[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ 53.996041][ T6730] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6730 [ 54.005730][ T6730] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 54.012110][ T6730] CPU: 1 PID: 6730 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 54.020779][ T6730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.030829][ T6730] Call Trace: [ 54.034121][ T6730] dump_stack+0x18f/0x20d [ 54.038447][ T6730] check_preemption_disabled+0x20d/0x220 [ 54.044063][ T6730] ext4_mb_new_blocks+0xa4d/0x3b70 [ 54.049161][ T6730] ? ext4_ext_search_right+0x2ca/0xb20 [ 54.055063][ T6730] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 54.060780][ T6730] ext4_ext_map_blocks+0x201b/0x33e0 [ 54.066415][ T6730] ? ext4_ext_release+0x10/0x10 [ 54.071453][ T6730] ? down_write_killable+0x170/0x170 [ 54.076745][ T6730] ? ext4_es_lookup_extent+0x41d/0xd10 [ 54.082551][ T6730] ext4_map_blocks+0x4cb/0x1640 [ 54.087855][ T6730] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 54.093554][ T6730] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 54.099076][ T6730] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 54.105049][ T6730] ? prandom_u32_state+0xe/0x170 [ 54.109976][ T6730] ? __brelse+0x84/0xa0 [ 54.114126][ T6730] ? __ext4_new_inode+0x144/0x55e0 [ 54.119218][ T6730] ext4_getblk+0xad/0x520 [ 54.123540][ T6730] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 54.129239][ T6730] ? ext4_free_inode+0x1700/0x1700 [ 54.134331][ T6730] ext4_bread+0x7c/0x380 [ 54.138567][ T6730] ? ext4_getblk+0x520/0x520 [ 54.143147][ T6730] ? dquot_get_next_dqblk+0x180/0x180 [ 54.148498][ T6730] ext4_append+0x153/0x360 [ 54.153069][ T6730] ext4_mkdir+0x5e0/0xdf0 [ 54.157379][ T6730] ? ext4_rmdir+0xde0/0xde0 [ 54.161876][ T6730] ? security_inode_permission+0xc4/0xf0 [ 54.167499][ T6730] vfs_mkdir+0x419/0x690 [ 54.171736][ T6730] do_mkdirat+0x21e/0x280 [ 54.176041][ T6730] ? __ia32_sys_mknod+0xb0/0xb0 [ 54.181052][ T6730] ? do_syscall_64+0x1c/0xe0 [ 54.185630][ T6730] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 54.191626][ T6730] do_syscall_64+0x60/0xe0 [ 54.196062][ T6730] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 54.201975][ T6730] RIP: 0033:0x7f424aec2687 [ 54.206366][ T6730] Code: Bad RIP value. [ 54.210411][ T6730] RSP: 002b:00007ffcb7c2a538 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 54.219063][ T6730] RAX: ffffffffffffffda RBX: 0000555bb5599985 RCX: 00007f424aec2687 [ 54.227012][ T6730] RDX: 00007ffcb7c2a400 RSI: 00000000000001ed RDI: 0000555bb5599985 [ 54.234978][ T6730] RBP: 00007f424aec2680 R08: 0000000000000100 R09: 0000000000000000 [ 54.242928][ T6730] R10: 0000555bb5599980 R11: 0000000000000246 R12: 00000000000001ed [ 54.251246][ T6730] R13: 00007ffcb7c2a6c0 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 57.949134][ T92] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:3/92 [ 57.958178][ T92] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.964200][ T92] CPU: 1 PID: 92 Comm: kworker/u4:3 Not tainted 5.7.0-syzkaller #0 [ 57.972092][ T92] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.982240][ T92] Workqueue: writeback wb_workfn (flush-8:0) [ 57.988296][ T92] Call Trace: [ 57.991600][ T92] dump_stack+0x18f/0x20d [ 57.995946][ T92] check_preemption_disabled+0x20d/0x220 [ 58.001561][ T92] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.006669][ T92] ? ext4_find_extent+0x81a/0xad0 [ 58.011681][ T92] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.017620][ T92] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.023345][ T92] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.028624][ T92] ? ext4_ext_release+0x10/0x10 [ 58.033470][ T92] ? down_write_killable+0x170/0x170 [ 58.038748][ T92] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.044207][ T92] ext4_map_blocks+0x4cb/0x1640 [ 58.049055][ T92] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.054273][ T92] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.059814][ T92] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.065906][ T92] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 58.072391][ T92] ext4_writepages+0x1a7b/0x33c0 [ 58.077454][ T92] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.083216][ T92] ? __lock_acquire+0x2224/0x48b0 [ 58.088626][ T92] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.094703][ T92] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.100675][ T92] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.106285][ T92] ? do_writepages+0xfa/0x2a0 [ 58.110948][ T92] do_writepages+0xfa/0x2a0 [ 58.115513][ T92] ? page_writeback_cpu_online+0x10/0x10 [ 58.121177][ T92] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.126799][ T92] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.132889][ T92] ? lock_downgrade+0x840/0x840 [ 58.137761][ T92] __writeback_single_inode+0x12a/0x13d0 [ 58.143476][ T92] ? _raw_spin_unlock+0x24/0x40 [ 58.148307][ T92] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 58.154282][ T92] writeback_sb_inodes+0x515/0xdc0 [ 58.159388][ T92] ? __writeback_single_inode+0x13d0/0x13d0 [ 58.165285][ T92] __writeback_inodes_wb+0xc3/0x250 [ 58.170495][ T92] wb_writeback+0x8db/0xd50 [ 58.175003][ T92] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 58.181331][ T92] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 58.187207][ T92] ? cpumask_next+0x3c/0x40 [ 58.191690][ T92] ? get_nr_dirty_inodes+0xd6/0x130 [ 58.196884][ T92] wb_workfn+0xab3/0x1090 [ 58.201203][ T92] ? inode_wait_for_writeback+0x30/0x30 [ 58.206930][ T92] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.212457][ T92] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.218460][ T92] process_one_work+0x965/0x1690 [ 58.223502][ T92] ? lock_release+0x800/0x800 [ 58.228177][ T92] ? pwq_dec_nr_in_flight+0x310/0x310 [ 58.233540][ T92] ? rwlock_bug.part.0+0x90/0x90 [ 58.238594][ T92] worker_thread+0x96/0xe10 [ 58.243158][ T92] ? process_one_work+0x1690/0x1690 [ 58.248570][ T92] kthread+0x3b5/0x4a0 [ 58.252901][ T92] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.258613][ T92] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.264592][ T92] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.15.202' (ECDSA) to the list of known hosts. 2020/06/15 18:27:53 fuzzer started 2020/06/15 18:27:54 connecting to host at 10.128.0.26:34015 2020/06/15 18:27:54 checking machine... 2020/06/15 18:27:54 checking revisions... 2020/06/15 18:27:54 testing simple program... [ 59.132355][ T6796] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6796 [ 59.141758][ T6796] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.148366][ T6796] CPU: 1 PID: 6796 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 59.156693][ T6796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.166840][ T6796] Call Trace: [ 59.170123][ T6796] dump_stack+0x18f/0x20d [ 59.174476][ T6796] check_preemption_disabled+0x20d/0x220 [ 59.180198][ T6796] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.185384][ T6796] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.190825][ T6796] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.196526][ T6796] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.201807][ T6796] ? ext4_ext_release+0x10/0x10 [ 59.206675][ T6796] ? down_write_killable+0x170/0x170 [ 59.212382][ T6796] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.217959][ T6796] ext4_map_blocks+0x4cb/0x1640 [ 59.222816][ T6796] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.228013][ T6796] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.233599][ T6796] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.239677][ T6796] ? prandom_u32_state+0xe/0x170 [ 59.244605][ T6796] ? __brelse+0x84/0xa0 [ 59.248779][ T6796] ? __ext4_new_inode+0x144/0x55e0 [ 59.253881][ T6796] ext4_getblk+0xad/0x520 [ 59.258380][ T6796] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.265321][ T6796] ? ext4_free_inode+0x1700/0x1700 [ 59.270538][ T6796] ext4_bread+0x7c/0x380 [ 59.275227][ T6796] ? ext4_getblk+0x520/0x520 [ 59.279814][ T6796] ? dquot_get_next_dqblk+0x180/0x180 [ 59.285273][ T6796] ext4_append+0x153/0x360 [ 59.289728][ T6796] ext4_mkdir+0x5e0/0xdf0 [ 59.294059][ T6796] ? ext4_rmdir+0xde0/0xde0 [ 59.298559][ T6796] ? security_inode_permission+0xc4/0xf0 [ 59.304277][ T6796] vfs_mkdir+0x419/0x690 [ 59.308537][ T6796] do_mkdirat+0x21e/0x280 [ 59.312857][ T6796] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.317949][ T6796] ? do_syscall_64+0x1c/0xe0 [ 59.322519][ T6796] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.328517][ T6796] do_syscall_64+0x60/0xe0 [ 59.332922][ T6796] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.338810][ T6796] RIP: 0033:0x4b02a0 [ 59.342691][ T6796] Code: Bad RIP value. [ 59.347000][ T6796] RSP: 002b:000000c0000ef4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 59.355649][ T6796] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 59.363613][ T6796] RDX: 00000000000001c0 RSI: 000000c0000e2b80 RDI: ffffffffffffff9c [ 59.371574][ T6796] RBP: 000000c0000ef510 R08: 0000000000000000 R09: 0000000000000000 [ 59.379615][ T6796] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 59.387668][ T6796] R13: 000000000000005d R14: 000000000000005c R15: 0000000000000100 [ 59.404717][ T6809] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6809 [ 59.414335][ T6809] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.420296][ T6809] CPU: 1 PID: 6809 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 59.428551][ T6809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.439166][ T6809] Call Trace: [ 59.442458][ T6809] dump_stack+0x18f/0x20d [ 59.446890][ T6809] check_preemption_disabled+0x20d/0x220 [ 59.452609][ T6809] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.457799][ T6809] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.463247][ T6809] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.468967][ T6809] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.474250][ T6809] ? ext4_ext_release+0x10/0x10 [ 59.479171][ T6809] ? down_write_killable+0x170/0x170 [ 59.484464][ T6809] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.490019][ T6809] ext4_map_blocks+0x4cb/0x1640 [ 59.494853][ T6809] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.500029][ T6809] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.505550][ T6809] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.511517][ T6809] ? prandom_u32_state+0xe/0x170 [ 59.516490][ T6809] ? __brelse+0x84/0xa0 [ 59.520640][ T6809] ? __ext4_new_inode+0x144/0x55e0 [ 59.526184][ T6809] ext4_getblk+0xad/0x520 [ 59.530513][ T6809] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.536232][ T6809] ? ext4_free_inode+0x1700/0x1700 [ 59.541341][ T6809] ext4_bread+0x7c/0x380 [ 59.545574][ T6809] ? ext4_getblk+0x520/0x520 [ 59.550672][ T6809] ? dquot_get_next_dqblk+0x180/0x180 [ 59.556027][ T6809] ext4_append+0x153/0x360 [ 59.560449][ T6809] ext4_mkdir+0x5e0/0xdf0 [ 59.564774][ T6809] ? ext4_rmdir+0xde0/0xde0 [ 59.569258][ T6809] ? security_inode_permission+0xc4/0xf0 [ 59.574871][ T6809] vfs_mkdir+0x419/0x690 [ 59.579117][ T6809] do_mkdirat+0x21e/0x280 [ 59.583459][ T6809] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.588341][ T6809] ? do_syscall_64+0x1c/0xe0 [ 59.592920][ T6809] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.598985][ T6809] do_syscall_64+0x60/0xe0 [ 59.603405][ T6809] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.609461][ T6809] RIP: 0033:0x45bed7 [ 59.613344][ T6809] Code: Bad RIP value. [ 59.617419][ T6809] RSP: 002b:00007ffe69617818 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.626451][ T6809] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 59.634420][ T6809] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffe696179f0 [ 59.642509][ T6809] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003280 [ 59.650582][ T6809] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 59.658538][ T6809] R13: 00007ffe696179f0 R14: 8421084210842109 R15: 00007ffe696179fc [ 59.784345][ T6811] IPVS: ftp: loaded support on port[0] = 21 [ 59.822624][ T6811] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6811 [ 59.836325][ T6811] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.842486][ T6811] CPU: 0 PID: 6811 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 59.850720][ T6811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.860818][ T6811] Call Trace: [ 59.864104][ T6811] dump_stack+0x18f/0x20d [ 59.868455][ T6811] check_preemption_disabled+0x20d/0x220 [ 59.874165][ T6811] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.879282][ T6811] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.884834][ T6811] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.890602][ T6811] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.895879][ T6811] ? ext4_ext_release+0x10/0x10 [ 59.900723][ T6811] ? down_write_killable+0x170/0x170 [ 59.905986][ T6811] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.911432][ T6811] ext4_map_blocks+0x4cb/0x1640 [ 59.916279][ T6811] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.921464][ T6811] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.926986][ T6811] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.932947][ T6811] ? prandom_u32_state+0xe/0x170 [ 59.937869][ T6811] ? __brelse+0x84/0xa0 [ 59.942020][ T6811] ? __ext4_new_inode+0x144/0x55e0 [ 59.947111][ T6811] ext4_getblk+0xad/0x520 [ 59.951431][ T6811] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.957314][ T6811] ? ext4_free_inode+0x1700/0x1700 [ 59.962406][ T6811] ext4_bread+0x7c/0x380 [ 59.966625][ T6811] ? ext4_getblk+0x520/0x520 [ 59.971195][ T6811] ? dquot_get_next_dqblk+0x180/0x180 [ 59.976612][ T6811] ext4_append+0x153/0x360 [ 59.981044][ T6811] ext4_mkdir+0x5e0/0xdf0 [ 59.985381][ T6811] ? ext4_rmdir+0xde0/0xde0 [ 59.989974][ T6811] ? security_inode_permission+0xc4/0xf0 [ 59.995592][ T6811] vfs_mkdir+0x419/0x690 [ 59.999834][ T6811] do_mkdirat+0x21e/0x280 [ 60.004305][ T6811] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.009230][ T6811] ? do_syscall_64+0x1c/0xe0 [ 60.013820][ T6811] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.019885][ T6811] do_syscall_64+0x60/0xe0 [ 60.024287][ T6811] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.030162][ T6811] RIP: 0033:0x45bed7 [ 60.034118][ T6811] Code: Bad RIP value. [ 60.038166][ T6811] RSP: 002b:00007ffe69617708 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 60.046575][ T6811] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 60.054546][ T6811] RDX: 00007ffe69617753 RSI: 00000000000001ff RDI: 00007ffe69617750 [ 60.062698][ T6811] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 60.070675][ T6811] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185c0 [ 60.078732][ T6811] R13: 00007ffe69617740 R14: 0000000000000000 R15: 00007ffe69617750 [ 60.126705][ T6811] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6811 [ 60.136357][ T6811] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.142452][ T6811] CPU: 0 PID: 6811 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.150855][ T6811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.161173][ T6811] Call Trace: [ 60.164470][ T6811] dump_stack+0x18f/0x20d [ 60.168990][ T6811] check_preemption_disabled+0x20d/0x220 [ 60.174890][ T6811] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.180010][ T6811] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.185474][ T6811] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.191389][ T6811] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.196694][ T6811] ? ext4_ext_release+0x10/0x10 [ 60.201658][ T6811] ? down_write_killable+0x170/0x170 [ 60.207038][ T6811] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.212517][ T6811] ext4_map_blocks+0x4cb/0x1640 [ 60.217363][ T6811] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.222549][ T6811] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.228097][ T6811] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.234054][ T6811] ? prandom_u32_state+0xe/0x170 [ 60.238975][ T6811] ? __brelse+0x84/0xa0 [ 60.243126][ T6811] ? __ext4_new_inode+0x144/0x55e0 [ 60.248220][ T6811] ext4_getblk+0xad/0x520 [ 60.252546][ T6811] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.258349][ T6811] ? ext4_free_inode+0x1700/0x1700 [ 60.263459][ T6811] ext4_bread+0x7c/0x380 [ 60.267695][ T6811] ? ext4_getblk+0x520/0x520 [ 60.272453][ T6811] ? dquot_get_next_dqblk+0x180/0x180 [ 60.278193][ T6811] ext4_append+0x153/0x360 [ 60.282679][ T6811] ext4_mkdir+0x5e0/0xdf0 [ 60.286991][ T6811] ? ext4_rmdir+0xde0/0xde0 [ 60.291480][ T6811] ? security_inode_permission+0xc4/0xf0 [ 60.297101][ T6811] vfs_mkdir+0x419/0x690 [ 60.301435][ T6811] do_mkdirat+0x21e/0x280 [ 60.305758][ T6811] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.310783][ T6811] ? do_syscall_64+0x1c/0xe0 [ 60.315582][ T6811] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.321560][ T6811] do_syscall_64+0x60/0xe0 [ 60.327446][ T6811] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.333518][ T6811] RIP: 0033:0x45bed7 [ 60.338288][ T6811] Code: Bad RIP value. [ 60.343558][ T6811] RSP: 002b:00007ffe69617708 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 60.351967][ T6811] RAX: ffffffffffffffda RBX: 000000000000eadd RCX: 000000000045bed7 [ 60.360796][ T6811] RDX: 00007ffe69617753 RSI: 00000000000001ff RDI: 00007ffe69617750 [ 60.368925][ T6811] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/15 18:27:55 building call list... [ 60.378137][ T6811] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 60.386094][ T6811] R13: 00007ffe69617740 R14: 000000000000eacd R15: 00007ffe69617750 [ 60.658788][ T92] tipc: TX() has been purged, node left! [ 61.181044][ T92] ================================================================== [ 61.203093][ T92] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 61.211193][ T92] Write of size 1 at addr ffff8880972271e4 by task kworker/u4:3/92 [ 61.219303][ T92] [ 61.221638][ T92] CPU: 0 PID: 92 Comm: kworker/u4:3 Not tainted 5.7.0-syzkaller #0 [ 61.229968][ T92] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.241650][ T92] Workqueue: netns cleanup_net [ 61.246504][ T92] Call Trace: [ 61.249793][ T92] dump_stack+0x18f/0x20d [ 61.254300][ T92] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.259840][ T92] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.265378][ T92] ? afs_put_call+0xa40/0xa40 [ 61.270232][ T92] print_address_description.constprop.0.cold+0xd3/0x413 [ 61.277363][ T92] ? vprintk_func+0x97/0x1a6 [ 61.282045][ T92] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.287594][ T92] kasan_report.cold+0x1f/0x37 [ 61.292628][ T92] ? rcu_read_lock_held+0x81/0xb0 [ 61.297676][ T92] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.303236][ T92] afs_wake_up_async_call+0x6aa/0x770 [ 61.308611][ T92] ? afs_close_socket+0x320/0x320 [ 61.313642][ T92] ? afs_put_call+0xa40/0xa40 [ 61.318578][ T92] rxrpc_notify_socket+0x1db/0x5d0 [ 61.323719][ T92] ? afs_put_call+0xa40/0xa40 [ 61.328398][ T92] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 61.334821][ T92] rxrpc_call_completed+0xca/0xf0 [ 61.339868][ T92] rxrpc_discard_prealloc+0x781/0xab0 [ 61.345265][ T92] ? lock_sock_nested+0x94/0x110 [ 61.350221][ T92] rxrpc_listen+0x147/0x360 [ 61.354744][ T92] afs_close_socket+0x95/0x320 [ 61.359522][ T92] ? afs_purge_servers+0x16d/0x300 [ 61.364633][ T92] ? afs_rx_discard_new_call+0x50/0x50 [ 61.370272][ T92] ? init_wait_var_entry+0x200/0x200 [ 61.375650][ T92] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.382564][ T92] ? check_preemption_disabled+0x38/0x220 [ 61.388398][ T92] afs_net_exit+0x1bc/0x310 [ 61.392919][ T92] ? afs_net_init+0xe30/0xe30 [ 61.397614][ T92] ops_exit_list.isra.0+0xa8/0x150 [ 61.402741][ T92] cleanup_net+0x511/0xa50 [ 61.407448][ T92] ? unregister_pernet_device+0x70/0x70 [ 61.413002][ T92] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.419130][ T92] process_one_work+0x965/0x1690 [ 61.424081][ T92] ? lock_release+0x800/0x800 [ 61.428899][ T92] ? pwq_dec_nr_in_flight+0x310/0x310 [ 61.434294][ T92] ? rwlock_bug.part.0+0x90/0x90 [ 61.440063][ T92] worker_thread+0x96/0xe10 [ 61.444584][ T92] ? process_one_work+0x1690/0x1690 [ 61.449787][ T92] kthread+0x3b5/0x4a0 [ 61.453858][ T92] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.459697][ T92] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.465518][ T92] ret_from_fork+0x1f/0x30 [ 61.470061][ T92] [ 61.472387][ T92] Allocated by task 6811: [ 61.476725][ T92] save_stack+0x1b/0x40 [ 61.481175][ T92] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 61.487333][ T92] kmem_cache_alloc_trace+0x153/0x7d0 [ 61.492893][ T92] afs_alloc_call+0x55/0x630 [ 61.497568][ T92] afs_charge_preallocation+0xe9/0x2d0 [ 61.503033][ T92] afs_open_socket+0x292/0x360 [ 61.507805][ T92] afs_net_init+0xa6c/0xe30 [ 61.512305][ T92] ops_init+0xaf/0x420 [ 61.516400][ T92] setup_net+0x2de/0x860 [ 61.521785][ T92] copy_net_ns+0x293/0x590 [ 61.526199][ T92] create_new_namespaces+0x3fb/0xb30 [ 61.531482][ T92] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 61.537113][ T92] ksys_unshare+0x43d/0x8e0 [ 61.541624][ T92] __x64_sys_unshare+0x2d/0x40 [ 61.546384][ T92] do_syscall_64+0x60/0xe0 [ 61.550901][ T92] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.556869][ T92] [ 61.559217][ T92] Freed by task 92: [ 61.563132][ T92] save_stack+0x1b/0x40 [ 61.567285][ T92] __kasan_slab_free+0xf7/0x140 [ 61.572234][ T92] kfree+0x109/0x2b0 [ 61.576127][ T92] afs_put_call+0x585/0xa40 [ 61.580837][ T92] rxrpc_discard_prealloc+0x764/0xab0 [ 61.586206][ T92] rxrpc_listen+0x147/0x360 [ 61.590713][ T92] afs_close_socket+0x95/0x320 [ 61.595573][ T92] afs_net_exit+0x1bc/0x310 [ 61.600284][ T92] ops_exit_list.isra.0+0xa8/0x150 [ 61.605565][ T92] cleanup_net+0x511/0xa50 [ 61.610015][ T92] process_one_work+0x965/0x1690 [ 61.615114][ T92] worker_thread+0x96/0xe10 [ 61.619731][ T92] kthread+0x3b5/0x4a0 [ 61.623798][ T92] ret_from_fork+0x1f/0x30 [ 61.628205][ T92] [ 61.630530][ T92] The buggy address belongs to the object at ffff888097227000 [ 61.630530][ T92] which belongs to the cache kmalloc-1k of size 1024 [ 61.644754][ T92] The buggy address is located 484 bytes inside of [ 61.644754][ T92] 1024-byte region [ffff888097227000, ffff888097227400) [ 61.658216][ T92] The buggy address belongs to the page: [ 61.663852][ T92] page:ffffea00025c89c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 61.673039][ T92] flags: 0xfffe0000000200(slab) [ 61.677903][ T92] raw: 00fffe0000000200 ffffea00025c8c08 ffffea00025d7288 ffff8880aa000c40 [ 61.686667][ T92] raw: 0000000000000000 ffff888097227000 0000000100000002 0000000000000000 [ 61.695974][ T92] page dumped because: kasan: bad access detected [ 61.702811][ T92] [ 61.707834][ T92] Memory state around the buggy address: [ 61.713565][ T92] ffff888097227080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.721887][ T92] ffff888097227100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.730300][ T92] >ffff888097227180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.738393][ T92] ^ [ 61.745591][ T92] ffff888097227200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.753662][ T92] ffff888097227280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.761768][ T92] ================================================================== [ 61.770001][ T92] Disabling lock debugging due to kernel taint [ 61.776832][ T92] Kernel panic - not syncing: panic_on_warn set ... [ 61.783510][ T92] CPU: 0 PID: 92 Comm: kworker/u4:3 Tainted: G B 5.7.0-syzkaller #0 [ 61.793387][ T92] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.803438][ T92] Workqueue: netns cleanup_net [ 61.810113][ T92] Call Trace: [ 61.814362][ T92] dump_stack+0x18f/0x20d [ 61.818707][ T92] ? afs_wake_up_async_call+0x5f0/0x770 [ 61.824679][ T92] ? afs_put_call+0xa40/0xa40 [ 61.829532][ T92] panic+0x2e3/0x75c [ 61.833430][ T92] ? __warn_printk+0xf3/0xf3 [ 61.838104][ T92] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 61.844256][ T92] ? trace_hardirqs_on+0x55/0x220 [ 61.849272][ T92] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.854820][ T92] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.860368][ T92] ? afs_put_call+0xa40/0xa40 [ 61.865127][ T92] end_report+0x4d/0x53 [ 61.869365][ T92] kasan_report.cold+0xd/0x37 [ 61.874692][ T92] ? rcu_read_lock_held+0x81/0xb0 [ 61.881640][ T92] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.887283][ T92] afs_wake_up_async_call+0x6aa/0x770 [ 61.892735][ T92] ? afs_close_socket+0x320/0x320 [ 61.898172][ T92] ? afs_put_call+0xa40/0xa40 [ 61.902844][ T92] rxrpc_notify_socket+0x1db/0x5d0 [ 61.907962][ T92] ? afs_put_call+0xa40/0xa40 [ 61.913003][ T92] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 61.920304][ T92] rxrpc_call_completed+0xca/0xf0 [ 61.925527][ T92] rxrpc_discard_prealloc+0x781/0xab0 [ 61.931038][ T92] ? lock_sock_nested+0x94/0x110 [ 61.935984][ T92] rxrpc_listen+0x147/0x360 [ 61.940496][ T92] afs_close_socket+0x95/0x320 [ 61.945387][ T92] ? afs_purge_servers+0x16d/0x300 [ 61.951289][ T92] ? afs_rx_discard_new_call+0x50/0x50 [ 61.956979][ T92] ? init_wait_var_entry+0x200/0x200 [ 61.962370][ T92] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.968363][ T92] ? check_preemption_disabled+0x38/0x220 [ 61.974225][ T92] afs_net_exit+0x1bc/0x310 [ 61.978735][ T92] ? afs_net_init+0xe30/0xe30 executing program [ 61.983708][ T92] ops_exit_list.isra.0+0xa8/0x150 [ 61.988908][ T92] cleanup_net+0x511/0xa50 [ 61.993345][ T92] ? unregister_pernet_device+0x70/0x70 [ 61.998895][ T92] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.004881][ T92] process_one_work+0x965/0x1690 [ 62.011133][ T92] ? lock_release+0x800/0x800 [ 62.015849][ T92] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.021417][ T92] ? rwlock_bug.part.0+0x90/0x90 [ 62.026337][ T92] worker_thread+0x96/0xe10 [ 62.030945][ T92] ? process_one_work+0x1690/0x1690 [ 62.036146][ T92] kthread+0x3b5/0x4a0 [ 62.040226][ T92] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.045923][ T92] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.051620][ T92] ret_from_fork+0x1f/0x30 [ 62.057494][ T92] Kernel Offset: disabled [ 62.061814][ T92] Rebooting in 86400 seconds..