Starting Load/Save RF Kill Switch Status... [ 58.146727][ T84] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:3/84 [ 58.155944][ T84] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.162149][ T84] CPU: 1 PID: 84 Comm: kworker/u4:3 Not tainted 5.8.0-rc1-syzkaller #0 [ 58.162168][ T84] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.162186][ T84] Workqueue: writeback wb_workfn (flush-8:0) [ 58.162197][ T84] Call Trace: [ 58.162216][ T84] dump_stack+0x18f/0x20d [ 58.162241][ T84] check_preemption_disabled+0x20d/0x220 [ 58.162259][ T84] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.162280][ T84] ? ext4_find_extent+0x81a/0xad0 [ 58.162306][ T84] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.162323][ T84] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.162350][ T84] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.162379][ T84] ? ext4_ext_release+0x10/0x10 [ 58.162416][ T84] ? down_write_killable+0x170/0x170 [ 58.162441][ T84] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.162467][ T84] ext4_map_blocks+0x4cb/0x1640 [ 58.162493][ T84] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.162518][ T84] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.162537][ T84] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.162554][ T84] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 58.162576][ T84] ext4_writepages+0x1a7b/0x33c0 [ 58.162617][ T84] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.162633][ T84] ? __lock_acquire+0x2224/0x48b0 [ 58.162669][ T84] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.162688][ T84] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.162708][ T84] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.162731][ T84] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.162748][ T84] ? do_writepages+0xfa/0x2a0 [ 58.162764][ T84] do_writepages+0xfa/0x2a0 [ 58.162789][ T84] ? page_writeback_cpu_online+0x10/0x10 [ 58.162814][ T84] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.162833][ T84] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.162849][ T84] ? lock_downgrade+0x840/0x840 [ 58.162874][ T84] __writeback_single_inode+0x12a/0x13d0 [ 58.162891][ T84] ? _raw_spin_unlock+0x24/0x40 [ 58.162909][ T84] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 58.162931][ T84] writeback_sb_inodes+0x515/0xdc0 [ 58.162971][ T84] ? __writeback_single_inode+0x13d0/0x13d0 [ 58.163012][ T84] __writeback_inodes_wb+0xc3/0x250 [ 58.163043][ T84] wb_writeback+0x8db/0xd50 [ 58.163072][ T84] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 58.163094][ T84] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 58.163117][ T84] ? cpumask_next+0x3c/0x40 [ 58.163135][ T84] ? get_nr_dirty_inodes+0xd6/0x130 [ 58.163159][ T84] wb_workfn+0xab3/0x1090 [ 58.163186][ T84] ? inode_wait_for_writeback+0x30/0x30 [ 58.163215][ T84] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.163234][ T84] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.163259][ T84] process_one_work+0x965/0x1690 [ 58.163286][ T84] ? lock_release+0x800/0x800 [ 58.163304][ T84] ? pwq_dec_nr_in_flight+0x310/0x310 [ 58.163330][ T84] ? rwlock_bug.part.0+0x90/0x90 [ 58.163362][ T84] worker_thread+0x96/0xe10 [ 58.163392][ T84] ? process_one_work+0x1690/0x1690 [ 58.163411][ T84] kthread+0x3b5/0x4a0 [ 58.163431][ T84] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.163446][ T84] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.163481][ T84] ret_from_fork+0x1f/0x30 [ 58.264825][ T6734] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6734 [ 58.542685][ T6734] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.542701][ T6734] CPU: 0 PID: 6734 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 58.542716][ T6734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.542724][ T6734] Call Trace: [ 58.570581][ T6734] dump_stack+0x18f/0x20d [ 58.570604][ T6734] check_preemption_disabled+0x20d/0x220 [ 58.570621][ T6734] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.570649][ T6734] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.570664][ T6734] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.570688][ T6734] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.570715][ T6734] ? ext4_ext_release+0x10/0x10 [ 58.570749][ T6734] ? down_write_killable+0x170/0x170 [ 58.570764][ T6734] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.570785][ T6734] ext4_map_blocks+0x4cb/0x1640 [ 58.570809][ T6734] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.570827][ T6734] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.570846][ T6734] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.570860][ T6734] ? prandom_u32_state+0xe/0x170 [ 58.570885][ T6734] ? __brelse+0x84/0xa0 [ 58.570902][ T6734] ? __ext4_new_inode+0x144/0x55e0 [ 58.570923][ T6734] ext4_getblk+0xad/0x520 [ 58.570943][ T6734] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.570966][ T6734] ? ext4_free_inode+0x1700/0x1700 [ 58.570986][ T6734] ext4_bread+0x7c/0x380 [ 58.571003][ T6734] ? ext4_getblk+0x520/0x520 [ 58.571019][ T6734] ? dquot_get_next_dqblk+0x180/0x180 [ 58.571042][ T6734] ext4_append+0x153/0x360 [ 58.571060][ T6734] ext4_mkdir+0x5e0/0xdf0 [ 58.571078][ T6734] ? ext4_rmdir+0xde0/0xde0 [ 58.571093][ T6734] ? security_inode_permission+0xc4/0xf0 [ 58.571112][ T6734] vfs_mkdir+0x419/0x690 [ 58.571128][ T6734] do_mkdirat+0x21e/0x280 [ 58.571143][ T6734] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.571157][ T6734] ? do_syscall_64+0x1c/0xe0 [ 58.571171][ T6734] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.571186][ T6734] do_syscall_64+0x60/0xe0 [ 58.571201][ T6734] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.571212][ T6734] RIP: 0033:0x7f299e298687 [ 58.571217][ T6734] Code: Bad RIP value. [ 58.571224][ T6734] RSP: 002b:00007ffc737d3d38 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 58.571236][ T6734] RAX: ffffffffffffffda RBX: 00005558c1174985 RCX: 00007f299e298687 [ 58.571243][ T6734] RDX: 00007ffc737d3c00 RSI: 00000000000001ed RDI: 00005558c1174985 [ 58.571250][ T6734] RBP: 00007f299e298680 R08: 0000000000000100 R09: 0000000000000000 [ 58.571262][ T6734] R10: 00005558c1174980 R11: 0000000000000246 R12: 00000000000001ed [ 58.571269][ T6734] R13: 00007ffc737d3ec0 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.13' (ECDSA) to the list of known hosts. 2020/06/15 19:19:31 fuzzer started 2020/06/15 19:19:32 connecting to host at 10.128.0.26:38473 2020/06/15 19:19:32 checking machine... 2020/06/15 19:19:32 checking revisions... 2020/06/15 19:19:32 testing simple program... syzkaller login: [ 63.844143][ T6814] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6814 [ 63.853250][ T6814] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.859528][ T6814] CPU: 0 PID: 6814 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 63.867771][ T6814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.877806][ T6814] Call Trace: [ 63.881082][ T6814] dump_stack+0x18f/0x20d [ 63.885410][ T6814] check_preemption_disabled+0x20d/0x220 [ 63.891024][ T6814] ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.896124][ T6814] ? ext4_ext_search_right+0x2ca/0xb20 [ 63.901578][ T6814] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 63.909122][ T6814] ext4_ext_map_blocks+0x201b/0x33e0 [ 63.914416][ T6814] ? ext4_ext_release+0x10/0x10 [ 63.919284][ T6814] ? down_write_killable+0x170/0x170 [ 63.924548][ T6814] ? ext4_es_lookup_extent+0x41d/0xd10 [ 63.930005][ T6814] ext4_map_blocks+0x4cb/0x1640 [ 63.934838][ T6814] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 63.940013][ T6814] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.945535][ T6814] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.951491][ T6814] ? prandom_u32_state+0xe/0x170 [ 63.956415][ T6814] ? __brelse+0x84/0xa0 [ 63.960564][ T6814] ? __ext4_new_inode+0x144/0x55e0 [ 63.965657][ T6814] ext4_getblk+0xad/0x520 [ 63.969967][ T6814] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 63.975688][ T6814] ? ext4_free_inode+0x1700/0x1700 [ 63.981518][ T6814] ext4_bread+0x7c/0x380 [ 63.985758][ T6814] ? ext4_getblk+0x520/0x520 [ 63.990331][ T6814] ? dquot_get_next_dqblk+0x180/0x180 [ 63.995695][ T6814] ext4_append+0x153/0x360 [ 64.000096][ T6814] ext4_mkdir+0x5e0/0xdf0 [ 64.004419][ T6814] ? ext4_rmdir+0xde0/0xde0 [ 64.008927][ T6814] ? security_inode_permission+0xc4/0xf0 [ 64.014556][ T6814] vfs_mkdir+0x419/0x690 [ 64.018811][ T6814] do_mkdirat+0x21e/0x280 [ 64.023133][ T6814] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.027977][ T6814] ? do_syscall_64+0x1c/0xe0 [ 64.032582][ T6814] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.038573][ T6814] do_syscall_64+0x60/0xe0 [ 64.043024][ T6814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.048897][ T6814] RIP: 0033:0x4b02a0 [ 64.052766][ T6814] Code: Bad RIP value. [ 64.056809][ T6814] RSP: 002b:000000c0000df4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 64.065209][ T6814] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 64.073158][ T6814] RDX: 00000000000001c0 RSI: 000000c0002e6a80 RDI: ffffffffffffff9c [ 64.081125][ T6814] RBP: 000000c0000df510 R08: 0000000000000000 R09: 0000000000000000 [ 64.089263][ T6814] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 64.097282][ T6814] R13: 0000000000000055 R14: 0000000000000054 R15: 0000000000000100 [ 64.124866][ T6829] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6829 [ 64.134264][ T6829] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.140263][ T6829] CPU: 0 PID: 6829 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.148868][ T6829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.158907][ T6829] Call Trace: [ 64.162189][ T6829] dump_stack+0x18f/0x20d [ 64.166529][ T6829] check_preemption_disabled+0x20d/0x220 [ 64.172165][ T6829] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.177288][ T6829] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.182732][ T6829] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.188441][ T6829] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.193993][ T6829] ? ext4_ext_release+0x10/0x10 [ 64.198849][ T6829] ? down_write_killable+0x170/0x170 [ 64.204118][ T6829] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.209560][ T6829] ext4_map_blocks+0x4cb/0x1640 [ 64.214404][ T6829] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.219599][ T6829] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.225132][ T6829] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.231103][ T6829] ? prandom_u32_state+0xe/0x170 [ 64.236029][ T6829] ? __brelse+0x84/0xa0 [ 64.240166][ T6829] ? __ext4_new_inode+0x144/0x55e0 [ 64.245263][ T6829] ext4_getblk+0xad/0x520 [ 64.249579][ T6829] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.255285][ T6829] ? ext4_free_inode+0x1700/0x1700 [ 64.260383][ T6829] ext4_bread+0x7c/0x380 [ 64.264609][ T6829] ? ext4_getblk+0x520/0x520 [ 64.269207][ T6829] ? dquot_get_next_dqblk+0x180/0x180 [ 64.274581][ T6829] ext4_append+0x153/0x360 [ 64.279015][ T6829] ext4_mkdir+0x5e0/0xdf0 [ 64.283380][ T6829] ? ext4_rmdir+0xde0/0xde0 [ 64.287882][ T6829] ? security_inode_permission+0xc4/0xf0 [ 64.293513][ T6829] vfs_mkdir+0x419/0x690 [ 64.297757][ T6829] do_mkdirat+0x21e/0x280 [ 64.302362][ T6829] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.307216][ T6829] ? do_syscall_64+0x1c/0xe0 [ 64.311798][ T6829] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.317790][ T6829] do_syscall_64+0x60/0xe0 [ 64.322224][ T6829] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.328097][ T6829] RIP: 0033:0x45bed7 [ 64.331967][ T6829] Code: Bad RIP value. [ 64.336011][ T6829] RSP: 002b:00007ffff18d9e08 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 64.344399][ T6829] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 64.352357][ T6829] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffff18d9fe0 [ 64.360321][ T6829] RBP: 0000000000000001 R08: 0000000000000000 R09: 00000000000034c0 [ 64.368287][ T6829] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 64.376239][ T6829] R13: 00007ffff18d9fe0 R14: 8421084210842109 R15: 00007ffff18d9fec [ 64.460949][ T6830] IPVS: ftp: loaded support on port[0] = 21 [ 64.498410][ T6830] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6830 [ 64.508083][ T6830] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.514026][ T6830] CPU: 1 PID: 6830 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.522811][ T6830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.532878][ T6830] Call Trace: [ 64.536156][ T6830] dump_stack+0x18f/0x20d [ 64.540489][ T6830] check_preemption_disabled+0x20d/0x220 [ 64.546103][ T6830] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.551208][ T6830] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.556663][ T6830] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.562817][ T6830] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.568157][ T6830] ? ext4_ext_release+0x10/0x10 [ 64.573000][ T6830] ? down_write_killable+0x170/0x170 [ 64.578414][ T6830] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.583859][ T6830] ext4_map_blocks+0x4cb/0x1640 [ 64.588725][ T6830] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.593922][ T6830] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.599602][ T6830] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.605584][ T6830] ? prandom_u32_state+0xe/0x170 [ 64.610525][ T6830] ? __brelse+0x84/0xa0 [ 64.614667][ T6830] ? __ext4_new_inode+0x144/0x55e0 [ 64.619780][ T6830] ext4_getblk+0xad/0x520 [ 64.624094][ T6830] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.629809][ T6830] ? ext4_free_inode+0x1700/0x1700 [ 64.634918][ T6830] ext4_bread+0x7c/0x380 [ 64.639138][ T6830] ? ext4_getblk+0x520/0x520 [ 64.643800][ T6830] ? dquot_get_next_dqblk+0x180/0x180 [ 64.649154][ T6830] ext4_append+0x153/0x360 [ 64.653552][ T6830] ext4_mkdir+0x5e0/0xdf0 [ 64.657872][ T6830] ? ext4_rmdir+0xde0/0xde0 [ 64.662357][ T6830] ? security_inode_permission+0xc4/0xf0 [ 64.667974][ T6830] vfs_mkdir+0x419/0x690 [ 64.672211][ T6830] do_mkdirat+0x21e/0x280 [ 64.676538][ T6830] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.681381][ T6830] ? do_syscall_64+0x1c/0xe0 [ 64.685968][ T6830] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.691928][ T6830] do_syscall_64+0x60/0xe0 [ 64.696340][ T6830] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.702208][ T6830] RIP: 0033:0x45bed7 [ 64.706087][ T6830] Code: Bad RIP value. [ 64.710303][ T6830] RSP: 002b:00007ffff18d9cf8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 64.718710][ T6830] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 64.726689][ T6830] RDX: 00007ffff18d9d43 RSI: 00000000000001ff RDI: 00007ffff18d9d40 [ 64.734636][ T6830] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 64.742583][ T6830] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185c0 [ 64.750545][ T6830] R13: 00007ffff18d9d30 R14: 0000000000000000 R15: 00007ffff18d9d40 [ 64.834657][ T6830] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6830 [ 64.844073][ T6830] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.850269][ T6830] CPU: 0 PID: 6830 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.858985][ T6830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.869239][ T6830] Call Trace: [ 64.872521][ T6830] dump_stack+0x18f/0x20d [ 64.876852][ T6830] check_preemption_disabled+0x20d/0x220 [ 64.882471][ T6830] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.887606][ T6830] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.893860][ T6830] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.899569][ T6830] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.904861][ T6830] ? ext4_ext_release+0x10/0x10 [ 64.909702][ T6830] ? down_write_killable+0x170/0x170 [ 64.914966][ T6830] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.920412][ T6830] ext4_map_blocks+0x4cb/0x1640 [ 64.925261][ T6830] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.930439][ T6830] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.935962][ T6830] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.941919][ T6830] ? prandom_u32_state+0xe/0x170 [ 64.948313][ T6830] ? __brelse+0x84/0xa0 [ 64.952443][ T6830] ? __ext4_new_inode+0x144/0x55e0 [ 64.957543][ T6830] ext4_getblk+0xad/0x520 [ 64.961860][ T6830] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.967569][ T6830] ? ext4_free_inode+0x1700/0x1700 [ 64.973274][ T6830] ext4_bread+0x7c/0x380 [ 64.977493][ T6830] ? ext4_getblk+0x520/0x520 [ 64.982058][ T6830] ? dquot_get_next_dqblk+0x180/0x180 [ 64.987412][ T6830] ext4_append+0x153/0x360 [ 64.991827][ T6830] ext4_mkdir+0x5e0/0xdf0 [ 64.996140][ T6830] ? ext4_rmdir+0xde0/0xde0 [ 65.000620][ T6830] ? security_inode_permission+0xc4/0xf0 [ 65.006236][ T6830] vfs_mkdir+0x419/0x690 [ 65.010458][ T6830] do_mkdirat+0x21e/0x280 [ 65.014781][ T6830] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.019869][ T6830] ? do_syscall_64+0x1c/0xe0 [ 65.024445][ T6830] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.030413][ T6830] do_syscall_64+0x60/0xe0 [ 65.034819][ T6830] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.040683][ T6830] RIP: 0033:0x45bed7 [ 65.044594][ T6830] Code: Bad RIP value. [ 65.048633][ T6830] RSP: 002b:00007ffff18d9cf8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 65.057028][ T6830] RAX: ffffffffffffffda RBX: 000000000000fd26 RCX: 000000000045bed7 [ 65.065283][ T6830] RDX: 00007ffff18d9d43 RSI: 00000000000001ff RDI: 00007ffff18d9d40 [ 65.073237][ T6830] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/15 19:19:33 building call list... [ 65.081203][ T6830] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 65.089156][ T6830] R13: 00007ffff18d9d30 R14: 000000000000fd0e R15: 00007ffff18d9d40 [ 65.314578][ T26] tipc: TX() has been purged, node left! [ 65.846536][ T26] ================================================================== [ 65.854787][ T26] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 65.862670][ T26] Write of size 1 at addr ffff8880939ca1e4 by task kworker/u4:2/26 [ 65.870555][ T26] [ 65.872886][ T26] CPU: 0 PID: 26 Comm: kworker/u4:2 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.881109][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.891163][ T26] Workqueue: netns cleanup_net [ 65.895938][ T26] Call Trace: [ 65.899228][ T26] dump_stack+0x18f/0x20d [ 65.903558][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.909100][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.914638][ T26] ? afs_put_call+0xa40/0xa40 [ 65.919312][ T26] print_address_description.constprop.0.cold+0xd3/0x413 [ 65.926365][ T26] ? vprintk_func+0x97/0x1a6 [ 65.930957][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.936497][ T26] kasan_report.cold+0x1f/0x37 [ 65.941265][ T26] ? rcu_read_lock_held_common+0x51/0xa0 [ 65.946893][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.952522][ T26] afs_wake_up_async_call+0x6aa/0x770 [ 65.958321][ T26] ? afs_close_socket+0x320/0x320 [ 65.963343][ T26] ? afs_put_call+0xa40/0xa40 [ 65.968019][ T26] rxrpc_notify_socket+0x1db/0x5d0 [ 65.973131][ T26] ? afs_put_call+0xa40/0xa40 [ 65.977803][ T26] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 65.984224][ T26] rxrpc_call_completed+0xca/0xf0 [ 65.989266][ T26] rxrpc_discard_prealloc+0x781/0xab0 [ 65.994724][ T26] ? lock_sock_nested+0x94/0x110 [ 66.000009][ T26] rxrpc_listen+0x147/0x360 [ 66.004513][ T26] afs_close_socket+0x95/0x320 [ 66.009272][ T26] ? afs_purge_servers+0x16d/0x300 [ 66.014381][ T26] ? afs_rx_discard_new_call+0x50/0x50 [ 66.019845][ T26] ? init_wait_var_entry+0x200/0x200 [ 66.025222][ T26] ? rcu_read_lock_held_common+0xa0/0xa0 [ 66.030852][ T26] ? check_preemption_disabled+0x38/0x220 [ 66.037793][ T26] afs_net_exit+0x1bc/0x310 [ 66.042294][ T26] ? afs_net_init+0xe30/0xe30 [ 66.046965][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 66.052083][ T26] cleanup_net+0x511/0xa50 [ 66.056503][ T26] ? unregister_pernet_device+0x70/0x70 [ 66.062069][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.068068][ T26] process_one_work+0x965/0x1690 [ 66.073030][ T26] ? lock_release+0x800/0x800 [ 66.077709][ T26] ? pwq_dec_nr_in_flight+0x310/0x310 [ 66.083080][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 66.088027][ T26] worker_thread+0x96/0xe10 [ 66.092541][ T26] ? process_one_work+0x1690/0x1690 [ 66.097737][ T26] kthread+0x3b5/0x4a0 [ 66.101800][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.107516][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.113235][ T26] ret_from_fork+0x1f/0x30 [ 66.117658][ T26] [ 66.119980][ T26] Allocated by task 6830: [ 66.124302][ T26] save_stack+0x1b/0x40 [ 66.128452][ T26] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 66.134076][ T26] kmem_cache_alloc_trace+0x153/0x7d0 [ 66.139451][ T26] afs_alloc_call+0x55/0x630 [ 66.144035][ T26] afs_charge_preallocation+0xe9/0x2d0 [ 66.149492][ T26] afs_open_socket+0x292/0x360 [ 66.154853][ T26] afs_net_init+0xa6c/0xe30 [ 66.159349][ T26] ops_init+0xaf/0x420 [ 66.163409][ T26] setup_net+0x2de/0x860 [ 66.167644][ T26] copy_net_ns+0x293/0x590 [ 66.172059][ T26] create_new_namespaces+0x3fb/0xb30 [ 66.177435][ T26] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 66.183066][ T26] ksys_unshare+0x43d/0x8e0 [ 66.189299][ T26] __x64_sys_unshare+0x2d/0x40 [ 66.194057][ T26] do_syscall_64+0x60/0xe0 [ 66.198477][ T26] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.204353][ T26] [ 66.206686][ T26] Freed by task 26: [ 66.210487][ T26] save_stack+0x1b/0x40 [ 66.214652][ T26] __kasan_slab_free+0xf7/0x140 [ 66.219495][ T26] kfree+0x109/0x2b0 [ 66.223382][ T26] afs_put_call+0x585/0xa40 [ 66.227881][ T26] rxrpc_discard_prealloc+0x764/0xab0 [ 66.233264][ T26] rxrpc_listen+0x147/0x360 [ 66.237761][ T26] afs_close_socket+0x95/0x320 [ 66.242519][ T26] afs_net_exit+0x1bc/0x310 [ 66.247014][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 66.252208][ T26] cleanup_net+0x511/0xa50 [ 66.256647][ T26] process_one_work+0x965/0x1690 [ 66.261629][ T26] worker_thread+0x96/0xe10 [ 66.266140][ T26] kthread+0x3b5/0x4a0 [ 66.270207][ T26] ret_from_fork+0x1f/0x30 [ 66.274626][ T26] [ 66.276950][ T26] The buggy address belongs to the object at ffff8880939ca000 [ 66.276950][ T26] which belongs to the cache kmalloc-1k of size 1024 [ 66.290996][ T26] The buggy address is located 484 bytes inside of [ 66.290996][ T26] 1024-byte region [ffff8880939ca000, ffff8880939ca400) [ 66.304351][ T26] The buggy address belongs to the page: [ 66.309990][ T26] page:ffffea00024e7280 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 66.319095][ T26] flags: 0xfffe0000000200(slab) [ 66.323950][ T26] raw: 00fffe0000000200 ffffea0002554288 ffffea000280fa88 ffff8880aa000c40 [ 66.332582][ T26] raw: 0000000000000000 ffff8880939ca000 0000000100000002 0000000000000000 [ 66.341174][ T26] page dumped because: kasan: bad access detected [ 66.347594][ T26] [ 66.349911][ T26] Memory state around the buggy address: [ 66.355537][ T26] ffff8880939ca080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.363585][ T26] ffff8880939ca100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.371639][ T26] >ffff8880939ca180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.379691][ T26] ^ [ 66.387052][ T26] ffff8880939ca200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.395108][ T26] ffff8880939ca280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.403161][ T26] ================================================================== [ 66.411264][ T26] Disabling lock debugging due to kernel taint [ 66.417469][ T26] Kernel panic - not syncing: panic_on_warn set ... [ 66.424058][ T26] CPU: 0 PID: 26 Comm: kworker/u4:2 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 66.433673][ T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.443730][ T26] Workqueue: netns cleanup_net [ 66.448486][ T26] Call Trace: [ 66.451789][ T26] dump_stack+0x18f/0x20d [ 66.456295][ T26] ? afs_wake_up_async_call+0x670/0x770 [ 66.461837][ T26] ? afs_put_call+0xa40/0xa40 [ 66.466499][ T26] panic+0x2e3/0x75c [ 66.470381][ T26] ? __warn_printk+0xf3/0xf3 [ 66.474961][ T26] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 66.481104][ T26] ? trace_hardirqs_on+0x55/0x220 [ 66.486115][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.491793][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.497424][ T26] ? afs_put_call+0xa40/0xa40 [ 66.502109][ T26] end_report+0x4d/0x53 [ 66.506255][ T26] kasan_report.cold+0xd/0x37 [ 66.511095][ T26] ? rcu_read_lock_held_common+0x51/0xa0 [ 66.516916][ T26] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.522637][ T26] afs_wake_up_async_call+0x6aa/0x770 [ 66.528607][ T26] ? afs_close_socket+0x320/0x320 [ 66.533619][ T26] ? afs_put_call+0xa40/0xa40 [ 66.538286][ T26] rxrpc_notify_socket+0x1db/0x5d0 [ 66.543403][ T26] ? afs_put_call+0xa40/0xa40 [ 66.548082][ T26] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 66.554512][ T26] rxrpc_call_completed+0xca/0xf0 [ 66.559520][ T26] rxrpc_discard_prealloc+0x781/0xab0 [ 66.564911][ T26] ? lock_sock_nested+0x94/0x110 [ 66.569846][ T26] rxrpc_listen+0x147/0x360 [ 66.574338][ T26] afs_close_socket+0x95/0x320 [ 66.579079][ T26] ? afs_purge_servers+0x16d/0x300 [ 66.584181][ T26] ? afs_rx_discard_new_call+0x50/0x50 [ 66.589706][ T26] ? init_wait_var_entry+0x200/0x200 [ 66.594989][ T26] ? rcu_read_lock_held_common+0xa0/0xa0 [ 66.600607][ T26] ? check_preemption_disabled+0x38/0x220 [ 66.606308][ T26] afs_net_exit+0x1bc/0x310 [ 66.610796][ T26] ? afs_net_init+0xe30/0xe30 [ 66.615564][ T26] ops_exit_list.isra.0+0xa8/0x150 [ 66.620934][ T26] cleanup_net+0x511/0xa50 [ 66.625346][ T26] ? unregister_pernet_device+0x70/0x70 [ 66.630887][ T26] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.636994][ T26] process_one_work+0x965/0x1690 [ 66.641931][ T26] ? lock_release+0x800/0x800 [ 66.646600][ T26] ? pwq_dec_nr_in_flight+0x310/0x310 [ 66.652008][ T26] ? rwlock_bug.part.0+0x90/0x90 [ 66.656937][ T26] worker_thread+0x96/0xe10 [ 66.661433][ T26] ? process_one_work+0x1690/0x1690 [ 66.666632][ T26] kthread+0x3b5/0x4a0 [ 66.670696][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.676406][ T26] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.682649][ T26] ret_from_fork+0x1f/0x30 [ 66.688366][ T26] Kernel Offset: disabled [ 66.692725][ T26] Rebooting in 86400 seconds..