[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ 55.374386][ T6838] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6838 [ 55.383813][ T6838] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 55.389836][ T6838] CPU: 1 PID: 6838 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 55.398097][ T6838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.408142][ T6838] Call Trace: [ 55.411423][ T6838] dump_stack+0x188/0x20d [ 55.415743][ T6838] debug_smp_processor_id.cold+0x88/0x9b [ 55.421351][ T6838] ext4_mb_new_blocks+0xa77/0x3b30 [ 55.426461][ T6838] ? ext4_ext_search_right+0x2ca/0xb20 [ 55.431900][ T6838] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 55.437624][ T6838] ext4_ext_map_blocks+0x2044/0x3410 [ 55.442914][ T6838] ? ext4_ext_release+0x10/0x10 [ 55.447776][ T6838] ? __down_timeout+0x2d0/0x2d0 [ 55.452615][ T6838] ? ext4_es_lookup_extent+0x41d/0xd30 [ 55.458067][ T6838] ext4_map_blocks+0x4cb/0x1640 [ 55.462923][ T6838] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 55.468110][ T6838] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 55.473645][ T6838] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 55.479601][ T6838] ? prandom_u32_state+0xe/0x170 [ 55.484529][ T6838] ? __brelse+0x84/0xa0 [ 55.488677][ T6838] ? __ext4_new_inode+0x144/0x57c0 [ 55.493766][ T6838] ext4_getblk+0xad/0x520 [ 55.498072][ T6838] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 55.503785][ T6838] ? ext4_free_inode+0x17e0/0x17e0 [ 55.508874][ T6838] ext4_bread+0x7c/0x380 [ 55.513096][ T6838] ? ext4_getblk+0x520/0x520 [ 55.517662][ T6838] ? dqget+0xff0/0xff0 [ 55.521725][ T6838] ext4_append+0x153/0x360 [ 55.526120][ T6838] ext4_mkdir+0x5e0/0xdf0 [ 55.530433][ T6838] ? ext4_rmdir+0xde0/0xde0 [ 55.534913][ T6838] ? security_inode_permission+0xc4/0xf0 [ 55.540524][ T6838] vfs_mkdir+0x419/0x690 [ 55.544747][ T6838] do_mkdirat+0x21e/0x280 [ 55.549052][ T6838] ? __ia32_sys_mknod+0xb0/0xb0 [ 55.553878][ T6838] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 55.559833][ T6838] ? do_syscall_64+0x21/0x7d0 [ 55.564489][ T6838] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 55.570447][ T6838] do_syscall_64+0xf6/0x7d0 [ 55.574927][ T6838] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 55.580792][ T6838] RIP: 0033:0x7fa2f1d24687 [ 55.585196][ T6838] Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48 [ 55.604792][ T6838] RSP: 002b:00007fffeaa243a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 55.613191][ T6838] RAX: ffffffffffffffda RBX: 00005638ed5e0985 RCX: 00007fa2f1d24687 [ 55.621137][ T6838] RDX: 00007fffeaa24270 RSI: 00000000000001ed RDI: 00005638ed5e0985 [ 55.629082][ T6838] RBP: 00007fa2f1d24680 R08: 0000000000000100 R09: 0000000000000000 [ 55.637026][ T6838] R10: 00005638ed5e0980 R11: 0000000000000246 R12: 00000000000001ed [ 55.644972][ T6838] R13: 00007fffeaa24530 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 57.260222][ T21] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:1/21 [ 57.269261][ T21] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 57.275539][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.7.0-syzkaller #0 [ 57.283411][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.293446][ T21] Workqueue: writeback wb_workfn (flush-8:0) [ 57.299397][ T21] Call Trace: [ 57.302664][ T21] dump_stack+0x188/0x20d [ 57.306991][ T21] debug_smp_processor_id.cold+0x88/0x9b [ 57.312598][ T21] ext4_mb_new_blocks+0xa77/0x3b30 [ 57.317689][ T21] ? __kmalloc+0x62f/0x7a0 [ 57.322089][ T21] ? ext4_ext_search_right+0x2ca/0xb20 [ 57.327523][ T21] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 57.333224][ T21] ext4_ext_map_blocks+0x2044/0x3410 [ 57.338489][ T21] ? ext4_ext_release+0x10/0x10 [ 57.343329][ T21] ? __down_timeout+0x2d0/0x2d0 [ 57.348158][ T21] ? ext4_es_lookup_extent+0x41d/0xd30 [ 57.353605][ T21] ? debug_smp_processor_id+0x2f/0x185 [ 57.359044][ T21] ext4_map_blocks+0x4cb/0x1640 [ 57.363888][ T21] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 57.369058][ T21] ? debug_smp_processor_id+0x2f/0x185 [ 57.374521][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.380052][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.386020][ T21] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 57.391457][ T21] ext4_writepages+0x1ab7/0x3400 [ 57.396381][ T21] ? __ext4_mark_inode_dirty+0x950/0x950 [ 57.402001][ T21] ? __lock_acquire+0x2224/0x48a0 [ 57.407018][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.413093][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.419072][ T21] ? __ext4_mark_inode_dirty+0x950/0x950 [ 57.424713][ T21] ? do_writepages+0xfa/0x2a0 [ 57.429376][ T21] do_writepages+0xfa/0x2a0 [ 57.433871][ T21] ? page_writeback_cpu_online+0x10/0x10 [ 57.439478][ T21] ? debug_smp_processor_id+0x2f/0x185 [ 57.444915][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.450449][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.456403][ T21] ? lock_downgrade+0x840/0x840 [ 57.461245][ T21] __writeback_single_inode+0x12a/0x1410 [ 57.466853][ T21] ? _raw_spin_unlock+0x24/0x40 [ 57.471686][ T21] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 57.477657][ T21] writeback_sb_inodes+0x515/0xdd0 [ 57.482757][ T21] ? __writeback_single_inode+0x1410/0x1410 [ 57.488636][ T21] __writeback_inodes_wb+0xc3/0x250 [ 57.493814][ T21] wb_writeback+0x910/0xd90 [ 57.498295][ T21] ? print_usage_bug+0x240/0x240 [ 57.503224][ T21] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 57.509525][ T21] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 57.515401][ T21] ? cpumask_next+0x3c/0x40 [ 57.519894][ T21] ? get_nr_dirty_inodes+0xd6/0x130 [ 57.525085][ T21] wb_workfn+0xadf/0x10d0 [ 57.529406][ T21] ? inode_wait_for_writeback+0x30/0x30 [ 57.534926][ T21] ? debug_smp_processor_id+0x2f/0x185 [ 57.540364][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.545880][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.551863][ T21] process_one_work+0x965/0x16a0 [ 57.556779][ T21] ? lock_release+0x800/0x800 [ 57.561433][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.566780][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 57.571701][ T21] worker_thread+0x96/0xe10 [ 57.576197][ T21] ? process_one_work+0x16a0/0x16a0 [ 57.581371][ T21] kthread+0x388/0x470 [ 57.585412][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.591103][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.596829][ T21] ret_from_fork+0x24/0x30 Warning: Permanently added '10.128.0.61' (ECDSA) to the list of known hosts. 2020/06/12 16:25:01 fuzzer started 2020/06/12 16:25:01 connecting to host at 10.128.0.26:32799 2020/06/12 16:25:01 checking machine... 2020/06/12 16:25:01 checking revisions... 2020/06/12 16:25:01 testing simple program... [ 61.104597][ T6904] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6904 [ 61.113861][ T6904] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 61.119857][ T6904] CPU: 1 PID: 6904 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 61.127738][ T6904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.137797][ T6904] Call Trace: [ 61.141096][ T6904] dump_stack+0x188/0x20d [ 61.145447][ T6904] debug_smp_processor_id.cold+0x88/0x9b [ 61.151071][ T6904] ext4_mb_new_blocks+0xa77/0x3b30 [ 61.156186][ T6904] ? ext4_ext_search_right+0x2ca/0xb20 [ 61.161634][ T6904] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 61.167349][ T6904] ext4_ext_map_blocks+0x2044/0x3410 [ 61.172681][ T6904] ? ext4_ext_release+0x10/0x10 [ 61.177539][ T6904] ? __down_timeout+0x2d0/0x2d0 [ 61.182379][ T6904] ? ext4_es_lookup_extent+0x41d/0xd30 [ 61.187837][ T6904] ext4_map_blocks+0x4cb/0x1640 [ 61.192687][ T6904] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.197876][ T6904] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.203415][ T6904] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.209409][ T6904] ? prandom_u32_state+0xe/0x170 [ 61.214351][ T6904] ? __brelse+0x84/0xa0 [ 61.218497][ T6904] ? __ext4_new_inode+0x144/0x57c0 [ 61.223606][ T6904] ext4_getblk+0xad/0x520 [ 61.227938][ T6904] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 61.233655][ T6904] ? ext4_free_inode+0x17e0/0x17e0 [ 61.238761][ T6904] ext4_bread+0x7c/0x380 [ 61.242996][ T6904] ? ext4_getblk+0x520/0x520 [ 61.247579][ T6904] ? dqget+0xff0/0xff0 [ 61.251647][ T6904] ext4_append+0x153/0x360 [ 61.256073][ T6904] ext4_mkdir+0x5e0/0xdf0 [ 61.260430][ T6904] ? ext4_rmdir+0xde0/0xde0 [ 61.264956][ T6904] ? security_inode_permission+0xc4/0xf0 [ 61.270602][ T6904] vfs_mkdir+0x419/0x690 [ 61.274840][ T6904] do_mkdirat+0x21e/0x280 [ 61.279179][ T6904] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.284028][ T6904] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.289999][ T6904] ? do_syscall_64+0x21/0x7d0 [ 61.294673][ T6904] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.300652][ T6904] do_syscall_64+0xf6/0x7d0 [ 61.305152][ T6904] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 61.311038][ T6904] RIP: 0033:0x4b02a0 [ 61.314924][ T6904] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 61.334539][ T6904] RSP: 002b:000000c0001574b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 61.342947][ T6904] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 61.350918][ T6904] RDX: 00000000000001c0 RSI: 000000c0000d8d40 RDI: ffffffffffffff9c [ 61.358880][ T6904] RBP: 000000c000157510 R08: 0000000000000000 R09: 0000000000000000 [ 61.366839][ T6904] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 61.374801][ T6904] R13: 000000000000006b R14: 000000000000006a R15: 0000000000000100 [ 61.402969][ T6918] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6918 [ 61.412413][ T6918] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 61.418300][ T6918] CPU: 1 PID: 6918 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 61.426543][ T6918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.436606][ T6918] Call Trace: [ 61.439879][ T6918] dump_stack+0x188/0x20d [ 61.444189][ T6918] debug_smp_processor_id.cold+0x88/0x9b [ 61.449799][ T6918] ext4_mb_new_blocks+0xa77/0x3b30 [ 61.454908][ T6918] ? ext4_ext_search_right+0x2ca/0xb20 [ 61.460346][ T6918] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 61.466044][ T6918] ext4_ext_map_blocks+0x2044/0x3410 [ 61.471335][ T6918] ? ext4_ext_release+0x10/0x10 [ 61.476186][ T6918] ? __down_timeout+0x2d0/0x2d0 [ 61.481014][ T6918] ? ext4_es_lookup_extent+0x41d/0xd30 [ 61.486499][ T6918] ext4_map_blocks+0x4cb/0x1640 [ 61.491331][ T6918] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.496505][ T6918] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.502027][ T6918] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.507982][ T6918] ? prandom_u32_state+0xe/0x170 [ 61.512897][ T6918] ? __brelse+0x84/0xa0 [ 61.517032][ T6918] ? __ext4_new_inode+0x144/0x57c0 [ 61.522122][ T6918] ext4_getblk+0xad/0x520 [ 61.526431][ T6918] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 61.532146][ T6918] ? ext4_free_inode+0x17e0/0x17e0 [ 61.537237][ T6918] ext4_bread+0x7c/0x380 [ 61.541455][ T6918] ? ext4_getblk+0x520/0x520 [ 61.546040][ T6918] ? dqget+0xff0/0xff0 [ 61.550090][ T6918] ext4_append+0x153/0x360 [ 61.554496][ T6918] ext4_mkdir+0x5e0/0xdf0 [ 61.558804][ T6918] ? ext4_rmdir+0xde0/0xde0 [ 61.563284][ T6918] ? security_inode_permission+0xc4/0xf0 [ 61.568896][ T6918] vfs_mkdir+0x419/0x690 [ 61.573168][ T6918] do_mkdirat+0x21e/0x280 [ 61.577472][ T6918] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.582327][ T6918] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.588282][ T6918] ? do_syscall_64+0x21/0x7d0 [ 61.592934][ T6918] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.598891][ T6918] do_syscall_64+0xf6/0x7d0 [ 61.603372][ T6918] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 61.609241][ T6918] RIP: 0033:0x45bee7 [ 61.613124][ T6918] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.632719][ T6918] RSP: 002b:00007ffd389aed88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 61.641120][ T6918] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 61.649069][ T6918] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffd389aef60 [ 61.657016][ T6918] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002f80 [ 61.664962][ T6918] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 61.672910][ T6918] R13: 00007ffd389aef60 R14: 8421084210842109 R15: 00007ffd389aef6c [ 61.755817][ T6919] IPVS: ftp: loaded support on port[0] = 21 [ 61.793740][ T6919] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6919 [ 61.803274][ T6919] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 61.809258][ T6919] CPU: 0 PID: 6919 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 61.817483][ T6919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.827635][ T6919] Call Trace: [ 61.830953][ T6919] dump_stack+0x188/0x20d [ 61.835274][ T6919] debug_smp_processor_id.cold+0x88/0x9b [ 61.840889][ T6919] ext4_mb_new_blocks+0xa77/0x3b30 [ 61.846088][ T6919] ? ext4_ext_search_right+0x2ca/0xb20 [ 61.851542][ T6919] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 61.857248][ T6919] ext4_ext_map_blocks+0x2044/0x3410 [ 61.862514][ T6919] ? ext4_ext_release+0x10/0x10 [ 61.867385][ T6919] ? __down_timeout+0x2d0/0x2d0 [ 61.872213][ T6919] ? ext4_es_lookup_extent+0x41d/0xd30 [ 61.877653][ T6919] ext4_map_blocks+0x4cb/0x1640 [ 61.882491][ T6919] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.887668][ T6919] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.893193][ T6919] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.899152][ T6919] ? prandom_u32_state+0xe/0x170 [ 61.904067][ T6919] ? __brelse+0x84/0xa0 [ 61.908199][ T6919] ? __ext4_new_inode+0x144/0x57c0 [ 61.913304][ T6919] ext4_getblk+0xad/0x520 [ 61.917622][ T6919] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 61.923321][ T6919] ? ext4_free_inode+0x17e0/0x17e0 [ 61.928421][ T6919] ext4_bread+0x7c/0x380 [ 61.932652][ T6919] ? ext4_getblk+0x520/0x520 [ 61.937230][ T6919] ? dqget+0xff0/0xff0 [ 61.941298][ T6919] ext4_append+0x153/0x360 [ 61.945693][ T6919] ext4_mkdir+0x5e0/0xdf0 [ 61.950011][ T6919] ? ext4_rmdir+0xde0/0xde0 [ 61.954493][ T6919] ? security_inode_permission+0xc4/0xf0 [ 61.960193][ T6919] vfs_mkdir+0x419/0x690 [ 61.964459][ T6919] do_mkdirat+0x21e/0x280 [ 61.968783][ T6919] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.973625][ T6919] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.979619][ T6919] ? do_syscall_64+0x21/0x7d0 [ 61.984271][ T6919] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.990236][ T6919] do_syscall_64+0xf6/0x7d0 [ 61.994721][ T6919] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 62.000605][ T6919] RIP: 0033:0x45bee7 [ 62.004474][ T6919] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.024056][ T6919] RSP: 002b:00007ffd389aec78 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 62.032459][ T6919] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 62.040426][ T6919] RDX: 00007ffd389aecc3 RSI: 00000000000001ff RDI: 00007ffd389aecc0 [ 62.048378][ T6919] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 62.056441][ T6919] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185d0 [ 62.064401][ T6919] R13: 00007ffd389aecb0 R14: 0000000000000000 R15: 00007ffd389aecc0 [ 62.117076][ T6919] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6919 [ 62.126549][ T6919] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 62.132541][ T6919] CPU: 0 PID: 6919 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 62.140776][ T6919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.150828][ T6919] Call Trace: [ 62.154140][ T6919] dump_stack+0x188/0x20d [ 62.158478][ T6919] debug_smp_processor_id.cold+0x88/0x9b [ 62.164115][ T6919] ext4_mb_new_blocks+0xa77/0x3b30 [ 62.169243][ T6919] ? ext4_ext_search_right+0x2ca/0xb20 [ 62.174707][ T6919] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 62.180443][ T6919] ext4_ext_map_blocks+0x2044/0x3410 [ 62.185745][ T6919] ? ext4_ext_release+0x10/0x10 [ 62.190618][ T6919] ? __down_timeout+0x2d0/0x2d0 [ 62.195467][ T6919] ? ext4_es_lookup_extent+0x41d/0xd30 [ 62.200934][ T6919] ext4_map_blocks+0x4cb/0x1640 [ 62.205783][ T6919] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 62.210962][ T6919] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.216485][ T6919] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.222461][ T6919] ? prandom_u32_state+0xe/0x170 [ 62.227389][ T6919] ? __brelse+0x84/0xa0 [ 62.231534][ T6919] ? __ext4_new_inode+0x144/0x57c0 [ 62.236623][ T6919] ext4_getblk+0xad/0x520 [ 62.240945][ T6919] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 62.246642][ T6919] ? ext4_free_inode+0x17e0/0x17e0 [ 62.251745][ T6919] ext4_bread+0x7c/0x380 [ 62.255963][ T6919] ? ext4_getblk+0x520/0x520 [ 62.260545][ T6919] ? dqget+0xff0/0xff0 [ 62.264593][ T6919] ext4_append+0x153/0x360 [ 62.268988][ T6919] ext4_mkdir+0x5e0/0xdf0 [ 62.273307][ T6919] ? ext4_rmdir+0xde0/0xde0 [ 62.277802][ T6919] ? security_inode_permission+0xc4/0xf0 [ 62.283418][ T6919] vfs_mkdir+0x419/0x690 [ 62.287661][ T6919] do_mkdirat+0x21e/0x280 [ 62.291968][ T6919] ? __ia32_sys_mknod+0xb0/0xb0 [ 62.296807][ T6919] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.302771][ T6919] ? do_syscall_64+0x21/0x7d0 [ 62.307426][ T6919] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.313402][ T6919] do_syscall_64+0xf6/0x7d0 [ 62.317903][ T6919] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 62.323782][ T6919] RIP: 0033:0x45bee7 [ 62.327661][ T6919] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.347250][ T6919] RSP: 002b:00007ffd389aec78 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 62.355668][ T6919] RAX: ffffffffffffffda RBX: 000000000000f298 RCX: 000000000045bee7 2020/06/12 16:25:03 building call list... [ 62.363619][ T6919] RDX: 00007ffd389aecc3 RSI: 00000000000001ff RDI: 00007ffd389aecc0 [ 62.371580][ T6919] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 62.379529][ T6919] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 62.387489][ T6919] R13: 00007ffd389aecb0 R14: 000000000000f294 R15: 00007ffd389aecc0 [ 62.638372][ T21] tipc: TX() has been purged, node left! [ 63.140900][ T21] ================================================================== [ 63.149115][ T21] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x7a7/0x880 [ 63.156999][ T21] Write of size 1 at addr ffff8880a694f1e4 by task kworker/u4:1/21 [ 63.164870][ T21] [ 63.167195][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.7.0-syzkaller #0 [ 63.175159][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.185214][ T21] Workqueue: netns cleanup_net [ 63.189966][ T21] Call Trace: [ 63.193255][ T21] dump_stack+0x188/0x20d [ 63.197586][ T21] ? afs_wake_up_async_call+0x7a7/0x880 [ 63.203125][ T21] ? afs_wake_up_async_call+0x7a7/0x880 [ 63.208664][ T21] ? afs_put_call+0xa70/0xa70 [ 63.213341][ T21] print_address_description.constprop.0.cold+0xd3/0x413 [ 63.220368][ T21] ? vprintk_func+0x97/0x1a6 [ 63.224960][ T21] ? afs_wake_up_async_call+0x7a7/0x880 [ 63.230502][ T21] kasan_report.cold+0x1f/0x37 [ 63.235271][ T21] ? afs_wake_up_async_call+0x7a7/0x880 [ 63.240814][ T21] afs_wake_up_async_call+0x7a7/0x880 [ 63.246179][ T21] ? do_raw_spin_lock+0x129/0x2e0 [ 63.251232][ T21] ? afs_close_socket+0x320/0x320 [ 63.256277][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 63.261208][ T21] ? rcu_read_lock_held+0x9c/0xb0 [ 63.266262][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 63.271906][ T21] ? afs_close_socket+0x320/0x320 [ 63.276953][ T21] ? afs_put_call+0xa70/0xa70 [ 63.281631][ T21] rxrpc_notify_socket+0x1e5/0x5e0 [ 63.286743][ T21] ? afs_put_call+0xa70/0xa70 [ 63.291430][ T21] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 63.297849][ T21] rxrpc_call_completed+0xca/0xf0 [ 63.302874][ T21] rxrpc_discard_prealloc+0x786/0xac0 [ 63.308257][ T21] ? lock_sock_nested+0x94/0x110 [ 63.313210][ T21] rxrpc_listen+0x147/0x360 [ 63.317727][ T21] afs_close_socket+0x95/0x320 [ 63.322483][ T21] ? afs_purge_servers+0x16d/0x300 [ 63.327592][ T21] ? afs_rx_discard_new_call+0x50/0x50 [ 63.333046][ T21] ? debug_smp_processor_id+0x2f/0x185 [ 63.338505][ T21] ? init_wait_var_entry+0x200/0x200 [ 63.343796][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 63.349434][ T21] afs_net_exit+0x1bc/0x310 [ 63.353931][ T21] ? afs_net_init+0xe30/0xe30 [ 63.358604][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 63.363718][ T21] cleanup_net+0x511/0xa50 [ 63.368137][ T21] ? unregister_pernet_device+0x70/0x70 [ 63.373685][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.379675][ T21] process_one_work+0x965/0x16a0 [ 63.384672][ T21] ? lock_release+0x800/0x800 [ 63.389407][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.394796][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 63.399736][ T21] worker_thread+0x96/0xe10 [ 63.404265][ T21] ? process_one_work+0x16a0/0x16a0 [ 63.409464][ T21] kthread+0x388/0x470 [ 63.413539][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.419307][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.425019][ T21] ret_from_fork+0x24/0x30 [ 63.429442][ T21] [ 63.431746][ T21] Allocated by task 6919: [ 63.436068][ T21] save_stack+0x1b/0x40 [ 63.440220][ T21] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 63.445846][ T21] kmem_cache_alloc_trace+0x153/0x7d0 [ 63.451235][ T21] afs_alloc_call+0x55/0x640 [ 63.455841][ T21] afs_charge_preallocation+0xe9/0x2d0 [ 63.461303][ T21] afs_open_socket+0x292/0x360 [ 63.466065][ T21] afs_net_init+0xa6c/0xe30 [ 63.470575][ T21] ops_init+0xaf/0x420 [ 63.474636][ T21] setup_net+0x2de/0x860 [ 63.478871][ T21] copy_net_ns+0x293/0x590 [ 63.483284][ T21] create_new_namespaces+0x3fb/0xb30 [ 63.488564][ T21] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 63.494193][ T21] ksys_unshare+0x43d/0x8e0 [ 63.498690][ T21] __x64_sys_unshare+0x2d/0x40 [ 63.503448][ T21] do_syscall_64+0xf6/0x7d0 [ 63.507961][ T21] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 63.513841][ T21] [ 63.516161][ T21] Freed by task 21: [ 63.519980][ T21] save_stack+0x1b/0x40 [ 63.524129][ T21] __kasan_slab_free+0xf7/0x140 [ 63.528974][ T21] kfree+0x109/0x2b0 [ 63.532878][ T21] afs_put_call+0x59b/0xa70 [ 63.537374][ T21] rxrpc_discard_prealloc+0x769/0xac0 [ 63.542737][ T21] rxrpc_listen+0x147/0x360 [ 63.547265][ T21] afs_close_socket+0x95/0x320 [ 63.552036][ T21] afs_net_exit+0x1bc/0x310 [ 63.556549][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 63.561651][ T21] cleanup_net+0x511/0xa50 [ 63.566119][ T21] process_one_work+0x965/0x16a0 [ 63.571058][ T21] worker_thread+0x96/0xe10 [ 63.575571][ T21] kthread+0x388/0x470 [ 63.579638][ T21] ret_from_fork+0x24/0x30 [ 63.584048][ T21] [ 63.586373][ T21] The buggy address belongs to the object at ffff8880a694f000 [ 63.586373][ T21] which belongs to the cache kmalloc-1k of size 1024 [ 63.600419][ T21] The buggy address is located 484 bytes inside of [ 63.600419][ T21] 1024-byte region [ffff8880a694f000, ffff8880a694f400) [ 63.613769][ T21] The buggy address belongs to the page: [ 63.619401][ T21] page:ffffea00029a53c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 63.628542][ T21] flags: 0xfffe0000000200(slab) [ 63.633406][ T21] raw: 00fffe0000000200 ffffea00028e9888 ffffea00025fe348 ffff8880aa000c40 [ 63.642012][ T21] raw: 0000000000000000 ffff8880a694f000 0000000100000002 0000000000000000 [ 63.650584][ T21] page dumped because: kasan: bad access detected [ 63.656980][ T21] [ 63.659314][ T21] Memory state around the buggy address: [ 63.664945][ T21] ffff8880a694f080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.673049][ T21] ffff8880a694f100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.681108][ T21] >ffff8880a694f180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.689160][ T21] ^ [ 63.696347][ T21] ffff8880a694f200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.704408][ T21] ffff8880a694f280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.712508][ T21] ================================================================== [ 63.720558][ T21] Disabling lock debugging due to kernel taint [ 63.726768][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 63.733352][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Tainted: G B 5.7.0-syzkaller #0 [ 63.742625][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.752690][ T21] Workqueue: netns cleanup_net [ 63.757457][ T21] Call Trace: [ 63.760740][ T21] dump_stack+0x188/0x20d [ 63.765076][ T21] ? afs_wake_up_async_call+0x6b0/0x880 [ 63.770637][ T21] ? afs_put_call+0xa70/0xa70 [ 63.775342][ T21] panic+0x2e3/0x75c [ 63.779232][ T21] ? add_taint.cold+0x16/0x16 [ 63.783961][ T21] ? retint_kernel+0x2b/0x2b [ 63.788617][ T21] ? trace_hardirqs_on+0x55/0x230 [ 63.793639][ T21] ? afs_wake_up_async_call+0x7a7/0x880 [ 63.799174][ T21] ? afs_wake_up_async_call+0x7a7/0x880 [ 63.804707][ T21] ? afs_put_call+0xa70/0xa70 [ 63.809435][ T21] end_report+0x4d/0x53 [ 63.813656][ T21] kasan_report.cold+0xd/0x37 [ 63.818357][ T21] ? afs_wake_up_async_call+0x7a7/0x880 [ 63.823898][ T21] afs_wake_up_async_call+0x7a7/0x880 [ 63.829265][ T21] ? do_raw_spin_lock+0x129/0x2e0 [ 63.834280][ T21] ? afs_close_socket+0x320/0x320 [ 63.839305][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 63.844263][ T21] ? rcu_read_lock_held+0x9c/0xb0 [ 63.849277][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 63.854902][ T21] ? afs_close_socket+0x320/0x320 [ 63.859917][ T21] ? afs_put_call+0xa70/0xa70 [ 63.864586][ T21] rxrpc_notify_socket+0x1e5/0x5e0 [ 63.869691][ T21] ? afs_put_call+0xa70/0xa70 [ 63.874361][ T21] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 63.880789][ T21] rxrpc_call_completed+0xca/0xf0 [ 63.885839][ T21] rxrpc_discard_prealloc+0x786/0xac0 [ 63.891200][ T21] ? lock_sock_nested+0x94/0x110 [ 63.896128][ T21] rxrpc_listen+0x147/0x360 [ 63.900628][ T21] afs_close_socket+0x95/0x320 [ 63.905377][ T21] ? afs_purge_servers+0x16d/0x300 [ 63.910498][ T21] ? afs_rx_discard_new_call+0x50/0x50 [ 63.915949][ T21] ? debug_smp_processor_id+0x2f/0x185 [ 63.921395][ T21] ? init_wait_var_entry+0x200/0x200 [ 63.926696][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 63.932320][ T21] afs_net_exit+0x1bc/0x310 [ 63.936814][ T21] ? afs_net_init+0xe30/0xe30 [ 63.941482][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 63.946597][ T21] cleanup_net+0x511/0xa50 [ 63.951004][ T21] ? unregister_pernet_device+0x70/0x70 [ 63.956551][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.962539][ T21] process_one_work+0x965/0x16a0 [ 63.967475][ T21] ? lock_release+0x800/0x800 [ 63.972160][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.977528][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 63.982458][ T21] worker_thread+0x96/0xe10 [ 63.986954][ T21] ? process_one_work+0x16a0/0x16a0 [ 63.992145][ T21] kthread+0x388/0x470 [ 63.996202][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.001931][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.007645][ T21] ret_from_fork+0x24/0x30 [ 64.013067][ T21] Kernel Offset: disabled [ 64.017379][ T21] Rebooting in 86400 seconds..