[ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. Starting Load/Save RF Kill Switch Status... [ OK ] Started Getty on tty1. [ 52.463812][ T6729] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6729 [ 52.473419][ T6729] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 52.479770][ T6729] CPU: 0 PID: 6729 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 52.488011][ T6729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.498059][ T6729] Call Trace: [ 52.501353][ T6729] dump_stack+0x188/0x20d [ 52.506077][ T6729] debug_smp_processor_id.cold+0x88/0x9b [ 52.506108][ T6729] ext4_mb_new_blocks+0xa77/0x3b30 [ 52.516900][ T6729] ? ext4_ext_search_right+0x2ca/0xb20 [ 52.516919][ T6729] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 52.528138][ T6729] ext4_ext_map_blocks+0x2044/0x3410 [ 52.533443][ T6729] ? ext4_ext_release+0x10/0x10 [ 52.538322][ T6729] ? __down_timeout+0x2d0/0x2d0 [ 52.543178][ T6729] ? ext4_es_lookup_extent+0x41d/0xd30 [[ 52.548641][ T6729] ext4_map_blocks+0x4cb/0x1640 [ 52.553555][ T6729] ? ext4_issue_zeroout+0x1e0/0x1e0  OK [0[ 52.558746][ T6729] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 52.565674][ T6729] ? rcu_read_lock_any_held.part.0+0x50/0x50 m[ 52.571649][ T6729] ? prandom_u32_state+0xe/0x170 [ 52.576669][ T6729] ? __brelse+0x84/0xa0 ] [ 52.580833][ T6729] ? __ext4_new_inode+0x144/0x57c0 [ 52.586107][ T6729] ext4_getblk+0xad/0x520 [ 52.590435][ T6729] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 52.596153][ T6729] ? ext4_free_inode+0x17e0/0x17e0 Started Serial G[ 52.601262][ T6729] ext4_bread+0x7c/0x380 [ 52.606885][ T6729] ? ext4_getblk+0x520/0x520 [ 52.611491][ T6729] ? dqget+0xff0/0xff0 etty on ttyS0.[ 52.615614][ T6729] ext4_append+0x153/0x360 [ 52.621245][ T6729] ext4_mkdir+0x5e0/0xdf0 [ 52.625590][ T6729] ? ext4_rmdir+0xde0/0xde0 [ 52.630239][ T6729] ? security_inode_permission+0xc4/0xf0 [ 52.635887][ T6729] vfs_mkdir+0x419/0x690 [ 52.640128][ T6729] do_mkdirat+0x21e/0x280 [ 52.644482][ T6729] ? __ia32_sys_mknod+0xb0/0xb0 [ 52.644506][ T6729] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 52.644533][ T6729] ? do_syscall_64+0x21/0x7d0 [ 52.660013][ T6729] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 52.666002][ T6729] do_syscall_64+0xf6/0x7d0 [[ 52.670523][ T6729] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 52.676489][ T6729] RIP: 0033:0x7ffa0581f687  OK [0[ 52.680903][ T6729] Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48 [ 52.702265][ T6729] RSP: 002b:00007ffd64fd4c48 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 52.712615][ T6729] RAX: ffffffffffffffda RBX: 0000558d4d97c985 RCX: 00007ffa0581f687 [ 52.720586][ T6729] RDX: 00007ffd64fd4b10 RSI: 00000000000001ed RDI: 0000558d4d97c985 [ 52.728570][ T6729] RBP: 00007ffa0581f680 R08: 0000000000000100 R09: 0000000000000000 [ 52.738373][ T6729] R10: 0000558d4d97c980 R11: 0000000000000246 R12: 00000000000001ed [ 52.746558][ T6729] R13: 00007ffd64fd4dd0 R14: 0000000000000000 R15: 0000000000000000 m] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 56.844927][ T4360] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:8/4360 [ 56.854225][ T4360] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 56.860479][ T4360] CPU: 1 PID: 4360 Comm: kworker/u4:8 Not tainted 5.7.0-syzkaller #0 [ 56.868555][ T4360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.878602][ T4360] Workqueue: writeback wb_workfn (flush-8:0) [ 56.884563][ T4360] Call Trace: [ 56.887856][ T4360] dump_stack+0x188/0x20d [ 56.892191][ T4360] debug_smp_processor_id.cold+0x88/0x9b [ 56.897904][ T4360] ext4_mb_new_blocks+0xa77/0x3b30 [ 56.903003][ T4360] ? __kmalloc+0x62f/0x7a0 [ 56.907403][ T4360] ? ext4_ext_search_right+0x2ca/0xb20 [ 56.912853][ T4360] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 56.918557][ T4360] ext4_ext_map_blocks+0x2044/0x3410 [ 56.923825][ T4360] ? ext4_ext_release+0x10/0x10 [ 56.928664][ T4360] ? __down_timeout+0x2d0/0x2d0 [ 56.933924][ T4360] ? ext4_es_lookup_extent+0x41d/0xd30 [ 56.939385][ T4360] ? debug_smp_processor_id+0x2f/0x185 [ 56.945193][ T4360] ext4_map_blocks+0x4cb/0x1640 [ 56.950065][ T4360] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 56.955245][ T4360] ? debug_smp_processor_id+0x2f/0x185 [ 56.961298][ T4360] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.966825][ T4360] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.972785][ T4360] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 56.978238][ T4360] ext4_writepages+0x1ab7/0x3400 [ 56.983184][ T4360] ? __ext4_mark_inode_dirty+0x950/0x950 [ 56.988936][ T4360] ? __lock_acquire+0x2224/0x48a0 [ 56.993976][ T4360] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.999958][ T4360] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.005943][ T4360] ? __ext4_mark_inode_dirty+0x950/0x950 [ 57.011821][ T4360] ? do_writepages+0xfa/0x2a0 [ 57.016653][ T4360] do_writepages+0xfa/0x2a0 [ 57.021156][ T4360] ? page_writeback_cpu_online+0x10/0x10 [ 57.026765][ T4360] ? debug_smp_processor_id+0x2f/0x185 [ 57.032213][ T4360] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.037750][ T4360] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.043705][ T4360] ? lock_downgrade+0x840/0x840 [ 57.048537][ T4360] __writeback_single_inode+0x12a/0x1410 [ 57.054150][ T4360] ? _raw_spin_unlock+0x24/0x40 [ 57.059760][ T4360] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 57.065741][ T4360] writeback_sb_inodes+0x515/0xdd0 [ 57.070835][ T4360] ? __writeback_single_inode+0x1410/0x1410 [ 57.077118][ T4360] __writeback_inodes_wb+0xc3/0x250 [ 57.082436][ T4360] wb_writeback+0x910/0xd90 [ 57.086944][ T4360] ? print_usage_bug+0x240/0x240 [ 57.091910][ T4360] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 57.098359][ T4360] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 57.104258][ T4360] ? cpumask_next+0x3c/0x40 [ 57.108748][ T4360] ? get_nr_dirty_inodes+0xd6/0x130 [ 57.113943][ T4360] wb_workfn+0xadf/0x10d0 [ 57.118265][ T4360] ? inode_wait_for_writeback+0x30/0x30 [ 57.123805][ T4360] ? debug_smp_processor_id+0x2f/0x185 [ 57.129260][ T4360] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.134831][ T4360] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.140837][ T4360] process_one_work+0x965/0x16a0 [ 57.145776][ T4360] ? lock_release+0x800/0x800 [ 57.150450][ T4360] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.155879][ T4360] ? rwlock_bug.part.0+0x90/0x90 [ 57.160803][ T4360] worker_thread+0x96/0xe10 [ 57.165293][ T4360] ? process_one_work+0x16a0/0x16a0 [ 57.170470][ T4360] kthread+0x388/0x470 [ 57.174540][ T4360] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.180251][ T4360] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.185970][ T4360] ret_from_fork+0x24/0x30 Warning: Permanently added '10.128.0.121' (ECDSA) to the list of known hosts. 2020/06/13 04:24:45 fuzzer started 2020/06/13 04:24:45 connecting to host at 10.128.0.26:46123 2020/06/13 04:24:45 checking machine... 2020/06/13 04:24:45 checking revisions... 2020/06/13 04:24:45 testing simple program... [ 57.990291][ T6801] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6801 [ 58.000289][ T6801] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 58.006293][ T6801] CPU: 1 PID: 6801 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 58.014393][ T6801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.024474][ T6801] Call Trace: [ 58.027882][ T6801] dump_stack+0x188/0x20d [ 58.032204][ T6801] debug_smp_processor_id.cold+0x88/0x9b [ 58.037834][ T6801] ext4_mb_new_blocks+0xa77/0x3b30 [ 58.042934][ T6801] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.048647][ T6801] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.054366][ T6801] ext4_ext_map_blocks+0x2044/0x3410 [ 58.059682][ T6801] ? ext4_ext_release+0x10/0x10 [ 58.064715][ T6801] ? __down_timeout+0x2d0/0x2d0 [ 58.069564][ T6801] ? ext4_es_lookup_extent+0x41d/0xd30 [ 58.075029][ T6801] ext4_map_blocks+0x4cb/0x1640 [ 58.079881][ T6801] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.085106][ T6801] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.090830][ T6801] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.098906][ T6801] ? prandom_u32_state+0xe/0x170 [ 58.103846][ T6801] ? __brelse+0x84/0xa0 [ 58.108043][ T6801] ? __ext4_new_inode+0x144/0x57c0 [ 58.113199][ T6801] ext4_getblk+0xad/0x520 [ 58.117550][ T6801] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.123258][ T6801] ? ext4_free_inode+0x17e0/0x17e0 [ 58.128354][ T6801] ext4_bread+0x7c/0x380 [ 58.132768][ T6801] ? ext4_getblk+0x520/0x520 [ 58.137340][ T6801] ? dqget+0xff0/0xff0 [ 58.141392][ T6801] ext4_append+0x153/0x360 [ 58.145810][ T6801] ext4_mkdir+0x5e0/0xdf0 [ 58.150136][ T6801] ? ext4_rmdir+0xde0/0xde0 [ 58.154657][ T6801] ? security_inode_permission+0xc4/0xf0 [ 58.160307][ T6801] vfs_mkdir+0x419/0x690 [ 58.164563][ T6801] do_mkdirat+0x21e/0x280 [ 58.168903][ T6801] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.173758][ T6801] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.179736][ T6801] ? do_syscall_64+0x21/0x7d0 [ 58.184414][ T6801] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.190387][ T6801] do_syscall_64+0xf6/0x7d0 [ 58.195614][ T6801] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.201580][ T6801] RIP: 0033:0x4b02a0 [ 58.205483][ T6801] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 58.225084][ T6801] RSP: 002b:000000c0000dd4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 58.234170][ T6801] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 58.242210][ T6801] RDX: 00000000000001c0 RSI: 000000c00009ee00 RDI: ffffffffffffff9c [ 58.250162][ T6801] RBP: 000000c0000dd510 R08: 0000000000000000 R09: 0000000000000000 [ 58.258130][ T6801] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 58.266089][ T6801] R13: 0000000000000071 R14: 0000000000000070 R15: 0000000000000100 [ 58.292694][ T6814] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6814 [ 58.302320][ T6814] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 58.308313][ T6814] CPU: 0 PID: 6814 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 58.316555][ T6814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.326607][ T6814] Call Trace: [ 58.329896][ T6814] dump_stack+0x188/0x20d [ 58.334215][ T6814] debug_smp_processor_id.cold+0x88/0x9b [ 58.339841][ T6814] ext4_mb_new_blocks+0xa77/0x3b30 [ 58.344939][ T6814] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.350489][ T6814] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.356190][ T6814] ext4_ext_map_blocks+0x2044/0x3410 [ 58.361482][ T6814] ? ext4_ext_release+0x10/0x10 [ 58.366319][ T6814] ? __down_timeout+0x2d0/0x2d0 [ 58.371171][ T6814] ? ext4_es_lookup_extent+0x41d/0xd30 [ 58.376643][ T6814] ext4_map_blocks+0x4cb/0x1640 [ 58.381488][ T6814] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.386668][ T6814] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.392200][ T6814] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.398181][ T6814] ? prandom_u32_state+0xe/0x170 [ 58.403216][ T6814] ? __brelse+0x84/0xa0 [ 58.407354][ T6814] ? __ext4_new_inode+0x144/0x57c0 [ 58.412452][ T6814] ext4_getblk+0xad/0x520 [ 58.416785][ T6814] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.422576][ T6814] ? ext4_free_inode+0x17e0/0x17e0 [ 58.427685][ T6814] ext4_bread+0x7c/0x380 [ 58.431925][ T6814] ? ext4_getblk+0x520/0x520 [ 58.436585][ T6814] ? dqget+0xff0/0xff0 [ 58.440635][ T6814] ext4_append+0x153/0x360 [ 58.445034][ T6814] ext4_mkdir+0x5e0/0xdf0 [ 58.449370][ T6814] ? ext4_rmdir+0xde0/0xde0 [ 58.453940][ T6814] ? security_inode_permission+0xc4/0xf0 [ 58.459555][ T6814] vfs_mkdir+0x419/0x690 [ 58.463776][ T6814] do_mkdirat+0x21e/0x280 [ 58.468087][ T6814] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.472924][ T6814] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.478914][ T6814] ? do_syscall_64+0x21/0x7d0 [ 58.484057][ T6814] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.490045][ T6814] do_syscall_64+0xf6/0x7d0 [ 58.494539][ T6814] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.500419][ T6814] RIP: 0033:0x45bee7 [ 58.504455][ T6814] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.525201][ T6814] RSP: 002b:00007ffd5ea18e38 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 58.533613][ T6814] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 58.541989][ T6814] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007ffd5ea19010 [ 58.549971][ T6814] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002b40 [ 58.557937][ T6814] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 58.565975][ T6814] R13: 00007ffd5ea19010 R14: 8421084210842109 R15: 00007ffd5ea1901c [ 58.650348][ T6815] IPVS: ftp: loaded support on port[0] = 21 [ 58.686322][ T6815] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6815 [ 58.695944][ T6815] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 58.701946][ T6815] CPU: 1 PID: 6815 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 58.710171][ T6815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.720205][ T6815] Call Trace: [ 58.723481][ T6815] dump_stack+0x188/0x20d [ 58.727811][ T6815] debug_smp_processor_id.cold+0x88/0x9b [ 58.733430][ T6815] ext4_mb_new_blocks+0xa77/0x3b30 [ 58.738530][ T6815] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.743967][ T6815] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.749674][ T6815] ext4_ext_map_blocks+0x2044/0x3410 [ 58.754942][ T6815] ? ext4_ext_release+0x10/0x10 [ 58.759796][ T6815] ? __down_timeout+0x2d0/0x2d0 [ 58.764647][ T6815] ? ext4_es_lookup_extent+0x41d/0xd30 [ 58.771679][ T6815] ext4_map_blocks+0x4cb/0x1640 [ 58.776520][ T6815] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.781801][ T6815] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.787343][ T6815] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.793641][ T6815] ? prandom_u32_state+0xe/0x170 [ 58.798766][ T6815] ? __brelse+0x84/0xa0 [ 58.803009][ T6815] ? __ext4_new_inode+0x144/0x57c0 [ 58.808194][ T6815] ext4_getblk+0xad/0x520 [ 58.812710][ T6815] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.818683][ T6815] ? ext4_free_inode+0x17e0/0x17e0 [ 58.823788][ T6815] ext4_bread+0x7c/0x380 [ 58.828137][ T6815] ? ext4_getblk+0x520/0x520 [ 58.832785][ T6815] ? dqget+0xff0/0xff0 [ 58.836858][ T6815] ext4_append+0x153/0x360 [ 58.841262][ T6815] ext4_mkdir+0x5e0/0xdf0 [ 58.845585][ T6815] ? ext4_rmdir+0xde0/0xde0 [ 58.850171][ T6815] ? security_inode_permission+0xc4/0xf0 [ 58.855796][ T6815] vfs_mkdir+0x419/0x690 [ 58.860030][ T6815] do_mkdirat+0x21e/0x280 [ 58.864348][ T6815] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.870154][ T6815] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.876116][ T6815] ? do_syscall_64+0x21/0x7d0 [ 58.881311][ T6815] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.887532][ T6815] do_syscall_64+0xf6/0x7d0 [ 58.892032][ T6815] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.898079][ T6815] RIP: 0033:0x45bee7 [ 58.901963][ T6815] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.921548][ T6815] RSP: 002b:00007ffd5ea18d28 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 58.930041][ T6815] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 58.938098][ T6815] RDX: 00007ffd5ea18d73 RSI: 00000000000001ff RDI: 00007ffd5ea18d70 [ 58.946049][ T6815] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 58.953995][ T6815] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185d0 [ 58.961944][ T6815] R13: 00007ffd5ea18d60 R14: 0000000000000000 R15: 00007ffd5ea18d70 [ 59.008923][ T6815] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6815 [ 59.018420][ T6815] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 59.024594][ T6815] CPU: 1 PID: 6815 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 59.032928][ T6815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.042977][ T6815] Call Trace: [ 59.046273][ T6815] dump_stack+0x188/0x20d [ 59.050611][ T6815] debug_smp_processor_id.cold+0x88/0x9b [ 59.056245][ T6815] ext4_mb_new_blocks+0xa77/0x3b30 [ 59.061370][ T6815] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.066834][ T6815] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.072565][ T6815] ext4_ext_map_blocks+0x2044/0x3410 [ 59.078158][ T6815] ? ext4_ext_release+0x10/0x10 [ 59.083031][ T6815] ? __down_timeout+0x2d0/0x2d0 [ 59.087886][ T6815] ? ext4_es_lookup_extent+0x41d/0xd30 [ 59.093347][ T6815] ext4_map_blocks+0x4cb/0x1640 [ 59.098233][ T6815] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.103523][ T6815] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.109158][ T6815] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.115404][ T6815] ? prandom_u32_state+0xe/0x170 [ 59.120441][ T6815] ? __brelse+0x84/0xa0 [ 59.124593][ T6815] ? __ext4_new_inode+0x144/0x57c0 [ 59.129701][ T6815] ext4_getblk+0xad/0x520 [ 59.134010][ T6815] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.139729][ T6815] ? ext4_free_inode+0x17e0/0x17e0 [ 59.144930][ T6815] ext4_bread+0x7c/0x380 [ 59.150672][ T6815] ? ext4_getblk+0x520/0x520 [ 59.156874][ T6815] ? dqget+0xff0/0xff0 [ 59.160931][ T6815] ext4_append+0x153/0x360 [ 59.165542][ T6815] ext4_mkdir+0x5e0/0xdf0 [ 59.169885][ T6815] ? ext4_rmdir+0xde0/0xde0 [ 59.174461][ T6815] ? security_inode_permission+0xc4/0xf0 [ 59.180115][ T6815] vfs_mkdir+0x419/0x690 [ 59.184363][ T6815] do_mkdirat+0x21e/0x280 [ 59.188687][ T6815] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.193609][ T6815] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.199677][ T6815] ? do_syscall_64+0x21/0x7d0 [ 59.204438][ T6815] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.210414][ T6815] do_syscall_64+0xf6/0x7d0 [ 59.215369][ T6815] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.221565][ T6815] RIP: 0033:0x45bee7 [ 59.226062][ T6815] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.246402][ T6815] RSP: 002b:00007ffd5ea18d28 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 2020/06/13 04:24:47 building call list... [ 59.256355][ T6815] RAX: ffffffffffffffda RBX: 000000000000e672 RCX: 000000000045bee7 [ 59.264764][ T6815] RDX: 00007ffd5ea18d73 RSI: 00000000000001ff RDI: 00007ffd5ea18d70 [ 59.273190][ T6815] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 59.281902][ T6815] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 59.290618][ T6815] R13: 00007ffd5ea18d60 R14: 000000000000e663 R15: 00007ffd5ea18d70 [ 59.614487][ T4360] tipc: TX() has been purged, node left! [ 60.096394][ T4360] ================================================================== [ 60.104618][ T4360] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x7a7/0x880 [ 60.112677][ T4360] Write of size 1 at addr ffff88809fbc69e4 by task kworker/u4:8/4360 [ 60.120725][ T4360] [ 60.123056][ T4360] CPU: 1 PID: 4360 Comm: kworker/u4:8 Not tainted 5.7.0-syzkaller #0 [ 60.131204][ T4360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.141438][ T4360] Workqueue: netns cleanup_net [ 60.146226][ T4360] Call Trace: [ 60.149515][ T4360] dump_stack+0x188/0x20d [ 60.153848][ T4360] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.159391][ T4360] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.164941][ T4360] ? afs_put_call+0xa70/0xa70 [ 60.169623][ T4360] print_address_description.constprop.0.cold+0xd3/0x413 [ 60.176655][ T4360] ? vprintk_func+0x97/0x1a6 [ 60.181251][ T4360] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.186792][ T4360] kasan_report.cold+0x1f/0x37 [ 60.191834][ T4360] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.197815][ T4360] afs_wake_up_async_call+0x7a7/0x880 [ 60.203182][ T4360] ? do_raw_spin_lock+0x129/0x2e0 [ 60.208212][ T4360] ? afs_close_socket+0x320/0x320 [ 60.213662][ T4360] ? rwlock_bug.part.0+0x90/0x90 [ 60.218591][ T4360] ? rcu_read_lock_held+0x9c/0xb0 [ 60.223614][ T4360] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.229248][ T4360] ? afs_close_socket+0x320/0x320 [ 60.234299][ T4360] ? afs_put_call+0xa70/0xa70 [ 60.239007][ T4360] rxrpc_notify_socket+0x1e5/0x5e0 [ 60.244132][ T4360] ? afs_put_call+0xa70/0xa70 [ 60.248807][ T4360] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 60.255240][ T4360] rxrpc_call_completed+0xca/0xf0 [ 60.260272][ T4360] rxrpc_discard_prealloc+0x786/0xac0 [ 60.265646][ T4360] ? lock_sock_nested+0x94/0x110 [ 60.270602][ T4360] rxrpc_listen+0x147/0x360 [ 60.275128][ T4360] afs_close_socket+0x95/0x320 [ 60.279884][ T4360] ? afs_purge_servers+0x16d/0x300 [ 60.285001][ T4360] ? afs_rx_discard_new_call+0x50/0x50 [ 60.290456][ T4360] ? debug_smp_processor_id+0x2f/0x185 [ 60.295929][ T4360] ? init_wait_var_entry+0x200/0x200 [ 60.301228][ T4360] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.306882][ T4360] afs_net_exit+0x1bc/0x310 [ 60.311557][ T4360] ? afs_net_init+0xe30/0xe30 [ 60.316269][ T4360] ops_exit_list.isra.0+0xa8/0x150 [ 60.321375][ T4360] cleanup_net+0x511/0xa50 [ 60.325815][ T4360] ? unregister_pernet_device+0x70/0x70 [ 60.331368][ T4360] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.337689][ T4360] process_one_work+0x965/0x16a0 [ 60.342689][ T4360] ? lock_release+0x800/0x800 [ 60.347381][ T4360] ? pwq_dec_nr_in_flight+0x310/0x310 [ 60.352752][ T4360] ? rwlock_bug.part.0+0x90/0x90 [ 60.357706][ T4360] worker_thread+0x96/0xe10 [ 60.362218][ T4360] ? process_one_work+0x16a0/0x16a0 [ 60.367414][ T4360] kthread+0x388/0x470 [ 60.371482][ T4360] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.377283][ T4360] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.383117][ T4360] ret_from_fork+0x24/0x30 [ 60.387541][ T4360] [ 60.389869][ T4360] Allocated by task 6815: [ 60.394196][ T4360] save_stack+0x1b/0x40 [ 60.398358][ T4360] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 60.404001][ T4360] kmem_cache_alloc_trace+0x153/0x7d0 [ 60.410780][ T4360] afs_alloc_call+0x55/0x640 [ 60.415366][ T4360] afs_charge_preallocation+0xe9/0x2d0 [ 60.420815][ T4360] afs_open_socket+0x292/0x360 [ 60.425572][ T4360] afs_net_init+0xa6c/0xe30 [ 60.430083][ T4360] ops_init+0xaf/0x420 [ 60.434145][ T4360] setup_net+0x2de/0x860 [ 60.438398][ T4360] copy_net_ns+0x293/0x590 [ 60.442813][ T4360] create_new_namespaces+0x3fb/0xb30 [ 60.448467][ T4360] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 60.454533][ T4360] ksys_unshare+0x43d/0x8e0 [ 60.459901][ T4360] __x64_sys_unshare+0x2d/0x40 [ 60.464790][ T4360] do_syscall_64+0xf6/0x7d0 [ 60.469293][ T4360] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.475175][ T4360] [ 60.477602][ T4360] Freed by task 4360: [ 60.481772][ T4360] save_stack+0x1b/0x40 [ 60.485921][ T4360] __kasan_slab_free+0xf7/0x140 [ 60.490765][ T4360] kfree+0x109/0x2b0 [ 60.494662][ T4360] afs_put_call+0x59b/0xa70 [ 60.499603][ T4360] rxrpc_discard_prealloc+0x769/0xac0 [ 60.504971][ T4360] rxrpc_listen+0x147/0x360 [ 60.509496][ T4360] afs_close_socket+0x95/0x320 [ 60.514279][ T4360] afs_net_exit+0x1bc/0x310 [ 60.518781][ T4360] ops_exit_list.isra.0+0xa8/0x150 [ 60.524065][ T4360] cleanup_net+0x511/0xa50 [ 60.528491][ T4360] process_one_work+0x965/0x16a0 [ 60.533433][ T4360] worker_thread+0x96/0xe10 [ 60.537980][ T4360] kthread+0x388/0x470 [ 60.542047][ T4360] ret_from_fork+0x24/0x30 [ 60.546825][ T4360] [ 60.549149][ T4360] The buggy address belongs to the object at ffff88809fbc6800 [ 60.549149][ T4360] which belongs to the cache kmalloc-1k of size 1024 [ 60.563226][ T4360] The buggy address is located 484 bytes inside of [ 60.563226][ T4360] 1024-byte region [ffff88809fbc6800, ffff88809fbc6c00) [ 60.577180][ T4360] The buggy address belongs to the page: [ 60.582819][ T4360] page:ffffea00027ef180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 60.592463][ T4360] flags: 0xfffe0000000200(slab) [ 60.597313][ T4360] raw: 00fffe0000000200 ffffea00028b0908 ffffea000254f688 ffff8880aa000c40 [ 60.606246][ T4360] raw: 0000000000000000 ffff88809fbc6000 0000000100000002 0000000000000000 [ 60.614821][ T4360] page dumped because: kasan: bad access detected [ 60.621306][ T4360] [ 60.623628][ T4360] Memory state around the buggy address: [ 60.629340][ T4360] ffff88809fbc6880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.637395][ T4360] ffff88809fbc6900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.645456][ T4360] >ffff88809fbc6980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.653519][ T4360] ^ [ 60.661318][ T4360] ffff88809fbc6a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.669382][ T4360] ffff88809fbc6a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.677711][ T4360] ================================================================== [ 60.686033][ T4360] Disabling lock debugging due to kernel taint [ 60.692229][ T4360] Kernel panic - not syncing: panic_on_warn set ... [ 60.698811][ T4360] CPU: 1 PID: 4360 Comm: kworker/u4:8 Tainted: G B 5.7.0-syzkaller #0 [ 60.708602][ T4360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.718663][ T4360] Workqueue: netns cleanup_net [ 60.723431][ T4360] Call Trace: [ 60.728668][ T4360] dump_stack+0x188/0x20d [ 60.732994][ T4360] ? afs_wake_up_async_call+0x6b0/0x880 [ 60.738559][ T4360] ? afs_put_call+0xa70/0xa70 [ 60.743224][ T4360] panic+0x2e3/0x75c executing program [ 60.747113][ T4360] ? add_taint.cold+0x16/0x16 [ 60.751777][ T4360] ? retint_kernel+0x2b/0x2b [ 60.756359][ T4360] ? trace_hardirqs_on+0x55/0x230 [ 60.761375][ T4360] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.767009][ T4360] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.772546][ T4360] ? afs_put_call+0xa70/0xa70 [ 60.777240][ T4360] end_report+0x4d/0x53 [ 60.781402][ T4360] kasan_report.cold+0xd/0x37 [ 60.786187][ T4360] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.791725][ T4360] afs_wake_up_async_call+0x7a7/0x880 [ 60.797085][ T4360] ? do_raw_spin_lock+0x129/0x2e0 [ 60.802097][ T4360] ? afs_close_socket+0x320/0x320 [ 60.807106][ T4360] ? rwlock_bug.part.0+0x90/0x90 [ 60.812030][ T4360] ? rcu_read_lock_held+0x9c/0xb0 [ 60.817043][ T4360] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.822684][ T4360] ? afs_close_socket+0x320/0x320 [ 60.827702][ T4360] ? afs_put_call+0xa70/0xa70 [ 60.832372][ T4360] rxrpc_notify_socket+0x1e5/0x5e0 [ 60.837479][ T4360] ? afs_put_call+0xa70/0xa70 [ 60.842149][ T4360] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 60.848558][ T4360] rxrpc_call_completed+0xca/0xf0 [ 60.853577][ T4360] rxrpc_discard_prealloc+0x786/0xac0 [ 60.858948][ T4360] ? lock_sock_nested+0x94/0x110 [ 60.863885][ T4360] rxrpc_listen+0x147/0x360 [ 60.868391][ T4360] afs_close_socket+0x95/0x320 [ 60.873150][ T4360] ? afs_purge_servers+0x16d/0x300 [ 60.878263][ T4360] ? afs_rx_discard_new_call+0x50/0x50 [ 60.883717][ T4360] ? debug_smp_processor_id+0x2f/0x185 [ 60.889175][ T4360] ? init_wait_var_entry+0x200/0x200 [ 60.894469][ T4360] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.900091][ T4360] afs_net_exit+0x1bc/0x310 [ 60.904582][ T4360] ? afs_net_init+0xe30/0xe30 [ 60.909251][ T4360] ops_exit_list.isra.0+0xa8/0x150 [ 60.914455][ T4360] cleanup_net+0x511/0xa50 [ 60.918871][ T4360] ? unregister_pernet_device+0x70/0x70 [ 60.924415][ T4360] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.930397][ T4360] process_one_work+0x965/0x16a0 [ 60.935345][ T4360] ? lock_release+0x800/0x800 [ 60.940035][ T4360] ? pwq_dec_nr_in_flight+0x310/0x310 [ 60.945406][ T4360] ? rwlock_bug.part.0+0x90/0x90 [ 60.950320][ T4360] worker_thread+0x96/0xe10 [ 60.954801][ T4360] ? process_one_work+0x16a0/0x16a0 [ 60.959976][ T4360] kthread+0x388/0x470 [ 60.964018][ T4360] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.969828][ T4360] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.975525][ T4360] ret_from_fork+0x24/0x30 [ 60.981393][ T4360] Kernel Offset: disabled [ 60.987883][ T4360] Rebooting in 86400 seconds..