[ 49.392561][ T6759] do_syscall_64+0xf6/0x7d0 [ 49.397068][ T6759] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 49.402953][ T6759] RIP: 0033:0x7f6b716f5687 [ 49.407356][ T6759] Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48 [ 49.427123][ T6759] RSP: 002b:00007ffe5e260cd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 49.435530][ T6759] RAX: ffffffffffffffda RBX: 000055a6dd16d985 RCX: 00007f6b716f5687 [ 49.443593][ T6759] RDX: 00007ffe5e260ba0 RSI: 00000000000001ed RDI: 000055a6dd16d985 [ 49.452674][ T6759] RBP: 00007f6b716f5680 R08: 0000000000000100 R09: 0000000000000000 [ 49.460653][ T6759] R10: 000055a6dd16d980 R11: 0000000000000246 R12: 00000000000001ed [ 49.468618][ T6759] R13: 00007ffe5e260e60 R14: 0000000000000000 R15: 0000000000000000 [ 55.995025][ T350] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:7/350 [ 56.004199][ T350] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 56.010475][ T350] CPU: 1 PID: 350 Comm: kworker/u4:7 Not tainted 5.7.0-syzkaller #0 [ 56.018642][ T350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.028710][ T350] Workqueue: writeback wb_workfn (flush-8:0) [ 56.034684][ T350] Call Trace: [ 56.037975][ T350] dump_stack+0x188/0x20d [ 56.042288][ T350] debug_smp_processor_id.cold+0x88/0x9b [ 56.047901][ T350] ext4_mb_new_blocks+0xa77/0x3b30 [ 56.053017][ T350] ? __kmalloc+0x62f/0x7a0 [ 56.057446][ T350] ? ext4_ext_search_right+0x2ca/0xb20 [ 56.062881][ T350] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 56.068583][ T350] ext4_ext_map_blocks+0x2044/0x3410 [ 56.073850][ T350] ? ext4_ext_release+0x10/0x10 [ 56.078707][ T350] ? __down_timeout+0x2d0/0x2d0 [ 56.083629][ T350] ? ext4_es_lookup_extent+0x41d/0xd30 [ 56.089067][ T350] ? debug_smp_processor_id+0x2f/0x185 [ 56.094526][ T350] ext4_map_blocks+0x4cb/0x1640 [ 56.099361][ T350] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 56.104561][ T350] ? debug_smp_processor_id+0x2f/0x185 [ 56.110003][ T350] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.115545][ T350] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.121541][ T350] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 56.126997][ T350] ext4_writepages+0x1ab7/0x3400 [ 56.131949][ T350] ? __ext4_mark_inode_dirty+0x950/0x950 [ 56.137586][ T350] ? __lock_acquire+0x2224/0x48a0 [ 56.142599][ T350] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.148652][ T350] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.154976][ T350] ? __ext4_mark_inode_dirty+0x950/0x950 [ 56.160764][ T350] ? do_writepages+0xfa/0x2a0 [ 56.165461][ T350] do_writepages+0xfa/0x2a0 [ 56.169961][ T350] ? page_writeback_cpu_online+0x10/0x10 [ 56.175600][ T350] ? debug_smp_processor_id+0x2f/0x185 [ 56.181046][ T350] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.186583][ T350] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.192553][ T350] ? lock_downgrade+0x840/0x840 [ 56.197486][ T350] __writeback_single_inode+0x12a/0x1410 [ 56.203305][ T350] ? _raw_spin_unlock+0x24/0x40 [ 56.208154][ T350] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 56.214143][ T350] writeback_sb_inodes+0x515/0xdd0 [ 56.219279][ T350] ? __writeback_single_inode+0x1410/0x1410 [ 56.225430][ T350] __writeback_inodes_wb+0xc3/0x250 [ 56.230667][ T350] wb_writeback+0x910/0xd90 [ 56.235337][ T350] ? print_usage_bug+0x240/0x240 [ 56.240297][ T350] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 56.246615][ T350] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 56.252497][ T350] ? cpumask_next+0x3c/0x40 [ 56.256996][ T350] ? get_nr_dirty_inodes+0xd6/0x130 [ 56.262332][ T350] wb_workfn+0xadf/0x10d0 [ 56.266658][ T350] ? inode_wait_for_writeback+0x30/0x30 [ 56.272188][ T350] ? debug_smp_processor_id+0x2f/0x185 [ 56.277631][ T350] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.283155][ T350] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.289131][ T350] process_one_work+0x965/0x16a0 [ 56.294071][ T350] ? lock_release+0x800/0x800 [ 56.298747][ T350] ? pwq_dec_nr_in_flight+0x310/0x310 [ 56.304113][ T350] ? rwlock_bug.part.0+0x90/0x90 [ 56.309037][ T350] worker_thread+0x96/0xe10 [ 56.313526][ T350] ? process_one_work+0x16a0/0x16a0 [ 56.318826][ T350] kthread+0x388/0x470 [ 56.322988][ T350] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.328697][ T350] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.334423][ T350] ret_from_fork+0x24/0x30 Warning: Permanently added '10.128.10.16' (ECDSA) to the list of known hosts. 2020/06/12 21:22:00 fuzzer started 2020/06/12 21:22:01 connecting to host at 10.128.0.26:34583 2020/06/12 21:22:01 checking machine... 2020/06/12 21:22:01 checking revisions... 2020/06/12 21:22:01 testing simple program... [ 59.800504][ T6784] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6784 [ 59.809988][ T6784] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 59.815994][ T6784] CPU: 1 PID: 6784 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 59.824421][ T6784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.834555][ T6784] Call Trace: [ 59.837924][ T6784] dump_stack+0x188/0x20d [ 59.842347][ T6784] debug_smp_processor_id.cold+0x88/0x9b [ 59.848056][ T6784] ext4_mb_new_blocks+0xa77/0x3b30 [ 59.853161][ T6784] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.858600][ T6784] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.864302][ T6784] ext4_ext_map_blocks+0x2044/0x3410 [ 59.869587][ T6784] ? ext4_ext_release+0x10/0x10 [ 59.874689][ T6784] ? __down_timeout+0x2d0/0x2d0 [ 59.879719][ T6784] ? ext4_es_lookup_extent+0x41d/0xd30 [ 59.885165][ T6784] ext4_map_blocks+0x4cb/0x1640 [ 59.889997][ T6784] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.895170][ T6784] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.900736][ T6784] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.906872][ T6784] ? prandom_u32_state+0xe/0x170 [ 59.911870][ T6784] ? __brelse+0x84/0xa0 [ 59.916011][ T6784] ? __ext4_new_inode+0x144/0x57c0 [ 59.921120][ T6784] ext4_getblk+0xad/0x520 [ 59.925453][ T6784] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.931187][ T6784] ? ext4_free_inode+0x17e0/0x17e0 [ 59.936301][ T6784] ext4_bread+0x7c/0x380 [ 59.940523][ T6784] ? ext4_getblk+0x520/0x520 [ 59.945091][ T6784] ? dqget+0xff0/0xff0 [ 59.949140][ T6784] ext4_append+0x153/0x360 [ 59.954500][ T6784] ext4_mkdir+0x5e0/0xdf0 [ 59.958896][ T6784] ? ext4_rmdir+0xde0/0xde0 [ 59.963392][ T6784] ? security_inode_permission+0xc4/0xf0 [ 59.969005][ T6784] vfs_mkdir+0x419/0x690 [ 59.973233][ T6784] do_mkdirat+0x21e/0x280 [ 59.977550][ T6784] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.982397][ T6784] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.988389][ T6784] ? do_syscall_64+0x21/0x7d0 [ 59.993183][ T6784] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.999258][ T6784] do_syscall_64+0xf6/0x7d0 [ 60.003806][ T6784] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.009715][ T6784] RIP: 0033:0x4b02a0 [ 60.013617][ T6784] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 60.033206][ T6784] RSP: 002b:000000c0000eb4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 60.041600][ T6784] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 60.049562][ T6784] RDX: 00000000000001c0 RSI: 000000c00009ef20 RDI: ffffffffffffff9c [ 60.057609][ T6784] RBP: 000000c0000eb510 R08: 0000000000000000 R09: 0000000000000000 [ 60.066734][ T6784] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 60.074702][ T6784] R13: 000000000000007a R14: 0000000000000079 R15: 0000000000000100 [ 60.105018][ T6799] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6799 [ 60.114645][ T6799] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 60.120542][ T6799] CPU: 0 PID: 6799 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.128766][ T6799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.138821][ T6799] Call Trace: [ 60.142117][ T6799] dump_stack+0x188/0x20d [ 60.146438][ T6799] debug_smp_processor_id.cold+0x88/0x9b [ 60.152093][ T6799] ext4_mb_new_blocks+0xa77/0x3b30 [ 60.157218][ T6799] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.162675][ T6799] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.168395][ T6799] ext4_ext_map_blocks+0x2044/0x3410 [ 60.173691][ T6799] ? ext4_ext_release+0x10/0x10 [ 60.178617][ T6799] ? __down_timeout+0x2d0/0x2d0 [ 60.183795][ T6799] ? ext4_es_lookup_extent+0x41d/0xd30 [ 60.189255][ T6799] ext4_map_blocks+0x4cb/0x1640 [ 60.194100][ T6799] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.199367][ T6799] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.204986][ T6799] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.210949][ T6799] ? prandom_u32_state+0xe/0x170 [ 60.215878][ T6799] ? __brelse+0x84/0xa0 [ 60.220037][ T6799] ? __ext4_new_inode+0x144/0x57c0 [ 60.225126][ T6799] ext4_getblk+0xad/0x520 [ 60.229434][ T6799] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.235170][ T6799] ? ext4_free_inode+0x17e0/0x17e0 [ 60.240296][ T6799] ext4_bread+0x7c/0x380 [ 60.244541][ T6799] ? ext4_getblk+0x520/0x520 [ 60.249126][ T6799] ? dqget+0xff0/0xff0 [ 60.253188][ T6799] ext4_append+0x153/0x360 [ 60.257601][ T6799] ext4_mkdir+0x5e0/0xdf0 [ 60.261923][ T6799] ? ext4_rmdir+0xde0/0xde0 [ 60.266440][ T6799] ? security_inode_permission+0xc4/0xf0 [ 60.272119][ T6799] vfs_mkdir+0x419/0x690 [ 60.276368][ T6799] do_mkdirat+0x21e/0x280 [ 60.280700][ T6799] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.285546][ T6799] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.291530][ T6799] ? do_syscall_64+0x21/0x7d0 [ 60.296293][ T6799] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.302454][ T6799] do_syscall_64+0xf6/0x7d0 [ 60.306952][ T6799] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.312832][ T6799] RIP: 0033:0x45bee7 [ 60.316711][ T6799] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.336307][ T6799] RSP: 002b:00007ffcb4c181c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 60.344705][ T6799] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 60.352657][ T6799] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffcb4c183a0 [ 60.361328][ T6799] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 00000000000032c0 [ 60.369724][ T6799] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 60.377692][ T6799] R13: 00007ffcb4c183a0 R14: 8421084210842109 R15: 00007ffcb4c183ac [ 60.464611][ T6800] IPVS: ftp: loaded support on port[0] = 21 [ 60.502026][ T6800] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6800 [ 60.511771][ T6800] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 60.517896][ T6800] CPU: 1 PID: 6800 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.526153][ T6800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.536186][ T6800] Call Trace: [ 60.539466][ T6800] dump_stack+0x188/0x20d [ 60.543795][ T6800] debug_smp_processor_id.cold+0x88/0x9b [ 60.549406][ T6800] ext4_mb_new_blocks+0xa77/0x3b30 [ 60.554653][ T6800] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.560879][ T6800] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.566590][ T6800] ext4_ext_map_blocks+0x2044/0x3410 [ 60.571883][ T6800] ? ext4_ext_release+0x10/0x10 [ 60.576746][ T6800] ? __down_timeout+0x2d0/0x2d0 [ 60.581588][ T6800] ? ext4_es_lookup_extent+0x41d/0xd30 [ 60.587033][ T6800] ext4_map_blocks+0x4cb/0x1640 [ 60.591886][ T6800] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.597146][ T6800] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.602845][ T6800] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.608807][ T6800] ? prandom_u32_state+0xe/0x170 [ 60.613744][ T6800] ? __brelse+0x84/0xa0 [ 60.617886][ T6800] ? __ext4_new_inode+0x144/0x57c0 [ 60.623365][ T6800] ext4_getblk+0xad/0x520 [ 60.627674][ T6800] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.633555][ T6800] ? ext4_free_inode+0x17e0/0x17e0 [ 60.638644][ T6800] ext4_bread+0x7c/0x380 [ 60.642862][ T6800] ? ext4_getblk+0x520/0x520 [ 60.647440][ T6800] ? dqget+0xff0/0xff0 [ 60.651549][ T6800] ext4_append+0x153/0x360 [ 60.655963][ T6800] ext4_mkdir+0x5e0/0xdf0 [ 60.660280][ T6800] ? ext4_rmdir+0xde0/0xde0 [ 60.664768][ T6800] ? security_inode_permission+0xc4/0xf0 [ 60.670383][ T6800] vfs_mkdir+0x419/0x690 [ 60.674611][ T6800] do_mkdirat+0x21e/0x280 [ 60.678939][ T6800] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.683955][ T6800] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.689966][ T6800] ? do_syscall_64+0x21/0x7d0 [ 60.694654][ T6800] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.700904][ T6800] do_syscall_64+0xf6/0x7d0 [ 60.705398][ T6800] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.711270][ T6800] RIP: 0033:0x45bee7 [ 60.715164][ T6800] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.735651][ T6800] RSP: 002b:00007ffcb4c180b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 60.744046][ T6800] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 60.752005][ T6800] RDX: 00007ffcb4c18103 RSI: 00000000000001ff RDI: 00007ffcb4c18100 [ 60.760006][ T6800] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 60.767958][ T6800] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185d0 [ 60.775995][ T6800] R13: 00007ffcb4c180f0 R14: 0000000000000000 R15: 00007ffcb4c18100 [ 60.825003][ T6800] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6800 [ 60.834561][ T6800] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 60.840757][ T6800] CPU: 0 PID: 6800 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.849008][ T6800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.859091][ T6800] Call Trace: [ 60.862392][ T6800] dump_stack+0x188/0x20d [ 60.866739][ T6800] debug_smp_processor_id.cold+0x88/0x9b [ 60.872393][ T6800] ext4_mb_new_blocks+0xa77/0x3b30 [ 60.877920][ T6800] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.883515][ T6800] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.889265][ T6800] ext4_ext_map_blocks+0x2044/0x3410 [ 60.894611][ T6800] ? ext4_ext_release+0x10/0x10 [ 60.899531][ T6800] ? __down_timeout+0x2d0/0x2d0 [ 60.904469][ T6800] ? ext4_es_lookup_extent+0x41d/0xd30 [ 60.909926][ T6800] ext4_map_blocks+0x4cb/0x1640 [ 60.914760][ T6800] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.919950][ T6800] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.925491][ T6800] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.931464][ T6800] ? prandom_u32_state+0xe/0x170 [ 60.936396][ T6800] ? __brelse+0x84/0xa0 [ 60.940544][ T6800] ? __ext4_new_inode+0x144/0x57c0 [ 60.945637][ T6800] ext4_getblk+0xad/0x520 [ 60.949947][ T6800] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.955679][ T6800] ? ext4_free_inode+0x17e0/0x17e0 [ 60.960770][ T6800] ext4_bread+0x7c/0x380 [ 60.964994][ T6800] ? ext4_getblk+0x520/0x520 [ 60.969577][ T6800] ? dqget+0xff0/0xff0 [ 60.973643][ T6800] ext4_append+0x153/0x360 [ 60.978125][ T6800] ext4_mkdir+0x5e0/0xdf0 [ 60.982435][ T6800] ? ext4_rmdir+0xde0/0xde0 [ 60.986920][ T6800] ? security_inode_permission+0xc4/0xf0 [ 60.992531][ T6800] vfs_mkdir+0x419/0x690 [ 60.996759][ T6800] do_mkdirat+0x21e/0x280 [ 61.001081][ T6800] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.005909][ T6800] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.011882][ T6800] ? do_syscall_64+0x21/0x7d0 [ 61.016540][ T6800] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.022510][ T6800] do_syscall_64+0xf6/0x7d0 [ 61.027005][ T6800] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 61.032879][ T6800] RIP: 0033:0x45bee7 [ 61.036753][ T6800] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 61.056336][ T6800] RSP: 002b:00007ffcb4c180b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 61.064744][ T6800] RAX: ffffffffffffffda RBX: 000000000000ed94 RCX: 000000000045bee7 2020/06/12 21:22:02 building call list... [ 61.072836][ T6800] RDX: 00007ffcb4c18103 RSI: 00000000000001ff RDI: 00007ffcb4c18100 [ 61.080824][ T6800] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 61.088804][ T6800] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 61.096758][ T6800] R13: 00007ffcb4c180f0 R14: 000000000000ed90 R15: 00007ffcb4c18100 [ 61.383037][ T350] tipc: TX() has been purged, node left! [ 61.915325][ T350] ================================================================== [ 61.923587][ T350] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x7a7/0x880 [ 61.931475][ T350] Write of size 1 at addr ffff8880a3b569e4 by task kworker/u4:7/350 [ 61.939448][ T350] [ 61.941777][ T350] CPU: 0 PID: 350 Comm: kworker/u4:7 Not tainted 5.7.0-syzkaller #0 [ 61.949740][ T350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.959816][ T350] Workqueue: netns cleanup_net [ 61.964569][ T350] Call Trace: [ 61.967861][ T350] dump_stack+0x188/0x20d [ 61.972219][ T350] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.977768][ T350] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.983308][ T350] ? afs_put_call+0xa70/0xa70 [ 61.988086][ T350] print_address_description.constprop.0.cold+0xd3/0x413 [ 61.995110][ T350] ? vprintk_func+0x97/0x1a6 [ 61.999701][ T350] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.005327][ T350] kasan_report.cold+0x1f/0x37 [ 62.010092][ T350] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.015738][ T350] afs_wake_up_async_call+0x7a7/0x880 [ 62.021134][ T350] ? do_raw_spin_lock+0x129/0x2e0 [ 62.026230][ T350] ? afs_close_socket+0x320/0x320 [ 62.031276][ T350] ? rwlock_bug.part.0+0x90/0x90 [ 62.036218][ T350] ? rcu_read_lock_held+0x9c/0xb0 [ 62.041286][ T350] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.046923][ T350] ? afs_close_socket+0x320/0x320 [ 62.051946][ T350] ? afs_put_call+0xa70/0xa70 [ 62.056617][ T350] rxrpc_notify_socket+0x1e5/0x5e0 [ 62.061737][ T350] ? afs_put_call+0xa70/0xa70 [ 62.066411][ T350] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 62.072839][ T350] rxrpc_call_completed+0xca/0xf0 [ 62.077862][ T350] rxrpc_discard_prealloc+0x786/0xac0 [ 62.083232][ T350] ? lock_sock_nested+0x94/0x110 [ 62.088172][ T350] rxrpc_listen+0x147/0x360 [ 62.092682][ T350] afs_close_socket+0x95/0x320 [ 62.097440][ T350] ? afs_purge_servers+0x16d/0x300 [ 62.102550][ T350] ? afs_rx_discard_new_call+0x50/0x50 [ 62.108140][ T350] ? debug_smp_processor_id+0x2f/0x185 [ 62.113604][ T350] ? init_wait_var_entry+0x200/0x200 [ 62.118918][ T350] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.124578][ T350] afs_net_exit+0x1bc/0x310 [ 62.129168][ T350] ? afs_net_init+0xe30/0xe30 [ 62.133839][ T350] ops_exit_list.isra.0+0xa8/0x150 [ 62.138952][ T350] cleanup_net+0x511/0xa50 [ 62.143366][ T350] ? unregister_pernet_device+0x70/0x70 [ 62.148929][ T350] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.154966][ T350] process_one_work+0x965/0x16a0 [ 62.159910][ T350] ? lock_release+0x800/0x800 [ 62.164584][ T350] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.169957][ T350] ? rwlock_bug.part.0+0x90/0x90 [ 62.174917][ T350] worker_thread+0x96/0xe10 [ 62.179430][ T350] ? process_one_work+0x16a0/0x16a0 [ 62.184671][ T350] kthread+0x388/0x470 [ 62.188735][ T350] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.194466][ T350] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.200225][ T350] ret_from_fork+0x24/0x30 [ 62.204649][ T350] [ 62.206993][ T350] Allocated by task 6800: [ 62.211322][ T350] save_stack+0x1b/0x40 [ 62.215471][ T350] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 62.221122][ T350] kmem_cache_alloc_trace+0x153/0x7d0 [ 62.226584][ T350] afs_alloc_call+0x55/0x640 [ 62.231182][ T350] afs_charge_preallocation+0xe9/0x2d0 [ 62.236673][ T350] afs_open_socket+0x292/0x360 [ 62.241717][ T350] afs_net_init+0xa6c/0xe30 [ 62.246317][ T350] ops_init+0xaf/0x420 [ 62.250403][ T350] setup_net+0x2de/0x860 [ 62.254651][ T350] copy_net_ns+0x293/0x590 [ 62.259067][ T350] create_new_namespaces+0x3fb/0xb30 [ 62.264373][ T350] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 62.270002][ T350] ksys_unshare+0x43d/0x8e0 [ 62.274499][ T350] __x64_sys_unshare+0x2d/0x40 [ 62.279257][ T350] do_syscall_64+0xf6/0x7d0 [ 62.283759][ T350] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 62.289639][ T350] [ 62.291961][ T350] Freed by task 350: [ 62.295966][ T350] save_stack+0x1b/0x40 [ 62.300116][ T350] __kasan_slab_free+0xf7/0x140 [ 62.304980][ T350] kfree+0x109/0x2b0 [ 62.308870][ T350] afs_put_call+0x59b/0xa70 [ 62.314245][ T350] rxrpc_discard_prealloc+0x769/0xac0 [ 62.319609][ T350] rxrpc_listen+0x147/0x360 [ 62.324104][ T350] afs_close_socket+0x95/0x320 [ 62.328857][ T350] afs_net_exit+0x1bc/0x310 [ 62.333354][ T350] ops_exit_list.isra.0+0xa8/0x150 [ 62.338483][ T350] cleanup_net+0x511/0xa50 [ 62.342900][ T350] process_one_work+0x965/0x16a0 [ 62.347936][ T350] worker_thread+0x96/0xe10 [ 62.352603][ T350] kthread+0x388/0x470 [ 62.356664][ T350] ret_from_fork+0x24/0x30 [ 62.361064][ T350] [ 62.363409][ T350] The buggy address belongs to the object at ffff8880a3b56800 [ 62.363409][ T350] which belongs to the cache kmalloc-1k of size 1024 [ 62.377458][ T350] The buggy address is located 484 bytes inside of [ 62.377458][ T350] 1024-byte region [ffff8880a3b56800, ffff8880a3b56c00) [ 62.390810][ T350] The buggy address belongs to the page: [ 62.396481][ T350] page:ffffea00028ed580 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 62.405577][ T350] flags: 0xfffe0000000200(slab) [ 62.410445][ T350] raw: 00fffe0000000200 ffffea0002848148 ffffea0002a266c8 ffff8880aa000c40 [ 62.419038][ T350] raw: 0000000000000000 ffff8880a3b56000 0000000100000002 0000000000000000 [ 62.427619][ T350] page dumped because: kasan: bad access detected [ 62.434030][ T350] [ 62.436361][ T350] Memory state around the buggy address: [ 62.441993][ T350] ffff8880a3b56880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.450226][ T350] ffff8880a3b56900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.458285][ T350] >ffff8880a3b56980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.466343][ T350] ^ [ 62.473533][ T350] ffff8880a3b56a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.481588][ T350] ffff8880a3b56a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.489649][ T350] ================================================================== [ 62.497702][ T350] Disabling lock debugging due to kernel taint [ 62.503906][ T350] Kernel panic - not syncing: panic_on_warn set ... [ 62.510493][ T350] CPU: 0 PID: 350 Comm: kworker/u4:7 Tainted: G B 5.7.0-syzkaller #0 [ 62.519857][ T350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.529923][ T350] Workqueue: netns cleanup_net [ 62.534676][ T350] Call Trace: [ 62.538002][ T350] dump_stack+0x188/0x20d [ 62.542343][ T350] ? afs_wake_up_async_call+0x6b0/0x880 [ 62.548768][ T350] ? afs_put_call+0xa70/0xa70 [ 62.553442][ T350] panic+0x2e3/0x75c [ 62.557355][ T350] ? add_taint.cold+0x16/0x16 [ 62.562031][ T350] ? retint_kernel+0x2b/0x2b [ 62.566620][ T350] ? trace_hardirqs_on+0x55/0x230 [ 62.571790][ T350] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.578273][ T350] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.583815][ T350] ? afs_put_call+0xa70/0xa70 [ 62.588484][ T350] end_report+0x4d/0x53 [ 62.592712][ T350] kasan_report.cold+0xd/0x37 [ 62.597374][ T350] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.602916][ T350] afs_wake_up_async_call+0x7a7/0x880 [ 62.608275][ T350] ? do_raw_spin_lock+0x129/0x2e0 [ 62.613285][ T350] ? afs_close_socket+0x320/0x320 [ 62.618292][ T350] ? rwlock_bug.part.0+0x90/0x90 [ 62.623405][ T350] ? rcu_read_lock_held+0x9c/0xb0 [ 62.628429][ T350] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.634067][ T350] ? afs_close_socket+0x320/0x320 [ 62.639091][ T350] ? afs_put_call+0xa70/0xa70 [ 62.643755][ T350] rxrpc_notify_socket+0x1e5/0x5e0 [ 62.649077][ T350] ? afs_put_call+0xa70/0xa70 [ 62.653752][ T350] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 62.660150][ T350] rxrpc_call_completed+0xca/0xf0 [ 62.665175][ T350] rxrpc_discard_prealloc+0x786/0xac0 [ 62.670612][ T350] ? lock_sock_nested+0x94/0x110 [ 62.675716][ T350] rxrpc_listen+0x147/0x360 [ 62.680287][ T350] afs_close_socket+0x95/0x320 [ 62.685055][ T350] ? afs_purge_servers+0x16d/0x300 [ 62.690172][ T350] ? afs_rx_discard_new_call+0x50/0x50 [ 62.695624][ T350] ? debug_smp_processor_id+0x2f/0x185 [ 62.701394][ T350] ? init_wait_var_entry+0x200/0x200 [ 62.706751][ T350] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.712388][ T350] afs_net_exit+0x1bc/0x310 [ 62.717049][ T350] ? afs_net_init+0xe30/0xe30 [ 62.721734][ T350] ops_exit_list.isra.0+0xa8/0x150 [ 62.727003][ T350] cleanup_net+0x511/0xa50 [ 62.731602][ T350] ? unregister_pernet_device+0x70/0x70 [ 62.737138][ T350] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.743632][ T350] process_one_work+0x965/0x16a0 [ 62.748684][ T350] ? lock_release+0x800/0x800 [ 62.753355][ T350] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.758749][ T350] ? rwlock_bug.part.0+0x90/0x90 [ 62.763689][ T350] worker_thread+0x96/0xe10 [ 62.768194][ T350] ? process_one_work+0x16a0/0x16a0 [ 62.773418][ T350] kthread+0x388/0x470 [ 62.777524][ T350] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.783243][ T350] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.788950][ T350] ret_from_fork+0x24/0x30 [ 62.795606][ T350] Kernel Offset: disabled [ 62.799925][ T350] Rebooting in 86400 seconds..