Starting System Logging Service... [ OK ] Started Daily apt upgrade and clean activities. [ OK ] Reached target Timers. Starting getty on tty2-tty6 if dbus and logind are not available... Starting OpenBSD Secure Shell server... [ OK ] Started Regular background program processing daemon. [ OK ] Started Permit User Sessions. [ OK ] Started System Logging Service. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ 54.256326][ T6734] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6734 [ 54.266733][ T6734] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 54.272638][ T6734] CPU: 0 PID: 6734 Comm: systemd-rfkill Not tainted 5.7.0-next-20200610-syzkaller #0 [ 54.282088][ T6734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.292148][ T6734] Call Trace: [ 54.295452][ T6734] dump_stack+0x18f/0x20d [ 54.300144][ T6734] check_preemption_disabled+0x20d/0x220 [ 54.300165][ T6734] ext4_mb_new_blocks+0xa4d/0x3b70 [ 54.300191][ T6734] ? ext4_ext_search_right+0x2ca/0xb20 [ 54.300206][ T6734] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 54.300224][ T6734] ext4_ext_map_blocks+0x201b/0x33e0 [ 54.300245][ T6734] ? ext4_ext_release+0x10/0x10 [ 54.300277][ T6734] ? down_write_killable+0x170/0x170 [ 54.300290][ T6734] ? ext4_es_lookup_extent+0x41d/0xd10 [ 54.300321][ T6734] ext4_map_blocks+0x4cb/0x1640 [ 54.300346][ T6734] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 54.300362][ T6734] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 54.300377][ T6734] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 54.300394][ T6734] ? prandom_u32_state+0xe/0x170 [ 54.300414][ T6734] ? __brelse+0x84/0xa0 [ 54.300429][ T6734] ? __ext4_new_inode+0x144/0x55e0 [ 54.300444][ T6734] ext4_getblk+0xad/0x520 [ 54.300460][ T6734] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 54.300481][ T6734] ? ext4_free_inode+0x1700/0x1700 [ 54.300495][ T6734] ext4_bread+0x7c/0x380 [ 54.300507][ T6734] ? ext4_getblk+0x520/0x520 [ 54.300529][ T6734] ? dquot_get_next_dqblk+0x180/0x180 [ 54.300549][ T6734] ext4_append+0x153/0x360 [ 54.300568][ T6734] ext4_mkdir+0x5e0/0xdf0 [ 54.300588][ T6734] ? ext4_rmdir+0xde0/0xde0 [ 54.300609][ T6734] ? security_inode_permission+0xc4/0xf0 [ 54.300630][ T6734] vfs_mkdir+0x419/0x690 [ 54.300650][ T6734] do_mkdirat+0x21e/0x280 [ 54.300668][ T6734] ? __ia32_sys_mknod+0xb0/0xb0 [ 54.300686][ T6734] ? do_syscall_64+0x1c/0xe0 [ 54.300701][ T6734] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 54.300718][ T6734] do_syscall_64+0x60/0xe0 [ 54.300731][ T6734] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 54.300742][ T6734] RIP: 0033:0x7f93305ca687 [ 54.300747][ T6734] Code: Bad RIP value. [ 54.300753][ T6734] RSP: 002b:00007fff36a475b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 54.300765][ T6734] RAX: ffffffffffffffda RBX: 0000561145acc985 RCX: 00007f93305ca687 [ 54.300774][ T6734] RDX: 00007fff36a47480 RSI: 00000000000001ed RDI: 0000561145acc985 [ 54.300781][ T6734] RBP: 00007f93305ca680 R08: 0000000000000100 R09: 0000000000000000 [ 54.300788][ T6734] R10: 0000561145acc980 R11: 0000000000000246 R12: 00000000000001ed [ 54.300794][ T6734] R13: 00007fff36a47740 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 57.154168][ T26] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:2/26 [ 57.163199][ T26] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.170462][ T26] CPU: 0 PID: 26 Comm: kworker/u4:2 Not tainted 5.7.0-next-20200610-syzkaller #0 [ 57.180494][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.190556][ T26] Workqueue: writeback wb_workfn (flush-8:0) [ 57.196514][ T26] Call Trace: [ 57.199808][ T26] dump_stack+0x18f/0x20d [ 57.204122][ T26] check_preemption_disabled+0x20d/0x220 [ 57.209739][ T26] ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.214830][ T26] ? ext4_find_extent+0x81a/0xad0 [ 57.219834][ T26] ? ext4_ext_search_right+0x2ca/0xb20 [ 57.225269][ T26] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 57.230967][ T26] ext4_ext_map_blocks+0x201b/0x33e0 [ 57.236273][ T26] ? ext4_ext_release+0x10/0x10 [ 57.241111][ T26] ? down_write_killable+0x170/0x170 [ 57.246377][ T26] ? ext4_es_lookup_extent+0x41d/0xd10 [ 57.251830][ T26] ext4_map_blocks+0x4cb/0x1640 [ 57.256663][ T26] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 57.261860][ T26] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.267382][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.273342][ T26] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 57.278794][ T26] ext4_writepages+0x1a83/0x33c0 [ 57.283736][ T26] ? __ext4_mark_inode_dirty+0x940/0x940 [ 57.289349][ T26] ? __lock_acquire+0x2224/0x48b0 [ 57.294360][ T26] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.300319][ T26] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.306276][ T26] ? __ext4_mark_inode_dirty+0x940/0x940 [ 57.311885][ T26] ? do_writepages+0xf3/0x2a0 [ 57.316538][ T26] do_writepages+0xf3/0x2a0 [ 57.321047][ T26] ? page_writeback_cpu_online+0x10/0x10 [ 57.326659][ T26] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.332178][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.338135][ T26] ? lock_downgrade+0x840/0x840 [ 57.342967][ T26] __writeback_single_inode+0x12a/0x13d0 [ 57.348583][ T26] ? _raw_spin_unlock+0x24/0x40 [ 57.353422][ T26] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 57.359379][ T26] writeback_sb_inodes+0x515/0xdc0 [ 57.364475][ T26] ? __writeback_single_inode+0x13d0/0x13d0 [ 57.370354][ T26] __writeback_inodes_wb+0xc3/0x250 [ 57.375532][ T26] wb_writeback+0x8c8/0xd40 [ 57.380033][ T26] ? writeback_inodes_wb.constprop.0+0x190/0x190 [ 57.386349][ T26] ? cpumask_next+0x3c/0x40 [ 57.390834][ T26] ? get_nr_dirty_inodes+0xd6/0x130 [ 57.396012][ T26] wb_workfn+0xab3/0x1090 [ 57.400328][ T26] ? inode_wait_for_writeback+0x30/0x30 [ 57.405854][ T26] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.411374][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.417334][ T26] process_one_work+0x965/0x1690 [ 57.422252][ T26] ? lock_release+0x800/0x800 [ 57.426918][ T26] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.432269][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 57.437186][ T26] worker_thread+0x96/0xe10 [ 57.441688][ T26] ? process_one_work+0x1690/0x1690 [ 57.447038][ T26] kthread+0x3b5/0x4a0 [ 57.451080][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.456772][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.462469][ T26] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.0.71' (ECDSA) to the list of known hosts. 2020/06/10 16:12:40 fuzzer started 2020/06/10 16:12:41 connecting to host at 10.128.0.26:41863 2020/06/10 16:12:41 checking machine... 2020/06/10 16:12:41 checking revisions... 2020/06/10 16:12:41 testing simple program... [ 59.329977][ T6810] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6810 [ 59.339201][ T6810] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.345154][ T6810] CPU: 0 PID: 6810 Comm: syz-fuzzer Not tainted 5.7.0-next-20200610-syzkaller #0 [ 59.354253][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.364287][ T6810] Call Trace: [ 59.367564][ T6810] dump_stack+0x18f/0x20d [ 59.371883][ T6810] check_preemption_disabled+0x20d/0x220 [ 59.377497][ T6810] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.382651][ T6810] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.388128][ T6810] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.393838][ T6810] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.399121][ T6810] ? ext4_ext_release+0x10/0x10 [ 59.403962][ T6810] ? down_write_killable+0x170/0x170 [ 59.409224][ T6810] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.414662][ T6810] ext4_map_blocks+0x4cb/0x1640 [ 59.419495][ T6810] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.424668][ T6810] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.430191][ T6810] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.436152][ T6810] ? prandom_u32_state+0xe/0x170 [ 59.441865][ T6810] ? __brelse+0x84/0xa0 [ 59.446015][ T6810] ? __ext4_new_inode+0x144/0x55e0 [ 59.451105][ T6810] ext4_getblk+0xad/0x520 [ 59.455414][ T6810] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.461129][ T6810] ? ext4_free_inode+0x1700/0x1700 [ 59.466217][ T6810] ext4_bread+0x7c/0x380 [ 59.470432][ T6810] ? ext4_getblk+0x520/0x520 [ 59.475032][ T6810] ? dquot_get_next_dqblk+0x180/0x180 [ 59.480387][ T6810] ext4_append+0x153/0x360 [ 59.484783][ T6810] ext4_mkdir+0x5e0/0xdf0 [ 59.489111][ T6810] ? ext4_rmdir+0xde0/0xde0 [ 59.493615][ T6810] ? security_inode_permission+0xc4/0xf0 [ 59.499235][ T6810] vfs_mkdir+0x419/0x690 [ 59.503546][ T6810] do_mkdirat+0x21e/0x280 [ 59.507856][ T6810] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.512776][ T6810] ? do_syscall_64+0x1c/0xe0 [ 59.517355][ T6810] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.523316][ T6810] do_syscall_64+0x60/0xe0 [ 59.527708][ T6810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.533677][ T6810] RIP: 0033:0x4b02a0 [ 59.537544][ T6810] Code: Bad RIP value. [ 59.541582][ T6810] RSP: 002b:000000c0000d14b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 59.550055][ T6810] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 59.558004][ T6810] RDX: 00000000000001c0 RSI: 000000c0000266a0 RDI: ffffffffffffff9c [ 59.565953][ T6810] RBP: 000000c0000d1510 R08: 0000000000000000 R09: 0000000000000000 [ 59.573919][ T6810] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 59.581882][ T6810] R13: 0000000000000036 R14: 0000000000000035 R15: 0000000000000100 [ 59.618461][ T6821] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6821 [ 59.628300][ T6821] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.634335][ T6821] CPU: 0 PID: 6821 Comm: syz-executor.0 Not tainted 5.7.0-next-20200610-syzkaller #0 [ 59.643793][ T6821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.653852][ T6821] Call Trace: [ 59.657147][ T6821] dump_stack+0x18f/0x20d [ 59.661496][ T6821] check_preemption_disabled+0x20d/0x220 [ 59.667144][ T6821] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.672268][ T6821] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.677735][ T6821] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.683467][ T6821] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.688751][ T6821] ? ext4_ext_release+0x10/0x10 [ 59.693609][ T6821] ? down_write_killable+0x170/0x170 [ 59.698873][ T6821] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.704338][ T6821] ext4_map_blocks+0x4cb/0x1640 [ 59.709183][ T6821] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.714361][ T6821] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.719889][ T6821] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.725864][ T6821] ? prandom_u32_state+0xe/0x170 [ 59.730813][ T6821] ? __brelse+0x84/0xa0 [ 59.734947][ T6821] ? __ext4_new_inode+0x144/0x55e0 [ 59.740036][ T6821] ext4_getblk+0xad/0x520 [ 59.744521][ T6821] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.750239][ T6821] ? ext4_free_inode+0x1700/0x1700 [ 59.755356][ T6821] ext4_bread+0x7c/0x380 [ 59.759577][ T6821] ? ext4_getblk+0x520/0x520 [ 59.764143][ T6821] ? dquot_get_next_dqblk+0x180/0x180 [ 59.769511][ T6821] ext4_append+0x153/0x360 [ 59.773907][ T6821] ext4_mkdir+0x5e0/0xdf0 [ 59.778220][ T6821] ? ext4_rmdir+0xde0/0xde0 [ 59.782700][ T6821] ? security_inode_permission+0xc4/0xf0 [ 59.788330][ T6821] vfs_mkdir+0x419/0x690 [ 59.792553][ T6821] do_mkdirat+0x21e/0x280 [ 59.796892][ T6821] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.801721][ T6821] ? do_syscall_64+0x1c/0xe0 [ 59.806291][ T6821] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.812250][ T6821] do_syscall_64+0x60/0xe0 [ 59.816663][ T6821] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.822528][ T6821] RIP: 0033:0x45bee7 [ 59.826393][ T6821] Code: Bad RIP value. [ 59.830432][ T6821] RSP: 002b:00007fffbf4061c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.838834][ T6821] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 59.846797][ T6821] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007fffbf4063a0 [ 59.854745][ T6821] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003380 [ 59.862700][ T6821] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 59.870647][ T6821] R13: 00007fffbf4063a0 R14: 8421084210842109 R15: 00007fffbf4063ac [ 59.962943][ T6822] IPVS: ftp: loaded support on port[0] = 21 [ 60.003474][ T6822] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6822 [ 60.012961][ T6822] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.018960][ T6822] CPU: 1 PID: 6822 Comm: syz-executor.0 Not tainted 5.7.0-next-20200610-syzkaller #0 [ 60.028407][ T6822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.038442][ T6822] Call Trace: [ 60.041721][ T6822] dump_stack+0x18f/0x20d [ 60.046059][ T6822] check_preemption_disabled+0x20d/0x220 [ 60.051671][ T6822] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.056961][ T6822] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.062421][ T6822] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.068144][ T6822] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.073681][ T6822] ? ext4_ext_release+0x10/0x10 [ 60.078523][ T6822] ? down_write_killable+0x170/0x170 [ 60.083788][ T6822] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.089230][ T6822] ext4_map_blocks+0x4cb/0x1640 [ 60.094070][ T6822] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.099245][ T6822] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.104776][ T6822] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.110822][ T6822] ? prandom_u32_state+0xe/0x170 [ 60.116173][ T6822] ? __brelse+0x84/0xa0 [ 60.120306][ T6822] ? __ext4_new_inode+0x144/0x55e0 [ 60.125395][ T6822] ext4_getblk+0xad/0x520 [ 60.129702][ T6822] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.135400][ T6822] ? ext4_free_inode+0x1700/0x1700 [ 60.140489][ T6822] ext4_bread+0x7c/0x380 [ 60.144708][ T6822] ? ext4_getblk+0x520/0x520 [ 60.149376][ T6822] ? dquot_get_next_dqblk+0x180/0x180 [ 60.154729][ T6822] ext4_append+0x153/0x360 [ 60.159126][ T6822] ext4_mkdir+0x5e0/0xdf0 [ 60.163455][ T6822] ? ext4_rmdir+0xde0/0xde0 [ 60.167939][ T6822] ? security_inode_permission+0xc4/0xf0 [ 60.173554][ T6822] vfs_mkdir+0x419/0x690 [ 60.177778][ T6822] do_mkdirat+0x21e/0x280 [ 60.182103][ T6822] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.186953][ T6822] ? do_syscall_64+0x1c/0xe0 [ 60.191546][ T6822] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.197516][ T6822] do_syscall_64+0x60/0xe0 [ 60.201930][ T6822] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.207808][ T6822] RIP: 0033:0x45bee7 [ 60.211677][ T6822] Code: Bad RIP value. [ 60.215722][ T6822] RSP: 002b:00007fffbf4060b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 60.224111][ T6822] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 60.232146][ T6822] RDX: 00007fffbf406103 RSI: 00000000000001ff RDI: 00007fffbf406100 [ 60.240215][ T6822] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 60.248195][ T6822] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185d0 [ 60.256150][ T6822] R13: 00007fffbf4060f0 R14: 0000000000000000 R15: 00007fffbf406100 [ 60.327220][ T6822] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6822 [ 60.336770][ T6822] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.342819][ T6822] CPU: 1 PID: 6822 Comm: syz-executor.0 Not tainted 5.7.0-next-20200610-syzkaller #0 [ 60.352279][ T6822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.362863][ T6822] Call Trace: [ 60.366169][ T6822] dump_stack+0x18f/0x20d [ 60.370518][ T6822] check_preemption_disabled+0x20d/0x220 [ 60.376590][ T6822] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.381768][ T6822] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.387217][ T6822] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.393180][ T6822] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.398451][ T6822] ? ext4_ext_release+0x10/0x10 [ 60.403292][ T6822] ? down_write_killable+0x170/0x170 [ 60.408554][ T6822] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.413996][ T6822] ext4_map_blocks+0x4cb/0x1640 [ 60.418830][ T6822] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.424007][ T6822] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.429531][ T6822] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.435487][ T6822] ? prandom_u32_state+0xe/0x170 [ 60.440420][ T6822] ? __brelse+0x84/0xa0 [ 60.444557][ T6822] ? __ext4_new_inode+0x144/0x55e0 [ 60.449646][ T6822] ext4_getblk+0xad/0x520 [ 60.453953][ T6822] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.459650][ T6822] ? ext4_free_inode+0x1700/0x1700 [ 60.464737][ T6822] ext4_bread+0x7c/0x380 [ 60.468957][ T6822] ? ext4_getblk+0x520/0x520 [ 60.473542][ T6822] ? dquot_get_next_dqblk+0x180/0x180 [ 60.479242][ T6822] ext4_append+0x153/0x360 [ 60.483643][ T6822] ext4_mkdir+0x5e0/0xdf0 [ 60.487951][ T6822] ? ext4_rmdir+0xde0/0xde0 [ 60.492456][ T6822] ? security_inode_permission+0xc4/0xf0 [ 60.498090][ T6822] vfs_mkdir+0x419/0x690 [ 60.502310][ T6822] do_mkdirat+0x21e/0x280 [ 60.506618][ T6822] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.511449][ T6822] ? do_syscall_64+0x1c/0xe0 [ 60.516015][ T6822] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.521972][ T6822] do_syscall_64+0x60/0xe0 [ 60.526443][ T6822] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.532309][ T6822] RIP: 0033:0x45bee7 [ 60.536782][ T6822] Code: Bad RIP value. [ 60.540841][ T6822] RSP: 002b:00007fffbf4060b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 60.549236][ T6822] RAX: ffffffffffffffda RBX: 000000000000eb36 RCX: 000000000045bee7 [ 60.557190][ T6822] RDX: 00007fffbf406103 RSI: 00000000000001ff RDI: 00007fffbf406100 [ 60.565313][ T6822] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 60.573262][ T6822] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 60.581208][ T6822] R13: 00007fffbf4060f0 R14: 000000000000eb28 R15: 00007fffbf406100 2020/06/10 16:12:42 building call list... [ 60.792386][ T7] tipc: TX() has been purged, node left! [ 61.278514][ T7] ================================================================== [ 61.286761][ T7] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 61.294652][ T7] Write of size 1 at addr ffff8880a28779e4 by task kworker/u4:0/7 [ 61.302439][ T7] [ 61.304776][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.7.0-next-20200610-syzkaller #0 [ 61.313788][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.323845][ T7] Workqueue: netns cleanup_net [ 61.329118][ T7] Call Trace: [ 61.332414][ T7] dump_stack+0x18f/0x20d [ 61.337006][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.342978][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.349401][ T7] ? afs_put_call+0xa40/0xa40 [ 61.354075][ T7] print_address_description.constprop.0.cold+0xd3/0x413 [ 61.361101][ T7] ? vprintk_func+0x97/0x1a6 [ 61.365693][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.371234][ T7] kasan_report.cold+0x1f/0x37 [ 61.376084][ T7] ? rcu_read_lock_held_common+0x71/0xa0 [ 61.381710][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.387256][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 61.392622][ T7] ? afs_close_socket+0x320/0x320 [ 61.397643][ T7] ? afs_put_call+0xa40/0xa40 [ 61.402317][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 61.407430][ T7] ? afs_put_call+0xa40/0xa40 [ 61.412103][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 61.418524][ T7] rxrpc_call_completed+0xca/0xf0 [ 61.423548][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 61.428919][ T7] ? lock_sock_nested+0x94/0x110 [ 61.433855][ T7] rxrpc_listen+0x147/0x360 [ 61.438359][ T7] afs_close_socket+0x95/0x320 [ 61.443117][ T7] ? afs_purge_servers+0x16d/0x300 [ 61.448227][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 61.453691][ T7] ? init_wait_var_entry+0x200/0x200 [ 61.458973][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.464603][ T7] ? check_preemption_disabled+0x38/0x220 [ 61.470320][ T7] afs_net_exit+0x1bc/0x310 [ 61.474818][ T7] ? afs_net_init+0xe30/0xe30 [ 61.479493][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 61.484606][ T7] cleanup_net+0x511/0xa50 [ 61.489023][ T7] ? unregister_pernet_device+0x70/0x70 [ 61.494569][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.500555][ T7] process_one_work+0x965/0x1690 [ 61.505501][ T7] ? lock_release+0x800/0x800 [ 61.510172][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 61.515546][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 61.520491][ T7] worker_thread+0x96/0xe10 [ 61.525002][ T7] ? process_one_work+0x1690/0x1690 [ 61.530369][ T7] kthread+0x3b5/0x4a0 [ 61.534432][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.540143][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.545868][ T7] ret_from_fork+0x1f/0x30 [ 61.550289][ T7] [ 61.552697][ T7] Allocated by task 6822: [ 61.557022][ T7] save_stack+0x1b/0x40 [ 61.561175][ T7] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 61.566805][ T7] kmem_cache_alloc_trace+0x153/0x7d0 [ 61.572188][ T7] afs_alloc_call+0x55/0x630 [ 61.576970][ T7] afs_charge_preallocation+0xe9/0x2d0 [ 61.582449][ T7] afs_open_socket+0x292/0x360 [ 61.587226][ T7] afs_net_init+0xa6c/0xe30 [ 61.591825][ T7] ops_init+0xaf/0x420 [ 61.595889][ T7] setup_net+0x2de/0x860 [ 61.600123][ T7] copy_net_ns+0x293/0x590 [ 61.604546][ T7] create_new_namespaces+0x3fb/0xb30 [ 61.609843][ T7] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 61.615482][ T7] ksys_unshare+0x43d/0x8e0 [ 61.619999][ T7] __x64_sys_unshare+0x2d/0x40 [ 61.624772][ T7] do_syscall_64+0x60/0xe0 [ 61.629185][ T7] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.635061][ T7] [ 61.637384][ T7] Freed by task 7: [ 61.641104][ T7] save_stack+0x1b/0x40 [ 61.645254][ T7] __kasan_slab_free+0xf7/0x140 [ 61.650208][ T7] kfree+0x109/0x2b0 [ 61.654101][ T7] afs_put_call+0x585/0xa40 [ 61.658598][ T7] rxrpc_discard_prealloc+0x764/0xab0 [ 61.663956][ T7] rxrpc_listen+0x147/0x360 [ 61.668444][ T7] afs_close_socket+0x95/0x320 [ 61.673195][ T7] afs_net_exit+0x1bc/0x310 [ 61.677692][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 61.682796][ T7] cleanup_net+0x511/0xa50 [ 61.687210][ T7] process_one_work+0x965/0x1690 [ 61.692142][ T7] worker_thread+0x96/0xe10 [ 61.696643][ T7] kthread+0x3b5/0x4a0 [ 61.700709][ T7] ret_from_fork+0x1f/0x30 [ 61.705209][ T7] [ 61.707539][ T7] The buggy address belongs to the object at ffff8880a2877800 [ 61.707539][ T7] which belongs to the cache kmalloc-1k of size 1024 [ 61.721598][ T7] The buggy address is located 484 bytes inside of [ 61.721598][ T7] 1024-byte region [ffff8880a2877800, ffff8880a2877c00) [ 61.734949][ T7] The buggy address belongs to the page: [ 61.740581][ T7] page:ffffea00028a1dc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 61.749686][ T7] flags: 0xfffe0000000200(slab) [ 61.754534][ T7] raw: 00fffe0000000200 ffffea0002565e08 ffffea00028e70c8 ffff8880aa000c40 [ 61.763113][ T7] raw: 0000000000000000 ffff8880a2877000 0000000100000002 0000000000000000 [ 61.771967][ T7] page dumped because: kasan: bad access detected [ 61.778367][ T7] [ 61.780687][ T7] Memory state around the buggy address: [ 61.786311][ T7] ffff8880a2877880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.794365][ T7] ffff8880a2877900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.802419][ T7] >ffff8880a2877980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.810906][ T7] ^ [ 61.818101][ T7] ffff8880a2877a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.826154][ T7] ffff8880a2877a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.834202][ T7] ================================================================== [ 61.842250][ T7] Disabling lock debugging due to kernel taint [ 61.848433][ T7] Kernel panic - not syncing: panic_on_warn set ... [ 61.855018][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Tainted: G B 5.7.0-next-20200610-syzkaller #0 [ 61.865408][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.876240][ T7] Workqueue: netns cleanup_net [ 61.880987][ T7] Call Trace: [ 61.884277][ T7] dump_stack+0x18f/0x20d [ 61.888599][ T7] ? afs_wake_up_async_call+0x5c0/0x770 [ 61.894134][ T7] ? afs_put_call+0xa40/0xa40 [ 61.898798][ T7] panic+0x2e3/0x75c [ 61.902682][ T7] ? __warn_printk+0xf3/0xf3 [ 61.907264][ T7] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 61.913413][ T7] ? trace_hardirqs_on+0x55/0x220 [ 61.918429][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.923961][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.929492][ T7] ? afs_put_call+0xa40/0xa40 [ 61.934159][ T7] end_report+0x4d/0x53 [ 61.938306][ T7] kasan_report.cold+0xd/0x37 [ 61.942977][ T7] ? rcu_read_lock_held_common+0x71/0xa0 [ 61.948598][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.954306][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 61.959667][ T7] ? afs_close_socket+0x320/0x320 [ 61.964678][ T7] ? afs_put_call+0xa40/0xa40 [ 61.969345][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 61.974448][ T7] ? afs_put_call+0xa40/0xa40 [ 61.979117][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 61.985785][ T7] rxrpc_call_completed+0xca/0xf0 [ 61.990799][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 61.996161][ T7] ? lock_sock_nested+0x94/0x110 [ 62.001086][ T7] rxrpc_listen+0x147/0x360 [ 62.005582][ T7] afs_close_socket+0x95/0x320 [ 62.010785][ T7] ? afs_purge_servers+0x16d/0x300 [ 62.015893][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 62.021347][ T7] ? init_wait_var_entry+0x200/0x200 [ 62.026628][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.032252][ T7] ? check_preemption_disabled+0x38/0x220 [ 62.037965][ T7] afs_net_exit+0x1bc/0x310 [ 62.042459][ T7] ? afs_net_init+0xe30/0xe30 [ 62.047129][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 62.052243][ T7] cleanup_net+0x511/0xa50 [ 62.056651][ T7] ? unregister_pernet_device+0x70/0x70 [ 62.062191][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.068171][ T7] process_one_work+0x965/0x1690 [ 62.073111][ T7] ? lock_release+0x800/0x800 executing program [ 62.077780][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.083143][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 62.088075][ T7] worker_thread+0x96/0xe10 [ 62.092573][ T7] ? process_one_work+0x1690/0x1690 [ 62.097758][ T7] kthread+0x3b5/0x4a0 [ 62.101825][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.107563][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.113275][ T7] ret_from_fork+0x1f/0x30 [ 62.118936][ T7] Kernel Offset: disabled [ 62.123273][ T7] Rebooting in 86400 seconds..