[ OK ] Reached target Basic System. Starting Permit User Sessions... Starting getty on tty2-tty6 if dbus and logind are not available... Starting System Logging Service... Starting OpenBSD Secure Shell server... [ OK ] Started Regular background program processing daemon. [ OK ] Started Permit User Sessions. [ OK ] Started System Logging Service. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ 53.756679][ T6746] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6746 [ 53.766213][ T6746] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 53.772560][ T6746] CPU: 1 PID: 6746 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 53.781090][ T6746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.791125][ T6746] Call Trace: [ 53.794496][ T6746] dump_stack+0x18f/0x20d [ 53.798823][ T6746] check_preemption_disabled+0x20d/0x220 [ 53.804434][ T6746] ext4_mb_new_blocks+0xa4d/0x3b70 [ 53.809532][ T6746] ? ext4_ext_search_right+0x2ca/0xb20 [ 53.814964][ T6746] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 53.820664][ T6746] ext4_ext_map_blocks+0x201b/0x33e0 [ 53.825950][ T6746] ? ext4_ext_release+0x10/0x10 [ 53.830790][ T6746] ? down_write_killable+0x170/0x170 [ 53.836059][ T6746] ? ext4_es_lookup_extent+0x41d/0xd10 [ 53.841513][ T6746] ext4_map_blocks+0x4cb/0x1640 [ 53.846360][ T6746] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 53.851534][ T6746] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 53.857144][ T6746] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 53.863103][ T6746] ? prandom_u32_state+0xe/0x170 [ 53.868020][ T6746] ? __brelse+0x84/0xa0 [ 53.872154][ T6746] ? __ext4_new_inode+0x144/0x55e0 [ 53.877248][ T6746] ext4_getblk+0xad/0x520 [ 53.881558][ T6746] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 53.887274][ T6746] ? ext4_free_inode+0x1700/0x1700 [ 53.892364][ T6746] ext4_bread+0x7c/0x380 [ 53.896609][ T6746] ? ext4_getblk+0x520/0x520 [ 53.901215][ T6746] ? dquot_get_next_dqblk+0x180/0x180 [ 53.906570][ T6746] ext4_append+0x153/0x360 [ 53.910969][ T6746] ext4_mkdir+0x5e0/0xdf0 [ 53.915288][ T6746] ? ext4_rmdir+0xde0/0xde0 [ 53.919789][ T6746] ? security_inode_permission+0xc4/0xf0 [ 53.925428][ T6746] vfs_mkdir+0x419/0x690 [ 53.929651][ T6746] do_mkdirat+0x21e/0x280 [ 53.933961][ T6746] ? __ia32_sys_mknod+0xb0/0xb0 [ 53.938813][ T6746] ? do_syscall_64+0x1c/0xe0 [ 53.943382][ T6746] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 53.949343][ T6746] do_syscall_64+0x60/0xe0 [ 53.953756][ T6746] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 53.959627][ T6746] RIP: 0033:0x7f830982e687 [ 53.964033][ T6746] Code: Bad RIP value. [ 53.968074][ T6746] RSP: 002b:00007ffdcf73f968 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 53.976466][ T6746] RAX: ffffffffffffffda RBX: 0000563e2d58a985 RCX: 00007f830982e687 [ 53.984416][ T6746] RDX: 00007ffdcf73f830 RSI: 00000000000001ed RDI: 0000563e2d58a985 [ 53.992392][ T6746] RBP: 00007f830982e680 R08: 0000000000000100 R09: 0000000000000000 [ 54.000342][ T6746] R10: 0000563e2d58a980 R11: 0000000000000246 R12: 00000000000001ed [ 54.008300][ T6746] R13: 00007ffdcf73faf0 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.15.203' (ECDSA) to the list of known hosts. 2020/06/14 05:39:58 fuzzer started 2020/06/14 05:39:59 connecting to host at 10.128.0.26:36645 2020/06/14 05:39:59 checking machine... 2020/06/14 05:39:59 checking revisions... 2020/06/14 05:39:59 testing simple program... syzkaller login: [ 58.670097][ T6817] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6817 [ 58.679478][ T6817] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.685577][ T6817] CPU: 0 PID: 6817 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 58.693515][ T6817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.703825][ T6817] Call Trace: [ 58.707703][ T6817] dump_stack+0x18f/0x20d [ 58.712031][ T6817] check_preemption_disabled+0x20d/0x220 [ 58.717664][ T6817] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.722766][ T6817] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.728207][ T6817] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.734053][ T6817] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.739437][ T6817] ? ext4_ext_release+0x10/0x10 [ 58.745944][ T6817] ? down_write_killable+0x170/0x170 [ 58.751227][ T6817] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.756688][ T6817] ext4_map_blocks+0x4cb/0x1640 [ 58.762513][ T6817] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.767697][ T6817] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.773416][ T6817] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.779382][ T6817] ? prandom_u32_state+0xe/0x170 [ 58.784321][ T6817] ? __brelse+0x84/0xa0 [ 58.788637][ T6817] ? __ext4_new_inode+0x144/0x55e0 [ 58.793750][ T6817] ext4_getblk+0xad/0x520 [ 58.798069][ T6817] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.803970][ T6817] ? ext4_free_inode+0x1700/0x1700 [ 58.809073][ T6817] ext4_bread+0x7c/0x380 [ 58.813305][ T6817] ? ext4_getblk+0x520/0x520 [ 58.817879][ T6817] ? dquot_get_next_dqblk+0x180/0x180 [ 58.823239][ T6817] ext4_append+0x153/0x360 [ 58.829656][ T6817] ext4_mkdir+0x5e0/0xdf0 [ 58.834277][ T6817] ? ext4_rmdir+0xde0/0xde0 [ 58.838767][ T6817] ? security_inode_permission+0xc4/0xf0 [ 58.844389][ T6817] vfs_mkdir+0x419/0x690 [ 58.848620][ T6817] do_mkdirat+0x21e/0x280 [ 58.852937][ T6817] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.857772][ T6817] ? do_syscall_64+0x1c/0xe0 [ 58.862345][ T6817] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.868309][ T6817] do_syscall_64+0x60/0xe0 [ 58.872716][ T6817] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.878594][ T6817] RIP: 0033:0x4b02a0 [ 58.882474][ T6817] Code: Bad RIP value. [ 58.887055][ T6817] RSP: 002b:000000c0000e14b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 58.895451][ T6817] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 58.903422][ T6817] RDX: 00000000000001c0 RSI: 000000c000026440 RDI: ffffffffffffff9c [ 58.911396][ T6817] RBP: 000000c0000e1510 R08: 0000000000000000 R09: 0000000000000000 [ 58.919351][ T6817] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 58.927329][ T6817] R13: 0000000000000023 R14: 0000000000000022 R15: 0000000000000100 [ 58.966323][ T6821] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6821 [ 58.976203][ T6821] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.982192][ T6821] CPU: 1 PID: 6821 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 58.990567][ T6821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.000782][ T6821] Call Trace: [ 59.004086][ T6821] dump_stack+0x18f/0x20d [ 59.008415][ T6821] check_preemption_disabled+0x20d/0x220 [ 59.014047][ T6821] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.019161][ T6821] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.024613][ T6821] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.030328][ T6821] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.035610][ T6821] ? ext4_ext_release+0x10/0x10 [ 59.040455][ T6821] ? down_write_killable+0x170/0x170 [ 59.045829][ T6821] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.051297][ T6821] ext4_map_blocks+0x4cb/0x1640 [ 59.056248][ T6821] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.061695][ T6821] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.067253][ T6821] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.073309][ T6821] ? prandom_u32_state+0xe/0x170 [ 59.078228][ T6821] ? __brelse+0x84/0xa0 [ 59.082367][ T6821] ? __ext4_new_inode+0x144/0x55e0 [ 59.087471][ T6821] ext4_getblk+0xad/0x520 [ 59.091784][ T6821] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.097505][ T6821] ? ext4_free_inode+0x1700/0x1700 [ 59.102604][ T6821] ext4_bread+0x7c/0x380 [ 59.106857][ T6821] ? ext4_getblk+0x520/0x520 [ 59.111448][ T6821] ? dquot_get_next_dqblk+0x180/0x180 [ 59.116889][ T6821] ext4_append+0x153/0x360 [ 59.121298][ T6821] ext4_mkdir+0x5e0/0xdf0 [ 59.125702][ T6821] ? ext4_rmdir+0xde0/0xde0 [ 59.130255][ T6821] ? security_inode_permission+0xc4/0xf0 [ 59.135874][ T6821] vfs_mkdir+0x419/0x690 [ 59.140101][ T6821] do_mkdirat+0x21e/0x280 [ 59.144413][ T6821] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.149247][ T6821] ? do_syscall_64+0x1c/0xe0 [ 59.153873][ T6821] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.159840][ T6821] do_syscall_64+0x60/0xe0 [ 59.164393][ T6821] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.170364][ T6821] RIP: 0033:0x45bee7 [ 59.174232][ T6821] Code: Bad RIP value. [ 59.178276][ T6821] RSP: 002b:00007ffc48e28108 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.186674][ T6821] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 59.194748][ T6821] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffc48e282e0 [ 59.202714][ T6821] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 00000000000032c0 [ 59.210676][ T6821] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 59.218637][ T6821] R13: 00007ffc48e282e0 R14: 8421084210842109 R15: 00007ffc48e282ec [ 59.319584][ T1156] BUG: using smp_processor_id() in preemptible [00000000] code: khugepaged/1156 [ 59.329039][ T1156] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.334949][ T1156] CPU: 1 PID: 1156 Comm: khugepaged Not tainted 5.7.0-syzkaller #0 [ 59.342869][ T1156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.352925][ T1156] Call Trace: [ 59.356227][ T1156] dump_stack+0x18f/0x20d [ 59.357164][ T6823] IPVS: ftp: loaded support on port[0] = 21 [ 59.360563][ T1156] check_preemption_disabled+0x20d/0x220 [ 59.372086][ T1156] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.377244][ T1156] ? ext4_find_extent+0x81a/0xad0 [ 59.382282][ T1156] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.387747][ T1156] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.393597][ T1156] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.398909][ T1156] ? ext4_ext_release+0x10/0x10 [ 59.403788][ T1156] ? down_write_killable+0x170/0x170 [ 59.409080][ T1156] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.409493][ T6823] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6823 [ 59.414547][ T1156] ext4_map_blocks+0x4cb/0x1640 [ 59.414567][ T1156] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.414595][ T1156] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.424001][ T6823] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.428808][ T1156] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.428824][ T1156] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 59.428843][ T1156] ext4_writepages+0x1a7b/0x33c0 [ 59.428862][ T1156] ? lock_release+0x7c0/0x800 [ 59.428891][ T1156] ? __ext4_mark_inode_dirty+0x940/0x940 [ 59.428931][ T1156] ? __ext4_mark_inode_dirty+0x940/0x940 [ 59.428951][ T1156] ? do_writepages+0xfa/0x2a0 [ 59.482467][ T1156] do_writepages+0xfa/0x2a0 [ 59.486972][ T1156] ? page_writeback_cpu_online+0x10/0x10 [ 59.492603][ T1156] ? do_raw_spin_lock+0x120/0x2d0 [ 59.497628][ T1156] ? do_raw_spin_unlock+0x171/0x260 [ 59.502823][ T1156] ? _raw_spin_unlock+0x24/0x40 [ 59.507689][ T1156] __filemap_fdatawrite_range+0x2aa/0x390 [ 59.514174][ T1156] ? collapse_file+0x35a2/0x4330 [ 59.519120][ T1156] ? delete_from_page_cache_batch+0xeb0/0xeb0 [ 59.525196][ T1156] ? _raw_spin_unlock_irq+0x1f/0x80 [ 59.530396][ T1156] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.536366][ T1156] collapse_file+0x35ac/0x4330 [ 59.541130][ T1156] ? collapse_huge_page+0x4350/0x4350 [ 59.546490][ T1156] ? khugepaged+0x2506/0x3fc0 [ 59.551307][ T1156] ? xas_find+0x31a/0x880 [ 59.555629][ T1156] ? check_preemption_disabled+0x38/0x220 [ 59.561343][ T1156] khugepaged+0x3041/0x3fc0 [ 59.566551][ T1156] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 59.572429][ T1156] ? lock_downgrade+0x840/0x840 [ 59.577452][ T1156] ? finish_wait+0x260/0x260 [ 59.582116][ T1156] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 59.587922][ T1156] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.593889][ T1156] ? __kthread_parkme+0x13f/0x1e0 [ 59.598897][ T1156] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 59.604515][ T1156] kthread+0x3b5/0x4a0 [ 59.608570][ T1156] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 59.614272][ T1156] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 59.619990][ T1156] ret_from_fork+0x1f/0x30 [ 59.624407][ T6823] CPU: 0 PID: 6823 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 59.632658][ T6823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.642716][ T6823] Call Trace: [ 59.646047][ T6823] dump_stack+0x18f/0x20d [ 59.650394][ T6823] check_preemption_disabled+0x20d/0x220 [ 59.656038][ T6823] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.661167][ T6823] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.666626][ T6823] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.672352][ T6823] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.677662][ T6823] ? ext4_ext_release+0x10/0x10 [ 59.682875][ T6823] ? down_write_killable+0x170/0x170 [ 59.688607][ T6823] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.694094][ T6823] ext4_map_blocks+0x4cb/0x1640 [ 59.699031][ T6823] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.704388][ T6823] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.709920][ T6823] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.716070][ T6823] ? prandom_u32_state+0xe/0x170 [ 59.721008][ T6823] ? __brelse+0x84/0xa0 [ 59.721574][ T1156] BUG: using smp_processor_id() in preemptible [00000000] code: khugepaged/1156 [ 59.725159][ T6823] ? __ext4_new_inode+0x144/0x55e0 [ 59.725180][ T6823] ext4_getblk+0xad/0x520 [ 59.725198][ T6823] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.725220][ T6823] ? ext4_free_inode+0x1700/0x1700 [ 59.725239][ T6823] ext4_bread+0x7c/0x380 [ 59.725252][ T6823] ? ext4_getblk+0x520/0x520 [ 59.725269][ T6823] ? dquot_get_next_dqblk+0x180/0x180 [ 59.734436][ T1156] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.739538][ T6823] ext4_append+0x153/0x360 [ 59.739556][ T6823] ext4_mkdir+0x5e0/0xdf0 [ 59.739578][ T6823] ? ext4_rmdir+0xde0/0xde0 [ 59.739596][ T6823] ? security_inode_permission+0xc4/0xf0 [ 59.739621][ T6823] vfs_mkdir+0x419/0x690 [ 59.798584][ T6823] do_mkdirat+0x21e/0x280 [ 59.802902][ T6823] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.807749][ T6823] ? do_syscall_64+0x1c/0xe0 [ 59.812340][ T6823] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.818312][ T6823] do_syscall_64+0x60/0xe0 [ 59.822728][ T6823] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.828603][ T6823] RIP: 0033:0x45bee7 [ 59.832499][ T6823] Code: Bad RIP value. [ 59.836642][ T6823] RSP: 002b:00007ffc48e27ff8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 59.845120][ T6823] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 59.853076][ T6823] RDX: 00007ffc48e28043 RSI: 00000000000001ff RDI: 00007ffc48e28040 [ 59.861468][ T6823] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 59.872477][ T6823] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 59.880440][ T6823] R13: 00007ffc48e28030 R14: 0000000000000000 R15: 00007ffc48e28040 [ 59.888421][ T1156] CPU: 1 PID: 1156 Comm: khugepaged Not tainted 5.7.0-syzkaller #0 [ 59.896323][ T1156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.906567][ T1156] Call Trace: [ 59.909866][ T1156] dump_stack+0x18f/0x20d [ 59.914213][ T1156] check_preemption_disabled+0x20d/0x220 [ 59.919884][ T1156] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.925029][ T1156] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.930510][ T1156] ? ext4_ext_next_allocated_block+0x221/0x2d0 [ 59.936679][ T1156] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.942036][ T1156] ? ext4_ext_release+0x10/0x10 [ 59.946924][ T1156] ? down_write_killable+0x170/0x170 [ 59.952222][ T1156] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.957699][ T1156] ext4_map_blocks+0x4cb/0x1640 [ 59.962603][ T1156] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.968188][ T1156] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.973749][ T1156] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.980188][ T1156] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 59.985671][ T1156] ext4_writepages+0x1a7b/0x33c0 [ 59.990621][ T1156] ? lock_release+0x7c0/0x800 [ 59.995325][ T1156] ? __ext4_mark_inode_dirty+0x940/0x940 [ 60.001006][ T1156] ? __ext4_mark_inode_dirty+0x940/0x940 [ 60.006674][ T1156] ? do_writepages+0xfa/0x2a0 [ 60.011367][ T1156] do_writepages+0xfa/0x2a0 [ 60.015900][ T1156] ? page_writeback_cpu_online+0x10/0x10 [ 60.022067][ T1156] ? do_raw_spin_lock+0x120/0x2d0 [ 60.027105][ T1156] ? do_raw_spin_unlock+0x171/0x260 [ 60.032332][ T1156] ? _raw_spin_unlock+0x24/0x40 [ 60.033233][ T6823] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6823 [ 60.037191][ T1156] __filemap_fdatawrite_range+0x2aa/0x390 [ 60.037206][ T1156] ? collapse_file+0x35a2/0x4330 [ 60.037219][ T1156] ? delete_from_page_cache_batch+0xeb0/0xeb0 [ 60.037244][ T1156] ? _raw_spin_unlock_irq+0x1f/0x80 [ 60.037259][ T1156] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.037283][ T1156] collapse_file+0x35ac/0x4330 [ 60.046734][ T6823] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.052403][ T1156] ? collapse_huge_page+0x4350/0x4350 [ 60.091085][ T1156] ? khugepaged+0x2506/0x3fc0 [ 60.095759][ T1156] ? xas_find+0x31a/0x880 [ 60.100091][ T1156] ? check_preemption_disabled+0x38/0x220 [ 60.105803][ T1156] khugepaged+0x3041/0x3fc0 [ 60.110321][ T1156] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 60.115943][ T1156] ? lock_downgrade+0x840/0x840 [ 60.120896][ T1156] ? finish_wait+0x260/0x260 [ 60.125664][ T1156] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 60.131456][ T1156] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.137422][ T1156] ? __kthread_parkme+0x13f/0x1e0 [ 60.142479][ T1156] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 60.148105][ T1156] kthread+0x3b5/0x4a0 [ 60.152165][ T1156] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.157872][ T1156] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.163586][ T1156] ret_from_fork+0x1f/0x30 [ 60.168107][ T6823] CPU: 0 PID: 6823 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.176362][ T6823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.186432][ T6823] Call Trace: [ 60.189745][ T6823] dump_stack+0x18f/0x20d [ 60.194203][ T6823] check_preemption_disabled+0x20d/0x220 [ 60.199867][ T6823] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.205008][ T6823] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.210578][ T6823] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.216314][ T6823] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.221664][ T6823] ? ext4_ext_release+0x10/0x10 [ 60.226568][ T6823] ? down_write_killable+0x170/0x170 [ 60.231876][ T6823] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.237350][ T6823] ext4_map_blocks+0x4cb/0x1640 [ 60.242214][ T6823] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.247423][ T6823] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.248943][ T1156] BUG: using smp_processor_id() in preemptible [00000000] code: khugepaged/1156 [ 60.252996][ T6823] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.253009][ T6823] ? prandom_u32_state+0xe/0x170 [ 60.253025][ T6823] ? __brelse+0x84/0xa0 [ 60.253039][ T6823] ? __ext4_new_inode+0x144/0x55e0 [ 60.253057][ T6823] ext4_getblk+0xad/0x520 [ 60.253073][ T6823] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.253093][ T6823] ? ext4_free_inode+0x1700/0x1700 [ 60.253109][ T6823] ext4_bread+0x7c/0x380 [ 60.253125][ T6823] ? ext4_getblk+0x520/0x520 [ 60.253145][ T6823] ? dquot_get_next_dqblk+0x180/0x180 [ 60.253170][ T6823] ext4_append+0x153/0x360 [ 60.253190][ T6823] ext4_mkdir+0x5e0/0xdf0 [ 60.253214][ T6823] ? ext4_rmdir+0xde0/0xde0 [ 60.253233][ T6823] ? security_inode_permission+0xc4/0xf0 [ 60.253256][ T6823] vfs_mkdir+0x419/0x690 [ 60.253275][ T6823] do_mkdirat+0x21e/0x280 [ 60.262453][ T1156] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.268376][ T6823] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.268393][ T6823] ? do_syscall_64+0x1c/0xe0 [ 60.268408][ T6823] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.268426][ T6823] do_syscall_64+0x60/0xe0 [ 60.268443][ T6823] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.268459][ T6823] RIP: 0033:0x45bee7 [ 60.374811][ T6823] Code: Bad RIP value. [ 60.378869][ T6823] RSP: 002b:00007ffc48e27ff8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 60.387284][ T6823] RAX: ffffffffffffffda RBX: 000000000000ea02 RCX: 000000000045bee7 [ 60.395280][ T6823] RDX: 00007ffc48e28043 RSI: 00000000000001ff RDI: 00007ffc48e28040 [ 60.403236][ T6823] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 60.411194][ T6823] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 60.419171][ T6823] R13: 00007ffc48e28030 R14: 000000000000e9fd R15: 00007ffc48e28040 [ 60.427150][ T1156] CPU: 1 PID: 1156 Comm: khugepaged Not tainted 5.7.0-syzkaller #0 [ 60.435053][ T1156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.445108][ T1156] Call Trace: [ 60.448400][ T1156] dump_stack+0x18f/0x20d [ 60.452822][ T1156] check_preemption_disabled+0x20d/0x220 [ 60.458455][ T1156] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.463590][ T1156] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.469092][ T1156] ? ext4_ext_next_allocated_block+0x221/0x2d0 [ 60.475245][ T1156] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.480647][ T1156] ? ext4_ext_release+0x10/0x10 [ 60.485504][ T1156] ? down_write_killable+0x170/0x170 [ 60.491215][ T1156] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.496681][ T1156] ext4_map_blocks+0x4cb/0x1640 [ 60.501521][ T1156] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.506723][ T1156] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.512255][ T1156] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.518218][ T1156] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 60.524095][ T1156] ext4_writepages+0x1a7b/0x33c0 [ 60.529037][ T1156] ? lock_release+0x7c0/0x800 [ 60.533705][ T1156] ? __ext4_mark_inode_dirty+0x940/0x940 [ 60.539338][ T1156] ? __ext4_mark_inode_dirty+0x940/0x940 [ 60.544952][ T1156] ? do_writepages+0xfa/0x2a0 [ 60.549614][ T1156] do_writepages+0xfa/0x2a0 [ 60.554125][ T1156] ? page_writeback_cpu_online+0x10/0x10 [ 60.559741][ T1156] ? do_raw_spin_lock+0x120/0x2d0 [ 60.564751][ T1156] ? do_raw_spin_unlock+0x171/0x260 [ 60.570026][ T1156] ? _raw_spin_unlock+0x24/0x40 [ 60.574884][ T1156] __filemap_fdatawrite_range+0x2aa/0x390 [ 60.580587][ T1156] ? collapse_file+0x35a2/0x4330 [ 60.585509][ T1156] ? delete_from_page_cache_batch+0xeb0/0xeb0 [ 60.591580][ T1156] ? _raw_spin_unlock_irq+0x1f/0x80 [ 60.596762][ T1156] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.602736][ T1156] collapse_file+0x35ac/0x4330 [ 60.607527][ T1156] ? collapse_huge_page+0x4350/0x4350 [ 60.612881][ T1156] ? khugepaged+0x2506/0x3fc0 [ 60.617548][ T1156] ? xas_find+0x31a/0x880 [ 60.621892][ T1156] ? check_preemption_disabled+0x38/0x220 [ 60.629706][ T1156] khugepaged+0x3041/0x3fc0 [ 60.634222][ T1156] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 60.639840][ T1156] ? lock_downgrade+0x840/0x840 [ 60.644852][ T1156] ? finish_wait+0x260/0x260 [ 60.649435][ T1156] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 60.655223][ T1156] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.661275][ T1156] ? __kthread_parkme+0x13f/0x1e0 [ 60.666284][ T1156] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 60.671897][ T1156] kthread+0x3b5/0x4a0 [ 60.675948][ T1156] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.681672][ T1156] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.687379][ T1156] ret_from_fork+0x1f/0x30 2020/06/14 05:40:01 building call list... [ 60.876227][ T128] tipc: TX() has been purged, node left! [ 61.418403][ T128] ================================================================== [ 61.426728][ T128] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 61.434627][ T128] Write of size 1 at addr ffff8880a199d1e4 by task kworker/u4:4/128 [ 61.442594][ T128] [ 61.444927][ T128] CPU: 1 PID: 128 Comm: kworker/u4:4 Not tainted 5.7.0-syzkaller #0 [ 61.453037][ T128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.463533][ T128] Workqueue: netns cleanup_net [ 61.468306][ T128] Call Trace: [ 61.471613][ T128] dump_stack+0x18f/0x20d [ 61.475975][ T128] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.481517][ T128] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.487257][ T128] ? afs_put_call+0xa40/0xa40 [ 61.492024][ T128] print_address_description.constprop.0.cold+0xd3/0x413 [ 61.499152][ T128] ? vprintk_func+0x97/0x1a6 [ 61.503774][ T128] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.509409][ T128] kasan_report.cold+0x1f/0x37 [ 61.515664][ T128] ? rcu_read_lock_held+0x81/0xb0 [ 61.520792][ T128] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.526347][ T128] afs_wake_up_async_call+0x6aa/0x770 [ 61.531720][ T128] ? afs_close_socket+0x320/0x320 [ 61.536747][ T128] ? afs_put_call+0xa40/0xa40 [ 61.541426][ T128] rxrpc_notify_socket+0x1db/0x5d0 [ 61.546547][ T128] ? afs_put_call+0xa40/0xa40 [ 61.551237][ T128] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 61.557653][ T128] rxrpc_call_completed+0xca/0xf0 [ 61.562682][ T128] rxrpc_discard_prealloc+0x781/0xab0 [ 61.568146][ T128] ? lock_sock_nested+0x94/0x110 [ 61.573133][ T128] rxrpc_listen+0x147/0x360 [ 61.577724][ T128] afs_close_socket+0x95/0x320 [ 61.582486][ T128] ? afs_purge_servers+0x16d/0x300 [ 61.587596][ T128] ? afs_rx_discard_new_call+0x50/0x50 [ 61.593056][ T128] ? init_wait_var_entry+0x200/0x200 [ 61.598434][ T128] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.604069][ T128] ? check_preemption_disabled+0x38/0x220 [ 61.609825][ T128] afs_net_exit+0x1bc/0x310 [ 61.614327][ T128] ? afs_net_init+0xe30/0xe30 executing program [ 61.619012][ T128] ops_exit_list.isra.0+0xa8/0x150 [ 61.624125][ T128] cleanup_net+0x511/0xa50 [ 61.631760][ T128] ? unregister_pernet_device+0x70/0x70 [ 61.637306][ T128] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.643300][ T128] process_one_work+0x965/0x1690 [ 61.648251][ T128] ? lock_release+0x800/0x800 [ 61.652927][ T128] ? pwq_dec_nr_in_flight+0x310/0x310 [ 61.658310][ T128] ? rwlock_bug.part.0+0x90/0x90 [ 61.663260][ T128] worker_thread+0x96/0xe10 [ 61.667778][ T128] ? process_one_work+0x1690/0x1690 [ 61.672976][ T128] kthread+0x3b5/0x4a0 [ 61.677046][ T128] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.682761][ T128] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.688484][ T128] ret_from_fork+0x1f/0x30 [ 61.692910][ T128] [ 61.695751][ T128] Allocated by task 6823: [ 61.700080][ T128] save_stack+0x1b/0x40 [ 61.704232][ T128] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 61.709883][ T128] kmem_cache_alloc_trace+0x153/0x7d0 [ 61.715250][ T128] afs_alloc_call+0x55/0x630 [ 61.719838][ T128] afs_charge_preallocation+0xe9/0x2d0 [ 61.725289][ T128] afs_open_socket+0x292/0x360 [ 61.730059][ T128] afs_net_init+0xa6c/0xe30 [ 61.734555][ T128] ops_init+0xaf/0x420 [ 61.740102][ T128] setup_net+0x2de/0x860 [ 61.744353][ T128] copy_net_ns+0x293/0x590 [ 61.748775][ T128] create_new_namespaces+0x3fb/0xb30 [ 61.754079][ T128] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 61.759718][ T128] ksys_unshare+0x43d/0x8e0 [ 61.764230][ T128] __x64_sys_unshare+0x2d/0x40 [ 61.768994][ T128] do_syscall_64+0x60/0xe0 [ 61.773411][ T128] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.779348][ T128] [ 61.781670][ T128] Freed by task 128: [ 61.785563][ T128] save_stack+0x1b/0x40 [ 61.789718][ T128] __kasan_slab_free+0xf7/0x140 [ 61.794565][ T128] kfree+0x109/0x2b0 [ 61.798461][ T128] afs_put_call+0x585/0xa40 [ 61.802967][ T128] rxrpc_discard_prealloc+0x764/0xab0 [ 61.808336][ T128] rxrpc_listen+0x147/0x360 [ 61.812839][ T128] afs_close_socket+0x95/0x320 [ 61.817690][ T128] afs_net_exit+0x1bc/0x310 [ 61.822187][ T128] ops_exit_list.isra.0+0xa8/0x150 [ 61.827291][ T128] cleanup_net+0x511/0xa50 [ 61.832288][ T128] process_one_work+0x965/0x1690 [ 61.837223][ T128] worker_thread+0x96/0xe10 [ 61.841720][ T128] kthread+0x3b5/0x4a0 [ 61.845783][ T128] ret_from_fork+0x1f/0x30 [ 61.850184][ T128] [ 61.852509][ T128] The buggy address belongs to the object at ffff8880a199d000 [ 61.852509][ T128] which belongs to the cache kmalloc-1k of size 1024 [ 61.866572][ T128] The buggy address is located 484 bytes inside of [ 61.866572][ T128] 1024-byte region [ffff8880a199d000, ffff8880a199d400) [ 61.880060][ T128] The buggy address belongs to the page: [ 61.885726][ T128] page:ffffea0002866740 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 61.894847][ T128] flags: 0xfffe0000000200(slab) [ 61.899826][ T128] raw: 00fffe0000000200 ffffea0002904788 ffffea00027dd488 ffff8880aa000c40 [ 61.908414][ T128] raw: 0000000000000000 ffff8880a199d000 0000000100000002 0000000000000000 [ 61.917060][ T128] page dumped because: kasan: bad access detected [ 61.923484][ T128] [ 61.925806][ T128] Memory state around the buggy address: [ 61.931441][ T128] ffff8880a199d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.939493][ T128] ffff8880a199d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.947547][ T128] >ffff8880a199d180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.955617][ T128] ^ [ 61.962922][ T128] ffff8880a199d200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.971202][ T128] ffff8880a199d280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.979451][ T128] ================================================================== [ 61.987607][ T128] Disabling lock debugging due to kernel taint [ 61.993792][ T128] Kernel panic - not syncing: panic_on_warn set ... [ 62.000378][ T128] CPU: 1 PID: 128 Comm: kworker/u4:4 Tainted: G B 5.7.0-syzkaller #0 [ 62.009742][ T128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.019799][ T128] Workqueue: netns cleanup_net [ 62.024822][ T128] Call Trace: [ 62.028112][ T128] dump_stack+0x18f/0x20d [ 62.032440][ T128] ? afs_wake_up_async_call+0x5f0/0x770 [ 62.037972][ T128] ? afs_put_call+0xa40/0xa40 [ 62.042641][ T128] panic+0x2e3/0x75c [ 62.046529][ T128] ? __warn_printk+0xf3/0xf3 [ 62.051112][ T128] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 62.057263][ T128] ? trace_hardirqs_on+0x55/0x220 [ 62.062278][ T128] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.067810][ T128] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.073345][ T128] ? afs_put_call+0xa40/0xa40 [ 62.078012][ T128] end_report+0x4d/0x53 [ 62.082419][ T128] kasan_report.cold+0xd/0x37 [ 62.087091][ T128] ? rcu_read_lock_held+0x81/0xb0 [ 62.092104][ T128] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.097645][ T128] afs_wake_up_async_call+0x6aa/0x770 [ 62.103006][ T128] ? afs_close_socket+0x320/0x320 [ 62.108020][ T128] ? afs_put_call+0xa40/0xa40 [ 62.112693][ T128] rxrpc_notify_socket+0x1db/0x5d0 [ 62.117795][ T128] ? afs_put_call+0xa40/0xa40 [ 62.122465][ T128] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 62.128874][ T128] rxrpc_call_completed+0xca/0xf0 [ 62.133893][ T128] rxrpc_discard_prealloc+0x781/0xab0 [ 62.139280][ T128] ? lock_sock_nested+0x94/0x110 [ 62.144216][ T128] rxrpc_listen+0x147/0x360 [ 62.148713][ T128] afs_close_socket+0x95/0x320 [ 62.153464][ T128] ? afs_purge_servers+0x16d/0x300 [ 62.158567][ T128] ? afs_rx_discard_new_call+0x50/0x50 [ 62.164020][ T128] ? init_wait_var_entry+0x200/0x200 [ 62.169401][ T128] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.175558][ T128] ? check_preemption_disabled+0x38/0x220 [ 62.181272][ T128] afs_net_exit+0x1bc/0x310 [ 62.185788][ T128] ? afs_net_init+0xe30/0xe30 [ 62.190547][ T128] ops_exit_list.isra.0+0xa8/0x150 [ 62.195664][ T128] cleanup_net+0x511/0xa50 [ 62.200075][ T128] ? unregister_pernet_device+0x70/0x70 [ 62.205613][ T128] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.211592][ T128] process_one_work+0x965/0x1690 [ 62.216566][ T128] ? lock_release+0x800/0x800 [ 62.221256][ T128] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.226624][ T128] ? rwlock_bug.part.0+0x90/0x90 [ 62.231644][ T128] worker_thread+0x96/0xe10 [ 62.236145][ T128] ? process_one_work+0x1690/0x1690 [ 62.241335][ T128] kthread+0x3b5/0x4a0 [ 62.245394][ T128] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.251102][ T128] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.256812][ T128] ret_from_fork+0x1f/0x30 [ 62.262558][ T128] Kernel Offset: disabled [ 62.266878][ T128] Rebooting in 86400 seconds..