[ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ 54.388333][ T6728] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6728 [ 54.397821][ T6728] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 54.404104][ T6728] CPU: 1 PID: 6728 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 54.412332][ T6728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.422375][ T6728] Call Trace: [ 54.425650][ T6728] dump_stack+0x188/0x20d [ 54.429958][ T6728] debug_smp_processor_id.cold+0x88/0x9b [ 54.435654][ T6728] ext4_mb_new_blocks+0xa77/0x3b30 [ 54.440749][ T6728] ? ext4_ext_search_right+0x2ca/0xb20 [ 54.446181][ T6728] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 54.451881][ T6728] ext4_ext_map_blocks+0x2044/0x3410 [ 54.457234][ T6728] ? ext4_ext_release+0x10/0x10 [ 54.462072][ T6728] ? __down_timeout+0x2d0/0x2d0 [ 54.467070][ T6728] ? ext4_es_lookup_extent+0x41d/0xd30 [ 54.472520][ T6728] ext4_map_blocks+0x4cb/0x1640 [ 54.477359][ T6728] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 54.482532][ T6728] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 54.488063][ T6728] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 54.494029][ T6728] ? prandom_u32_state+0xe/0x170 [ 54.498943][ T6728] ? __brelse+0x84/0xa0 [ 54.503086][ T6728] ? __ext4_new_inode+0x144/0x57c0 [ 54.508175][ T6728] ext4_getblk+0xad/0x520 [ 54.512532][ T6728] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 54.518241][ T6728] ? ext4_free_inode+0x17e0/0x17e0 [ 54.523354][ T6728] ext4_bread+0x7c/0x380 [ 54.527581][ T6728] ? ext4_getblk+0x520/0x520 [ 54.532168][ T6728] ? dqget+0xff0/0xff0 [ 54.536227][ T6728] ext4_append+0x153/0x360 [ 54.540626][ T6728] ext4_mkdir+0x5e0/0xdf0 [ 54.544933][ T6728] ? ext4_rmdir+0xde0/0xde0 [ 54.549414][ T6728] ? security_inode_permission+0xc4/0xf0 [ 54.555048][ T6728] vfs_mkdir+0x419/0x690 [ 54.559284][ T6728] do_mkdirat+0x21e/0x280 [ 54.563604][ T6728] ? __ia32_sys_mknod+0xb0/0xb0 [ 54.568690][ T6728] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 54.574659][ T6728] ? do_syscall_64+0x21/0x7d0 [ 54.579314][ T6728] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 54.585281][ T6728] do_syscall_64+0xf6/0x7d0 [ 54.589763][ T6728] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 54.595651][ T6728] RIP: 0033:0x7fa665c18687 [ 54.600044][ T6728] Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48 [ 54.619623][ T6728] RSP: 002b:00007fff8e0ed4b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 54.628022][ T6728] RAX: ffffffffffffffda RBX: 000056166f1e9985 RCX: 00007fa665c18687 [ 54.635980][ T6728] RDX: 00007fff8e0ed380 RSI: 00000000000001ed RDI: 000056166f1e9985 [ 54.644171][ T6728] RBP: 00007fa665c18680 R08: 0000000000000100 R09: 0000000000000000 [ 54.644180][ T6728] R10: 000056166f1e9980 R11: 0000000000000246 R12: 00000000000001ed [ 54.644189][ T6728] R13: 00007fff8e0ed640 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 57.529382][ T7] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:0/7 [ 57.538336][ T7] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 57.544521][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.7.0-syzkaller #0 [ 57.552316][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.562361][ T7] Workqueue: writeback wb_workfn (flush-8:0) [ 57.568314][ T7] Call Trace: [ 57.571601][ T7] dump_stack+0x188/0x20d [ 57.575918][ T7] debug_smp_processor_id.cold+0x88/0x9b [ 57.581524][ T7] ext4_mb_new_blocks+0xa77/0x3b30 [ 57.586633][ T7] ? __kmalloc+0x62f/0x7a0 [ 57.591044][ T7] ? ext4_ext_search_right+0x2ca/0xb20 [ 57.596479][ T7] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 57.602189][ T7] ext4_ext_map_blocks+0x2044/0x3410 [ 57.607464][ T7] ? ext4_ext_release+0x10/0x10 [ 57.612306][ T7] ? __down_timeout+0x2d0/0x2d0 [ 57.617141][ T7] ? ext4_es_lookup_extent+0x41d/0xd30 [ 57.622596][ T7] ? debug_smp_processor_id+0x2f/0x185 [ 57.628032][ T7] ext4_map_blocks+0x4cb/0x1640 [ 57.632872][ T7] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 57.638041][ T7] ? debug_smp_processor_id+0x2f/0x185 [ 57.643484][ T7] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.649005][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.654959][ T7] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 57.660398][ T7] ext4_writepages+0x1ab7/0x3400 [ 57.665323][ T7] ? __ext4_mark_inode_dirty+0x950/0x950 [ 57.670970][ T7] ? __lock_acquire+0x2224/0x48a0 [ 57.676170][ T7] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.682755][ T7] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.688738][ T7] ? __ext4_mark_inode_dirty+0x950/0x950 [ 57.694356][ T7] ? do_writepages+0xfa/0x2a0 [ 57.699025][ T7] do_writepages+0xfa/0x2a0 [ 57.703510][ T7] ? page_writeback_cpu_online+0x10/0x10 [ 57.709117][ T7] ? debug_smp_processor_id+0x2f/0x185 [ 57.714555][ T7] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.720076][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.726031][ T7] ? lock_downgrade+0x840/0x840 [ 57.730861][ T7] __writeback_single_inode+0x12a/0x1410 [ 57.736469][ T7] ? _raw_spin_unlock+0x24/0x40 [ 57.741296][ T7] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 57.747262][ T7] writeback_sb_inodes+0x515/0xdd0 [ 57.752362][ T7] ? __writeback_single_inode+0x1410/0x1410 [ 57.758245][ T7] __writeback_inodes_wb+0xc3/0x250 [ 57.763424][ T7] wb_writeback+0x910/0xd90 [ 57.767905][ T7] ? print_usage_bug+0x240/0x240 [ 57.772837][ T7] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 57.779147][ T7] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 57.785025][ T7] ? cpumask_next+0x3c/0x40 [ 57.789515][ T7] ? get_nr_dirty_inodes+0xd6/0x130 [ 57.794695][ T7] wb_workfn+0xadf/0x10d0 [ 57.799044][ T7] ? inode_wait_for_writeback+0x30/0x30 [ 57.804562][ T7] ? debug_smp_processor_id+0x2f/0x185 [ 57.810043][ T7] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.815565][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.821525][ T7] process_one_work+0x965/0x16a0 [ 57.826474][ T7] ? lock_release+0x800/0x800 [ 57.831131][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.836488][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 57.841417][ T7] worker_thread+0x96/0xe10 [ 57.845901][ T7] ? process_one_work+0x16a0/0x16a0 [ 57.851076][ T7] kthread+0x388/0x470 [ 57.855120][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.860813][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.866514][ T7] ret_from_fork+0x24/0x30 Warning: Permanently added '10.128.0.82' (ECDSA) to the list of known hosts. 2020/06/11 05:11:08 fuzzer started 2020/06/11 05:11:08 connecting to host at 10.128.0.26:33525 2020/06/11 05:11:08 checking machine... 2020/06/11 05:11:08 checking revisions... 2020/06/11 05:11:08 testing simple program... [ 59.867105][ T6805] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6805 [ 59.876221][ T6805] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 59.882395][ T6805] CPU: 1 PID: 6805 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 59.890279][ T6805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.900326][ T6805] Call Trace: [ 59.903613][ T6805] dump_stack+0x188/0x20d [ 59.907930][ T6805] debug_smp_processor_id.cold+0x88/0x9b [ 59.913539][ T6805] ext4_mb_new_blocks+0xa77/0x3b30 [ 59.918638][ T6805] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.924090][ T6805] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.929802][ T6805] ext4_ext_map_blocks+0x2044/0x3410 [ 59.935065][ T6805] ? ext4_ext_release+0x10/0x10 [ 59.939901][ T6805] ? __down_timeout+0x2d0/0x2d0 [ 59.944728][ T6805] ? ext4_es_lookup_extent+0x41d/0xd30 [ 59.950165][ T6805] ext4_map_blocks+0x4cb/0x1640 [ 59.954994][ T6805] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.960169][ T6805] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.965706][ T6805] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.971675][ T6805] ? prandom_u32_state+0xe/0x170 [ 59.976589][ T6805] ? __brelse+0x84/0xa0 [ 59.980719][ T6805] ? __ext4_new_inode+0x144/0x57c0 [ 59.985817][ T6805] ext4_getblk+0xad/0x520 [ 59.990140][ T6805] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.995856][ T6805] ? ext4_free_inode+0x17e0/0x17e0 [ 60.001007][ T6805] ext4_bread+0x7c/0x380 [ 60.005254][ T6805] ? ext4_getblk+0x520/0x520 [ 60.009822][ T6805] ? dqget+0xff0/0xff0 [ 60.013871][ T6805] ext4_append+0x153/0x360 [ 60.018266][ T6805] ext4_mkdir+0x5e0/0xdf0 [ 60.022580][ T6805] ? ext4_rmdir+0xde0/0xde0 [ 60.027064][ T6805] ? security_inode_permission+0xc4/0xf0 [ 60.032708][ T6805] vfs_mkdir+0x419/0x690 [ 60.036929][ T6805] do_mkdirat+0x21e/0x280 [ 60.041247][ T6805] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.046073][ T6805] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.052074][ T6805] ? do_syscall_64+0x21/0x7d0 [ 60.056750][ T6805] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.062735][ T6805] do_syscall_64+0xf6/0x7d0 [ 60.067228][ T6805] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.073099][ T6805] RIP: 0033:0x4b02a0 [ 60.076971][ T6805] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 60.096546][ T6805] RSP: 002b:000000c0000cd4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 60.104932][ T6805] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 60.112888][ T6805] RDX: 00000000000001c0 RSI: 000000c0000e0d00 RDI: ffffffffffffff9c [ 60.120834][ T6805] RBP: 000000c0000cd510 R08: 0000000000000000 R09: 0000000000000000 [ 60.128782][ T6805] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 60.136728][ T6805] R13: 0000000000000069 R14: 0000000000000068 R15: 0000000000000100 [ 60.164535][ T6820] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6820 [ 60.174059][ T6820] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 60.180040][ T6820] CPU: 1 PID: 6820 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.189584][ T6820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.199634][ T6820] Call Trace: [ 60.202920][ T6820] dump_stack+0x188/0x20d [ 60.207246][ T6820] debug_smp_processor_id.cold+0x88/0x9b [ 60.212876][ T6820] ext4_mb_new_blocks+0xa77/0x3b30 [ 60.218023][ T6820] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.223473][ T6820] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.229274][ T6820] ext4_ext_map_blocks+0x2044/0x3410 [ 60.234544][ T6820] ? ext4_ext_release+0x10/0x10 [ 60.239384][ T6820] ? __down_timeout+0x2d0/0x2d0 [ 60.244235][ T6820] ? ext4_es_lookup_extent+0x41d/0xd30 [ 60.249678][ T6820] ext4_map_blocks+0x4cb/0x1640 [ 60.254509][ T6820] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.259686][ T6820] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.265222][ T6820] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.271190][ T6820] ? prandom_u32_state+0xe/0x170 [ 60.276115][ T6820] ? __brelse+0x84/0xa0 [ 60.280249][ T6820] ? __ext4_new_inode+0x144/0x57c0 [ 60.285343][ T6820] ext4_getblk+0xad/0x520 [ 60.289669][ T6820] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.295376][ T6820] ? ext4_free_inode+0x17e0/0x17e0 [ 60.300489][ T6820] ext4_bread+0x7c/0x380 [ 60.304708][ T6820] ? ext4_getblk+0x520/0x520 [ 60.309275][ T6820] ? dqget+0xff0/0xff0 [ 60.313322][ T6820] ext4_append+0x153/0x360 [ 60.317718][ T6820] ext4_mkdir+0x5e0/0xdf0 [ 60.322028][ T6820] ? ext4_rmdir+0xde0/0xde0 [ 60.326528][ T6820] ? security_inode_permission+0xc4/0xf0 [ 60.332142][ T6820] vfs_mkdir+0x419/0x690 [ 60.336365][ T6820] do_mkdirat+0x21e/0x280 [ 60.340686][ T6820] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.345528][ T6820] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.351501][ T6820] ? do_syscall_64+0x21/0x7d0 [ 60.356163][ T6820] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.362142][ T6820] do_syscall_64+0xf6/0x7d0 [ 60.366648][ T6820] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.372612][ T6820] RIP: 0033:0x45bee7 [ 60.376505][ T6820] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.396092][ T6820] RSP: 002b:00007ffc769fe368 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 60.404491][ T6820] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 60.412453][ T6820] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffc769fe540 [ 60.420406][ T6820] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003080 [ 60.428351][ T6820] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 60.436300][ T6820] R13: 00007ffc769fe540 R14: 8421084210842109 R15: 00007ffc769fe54c [ 60.527421][ T6821] IPVS: ftp: loaded support on port[0] = 21 [ 60.565071][ T6821] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6821 [ 60.574742][ T6821] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 60.580690][ T6821] CPU: 0 PID: 6821 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.588928][ T6821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.599007][ T6821] Call Trace: [ 60.602278][ T6821] dump_stack+0x188/0x20d [ 60.606632][ T6821] debug_smp_processor_id.cold+0x88/0x9b [ 60.612245][ T6821] ext4_mb_new_blocks+0xa77/0x3b30 [ 60.617339][ T6821] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.622809][ T6821] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.628533][ T6821] ext4_ext_map_blocks+0x2044/0x3410 [ 60.633810][ T6821] ? ext4_ext_release+0x10/0x10 [ 60.638646][ T6821] ? __down_timeout+0x2d0/0x2d0 [ 60.643470][ T6821] ? ext4_es_lookup_extent+0x41d/0xd30 [ 60.648926][ T6821] ext4_map_blocks+0x4cb/0x1640 [ 60.653773][ T6821] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.658976][ T6821] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.664494][ T6821] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.670465][ T6821] ? prandom_u32_state+0xe/0x170 [ 60.675379][ T6821] ? __brelse+0x84/0xa0 [ 60.679513][ T6821] ? __ext4_new_inode+0x144/0x57c0 [ 60.684705][ T6821] ext4_getblk+0xad/0x520 [ 60.689029][ T6821] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.694740][ T6821] ? ext4_free_inode+0x17e0/0x17e0 [ 60.699846][ T6821] ext4_bread+0x7c/0x380 [ 60.704074][ T6821] ? ext4_getblk+0x520/0x520 [ 60.708662][ T6821] ? dqget+0xff0/0xff0 [ 60.712712][ T6821] ext4_append+0x153/0x360 [ 60.717121][ T6821] ext4_mkdir+0x5e0/0xdf0 [ 60.721444][ T6821] ? ext4_rmdir+0xde0/0xde0 [ 60.725941][ T6821] ? security_inode_permission+0xc4/0xf0 [ 60.731588][ T6821] vfs_mkdir+0x419/0x690 [ 60.735812][ T6821] do_mkdirat+0x21e/0x280 [ 60.740238][ T6821] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.745066][ T6821] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.751374][ T6821] ? do_syscall_64+0x21/0x7d0 [ 60.756031][ T6821] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.761990][ T6821] do_syscall_64+0xf6/0x7d0 [ 60.766495][ T6821] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.772374][ T6821] RIP: 0033:0x45bee7 [ 60.776248][ T6821] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.797062][ T6821] RSP: 002b:00007ffc769fe258 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 60.805472][ T6821] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 60.813454][ T6821] RDX: 00007ffc769fe2a3 RSI: 00000000000001ff RDI: 00007ffc769fe2a0 [ 60.821412][ T6821] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 60.829383][ T6821] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 60.837367][ T6821] R13: 00007ffc769fe290 R14: 0000000000000000 R15: 00007ffc769fe2a0 [ 60.885826][ T6821] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6821 [ 60.895503][ T6821] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 60.901504][ T6821] CPU: 1 PID: 6821 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.909825][ T6821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.920053][ T6821] Call Trace: [ 60.923351][ T6821] dump_stack+0x188/0x20d [ 60.927694][ T6821] debug_smp_processor_id.cold+0x88/0x9b [ 60.933455][ T6821] ext4_mb_new_blocks+0xa77/0x3b30 [ 60.938586][ T6821] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.944054][ T6821] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.949795][ T6821] ext4_ext_map_blocks+0x2044/0x3410 [ 60.955097][ T6821] ? ext4_ext_release+0x10/0x10 [ 60.959950][ T6821] ? __down_timeout+0x2d0/0x2d0 [ 60.964785][ T6821] ? ext4_es_lookup_extent+0x41d/0xd30 [ 60.970239][ T6821] ext4_map_blocks+0x4cb/0x1640 [ 60.975128][ T6821] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.980325][ T6821] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.985862][ T6821] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.991821][ T6821] ? prandom_u32_state+0xe/0x170 [ 60.996760][ T6821] ? __brelse+0x84/0xa0 [ 61.000892][ T6821] ? __ext4_new_inode+0x144/0x57c0 [ 61.005991][ T6821] ext4_getblk+0xad/0x520 [ 61.010303][ T6821] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 61.016002][ T6821] ? ext4_free_inode+0x17e0/0x17e0 [ 61.021111][ T6821] ext4_bread+0x7c/0x380 [ 61.025356][ T6821] ? ext4_getblk+0x520/0x520 [ 61.029939][ T6821] ? dqget+0xff0/0xff0 [ 61.033988][ T6821] ext4_append+0x153/0x360 [ 61.038385][ T6821] ext4_mkdir+0x5e0/0xdf0 [ 61.042731][ T6821] ? ext4_rmdir+0xde0/0xde0 [ 61.047214][ T6821] ? security_inode_permission+0xc4/0xf0 [ 61.052828][ T6821] vfs_mkdir+0x419/0x690 [ 61.057053][ T6821] do_mkdirat+0x21e/0x280 [ 61.061360][ T6821] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.066203][ T6821] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.072603][ T6821] ? do_syscall_64+0x21/0x7d0 [ 61.077275][ T6821] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.083251][ T6821] do_syscall_64+0xf6/0x7d0 [ 61.087736][ T6821] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 61.093606][ T6821] RIP: 0033:0x45bee7 [ 61.097496][ T6821] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.117251][ T6821] RSP: 002b:00007ffc769fe258 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 61.125686][ T6821] RAX: ffffffffffffffda RBX: 000000000000edd1 RCX: 000000000045bee7 2020/06/11 05:11:10 building call list... [ 61.133636][ T6821] RDX: 00007ffc769fe2a3 RSI: 00000000000001ff RDI: 00007ffc769fe2a0 [ 61.141583][ T6821] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 61.149546][ T6821] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 61.157494][ T6821] R13: 00007ffc769fe290 R14: 000000000000edcc R15: 00007ffc769fe2a0 [ 61.417937][ T7] tipc: TX() has been purged, node left! [ 61.950618][ T7] ================================================================== [ 61.958886][ T7] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x7a7/0x880 [ 61.966772][ T7] Write of size 1 at addr ffff8880a02601e4 by task kworker/u4:0/7 [ 61.974564][ T7] [ 61.976892][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.7.0-syzkaller #0 [ 61.984682][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.994758][ T7] Workqueue: netns cleanup_net [ 61.999521][ T7] Call Trace: [ 62.002813][ T7] dump_stack+0x188/0x20d [ 62.007147][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.012689][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.018240][ T7] ? afs_put_call+0xa70/0xa70 [ 62.022915][ T7] print_address_description.constprop.0.cold+0xd3/0x413 [ 62.030466][ T7] ? vprintk_func+0x97/0x1a6 [ 62.035056][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.040595][ T7] kasan_report.cold+0x1f/0x37 [ 62.045362][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.050908][ T7] afs_wake_up_async_call+0x7a7/0x880 [ 62.056276][ T7] ? do_raw_spin_lock+0x129/0x2e0 [ 62.061296][ T7] ? afs_close_socket+0x320/0x320 [ 62.066313][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 62.071243][ T7] ? rcu_read_lock_held+0x9c/0xb0 [ 62.076262][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.081891][ T7] ? afs_close_socket+0x320/0x320 [ 62.086912][ T7] ? afs_put_call+0xa70/0xa70 [ 62.091584][ T7] rxrpc_notify_socket+0x1e5/0x5e0 [ 62.096702][ T7] ? afs_put_call+0xa70/0xa70 [ 62.101373][ T7] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 62.107796][ T7] rxrpc_call_completed+0xca/0xf0 [ 62.113278][ T7] rxrpc_discard_prealloc+0x786/0xac0 [ 62.118667][ T7] ? lock_sock_nested+0x94/0x110 [ 62.123637][ T7] rxrpc_listen+0x147/0x360 [ 62.128161][ T7] afs_close_socket+0x95/0x320 [ 62.132920][ T7] ? afs_purge_servers+0x16d/0x300 [ 62.138033][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 62.143487][ T7] ? debug_smp_processor_id+0x2f/0x185 [ 62.148948][ T7] ? init_wait_var_entry+0x200/0x200 [ 62.154322][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.159959][ T7] afs_net_exit+0x1bc/0x310 [ 62.164460][ T7] ? afs_net_init+0xe30/0xe30 [ 62.169144][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 62.174269][ T7] cleanup_net+0x511/0xa50 [ 62.178704][ T7] ? unregister_pernet_device+0x70/0x70 [ 62.184262][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.190256][ T7] process_one_work+0x965/0x16a0 [ 62.195277][ T7] ? lock_release+0x800/0x800 [ 62.199945][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.205323][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 62.210270][ T7] worker_thread+0x96/0xe10 [ 62.214778][ T7] ? process_one_work+0x16a0/0x16a0 [ 62.219970][ T7] kthread+0x388/0x470 [ 62.224037][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.230295][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.236017][ T7] ret_from_fork+0x24/0x30 [ 62.240448][ T7] [ 62.242766][ T7] Allocated by task 6821: [ 62.247090][ T7] save_stack+0x1b/0x40 [ 62.251244][ T7] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 62.256871][ T7] kmem_cache_alloc_trace+0x153/0x7d0 [ 62.262237][ T7] afs_alloc_call+0x55/0x640 [ 62.266823][ T7] afs_charge_preallocation+0xe9/0x2d0 [ 62.272276][ T7] afs_open_socket+0x292/0x360 [ 62.277036][ T7] afs_net_init+0xa6c/0xe30 [ 62.281534][ T7] ops_init+0xaf/0x420 [ 62.285594][ T7] setup_net+0x2de/0x860 [ 62.289828][ T7] copy_net_ns+0x293/0x590 [ 62.294241][ T7] create_new_namespaces+0x3fb/0xb30 [ 62.299519][ T7] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 62.305147][ T7] ksys_unshare+0x43d/0x8e0 [ 62.309643][ T7] __x64_sys_unshare+0x2d/0x40 [ 62.314402][ T7] do_syscall_64+0xf6/0x7d0 [ 62.318902][ T7] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 62.324788][ T7] [ 62.327110][ T7] Freed by task 7: [ 62.330828][ T7] save_stack+0x1b/0x40 [ 62.334978][ T7] __kasan_slab_free+0xf7/0x140 [ 62.339822][ T7] kfree+0x109/0x2b0 [ 62.343715][ T7] afs_put_call+0x59b/0xa70 [ 62.348214][ T7] rxrpc_discard_prealloc+0x769/0xac0 [ 62.353578][ T7] rxrpc_listen+0x147/0x360 [ 62.358077][ T7] afs_close_socket+0x95/0x320 [ 62.362832][ T7] afs_net_exit+0x1bc/0x310 [ 62.367327][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 62.372442][ T7] cleanup_net+0x511/0xa50 [ 62.377391][ T7] process_one_work+0x965/0x16a0 [ 62.382329][ T7] worker_thread+0x96/0xe10 [ 62.386833][ T7] kthread+0x388/0x470 [ 62.390899][ T7] ret_from_fork+0x24/0x30 [ 62.395301][ T7] [ 62.397628][ T7] The buggy address belongs to the object at ffff8880a0260000 [ 62.397628][ T7] which belongs to the cache kmalloc-1k of size 1024 [ 62.411679][ T7] The buggy address is located 484 bytes inside of [ 62.411679][ T7] 1024-byte region [ffff8880a0260000, ffff8880a0260400) [ 62.425027][ T7] The buggy address belongs to the page: [ 62.430659][ T7] page:ffffea0002809800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 62.439754][ T7] flags: 0xfffe0000000200(slab) [ 62.444604][ T7] raw: 00fffe0000000200 ffffea000280dc88 ffffea0002809648 ffff8880aa000c40 [ 62.453187][ T7] raw: 0000000000000000 ffff8880a0260000 0000000100000002 0000000000000000 [ 62.461758][ T7] page dumped because: kasan: bad access detected [ 62.468331][ T7] [ 62.470648][ T7] Memory state around the buggy address: [ 62.476271][ T7] ffff8880a0260080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.484329][ T7] ffff8880a0260100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.492393][ T7] >ffff8880a0260180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.500446][ T7] ^ [ 62.507637][ T7] ffff8880a0260200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.515702][ T7] ffff8880a0260280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.523756][ T7] ================================================================== [ 62.531810][ T7] Disabling lock debugging due to kernel taint [ 62.538001][ T7] Kernel panic - not syncing: panic_on_warn set ... [ 62.544586][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Tainted: G B 5.7.0-syzkaller #0 [ 62.553764][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.563813][ T7] Workqueue: netns cleanup_net [ 62.568570][ T7] Call Trace: [ 62.571859][ T7] dump_stack+0x188/0x20d [ 62.576184][ T7] ? afs_wake_up_async_call+0x6b0/0x880 [ 62.581716][ T7] ? afs_put_call+0xa70/0xa70 [ 62.586386][ T7] panic+0x2e3/0x75c [ 62.590281][ T7] ? add_taint.cold+0x16/0x16 [ 62.594957][ T7] ? retint_kernel+0x2b/0x2b [ 62.599542][ T7] ? trace_hardirqs_on+0x55/0x230 [ 62.604645][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.610180][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.615715][ T7] ? afs_put_call+0xa70/0xa70 [ 62.620383][ T7] end_report+0x4d/0x53 [ 62.624530][ T7] kasan_report.cold+0xd/0x37 [ 62.629202][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.634737][ T7] afs_wake_up_async_call+0x7a7/0x880 [ 62.640097][ T7] ? do_raw_spin_lock+0x129/0x2e0 [ 62.645121][ T7] ? afs_close_socket+0x320/0x320 [ 62.650138][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 62.655109][ T7] ? rcu_read_lock_held+0x9c/0xb0 [ 62.660134][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.665759][ T7] ? afs_close_socket+0x320/0x320 [ 62.670791][ T7] ? afs_put_call+0xa70/0xa70 [ 62.675554][ T7] rxrpc_notify_socket+0x1e5/0x5e0 [ 62.680950][ T7] ? afs_put_call+0xa70/0xa70 [ 62.685625][ T7] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 62.692216][ T7] rxrpc_call_completed+0xca/0xf0 [ 62.697242][ T7] rxrpc_discard_prealloc+0x786/0xac0 [ 62.702611][ T7] ? lock_sock_nested+0x94/0x110 [ 62.707547][ T7] rxrpc_listen+0x147/0x360 [ 62.712048][ T7] afs_close_socket+0x95/0x320 [ 62.716808][ T7] ? afs_purge_servers+0x16d/0x300 [ 62.721925][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 62.727638][ T7] ? debug_smp_processor_id+0x2f/0x185 [ 62.733093][ T7] ? init_wait_var_entry+0x200/0x200 [ 62.738385][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.744019][ T7] afs_net_exit+0x1bc/0x310 [ 62.748525][ T7] ? afs_net_init+0xe30/0xe30 executing program [ 62.753201][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 62.758318][ T7] cleanup_net+0x511/0xa50 [ 62.762746][ T7] ? unregister_pernet_device+0x70/0x70 [ 62.768291][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.774273][ T7] process_one_work+0x965/0x16a0 [ 62.779217][ T7] ? lock_release+0x800/0x800 [ 62.783896][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.789268][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 62.794205][ T7] worker_thread+0x96/0xe10 [ 62.803032][ T7] ? process_one_work+0x16a0/0x16a0 [ 62.808226][ T7] kthread+0x388/0x470 [ 62.812286][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.817993][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.823699][ T7] ret_from_fork+0x24/0x30 [ 62.829493][ T7] Kernel Offset: disabled [ 62.833810][ T7] Rebooting in 86400 seconds..