[ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ 73.762597][ T6728] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6728 [ 73.772243][ T6728] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 73.778156][ T6728] CPU: 1 PID: 6728 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 73.786756][ T6728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 73.796934][ T6728] Call Trace: [ 73.800244][ T6728] dump_stack+0x18f/0x20d [ 73.804610][ T6728] check_preemption_disabled+0x20d/0x220 [ 73.810420][ T6728] ext4_mb_new_blocks+0xa4d/0x3b70 [ 73.815569][ T6728] ? ext4_ext_search_right+0x2ca/0xb20 [ 73.821050][ T6728] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 73.826941][ T6728] ext4_ext_map_blocks+0x201b/0x33e0 [ 73.832281][ T6728] ? ext4_ext_release+0x10/0x10 [ 73.837679][ T6728] ? down_write_killable+0x170/0x170 [ 73.837706][ T6728] ? ext4_es_lookup_extent+0x41d/0xd10 [ 73.848698][ T6728] ext4_map_blocks+0x4cb/0x1640 [ 73.853596][ T6728] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 73.858946][ T6728] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 73.864498][ T6728] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 73.870518][ T6728] ? prandom_u32_state+0xe/0x170 [ 73.875798][ T6728] ? __brelse+0x84/0xa0 [ 73.880276][ T6728] ? __ext4_new_inode+0x144/0x55e0 [ 73.885549][ T6728] ext4_getblk+0xad/0x520 [ 73.889901][ T6728] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 73.895629][ T6728] ? ext4_free_inode+0x1700/0x1700 [ 73.901005][ T6728] ext4_bread+0x7c/0x380 [ 73.905807][ T6728] ? ext4_getblk+0x520/0x520 [ 73.910525][ T6728] ? dquot_get_next_dqblk+0x180/0x180 [ 73.916056][ T6728] ext4_append+0x153/0x360 [ 73.920509][ T6728] ext4_mkdir+0x5e0/0xdf0 [ 73.924860][ T6728] ? ext4_rmdir+0xde0/0xde0 [ 73.929719][ T6728] vfs_mkdir+0x419/0x690 [ 73.933962][ T6728] do_mkdirat+0x21e/0x280 [ 73.938300][ T6728] ? __ia32_sys_mknod+0xb0/0xb0 [ 73.943299][ T6728] ? do_syscall_64+0x1c/0xe0 [ 73.948192][ T6728] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 73.954350][ T6728] do_syscall_64+0x60/0xe0 [ 73.958762][ T6728] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 73.964656][ T6728] RIP: 0033:0x7efe57e13687 [ 73.969201][ T6728] Code: Bad RIP value. [ 73.973279][ T6728] RSP: 002b:00007ffdbe680a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 73.981798][ T6728] RAX: ffffffffffffffda RBX: 000055ea8d65d985 RCX: 00007efe57e13687 [ 73.989911][ T6728] RDX: 00007ffdbe680930 RSI: 00000000000001ed RDI: 000055ea8d65d985 [ 73.998033][ T6728] RBP: 00007efe57e13680 R08: 0000000000000100 R09: 0000000000000000 [ 74.006167][ T6728] R10: 000055ea8d65d980 R11: 0000000000000246 R12: 00000000000001ed [ 74.014144][ T6728] R13: 00007ffdbe680bf0 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.61' (ECDSA) to the list of known hosts. 2020/06/15 17:50:31 fuzzer started syzkaller login: [ 76.469340][ T1153] BUG: using smp_processor_id() in preemptible [00000000] code: khugepaged/1153 [ 76.478963][ T1153] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 76.484987][ T1153] CPU: 1 PID: 1153 Comm: khugepaged Not tainted 5.8.0-rc1-syzkaller #0 [ 76.493378][ T1153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.503560][ T1153] Call Trace: [ 76.506885][ T1153] dump_stack+0x18f/0x20d [ 76.511256][ T1153] check_preemption_disabled+0x20d/0x220 [ 76.517006][ T1153] ext4_mb_new_blocks+0xa4d/0x3b70 [ 76.522256][ T1153] ? ext4_find_extent+0x81a/0xad0 [ 76.527319][ T1153] ? ext4_ext_search_right+0x2ca/0xb20 [ 76.532807][ T1153] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 76.538562][ T1153] ext4_ext_map_blocks+0x201b/0x33e0 [ 76.543906][ T1153] ? ext4_ext_release+0x10/0x10 [ 76.549012][ T1153] ? down_write_killable+0x170/0x170 [ 76.554419][ T1153] ? ext4_es_lookup_extent+0x41d/0xd10 [ 76.559930][ T1153] ext4_map_blocks+0x4cb/0x1640 [ 76.564840][ T1153] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 76.570295][ T1153] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 76.575859][ T1153] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 76.581853][ T1153] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 76.587537][ T1153] ext4_writepages+0x1a7b/0x33c0 [ 76.592599][ T1153] ? lock_release+0x7f0/0x800 [ 76.597297][ T1153] ? __ext4_mark_inode_dirty+0x940/0x940 [ 76.602977][ T1153] ? __ext4_mark_inode_dirty+0x940/0x940 [ 76.608780][ T1153] ? do_writepages+0xfa/0x2a0 [ 76.613807][ T1153] do_writepages+0xfa/0x2a0 [ 76.618452][ T1153] ? page_writeback_cpu_online+0x10/0x10 [ 76.624112][ T1153] ? do_raw_spin_lock+0x120/0x2d0 [ 76.629163][ T1153] ? do_raw_spin_unlock+0x171/0x260 [ 76.634759][ T1153] ? _raw_spin_unlock+0x24/0x40 [ 76.641680][ T1153] __filemap_fdatawrite_range+0x2aa/0x390 [ 76.647468][ T1153] ? collapse_file+0x35a2/0x4330 [ 76.652438][ T1153] ? delete_from_page_cache_batch+0xeb0/0xeb0 [ 76.658538][ T1153] ? _raw_spin_unlock_irq+0x1f/0x80 [ 76.663793][ T1153] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 76.669808][ T1153] collapse_file+0x35ac/0x4330 [ 76.674621][ T1153] ? collapse_huge_page+0x4350/0x4350 [ 76.680020][ T1153] ? khugepaged+0x2506/0x3fc0 [ 76.684711][ T1153] ? xas_find+0x31a/0x880 [ 76.689167][ T1153] ? check_preemption_disabled+0x38/0x220 [ 76.695208][ T1153] khugepaged+0x3041/0x3fc0 [ 76.699874][ T1153] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 76.705630][ T1153] ? lock_downgrade+0x840/0x840 [ 76.710508][ T1153] ? finish_wait+0x260/0x260 [ 76.715094][ T1153] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 76.721012][ T1153] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 76.727060][ T1153] ? __kthread_parkme+0x13f/0x1e0 [ 76.732084][ T1153] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 76.737710][ T1153] kthread+0x3b5/0x4a0 [ 76.741856][ T1153] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 76.747865][ T1153] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 76.753668][ T1153] ret_from_fork+0x1f/0x30 [ 76.866258][ T1153] BUG: using smp_processor_id() in preemptible [00000000] code: khugepaged/1153 [ 76.875664][ T1153] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 76.881709][ T1153] CPU: 1 PID: 1153 Comm: khugepaged Not tainted 5.8.0-rc1-syzkaller #0 [ 76.890157][ T1153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.900208][ T1153] Call Trace: [ 76.903501][ T1153] dump_stack+0x18f/0x20d [ 76.907996][ T1153] check_preemption_disabled+0x20d/0x220 [ 76.913659][ T1153] ext4_mb_new_blocks+0xa4d/0x3b70 [ 76.918861][ T1153] ? ext4_ext_search_right+0x2ca/0xb20 [ 76.924927][ T1153] ? ext4_ext_next_allocated_block+0x221/0x2d0 [ 76.931092][ T1153] ext4_ext_map_blocks+0x201b/0x33e0 [ 76.936392][ T1153] ? ext4_ext_release+0x10/0x10 [ 76.941244][ T1153] ? down_write_killable+0x170/0x170 [ 76.946796][ T1153] ? ext4_es_lookup_extent+0x41d/0xd10 [ 76.952247][ T1153] ext4_map_blocks+0x4cb/0x1640 [ 76.957082][ T1153] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 76.962353][ T1153] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 76.967899][ T1153] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 76.973954][ T1153] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 76.979398][ T1153] ext4_writepages+0x1a7b/0x33c0 [ 76.984338][ T1153] ? lock_release+0x7f0/0x800 [ 76.989030][ T1153] ? __ext4_mark_inode_dirty+0x940/0x940 [ 76.994850][ T1153] ? __ext4_mark_inode_dirty+0x940/0x940 [ 77.000594][ T1153] ? do_writepages+0xfa/0x2a0 [ 77.005418][ T1153] do_writepages+0xfa/0x2a0 [ 77.009918][ T1153] ? page_writeback_cpu_online+0x10/0x10 [ 77.015560][ T1153] ? do_raw_spin_lock+0x120/0x2d0 [ 77.020588][ T1153] ? do_raw_spin_unlock+0x171/0x260 [ 77.026857][ T1153] ? _raw_spin_unlock+0x24/0x40 [ 77.031920][ T1153] __filemap_fdatawrite_range+0x2aa/0x390 [ 77.037826][ T1153] ? collapse_file+0x35a2/0x4330 [ 77.042758][ T1153] ? delete_from_page_cache_batch+0xeb0/0xeb0 [ 77.049024][ T1153] ? _raw_spin_unlock_irq+0x1f/0x80 [ 77.054309][ T1153] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 77.060295][ T1153] collapse_file+0x35ac/0x4330 [ 77.065109][ T1153] ? collapse_huge_page+0x4350/0x4350 [ 77.071161][ T1153] ? khugepaged+0x2506/0x3fc0 [ 77.076137][ T1153] ? xas_find+0x31a/0x880 [ 77.080701][ T1153] ? check_preemption_disabled+0x38/0x220 [ 77.086436][ T1153] khugepaged+0x3041/0x3fc0 [ 77.091107][ T1153] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 77.096904][ T1153] ? lock_downgrade+0x840/0x840 [ 77.101759][ T1153] ? finish_wait+0x260/0x260 [ 77.106367][ T1153] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 77.112315][ T1153] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 77.118288][ T1153] ? __kthread_parkme+0x13f/0x1e0 [ 77.123306][ T1153] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 77.128923][ T1153] kthread+0x3b5/0x4a0 [ 77.132993][ T1153] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 77.138723][ T1153] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 77.144455][ T1153] ret_from_fork+0x1f/0x30 2020/06/15 17:50:32 connecting to host at 10.128.0.26:38901 2020/06/15 17:50:32 checking machine... 2020/06/15 17:50:32 checking revisions... [ 77.240106][ T1153] BUG: using smp_processor_id() in preemptible [00000000] code: khugepaged/1153 [ 77.249858][ T1153] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 77.255855][ T1153] CPU: 1 PID: 1153 Comm: khugepaged Not tainted 5.8.0-rc1-syzkaller #0 [ 77.264098][ T1153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.274168][ T1153] Call Trace: [ 77.277496][ T1153] dump_stack+0x18f/0x20d [ 77.281855][ T1153] check_preemption_disabled+0x20d/0x220 [ 77.287505][ T1153] ext4_mb_new_blocks+0xa4d/0x3b70 [ 77.292648][ T1153] ? ext4_ext_search_right+0x2ca/0xb20 [ 77.298129][ T1153] ? ext4_ext_next_allocated_block+0x221/0x2d0 [ 77.304330][ T1153] ext4_ext_map_blocks+0x201b/0x33e0 [ 77.309659][ T1153] ? ext4_ext_release+0x10/0x10 [ 77.314554][ T1153] ? down_write_killable+0x170/0x170 [ 77.319874][ T1153] ? ext4_es_lookup_extent+0x41d/0xd10 [ 77.325364][ T1153] ext4_map_blocks+0x4cb/0x1640 [ 77.330367][ T1153] ? ext4_issue_zeroout+0x1e0/0x1e0 2020/06/15 17:50:32 testing simple program... [ 77.330425][ T1153] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 77.330443][ T1153] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 77.330460][ T1153] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 77.330479][ T1153] ext4_writepages+0x1a7b/0x33c0 [ 77.330506][ T1153] ? lock_release+0x7f0/0x800 [ 77.330551][ T1153] ? __ext4_mark_inode_dirty+0x940/0x940 [ 77.369103][ T1153] ? __ext4_mark_inode_dirty+0x940/0x940 [ 77.374785][ T1153] ? do_writepages+0xfa/0x2a0 [ 77.379475][ T1153] do_writepages+0xfa/0x2a0 [ 77.384007][ T1153] ? page_writeback_cpu_online+0x10/0x10 [ 77.389832][ T1153] ? do_raw_spin_lock+0x120/0x2d0 [ 77.394886][ T1153] ? do_raw_spin_unlock+0x171/0x260 [ 77.400124][ T1153] ? _raw_spin_unlock+0x24/0x40 [ 77.405127][ T1153] __filemap_fdatawrite_range+0x2aa/0x390 [ 77.410879][ T1153] ? collapse_file+0x35a2/0x4330 [ 77.415835][ T1153] ? delete_from_page_cache_batch+0xeb0/0xeb0 [ 77.421937][ T1153] ? _raw_spin_unlock_irq+0x1f/0x80 [ 77.427152][ T1153] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 77.433154][ T1153] collapse_file+0x35ac/0x4330 [ 77.437947][ T1153] ? collapse_huge_page+0x4350/0x4350 [ 77.443332][ T1153] ? khugepaged+0x2506/0x3fc0 [ 77.448028][ T1153] ? xas_find+0x31a/0x880 [ 77.452395][ T1153] ? check_preemption_disabled+0x38/0x220 [ 77.458158][ T1153] khugepaged+0x3041/0x3fc0 [ 77.462712][ T1153] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 77.468362][ T1153] ? lock_downgrade+0x840/0x840 [ 77.473247][ T1153] ? finish_wait+0x260/0x260 [ 77.477861][ T1153] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 77.483792][ T1153] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 77.489822][ T1153] ? __kthread_parkme+0x13f/0x1e0 [ 77.494872][ T1153] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 77.500534][ T1153] kthread+0x3b5/0x4a0 [ 77.504618][ T1153] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 77.510631][ T1153] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 77.516667][ T1153] ret_from_fork+0x1f/0x30 [ 77.672709][ T6804] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6804 [ 77.685106][ T6804] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 77.691090][ T6804] CPU: 0 PID: 6804 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 77.699346][ T6804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.709957][ T6804] Call Trace: [ 77.713337][ T6804] dump_stack+0x18f/0x20d [ 77.717864][ T6804] check_preemption_disabled+0x20d/0x220 [ 77.723505][ T6804] ext4_mb_new_blocks+0xa4d/0x3b70 [ 77.728795][ T6804] ? ext4_ext_search_right+0x2ca/0xb20 [ 77.734374][ T6804] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 77.740550][ T6804] ext4_ext_map_blocks+0x201b/0x33e0 [ 77.745838][ T6804] ? ext4_ext_release+0x10/0x10 [ 77.750700][ T6804] ? down_write_killable+0x170/0x170 [ 77.756082][ T6804] ? ext4_es_lookup_extent+0x41d/0xd10 [ 77.761537][ T6804] ext4_map_blocks+0x4cb/0x1640 [ 77.766532][ T6804] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 77.771740][ T6804] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 77.777712][ T6804] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 77.783825][ T6804] ? prandom_u32_state+0xe/0x170 [ 77.788750][ T6804] ? __brelse+0x84/0xa0 [ 77.792932][ T6804] ? __ext4_new_inode+0x144/0x55e0 [ 77.798171][ T6804] ext4_getblk+0xad/0x520 [ 77.802553][ T6804] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 77.808261][ T6804] ? ext4_free_inode+0x1700/0x1700 [ 77.813462][ T6804] ext4_bread+0x7c/0x380 [ 77.818751][ T6804] ? ext4_getblk+0x520/0x520 [ 77.823321][ T6804] ? dquot_get_next_dqblk+0x180/0x180 [ 77.828872][ T6804] ext4_append+0x153/0x360 [ 77.833320][ T6804] ext4_mkdir+0x5e0/0xdf0 [ 77.837642][ T6804] ? ext4_rmdir+0xde0/0xde0 [ 77.842445][ T6804] vfs_mkdir+0x419/0x690 [ 77.846715][ T6804] do_mkdirat+0x21e/0x280 [ 77.851187][ T6804] ? __ia32_sys_mknod+0xb0/0xb0 [ 77.856023][ T6804] ? do_syscall_64+0x1c/0xe0 [ 77.861535][ T6804] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 77.867509][ T6804] do_syscall_64+0x60/0xe0 [ 77.871936][ T6804] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.877959][ T6804] RIP: 0033:0x4b02a0 [ 77.881843][ T6804] Code: Bad RIP value. [ 77.886009][ T6804] RSP: 002b:000000c0003af4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 77.894399][ T6804] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 77.902355][ T6804] RDX: 00000000000001c0 RSI: 000000c000027460 RDI: ffffffffffffff9c [ 77.910309][ T6804] RBP: 000000c0003af510 R08: 0000000000000000 R09: 0000000000000000 [ 77.918271][ T6804] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 77.926244][ T6804] R13: 00000000000000a4 R14: 00000000000000a3 R15: 0000000000000100 [ 77.974120][ T29] audit: type=1400 audit(1592243433.329:8): avc: denied { execmem } for pid=6818 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 77.982974][ T6818] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6818 [ 78.004274][ T6818] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 78.010257][ T6818] CPU: 1 PID: 6818 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 78.018867][ T6818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.029573][ T6818] Call Trace: [ 78.032872][ T6818] dump_stack+0x18f/0x20d [ 78.037383][ T6818] check_preemption_disabled+0x20d/0x220 [ 78.043050][ T6818] ext4_mb_new_blocks+0xa4d/0x3b70 [ 78.048446][ T6818] ? ext4_ext_search_right+0x2ca/0xb20 [ 78.054029][ T6818] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 78.059905][ T6818] ext4_ext_map_blocks+0x201b/0x33e0 [ 78.065360][ T6818] ? ext4_ext_release+0x10/0x10 [ 78.070538][ T6818] ? down_write_killable+0x170/0x170 [ 78.075981][ T6818] ? ext4_es_lookup_extent+0x41d/0xd10 [ 78.081450][ T6818] ext4_map_blocks+0x4cb/0x1640 [ 78.086531][ T6818] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 78.091729][ T6818] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 78.097282][ T6818] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 78.103526][ T6818] ? prandom_u32_state+0xe/0x170 [ 78.108473][ T6818] ? __brelse+0x84/0xa0 [ 78.112892][ T6818] ? __ext4_new_inode+0x144/0x55e0 [ 78.118150][ T6818] ext4_getblk+0xad/0x520 [ 78.122482][ T6818] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 78.128231][ T6818] ? ext4_free_inode+0x1700/0x1700 [ 78.133351][ T6818] ext4_bread+0x7c/0x380 [ 78.137643][ T6818] ? ext4_getblk+0x520/0x520 [ 78.142248][ T6818] ? dquot_get_next_dqblk+0x180/0x180 [ 78.147612][ T6818] ? security_transition_sid+0x123/0x190 [ 78.153247][ T6818] ? security_transition_sid+0xed/0x190 [ 78.158797][ T6818] ext4_append+0x153/0x360 [ 78.163223][ T6818] ext4_mkdir+0x5e0/0xdf0 [ 78.167557][ T6818] ? ext4_rmdir+0xde0/0xde0 [ 78.172086][ T6818] vfs_mkdir+0x419/0x690 [ 78.176313][ T6818] do_mkdirat+0x21e/0x280 [ 78.180624][ T6818] ? __ia32_sys_mknod+0xb0/0xb0 [ 78.185453][ T6818] ? do_syscall_64+0x1c/0xe0 [ 78.190043][ T6818] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 78.196252][ T6818] do_syscall_64+0x60/0xe0 [ 78.200669][ T6818] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 78.206809][ T6818] RIP: 0033:0x45bed7 [ 78.210710][ T6818] Code: Bad RIP value. [ 78.214756][ T6818] RSP: 002b:00007ffd86881408 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 78.223230][ T6818] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 78.231190][ T6818] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffd868815e0 [ 78.239160][ T6818] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003880 [ 78.247138][ T6818] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 78.255115][ T6818] R13: 00007ffd868815e0 R14: 8421084210842109 R15: 00007ffd868815ec [ 78.358015][ T6819] IPVS: ftp: loaded support on port[0] = 21 [ 78.398557][ T6819] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6819 [ 78.408357][ T6819] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 78.414435][ T6819] CPU: 1 PID: 6819 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 78.423370][ T6819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.433728][ T6819] Call Trace: [ 78.437015][ T6819] dump_stack+0x18f/0x20d [ 78.441330][ T6819] check_preemption_disabled+0x20d/0x220 [ 78.447108][ T6819] ext4_mb_new_blocks+0xa4d/0x3b70 [ 78.452250][ T6819] ? ext4_ext_search_right+0x2ca/0xb20 [ 78.458180][ T6819] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 78.464044][ T6819] ext4_ext_map_blocks+0x201b/0x33e0 [ 78.469824][ T6819] ? ext4_ext_release+0x10/0x10 [ 78.474744][ T6819] ? down_write_killable+0x170/0x170 [ 78.480048][ T6819] ? ext4_es_lookup_extent+0x41d/0xd10 [ 78.486158][ T6819] ext4_map_blocks+0x4cb/0x1640 [ 78.491611][ T6819] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 78.497168][ T6819] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 78.502724][ T6819] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 78.508693][ T6819] ? prandom_u32_state+0xe/0x170 [ 78.513621][ T6819] ? __brelse+0x84/0xa0 [ 78.517756][ T6819] ? __ext4_new_inode+0x144/0x55e0 [ 78.522954][ T6819] ext4_getblk+0xad/0x520 [ 78.527295][ T6819] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 78.533018][ T6819] ? ext4_free_inode+0x1700/0x1700 [ 78.538152][ T6819] ext4_bread+0x7c/0x380 [ 78.542386][ T6819] ? ext4_getblk+0x520/0x520 [ 78.547016][ T6819] ? dquot_get_next_dqblk+0x180/0x180 [ 78.552978][ T6819] ? security_transition_sid+0x123/0x190 [ 78.558659][ T6819] ? security_transition_sid+0xed/0x190 [ 78.564271][ T6819] ext4_append+0x153/0x360 [ 78.568855][ T6819] ext4_mkdir+0x5e0/0xdf0 [ 78.573331][ T6819] ? ext4_rmdir+0xde0/0xde0 [ 78.577854][ T6819] vfs_mkdir+0x419/0x690 [ 78.582081][ T6819] do_mkdirat+0x21e/0x280 [ 78.586418][ T6819] ? __ia32_sys_mknod+0xb0/0xb0 [ 78.591277][ T6819] ? do_syscall_64+0x1c/0xe0 [ 78.595892][ T6819] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 78.602086][ T6819] do_syscall_64+0x60/0xe0 [ 78.606540][ T6819] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 78.612433][ T6819] RIP: 0033:0x45bed7 [ 78.616549][ T6819] Code: Bad RIP value. [ 78.620599][ T6819] RSP: 002b:00007ffd868812f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 78.629162][ T6819] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 78.637543][ T6819] RDX: 00007ffd86881343 RSI: 00000000000001ff RDI: 00007ffd86881340 [ 78.645503][ T6819] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 78.653542][ T6819] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185c0 [ 78.661513][ T6819] R13: 00007ffd86881330 R14: 0000000000000000 R15: 00007ffd86881340 [ 78.721264][ T6819] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6819 [ 78.730771][ T6819] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 78.736723][ T6819] CPU: 1 PID: 6819 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 78.745440][ T6819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 78.755509][ T6819] Call Trace: [ 78.758828][ T6819] dump_stack+0x18f/0x20d [ 78.763187][ T6819] check_preemption_disabled+0x20d/0x220 [ 78.768981][ T6819] ext4_mb_new_blocks+0xa4d/0x3b70 [ 78.774482][ T6819] ? ext4_ext_search_right+0x2ca/0xb20 [ 78.779964][ T6819] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 78.785742][ T6819] ext4_ext_map_blocks+0x201b/0x33e0 [ 78.791062][ T6819] ? ext4_ext_release+0x10/0x10 [ 78.795968][ T6819] ? down_write_killable+0x170/0x170 [ 78.801488][ T6819] ? ext4_es_lookup_extent+0x41d/0xd10 [ 78.807064][ T6819] ext4_map_blocks+0x4cb/0x1640 [ 78.812127][ T6819] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 78.817456][ T6819] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 78.823356][ T6819] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 78.829604][ T6819] ? prandom_u32_state+0xe/0x170 [ 78.834643][ T6819] ? __brelse+0x84/0xa0 [ 78.838799][ T6819] ? __ext4_new_inode+0x144/0x55e0 [ 78.843902][ T6819] ext4_getblk+0xad/0x520 [ 78.848264][ T6819] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 78.854000][ T6819] ? ext4_free_inode+0x1700/0x1700 [ 78.859149][ T6819] ext4_bread+0x7c/0x380 [ 78.863481][ T6819] ? ext4_getblk+0x520/0x520 [ 78.868239][ T6819] ? dquot_get_next_dqblk+0x180/0x180 [ 78.873875][ T6819] ? security_transition_sid+0x123/0x190 [ 78.879680][ T6819] ? security_transition_sid+0xed/0x190 [ 78.885315][ T6819] ext4_append+0x153/0x360 [ 78.889963][ T6819] ext4_mkdir+0x5e0/0xdf0 [ 78.894419][ T6819] ? ext4_rmdir+0xde0/0xde0 [ 78.899038][ T6819] vfs_mkdir+0x419/0x690 [ 78.903431][ T6819] do_mkdirat+0x21e/0x280 [ 78.907991][ T6819] ? __ia32_sys_mknod+0xb0/0xb0 [ 78.912967][ T6819] ? do_syscall_64+0x1c/0xe0 [ 78.917686][ T6819] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 78.923770][ T6819] do_syscall_64+0x60/0xe0 [ 78.928755][ T6819] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 78.935365][ T6819] RIP: 0033:0x45bed7 [ 78.939269][ T6819] Code: Bad RIP value. [ 78.943422][ T6819] RSP: 002b:00007ffd868812f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 78.952119][ T6819] RAX: ffffffffffffffda RBX: 0000000000013373 RCX: 000000000045bed7 [ 78.960074][ T6819] RDX: 00007ffd86881343 RSI: 00000000000001ff RDI: 00007ffd86881340 2020/06/15 17:50:34 building call list... [ 78.968222][ T6819] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 78.976669][ T6819] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 78.984655][ T6819] R13: 00007ffd86881330 R14: 000000000001335e R15: 00007ffd86881340 [ 79.200085][ T21] tipc: TX() has been purged, node left! [ 79.702484][ T21] ================================================================== [ 79.710761][ T21] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 79.718673][ T21] Write of size 1 at addr ffff8880a240c1e4 by task kworker/u4:1/21 [ 79.726570][ T21] [ 79.728906][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc1-syzkaller #0 [ 79.737140][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 79.747216][ T21] Workqueue: netns cleanup_net [ 79.751983][ T21] Call Trace: [ 79.755288][ T21] dump_stack+0x18f/0x20d [ 79.759790][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 79.765343][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 79.771136][ T21] ? afs_put_call+0xa40/0xa40 [ 79.775822][ T21] print_address_description.constprop.0.cold+0xd3/0x413 [ 79.782889][ T21] ? vprintk_func+0x97/0x1a6 [ 79.787638][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 79.793228][ T21] kasan_report.cold+0x1f/0x37 [ 79.798022][ T21] ? rcu_read_lock_held_common+0x51/0xa0 [ 79.803686][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 79.809261][ T21] afs_wake_up_async_call+0x6aa/0x770 [ 79.814952][ T21] ? afs_close_socket+0x320/0x320 [ 79.819988][ T21] ? afs_put_call+0xa40/0xa40 [ 79.824686][ T21] rxrpc_notify_socket+0x1db/0x5d0 [ 79.829815][ T21] ? afs_put_call+0xa40/0xa40 [ 79.834494][ T21] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 79.840920][ T21] rxrpc_call_completed+0xca/0xf0 [ 79.845962][ T21] rxrpc_discard_prealloc+0x781/0xab0 [ 79.851345][ T21] ? lock_sock_nested+0x94/0x110 [ 79.856438][ T21] rxrpc_listen+0x147/0x360 [ 79.860967][ T21] afs_close_socket+0x95/0x320 [ 79.865744][ T21] ? afs_purge_servers+0x16d/0x300 [ 79.871113][ T21] ? afs_rx_discard_new_call+0x50/0x50 [ 79.876615][ T21] ? init_wait_var_entry+0x200/0x200 [ 79.881916][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 79.887557][ T21] ? check_preemption_disabled+0x38/0x220 [ 79.893282][ T21] afs_net_exit+0x1bc/0x310 [ 79.897792][ T21] ? afs_net_init+0xe30/0xe30 [ 79.902485][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 79.907889][ T21] cleanup_net+0x511/0xa50 [ 79.912330][ T21] ? unregister_pernet_device+0x70/0x70 [ 79.917896][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 79.923909][ T21] process_one_work+0x965/0x1690 [ 79.928865][ T21] ? lock_release+0x800/0x800 [ 79.933543][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 79.938920][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 79.943876][ T21] worker_thread+0x96/0xe10 [ 79.948413][ T21] ? process_one_work+0x1690/0x1690 [ 79.953720][ T21] kthread+0x3b5/0x4a0 [ 79.957795][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 79.963552][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 79.969430][ T21] ret_from_fork+0x1f/0x30 [ 79.973857][ T21] [ 79.976188][ T21] Allocated by task 6819: [ 79.980534][ T21] save_stack+0x1b/0x40 [ 79.984699][ T21] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 79.990344][ T21] kmem_cache_alloc_trace+0x153/0x7d0 [ 79.995738][ T21] afs_alloc_call+0x55/0x630 [ 80.000419][ T21] afs_charge_preallocation+0xe9/0x2d0 [ 80.005902][ T21] afs_open_socket+0x292/0x360 [ 80.010825][ T21] afs_net_init+0xa6c/0xe30 [ 80.015349][ T21] ops_init+0xaf/0x420 [ 80.019421][ T21] setup_net+0x2de/0x860 [ 80.023664][ T21] copy_net_ns+0x293/0x590 [ 80.028082][ T21] create_new_namespaces+0x3fb/0xb30 [ 80.033884][ T21] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 80.039539][ T21] ksys_unshare+0x43d/0x8e0 [ 80.044048][ T21] __x64_sys_unshare+0x2d/0x40 [ 80.048810][ T21] do_syscall_64+0x60/0xe0 [ 80.053228][ T21] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 80.059108][ T21] [ 80.061456][ T21] Freed by task 21: [ 80.065263][ T21] save_stack+0x1b/0x40 [ 80.069415][ T21] __kasan_slab_free+0xf7/0x140 [ 80.074262][ T21] kfree+0x109/0x2b0 [ 80.078162][ T21] afs_put_call+0x585/0xa40 [ 80.082664][ T21] rxrpc_discard_prealloc+0x764/0xab0 [ 80.088125][ T21] rxrpc_listen+0x147/0x360 [ 80.092627][ T21] afs_close_socket+0x95/0x320 [ 80.097384][ T21] afs_net_exit+0x1bc/0x310 [ 80.101992][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 80.107135][ T21] cleanup_net+0x511/0xa50 [ 80.111689][ T21] process_one_work+0x965/0x1690 [ 80.116627][ T21] worker_thread+0x96/0xe10 [ 80.121128][ T21] kthread+0x3b5/0x4a0 [ 80.125318][ T21] ret_from_fork+0x1f/0x30 [ 80.129729][ T21] [ 80.132061][ T21] The buggy address belongs to the object at ffff8880a240c000 [ 80.132061][ T21] which belongs to the cache kmalloc-1k of size 1024 [ 80.146229][ T21] The buggy address is located 484 bytes inside of [ 80.146229][ T21] 1024-byte region [ffff8880a240c000, ffff8880a240c400) [ 80.159577][ T21] The buggy address belongs to the page: [ 80.165665][ T21] page:ffffea0002890300 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880a240c800 [ 80.176231][ T21] flags: 0xfffe0000000200(slab) [ 80.181107][ T21] raw: 00fffe0000000200 ffffea000293ff88 ffffea00024e4b08 ffff8880aa000c40 [ 80.189867][ T21] raw: ffff8880a240c800 ffff8880a240c000 0000000100000001 0000000000000000 [ 80.198509][ T21] page dumped because: kasan: bad access detected executing program [ 80.204923][ T21] [ 80.207256][ T21] Memory state around the buggy address: [ 80.212887][ T21] ffff8880a240c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.220949][ T21] ffff8880a240c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.229007][ T21] >ffff8880a240c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.237071][ T21] ^ [ 80.244303][ T21] ffff8880a240c200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.252556][ T21] ffff8880a240c280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.260641][ T21] ================================================================== [ 80.268886][ T21] Disabling lock debugging due to kernel taint [ 80.276087][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 80.282682][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 80.292304][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.302371][ T21] Workqueue: netns cleanup_net [ 80.307137][ T21] Call Trace: [ 80.310555][ T21] dump_stack+0x18f/0x20d [ 80.314923][ T21] ? afs_wake_up_async_call+0x670/0x770 [ 80.320476][ T21] ? afs_put_call+0xa40/0xa40 [ 80.325162][ T21] panic+0x2e3/0x75c [ 80.329066][ T21] ? __warn_printk+0xf3/0xf3 [ 80.333674][ T21] ? asm_common_interrupt+0x1e/0x40 [ 80.338895][ T21] ? trace_hardirqs_on+0x55/0x220 [ 80.343924][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 80.349485][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 80.355189][ T21] ? afs_put_call+0xa40/0xa40 [ 80.359879][ T21] end_report+0x4d/0x53 [ 80.364045][ T21] kasan_report.cold+0xd/0x37 [ 80.368727][ T21] ? rcu_read_lock_held_common+0x51/0xa0 [ 80.375036][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 80.380625][ T21] afs_wake_up_async_call+0x6aa/0x770 [ 80.386025][ T21] ? afs_close_socket+0x320/0x320 [ 80.391208][ T21] ? afs_put_call+0xa40/0xa40 [ 80.395901][ T21] rxrpc_notify_socket+0x1db/0x5d0 [ 80.401011][ T21] ? afs_put_call+0xa40/0xa40 [ 80.405685][ T21] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 80.412113][ T21] rxrpc_call_completed+0xca/0xf0 [ 80.417595][ T21] rxrpc_discard_prealloc+0x781/0xab0 [ 80.422972][ T21] ? lock_sock_nested+0x94/0x110 [ 80.427928][ T21] rxrpc_listen+0x147/0x360 [ 80.432444][ T21] afs_close_socket+0x95/0x320 [ 80.437210][ T21] ? afs_purge_servers+0x16d/0x300 [ 80.442318][ T21] ? afs_rx_discard_new_call+0x50/0x50 [ 80.447796][ T21] ? init_wait_var_entry+0x200/0x200 [ 80.453095][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 80.458725][ T21] ? check_preemption_disabled+0x38/0x220 [ 80.464439][ T21] afs_net_exit+0x1bc/0x310 [ 80.469055][ T21] ? afs_net_init+0xe30/0xe30 [ 80.473735][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 80.478845][ T21] cleanup_net+0x511/0xa50 [ 80.483261][ T21] ? unregister_pernet_device+0x70/0x70 [ 80.488811][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 80.494787][ T21] process_one_work+0x965/0x1690 [ 80.499722][ T21] ? lock_release+0x800/0x800 [ 80.504523][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 80.510011][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 80.515420][ T21] worker_thread+0x96/0xe10 [ 80.519933][ T21] ? process_one_work+0x1690/0x1690 [ 80.525248][ T21] kthread+0x3b5/0x4a0 [ 80.529314][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 80.535172][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 80.540899][ T21] ret_from_fork+0x1f/0x30 [ 80.546043][ T21] Kernel Offset: disabled [ 80.550471][ T21] Rebooting in 86400 seconds..