[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ 58.408365][ T6734] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6734 [ 58.417825][ T6734] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.424075][ T6734] CPU: 0 PID: 6734 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 58.432673][ T6734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.442714][ T6734] Call Trace: [ 58.446006][ T6734] dump_stack+0x18f/0x20d [ 58.450321][ T6734] check_preemption_disabled+0x20d/0x220 [ 58.456042][ T6734] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.461138][ T6734] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.466593][ T6734] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.472293][ T6734] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.477652][ T6734] ? ext4_ext_release+0x10/0x10 [ 58.482500][ T6734] ? down_write_killable+0x170/0x170 [ 58.487776][ T6734] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.493221][ T6734] ext4_map_blocks+0x4cb/0x1640 [ 58.498053][ T6734] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.503415][ T6734] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.509064][ T6734] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.513430][ T4455] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:5/4455 [ 58.515052][ T6734] ? prandom_u32_state+0xe/0x170 [ 58.524329][ T4455] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.529170][ T6734] ? __brelse+0x84/0xa0 [ 58.539177][ T6734] ? __ext4_new_inode+0x144/0x55e0 [ 58.544280][ T6734] ext4_getblk+0xad/0x520 [ 58.548613][ T6734] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.554334][ T6734] ? ext4_free_inode+0x1700/0x1700 [ 58.559433][ T6734] ext4_bread+0x7c/0x380 [ 58.563672][ T6734] ? ext4_getblk+0x520/0x520 [ 58.568267][ T6734] ? dquot_get_next_dqblk+0x180/0x180 [ 58.573646][ T6734] ext4_append+0x153/0x360 [ 58.578059][ T6734] ext4_mkdir+0x5e0/0xdf0 [ 58.582393][ T6734] ? ext4_rmdir+0xde0/0xde0 [ 58.586891][ T6734] ? security_inode_permission+0xc4/0xf0 [ 58.592520][ T6734] vfs_mkdir+0x419/0x690 [ 58.596760][ T6734] do_mkdirat+0x21e/0x280 [ 58.601074][ T6734] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.605913][ T6734] ? do_syscall_64+0x1c/0xe0 [ 58.610490][ T6734] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.616460][ T6734] do_syscall_64+0x60/0xe0 [ 58.620878][ T6734] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.626753][ T6734] RIP: 0033:0x7f2d6e3fd687 [ 58.631491][ T6734] Code: Bad RIP value. [ 58.635541][ T6734] RSP: 002b:00007ffe248bd668 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 58.643935][ T6734] RAX: ffffffffffffffda RBX: 000056490a74f985 RCX: 00007f2d6e3fd687 [ 58.651889][ T6734] RDX: 00007ffe248bd530 RSI: 00000000000001ed RDI: 000056490a74f985 [ 58.659861][ T6734] RBP: 00007f2d6e3fd680 R08: 0000000000000100 R09: 0000000000000000 [ 58.667927][ T6734] R10: 000056490a74f980 R11: 0000000000000246 R12: 00000000000001ed [ 58.675882][ T6734] R13: 00007ffe248bd7f0 R14: 0000000000000000 R15: 0000000000000000 [ 58.683859][ T4455] CPU: 1 PID: 4455 Comm: kworker/u4:5 Not tainted 5.8.0-rc1-syzkaller #0 [ 58.692628][ T4455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.702696][ T4455] Workqueue: writeback wb_workfn (flush-8:0) [ 58.708677][ T4455] Call Trace: [ 58.711974][ T4455] dump_stack+0x18f/0x20d [ 58.716316][ T4455] check_preemption_disabled+0x20d/0x220 [ 58.721966][ T4455] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.727083][ T4455] ? ext4_find_extent+0x81a/0xad0 [ 58.732121][ T4455] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.737589][ T4455] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.743396][ T4455] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.748666][ T4455] ? ext4_ext_release+0x10/0x10 [ 58.753521][ T4455] ? down_write_killable+0x170/0x170 [ 58.758807][ T4455] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.764265][ T4455] ext4_map_blocks+0x4cb/0x1640 [ 58.769098][ T4455] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.774288][ T4455] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.779825][ T4455] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.785973][ T4455] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 58.791414][ T4455] ext4_writepages+0x1a7b/0x33c0 [ 58.796343][ T4455] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.801951][ T4455] ? __lock_acquire+0x2224/0x48b0 [ 58.806965][ T4455] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.812924][ T4455] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.819334][ T4455] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.824958][ T4455] ? do_writepages+0xfa/0x2a0 [ 58.830310][ T4455] do_writepages+0xfa/0x2a0 [ 58.835054][ T4455] ? page_writeback_cpu_online+0x10/0x10 [ 58.840929][ T4455] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.846539][ T4455] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.852508][ T4455] ? lock_downgrade+0x840/0x840 [ 58.857341][ T4455] __writeback_single_inode+0x12a/0x13d0 [ 58.862951][ T4455] ? _raw_spin_unlock+0x24/0x40 [ 58.867780][ T4455] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 58.873761][ T4455] writeback_sb_inodes+0x515/0xdc0 [ 58.878878][ T4455] ? __writeback_single_inode+0x13d0/0x13d0 [ 58.884762][ T4455] __writeback_inodes_wb+0xc3/0x250 [ 58.889951][ T4455] wb_writeback+0x8db/0xd50 [ 58.894443][ T4455] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 58.900763][ T4455] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 58.906732][ T4455] ? cpumask_next+0x3c/0x40 [ 58.911210][ T4455] ? get_nr_dirty_inodes+0xd6/0x130 [ 58.916390][ T4455] wb_workfn+0xab3/0x1090 [ 58.920705][ T4455] ? inode_wait_for_writeback+0x30/0x30 [ 58.926235][ T4455] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.931762][ T4455] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.937831][ T4455] process_one_work+0x965/0x1690 [ 58.942752][ T4455] ? lock_release+0x800/0x800 [ 58.947409][ T4455] ? pwq_dec_nr_in_flight+0x310/0x310 [ 58.952798][ T4455] ? rwlock_bug.part.0+0x90/0x90 [ 58.957718][ T4455] worker_thread+0x96/0xe10 [ 58.962205][ T4455] ? process_one_work+0x1690/0x1690 [ 58.967405][ T4455] kthread+0x3b5/0x4a0 [ 58.971451][ T4455] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.977163][ T4455] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.982987][ T4455] ret_from_fork+0x1f/0x30 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.103' (ECDSA) to the list of known hosts. 2020/06/16 00:33:00 fuzzer started 2020/06/16 00:33:00 connecting to host at 10.128.0.26:37589 2020/06/16 00:33:00 checking machine... 2020/06/16 00:33:00 checking revisions... 2020/06/16 00:33:00 testing simple program... syzkaller login: [ 63.503052][ T6807] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6807 [ 63.512273][ T6807] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.518340][ T6807] CPU: 0 PID: 6807 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 63.526825][ T6807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.537079][ T6807] Call Trace: [ 63.540495][ T6807] dump_stack+0x18f/0x20d [ 63.545189][ T6807] check_preemption_disabled+0x20d/0x220 [ 63.550831][ T6807] ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.556377][ T6807] ? ext4_ext_search_right+0x2ca/0xb20 [ 63.561837][ T6807] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 63.568197][ T6807] ext4_ext_map_blocks+0x201b/0x33e0 [ 63.574082][ T6807] ? ext4_ext_release+0x10/0x10 [ 63.579165][ T6807] ? down_write_killable+0x170/0x170 [ 63.584691][ T6807] ? ext4_es_lookup_extent+0x41d/0xd10 [ 63.591157][ T6807] ext4_map_blocks+0x4cb/0x1640 [ 63.596333][ T6807] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 63.601532][ T6807] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.607082][ T6807] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.613228][ T6807] ? prandom_u32_state+0xe/0x170 [ 63.618164][ T6807] ? __brelse+0x84/0xa0 [ 63.622323][ T6807] ? __ext4_new_inode+0x144/0x55e0 [ 63.627587][ T6807] ext4_getblk+0xad/0x520 [ 63.631977][ T6807] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 63.637744][ T6807] ? ext4_free_inode+0x1700/0x1700 [ 63.642855][ T6807] ext4_bread+0x7c/0x380 [ 63.647115][ T6807] ? ext4_getblk+0x520/0x520 [ 63.651863][ T6807] ? dquot_get_next_dqblk+0x180/0x180 [ 63.657335][ T6807] ext4_append+0x153/0x360 [ 63.662079][ T6807] ext4_mkdir+0x5e0/0xdf0 [ 63.666550][ T6807] ? ext4_rmdir+0xde0/0xde0 [ 63.671049][ T6807] ? security_inode_permission+0xc4/0xf0 [ 63.677613][ T6807] vfs_mkdir+0x419/0x690 [ 63.681911][ T6807] do_mkdirat+0x21e/0x280 [ 63.686538][ T6807] ? __ia32_sys_mknod+0xb0/0xb0 [ 63.691618][ T6807] ? do_syscall_64+0x1c/0xe0 [ 63.696451][ T6807] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.702602][ T6807] do_syscall_64+0x60/0xe0 [ 63.707203][ T6807] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.713745][ T6807] RIP: 0033:0x4b02a0 [ 63.717628][ T6807] Code: Bad RIP value. [ 63.721822][ T6807] RSP: 002b:000000c0000db4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 63.730436][ T6807] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 63.738567][ T6807] RDX: 00000000000001c0 RSI: 000000c000026ee0 RDI: ffffffffffffff9c [ 63.746540][ T6807] RBP: 000000c0000db510 R08: 0000000000000000 R09: 0000000000000000 [ 63.754527][ T6807] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 63.762712][ T6807] R13: 0000000000000078 R14: 0000000000000077 R15: 0000000000000100 [ 63.784925][ T6821] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6821 [ 63.794722][ T6821] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.800641][ T6821] CPU: 0 PID: 6821 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 63.809236][ T6821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.819476][ T6821] Call Trace: [ 63.822883][ T6821] dump_stack+0x18f/0x20d [ 63.827237][ T6821] check_preemption_disabled+0x20d/0x220 [ 63.832892][ T6821] ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.838023][ T6821] ? ext4_ext_search_right+0x2ca/0xb20 [ 63.843721][ T6821] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 63.849557][ T6821] ext4_ext_map_blocks+0x201b/0x33e0 [ 63.854884][ T6821] ? ext4_ext_release+0x10/0x10 [ 63.859778][ T6821] ? down_write_killable+0x170/0x170 [ 63.865082][ T6821] ? ext4_es_lookup_extent+0x41d/0xd10 [ 63.870836][ T6821] ext4_map_blocks+0x4cb/0x1640 [ 63.875720][ T6821] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 63.880935][ T6821] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.886710][ T6821] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.892681][ T6821] ? prandom_u32_state+0xe/0x170 [ 63.897653][ T6821] ? __brelse+0x84/0xa0 [ 63.901803][ T6821] ? __ext4_new_inode+0x144/0x55e0 [ 63.907688][ T6821] ext4_getblk+0xad/0x520 [ 63.912012][ T6821] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 63.917816][ T6821] ? ext4_free_inode+0x1700/0x1700 [ 63.922927][ T6821] ext4_bread+0x7c/0x380 [ 63.927239][ T6821] ? ext4_getblk+0x520/0x520 [ 63.931898][ T6821] ? dquot_get_next_dqblk+0x180/0x180 [ 63.937480][ T6821] ext4_append+0x153/0x360 [ 63.942376][ T6821] ext4_mkdir+0x5e0/0xdf0 [ 63.947092][ T6821] ? ext4_rmdir+0xde0/0xde0 [ 63.953010][ T6821] ? security_inode_permission+0xc4/0xf0 [ 63.958637][ T6821] vfs_mkdir+0x419/0x690 [ 63.962880][ T6821] do_mkdirat+0x21e/0x280 [ 63.967956][ T6821] ? __ia32_sys_mknod+0xb0/0xb0 [ 63.972815][ T6821] ? do_syscall_64+0x1c/0xe0 [ 63.977406][ T6821] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.983438][ T6821] do_syscall_64+0x60/0xe0 [ 63.988142][ T6821] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.994445][ T6821] RIP: 0033:0x45bed7 [ 63.998349][ T6821] Code: Bad RIP value. [ 64.002441][ T6821] RSP: 002b:00007ffd1e5f81a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 64.010845][ T6821] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 64.019207][ T6821] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffd1e5f8380 [ 64.027190][ T6821] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003240 [ 64.035209][ T6821] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 64.043432][ T6821] R13: 00007ffd1e5f8380 R14: 8421084210842109 R15: 00007ffd1e5f838c [ 64.132811][ T6822] IPVS: ftp: loaded support on port[0] = 21 [ 64.169576][ T6822] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6822 [ 64.179197][ T6822] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.185382][ T6822] CPU: 1 PID: 6822 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.194121][ T6822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.204289][ T6822] Call Trace: [ 64.207629][ T6822] dump_stack+0x18f/0x20d [ 64.212109][ T6822] check_preemption_disabled+0x20d/0x220 [ 64.217739][ T6822] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.222994][ T6822] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.228482][ T6822] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.234285][ T6822] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.239576][ T6822] ? ext4_ext_release+0x10/0x10 [ 64.244433][ T6822] ? down_write_killable+0x170/0x170 [ 64.249792][ T6822] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.255387][ T6822] ext4_map_blocks+0x4cb/0x1640 [ 64.260343][ T6822] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.265711][ T6822] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.271268][ T6822] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.277545][ T6822] ? prandom_u32_state+0xe/0x170 [ 64.282480][ T6822] ? __brelse+0x84/0xa0 [ 64.286634][ T6822] ? __ext4_new_inode+0x144/0x55e0 [ 64.291955][ T6822] ext4_getblk+0xad/0x520 [ 64.296560][ T6822] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.302804][ T6822] ? ext4_free_inode+0x1700/0x1700 [ 64.308123][ T6822] ext4_bread+0x7c/0x380 [ 64.312502][ T6822] ? ext4_getblk+0x520/0x520 [ 64.317736][ T6822] ? dquot_get_next_dqblk+0x180/0x180 [ 64.323108][ T6822] ext4_append+0x153/0x360 [ 64.327525][ T6822] ext4_mkdir+0x5e0/0xdf0 [ 64.332160][ T6822] ? ext4_rmdir+0xde0/0xde0 [ 64.336927][ T6822] ? security_inode_permission+0xc4/0xf0 [ 64.342707][ T6822] vfs_mkdir+0x419/0x690 [ 64.347035][ T6822] do_mkdirat+0x21e/0x280 [ 64.351583][ T6822] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.356658][ T6822] ? do_syscall_64+0x1c/0xe0 [ 64.361427][ T6822] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.367519][ T6822] do_syscall_64+0x60/0xe0 [ 64.372412][ T6822] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.378343][ T6822] RIP: 0033:0x45bed7 [ 64.382312][ T6822] Code: Bad RIP value. [ 64.386839][ T6822] RSP: 002b:00007ffd1e5f8098 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 64.395411][ T6822] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 64.403757][ T6822] RDX: 00007ffd1e5f80e3 RSI: 00000000000001ff RDI: 00007ffd1e5f80e0 [ 64.411790][ T6822] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 64.419772][ T6822] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185c0 [ 64.428338][ T6822] R13: 00007ffd1e5f80d0 R14: 0000000000000000 R15: 00007ffd1e5f80e0 [ 64.484778][ T6822] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6822 [ 64.494605][ T6822] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.500523][ T6822] CPU: 0 PID: 6822 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.509406][ T6822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.519649][ T6822] Call Trace: [ 64.522962][ T6822] dump_stack+0x18f/0x20d [ 64.527321][ T6822] check_preemption_disabled+0x20d/0x220 [ 64.532990][ T6822] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.538228][ T6822] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.544842][ T6822] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.550778][ T6822] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.556576][ T6822] ? ext4_ext_release+0x10/0x10 [ 64.561466][ T6822] ? down_write_killable+0x170/0x170 [ 64.566944][ T6822] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.572757][ T6822] ext4_map_blocks+0x4cb/0x1640 [ 64.577911][ T6822] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.583259][ T6822] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.589120][ T6822] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.595507][ T6822] ? prandom_u32_state+0xe/0x170 [ 64.600793][ T6822] ? __brelse+0x84/0xa0 [ 64.604955][ T6822] ? __ext4_new_inode+0x144/0x55e0 [ 64.610206][ T6822] ext4_getblk+0xad/0x520 [ 64.614953][ T6822] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.620692][ T6822] ? ext4_free_inode+0x1700/0x1700 [ 64.626298][ T6822] ext4_bread+0x7c/0x380 [ 64.630779][ T6822] ? ext4_getblk+0x520/0x520 [ 64.635524][ T6822] ? dquot_get_next_dqblk+0x180/0x180 [ 64.640987][ T6822] ext4_append+0x153/0x360 [ 64.645581][ T6822] ext4_mkdir+0x5e0/0xdf0 [ 64.650262][ T6822] ? ext4_rmdir+0xde0/0xde0 [ 64.654892][ T6822] ? security_inode_permission+0xc4/0xf0 [ 64.660890][ T6822] vfs_mkdir+0x419/0x690 [ 64.665286][ T6822] do_mkdirat+0x21e/0x280 [ 64.669609][ T6822] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.674597][ T6822] ? do_syscall_64+0x1c/0xe0 [ 64.679225][ T6822] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.685243][ T6822] do_syscall_64+0x60/0xe0 [ 64.689735][ T6822] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.695710][ T6822] RIP: 0033:0x45bed7 [ 64.699819][ T6822] Code: Bad RIP value. [ 64.704085][ T6822] RSP: 002b:00007ffd1e5f8098 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 64.712883][ T6822] RAX: ffffffffffffffda RBX: 000000000000fbde RCX: 000000000045bed7 [ 64.721059][ T6822] RDX: 00007ffd1e5f80e3 RSI: 00000000000001ff RDI: 00007ffd1e5f80e0 2020/06/16 00:33:02 building call list... [ 64.729284][ T6822] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 64.737377][ T6822] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 64.745347][ T6822] R13: 00007ffd1e5f80d0 R14: 000000000000fbd8 R15: 00007ffd1e5f80e0 [ 65.001753][ T26] tipc: TX() has been purged, node left! [ 65.543871][ T26] ================================================================== [ 65.552424][ T26] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 65.560579][ T26] Write of size 1 at addr ffff8880a85389e4 by task kworker/u4:2/26 [ 65.568709][ T26] [ 65.571065][ T26] CPU: 0 PID: 26 Comm: kworker/u4:2 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.579392][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.589463][ T26] Workqueue: netns cleanup_net [ 65.594233][ T26] Call Trace: [ 65.597541][ T26] dump_stack+0x18f/0x20d [ 65.602016][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.607688][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.613249][ T26] ? afs_put_call+0xa40/0xa40 [ 65.617998][ T26] print_address_description.constprop.0.cold+0xd3/0x413 [ 65.625133][ T26] ? vprintk_func+0x97/0x1a6 [ 65.629734][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.635579][ T26] kasan_report.cold+0x1f/0x37 [ 65.640523][ T26] ? rcu_read_lock_held_common+0x51/0xa0 [ 65.646170][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.651903][ T26] afs_wake_up_async_call+0x6aa/0x770 [ 65.657582][ T26] ? afs_close_socket+0x320/0x320 [ 65.662616][ T26] ? afs_put_call+0xa40/0xa40 [ 65.667722][ T26] rxrpc_notify_socket+0x1db/0x5d0 [ 65.672857][ T26] ? afs_put_call+0xa40/0xa40 [ 65.677722][ T26] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 65.684148][ T26] rxrpc_call_completed+0xca/0xf0 [ 65.689197][ T26] rxrpc_discard_prealloc+0x781/0xab0 [ 65.694586][ T26] ? lock_sock_nested+0x94/0x110 [ 65.699721][ T26] rxrpc_listen+0x147/0x360 [ 65.704462][ T26] afs_close_socket+0x95/0x320 [ 65.709244][ T26] ? afs_purge_servers+0x16d/0x300 [ 65.714368][ T26] ? afs_rx_discard_new_call+0x50/0x50 [ 65.719977][ T26] ? init_wait_var_entry+0x200/0x200 [ 65.725389][ T26] ? rcu_read_lock_held_common+0xa0/0xa0 [ 65.731300][ T26] ? check_preemption_disabled+0x38/0x220 [ 65.738078][ T26] afs_net_exit+0x1bc/0x310 [ 65.742597][ T26] ? afs_net_init+0xe30/0xe30 [ 65.747283][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 65.752409][ T26] cleanup_net+0x511/0xa50 [ 65.757018][ T26] ? unregister_pernet_device+0x70/0x70 [ 65.762579][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.768719][ T26] process_one_work+0x965/0x1690 [ 65.774128][ T26] ? lock_release+0x800/0x800 [ 65.778816][ T26] ? pwq_dec_nr_in_flight+0x310/0x310 [ 65.784216][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 65.789199][ T26] worker_thread+0x96/0xe10 [ 65.793996][ T26] ? process_one_work+0x1690/0x1690 [ 65.799209][ T26] kthread+0x3b5/0x4a0 [ 65.803447][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 65.809285][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 65.815029][ T26] ret_from_fork+0x1f/0x30 [ 65.819548][ T26] [ 65.821899][ T26] Allocated by task 6822: [ 65.826236][ T26] save_stack+0x1b/0x40 [ 65.830402][ T26] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 65.836048][ T26] kmem_cache_alloc_trace+0x153/0x7d0 [ 65.841513][ T26] afs_alloc_call+0x55/0x630 [ 65.846117][ T26] afs_charge_preallocation+0xe9/0x2d0 [ 65.851671][ T26] afs_open_socket+0x292/0x360 [ 65.856581][ T26] afs_net_init+0xa6c/0xe30 [ 65.861684][ T26] ops_init+0xaf/0x420 [ 65.866078][ T26] setup_net+0x2de/0x860 [ 65.870358][ T26] copy_net_ns+0x293/0x590 [ 65.874793][ T26] create_new_namespaces+0x3fb/0xb30 [ 65.880086][ T26] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 65.885727][ T26] ksys_unshare+0x43d/0x8e0 [ 65.890341][ T26] __x64_sys_unshare+0x2d/0x40 [ 65.895197][ T26] do_syscall_64+0x60/0xe0 [ 65.899773][ T26] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.905666][ T26] [ 65.908026][ T26] Freed by task 26: [ 65.911848][ T26] save_stack+0x1b/0x40 [ 65.916146][ T26] __kasan_slab_free+0xf7/0x140 [ 65.921226][ T26] kfree+0x109/0x2b0 [ 65.925358][ T26] afs_put_call+0x585/0xa40 [ 65.930084][ T26] rxrpc_discard_prealloc+0x764/0xab0 [ 65.935855][ T26] rxrpc_listen+0x147/0x360 [ 65.940380][ T26] afs_close_socket+0x95/0x320 [ 65.945240][ T26] afs_net_exit+0x1bc/0x310 [ 65.949756][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 65.954880][ T26] cleanup_net+0x511/0xa50 [ 65.959322][ T26] process_one_work+0x965/0x1690 [ 65.964376][ T26] worker_thread+0x96/0xe10 [ 65.969015][ T26] kthread+0x3b5/0x4a0 [ 65.973115][ T26] ret_from_fork+0x1f/0x30 [ 65.977708][ T26] [ 65.980045][ T26] The buggy address belongs to the object at ffff8880a8538800 [ 65.980045][ T26] which belongs to the cache kmalloc-1k of size 1024 [ 65.994381][ T26] The buggy address is located 484 bytes inside of [ 65.994381][ T26] 1024-byte region [ffff8880a8538800, ffff8880a8538c00) [ 66.008106][ T26] The buggy address belongs to the page: [ 66.013757][ T26] page:ffffea0002a14e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 66.022878][ T26] flags: 0xfffe0000000200(slab) [ 66.027871][ T26] raw: 00fffe0000000200 ffffea000298bac8 ffffea00029c3e88 ffff8880aa000c40 [ 66.036603][ T26] raw: 0000000000000000 ffff8880a8538000 0000000100000002 0000000000000000 [ 66.045270][ T26] page dumped because: kasan: bad access detected [ 66.051689][ T26] [ 66.054033][ T26] Memory state around the buggy address: [ 66.059673][ T26] ffff8880a8538880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.068362][ T26] ffff8880a8538900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.076458][ T26] >ffff8880a8538980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.085149][ T26] ^ [ 66.092516][ T26] ffff8880a8538a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.101147][ T26] ffff8880a8538a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.109495][ T26] ================================================================== [ 66.117959][ T26] Disabling lock debugging due to kernel taint [ 66.124580][ T26] Kernel panic - not syncing: panic_on_warn set ... [ 66.133355][ T26] CPU: 0 PID: 26 Comm: kworker/u4:2 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 66.143915][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.154078][ T26] Workqueue: netns cleanup_net [ 66.158933][ T26] Call Trace: [ 66.162233][ T26] dump_stack+0x18f/0x20d [ 66.169260][ T26] ? afs_wake_up_async_call+0x670/0x770 [ 66.174920][ T26] ? afs_put_call+0xa40/0xa40 [ 66.179777][ T26] panic+0x2e3/0x75c [ 66.183939][ T26] ? __warn_printk+0xf3/0xf3 [ 66.189406][ T26] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 66.195576][ T26] ? trace_hardirqs_on+0x55/0x220 [ 66.201659][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.207384][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.213093][ T26] ? afs_put_call+0xa40/0xa40 [ 66.217865][ T26] end_report+0x4d/0x53 [ 66.222116][ T26] kasan_report.cold+0xd/0x37 [ 66.226801][ T26] ? rcu_read_lock_held_common+0x51/0xa0 [ 66.232594][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.238414][ T26] afs_wake_up_async_call+0x6aa/0x770 [ 66.243788][ T26] ? afs_close_socket+0x320/0x320 [ 66.248962][ T26] ? afs_put_call+0xa40/0xa40 [ 66.254564][ T26] rxrpc_notify_socket+0x1db/0x5d0 [ 66.260283][ T26] ? afs_put_call+0xa40/0xa40 [ 66.265595][ T26] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 66.272285][ T26] rxrpc_call_completed+0xca/0xf0 [ 66.277493][ T26] rxrpc_discard_prealloc+0x781/0xab0 [ 66.283022][ T26] ? lock_sock_nested+0x94/0x110 [ 66.287967][ T26] rxrpc_listen+0x147/0x360 [ 66.292495][ T26] afs_close_socket+0x95/0x320 [ 66.297286][ T26] ? afs_purge_servers+0x16d/0x300 [ 66.302662][ T26] ? afs_rx_discard_new_call+0x50/0x50 [ 66.308331][ T26] ? init_wait_var_entry+0x200/0x200 [ 66.313717][ T26] ? rcu_read_lock_held_common+0xa0/0xa0 [ 66.319585][ T26] ? check_preemption_disabled+0x38/0x220 [ 66.325635][ T26] afs_net_exit+0x1bc/0x310 [ 66.331038][ T26] ? afs_net_init+0xe30/0xe30 [ 66.335740][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 66.340941][ T26] cleanup_net+0x511/0xa50 [ 66.345658][ T26] ? unregister_pernet_device+0x70/0x70 [ 66.351300][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.357319][ T26] process_one_work+0x965/0x1690 [ 66.363235][ T26] ? lock_release+0x800/0x800 [ 66.367913][ T26] ? pwq_dec_nr_in_flight+0x310/0x310 [ 66.373812][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 66.378759][ T26] worker_thread+0x96/0xe10 [ 66.383271][ T26] ? process_one_work+0x1690/0x1690 [ 66.388478][ T26] kthread+0x3b5/0x4a0 [ 66.392572][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.398399][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.404357][ T26] ret_from_fork+0x1f/0x30 [ 66.410695][ T26] Kernel Offset: disabled [ 66.415428][ T26] Rebooting in 86400 seconds..