[[0;32m  OK  [0m] Started Getty on tty4.
[[0;32m  OK  [0m] Started Getty on tty3.
[[0;32m  OK  [0m] Started Getty on tty2.
[[0;32m  OK  [0m] Started Getty on tty1.
[[0;32m  OK  [0m] Started Serial Getty on ttyS0.
[[0;32m  OK  [0m] Reached target Login Prompts.
[[0;32m  OK  [0m] Reached target Multi-User System.
[[0;32m  OK  [0m] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[[0;32m  OK  [0m] Started Update UTMP about System Runlevel Changes.
[   60.219868][    T7] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:0/7
[   60.228883][    T7] caller is ext4_mb_new_blocks+0xa4d/0x3b70
[   60.235311][    T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.8.0-rc1-syzkaller #0
[   60.243997][    T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.254074][    T7] Workqueue: writeback wb_workfn (flush-8:0)
[   60.260063][    T7] Call Trace:
[   60.263368][    T7]  dump_stack+0x18f/0x20d
[   60.267718][    T7]  check_preemption_disabled+0x20d/0x220
[   60.273366][    T7]  ext4_mb_new_blocks+0xa4d/0x3b70
[   60.278489][    T7]  ? ext4_find_extent+0x81a/0xad0
[   60.283533][    T7]  ? ext4_ext_search_right+0x2ca/0xb20
[   60.288997][    T7]  ? ext4_inode_to_goal_block+0x2df/0x3f0
[   60.294733][    T7]  ext4_ext_map_blocks+0x201b/0x33e0
[   60.300430][    T7]  ? ext4_ext_release+0x10/0x10
[   60.300481][    T7]  ? down_write_killable+0x170/0x170
[   60.300497][    T7]  ? ext4_es_lookup_extent+0x41d/0xd10
[   60.300523][    T7]  ext4_map_blocks+0x4cb/0x1640
[   60.300548][    T7]  ? ext4_issue_zeroout+0x1e0/0x1e0
[   60.300574][    T7]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   60.300593][    T7]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   60.300610][    T7]  ? ext4_alloc_io_end_vec+0x145/0x1c0
[   60.300632][    T7]  ext4_writepages+0x1a7b/0x33c0
[   60.300674][    T7]  ? __ext4_mark_inode_dirty+0x940/0x940
[   60.300691][    T7]  ? __lock_acquire+0x2224/0x48b0
[   60.300726][    T7]  ? lockdep_hardirqs_on_prepare+0x590/0x590
[   60.300750][    T7]  ? lockdep_hardirqs_on_prepare+0x590/0x590
         [   60.300771][    T7]  ? __ext4_mark_inode_dirty+0x940/0x940
Starting Load/Sa[   60.300788][    T7]  ? do_writepages+0xfa/0x2a0
ve RF Kill Switc[   60.300804][    T7]  do_writepages+0xfa/0x2a0
h Status...
[   60.300829][    T7]  ? page_writeback_cpu_online+0x10/0x10
[   60.300854][    T7]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   60.300872][    T7]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   60.300888][    T7]  ? lock_downgrade+0x840/0x840
[   60.300913][    T7]  __writeback_single_inode+0x12a/0x13d0
[   60.300930][    T7]  ? _raw_spin_unlock+0x24/0x40
[   60.300947][    T7]  ? wbc_attach_and_unlock_inode+0x60a/0x9c0
[   60.300969][    T7]  writeback_sb_inodes+0x515/0xdc0
[   60.301001][    T7]  ? __writeback_single_inode+0x13d0/0x13d0
[   60.301041][    T7]  __writeback_inodes_wb+0xc3/0x250
[   60.301068][    T7]  wb_writeback+0x8db/0xd50
[   60.301096][    T7]  ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0
[   60.301117][    T7]  ? _find_next_bit.constprop.0+0x1a3/0x200
[   60.301139][    T7]  ? cpumask_next+0x3c/0x40
[   60.301158][    T7]  ? get_nr_dirty_inodes+0xd6/0x130
[   60.301189][    T7]  wb_workfn+0xab3/0x1090
[   60.301214][    T7]  ? inode_wait_for_writeback+0x30/0x30
[   60.301238][    T7]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   60.301256][    T7]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   60.301281][    T7]  process_one_work+0x965/0x1690
[   60.301308][    T7]  ? lock_release+0x800/0x800
[   60.301325][    T7]  ? pwq_dec_nr_in_flight+0x310/0x310
[   60.301347][    T7]  ? rwlock_bug.part.0+0x90/0x90
[   60.301374][    T7]  worker_thread+0x96/0xe10
[   60.301404][    T7]  ? process_one_work+0x1690/0x1690
[   60.301422][    T7]  kthread+0x3b5/0x4a0
[   60.301438][    T7]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   60.301452][    T7]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   60.301473][    T7]  ret_from_fork+0x1f/0x30
[   60.381837][ T6734] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6734
[   60.588985][ T6734] caller is ext4_mb_new_blocks+0xa4d/0x3b70
[   60.589002][ T6734] CPU: 1 PID: 6734 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0
[   60.589010][ T6734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.589015][ T6734] Call Trace:
[   60.589041][ T6734]  dump_stack+0x18f/0x20d
[   60.589065][ T6734]  check_preemption_disabled+0x20d/0x220
[   60.589083][ T6734]  ext4_mb_new_blocks+0xa4d/0x3b70
[   60.589112][ T6734]  ? ext4_ext_search_right+0x2ca/0xb20
[   60.589128][ T6734]  ? ext4_inode_to_goal_block+0x2df/0x3f0
[   60.589151][ T6734]  ext4_ext_map_blocks+0x201b/0x33e0
[   60.589177][ T6734]  ? ext4_ext_release+0x10/0x10
[   60.589210][ T6734]  ? down_write_killable+0x170/0x170
[   60.589225][ T6734]  ? ext4_es_lookup_extent+0x41d/0xd10
[   60.589249][ T6734]  ext4_map_blocks+0x4cb/0x1640
[   60.589273][ T6734]  ? ext4_issue_zeroout+0x1e0/0x1e0
[   60.589289][ T6734]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   60.589312][ T6734]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   60.589324][ T6734]  ? prandom_u32_state+0xe/0x170
[   60.589341][ T6734]  ? __brelse+0x84/0xa0
[   60.589356][ T6734]  ? __ext4_new_inode+0x144/0x55e0
[   60.589377][ T6734]  ext4_getblk+0xad/0x520
[   60.589397][ T6734]  ? ext4_iomap_overwrite_begin+0xa0/0xa0
[   60.589416][ T6734]  ? ext4_free_inode+0x1700/0x1700
[   60.589435][ T6734]  ext4_bread+0x7c/0x380
[   60.589450][ T6734]  ? ext4_getblk+0x520/0x520
[   60.589465][ T6734]  ? dquot_get_next_dqblk+0x180/0x180
[   60.589490][ T6734]  ext4_append+0x153/0x360
[   60.589512][ T6734]  ext4_mkdir+0x5e0/0xdf0
[   60.589543][ T6734]  ? ext4_rmdir+0xde0/0xde0
[   60.589563][ T6734]  ? security_inode_permission+0xc4/0xf0
[   60.589588][ T6734]  vfs_mkdir+0x419/0x690
[   60.589609][ T6734]  do_mkdirat+0x21e/0x280
[   60.589629][ T6734]  ? __ia32_sys_mknod+0xb0/0xb0
[   60.589647][ T6734]  ? do_syscall_64+0x1c/0xe0
[   60.589664][ T6734]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   60.589684][ T6734]  do_syscall_64+0x60/0xe0
[   60.589703][ T6734]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   60.589717][ T6734] RIP: 0033:0x7f0d1d4e1687
[   60.589723][ T6734] Code: Bad RIP value.
[   60.589731][ T6734] RSP: 002b:00007ffd5928cce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[   60.589746][ T6734] RAX: ffffffffffffffda RBX: 0000559d12a8f985 RCX: 00007f0d1d4e1687
[   60.589755][ T6734] RDX: 00007ffd5928cbb0 RSI: 00000000000001ed RDI: 0000559d12a8f985
[   60.589764][ T6734] RBP: 00007f0d1d4e1680 R08: 0000000000000100 R09: 0000000000000000
[   60.589774][ T6734] R10: 0000559d12a8f980 R11: 0000000000000246 R12: 00000000000001ed
[   60.589782][ T6734] R13: 00007ffd5928ce70 R14: 0000000000000000 R15: 0000000000000000

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.0.86' (ECDSA) to the list of known hosts.
2020/06/16 00:33:02 fuzzer started
2020/06/16 00:33:02 connecting to host at 10.128.0.26:35489
2020/06/16 00:33:02 checking machine...
2020/06/16 00:33:02 checking revisions...
2020/06/16 00:33:02 testing simple program...
syzkaller login: [   65.644826][ T6812] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6812
[   65.654497][ T6812] caller is ext4_mb_new_blocks+0xa4d/0x3b70
[   65.660549][ T6812] CPU: 0 PID: 6812 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0
[   65.668983][ T6812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.679034][ T6812] Call Trace:
[   65.682344][ T6812]  dump_stack+0x18f/0x20d
[   65.686670][ T6812]  check_preemption_disabled+0x20d/0x220
[   65.692294][ T6812]  ext4_mb_new_blocks+0xa4d/0x3b70
[   65.697391][ T6812]  ? ext4_ext_search_right+0x2ca/0xb20
[   65.702827][ T6812]  ? ext4_inode_to_goal_block+0x2df/0x3f0
[   65.708541][ T6812]  ext4_ext_map_blocks+0x201b/0x33e0
[   65.713820][ T6812]  ? ext4_ext_release+0x10/0x10
[   65.718681][ T6812]  ? down_write_killable+0x170/0x170
[   65.723955][ T6812]  ? ext4_es_lookup_extent+0x41d/0xd10
[   65.729398][ T6812]  ext4_map_blocks+0x4cb/0x1640
[   65.734270][ T6812]  ? ext4_issue_zeroout+0x1e0/0x1e0
[   65.739459][ T6812]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   65.744982][ T6812]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   65.750951][ T6812]  ? prandom_u32_state+0xe/0x170
[   65.755886][ T6812]  ? __brelse+0x84/0xa0
[   65.760030][ T6812]  ? __ext4_new_inode+0x144/0x55e0
[   65.765131][ T6812]  ext4_getblk+0xad/0x520
[   65.769440][ T6812]  ? ext4_iomap_overwrite_begin+0xa0/0xa0
[   65.775153][ T6812]  ? ext4_free_inode+0x1700/0x1700
[   65.780244][ T6812]  ext4_bread+0x7c/0x380
[   65.784465][ T6812]  ? ext4_getblk+0x520/0x520
[   65.789475][ T6812]  ? dquot_get_next_dqblk+0x180/0x180
[   65.794847][ T6812]  ext4_append+0x153/0x360
[   65.799261][ T6812]  ext4_mkdir+0x5e0/0xdf0
[   65.803659][ T6812]  ? ext4_rmdir+0xde0/0xde0
[   65.808144][ T6812]  ? security_inode_permission+0xc4/0xf0
[   65.813854][ T6812]  vfs_mkdir+0x419/0x690
[   65.818090][ T6812]  do_mkdirat+0x21e/0x280
[   65.822412][ T6812]  ? __ia32_sys_mknod+0xb0/0xb0
[   65.827243][ T6812]  ? do_syscall_64+0x1c/0xe0
[   65.831833][ T6812]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   65.837797][ T6812]  do_syscall_64+0x60/0xe0
[   65.842226][ T6812]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   65.848093][ T6812] RIP: 0033:0x4b02a0
[   65.851969][ T6812] Code: Bad RIP value.
[   65.856017][ T6812] RSP: 002b:000000c0002d94b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102
[   65.864414][ T6812] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0
[   65.872371][ T6812] RDX: 00000000000001c0 RSI: 000000c0002f89c0 RDI: ffffffffffffff9c
[   65.880413][ T6812] RBP: 000000c0002d9510 R08: 0000000000000000 R09: 0000000000000000
[   65.888361][ T6812] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff
[   65.896310][ T6812] R13: 000000000000004f R14: 000000000000004e R15: 0000000000000100
[   65.937669][ T6825] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6825
[   65.947164][ T6825] caller is ext4_mb_new_blocks+0xa4d/0x3b70
[   65.953183][ T6825] CPU: 0 PID: 6825 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0
[   65.961789][ T6825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   65.971853][ T6825] Call Trace:
[   65.975184][ T6825]  dump_stack+0x18f/0x20d
[   65.979532][ T6825]  check_preemption_disabled+0x20d/0x220
[   65.985175][ T6825]  ext4_mb_new_blocks+0xa4d/0x3b70
[   65.990836][ T6825]  ? ext4_ext_search_right+0x2ca/0xb20
[   65.996310][ T6825]  ? ext4_inode_to_goal_block+0x2df/0x3f0
[   66.002084][ T6825]  ext4_ext_map_blocks+0x201b/0x33e0
[   66.007398][ T6825]  ? ext4_ext_release+0x10/0x10
[   66.012290][ T6825]  ? down_write_killable+0x170/0x170
[   66.017574][ T6825]  ? ext4_es_lookup_extent+0x41d/0xd10
[   66.023181][ T6825]  ext4_map_blocks+0x4cb/0x1640
[   66.028032][ T6825]  ? ext4_issue_zeroout+0x1e0/0x1e0
[   66.036174][ T6825]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   66.041713][ T6825]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   66.047777][ T6825]  ? prandom_u32_state+0xe/0x170
[   66.052803][ T6825]  ? __brelse+0x84/0xa0
[   66.057500][ T6825]  ? __ext4_new_inode+0x144/0x55e0
[   66.062601][ T6825]  ext4_getblk+0xad/0x520
[   66.066928][ T6825]  ? ext4_iomap_overwrite_begin+0xa0/0xa0
[   66.072651][ T6825]  ? ext4_free_inode+0x1700/0x1700
[   66.077995][ T6825]  ext4_bread+0x7c/0x380
[   66.082598][ T6825]  ? ext4_getblk+0x520/0x520
[   66.087176][ T6825]  ? dquot_get_next_dqblk+0x180/0x180
[   66.092556][ T6825]  ext4_append+0x153/0x360
[   66.096966][ T6825]  ext4_mkdir+0x5e0/0xdf0
[   66.101299][ T6825]  ? ext4_rmdir+0xde0/0xde0
[   66.105796][ T6825]  ? security_inode_permission+0xc4/0xf0
[   66.111437][ T6825]  vfs_mkdir+0x419/0x690
[   66.115673][ T6825]  do_mkdirat+0x21e/0x280
[   66.119991][ T6825]  ? __ia32_sys_mknod+0xb0/0xb0
[   66.124839][ T6825]  ? do_syscall_64+0x1c/0xe0
[   66.129436][ T6825]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   66.135414][ T6825]  do_syscall_64+0x60/0xe0
[   66.139823][ T6825]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   66.145710][ T6825] RIP: 0033:0x45bed7
[   66.149595][ T6825] Code: Bad RIP value.
[   66.153648][ T6825] RSP: 002b:00007ffc4c0c0a98 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[   66.162062][ T6825] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7
[   66.170103][ T6825] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffc4c0c0c70
[   66.178117][ T6825] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003c80
[   66.186187][ T6825] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2
[   66.194166][ T6825] R13: 00007ffc4c0c0c70 R14: 8421084210842109 R15: 00007ffc4c0c0c7c
[   66.281412][ T6826] IPVS: ftp: loaded support on port[0] = 21
[   66.321492][ T6826] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6826
[   66.330982][ T6826] caller is ext4_mb_new_blocks+0xa4d/0x3b70
[   66.336883][ T6826] CPU: 1 PID: 6826 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0
[   66.345448][ T6826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.355487][ T6826] Call Trace:
[   66.358779][ T6826]  dump_stack+0x18f/0x20d
[   66.363093][ T6826]  check_preemption_disabled+0x20d/0x220
[   66.368709][ T6826]  ext4_mb_new_blocks+0xa4d/0x3b70
[   66.373989][ T6826]  ? ext4_ext_search_right+0x2ca/0xb20
[   66.379427][ T6826]  ? ext4_inode_to_goal_block+0x2df/0x3f0
[   66.385130][ T6826]  ext4_ext_map_blocks+0x201b/0x33e0
[   66.390404][ T6826]  ? ext4_ext_release+0x10/0x10
[   66.395247][ T6826]  ? down_write_killable+0x170/0x170
[   66.404000][ T6826]  ? ext4_es_lookup_extent+0x41d/0xd10
[   66.409462][ T6826]  ext4_map_blocks+0x4cb/0x1640
[   66.414319][ T6826]  ? ext4_issue_zeroout+0x1e0/0x1e0
[   66.419507][ T6826]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   66.425045][ T6826]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   66.431021][ T6826]  ? prandom_u32_state+0xe/0x170
[   66.435939][ T6826]  ? __brelse+0x84/0xa0
[   66.440082][ T6826]  ? __ext4_new_inode+0x144/0x55e0
[   66.445174][ T6826]  ext4_getblk+0xad/0x520
[   66.449502][ T6826]  ? ext4_iomap_overwrite_begin+0xa0/0xa0
[   66.455222][ T6826]  ? ext4_free_inode+0x1700/0x1700
[   66.460319][ T6826]  ext4_bread+0x7c/0x380
[   66.464541][ T6826]  ? ext4_getblk+0x520/0x520
[   66.469111][ T6826]  ? dquot_get_next_dqblk+0x180/0x180
[   66.474463][ T6826]  ext4_append+0x153/0x360
[   66.478891][ T6826]  ext4_mkdir+0x5e0/0xdf0
[   66.483817][ T6826]  ? ext4_rmdir+0xde0/0xde0
[   66.488389][ T6826]  ? security_inode_permission+0xc4/0xf0
[   66.494025][ T6826]  vfs_mkdir+0x419/0x690
[   66.498272][ T6826]  do_mkdirat+0x21e/0x280
[   66.502611][ T6826]  ? __ia32_sys_mknod+0xb0/0xb0
[   66.507460][ T6826]  ? do_syscall_64+0x1c/0xe0
[   66.512049][ T6826]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   66.518015][ T6826]  do_syscall_64+0x60/0xe0
[   66.522425][ T6826]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   66.528295][ T6826] RIP: 0033:0x45bed7
[   66.532176][ T6826] Code: Bad RIP value.
[   66.536227][ T6826] RSP: 002b:00007ffc4c0c0988 EFLAGS: 00000206 ORIG_RAX: 0000000000000053
[   66.544700][ T6826] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7
[   66.552661][ T6826] RDX: 00007ffc4c0c09d3 RSI: 00000000000001ff RDI: 00007ffc4c0c09d0
[   66.560866][ T6826] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003
[   66.569605][ T6826] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0
[   66.577554][ T6826] R13: 00007ffc4c0c09c0 R14: 0000000000000000 R15: 00007ffc4c0c09d0
[   66.633447][ T6826] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6826
[   66.643011][ T6826] caller is ext4_mb_new_blocks+0xa4d/0x3b70
[   66.649057][ T6826] CPU: 1 PID: 6826 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0
[   66.657645][ T6826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   66.667812][ T6826] Call Trace:
[   66.671114][ T6826]  dump_stack+0x18f/0x20d
[   66.675516][ T6826]  check_preemption_disabled+0x20d/0x220
[   66.681161][ T6826]  ext4_mb_new_blocks+0xa4d/0x3b70
[   66.686296][ T6826]  ? ext4_ext_search_right+0x2ca/0xb20
[   66.691787][ T6826]  ? ext4_inode_to_goal_block+0x2df/0x3f0
[   66.697528][ T6826]  ext4_ext_map_blocks+0x201b/0x33e0
[   66.703018][ T6826]  ? ext4_ext_release+0x10/0x10
[   66.707895][ T6826]  ? down_write_killable+0x170/0x170
[   66.713198][ T6826]  ? ext4_es_lookup_extent+0x41d/0xd10
[   66.718685][ T6826]  ext4_map_blocks+0x4cb/0x1640
[   66.723560][ T6826]  ? ext4_issue_zeroout+0x1e0/0x1e0
[   66.729149][ T6826]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   66.734717][ T6826]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   66.740978][ T6826]  ? prandom_u32_state+0xe/0x170
[   66.746013][ T6826]  ? __brelse+0x84/0xa0
[   66.750457][ T6826]  ? __ext4_new_inode+0x144/0x55e0
[   66.755852][ T6826]  ext4_getblk+0xad/0x520
[   66.760268][ T6826]  ? ext4_iomap_overwrite_begin+0xa0/0xa0
[   66.765972][ T6826]  ? ext4_free_inode+0x1700/0x1700
[   66.771081][ T6826]  ext4_bread+0x7c/0x380
[   66.775389][ T6826]  ? ext4_getblk+0x520/0x520
[   66.779988][ T6826]  ? dquot_get_next_dqblk+0x180/0x180
[   66.785359][ T6826]  ext4_append+0x153/0x360
[   66.789772][ T6826]  ext4_mkdir+0x5e0/0xdf0
[   66.794131][ T6826]  ? ext4_rmdir+0xde0/0xde0
[   66.798634][ T6826]  ? security_inode_permission+0xc4/0xf0
[   66.804384][ T6826]  vfs_mkdir+0x419/0x690
[   66.808618][ T6826]  do_mkdirat+0x21e/0x280
[   66.812931][ T6826]  ? __ia32_sys_mknod+0xb0/0xb0
[   66.817785][ T6826]  ? do_syscall_64+0x1c/0xe0
[   66.822400][ T6826]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   66.828392][ T6826]  do_syscall_64+0x60/0xe0
[   66.832811][ T6826]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   66.838704][ T6826] RIP: 0033:0x45bed7
[   66.842573][ T6826] Code: Bad RIP value.
[   66.846616][ T6826] RSP: 002b:00007ffc4c0c0988 EFLAGS: 00000206 ORIG_RAX: 0000000000000053
[   66.855010][ T6826] RAX: ffffffffffffffda RBX: 000000000001043b RCX: 000000000045bed7
[   66.863006][ T6826] RDX: 00007ffc4c0c09d3 RSI: 00000000000001ff RDI: 00007ffc4c0c09d0
[   66.871209][ T6826] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003
2020/06/16 00:33:03 building call list...
[   66.879174][ T6826] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003
[   66.887131][ T6826] R13: 00007ffc4c0c09c0 R14: 0000000000010435 R15: 00007ffc4c0c09d0
[   67.077762][ T6772] tipc: TX() has been purged, node left!
[   67.600203][ T6772] ==================================================================
[   67.608790][ T6772] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770
[   67.616684][ T6772] Write of size 1 at addr ffff888091fa31e4 by task kworker/u4:6/6772
[   67.624938][ T6772] 
[   67.627370][ T6772] CPU: 1 PID: 6772 Comm: kworker/u4:6 Not tainted 5.8.0-rc1-syzkaller #0
[   67.635887][ T6772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   67.646650][ T6772] Workqueue: netns cleanup_net
[   67.651410][ T6772] Call Trace:
[   67.654705][ T6772]  dump_stack+0x18f/0x20d
[   67.659036][ T6772]  ? afs_wake_up_async_call+0x6aa/0x770
[   67.664578][ T6772]  ? afs_wake_up_async_call+0x6aa/0x770
[   67.670120][ T6772]  ? afs_put_call+0xa40/0xa40
[   67.674800][ T6772]  print_address_description.constprop.0.cold+0xd3/0x413
[   67.681829][ T6772]  ? vprintk_func+0x97/0x1a6
[   67.686448][ T6772]  ? afs_wake_up_async_call+0x6aa/0x770
[   67.692077][ T6772]  kasan_report.cold+0x1f/0x37
[   67.696848][ T6772]  ? rcu_read_lock_held_common+0x51/0xa0
[   67.702478][ T6772]  ? afs_wake_up_async_call+0x6aa/0x770
[   67.708031][ T6772]  afs_wake_up_async_call+0x6aa/0x770
[   67.713407][ T6772]  ? afs_close_socket+0x320/0x320
[   67.718448][ T6772]  ? afs_put_call+0xa40/0xa40
[   67.723123][ T6772]  rxrpc_notify_socket+0x1db/0x5d0
[   67.728238][ T6772]  ? afs_put_call+0xa40/0xa40
[   67.732914][ T6772]  __rxrpc_set_call_completion.part.0+0x172/0x410
[   67.739334][ T6772]  rxrpc_call_completed+0xca/0xf0
[   67.745828][ T6772]  rxrpc_discard_prealloc+0x781/0xab0
[   67.751202][ T6772]  ? lock_sock_nested+0x94/0x110
[   67.756146][ T6772]  rxrpc_listen+0x147/0x360
[   67.760661][ T6772]  afs_close_socket+0x95/0x320
[   67.765429][ T6772]  ? afs_purge_servers+0x16d/0x300
[   67.770800][ T6772]  ? afs_rx_discard_new_call+0x50/0x50
[   67.776457][ T6772]  ? init_wait_var_entry+0x200/0x200
[   67.781753][ T6772]  ? rcu_read_lock_held_common+0xa0/0xa0
[   67.787406][ T6772]  ? check_preemption_disabled+0x38/0x220
[   67.793229][ T6772]  afs_net_exit+0x1bc/0x310
[   67.797748][ T6772]  ? afs_net_init+0xe30/0xe30
[   67.802428][ T6772]  ops_exit_list.isra.0+0xa8/0x150
[   67.807634][ T6772]  cleanup_net+0x511/0xa50
[   67.812058][ T6772]  ? unregister_pernet_device+0x70/0x70
[   67.817608][ T6772]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   67.823615][ T6772]  process_one_work+0x965/0x1690
[   67.828657][ T6772]  ? lock_release+0x800/0x800
[   67.833349][ T6772]  ? pwq_dec_nr_in_flight+0x310/0x310
[   67.838727][ T6772]  ? rwlock_bug.part.0+0x90/0x90
[   67.843685][ T6772]  worker_thread+0x96/0xe10
[   67.848200][ T6772]  ? process_one_work+0x1690/0x1690
[   67.853428][ T6772]  kthread+0x3b5/0x4a0
[   67.857500][ T6772]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   67.863216][ T6772]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   67.869380][ T6772]  ret_from_fork+0x1f/0x30
[   67.873807][ T6772] 
[   67.876139][ T6772] Allocated by task 6826:
[   67.880466][ T6772]  save_stack+0x1b/0x40
[   67.884735][ T6772]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   67.890392][ T6772]  kmem_cache_alloc_trace+0x153/0x7d0
[   67.895760][ T6772]  afs_alloc_call+0x55/0x630
[   67.900349][ T6772]  afs_charge_preallocation+0xe9/0x2d0
[   67.905976][ T6772]  afs_open_socket+0x292/0x360
[   67.910734][ T6772]  afs_net_init+0xa6c/0xe30
[   67.915232][ T6772]  ops_init+0xaf/0x420
[   67.919303][ T6772]  setup_net+0x2de/0x860
[   67.923540][ T6772]  copy_net_ns+0x293/0x590
[   67.927954][ T6772]  create_new_namespaces+0x3fb/0xb30
[   67.933234][ T6772]  unshare_nsproxy_namespaces+0xbd/0x1f0
[   67.938865][ T6772]  ksys_unshare+0x43d/0x8e0
[   67.943371][ T6772]  __x64_sys_unshare+0x2d/0x40
[   67.948130][ T6772]  do_syscall_64+0x60/0xe0
[   67.952553][ T6772]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   67.958452][ T6772] 
[   67.960865][ T6772] Freed by task 6772:
[   67.964851][ T6772]  save_stack+0x1b/0x40
[   67.969017][ T6772]  __kasan_slab_free+0xf7/0x140
[   67.973870][ T6772]  kfree+0x109/0x2b0
[   67.977808][ T6772]  afs_put_call+0x585/0xa40
[   67.982318][ T6772]  rxrpc_discard_prealloc+0x764/0xab0
[   67.987707][ T6772]  rxrpc_listen+0x147/0x360
[   67.992353][ T6772]  afs_close_socket+0x95/0x320
[   67.997138][ T6772]  afs_net_exit+0x1bc/0x310
[   68.001680][ T6772]  ops_exit_list.isra.0+0xa8/0x150
[   68.006804][ T6772]  cleanup_net+0x511/0xa50
[   68.011221][ T6772]  process_one_work+0x965/0x1690
[   68.016189][ T6772]  worker_thread+0x96/0xe10
[   68.020774][ T6772]  kthread+0x3b5/0x4a0
[   68.024840][ T6772]  ret_from_fork+0x1f/0x30
[   68.029243][ T6772] 
[   68.031570][ T6772] The buggy address belongs to the object at ffff888091fa3000
[   68.031570][ T6772]  which belongs to the cache kmalloc-1k of size 1024
[   68.045621][ T6772] The buggy address is located 484 bytes inside of
[   68.045621][ T6772]  1024-byte region [ffff888091fa3000, ffff888091fa3400)
[   68.058980][ T6772] The buggy address belongs to the page:
[   68.064633][ T6772] page:ffffea000247e8c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[   68.073733][ T6772] flags: 0xfffe0000000200(slab)
[   68.078585][ T6772] raw: 00fffe0000000200 ffffea0002a49b48 ffffea0002556148 ffff8880aa000c40
[   68.087403][ T6772] raw: 0000000000000000 ffff888091fa3000 0000000100000002 0000000000000000
[   68.095996][ T6772] page dumped because: kasan: bad access detected
[   68.102397][ T6772] 
[   68.104720][ T6772] Memory state around the buggy address:
[   68.110476][ T6772]  ffff888091fa3080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.118547][ T6772]  ffff888091fa3100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.126609][ T6772] >ffff888091fa3180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.134662][ T6772]                                                        ^
[   68.141873][ T6772]  ffff888091fa3200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.149931][ T6772]  ffff888091fa3280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   68.157984][ T6772] ==================================================================
[   68.166033][ T6772] Disabling lock debugging due to kernel taint
[   68.172275][ T6772] Kernel panic - not syncing: panic_on_warn set ...
[   68.179041][ T6772] CPU: 1 PID: 6772 Comm: kworker/u4:6 Tainted: G    B             5.8.0-rc1-syzkaller #0
[   68.189280][ T6772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   68.199349][ T6772] Workqueue: netns cleanup_net
[   68.204109][ T6772] Call Trace:
[   68.207405][ T6772]  dump_stack+0x18f/0x20d
[   68.211744][ T6772]  ? afs_wake_up_async_call+0x670/0x770
[   68.217290][ T6772]  ? afs_put_call+0xa40/0xa40
[   68.222226][ T6772]  panic+0x2e3/0x75c
[   68.226140][ T6772]  ? __warn_printk+0xf3/0xf3
[   68.230764][ T6772]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[   68.236918][ T6772]  ? trace_hardirqs_on+0x55/0x220
[   68.241938][ T6772]  ? afs_wake_up_async_call+0x6aa/0x770
[   68.247475][ T6772]  ? afs_wake_up_async_call+0x6aa/0x770
[   68.253013][ T6772]  ? afs_put_call+0xa40/0xa40
[   68.257689][ T6772]  end_report+0x4d/0x53
[   68.261863][ T6772]  kasan_report.cold+0xd/0x37
[   68.266556][ T6772]  ? rcu_read_lock_held_common+0x51/0xa0
[   68.272199][ T6772]  ? afs_wake_up_async_call+0x6aa/0x770
[   68.277736][ T6772]  afs_wake_up_async_call+0x6aa/0x770
[   68.283969][ T6772]  ? afs_close_socket+0x320/0x320
[   68.288985][ T6772]  ? afs_put_call+0xa40/0xa40
[   68.293654][ T6772]  rxrpc_notify_socket+0x1db/0x5d0
[   68.298760][ T6772]  ? afs_put_call+0xa40/0xa40
[   68.303441][ T6772]  __rxrpc_set_call_completion.part.0+0x172/0x410
[   68.309866][ T6772]  rxrpc_call_completed+0xca/0xf0
[   68.314891][ T6772]  rxrpc_discard_prealloc+0x781/0xab0
[   68.320265][ T6772]  ? lock_sock_nested+0x94/0x110
[   68.325197][ T6772]  rxrpc_listen+0x147/0x360
[   68.329702][ T6772]  afs_close_socket+0x95/0x320
[   68.334455][ T6772]  ? afs_purge_servers+0x16d/0x300
[   68.339590][ T6772]  ? afs_rx_discard_new_call+0x50/0x50
[   68.345042][ T6772]  ? init_wait_var_entry+0x200/0x200
[   68.350324][ T6772]  ? rcu_read_lock_held_common+0xa0/0xa0
[   68.355947][ T6772]  ? check_preemption_disabled+0x38/0x220
[   68.361658][ T6772]  afs_net_exit+0x1bc/0x310
[   68.366151][ T6772]  ? afs_net_init+0xe30/0xe30
[   68.370820][ T6772]  ops_exit_list.isra.0+0xa8/0x150
[   68.375923][ T6772]  cleanup_net+0x511/0xa50
[   68.380418][ T6772]  ? unregister_pernet_device+0x70/0x70
[   68.385962][ T6772]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   68.391938][ T6772]  process_one_work+0x965/0x1690
[   68.396873][ T6772]  ? lock_release+0x800/0x800
[   68.401542][ T6772]  ? pwq_dec_nr_in_flight+0x310/0x310
[   68.407177][ T6772]  ? rwlock_bug.part.0+0x90/0x90
[   68.412285][ T6772]  worker_thread+0x96/0xe10
[   68.416785][ T6772]  ? process_one_work+0x1690/0x1690
[   68.421976][ T6772]  kthread+0x3b5/0x4a0
[   68.426036][ T6772]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   68.431747][ T6772]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   68.437483][ T6772]  ret_from_fork+0x1f/0x30
[   68.443305][ T6772] Kernel Offset: disabled
[   68.447826][ T6772] Rebooting in 86400 seconds..