syzkaller login: [ 58.001164][ T6758] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:7/6758 [ 58.010523][ T6758] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.016949][ T6758] CPU: 0 PID: 6758 Comm: kworker/u4:7 Not tainted 5.7.0-syzkaller #0 [ 58.025096][ T6758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.035161][ T6758] Workqueue: writeback wb_workfn (flush-8:0) [ 58.041146][ T6758] Call Trace: [ 58.044444][ T6758] dump_stack+0x18f/0x20d [ 58.048791][ T6758] check_preemption_disabled+0x20d/0x220 [ 58.054433][ T6758] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.059556][ T6758] ? ext4_find_extent+0x81a/0xad0 [ 58.064615][ T6758] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.070208][ T6758] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.075945][ T6758] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.081283][ T6758] ? ext4_ext_release+0x10/0x10 [ 58.086126][ T6758] ? down_write_killable+0x170/0x170 [ 58.092171][ T6758] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.097655][ T6758] ext4_map_blocks+0x4cb/0x1640 [ 58.102690][ T6758] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.107871][ T6758] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.113394][ T6758] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.119353][ T6758] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 58.124812][ T6758] ext4_writepages+0x1a7b/0x33c0 [ 58.130367][ T6758] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.136066][ T6758] ? __lock_acquire+0x2224/0x48b0 [ 58.141087][ T6758] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.147050][ T6758] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.153009][ T6758] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.158895][ T6758] ? do_writepages+0xfa/0x2a0 [ 58.163587][ T6758] do_writepages+0xfa/0x2a0 [ 58.168072][ T6758] ? page_writeback_cpu_online+0x10/0x10 [ 58.173689][ T6758] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.179650][ T6758] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.185607][ T6758] ? lock_downgrade+0x840/0x840 [ 58.190449][ T6758] __writeback_single_inode+0x12a/0x13d0 [ 58.196340][ T6758] ? _raw_spin_unlock+0x24/0x40 [ 58.201173][ T6758] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 58.207149][ T6758] writeback_sb_inodes+0x515/0xdc0 [ 58.212261][ T6758] ? __writeback_single_inode+0x13d0/0x13d0 [ 58.218141][ T6758] __writeback_inodes_wb+0xc3/0x250 [ 58.223341][ T6758] wb_writeback+0x8db/0xd50 [ 58.227827][ T6758] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 58.234247][ T6758] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 58.240134][ T6758] ? cpumask_next+0x3c/0x40 [ 58.244624][ T6758] ? get_nr_dirty_inodes+0xd6/0x130 [ 58.249805][ T6758] wb_workfn+0xab3/0x1090 [ 58.254138][ T6758] ? inode_wait_for_writeback+0x30/0x30 [ 58.259670][ T6758] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.265221][ T6758] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.271202][ T6758] process_one_work+0x965/0x1690 [ 58.276123][ T6758] ? lock_release+0x800/0x800 [ 58.280781][ T6758] ? pwq_dec_nr_in_flight+0x310/0x310 [ 58.286145][ T6758] ? rwlock_bug.part.0+0x90/0x90 [ 58.291069][ T6758] worker_thread+0x96/0xe10 [ 58.295558][ T6758] ? process_one_work+0x1690/0x1690 [ 58.300752][ T6758] kthread+0x3b5/0x4a0 [ 58.304811][ T6758] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.310520][ T6758] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.316235][ T6758] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.10.57' (ECDSA) to the list of known hosts. 2020/06/14 09:28:44 fuzzer started 2020/06/14 09:28:44 connecting to host at 10.128.0.26:34897 2020/06/14 09:28:44 checking machine... 2020/06/14 09:28:44 checking revisions... 2020/06/14 09:28:44 testing simple program... [ 60.226392][ T6799] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6799 [ 60.235873][ T6799] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.242213][ T6799] CPU: 1 PID: 6799 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 60.250476][ T6799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.260529][ T6799] Call Trace: [ 60.264066][ T6799] dump_stack+0x18f/0x20d [ 60.268672][ T6799] check_preemption_disabled+0x20d/0x220 [ 60.274482][ T6799] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.280282][ T6799] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.285722][ T6799] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.291444][ T6799] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.296712][ T6799] ? ext4_ext_release+0x10/0x10 [ 60.301568][ T6799] ? down_write_killable+0x170/0x170 [ 60.306841][ T6799] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.312283][ T6799] ext4_map_blocks+0x4cb/0x1640 [ 60.317114][ T6799] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.322292][ T6799] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.327830][ T6799] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.333806][ T6799] ? prandom_u32_state+0xe/0x170 [ 60.338721][ T6799] ? __brelse+0x84/0xa0 [ 60.342866][ T6799] ? __ext4_new_inode+0x144/0x55e0 [ 60.348092][ T6799] ext4_getblk+0xad/0x520 [ 60.352402][ T6799] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.358375][ T6799] ? ext4_free_inode+0x1700/0x1700 [ 60.363484][ T6799] ext4_bread+0x7c/0x380 [ 60.367722][ T6799] ? ext4_getblk+0x520/0x520 [ 60.372827][ T6799] ? dquot_get_next_dqblk+0x180/0x180 [ 60.378181][ T6799] ext4_append+0x153/0x360 [ 60.382583][ T6799] ext4_mkdir+0x5e0/0xdf0 [ 60.387155][ T6799] ? ext4_rmdir+0xde0/0xde0 [ 60.391639][ T6799] ? security_inode_permission+0xc4/0xf0 [ 60.397338][ T6799] vfs_mkdir+0x419/0x690 [ 60.401576][ T6799] do_mkdirat+0x21e/0x280 [ 60.406001][ T6799] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.410840][ T6799] ? do_syscall_64+0x1c/0xe0 [ 60.415421][ T6799] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.421400][ T6799] do_syscall_64+0x60/0xe0 [ 60.425804][ T6799] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.431680][ T6799] RIP: 0033:0x4b02a0 [ 60.435658][ T6799] Code: Bad RIP value. [ 60.439703][ T6799] RSP: 002b:000000c0003c14b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 60.448728][ T6799] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 60.456680][ T6799] RDX: 00000000000001c0 RSI: 000000c00009d140 RDI: ffffffffffffff9c [ 60.464630][ T6799] RBP: 000000c0003c1510 R08: 0000000000000000 R09: 0000000000000000 [ 60.473045][ T6799] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 60.481014][ T6799] R13: 000000000000008b R14: 000000000000008a R15: 0000000000000100 [ 60.506168][ T6814] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6814 [ 60.515627][ T6814] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.521609][ T6814] CPU: 1 PID: 6814 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.529827][ T6814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.539893][ T6814] Call Trace: [ 60.543171][ T6814] dump_stack+0x18f/0x20d [ 60.547657][ T6814] check_preemption_disabled+0x20d/0x220 [ 60.553338][ T6814] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.558449][ T6814] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.563943][ T6814] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.569657][ T6814] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.575018][ T6814] ? ext4_ext_release+0x10/0x10 [ 60.579867][ T6814] ? down_write_killable+0x170/0x170 [ 60.585146][ T6814] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.590760][ T6814] ext4_map_blocks+0x4cb/0x1640 [ 60.595601][ T6814] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.600898][ T6814] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.606445][ T6814] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.612423][ T6814] ? prandom_u32_state+0xe/0x170 [ 60.618210][ T6814] ? __brelse+0x84/0xa0 [ 60.622345][ T6814] ? __ext4_new_inode+0x144/0x55e0 [ 60.627438][ T6814] ext4_getblk+0xad/0x520 [ 60.631749][ T6814] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.637449][ T6814] ? ext4_free_inode+0x1700/0x1700 [ 60.642570][ T6814] ext4_bread+0x7c/0x380 [ 60.646819][ T6814] ? ext4_getblk+0x520/0x520 [ 60.651568][ T6814] ? dquot_get_next_dqblk+0x180/0x180 [ 60.656921][ T6814] ext4_append+0x153/0x360 [ 60.661334][ T6814] ext4_mkdir+0x5e0/0xdf0 [ 60.665733][ T6814] ? ext4_rmdir+0xde0/0xde0 [ 60.670234][ T6814] ? security_inode_permission+0xc4/0xf0 [ 60.675870][ T6814] vfs_mkdir+0x419/0x690 [ 60.680108][ T6814] do_mkdirat+0x21e/0x280 [ 60.684428][ T6814] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.689257][ T6814] ? do_syscall_64+0x1c/0xe0 [ 60.693845][ T6814] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.699916][ T6814] do_syscall_64+0x60/0xe0 [ 60.704323][ T6814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.710193][ T6814] RIP: 0033:0x45bee7 [ 60.714059][ T6814] Code: Bad RIP value. [ 60.718098][ T6814] RSP: 002b:00007fffcef015f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 60.726509][ T6814] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 60.734476][ T6814] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007fffcef017d0 [ 60.742429][ T6814] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002940 [ 60.751349][ T6814] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 60.759311][ T6814] R13: 00007fffcef017d0 R14: 8421084210842109 R15: 00007fffcef017dc [ 60.846750][ T6815] IPVS: ftp: loaded support on port[0] = 21 [ 60.884975][ T6815] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6815 [ 60.895755][ T6815] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.901721][ T6815] CPU: 0 PID: 6815 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.910040][ T6815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.920224][ T6815] Call Trace: [ 60.923508][ T6815] dump_stack+0x18f/0x20d [ 60.929257][ T6815] check_preemption_disabled+0x20d/0x220 [ 60.934967][ T6815] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.940071][ T6815] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.946132][ T6815] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.951922][ T6815] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.957420][ T6815] ? ext4_ext_release+0x10/0x10 [ 60.962283][ T6815] ? down_write_killable+0x170/0x170 [ 60.967666][ T6815] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.973113][ T6815] ext4_map_blocks+0x4cb/0x1640 [ 60.977954][ T6815] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.983160][ T6815] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.989044][ T6815] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.995019][ T6815] ? prandom_u32_state+0xe/0x170 [ 60.999972][ T6815] ? __brelse+0x84/0xa0 [ 61.004116][ T6815] ? __ext4_new_inode+0x144/0x55e0 [ 61.009214][ T6815] ext4_getblk+0xad/0x520 [ 61.013527][ T6815] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 61.019255][ T6815] ? ext4_free_inode+0x1700/0x1700 [ 61.024448][ T6815] ext4_bread+0x7c/0x380 [ 61.028702][ T6815] ? ext4_getblk+0x520/0x520 [ 61.033283][ T6815] ? dquot_get_next_dqblk+0x180/0x180 [ 61.038726][ T6815] ext4_append+0x153/0x360 [ 61.043126][ T6815] ext4_mkdir+0x5e0/0xdf0 [ 61.047470][ T6815] ? ext4_rmdir+0xde0/0xde0 [ 61.051954][ T6815] ? security_inode_permission+0xc4/0xf0 [ 61.057588][ T6815] vfs_mkdir+0x419/0x690 [ 61.061812][ T6815] do_mkdirat+0x21e/0x280 [ 61.066139][ T6815] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.070977][ T6815] ? do_syscall_64+0x1c/0xe0 [ 61.075634][ T6815] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.081705][ T6815] do_syscall_64+0x60/0xe0 [ 61.086123][ T6815] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.092553][ T6815] RIP: 0033:0x45bee7 [ 61.096426][ T6815] Code: Bad RIP value. [ 61.100489][ T6815] RSP: 002b:00007fffcef014e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 61.108875][ T6815] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 61.116839][ T6815] RDX: 00007fffcef01533 RSI: 00000000000001ff RDI: 00007fffcef01530 [ 61.124806][ T6815] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 61.132765][ T6815] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185d0 [ 61.140801][ T6815] R13: 00007fffcef01520 R14: 0000000000000000 R15: 00007fffcef01530 [ 61.193541][ T6815] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6815 [ 61.203867][ T6815] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.209776][ T6815] CPU: 0 PID: 6815 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 61.218014][ T6815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.228599][ T6815] Call Trace: [ 61.231895][ T6815] dump_stack+0x18f/0x20d [ 61.236275][ T6815] check_preemption_disabled+0x20d/0x220 [ 61.242000][ T6815] ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.247220][ T6815] ? ext4_ext_search_right+0x2ca/0xb20 [ 61.252686][ T6815] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 61.258509][ T6815] ext4_ext_map_blocks+0x201b/0x33e0 [ 61.263813][ T6815] ? ext4_ext_release+0x10/0x10 [ 61.268685][ T6815] ? down_write_killable+0x170/0x170 [ 61.273982][ T6815] ? ext4_es_lookup_extent+0x41d/0xd10 [ 61.279429][ T6815] ext4_map_blocks+0x4cb/0x1640 [ 61.284265][ T6815] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.289454][ T6815] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.295855][ T6815] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.301844][ T6815] ? prandom_u32_state+0xe/0x170 [ 61.306779][ T6815] ? __brelse+0x84/0xa0 [ 61.311199][ T6815] ? __ext4_new_inode+0x144/0x55e0 [ 61.316297][ T6815] ext4_getblk+0xad/0x520 [ 61.320635][ T6815] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 61.326336][ T6815] ? ext4_free_inode+0x1700/0x1700 [ 61.331600][ T6815] ext4_bread+0x7c/0x380 [ 61.335917][ T6815] ? ext4_getblk+0x520/0x520 [ 61.340523][ T6815] ? dquot_get_next_dqblk+0x180/0x180 [ 61.345875][ T6815] ext4_append+0x153/0x360 [ 61.350300][ T6815] ext4_mkdir+0x5e0/0xdf0 [ 61.354612][ T6815] ? ext4_rmdir+0xde0/0xde0 [ 61.359094][ T6815] ? security_inode_permission+0xc4/0xf0 [ 61.364795][ T6815] vfs_mkdir+0x419/0x690 [ 61.369036][ T6815] do_mkdirat+0x21e/0x280 [ 61.373992][ T6815] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.378836][ T6815] ? do_syscall_64+0x1c/0xe0 [ 61.383422][ T6815] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.390014][ T6815] do_syscall_64+0x60/0xe0 [ 61.394437][ T6815] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.400319][ T6815] RIP: 0033:0x45bee7 [ 61.404189][ T6815] Code: Bad RIP value. [ 61.408363][ T6815] RSP: 002b:00007fffcef014e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 61.416813][ T6815] RAX: ffffffffffffffda RBX: 000000000000eeff RCX: 000000000045bee7 [ 61.424858][ T6815] RDX: 00007fffcef01533 RSI: 00000000000001ff RDI: 00007fffcef01530 [ 61.432896][ T6815] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/14 09:28:46 building call list... [ 61.440846][ T6815] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 61.448793][ T6815] R13: 00007fffcef01520 R14: 000000000000eeec R15: 00007fffcef01530 [ 61.679952][ T6758] tipc: TX() has been purged, node left! [ 62.165672][ T1154] BUG: using smp_processor_id() in preemptible [00000000] code: khugepaged/1154 [ 62.175402][ T1154] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.181570][ T1154] CPU: 0 PID: 1154 Comm: khugepaged Not tainted 5.7.0-syzkaller #0 [ 62.189451][ T1154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.199499][ T1154] Call Trace: [ 62.202874][ T1154] dump_stack+0x18f/0x20d [ 62.207205][ T1154] check_preemption_disabled+0x20d/0x220 [ 62.212837][ T1154] ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.217956][ T1154] ? ext4_find_extent+0x81a/0xad0 [ 62.223084][ T1154] ? ext4_ext_search_right+0x2ca/0xb20 [ 62.228538][ T1154] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 62.234261][ T1154] ext4_ext_map_blocks+0x201b/0x33e0 [ 62.239555][ T1154] ? ext4_ext_release+0x10/0x10 [ 62.244420][ T1154] ? down_write_killable+0x170/0x170 [ 62.249963][ T1154] ? ext4_es_lookup_extent+0x41d/0xd10 [ 62.255425][ T1154] ext4_map_blocks+0x4cb/0x1640 [ 62.260283][ T1154] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 62.265483][ T1154] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.271025][ T1154] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.277002][ T1154] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 62.282460][ T1154] ext4_writepages+0x1a7b/0x33c0 [ 62.287400][ T1154] ? lock_release+0x7c0/0x800 [ 62.292091][ T1154] ? __ext4_mark_inode_dirty+0x940/0x940 [ 62.297752][ T1154] ? __ext4_mark_inode_dirty+0x940/0x940 [ 62.306772][ T1154] ? do_writepages+0xfa/0x2a0 [ 62.311709][ T1154] do_writepages+0xfa/0x2a0 [ 62.316227][ T1154] ? page_writeback_cpu_online+0x10/0x10 [ 62.321943][ T1154] ? do_raw_spin_lock+0x120/0x2d0 [ 62.326963][ T1154] ? do_raw_spin_unlock+0x171/0x260 [ 62.334070][ T1154] ? _raw_spin_unlock+0x24/0x40 [ 62.338938][ T1154] __filemap_fdatawrite_range+0x2aa/0x390 [ 62.344742][ T1154] ? collapse_file+0x35a2/0x4330 [ 62.349673][ T1154] ? delete_from_page_cache_batch+0xeb0/0xeb0 [ 62.355745][ T1154] ? _raw_spin_unlock_irq+0x1f/0x80 [ 62.361199][ T1154] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.367291][ T1154] collapse_file+0x35ac/0x4330 [ 62.372089][ T1154] ? collapse_huge_page+0x4350/0x4350 [ 62.377462][ T1154] ? khugepaged+0x2506/0x3fc0 [ 62.382155][ T1154] ? xas_find+0x31a/0x880 [ 62.386485][ T1154] ? check_preemption_disabled+0x38/0x220 [ 62.392218][ T1154] khugepaged+0x3041/0x3fc0 [ 62.396773][ T1154] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 62.402417][ T1154] ? lock_downgrade+0x840/0x840 [ 62.407308][ T1154] ? finish_wait+0x260/0x260 [ 62.411902][ T1154] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 62.418140][ T1154] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.424127][ T1154] ? __kthread_parkme+0x13f/0x1e0 [ 62.429160][ T1154] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 62.434800][ T1154] kthread+0x3b5/0x4a0 [ 62.438981][ T1154] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.444697][ T1154] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.450418][ T1154] ret_from_fork+0x1f/0x30 [ 62.501936][ T6758] ================================================================== [ 62.510151][ T6758] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 62.518035][ T6758] Write of size 1 at addr ffff8880a7ce19e4 by task kworker/u4:7/6758 [ 62.526169][ T6758] [ 62.528499][ T6758] CPU: 1 PID: 6758 Comm: kworker/u4:7 Not tainted 5.7.0-syzkaller #0 [ 62.536550][ T6758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.546604][ T6758] Workqueue: netns cleanup_net [ 62.551534][ T6758] Call Trace: [ 62.554913][ T6758] dump_stack+0x18f/0x20d [ 62.559258][ T6758] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.564798][ T6758] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.570424][ T6758] ? afs_put_call+0xa40/0xa40 [ 62.575099][ T6758] print_address_description.constprop.0.cold+0xd3/0x413 [ 62.582134][ T6758] ? vprintk_func+0x97/0x1a6 [ 62.586724][ T6758] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.592327][ T6758] kasan_report.cold+0x1f/0x37 [ 62.597655][ T6758] ? rcu_read_lock_held+0x81/0xb0 [ 62.602681][ T6758] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.608232][ T6758] afs_wake_up_async_call+0x6aa/0x770 [ 62.613604][ T6758] ? afs_close_socket+0x320/0x320 [ 62.618628][ T6758] ? afs_put_call+0xa40/0xa40 [ 62.623303][ T6758] rxrpc_notify_socket+0x1db/0x5d0 [ 62.628416][ T6758] ? afs_put_call+0xa40/0xa40 [ 62.633098][ T6758] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 62.640735][ T6758] rxrpc_call_completed+0xca/0xf0 [ 62.645761][ T6758] rxrpc_discard_prealloc+0x781/0xab0 [ 62.651147][ T6758] ? lock_sock_nested+0x94/0x110 [ 62.656087][ T6758] rxrpc_listen+0x147/0x360 [ 62.661120][ T6758] afs_close_socket+0x95/0x320 [ 62.665878][ T6758] ? afs_purge_servers+0x16d/0x300 [ 62.671008][ T6758] ? afs_rx_discard_new_call+0x50/0x50 [ 62.676469][ T6758] ? init_wait_var_entry+0x200/0x200 [ 62.681754][ T6758] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.687387][ T6758] ? check_preemption_disabled+0x38/0x220 [ 62.693116][ T6758] afs_net_exit+0x1bc/0x310 [ 62.697626][ T6758] ? afs_net_init+0xe30/0xe30 [ 62.702305][ T6758] ops_exit_list.isra.0+0xa8/0x150 [ 62.707420][ T6758] cleanup_net+0x511/0xa50 [ 62.711838][ T6758] ? unregister_pernet_device+0x70/0x70 [ 62.717991][ T6758] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.723975][ T6758] process_one_work+0x965/0x1690 [ 62.729994][ T6758] ? lock_release+0x800/0x800 [ 62.734674][ T6758] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.740047][ T6758] ? rwlock_bug.part.0+0x90/0x90 [ 62.744992][ T6758] worker_thread+0x96/0xe10 [ 62.749523][ T6758] ? process_one_work+0x1690/0x1690 [ 62.754719][ T6758] kthread+0x3b5/0x4a0 [ 62.758783][ T6758] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.764494][ T6758] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.771277][ T6758] ret_from_fork+0x1f/0x30 [ 62.775882][ T6758] [ 62.778206][ T6758] Allocated by task 6815: [ 62.782540][ T6758] save_stack+0x1b/0x40 [ 62.786804][ T6758] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 62.792429][ T6758] kmem_cache_alloc_trace+0x153/0x7d0 [ 62.797793][ T6758] afs_alloc_call+0x55/0x630 [ 62.802551][ T6758] afs_charge_preallocation+0xe9/0x2d0 [ 62.808004][ T6758] afs_open_socket+0x292/0x360 [ 62.812760][ T6758] afs_net_init+0xa6c/0xe30 [ 62.817258][ T6758] ops_init+0xaf/0x420 [ 62.821321][ T6758] setup_net+0x2de/0x860 [ 62.825555][ T6758] copy_net_ns+0x293/0x590 [ 62.829969][ T6758] create_new_namespaces+0x3fb/0xb30 [ 62.835247][ T6758] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 62.840893][ T6758] ksys_unshare+0x43d/0x8e0 [ 62.845402][ T6758] __x64_sys_unshare+0x2d/0x40 [ 62.850166][ T6758] do_syscall_64+0x60/0xe0 [ 62.854596][ T6758] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.860478][ T6758] [ 62.862801][ T6758] Freed by task 6758: [ 62.866815][ T6758] save_stack+0x1b/0x40 [ 62.870976][ T6758] __kasan_slab_free+0xf7/0x140 [ 62.875827][ T6758] kfree+0x109/0x2b0 [ 62.879812][ T6758] afs_put_call+0x585/0xa40 [ 62.884321][ T6758] rxrpc_discard_prealloc+0x764/0xab0 [ 62.889695][ T6758] rxrpc_listen+0x147/0x360 [ 62.894202][ T6758] afs_close_socket+0x95/0x320 [ 62.898965][ T6758] afs_net_exit+0x1bc/0x310 [ 62.903467][ T6758] ops_exit_list.isra.0+0xa8/0x150 [ 62.908575][ T6758] cleanup_net+0x511/0xa50 [ 62.913433][ T6758] process_one_work+0x965/0x1690 [ 62.918384][ T6758] worker_thread+0x96/0xe10 [ 62.922925][ T6758] kthread+0x3b5/0x4a0 [ 62.926973][ T6758] ret_from_fork+0x1f/0x30 [ 62.931361][ T6758] [ 62.933668][ T6758] The buggy address belongs to the object at ffff8880a7ce1800 [ 62.933668][ T6758] which belongs to the cache kmalloc-1k of size 1024 [ 62.948080][ T6758] The buggy address is located 484 bytes inside of [ 62.948080][ T6758] 1024-byte region [ffff8880a7ce1800, ffff8880a7ce1c00) [ 62.962545][ T6758] The buggy address belongs to the page: [ 62.968160][ T6758] page:ffffea00029f3840 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 62.977252][ T6758] flags: 0xfffe0000000200(slab) [ 62.982085][ T6758] raw: 00fffe0000000200 ffffea0002a38cc8 ffffea00029be748 ffff8880aa000c40 [ 62.990652][ T6758] raw: 0000000000000000 ffff8880a7ce1000 0000000100000002 0000000000000000 [ 62.999296][ T6758] page dumped because: kasan: bad access detected [ 63.005854][ T6758] [ 63.008243][ T6758] Memory state around the buggy address: [ 63.013853][ T6758] ffff8880a7ce1880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.022238][ T6758] ffff8880a7ce1900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.030296][ T6758] >ffff8880a7ce1980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.038333][ T6758] ^ [ 63.045588][ T6758] ffff8880a7ce1a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb executing program [ 63.053975][ T6758] ffff8880a7ce1a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.062268][ T6758] ================================================================== [ 63.071258][ T6758] Disabling lock debugging due to kernel taint [ 63.077468][ T6758] Kernel panic - not syncing: panic_on_warn set ... [ 63.084104][ T6758] CPU: 1 PID: 6758 Comm: kworker/u4:7 Tainted: G B 5.7.0-syzkaller #0 [ 63.093660][ T6758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.106758][ T6758] Workqueue: netns cleanup_net [ 63.111508][ T6758] Call Trace: [ 63.114784][ T6758] dump_stack+0x18f/0x20d [ 63.119199][ T6758] ? afs_wake_up_async_call+0x5f0/0x770 [ 63.124892][ T6758] ? afs_put_call+0xa40/0xa40 [ 63.129549][ T6758] panic+0x2e3/0x75c [ 63.133443][ T6758] ? __warn_printk+0xf3/0xf3 [ 63.138006][ T6758] ? asm_common_interrupt+0x1e/0x40 [ 63.143221][ T6758] ? trace_hardirqs_on+0x55/0x220 [ 63.148219][ T6758] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.153735][ T6758] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.159264][ T6758] ? afs_put_call+0xa40/0xa40 [ 63.163918][ T6758] end_report+0x4d/0x53 [ 63.168233][ T6758] kasan_report.cold+0xd/0x37 [ 63.172904][ T6758] ? rcu_read_lock_held+0x81/0xb0 [ 63.177901][ T6758] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.183421][ T6758] afs_wake_up_async_call+0x6aa/0x770 [ 63.188782][ T6758] ? afs_close_socket+0x320/0x320 [ 63.193796][ T6758] ? afs_put_call+0xa40/0xa40 [ 63.198448][ T6758] rxrpc_notify_socket+0x1db/0x5d0 [ 63.203550][ T6758] ? afs_put_call+0xa40/0xa40 [ 63.208207][ T6758] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 63.215206][ T6758] rxrpc_call_completed+0xca/0xf0 [ 63.220215][ T6758] rxrpc_discard_prealloc+0x781/0xab0 [ 63.225561][ T6758] ? lock_sock_nested+0x94/0x110 [ 63.230558][ T6758] rxrpc_listen+0x147/0x360 [ 63.235063][ T6758] afs_close_socket+0x95/0x320 [ 63.239854][ T6758] ? afs_purge_servers+0x16d/0x300 [ 63.244948][ T6758] ? afs_rx_discard_new_call+0x50/0x50 [ 63.250409][ T6758] ? init_wait_var_entry+0x200/0x200 [ 63.256113][ T6758] ? rcu_read_lock_held_common+0xa0/0xa0 [ 63.261723][ T6758] ? check_preemption_disabled+0x38/0x220 [ 63.267424][ T6758] afs_net_exit+0x1bc/0x310 [ 63.271962][ T6758] ? afs_net_init+0xe30/0xe30 [ 63.276661][ T6758] ops_exit_list.isra.0+0xa8/0x150 [ 63.281835][ T6758] cleanup_net+0x511/0xa50 [ 63.286227][ T6758] ? unregister_pernet_device+0x70/0x70 [ 63.291747][ T6758] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.297702][ T6758] process_one_work+0x965/0x1690 [ 63.302668][ T6758] ? lock_release+0x800/0x800 [ 63.307451][ T6758] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.312808][ T6758] ? rwlock_bug.part.0+0x90/0x90 [ 63.317726][ T6758] worker_thread+0x96/0xe10 [ 63.322280][ T6758] ? process_one_work+0x1690/0x1690 [ 63.327456][ T6758] kthread+0x3b5/0x4a0 [ 63.331503][ T6758] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.337720][ T6758] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.343432][ T6758] ret_from_fork+0x1f/0x30 [ 63.349310][ T6758] Kernel Offset: disabled [ 63.353743][ T6758] Rebooting in 86400 seconds..