[ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Started System Logging Service. [ OK ] Started getty on tty2-tty6 if dbus and logind are not available. [ OK ] Started OpenBSD Secure Shell server. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 53.936744][ T6775] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6775 [ 53.946163][ T6775] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 53.952512][ T6775] CPU: 1 PID: 6775 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 53.960746][ T6775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 53.970779][ T6775] Call Trace: [ 53.974067][ T6775] dump_stack+0x188/0x20d [ 53.978566][ T6775] debug_smp_processor_id.cold+0x88/0x9b [ 53.984183][ T6775] ext4_mb_new_blocks+0xa77/0x3b30 [ 53.989294][ T6775] ? ext4_ext_search_right+0x2ca/0xb20 [ 53.994830][ T6775] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 54.000690][ T6775] ext4_ext_map_blocks+0x2044/0x3410 [ 54.005990][ T6775] ? ext4_ext_release+0x10/0x10 [ 54.010966][ T6775] ? __down_timeout+0x2d0/0x2d0 [ 54.016155][ T6775] ? ext4_es_lookup_extent+0x41d/0xd30 [ 54.021608][ T6775] ext4_map_blocks+0x4cb/0x1640 [ 54.026450][ T6775] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 54.031629][ T6775] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 54.037172][ T6775] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 54.043674][ T6775] ? prandom_u32_state+0xe/0x170 [ 54.048595][ T6775] ? __brelse+0x84/0xa0 [ 54.052737][ T6775] ? __ext4_new_inode+0x144/0x57c0 [ 54.057847][ T6775] ext4_getblk+0xad/0x520 [ 54.062167][ T6775] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 54.067876][ T6775] ? ext4_free_inode+0x17e0/0x17e0 [ 54.072975][ T6775] ext4_bread+0x7c/0x380 [ 54.077198][ T6775] ? ext4_getblk+0x520/0x520 [ 54.081767][ T6775] ? dqget+0xff0/0xff0 [ 54.085815][ T6775] ext4_append+0x153/0x360 [ 54.090243][ T6775] ext4_mkdir+0x5e0/0xdf0 [ 54.094557][ T6775] ? ext4_rmdir+0xde0/0xde0 [ 54.099078][ T6775] ? security_inode_permission+0xc4/0xf0 [ 54.104709][ T6775] vfs_mkdir+0x419/0x690 [ 54.109093][ T6775] do_mkdirat+0x21e/0x280 [ 54.117247][ T6775] ? __ia32_sys_mknod+0xb0/0xb0 [ 54.122209][ T6775] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 54.128230][ T6775] ? do_syscall_64+0x21/0x7d0 [ 54.132951][ T6775] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 54.139110][ T6775] do_syscall_64+0xf6/0x7d0 [ 54.143618][ T6775] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 54.149637][ T6775] RIP: 0033:0x7fc563b73687 [ 54.154038][ T6775] Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48 [ 54.173976][ T6775] RSP: 002b:00007ffcc36a1ab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 54.182363][ T6775] RAX: ffffffffffffffda RBX: 000055ff40cf5985 RCX: 00007fc563b73687 [ 54.190311][ T6775] RDX: 00007ffcc36a1980 RSI: 00000000000001ed RDI: 000055ff40cf5985 [ 54.198262][ T6775] RBP: 00007fc563b73680 R08: 0000000000000100 R09: 0000000000000000 [ 54.206210][ T6775] R10: 000055ff40cf5980 R11: 0000000000000246 R12: 00000000000001ed [ 54.214158][ T6775] R13: 00007ffcc36a1c40 R14: 0000000000000000 R15: 0000000000000000 [ 56.466117][ T96] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:3/96 [ 56.475299][ T96] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 56.482005][ T96] CPU: 0 PID: 96 Comm: kworker/u4:3 Not tainted 5.7.0-syzkaller #0 [ 56.490236][ T96] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.500304][ T96] Workqueue: writeback wb_workfn (flush-8:0) [ 56.506551][ T96] Call Trace: [ 56.509847][ T96] dump_stack+0x188/0x20d [ 56.514199][ T96] debug_smp_processor_id.cold+0x88/0x9b [ 56.519831][ T96] ext4_mb_new_blocks+0xa77/0x3b30 [ 56.524929][ T96] ? __kmalloc+0x62f/0x7a0 [ 56.529342][ T96] ? ext4_ext_search_right+0x2ca/0xb20 [ 56.534903][ T96] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 56.540602][ T96] ext4_ext_map_blocks+0x2044/0x3410 [ 56.545868][ T96] ? ext4_ext_release+0x10/0x10 [ 56.550716][ T96] ? __down_timeout+0x2d0/0x2d0 [ 56.555542][ T96] ? ext4_es_lookup_extent+0x41d/0xd30 [ 56.561079][ T96] ? debug_smp_processor_id+0x2f/0x185 [ 56.566693][ T96] ext4_map_blocks+0x4cb/0x1640 [ 56.571536][ T96] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 56.576722][ T96] ? debug_smp_processor_id+0x2f/0x185 [ 56.582181][ T96] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.587715][ T96] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.593680][ T96] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 56.599130][ T96] ext4_writepages+0x1ab7/0x3400 [ 56.604296][ T96] ? __ext4_mark_inode_dirty+0x950/0x950 [ 56.609918][ T96] ? __lock_acquire+0x2224/0x48a0 [ 56.615293][ T96] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.621278][ T96] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.627272][ T96] ? __ext4_mark_inode_dirty+0x950/0x950 [ 56.632889][ T96] ? do_writepages+0xfa/0x2a0 [ 56.637558][ T96] do_writepages+0xfa/0x2a0 [ 56.642180][ T96] ? page_writeback_cpu_online+0x10/0x10 [ 56.647848][ T96] ? debug_smp_processor_id+0x2f/0x185 [ 56.653308][ T96] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.658920][ T96] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.664876][ T96] ? lock_downgrade+0x840/0x840 [ 56.669717][ T96] __writeback_single_inode+0x12a/0x1410 [ 56.675338][ T96] ? _raw_spin_unlock+0x24/0x40 [ 56.680245][ T96] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 56.686238][ T96] writeback_sb_inodes+0x515/0xdd0 [ 56.691368][ T96] ? __writeback_single_inode+0x1410/0x1410 [ 56.697393][ T96] __writeback_inodes_wb+0xc3/0x250 [ 56.702580][ T96] wb_writeback+0x910/0xd90 [ 56.707077][ T96] ? print_usage_bug+0x240/0x240 [ 56.712126][ T96] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 56.718684][ T96] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 56.724579][ T96] ? cpumask_next+0x3c/0x40 [ 56.729069][ T96] ? get_nr_dirty_inodes+0xd6/0x130 [ 56.734247][ T96] wb_workfn+0xadf/0x10d0 [ 56.738570][ T96] ? inode_wait_for_writeback+0x30/0x30 [ 56.744092][ T96] ? debug_smp_processor_id+0x2f/0x185 [ 56.749549][ T96] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.755142][ T96] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.761176][ T96] process_one_work+0x965/0x16a0 [ 56.766115][ T96] ? lock_release+0x800/0x800 [ 56.770784][ T96] ? pwq_dec_nr_in_flight+0x310/0x310 [ 56.776239][ T96] ? rwlock_bug.part.0+0x90/0x90 [ 56.781157][ T96] worker_thread+0x96/0xe10 [ 56.785657][ T96] ? process_one_work+0x16a0/0x16a0 [ 56.790833][ T96] kthread+0x388/0x470 [ 56.794877][ T96] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.800582][ T96] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.806280][ T96] ret_from_fork+0x24/0x30 Warning: Permanently added '10.128.0.95' (ECDSA) to the list of known hosts. 2020/06/10 16:06:28 fuzzer started 2020/06/10 16:06:29 connecting to host at 10.128.0.26:36693 2020/06/10 16:06:29 checking machine... 2020/06/10 16:06:29 checking revisions... 2020/06/10 16:06:29 testing simple program... [ 59.353727][ T6797] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6797 [ 59.362858][ T6797] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 59.368951][ T6797] CPU: 0 PID: 6797 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 59.376838][ T6797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.386877][ T6797] Call Trace: [ 59.390168][ T6797] dump_stack+0x188/0x20d [ 59.394508][ T6797] debug_smp_processor_id.cold+0x88/0x9b [ 59.400156][ T6797] ext4_mb_new_blocks+0xa77/0x3b30 [ 59.405346][ T6797] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.410798][ T6797] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.416522][ T6797] ext4_ext_map_blocks+0x2044/0x3410 [ 59.421817][ T6797] ? ext4_ext_release+0x10/0x10 [ 59.426676][ T6797] ? __down_timeout+0x2d0/0x2d0 [ 59.431535][ T6797] ? ext4_es_lookup_extent+0x41d/0xd30 [ 59.436990][ T6797] ext4_map_blocks+0x4cb/0x1640 [ 59.441828][ T6797] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.447027][ T6797] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.452842][ T6797] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.458815][ T6797] ? prandom_u32_state+0xe/0x170 [ 59.463753][ T6797] ? __brelse+0x84/0xa0 [ 59.467902][ T6797] ? __ext4_new_inode+0x144/0x57c0 [ 59.473002][ T6797] ext4_getblk+0xad/0x520 [ 59.477315][ T6797] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.483078][ T6797] ? ext4_free_inode+0x17e0/0x17e0 [ 59.488185][ T6797] ext4_bread+0x7c/0x380 [ 59.492558][ T6797] ? ext4_getblk+0x520/0x520 [ 59.497139][ T6797] ? dqget+0xff0/0xff0 [ 59.501325][ T6797] ext4_append+0x153/0x360 [ 59.505733][ T6797] ext4_mkdir+0x5e0/0xdf0 [ 59.510051][ T6797] ? ext4_rmdir+0xde0/0xde0 [ 59.514633][ T6797] ? security_inode_permission+0xc4/0xf0 [ 59.520270][ T6797] vfs_mkdir+0x419/0x690 [ 59.524494][ T6797] do_mkdirat+0x21e/0x280 [ 59.528813][ T6797] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.533740][ T6797] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.539701][ T6797] ? do_syscall_64+0x21/0x7d0 [ 59.544357][ T6797] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.550320][ T6797] do_syscall_64+0xf6/0x7d0 [ 59.554800][ T6797] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.560685][ T6797] RIP: 0033:0x4b02a0 [ 59.564568][ T6797] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 59.584148][ T6797] RSP: 002b:000000c0000e94b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 59.592536][ T6797] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 59.600483][ T6797] RDX: 00000000000001c0 RSI: 000000c0000a4d00 RDI: ffffffffffffff9c [ 59.608445][ T6797] RBP: 000000c0000e9510 R08: 0000000000000000 R09: 0000000000000000 [ 59.616810][ T6797] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 59.624778][ T6797] R13: 0000000000000069 R14: 0000000000000068 R15: 0000000000000100 [ 59.640497][ T6801] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6801 [ 59.650055][ T6801] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 59.656027][ T6801] CPU: 0 PID: 6801 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 59.668163][ T6801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.678208][ T6801] Call Trace: [ 59.681491][ T6801] dump_stack+0x188/0x20d [ 59.685816][ T6801] debug_smp_processor_id.cold+0x88/0x9b [ 59.691435][ T6801] ext4_mb_new_blocks+0xa77/0x3b30 [ 59.696544][ T6801] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.701980][ T6801] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.707694][ T6801] ext4_ext_map_blocks+0x2044/0x3410 [ 59.712981][ T6801] ? ext4_ext_release+0x10/0x10 [ 59.718193][ T6801] ? __down_timeout+0x2d0/0x2d0 [ 59.723021][ T6801] ? ext4_es_lookup_extent+0x41d/0xd30 [ 59.728473][ T6801] ext4_map_blocks+0x4cb/0x1640 [ 59.733314][ T6801] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.738501][ T6801] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.744023][ T6801] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.750165][ T6801] ? prandom_u32_state+0xe/0x170 [ 59.755100][ T6801] ? __brelse+0x84/0xa0 [ 59.759243][ T6801] ? __ext4_new_inode+0x144/0x57c0 [ 59.764331][ T6801] ext4_getblk+0xad/0x520 [ 59.768642][ T6801] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.774339][ T6801] ? ext4_free_inode+0x17e0/0x17e0 [ 59.779442][ T6801] ext4_bread+0x7c/0x380 [ 59.783662][ T6801] ? ext4_getblk+0x520/0x520 [ 59.788229][ T6801] ? dqget+0xff0/0xff0 [ 59.792276][ T6801] ext4_append+0x153/0x360 [ 59.796675][ T6801] ext4_mkdir+0x5e0/0xdf0 [ 59.800985][ T6801] ? ext4_rmdir+0xde0/0xde0 [ 59.805479][ T6801] ? security_inode_permission+0xc4/0xf0 [ 59.811090][ T6801] vfs_mkdir+0x419/0x690 [ 59.815398][ T6801] do_mkdirat+0x21e/0x280 [ 59.819727][ T6801] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.824554][ T6801] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.830510][ T6801] ? do_syscall_64+0x21/0x7d0 [ 59.835169][ T6801] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.841142][ T6801] do_syscall_64+0xf6/0x7d0 [ 59.845624][ T6801] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.851501][ T6801] RIP: 0033:0x45bee7 [ 59.855375][ T6801] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.874957][ T6801] RSP: 002b:00007fff568c4878 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.883364][ T6801] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 59.891335][ T6801] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007fff568c4a50 [ 59.899286][ T6801] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003280 [ 59.907244][ T6801] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 59.915202][ T6801] R13: 00007fff568c4a50 R14: 8421084210842109 R15: 00007fff568c4a5c [ 60.001189][ T6802] IPVS: ftp: loaded support on port[0] = 21 [ 60.038008][ T6802] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6802 [ 60.047585][ T6802] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 60.053457][ T6802] CPU: 1 PID: 6802 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.061676][ T6802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.071715][ T6802] Call Trace: [ 60.074985][ T6802] dump_stack+0x188/0x20d [ 60.079310][ T6802] debug_smp_processor_id.cold+0x88/0x9b [ 60.085871][ T6802] ext4_mb_new_blocks+0xa77/0x3b30 [ 60.090977][ T6802] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.096443][ T6802] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.102142][ T6802] ext4_ext_map_blocks+0x2044/0x3410 [ 60.107546][ T6802] ? ext4_ext_release+0x10/0x10 [ 60.112442][ T6802] ? __down_timeout+0x2d0/0x2d0 [ 60.117291][ T6802] ? ext4_es_lookup_extent+0x41d/0xd30 [ 60.122733][ T6802] ext4_map_blocks+0x4cb/0x1640 [ 60.127566][ T6802] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.132744][ T6802] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.138544][ T6802] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.145465][ T6802] ? prandom_u32_state+0xe/0x170 [ 60.150392][ T6802] ? __brelse+0x84/0xa0 [ 60.154524][ T6802] ? __ext4_new_inode+0x144/0x57c0 [ 60.159626][ T6802] ext4_getblk+0xad/0x520 [ 60.163934][ T6802] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.169646][ T6802] ? ext4_free_inode+0x17e0/0x17e0 [ 60.174825][ T6802] ext4_bread+0x7c/0x380 [ 60.179048][ T6802] ? ext4_getblk+0x520/0x520 [ 60.183611][ T6802] ? dqget+0xff0/0xff0 [ 60.187665][ T6802] ext4_append+0x153/0x360 [ 60.192058][ T6802] ext4_mkdir+0x5e0/0xdf0 [ 60.196378][ T6802] ? ext4_rmdir+0xde0/0xde0 [ 60.200878][ T6802] ? security_inode_permission+0xc4/0xf0 [ 60.206518][ T6802] vfs_mkdir+0x419/0x690 [ 60.210741][ T6802] do_mkdirat+0x21e/0x280 [ 60.215066][ T6802] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.219902][ T6802] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.225874][ T6802] ? do_syscall_64+0x21/0x7d0 [ 60.230525][ T6802] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.236482][ T6802] do_syscall_64+0xf6/0x7d0 [ 60.240965][ T6802] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.246848][ T6802] RIP: 0033:0x45bee7 [ 60.251959][ T6802] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.271549][ T6802] RSP: 002b:00007fff568c4768 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 60.279947][ T6802] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 60.287897][ T6802] RDX: 00007fff568c47b3 RSI: 00000000000001ff RDI: 00007fff568c47b0 [ 60.295855][ T6802] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 60.303811][ T6802] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 60.311863][ T6802] R13: 00007fff568c47a0 R14: 0000000000000000 R15: 00007fff568c47b0 [ 60.358785][ T6802] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6802 [ 60.368420][ T6802] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 60.374355][ T6802] CPU: 1 PID: 6802 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.382578][ T6802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.392627][ T6802] Call Trace: [ 60.395930][ T6802] dump_stack+0x188/0x20d [ 60.401773][ T6802] debug_smp_processor_id.cold+0x88/0x9b [ 60.407449][ T6802] ext4_mb_new_blocks+0xa77/0x3b30 [ 60.412581][ T6802] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.418054][ T6802] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.423791][ T6802] ext4_ext_map_blocks+0x2044/0x3410 [ 60.429105][ T6802] ? ext4_ext_release+0x10/0x10 [ 60.433987][ T6802] ? __down_timeout+0x2d0/0x2d0 [ 60.438848][ T6802] ? ext4_es_lookup_extent+0x41d/0xd30 [ 60.444694][ T6802] ext4_map_blocks+0x4cb/0x1640 [ 60.449553][ T6802] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.454740][ T6802] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.460266][ T6802] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.466225][ T6802] ? prandom_u32_state+0xe/0x170 [ 60.471140][ T6802] ? __brelse+0x84/0xa0 [ 60.475284][ T6802] ? __ext4_new_inode+0x144/0x57c0 [ 60.480375][ T6802] ext4_getblk+0xad/0x520 [ 60.484694][ T6802] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.490408][ T6802] ? ext4_free_inode+0x17e0/0x17e0 [ 60.495497][ T6802] ext4_bread+0x7c/0x380 [ 60.499738][ T6802] ? ext4_getblk+0x520/0x520 [ 60.504329][ T6802] ? dqget+0xff0/0xff0 [ 60.508410][ T6802] ext4_append+0x153/0x360 [ 60.512834][ T6802] ext4_mkdir+0x5e0/0xdf0 [ 60.517178][ T6802] ? ext4_rmdir+0xde0/0xde0 [ 60.521681][ T6802] ? security_inode_permission+0xc4/0xf0 [ 60.527295][ T6802] vfs_mkdir+0x419/0x690 [ 60.531530][ T6802] do_mkdirat+0x21e/0x280 [ 60.535848][ T6802] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.540675][ T6802] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.546633][ T6802] ? do_syscall_64+0x21/0x7d0 [ 60.551303][ T6802] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.557275][ T6802] do_syscall_64+0xf6/0x7d0 [ 60.561758][ T6802] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.567639][ T6802] RIP: 0033:0x45bee7 [ 60.571510][ T6802] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.591096][ T6802] RSP: 002b:00007fff568c4768 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 60.599750][ T6802] RAX: ffffffffffffffda RBX: 000000000000ebb7 RCX: 000000000045bee7 2020/06/10 16:06:30 building call list... [ 60.607710][ T6802] RDX: 00007fff568c47b3 RSI: 00000000000001ff RDI: 00007fff568c47b0 [ 60.615657][ T6802] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 60.623607][ T6802] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 60.631596][ T6802] R13: 00007fff568c47a0 R14: 000000000000ebb4 R15: 00007fff568c47b0 [ 60.925075][ T356] tipc: TX() has been purged, node left! [ 61.447327][ T356] ================================================================== [ 61.455558][ T356] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x7a7/0x880 [ 61.463634][ T356] Write of size 1 at addr ffff8880a900b1e4 by task kworker/u4:4/356 [ 61.471609][ T356] [ 61.473938][ T356] CPU: 0 PID: 356 Comm: kworker/u4:4 Not tainted 5.7.0-syzkaller #0 [ 61.481904][ T356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.491966][ T356] Workqueue: netns cleanup_net [ 61.496718][ T356] Call Trace: [ 61.500023][ T356] dump_stack+0x188/0x20d [ 61.504357][ T356] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.509898][ T356] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.515436][ T356] ? afs_put_call+0xa70/0xa70 [ 61.520123][ T356] print_address_description.constprop.0.cold+0xd3/0x413 [ 61.527148][ T356] ? vprintk_func+0x97/0x1a6 [ 61.531761][ T356] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.537305][ T356] kasan_report.cold+0x1f/0x37 [ 61.542079][ T356] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.547971][ T356] afs_wake_up_async_call+0x7a7/0x880 [ 61.553353][ T356] ? do_raw_spin_lock+0x129/0x2e0 [ 61.558375][ T356] ? afs_close_socket+0x320/0x320 [ 61.563410][ T356] ? rwlock_bug.part.0+0x90/0x90 [ 61.568350][ T356] ? rcu_read_lock_held+0x9c/0xb0 [ 61.573393][ T356] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.579055][ T356] ? afs_close_socket+0x320/0x320 [ 61.584112][ T356] ? afs_put_call+0xa70/0xa70 [ 61.588827][ T356] rxrpc_notify_socket+0x1e5/0x5e0 [ 61.593969][ T356] ? afs_put_call+0xa70/0xa70 [ 61.598654][ T356] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 61.605083][ T356] rxrpc_call_completed+0xca/0xf0 [ 61.610114][ T356] rxrpc_discard_prealloc+0x786/0xac0 [ 61.615487][ T356] ? lock_sock_nested+0x94/0x110 [ 61.620429][ T356] rxrpc_listen+0x147/0x360 [ 61.624940][ T356] afs_close_socket+0x95/0x320 [ 61.629745][ T356] ? afs_purge_servers+0x16d/0x300 [ 61.634872][ T356] ? afs_rx_discard_new_call+0x50/0x50 [ 61.640330][ T356] ? debug_smp_processor_id+0x2f/0x185 [ 61.645794][ T356] ? init_wait_var_entry+0x200/0x200 [ 61.651086][ T356] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.656727][ T356] afs_net_exit+0x1bc/0x310 [ 61.661229][ T356] ? afs_net_init+0xe30/0xe30 [ 61.665915][ T356] ops_exit_list.isra.0+0xa8/0x150 [ 61.671058][ T356] cleanup_net+0x511/0xa50 [ 61.675503][ T356] ? unregister_pernet_device+0x70/0x70 [ 61.681225][ T356] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.687321][ T356] process_one_work+0x965/0x16a0 [ 61.692267][ T356] ? lock_release+0x800/0x800 [ 61.696943][ T356] ? pwq_dec_nr_in_flight+0x310/0x310 [ 61.702323][ T356] ? rwlock_bug.part.0+0x90/0x90 [ 61.707294][ T356] worker_thread+0x96/0xe10 [ 61.711825][ T356] ? process_one_work+0x16a0/0x16a0 [ 61.717022][ T356] kthread+0x388/0x470 [ 61.721194][ T356] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.727000][ T356] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.732726][ T356] ret_from_fork+0x24/0x30 [ 61.737150][ T356] [ 61.739475][ T356] Allocated by task 6802: [ 61.743802][ T356] save_stack+0x1b/0x40 [ 61.747958][ T356] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 61.753585][ T356] kmem_cache_alloc_trace+0x153/0x7d0 [ 61.758956][ T356] afs_alloc_call+0x55/0x640 [ 61.763541][ T356] afs_charge_preallocation+0xe9/0x2d0 [ 61.768993][ T356] afs_open_socket+0x292/0x360 [ 61.773751][ T356] afs_net_init+0xa6c/0xe30 [ 61.778248][ T356] ops_init+0xaf/0x420 [ 61.782309][ T356] setup_net+0x2de/0x860 [ 61.786552][ T356] copy_net_ns+0x293/0x590 [ 61.790967][ T356] create_new_namespaces+0x3fb/0xb30 [ 61.796470][ T356] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 61.802117][ T356] ksys_unshare+0x43d/0x8e0 [ 61.806714][ T356] __x64_sys_unshare+0x2d/0x40 [ 61.811496][ T356] do_syscall_64+0xf6/0x7d0 [ 61.815994][ T356] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 61.821877][ T356] [ 61.824206][ T356] Freed by task 356: [ 61.828098][ T356] save_stack+0x1b/0x40 [ 61.832251][ T356] __kasan_slab_free+0xf7/0x140 [ 61.837094][ T356] kfree+0x109/0x2b0 [ 61.840985][ T356] afs_put_call+0x59b/0xa70 [ 61.845487][ T356] rxrpc_discard_prealloc+0x769/0xac0 [ 61.850854][ T356] rxrpc_listen+0x147/0x360 [ 61.855355][ T356] afs_close_socket+0x95/0x320 [ 61.860113][ T356] afs_net_exit+0x1bc/0x310 [ 61.864611][ T356] ops_exit_list.isra.0+0xa8/0x150 [ 61.869716][ T356] cleanup_net+0x511/0xa50 [ 61.874128][ T356] process_one_work+0x965/0x16a0 [ 61.879072][ T356] worker_thread+0x96/0xe10 [ 61.883569][ T356] kthread+0x388/0x470 [ 61.887635][ T356] ret_from_fork+0x24/0x30 [ 61.892314][ T356] [ 61.894640][ T356] The buggy address belongs to the object at ffff8880a900b000 [ 61.894640][ T356] which belongs to the cache kmalloc-1k of size 1024 [ 61.908699][ T356] The buggy address is located 484 bytes inside of [ 61.908699][ T356] 1024-byte region [ffff8880a900b000, ffff8880a900b400) [ 61.922070][ T356] The buggy address belongs to the page: [ 61.927722][ T356] page:ffffea0002a402c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 61.936838][ T356] flags: 0xfffe0000000200(slab) [ 61.941690][ T356] raw: 00fffe0000000200 ffffea0002885248 ffffea00028a50c8 ffff8880aa000c40 [ 61.950293][ T356] raw: 0000000000000000 ffff8880a900b000 0000000100000002 0000000000000000 [ 61.958868][ T356] page dumped because: kasan: bad access detected [ 61.965269][ T356] [ 61.967587][ T356] Memory state around the buggy address: [ 61.973210][ T356] ffff8880a900b080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.981268][ T356] ffff8880a900b100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.990109][ T356] >ffff8880a900b180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.998161][ T356] ^ [ 62.005352][ T356] ffff8880a900b200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.013426][ T356] ffff8880a900b280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.021504][ T356] ================================================================== [ 62.029555][ T356] Disabling lock debugging due to kernel taint [ 62.035735][ T356] Kernel panic - not syncing: panic_on_warn set ... [ 62.042322][ T356] CPU: 0 PID: 356 Comm: kworker/u4:4 Tainted: G B 5.7.0-syzkaller #0 [ 62.051676][ T356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.061737][ T356] Workqueue: netns cleanup_net [ 62.066491][ T356] Call Trace: [ 62.069784][ T356] dump_stack+0x188/0x20d [ 62.074152][ T356] ? afs_wake_up_async_call+0x6b0/0x880 [ 62.079722][ T356] ? afs_put_call+0xa70/0xa70 [ 62.084393][ T356] panic+0x2e3/0x75c [ 62.088462][ T356] ? add_taint.cold+0x16/0x16 [ 62.093133][ T356] ? retint_kernel+0x2b/0x2b executing program [ 62.097722][ T356] ? trace_hardirqs_on+0x55/0x230 [ 62.102742][ T356] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.108278][ T356] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.113812][ T356] ? afs_put_call+0xa70/0xa70 [ 62.118481][ T356] end_report+0x4d/0x53 [ 62.122721][ T356] kasan_report.cold+0xd/0x37 [ 62.127391][ T356] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.132958][ T356] afs_wake_up_async_call+0x7a7/0x880 [ 62.138326][ T356] ? do_raw_spin_lock+0x129/0x2e0 [ 62.143372][ T356] ? afs_close_socket+0x320/0x320 [ 62.148401][ T356] ? rwlock_bug.part.0+0x90/0x90 [ 62.153329][ T356] ? rcu_read_lock_held+0x9c/0xb0 [ 62.158341][ T356] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.164059][ T356] ? afs_close_socket+0x320/0x320 [ 62.169106][ T356] ? afs_put_call+0xa70/0xa70 [ 62.173807][ T356] rxrpc_notify_socket+0x1e5/0x5e0 [ 62.178918][ T356] ? afs_put_call+0xa70/0xa70 [ 62.183590][ T356] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 62.190008][ T356] rxrpc_call_completed+0xca/0xf0 [ 62.195056][ T356] rxrpc_discard_prealloc+0x786/0xac0 [ 62.200428][ T356] ? lock_sock_nested+0x94/0x110 [ 62.205373][ T356] rxrpc_listen+0x147/0x360 [ 62.209881][ T356] afs_close_socket+0x95/0x320 [ 62.214642][ T356] ? afs_purge_servers+0x16d/0x300 [ 62.220815][ T356] ? afs_rx_discard_new_call+0x50/0x50 [ 62.226274][ T356] ? debug_smp_processor_id+0x2f/0x185 [ 62.231726][ T356] ? init_wait_var_entry+0x200/0x200 [ 62.237003][ T356] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.242626][ T356] afs_net_exit+0x1bc/0x310 [ 62.247111][ T356] ? afs_net_init+0xe30/0xe30 [ 62.251806][ T356] ops_exit_list.isra.0+0xa8/0x150 [ 62.256904][ T356] cleanup_net+0x511/0xa50 [ 62.261300][ T356] ? unregister_pernet_device+0x70/0x70 [ 62.266820][ T356] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.272780][ T356] process_one_work+0x965/0x16a0 [ 62.277694][ T356] ? lock_release+0x800/0x800 [ 62.282341][ T356] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.287711][ T356] ? rwlock_bug.part.0+0x90/0x90 [ 62.292641][ T356] worker_thread+0x96/0xe10 [ 62.297311][ T356] ? process_one_work+0x16a0/0x16a0 [ 62.302544][ T356] kthread+0x388/0x470 [ 62.306612][ T356] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.312418][ T356] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.318241][ T356] ret_from_fork+0x24/0x30 [ 62.323534][ T356] Kernel Offset: disabled [ 62.327952][ T356] Rebooting in 86400 seconds..