[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ 52.607353][ T6727] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6727 [ 52.617052][ T6727] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 52.623333][ T6727] CPU: 0 PID: 6727 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 52.631615][ T6727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.641694][ T6727] Call Trace: [ 52.644987][ T6727] dump_stack+0x18f/0x20d [ 52.649301][ T6727] check_preemption_disabled+0x20d/0x220 [ 52.654913][ T6727] ext4_mb_new_blocks+0xa4d/0x3b70 [ 52.660010][ T6727] ? ext4_ext_search_right+0x2ca/0xb20 [ 52.665543][ T6727] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 52.671260][ T6727] ext4_ext_map_blocks+0x201b/0x33e0 [ 52.676539][ T6727] ? ext4_ext_release+0x10/0x10 [ 52.681391][ T6727] ? down_write_killable+0x170/0x170 [ 52.686653][ T6727] ? ext4_es_lookup_extent+0x41d/0xd10 [ 52.692091][ T6727] ext4_map_blocks+0x4cb/0x1640 [ 52.697015][ T6727] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 52.702193][ T6727] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 52.707715][ T6727] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 52.713681][ T6727] ? prandom_u32_state+0xe/0x170 [ 52.718596][ T6727] ? __brelse+0x84/0xa0 [ 52.722727][ T6727] ? __ext4_new_inode+0x144/0x55e0 [ 52.727829][ T6727] ext4_getblk+0xad/0x520 [ 52.732150][ T6727] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 52.737848][ T6727] ? ext4_free_inode+0x1700/0x1700 [ 52.742944][ T6727] ext4_bread+0x7c/0x380 [ 52.747164][ T6727] ? ext4_getblk+0x520/0x520 [ 52.751733][ T6727] ? dquot_get_next_dqblk+0x180/0x180 [ 52.757082][ T6727] ext4_append+0x153/0x360 [ 52.761478][ T6727] ext4_mkdir+0x5e0/0xdf0 [ 52.765785][ T6727] ? ext4_rmdir+0xde0/0xde0 [ 52.770277][ T6727] ? security_inode_permission+0xc4/0xf0 [ 52.775887][ T6727] vfs_mkdir+0x419/0x690 [ 52.780108][ T6727] do_mkdirat+0x21e/0x280 [ 52.784414][ T6727] ? __ia32_sys_mknod+0xb0/0xb0 [ 52.789240][ T6727] ? do_syscall_64+0x1c/0xe0 [ 52.793804][ T6727] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 52.799786][ T6727] do_syscall_64+0x60/0xe0 [ 52.804195][ T6727] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 52.810070][ T6727] RIP: 0033:0x7fd60bd9b687 [ 52.814453][ T6727] Code: Bad RIP value. [ 52.818491][ T6727] RSP: 002b:00007ffd5473b348 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 52.826961][ T6727] RAX: ffffffffffffffda RBX: 0000560fdca30985 RCX: 00007fd60bd9b687 [ 52.834911][ T6727] RDX: 00007ffd5473b210 RSI: 00000000000001ed RDI: 0000560fdca30985 [ 52.842877][ T6727] RBP: 00007fd60bd9b680 R08: 0000000000000100 R09: 0000000000000000 [ 52.850825][ T6727] R10: 0000560fdca30980 R11: 0000000000000246 R12: 00000000000001ed [ 52.858773][ T6727] R13: 00007ffd5473b4d0 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 56.087184][ T86] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:3/86 [ 56.096217][ T86] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.102217][ T86] CPU: 0 PID: 86 Comm: kworker/u4:3 Not tainted 5.7.0-syzkaller #0 [ 56.110105][ T86] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.120147][ T86] Workqueue: writeback wb_workfn (flush-8:0) [ 56.126099][ T86] Call Trace: [ 56.129384][ T86] dump_stack+0x18f/0x20d [ 56.133696][ T86] check_preemption_disabled+0x20d/0x220 [ 56.139318][ T86] ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.144422][ T86] ? ext4_find_extent+0x81a/0xad0 [ 56.149459][ T86] ? ext4_ext_search_right+0x2ca/0xb20 [ 56.154911][ T86] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 56.160632][ T86] ext4_ext_map_blocks+0x201b/0x33e0 [ 56.165916][ T86] ? ext4_ext_release+0x10/0x10 [ 56.170765][ T86] ? down_write_killable+0x170/0x170 [ 56.176041][ T86] ? ext4_es_lookup_extent+0x41d/0xd10 [ 56.182023][ T86] ext4_map_blocks+0x4cb/0x1640 [ 56.186857][ T86] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 56.192038][ T86] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.197559][ T86] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.203530][ T86] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 56.208987][ T86] ext4_writepages+0x1a7b/0x33c0 [ 56.213945][ T86] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.219555][ T86] ? __lock_acquire+0x2224/0x48b0 [ 56.224576][ T86] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.230538][ T86] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.236509][ T86] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.242119][ T86] ? do_writepages+0xfa/0x2a0 [ 56.246789][ T86] do_writepages+0xfa/0x2a0 [ 56.251275][ T86] ? page_writeback_cpu_online+0x10/0x10 [ 56.256890][ T86] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.262430][ T86] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.268731][ T86] ? lock_downgrade+0x840/0x840 [ 56.273578][ T86] __writeback_single_inode+0x12a/0x13d0 [ 56.279199][ T86] ? _raw_spin_unlock+0x24/0x40 [ 56.284092][ T86] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 56.290060][ T86] writeback_sb_inodes+0x515/0xdc0 [ 56.295186][ T86] ? __writeback_single_inode+0x13d0/0x13d0 [ 56.301078][ T86] __writeback_inodes_wb+0xc3/0x250 [ 56.306257][ T86] wb_writeback+0x8db/0xd50 [ 56.310741][ T86] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 56.317047][ T86] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 56.324938][ T86] ? cpumask_next+0x3c/0x40 [ 56.329419][ T86] ? get_nr_dirty_inodes+0xd6/0x130 [ 56.334595][ T86] wb_workfn+0xab3/0x1090 [ 56.338906][ T86] ? inode_wait_for_writeback+0x30/0x30 [ 56.344430][ T86] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.349952][ T86] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.355914][ T86] process_one_work+0x965/0x1690 [ 56.360833][ T86] ? lock_release+0x800/0x800 [ 56.365485][ T86] ? pwq_dec_nr_in_flight+0x310/0x310 [ 56.370835][ T86] ? rwlock_bug.part.0+0x90/0x90 [ 56.375753][ T86] worker_thread+0x96/0xe10 [ 56.380240][ T86] ? process_one_work+0x1690/0x1690 [ 56.385425][ T86] kthread+0x3b5/0x4a0 [ 56.389481][ T86] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.395187][ T86] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.400881][ T86] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.15.212' (ECDSA) to the list of known hosts. 2020/06/14 19:03:16 fuzzer started 2020/06/14 19:03:16 connecting to host at 10.128.0.26:39749 2020/06/14 19:03:16 checking machine... 2020/06/14 19:03:16 checking revisions... 2020/06/14 19:03:16 testing simple program... [ 58.027495][ T6812] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6812 [ 58.036580][ T6812] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.042507][ T6812] CPU: 0 PID: 6812 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 58.050373][ T6812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.060403][ T6812] Call Trace: [ 58.063674][ T6812] dump_stack+0x18f/0x20d [ 58.067987][ T6812] check_preemption_disabled+0x20d/0x220 [ 58.073596][ T6812] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.078903][ T6812] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.084349][ T6812] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.090061][ T6812] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.095327][ T6812] ? ext4_ext_release+0x10/0x10 [ 58.100164][ T6812] ? down_write_killable+0x170/0x170 [ 58.105435][ T6812] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.110887][ T6812] ext4_map_blocks+0x4cb/0x1640 [ 58.115717][ T6812] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.120891][ T6812] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.126500][ T6812] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.132465][ T6812] ? prandom_u32_state+0xe/0x170 [ 58.137389][ T6812] ? __brelse+0x84/0xa0 [ 58.141522][ T6812] ? __ext4_new_inode+0x144/0x55e0 [ 58.146618][ T6812] ext4_getblk+0xad/0x520 [ 58.150929][ T6812] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.156627][ T6812] ? ext4_free_inode+0x1700/0x1700 [ 58.161727][ T6812] ext4_bread+0x7c/0x380 [ 58.165945][ T6812] ? ext4_getblk+0x520/0x520 [ 58.170531][ T6812] ? dquot_get_next_dqblk+0x180/0x180 [ 58.175894][ T6812] ext4_append+0x153/0x360 [ 58.180290][ T6812] ext4_mkdir+0x5e0/0xdf0 [ 58.184599][ T6812] ? ext4_rmdir+0xde0/0xde0 [ 58.189092][ T6812] ? security_inode_permission+0xc4/0xf0 [ 58.194704][ T6812] vfs_mkdir+0x419/0x690 [ 58.198925][ T6812] do_mkdirat+0x21e/0x280 [ 58.203236][ T6812] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.208063][ T6812] ? do_syscall_64+0x1c/0xe0 [ 58.212632][ T6812] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.218588][ T6812] do_syscall_64+0x60/0xe0 [ 58.222994][ T6812] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.228870][ T6812] RIP: 0033:0x4b02a0 [ 58.232735][ T6812] Code: Bad RIP value. [ 58.236789][ T6812] RSP: 002b:000000c00004f4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 58.245173][ T6812] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 58.253126][ T6812] RDX: 00000000000001c0 RSI: 000000c00009eb00 RDI: ffffffffffffff9c [ 58.261072][ T6812] RBP: 000000c00004f510 R08: 0000000000000000 R09: 0000000000000000 [ 58.269117][ T6812] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 58.277065][ T6812] R13: 0000000000000059 R14: 0000000000000058 R15: 0000000000000100 [ 58.294621][ T6817] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6817 [ 58.304100][ T6817] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.310184][ T6817] CPU: 0 PID: 6817 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 58.318423][ T6817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.328453][ T6817] Call Trace: [ 58.331824][ T6817] dump_stack+0x18f/0x20d [ 58.336139][ T6817] check_preemption_disabled+0x20d/0x220 [ 58.341748][ T6817] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.346852][ T6817] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.352287][ T6817] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.357986][ T6817] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.363263][ T6817] ? ext4_ext_release+0x10/0x10 [ 58.368103][ T6817] ? down_write_killable+0x170/0x170 [ 58.373366][ T6817] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.378822][ T6817] ext4_map_blocks+0x4cb/0x1640 [ 58.383653][ T6817] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.388826][ T6817] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.394393][ T6817] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.400374][ T6817] ? prandom_u32_state+0xe/0x170 [ 58.405290][ T6817] ? __brelse+0x84/0xa0 [ 58.409425][ T6817] ? __ext4_new_inode+0x144/0x55e0 [ 58.414516][ T6817] ext4_getblk+0xad/0x520 [ 58.418828][ T6817] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.424541][ T6817] ? ext4_free_inode+0x1700/0x1700 [ 58.430327][ T6817] ext4_bread+0x7c/0x380 [ 58.434547][ T6817] ? ext4_getblk+0x520/0x520 [ 58.439132][ T6817] ? dquot_get_next_dqblk+0x180/0x180 [ 58.444505][ T6817] ext4_append+0x153/0x360 [ 58.448918][ T6817] ext4_mkdir+0x5e0/0xdf0 [ 58.453301][ T6817] ? ext4_rmdir+0xde0/0xde0 [ 58.457800][ T6817] ? security_inode_permission+0xc4/0xf0 [ 58.463435][ T6817] vfs_mkdir+0x419/0x690 [ 58.467677][ T6817] do_mkdirat+0x21e/0x280 [ 58.472073][ T6817] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.476934][ T6817] ? do_syscall_64+0x1c/0xe0 [ 58.481502][ T6817] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.487506][ T6817] do_syscall_64+0x60/0xe0 [ 58.491903][ T6817] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.497791][ T6817] RIP: 0033:0x45bee7 [ 58.501765][ T6817] Code: Bad RIP value. [ 58.505804][ T6817] RSP: 002b:00007ffc1bec5118 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 58.514197][ T6817] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 58.522145][ T6817] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007ffc1bec52f0 [ 58.530106][ T6817] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 00000000000029c0 [ 58.538313][ T6817] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 58.546279][ T6817] R13: 00007ffc1bec52f0 R14: 8421084210842109 R15: 00007ffc1bec52fc [ 58.631678][ T6818] IPVS: ftp: loaded support on port[0] = 21 [ 58.669944][ T6818] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6818 [ 58.679458][ T6818] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.685332][ T6818] CPU: 1 PID: 6818 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 58.693561][ T6818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.703622][ T6818] Call Trace: [ 58.706895][ T6818] dump_stack+0x18f/0x20d [ 58.711228][ T6818] check_preemption_disabled+0x20d/0x220 [ 58.716840][ T6818] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.721936][ T6818] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.727392][ T6818] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.733093][ T6818] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.738361][ T6818] ? ext4_ext_release+0x10/0x10 [ 58.743205][ T6818] ? down_write_killable+0x170/0x170 [ 58.748465][ T6818] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.753904][ T6818] ext4_map_blocks+0x4cb/0x1640 [ 58.758737][ T6818] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.763913][ T6818] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.769436][ T6818] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.775392][ T6818] ? prandom_u32_state+0xe/0x170 [ 58.780310][ T6818] ? __brelse+0x84/0xa0 [ 58.784531][ T6818] ? __ext4_new_inode+0x144/0x55e0 [ 58.789622][ T6818] ext4_getblk+0xad/0x520 [ 58.793940][ T6818] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.799654][ T6818] ? ext4_free_inode+0x1700/0x1700 [ 58.805621][ T6818] ext4_bread+0x7c/0x380 [ 58.809845][ T6818] ? ext4_getblk+0x520/0x520 [ 58.814432][ T6818] ? dquot_get_next_dqblk+0x180/0x180 [ 58.819918][ T6818] ext4_append+0x153/0x360 [ 58.824314][ T6818] ext4_mkdir+0x5e0/0xdf0 [ 58.828644][ T6818] ? ext4_rmdir+0xde0/0xde0 [ 58.833126][ T6818] ? security_inode_permission+0xc4/0xf0 [ 58.838753][ T6818] vfs_mkdir+0x419/0x690 [ 58.842973][ T6818] do_mkdirat+0x21e/0x280 [ 58.847299][ T6818] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.852127][ T6818] ? do_syscall_64+0x1c/0xe0 [ 58.856698][ T6818] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.862743][ T6818] do_syscall_64+0x60/0xe0 [ 58.867156][ T6818] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.873023][ T6818] RIP: 0033:0x45bee7 [ 58.876892][ T6818] Code: Bad RIP value. [ 58.880932][ T6818] RSP: 002b:00007ffc1bec5008 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 58.889414][ T6818] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 58.897467][ T6818] RDX: 00007ffc1bec5053 RSI: 00000000000001ff RDI: 00007ffc1bec5050 [ 58.905415][ T6818] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 58.913379][ T6818] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 58.921332][ T6818] R13: 00007ffc1bec5040 R14: 0000000000000000 R15: 00007ffc1bec5050 [ 58.973236][ T6818] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6818 [ 58.982972][ T6818] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.988951][ T6818] CPU: 0 PID: 6818 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 58.997186][ T6818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.007264][ T6818] Call Trace: [ 59.010557][ T6818] dump_stack+0x18f/0x20d [ 59.014899][ T6818] check_preemption_disabled+0x20d/0x220 [ 59.020537][ T6818] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.025661][ T6818] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.031121][ T6818] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.036841][ T6818] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.042125][ T6818] ? ext4_ext_release+0x10/0x10 [ 59.046967][ T6818] ? down_write_killable+0x170/0x170 [ 59.052246][ T6818] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.057859][ T6818] ext4_map_blocks+0x4cb/0x1640 [ 59.062694][ T6818] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.067871][ T6818] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.073401][ T6818] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.079356][ T6818] ? prandom_u32_state+0xe/0x170 [ 59.084291][ T6818] ? __brelse+0x84/0xa0 [ 59.088426][ T6818] ? __ext4_new_inode+0x144/0x55e0 [ 59.093520][ T6818] ext4_getblk+0xad/0x520 [ 59.097847][ T6818] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.103545][ T6818] ? ext4_free_inode+0x1700/0x1700 [ 59.108651][ T6818] ext4_bread+0x7c/0x380 [ 59.112884][ T6818] ? ext4_getblk+0x520/0x520 [ 59.117479][ T6818] ? dquot_get_next_dqblk+0x180/0x180 [ 59.122839][ T6818] ext4_append+0x153/0x360 [ 59.127333][ T6818] ext4_mkdir+0x5e0/0xdf0 [ 59.131647][ T6818] ? ext4_rmdir+0xde0/0xde0 [ 59.136218][ T6818] ? security_inode_permission+0xc4/0xf0 [ 59.141830][ T6818] vfs_mkdir+0x419/0x690 [ 59.146059][ T6818] do_mkdirat+0x21e/0x280 [ 59.150367][ T6818] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.155193][ T6818] ? do_syscall_64+0x1c/0xe0 [ 59.159937][ T6818] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.165900][ T6818] do_syscall_64+0x60/0xe0 [ 59.170470][ T6818] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.176449][ T6818] RIP: 0033:0x45bee7 [ 59.180316][ T6818] Code: Bad RIP value. [ 59.184359][ T6818] RSP: 002b:00007ffc1bec5008 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 59.192746][ T6818] RAX: ffffffffffffffda RBX: 000000000000e654 RCX: 000000000045bee7 [ 59.200696][ T6818] RDX: 00007ffc1bec5053 RSI: 00000000000001ff RDI: 00007ffc1bec5050 [ 59.208643][ T6818] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 59.216591][ T6818] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 2020/06/14 19:03:18 building call list... [ 59.224561][ T6818] R13: 00007ffc1bec5040 R14: 000000000000e64f R15: 00007ffc1bec5050 [ 59.445983][ T7] tipc: TX() has been purged, node left! [ 59.957855][ T7] ================================================================== [ 59.966067][ T7] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 59.973950][ T7] Write of size 1 at addr ffff8880a0c901e4 by task kworker/u4:0/7 [ 59.981771][ T7] [ 59.984137][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.7.0-syzkaller #0 [ 59.992016][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.002072][ T7] Workqueue: netns cleanup_net [ 60.006824][ T7] Call Trace: [ 60.010110][ T7] dump_stack+0x18f/0x20d [ 60.014440][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.019978][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.025534][ T7] ? afs_put_call+0xa40/0xa40 [ 60.030208][ T7] print_address_description.constprop.0.cold+0xd3/0x413 [ 60.037230][ T7] ? vprintk_func+0x97/0x1a6 [ 60.041827][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.047365][ T7] kasan_report.cold+0x1f/0x37 [ 60.052130][ T7] ? rcu_read_lock_held+0x81/0xb0 [ 60.057148][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.062692][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 60.068059][ T7] ? afs_close_socket+0x320/0x320 [ 60.073077][ T7] ? afs_put_call+0xa40/0xa40 [ 60.077753][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 60.082866][ T7] ? afs_put_call+0xa40/0xa40 [ 60.087540][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 60.094737][ T7] rxrpc_call_completed+0xca/0xf0 [ 60.099764][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 60.105134][ T7] ? lock_sock_nested+0x94/0x110 [ 60.110072][ T7] rxrpc_listen+0x147/0x360 [ 60.114587][ T7] afs_close_socket+0x95/0x320 [ 60.119343][ T7] ? afs_purge_servers+0x16d/0x300 [ 60.124548][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 60.130008][ T7] ? init_wait_var_entry+0x200/0x200 [ 60.135294][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.140923][ T7] ? check_preemption_disabled+0x38/0x220 [ 60.146647][ T7] afs_net_exit+0x1bc/0x310 [ 60.151148][ T7] ? afs_net_init+0xe30/0xe30 [ 60.155914][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 60.161029][ T7] cleanup_net+0x511/0xa50 [ 60.165445][ T7] ? unregister_pernet_device+0x70/0x70 [ 60.171000][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.176989][ T7] process_one_work+0x965/0x1690 [ 60.182025][ T7] ? lock_release+0x800/0x800 [ 60.186706][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 60.192084][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 60.197034][ T7] worker_thread+0x96/0xe10 [ 60.201547][ T7] ? process_one_work+0x1690/0x1690 [ 60.206749][ T7] kthread+0x3b5/0x4a0 [ 60.210815][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.216529][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.222248][ T7] ret_from_fork+0x1f/0x30 [ 60.226670][ T7] [ 60.228990][ T7] Allocated by task 6818: [ 60.233316][ T7] save_stack+0x1b/0x40 [ 60.237465][ T7] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 60.243089][ T7] kmem_cache_alloc_trace+0x153/0x7d0 [ 60.248460][ T7] afs_alloc_call+0x55/0x630 [ 60.253043][ T7] afs_charge_preallocation+0xe9/0x2d0 [ 60.258500][ T7] afs_open_socket+0x292/0x360 [ 60.263261][ T7] afs_net_init+0xa6c/0xe30 [ 60.267844][ T7] ops_init+0xaf/0x420 [ 60.271925][ T7] setup_net+0x2de/0x860 [ 60.276197][ T7] copy_net_ns+0x293/0x590 [ 60.280623][ T7] create_new_namespaces+0x3fb/0xb30 [ 60.285991][ T7] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 60.291616][ T7] ksys_unshare+0x43d/0x8e0 [ 60.296118][ T7] __x64_sys_unshare+0x2d/0x40 [ 60.300876][ T7] do_syscall_64+0x60/0xe0 [ 60.305288][ T7] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.311167][ T7] [ 60.313486][ T7] Freed by task 7: [ 60.317203][ T7] save_stack+0x1b/0x40 [ 60.321367][ T7] __kasan_slab_free+0xf7/0x140 [ 60.326210][ T7] kfree+0x109/0x2b0 [ 60.330098][ T7] afs_put_call+0x585/0xa40 [ 60.334596][ T7] rxrpc_discard_prealloc+0x764/0xab0 [ 60.339957][ T7] rxrpc_listen+0x147/0x360 [ 60.344451][ T7] afs_close_socket+0x95/0x320 [ 60.349205][ T7] afs_net_exit+0x1bc/0x310 [ 60.354050][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 60.359158][ T7] cleanup_net+0x511/0xa50 [ 60.363566][ T7] process_one_work+0x965/0x1690 [ 60.368505][ T7] worker_thread+0x96/0xe10 [ 60.373012][ T7] kthread+0x3b5/0x4a0 [ 60.377078][ T7] ret_from_fork+0x1f/0x30 [ 60.381508][ T7] [ 60.383830][ T7] The buggy address belongs to the object at ffff8880a0c90000 [ 60.383830][ T7] which belongs to the cache kmalloc-1k of size 1024 [ 60.397984][ T7] The buggy address is located 484 bytes inside of [ 60.397984][ T7] 1024-byte region [ffff8880a0c90000, ffff8880a0c90400) [ 60.411336][ T7] The buggy address belongs to the page: [ 60.416968][ T7] page:ffffea0002832400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 60.426065][ T7] flags: 0xfffe0000000200(slab) [ 60.430898][ T7] raw: 00fffe0000000200 ffffea00022d86c8 ffffea00024d4dc8 ffff8880aa000c40 [ 60.439471][ T7] raw: 0000000000000000 ffff8880a0c90000 0000000100000002 0000000000000000 [ 60.448038][ T7] page dumped because: kasan: bad access detected [ 60.454446][ T7] [ 60.456770][ T7] Memory state around the buggy address: [ 60.462393][ T7] ffff8880a0c90080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.470448][ T7] ffff8880a0c90100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.480160][ T7] >ffff8880a0c90180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.488208][ T7] ^ [ 60.495395][ T7] ffff8880a0c90200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.503447][ T7] ffff8880a0c90280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.511492][ T7] ================================================================== [ 60.519543][ T7] Disabling lock debugging due to kernel taint [ 60.525725][ T7] Kernel panic - not syncing: panic_on_warn set ... [ 60.532301][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Tainted: G B 5.7.0-syzkaller #0 [ 60.541481][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.551527][ T7] Workqueue: netns cleanup_net [ 60.556277][ T7] Call Trace: [ 60.559558][ T7] dump_stack+0x18f/0x20d [ 60.563877][ T7] ? afs_wake_up_async_call+0x5f0/0x770 [ 60.570019][ T7] ? afs_put_call+0xa40/0xa40 [ 60.574684][ T7] panic+0x2e3/0x75c [ 60.578571][ T7] ? __warn_printk+0xf3/0xf3 [ 60.583150][ T7] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 60.589296][ T7] ? trace_hardirqs_on+0x55/0x220 [ 60.594309][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.599840][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.605369][ T7] ? afs_put_call+0xa40/0xa40 [ 60.610037][ T7] end_report+0x4d/0x53 [ 60.614183][ T7] kasan_report.cold+0xd/0x37 [ 60.618848][ T7] ? rcu_read_lock_held+0x81/0xb0 [ 60.623855][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 60.629412][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 60.634771][ T7] ? afs_close_socket+0x320/0x320 [ 60.639783][ T7] ? afs_put_call+0xa40/0xa40 [ 60.644448][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 60.649549][ T7] ? afs_put_call+0xa40/0xa40 [ 60.654215][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 60.660617][ T7] rxrpc_call_completed+0xca/0xf0 [ 60.665632][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 60.671001][ T7] ? lock_sock_nested+0x94/0x110 [ 60.675930][ T7] rxrpc_listen+0x147/0x360 [ 60.680422][ T7] afs_close_socket+0x95/0x320 [ 60.685172][ T7] ? afs_purge_servers+0x16d/0x300 [ 60.690274][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 60.695721][ T7] ? init_wait_var_entry+0x200/0x200 [ 60.700996][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.706705][ T7] ? check_preemption_disabled+0x38/0x220 [ 60.712416][ T7] afs_net_exit+0x1bc/0x310 [ 60.716910][ T7] ? afs_net_init+0xe30/0xe30 [ 60.721572][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 60.726670][ T7] cleanup_net+0x511/0xa50 [ 60.731075][ T7] ? unregister_pernet_device+0x70/0x70 [ 60.736610][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.742581][ T7] process_one_work+0x965/0x1690 [ 60.747508][ T7] ? lock_release+0x800/0x800 [ 60.752172][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 60.757530][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 60.762459][ T7] worker_thread+0x96/0xe10 [ 60.766968][ T7] ? process_one_work+0x1690/0x1690 [ 60.772153][ T7] kthread+0x3b5/0x4a0 [ 60.776209][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.781919][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.787629][ T7] ret_from_fork+0x1f/0x30 [ 60.793305][ T7] Kernel Offset: disabled [ 60.797619][ T7] Rebooting in 86400 seconds..