[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. [ 56.822529][ T21] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:1/21 [ 56.831590][ T21] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.838212][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc1-syzkaller #0 [ 56.846456][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.856527][ T21] Workqueue: writeback wb_workfn (flush-8:0) [ 56.862509][ T21] Call Trace: [ 56.865814][ T21] dump_stack+0x18f/0x20d [ 56.870160][ T21] check_preemption_disabled+0x20d/0x220 [ 56.875806][ T21] ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.880932][ T21] ? ext4_find_extent+0x81a/0xad0 [ 56.885976][ T21] ? ext4_ext_search_right+0x2ca/0xb20 [ 56.891441][ T21] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 56.898316][ T21] ext4_ext_map_blocks+0x201b/0x33e0 [ 56.903628][ T21] ? ext4_ext_release+0x10/0x10 [ 56.909218][ T21] ? down_write_killable+0x170/0x170 [ 56.914512][ T21] ? ext4_es_lookup_extent+0x41d/0xd10 [ 56.919993][ T21] ext4_map_blocks+0x4cb/0x1640 [ 56.924862][ T21] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 56.930087][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.935644][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.941638][ T21] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 56.947113][ T21] ext4_writepages+0x1a7b/0x33c0 [ 56.952087][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.957728][ T21] ? __lock_acquire+0x2224/0x48b0 [ 56.962778][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.968775][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.974769][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.980496][ T21] ? do_writepages+0xfa/0x2a0 [ 56.985180][ T21] do_writepages+0xfa/0x2a0 [ 56.989712][ T21] ? page_writeback_cpu_online+0x10/0x10 [ 56.995368][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.000924][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.006920][ T21] ? lock_downgrade+0x840/0x840 [ 57.013699][ T21] __writeback_single_inode+0x12a/0x13d0 [ 57.019592][ T21] ? _raw_spin_unlock+0x24/0x40 [ 57.019619][ T21] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 57.019639][ T21] writeback_sb_inodes+0x515/0xdc0 [ 57.019672][ T21] ? __writeback_single_inode+0x13d0/0x13d0 [ 57.019712][ T21] __writeback_inodes_wb+0xc3/0x250 [ 57.019737][ T21] wb_writeback+0x8db/0xd50 [ 57.019765][ T21] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 57.019786][ T21] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 57.019808][ T21] ? cpumask_next+0x3c/0x40 [ 57.019826][ T21] ? get_nr_dirty_inodes+0xd6/0x130 [ 57.019850][ T21] wb_workfn+0xab3/0x1090 [ 57.019876][ T21] ? inode_wait_for_writeback+0x30/0x30 [ 57.019901][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.019920][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.019954][ T21] process_one_work+0x965/0x1690 [ 57.019981][ T21] ? lock_release+0x800/0x800 [ 57.019999][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.020020][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 57.020048][ T21] worker_thread+0x96/0xe10 [ 57.020078][ T21] ? process_one_work+0x1690/0x1690 [ 57.020097][ T21] kthread+0x3b5/0x4a0 [ 57.020113][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.020128][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.020149][ T21] ret_from_fork+0x1f/0x30 [ 57.760228][ T6774] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6774 [ 57.769851][ T6774] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.775809][ T6774] CPU: 0 PID: 6774 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 57.784407][ T6774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.794451][ T6774] Call Trace: [ 57.797740][ T6774] dump_stack+0x18f/0x20d [ 57.802068][ T6774] check_preemption_disabled+0x20d/0x220 [ 57.807678][ T6774] ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.812778][ T6774] ? ext4_ext_search_right+0x2ca/0xb20 [ 57.818241][ T6774] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 57.823942][ T6774] ext4_ext_map_blocks+0x201b/0x33e0 [ 57.829217][ T6774] ? ext4_ext_release+0x10/0x10 [ 57.834061][ T6774] ? down_write_killable+0x170/0x170 [ 57.839414][ T6774] ? ext4_es_lookup_extent+0x41d/0xd10 [ 57.844873][ T6774] ext4_map_blocks+0x4cb/0x1640 [ 57.849713][ T6774] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 57.854901][ T6774] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.860423][ T6774] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.866382][ T6774] ? prandom_u32_state+0xe/0x170 [ 57.871297][ T6774] ? __brelse+0x84/0xa0 [ 57.875430][ T6774] ? __ext4_new_inode+0x144/0x55e0 [ 57.880531][ T6774] ext4_getblk+0xad/0x520 [ 57.884840][ T6774] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 57.890547][ T6774] ? ext4_free_inode+0x1700/0x1700 [ 57.895653][ T6774] ext4_bread+0x7c/0x380 [ 57.899891][ T6774] ? ext4_getblk+0x520/0x520 [ 57.904470][ T6774] ? dquot_get_next_dqblk+0x180/0x180 [ 57.910021][ T6774] ext4_append+0x153/0x360 [ 57.914422][ T6774] ext4_mkdir+0x5e0/0xdf0 [ 57.918734][ T6774] ? ext4_rmdir+0xde0/0xde0 [ 57.923229][ T6774] ? security_inode_permission+0xc4/0xf0 [ 57.928848][ T6774] vfs_mkdir+0x419/0x690 [ 57.933071][ T6774] do_mkdirat+0x21e/0x280 [ 57.937424][ T6774] ? __ia32_sys_mknod+0xb0/0xb0 [ 57.942278][ T6774] ? do_syscall_64+0x1c/0xe0 [ 57.946855][ T6774] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 57.952825][ T6774] do_syscall_64+0x60/0xe0 [ 57.957238][ T6774] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.963110][ T6774] RIP: 0033:0x7f4e2c62d687 [ 57.967510][ T6774] Code: Bad RIP value. [ 57.971559][ T6774] RSP: 002b:00007ffcf5d1a8f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 57.979954][ T6774] RAX: ffffffffffffffda RBX: 000056004fbb6985 RCX: 00007f4e2c62d687 [ 57.987918][ T6774] RDX: 00007ffcf5d1a7c0 RSI: 00000000000001ed RDI: 000056004fbb6985 [ 57.995868][ T6774] RBP: 00007f4e2c62d680 R08: 0000000000000100 R09: 0000000000000000 [ 58.003817][ T6774] R10: 000056004fbb6980 R11: 0000000000000246 R12: 00000000000001ed [ 58.011770][ T6774] R13: 00007ffcf5d1aa80 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.8' (ECDSA) to the list of known hosts. 2020/06/15 22:48:03 fuzzer started 2020/06/15 22:48:03 connecting to host at 10.128.0.26:43875 2020/06/15 22:48:03 checking machine... 2020/06/15 22:48:03 checking revisions... 2020/06/15 22:48:03 testing simple program... syzkaller login: [ 62.491120][ T6785] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6785 [ 62.500539][ T6785] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.506740][ T6785] CPU: 1 PID: 6785 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 62.515116][ T6785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.525314][ T6785] Call Trace: [ 62.528599][ T6785] dump_stack+0x18f/0x20d [ 62.533040][ T6785] check_preemption_disabled+0x20d/0x220 [ 62.538670][ T6785] ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.543782][ T6785] ? ext4_ext_search_right+0x2ca/0xb20 [ 62.549235][ T6785] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 62.555081][ T6785] ext4_ext_map_blocks+0x201b/0x33e0 [ 62.560404][ T6785] ? ext4_ext_release+0x10/0x10 [ 62.565270][ T6785] ? down_write_killable+0x170/0x170 [ 62.570779][ T6785] ? ext4_es_lookup_extent+0x41d/0xd10 [ 62.576356][ T6785] ext4_map_blocks+0x4cb/0x1640 [ 62.581276][ T6785] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 62.586621][ T6785] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.592223][ T6785] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.598359][ T6785] ? prandom_u32_state+0xe/0x170 [ 62.603293][ T6785] ? __brelse+0x84/0xa0 [ 62.607473][ T6785] ? __ext4_new_inode+0x144/0x55e0 [ 62.612576][ T6785] ext4_getblk+0xad/0x520 [ 62.616960][ T6785] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 62.622837][ T6785] ? ext4_free_inode+0x1700/0x1700 [ 62.627950][ T6785] ext4_bread+0x7c/0x380 [ 62.632458][ T6785] ? ext4_getblk+0x520/0x520 [ 62.637129][ T6785] ? dquot_get_next_dqblk+0x180/0x180 [ 62.642619][ T6785] ext4_append+0x153/0x360 [ 62.647495][ T6785] ext4_mkdir+0x5e0/0xdf0 [ 62.652078][ T6785] ? ext4_rmdir+0xde0/0xde0 [ 62.657026][ T6785] ? security_inode_permission+0xc4/0xf0 [ 62.663605][ T6785] vfs_mkdir+0x419/0x690 [ 62.667895][ T6785] do_mkdirat+0x21e/0x280 [ 62.672373][ T6785] ? __ia32_sys_mknod+0xb0/0xb0 [ 62.677392][ T6785] ? do_syscall_64+0x1c/0xe0 [ 62.682112][ T6785] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.689865][ T6785] do_syscall_64+0x60/0xe0 [ 62.694376][ T6785] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.700707][ T6785] RIP: 0033:0x4b02a0 [ 62.704676][ T6785] Code: Bad RIP value. [ 62.708908][ T6785] RSP: 002b:000000c0000e94b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 62.717700][ T6785] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 62.726334][ T6785] RDX: 00000000000001c0 RSI: 000000c00009cd40 RDI: ffffffffffffff9c [ 62.734812][ T6785] RBP: 000000c0000e9510 R08: 0000000000000000 R09: 0000000000000000 [ 62.742951][ T6785] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 62.750916][ T6785] R13: 000000000000006b R14: 000000000000006a R15: 0000000000000100 [ 62.780941][ T6799] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6799 [ 62.791195][ T6799] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.797331][ T6799] CPU: 1 PID: 6799 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 62.806178][ T6799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.816907][ T6799] Call Trace: [ 62.820305][ T6799] dump_stack+0x18f/0x20d [ 62.825773][ T6799] check_preemption_disabled+0x20d/0x220 [ 62.833522][ T6799] ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.838871][ T6799] ? ext4_ext_search_right+0x2ca/0xb20 [ 62.844510][ T6799] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 62.850431][ T6799] ext4_ext_map_blocks+0x201b/0x33e0 [ 62.855939][ T6799] ? ext4_ext_release+0x10/0x10 [ 62.860837][ T6799] ? down_write_killable+0x170/0x170 [ 62.866117][ T6799] ? ext4_es_lookup_extent+0x41d/0xd10 [ 62.871847][ T6799] ext4_map_blocks+0x4cb/0x1640 [ 62.879162][ T6799] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 62.884365][ T6799] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.890267][ T6799] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.896753][ T6799] ? prandom_u32_state+0xe/0x170 [ 62.902313][ T6799] ? __brelse+0x84/0xa0 [ 62.906660][ T6799] ? __ext4_new_inode+0x144/0x55e0 [ 62.911955][ T6799] ext4_getblk+0xad/0x520 [ 62.917586][ T6799] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 62.923973][ T6799] ? ext4_free_inode+0x1700/0x1700 [ 62.929634][ T6799] ext4_bread+0x7c/0x380 [ 62.934330][ T6799] ? ext4_getblk+0x520/0x520 [ 62.939535][ T6799] ? dquot_get_next_dqblk+0x180/0x180 [ 62.944909][ T6799] ext4_append+0x153/0x360 [ 62.949499][ T6799] ext4_mkdir+0x5e0/0xdf0 [ 62.953950][ T6799] ? ext4_rmdir+0xde0/0xde0 [ 62.958506][ T6799] ? security_inode_permission+0xc4/0xf0 [ 62.964137][ T6799] vfs_mkdir+0x419/0x690 [ 62.968374][ T6799] do_mkdirat+0x21e/0x280 [ 62.972730][ T6799] ? __ia32_sys_mknod+0xb0/0xb0 [ 62.977577][ T6799] ? do_syscall_64+0x1c/0xe0 [ 62.982345][ T6799] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.988586][ T6799] do_syscall_64+0x60/0xe0 [ 62.993329][ T6799] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.999587][ T6799] RIP: 0033:0x45bed7 [ 63.004009][ T6799] Code: Bad RIP value. [ 63.008206][ T6799] RSP: 002b:00007ffc817db448 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 63.017178][ T6799] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 63.025420][ T6799] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007ffc817db620 [ 63.033671][ T6799] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002e40 [ 63.041792][ T6799] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 63.050002][ T6799] R13: 00007ffc817db620 R14: 8421084210842109 R15: 00007ffc817db62c [ 63.188074][ T6801] IPVS: ftp: loaded support on port[0] = 21 [ 63.227095][ T6801] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6801 [ 63.237504][ T6801] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.243960][ T6801] CPU: 0 PID: 6801 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 63.253205][ T6801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.263704][ T6801] Call Trace: [ 63.267257][ T6801] dump_stack+0x18f/0x20d [ 63.271983][ T6801] check_preemption_disabled+0x20d/0x220 [ 63.277936][ T6801] ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.283379][ T6801] ? ext4_ext_search_right+0x2ca/0xb20 [ 63.289832][ T6801] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 63.295965][ T6801] ext4_ext_map_blocks+0x201b/0x33e0 [ 63.301537][ T6801] ? ext4_ext_release+0x10/0x10 [ 63.306400][ T6801] ? down_write_killable+0x170/0x170 [ 63.311753][ T6801] ? ext4_es_lookup_extent+0x41d/0xd10 [ 63.317428][ T6801] ext4_map_blocks+0x4cb/0x1640 [ 63.322283][ T6801] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 63.327484][ T6801] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.333075][ T6801] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.339185][ T6801] ? prandom_u32_state+0xe/0x170 [ 63.344176][ T6801] ? __brelse+0x84/0xa0 [ 63.348372][ T6801] ? __ext4_new_inode+0x144/0x55e0 [ 63.353483][ T6801] ext4_getblk+0xad/0x520 [ 63.357917][ T6801] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 63.363632][ T6801] ? ext4_free_inode+0x1700/0x1700 [ 63.368882][ T6801] ext4_bread+0x7c/0x380 [ 63.373267][ T6801] ? ext4_getblk+0x520/0x520 [ 63.377872][ T6801] ? dquot_get_next_dqblk+0x180/0x180 [ 63.383242][ T6801] ext4_append+0x153/0x360 [ 63.387655][ T6801] ext4_mkdir+0x5e0/0xdf0 [ 63.393022][ T6801] ? ext4_rmdir+0xde0/0xde0 [ 63.397519][ T6801] ? security_inode_permission+0xc4/0xf0 [ 63.403246][ T6801] vfs_mkdir+0x419/0x690 [ 63.407482][ T6801] do_mkdirat+0x21e/0x280 [ 63.411809][ T6801] ? __ia32_sys_mknod+0xb0/0xb0 [ 63.416671][ T6801] ? do_syscall_64+0x1c/0xe0 [ 63.421342][ T6801] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.427319][ T6801] do_syscall_64+0x60/0xe0 [ 63.431787][ T6801] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.437693][ T6801] RIP: 0033:0x45bed7 [ 63.441917][ T6801] Code: Bad RIP value. [ 63.446006][ T6801] RSP: 002b:00007ffc817db338 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 63.454613][ T6801] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 63.462943][ T6801] RDX: 00007ffc817db383 RSI: 00000000000001ff RDI: 00007ffc817db380 [ 63.470918][ T6801] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 63.478900][ T6801] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185c0 [ 63.486897][ T6801] R13: 00007ffc817db370 R14: 0000000000000000 R15: 00007ffc817db380 [ 63.543509][ T6801] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6801 [ 63.553480][ T6801] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.559747][ T6801] CPU: 1 PID: 6801 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 63.568669][ T6801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.579269][ T6801] Call Trace: [ 63.582622][ T6801] dump_stack+0x18f/0x20d [ 63.587420][ T6801] check_preemption_disabled+0x20d/0x220 [ 63.593075][ T6801] ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.598306][ T6801] ? ext4_ext_search_right+0x2ca/0xb20 [ 63.603834][ T6801] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 63.609784][ T6801] ext4_ext_map_blocks+0x201b/0x33e0 [ 63.615179][ T6801] ? ext4_ext_release+0x10/0x10 [ 63.620386][ T6801] ? down_write_killable+0x170/0x170 [ 63.626183][ T6801] ? ext4_es_lookup_extent+0x41d/0xd10 [ 63.631777][ T6801] ext4_map_blocks+0x4cb/0x1640 [ 63.636747][ T6801] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 63.642231][ T6801] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.647868][ T6801] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.653923][ T6801] ? prandom_u32_state+0xe/0x170 [ 63.658926][ T6801] ? __brelse+0x84/0xa0 [ 63.663212][ T6801] ? __ext4_new_inode+0x144/0x55e0 [ 63.668449][ T6801] ext4_getblk+0xad/0x520 [ 63.672947][ T6801] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 63.678658][ T6801] ? ext4_free_inode+0x1700/0x1700 [ 63.684070][ T6801] ext4_bread+0x7c/0x380 [ 63.688326][ T6801] ? ext4_getblk+0x520/0x520 [ 63.693541][ T6801] ? dquot_get_next_dqblk+0x180/0x180 [ 63.699188][ T6801] ext4_append+0x153/0x360 [ 63.703851][ T6801] ext4_mkdir+0x5e0/0xdf0 [ 63.708419][ T6801] ? ext4_rmdir+0xde0/0xde0 [ 63.712922][ T6801] ? security_inode_permission+0xc4/0xf0 [ 63.718553][ T6801] vfs_mkdir+0x419/0x690 [ 63.723009][ T6801] do_mkdirat+0x21e/0x280 [ 63.727331][ T6801] ? __ia32_sys_mknod+0xb0/0xb0 [ 63.732312][ T6801] ? do_syscall_64+0x1c/0xe0 [ 63.736893][ T6801] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.742957][ T6801] do_syscall_64+0x60/0xe0 [ 63.747483][ T6801] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.753603][ T6801] RIP: 0033:0x45bed7 [ 63.757612][ T6801] Code: Bad RIP value. [ 63.761740][ T6801] RSP: 002b:00007ffc817db338 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 63.770178][ T6801] RAX: ffffffffffffffda RBX: 000000000000f82c RCX: 000000000045bed7 [ 63.778397][ T6801] RDX: 00007ffc817db383 RSI: 00000000000001ff RDI: 00007ffc817db380 [ 63.786498][ T6801] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/15 22:48:05 building call list... [ 63.794588][ T6801] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 63.802712][ T6801] R13: 00007ffc817db370 R14: 000000000000f819 R15: 00007ffc817db380 [ 64.030952][ T21] tipc: TX() has been purged, node left! [ 64.543304][ T21] ================================================================== [ 64.551687][ T21] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 64.559710][ T21] Write of size 1 at addr ffff88809783f1e4 by task kworker/u4:1/21 [ 64.567602][ T21] [ 64.570035][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.578969][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.589299][ T21] Workqueue: netns cleanup_net [ 64.594273][ T21] Call Trace: [ 64.597576][ T21] dump_stack+0x18f/0x20d [ 64.602053][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 64.607607][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 64.613158][ T21] ? afs_put_call+0xa40/0xa40 [ 64.618627][ T21] print_address_description.constprop.0.cold+0xd3/0x413 [ 64.625757][ T21] ? vprintk_func+0x97/0x1a6 [ 64.630369][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 64.636379][ T21] kasan_report.cold+0x1f/0x37 [ 64.641298][ T21] ? rcu_read_lock_held_common+0x51/0xa0 [ 64.647072][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 64.652690][ T21] afs_wake_up_async_call+0x6aa/0x770 [ 64.658072][ T21] ? afs_close_socket+0x320/0x320 [ 64.663154][ T21] ? afs_put_call+0xa40/0xa40 [ 64.667841][ T21] rxrpc_notify_socket+0x1db/0x5d0 [ 64.672966][ T21] ? afs_put_call+0xa40/0xa40 [ 64.677651][ T21] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 64.684095][ T21] rxrpc_call_completed+0xca/0xf0 [ 64.689171][ T21] rxrpc_discard_prealloc+0x781/0xab0 [ 64.694770][ T21] ? lock_sock_nested+0x94/0x110 [ 64.699791][ T21] rxrpc_listen+0x147/0x360 [ 64.704327][ T21] afs_close_socket+0x95/0x320 [ 64.709097][ T21] ? afs_purge_servers+0x16d/0x300 [ 64.714358][ T21] ? afs_rx_discard_new_call+0x50/0x50 [ 64.719830][ T21] ? init_wait_var_entry+0x200/0x200 [ 64.725302][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 64.731046][ T21] ? check_preemption_disabled+0x38/0x220 [ 64.737001][ T21] afs_net_exit+0x1bc/0x310 [ 64.742363][ T21] ? afs_net_init+0xe30/0xe30 [ 64.747199][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 64.752443][ T21] cleanup_net+0x511/0xa50 [ 64.757393][ T21] ? unregister_pernet_device+0x70/0x70 [ 64.763078][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.769283][ T21] process_one_work+0x965/0x1690 [ 64.774432][ T21] ? lock_release+0x800/0x800 [ 64.779120][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 64.784509][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 64.789470][ T21] worker_thread+0x96/0xe10 [ 64.794057][ T21] ? process_one_work+0x1690/0x1690 [ 64.799476][ T21] kthread+0x3b5/0x4a0 [ 64.803560][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.809294][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.815191][ T21] ret_from_fork+0x1f/0x30 [ 64.819628][ T21] [ 64.822051][ T21] Allocated by task 6801: [ 64.826691][ T21] save_stack+0x1b/0x40 [ 64.830867][ T21] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 64.836715][ T21] kmem_cache_alloc_trace+0x153/0x7d0 [ 64.842788][ T21] afs_alloc_call+0x55/0x630 [ 64.847496][ T21] afs_charge_preallocation+0xe9/0x2d0 [ 64.852960][ T21] afs_open_socket+0x292/0x360 [ 64.857725][ T21] afs_net_init+0xa6c/0xe30 [ 64.862236][ T21] ops_init+0xaf/0x420 [ 64.866312][ T21] setup_net+0x2de/0x860 [ 64.870691][ T21] copy_net_ns+0x293/0x590 [ 64.875166][ T21] create_new_namespaces+0x3fb/0xb30 [ 64.880456][ T21] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 64.886323][ T21] ksys_unshare+0x43d/0x8e0 [ 64.890928][ T21] __x64_sys_unshare+0x2d/0x40 [ 64.895702][ T21] do_syscall_64+0x60/0xe0 [ 64.900496][ T21] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.906423][ T21] [ 64.908782][ T21] Freed by task 21: [ 64.912605][ T21] save_stack+0x1b/0x40 [ 64.916884][ T21] __kasan_slab_free+0xf7/0x140 [ 64.921811][ T21] kfree+0x109/0x2b0 [ 64.925715][ T21] afs_put_call+0x585/0xa40 [ 64.930411][ T21] rxrpc_discard_prealloc+0x764/0xab0 [ 64.935791][ T21] rxrpc_listen+0x147/0x360 [ 64.940303][ T21] afs_close_socket+0x95/0x320 [ 64.945171][ T21] afs_net_exit+0x1bc/0x310 [ 64.949697][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 64.955467][ T21] cleanup_net+0x511/0xa50 [ 64.959919][ T21] process_one_work+0x965/0x1690 [ 64.964974][ T21] worker_thread+0x96/0xe10 [ 64.969485][ T21] kthread+0x3b5/0x4a0 [ 64.973561][ T21] ret_from_fork+0x1f/0x30 [ 64.978069][ T21] [ 64.980409][ T21] The buggy address belongs to the object at ffff88809783f000 [ 64.980409][ T21] which belongs to the cache kmalloc-1k of size 1024 [ 64.994616][ T21] The buggy address is located 484 bytes inside of [ 64.994616][ T21] 1024-byte region [ffff88809783f000, ffff88809783f400) [ 65.007974][ T21] The buggy address belongs to the page: [ 65.013788][ T21] page:ffffea00025e0fc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 65.023118][ T21] flags: 0xfffe0000000200(slab) [ 65.028071][ T21] raw: 00fffe0000000200 ffffea0002831ac8 ffffea00029e7e88 ffff8880aa000c40 [ 65.036680][ T21] raw: 0000000000000000 ffff88809783f000 0000000100000002 0000000000000000 [ 65.045568][ T21] page dumped because: kasan: bad access detected [ 65.052041][ T21] [ 65.054372][ T21] Memory state around the buggy address: [ 65.060031][ T21] ffff88809783f080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.068122][ T21] ffff88809783f100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.076277][ T21] >ffff88809783f180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.084340][ T21] ^ [ 65.091540][ T21] ffff88809783f200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.099611][ T21] ffff88809783f280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.108462][ T21] ================================================================== [ 65.116668][ T21] Disabling lock debugging due to kernel taint [ 65.122884][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 65.129475][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 65.139262][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.149628][ T21] Workqueue: netns cleanup_net [ 65.154487][ T21] Call Trace: [ 65.157906][ T21] dump_stack+0x18f/0x20d [ 65.162252][ T21] ? afs_wake_up_async_call+0x670/0x770 [ 65.167898][ T21] ? afs_put_call+0xa40/0xa40 [ 65.172691][ T21] panic+0x2e3/0x75c [ 65.176609][ T21] ? __warn_printk+0xf3/0xf3 [ 65.181342][ T21] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 65.187509][ T21] ? trace_hardirqs_on+0x55/0x220 [ 65.192672][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.198220][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.203767][ T21] ? afs_put_call+0xa40/0xa40 [ 65.208450][ T21] end_report+0x4d/0x53 [ 65.212619][ T21] kasan_report.cold+0xd/0x37 [ 65.217392][ T21] ? rcu_read_lock_held_common+0x51/0xa0 [ 65.223118][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.228668][ T21] afs_wake_up_async_call+0x6aa/0x770 [ 65.235213][ T21] ? afs_close_socket+0x320/0x320 [ 65.240243][ T21] ? afs_put_call+0xa40/0xa40 [ 65.245001][ T21] rxrpc_notify_socket+0x1db/0x5d0 [ 65.250296][ T21] ? afs_put_call+0xa40/0xa40 [ 65.254983][ T21] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 65.261399][ T21] rxrpc_call_completed+0xca/0xf0 [ 65.266515][ T21] rxrpc_discard_prealloc+0x781/0xab0 [ 65.272211][ T21] ? lock_sock_nested+0x94/0x110 [ 65.277224][ T21] rxrpc_listen+0x147/0x360 [ 65.281830][ T21] afs_close_socket+0x95/0x320 [ 65.286595][ T21] ? afs_purge_servers+0x16d/0x300 [ 65.291967][ T21] ? afs_rx_discard_new_call+0x50/0x50 [ 65.297586][ T21] ? init_wait_var_entry+0x200/0x200 [ 65.303557][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 65.309662][ T21] ? check_preemption_disabled+0x38/0x220 [ 65.315381][ T21] afs_net_exit+0x1bc/0x310 [ 65.320215][ T21] ? afs_net_init+0xe30/0xe30 [ 65.324897][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 65.330273][ T21] cleanup_net+0x511/0xa50 [ 65.335020][ T21] ? unregister_pernet_device+0x70/0x70 [ 65.340944][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.346952][ T21] process_one_work+0x965/0x1690 [ 65.352185][ T21] ? lock_release+0x800/0x800 [ 65.357153][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 65.362577][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 65.367692][ T21] worker_thread+0x96/0xe10 [ 65.372306][ T21] ? process_one_work+0x1690/0x1690 [ 65.377605][ T21] kthread+0x3b5/0x4a0 [ 65.381684][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 65.387406][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 65.393226][ T21] ret_from_fork+0x1f/0x30 [ 65.399352][ T21] Kernel Offset: disabled [ 65.403834][ T21] Rebooting in 86400 seconds..