[ 64.419788][ T145] process_one_work+0x965/0x1690 [ 64.424745][ T145] ? lock_release+0x800/0x800 [ 64.429431][ T145] ? pwq_dec_nr_in_flight+0x310/0x310 [ 64.434813][ T145] ? rwlock_bug.part.0+0x90/0x90 [ 64.439775][ T145] worker_thread+0x96/0xe10 [ 64.444741][ T145] ? process_one_work+0x1690/0x1690 [ 64.449950][ T145] kthread+0x3b5/0x4a0 [ 64.454029][ T145] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.459755][ T145] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.465490][ T145] ret_from_fork+0x1f/0x30 [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty1. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ OK ] Started Update UTMP about System Runlevel Changes. [ 72.319880][ T6873] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6873 [ 72.329361][ T6873] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 72.335342][ T6873] CPU: 0 PID: 6873 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 72.343929][ T6873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 72.354507][ T6873] Call Trace: [ 72.357807][ T6873] dump_stack+0x18f/0x20d [ 72.362667][ T6873] check_preemption_disabled+0x20d/0x220 [ 72.368280][ T6873] ext4_mb_new_blocks+0xa4d/0x3b70 [ 72.373406][ T6873] ? ext4_ext_search_right+0x2ca/0xb20 [ 72.378861][ T6873] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 72.384573][ T6873] ext4_ext_map_blocks+0x201b/0x33e0 [ 72.389842][ T6873] ? ext4_ext_release+0x10/0x10 [ 72.395204][ T6873] ? down_write_killable+0x170/0x170 [ 72.400468][ T6873] ? ext4_es_lookup_extent+0x41d/0xd10 [ 72.405919][ T6873] ext4_map_blocks+0x4cb/0x1640 [ 72.410751][ T6873] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 72.415937][ T6873] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 72.421461][ T6873] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 72.427416][ T6873] ? prandom_u32_state+0xe/0x170 [ 72.432331][ T6873] ? __brelse+0x84/0xa0 [ 72.436465][ T6873] ? __ext4_new_inode+0x144/0x55e0 [ 72.441553][ T6873] ext4_getblk+0xad/0x520 [ 72.445877][ T6873] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 72.451587][ T6873] ? ext4_free_inode+0x1700/0x1700 [ 72.456697][ T6873] ext4_bread+0x7c/0x380 [ 72.460929][ T6873] ? ext4_getblk+0x520/0x520 [ 72.465507][ T6873] ? dquot_get_next_dqblk+0x180/0x180 [ 72.471814][ T6873] ext4_append+0x153/0x360 [ 72.476225][ T6873] ext4_mkdir+0x5e0/0xdf0 [ 72.480534][ T6873] ? ext4_rmdir+0xde0/0xde0 [ 72.485038][ T6873] vfs_mkdir+0x419/0x690 [ 72.489260][ T6873] do_mkdirat+0x21e/0x280 [ 72.493570][ T6873] ? __ia32_sys_mknod+0xb0/0xb0 [ 72.498414][ T6873] ? do_syscall_64+0x1c/0xe0 [ 72.502982][ T6873] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 72.508941][ T6873] do_syscall_64+0x60/0xe0 [ 72.513347][ T6873] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 72.519222][ T6873] RIP: 0033:0x7f8a274d1687 [ 72.523612][ T6873] Code: Bad RIP value. [ 72.527652][ T6873] RSP: 002b:00007ffc05d28ca8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 72.536046][ T6873] RAX: ffffffffffffffda RBX: 000055e75145a985 RCX: 00007f8a274d1687 [ 72.544000][ T6873] RDX: 00007ffc05d28b70 RSI: 00000000000001ed RDI: 000055e75145a985 [ 72.551961][ T6873] RBP: 00007f8a274d1680 R08: 0000000000000100 R09: 0000000000000000 [ 72.559921][ T6873] R10: 000055e75145a980 R11: 0000000000000246 R12: 00000000000001ed [ 72.567871][ T6873] R13: 00007ffc05d28e30 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.37' (ECDSA) to the list of known hosts. 2020/06/14 22:30:47 fuzzer started 2020/06/14 22:30:48 connecting to host at 10.128.0.26:39965 2020/06/14 22:30:48 checking machine... 2020/06/14 22:30:48 checking revisions... 2020/06/14 22:30:48 testing simple program... syzkaller login: [ 75.044582][ T6945] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6945 [ 75.053744][ T6945] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 75.060316][ T6945] CPU: 1 PID: 6945 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 75.068668][ T6945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.078983][ T6945] Call Trace: [ 75.082265][ T6945] dump_stack+0x18f/0x20d [ 75.086582][ T6945] check_preemption_disabled+0x20d/0x220 [ 75.092211][ T6945] ext4_mb_new_blocks+0xa4d/0x3b70 [ 75.097321][ T6945] ? ext4_ext_search_right+0x2ca/0xb20 [ 75.103073][ T6945] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 75.108795][ T6945] ext4_ext_map_blocks+0x201b/0x33e0 [ 75.114116][ T6945] ? ext4_ext_release+0x10/0x10 [ 75.118960][ T6945] ? down_write_killable+0x170/0x170 [ 75.124232][ T6945] ? ext4_es_lookup_extent+0x41d/0xd10 [ 75.129671][ T6945] ext4_map_blocks+0x4cb/0x1640 [ 75.134506][ T6945] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 75.139682][ T6945] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 75.145218][ T6945] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 75.151175][ T6945] ? prandom_u32_state+0xe/0x170 [ 75.156116][ T6945] ? __brelse+0x84/0xa0 [ 75.160449][ T6945] ? __ext4_new_inode+0x144/0x55e0 [ 75.165541][ T6945] ext4_getblk+0xad/0x520 [ 75.169850][ T6945] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 75.175551][ T6945] ? ext4_free_inode+0x1700/0x1700 [ 75.180658][ T6945] ext4_bread+0x7c/0x380 [ 75.184878][ T6945] ? ext4_getblk+0x520/0x520 [ 75.189445][ T6945] ? dquot_get_next_dqblk+0x180/0x180 [ 75.194798][ T6945] ext4_append+0x153/0x360 [ 75.199889][ T6945] ext4_mkdir+0x5e0/0xdf0 [ 75.204209][ T6945] ? ext4_rmdir+0xde0/0xde0 [ 75.209393][ T6945] vfs_mkdir+0x419/0x690 [ 75.213614][ T6945] do_mkdirat+0x21e/0x280 [ 75.218009][ T6945] ? __ia32_sys_mknod+0xb0/0xb0 [ 75.222837][ T6945] ? do_syscall_64+0x1c/0xe0 [ 75.227406][ T6945] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 75.233377][ T6945] do_syscall_64+0x60/0xe0 [ 75.237787][ T6945] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 75.243656][ T6945] RIP: 0033:0x4b02a0 [ 75.247539][ T6945] Code: Bad RIP value. [ 75.251578][ T6945] RSP: 002b:000000c0000e54b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 75.259975][ T6945] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 75.268463][ T6945] RDX: 00000000000001c0 RSI: 000000c000026a00 RDI: ffffffffffffff9c [ 75.276412][ T6945] RBP: 000000c0000e5510 R08: 0000000000000000 R09: 0000000000000000 [ 75.284380][ T6945] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 75.292332][ T6945] R13: 0000000000000051 R14: 0000000000000050 R15: 0000000000000100 [ 75.317836][ T29] audit: type=1400 audit(1592173848.638:8): avc: denied { execmem } for pid=6962 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 75.318625][ T6962] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6962 [ 75.348391][ T6962] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 75.354360][ T6962] CPU: 1 PID: 6962 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 75.363898][ T6962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.374455][ T6962] Call Trace: [ 75.377740][ T6962] dump_stack+0x18f/0x20d [ 75.382052][ T6962] check_preemption_disabled+0x20d/0x220 [ 75.387678][ T6962] ext4_mb_new_blocks+0xa4d/0x3b70 [ 75.392781][ T6962] ? ext4_ext_search_right+0x2ca/0xb20 [ 75.398217][ T6962] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 75.403919][ T6962] ext4_ext_map_blocks+0x201b/0x33e0 [ 75.409195][ T6962] ? ext4_ext_release+0x10/0x10 [ 75.414039][ T6962] ? down_write_killable+0x170/0x170 [ 75.420092][ T6962] ? ext4_es_lookup_extent+0x41d/0xd10 [ 75.425811][ T6962] ext4_map_blocks+0x4cb/0x1640 [ 75.430665][ T6962] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 75.435975][ T6962] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 75.442563][ T6962] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 75.448962][ T6962] ? prandom_u32_state+0xe/0x170 [ 75.453990][ T6962] ? __brelse+0x84/0xa0 [ 75.458234][ T6962] ? __ext4_new_inode+0x144/0x55e0 [ 75.463328][ T6962] ext4_getblk+0xad/0x520 [ 75.467639][ T6962] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 75.473343][ T6962] ? ext4_free_inode+0x1700/0x1700 [ 75.478489][ T6962] ext4_bread+0x7c/0x380 [ 75.482726][ T6962] ? ext4_getblk+0x520/0x520 [ 75.487320][ T6962] ? dquot_get_next_dqblk+0x180/0x180 [ 75.492716][ T6962] ? security_transition_sid+0x123/0x190 [ 75.498356][ T6962] ? security_transition_sid+0xed/0x190 [ 75.503903][ T6962] ext4_append+0x153/0x360 [ 75.508324][ T6962] ext4_mkdir+0x5e0/0xdf0 [ 75.512655][ T6962] ? ext4_rmdir+0xde0/0xde0 [ 75.517162][ T6962] vfs_mkdir+0x419/0x690 [ 75.521388][ T6962] do_mkdirat+0x21e/0x280 [ 75.525715][ T6962] ? __ia32_sys_mknod+0xb0/0xb0 [ 75.530547][ T6962] ? do_syscall_64+0x1c/0xe0 [ 75.535133][ T6962] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 75.541111][ T6962] do_syscall_64+0x60/0xe0 [ 75.545524][ T6962] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 75.551405][ T6962] RIP: 0033:0x45bee7 [ 75.555286][ T6962] Code: Bad RIP value. [ 75.559327][ T6962] RSP: 002b:00007ffca6120368 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 75.568042][ T6962] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 75.576001][ T6962] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffca6120540 [ 75.584131][ T6962] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003c80 [ 75.592104][ T6962] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 75.600267][ T6962] R13: 00007ffca6120540 R14: 8421084210842109 R15: 00007ffca612054c [ 75.689491][ T6963] IPVS: ftp: loaded support on port[0] = 21 [ 75.727645][ T6963] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6963 [ 75.737100][ T6963] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 75.743162][ T6963] CPU: 0 PID: 6963 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 75.751745][ T6963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 75.761785][ T6963] Call Trace: [ 75.765069][ T6963] dump_stack+0x18f/0x20d [ 75.769492][ T6963] check_preemption_disabled+0x20d/0x220 [ 75.775138][ T6963] ext4_mb_new_blocks+0xa4d/0x3b70 [ 75.780244][ T6963] ? ext4_ext_search_right+0x2ca/0xb20 [ 75.786750][ T6963] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 75.792473][ T6963] ext4_ext_map_blocks+0x201b/0x33e0 [ 75.797751][ T6963] ? ext4_ext_release+0x10/0x10 [ 75.802770][ T6963] ? down_write_killable+0x170/0x170 [ 75.808942][ T6963] ? ext4_es_lookup_extent+0x41d/0xd10 [ 75.814407][ T6963] ext4_map_blocks+0x4cb/0x1640 [ 75.819270][ T6963] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 75.824471][ T6963] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 75.830019][ T6963] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 75.835980][ T6963] ? prandom_u32_state+0xe/0x170 [ 75.840899][ T6963] ? __brelse+0x84/0xa0 [ 75.845053][ T6963] ? __ext4_new_inode+0x144/0x55e0 [ 75.850166][ T6963] ext4_getblk+0xad/0x520 [ 75.855870][ T6963] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 75.861577][ T6963] ? ext4_free_inode+0x1700/0x1700 [ 75.866670][ T6963] ext4_bread+0x7c/0x380 [ 75.870936][ T6963] ? ext4_getblk+0x520/0x520 [ 75.875506][ T6963] ? dquot_get_next_dqblk+0x180/0x180 [ 75.881812][ T6963] ? security_transition_sid+0x123/0x190 [ 75.887427][ T6963] ? security_transition_sid+0xed/0x190 [ 75.893040][ T6963] ext4_append+0x153/0x360 [ 75.897668][ T6963] ext4_mkdir+0x5e0/0xdf0 [ 75.902140][ T6963] ? ext4_rmdir+0xde0/0xde0 [ 75.906648][ T6963] vfs_mkdir+0x419/0x690 [ 75.910881][ T6963] do_mkdirat+0x21e/0x280 [ 75.915212][ T6963] ? __ia32_sys_mknod+0xb0/0xb0 [ 75.920040][ T6963] ? do_syscall_64+0x1c/0xe0 [ 75.924612][ T6963] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 75.930573][ T6963] do_syscall_64+0x60/0xe0 [ 75.934981][ T6963] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 75.940869][ T6963] RIP: 0033:0x45bee7 [ 75.945285][ T6963] Code: Bad RIP value. [ 75.949686][ T6963] RSP: 002b:00007ffca6120258 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 75.958084][ T6963] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 75.966033][ T6963] RDX: 00007ffca61202a3 RSI: 00000000000001ff RDI: 00007ffca61202a0 [ 75.973990][ T6963] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 75.981991][ T6963] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 75.989987][ T6963] R13: 00007ffca6120290 R14: 0000000000000000 R15: 00007ffca61202a0 [ 76.027649][ T29] audit: type=1400 audit(1592173849.349:9): avc: denied { execmem } for pid=6984 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 76.064560][ T6963] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6963 [ 76.074022][ T6963] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 76.079924][ T6963] CPU: 0 PID: 6963 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 76.088513][ T6963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 76.098570][ T6963] Call Trace: [ 76.101868][ T6963] dump_stack+0x18f/0x20d [ 76.106701][ T6963] check_preemption_disabled+0x20d/0x220 [ 76.116084][ T6963] ext4_mb_new_blocks+0xa4d/0x3b70 [ 76.121226][ T6963] ? ext4_ext_search_right+0x2ca/0xb20 [ 76.127410][ T6963] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 76.133762][ T6963] ext4_ext_map_blocks+0x201b/0x33e0 [ 76.139077][ T6963] ? ext4_ext_release+0x10/0x10 [ 76.143946][ T6963] ? down_write_killable+0x170/0x170 [ 76.149439][ T6963] ? ext4_es_lookup_extent+0x41d/0xd10 [ 76.154986][ T6963] ext4_map_blocks+0x4cb/0x1640 [ 76.159942][ T6963] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 76.165152][ T6963] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 76.171126][ T6963] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 76.177090][ T6963] ? prandom_u32_state+0xe/0x170 [ 76.182109][ T6963] ? __brelse+0x84/0xa0 [ 76.186527][ T6963] ? __ext4_new_inode+0x144/0x55e0 [ 76.191622][ T6963] ext4_getblk+0xad/0x520 [ 76.195938][ T6963] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 76.201646][ T6963] ? ext4_free_inode+0x1700/0x1700 [ 76.206745][ T6963] ext4_bread+0x7c/0x380 [ 76.210967][ T6963] ? ext4_getblk+0x520/0x520 [ 76.215538][ T6963] ? dquot_get_next_dqblk+0x180/0x180 [ 76.220915][ T6963] ? security_transition_sid+0x123/0x190 [ 76.226543][ T6963] ? security_transition_sid+0xed/0x190 [ 76.232089][ T6963] ext4_append+0x153/0x360 [ 76.236517][ T6963] ext4_mkdir+0x5e0/0xdf0 [ 76.240851][ T6963] ? ext4_rmdir+0xde0/0xde0 [ 76.245447][ T6963] vfs_mkdir+0x419/0x690 [ 76.249683][ T6963] do_mkdirat+0x21e/0x280 [ 76.253992][ T6963] ? __ia32_sys_mknod+0xb0/0xb0 [ 76.258836][ T6963] ? do_syscall_64+0x1c/0xe0 [ 76.263425][ T6963] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 76.269401][ T6963] do_syscall_64+0x60/0xe0 [ 76.273801][ T6963] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 76.279679][ T6963] RIP: 0033:0x45bee7 [ 76.283557][ T6963] Code: Bad RIP value. 2020/06/14 22:30:49 building call list... [ 76.287597][ T6963] RSP: 002b:00007ffca6120258 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 76.295992][ T6963] RAX: ffffffffffffffda RBX: 000000000001291e RCX: 000000000045bee7 [ 76.304815][ T6963] RDX: 00007ffca61202a3 RSI: 00000000000001ff RDI: 00007ffca61202a0 [ 76.312781][ T6963] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 76.321173][ T6963] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 76.329122][ T6963] R13: 00007ffca6120290 R14: 00000000000128f2 R15: 00007ffca61202a0 [ 76.592155][ T4757] tipc: TX() has been purged, node left! [ 77.042238][ T1154] BUG: using smp_processor_id() in preemptible [00000000] code: khugepaged/1154 [ 77.051435][ T1154] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 77.058223][ T1154] CPU: 1 PID: 1154 Comm: khugepaged Not tainted 5.8.0-rc1-syzkaller #0 [ 77.066468][ T1154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.076514][ T1154] Call Trace: [ 77.079807][ T1154] dump_stack+0x18f/0x20d [ 77.084159][ T1154] check_preemption_disabled+0x20d/0x220 [ 77.089790][ T1154] ext4_mb_new_blocks+0xa4d/0x3b70 [ 77.094933][ T1154] ? ext4_find_extent+0x81a/0xad0 [ 77.099983][ T1154] ? ext4_ext_search_right+0x2ca/0xb20 [ 77.105443][ T1154] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 77.111169][ T1154] ext4_ext_map_blocks+0x201b/0x33e0 [ 77.116463][ T1154] ? ext4_ext_release+0x10/0x10 [ 77.121342][ T1154] ? down_write_killable+0x170/0x170 [ 77.126624][ T1154] ? ext4_es_lookup_extent+0x41d/0xd10 [ 77.132095][ T1154] ext4_map_blocks+0x4cb/0x1640 [ 77.136955][ T1154] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 77.142165][ T1154] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 77.147705][ T1154] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 77.153680][ T1154] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 77.159152][ T1154] ext4_writepages+0x1a7b/0x33c0 [ 77.164111][ T1154] ? __ext4_mark_inode_dirty+0x940/0x940 [ 77.169774][ T1154] ? __ext4_mark_inode_dirty+0x940/0x940 [ 77.175431][ T1154] ? do_writepages+0xfa/0x2a0 [ 77.180108][ T1154] do_writepages+0xfa/0x2a0 [ 77.184624][ T1154] ? page_writeback_cpu_online+0x10/0x10 [ 77.190254][ T1154] ? do_raw_spin_lock+0x120/0x2d0 [ 77.195280][ T1154] ? do_raw_spin_unlock+0x171/0x260 [ 77.200474][ T1154] ? _raw_spin_unlock+0x24/0x40 [ 77.205336][ T1154] __filemap_fdatawrite_range+0x2aa/0x390 [ 77.211051][ T1154] ? collapse_file+0x35a2/0x4330 [ 77.215995][ T1154] ? delete_from_page_cache_batch+0xeb0/0xeb0 [ 77.222071][ T1154] ? _raw_spin_unlock_irq+0x1f/0x80 [ 77.227269][ T1154] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 77.233290][ T1154] collapse_file+0x35ac/0x4330 [ 77.238110][ T1154] ? collapse_huge_page+0x4350/0x4350 [ 77.243581][ T1154] ? khugepaged+0x2506/0x3fc0 [ 77.248291][ T1154] khugepaged+0x3041/0x3fc0 [ 77.252826][ T1154] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 77.258555][ T1154] ? lock_downgrade+0x840/0x840 [ 77.263412][ T1154] ? finish_wait+0x260/0x260 [ 77.268004][ T1154] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 77.273917][ T1154] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 77.279922][ T1154] ? __kthread_parkme+0x13f/0x1e0 [ 77.284953][ T1154] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 77.290587][ T1154] kthread+0x3b5/0x4a0 [ 77.294655][ T1154] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 77.300369][ T1154] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 77.306106][ T1154] ret_from_fork+0x1f/0x30 [ 77.334780][ T4757] ================================================================== [ 77.343047][ T4757] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 77.350936][ T4757] Write of size 1 at addr ffff8880997889e4 by task kworker/u4:5/4757 [ 77.358990][ T4757] [ 77.361331][ T4757] CPU: 1 PID: 4757 Comm: kworker/u4:5 Not tainted 5.8.0-rc1-syzkaller #0 [ 77.370258][ T4757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.380331][ T4757] Workqueue: netns cleanup_net [ 77.385092][ T4757] Call Trace: [ 77.388390][ T4757] dump_stack+0x18f/0x20d [ 77.392730][ T4757] ? afs_wake_up_async_call+0x6aa/0x770 [ 77.398410][ T4757] ? afs_wake_up_async_call+0x6aa/0x770 [ 77.403956][ T4757] ? afs_put_call+0xa40/0xa40 [ 77.408632][ T4757] print_address_description.constprop.0.cold+0xd3/0x413 [ 77.415659][ T4757] ? vprintk_func+0x97/0x1a6 [ 77.420824][ T4757] ? afs_wake_up_async_call+0x6aa/0x770 [ 77.426381][ T4757] kasan_report.cold+0x1f/0x37 [ 77.431149][ T4757] ? rcu_read_lock_held_common+0x51/0xa0 [ 77.436781][ T4757] ? afs_wake_up_async_call+0x6aa/0x770 [ 77.442328][ T4757] afs_wake_up_async_call+0x6aa/0x770 [ 77.448395][ T4757] ? afs_close_socket+0x320/0x320 [ 77.453419][ T4757] ? afs_put_call+0xa40/0xa40 [ 77.458097][ T4757] rxrpc_notify_socket+0x1db/0x5d0 [ 77.463228][ T4757] ? afs_put_call+0xa40/0xa40 [ 77.467910][ T4757] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 77.474348][ T4757] rxrpc_call_completed+0xca/0xf0 [ 77.479398][ T4757] rxrpc_discard_prealloc+0x781/0xab0 [ 77.484781][ T4757] ? lock_sock_nested+0x94/0x110 [ 77.489727][ T4757] rxrpc_listen+0x147/0x360 [ 77.494246][ T4757] afs_close_socket+0x95/0x320 [ 77.499030][ T4757] ? afs_purge_servers+0x16d/0x300 [ 77.504141][ T4757] ? afs_rx_discard_new_call+0x50/0x50 [ 77.511166][ T4757] ? init_wait_var_entry+0x200/0x200 [ 77.516545][ T4757] ? rcu_read_lock_held_common+0xa0/0xa0 [ 77.522193][ T4757] ? check_preemption_disabled+0x38/0x220 [ 77.527965][ T4757] afs_net_exit+0x1bc/0x310 [ 77.532493][ T4757] ? afs_net_init+0xe30/0xe30 [ 77.537184][ T4757] ops_exit_list.isra.0+0xa8/0x150 [ 77.542320][ T4757] cleanup_net+0x511/0xa50 [ 77.546770][ T4757] ? unregister_pernet_device+0x70/0x70 [ 77.552322][ T4757] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 77.558310][ T4757] process_one_work+0x965/0x1690 [ 77.563265][ T4757] ? lock_release+0x800/0x800 [ 77.567951][ T4757] ? pwq_dec_nr_in_flight+0x310/0x310 [ 77.573344][ T4757] ? rwlock_bug.part.0+0x90/0x90 [ 77.578303][ T4757] worker_thread+0x96/0xe10 [ 77.582826][ T4757] ? process_one_work+0x1690/0x1690 [ 77.588034][ T4757] kthread+0x3b5/0x4a0 [ 77.592110][ T4757] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 77.597859][ T4757] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 77.603591][ T4757] ret_from_fork+0x1f/0x30 [ 77.608031][ T4757] [ 77.610371][ T4757] Allocated by task 6963: [ 77.614789][ T4757] save_stack+0x1b/0x40 [ 77.618943][ T4757] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 77.624663][ T4757] kmem_cache_alloc_trace+0x153/0x7d0 [ 77.630041][ T4757] afs_alloc_call+0x55/0x630 [ 77.634632][ T4757] afs_charge_preallocation+0xe9/0x2d0 [ 77.640119][ T4757] afs_open_socket+0x292/0x360 [ 77.644885][ T4757] afs_net_init+0xa6c/0xe30 [ 77.649385][ T4757] ops_init+0xaf/0x420 [ 77.653451][ T4757] setup_net+0x2de/0x860 [ 77.657689][ T4757] copy_net_ns+0x293/0x590 [ 77.662103][ T4757] create_new_namespaces+0x3fb/0xb30 [ 77.667391][ T4757] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 77.673033][ T4757] ksys_unshare+0x43d/0x8e0 [ 77.677539][ T4757] __x64_sys_unshare+0x2d/0x40 [ 77.682408][ T4757] do_syscall_64+0x60/0xe0 [ 77.686829][ T4757] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 77.693146][ T4757] [ 77.695481][ T4757] Freed by task 4757: [ 77.699807][ T4757] save_stack+0x1b/0x40 [ 77.703957][ T4757] __kasan_slab_free+0xf7/0x140 [ 77.708814][ T4757] kfree+0x109/0x2b0 [ 77.712709][ T4757] afs_put_call+0x585/0xa40 [ 77.717243][ T4757] rxrpc_discard_prealloc+0x764/0xab0 [ 77.722956][ T4757] rxrpc_listen+0x147/0x360 [ 77.727459][ T4757] afs_close_socket+0x95/0x320 [ 77.732251][ T4757] afs_net_exit+0x1bc/0x310 [ 77.736754][ T4757] ops_exit_list.isra.0+0xa8/0x150 [ 77.741910][ T4757] cleanup_net+0x511/0xa50 [ 77.746336][ T4757] process_one_work+0x965/0x1690 [ 77.751276][ T4757] worker_thread+0x96/0xe10 [ 77.755794][ T4757] kthread+0x3b5/0x4a0 [ 77.759883][ T4757] ret_from_fork+0x1f/0x30 [ 77.765861][ T4757] [ 77.768189][ T4757] The buggy address belongs to the object at ffff888099788800 [ 77.768189][ T4757] which belongs to the cache kmalloc-1k of size 1024 [ 77.782424][ T4757] The buggy address is located 484 bytes inside of [ 77.782424][ T4757] 1024-byte region [ffff888099788800, ffff888099788c00) [ 77.795955][ T4757] The buggy address belongs to the page: [ 77.801714][ T4757] page:ffffea000265e200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 77.810873][ T4757] flags: 0xfffe0000000200(slab) [ 77.815753][ T4757] raw: 00fffe0000000200 ffffea000236c708 ffffea0002879808 ffff8880aa000c40 [ 77.824349][ T4757] raw: 0000000000000000 ffff888099788000 0000000100000002 0000000000000000 [ 77.836499][ T4757] page dumped because: kasan: bad access detected [ 77.842910][ T4757] [ 77.845236][ T4757] Memory state around the buggy address: [ 77.850867][ T4757] ffff888099788880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.858931][ T4757] ffff888099788900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.867023][ T4757] >ffff888099788980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.875182][ T4757] ^ [ 77.882374][ T4757] ffff888099788a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.890443][ T4757] ffff888099788a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.898519][ T4757] ================================================================== [ 77.906575][ T4757] Disabling lock debugging due to kernel taint [ 77.912830][ T4757] Kernel panic - not syncing: panic_on_warn set ... [ 77.919420][ T4757] CPU: 1 PID: 4757 Comm: kworker/u4:5 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 77.929211][ T4757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 77.941004][ T4757] Workqueue: netns cleanup_net [ 77.945755][ T4757] Call Trace: [ 77.949041][ T4757] dump_stack+0x18f/0x20d [ 77.953374][ T4757] ? afs_wake_up_async_call+0x670/0x770 [ 77.958915][ T4757] ? afs_put_call+0xa40/0xa40 [ 77.963590][ T4757] panic+0x2e3/0x75c [ 77.967476][ T4757] ? __warn_printk+0xf3/0xf3 [ 77.972058][ T4757] ? asm_common_interrupt+0x1e/0x40 [ 77.977254][ T4757] ? trace_hardirqs_on+0x55/0x220 [ 77.982271][ T4757] ? afs_wake_up_async_call+0x6aa/0x770 [ 77.987805][ T4757] ? afs_wake_up_async_call+0x6aa/0x770 [ 77.993350][ T4757] ? afs_put_call+0xa40/0xa40 [ 77.998017][ T4757] end_report+0x4d/0x53 [ 78.002165][ T4757] kasan_report.cold+0xd/0x37 [ 78.006834][ T4757] ? rcu_read_lock_held_common+0x51/0xa0 [ 78.012454][ T4757] ? afs_wake_up_async_call+0x6aa/0x770 [ 78.017988][ T4757] afs_wake_up_async_call+0x6aa/0x770 [ 78.023350][ T4757] ? afs_close_socket+0x320/0x320 [ 78.028372][ T4757] ? afs_put_call+0xa40/0xa40 [ 78.033477][ T4757] rxrpc_notify_socket+0x1db/0x5d0 [ 78.038583][ T4757] ? afs_put_call+0xa40/0xa40 [ 78.043254][ T4757] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 78.049659][ T4757] rxrpc_call_completed+0xca/0xf0 [ 78.054695][ T4757] rxrpc_discard_prealloc+0x781/0xab0 [ 78.060061][ T4757] ? lock_sock_nested+0x94/0x110 [ 78.064992][ T4757] rxrpc_listen+0x147/0x360 [ 78.069489][ T4757] afs_close_socket+0x95/0x320 [ 78.074244][ T4757] ? afs_purge_servers+0x16d/0x300 [ 78.079345][ T4757] ? afs_rx_discard_new_call+0x50/0x50 executing program [ 78.084797][ T4757] ? init_wait_var_entry+0x200/0x200 [ 78.090082][ T4757] ? rcu_read_lock_held_common+0xa0/0xa0 [ 78.095717][ T4757] ? check_preemption_disabled+0x38/0x220 [ 78.101427][ T4757] afs_net_exit+0x1bc/0x310 [ 78.105918][ T4757] ? afs_net_init+0xe30/0xe30 [ 78.110584][ T4757] ops_exit_list.isra.0+0xa8/0x150 [ 78.115696][ T4757] cleanup_net+0x511/0xa50 [ 78.120103][ T4757] ? unregister_pernet_device+0x70/0x70 [ 78.125642][ T4757] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 78.131617][ T4757] process_one_work+0x965/0x1690 [ 78.136552][ T4757] ? lock_release+0x800/0x800 [ 78.141306][ T4757] ? pwq_dec_nr_in_flight+0x310/0x310 [ 78.147465][ T4757] ? rwlock_bug.part.0+0x90/0x90 [ 78.152397][ T4757] worker_thread+0x96/0xe10 [ 78.156980][ T4757] ? process_one_work+0x1690/0x1690 [ 78.162168][ T4757] kthread+0x3b5/0x4a0 [ 78.166226][ T4757] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 78.171933][ T4757] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 78.177643][ T4757] ret_from_fork+0x1f/0x30 [ 78.183397][ T4757] Kernel Offset: disabled [ 78.187773][ T4757] Rebooting in 86400 seconds..