[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. [ 58.519970][ T21] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:1/21 [ 58.529056][ T21] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.535496][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc1-syzkaller #0 [ 58.543756][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.553839][ T21] Workqueue: writeback wb_workfn (flush-8:0) [ 58.559837][ T21] Call Trace: [ 58.563147][ T21] dump_stack+0x18f/0x20d [ 58.567505][ T21] check_preemption_disabled+0x20d/0x220 [ 58.573327][ T21] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.578454][ T21] ? ext4_find_extent+0x81a/0xad0 [ 58.583506][ T21] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.588978][ T21] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.594725][ T21] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.600137][ T21] ? ext4_ext_release+0x10/0x10 [ 58.605022][ T21] ? down_write_killable+0x170/0x170 [ 58.610320][ T21] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.615807][ T21] ext4_map_blocks+0x4cb/0x1640 [ 58.620679][ T21] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.625900][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.631461][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.637460][ T21] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 58.642941][ T21] ext4_writepages+0x1a7b/0x33c0 [ 58.648101][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.653926][ T21] ? __lock_acquire+0x2224/0x48b0 [ 58.658989][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.665026][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.671031][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.676678][ T21] ? do_writepages+0xfa/0x2a0 [ 58.681424][ T21] do_writepages+0xfa/0x2a0 [ 58.686758][ T21] ? page_writeback_cpu_online+0x10/0x10 [ 58.692418][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.697981][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.703976][ T21] ? lock_downgrade+0x840/0x840 [ 58.708856][ T21] __writeback_single_inode+0x12a/0x13d0 [ 58.714502][ T21] ? _raw_spin_unlock+0x24/0x40 [ 58.719365][ T21] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 58.725363][ T21] writeback_sb_inodes+0x515/0xdc0 [ 58.730979][ T21] ? __writeback_single_inode+0x13d0/0x13d0 [ 58.736912][ T21] __writeback_inodes_wb+0xc3/0x250 [ 58.742304][ T21] wb_writeback+0x8db/0xd50 [ 58.746834][ T21] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 58.753180][ T21] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 58.759099][ T21] ? cpumask_next+0x3c/0x40 [ 58.763631][ T21] ? get_nr_dirty_inodes+0xd6/0x130 [ 58.768854][ T21] wb_workfn+0xab3/0x1090 [ 58.773207][ T21] ? inode_wait_for_writeback+0x30/0x30 [ 58.778802][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.784361][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.790399][ T21] process_one_work+0x965/0x1690 [ 58.795354][ T21] ? lock_release+0x800/0x800 [ 58.800043][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 58.805525][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 58.810516][ T21] worker_thread+0x96/0xe10 [ 58.815041][ T21] ? process_one_work+0x1690/0x1690 [ 58.820275][ T21] kthread+0x3b5/0x4a0 [ 58.824466][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.830288][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.836135][ T21] ret_from_fork+0x1f/0x30 Starting Load/Save RF Kill Switch Status... [ 59.144007][ T6730] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6730 [ 59.153642][ T6730] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.160311][ T6730] CPU: 1 PID: 6730 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 59.168932][ T6730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.178986][ T6730] Call Trace: [ 59.182288][ T6730] dump_stack+0x18f/0x20d [ 59.186624][ T6730] check_preemption_disabled+0x20d/0x220 [ 59.192417][ T6730] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.197518][ T6730] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.202959][ T6730] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.208695][ T6730] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.213997][ T6730] ? ext4_ext_release+0x10/0x10 [ 59.218850][ T6730] ? down_write_killable+0x170/0x170 [ 59.224135][ T6730] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.229598][ T6730] ext4_map_blocks+0x4cb/0x1640 [ 59.234463][ T6730] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.239644][ T6730] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.245414][ T6730] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.251387][ T6730] ? prandom_u32_state+0xe/0x170 [ 59.256312][ T6730] ? __brelse+0x84/0xa0 [ 59.260578][ T6730] ? __ext4_new_inode+0x144/0x55e0 [ 59.265702][ T6730] ext4_getblk+0xad/0x520 [ 59.270073][ T6730] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.270099][ T6730] ? ext4_free_inode+0x1700/0x1700 [ 59.270119][ T6730] ext4_bread+0x7c/0x380 [ 59.270136][ T6730] ? ext4_getblk+0x520/0x520 [ 59.270153][ T6730] ? dquot_get_next_dqblk+0x180/0x180 [ 59.270179][ T6730] ext4_append+0x153/0x360 [ 59.270207][ T6730] ext4_mkdir+0x5e0/0xdf0 [ 59.270233][ T6730] ? ext4_rmdir+0xde0/0xde0 [ 59.270255][ T6730] ? security_inode_permission+0xc4/0xf0 [ 59.270280][ T6730] vfs_mkdir+0x419/0x690 [ 59.270301][ T6730] do_mkdirat+0x21e/0x280 [ 59.270321][ T6730] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.270341][ T6730] ? do_syscall_64+0x1c/0xe0 [ 59.270359][ T6730] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.270380][ T6730] do_syscall_64+0x60/0xe0 [ 59.270401][ T6730] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.270414][ T6730] RIP: 0033:0x7f7b8a1cb687 [ 59.270420][ T6730] Code: Bad RIP value. [ 59.270429][ T6730] RSP: 002b:00007fff3ed0f068 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.270445][ T6730] RAX: ffffffffffffffda RBX: 000055f9de2d5985 RCX: 00007f7b8a1cb687 [ 59.270455][ T6730] RDX: 00007fff3ed0ef30 RSI: 00000000000001ed RDI: 000055f9de2d5985 [ 59.270464][ T6730] RBP: 00007f7b8a1cb680 R08: 0000000000000100 R09: 0000000000000000 [ 59.270473][ T6730] R10: 000055f9de2d5980 R11: 0000000000000246 R12: 00000000000001ed [ 59.270483][ T6730] R13: 00007fff3ed0f1f0 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.60' (ECDSA) to the list of known hosts. 2020/06/16 03:39:56 fuzzer started 2020/06/16 03:39:56 connecting to host at 10.128.0.26:36343 2020/06/16 03:39:56 checking machine... 2020/06/16 03:39:56 checking revisions... 2020/06/16 03:39:56 testing simple program... syzkaller login: [ 64.074359][ T6802] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6802 [ 64.083762][ T6802] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.089807][ T6802] CPU: 1 PID: 6802 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 64.098166][ T6802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.108211][ T6802] Call Trace: [ 64.111516][ T6802] dump_stack+0x18f/0x20d [ 64.115847][ T6802] check_preemption_disabled+0x20d/0x220 [ 64.121479][ T6802] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.126605][ T6802] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.132069][ T6802] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.138062][ T6802] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.143357][ T6802] ? ext4_ext_release+0x10/0x10 [ 64.148340][ T6802] ? down_write_killable+0x170/0x170 [ 64.153652][ T6802] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.159115][ T6802] ext4_map_blocks+0x4cb/0x1640 [ 64.163959][ T6802] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.169230][ T6802] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.174805][ T6802] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.180802][ T6802] ? prandom_u32_state+0xe/0x170 [ 64.185743][ T6802] ? __brelse+0x84/0xa0 [ 64.189901][ T6802] ? __ext4_new_inode+0x144/0x55e0 [ 64.195596][ T6802] ext4_getblk+0xad/0x520 [ 64.199939][ T6802] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.205648][ T6802] ? ext4_free_inode+0x1700/0x1700 [ 64.210789][ T6802] ext4_bread+0x7c/0x380 [ 64.215198][ T6802] ? ext4_getblk+0x520/0x520 [ 64.219790][ T6802] ? dquot_get_next_dqblk+0x180/0x180 [ 64.225850][ T6802] ext4_append+0x153/0x360 [ 64.230255][ T6802] ext4_mkdir+0x5e0/0xdf0 [ 64.234596][ T6802] ? ext4_rmdir+0xde0/0xde0 [ 64.239096][ T6802] ? security_inode_permission+0xc4/0xf0 [ 64.244739][ T6802] vfs_mkdir+0x419/0x690 [ 64.249106][ T6802] do_mkdirat+0x21e/0x280 [ 64.253530][ T6802] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.258886][ T6802] ? do_syscall_64+0x1c/0xe0 [ 64.263461][ T6802] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.269425][ T6802] do_syscall_64+0x60/0xe0 [ 64.273827][ T6802] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.279700][ T6802] RIP: 0033:0x4b02a0 [ 64.283694][ T6802] Code: Bad RIP value. [ 64.287740][ T6802] RSP: 002b:000000c0000e14b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 64.296145][ T6802] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 64.304199][ T6802] RDX: 00000000000001c0 RSI: 000000c00009a940 RDI: ffffffffffffff9c [ 64.312170][ T6802] RBP: 000000c0000e1510 R08: 0000000000000000 R09: 0000000000000000 [ 64.320133][ T6802] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 64.328182][ T6802] R13: 000000000000004b R14: 000000000000004a R15: 0000000000000100 [ 64.351563][ T6821] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6821 [ 64.361086][ T6821] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.369357][ T6821] CPU: 1 PID: 6821 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.377947][ T6821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.388007][ T6821] Call Trace: [ 64.391309][ T6821] dump_stack+0x18f/0x20d [ 64.395767][ T6821] check_preemption_disabled+0x20d/0x220 [ 64.401768][ T6821] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.407430][ T6821] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.412913][ T6821] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.418828][ T6821] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.424395][ T6821] ? ext4_ext_release+0x10/0x10 [ 64.429274][ T6821] ? down_write_killable+0x170/0x170 [ 64.434572][ T6821] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.440044][ T6821] ext4_map_blocks+0x4cb/0x1640 [ 64.444905][ T6821] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.450104][ T6821] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.455649][ T6821] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.461625][ T6821] ? prandom_u32_state+0xe/0x170 [ 64.466660][ T6821] ? __brelse+0x84/0xa0 [ 64.470804][ T6821] ? __ext4_new_inode+0x144/0x55e0 [ 64.475944][ T6821] ext4_getblk+0xad/0x520 [ 64.480397][ T6821] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.486126][ T6821] ? ext4_free_inode+0x1700/0x1700 [ 64.491257][ T6821] ext4_bread+0x7c/0x380 [ 64.495511][ T6821] ? ext4_getblk+0x520/0x520 [ 64.500103][ T6821] ? dquot_get_next_dqblk+0x180/0x180 [ 64.505478][ T6821] ext4_append+0x153/0x360 [ 64.509898][ T6821] ext4_mkdir+0x5e0/0xdf0 [ 64.514234][ T6821] ? ext4_rmdir+0xde0/0xde0 [ 64.518746][ T6821] ? security_inode_permission+0xc4/0xf0 [ 64.524831][ T6821] vfs_mkdir+0x419/0x690 [ 64.529272][ T6821] do_mkdirat+0x21e/0x280 [ 64.533610][ T6821] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.538445][ T6821] ? do_syscall_64+0x1c/0xe0 [ 64.543128][ T6821] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.549089][ T6821] do_syscall_64+0x60/0xe0 [ 64.553612][ T6821] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.559497][ T6821] RIP: 0033:0x45bed7 [ 64.563370][ T6821] Code: Bad RIP value. [ 64.567433][ T6821] RSP: 002b:00007ffdf0cf7358 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 64.576397][ T6821] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 64.584355][ T6821] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007ffdf0cf7530 [ 64.592329][ T6821] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002e40 [ 64.600282][ T6821] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 64.608535][ T6821] R13: 00007ffdf0cf7530 R14: 8421084210842109 R15: 00007ffdf0cf753c [ 64.697390][ T6822] IPVS: ftp: loaded support on port[0] = 21 [ 64.733503][ T6822] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6822 [ 64.743285][ T6822] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.749234][ T6822] CPU: 0 PID: 6822 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.757835][ T6822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.767871][ T6822] Call Trace: [ 64.771162][ T6822] dump_stack+0x18f/0x20d [ 64.775481][ T6822] check_preemption_disabled+0x20d/0x220 [ 64.781115][ T6822] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.786214][ T6822] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.791669][ T6822] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.797384][ T6822] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.803535][ T6822] ? ext4_ext_release+0x10/0x10 [ 64.808407][ T6822] ? down_write_killable+0x170/0x170 [ 64.813672][ T6822] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.819118][ T6822] ext4_map_blocks+0x4cb/0x1640 [ 64.823973][ T6822] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.829171][ T6822] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.834790][ T6822] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.840783][ T6822] ? prandom_u32_state+0xe/0x170 [ 64.845704][ T6822] ? __brelse+0x84/0xa0 [ 64.849839][ T6822] ? __ext4_new_inode+0x144/0x55e0 [ 64.855970][ T6822] ext4_getblk+0xad/0x520 [ 64.860295][ T6822] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.866168][ T6822] ? ext4_free_inode+0x1700/0x1700 [ 64.871448][ T6822] ext4_bread+0x7c/0x380 [ 64.875671][ T6822] ? ext4_getblk+0x520/0x520 [ 64.880252][ T6822] ? dquot_get_next_dqblk+0x180/0x180 [ 64.885711][ T6822] ext4_append+0x153/0x360 [ 64.890139][ T6822] ext4_mkdir+0x5e0/0xdf0 [ 64.894467][ T6822] ? ext4_rmdir+0xde0/0xde0 [ 64.899012][ T6822] ? security_inode_permission+0xc4/0xf0 [ 64.905083][ T6822] vfs_mkdir+0x419/0x690 [ 64.909316][ T6822] do_mkdirat+0x21e/0x280 [ 64.913828][ T6822] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.918671][ T6822] ? do_syscall_64+0x1c/0xe0 [ 64.923245][ T6822] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.929225][ T6822] do_syscall_64+0x60/0xe0 [ 64.933634][ T6822] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.939533][ T6822] RIP: 0033:0x45bed7 [ 64.943400][ T6822] Code: Bad RIP value. [ 64.947446][ T6822] RSP: 002b:00007ffdf0cf7248 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 64.955847][ T6822] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 64.963802][ T6822] RDX: 00007ffdf0cf7293 RSI: 00000000000001ff RDI: 00007ffdf0cf7290 [ 64.971765][ T6822] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 64.979730][ T6822] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0 [ 64.987703][ T6822] R13: 00007ffdf0cf7280 R14: 0000000000000000 R15: 00007ffdf0cf7290 [ 65.041443][ T6822] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6822 [ 65.051295][ T6822] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.057283][ T6822] CPU: 0 PID: 6822 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.065906][ T6822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.075968][ T6822] Call Trace: [ 65.079277][ T6822] dump_stack+0x18f/0x20d [ 65.083634][ T6822] check_preemption_disabled+0x20d/0x220 [ 65.089378][ T6822] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.094801][ T6822] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.100275][ T6822] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.106292][ T6822] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.111591][ T6822] ? ext4_ext_release+0x10/0x10 [ 65.116663][ T6822] ? down_write_killable+0x170/0x170 [ 65.121962][ T6822] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.127441][ T6822] ext4_map_blocks+0x4cb/0x1640 [ 65.132312][ T6822] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.137531][ T6822] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.143094][ T6822] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.149182][ T6822] ? prandom_u32_state+0xe/0x170 [ 65.154202][ T6822] ? __brelse+0x84/0xa0 [ 65.158352][ T6822] ? __ext4_new_inode+0x144/0x55e0 [ 65.163631][ T6822] ext4_getblk+0xad/0x520 [ 65.167958][ T6822] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.173660][ T6822] ? ext4_free_inode+0x1700/0x1700 [ 65.178757][ T6822] ext4_bread+0x7c/0x380 [ 65.182992][ T6822] ? ext4_getblk+0x520/0x520 [ 65.187590][ T6822] ? dquot_get_next_dqblk+0x180/0x180 [ 65.193030][ T6822] ext4_append+0x153/0x360 [ 65.197733][ T6822] ext4_mkdir+0x5e0/0xdf0 [ 65.202065][ T6822] ? ext4_rmdir+0xde0/0xde0 [ 65.206563][ T6822] ? security_inode_permission+0xc4/0xf0 [ 65.212185][ T6822] vfs_mkdir+0x419/0x690 [ 65.216415][ T6822] do_mkdirat+0x21e/0x280 [ 65.220797][ T6822] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.225637][ T6822] ? do_syscall_64+0x1c/0xe0 [ 65.230230][ T6822] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.236382][ T6822] do_syscall_64+0x60/0xe0 [ 65.241853][ T6822] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.247916][ T6822] RIP: 0033:0x45bed7 [ 65.251785][ T6822] Code: Bad RIP value. [ 65.255916][ T6822] RSP: 002b:00007ffdf0cf7248 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 65.264496][ T6822] RAX: ffffffffffffffda RBX: 000000000000fdfe RCX: 000000000045bed7 [ 65.272549][ T6822] RDX: 00007ffdf0cf7293 RSI: 00000000000001ff RDI: 00007ffdf0cf7290 [ 65.280530][ T6822] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/16 03:39:58 building call list... [ 65.288518][ T6822] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 65.296477][ T6822] R13: 00007ffdf0cf7280 R14: 000000000000fdf7 R15: 00007ffdf0cf7290 [ 65.536836][ T388] tipc: TX() has been purged, node left! [ 66.049144][ T388] ================================================================== [ 66.057398][ T388] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 66.065286][ T388] Write of size 1 at addr ffff88809fcec1e4 by task kworker/u4:7/388 [ 66.073259][ T388] [ 66.075589][ T388] CPU: 0 PID: 388 Comm: kworker/u4:7 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.083902][ T388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.094080][ T388] Workqueue: netns cleanup_net [ 66.098877][ T388] Call Trace: [ 66.102189][ T388] dump_stack+0x18f/0x20d [ 66.106548][ T388] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.112536][ T388] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.118077][ T388] ? afs_put_call+0xa40/0xa40 [ 66.122759][ T388] print_address_description.constprop.0.cold+0xd3/0x413 [ 66.129879][ T388] ? vprintk_func+0x97/0x1a6 [ 66.134480][ T388] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.140024][ T388] kasan_report.cold+0x1f/0x37 [ 66.144816][ T388] ? rcu_read_lock_held_common+0x51/0xa0 [ 66.150576][ T388] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.156134][ T388] afs_wake_up_async_call+0x6aa/0x770 [ 66.161575][ T388] ? afs_close_socket+0x320/0x320 [ 66.166604][ T388] ? afs_put_call+0xa40/0xa40 [ 66.171283][ T388] rxrpc_notify_socket+0x1db/0x5d0 [ 66.176406][ T388] ? afs_put_call+0xa40/0xa40 [ 66.181517][ T388] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 66.187937][ T388] rxrpc_call_completed+0xca/0xf0 [ 66.193315][ T388] rxrpc_discard_prealloc+0x781/0xab0 [ 66.198693][ T388] ? lock_sock_nested+0x94/0x110 [ 66.203637][ T388] rxrpc_listen+0x147/0x360 [ 66.208145][ T388] afs_close_socket+0x95/0x320 [ 66.212920][ T388] ? afs_purge_servers+0x16d/0x300 [ 66.218048][ T388] ? afs_rx_discard_new_call+0x50/0x50 [ 66.223613][ T388] ? init_wait_var_entry+0x200/0x200 [ 66.228907][ T388] ? rcu_read_lock_held_common+0xa0/0xa0 [ 66.234539][ T388] ? check_preemption_disabled+0x38/0x220 [ 66.240274][ T388] afs_net_exit+0x1bc/0x310 [ 66.244786][ T388] ? afs_net_init+0xe30/0xe30 [ 66.249474][ T388] ops_exit_list.isra.0+0xa8/0x150 [ 66.254599][ T388] cleanup_net+0x511/0xa50 [ 66.259040][ T388] ? unregister_pernet_device+0x70/0x70 [ 66.264593][ T388] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.270602][ T388] process_one_work+0x965/0x1690 [ 66.275583][ T388] ? lock_release+0x800/0x800 [ 66.280264][ T388] ? pwq_dec_nr_in_flight+0x310/0x310 [ 66.285643][ T388] ? rwlock_bug.part.0+0x90/0x90 [ 66.290598][ T388] worker_thread+0x96/0xe10 [ 66.295116][ T388] ? process_one_work+0x1690/0x1690 [ 66.300315][ T388] kthread+0x3b5/0x4a0 [ 66.304405][ T388] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.310126][ T388] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.315851][ T388] ret_from_fork+0x1f/0x30 [ 66.320283][ T388] [ 66.322637][ T388] Allocated by task 6822: [ 66.326978][ T388] save_stack+0x1b/0x40 [ 66.331132][ T388] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 66.336764][ T388] kmem_cache_alloc_trace+0x153/0x7d0 [ 66.342130][ T388] afs_alloc_call+0x55/0x630 [ 66.346912][ T388] afs_charge_preallocation+0xe9/0x2d0 [ 66.352362][ T388] afs_open_socket+0x292/0x360 [ 66.357118][ T388] afs_net_init+0xa6c/0xe30 [ 66.361717][ T388] ops_init+0xaf/0x420 [ 66.365778][ T388] setup_net+0x2de/0x860 [ 66.370012][ T388] copy_net_ns+0x293/0x590 [ 66.374437][ T388] create_new_namespaces+0x3fb/0xb30 [ 66.379734][ T388] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 66.385454][ T388] ksys_unshare+0x43d/0x8e0 [ 66.389960][ T388] __x64_sys_unshare+0x2d/0x40 [ 66.394730][ T388] do_syscall_64+0x60/0xe0 [ 66.399163][ T388] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.405067][ T388] [ 66.407407][ T388] Freed by task 388: [ 66.411309][ T388] save_stack+0x1b/0x40 [ 66.415821][ T388] __kasan_slab_free+0xf7/0x140 [ 66.420670][ T388] kfree+0x109/0x2b0 [ 66.424560][ T388] afs_put_call+0x585/0xa40 [ 66.429065][ T388] rxrpc_discard_prealloc+0x764/0xab0 [ 66.434441][ T388] rxrpc_listen+0x147/0x360 [ 66.438944][ T388] afs_close_socket+0x95/0x320 [ 66.443701][ T388] afs_net_exit+0x1bc/0x310 [ 66.448202][ T388] ops_exit_list.isra.0+0xa8/0x150 [ 66.453317][ T388] cleanup_net+0x511/0xa50 [ 66.457728][ T388] process_one_work+0x965/0x1690 [ 66.462731][ T388] worker_thread+0x96/0xe10 [ 66.467230][ T388] kthread+0x3b5/0x4a0 [ 66.471294][ T388] ret_from_fork+0x1f/0x30 [ 66.475693][ T388] [ 66.478020][ T388] The buggy address belongs to the object at ffff88809fcec000 [ 66.478020][ T388] which belongs to the cache kmalloc-1k of size 1024 [ 66.492069][ T388] The buggy address is located 484 bytes inside of [ 66.492069][ T388] 1024-byte region [ffff88809fcec000, ffff88809fcec400) [ 66.505499][ T388] The buggy address belongs to the page: [ 66.511130][ T388] page:ffffea00027f3b00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 66.520250][ T388] flags: 0xfffe0000000200(slab) [ 66.525190][ T388] raw: 00fffe0000000200 ffffea00024f3d88 ffffea00024d9c08 ffff8880aa000c40 [ 66.533960][ T388] raw: 0000000000000000 ffff88809fcec000 0000000100000002 0000000000000000 [ 66.542717][ T388] page dumped because: kasan: bad access detected [ 66.549126][ T388] [ 66.551446][ T388] Memory state around the buggy address: [ 66.557091][ T388] ffff88809fcec080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.565150][ T388] ffff88809fcec100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.573230][ T388] >ffff88809fcec180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.581283][ T388] ^ [ 66.588478][ T388] ffff88809fcec200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.596548][ T388] ffff88809fcec280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.604611][ T388] ================================================================== [ 66.612667][ T388] Disabling lock debugging due to kernel taint [ 66.618867][ T388] Kernel panic - not syncing: panic_on_warn set ... [ 66.625448][ T388] CPU: 0 PID: 388 Comm: kworker/u4:7 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 66.635143][ T388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.645802][ T388] Workqueue: netns cleanup_net [ 66.650553][ T388] Call Trace: [ 66.653847][ T388] dump_stack+0x18f/0x20d [ 66.658180][ T388] ? afs_wake_up_async_call+0x670/0x770 [ 66.663729][ T388] ? afs_put_call+0xa40/0xa40 [ 66.668427][ T388] panic+0x2e3/0x75c [ 66.672328][ T388] ? __warn_printk+0xf3/0xf3 [ 66.676951][ T388] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 66.683215][ T388] ? trace_hardirqs_on+0x55/0x220 [ 66.688239][ T388] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.693782][ T388] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.699332][ T388] ? afs_put_call+0xa40/0xa40 [ 66.704438][ T388] end_report+0x4d/0x53 [ 66.709318][ T388] kasan_report.cold+0xd/0x37 [ 66.714018][ T388] ? rcu_read_lock_held_common+0x51/0xa0 [ 66.719647][ T388] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.725301][ T388] afs_wake_up_async_call+0x6aa/0x770 [ 66.730666][ T388] ? afs_close_socket+0x320/0x320 [ 66.735777][ T388] ? afs_put_call+0xa40/0xa40 [ 66.740444][ T388] rxrpc_notify_socket+0x1db/0x5d0 [ 66.745555][ T388] ? afs_put_call+0xa40/0xa40 [ 66.750250][ T388] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 66.756659][ T388] rxrpc_call_completed+0xca/0xf0 [ 66.761688][ T388] rxrpc_discard_prealloc+0x781/0xab0 [ 66.767064][ T388] ? lock_sock_nested+0x94/0x110 [ 66.772015][ T388] rxrpc_listen+0x147/0x360 [ 66.776511][ T388] afs_close_socket+0x95/0x320 [ 66.781264][ T388] ? afs_purge_servers+0x16d/0x300 [ 66.786374][ T388] ? afs_rx_discard_new_call+0x50/0x50 [ 66.791831][ T388] ? init_wait_var_entry+0x200/0x200 [ 66.797116][ T388] ? rcu_read_lock_held_common+0xa0/0xa0 [ 66.802742][ T388] ? check_preemption_disabled+0x38/0x220 [ 66.808451][ T388] afs_net_exit+0x1bc/0x310 [ 66.812946][ T388] ? afs_net_init+0xe30/0xe30 [ 66.817614][ T388] ops_exit_list.isra.0+0xa8/0x150 [ 66.822715][ T388] cleanup_net+0x511/0xa50 [ 66.827123][ T388] ? unregister_pernet_device+0x70/0x70 [ 66.832758][ T388] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.838730][ T388] process_one_work+0x965/0x1690 [ 66.843664][ T388] ? lock_release+0x800/0x800 [ 66.848334][ T388] ? pwq_dec_nr_in_flight+0x310/0x310 [ 66.853698][ T388] ? rwlock_bug.part.0+0x90/0x90 [ 66.858635][ T388] worker_thread+0x96/0xe10 [ 66.863135][ T388] ? process_one_work+0x1690/0x1690 [ 66.868325][ T388] kthread+0x3b5/0x4a0 [ 66.872386][ T388] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.878267][ T388] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.884077][ T388] ret_from_fork+0x1f/0x30 [ 66.890294][ T388] Kernel Offset: disabled [ 66.894612][ T388] Rebooting in 86400 seconds..