[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ 53.548236][ T6732] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6732 [ 53.557820][ T6732] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 53.563784][ T6732] CPU: 0 PID: 6732 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 53.572027][ T6732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.582066][ T6732] Call Trace: [ 53.585351][ T6732] dump_stack+0x188/0x20d [ 53.589781][ T6732] debug_smp_processor_id.cold+0x88/0x9b [ 53.595418][ T6732] ext4_mb_new_blocks+0xa77/0x3b30 [ 53.600529][ T6732] ? ext4_ext_search_right+0x2ca/0xb20 [ 53.606076][ T6732] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 53.611845][ T6732] ext4_ext_map_blocks+0x2044/0x3410 [ 53.617140][ T6732] ? ext4_ext_release+0x10/0x10 [ 53.621993][ T6732] ? __down_timeout+0x2d0/0x2d0 [ 53.626843][ T6732] ? ext4_es_lookup_extent+0x41d/0xd30 [ 53.632285][ T6732] ext4_map_blocks+0x4cb/0x1640 [ 53.637124][ T6732] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 53.642303][ T6732] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 53.647830][ T6732] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 53.653795][ T6732] ? prandom_u32_state+0xe/0x170 [ 53.658709][ T6732] ? __brelse+0x84/0xa0 [ 53.662853][ T6732] ? __ext4_new_inode+0x144/0x57c0 [ 53.667952][ T6732] ext4_getblk+0xad/0x520 [ 53.672260][ T6732] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 53.677961][ T6732] ? ext4_free_inode+0x17e0/0x17e0 [ 53.683049][ T6732] ext4_bread+0x7c/0x380 [ 53.687275][ T6732] ? ext4_getblk+0x520/0x520 [ 53.691861][ T6732] ? dqget+0xff0/0xff0 [ 53.695923][ T6732] ext4_append+0x153/0x360 [ 53.700317][ T6732] ext4_mkdir+0x5e0/0xdf0 [ 53.704634][ T6732] ? ext4_rmdir+0xde0/0xde0 [ 53.709118][ T6732] ? security_inode_permission+0xc4/0xf0 [ 53.714748][ T6732] vfs_mkdir+0x419/0x690 [ 53.719059][ T6732] do_mkdirat+0x21e/0x280 [ 53.723379][ T6732] ? __ia32_sys_mknod+0xb0/0xb0 [ 53.728217][ T6732] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 53.734302][ T6732] ? do_syscall_64+0x21/0x7d0 [ 53.739274][ T6732] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 53.746897][ T6732] do_syscall_64+0xf6/0x7d0 [ 53.751392][ T6732] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 53.757280][ T6732] RIP: 0033:0x7f71f8a3c687 [ 53.761691][ T6732] Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48 [ 53.781557][ T6732] RSP: 002b:00007ffe5a9a58e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 53.789979][ T6732] RAX: ffffffffffffffda RBX: 0000563cffa05985 RCX: 00007f71f8a3c687 [ 53.797950][ T6732] RDX: 00007ffe5a9a57b0 RSI: 00000000000001ed RDI: 0000563cffa05985 [ 53.805920][ T6732] RBP: 00007f71f8a3c680 R08: 0000000000000100 R09: 0000000000000000 [ 53.813870][ T6732] R10: 0000563cffa05980 R11: 0000000000000246 R12: 00000000000001ed [ 53.821829][ T6732] R13: 00007ffe5a9a5a70 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 57.142273][ T21] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:1/21 [ 57.151309][ T21] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 57.157329][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.7.0-syzkaller #0 [ 57.165228][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.175285][ T21] Workqueue: writeback wb_workfn (flush-8:0) [ 57.181244][ T21] Call Trace: [ 57.184543][ T21] dump_stack+0x188/0x20d [ 57.188894][ T21] debug_smp_processor_id.cold+0x88/0x9b [ 57.194525][ T21] ext4_mb_new_blocks+0xa77/0x3b30 [ 57.199615][ T21] ? __kmalloc+0x62f/0x7a0 [ 57.204034][ T21] ? ext4_ext_search_right+0x2ca/0xb20 [ 57.209498][ T21] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 57.215212][ T21] ext4_ext_map_blocks+0x2044/0x3410 [ 57.220530][ T21] ? ext4_ext_release+0x10/0x10 [ 57.225466][ T21] ? __down_timeout+0x2d0/0x2d0 [ 57.230295][ T21] ? ext4_es_lookup_extent+0x41d/0xd30 [ 57.235746][ T21] ? debug_smp_processor_id+0x2f/0x185 [ 57.241185][ T21] ext4_map_blocks+0x4cb/0x1640 [ 57.246029][ T21] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 57.251217][ T21] ? debug_smp_processor_id+0x2f/0x185 [ 57.256789][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.262344][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.268305][ T21] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 57.273777][ T21] ext4_writepages+0x1ab7/0x3400 [ 57.278710][ T21] ? __ext4_mark_inode_dirty+0x950/0x950 [ 57.284339][ T21] ? __lock_acquire+0x2224/0x48a0 [ 57.289368][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.295339][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.304706][ T21] ? __ext4_mark_inode_dirty+0x950/0x950 [ 57.310319][ T21] ? do_writepages+0xfa/0x2a0 [ 57.315000][ T21] do_writepages+0xfa/0x2a0 [ 57.319497][ T21] ? page_writeback_cpu_online+0x10/0x10 [ 57.325114][ T21] ? debug_smp_processor_id+0x2f/0x185 [ 57.330557][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.336086][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.342049][ T21] ? lock_downgrade+0x840/0x840 [ 57.346901][ T21] __writeback_single_inode+0x12a/0x1410 [ 57.352516][ T21] ? _raw_spin_unlock+0x24/0x40 [ 57.357345][ T21] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 57.363305][ T21] writeback_sb_inodes+0x515/0xdd0 [ 57.368445][ T21] ? __writeback_single_inode+0x1410/0x1410 [ 57.374765][ T21] __writeback_inodes_wb+0xc3/0x250 [ 57.379962][ T21] wb_writeback+0x910/0xd90 [ 57.384448][ T21] ? print_usage_bug+0x240/0x240 [ 57.389388][ T21] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 57.395729][ T21] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 57.401605][ T21] ? cpumask_next+0x3c/0x40 [ 57.406092][ T21] ? get_nr_dirty_inodes+0xd6/0x130 [ 57.411465][ T21] wb_workfn+0xadf/0x10d0 [ 57.415782][ T21] ? inode_wait_for_writeback+0x30/0x30 [ 57.422174][ T21] ? debug_smp_processor_id+0x2f/0x185 [ 57.427877][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.433534][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.439727][ T21] process_one_work+0x965/0x16a0 [ 57.444683][ T21] ? lock_release+0x800/0x800 [ 57.449348][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.454702][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 57.459624][ T21] worker_thread+0x96/0xe10 [ 57.464111][ T21] ? process_one_work+0x16a0/0x16a0 [ 57.469315][ T21] kthread+0x388/0x470 [ 57.473362][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.479056][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.484752][ T21] ret_from_fork+0x24/0x30 Warning: Permanently added '10.128.0.24' (ECDSA) to the list of known hosts. 2020/06/10 23:52:05 fuzzer started 2020/06/10 23:52:06 connecting to host at 10.128.0.26:35489 2020/06/10 23:52:06 checking machine... 2020/06/10 23:52:06 checking revisions... 2020/06/10 23:52:06 testing simple program... [ 59.115361][ T6800] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6800 [ 59.124561][ T6800] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 59.130439][ T6800] CPU: 1 PID: 6800 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 59.138360][ T6800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.148442][ T6800] Call Trace: [ 59.151738][ T6800] dump_stack+0x188/0x20d [ 59.156075][ T6800] debug_smp_processor_id.cold+0x88/0x9b [ 59.161707][ T6800] ext4_mb_new_blocks+0xa77/0x3b30 [ 59.166803][ T6800] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.172256][ T6800] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.177959][ T6800] ext4_ext_map_blocks+0x2044/0x3410 [ 59.183244][ T6800] ? ext4_ext_release+0x10/0x10 [ 59.188085][ T6800] ? __down_timeout+0x2d0/0x2d0 [ 59.192933][ T6800] ? ext4_es_lookup_extent+0x41d/0xd30 [ 59.198372][ T6800] ext4_map_blocks+0x4cb/0x1640 [ 59.203233][ T6800] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.208409][ T6800] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.214019][ T6800] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.219991][ T6800] ? prandom_u32_state+0xe/0x170 [ 59.224906][ T6800] ? __brelse+0x84/0xa0 [ 59.229038][ T6800] ? __ext4_new_inode+0x144/0x57c0 [ 59.234131][ T6800] ext4_getblk+0xad/0x520 [ 59.238440][ T6800] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.244138][ T6800] ? ext4_free_inode+0x17e0/0x17e0 [ 59.249228][ T6800] ext4_bread+0x7c/0x380 [ 59.253457][ T6800] ? ext4_getblk+0x520/0x520 [ 59.258024][ T6800] ? dqget+0xff0/0xff0 [ 59.262095][ T6800] ext4_append+0x153/0x360 [ 59.266490][ T6800] ext4_mkdir+0x5e0/0xdf0 [ 59.270800][ T6800] ? ext4_rmdir+0xde0/0xde0 [ 59.275285][ T6800] ? security_inode_permission+0xc4/0xf0 [ 59.280906][ T6800] vfs_mkdir+0x419/0x690 [ 59.285150][ T6800] do_mkdirat+0x21e/0x280 [ 59.289629][ T6800] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.294560][ T6800] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.300563][ T6800] ? do_syscall_64+0x21/0x7d0 [ 59.305244][ T6800] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.311214][ T6800] do_syscall_64+0xf6/0x7d0 [ 59.315718][ T6800] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.321682][ T6800] RIP: 0033:0x4b02a0 [ 59.325573][ T6800] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 59.346822][ T6800] RSP: 002b:000000c0003c54b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 59.355216][ T6800] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 59.363231][ T6800] RDX: 00000000000001c0 RSI: 000000c00031e940 RDI: ffffffffffffff9c [ 59.371202][ T6800] RBP: 000000c0003c5510 R08: 0000000000000000 R09: 0000000000000000 [ 59.379182][ T6800] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 59.387282][ T6800] R13: 000000000000004b R14: 000000000000004a R15: 0000000000000100 [ 59.414231][ T6815] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6815 [ 59.423684][ T6815] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 59.429606][ T6815] CPU: 1 PID: 6815 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 59.437839][ T6815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.447996][ T6815] Call Trace: [ 59.451298][ T6815] dump_stack+0x188/0x20d [ 59.455612][ T6815] debug_smp_processor_id.cold+0x88/0x9b [ 59.461231][ T6815] ext4_mb_new_blocks+0xa77/0x3b30 [ 59.466334][ T6815] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.472144][ T6815] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.477848][ T6815] ext4_ext_map_blocks+0x2044/0x3410 [ 59.483139][ T6815] ? ext4_ext_release+0x10/0x10 [ 59.487982][ T6815] ? __down_timeout+0x2d0/0x2d0 [ 59.492905][ T6815] ? ext4_es_lookup_extent+0x41d/0xd30 [ 59.498346][ T6815] ext4_map_blocks+0x4cb/0x1640 [ 59.503377][ T6815] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.508589][ T6815] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.514128][ T6815] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.520118][ T6815] ? prandom_u32_state+0xe/0x170 [ 59.525055][ T6815] ? __brelse+0x84/0xa0 [ 59.529220][ T6815] ? __ext4_new_inode+0x144/0x57c0 [ 59.534333][ T6815] ext4_getblk+0xad/0x520 [ 59.538659][ T6815] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.544376][ T6815] ? ext4_free_inode+0x17e0/0x17e0 [ 59.549466][ T6815] ext4_bread+0x7c/0x380 [ 59.553696][ T6815] ? ext4_getblk+0x520/0x520 [ 59.558266][ T6815] ? dqget+0xff0/0xff0 [ 59.562335][ T6815] ext4_append+0x153/0x360 [ 59.566749][ T6815] ext4_mkdir+0x5e0/0xdf0 [ 59.571070][ T6815] ? ext4_rmdir+0xde0/0xde0 [ 59.575577][ T6815] ? security_inode_permission+0xc4/0xf0 [ 59.581211][ T6815] vfs_mkdir+0x419/0x690 [ 59.585523][ T6815] do_mkdirat+0x21e/0x280 [ 59.589851][ T6815] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.594685][ T6815] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.600664][ T6815] ? do_syscall_64+0x21/0x7d0 [ 59.605323][ T6815] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.611298][ T6815] do_syscall_64+0xf6/0x7d0 [ 59.615871][ T6815] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.621741][ T6815] RIP: 0033:0x45bee7 [ 59.625615][ T6815] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.645207][ T6815] RSP: 002b:00007ffed55da808 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.653605][ T6815] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 59.661576][ T6815] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffed55da9e0 [ 59.669557][ T6815] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003480 [ 59.678146][ T6815] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 59.686119][ T6815] R13: 00007ffed55da9e0 R14: 8421084210842109 R15: 00007ffed55da9ec [ 59.768248][ T6816] IPVS: ftp: loaded support on port[0] = 21 [ 59.805080][ T6816] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6816 [ 59.814952][ T6816] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 59.820990][ T6816] CPU: 0 PID: 6816 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 59.829226][ T6816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.839274][ T6816] Call Trace: [ 59.842551][ T6816] dump_stack+0x188/0x20d [ 59.846861][ T6816] debug_smp_processor_id.cold+0x88/0x9b [ 59.852472][ T6816] ext4_mb_new_blocks+0xa77/0x3b30 [ 59.857589][ T6816] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.863029][ T6816] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.868765][ T6816] ext4_ext_map_blocks+0x2044/0x3410 [ 59.875115][ T6816] ? ext4_ext_release+0x10/0x10 [ 59.879960][ T6816] ? __down_timeout+0x2d0/0x2d0 [ 59.884897][ T6816] ? ext4_es_lookup_extent+0x41d/0xd30 [ 59.890355][ T6816] ext4_map_blocks+0x4cb/0x1640 [ 59.895211][ T6816] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.900388][ T6816] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.905933][ T6816] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.911891][ T6816] ? prandom_u32_state+0xe/0x170 [ 59.916825][ T6816] ? __brelse+0x84/0xa0 [ 59.920978][ T6816] ? __ext4_new_inode+0x144/0x57c0 [ 59.926073][ T6816] ext4_getblk+0xad/0x520 [ 59.930385][ T6816] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.936104][ T6816] ? ext4_free_inode+0x17e0/0x17e0 [ 59.941200][ T6816] ext4_bread+0x7c/0x380 [ 59.945422][ T6816] ? ext4_getblk+0x520/0x520 [ 59.949990][ T6816] ? dqget+0xff0/0xff0 [ 59.954043][ T6816] ext4_append+0x153/0x360 [ 59.958439][ T6816] ext4_mkdir+0x5e0/0xdf0 [ 59.962750][ T6816] ? ext4_rmdir+0xde0/0xde0 [ 59.967254][ T6816] ? security_inode_permission+0xc4/0xf0 [ 59.972890][ T6816] vfs_mkdir+0x419/0x690 [ 59.977114][ T6816] do_mkdirat+0x21e/0x280 [ 59.981443][ T6816] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.986307][ T6816] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.992265][ T6816] ? do_syscall_64+0x21/0x7d0 [ 59.996918][ T6816] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.002879][ T6816] do_syscall_64+0xf6/0x7d0 [ 60.007369][ T6816] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.013253][ T6816] RIP: 0033:0x45bee7 [ 60.017136][ T6816] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.036980][ T6816] RSP: 002b:00007ffed55da6f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 60.045387][ T6816] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 60.053338][ T6816] RDX: 00007ffed55da743 RSI: 00000000000001ff RDI: 00007ffed55da740 [ 60.061307][ T6816] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 60.069257][ T6816] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 60.077402][ T6816] R13: 00007ffed55da730 R14: 0000000000000000 R15: 00007ffed55da740 [ 60.126652][ T6816] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6816 [ 60.136344][ T6816] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 60.142337][ T6816] CPU: 0 PID: 6816 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.150572][ T6816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.160711][ T6816] Call Trace: [ 60.164023][ T6816] dump_stack+0x188/0x20d [ 60.168360][ T6816] debug_smp_processor_id.cold+0x88/0x9b [ 60.173998][ T6816] ext4_mb_new_blocks+0xa77/0x3b30 [ 60.179216][ T6816] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.184688][ T6816] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.190422][ T6816] ext4_ext_map_blocks+0x2044/0x3410 [ 60.195721][ T6816] ? ext4_ext_release+0x10/0x10 [ 60.200625][ T6816] ? __down_timeout+0x2d0/0x2d0 [ 60.205493][ T6816] ? ext4_es_lookup_extent+0x41d/0xd30 [ 60.211000][ T6816] ext4_map_blocks+0x4cb/0x1640 [ 60.215892][ T6816] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.221097][ T6816] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.226663][ T6816] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.232642][ T6816] ? prandom_u32_state+0xe/0x170 [ 60.237559][ T6816] ? __brelse+0x84/0xa0 [ 60.241697][ T6816] ? __ext4_new_inode+0x144/0x57c0 [ 60.246806][ T6816] ext4_getblk+0xad/0x520 [ 60.251118][ T6816] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.256833][ T6816] ? ext4_free_inode+0x17e0/0x17e0 [ 60.261924][ T6816] ext4_bread+0x7c/0x380 [ 60.266145][ T6816] ? ext4_getblk+0x520/0x520 [ 60.270711][ T6816] ? dqget+0xff0/0xff0 [ 60.274769][ T6816] ext4_append+0x153/0x360 [ 60.279177][ T6816] ext4_mkdir+0x5e0/0xdf0 [ 60.283495][ T6816] ? ext4_rmdir+0xde0/0xde0 [ 60.287989][ T6816] ? security_inode_permission+0xc4/0xf0 [ 60.294281][ T6816] vfs_mkdir+0x419/0x690 [ 60.298538][ T6816] do_mkdirat+0x21e/0x280 [ 60.302872][ T6816] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.307709][ T6816] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.313686][ T6816] ? do_syscall_64+0x21/0x7d0 [ 60.318357][ T6816] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.324316][ T6816] do_syscall_64+0xf6/0x7d0 [ 60.328804][ T6816] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.334673][ T6816] RIP: 0033:0x45bee7 [ 60.338739][ T6816] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.358325][ T6816] RSP: 002b:00007ffed55da6f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 60.366736][ T6816] RAX: ffffffffffffffda RBX: 000000000000ead1 RCX: 000000000045bee7 2020/06/10 23:52:07 building call list... [ 60.374700][ T6816] RDX: 00007ffed55da743 RSI: 00000000000001ff RDI: 00007ffed55da740 [ 60.382662][ T6816] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 60.390615][ T6816] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 60.398661][ T6816] R13: 00007ffed55da730 R14: 000000000000eacd R15: 00007ffed55da740 [ 60.680949][ T503] tipc: TX() has been purged, node left! [ 61.183150][ T503] ================================================================== [ 61.191370][ T503] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x7a7/0x880 [ 61.199252][ T503] Write of size 1 at addr ffff888093cda1e4 by task kworker/u4:4/503 [ 61.207211][ T503] [ 61.209545][ T503] CPU: 1 PID: 503 Comm: kworker/u4:4 Not tainted 5.7.0-syzkaller #0 [ 61.217551][ T503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.227626][ T503] Workqueue: netns cleanup_net [ 61.232377][ T503] Call Trace: [ 61.235691][ T503] dump_stack+0x188/0x20d [ 61.240032][ T503] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.245575][ T503] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.251113][ T503] ? afs_put_call+0xa70/0xa70 [ 61.255785][ T503] print_address_description.constprop.0.cold+0xd3/0x413 [ 61.262808][ T503] ? vprintk_func+0x97/0x1a6 [ 61.267484][ T503] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.273107][ T503] kasan_report.cold+0x1f/0x37 [ 61.277869][ T503] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.283416][ T503] afs_wake_up_async_call+0x7a7/0x880 [ 61.288868][ T503] ? do_raw_spin_lock+0x129/0x2e0 [ 61.293888][ T503] ? afs_close_socket+0x320/0x320 [ 61.298905][ T503] ? rwlock_bug.part.0+0x90/0x90 [ 61.303839][ T503] ? rcu_read_lock_held+0x9c/0xb0 [ 61.308881][ T503] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.314513][ T503] ? afs_close_socket+0x320/0x320 [ 61.319544][ T503] ? afs_put_call+0xa70/0xa70 [ 61.324217][ T503] rxrpc_notify_socket+0x1e5/0x5e0 [ 61.329330][ T503] ? afs_put_call+0xa70/0xa70 [ 61.334003][ T503] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 61.340456][ T503] rxrpc_call_completed+0xca/0xf0 [ 61.345505][ T503] rxrpc_discard_prealloc+0x786/0xac0 [ 61.350902][ T503] ? lock_sock_nested+0x94/0x110 [ 61.355863][ T503] rxrpc_listen+0x147/0x360 [ 61.360371][ T503] afs_close_socket+0x95/0x320 [ 61.365128][ T503] ? afs_purge_servers+0x16d/0x300 [ 61.370241][ T503] ? afs_rx_discard_new_call+0x50/0x50 [ 61.375714][ T503] ? debug_smp_processor_id+0x2f/0x185 [ 61.381198][ T503] ? init_wait_var_entry+0x200/0x200 [ 61.386522][ T503] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.392161][ T503] afs_net_exit+0x1bc/0x310 [ 61.396652][ T503] ? afs_net_init+0xe30/0xe30 [ 61.401390][ T503] ops_exit_list.isra.0+0xa8/0x150 [ 61.406656][ T503] cleanup_net+0x511/0xa50 [ 61.411084][ T503] ? unregister_pernet_device+0x70/0x70 [ 61.416860][ T503] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.422847][ T503] process_one_work+0x965/0x16a0 [ 61.427796][ T503] ? lock_release+0x800/0x800 [ 61.432474][ T503] ? pwq_dec_nr_in_flight+0x310/0x310 [ 61.437906][ T503] ? rwlock_bug.part.0+0x90/0x90 [ 61.442865][ T503] worker_thread+0x96/0xe10 [ 61.447378][ T503] ? process_one_work+0x16a0/0x16a0 [ 61.452778][ T503] kthread+0x388/0x470 [ 61.456951][ T503] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.462931][ T503] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.468766][ T503] ret_from_fork+0x24/0x30 [ 61.473185][ T503] [ 61.475503][ T503] Allocated by task 6816: [ 61.479827][ T503] save_stack+0x1b/0x40 [ 61.483978][ T503] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 61.489602][ T503] kmem_cache_alloc_trace+0x153/0x7d0 [ 61.495006][ T503] afs_alloc_call+0x55/0x640 [ 61.499584][ T503] afs_charge_preallocation+0xe9/0x2d0 [ 61.505053][ T503] afs_open_socket+0x292/0x360 [ 61.509808][ T503] afs_net_init+0xa6c/0xe30 [ 61.514301][ T503] ops_init+0xaf/0x420 [ 61.518367][ T503] setup_net+0x2de/0x860 [ 61.522693][ T503] copy_net_ns+0x293/0x590 [ 61.527104][ T503] create_new_namespaces+0x3fb/0xb30 [ 61.532386][ T503] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 61.538019][ T503] ksys_unshare+0x43d/0x8e0 [ 61.542605][ T503] __x64_sys_unshare+0x2d/0x40 [ 61.547363][ T503] do_syscall_64+0xf6/0x7d0 [ 61.551861][ T503] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 61.557737][ T503] [ 61.560058][ T503] Freed by task 503: [ 61.563954][ T503] save_stack+0x1b/0x40 [ 61.568102][ T503] __kasan_slab_free+0xf7/0x140 [ 61.572948][ T503] kfree+0x109/0x2b0 [ 61.576837][ T503] afs_put_call+0x59b/0xa70 [ 61.581348][ T503] rxrpc_discard_prealloc+0x769/0xac0 [ 61.586712][ T503] rxrpc_listen+0x147/0x360 [ 61.591213][ T503] afs_close_socket+0x95/0x320 [ 61.595981][ T503] afs_net_exit+0x1bc/0x310 [ 61.600476][ T503] ops_exit_list.isra.0+0xa8/0x150 [ 61.605580][ T503] cleanup_net+0x511/0xa50 [ 61.609993][ T503] process_one_work+0x965/0x16a0 [ 61.614935][ T503] worker_thread+0x96/0xe10 [ 61.619450][ T503] kthread+0x388/0x470 [ 61.623522][ T503] ret_from_fork+0x24/0x30 [ 61.627926][ T503] [ 61.630253][ T503] The buggy address belongs to the object at ffff888093cda000 [ 61.630253][ T503] which belongs to the cache kmalloc-1k of size 1024 [ 61.644303][ T503] The buggy address is located 484 bytes inside of [ 61.644303][ T503] 1024-byte region [ffff888093cda000, ffff888093cda400) [ 61.657655][ T503] The buggy address belongs to the page: [ 61.663285][ T503] page:ffffea00024f3680 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 61.672384][ T503] flags: 0xfffe0000000200(slab) [ 61.677240][ T503] raw: 00fffe0000000200 ffffea0002361a88 ffffea00024cf2c8 ffff8880aa000c40 [ 61.685822][ T503] raw: 0000000000000000 ffff888093cda000 0000000100000002 0000000000000000 [ 61.694411][ T503] page dumped because: kasan: bad access detected [ 61.700812][ T503] [ 61.703130][ T503] Memory state around the buggy address: [ 61.708752][ T503] ffff888093cda080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.717070][ T503] ffff888093cda100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.725130][ T503] >ffff888093cda180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.733275][ T503] ^ [ 61.740479][ T503] ffff888093cda200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.748535][ T503] ffff888093cda280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.756587][ T503] ================================================================== [ 61.764812][ T503] Disabling lock debugging due to kernel taint [ 61.771039][ T503] Kernel panic - not syncing: panic_on_warn set ... [ 61.777641][ T503] CPU: 1 PID: 503 Comm: kworker/u4:4 Tainted: G B 5.7.0-syzkaller #0 [ 61.787081][ T503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.797149][ T503] Workqueue: netns cleanup_net [ 61.801904][ T503] Call Trace: [ 61.805192][ T503] dump_stack+0x188/0x20d [ 61.809528][ T503] ? afs_wake_up_async_call+0x6b0/0x880 [ 61.815249][ T503] ? afs_put_call+0xa70/0xa70 [ 61.819919][ T503] panic+0x2e3/0x75c [ 61.823807][ T503] ? add_taint.cold+0x16/0x16 [ 61.828479][ T503] ? retint_kernel+0x2b/0x2b [ 61.833071][ T503] ? trace_hardirqs_on+0x55/0x230 [ 61.838090][ T503] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.843629][ T503] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.849164][ T503] ? afs_put_call+0xa70/0xa70 [ 61.853832][ T503] end_report+0x4d/0x53 [ 61.858003][ T503] kasan_report.cold+0xd/0x37 [ 61.862676][ T503] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.868211][ T503] afs_wake_up_async_call+0x7a7/0x880 [ 61.873572][ T503] ? do_raw_spin_lock+0x129/0x2e0 [ 61.878585][ T503] ? afs_close_socket+0x320/0x320 executing program [ 61.883603][ T503] ? rwlock_bug.part.0+0x90/0x90 [ 61.888529][ T503] ? rcu_read_lock_held+0x9c/0xb0 [ 61.893549][ T503] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.899174][ T503] ? afs_close_socket+0x320/0x320 [ 61.904186][ T503] ? afs_put_call+0xa70/0xa70 [ 61.908882][ T503] rxrpc_notify_socket+0x1e5/0x5e0 [ 61.913989][ T503] ? afs_put_call+0xa70/0xa70 [ 61.918673][ T503] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 61.925097][ T503] rxrpc_call_completed+0xca/0xf0 [ 61.930120][ T503] rxrpc_discard_prealloc+0x786/0xac0 [ 61.935571][ T503] ? lock_sock_nested+0x94/0x110 [ 61.940498][ T503] rxrpc_listen+0x147/0x360 [ 61.944995][ T503] afs_close_socket+0x95/0x320 [ 61.949765][ T503] ? afs_purge_servers+0x16d/0x300 [ 61.954872][ T503] ? afs_rx_discard_new_call+0x50/0x50 [ 61.960319][ T503] ? debug_smp_processor_id+0x2f/0x185 [ 61.965770][ T503] ? init_wait_var_entry+0x200/0x200 [ 61.971064][ T503] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.976690][ T503] afs_net_exit+0x1bc/0x310 [ 61.981188][ T503] ? afs_net_init+0xe30/0xe30 [ 61.985865][ T503] ops_exit_list.isra.0+0xa8/0x150 [ 61.990967][ T503] cleanup_net+0x511/0xa50 [ 61.995372][ T503] ? unregister_pernet_device+0x70/0x70 [ 62.000909][ T503] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.006880][ T503] process_one_work+0x965/0x16a0 [ 62.011814][ T503] ? lock_release+0x800/0x800 [ 62.016486][ T503] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.021849][ T503] ? rwlock_bug.part.0+0x90/0x90 [ 62.026779][ T503] worker_thread+0x96/0xe10 [ 62.031275][ T503] ? process_one_work+0x16a0/0x16a0 [ 62.036472][ T503] kthread+0x388/0x470 [ 62.040565][ T503] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.046284][ T503] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.051998][ T503] ret_from_fork+0x24/0x30 [ 62.058460][ T503] Kernel Offset: disabled [ 62.062844][ T503] Rebooting in 86400 seconds..