ 60.021229][ T6823] RSP: 002b:000000c00016d4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 60.029687][ T6823] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 60.037640][ T6823] RDX: 00000000000001c0 RSI: 000000c00009ec60 RDI: ffffffffffffff9c [ 60.045624][ T6823] RBP: 000000c00016d510 R08: 0000000000000000 R09: 0000000000000000 [ 60.053599][ T6823] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 60.061555][ T6823] R13: 0000000000000064 R14: 0000000000000063 R15: 0000000000000100 [ 60.088338][ T6833] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6833 [ 60.097797][ T6833] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.103684][ T6833] CPU: 0 PID: 6833 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.111930][ T6833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.121981][ T6833] Call Trace: [ 60.125270][ T6833] dump_stack+0x18f/0x20d [ 60.129604][ T6833] check_preemption_disabled+0x20d/0x220 [ 60.135221][ T6833] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.140324][ T6833] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.145855][ T6833] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.151581][ T6833] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.156851][ T6833] ? ext4_ext_release+0x10/0x10 [ 60.161693][ T6833] ? down_write_killable+0x170/0x170 [ 60.167015][ T6833] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.172487][ T6833] ext4_map_blocks+0x4cb/0x1640 [ 60.177328][ T6833] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.182509][ T6833] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.188043][ T6833] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.194108][ T6833] ? prandom_u32_state+0xe/0x170 [ 60.199046][ T6833] ? __brelse+0x84/0xa0 [ 60.203200][ T6833] ? __ext4_new_inode+0x144/0x55e0 [ 60.208308][ T6833] ext4_getblk+0xad/0x520 [ 60.212618][ T6833] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.218334][ T6833] ? ext4_free_inode+0x1700/0x1700 [ 60.223424][ T6833] ext4_bread+0x7c/0x380 [ 60.227653][ T6833] ? ext4_getblk+0x520/0x520 [ 60.232228][ T6833] ? dquot_get_next_dqblk+0x180/0x180 [ 60.237580][ T6833] ext4_append+0x153/0x360 [ 60.241983][ T6833] ext4_mkdir+0x5e0/0xdf0 [ 60.246313][ T6833] ? ext4_rmdir+0xde0/0xde0 [ 60.250829][ T6833] ? security_inode_permission+0xc4/0xf0 [ 60.256462][ T6833] vfs_mkdir+0x419/0x690 [ 60.260776][ T6833] do_mkdirat+0x21e/0x280 [ 60.265126][ T6833] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.270118][ T6833] ? do_syscall_64+0x1c/0xe0 [ 60.274702][ T6833] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.280672][ T6833] do_syscall_64+0x60/0xe0 [ 60.285078][ T6833] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.290968][ T6833] RIP: 0033:0x45bee7 [ 60.294853][ T6833] Code: Bad RIP value. [ 60.298895][ T6833] RSP: 002b:00007ffd7cc486e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 60.307283][ T6833] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 60.315235][ T6833] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffd7cc488c0 [ 60.323189][ T6833] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003840 [ 60.331159][ T6833] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 60.339110][ T6833] R13: 00007ffd7cc488c0 R14: 8421084210842109 R15: 00007ffd7cc488cc [ 60.467725][ T6835] IPVS: ftp: loaded support on port[0] = 21 [ 60.505032][ T6835] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6835 [ 60.514637][ T6835] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.520640][ T6835] CPU: 0 PID: 6835 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.528880][ T6835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.539028][ T6835] Call Trace: [ 60.542328][ T6835] dump_stack+0x18f/0x20d [ 60.546665][ T6835] check_preemption_disabled+0x20d/0x220 [ 60.552394][ T6835] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.557497][ T6835] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.562942][ T6835] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.568657][ T6835] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.573934][ T6835] ? ext4_ext_release+0x10/0x10 [ 60.578790][ T6835] ? down_write_killable+0x170/0x170 [ 60.584066][ T6835] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.589530][ T6835] ext4_map_blocks+0x4cb/0x1640 [ 60.594484][ T6835] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.599805][ T6835] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.605361][ T6835] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.611331][ T6835] ? prandom_u32_state+0xe/0x170 [ 60.616255][ T6835] ? __brelse+0x84/0xa0 [ 60.620397][ T6835] ? __ext4_new_inode+0x144/0x55e0 [ 60.625515][ T6835] ext4_getblk+0xad/0x520 [ 60.629849][ T6835] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.635549][ T6835] ? ext4_free_inode+0x1700/0x1700 [ 60.640644][ T6835] ext4_bread+0x7c/0x380 [ 60.644866][ T6835] ? ext4_getblk+0x520/0x520 [ 60.649458][ T6835] ? dquot_get_next_dqblk+0x180/0x180 [ 60.654830][ T6835] ext4_append+0x153/0x360 [ 60.659250][ T6835] ext4_mkdir+0x5e0/0xdf0 [ 60.663565][ T6835] ? ext4_rmdir+0xde0/0xde0 [ 60.668055][ T6835] ? security_inode_permission+0xc4/0xf0 [ 60.673690][ T6835] vfs_mkdir+0x419/0x690 [ 60.677943][ T6835] do_mkdirat+0x21e/0x280 [ 60.682254][ T6835] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.687108][ T6835] ? do_syscall_64+0x1c/0xe0 [ 60.691694][ T6835] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.697664][ T6835] do_syscall_64+0x60/0xe0 [ 60.702067][ T6835] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.707949][ T6835] RIP: 0033:0x45bee7 [ 60.711828][ T6835] Code: Bad RIP value. [ 60.715874][ T6835] RSP: 002b:00007ffd7cc485d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 60.724293][ T6835] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 60.732260][ T6835] RDX: 00007ffd7cc48623 RSI: 00000000000001ff RDI: 00007ffd7cc48620 [ 60.740223][ T6835] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 60.748351][ T6835] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185d0 [ 60.756450][ T6835] R13: 00007ffd7cc48610 R14: 0000000000000000 R15: 00007ffd7cc48620 [ 60.808343][ T6835] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6835 [ 60.818081][ T6835] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.823988][ T6835] CPU: 1 PID: 6835 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.832255][ T6835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.842312][ T6835] Call Trace: [ 60.845611][ T6835] dump_stack+0x18f/0x20d [ 60.849956][ T6835] check_preemption_disabled+0x20d/0x220 [ 60.855599][ T6835] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.860730][ T6835] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.866193][ T6835] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.871934][ T6835] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.877231][ T6835] ? ext4_ext_release+0x10/0x10 [ 60.882104][ T6835] ? down_write_killable+0x170/0x170 [ 60.887393][ T6835] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.893001][ T6835] ext4_map_blocks+0x4cb/0x1640 [ 60.897844][ T6835] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.903031][ T6835] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.908562][ T6835] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.914526][ T6835] ? prandom_u32_state+0xe/0x170 [ 60.919452][ T6835] ? __brelse+0x84/0xa0 [ 60.923591][ T6835] ? __ext4_new_inode+0x144/0x55e0 [ 60.928705][ T6835] ext4_getblk+0xad/0x520 [ 60.933017][ T6835] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.938727][ T6835] ? ext4_free_inode+0x1700/0x1700 [ 60.943842][ T6835] ext4_bread+0x7c/0x380 [ 60.948079][ T6835] ? ext4_getblk+0x520/0x520 [ 60.952664][ T6835] ? dquot_get_next_dqblk+0x180/0x180 [ 60.958025][ T6835] ext4_append+0x153/0x360 [ 60.962442][ T6835] ext4_mkdir+0x5e0/0xdf0 [ 60.966756][ T6835] ? ext4_rmdir+0xde0/0xde0 [ 60.971245][ T6835] ? security_inode_permission+0xc4/0xf0 [ 60.979483][ T6835] vfs_mkdir+0x419/0x690 [ 60.983728][ T6835] do_mkdirat+0x21e/0x280 [ 60.988080][ T6835] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.992936][ T6835] ? do_syscall_64+0x1c/0xe0 [ 60.997518][ T6835] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.003707][ T6835] do_syscall_64+0x60/0xe0 [ 61.008120][ T6835] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.014008][ T6835] RIP: 0033:0x45bee7 [ 61.017893][ T6835] Code: Bad RIP value. [ 61.021941][ T6835] RSP: 002b:00007ffd7cc485d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 61.030331][ T6835] RAX: ffffffffffffffda RBX: 000000000000ed79 RCX: 000000000045bee7 [ 61.038283][ T6835] RDX: 00007ffd7cc48623 RSI: 00000000000001ff RDI: 00007ffd7cc48620 [ 61.046428][ T6835] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/14 11:45:14 building call list... [ 61.054403][ T6835] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 61.062381][ T6835] R13: 00007ffd7cc48610 R14: 000000000000ed75 R15: 00007ffd7cc48620 [ 61.287571][ T152] tipc: TX() has been purged, node left! [ 61.829775][ T152] ================================================================== [ 61.838105][ T152] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 61.846024][ T152] Write of size 1 at addr ffff8880a00801e4 by task kworker/u4:4/152 [ 61.854004][ T152] [ 61.856338][ T152] CPU: 1 PID: 152 Comm: kworker/u4:4 Not tainted 5.7.0-syzkaller #0 [ 61.864332][ T152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.874398][ T152] Workqueue: netns cleanup_net [ 61.879164][ T152] Call Trace: [ 61.882488][ T152] dump_stack+0x18f/0x20d [ 61.886823][ T152] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.892387][ T152] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.897953][ T152] ? afs_put_call+0xa40/0xa40 [ 61.902636][ T152] print_address_description.constprop.0.cold+0xd3/0x413 [ 61.909668][ T152] ? vprintk_func+0x97/0x1a6 [ 61.914272][ T152] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.919821][ T152] kasan_report.cold+0x1f/0x37 [ 61.924594][ T152] ? rcu_read_lock_held+0x81/0xb0 [ 61.929615][ T152] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.935167][ T152] afs_wake_up_async_call+0x6aa/0x770 [ 61.940538][ T152] ? afs_close_socket+0x320/0x320 [ 61.945567][ T152] ? afs_put_call+0xa40/0xa40 [ 61.950250][ T152] rxrpc_notify_socket+0x1db/0x5d0 [ 61.955395][ T152] ? afs_put_call+0xa40/0xa40 [ 61.960076][ T152] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 61.966497][ T152] rxrpc_call_completed+0xca/0xf0 [ 61.971531][ T152] rxrpc_discard_prealloc+0x781/0xab0 [ 61.976914][ T152] ? lock_sock_nested+0x94/0x110 [ 61.981863][ T152] rxrpc_listen+0x147/0x360 [ 61.986376][ T152] afs_close_socket+0x95/0x320 [ 61.991230][ T152] ? afs_purge_servers+0x16d/0x300 [ 61.996349][ T152] ? afs_rx_discard_new_call+0x50/0x50 [ 62.001817][ T152] ? init_wait_var_entry+0x200/0x200 [ 62.007120][ T152] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.012768][ T152] ? check_preemption_disabled+0x38/0x220 [ 62.018500][ T152] afs_net_exit+0x1bc/0x310 [ 62.023007][ T152] ? afs_net_init+0xe30/0xe30 [ 62.027690][ T152] ops_exit_list.isra.0+0xa8/0x150 [ 62.032806][ T152] cleanup_net+0x511/0xa50 [ 62.037225][ T152] ? unregister_pernet_device+0x70/0x70 [ 62.042777][ T152] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.048768][ T152] process_one_work+0x965/0x1690 [ 62.053738][ T152] ? lock_release+0x800/0x800 [ 62.058431][ T152] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.063855][ T152] ? rwlock_bug.part.0+0x90/0x90 [ 62.068829][ T152] worker_thread+0x96/0xe10 [ 62.073346][ T152] ? process_one_work+0x1690/0x1690 [ 62.078555][ T152] kthread+0x3b5/0x4a0 [ 62.082635][ T152] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.088363][ T152] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.094087][ T152] ret_from_fork+0x1f/0x30 [ 62.098618][ T152] [ 62.100941][ T152] Allocated by task 6835: [ 62.105270][ T152] save_stack+0x1b/0x40 [ 62.109422][ T152] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 62.115049][ T152] kmem_cache_alloc_trace+0x153/0x7d0 [ 62.120415][ T152] afs_alloc_call+0x55/0x630 [ 62.124999][ T152] afs_charge_preallocation+0xe9/0x2d0 [ 62.130455][ T152] afs_open_socket+0x292/0x360 [ 62.135225][ T152] afs_net_init+0xa6c/0xe30 [ 62.139760][ T152] ops_init+0xaf/0x420 [ 62.143821][ T152] setup_net+0x2de/0x860 [ 62.148071][ T152] copy_net_ns+0x293/0x590 [ 62.152484][ T152] create_new_namespaces+0x3fb/0xb30 [ 62.157765][ T152] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 62.163392][ T152] ksys_unshare+0x43d/0x8e0 [ 62.167892][ T152] __x64_sys_unshare+0x2d/0x40 [ 62.172652][ T152] do_syscall_64+0x60/0xe0 [ 62.177079][ T152] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.182956][ T152] [ 62.185277][ T152] Freed by task 152: [ 62.189168][ T152] save_stack+0x1b/0x40 [ 62.193318][ T152] __kasan_slab_free+0xf7/0x140 [ 62.198162][ T152] kfree+0x109/0x2b0 [ 62.202052][ T152] afs_put_call+0x585/0xa40 [ 62.206550][ T152] rxrpc_discard_prealloc+0x764/0xab0 [ 62.211914][ T152] rxrpc_listen+0x147/0x360 [ 62.216411][ T152] afs_close_socket+0x95/0x320 [ 62.221174][ T152] afs_net_exit+0x1bc/0x310 [ 62.225699][ T152] ops_exit_list.isra.0+0xa8/0x150 [ 62.230808][ T152] cleanup_net+0x511/0xa50 [ 62.235216][ T152] process_one_work+0x965/0x1690 [ 62.240151][ T152] worker_thread+0x96/0xe10 [ 62.244680][ T152] kthread+0x3b5/0x4a0 [ 62.248743][ T152] ret_from_fork+0x1f/0x30 [ 62.253143][ T152] [ 62.255481][ T152] The buggy address belongs to the object at ffff8880a0080000 [ 62.255481][ T152] which belongs to the cache kmalloc-1k of size 1024 [ 62.269528][ T152] The buggy address is located 484 bytes inside of [ 62.269528][ T152] 1024-byte region [ffff8880a0080000, ffff8880a0080400) [ 62.282874][ T152] The buggy address belongs to the page: [ 62.288505][ T152] page:ffffea0002802000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 62.297599][ T152] flags: 0xfffe0000000200(slab) [ 62.302454][ T152] raw: 00fffe0000000200 ffffea0002550c08 ffffea00028056c8 ffff8880aa000c40 [ 62.311034][ T152] raw: 0000000000000000 ffff8880a0080000 0000000100000002 0000000000000000 [ 62.319605][ T152] page dumped because: kasan: bad access detected [ 62.326007][ T152] [ 62.328324][ T152] Memory state around the buggy address: [ 62.333956][ T152] ffff8880a0080080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.342014][ T152] ffff8880a0080100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.350074][ T152] >ffff8880a0080180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.358129][ T152] ^ [ 62.365323][ T152] ffff8880a0080200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.373380][ T152] ffff8880a0080280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.381453][ T152] ================================================================== [ 62.389510][ T152] Disabling lock debugging due to kernel taint [ 62.395717][ T152] Kernel panic - not syncing: panic_on_warn set ... [ 62.402305][ T152] CPU: 1 PID: 152 Comm: kworker/u4:4 Tainted: G B 5.7.0-syzkaller #0 [ 62.411651][ T152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.421701][ T152] Workqueue: netns cleanup_net [ 62.426454][ T152] Call Trace: [ 62.429739][ T152] dump_stack+0x18f/0x20d [ 62.434059][ T152] ? afs_wake_up_async_call+0x5f0/0x770 [ 62.439592][ T152] ? afs_put_call+0xa40/0xa40 [ 62.444274][ T152] panic+0x2e3/0x75c [ 62.448159][ T152] ? __warn_printk+0xf3/0xf3 [ 62.452743][ T152] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 62.458888][ T152] ? trace_hardirqs_on+0x55/0x220 [ 62.463903][ T152] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.469436][ T152] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.474965][ T152] ? afs_put_call+0xa40/0xa40 [ 62.479631][ T152] end_report+0x4d/0x53 [ 62.483777][ T152] kasan_report.cold+0xd/0x37 [ 62.488476][ T152] ? rcu_read_lock_held+0x81/0xb0 [ 62.493484][ T152] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.499017][ T152] afs_wake_up_async_call+0x6aa/0x770 [ 62.504374][ T152] ? afs_close_socket+0x320/0x320 [ 62.509404][ T152] ? afs_put_call+0xa40/0xa40 [ 62.514072][ T152] rxrpc_notify_socket+0x1db/0x5d0 [ 62.519182][ T152] ? afs_put_call+0xa40/0xa40 [ 62.523852][ T152] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 62.530261][ T152] rxrpc_call_completed+0xca/0xf0 [ 62.535283][ T152] rxrpc_discard_prealloc+0x781/0xab0 [ 62.540648][ T152] ? lock_sock_nested+0x94/0x110 [ 62.545576][ T152] rxrpc_listen+0x147/0x360 [ 62.550070][ T152] afs_close_socket+0x95/0x320 [ 62.554853][ T152] ? afs_purge_servers+0x16d/0x300 [ 62.559955][ T152] ? afs_rx_discard_new_call+0x50/0x50 [ 62.565406][ T152] ? init_wait_var_entry+0x200/0x200 [ 62.570685][ T152] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.576309][ T152] ? check_preemption_disabled+0x38/0x220 executing program [ 62.582024][ T152] afs_net_exit+0x1bc/0x310 [ 62.586521][ T152] ? afs_net_init+0xe30/0xe30 [ 62.591185][ T152] ops_exit_list.isra.0+0xa8/0x150 [ 62.596401][ T152] cleanup_net+0x511/0xa50 [ 62.600825][ T152] ? unregister_pernet_device+0x70/0x70 [ 62.606374][ T152] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.612359][ T152] process_one_work+0x965/0x1690 [ 62.617303][ T152] ? lock_release+0x800/0x800 [ 62.621980][ T152] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.627350][ T152] ? rwlock_bug.part.0+0x90/0x90 [ 62.632290][ T152] worker_thread+0x96/0xe10 [ 62.636802][ T152] ? process_one_work+0x1690/0x1690 [ 62.642002][ T152] kthread+0x3b5/0x4a0 [ 62.646077][ T152] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.651795][ T152] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.657516][ T152] ret_from_fork+0x1f/0x30 [ 62.663313][ T152] Kernel Offset: disabled [ 62.667625][ T152] Rebooting in 86400 seconds..