[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ 56.084868][ T6746] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6746 [ 56.094830][ T6746] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.101282][ T6746] CPU: 1 PID: 6746 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 56.109533][ T6746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.119576][ T6746] Call Trace: [ 56.122884][ T6746] dump_stack+0x18f/0x20d [ 56.127226][ T6746] check_preemption_disabled+0x20d/0x220 [ 56.132848][ T6746] ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.137961][ T6746] ? ext4_ext_search_right+0x2ca/0xb20 [ 56.143759][ T6746] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 56.149724][ T6746] ext4_ext_map_blocks+0x201b/0x33e0 [ 56.155280][ T6746] ? ext4_ext_release+0x10/0x10 [ 56.160237][ T6746] ? down_write_killable+0x170/0x170 [ 56.165589][ T6746] ? ext4_es_lookup_extent+0x41d/0xd10 [ 56.171032][ T6746] ext4_map_blocks+0x4cb/0x1640 [ 56.176139][ T6746] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 56.182500][ T6746] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.188471][ T6746] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.194446][ T6746] ? prandom_u32_state+0xe/0x170 [ 56.199535][ T6746] ? __brelse+0x84/0xa0 [ 56.203681][ T6746] ? __ext4_new_inode+0x144/0x55e0 [ 56.208785][ T6746] ext4_getblk+0xad/0x520 [ 56.213133][ T6746] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 56.218898][ T6746] ? ext4_free_inode+0x1700/0x1700 [ 56.223993][ T6746] ext4_bread+0x7c/0x380 [ 56.228224][ T6746] ? ext4_getblk+0x520/0x520 [ 56.232814][ T6746] ? dquot_get_next_dqblk+0x180/0x180 [ 56.238191][ T6746] ext4_append+0x153/0x360 [ 56.242608][ T6746] ext4_mkdir+0x5e0/0xdf0 [ 56.246940][ T6746] ? ext4_rmdir+0xde0/0xde0 [ 56.251464][ T6746] ? security_inode_permission+0xc4/0xf0 [ 56.257238][ T6746] vfs_mkdir+0x419/0x690 [ 56.261613][ T6746] do_mkdirat+0x21e/0x280 [ 56.265952][ T6746] ? __ia32_sys_mknod+0xb0/0xb0 [ 56.271258][ T6746] ? do_syscall_64+0x1c/0xe0 [ 56.275854][ T6746] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 56.282077][ T6746] do_syscall_64+0x60/0xe0 [ 56.286488][ T6746] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 56.292367][ T6746] RIP: 0033:0x7fe6a1ba1687 [ 56.296769][ T6746] Code: Bad RIP value. [ 56.300825][ T6746] RSP: 002b:00007ffc758db758 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 56.309250][ T6746] RAX: ffffffffffffffda RBX: 0000561f05ee7985 RCX: 00007fe6a1ba1687 [ 56.317293][ T6746] RDX: 00007ffc758db620 RSI: 00000000000001ed RDI: 0000561f05ee7985 [ 56.325262][ T6746] RBP: 00007fe6a1ba1680 R08: 0000000000000100 R09: 0000000000000000 [ 56.333494][ T6746] R10: 0000561f05ee7980 R11: 0000000000000246 R12: 00000000000001ed [ 56.341464][ T6746] R13: 00007ffc758db8e0 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 58.498761][ T21] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:1/21 [ 58.507837][ T21] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.514022][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.7.0-syzkaller #0 [ 58.521926][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.532244][ T21] Workqueue: writeback wb_workfn (flush-8:0) [ 58.538320][ T21] Call Trace: [ 58.541597][ T21] dump_stack+0x18f/0x20d [ 58.545913][ T21] check_preemption_disabled+0x20d/0x220 [ 58.551537][ T21] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.556643][ T21] ? ext4_find_extent+0x81a/0xad0 [ 58.561678][ T21] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.567113][ T21] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.573010][ T21] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.578325][ T21] ? ext4_ext_release+0x10/0x10 [ 58.583226][ T21] ? down_write_killable+0x170/0x170 [ 58.588511][ T21] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.593982][ T21] ext4_map_blocks+0x4cb/0x1640 [ 58.598839][ T21] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.604140][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.609682][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.615641][ T21] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 58.621088][ T21] ext4_writepages+0x1a7b/0x33c0 [ 58.626037][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.631662][ T21] ? __lock_acquire+0x2224/0x48b0 [ 58.636780][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.642963][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.648934][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.654659][ T21] ? do_writepages+0xfa/0x2a0 [ 58.659482][ T21] do_writepages+0xfa/0x2a0 [ 58.664199][ T21] ? page_writeback_cpu_online+0x10/0x10 [ 58.669858][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.676001][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.682257][ T21] ? lock_downgrade+0x840/0x840 [ 58.687204][ T21] __writeback_single_inode+0x12a/0x13d0 [ 58.692834][ T21] ? _raw_spin_unlock+0x24/0x40 [ 58.697774][ T21] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 58.703737][ T21] writeback_sb_inodes+0x515/0xdc0 [ 58.708850][ T21] ? __writeback_single_inode+0x13d0/0x13d0 [ 58.714735][ T21] __writeback_inodes_wb+0xc3/0x250 [ 58.719921][ T21] wb_writeback+0x8db/0xd50 [ 58.724418][ T21] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 58.730742][ T21] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 58.736627][ T21] ? cpumask_next+0x3c/0x40 [ 58.741128][ T21] ? get_nr_dirty_inodes+0xd6/0x130 [ 58.746325][ T21] wb_workfn+0xab3/0x1090 [ 58.750653][ T21] ? inode_wait_for_writeback+0x30/0x30 [ 58.756202][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.761819][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.767797][ T21] process_one_work+0x965/0x1690 [ 58.772808][ T21] ? lock_release+0x800/0x800 [ 58.777668][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 58.783039][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 58.787971][ T21] worker_thread+0x96/0xe10 [ 58.792471][ T21] ? process_one_work+0x1690/0x1690 [ 58.797663][ T21] kthread+0x3b5/0x4a0 [ 58.801893][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.807595][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.814190][ T21] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.0.156' (ECDSA) to the list of known hosts. 2020/06/14 11:56:18 fuzzer started 2020/06/14 11:56:18 connecting to host at 10.128.0.26:34621 2020/06/14 11:56:18 checking machine... 2020/06/14 11:56:18 checking revisions... 2020/06/14 11:56:18 testing simple program... [ 61.277068][ T6820] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6820 [ 61.286202][ T6820] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.292162][ T6820] CPU: 0 PID: 6820 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 61.300074][ T6820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.310128][ T6820] Call Trace: [ 61.313428][ T6820] dump_stack+0x18f/0x20d [ 61.317752][ T6820] check_preemption_disabled+0x20d/0x220 [ 61.323383][ T6820] ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.328494][ T6820] ? ext4_ext_search_right+0x2ca/0xb20 [ 61.333966][ T6820] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 61.339906][ T6820] ext4_ext_map_blocks+0x201b/0x33e0 [ 61.345369][ T6820] ? ext4_ext_release+0x10/0x10 [ 61.350383][ T6820] ? down_write_killable+0x170/0x170 [ 61.355759][ T6820] ? ext4_es_lookup_extent+0x41d/0xd10 [ 61.361460][ T6820] ext4_map_blocks+0x4cb/0x1640 [ 61.366445][ T6820] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.371843][ T6820] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.377379][ T6820] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.383379][ T6820] ? prandom_u32_state+0xe/0x170 [ 61.388307][ T6820] ? __brelse+0x84/0xa0 [ 61.392444][ T6820] ? __ext4_new_inode+0x144/0x55e0 [ 61.397561][ T6820] ext4_getblk+0xad/0x520 [ 61.403793][ T6820] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 61.409514][ T6820] ? ext4_free_inode+0x1700/0x1700 [ 61.414624][ T6820] ext4_bread+0x7c/0x380 [ 61.418859][ T6820] ? ext4_getblk+0x520/0x520 [ 61.423440][ T6820] ? dquot_get_next_dqblk+0x180/0x180 [ 61.428807][ T6820] ext4_append+0x153/0x360 [ 61.433235][ T6820] ext4_mkdir+0x5e0/0xdf0 [ 61.437677][ T6820] ? ext4_rmdir+0xde0/0xde0 [ 61.442344][ T6820] ? security_inode_permission+0xc4/0xf0 [ 61.448209][ T6820] vfs_mkdir+0x419/0x690 [ 61.452445][ T6820] do_mkdirat+0x21e/0x280 [ 61.456759][ T6820] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.461612][ T6820] ? do_syscall_64+0x1c/0xe0 [ 61.466258][ T6820] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.472360][ T6820] do_syscall_64+0x60/0xe0 [ 61.476794][ T6820] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.482957][ T6820] RIP: 0033:0x4b02a0 [ 61.486831][ T6820] Code: Bad RIP value. [ 61.490879][ T6820] RSP: 002b:000000c0000cb4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 61.499310][ T6820] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 61.507296][ T6820] RDX: 00000000000001c0 RSI: 000000c000026f60 RDI: ffffffffffffff9c [ 61.518202][ T6820] RBP: 000000c0000cb510 R08: 0000000000000000 R09: 0000000000000000 [ 61.526195][ T6820] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 61.534157][ T6820] R13: 000000000000007c R14: 000000000000007b R15: 0000000000000100 [ 61.580955][ T6834] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6834 [ 61.590599][ T6834] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.596553][ T6834] CPU: 0 PID: 6834 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 61.604780][ T6834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.614841][ T6834] Call Trace: [ 61.618145][ T6834] dump_stack+0x18f/0x20d [ 61.622490][ T6834] check_preemption_disabled+0x20d/0x220 [ 61.628128][ T6834] ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.633224][ T6834] ? ext4_ext_search_right+0x2ca/0xb20 [ 61.638697][ T6834] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 61.644402][ T6834] ext4_ext_map_blocks+0x201b/0x33e0 [ 61.649679][ T6834] ? ext4_ext_release+0x10/0x10 [ 61.654517][ T6834] ? down_write_killable+0x170/0x170 [ 61.659789][ T6834] ? ext4_es_lookup_extent+0x41d/0xd10 [ 61.665230][ T6834] ext4_map_blocks+0x4cb/0x1640 [ 61.670066][ T6834] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.675284][ T6834] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.680946][ T6834] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.686926][ T6834] ? prandom_u32_state+0xe/0x170 [ 61.691859][ T6834] ? __brelse+0x84/0xa0 [ 61.696002][ T6834] ? __ext4_new_inode+0x144/0x55e0 [ 61.701116][ T6834] ext4_getblk+0xad/0x520 [ 61.705454][ T6834] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 61.711285][ T6834] ? ext4_free_inode+0x1700/0x1700 [ 61.716404][ T6834] ext4_bread+0x7c/0x380 [ 61.720663][ T6834] ? ext4_getblk+0x520/0x520 [ 61.725255][ T6834] ? dquot_get_next_dqblk+0x180/0x180 [ 61.730740][ T6834] ext4_append+0x153/0x360 [ 61.735234][ T6834] ext4_mkdir+0x5e0/0xdf0 [ 61.739756][ T6834] ? ext4_rmdir+0xde0/0xde0 [ 61.744516][ T6834] ? security_inode_permission+0xc4/0xf0 [ 61.750141][ T6834] vfs_mkdir+0x419/0x690 [ 61.754472][ T6834] do_mkdirat+0x21e/0x280 [ 61.759267][ T6834] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.764261][ T6834] ? do_syscall_64+0x1c/0xe0 [ 61.768838][ T6834] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.774806][ T6834] do_syscall_64+0x60/0xe0 [ 61.779392][ T6834] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.785912][ T6834] RIP: 0033:0x45bee7 [ 61.789803][ T6834] Code: Bad RIP value. [ 61.793943][ T6834] RSP: 002b:00007ffdbe53bf98 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 61.802339][ T6834] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 61.810307][ T6834] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007ffdbe53c170 [ 61.819561][ T6834] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002d40 [ 61.827524][ T6834] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 61.835767][ T6834] R13: 00007ffdbe53c170 R14: 8421084210842109 R15: 00007ffdbe53c17c [ 61.926979][ T6835] IPVS: ftp: loaded support on port[0] = 21 [ 61.964605][ T6835] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6835 [ 61.974720][ T6835] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.981666][ T6835] CPU: 1 PID: 6835 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 61.990385][ T6835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.000580][ T6835] Call Trace: [ 62.003978][ T6835] dump_stack+0x18f/0x20d [ 62.008313][ T6835] check_preemption_disabled+0x20d/0x220 [ 62.013939][ T6835] ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.019137][ T6835] ? ext4_ext_search_right+0x2ca/0xb20 [ 62.024584][ T6835] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 62.030299][ T6835] ext4_ext_map_blocks+0x201b/0x33e0 [ 62.035580][ T6835] ? ext4_ext_release+0x10/0x10 [ 62.040508][ T6835] ? down_write_killable+0x170/0x170 [ 62.045785][ T6835] ? ext4_es_lookup_extent+0x41d/0xd10 [ 62.051317][ T6835] ext4_map_blocks+0x4cb/0x1640 [ 62.056156][ T6835] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 62.061340][ T6835] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.067000][ T6835] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.072989][ T6835] ? prandom_u32_state+0xe/0x170 [ 62.077923][ T6835] ? __brelse+0x84/0xa0 [ 62.082109][ T6835] ? __ext4_new_inode+0x144/0x55e0 [ 62.087209][ T6835] ext4_getblk+0xad/0x520 [ 62.091551][ T6835] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 62.097390][ T6835] ? ext4_free_inode+0x1700/0x1700 [ 62.102494][ T6835] ext4_bread+0x7c/0x380 [ 62.106739][ T6835] ? ext4_getblk+0x520/0x520 [ 62.111348][ T6835] ? dquot_get_next_dqblk+0x180/0x180 [ 62.116759][ T6835] ext4_append+0x153/0x360 [ 62.121179][ T6835] ext4_mkdir+0x5e0/0xdf0 [ 62.125524][ T6835] ? ext4_rmdir+0xde0/0xde0 [ 62.130143][ T6835] ? security_inode_permission+0xc4/0xf0 [ 62.135936][ T6835] vfs_mkdir+0x419/0x690 [ 62.140167][ T6835] do_mkdirat+0x21e/0x280 [ 62.144566][ T6835] ? __ia32_sys_mknod+0xb0/0xb0 [ 62.149413][ T6835] ? do_syscall_64+0x1c/0xe0 [ 62.154021][ T6835] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.160012][ T6835] do_syscall_64+0x60/0xe0 [ 62.164422][ T6835] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.170545][ T6835] RIP: 0033:0x45bee7 [ 62.174460][ T6835] Code: Bad RIP value. [ 62.178515][ T6835] RSP: 002b:00007ffdbe53be88 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 62.186949][ T6835] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 62.195119][ T6835] RDX: 00007ffdbe53bed3 RSI: 00000000000001ff RDI: 00007ffdbe53bed0 [ 62.203414][ T6835] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 62.211394][ T6835] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185d0 [ 62.219440][ T6835] R13: 00007ffdbe53bec0 R14: 0000000000000000 R15: 00007ffdbe53bed0 [ 62.270267][ T6835] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6835 [ 62.280103][ T6835] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.286036][ T6835] CPU: 0 PID: 6835 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 62.294327][ T6835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.304486][ T6835] Call Trace: [ 62.307790][ T6835] dump_stack+0x18f/0x20d [ 62.312146][ T6835] check_preemption_disabled+0x20d/0x220 [ 62.317796][ T6835] ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.322943][ T6835] ? ext4_ext_search_right+0x2ca/0xb20 [ 62.328413][ T6835] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 62.334166][ T6835] ext4_ext_map_blocks+0x201b/0x33e0 [ 62.339827][ T6835] ? ext4_ext_release+0x10/0x10 [ 62.344749][ T6835] ? down_write_killable+0x170/0x170 [ 62.350130][ T6835] ? ext4_es_lookup_extent+0x41d/0xd10 [ 62.355950][ T6835] ext4_map_blocks+0x4cb/0x1640 [ 62.361182][ T6835] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 62.366464][ T6835] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.372104][ T6835] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.378517][ T6835] ? prandom_u32_state+0xe/0x170 [ 62.383436][ T6835] ? __brelse+0x84/0xa0 [ 62.387595][ T6835] ? __ext4_new_inode+0x144/0x55e0 [ 62.392709][ T6835] ext4_getblk+0xad/0x520 [ 62.397161][ T6835] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 62.402882][ T6835] ? ext4_free_inode+0x1700/0x1700 [ 62.407981][ T6835] ext4_bread+0x7c/0x380 [ 62.412211][ T6835] ? ext4_getblk+0x520/0x520 [ 62.416781][ T6835] ? dquot_get_next_dqblk+0x180/0x180 [ 62.422141][ T6835] ext4_append+0x153/0x360 [ 62.426591][ T6835] ext4_mkdir+0x5e0/0xdf0 [ 62.430916][ T6835] ? ext4_rmdir+0xde0/0xde0 [ 62.435428][ T6835] ? security_inode_permission+0xc4/0xf0 [ 62.441049][ T6835] vfs_mkdir+0x419/0x690 [ 62.445276][ T6835] do_mkdirat+0x21e/0x280 [ 62.449731][ T6835] ? __ia32_sys_mknod+0xb0/0xb0 [ 62.454602][ T6835] ? do_syscall_64+0x1c/0xe0 [ 62.459173][ T6835] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.465402][ T6835] do_syscall_64+0x60/0xe0 [ 62.470073][ T6835] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.476014][ T6835] RIP: 0033:0x45bee7 [ 62.479896][ T6835] Code: Bad RIP value. [ 62.484085][ T6835] RSP: 002b:00007ffdbe53be88 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 62.492757][ T6835] RAX: ffffffffffffffda RBX: 000000000000f336 RCX: 000000000045bee7 [ 62.500835][ T6835] RDX: 00007ffdbe53bed3 RSI: 00000000000001ff RDI: 00007ffdbe53bed0 [ 62.509172][ T6835] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/14 11:56:20 building call list... [ 62.517129][ T6835] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 62.525458][ T6835] R13: 00007ffdbe53bec0 R14: 000000000000f331 R15: 00007ffdbe53bed0 [ 62.757551][ T21] tipc: TX() has been purged, node left! [ 63.299689][ T21] ================================================================== [ 63.307912][ T21] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 63.315840][ T21] Write of size 1 at addr ffff8880995a49e4 by task kworker/u4:1/21 [ 63.323737][ T21] [ 63.326074][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.7.0-syzkaller #0 [ 63.334565][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.344708][ T21] Workqueue: netns cleanup_net [ 63.349468][ T21] Call Trace: [ 63.352849][ T21] dump_stack+0x18f/0x20d [ 63.357180][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.362721][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.368273][ T21] ? afs_put_call+0xa40/0xa40 [ 63.372946][ T21] print_address_description.constprop.0.cold+0xd3/0x413 [ 63.379979][ T21] ? vprintk_func+0x97/0x1a6 [ 63.384573][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.390115][ T21] kasan_report.cold+0x1f/0x37 [ 63.394881][ T21] ? rcu_read_lock_held+0x81/0xb0 [ 63.399901][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.405445][ T21] afs_wake_up_async_call+0x6aa/0x770 [ 63.410825][ T21] ? afs_close_socket+0x320/0x320 [ 63.415856][ T21] ? afs_put_call+0xa40/0xa40 [ 63.420540][ T21] rxrpc_notify_socket+0x1db/0x5d0 [ 63.425652][ T21] ? afs_put_call+0xa40/0xa40 [ 63.430342][ T21] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 63.436769][ T21] rxrpc_call_completed+0xca/0xf0 [ 63.441811][ T21] rxrpc_discard_prealloc+0x781/0xab0 [ 63.447190][ T21] ? lock_sock_nested+0x94/0x110 [ 63.452133][ T21] rxrpc_listen+0x147/0x360 [ 63.456640][ T21] afs_close_socket+0x95/0x320 [ 63.461402][ T21] ? afs_purge_servers+0x16d/0x300 [ 63.466533][ T21] ? afs_rx_discard_new_call+0x50/0x50 [ 63.472116][ T21] ? init_wait_var_entry+0x200/0x200 [ 63.477427][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 63.483076][ T21] ? check_preemption_disabled+0x38/0x220 [ 63.488817][ T21] afs_net_exit+0x1bc/0x310 [ 63.493338][ T21] ? afs_net_init+0xe30/0xe30 [ 63.498015][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 63.503290][ T21] cleanup_net+0x511/0xa50 [ 63.507713][ T21] ? unregister_pernet_device+0x70/0x70 [ 63.513407][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.519416][ T21] process_one_work+0x965/0x1690 [ 63.524454][ T21] ? lock_release+0x800/0x800 [ 63.529137][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.534523][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 63.539473][ T21] worker_thread+0x96/0xe10 [ 63.543996][ T21] ? process_one_work+0x1690/0x1690 [ 63.549200][ T21] kthread+0x3b5/0x4a0 [ 63.553266][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.559004][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.564729][ T21] ret_from_fork+0x1f/0x30 [ 63.569154][ T21] [ 63.571473][ T21] Allocated by task 6835: [ 63.575815][ T21] save_stack+0x1b/0x40 [ 63.579964][ T21] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 63.585698][ T21] kmem_cache_alloc_trace+0x153/0x7d0 [ 63.591951][ T21] afs_alloc_call+0x55/0x630 [ 63.596544][ T21] afs_charge_preallocation+0xe9/0x2d0 [ 63.602016][ T21] afs_open_socket+0x292/0x360 [ 63.606778][ T21] afs_net_init+0xa6c/0xe30 [ 63.611274][ T21] ops_init+0xaf/0x420 [ 63.615951][ T21] setup_net+0x2de/0x860 [ 63.620187][ T21] copy_net_ns+0x293/0x590 [ 63.624615][ T21] create_new_namespaces+0x3fb/0xb30 [ 63.629895][ T21] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 63.635953][ T21] ksys_unshare+0x43d/0x8e0 [ 63.640448][ T21] __x64_sys_unshare+0x2d/0x40 [ 63.645205][ T21] do_syscall_64+0x60/0xe0 [ 63.649615][ T21] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.655496][ T21] [ 63.657821][ T21] Freed by task 21: [ 63.661626][ T21] save_stack+0x1b/0x40 [ 63.665775][ T21] __kasan_slab_free+0xf7/0x140 [ 63.670619][ T21] kfree+0x109/0x2b0 [ 63.674515][ T21] afs_put_call+0x585/0xa40 [ 63.679019][ T21] rxrpc_discard_prealloc+0x764/0xab0 [ 63.684384][ T21] rxrpc_listen+0x147/0x360 [ 63.688886][ T21] afs_close_socket+0x95/0x320 [ 63.693650][ T21] afs_net_exit+0x1bc/0x310 [ 63.698146][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 63.703246][ T21] cleanup_net+0x511/0xa50 [ 63.707656][ T21] process_one_work+0x965/0x1690 [ 63.712588][ T21] worker_thread+0x96/0xe10 [ 63.717350][ T21] kthread+0x3b5/0x4a0 [ 63.721414][ T21] ret_from_fork+0x1f/0x30 [ 63.725815][ T21] [ 63.728138][ T21] The buggy address belongs to the object at ffff8880995a4800 [ 63.728138][ T21] which belongs to the cache kmalloc-1k of size 1024 [ 63.742210][ T21] The buggy address is located 484 bytes inside of [ 63.742210][ T21] 1024-byte region [ffff8880995a4800, ffff8880995a4c00) [ 63.755554][ T21] The buggy address belongs to the page: [ 63.761218][ T21] page:ffffea0002656900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 63.770446][ T21] flags: 0xfffe0000000200(slab) [ 63.775385][ T21] raw: 00fffe0000000200 ffffea00029cb788 ffffea00027b5608 ffff8880aa000c40 [ 63.784924][ T21] raw: 0000000000000000 ffff8880995a4000 0000000100000002 0000000000000000 [ 63.793589][ T21] page dumped because: kasan: bad access detected [ 63.799992][ T21] [ 63.802311][ T21] Memory state around the buggy address: [ 63.807934][ T21] ffff8880995a4880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.816000][ T21] ffff8880995a4900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.824054][ T21] >ffff8880995a4980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.832273][ T21] ^ [ 63.839560][ T21] ffff8880995a4a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.847621][ T21] ffff8880995a4a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.855678][ T21] ================================================================== [ 63.863729][ T21] Disabling lock debugging due to kernel taint [ 63.869964][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 63.876559][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Tainted: G B 5.7.0-syzkaller #0 [ 63.886938][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.897007][ T21] Workqueue: netns cleanup_net [ 63.901781][ T21] Call Trace: [ 63.905082][ T21] dump_stack+0x18f/0x20d [ 63.909512][ T21] ? afs_wake_up_async_call+0x5f0/0x770 [ 63.915065][ T21] ? afs_put_call+0xa40/0xa40 [ 63.919833][ T21] panic+0x2e3/0x75c [ 63.923731][ T21] ? __warn_printk+0xf3/0xf3 [ 63.928338][ T21] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 63.934498][ T21] ? trace_hardirqs_on+0x55/0x220 [ 63.939573][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.945101][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.950652][ T21] ? afs_put_call+0xa40/0xa40 [ 63.955321][ T21] end_report+0x4d/0x53 [ 63.959514][ T21] kasan_report.cold+0xd/0x37 [ 63.964182][ T21] ? rcu_read_lock_held+0x81/0xb0 [ 63.969186][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.974909][ T21] afs_wake_up_async_call+0x6aa/0x770 [ 63.980277][ T21] ? afs_close_socket+0x320/0x320 [ 63.985447][ T21] ? afs_put_call+0xa40/0xa40 [ 63.990143][ T21] rxrpc_notify_socket+0x1db/0x5d0 [ 63.995259][ T21] ? afs_put_call+0xa40/0xa40 [ 63.999941][ T21] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 64.006350][ T21] rxrpc_call_completed+0xca/0xf0 [ 64.011386][ T21] rxrpc_discard_prealloc+0x781/0xab0 [ 64.016752][ T21] ? lock_sock_nested+0x94/0x110 [ 64.021682][ T21] rxrpc_listen+0x147/0x360 [ 64.026171][ T21] afs_close_socket+0x95/0x320 [ 64.031037][ T21] ? afs_purge_servers+0x16d/0x300 [ 64.036403][ T21] ? afs_rx_discard_new_call+0x50/0x50 [ 64.041930][ T21] ? init_wait_var_entry+0x200/0x200 [ 64.047476][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 64.053116][ T21] ? check_preemption_disabled+0x38/0x220 [ 64.058947][ T21] afs_net_exit+0x1bc/0x310 [ 64.063455][ T21] ? afs_net_init+0xe30/0xe30 [ 64.068122][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 64.073243][ T21] cleanup_net+0x511/0xa50 [ 64.077667][ T21] ? unregister_pernet_device+0x70/0x70 [ 64.083208][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.089366][ T21] process_one_work+0x965/0x1690 [ 64.094536][ T21] ? lock_release+0x800/0x800 [ 64.099377][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 64.104756][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 64.109851][ T21] worker_thread+0x96/0xe10 [ 64.114382][ T21] ? process_one_work+0x1690/0x1690 [ 64.119574][ T21] kthread+0x3b5/0x4a0 [ 64.123633][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.129329][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.135043][ T21] ret_from_fork+0x1f/0x30 [ 64.141125][ T21] Kernel Offset: disabled [ 64.145462][ T21] Rebooting in 86400 seconds..