Starting Permit User Sessions... Starting getty on tty2-tty6 if dbus and logind are not available... Starting System Logging Service... [ OK ] Started Daily Cleanup of Temporary Directories. [ OK ] Reached target Timers. Starting OpenBSD Secure Shell server... [ OK ] Started Permit User Sessions. [ OK ] Started System Logging Service. [ OK ] Started OpenBSD Secure Shell server. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ 55.198707][ T6739] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6739 [ 55.208255][ T6739] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 55.214128][ T6739] CPU: 1 PID: 6739 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 55.222347][ T6739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.232405][ T6739] Call Trace: [ 55.235699][ T6739] dump_stack+0x18f/0x20d [ 55.240017][ T6739] check_preemption_disabled+0x20d/0x220 [ 55.245628][ T6739] ext4_mb_new_blocks+0xa4d/0x3b70 [ 55.250765][ T6739] ? ext4_ext_search_right+0x2ca/0xb20 [ 55.256207][ T6739] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 55.261911][ T6739] ext4_ext_map_blocks+0x201b/0x33e0 [ 55.267195][ T6739] ? ext4_ext_release+0x10/0x10 [ 55.272033][ T6739] ? down_write_killable+0x170/0x170 [ 55.277293][ T6739] ? ext4_es_lookup_extent+0x41d/0xd10 [ 55.282729][ T6739] ext4_map_blocks+0x4cb/0x1640 [ 55.287575][ T6739] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 55.292748][ T6739] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 55.298293][ T6739] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 55.304265][ T6739] ? prandom_u32_state+0xe/0x170 [ 55.309195][ T6739] ? __brelse+0x84/0xa0 [ 55.313345][ T6739] ? __ext4_new_inode+0x144/0x55e0 [ 55.318453][ T6739] ext4_getblk+0xad/0x520 [ 55.323214][ T6739] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 55.328915][ T6739] ? ext4_free_inode+0x1700/0x1700 [ 55.334008][ T6739] ext4_bread+0x7c/0x380 [ 55.338228][ T6739] ? ext4_getblk+0x520/0x520 [ 55.342794][ T6739] ? dquot_get_next_dqblk+0x180/0x180 [ 55.348160][ T6739] ext4_append+0x153/0x360 [ 55.352558][ T6739] ext4_mkdir+0x5e0/0xdf0 [ 55.356875][ T6739] ? ext4_rmdir+0xde0/0xde0 [ 55.361358][ T6739] ? security_inode_permission+0xc4/0xf0 [ 55.366970][ T6739] vfs_mkdir+0x419/0x690 [ 55.371192][ T6739] do_mkdirat+0x21e/0x280 [ 55.375498][ T6739] ? __ia32_sys_mknod+0xb0/0xb0 [ 55.380330][ T6739] ? do_syscall_64+0x1c/0xe0 [ 55.384908][ T6739] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 55.390867][ T6739] do_syscall_64+0x60/0xe0 [ 55.395260][ T6739] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.401240][ T6739] RIP: 0033:0x7f2f97ae5687 [ 55.405642][ T6739] Code: Bad RIP value. [ 55.409705][ T6739] RSP: 002b:00007fff265bb1a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 55.418111][ T6739] RAX: ffffffffffffffda RBX: 00005636b7ea5985 RCX: 00007f2f97ae5687 [ 55.426078][ T6739] RDX: 00007fff265bb070 RSI: 00000000000001ed RDI: 00005636b7ea5985 [ 55.434048][ T6739] RBP: 00007f2f97ae5680 R08: 0000000000000100 R09: 0000000000000000 [ 55.442010][ T6739] R10: 00005636b7ea5980 R11: 0000000000000246 R12: 00000000000001ed [ 55.449966][ T6739] R13: 00007fff265bb330 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 57.586150][ T3536] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:5/3536 [ 57.595373][ T3536] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.601407][ T3536] CPU: 1 PID: 3536 Comm: kworker/u4:5 Not tainted 5.7.0-syzkaller #0 [ 57.609526][ T3536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.619580][ T3536] Workqueue: writeback wb_workfn (flush-8:0) [ 57.625547][ T3536] Call Trace: [ 57.628836][ T3536] dump_stack+0x18f/0x20d [ 57.633155][ T3536] check_preemption_disabled+0x20d/0x220 [ 57.638776][ T3536] ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.643890][ T3536] ? ext4_find_extent+0x81a/0xad0 [ 57.648913][ T3536] ? ext4_ext_search_right+0x2ca/0xb20 [ 57.654347][ T3536] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 57.660048][ T3536] ext4_ext_map_blocks+0x201b/0x33e0 [ 57.665315][ T3536] ? ext4_ext_release+0x10/0x10 [ 57.670155][ T3536] ? down_write_killable+0x170/0x170 [ 57.675415][ T3536] ? ext4_es_lookup_extent+0x41d/0xd10 [ 57.680857][ T3536] ext4_map_blocks+0x4cb/0x1640 [ 57.685791][ T3536] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 57.690971][ T3536] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.696493][ T3536] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.702467][ T3536] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 57.707913][ T3536] ext4_writepages+0x1a7b/0x33c0 [ 57.712854][ T3536] ? __ext4_mark_inode_dirty+0x940/0x940 [ 57.718464][ T3536] ? __lock_acquire+0x2224/0x48b0 [ 57.723474][ T3536] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.729433][ T3536] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.735405][ T3536] ? __ext4_mark_inode_dirty+0x940/0x940 [ 57.741011][ T3536] ? do_writepages+0xfa/0x2a0 [ 57.745681][ T3536] do_writepages+0xfa/0x2a0 [ 57.750220][ T3536] ? page_writeback_cpu_online+0x10/0x10 [ 57.755863][ T3536] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.761395][ T3536] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.767429][ T3536] ? lock_downgrade+0x840/0x840 [ 57.772274][ T3536] __writeback_single_inode+0x12a/0x13d0 [ 57.777910][ T3536] ? _raw_spin_unlock+0x24/0x40 [ 57.782753][ T3536] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 57.788757][ T3536] writeback_sb_inodes+0x515/0xdc0 [ 57.793854][ T3536] ? __writeback_single_inode+0x13d0/0x13d0 [ 57.799755][ T3536] __writeback_inodes_wb+0xc3/0x250 [ 57.804936][ T3536] wb_writeback+0x8db/0xd50 [ 57.809435][ T3536] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 57.815743][ T3536] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 57.821622][ T3536] ? cpumask_next+0x3c/0x40 [ 57.826104][ T3536] ? get_nr_dirty_inodes+0xd6/0x130 [ 57.831282][ T3536] wb_workfn+0xab3/0x1090 [ 57.836029][ T3536] ? inode_wait_for_writeback+0x30/0x30 [ 57.841578][ T3536] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.847102][ T3536] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.853073][ T3536] process_one_work+0x965/0x1690 [ 57.858001][ T3536] ? lock_release+0x800/0x800 [ 57.862670][ T3536] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.868037][ T3536] ? rwlock_bug.part.0+0x90/0x90 [ 57.872995][ T3536] worker_thread+0x96/0xe10 [ 57.877484][ T3536] ? process_one_work+0x1690/0x1690 [ 57.882658][ T3536] kthread+0x3b5/0x4a0 [ 57.886703][ T3536] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.892396][ T3536] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.898092][ T3536] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.10.47' (ECDSA) to the list of known hosts. 2020/06/14 09:28:43 fuzzer started 2020/06/14 09:28:44 connecting to host at 10.128.0.26:42797 2020/06/14 09:28:44 checking machine... 2020/06/14 09:28:44 checking revisions... 2020/06/14 09:28:44 testing simple program... [ 60.358619][ T6799] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6799 [ 60.367882][ T6799] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.373770][ T6799] CPU: 1 PID: 6799 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 60.381747][ T6799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.391803][ T6799] Call Trace: [ 60.395093][ T6799] dump_stack+0x18f/0x20d [ 60.399465][ T6799] check_preemption_disabled+0x20d/0x220 [ 60.405081][ T6799] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.410193][ T6799] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.415628][ T6799] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.421328][ T6799] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.426607][ T6799] ? ext4_ext_release+0x10/0x10 [ 60.431454][ T6799] ? down_write_killable+0x170/0x170 [ 60.436715][ T6799] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.442155][ T6799] ext4_map_blocks+0x4cb/0x1640 [ 60.447002][ T6799] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.452177][ T6799] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.457695][ T6799] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.463650][ T6799] ? prandom_u32_state+0xe/0x170 [ 60.468565][ T6799] ? __brelse+0x84/0xa0 [ 60.472707][ T6799] ? __ext4_new_inode+0x144/0x55e0 [ 60.477808][ T6799] ext4_getblk+0xad/0x520 [ 60.482126][ T6799] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.487824][ T6799] ? ext4_free_inode+0x1700/0x1700 [ 60.492911][ T6799] ext4_bread+0x7c/0x380 [ 60.497141][ T6799] ? ext4_getblk+0x520/0x520 [ 60.501705][ T6799] ? dquot_get_next_dqblk+0x180/0x180 [ 60.507056][ T6799] ext4_append+0x153/0x360 [ 60.511452][ T6799] ext4_mkdir+0x5e0/0xdf0 [ 60.515761][ T6799] ? ext4_rmdir+0xde0/0xde0 [ 60.520244][ T6799] ? security_inode_permission+0xc4/0xf0 [ 60.525859][ T6799] vfs_mkdir+0x419/0x690 [ 60.530079][ T6799] do_mkdirat+0x21e/0x280 [ 60.534387][ T6799] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.539212][ T6799] ? do_syscall_64+0x1c/0xe0 [ 60.543777][ T6799] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.549733][ T6799] do_syscall_64+0x60/0xe0 [ 60.554125][ T6799] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.559990][ T6799] RIP: 0033:0x4b02a0 [ 60.563853][ T6799] Code: Bad RIP value. [ 60.567891][ T6799] RSP: 002b:000000c0000c54b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 60.576277][ T6799] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 60.584224][ T6799] RDX: 00000000000001c0 RSI: 000000c0000dca40 RDI: ffffffffffffff9c [ 60.592171][ T6799] RBP: 000000c0000c5510 R08: 0000000000000000 R09: 0000000000000000 [ 60.600131][ T6799] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 60.608079][ T6799] R13: 0000000000000053 R14: 0000000000000052 R15: 0000000000000100 [ 60.660786][ T6812] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6812 [ 60.670465][ T6812] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.676462][ T6812] CPU: 0 PID: 6812 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.684703][ T6812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.694759][ T6812] Call Trace: [ 60.698056][ T6812] dump_stack+0x18f/0x20d [ 60.702451][ T6812] check_preemption_disabled+0x20d/0x220 [ 60.708065][ T6812] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.713163][ T6812] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.718598][ T6812] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.724298][ T6812] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.729566][ T6812] ? ext4_ext_release+0x10/0x10 [ 60.734401][ T6812] ? down_write_killable+0x170/0x170 [ 60.739663][ T6812] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.745107][ T6812] ext4_map_blocks+0x4cb/0x1640 [ 60.749949][ T6812] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.755125][ T6812] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.760643][ T6812] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.766615][ T6812] ? prandom_u32_state+0xe/0x170 [ 60.771542][ T6812] ? __brelse+0x84/0xa0 [ 60.775678][ T6812] ? __ext4_new_inode+0x144/0x55e0 [ 60.780782][ T6812] ext4_getblk+0xad/0x520 [ 60.785093][ T6812] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.790890][ T6812] ? ext4_free_inode+0x1700/0x1700 [ 60.795994][ T6812] ext4_bread+0x7c/0x380 [ 60.800244][ T6812] ? ext4_getblk+0x520/0x520 [ 60.804813][ T6812] ? dquot_get_next_dqblk+0x180/0x180 [ 60.810166][ T6812] ext4_append+0x153/0x360 [ 60.814561][ T6812] ext4_mkdir+0x5e0/0xdf0 [ 60.818879][ T6812] ? ext4_rmdir+0xde0/0xde0 [ 60.823360][ T6812] ? security_inode_permission+0xc4/0xf0 [ 60.828986][ T6812] vfs_mkdir+0x419/0x690 [ 60.833206][ T6812] do_mkdirat+0x21e/0x280 [ 60.837530][ T6812] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.842358][ T6812] ? do_syscall_64+0x1c/0xe0 [ 60.846926][ T6812] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.852883][ T6812] do_syscall_64+0x60/0xe0 [ 60.857282][ T6812] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.863169][ T6812] RIP: 0033:0x45bee7 [ 60.867035][ T6812] Code: Bad RIP value. [ 60.871073][ T6812] RSP: 002b:00007fff35414cf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 60.879474][ T6812] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 60.887434][ T6812] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007fff35414ed0 [ 60.895396][ T6812] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003340 [ 60.903341][ T6812] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 60.911287][ T6812] R13: 00007fff35414ed0 R14: 8421084210842109 R15: 00007fff35414edc [ 61.007058][ T6813] IPVS: ftp: loaded support on port[0] = 21 [ 61.046761][ T6813] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6813 [ 61.056384][ T6813] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.062271][ T6813] CPU: 0 PID: 6813 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 61.070488][ T6813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.080709][ T6813] Call Trace: [ 61.083998][ T6813] dump_stack+0x18f/0x20d [ 61.088314][ T6813] check_preemption_disabled+0x20d/0x220 [ 61.093929][ T6813] ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.099040][ T6813] ? ext4_ext_search_right+0x2ca/0xb20 [ 61.104491][ T6813] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 61.110200][ T6813] ext4_ext_map_blocks+0x201b/0x33e0 [ 61.115488][ T6813] ? ext4_ext_release+0x10/0x10 [ 61.120329][ T6813] ? down_write_killable+0x170/0x170 [ 61.125596][ T6813] ? ext4_es_lookup_extent+0x41d/0xd10 [ 61.131036][ T6813] ext4_map_blocks+0x4cb/0x1640 [ 61.135887][ T6813] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.141093][ T6813] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.146629][ T6813] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.152612][ T6813] ? prandom_u32_state+0xe/0x170 [ 61.157562][ T6813] ? __brelse+0x84/0xa0 [ 61.161704][ T6813] ? __ext4_new_inode+0x144/0x55e0 [ 61.166822][ T6813] ext4_getblk+0xad/0x520 [ 61.171160][ T6813] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 61.176908][ T6813] ? ext4_free_inode+0x1700/0x1700 [ 61.182022][ T6813] ext4_bread+0x7c/0x380 [ 61.186278][ T6813] ? ext4_getblk+0x520/0x520 [ 61.190889][ T6813] ? dquot_get_next_dqblk+0x180/0x180 [ 61.196264][ T6813] ext4_append+0x153/0x360 [ 61.200756][ T6813] ext4_mkdir+0x5e0/0xdf0 [ 61.205077][ T6813] ? ext4_rmdir+0xde0/0xde0 [ 61.209564][ T6813] ? security_inode_permission+0xc4/0xf0 [ 61.215200][ T6813] vfs_mkdir+0x419/0x690 [ 61.219515][ T6813] do_mkdirat+0x21e/0x280 [ 61.223847][ T6813] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.228688][ T6813] ? do_syscall_64+0x1c/0xe0 [ 61.233275][ T6813] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.239242][ T6813] do_syscall_64+0x60/0xe0 [ 61.244694][ T6813] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.250576][ T6813] RIP: 0033:0x45bee7 [ 61.254486][ T6813] Code: Bad RIP value. [ 61.258645][ T6813] RSP: 002b:00007fff35414be8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 61.267034][ T6813] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 61.274986][ T6813] RDX: 00007fff35414c33 RSI: 00000000000001ff RDI: 00007fff35414c30 [ 61.282951][ T6813] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 61.290918][ T6813] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185d0 [ 61.298882][ T6813] R13: 00007fff35414c20 R14: 0000000000000000 R15: 00007fff35414c30 [ 61.350811][ T6813] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6813 [ 61.360545][ T6813] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.366563][ T6813] CPU: 1 PID: 6813 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 61.374809][ T6813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.384873][ T6813] Call Trace: [ 61.388191][ T6813] dump_stack+0x18f/0x20d [ 61.392548][ T6813] check_preemption_disabled+0x20d/0x220 [ 61.398203][ T6813] ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.403346][ T6813] ? ext4_ext_search_right+0x2ca/0xb20 [ 61.408910][ T6813] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 61.414653][ T6813] ext4_ext_map_blocks+0x201b/0x33e0 [ 61.420412][ T6813] ? ext4_ext_release+0x10/0x10 [ 61.425282][ T6813] ? down_write_killable+0x170/0x170 [ 61.430573][ T6813] ? ext4_es_lookup_extent+0x41d/0xd10 [ 61.436027][ T6813] ext4_map_blocks+0x4cb/0x1640 [ 61.440984][ T6813] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.446250][ T6813] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.451781][ T6813] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.457748][ T6813] ? prandom_u32_state+0xe/0x170 [ 61.462770][ T6813] ? __brelse+0x84/0xa0 [ 61.466911][ T6813] ? __ext4_new_inode+0x144/0x55e0 [ 61.472011][ T6813] ext4_getblk+0xad/0x520 [ 61.476456][ T6813] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 61.482236][ T6813] ? ext4_free_inode+0x1700/0x1700 [ 61.487379][ T6813] ext4_bread+0x7c/0x380 [ 61.491610][ T6813] ? ext4_getblk+0x520/0x520 [ 61.496190][ T6813] ? dquot_get_next_dqblk+0x180/0x180 [ 61.501555][ T6813] ext4_append+0x153/0x360 [ 61.505964][ T6813] ext4_mkdir+0x5e0/0xdf0 [ 61.510336][ T6813] ? ext4_rmdir+0xde0/0xde0 [ 61.515078][ T6813] ? security_inode_permission+0xc4/0xf0 [ 61.520974][ T6813] vfs_mkdir+0x419/0x690 [ 61.525282][ T6813] do_mkdirat+0x21e/0x280 [ 61.529768][ T6813] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.534627][ T6813] ? do_syscall_64+0x1c/0xe0 [ 61.539426][ T6813] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.545398][ T6813] do_syscall_64+0x60/0xe0 [ 61.549931][ T6813] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.555818][ T6813] RIP: 0033:0x45bee7 [ 61.559722][ T6813] Code: Bad RIP value. [ 61.563797][ T6813] RSP: 002b:00007fff35414be8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 61.572203][ T6813] RAX: ffffffffffffffda RBX: 000000000000efa5 RCX: 000000000045bee7 [ 61.580172][ T6813] RDX: 00007fff35414c33 RSI: 00000000000001ff RDI: 00007fff35414c30 [ 61.588134][ T6813] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/14 09:28:45 building call list... [ 61.596625][ T6813] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 61.604645][ T6813] R13: 00007fff35414c20 R14: 000000000000ef9f R15: 00007fff35414c30 [ 61.894681][ T3536] tipc: TX() has been purged, node left! [ 62.437341][ T3536] ================================================================== [ 62.445588][ T3536] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 62.453485][ T3536] Write of size 1 at addr ffff8880941da9e4 by task kworker/u4:5/3536 [ 62.463499][ T3536] [ 62.466028][ T3536] CPU: 1 PID: 3536 Comm: kworker/u4:5 Not tainted 5.7.0-syzkaller #0 [ 62.474092][ T3536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.484163][ T3536] Workqueue: netns cleanup_net [ 62.488941][ T3536] Call Trace: [ 62.492250][ T3536] dump_stack+0x18f/0x20d [ 62.496594][ T3536] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.502159][ T3536] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.507708][ T3536] ? afs_put_call+0xa40/0xa40 [ 62.512481][ T3536] print_address_description.constprop.0.cold+0xd3/0x413 [ 62.519522][ T3536] ? vprintk_func+0x97/0x1a6 [ 62.524125][ T3536] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.529682][ T3536] kasan_report.cold+0x1f/0x37 [ 62.534458][ T3536] ? rcu_read_lock_held+0x81/0xb0 [ 62.539493][ T3536] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.545177][ T3536] afs_wake_up_async_call+0x6aa/0x770 [ 62.550816][ T3536] ? afs_close_socket+0x320/0x320 [ 62.555849][ T3536] ? afs_put_call+0xa40/0xa40 [ 62.560572][ T3536] rxrpc_notify_socket+0x1db/0x5d0 [ 62.565830][ T3536] ? afs_put_call+0xa40/0xa40 [ 62.570571][ T3536] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 62.576995][ T3536] rxrpc_call_completed+0xca/0xf0 [ 62.582037][ T3536] rxrpc_discard_prealloc+0x781/0xab0 [ 62.587455][ T3536] ? lock_sock_nested+0x94/0x110 [ 62.592415][ T3536] rxrpc_listen+0x147/0x360 [ 62.596952][ T3536] afs_close_socket+0x95/0x320 [ 62.601844][ T3536] ? afs_purge_servers+0x16d/0x300 [ 62.606960][ T3536] ? afs_rx_discard_new_call+0x50/0x50 [ 62.612749][ T3536] ? init_wait_var_entry+0x200/0x200 [ 62.618074][ T3536] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.623745][ T3536] ? check_preemption_disabled+0x38/0x220 [ 62.629510][ T3536] afs_net_exit+0x1bc/0x310 [ 62.634074][ T3536] ? afs_net_init+0xe30/0xe30 [ 62.638857][ T3536] ops_exit_list.isra.0+0xa8/0x150 [ 62.643985][ T3536] cleanup_net+0x511/0xa50 [ 62.648412][ T3536] ? unregister_pernet_device+0x70/0x70 [ 62.653973][ T3536] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.660097][ T3536] process_one_work+0x965/0x1690 [ 62.665084][ T3536] ? lock_release+0x800/0x800 [ 62.669777][ T3536] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.675172][ T3536] ? rwlock_bug.part.0+0x90/0x90 [ 62.680133][ T3536] worker_thread+0x96/0xe10 [ 62.684689][ T3536] ? process_one_work+0x1690/0x1690 [ 62.690037][ T3536] kthread+0x3b5/0x4a0 [ 62.694113][ T3536] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.699842][ T3536] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.705576][ T3536] ret_from_fork+0x1f/0x30 [ 62.710023][ T3536] [ 62.712357][ T3536] Allocated by task 6813: [ 62.716718][ T3536] save_stack+0x1b/0x40 [ 62.720995][ T3536] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 62.726638][ T3536] kmem_cache_alloc_trace+0x153/0x7d0 [ 62.732013][ T3536] afs_alloc_call+0x55/0x630 [ 62.736607][ T3536] afs_charge_preallocation+0xe9/0x2d0 [ 62.742070][ T3536] afs_open_socket+0x292/0x360 [ 62.746843][ T3536] afs_net_init+0xa6c/0xe30 [ 62.751438][ T3536] ops_init+0xaf/0x420 [ 62.755732][ T3536] setup_net+0x2de/0x860 [ 62.759994][ T3536] copy_net_ns+0x293/0x590 [ 62.764421][ T3536] create_new_namespaces+0x3fb/0xb30 [ 62.769713][ T3536] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 62.775353][ T3536] ksys_unshare+0x43d/0x8e0 [ 62.779983][ T3536] __x64_sys_unshare+0x2d/0x40 [ 62.784757][ T3536] do_syscall_64+0x60/0xe0 [ 62.789214][ T3536] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.795195][ T3536] [ 62.797529][ T3536] Freed by task 3536: [ 62.801520][ T3536] save_stack+0x1b/0x40 [ 62.805769][ T3536] __kasan_slab_free+0xf7/0x140 [ 62.810793][ T3536] kfree+0x109/0x2b0 [ 62.814696][ T3536] afs_put_call+0x585/0xa40 [ 62.819212][ T3536] rxrpc_discard_prealloc+0x764/0xab0 [ 62.824597][ T3536] rxrpc_listen+0x147/0x360 [ 62.829111][ T3536] afs_close_socket+0x95/0x320 [ 62.833882][ T3536] afs_net_exit+0x1bc/0x310 [ 62.838394][ T3536] ops_exit_list.isra.0+0xa8/0x150 [ 62.843506][ T3536] cleanup_net+0x511/0xa50 [ 62.848059][ T3536] process_one_work+0x965/0x1690 [ 62.853435][ T3536] worker_thread+0x96/0xe10 [ 62.857946][ T3536] kthread+0x3b5/0x4a0 [ 62.862018][ T3536] ret_from_fork+0x1f/0x30 [ 62.866429][ T3536] [ 62.868760][ T3536] The buggy address belongs to the object at ffff8880941da800 [ 62.868760][ T3536] which belongs to the cache kmalloc-1k of size 1024 [ 62.882833][ T3536] The buggy address is located 484 bytes inside of [ 62.882833][ T3536] 1024-byte region [ffff8880941da800, ffff8880941dac00) [ 62.896369][ T3536] The buggy address belongs to the page: [ 62.902008][ T3536] page:ffffea0002507680 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 62.911142][ T3536] flags: 0xfffe0000000200(slab) [ 62.916227][ T3536] raw: 00fffe0000000200 ffffea00027a5e88 ffffea0002a13848 ffff8880aa000c40 [ 62.924827][ T3536] raw: 0000000000000000 ffff8880941da000 0000000100000002 0000000000000000 [ 62.933406][ T3536] page dumped because: kasan: bad access detected [ 62.939819][ T3536] [ 62.942306][ T3536] Memory state around the buggy address: [ 62.947942][ T3536] ffff8880941da880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.956009][ T3536] ffff8880941da900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.964075][ T3536] >ffff8880941da980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.972271][ T3536] ^ [ 62.979474][ T3536] ffff8880941daa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.987540][ T3536] ffff8880941daa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.995882][ T3536] ================================================================== [ 63.004285][ T3536] Disabling lock debugging due to kernel taint [ 63.010743][ T3536] Kernel panic - not syncing: panic_on_warn set ... [ 63.017516][ T3536] CPU: 1 PID: 3536 Comm: kworker/u4:5 Tainted: G B 5.7.0-syzkaller #0 [ 63.027230][ T3536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.037388][ T3536] Workqueue: netns cleanup_net [ 63.042147][ T3536] Call Trace: [ 63.045840][ T3536] dump_stack+0x18f/0x20d [ 63.050372][ T3536] ? afs_wake_up_async_call+0x5f0/0x770 [ 63.055923][ T3536] ? afs_put_call+0xa40/0xa40 [ 63.060741][ T3536] panic+0x2e3/0x75c [ 63.064903][ T3536] ? __warn_printk+0xf3/0xf3 [ 63.069512][ T3536] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 63.076109][ T3536] ? trace_hardirqs_on+0x55/0x220 [ 63.081267][ T3536] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.086870][ T3536] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.092660][ T3536] ? afs_put_call+0xa40/0xa40 [ 63.097446][ T3536] end_report+0x4d/0x53 [ 63.102026][ T3536] kasan_report.cold+0xd/0x37 [ 63.107047][ T3536] ? rcu_read_lock_held+0x81/0xb0 [ 63.112198][ T3536] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.118359][ T3536] afs_wake_up_async_call+0x6aa/0x770 [ 63.124087][ T3536] ? afs_close_socket+0x320/0x320 [ 63.129120][ T3536] ? afs_put_call+0xa40/0xa40 [ 63.136148][ T3536] rxrpc_notify_socket+0x1db/0x5d0 [ 63.141384][ T3536] ? afs_put_call+0xa40/0xa40 [ 63.146318][ T3536] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 63.153162][ T3536] rxrpc_call_completed+0xca/0xf0 [ 63.158587][ T3536] rxrpc_discard_prealloc+0x781/0xab0 [ 63.164200][ T3536] ? lock_sock_nested+0x94/0x110 [ 63.169486][ T3536] rxrpc_listen+0x147/0x360 [ 63.174171][ T3536] afs_close_socket+0x95/0x320 [ 63.179083][ T3536] ? afs_purge_servers+0x16d/0x300 [ 63.184332][ T3536] ? afs_rx_discard_new_call+0x50/0x50 [ 63.190602][ T3536] ? init_wait_var_entry+0x200/0x200 [ 63.196387][ T3536] ? rcu_read_lock_held_common+0xa0/0xa0 [ 63.202138][ T3536] ? check_preemption_disabled+0x38/0x220 [ 63.208000][ T3536] afs_net_exit+0x1bc/0x310 [ 63.212768][ T3536] ? afs_net_init+0xe30/0xe30 [ 63.217956][ T3536] ops_exit_list.isra.0+0xa8/0x150 [ 63.223167][ T3536] cleanup_net+0x511/0xa50 [ 63.227594][ T3536] ? unregister_pernet_device+0x70/0x70 [ 63.233155][ T3536] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.239238][ T3536] process_one_work+0x965/0x1690 [ 63.244371][ T3536] ? lock_release+0x800/0x800 [ 63.249240][ T3536] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.254810][ T3536] ? rwlock_bug.part.0+0x90/0x90 [ 63.260260][ T3536] worker_thread+0x96/0xe10 [ 63.264789][ T3536] ? process_one_work+0x1690/0x1690 [ 63.270217][ T3536] kthread+0x3b5/0x4a0 [ 63.274334][ T3536] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.280065][ T3536] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.285920][ T3536] ret_from_fork+0x1f/0x30 [ 63.292106][ T3536] Kernel Offset: disabled [ 63.296823][ T3536] Rebooting in 86400 seconds..