Starting Load/Save RF Kill Switch Status... [ 58.098424][ T6737] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6737 [ 58.108436][ T6737] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.114432][ T6737] CPU: 0 PID: 6737 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 58.123025][ T6737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.133081][ T6737] Call Trace: [ 58.136356][ T6737] dump_stack+0x18f/0x20d [ 58.140694][ T6737] check_preemption_disabled+0x20d/0x220 [ 58.146308][ T6737] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.151431][ T6737] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.156869][ T6737] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.162572][ T6737] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.167856][ T6737] ? ext4_ext_release+0x10/0x10 [ 58.172719][ T6737] ? down_write_killable+0x170/0x170 [ 58.178028][ T6737] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.183472][ T6737] ext4_map_blocks+0x4cb/0x1640 [ 58.188309][ T6737] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.193663][ T6737] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.199190][ T6737] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.205147][ T6737] ? prandom_u32_state+0xe/0x170 [ 58.210068][ T6737] ? __brelse+0x84/0xa0 [ 58.214220][ T6737] ? __ext4_new_inode+0x144/0x55e0 [ 58.219333][ T6737] ext4_getblk+0xad/0x520 [ 58.224104][ T6737] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.229831][ T6737] ? ext4_free_inode+0x1700/0x1700 [ 58.234999][ T6737] ext4_bread+0x7c/0x380 [ 58.239272][ T6737] ? ext4_getblk+0x520/0x520 [ 58.243863][ T6737] ? dquot_get_next_dqblk+0x180/0x180 [ 58.249240][ T6737] ext4_append+0x153/0x360 [ 58.253646][ T6737] ext4_mkdir+0x5e0/0xdf0 [ 58.257980][ T6737] ? ext4_rmdir+0xde0/0xde0 [ 58.262471][ T6737] ? security_inode_permission+0xc4/0xf0 [ 58.268105][ T6737] vfs_mkdir+0x419/0x690 [ 58.272357][ T6737] do_mkdirat+0x21e/0x280 [ 58.276669][ T6737] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.281503][ T6737] ? do_syscall_64+0x1c/0xe0 [ 58.286097][ T6737] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.292224][ T6737] do_syscall_64+0x60/0xe0 [ 58.296639][ T6737] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.302540][ T6737] RIP: 0033:0x7f82712d3687 [ 58.306951][ T6737] Code: Bad RIP value. [ 58.310999][ T6737] RSP: 002b:00007ffedde9de18 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 58.319498][ T6737] RAX: ffffffffffffffda RBX: 0000555721d9a985 RCX: 00007f82712d3687 [ 58.327481][ T6737] RDX: 00007ffedde9dce0 RSI: 00000000000001ed RDI: 0000555721d9a985 [ 58.335478][ T6737] RBP: 00007f82712d3680 R08: 0000000000000100 R09: 0000000000000000 [ 58.343456][ T6737] R10: 0000555721d9a980 R11: 0000000000000246 R12: 00000000000001ed [ 58.351415][ T6737] R13: 00007ffedde9dfa0 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. [ 59.166657][ T278] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:6/278 [ 59.176046][ T278] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.182037][ T278] CPU: 0 PID: 278 Comm: kworker/u4:6 Not tainted 5.8.0-rc1-syzkaller #0 [ 59.190371][ T278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.200436][ T278] Workqueue: writeback wb_workfn (flush-8:0) [ 59.207445][ T278] Call Trace: [ 59.210719][ T278] dump_stack+0x18f/0x20d [ 59.215055][ T278] check_preemption_disabled+0x20d/0x220 [ 59.220681][ T278] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.225779][ T278] ? ext4_find_extent+0x81a/0xad0 [ 59.230788][ T278] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.236232][ T278] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.241948][ T278] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.247240][ T278] ? ext4_ext_release+0x10/0x10 [ 59.252099][ T278] ? down_write_killable+0x170/0x170 [ 59.257368][ T278] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.262811][ T278] ext4_map_blocks+0x4cb/0x1640 [ 59.267669][ T278] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.272863][ T278] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.278408][ T278] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.284367][ T278] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 59.289903][ T278] ext4_writepages+0x1a7b/0x33c0 [ 59.294832][ T278] ? __ext4_mark_inode_dirty+0x940/0x940 [ 59.300447][ T278] ? __lock_acquire+0x2224/0x48b0 [ 59.305474][ T278] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 59.311443][ T278] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 59.317407][ T278] ? __ext4_mark_inode_dirty+0x940/0x940 [ 59.323082][ T278] ? do_writepages+0xfa/0x2a0 [ 59.327776][ T278] do_writepages+0xfa/0x2a0 [ 59.332270][ T278] ? page_writeback_cpu_online+0x10/0x10 [ 59.337918][ T278] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.344069][ T278] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.350043][ T278] ? lock_downgrade+0x840/0x840 [ 59.354892][ T278] __writeback_single_inode+0x12a/0x13d0 [ 59.361733][ T278] ? _raw_spin_unlock+0x24/0x40 [ 59.366563][ T278] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 59.372539][ T278] writeback_sb_inodes+0x515/0xdc0 [ 59.377665][ T278] ? __writeback_single_inode+0x13d0/0x13d0 [ 59.383550][ T278] __writeback_inodes_wb+0xc3/0x250 [ 59.388745][ T278] wb_writeback+0x8db/0xd50 [ 59.393236][ T278] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 59.399563][ T278] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 59.405439][ T278] ? cpumask_next+0x3c/0x40 [ 59.409939][ T278] ? get_nr_dirty_inodes+0xd6/0x130 [ 59.415117][ T278] wb_workfn+0xab3/0x1090 [ 59.419447][ T278] ? inode_wait_for_writeback+0x30/0x30 [ 59.424978][ T278] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.430527][ T278] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.436504][ T278] process_one_work+0x965/0x1690 [ 59.441531][ T278] ? lock_release+0x800/0x800 [ 59.446189][ T278] ? pwq_dec_nr_in_flight+0x310/0x310 [ 59.451669][ T278] ? rwlock_bug.part.0+0x90/0x90 [ 59.456610][ T278] worker_thread+0x96/0xe10 [ 59.461099][ T278] ? process_one_work+0x1690/0x1690 [ 59.466277][ T278] kthread+0x3b5/0x4a0 [ 59.470322][ T278] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 59.476017][ T278] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 59.481762][ T278] ret_from_fork+0x1f/0x30 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.24' (ECDSA) to the list of known hosts. 2020/06/16 02:14:51 fuzzer started 2020/06/16 02:14:51 connecting to host at 10.128.0.26:43651 2020/06/16 02:14:51 checking machine... 2020/06/16 02:14:51 checking revisions... 2020/06/16 02:14:51 testing simple program... syzkaller login: [ 63.346822][ T6786] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6786 [ 63.356072][ T6786] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.361972][ T6786] CPU: 1 PID: 6786 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 63.370204][ T6786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.380238][ T6786] Call Trace: [ 63.383527][ T6786] dump_stack+0x18f/0x20d [ 63.387844][ T6786] check_preemption_disabled+0x20d/0x220 [ 63.393474][ T6786] ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.398610][ T6786] ? ext4_ext_search_right+0x2ca/0xb20 [ 63.404084][ T6786] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 63.409833][ T6786] ext4_ext_map_blocks+0x201b/0x33e0 [ 63.415142][ T6786] ? ext4_ext_release+0x10/0x10 [ 63.420143][ T6786] ? down_write_killable+0x170/0x170 [ 63.425433][ T6786] ? ext4_es_lookup_extent+0x41d/0xd10 [ 63.430913][ T6786] ext4_map_blocks+0x4cb/0x1640 [ 63.435784][ T6786] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 63.441005][ T6786] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.446572][ T6786] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.452562][ T6786] ? prandom_u32_state+0xe/0x170 [ 63.457511][ T6786] ? __brelse+0x84/0xa0 [ 63.461682][ T6786] ? __ext4_new_inode+0x144/0x55e0 [ 63.466812][ T6786] ext4_getblk+0xad/0x520 [ 63.471159][ T6786] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 63.476915][ T6786] ? ext4_free_inode+0x1700/0x1700 [ 63.482030][ T6786] ext4_bread+0x7c/0x380 [ 63.486257][ T6786] ? ext4_getblk+0x520/0x520 [ 63.490828][ T6786] ? dquot_get_next_dqblk+0x180/0x180 [ 63.496184][ T6786] ext4_append+0x153/0x360 [ 63.500591][ T6786] ext4_mkdir+0x5e0/0xdf0 [ 63.504937][ T6786] ? ext4_rmdir+0xde0/0xde0 [ 63.509455][ T6786] ? security_inode_permission+0xc4/0xf0 [ 63.515073][ T6786] vfs_mkdir+0x419/0x690 [ 63.519314][ T6786] do_mkdirat+0x21e/0x280 [ 63.523674][ T6786] ? __ia32_sys_mknod+0xb0/0xb0 [ 63.528616][ T6786] ? do_syscall_64+0x1c/0xe0 [ 63.533208][ T6786] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.539168][ T6786] do_syscall_64+0x60/0xe0 [ 63.543578][ T6786] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.549460][ T6786] RIP: 0033:0x4b02a0 [ 63.553329][ T6786] Code: Bad RIP value. [ 63.557379][ T6786] RSP: 002b:000000c00004f4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 63.565794][ T6786] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 63.573743][ T6786] RDX: 00000000000001c0 RSI: 000000c000026da0 RDI: ffffffffffffff9c [ 63.581705][ T6786] RBP: 000000c00004f510 R08: 0000000000000000 R09: 0000000000000000 [ 63.589673][ T6786] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 63.597661][ T6786] R13: 000000000000006e R14: 000000000000006d R15: 0000000000000100 [ 63.615296][ T6800] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6800 [ 63.624748][ T6800] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.630943][ T6800] CPU: 1 PID: 6800 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 63.639556][ T6800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.649593][ T6800] Call Trace: [ 63.652873][ T6800] dump_stack+0x18f/0x20d [ 63.657208][ T6800] check_preemption_disabled+0x20d/0x220 [ 63.662825][ T6800] ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.668014][ T6800] ? ext4_ext_search_right+0x2ca/0xb20 [ 63.673471][ T6800] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 63.679179][ T6800] ext4_ext_map_blocks+0x201b/0x33e0 [ 63.684451][ T6800] ? ext4_ext_release+0x10/0x10 [ 63.689306][ T6800] ? down_write_killable+0x170/0x170 [ 63.694569][ T6800] ? ext4_es_lookup_extent+0x41d/0xd10 [ 63.700028][ T6800] ext4_map_blocks+0x4cb/0x1640 [ 63.704884][ T6800] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 63.710070][ T6800] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.715608][ T6800] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.721590][ T6800] ? prandom_u32_state+0xe/0x170 [ 63.726547][ T6800] ? __brelse+0x84/0xa0 [ 63.730699][ T6800] ? __ext4_new_inode+0x144/0x55e0 [ 63.735793][ T6800] ext4_getblk+0xad/0x520 [ 63.740107][ T6800] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 63.745808][ T6800] ? ext4_free_inode+0x1700/0x1700 [ 63.750916][ T6800] ext4_bread+0x7c/0x380 [ 63.755141][ T6800] ? ext4_getblk+0x520/0x520 [ 63.759718][ T6800] ? dquot_get_next_dqblk+0x180/0x180 [ 63.765091][ T6800] ext4_append+0x153/0x360 [ 63.769507][ T6800] ext4_mkdir+0x5e0/0xdf0 [ 63.774094][ T6800] ? ext4_rmdir+0xde0/0xde0 [ 63.778586][ T6800] ? security_inode_permission+0xc4/0xf0 [ 63.784480][ T6800] vfs_mkdir+0x419/0x690 [ 63.788716][ T6800] do_mkdirat+0x21e/0x280 [ 63.793027][ T6800] ? __ia32_sys_mknod+0xb0/0xb0 [ 63.797872][ T6800] ? do_syscall_64+0x1c/0xe0 [ 63.802448][ T6800] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.808420][ T6800] do_syscall_64+0x60/0xe0 [ 63.812834][ T6800] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.818725][ T6800] RIP: 0033:0x45bed7 [ 63.822606][ T6800] Code: Bad RIP value. [ 63.826658][ T6800] RSP: 002b:00007fff6ba5ab18 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 63.835070][ T6800] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 63.843042][ T6800] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007fff6ba5acf0 [ 63.851005][ T6800] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003780 [ 63.859073][ T6800] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 63.867063][ T6800] R13: 00007fff6ba5acf0 R14: 8421084210842109 R15: 00007fff6ba5acfc [ 63.952516][ T6801] IPVS: ftp: loaded support on port[0] = 21 [ 63.992332][ T6801] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6801 [ 64.001997][ T6801] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.008221][ T6801] CPU: 0 PID: 6801 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.016883][ T6801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.026922][ T6801] Call Trace: [ 64.030218][ T6801] dump_stack+0x18f/0x20d [ 64.034558][ T6801] check_preemption_disabled+0x20d/0x220 [ 64.040179][ T6801] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.045418][ T6801] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.050857][ T6801] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.056651][ T6801] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.061945][ T6801] ? ext4_ext_release+0x10/0x10 [ 64.066811][ T6801] ? down_write_killable+0x170/0x170 [ 64.072186][ T6801] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.077631][ T6801] ext4_map_blocks+0x4cb/0x1640 [ 64.082465][ T6801] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.087648][ T6801] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.093176][ T6801] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.099143][ T6801] ? prandom_u32_state+0xe/0x170 [ 64.104075][ T6801] ? __brelse+0x84/0xa0 [ 64.108212][ T6801] ? __ext4_new_inode+0x144/0x55e0 [ 64.113322][ T6801] ext4_getblk+0xad/0x520 [ 64.117638][ T6801] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.123338][ T6801] ? ext4_free_inode+0x1700/0x1700 [ 64.128430][ T6801] ext4_bread+0x7c/0x380 [ 64.132666][ T6801] ? ext4_getblk+0x520/0x520 [ 64.137234][ T6801] ? dquot_get_next_dqblk+0x180/0x180 [ 64.142588][ T6801] ext4_append+0x153/0x360 [ 64.147000][ T6801] ext4_mkdir+0x5e0/0xdf0 [ 64.151357][ T6801] ? ext4_rmdir+0xde0/0xde0 [ 64.155843][ T6801] ? security_inode_permission+0xc4/0xf0 [ 64.161459][ T6801] vfs_mkdir+0x419/0x690 [ 64.165685][ T6801] do_mkdirat+0x21e/0x280 [ 64.170015][ T6801] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.174863][ T6801] ? do_syscall_64+0x1c/0xe0 [ 64.179433][ T6801] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.187040][ T6801] do_syscall_64+0x60/0xe0 [ 64.191437][ T6801] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.197325][ T6801] RIP: 0033:0x45bed7 [ 64.201191][ T6801] Code: Bad RIP value. [ 64.205251][ T6801] RSP: 002b:00007fff6ba5aa08 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 64.213637][ T6801] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 64.221776][ T6801] RDX: 00007fff6ba5aa53 RSI: 00000000000001ff RDI: 00007fff6ba5aa50 [ 64.229852][ T6801] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 64.237800][ T6801] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185c0 [ 64.245767][ T6801] R13: 00007fff6ba5aa40 R14: 0000000000000000 R15: 00007fff6ba5aa50 [ 64.302857][ T6801] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6801 [ 64.312351][ T6801] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.318373][ T6801] CPU: 0 PID: 6801 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.327055][ T6801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.337115][ T6801] Call Trace: [ 64.340417][ T6801] dump_stack+0x18f/0x20d [ 64.344761][ T6801] check_preemption_disabled+0x20d/0x220 [ 64.350420][ T6801] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.355554][ T6801] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.361030][ T6801] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.366807][ T6801] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.372125][ T6801] ? ext4_ext_release+0x10/0x10 [ 64.377011][ T6801] ? down_write_killable+0x170/0x170 [ 64.382303][ T6801] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.387808][ T6801] ext4_map_blocks+0x4cb/0x1640 [ 64.392689][ T6801] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.397871][ T6801] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.403416][ T6801] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.409375][ T6801] ? prandom_u32_state+0xe/0x170 [ 64.414292][ T6801] ? __brelse+0x84/0xa0 [ 64.418427][ T6801] ? __ext4_new_inode+0x144/0x55e0 [ 64.423519][ T6801] ext4_getblk+0xad/0x520 [ 64.427831][ T6801] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.433531][ T6801] ? ext4_free_inode+0x1700/0x1700 [ 64.438640][ T6801] ext4_bread+0x7c/0x380 [ 64.442861][ T6801] ? ext4_getblk+0x520/0x520 [ 64.447446][ T6801] ? dquot_get_next_dqblk+0x180/0x180 [ 64.452827][ T6801] ext4_append+0x153/0x360 [ 64.457228][ T6801] ext4_mkdir+0x5e0/0xdf0 [ 64.461541][ T6801] ? ext4_rmdir+0xde0/0xde0 [ 64.466043][ T6801] ? security_inode_permission+0xc4/0xf0 [ 64.472631][ T6801] vfs_mkdir+0x419/0x690 [ 64.476882][ T6801] do_mkdirat+0x21e/0x280 [ 64.481249][ T6801] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.486117][ T6801] ? do_syscall_64+0x1c/0xe0 [ 64.490701][ T6801] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.496666][ T6801] do_syscall_64+0x60/0xe0 [ 64.501084][ T6801] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.506957][ T6801] RIP: 0033:0x45bed7 [ 64.510934][ T6801] Code: Bad RIP value. [ 64.514993][ T6801] RSP: 002b:00007fff6ba5aa08 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 64.523407][ T6801] RAX: ffffffffffffffda RBX: 000000000000fb20 RCX: 000000000045bed7 [ 64.531375][ T6801] RDX: 00007fff6ba5aa53 RSI: 00000000000001ff RDI: 00007fff6ba5aa50 [ 64.539341][ T6801] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/16 02:14:52 building call list... [ 64.547328][ T6801] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 64.555277][ T6801] R13: 00007fff6ba5aa40 R14: 000000000000fb0c R15: 00007fff6ba5aa50 [ 64.795032][ T325] tipc: TX() has been purged, node left! [ 65.297165][ T325] ================================================================== [ 65.305416][ T325] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 65.313305][ T325] Write of size 1 at addr ffff888096e439e4 by task kworker/u4:7/325 [ 65.321301][ T325] [ 65.323637][ T325] CPU: 1 PID: 325 Comm: kworker/u4:7 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.331983][ T325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.342048][ T325] Workqueue: netns cleanup_net [ 65.346806][ T325] Call Trace: [ 65.350101][ T325] dump_stack+0x18f/0x20d [ 65.354956][ T325] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.360586][ T325] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.366126][ T325] ? afs_put_call+0xa40/0xa40 [ 65.370805][ T325] print_address_description.constprop.0.cold+0xd3/0x413 [ 65.377833][ T325] ? vprintk_func+0x97/0x1a6 [ 65.382428][ T325] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.388580][ T325] kasan_report.cold+0x1f/0x37 [ 65.393351][ T325] ? rcu_read_lock_held_common+0x51/0xa0 [ 65.398980][ T325] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.404529][ T325] afs_wake_up_async_call+0x6aa/0x770 [ 65.409900][ T325] ? afs_close_socket+0x320/0x320 [ 65.414931][ T325] ? afs_put_call+0xa40/0xa40 [ 65.419608][ T325] rxrpc_notify_socket+0x1db/0x5d0 [ 65.424903][ T325] ? afs_put_call+0xa40/0xa40 [ 65.429578][ T325] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 65.435995][ T325] rxrpc_call_completed+0xca/0xf0 [ 65.441029][ T325] rxrpc_discard_prealloc+0x781/0xab0 [ 65.446436][ T325] ? lock_sock_nested+0x94/0x110 [ 65.451379][ T325] rxrpc_listen+0x147/0x360 [ 65.455916][ T325] afs_close_socket+0x95/0x320 [ 65.460682][ T325] ? afs_purge_servers+0x16d/0x300 [ 65.465797][ T325] ? afs_rx_discard_new_call+0x50/0x50 [ 65.471261][ T325] ? init_wait_var_entry+0x200/0x200 [ 65.476572][ T325] ? rcu_read_lock_held_common+0xa0/0xa0 [ 65.482205][ T325] ? check_preemption_disabled+0x38/0x220 [ 65.487961][ T325] afs_net_exit+0x1bc/0x310 [ 65.492484][ T325] ? afs_net_init+0xe30/0xe30 [ 65.497162][ T325] ops_exit_list.isra.0+0xa8/0x150 [ 65.502277][ T325] cleanup_net+0x511/0xa50 [ 65.506789][ T325] ? unregister_pernet_device+0x70/0x70 [ 65.512340][ T325] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.518333][ T325] process_one_work+0x965/0x1690 [ 65.523304][ T325] ? lock_release+0x800/0x800 [ 65.528248][ T325] ? pwq_dec_nr_in_flight+0x310/0x310 [ 65.533631][ T325] ? rwlock_bug.part.0+0x90/0x90 [ 65.538589][ T325] worker_thread+0x96/0xe10 [ 65.543109][ T325] ? process_one_work+0x1690/0x1690 [ 65.548309][ T325] kthread+0x3b5/0x4a0 [ 65.552384][ T325] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 65.558104][ T325] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 65.563832][ T325] ret_from_fork+0x1f/0x30 [ 65.568258][ T325] [ 65.570583][ T325] Allocated by task 6801: [ 65.574911][ T325] save_stack+0x1b/0x40 [ 65.579065][ T325] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 65.584694][ T325] kmem_cache_alloc_trace+0x153/0x7d0 [ 65.590150][ T325] afs_alloc_call+0x55/0x630 [ 65.594738][ T325] afs_charge_preallocation+0xe9/0x2d0 [ 65.600192][ T325] afs_open_socket+0x292/0x360 [ 65.604979][ T325] afs_net_init+0xa6c/0xe30 [ 65.609482][ T325] ops_init+0xaf/0x420 [ 65.613546][ T325] setup_net+0x2de/0x860 [ 65.617783][ T325] copy_net_ns+0x293/0x590 [ 65.622198][ T325] create_new_namespaces+0x3fb/0xb30 [ 65.627480][ T325] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 65.633108][ T325] ksys_unshare+0x43d/0x8e0 [ 65.637610][ T325] __x64_sys_unshare+0x2d/0x40 [ 65.642368][ T325] do_syscall_64+0x60/0xe0 [ 65.646811][ T325] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.652691][ T325] [ 65.655107][ T325] Freed by task 325: [ 65.659005][ T325] save_stack+0x1b/0x40 [ 65.663159][ T325] __kasan_slab_free+0xf7/0x140 [ 65.668013][ T325] kfree+0x109/0x2b0 [ 65.672007][ T325] afs_put_call+0x585/0xa40 [ 65.676519][ T325] rxrpc_discard_prealloc+0x764/0xab0 [ 65.681904][ T325] rxrpc_listen+0x147/0x360 [ 65.686471][ T325] afs_close_socket+0x95/0x320 [ 65.691265][ T325] afs_net_exit+0x1bc/0x310 [ 65.695785][ T325] ops_exit_list.isra.0+0xa8/0x150 [ 65.700894][ T325] cleanup_net+0x511/0xa50 [ 65.705312][ T325] process_one_work+0x965/0x1690 [ 65.710245][ T325] worker_thread+0x96/0xe10 [ 65.714744][ T325] kthread+0x3b5/0x4a0 [ 65.718928][ T325] ret_from_fork+0x1f/0x30 [ 65.723331][ T325] [ 65.725658][ T325] The buggy address belongs to the object at ffff888096e43800 [ 65.725658][ T325] which belongs to the cache kmalloc-1k of size 1024 [ 65.739714][ T325] The buggy address is located 484 bytes inside of [ 65.739714][ T325] 1024-byte region [ffff888096e43800, ffff888096e43c00) [ 65.753081][ T325] The buggy address belongs to the page: [ 65.758732][ T325] page:ffffea00025b90c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 65.767839][ T325] flags: 0xfffe0000000200(slab) [ 65.772701][ T325] raw: 00fffe0000000200 ffffea00029ce308 ffffea0002790608 ffff8880aa000c40 [ 65.781297][ T325] raw: 0000000000000000 ffff888096e43000 0000000100000002 0000000000000000 [ 65.789873][ T325] page dumped because: kasan: bad access detected [ 65.796313][ T325] [ 65.798640][ T325] Memory state around the buggy address: [ 65.804268][ T325] ffff888096e43880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.812330][ T325] ffff888096e43900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.820389][ T325] >ffff888096e43980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.828988][ T325] ^ [ 65.836213][ T325] ffff888096e43a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.844279][ T325] ffff888096e43a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 65.852333][ T325] ================================================================== [ 65.860389][ T325] Disabling lock debugging due to kernel taint [ 65.866600][ T325] Kernel panic - not syncing: panic_on_warn set ... [ 65.873192][ T325] CPU: 1 PID: 325 Comm: kworker/u4:7 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 65.882895][ T325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.892946][ T325] Workqueue: netns cleanup_net [ 65.897700][ T325] Call Trace: [ 65.901018][ T325] dump_stack+0x18f/0x20d [ 65.905343][ T325] ? afs_wake_up_async_call+0x670/0x770 [ 65.910968][ T325] ? afs_put_call+0xa40/0xa40 [ 65.915639][ T325] panic+0x2e3/0x75c [ 65.919666][ T325] ? __warn_printk+0xf3/0xf3 [ 65.924262][ T325] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 65.930423][ T325] ? trace_hardirqs_on+0x55/0x220 [ 65.935462][ T325] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.941008][ T325] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.946636][ T325] ? afs_put_call+0xa40/0xa40 [ 65.951308][ T325] end_report+0x4d/0x53 [ 65.955459][ T325] kasan_report.cold+0xd/0x37 [ 65.960132][ T325] ? rcu_read_lock_held_common+0x51/0xa0 [ 65.965769][ T325] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.972373][ T325] afs_wake_up_async_call+0x6aa/0x770 [ 65.977752][ T325] ? afs_close_socket+0x320/0x320 [ 65.982802][ T325] ? afs_put_call+0xa40/0xa40 [ 65.987583][ T325] rxrpc_notify_socket+0x1db/0x5d0 [ 65.992699][ T325] ? afs_put_call+0xa40/0xa40 [ 65.997373][ T325] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 66.003782][ T325] rxrpc_call_completed+0xca/0xf0 [ 66.008814][ T325] rxrpc_discard_prealloc+0x781/0xab0 [ 66.014195][ T325] ? lock_sock_nested+0x94/0x110 [ 66.019134][ T325] rxrpc_listen+0x147/0x360 [ 66.023631][ T325] afs_close_socket+0x95/0x320 [ 66.028398][ T325] ? afs_purge_servers+0x16d/0x300 [ 66.033535][ T325] ? afs_rx_discard_new_call+0x50/0x50 [ 66.038990][ T325] ? init_wait_var_entry+0x200/0x200 [ 66.044378][ T325] ? rcu_read_lock_held_common+0xa0/0xa0 [ 66.050003][ T325] ? check_preemption_disabled+0x38/0x220 [ 66.055721][ T325] afs_net_exit+0x1bc/0x310 [ 66.060238][ T325] ? afs_net_init+0xe30/0xe30 [ 66.064910][ T325] ops_exit_list.isra.0+0xa8/0x150 [ 66.070033][ T325] cleanup_net+0x511/0xa50 [ 66.074444][ T325] ? unregister_pernet_device+0x70/0x70 [ 66.079983][ T325] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.085966][ T325] process_one_work+0x965/0x1690 [ 66.090901][ T325] ? lock_release+0x800/0x800 [ 66.095578][ T325] ? pwq_dec_nr_in_flight+0x310/0x310 [ 66.100944][ T325] ? rwlock_bug.part.0+0x90/0x90 [ 66.105885][ T325] worker_thread+0x96/0xe10 [ 66.110384][ T325] ? process_one_work+0x1690/0x1690 [ 66.115596][ T325] kthread+0x3b5/0x4a0 [ 66.119660][ T325] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.125479][ T325] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.131191][ T325] ret_from_fork+0x1f/0x30 [ 66.137099][ T325] Kernel Offset: disabled [ 66.141455][ T325] Rebooting in 86400 seconds..