[ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ 55.852352][ T6805] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6805 [ 55.862102][ T6805] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 55.868461][ T6805] CPU: 1 PID: 6805 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 55.877500][ T6805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.887545][ T6805] Call Trace: [ 55.890821][ T6805] dump_stack+0x188/0x20d [ 55.895430][ T6805] debug_smp_processor_id.cold+0x88/0x9b [ 55.901051][ T6805] ext4_mb_new_blocks+0xa77/0x3b30 [ 55.906158][ T6805] ? ext4_ext_search_right+0x2ca/0xb20 [ 55.911610][ T6805] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 55.917313][ T6805] ext4_ext_map_blocks+0x2044/0x3410 [ 55.922677][ T6805] ? ext4_ext_release+0x10/0x10 [ 55.927529][ T6805] ? __down_timeout+0x2d0/0x2d0 [ 55.932453][ T6805] ? ext4_es_lookup_extent+0x41d/0xd30 [ 55.937902][ T6805] ext4_map_blocks+0x4cb/0x1640 [ 55.942742][ T6805] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 55.947918][ T6805] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 55.953439][ T6805] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 55.959569][ T6805] ? prandom_u32_state+0xe/0x170 [ 55.964493][ T6805] ? __brelse+0x84/0xa0 [ 55.968625][ T6805] ? __ext4_new_inode+0x144/0x57c0 [ 55.973732][ T6805] ext4_getblk+0xad/0x520 [ 55.978057][ T6805] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 55.983766][ T6805] ? ext4_free_inode+0x17e0/0x17e0 [ 55.988867][ T6805] ext4_bread+0x7c/0x380 [ 55.993099][ T6805] ? ext4_getblk+0x520/0x520 [ 55.997682][ T6805] ? dqget+0xff0/0xff0 [ 56.001742][ T6805] ext4_append+0x153/0x360 [ 56.006338][ T6805] ext4_mkdir+0x5e0/0xdf0 [ 56.011171][ T6805] ? ext4_rmdir+0xde0/0xde0 [ 56.017054][ T6805] ? security_inode_permission+0xc4/0xf0 [ 56.022674][ T6805] vfs_mkdir+0x419/0x690 [ 56.026913][ T6805] do_mkdirat+0x21e/0x280 [ 56.031243][ T6805] ? __ia32_sys_mknod+0xb0/0xb0 [ 56.036074][ T6805] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 56.042031][ T6805] ? do_syscall_64+0x21/0x7d0 [ 56.046699][ T6805] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 56.053029][ T6805] do_syscall_64+0xf6/0x7d0 [ 56.057516][ T6805] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 56.063485][ T6805] RIP: 0033:0x7f5aae17f687 [ 56.067881][ T6805] Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48 [ 56.087463][ T6805] RSP: 002b:00007ffce0c9e4f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 56.096730][ T6805] RAX: ffffffffffffffda RBX: 00005607a1f99985 RCX: 00007f5aae17f687 [ 56.104689][ T6805] RDX: 00007ffce0c9e3c0 RSI: 00000000000001ed RDI: 00005607a1f99985 [ 56.113610][ T6805] RBP: 00007f5aae17f680 R08: 0000000000000100 R09: 0000000000000000 [ 56.122344][ T6805] R10: 00005607a1f99980 R11: 0000000000000246 R12: 00000000000001ed [ 56.130315][ T6805] R13: 00007ffce0c9e680 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 60.153467][ T158] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:4/158 [ 60.162724][ T158] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 60.168753][ T158] CPU: 1 PID: 158 Comm: kworker/u4:4 Not tainted 5.7.0-syzkaller #0 [ 60.176730][ T158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.186774][ T158] Workqueue: writeback wb_workfn (flush-8:0) [ 60.193252][ T158] Call Trace: [ 60.196530][ T158] dump_stack+0x188/0x20d [ 60.200937][ T158] debug_smp_processor_id.cold+0x88/0x9b [ 60.206572][ T158] ext4_mb_new_blocks+0xa77/0x3b30 [ 60.211677][ T158] ? __kmalloc+0x62f/0x7a0 [ 60.216253][ T158] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.221706][ T158] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.227405][ T158] ext4_ext_map_blocks+0x2044/0x3410 [ 60.232677][ T158] ? ext4_ext_release+0x10/0x10 [ 60.237525][ T158] ? __down_timeout+0x2d0/0x2d0 [ 60.242368][ T158] ? ext4_es_lookup_extent+0x41d/0xd30 [ 60.247807][ T158] ? debug_smp_processor_id+0x2f/0x185 [ 60.253260][ T158] ext4_map_blocks+0x4cb/0x1640 [ 60.258099][ T158] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.263283][ T158] ? debug_smp_processor_id+0x2f/0x185 [ 60.268731][ T158] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.274266][ T158] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.280231][ T158] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 60.285688][ T158] ext4_writepages+0x1ab7/0x3400 [ 60.290634][ T158] ? __ext4_mark_inode_dirty+0x950/0x950 [ 60.296250][ T158] ? __lock_acquire+0x2224/0x48a0 [ 60.301256][ T158] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 60.307214][ T158] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 60.313183][ T158] ? __ext4_mark_inode_dirty+0x950/0x950 [ 60.318803][ T158] ? do_writepages+0xfa/0x2a0 [ 60.323455][ T158] do_writepages+0xfa/0x2a0 [ 60.327951][ T158] ? page_writeback_cpu_online+0x10/0x10 [ 60.333668][ T158] ? debug_smp_processor_id+0x2f/0x185 [ 60.339105][ T158] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.344627][ T158] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.350591][ T158] ? lock_downgrade+0x840/0x840 [ 60.355423][ T158] __writeback_single_inode+0x12a/0x1410 [ 60.361036][ T158] ? _raw_spin_unlock+0x24/0x40 [ 60.365862][ T158] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 60.371816][ T158] writeback_sb_inodes+0x515/0xdd0 [ 60.376924][ T158] ? __writeback_single_inode+0x1410/0x1410 [ 60.382802][ T158] __writeback_inodes_wb+0xc3/0x250 [ 60.387980][ T158] wb_writeback+0x910/0xd90 [ 60.392460][ T158] ? print_usage_bug+0x240/0x240 [ 60.397376][ T158] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 60.403687][ T158] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 60.409558][ T158] ? cpumask_next+0x3c/0x40 [ 60.414050][ T158] ? get_nr_dirty_inodes+0xd6/0x130 [ 60.419225][ T158] wb_workfn+0xadf/0x10d0 [ 60.423537][ T158] ? inode_wait_for_writeback+0x30/0x30 [ 60.429069][ T158] ? debug_smp_processor_id+0x2f/0x185 [ 60.434562][ T158] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.440119][ T158] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.446182][ T158] process_one_work+0x965/0x16a0 [ 60.451107][ T158] ? lock_release+0x800/0x800 [ 60.455764][ T158] ? pwq_dec_nr_in_flight+0x310/0x310 [ 60.461114][ T158] ? rwlock_bug.part.0+0x90/0x90 [ 60.466042][ T158] worker_thread+0x96/0xe10 [ 60.470537][ T158] ? process_one_work+0x16a0/0x16a0 [ 60.475716][ T158] kthread+0x388/0x470 [ 60.479764][ T158] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.485465][ T158] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.491162][ T158] ret_from_fork+0x24/0x30 Warning: Permanently added '10.128.0.56' (ECDSA) to the list of known hosts. 2020/06/13 22:38:32 fuzzer started 2020/06/13 22:38:33 connecting to host at 10.128.0.26:37881 2020/06/13 22:38:33 checking machine... 2020/06/13 22:38:33 checking revisions... 2020/06/13 22:38:33 testing simple program... [ 61.749487][ T6882] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6882 [ 61.758613][ T6882] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 61.764554][ T6882] CPU: 1 PID: 6882 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 61.772442][ T6882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.782482][ T6882] Call Trace: [ 61.785814][ T6882] dump_stack+0x188/0x20d [ 61.790143][ T6882] debug_smp_processor_id.cold+0x88/0x9b [ 61.795934][ T6882] ext4_mb_new_blocks+0xa77/0x3b30 [ 61.801034][ T6882] ? ext4_ext_search_right+0x2ca/0xb20 [ 61.806491][ T6882] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 61.812190][ T6882] ext4_ext_map_blocks+0x2044/0x3410 [ 61.817456][ T6882] ? ext4_ext_release+0x10/0x10 [ 61.822301][ T6882] ? __down_timeout+0x2d0/0x2d0 [ 61.827126][ T6882] ? ext4_es_lookup_extent+0x41d/0xd30 [ 61.832609][ T6882] ext4_map_blocks+0x4cb/0x1640 [ 61.837440][ T6882] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.842626][ T6882] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.848146][ T6882] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.854102][ T6882] ? prandom_u32_state+0xe/0x170 [ 61.859025][ T6882] ? __brelse+0x84/0xa0 [ 61.863155][ T6882] ? __ext4_new_inode+0x144/0x57c0 [ 61.868243][ T6882] ext4_getblk+0xad/0x520 [ 61.872548][ T6882] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 61.878263][ T6882] ? ext4_free_inode+0x17e0/0x17e0 [ 61.883354][ T6882] ext4_bread+0x7c/0x380 [ 61.887574][ T6882] ? ext4_getblk+0x520/0x520 [ 61.892138][ T6882] ? dqget+0xff0/0xff0 [ 61.896203][ T6882] ext4_append+0x153/0x360 [ 61.900610][ T6882] ext4_mkdir+0x5e0/0xdf0 [ 61.904944][ T6882] ? ext4_rmdir+0xde0/0xde0 [ 61.909439][ T6882] ? security_inode_permission+0xc4/0xf0 [ 61.915064][ T6882] vfs_mkdir+0x419/0x690 [ 61.919283][ T6882] do_mkdirat+0x21e/0x280 [ 61.923599][ T6882] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.928436][ T6882] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.934408][ T6882] ? do_syscall_64+0x21/0x7d0 [ 61.939060][ T6882] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.945016][ T6882] do_syscall_64+0xf6/0x7d0 [ 61.949514][ T6882] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 61.955383][ T6882] RIP: 0033:0x4b02a0 [ 61.959252][ T6882] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 61.978831][ T6882] RSP: 002b:000000c0000c94b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 61.987219][ T6882] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 61.995291][ T6882] RDX: 00000000000001c0 RSI: 000000c000026be0 RDI: ffffffffffffff9c [ 62.003242][ T6882] RBP: 000000c0000c9510 R08: 0000000000000000 R09: 0000000000000000 [ 62.011282][ T6882] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 62.019248][ T6882] R13: 0000000000000060 R14: 000000000000005f R15: 0000000000000100 [ 62.046181][ T6894] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6894 [ 62.055758][ T6894] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 62.061644][ T6894] CPU: 1 PID: 6894 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 62.069864][ T6894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.079914][ T6894] Call Trace: [ 62.083215][ T6894] dump_stack+0x188/0x20d [ 62.087536][ T6894] debug_smp_processor_id.cold+0x88/0x9b [ 62.093169][ T6894] ext4_mb_new_blocks+0xa77/0x3b30 [ 62.098266][ T6894] ? ext4_ext_search_right+0x2ca/0xb20 [ 62.103707][ T6894] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 62.109406][ T6894] ext4_ext_map_blocks+0x2044/0x3410 [ 62.114679][ T6894] ? ext4_ext_release+0x10/0x10 [ 62.119517][ T6894] ? __down_timeout+0x2d0/0x2d0 [ 62.124346][ T6894] ? ext4_es_lookup_extent+0x41d/0xd30 [ 62.129782][ T6894] ext4_map_blocks+0x4cb/0x1640 [ 62.134651][ T6894] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 62.139843][ T6894] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.145382][ T6894] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.151362][ T6894] ? prandom_u32_state+0xe/0x170 [ 62.156281][ T6894] ? __brelse+0x84/0xa0 [ 62.160422][ T6894] ? __ext4_new_inode+0x144/0x57c0 [ 62.165525][ T6894] ext4_getblk+0xad/0x520 [ 62.169911][ T6894] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 62.175626][ T6894] ? ext4_free_inode+0x17e0/0x17e0 [ 62.180867][ T6894] ext4_bread+0x7c/0x380 [ 62.185094][ T6894] ? ext4_getblk+0x520/0x520 [ 62.189676][ T6894] ? dqget+0xff0/0xff0 [ 62.193755][ T6894] ext4_append+0x153/0x360 [ 62.198251][ T6894] ext4_mkdir+0x5e0/0xdf0 [ 62.202580][ T6894] ? ext4_rmdir+0xde0/0xde0 [ 62.207080][ T6894] ? security_inode_permission+0xc4/0xf0 [ 62.212703][ T6894] vfs_mkdir+0x419/0x690 [ 62.217078][ T6894] do_mkdirat+0x21e/0x280 [ 62.221416][ T6894] ? __ia32_sys_mknod+0xb0/0xb0 [ 62.226252][ T6894] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.232227][ T6894] ? do_syscall_64+0x21/0x7d0 [ 62.236910][ T6894] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.242989][ T6894] do_syscall_64+0xf6/0x7d0 [ 62.247485][ T6894] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 62.253359][ T6894] RIP: 0033:0x45bee7 [ 62.257244][ T6894] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.276888][ T6894] RSP: 002b:00007fff4136b6b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 62.285296][ T6894] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 62.293263][ T6894] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007fff4136b890 [ 62.301228][ T6894] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003340 [ 62.311814][ T6894] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 62.319785][ T6894] R13: 00007fff4136b890 R14: 8421084210842109 R15: 00007fff4136b89c [ 62.400083][ T6895] IPVS: ftp: loaded support on port[0] = 21 [ 62.437554][ T6895] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6895 [ 62.447186][ T6895] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 62.453572][ T6895] CPU: 0 PID: 6895 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 62.461852][ T6895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.472115][ T6895] Call Trace: [ 62.475420][ T6895] dump_stack+0x188/0x20d [ 62.479999][ T6895] debug_smp_processor_id.cold+0x88/0x9b [ 62.485613][ T6895] ext4_mb_new_blocks+0xa77/0x3b30 [ 62.490712][ T6895] ? ext4_ext_search_right+0x2ca/0xb20 [ 62.496148][ T6895] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 62.501854][ T6895] ext4_ext_map_blocks+0x2044/0x3410 [ 62.507154][ T6895] ? ext4_ext_release+0x10/0x10 [ 62.512001][ T6895] ? __down_timeout+0x2d0/0x2d0 [ 62.517039][ T6895] ? ext4_es_lookup_extent+0x41d/0xd30 [ 62.522493][ T6895] ext4_map_blocks+0x4cb/0x1640 [ 62.527327][ T6895] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 62.532519][ T6895] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.538052][ T6895] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.544162][ T6895] ? prandom_u32_state+0xe/0x170 [ 62.549268][ T6895] ? __brelse+0x84/0xa0 [ 62.553422][ T6895] ? __ext4_new_inode+0x144/0x57c0 [ 62.558547][ T6895] ext4_getblk+0xad/0x520 [ 62.562948][ T6895] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 62.568675][ T6895] ? ext4_free_inode+0x17e0/0x17e0 [ 62.573790][ T6895] ext4_bread+0x7c/0x380 [ 62.578024][ T6895] ? ext4_getblk+0x520/0x520 [ 62.582620][ T6895] ? dqget+0xff0/0xff0 [ 62.586681][ T6895] ext4_append+0x153/0x360 [ 62.591086][ T6895] ext4_mkdir+0x5e0/0xdf0 [ 62.595520][ T6895] ? ext4_rmdir+0xde0/0xde0 [ 62.600007][ T6895] ? security_inode_permission+0xc4/0xf0 [ 62.605638][ T6895] vfs_mkdir+0x419/0x690 [ 62.610032][ T6895] do_mkdirat+0x21e/0x280 [ 62.614352][ T6895] ? __ia32_sys_mknod+0xb0/0xb0 [ 62.619183][ T6895] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.625157][ T6895] ? do_syscall_64+0x21/0x7d0 [ 62.629816][ T6895] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.635804][ T6895] do_syscall_64+0xf6/0x7d0 [ 62.640287][ T6895] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 62.646157][ T6895] RIP: 0033:0x45bee7 [ 62.650030][ T6895] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 62.669987][ T6895] RSP: 002b:00007fff4136b5a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 62.678464][ T6895] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 62.686783][ T6895] RDX: 00007fff4136b5f3 RSI: 00000000000001ff RDI: 00007fff4136b5f0 [ 62.694908][ T6895] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 62.702856][ T6895] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 62.711335][ T6895] R13: 00007fff4136b5e0 R14: 0000000000000000 R15: 00007fff4136b5f0 [ 62.762759][ T6895] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6895 [ 62.772676][ T6895] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 62.778602][ T6895] CPU: 0 PID: 6895 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 62.786841][ T6895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.796902][ T6895] Call Trace: [ 62.800203][ T6895] dump_stack+0x188/0x20d [ 62.804554][ T6895] debug_smp_processor_id.cold+0x88/0x9b [ 62.810193][ T6895] ext4_mb_new_blocks+0xa77/0x3b30 [ 62.815501][ T6895] ? ext4_ext_search_right+0x2ca/0xb20 [ 62.820971][ T6895] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 62.826972][ T6895] ext4_ext_map_blocks+0x2044/0x3410 [ 62.833672][ T6895] ? ext4_ext_release+0x10/0x10 [ 62.838813][ T6895] ? __down_timeout+0x2d0/0x2d0 [ 62.843678][ T6895] ? ext4_es_lookup_extent+0x41d/0xd30 [ 62.849493][ T6895] ext4_map_blocks+0x4cb/0x1640 [ 62.854540][ T6895] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 62.859744][ T6895] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.865296][ T6895] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.871256][ T6895] ? prandom_u32_state+0xe/0x170 [ 62.876189][ T6895] ? __brelse+0x84/0xa0 [ 62.880322][ T6895] ? __ext4_new_inode+0x144/0x57c0 [ 62.885428][ T6895] ext4_getblk+0xad/0x520 [ 62.889755][ T6895] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 62.895457][ T6895] ? ext4_free_inode+0x17e0/0x17e0 [ 62.900562][ T6895] ext4_bread+0x7c/0x380 [ 62.904911][ T6895] ? ext4_getblk+0x520/0x520 [ 62.909508][ T6895] ? dqget+0xff0/0xff0 [ 62.913569][ T6895] ext4_append+0x153/0x360 [ 62.918409][ T6895] ext4_mkdir+0x5e0/0xdf0 [ 62.922724][ T6895] ? ext4_rmdir+0xde0/0xde0 [ 62.927210][ T6895] ? security_inode_permission+0xc4/0xf0 [ 62.932839][ T6895] vfs_mkdir+0x419/0x690 [ 62.937063][ T6895] do_mkdirat+0x21e/0x280 [ 62.941371][ T6895] ? __ia32_sys_mknod+0xb0/0xb0 [ 62.946215][ T6895] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.952190][ T6895] ? do_syscall_64+0x21/0x7d0 [ 62.960424][ T6895] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.966388][ T6895] do_syscall_64+0xf6/0x7d0 [ 62.970883][ T6895] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 62.977025][ T6895] RIP: 0033:0x45bee7 [ 62.980987][ T6895] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 63.000671][ T6895] RSP: 002b:00007fff4136b5a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 63.009852][ T6895] RAX: ffffffffffffffda RBX: 000000000000f525 RCX: 000000000045bee7 [ 63.018067][ T6895] RDX: 00007fff4136b5f3 RSI: 00000000000001ff RDI: 00007fff4136b5f0 [ 63.026033][ T6895] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 63.034522][ T6895] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 63.042625][ T6895] R13: 00007fff4136b5e0 R14: 000000000000f51c R15: 00007fff4136b5f0 2020/06/13 22:38:34 building call list... [ 63.332970][ T7] tipc: TX() has been purged, node left! [ 63.844193][ T7] ================================================================== [ 63.852423][ T7] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x7a7/0x880 [ 63.860306][ T7] Write of size 1 at addr ffff8880a72239e4 by task kworker/u4:0/7 [ 63.873045][ T7] [ 63.875580][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.7.0-syzkaller #0 [ 63.883373][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.895685][ T7] Workqueue: netns cleanup_net [ 63.901054][ T7] Call Trace: [ 63.904347][ T7] dump_stack+0x188/0x20d [ 63.909286][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 63.914830][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 63.920369][ T7] ? afs_put_call+0xa70/0xa70 [ 63.925974][ T7] print_address_description.constprop.0.cold+0xd3/0x413 [ 63.934303][ T7] ? vprintk_func+0x97/0x1a6 [ 63.940195][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 63.945980][ T7] kasan_report.cold+0x1f/0x37 [ 63.950781][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 63.956338][ T7] afs_wake_up_async_call+0x7a7/0x880 [ 63.961986][ T7] ? do_raw_spin_lock+0x129/0x2e0 [ 63.967021][ T7] ? afs_close_socket+0x320/0x320 [ 63.972212][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 63.977155][ T7] ? rcu_read_lock_held+0x9c/0xb0 [ 63.982188][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 63.987836][ T7] ? afs_close_socket+0x320/0x320 [ 63.993253][ T7] ? afs_put_call+0xa70/0xa70 [ 63.997942][ T7] rxrpc_notify_socket+0x1e5/0x5e0 [ 64.003063][ T7] ? afs_put_call+0xa70/0xa70 [ 64.007837][ T7] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 64.014378][ T7] rxrpc_call_completed+0xca/0xf0 [ 64.019505][ T7] rxrpc_discard_prealloc+0x786/0xac0 [ 64.024900][ T7] ? lock_sock_nested+0x94/0x110 [ 64.029974][ T7] rxrpc_listen+0x147/0x360 [ 64.034690][ T7] afs_close_socket+0x95/0x320 [ 64.039555][ T7] ? afs_purge_servers+0x16d/0x300 [ 64.045081][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 64.050741][ T7] ? debug_smp_processor_id+0x2f/0x185 [ 64.056297][ T7] ? init_wait_var_entry+0x200/0x200 [ 64.061576][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 64.067225][ T7] afs_net_exit+0x1bc/0x310 [ 64.071925][ T7] ? afs_net_init+0xe30/0xe30 [ 64.076600][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 64.081932][ T7] cleanup_net+0x511/0xa50 [ 64.086364][ T7] ? unregister_pernet_device+0x70/0x70 [ 64.091935][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.097908][ T7] process_one_work+0x965/0x16a0 [ 64.102849][ T7] ? lock_release+0x800/0x800 [ 64.107522][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 64.113337][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 64.118331][ T7] worker_thread+0x96/0xe10 [ 64.122859][ T7] ? process_one_work+0x16a0/0x16a0 [ 64.128065][ T7] kthread+0x388/0x470 [ 64.132137][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.137852][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.143576][ T7] ret_from_fork+0x24/0x30 [ 64.148000][ T7] [ 64.150324][ T7] Allocated by task 6895: [ 64.154739][ T7] save_stack+0x1b/0x40 [ 64.158892][ T7] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 64.164529][ T7] kmem_cache_alloc_trace+0x153/0x7d0 [ 64.169897][ T7] afs_alloc_call+0x55/0x640 [ 64.174484][ T7] afs_charge_preallocation+0xe9/0x2d0 [ 64.180029][ T7] afs_open_socket+0x292/0x360 [ 64.184810][ T7] afs_net_init+0xa6c/0xe30 [ 64.189311][ T7] ops_init+0xaf/0x420 [ 64.193373][ T7] setup_net+0x2de/0x860 [ 64.197610][ T7] copy_net_ns+0x293/0x590 [ 64.202119][ T7] create_new_namespaces+0x3fb/0xb30 [ 64.207494][ T7] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 64.213214][ T7] ksys_unshare+0x43d/0x8e0 [ 64.217805][ T7] __x64_sys_unshare+0x2d/0x40 [ 64.222575][ T7] do_syscall_64+0xf6/0x7d0 [ 64.227083][ T7] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 64.235306][ T7] [ 64.237626][ T7] Freed by task 7: [ 64.241624][ T7] save_stack+0x1b/0x40 [ 64.246060][ T7] __kasan_slab_free+0xf7/0x140 [ 64.251251][ T7] kfree+0x109/0x2b0 [ 64.255253][ T7] afs_put_call+0x59b/0xa70 [ 64.259846][ T7] rxrpc_discard_prealloc+0x769/0xac0 [ 64.265215][ T7] rxrpc_listen+0x147/0x360 [ 64.269979][ T7] afs_close_socket+0x95/0x320 [ 64.274765][ T7] afs_net_exit+0x1bc/0x310 [ 64.279264][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 64.284380][ T7] cleanup_net+0x511/0xa50 [ 64.288804][ T7] process_one_work+0x965/0x16a0 [ 64.293762][ T7] worker_thread+0x96/0xe10 [ 64.298330][ T7] kthread+0x388/0x470 [ 64.302395][ T7] ret_from_fork+0x24/0x30 [ 64.306805][ T7] [ 64.309155][ T7] The buggy address belongs to the object at ffff8880a7223800 [ 64.309155][ T7] which belongs to the cache kmalloc-1k of size 1024 [ 64.323308][ T7] The buggy address is located 484 bytes inside of [ 64.323308][ T7] 1024-byte region [ffff8880a7223800, ffff8880a7223c00) [ 64.336770][ T7] The buggy address belongs to the page: [ 64.342401][ T7] page:ffffea00029c88c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 64.351507][ T7] flags: 0xfffe0000000200(slab) [ 64.356358][ T7] raw: 00fffe0000000200 ffffea00028c1b48 ffffea0002a22fc8 ffff8880aa000c40 [ 64.365028][ T7] raw: 0000000000000000 ffff8880a7223000 0000000100000002 0000000000000000 [ 64.374388][ T7] page dumped because: kasan: bad access detected [ 64.380985][ T7] [ 64.383396][ T7] Memory state around the buggy address: [ 64.389198][ T7] ffff8880a7223880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.397259][ T7] ffff8880a7223900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.405322][ T7] >ffff8880a7223980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.413472][ T7] ^ [ 64.421008][ T7] ffff8880a7223a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.429066][ T7] ffff8880a7223a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 64.437208][ T7] ================================================================== [ 64.445281][ T7] Disabling lock debugging due to kernel taint [ 64.451516][ T7] Kernel panic - not syncing: panic_on_warn set ... [ 64.458213][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Tainted: G B 5.7.0-syzkaller #0 [ 64.467399][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.477478][ T7] Workqueue: netns cleanup_net [ 64.482242][ T7] Call Trace: [ 64.485538][ T7] dump_stack+0x188/0x20d [ 64.490132][ T7] ? afs_wake_up_async_call+0x6b0/0x880 [ 64.495680][ T7] ? afs_put_call+0xa70/0xa70 [ 64.500351][ T7] panic+0x2e3/0x75c [ 64.504849][ T7] ? add_taint.cold+0x16/0x16 [ 64.509545][ T7] ? retint_kernel+0x2b/0x2b [ 64.515008][ T7] ? trace_hardirqs_on+0x55/0x230 [ 64.520113][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 64.525737][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 64.531276][ T7] ? afs_put_call+0xa70/0xa70 [ 64.536122][ T7] end_report+0x4d/0x53 [ 64.540377][ T7] kasan_report.cold+0xd/0x37 [ 64.545051][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 64.550782][ T7] afs_wake_up_async_call+0x7a7/0x880 [ 64.556147][ T7] ? do_raw_spin_lock+0x129/0x2e0 [ 64.561167][ T7] ? afs_close_socket+0x320/0x320 [ 64.567744][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 64.573384][ T7] ? rcu_read_lock_held+0x9c/0xb0 [ 64.578428][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 64.584497][ T7] ? afs_close_socket+0x320/0x320 [ 64.589519][ T7] ? afs_put_call+0xa70/0xa70 [ 64.594399][ T7] rxrpc_notify_socket+0x1e5/0x5e0 [ 64.599512][ T7] ? afs_put_call+0xa70/0xa70 [ 64.604187][ T7] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 64.610599][ T7] rxrpc_call_completed+0xca/0xf0 [ 64.615806][ T7] rxrpc_discard_prealloc+0x786/0xac0 [ 64.621179][ T7] ? lock_sock_nested+0x94/0x110 [ 64.626120][ T7] rxrpc_listen+0x147/0x360 [ 64.630626][ T7] afs_close_socket+0x95/0x320 [ 64.635396][ T7] ? afs_purge_servers+0x16d/0x300 [ 64.640530][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 64.646083][ T7] ? debug_smp_processor_id+0x2f/0x185 [ 64.651550][ T7] ? init_wait_var_entry+0x200/0x200 [ 64.657270][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 64.663157][ T7] afs_net_exit+0x1bc/0x310 [ 64.667660][ T7] ? afs_net_init+0xe30/0xe30 [ 64.672368][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 64.677492][ T7] cleanup_net+0x511/0xa50 [ 64.681911][ T7] ? unregister_pernet_device+0x70/0x70 [ 64.687471][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.693450][ T7] process_one_work+0x965/0x16a0 [ 64.698393][ T7] ? lock_release+0x800/0x800 [ 64.703078][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 64.708453][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 64.713373][ T7] worker_thread+0x96/0xe10 [ 64.717856][ T7] ? process_one_work+0x16a0/0x16a0 [ 64.723064][ T7] kthread+0x388/0x470 [ 64.727121][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.732829][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.738539][ T7] ret_from_fork+0x24/0x30 [ 64.743714][ T7] Kernel Offset: disabled [ 64.748223][ T7] Rebooting in 86400 seconds..