[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. [ 59.599593][ T6789] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6789 [ 59.599609][ T6789] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.599620][ T6789] CPU: 0 PID: 6789 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 59.599625][ T6789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.599629][ T6789] Call Trace: [ 59.599641][ T6789] dump_stack+0x18f/0x20d [ 59.599656][ T6789] check_preemption_disabled+0x20d/0x220 [ 59.599666][ T6789] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.599684][ T6789] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.599694][ T6789] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.599718][ T6789] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.599742][ T6789] ? ext4_ext_release+0x10/0x10 [ 59.599773][ T6789] ? down_write_killable+0x170/0x170 [ 59.599787][ T6789] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.599808][ T6789] ext4_map_blocks+0x4cb/0x1640 [ 59.599829][ T6789] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.599844][ T6789] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.599859][ T6789] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.599878][ T6789] ? prandom_u32_state+0xe/0x170 [ 59.712961][ T6789] ? __brelse+0x84/0xa0 [ 59.712978][ T6789] ? __ext4_new_inode+0x144/0x55e0 [ 59.712997][ T6789] ext4_getblk+0xad/0x520 [ 59.713020][ T6789] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.732413][ T6789] ? ext4_free_inode+0x1700/0x1700 [ 59.732431][ T6789] ext4_bread+0x7c/0x380 [ 59.732500][ T6789] ? ext4_getblk+0x520/0x520 [ 59.746437][ T6789] ? dquot_get_next_dqblk+0x180/0x180 [ 59.746460][ T6789] ext4_append+0x153/0x360 [ 59.746480][ T6789] ext4_mkdir+0x5e0/0xdf0 [ 59.746503][ T6789] ? ext4_rmdir+0xde0/0xde0 [ 59.765188][ T6789] ? security_inode_permission+0xc4/0xf0 [ 59.765211][ T6789] vfs_mkdir+0x419/0x690 [ 59.765229][ T6789] do_mkdirat+0x21e/0x280 [ 59.765244][ T6789] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.765266][ T6789] ? do_syscall_64+0x1c/0xe0 [ 59.789557][ T6789] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.789581][ T6789] do_syscall_64+0x60/0xe0 [ 59.789602][ T6789] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.789616][ T6789] RIP: 0033:0x7fe93df84687 [ 59.789621][ T6789] Code: Bad RIP value. [ 59.789629][ T6789] RSP: 002b:00007ffefe7f3db8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.789643][ T6789] RAX: ffffffffffffffda RBX: 0000557118925985 RCX: 00007fe93df84687 [ 59.789652][ T6789] RDX: 00007ffefe7f3c80 RSI: 00000000000001ed RDI: 0000557118925985 [ 59.789660][ T6789] RBP: 00007fe93df84680 R08: 0000000000000100 R09: 0000000000000000 [ 59.789689][ T6789] R10: 0000557118925980 R11: 0000000000000246 R12: 00000000000001ed [ 59.856653][ T6789] R13: 00007ffefe7f3f40 R14: 0000000000000000 R15: 0000000000000000 [ 59.970343][ T21] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:1/21 [ 59.979594][ T21] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.985850][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc1-syzkaller #0 [ 59.994132][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.004180][ T21] Workqueue: writeback wb_workfn (flush-8:0) [ 60.010143][ T21] Call Trace: [ 60.013417][ T21] dump_stack+0x18f/0x20d [ 60.017752][ T21] check_preemption_disabled+0x20d/0x220 [ 60.023366][ T21] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.028630][ T21] ? ext4_find_extent+0x81a/0xad0 [ 60.033639][ T21] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.039075][ T21] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.044781][ T21] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.050050][ T21] ? ext4_ext_release+0x10/0x10 [ 60.054908][ T21] ? down_write_killable+0x170/0x170 [ 60.060169][ T21] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.065638][ T21] ext4_map_blocks+0x4cb/0x1640 [ 60.070487][ T21] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.075667][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.081197][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.087428][ T21] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 60.092879][ T21] ext4_writepages+0x1a7b/0x33c0 [ 60.097809][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 60.103420][ T21] ? __lock_acquire+0x2224/0x48b0 [ 60.108429][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 60.114387][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 60.120347][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 60.125956][ T21] ? do_writepages+0xfa/0x2a0 [ 60.130607][ T21] do_writepages+0xfa/0x2a0 [ 60.135303][ T21] ? page_writeback_cpu_online+0x10/0x10 [ 60.140968][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.146542][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.152647][ T21] ? lock_downgrade+0x840/0x840 [ 60.157497][ T21] __writeback_single_inode+0x12a/0x13d0 [ 60.163136][ T21] ? _raw_spin_unlock+0x24/0x40 [ 60.167987][ T21] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 60.174035][ T21] writeback_sb_inodes+0x515/0xdc0 [ 60.179131][ T21] ? __writeback_single_inode+0x13d0/0x13d0 [ 60.185188][ T21] __writeback_inodes_wb+0xc3/0x250 [ 60.190379][ T21] wb_writeback+0x8db/0xd50 [ 60.194876][ T21] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 60.201194][ T21] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 60.207064][ T21] ? cpumask_next+0x3c/0x40 [ 60.211635][ T21] ? get_nr_dirty_inodes+0xd6/0x130 [ 60.216814][ T21] wb_workfn+0xab3/0x1090 [ 60.221125][ T21] ? inode_wait_for_writeback+0x30/0x30 [ 60.226653][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.232187][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.238149][ T21] process_one_work+0x965/0x1690 [ 60.243084][ T21] ? lock_release+0x800/0x800 [ 60.247736][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 60.253089][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 60.258019][ T21] worker_thread+0x96/0xe10 [ 60.262509][ T21] ? process_one_work+0x1690/0x1690 [ 60.267689][ T21] kthread+0x3b5/0x4a0 [ 60.271746][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.279340][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.285064][ T21] ret_from_fork+0x1f/0x30 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.66' (ECDSA) to the list of known hosts. 2020/06/15 22:30:05 fuzzer started 2020/06/15 22:30:06 connecting to host at 10.128.0.26:45355 2020/06/15 22:30:06 checking machine... 2020/06/15 22:30:06 checking revisions... 2020/06/15 22:30:06 testing simple program... syzkaller login: [ 64.792133][ T6804] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6804 [ 64.802122][ T6804] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.808043][ T6804] CPU: 0 PID: 6804 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 64.816421][ T6804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.827785][ T6804] Call Trace: [ 64.831563][ T6804] dump_stack+0x18f/0x20d [ 64.835976][ T6804] check_preemption_disabled+0x20d/0x220 [ 64.841601][ T6804] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.846712][ T6804] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.852168][ T6804] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.857879][ T6804] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.863149][ T6804] ? ext4_ext_release+0x10/0x10 [ 64.867990][ T6804] ? down_write_killable+0x170/0x170 [ 64.873427][ T6804] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.878967][ T6804] ext4_map_blocks+0x4cb/0x1640 [ 64.883885][ T6804] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.889084][ T6804] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.894653][ T6804] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.900631][ T6804] ? prandom_u32_state+0xe/0x170 [ 64.905569][ T6804] ? __brelse+0x84/0xa0 [ 64.909715][ T6804] ? __ext4_new_inode+0x144/0x55e0 [ 64.915002][ T6804] ext4_getblk+0xad/0x520 [ 64.919430][ T6804] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.925309][ T6804] ? ext4_free_inode+0x1700/0x1700 [ 64.930931][ T6804] ext4_bread+0x7c/0x380 [ 64.935170][ T6804] ? ext4_getblk+0x520/0x520 [ 64.940107][ T6804] ? dquot_get_next_dqblk+0x180/0x180 [ 64.945459][ T6804] ext4_append+0x153/0x360 [ 64.949863][ T6804] ext4_mkdir+0x5e0/0xdf0 [ 64.954186][ T6804] ? ext4_rmdir+0xde0/0xde0 [ 64.958764][ T6804] ? security_inode_permission+0xc4/0xf0 [ 64.964468][ T6804] vfs_mkdir+0x419/0x690 [ 64.968711][ T6804] do_mkdirat+0x21e/0x280 [ 64.973035][ T6804] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.977884][ T6804] ? do_syscall_64+0x1c/0xe0 [ 64.982545][ T6804] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.988693][ T6804] do_syscall_64+0x60/0xe0 [ 64.993091][ T6804] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.999231][ T6804] RIP: 0033:0x4b02a0 [ 65.003107][ T6804] Code: Bad RIP value. [ 65.007160][ T6804] RSP: 002b:000000c00004f4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 65.015561][ T6804] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 65.023622][ T6804] RDX: 00000000000001c0 RSI: 000000c000026bc0 RDI: ffffffffffffff9c [ 65.031591][ T6804] RBP: 000000c00004f510 R08: 0000000000000000 R09: 0000000000000000 [ 65.039556][ T6804] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 65.047603][ T6804] R13: 000000000000005f R14: 000000000000005e R15: 0000000000000100 [ 65.103328][ T6818] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6818 [ 65.112821][ T6818] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.119121][ T6818] CPU: 1 PID: 6818 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.127721][ T6818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.137781][ T6818] Call Trace: [ 65.141089][ T6818] dump_stack+0x18f/0x20d [ 65.145442][ T6818] check_preemption_disabled+0x20d/0x220 [ 65.151377][ T6818] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.156724][ T6818] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.162263][ T6818] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.167998][ T6818] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.173720][ T6818] ? ext4_ext_release+0x10/0x10 [ 65.178579][ T6818] ? down_write_killable+0x170/0x170 [ 65.183849][ T6818] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.189310][ T6818] ext4_map_blocks+0x4cb/0x1640 [ 65.194262][ T6818] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.199460][ T6818] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.205119][ T6818] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.211088][ T6818] ? prandom_u32_state+0xe/0x170 [ 65.216009][ T6818] ? __brelse+0x84/0xa0 [ 65.220176][ T6818] ? __ext4_new_inode+0x144/0x55e0 [ 65.225315][ T6818] ext4_getblk+0xad/0x520 [ 65.229637][ T6818] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.235358][ T6818] ? ext4_free_inode+0x1700/0x1700 [ 65.240605][ T6818] ext4_bread+0x7c/0x380 [ 65.245124][ T6818] ? ext4_getblk+0x520/0x520 [ 65.249831][ T6818] ? dquot_get_next_dqblk+0x180/0x180 [ 65.255207][ T6818] ext4_append+0x153/0x360 [ 65.259625][ T6818] ext4_mkdir+0x5e0/0xdf0 [ 65.263965][ T6818] ? ext4_rmdir+0xde0/0xde0 [ 65.268502][ T6818] ? security_inode_permission+0xc4/0xf0 [ 65.274157][ T6818] vfs_mkdir+0x419/0x690 [ 65.278409][ T6818] do_mkdirat+0x21e/0x280 [ 65.282832][ T6818] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.287672][ T6818] ? do_syscall_64+0x1c/0xe0 [ 65.292273][ T6818] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.298263][ T6818] do_syscall_64+0x60/0xe0 [ 65.302807][ T6818] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.308703][ T6818] RIP: 0033:0x45bed7 [ 65.312618][ T6818] Code: Bad RIP value. [ 65.316680][ T6818] RSP: 002b:00007ffebb97ae78 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 65.325092][ T6818] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 65.333064][ T6818] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffebb97b050 [ 65.341021][ T6818] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003740 [ 65.348985][ T6818] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 65.356952][ T6818] R13: 00007ffebb97b050 R14: 8421084210842109 R15: 00007ffebb97b05c [ 65.446285][ T6819] IPVS: ftp: loaded support on port[0] = 21 [ 65.482627][ T6819] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6819 [ 65.492332][ T6819] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.498372][ T6819] CPU: 0 PID: 6819 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.506965][ T6819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.517058][ T6819] Call Trace: [ 65.520363][ T6819] dump_stack+0x18f/0x20d [ 65.525637][ T6819] check_preemption_disabled+0x20d/0x220 [ 65.531383][ T6819] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.536608][ T6819] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.542071][ T6819] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.547802][ T6819] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.553122][ T6819] ? ext4_ext_release+0x10/0x10 [ 65.557987][ T6819] ? down_write_killable+0x170/0x170 [ 65.563278][ T6819] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.568738][ T6819] ext4_map_blocks+0x4cb/0x1640 [ 65.573773][ T6819] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.578965][ T6819] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.584492][ T6819] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.590484][ T6819] ? prandom_u32_state+0xe/0x170 [ 65.595421][ T6819] ? __brelse+0x84/0xa0 [ 65.599580][ T6819] ? __ext4_new_inode+0x144/0x55e0 [ 65.604684][ T6819] ext4_getblk+0xad/0x520 [ 65.609009][ T6819] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.614806][ T6819] ? ext4_free_inode+0x1700/0x1700 [ 65.619912][ T6819] ext4_bread+0x7c/0x380 [ 65.624185][ T6819] ? ext4_getblk+0x520/0x520 [ 65.628755][ T6819] ? dquot_get_next_dqblk+0x180/0x180 [ 65.634115][ T6819] ext4_append+0x153/0x360 [ 65.638523][ T6819] ext4_mkdir+0x5e0/0xdf0 [ 65.642838][ T6819] ? ext4_rmdir+0xde0/0xde0 [ 65.647322][ T6819] ? security_inode_permission+0xc4/0xf0 [ 65.654329][ T6819] vfs_mkdir+0x419/0x690 [ 65.658559][ T6819] do_mkdirat+0x21e/0x280 [ 65.662872][ T6819] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.667702][ T6819] ? do_syscall_64+0x1c/0xe0 [ 65.672304][ T6819] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.678282][ T6819] do_syscall_64+0x60/0xe0 [ 65.682682][ T6819] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.688574][ T6819] RIP: 0033:0x45bed7 [ 65.692540][ T6819] Code: Bad RIP value. [ 65.696611][ T6819] RSP: 002b:00007ffebb97ad68 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 65.705109][ T6819] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 65.713073][ T6819] RDX: 00007ffebb97adb3 RSI: 00000000000001ff RDI: 00007ffebb97adb0 [ 65.721048][ T6819] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 65.729014][ T6819] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185c0 [ 65.736966][ T6819] R13: 00007ffebb97ada0 R14: 0000000000000000 R15: 00007ffebb97adb0 [ 65.790987][ T6819] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6819 [ 65.800736][ T6819] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.806645][ T6819] CPU: 0 PID: 6819 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.815411][ T6819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.825566][ T6819] Call Trace: [ 65.829074][ T6819] dump_stack+0x18f/0x20d [ 65.833416][ T6819] check_preemption_disabled+0x20d/0x220 [ 65.839078][ T6819] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.844261][ T6819] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.849735][ T6819] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.855475][ T6819] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.860791][ T6819] ? ext4_ext_release+0x10/0x10 [ 65.865678][ T6819] ? down_write_killable+0x170/0x170 [ 65.871004][ T6819] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.876484][ T6819] ext4_map_blocks+0x4cb/0x1640 [ 65.881367][ T6819] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.886682][ T6819] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.892966][ T6819] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.899113][ T6819] ? prandom_u32_state+0xe/0x170 [ 65.904053][ T6819] ? __brelse+0x84/0xa0 [ 65.908322][ T6819] ? __ext4_new_inode+0x144/0x55e0 [ 65.913698][ T6819] ext4_getblk+0xad/0x520 [ 65.918035][ T6819] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.923943][ T6819] ? ext4_free_inode+0x1700/0x1700 [ 65.929041][ T6819] ext4_bread+0x7c/0x380 [ 65.933264][ T6819] ? ext4_getblk+0x520/0x520 [ 65.937851][ T6819] ? dquot_get_next_dqblk+0x180/0x180 [ 65.943205][ T6819] ext4_append+0x153/0x360 [ 65.947600][ T6819] ext4_mkdir+0x5e0/0xdf0 [ 65.951933][ T6819] ? ext4_rmdir+0xde0/0xde0 [ 65.956431][ T6819] ? security_inode_permission+0xc4/0xf0 [ 65.962142][ T6819] vfs_mkdir+0x419/0x690 [ 65.966365][ T6819] do_mkdirat+0x21e/0x280 [ 65.971759][ T6819] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.977218][ T6819] ? do_syscall_64+0x1c/0xe0 [ 65.981920][ T6819] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 2020/06/15 22:30:07 building call list... [ 65.988162][ T6819] do_syscall_64+0x60/0xe0 [ 65.992576][ T6819] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.998543][ T6819] RIP: 0033:0x45bed7 [ 66.002422][ T6819] Code: Bad RIP value. [ 66.006474][ T6819] RSP: 002b:00007ffebb97ad68 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 66.015839][ T6819] RAX: ffffffffffffffda RBX: 00000000000100f3 RCX: 000000000045bed7 [ 66.023902][ T6819] RDX: 00007ffebb97adb3 RSI: 00000000000001ff RDI: 00007ffebb97adb0 [ 66.031870][ T6819] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 66.039916][ T6819] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 66.047959][ T6819] R13: 00007ffebb97ada0 R14: 00000000000100ee R15: 00007ffebb97adb0 [ 66.238654][ T368] tipc: TX() has been purged, node left! [ 66.760859][ T368] ================================================================== [ 66.769096][ T368] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 66.777067][ T368] Write of size 1 at addr ffff8880909c69e4 by task kworker/u4:4/368 [ 66.785030][ T368] [ 66.787359][ T368] CPU: 0 PID: 368 Comm: kworker/u4:4 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.795676][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.805862][ T368] Workqueue: netns cleanup_net [ 66.812184][ T368] Call Trace: [ 66.815903][ T368] dump_stack+0x18f/0x20d [ 66.820242][ T368] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.825794][ T368] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.831356][ T368] ? afs_put_call+0xa40/0xa40 [ 66.836034][ T368] print_address_description.constprop.0.cold+0xd3/0x413 [ 66.843059][ T368] ? vprintk_func+0x97/0x1a6 [ 66.847758][ T368] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.853387][ T368] kasan_report.cold+0x1f/0x37 [ 66.858166][ T368] ? rcu_read_lock_held_common+0x51/0xa0 [ 66.863837][ T368] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.869386][ T368] afs_wake_up_async_call+0x6aa/0x770 [ 66.874754][ T368] ? afs_close_socket+0x320/0x320 [ 66.879778][ T368] ? afs_put_call+0xa40/0xa40 [ 66.884625][ T368] rxrpc_notify_socket+0x1db/0x5d0 [ 66.889762][ T368] ? afs_put_call+0xa40/0xa40 [ 66.894457][ T368] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 66.900871][ T368] rxrpc_call_completed+0xca/0xf0 [ 66.906247][ T368] rxrpc_discard_prealloc+0x781/0xab0 [ 66.911625][ T368] ? lock_sock_nested+0x94/0x110 [ 66.916584][ T368] rxrpc_listen+0x147/0x360 [ 66.921096][ T368] afs_close_socket+0x95/0x320 [ 66.925865][ T368] ? afs_purge_servers+0x16d/0x300 [ 66.930975][ T368] ? afs_rx_discard_new_call+0x50/0x50 [ 66.936438][ T368] ? init_wait_var_entry+0x200/0x200 [ 66.941726][ T368] ? rcu_read_lock_held_common+0xa0/0xa0 [ 66.947376][ T368] ? check_preemption_disabled+0x38/0x220 [ 66.953097][ T368] afs_net_exit+0x1bc/0x310 [ 66.957596][ T368] ? afs_net_init+0xe30/0xe30 [ 66.962618][ T368] ops_exit_list.isra.0+0xa8/0x150 [ 66.967731][ T368] cleanup_net+0x511/0xa50 [ 66.972151][ T368] ? unregister_pernet_device+0x70/0x70 [ 66.977699][ T368] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.983690][ T368] process_one_work+0x965/0x1690 [ 66.988639][ T368] ? lock_release+0x800/0x800 [ 66.993347][ T368] ? pwq_dec_nr_in_flight+0x310/0x310 [ 66.998726][ T368] ? rwlock_bug.part.0+0x90/0x90 [ 67.004020][ T368] worker_thread+0x96/0xe10 [ 67.009056][ T368] ? process_one_work+0x1690/0x1690 [ 67.014255][ T368] kthread+0x3b5/0x4a0 [ 67.018343][ T368] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.024070][ T368] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.029819][ T368] ret_from_fork+0x1f/0x30 [ 67.034252][ T368] [ 67.036579][ T368] Allocated by task 6819: [ 67.040908][ T368] save_stack+0x1b/0x40 [ 67.045080][ T368] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 67.050733][ T368] kmem_cache_alloc_trace+0x153/0x7d0 [ 67.056102][ T368] afs_alloc_call+0x55/0x630 [ 67.060782][ T368] afs_charge_preallocation+0xe9/0x2d0 [ 67.066236][ T368] afs_open_socket+0x292/0x360 [ 67.070994][ T368] afs_net_init+0xa6c/0xe30 [ 67.075489][ T368] ops_init+0xaf/0x420 [ 67.079553][ T368] setup_net+0x2de/0x860 [ 67.083812][ T368] copy_net_ns+0x293/0x590 [ 67.088223][ T368] create_new_namespaces+0x3fb/0xb30 [ 67.093590][ T368] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 67.099217][ T368] ksys_unshare+0x43d/0x8e0 [ 67.103716][ T368] __x64_sys_unshare+0x2d/0x40 [ 67.108479][ T368] do_syscall_64+0x60/0xe0 [ 67.112903][ T368] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.118781][ T368] [ 67.121100][ T368] Freed by task 368: [ 67.125006][ T368] save_stack+0x1b/0x40 [ 67.129155][ T368] __kasan_slab_free+0xf7/0x140 [ 67.133999][ T368] kfree+0x109/0x2b0 [ 67.137887][ T368] afs_put_call+0x585/0xa40 [ 67.142389][ T368] rxrpc_discard_prealloc+0x764/0xab0 [ 67.147773][ T368] rxrpc_listen+0x147/0x360 [ 67.152305][ T368] afs_close_socket+0x95/0x320 [ 67.157097][ T368] afs_net_exit+0x1bc/0x310 [ 67.161715][ T368] ops_exit_list.isra.0+0xa8/0x150 [ 67.166820][ T368] cleanup_net+0x511/0xa50 [ 67.171239][ T368] process_one_work+0x965/0x1690 [ 67.176301][ T368] worker_thread+0x96/0xe10 [ 67.180848][ T368] kthread+0x3b5/0x4a0 [ 67.185008][ T368] ret_from_fork+0x1f/0x30 [ 67.189428][ T368] [ 67.191754][ T368] The buggy address belongs to the object at ffff8880909c6800 [ 67.191754][ T368] which belongs to the cache kmalloc-1k of size 1024 [ 67.205972][ T368] The buggy address is located 484 bytes inside of [ 67.205972][ T368] 1024-byte region [ffff8880909c6800, ffff8880909c6c00) [ 67.219763][ T368] The buggy address belongs to the page: [ 67.225404][ T368] page:ffffea0002427180 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 67.234506][ T368] flags: 0xfffe0000000200(slab) [ 67.239356][ T368] raw: 00fffe0000000200 ffffea00028b87c8 ffffea0002a4af88 ffff8880aa000c40 [ 67.248214][ T368] raw: 0000000000000000 ffff8880909c6000 0000000100000002 0000000000000000 [ 67.256962][ T368] page dumped because: kasan: bad access detected [ 67.263375][ T368] [ 67.265701][ T368] Memory state around the buggy address: [ 67.271332][ T368] ffff8880909c6880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.279473][ T368] ffff8880909c6900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.287670][ T368] >ffff8880909c6980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.295735][ T368] ^ [ 67.302929][ T368] ffff8880909c6a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.311555][ T368] ffff8880909c6a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.320334][ T368] ================================================================== [ 67.328384][ T368] Disabling lock debugging due to kernel taint [ 67.334680][ T368] Kernel panic - not syncing: panic_on_warn set ... [ 67.341284][ T368] CPU: 0 PID: 368 Comm: kworker/u4:4 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 67.351535][ T368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.361600][ T368] Workqueue: netns cleanup_net [ 67.366361][ T368] Call Trace: [ 67.369650][ T368] dump_stack+0x18f/0x20d [ 67.374595][ T368] ? afs_wake_up_async_call+0x670/0x770 [ 67.380142][ T368] ? afs_put_call+0xa40/0xa40 [ 67.385327][ T368] panic+0x2e3/0x75c [ 67.389227][ T368] ? __warn_printk+0xf3/0xf3 [ 67.393848][ T368] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 67.400048][ T368] ? trace_hardirqs_on+0x55/0x220 [ 67.405078][ T368] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.410620][ T368] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.416176][ T368] ? afs_put_call+0xa40/0xa40 [ 67.420849][ T368] end_report+0x4d/0x53 [ 67.425153][ T368] kasan_report.cold+0xd/0x37 [ 67.429847][ T368] ? rcu_read_lock_held_common+0x51/0xa0 [ 67.435562][ T368] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.441107][ T368] afs_wake_up_async_call+0x6aa/0x770 [ 67.446479][ T368] ? afs_close_socket+0x320/0x320 [ 67.451501][ T368] ? afs_put_call+0xa40/0xa40 [ 67.456181][ T368] rxrpc_notify_socket+0x1db/0x5d0 [ 67.461387][ T368] ? afs_put_call+0xa40/0xa40 [ 67.466060][ T368] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.472557][ T368] rxrpc_call_completed+0xca/0xf0 [ 67.477584][ T368] rxrpc_discard_prealloc+0x781/0xab0 [ 67.482987][ T368] ? lock_sock_nested+0x94/0x110 [ 67.487919][ T368] rxrpc_listen+0x147/0x360 [ 67.492417][ T368] afs_close_socket+0x95/0x320 [ 67.497173][ T368] ? afs_purge_servers+0x16d/0x300 [ 67.502284][ T368] ? afs_rx_discard_new_call+0x50/0x50 [ 67.507735][ T368] ? init_wait_var_entry+0x200/0x200 [ 67.513015][ T368] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.518641][ T368] ? check_preemption_disabled+0x38/0x220 [ 67.524445][ T368] afs_net_exit+0x1bc/0x310 [ 67.528942][ T368] ? afs_net_init+0xe30/0xe30 [ 67.533609][ T368] ops_exit_list.isra.0+0xa8/0x150 [ 67.538712][ T368] cleanup_net+0x511/0xa50 [ 67.543148][ T368] ? unregister_pernet_device+0x70/0x70 [ 67.548693][ T368] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.554668][ T368] process_one_work+0x965/0x1690 [ 67.559735][ T368] ? lock_release+0x800/0x800 [ 67.564435][ T368] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.569810][ T368] ? rwlock_bug.part.0+0x90/0x90 [ 67.574831][ T368] worker_thread+0x96/0xe10 [ 67.579340][ T368] ? process_one_work+0x1690/0x1690 [ 67.584535][ T368] kthread+0x3b5/0x4a0 [ 67.588598][ T368] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.594310][ T368] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.600023][ T368] ret_from_fork+0x1f/0x30 [ 67.605957][ T368] Kernel Offset: disabled [ 67.610311][ T368] Rebooting in 86400 seconds..