[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ 59.062433][ T6735] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6735 [ 59.073742][ T6735] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.079636][ T6735] CPU: 1 PID: 6735 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 59.088197][ T6735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.099620][ T6735] Call Trace: [ 59.102903][ T6735] dump_stack+0x18f/0x20d [ 59.107232][ T6735] check_preemption_disabled+0x20d/0x220 [ 59.112940][ T6735] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.119361][ T6735] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.128852][ T6735] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.134955][ T6735] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.140411][ T6735] ? ext4_ext_release+0x10/0x10 [ 59.145270][ T6735] ? down_write_killable+0x170/0x170 [ 59.150713][ T6735] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.156173][ T6735] ext4_map_blocks+0x4cb/0x1640 [ 59.161007][ T6735] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.166275][ T6735] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.171798][ T6735] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.177757][ T6735] ? prandom_u32_state+0xe/0x170 [ 59.182674][ T6735] ? __brelse+0x84/0xa0 [ 59.186811][ T6735] ? __ext4_new_inode+0x144/0x55e0 [ 59.191916][ T6735] ext4_getblk+0xad/0x520 [ 59.196234][ T6735] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.202107][ T6735] ? ext4_free_inode+0x1700/0x1700 [ 59.207203][ T6735] ext4_bread+0x7c/0x380 [ 59.211426][ T6735] ? ext4_getblk+0x520/0x520 [ 59.216968][ T6735] ? dquot_get_next_dqblk+0x180/0x180 [ 59.222337][ T6735] ext4_append+0x153/0x360 [ 59.226748][ T6735] ext4_mkdir+0x5e0/0xdf0 [ 59.231082][ T6735] ? ext4_rmdir+0xde0/0xde0 [ 59.235583][ T6735] ? security_inode_permission+0xc4/0xf0 [ 59.241196][ T6735] vfs_mkdir+0x419/0x690 [ 59.245436][ T6735] do_mkdirat+0x21e/0x280 [ 59.249758][ T6735] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.254586][ T6735] ? do_syscall_64+0x1c/0xe0 [ 59.259154][ T6735] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.265117][ T6735] do_syscall_64+0x60/0xe0 [ 59.269604][ T6735] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.275475][ T6735] RIP: 0033:0x7f0215501687 [ 59.279878][ T6735] Code: Bad RIP value. [ 59.283920][ T6735] RSP: 002b:00007ffc4b8d28e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.292307][ T6735] RAX: ffffffffffffffda RBX: 000055950772f985 RCX: 00007f0215501687 [ 59.300276][ T6735] RDX: 00007ffc4b8d27b0 RSI: 00000000000001ed RDI: 000055950772f985 [ 59.308401][ T6735] RBP: 00007f0215501680 R08: 0000000000000100 R09: 0000000000000000 [ 59.319149][ T6735] R10: 000055950772f980 R11: 0000000000000246 R12: 00000000000001ed [ 59.327102][ T6735] R13: 00007ffc4b8d2a70 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.7' (ECDSA) to the list of known hosts. 2020/06/15 19:31:51 fuzzer started 2020/06/15 19:31:51 connecting to host at 10.128.0.26:34187 2020/06/15 19:31:51 checking machine... 2020/06/15 19:31:51 checking revisions... 2020/06/15 19:31:51 testing simple program... syzkaller login: [ 64.281960][ T6814] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6814 [ 64.291140][ T6814] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.297363][ T6814] CPU: 0 PID: 6814 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 64.305618][ T6814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.315845][ T6814] Call Trace: [ 64.319145][ T6814] dump_stack+0x18f/0x20d [ 64.323487][ T6814] check_preemption_disabled+0x20d/0x220 [ 64.329210][ T6814] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.335557][ T6814] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.341015][ T6814] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.347709][ T6814] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.353006][ T6814] ? ext4_ext_release+0x10/0x10 [ 64.357883][ T6814] ? down_write_killable+0x170/0x170 [ 64.363161][ T6814] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.368614][ T6814] ext4_map_blocks+0x4cb/0x1640 [ 64.373464][ T6814] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.378775][ T6814] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.387012][ T6814] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.392992][ T6814] ? prandom_u32_state+0xe/0x170 [ 64.398001][ T6814] ? __brelse+0x84/0xa0 [ 64.402242][ T6814] ? __ext4_new_inode+0x144/0x55e0 [ 64.407336][ T6814] ext4_getblk+0xad/0x520 [ 64.411910][ T6814] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.417631][ T6814] ? ext4_free_inode+0x1700/0x1700 [ 64.422749][ T6814] ext4_bread+0x7c/0x380 [ 64.427356][ T6814] ? ext4_getblk+0x520/0x520 [ 64.431929][ T6814] ? dquot_get_next_dqblk+0x180/0x180 [ 64.437307][ T6814] ext4_append+0x153/0x360 [ 64.441707][ T6814] ext4_mkdir+0x5e0/0xdf0 [ 64.446019][ T6814] ? ext4_rmdir+0xde0/0xde0 [ 64.450639][ T6814] ? security_inode_permission+0xc4/0xf0 [ 64.456256][ T6814] vfs_mkdir+0x419/0x690 [ 64.460495][ T6814] do_mkdirat+0x21e/0x280 [ 64.464806][ T6814] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.469662][ T6814] ? do_syscall_64+0x1c/0xe0 [ 64.474234][ T6814] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.480197][ T6814] do_syscall_64+0x60/0xe0 [ 64.484697][ T6814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.490585][ T6814] RIP: 0033:0x4b02a0 [ 64.494537][ T6814] Code: Bad RIP value. [ 64.498586][ T6814] RSP: 002b:000000c0000db4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 64.507144][ T6814] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 64.515370][ T6814] RDX: 00000000000001c0 RSI: 000000c00009ee80 RDI: ffffffffffffff9c [ 64.525161][ T6814] RBP: 000000c0000db510 R08: 0000000000000000 R09: 0000000000000000 [ 64.533895][ T6814] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 64.543669][ T6814] R13: 0000000000000075 R14: 0000000000000074 R15: 0000000000000100 [ 64.563256][ T6823] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6823 [ 64.573783][ T6823] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.579876][ T6823] CPU: 0 PID: 6823 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.588805][ T6823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.599236][ T6823] Call Trace: [ 64.602553][ T6823] dump_stack+0x18f/0x20d [ 64.606959][ T6823] check_preemption_disabled+0x20d/0x220 [ 64.613382][ T6823] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.618593][ T6823] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.624553][ T6823] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.630429][ T6823] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.637722][ T6823] ? ext4_ext_release+0x10/0x10 [ 64.645830][ T6823] ? down_write_killable+0x170/0x170 [ 64.651767][ T6823] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.662301][ T6823] ext4_map_blocks+0x4cb/0x1640 [ 64.669939][ T6823] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.675149][ T6823] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.680674][ T6823] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.686907][ T6823] ? prandom_u32_state+0xe/0x170 [ 64.692615][ T6823] ? __brelse+0x84/0xa0 [ 64.698078][ T6823] ? __ext4_new_inode+0x144/0x55e0 [ 64.709324][ T6823] ext4_getblk+0xad/0x520 [ 64.713658][ T6823] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.720419][ T6823] ? ext4_free_inode+0x1700/0x1700 [ 64.727103][ T6823] ext4_bread+0x7c/0x380 [ 64.735801][ T6823] ? ext4_getblk+0x520/0x520 [ 64.740397][ T6823] ? dquot_get_next_dqblk+0x180/0x180 [ 64.745773][ T6823] ext4_append+0x153/0x360 [ 64.750213][ T6823] ext4_mkdir+0x5e0/0xdf0 [ 64.754621][ T6823] ? ext4_rmdir+0xde0/0xde0 [ 64.759505][ T6823] ? security_inode_permission+0xc4/0xf0 [ 64.765144][ T6823] vfs_mkdir+0x419/0x690 [ 64.769389][ T6823] do_mkdirat+0x21e/0x280 [ 64.773702][ T6823] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.778570][ T6823] ? do_syscall_64+0x1c/0xe0 [ 64.783272][ T6823] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.789256][ T6823] do_syscall_64+0x60/0xe0 [ 64.793795][ T6823] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.802206][ T6823] RIP: 0033:0x45bed7 [ 64.806104][ T6823] Code: Bad RIP value. [ 64.810405][ T6823] RSP: 002b:00007ffc49f989e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 64.818826][ T6823] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 64.828535][ T6823] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffc49f98bc0 [ 64.839297][ T6823] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003040 [ 64.848394][ T6823] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 64.856736][ T6823] R13: 00007ffc49f98bc0 R14: 8421084210842109 R15: 00007ffc49f98bcc [ 64.879667][ T1158] BUG: using smp_processor_id() in preemptible [00000000] code: khugepaged/1158 [ 64.889257][ T1158] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.895241][ T1158] CPU: 1 PID: 1158 Comm: khugepaged Not tainted 5.8.0-rc1-syzkaller #0 [ 64.903482][ T1158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.913540][ T1158] Call Trace: [ 64.916838][ T1158] dump_stack+0x18f/0x20d [ 64.921183][ T1158] check_preemption_disabled+0x20d/0x220 [ 64.926833][ T1158] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.931968][ T1158] ? ext4_find_extent+0x81a/0xad0 [ 64.937007][ T1158] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.942471][ T1158] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.948328][ T1158] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.953722][ T1158] ? ext4_ext_release+0x10/0x10 [ 64.958596][ T1158] ? down_write_killable+0x170/0x170 [ 64.963886][ T1158] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.969528][ T1158] ext4_map_blocks+0x4cb/0x1640 [ 64.974422][ T1158] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.979855][ T1158] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.985415][ T1158] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.991500][ T1158] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 64.996979][ T1158] ext4_writepages+0x1a7b/0x33c0 [ 65.001927][ T1158] ? lock_release+0x7f0/0x800 [ 65.006631][ T1158] ? __ext4_mark_inode_dirty+0x940/0x940 [ 65.012317][ T1158] ? __ext4_mark_inode_dirty+0x940/0x940 [ 65.018504][ T1158] ? do_writepages+0xfa/0x2a0 [ 65.023197][ T1158] do_writepages+0xfa/0x2a0 [ 65.027715][ T1158] ? page_writeback_cpu_online+0x10/0x10 [ 65.033362][ T1158] ? do_raw_spin_lock+0x120/0x2d0 [ 65.038410][ T1158] ? do_raw_spin_unlock+0x171/0x260 [ 65.043622][ T1158] ? _raw_spin_unlock+0x24/0x40 [ 65.048305][ T6825] IPVS: ftp: loaded support on port[0] = 21 [ 65.048478][ T1158] __filemap_fdatawrite_range+0x2aa/0x390 [ 65.060978][ T1158] ? collapse_file+0x35a2/0x4330 [ 65.065938][ T1158] ? delete_from_page_cache_batch+0xeb0/0xeb0 [ 65.074001][ T1158] ? _raw_spin_unlock_irq+0x1f/0x80 [ 65.079215][ T1158] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.087452][ T1158] collapse_file+0x35ac/0x4330 [ 65.092248][ T1158] ? collapse_huge_page+0x4350/0x4350 [ 65.097661][ T1158] ? khugepaged+0x2506/0x3fc0 [ 65.102365][ T1158] ? xas_find+0x31a/0x880 [ 65.106707][ T1158] ? check_preemption_disabled+0x38/0x220 [ 65.112545][ T1158] khugepaged+0x3041/0x3fc0 [ 65.112594][ T6825] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6825 [ 65.117065][ T1158] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 65.126497][ T6825] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.132004][ T1158] ? lock_downgrade+0x840/0x840 [ 65.132019][ T1158] ? finish_wait+0x260/0x260 [ 65.132040][ T1158] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 65.132056][ T1158] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.132078][ T1158] ? __kthread_parkme+0x13f/0x1e0 [ 65.132098][ T1158] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 65.171690][ T1158] kthread+0x3b5/0x4a0 [ 65.176197][ T1158] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 65.181916][ T1158] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 65.187641][ T1158] ret_from_fork+0x1f/0x30 [ 65.192060][ T6825] CPU: 0 PID: 6825 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.200649][ T6825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.210723][ T6825] Call Trace: [ 65.214030][ T6825] dump_stack+0x18f/0x20d [ 65.218369][ T6825] check_preemption_disabled+0x20d/0x220 [ 65.224024][ T6825] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.229127][ T6825] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.234591][ T6825] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.240359][ T6825] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.245659][ T6825] ? ext4_ext_release+0x10/0x10 [ 65.250542][ T6825] ? down_write_killable+0x170/0x170 [ 65.255840][ T6825] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.261356][ T6825] ext4_map_blocks+0x4cb/0x1640 [ 65.266229][ T6825] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.271479][ T6825] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.271734][ T1158] BUG: using smp_processor_id() in preemptible [00000000] code: khugepaged/1158 [ 65.277029][ T6825] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.277044][ T6825] ? prandom_u32_state+0xe/0x170 [ 65.277062][ T6825] ? __brelse+0x84/0xa0 [ 65.277079][ T6825] ? __ext4_new_inode+0x144/0x55e0 [ 65.277099][ T6825] ext4_getblk+0xad/0x520 [ 65.277119][ T6825] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.277142][ T6825] ? ext4_free_inode+0x1700/0x1700 [ 65.277163][ T6825] ext4_bread+0x7c/0x380 [ 65.277179][ T6825] ? ext4_getblk+0x520/0x520 [ 65.277196][ T6825] ? dquot_get_next_dqblk+0x180/0x180 [ 65.277223][ T6825] ext4_append+0x153/0x360 [ 65.288533][ T1158] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.294464][ T6825] ext4_mkdir+0x5e0/0xdf0 [ 65.294494][ T6825] ? ext4_rmdir+0xde0/0xde0 [ 65.359059][ T6825] ? security_inode_permission+0xc4/0xf0 [ 65.364687][ T6825] vfs_mkdir+0x419/0x690 [ 65.368937][ T6825] do_mkdirat+0x21e/0x280 [ 65.373261][ T6825] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.378100][ T6825] ? do_syscall_64+0x1c/0xe0 [ 65.382675][ T6825] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.388643][ T6825] do_syscall_64+0x60/0xe0 [ 65.393054][ T6825] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.398975][ T6825] RIP: 0033:0x45bed7 [ 65.402867][ T6825] Code: Bad RIP value. [ 65.407011][ T6825] RSP: 002b:0000000000c9ffa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 65.418639][ T6825] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 65.426598][ T6825] RDX: 0000000000000006 RSI: 00000000000001ff RDI: 00000000004c26c2 [ 65.434658][ T6825] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000006 [ 65.442649][ T6825] R10: 0000000000000064 R11: 0000000000000246 R12: 00000000004185c0 [ 65.450606][ T6825] R13: 00007ffc49f98d48 R14: 0000000000000000 R15: 0000000000000000 [ 65.458583][ T1158] CPU: 1 PID: 1158 Comm: khugepaged Not tainted 5.8.0-rc1-syzkaller #0 [ 65.467013][ T1158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.477161][ T1158] Call Trace: [ 65.480666][ T1158] dump_stack+0x18f/0x20d [ 65.485021][ T1158] check_preemption_disabled+0x20d/0x220 [ 65.490680][ T1158] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.495847][ T1158] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.501323][ T1158] ? ext4_ext_next_allocated_block+0x221/0x2d0 [ 65.507481][ T1158] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.512776][ T1158] ? ext4_ext_release+0x10/0x10 [ 65.517628][ T1158] ? down_write_killable+0x170/0x170 [ 65.522897][ T1158] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.528353][ T1158] ext4_map_blocks+0x4cb/0x1640 [ 65.533211][ T1158] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.538413][ T1158] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.543944][ T1158] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.549923][ T1158] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 65.555415][ T1158] ext4_writepages+0x1a7b/0x33c0 [ 65.560358][ T1158] ? lock_release+0x7f0/0x800 [ 65.565048][ T1158] ? __ext4_mark_inode_dirty+0x940/0x940 [ 65.570687][ T1158] ? __ext4_mark_inode_dirty+0x940/0x940 [ 65.576306][ T1158] ? do_writepages+0xfa/0x2a0 [ 65.580978][ T1158] do_writepages+0xfa/0x2a0 [ 65.585468][ T1158] ? page_writeback_cpu_online+0x10/0x10 [ 65.591080][ T1158] ? do_raw_spin_lock+0x120/0x2d0 [ 65.596106][ T1158] ? do_raw_spin_unlock+0x171/0x260 [ 65.601300][ T1158] ? _raw_spin_unlock+0x24/0x40 [ 65.606137][ T1158] __filemap_fdatawrite_range+0x2aa/0x390 [ 65.611844][ T1158] ? collapse_file+0x35a2/0x4330 [ 65.616761][ T1158] ? delete_from_page_cache_batch+0xeb0/0xeb0 [ 65.622985][ T1158] ? _raw_spin_unlock_irq+0x1f/0x80 [ 65.628158][ T1158] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.634119][ T1158] collapse_file+0x35ac/0x4330 [ 65.638872][ T1158] ? collapse_huge_page+0x4350/0x4350 [ 65.644224][ T1158] ? khugepaged+0x2506/0x3fc0 [ 65.648896][ T1158] ? xas_find+0x31a/0x880 [ 65.653204][ T1158] ? check_preemption_disabled+0x38/0x220 [ 65.658900][ T1158] khugepaged+0x3041/0x3fc0 [ 65.663412][ T1158] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 65.669021][ T1158] ? lock_downgrade+0x840/0x840 [ 65.673848][ T1158] ? finish_wait+0x260/0x260 [ 65.678436][ T1158] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 65.684217][ T1158] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.690174][ T1158] ? __kthread_parkme+0x13f/0x1e0 [ 65.695182][ T1158] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 65.700799][ T1158] kthread+0x3b5/0x4a0 [ 65.704864][ T1158] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 65.710558][ T1158] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 65.716268][ T1158] ret_from_fork+0x1f/0x30 2020/06/15 19:31:53 building call list... [ 65.987339][ T1158] BUG: using smp_processor_id() in preemptible [00000000] code: khugepaged/1158 [ 65.996576][ T1158] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.002574][ T1158] CPU: 1 PID: 1158 Comm: khugepaged Not tainted 5.8.0-rc1-syzkaller #0 [ 66.010834][ T1158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.020884][ T1158] Call Trace: [ 66.024186][ T1158] dump_stack+0x18f/0x20d [ 66.028533][ T1158] check_preemption_disabled+0x20d/0x220 [ 66.034177][ T1158] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.039305][ T1158] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.044766][ T1158] ? ext4_ext_next_allocated_block+0x221/0x2d0 [ 66.050930][ T1158] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.056233][ T1158] ? ext4_ext_release+0x10/0x10 [ 66.061109][ T1158] ? down_write_killable+0x170/0x170 [ 66.066401][ T1158] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.071872][ T1158] ext4_map_blocks+0x4cb/0x1640 [ 66.076723][ T1158] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.081910][ T1158] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.087515][ T1158] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.093611][ T1158] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 66.099106][ T1158] ext4_writepages+0x1a7b/0x33c0 [ 66.104041][ T1158] ? lock_release+0x7f0/0x800 [ 66.108726][ T1158] ? __ext4_mark_inode_dirty+0x940/0x940 [ 66.114385][ T1158] ? __ext4_mark_inode_dirty+0x940/0x940 [ 66.120017][ T1158] ? do_writepages+0xfa/0x2a0 [ 66.124695][ T1158] do_writepages+0xfa/0x2a0 [ 66.129209][ T1158] ? page_writeback_cpu_online+0x10/0x10 [ 66.134847][ T1158] ? do_raw_spin_lock+0x120/0x2d0 [ 66.139872][ T1158] ? do_raw_spin_unlock+0x171/0x260 [ 66.145072][ T1158] ? _raw_spin_unlock+0x24/0x40 [ 66.149925][ T1158] __filemap_fdatawrite_range+0x2aa/0x390 [ 66.155641][ T1158] ? collapse_file+0x35a2/0x4330 [ 66.160575][ T1158] ? delete_from_page_cache_batch+0xeb0/0xeb0 [ 66.166657][ T1158] ? _raw_spin_unlock_irq+0x1f/0x80 [ 66.171859][ T1158] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.177865][ T1158] collapse_file+0x35ac/0x4330 [ 66.182667][ T1158] ? collapse_huge_page+0x4350/0x4350 [ 66.188055][ T1158] ? khugepaged+0x2506/0x3fc0 [ 66.192746][ T1158] ? xas_find+0x31a/0x880 [ 66.197085][ T1158] ? check_preemption_disabled+0x38/0x220 [ 66.203220][ T1158] khugepaged+0x3041/0x3fc0 [ 66.207771][ T1158] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 66.213415][ T1158] ? lock_downgrade+0x840/0x840 [ 66.218275][ T1158] ? finish_wait+0x260/0x260 [ 66.222869][ T1158] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 66.228683][ T1158] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.234708][ T1158] ? __kthread_parkme+0x13f/0x1e0 [ 66.239996][ T1158] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 66.245642][ T1158] kthread+0x3b5/0x4a0 [ 66.249723][ T1158] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.255443][ T1158] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.261167][ T1158] ret_from_fork+0x1f/0x30 [ 66.270942][ T203] tipc: TX() has been purged, node left! [ 66.783180][ T203] ================================================================== [ 66.791427][ T203] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 66.799329][ T203] Write of size 1 at addr ffff88809a1bd9e4 by task kworker/u4:5/203 [ 66.807433][ T203] [ 66.809772][ T203] CPU: 1 PID: 203 Comm: kworker/u4:5 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.818088][ T203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.828147][ T203] Workqueue: netns cleanup_net [ 66.832902][ T203] Call Trace: [ 66.836191][ T203] dump_stack+0x18f/0x20d [ 66.840522][ T203] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.846062][ T203] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.851609][ T203] ? afs_put_call+0xa40/0xa40 [ 66.856283][ T203] print_address_description.constprop.0.cold+0xd3/0x413 [ 66.863310][ T203] ? vprintk_func+0x97/0x1a6 [ 66.867902][ T203] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.873470][ T203] kasan_report.cold+0x1f/0x37 [ 66.878238][ T203] ? rcu_read_lock_held_common+0x51/0xa0 [ 66.883864][ T203] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.889411][ T203] afs_wake_up_async_call+0x6aa/0x770 [ 66.894787][ T203] ? afs_close_socket+0x320/0x320 [ 66.899809][ T203] ? afs_put_call+0xa40/0xa40 [ 66.904496][ T203] rxrpc_notify_socket+0x1db/0x5d0 [ 66.909614][ T203] ? afs_put_call+0xa40/0xa40 [ 66.914286][ T203] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 66.920701][ T203] rxrpc_call_completed+0xca/0xf0 [ 66.925730][ T203] rxrpc_discard_prealloc+0x781/0xab0 [ 66.931149][ T203] ? lock_sock_nested+0x94/0x110 [ 66.936107][ T203] rxrpc_listen+0x147/0x360 [ 66.940610][ T203] afs_close_socket+0x95/0x320 [ 66.945395][ T203] ? afs_purge_servers+0x16d/0x300 [ 66.950519][ T203] ? afs_rx_discard_new_call+0x50/0x50 [ 66.955981][ T203] ? init_wait_var_entry+0x200/0x200 [ 66.961267][ T203] ? rcu_read_lock_held_common+0xa0/0xa0 [ 66.966899][ T203] ? check_preemption_disabled+0x38/0x220 [ 66.972632][ T203] afs_net_exit+0x1bc/0x310 [ 66.977128][ T203] ? afs_net_init+0xe30/0xe30 [ 66.981799][ T203] ops_exit_list.isra.0+0xa8/0x150 [ 66.986909][ T203] cleanup_net+0x511/0xa50 [ 66.991327][ T203] ? unregister_pernet_device+0x70/0x70 [ 66.996894][ T203] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.002878][ T203] process_one_work+0x965/0x1690 [ 67.007830][ T203] ? lock_release+0x800/0x800 [ 67.012505][ T203] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.017879][ T203] ? rwlock_bug.part.0+0x90/0x90 [ 67.022827][ T203] worker_thread+0x96/0xe10 [ 67.027341][ T203] ? process_one_work+0x1690/0x1690 [ 67.032537][ T203] kthread+0x3b5/0x4a0 [ 67.036616][ T203] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.042329][ T203] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.048049][ T203] ret_from_fork+0x1f/0x30 [ 67.052478][ T203] [ 67.054803][ T203] Allocated by task 6825: [ 67.059127][ T203] save_stack+0x1b/0x40 [ 67.063279][ T203] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 67.068935][ T203] kmem_cache_alloc_trace+0x153/0x7d0 [ 67.074300][ T203] afs_alloc_call+0x55/0x630 [ 67.078884][ T203] afs_charge_preallocation+0xe9/0x2d0 [ 67.084334][ T203] afs_open_socket+0x292/0x360 [ 67.089090][ T203] afs_net_init+0xa6c/0xe30 [ 67.093588][ T203] ops_init+0xaf/0x420 [ 67.097653][ T203] setup_net+0x2de/0x860 [ 67.101901][ T203] copy_net_ns+0x293/0x590 [ 67.106320][ T203] create_new_namespaces+0x3fb/0xb30 [ 67.111600][ T203] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 67.117232][ T203] ksys_unshare+0x43d/0x8e0 [ 67.121733][ T203] __x64_sys_unshare+0x2d/0x40 [ 67.126489][ T203] do_syscall_64+0x60/0xe0 executing program [ 67.130904][ T203] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.136778][ T203] [ 67.139098][ T203] Freed by task 203: [ 67.142995][ T203] save_stack+0x1b/0x40 [ 67.147147][ T203] __kasan_slab_free+0xf7/0x140 [ 67.151990][ T203] kfree+0x109/0x2b0 [ 67.155881][ T203] afs_put_call+0x585/0xa40 [ 67.160383][ T203] rxrpc_discard_prealloc+0x764/0xab0 [ 67.165752][ T203] rxrpc_listen+0x147/0x360 [ 67.170248][ T203] afs_close_socket+0x95/0x320 [ 67.175006][ T203] afs_net_exit+0x1bc/0x310 [ 67.179505][ T203] ops_exit_list.isra.0+0xa8/0x150 [ 67.184611][ T203] cleanup_net+0x511/0xa50 [ 67.189024][ T203] process_one_work+0x965/0x1690 [ 67.193954][ T203] worker_thread+0x96/0xe10 [ 67.198450][ T203] kthread+0x3b5/0x4a0 [ 67.202514][ T203] ret_from_fork+0x1f/0x30 [ 67.206915][ T203] [ 67.209242][ T203] The buggy address belongs to the object at ffff88809a1bd800 [ 67.209242][ T203] which belongs to the cache kmalloc-1k of size 1024 [ 67.223298][ T203] The buggy address is located 484 bytes inside of [ 67.223298][ T203] 1024-byte region [ffff88809a1bd800, ffff88809a1bdc00) [ 67.236662][ T203] The buggy address belongs to the page: [ 67.242308][ T203] page:ffffea0002686f40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 67.251436][ T203] flags: 0xfffe0000000200(slab) [ 67.256324][ T203] raw: 00fffe0000000200 ffffea0002798208 ffffea0002a259c8 ffff8880aa000c40 [ 67.264938][ T203] raw: 0000000000000000 ffff88809a1bd000 0000000100000002 0000000000000000 [ 67.273521][ T203] page dumped because: kasan: bad access detected [ 67.279930][ T203] [ 67.282251][ T203] Memory state around the buggy address: [ 67.287883][ T203] ffff88809a1bd880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.296123][ T203] ffff88809a1bd900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.304183][ T203] >ffff88809a1bd980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.312235][ T203] ^ [ 67.319430][ T203] ffff88809a1bda00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.327488][ T203] ffff88809a1bda80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.335552][ T203] ================================================================== [ 67.343639][ T203] Disabling lock debugging due to kernel taint [ 67.349834][ T203] Kernel panic - not syncing: panic_on_warn set ... [ 67.356426][ T203] CPU: 1 PID: 203 Comm: kworker/u4:5 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 67.366132][ T203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.376366][ T203] Workqueue: netns cleanup_net [ 67.381120][ T203] Call Trace: [ 67.384407][ T203] dump_stack+0x18f/0x20d [ 67.388729][ T203] ? afs_wake_up_async_call+0x670/0x770 [ 67.394259][ T203] ? afs_put_call+0xa40/0xa40 [ 67.398925][ T203] panic+0x2e3/0x75c [ 67.402810][ T203] ? __warn_printk+0xf3/0xf3 [ 67.407393][ T203] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 67.413539][ T203] ? trace_hardirqs_on+0x55/0x220 [ 67.418561][ T203] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.424094][ T203] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.429626][ T203] ? afs_put_call+0xa40/0xa40 [ 67.434300][ T203] end_report+0x4d/0x53 [ 67.438466][ T203] kasan_report.cold+0xd/0x37 [ 67.443136][ T203] ? rcu_read_lock_held_common+0x51/0xa0 [ 67.448763][ T203] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.454315][ T203] afs_wake_up_async_call+0x6aa/0x770 [ 67.459676][ T203] ? afs_close_socket+0x320/0x320 [ 67.464689][ T203] ? afs_put_call+0xa40/0xa40 [ 67.469357][ T203] rxrpc_notify_socket+0x1db/0x5d0 [ 67.474482][ T203] ? afs_put_call+0xa40/0xa40 [ 67.479237][ T203] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.485644][ T203] rxrpc_call_completed+0xca/0xf0 [ 67.490665][ T203] rxrpc_discard_prealloc+0x781/0xab0 [ 67.496032][ T203] ? lock_sock_nested+0x94/0x110 [ 67.500959][ T203] rxrpc_listen+0x147/0x360 [ 67.505451][ T203] afs_close_socket+0x95/0x320 [ 67.510207][ T203] ? afs_purge_servers+0x16d/0x300 [ 67.515310][ T203] ? afs_rx_discard_new_call+0x50/0x50 [ 67.520762][ T203] ? init_wait_var_entry+0x200/0x200 [ 67.526038][ T203] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.531663][ T203] ? check_preemption_disabled+0x38/0x220 [ 67.537457][ T203] afs_net_exit+0x1bc/0x310 [ 67.541947][ T203] ? afs_net_init+0xe30/0xe30 [ 67.546611][ T203] ops_exit_list.isra.0+0xa8/0x150 [ 67.551727][ T203] cleanup_net+0x511/0xa50 [ 67.556151][ T203] ? unregister_pernet_device+0x70/0x70 [ 67.561700][ T203] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.567680][ T203] process_one_work+0x965/0x1690 [ 67.572644][ T203] ? lock_release+0x800/0x800 [ 67.577408][ T203] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.582775][ T203] ? rwlock_bug.part.0+0x90/0x90 [ 67.587706][ T203] worker_thread+0x96/0xe10 [ 67.592205][ T203] ? process_one_work+0x1690/0x1690 [ 67.597393][ T203] kthread+0x3b5/0x4a0 [ 67.601455][ T203] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.607165][ T203] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.612875][ T203] ret_from_fork+0x1f/0x30 [ 67.618817][ T203] Kernel Offset: disabled [ 67.623152][ T203] Rebooting in 86400 seconds..