[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ 52.432808][ T6728] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6728 [ 52.442397][ T6728] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 52.448667][ T6728] CPU: 1 PID: 6728 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 52.457240][ T6728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.467264][ T6728] Call Trace: [ 52.470533][ T6728] dump_stack+0x18f/0x20d [ 52.474839][ T6728] check_preemption_disabled+0x20d/0x220 [ 52.480442][ T6728] ext4_mb_new_blocks+0xa4d/0x3b70 [ 52.485531][ T6728] ? ext4_ext_search_right+0x2ca/0xb20 [ 52.490959][ T6728] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 52.496652][ T6728] ext4_ext_map_blocks+0x201b/0x33e0 [ 52.501916][ T6728] ? ext4_ext_release+0x10/0x10 [ 52.506746][ T6728] ? down_write_killable+0x170/0x170 [ 52.512003][ T6728] ? ext4_es_lookup_extent+0x41d/0xd10 [ 52.517434][ T6728] ext4_map_blocks+0x4cb/0x1640 [ 52.522257][ T6728] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 52.527427][ T6728] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 52.532940][ T6728] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 52.538889][ T6728] ? prandom_u32_state+0xe/0x170 [ 52.543808][ T6728] ? __brelse+0x84/0xa0 [ 52.547937][ T6728] ? __ext4_new_inode+0x144/0x55e0 [ 52.553035][ T6728] ext4_getblk+0xad/0x520 [ 52.557343][ T6728] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 52.563035][ T6728] ? ext4_free_inode+0x1700/0x1700 [ 52.568135][ T6728] ext4_bread+0x7c/0x380 [ 52.572350][ T6728] ? ext4_getblk+0x520/0x520 [ 52.576918][ T6728] ? dquot_get_next_dqblk+0x180/0x180 [ 52.582275][ T6728] ext4_append+0x153/0x360 [ 52.586664][ T6728] ext4_mkdir+0x5e0/0xdf0 [ 52.590965][ T6728] ? ext4_rmdir+0xde0/0xde0 [ 52.595440][ T6728] ? security_inode_permission+0xc4/0xf0 [ 52.601058][ T6728] vfs_mkdir+0x419/0x690 [ 52.605288][ T6728] do_mkdirat+0x21e/0x280 [ 52.609588][ T6728] ? __ia32_sys_mknod+0xb0/0xb0 [ 52.614433][ T6728] ? do_syscall_64+0x1c/0xe0 [ 52.619100][ T6728] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 52.625055][ T6728] do_syscall_64+0x60/0xe0 [ 52.629446][ T6728] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 52.635312][ T6728] RIP: 0033:0x7fed86cac687 [ 52.639695][ T6728] Code: Bad RIP value. [ 52.643747][ T6728] RSP: 002b:00007ffdd4e3a868 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 52.652127][ T6728] RAX: ffffffffffffffda RBX: 0000559f0b71f985 RCX: 00007fed86cac687 [ 52.660090][ T6728] RDX: 00007ffdd4e3a730 RSI: 00000000000001ed RDI: 0000559f0b71f985 [ 52.668031][ T6728] RBP: 00007fed86cac680 R08: 0000000000000100 R09: 0000000000000000 [ 52.675977][ T6728] R10: 0000559f0b71f980 R11: 0000000000000246 R12: 00000000000001ed [ 52.683926][ T6728] R13: 00007ffdd4e3a9f0 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 56.093847][ T146] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:4/146 [ 56.102977][ T146] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.108965][ T146] CPU: 0 PID: 146 Comm: kworker/u4:4 Not tainted 5.8.0-rc1-syzkaller #0 [ 56.117281][ T146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.127331][ T146] Workqueue: writeback wb_workfn (flush-8:0) [ 56.133285][ T146] Call Trace: [ 56.136549][ T146] dump_stack+0x18f/0x20d [ 56.140871][ T146] check_preemption_disabled+0x20d/0x220 [ 56.146475][ T146] ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.151558][ T146] ? ext4_find_extent+0x81a/0xad0 [ 56.156570][ T146] ? ext4_ext_search_right+0x2ca/0xb20 [ 56.162015][ T146] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 56.167708][ T146] ext4_ext_map_blocks+0x201b/0x33e0 [ 56.172968][ T146] ? ext4_ext_release+0x10/0x10 [ 56.177798][ T146] ? down_write_killable+0x170/0x170 [ 56.183055][ T146] ? ext4_es_lookup_extent+0x41d/0xd10 [ 56.188490][ T146] ext4_map_blocks+0x4cb/0x1640 [ 56.193323][ T146] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 56.198518][ T146] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.204038][ T146] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.209990][ T146] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 56.215420][ T146] ext4_writepages+0x1a7b/0x33c0 [ 56.220362][ T146] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.225967][ T146] ? __lock_acquire+0x2224/0x48b0 [ 56.230971][ T146] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.236924][ T146] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.242874][ T146] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.248478][ T146] ? do_writepages+0xfa/0x2a0 [ 56.253132][ T146] do_writepages+0xfa/0x2a0 [ 56.257610][ T146] ? page_writeback_cpu_online+0x10/0x10 [ 56.263248][ T146] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.268793][ T146] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.274745][ T146] ? lock_downgrade+0x840/0x840 [ 56.279570][ T146] __writeback_single_inode+0x12a/0x13d0 [ 56.285177][ T146] ? _raw_spin_unlock+0x24/0x40 [ 56.290000][ T146] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 56.296107][ T146] writeback_sb_inodes+0x515/0xdc0 [ 56.301198][ T146] ? __writeback_single_inode+0x13d0/0x13d0 [ 56.307074][ T146] __writeback_inodes_wb+0xc3/0x250 [ 56.312264][ T146] wb_writeback+0x8db/0xd50 [ 56.316749][ T146] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 56.323071][ T146] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 56.328959][ T146] ? cpumask_next+0x3c/0x40 [ 56.333439][ T146] ? get_nr_dirty_inodes+0xd6/0x130 [ 56.338623][ T146] wb_workfn+0xab3/0x1090 [ 56.342930][ T146] ? inode_wait_for_writeback+0x30/0x30 [ 56.348452][ T146] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.353976][ T146] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.359949][ T146] process_one_work+0x965/0x1690 [ 56.364879][ T146] ? lock_release+0x800/0x800 [ 56.369524][ T146] ? pwq_dec_nr_in_flight+0x310/0x310 [ 56.374867][ T146] ? rwlock_bug.part.0+0x90/0x90 [ 56.379777][ T146] worker_thread+0x96/0xe10 [ 56.384269][ T146] ? process_one_work+0x1690/0x1690 [ 56.389436][ T146] kthread+0x3b5/0x4a0 [ 56.393478][ T146] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.399194][ T146] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.404886][ T146] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.1.14' (ECDSA) to the list of known hosts. 2020/06/16 03:09:31 fuzzer started 2020/06/16 03:09:31 connecting to host at 10.128.0.26:40941 2020/06/16 03:09:31 checking machine... 2020/06/16 03:09:31 checking revisions... 2020/06/16 03:09:31 testing simple program... [ 57.535605][ T6797] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6797 [ 57.544755][ T6797] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.550659][ T6797] CPU: 1 PID: 6797 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 57.558868][ T6797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.568895][ T6797] Call Trace: [ 57.572159][ T6797] dump_stack+0x18f/0x20d [ 57.576466][ T6797] check_preemption_disabled+0x20d/0x220 [ 57.582081][ T6797] ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.587168][ T6797] ? ext4_ext_search_right+0x2ca/0xb20 [ 57.592594][ T6797] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 57.598290][ T6797] ext4_ext_map_blocks+0x201b/0x33e0 [ 57.603556][ T6797] ? ext4_ext_release+0x10/0x10 [ 57.608407][ T6797] ? down_write_killable+0x170/0x170 [ 57.613682][ T6797] ? ext4_es_lookup_extent+0x41d/0xd10 [ 57.619118][ T6797] ext4_map_blocks+0x4cb/0x1640 [ 57.623964][ T6797] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 57.629138][ T6797] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.634657][ T6797] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.640603][ T6797] ? prandom_u32_state+0xe/0x170 [ 57.645510][ T6797] ? __brelse+0x84/0xa0 [ 57.649634][ T6797] ? __ext4_new_inode+0x144/0x55e0 [ 57.654729][ T6797] ext4_getblk+0xad/0x520 [ 57.659145][ T6797] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 57.664839][ T6797] ? ext4_free_inode+0x1700/0x1700 [ 57.669950][ T6797] ext4_bread+0x7c/0x380 [ 57.674181][ T6797] ? ext4_getblk+0x520/0x520 [ 57.678748][ T6797] ? dquot_get_next_dqblk+0x180/0x180 [ 57.684115][ T6797] ext4_append+0x153/0x360 [ 57.688510][ T6797] ext4_mkdir+0x5e0/0xdf0 [ 57.692833][ T6797] ? ext4_rmdir+0xde0/0xde0 [ 57.697308][ T6797] ? security_inode_permission+0xc4/0xf0 [ 57.702912][ T6797] vfs_mkdir+0x419/0x690 [ 57.707169][ T6797] do_mkdirat+0x21e/0x280 [ 57.711470][ T6797] ? __ia32_sys_mknod+0xb0/0xb0 [ 57.716290][ T6797] ? do_syscall_64+0x1c/0xe0 [ 57.720851][ T6797] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 57.726811][ T6797] do_syscall_64+0x60/0xe0 [ 57.731198][ T6797] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 57.737058][ T6797] RIP: 0033:0x4b02a0 [ 57.740916][ T6797] Code: Bad RIP value. [ 57.744949][ T6797] RSP: 002b:000000c00004f4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 57.753330][ T6797] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 57.761275][ T6797] RDX: 00000000000001c0 RSI: 000000c0000267a0 RDI: ffffffffffffff9c [ 57.769218][ T6797] RBP: 000000c00004f510 R08: 0000000000000000 R09: 0000000000000000 [ 57.777164][ T6797] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 57.785104][ T6797] R13: 000000000000003e R14: 000000000000003d R15: 0000000000000100 [ 57.808453][ T6815] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6815 [ 57.817925][ T6815] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.823891][ T6815] CPU: 1 PID: 6815 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 57.832468][ T6815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.842510][ T6815] Call Trace: [ 57.845791][ T6815] dump_stack+0x18f/0x20d [ 57.850119][ T6815] check_preemption_disabled+0x20d/0x220 [ 57.855743][ T6815] ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.860859][ T6815] ? ext4_ext_search_right+0x2ca/0xb20 [ 57.866309][ T6815] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 57.872030][ T6815] ext4_ext_map_blocks+0x201b/0x33e0 [ 57.877329][ T6815] ? ext4_ext_release+0x10/0x10 [ 57.882190][ T6815] ? down_write_killable+0x170/0x170 [ 57.887468][ T6815] ? ext4_es_lookup_extent+0x41d/0xd10 [ 57.892924][ T6815] ext4_map_blocks+0x4cb/0x1640 [ 57.897776][ T6815] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 57.902960][ T6815] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.908484][ T6815] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.914439][ T6815] ? prandom_u32_state+0xe/0x170 [ 57.919350][ T6815] ? __brelse+0x84/0xa0 [ 57.923481][ T6815] ? __ext4_new_inode+0x144/0x55e0 [ 57.928573][ T6815] ext4_getblk+0xad/0x520 [ 57.932877][ T6815] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 57.938586][ T6815] ? ext4_free_inode+0x1700/0x1700 [ 57.943685][ T6815] ext4_bread+0x7c/0x380 [ 57.947906][ T6815] ? ext4_getblk+0x520/0x520 [ 57.952482][ T6815] ? dquot_get_next_dqblk+0x180/0x180 [ 57.957851][ T6815] ext4_append+0x153/0x360 [ 57.962244][ T6815] ext4_mkdir+0x5e0/0xdf0 [ 57.966565][ T6815] ? ext4_rmdir+0xde0/0xde0 [ 57.971053][ T6815] ? security_inode_permission+0xc4/0xf0 [ 57.976671][ T6815] vfs_mkdir+0x419/0x690 [ 57.980903][ T6815] do_mkdirat+0x21e/0x280 [ 57.985217][ T6815] ? __ia32_sys_mknod+0xb0/0xb0 [ 57.990043][ T6815] ? do_syscall_64+0x1c/0xe0 [ 57.994610][ T6815] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.000588][ T6815] do_syscall_64+0x60/0xe0 [ 58.004995][ T6815] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.010889][ T6815] RIP: 0033:0x45bed7 [ 58.014780][ T6815] Code: Bad RIP value. [ 58.018818][ T6815] RSP: 002b:00007ffc5e0d81e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 58.027206][ T6815] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 58.035150][ T6815] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffc5e0d83c0 [ 58.043102][ T6815] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003240 [ 58.051080][ T6815] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 58.059047][ T6815] R13: 00007ffc5e0d83c0 R14: 8421084210842109 R15: 00007ffc5e0d83cc [ 58.138796][ T6817] IPVS: ftp: loaded support on port[0] = 21 [ 58.171952][ T6817] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6817 [ 58.181385][ T6817] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.187466][ T6817] CPU: 0 PID: 6817 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 58.196033][ T6817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.206057][ T6817] Call Trace: [ 58.209322][ T6817] dump_stack+0x18f/0x20d [ 58.213628][ T6817] check_preemption_disabled+0x20d/0x220 [ 58.219235][ T6817] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.224335][ T6817] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.229790][ T6817] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.235485][ T6817] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.240747][ T6817] ? ext4_ext_release+0x10/0x10 [ 58.245581][ T6817] ? down_write_killable+0x170/0x170 [ 58.250849][ T6817] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.256284][ T6817] ext4_map_blocks+0x4cb/0x1640 [ 58.261118][ T6817] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.266285][ T6817] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.271799][ T6817] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.277745][ T6817] ? prandom_u32_state+0xe/0x170 [ 58.282665][ T6817] ? __brelse+0x84/0xa0 [ 58.286802][ T6817] ? __ext4_new_inode+0x144/0x55e0 [ 58.291882][ T6817] ext4_getblk+0xad/0x520 [ 58.296183][ T6817] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.301887][ T6817] ? ext4_free_inode+0x1700/0x1700 [ 58.306971][ T6817] ext4_bread+0x7c/0x380 [ 58.311184][ T6817] ? ext4_getblk+0x520/0x520 [ 58.315756][ T6817] ? dquot_get_next_dqblk+0x180/0x180 [ 58.321119][ T6817] ext4_append+0x153/0x360 [ 58.325508][ T6817] ext4_mkdir+0x5e0/0xdf0 [ 58.329810][ T6817] ? ext4_rmdir+0xde0/0xde0 [ 58.334284][ T6817] ? security_inode_permission+0xc4/0xf0 [ 58.339889][ T6817] vfs_mkdir+0x419/0x690 [ 58.344107][ T6817] do_mkdirat+0x21e/0x280 [ 58.348414][ T6817] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.353241][ T6817] ? do_syscall_64+0x1c/0xe0 [ 58.357803][ T6817] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.363757][ T6817] do_syscall_64+0x60/0xe0 [ 58.368157][ T6817] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.374026][ T6817] RIP: 0033:0x45bed7 [ 58.377889][ T6817] Code: Bad RIP value. [ 58.381936][ T6817] RSP: 002b:00007ffc5e0d80d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 58.390328][ T6817] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 58.398288][ T6817] RDX: 00007ffc5e0d8123 RSI: 00000000000001ff RDI: 00007ffc5e0d8120 [ 58.406247][ T6817] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 58.414190][ T6817] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0 [ 58.422147][ T6817] R13: 00007ffc5e0d8110 R14: 0000000000000000 R15: 00007ffc5e0d8120 [ 58.472704][ T6817] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6817 [ 58.482264][ T6817] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.488264][ T6817] CPU: 0 PID: 6817 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 58.496840][ T6817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.506924][ T6817] Call Trace: [ 58.510230][ T6817] dump_stack+0x18f/0x20d [ 58.514557][ T6817] check_preemption_disabled+0x20d/0x220 [ 58.520183][ T6817] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.525300][ T6817] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.530745][ T6817] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.536456][ T6817] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.541727][ T6817] ? ext4_ext_release+0x10/0x10 [ 58.546582][ T6817] ? down_write_killable+0x170/0x170 [ 58.551861][ T6817] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.557309][ T6817] ext4_map_blocks+0x4cb/0x1640 [ 58.562148][ T6817] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.567315][ T6817] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.572829][ T6817] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.578796][ T6817] ? prandom_u32_state+0xe/0x170 [ 58.583710][ T6817] ? __brelse+0x84/0xa0 [ 58.587852][ T6817] ? __ext4_new_inode+0x144/0x55e0 [ 58.592932][ T6817] ext4_getblk+0xad/0x520 [ 58.597239][ T6817] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.602936][ T6817] ? ext4_free_inode+0x1700/0x1700 [ 58.608038][ T6817] ext4_bread+0x7c/0x380 [ 58.612254][ T6817] ? ext4_getblk+0x520/0x520 [ 58.616815][ T6817] ? dquot_get_next_dqblk+0x180/0x180 [ 58.622161][ T6817] ext4_append+0x153/0x360 [ 58.626551][ T6817] ext4_mkdir+0x5e0/0xdf0 [ 58.630865][ T6817] ? ext4_rmdir+0xde0/0xde0 [ 58.635352][ T6817] ? security_inode_permission+0xc4/0xf0 [ 58.640968][ T6817] vfs_mkdir+0x419/0x690 [ 58.645199][ T6817] do_mkdirat+0x21e/0x280 [ 58.649514][ T6817] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.654336][ T6817] ? do_syscall_64+0x1c/0xe0 [ 58.658903][ T6817] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.664871][ T6817] do_syscall_64+0x60/0xe0 [ 58.669297][ T6817] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.675158][ T6817] RIP: 0033:0x45bed7 [ 58.679017][ T6817] Code: Bad RIP value. [ 58.683058][ T6817] RSP: 002b:00007ffc5e0d80d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 58.691439][ T6817] RAX: ffffffffffffffda RBX: 000000000000e45c RCX: 000000000045bed7 [ 58.699397][ T6817] RDX: 00007ffc5e0d8123 RSI: 00000000000001ff RDI: 00007ffc5e0d8120 [ 58.707337][ T6817] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 58.715278][ T6817] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 58.723222][ T6817] R13: 00007ffc5e0d8110 R14: 000000000000e449 R15: 00007ffc5e0d8120 2020/06/16 03:09:32 building call list... [ 58.963033][ T146] tipc: TX() has been purged, node left! [ 59.465162][ T146] ================================================================== [ 59.473386][ T146] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 59.481264][ T146] Write of size 1 at addr ffff888095ce29e4 by task kworker/u4:4/146 [ 59.489224][ T146] [ 59.491547][ T146] CPU: 1 PID: 146 Comm: kworker/u4:4 Not tainted 5.8.0-rc1-syzkaller #0 [ 59.499849][ T146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.509896][ T146] Workqueue: netns cleanup_net [ 59.514641][ T146] Call Trace: [ 59.517939][ T146] dump_stack+0x18f/0x20d [ 59.522259][ T146] ? afs_wake_up_async_call+0x6aa/0x770 [ 59.527789][ T146] ? afs_wake_up_async_call+0x6aa/0x770 [ 59.533327][ T146] ? afs_put_call+0xa40/0xa40 [ 59.537997][ T146] print_address_description.constprop.0.cold+0xd3/0x413 [ 59.545010][ T146] ? vprintk_func+0x97/0x1a6 [ 59.549589][ T146] ? afs_wake_up_async_call+0x6aa/0x770 [ 59.555117][ T146] kasan_report.cold+0x1f/0x37 [ 59.559870][ T146] ? rcu_read_lock_held_common+0x51/0xa0 [ 59.565489][ T146] ? afs_wake_up_async_call+0x6aa/0x770 [ 59.571022][ T146] afs_wake_up_async_call+0x6aa/0x770 [ 59.576382][ T146] ? afs_close_socket+0x320/0x320 [ 59.581392][ T146] ? afs_put_call+0xa40/0xa40 [ 59.586053][ T146] rxrpc_notify_socket+0x1db/0x5d0 [ 59.591153][ T146] ? afs_put_call+0xa40/0xa40 [ 59.595819][ T146] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 59.602222][ T146] rxrpc_call_completed+0xca/0xf0 [ 59.607240][ T146] rxrpc_discard_prealloc+0x781/0xab0 [ 59.612601][ T146] ? lock_sock_nested+0x94/0x110 [ 59.617529][ T146] rxrpc_listen+0x147/0x360 [ 59.622022][ T146] afs_close_socket+0x95/0x320 [ 59.626771][ T146] ? afs_purge_servers+0x16d/0x300 [ 59.631876][ T146] ? afs_rx_discard_new_call+0x50/0x50 [ 59.637324][ T146] ? init_wait_var_entry+0x200/0x200 [ 59.642598][ T146] ? rcu_read_lock_held_common+0xa0/0xa0 [ 59.648225][ T146] ? check_preemption_disabled+0x38/0x220 [ 59.653950][ T146] afs_net_exit+0x1bc/0x310 [ 59.658447][ T146] ? afs_net_init+0xe30/0xe30 [ 59.663142][ T146] ops_exit_list.isra.0+0xa8/0x150 [ 59.668254][ T146] cleanup_net+0x511/0xa50 [ 59.672665][ T146] ? unregister_pernet_device+0x70/0x70 [ 59.678208][ T146] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.684194][ T146] process_one_work+0x965/0x1690 [ 59.689136][ T146] ? lock_release+0x800/0x800 [ 59.693810][ T146] ? pwq_dec_nr_in_flight+0x310/0x310 [ 59.699186][ T146] ? rwlock_bug.part.0+0x90/0x90 [ 59.704140][ T146] worker_thread+0x96/0xe10 [ 59.708663][ T146] ? process_one_work+0x1690/0x1690 [ 59.713872][ T146] kthread+0x3b5/0x4a0 [ 59.717949][ T146] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 59.723664][ T146] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 59.729388][ T146] ret_from_fork+0x1f/0x30 [ 59.733854][ T146] [ 59.736176][ T146] Allocated by task 6817: [ 59.740490][ T146] save_stack+0x1b/0x40 [ 59.744637][ T146] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 59.750254][ T146] kmem_cache_alloc_trace+0x153/0x7d0 [ 59.755611][ T146] afs_alloc_call+0x55/0x630 [ 59.760190][ T146] afs_charge_preallocation+0xe9/0x2d0 [ 59.765629][ T146] afs_open_socket+0x292/0x360 [ 59.770417][ T146] afs_net_init+0xa6c/0xe30 [ 59.774910][ T146] ops_init+0xaf/0x420 [ 59.778963][ T146] setup_net+0x2de/0x860 [ 59.783203][ T146] copy_net_ns+0x293/0x590 [ 59.787611][ T146] create_new_namespaces+0x3fb/0xb30 [ 59.792886][ T146] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 59.798508][ T146] ksys_unshare+0x43d/0x8e0 [ 59.803003][ T146] __x64_sys_unshare+0x2d/0x40 [ 59.807756][ T146] do_syscall_64+0x60/0xe0 [ 59.812159][ T146] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.818030][ T146] [ 59.820353][ T146] Freed by task 146: [ 59.824238][ T146] save_stack+0x1b/0x40 [ 59.828397][ T146] __kasan_slab_free+0xf7/0x140 [ 59.833240][ T146] kfree+0x109/0x2b0 [ 59.837127][ T146] afs_put_call+0x585/0xa40 [ 59.841639][ T146] rxrpc_discard_prealloc+0x764/0xab0 [ 59.846996][ T146] rxrpc_listen+0x147/0x360 [ 59.851482][ T146] afs_close_socket+0x95/0x320 [ 59.856227][ T146] afs_net_exit+0x1bc/0x310 [ 59.860717][ T146] ops_exit_list.isra.0+0xa8/0x150 [ 59.865815][ T146] cleanup_net+0x511/0xa50 [ 59.870218][ T146] process_one_work+0x965/0x1690 [ 59.875162][ T146] worker_thread+0x96/0xe10 [ 59.879651][ T146] kthread+0x3b5/0x4a0 [ 59.883711][ T146] ret_from_fork+0x1f/0x30 [ 59.888128][ T146] [ 59.890448][ T146] The buggy address belongs to the object at ffff888095ce2800 [ 59.890448][ T146] which belongs to the cache kmalloc-1k of size 1024 [ 59.904484][ T146] The buggy address is located 484 bytes inside of [ 59.904484][ T146] 1024-byte region [ffff888095ce2800, ffff888095ce2c00) [ 59.917819][ T146] The buggy address belongs to the page: [ 59.923450][ T146] page:ffffea0002573880 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888095ce2000 [ 59.933853][ T146] flags: 0xfffe0000000200(slab) [ 59.938704][ T146] raw: 00fffe0000000200 ffffea00028b2e88 ffffea00028ba0c8 ffff8880aa000c40 [ 59.947281][ T146] raw: ffff888095ce2000 ffff888095ce2000 0000000100000001 0000000000000000 [ 59.955848][ T146] page dumped because: kasan: bad access detected [ 59.962238][ T146] [ 59.964550][ T146] Memory state around the buggy address: [ 59.970166][ T146] ffff888095ce2880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.978218][ T146] ffff888095ce2900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.986269][ T146] >ffff888095ce2980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.994320][ T146] ^ [ 60.001498][ T146] ffff888095ce2a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.009543][ T146] ffff888095ce2a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.017581][ T146] ================================================================== [ 60.025622][ T146] Disabling lock debugging due to kernel taint [ 60.031812][ T146] Kernel panic - not syncing: panic_on_warn set ... [ 60.038390][ T146] CPU: 1 PID: 146 Comm: kworker/u4:4 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 60.048080][ T146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.058139][ T146] Workqueue: netns cleanup_net [ 60.062882][ T146] Call Trace: [ 60.066156][ T146] dump_stack+0x18f/0x20d [ 60.070471][ T146] ? afs_wake_up_async_call+0x670/0x770 [ 60.075997][ T146] ? afs_put_call+0xa40/0xa40 [ 60.080653][ T146] panic+0x2e3/0x75c [ 60.084531][ T146] ? __warn_printk+0xf3/0xf3 [ 60.089109][ T146] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 60.095262][ T146] ? trace_hardirqs_on+0x55/0x220 [ 60.100272][ T146] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.105797][ T146] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.111321][ T146] ? afs_put_call+0xa40/0xa40 [ 60.116004][ T146] end_report+0x4d/0x53 [ 60.120157][ T146] kasan_report.cold+0xd/0x37 [ 60.124825][ T146] ? rcu_read_lock_held_common+0x51/0xa0 [ 60.130438][ T146] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.135964][ T146] afs_wake_up_async_call+0x6aa/0x770 [ 60.141313][ T146] ? afs_close_socket+0x320/0x320 [ 60.146319][ T146] ? afs_put_call+0xa40/0xa40 [ 60.150979][ T146] rxrpc_notify_socket+0x1db/0x5d0 [ 60.156070][ T146] ? afs_put_call+0xa40/0xa40 [ 60.160730][ T146] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 60.167135][ T146] rxrpc_call_completed+0xca/0xf0 [ 60.172141][ T146] rxrpc_discard_prealloc+0x781/0xab0 [ 60.177508][ T146] ? lock_sock_nested+0x94/0x110 [ 60.182431][ T146] rxrpc_listen+0x147/0x360 [ 60.186921][ T146] afs_close_socket+0x95/0x320 [ 60.191677][ T146] ? afs_purge_servers+0x16d/0x300 [ 60.196771][ T146] ? afs_rx_discard_new_call+0x50/0x50 [ 60.202212][ T146] ? init_wait_var_entry+0x200/0x200 [ 60.207482][ T146] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.213152][ T146] ? check_preemption_disabled+0x38/0x220 [ 60.218862][ T146] afs_net_exit+0x1bc/0x310 [ 60.223356][ T146] ? afs_net_init+0xe30/0xe30 [ 60.228052][ T146] ops_exit_list.isra.0+0xa8/0x150 [ 60.233176][ T146] cleanup_net+0x511/0xa50 [ 60.237582][ T146] ? unregister_pernet_device+0x70/0x70 [ 60.243133][ T146] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.249108][ T146] process_one_work+0x965/0x1690 [ 60.254045][ T146] ? lock_release+0x800/0x800 [ 60.258745][ T146] ? pwq_dec_nr_in_flight+0x310/0x310 [ 60.264108][ T146] ? rwlock_bug.part.0+0x90/0x90 [ 60.269047][ T146] worker_thread+0x96/0xe10 [ 60.273550][ T146] ? process_one_work+0x1690/0x1690 [ 60.278741][ T146] kthread+0x3b5/0x4a0 [ 60.282801][ T146] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.288511][ T146] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.294229][ T146] ret_from_fork+0x1f/0x30 [ 60.299959][ T146] Kernel Offset: disabled [ 60.304279][ T146] Rebooting in 86400 seconds..