[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ 52.537398][ T6728] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6728 [ 52.547054][ T6728] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 52.553513][ T6728] CPU: 0 PID: 6728 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 52.561751][ T6728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.571967][ T6728] Call Trace: [ 52.575247][ T6728] dump_stack+0x188/0x20d [ 52.579584][ T6728] debug_smp_processor_id.cold+0x88/0x9b [ 52.585212][ T6728] ext4_mb_new_blocks+0xa77/0x3b30 [ 52.590380][ T6728] ? ext4_ext_search_right+0x2ca/0xb20 [ 52.595857][ T6728] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 52.601571][ T6728] ext4_ext_map_blocks+0x2044/0x3410 [ 52.606852][ T6728] ? ext4_ext_release+0x10/0x10 [ 52.611699][ T6728] ? __down_timeout+0x2d0/0x2d0 [ 52.616552][ T6728] ? ext4_es_lookup_extent+0x41d/0xd30 [ 52.621996][ T6728] ext4_map_blocks+0x4cb/0x1640 [ 52.626840][ T6728] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 52.632017][ T6728] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 52.637539][ T6728] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 52.643500][ T6728] ? prandom_u32_state+0xe/0x170 [ 52.648444][ T6728] ? __brelse+0x84/0xa0 [ 52.652690][ T6728] ? __ext4_new_inode+0x144/0x57c0 [ 52.657800][ T6728] ext4_getblk+0xad/0x520 [ 52.662110][ T6728] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 52.667820][ T6728] ? ext4_free_inode+0x17e0/0x17e0 [ 52.672925][ T6728] ext4_bread+0x7c/0x380 [ 52.677151][ T6728] ? ext4_getblk+0x520/0x520 [ 52.681735][ T6728] ? dqget+0xff0/0xff0 [ 52.685787][ T6728] ext4_append+0x153/0x360 [ 52.690205][ T6728] ext4_mkdir+0x5e0/0xdf0 [ 52.694513][ T6728] ? ext4_rmdir+0xde0/0xde0 [ 52.699014][ T6728] ? security_inode_permission+0xc4/0xf0 [ 52.704629][ T6728] vfs_mkdir+0x419/0x690 [ 52.708854][ T6728] do_mkdirat+0x21e/0x280 [ 52.713201][ T6728] ? __ia32_sys_mknod+0xb0/0xb0 [ 52.718042][ T6728] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 52.724023][ T6728] ? do_syscall_64+0x21/0x7d0 [ 52.728693][ T6728] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 52.734667][ T6728] do_syscall_64+0xf6/0x7d0 [ 52.739154][ T6728] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 52.746498][ T6728] RIP: 0033:0x7f2ab9ea7687 [ 52.750902][ T6728] Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48 [ 52.770498][ T6728] RSP: 002b:00007ffc4ec109e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 52.779081][ T6728] RAX: ffffffffffffffda RBX: 000055aab8982985 RCX: 00007f2ab9ea7687 [ 52.787042][ T6728] RDX: 00007ffc4ec108b0 RSI: 00000000000001ed RDI: 000055aab8982985 [ 52.794991][ T6728] RBP: 00007f2ab9ea7680 R08: 0000000000000100 R09: 0000000000000000 [ 52.802940][ T6728] R10: 000055aab8982980 R11: 0000000000000246 R12: 00000000000001ed [ 52.810927][ T6728] R13: 00007ffc4ec10b70 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 55.877504][ T293] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:6/293 [ 55.886741][ T293] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 55.892831][ T293] CPU: 1 PID: 293 Comm: kworker/u4:6 Not tainted 5.7.0-syzkaller #0 [ 55.900816][ T293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.911814][ T293] Workqueue: writeback wb_workfn (flush-8:0) [ 55.917769][ T293] Call Trace: [ 55.921059][ T293] dump_stack+0x188/0x20d [ 55.925394][ T293] debug_smp_processor_id.cold+0x88/0x9b [ 55.931016][ T293] ext4_mb_new_blocks+0xa77/0x3b30 [ 55.936114][ T293] ? __kmalloc+0x62f/0x7a0 [ 55.940514][ T293] ? ext4_ext_search_right+0x2ca/0xb20 [ 55.945958][ T293] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 55.951656][ T293] ext4_ext_map_blocks+0x2044/0x3410 [ 55.956940][ T293] ? ext4_ext_release+0x10/0x10 [ 55.963348][ T293] ? __down_timeout+0x2d0/0x2d0 [ 55.968175][ T293] ? ext4_es_lookup_extent+0x41d/0xd30 [ 55.973656][ T293] ? debug_smp_processor_id+0x2f/0x185 [ 55.979120][ T293] ext4_map_blocks+0x4cb/0x1640 [ 55.983957][ T293] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 55.989132][ T293] ? debug_smp_processor_id+0x2f/0x185 [ 55.994573][ T293] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.000118][ T293] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.006092][ T293] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 56.011533][ T293] ext4_writepages+0x1ab7/0x3400 [ 56.016644][ T293] ? __ext4_mark_inode_dirty+0x950/0x950 [ 56.022257][ T293] ? __lock_acquire+0x2224/0x48a0 [ 56.027284][ T293] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.034210][ T293] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.040183][ T293] ? __ext4_mark_inode_dirty+0x950/0x950 [ 56.045873][ T293] ? do_writepages+0xfa/0x2a0 [ 56.050606][ T293] do_writepages+0xfa/0x2a0 [ 56.055106][ T293] ? page_writeback_cpu_online+0x10/0x10 [ 56.060723][ T293] ? debug_smp_processor_id+0x2f/0x185 [ 56.066170][ T293] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.072738][ T293] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.078702][ T293] ? lock_downgrade+0x840/0x840 [ 56.083534][ T293] __writeback_single_inode+0x12a/0x1410 [ 56.089152][ T293] ? _raw_spin_unlock+0x24/0x40 [ 56.093979][ T293] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 56.099936][ T293] writeback_sb_inodes+0x515/0xdd0 [ 56.105034][ T293] ? __writeback_single_inode+0x1410/0x1410 [ 56.110929][ T293] __writeback_inodes_wb+0xc3/0x250 [ 56.116119][ T293] wb_writeback+0x910/0xd90 [ 56.120603][ T293] ? print_usage_bug+0x240/0x240 [ 56.125582][ T293] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 56.131886][ T293] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 56.137778][ T293] ? cpumask_next+0x3c/0x40 [ 56.142294][ T293] ? get_nr_dirty_inodes+0xd6/0x130 [ 56.147489][ T293] wb_workfn+0xadf/0x10d0 [ 56.151801][ T293] ? inode_wait_for_writeback+0x30/0x30 [ 56.157340][ T293] ? debug_smp_processor_id+0x2f/0x185 [ 56.162780][ T293] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.168303][ T293] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.174261][ T293] process_one_work+0x965/0x16a0 [ 56.179203][ T293] ? lock_release+0x800/0x800 [ 56.183856][ T293] ? pwq_dec_nr_in_flight+0x310/0x310 [ 56.189220][ T293] ? rwlock_bug.part.0+0x90/0x90 [ 56.194139][ T293] worker_thread+0x96/0xe10 [ 56.198625][ T293] ? process_one_work+0x16a0/0x16a0 [ 56.203810][ T293] kthread+0x388/0x470 [ 56.207855][ T293] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.213551][ T293] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.219343][ T293] ret_from_fork+0x24/0x30 Warning: Permanently added '10.128.0.185' (ECDSA) to the list of known hosts. 2020/06/11 23:48:52 fuzzer started 2020/06/11 23:48:53 connecting to host at 10.128.0.26:41457 2020/06/11 23:48:53 checking machine... 2020/06/11 23:48:53 checking revisions... 2020/06/11 23:48:53 testing simple program... [ 57.855990][ T6802] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6802 [ 57.865206][ T6802] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 57.871247][ T6802] CPU: 1 PID: 6802 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 57.879138][ T6802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.889200][ T6802] Call Trace: [ 57.892533][ T6802] dump_stack+0x188/0x20d [ 57.896894][ T6802] debug_smp_processor_id.cold+0x88/0x9b [ 57.902548][ T6802] ext4_mb_new_blocks+0xa77/0x3b30 [ 57.907675][ T6802] ? ext4_ext_search_right+0x2ca/0xb20 [ 57.913139][ T6802] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 57.918872][ T6802] ext4_ext_map_blocks+0x2044/0x3410 [ 57.924169][ T6802] ? ext4_ext_release+0x10/0x10 [ 57.929046][ T6802] ? __down_timeout+0x2d0/0x2d0 [ 57.933990][ T6802] ? ext4_es_lookup_extent+0x41d/0xd30 [ 57.939459][ T6802] ext4_map_blocks+0x4cb/0x1640 [ 57.944290][ T6802] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 57.949477][ T6802] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.955010][ T6802] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.960972][ T6802] ? prandom_u32_state+0xe/0x170 [ 57.965889][ T6802] ? __brelse+0x84/0xa0 [ 57.970036][ T6802] ? __ext4_new_inode+0x144/0x57c0 [ 57.975139][ T6802] ext4_getblk+0xad/0x520 [ 57.979448][ T6802] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 57.985150][ T6802] ? ext4_free_inode+0x17e0/0x17e0 [ 57.990240][ T6802] ext4_bread+0x7c/0x380 [ 57.994470][ T6802] ? ext4_getblk+0x520/0x520 [ 57.999054][ T6802] ? dqget+0xff0/0xff0 [ 58.003113][ T6802] ext4_append+0x153/0x360 [ 58.007576][ T6802] ext4_mkdir+0x5e0/0xdf0 [ 58.011919][ T6802] ? ext4_rmdir+0xde0/0xde0 [ 58.016577][ T6802] ? security_inode_permission+0xc4/0xf0 [ 58.022297][ T6802] vfs_mkdir+0x419/0x690 [ 58.026539][ T6802] do_mkdirat+0x21e/0x280 [ 58.030854][ T6802] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.035684][ T6802] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.041647][ T6802] ? do_syscall_64+0x21/0x7d0 [ 58.046303][ T6802] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.052291][ T6802] do_syscall_64+0xf6/0x7d0 [ 58.056785][ T6802] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.062652][ T6802] RIP: 0033:0x4b02a0 [ 58.066533][ T6802] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 58.086114][ T6802] RSP: 002b:000000c0003d74b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 58.094772][ T6802] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 58.102744][ T6802] RDX: 00000000000001c0 RSI: 000000c000026720 RDI: ffffffffffffff9c [ 58.110691][ T6802] RBP: 000000c0003d7510 R08: 0000000000000000 R09: 0000000000000000 [ 58.118650][ T6802] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 58.126859][ T6802] R13: 000000000000003a R14: 0000000000000039 R15: 0000000000000100 [ 58.153703][ T6818] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6818 [ 58.164252][ T6818] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 58.170258][ T6818] CPU: 0 PID: 6818 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 58.178627][ T6818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.188677][ T6818] Call Trace: [ 58.191953][ T6818] dump_stack+0x188/0x20d [ 58.196616][ T6818] debug_smp_processor_id.cold+0x88/0x9b [ 58.203040][ T6818] ext4_mb_new_blocks+0xa77/0x3b30 [ 58.208152][ T6818] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.213619][ T6818] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.219332][ T6818] ext4_ext_map_blocks+0x2044/0x3410 [ 58.224601][ T6818] ? ext4_ext_release+0x10/0x10 [ 58.229460][ T6818] ? __down_timeout+0x2d0/0x2d0 [ 58.234295][ T6818] ? ext4_es_lookup_extent+0x41d/0xd30 [ 58.239742][ T6818] ext4_map_blocks+0x4cb/0x1640 [ 58.244672][ T6818] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.249854][ T6818] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.255379][ T6818] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.261371][ T6818] ? prandom_u32_state+0xe/0x170 [ 58.266289][ T6818] ? __brelse+0x84/0xa0 [ 58.270423][ T6818] ? __ext4_new_inode+0x144/0x57c0 [ 58.275525][ T6818] ext4_getblk+0xad/0x520 [ 58.279836][ T6818] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.285547][ T6818] ? ext4_free_inode+0x17e0/0x17e0 [ 58.290641][ T6818] ext4_bread+0x7c/0x380 [ 58.294859][ T6818] ? ext4_getblk+0x520/0x520 [ 58.299432][ T6818] ? dqget+0xff0/0xff0 [ 58.303500][ T6818] ext4_append+0x153/0x360 [ 58.307910][ T6818] ext4_mkdir+0x5e0/0xdf0 [ 58.312230][ T6818] ? ext4_rmdir+0xde0/0xde0 [ 58.316735][ T6818] ? security_inode_permission+0xc4/0xf0 [ 58.322350][ T6818] vfs_mkdir+0x419/0x690 [ 58.326597][ T6818] do_mkdirat+0x21e/0x280 [ 58.330919][ T6818] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.335746][ T6818] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.341709][ T6818] ? do_syscall_64+0x21/0x7d0 [ 58.346377][ T6818] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.352350][ T6818] do_syscall_64+0xf6/0x7d0 [ 58.356843][ T6818] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.362803][ T6818] RIP: 0033:0x45bee7 [ 58.366686][ T6818] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.386291][ T6818] RSP: 002b:00007fff2a17d5e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 58.394689][ T6818] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 58.402641][ T6818] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007fff2a17d7c0 [ 58.410597][ T6818] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003140 [ 58.418560][ T6818] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 58.426510][ T6818] R13: 00007fff2a17d7c0 R14: 8421084210842109 R15: 00007fff2a17d7cc [ 58.514677][ T6819] IPVS: ftp: loaded support on port[0] = 21 [ 58.552334][ T6819] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6819 [ 58.562342][ T6819] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 58.568350][ T6819] CPU: 0 PID: 6819 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 58.576583][ T6819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.586639][ T6819] Call Trace: [ 58.590009][ T6819] dump_stack+0x188/0x20d [ 58.594346][ T6819] debug_smp_processor_id.cold+0x88/0x9b [ 58.599978][ T6819] ext4_mb_new_blocks+0xa77/0x3b30 [ 58.605082][ T6819] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.610537][ T6819] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.616251][ T6819] ext4_ext_map_blocks+0x2044/0x3410 [ 58.621530][ T6819] ? ext4_ext_release+0x10/0x10 [ 58.626403][ T6819] ? __down_timeout+0x2d0/0x2d0 [ 58.631262][ T6819] ? ext4_es_lookup_extent+0x41d/0xd30 [ 58.636711][ T6819] ext4_map_blocks+0x4cb/0x1640 [ 58.641546][ T6819] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.646735][ T6819] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.652263][ T6819] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.658591][ T6819] ? prandom_u32_state+0xe/0x170 [ 58.663510][ T6819] ? __brelse+0x84/0xa0 [ 58.667664][ T6819] ? __ext4_new_inode+0x144/0x57c0 [ 58.672764][ T6819] ext4_getblk+0xad/0x520 [ 58.677077][ T6819] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.682786][ T6819] ? ext4_free_inode+0x17e0/0x17e0 [ 58.687893][ T6819] ext4_bread+0x7c/0x380 [ 58.692129][ T6819] ? ext4_getblk+0x520/0x520 [ 58.696723][ T6819] ? dqget+0xff0/0xff0 [ 58.700772][ T6819] ext4_append+0x153/0x360 [ 58.705240][ T6819] ext4_mkdir+0x5e0/0xdf0 [ 58.709573][ T6819] ? ext4_rmdir+0xde0/0xde0 [ 58.714073][ T6819] ? security_inode_permission+0xc4/0xf0 [ 58.719689][ T6819] vfs_mkdir+0x419/0x690 [ 58.723918][ T6819] do_mkdirat+0x21e/0x280 [ 58.728240][ T6819] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.733066][ T6819] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.739025][ T6819] ? do_syscall_64+0x21/0x7d0 [ 58.743679][ T6819] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.749641][ T6819] do_syscall_64+0xf6/0x7d0 [ 58.754133][ T6819] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.760087][ T6819] RIP: 0033:0x45bee7 [ 58.764133][ T6819] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.783727][ T6819] RSP: 002b:00007fff2a17d4d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 58.792133][ T6819] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 58.800084][ T6819] RDX: 00007fff2a17d523 RSI: 00000000000001ff RDI: 00007fff2a17d520 [ 58.808031][ T6819] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 58.815989][ T6819] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185d0 [ 58.823942][ T6819] R13: 00007fff2a17d510 R14: 0000000000000000 R15: 00007fff2a17d520 [ 58.874063][ T6819] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6819 [ 58.883596][ T6819] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 58.889846][ T6819] CPU: 1 PID: 6819 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 58.899479][ T6819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.909536][ T6819] Call Trace: [ 58.912836][ T6819] dump_stack+0x188/0x20d [ 58.917182][ T6819] debug_smp_processor_id.cold+0x88/0x9b [ 58.922997][ T6819] ext4_mb_new_blocks+0xa77/0x3b30 [ 58.928258][ T6819] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.933807][ T6819] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.939552][ T6819] ext4_ext_map_blocks+0x2044/0x3410 [ 58.944853][ T6819] ? ext4_ext_release+0x10/0x10 [ 58.949781][ T6819] ? __down_timeout+0x2d0/0x2d0 [ 58.954647][ T6819] ? ext4_es_lookup_extent+0x41d/0xd30 [ 58.960128][ T6819] ext4_map_blocks+0x4cb/0x1640 [ 58.964996][ T6819] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.970186][ T6819] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.975711][ T6819] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.981697][ T6819] ? prandom_u32_state+0xe/0x170 [ 58.986645][ T6819] ? __brelse+0x84/0xa0 [ 58.990804][ T6819] ? __ext4_new_inode+0x144/0x57c0 [ 58.995894][ T6819] ext4_getblk+0xad/0x520 [ 59.000202][ T6819] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.005915][ T6819] ? ext4_free_inode+0x17e0/0x17e0 [ 59.011051][ T6819] ext4_bread+0x7c/0x380 [ 59.015308][ T6819] ? ext4_getblk+0x520/0x520 [ 59.019883][ T6819] ? dqget+0xff0/0xff0 [ 59.024023][ T6819] ext4_append+0x153/0x360 [ 59.028769][ T6819] ext4_mkdir+0x5e0/0xdf0 [ 59.033082][ T6819] ? ext4_rmdir+0xde0/0xde0 [ 59.037568][ T6819] ? security_inode_permission+0xc4/0xf0 [ 59.046134][ T6819] vfs_mkdir+0x419/0x690 [ 59.050445][ T6819] do_mkdirat+0x21e/0x280 [ 59.054753][ T6819] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.059607][ T6819] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.065575][ T6819] ? do_syscall_64+0x21/0x7d0 [ 59.070240][ T6819] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.076211][ T6819] do_syscall_64+0xf6/0x7d0 [ 59.080694][ T6819] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.086560][ T6819] RIP: 0033:0x45bee7 [ 59.090434][ T6819] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.110015][ T6819] RSP: 002b:00007fff2a17d4d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 2020/06/11 23:48:54 building call list... [ 59.118411][ T6819] RAX: ffffffffffffffda RBX: 000000000000e5f2 RCX: 000000000045bee7 [ 59.126443][ T6819] RDX: 00007fff2a17d523 RSI: 00000000000001ff RDI: 00007fff2a17d520 [ 59.134521][ T6819] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 59.142490][ T6819] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 59.150463][ T6819] R13: 00007fff2a17d510 R14: 000000000000e5ec R15: 00007fff2a17d520 [ 59.446604][ T26] tipc: TX() has been purged, node left! [ 59.968750][ T26] ================================================================== [ 59.977011][ T26] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x7a7/0x880 [ 59.984910][ T26] Write of size 1 at addr ffff8880a87ca1e4 by task kworker/u4:2/26 [ 59.992793][ T26] [ 59.995121][ T26] CPU: 1 PID: 26 Comm: kworker/u4:2 Not tainted 5.7.0-syzkaller #0 [ 60.002994][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.013048][ T26] Workqueue: netns cleanup_net [ 60.017801][ T26] Call Trace: [ 60.021092][ T26] dump_stack+0x188/0x20d [ 60.025427][ T26] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.030964][ T26] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.036571][ T26] ? afs_put_call+0xa70/0xa70 [ 60.041274][ T26] print_address_description.constprop.0.cold+0xd3/0x413 [ 60.048572][ T26] ? vprintk_func+0x97/0x1a6 [ 60.053163][ T26] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.058701][ T26] kasan_report.cold+0x1f/0x37 [ 60.063464][ T26] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.069012][ T26] afs_wake_up_async_call+0x7a7/0x880 [ 60.074393][ T26] ? do_raw_spin_lock+0x129/0x2e0 [ 60.079417][ T26] ? afs_close_socket+0x320/0x320 [ 60.084433][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 60.089363][ T26] ? rcu_read_lock_held+0x9c/0xb0 [ 60.094396][ T26] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.100095][ T26] ? afs_close_socket+0x320/0x320 [ 60.105156][ T26] ? afs_put_call+0xa70/0xa70 [ 60.110097][ T26] rxrpc_notify_socket+0x1e5/0x5e0 [ 60.115222][ T26] ? afs_put_call+0xa70/0xa70 [ 60.119903][ T26] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 60.126313][ T26] rxrpc_call_completed+0xca/0xf0 [ 60.131339][ T26] rxrpc_discard_prealloc+0x786/0xac0 [ 60.139239][ T26] ? lock_sock_nested+0x94/0x110 [ 60.144186][ T26] rxrpc_listen+0x147/0x360 [ 60.148692][ T26] afs_close_socket+0x95/0x320 [ 60.153449][ T26] ? afs_purge_servers+0x16d/0x300 [ 60.158560][ T26] ? afs_rx_discard_new_call+0x50/0x50 [ 60.164132][ T26] ? debug_smp_processor_id+0x2f/0x185 [ 60.169602][ T26] ? init_wait_var_entry+0x200/0x200 [ 60.174904][ T26] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.180546][ T26] afs_net_exit+0x1bc/0x310 [ 60.185509][ T26] ? afs_net_init+0xe30/0xe30 [ 60.190201][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 60.195326][ T26] cleanup_net+0x511/0xa50 [ 60.199761][ T26] ? unregister_pernet_device+0x70/0x70 [ 60.205308][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.211291][ T26] process_one_work+0x965/0x16a0 [ 60.216233][ T26] ? lock_release+0x800/0x800 [ 60.220904][ T26] ? pwq_dec_nr_in_flight+0x310/0x310 [ 60.226273][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 60.231229][ T26] worker_thread+0x96/0xe10 [ 60.235740][ T26] ? process_one_work+0x16a0/0x16a0 [ 60.240936][ T26] kthread+0x388/0x470 [ 60.245003][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.250718][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.256448][ T26] ret_from_fork+0x24/0x30 [ 60.260869][ T26] [ 60.263189][ T26] Allocated by task 6819: [ 60.267515][ T26] save_stack+0x1b/0x40 [ 60.271662][ T26] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 60.277287][ T26] kmem_cache_alloc_trace+0x153/0x7d0 [ 60.282673][ T26] afs_alloc_call+0x55/0x640 [ 60.287261][ T26] afs_charge_preallocation+0xe9/0x2d0 [ 60.292881][ T26] afs_open_socket+0x292/0x360 [ 60.297637][ T26] afs_net_init+0xa6c/0xe30 [ 60.302134][ T26] ops_init+0xaf/0x420 [ 60.306198][ T26] setup_net+0x2de/0x860 [ 60.311564][ T26] copy_net_ns+0x293/0x590 [ 60.315978][ T26] create_new_namespaces+0x3fb/0xb30 [ 60.321256][ T26] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 60.326879][ T26] ksys_unshare+0x43d/0x8e0 [ 60.331375][ T26] __x64_sys_unshare+0x2d/0x40 [ 60.336136][ T26] do_syscall_64+0xf6/0x7d0 [ 60.340633][ T26] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.346510][ T26] [ 60.348852][ T26] Freed by task 26: [ 60.352670][ T26] save_stack+0x1b/0x40 [ 60.356822][ T26] __kasan_slab_free+0xf7/0x140 [ 60.361666][ T26] kfree+0x109/0x2b0 [ 60.365556][ T26] afs_put_call+0x59b/0xa70 [ 60.370057][ T26] rxrpc_discard_prealloc+0x769/0xac0 [ 60.375441][ T26] rxrpc_listen+0x147/0x360 [ 60.379941][ T26] afs_close_socket+0x95/0x320 [ 60.384701][ T26] afs_net_exit+0x1bc/0x310 [ 60.389216][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 60.394336][ T26] cleanup_net+0x511/0xa50 [ 60.398756][ T26] process_one_work+0x965/0x16a0 [ 60.407333][ T26] worker_thread+0x96/0xe10 [ 60.411825][ T26] kthread+0x388/0x470 [ 60.415976][ T26] ret_from_fork+0x24/0x30 [ 60.420897][ T26] [ 60.423220][ T26] The buggy address belongs to the object at ffff8880a87ca000 [ 60.423220][ T26] which belongs to the cache kmalloc-1k of size 1024 [ 60.437269][ T26] The buggy address is located 484 bytes inside of [ 60.437269][ T26] 1024-byte region [ffff8880a87ca000, ffff8880a87ca400) [ 60.450636][ T26] The buggy address belongs to the page: [ 60.456265][ T26] page:ffffea0002a1f280 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 60.465385][ T26] flags: 0xfffe0000000200(slab) [ 60.470233][ T26] raw: 00fffe0000000200 ffffea00025ca048 ffffea00027a0f88 ffff8880aa000c40 [ 60.479854][ T26] raw: 0000000000000000 ffff8880a87ca000 0000000100000002 0000000000000000 [ 60.488422][ T26] page dumped because: kasan: bad access detected [ 60.494827][ T26] [ 60.497144][ T26] Memory state around the buggy address: [ 60.502767][ T26] ffff8880a87ca080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.510830][ T26] ffff8880a87ca100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.518894][ T26] >ffff8880a87ca180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.526967][ T26] ^ [ 60.534189][ T26] ffff8880a87ca200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.542289][ T26] ffff8880a87ca280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.550359][ T26] ================================================================== [ 60.558422][ T26] Disabling lock debugging due to kernel taint [ 60.564653][ T26] Kernel panic - not syncing: panic_on_warn set ... [ 60.571413][ T26] CPU: 1 PID: 26 Comm: kworker/u4:2 Tainted: G B 5.7.0-syzkaller #0 [ 60.580697][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.590758][ T26] Workqueue: netns cleanup_net [ 60.595513][ T26] Call Trace: [ 60.598805][ T26] dump_stack+0x188/0x20d [ 60.603148][ T26] ? afs_wake_up_async_call+0x6b0/0x880 [ 60.608690][ T26] ? afs_put_call+0xa70/0xa70 [ 60.613480][ T26] panic+0x2e3/0x75c executing program [ 60.617355][ T26] ? add_taint.cold+0x16/0x16 [ 60.622679][ T26] ? retint_kernel+0x2b/0x2b [ 60.627272][ T26] ? trace_hardirqs_on+0x55/0x230 [ 60.632278][ T26] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.637924][ T26] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.643469][ T26] ? afs_put_call+0xa70/0xa70 [ 60.648149][ T26] end_report+0x4d/0x53 [ 60.652282][ T26] kasan_report.cold+0xd/0x37 [ 60.656964][ T26] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.662540][ T26] afs_wake_up_async_call+0x7a7/0x880 [ 60.667987][ T26] ? do_raw_spin_lock+0x129/0x2e0 [ 60.673001][ T26] ? afs_close_socket+0x320/0x320 [ 60.678027][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 60.682958][ T26] ? rcu_read_lock_held+0x9c/0xb0 [ 60.687971][ T26] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.693594][ T26] ? afs_close_socket+0x320/0x320 [ 60.698612][ T26] ? afs_put_call+0xa70/0xa70 [ 60.703276][ T26] rxrpc_notify_socket+0x1e5/0x5e0 [ 60.708379][ T26] ? afs_put_call+0xa70/0xa70 [ 60.713031][ T26] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 60.719418][ T26] rxrpc_call_completed+0xca/0xf0 [ 60.724486][ T26] rxrpc_discard_prealloc+0x786/0xac0 [ 60.729853][ T26] ? lock_sock_nested+0x94/0x110 [ 60.734795][ T26] rxrpc_listen+0x147/0x360 [ 60.739302][ T26] afs_close_socket+0x95/0x320 [ 60.744037][ T26] ? afs_purge_servers+0x16d/0x300 [ 60.749263][ T26] ? afs_rx_discard_new_call+0x50/0x50 [ 60.754725][ T26] ? debug_smp_processor_id+0x2f/0x185 [ 60.760166][ T26] ? init_wait_var_entry+0x200/0x200 [ 60.765431][ T26] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.771042][ T26] afs_net_exit+0x1bc/0x310 [ 60.775555][ T26] ? afs_net_init+0xe30/0xe30 [ 60.780219][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 60.785311][ T26] cleanup_net+0x511/0xa50 [ 60.789744][ T26] ? unregister_pernet_device+0x70/0x70 [ 60.796225][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.802185][ T26] process_one_work+0x965/0x16a0 [ 60.807116][ T26] ? lock_release+0x800/0x800 [ 60.811790][ T26] ? pwq_dec_nr_in_flight+0x310/0x310 [ 60.817322][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 60.822234][ T26] worker_thread+0x96/0xe10 [ 60.826733][ T26] ? process_one_work+0x16a0/0x16a0 [ 60.831905][ T26] kthread+0x388/0x470 [ 60.835981][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.841718][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.847427][ T26] ret_from_fork+0x24/0x30 [ 60.852537][ T26] Kernel Offset: disabled [ 60.856864][ T26] Rebooting in 86400 seconds..