Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 56.271053][ T6753] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:6/6753 [ 56.280610][ T6753] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 56.286503][ T6753] CPU: 1 PID: 6753 Comm: kworker/u4:6 Not tainted 5.7.0-syzkaller #0 [ 56.294563][ T6753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.304620][ T6753] Workqueue: writeback wb_workfn (flush-8:0) [ 56.310596][ T6753] Call Trace: [ 56.313890][ T6753] dump_stack+0x188/0x20d [ 56.318219][ T6753] debug_smp_processor_id.cold+0x88/0x9b [ 56.323829][ T6753] ext4_mb_new_blocks+0xa77/0x3b30 [ 56.328917][ T6753] ? __kmalloc+0x62f/0x7a0 [ 56.333322][ T6753] ? ext4_ext_search_right+0x2ca/0xb20 [ 56.338761][ T6753] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 56.345171][ T6753] ext4_ext_map_blocks+0x2044/0x3410 [ 56.350475][ T6753] ? ext4_ext_release+0x10/0x10 [ 56.355341][ T6753] ? __down_timeout+0x2d0/0x2d0 [ 56.360168][ T6753] ? ext4_es_lookup_extent+0x41d/0xd30 [ 56.365604][ T6753] ? debug_smp_processor_id+0x2f/0x185 [ 56.371086][ T6753] ext4_map_blocks+0x4cb/0x1640 [ 56.375922][ T6753] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 56.381097][ T6753] ? debug_smp_processor_id+0x2f/0x185 [ 56.386538][ T6753] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.392083][ T6753] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.398080][ T6753] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 56.403524][ T6753] ext4_writepages+0x1ab7/0x3400 [ 56.408493][ T6753] ? __ext4_mark_inode_dirty+0x950/0x950 [ 56.414112][ T6753] ? __lock_acquire+0x2224/0x48a0 [ 56.419125][ T6753] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.425084][ T6753] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.431050][ T6753] ? __ext4_mark_inode_dirty+0x950/0x950 [ 56.436659][ T6753] ? do_writepages+0xfa/0x2a0 [ 56.441329][ T6753] do_writepages+0xfa/0x2a0 [ 56.445816][ T6753] ? page_writeback_cpu_online+0x10/0x10 [ 56.451445][ T6753] ? debug_smp_processor_id+0x2f/0x185 [ 56.456903][ T6753] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.463661][ T6753] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.469616][ T6753] ? lock_downgrade+0x840/0x840 [ 56.474454][ T6753] __writeback_single_inode+0x12a/0x1410 [ 56.480079][ T6753] ? _raw_spin_unlock+0x24/0x40 [ 56.485273][ T6753] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 56.491257][ T6753] writeback_sb_inodes+0x515/0xdd0 [ 56.496375][ T6753] ? __writeback_single_inode+0x1410/0x1410 [ 56.502256][ T6753] __writeback_inodes_wb+0xc3/0x250 [ 56.507456][ T6753] wb_writeback+0x910/0xd90 [ 56.511941][ T6753] ? print_usage_bug+0x240/0x240 [ 56.516878][ T6753] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 56.523186][ T6753] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 56.529062][ T6753] ? cpumask_next+0x3c/0x40 [ 56.533545][ T6753] ? get_nr_dirty_inodes+0xd6/0x130 [ 56.538725][ T6753] wb_workfn+0xadf/0x10d0 [ 56.543043][ T6753] ? inode_wait_for_writeback+0x30/0x30 [ 56.548566][ T6753] ? debug_smp_processor_id+0x2f/0x185 [ 56.554115][ T6753] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.559663][ T6753] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.565694][ T6753] process_one_work+0x965/0x16a0 [ 56.570622][ T6753] ? lock_release+0x800/0x800 [ 56.575278][ T6753] ? pwq_dec_nr_in_flight+0x310/0x310 [ 56.580632][ T6753] ? rwlock_bug.part.0+0x90/0x90 [ 56.585553][ T6753] worker_thread+0x96/0xe10 [ 56.590039][ T6753] ? process_one_work+0x16a0/0x16a0 [ 56.595218][ T6753] kthread+0x388/0x470 [ 56.599266][ T6753] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.604980][ T6753] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.610693][ T6753] ret_from_fork+0x24/0x30 Warning: Permanently added '10.128.0.143' (ECDSA) to the list of known hosts. 2020/06/13 17:14:02 fuzzer started 2020/06/13 17:14:02 connecting to host at 10.128.0.26:45399 2020/06/13 17:14:02 checking machine... 2020/06/13 17:14:02 checking revisions... 2020/06/13 17:14:02 testing simple program... [ 59.547735][ T6787] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6787 [ 59.557203][ T6787] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 59.563257][ T6787] CPU: 0 PID: 6787 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 59.571164][ T6787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.581205][ T6787] Call Trace: [ 59.584498][ T6787] dump_stack+0x188/0x20d [ 59.588830][ T6787] debug_smp_processor_id.cold+0x88/0x9b [ 59.594463][ T6787] ext4_mb_new_blocks+0xa77/0x3b30 [ 59.599560][ T6787] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.605003][ T6787] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.610705][ T6787] ext4_ext_map_blocks+0x2044/0x3410 [ 59.615974][ T6787] ? ext4_ext_release+0x10/0x10 [ 59.620815][ T6787] ? __down_timeout+0x2d0/0x2d0 [ 59.625645][ T6787] ? ext4_es_lookup_extent+0x41d/0xd30 [ 59.631110][ T6787] ext4_map_blocks+0x4cb/0x1640 [ 59.635954][ T6787] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.641155][ T6787] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.646680][ T6787] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.652658][ T6787] ? prandom_u32_state+0xe/0x170 [ 59.657574][ T6787] ? __brelse+0x84/0xa0 [ 59.661711][ T6787] ? __ext4_new_inode+0x144/0x57c0 [ 59.666819][ T6787] ext4_getblk+0xad/0x520 [ 59.671129][ T6787] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.676862][ T6787] ? ext4_free_inode+0x17e0/0x17e0 [ 59.681973][ T6787] ext4_bread+0x7c/0x380 [ 59.686197][ T6787] ? ext4_getblk+0x520/0x520 [ 59.690761][ T6787] ? dqget+0xff0/0xff0 [ 59.694810][ T6787] ext4_append+0x153/0x360 [ 59.699209][ T6787] ext4_mkdir+0x5e0/0xdf0 [ 59.703524][ T6787] ? ext4_rmdir+0xde0/0xde0 [ 59.708007][ T6787] ? security_inode_permission+0xc4/0xf0 [ 59.713639][ T6787] vfs_mkdir+0x419/0x690 [ 59.717880][ T6787] do_mkdirat+0x21e/0x280 [ 59.722191][ T6787] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.727050][ T6787] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.733008][ T6787] ? do_syscall_64+0x21/0x7d0 [ 59.737664][ T6787] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.743640][ T6787] do_syscall_64+0xf6/0x7d0 [ 59.748143][ T6787] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.754050][ T6787] RIP: 0033:0x4b02a0 [ 59.757947][ T6787] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 59.777557][ T6787] RSP: 002b:000000c0000db4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 59.785952][ T6787] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 59.793930][ T6787] RDX: 00000000000001c0 RSI: 000000c000026da0 RDI: ffffffffffffff9c [ 59.801882][ T6787] RBP: 000000c0000db510 R08: 0000000000000000 R09: 0000000000000000 [ 59.809834][ T6787] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 59.817809][ T6787] R13: 000000000000006e R14: 000000000000006d R15: 0000000000000100 [ 59.842689][ T6800] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6800 [ 59.852243][ T6800] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 59.858256][ T6800] CPU: 0 PID: 6800 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 59.866495][ T6800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.876534][ T6800] Call Trace: [ 59.879817][ T6800] dump_stack+0x188/0x20d [ 59.884132][ T6800] debug_smp_processor_id.cold+0x88/0x9b [ 59.889747][ T6800] ext4_mb_new_blocks+0xa77/0x3b30 [ 59.894859][ T6800] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.900296][ T6800] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.906010][ T6800] ext4_ext_map_blocks+0x2044/0x3410 [ 59.911279][ T6800] ? ext4_ext_release+0x10/0x10 [ 59.916196][ T6800] ? __down_timeout+0x2d0/0x2d0 [ 59.921054][ T6800] ? ext4_es_lookup_extent+0x41d/0xd30 [ 59.926536][ T6800] ext4_map_blocks+0x4cb/0x1640 [ 59.931545][ T6800] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.937674][ T6800] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.943261][ T6800] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.949226][ T6800] ? prandom_u32_state+0xe/0x170 [ 59.954151][ T6800] ? __brelse+0x84/0xa0 [ 59.958296][ T6800] ? __ext4_new_inode+0x144/0x57c0 [ 59.963638][ T6800] ext4_getblk+0xad/0x520 [ 59.967950][ T6800] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.974629][ T6800] ? ext4_free_inode+0x17e0/0x17e0 [ 59.979745][ T6800] ext4_bread+0x7c/0x380 [ 59.983968][ T6800] ? ext4_getblk+0x520/0x520 [ 59.988718][ T6800] ? dqget+0xff0/0xff0 [ 59.992771][ T6800] ext4_append+0x153/0x360 [ 59.997226][ T6800] ext4_mkdir+0x5e0/0xdf0 [ 60.001607][ T6800] ? ext4_rmdir+0xde0/0xde0 [ 60.006094][ T6800] ? security_inode_permission+0xc4/0xf0 [ 60.011730][ T6800] vfs_mkdir+0x419/0x690 [ 60.015956][ T6800] do_mkdirat+0x21e/0x280 [ 60.020290][ T6800] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.025139][ T6800] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.031118][ T6800] ? do_syscall_64+0x21/0x7d0 [ 60.035780][ T6800] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.041740][ T6800] do_syscall_64+0xf6/0x7d0 [ 60.046250][ T6800] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.052138][ T6800] RIP: 0033:0x45bee7 [ 60.056017][ T6800] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.075797][ T6800] RSP: 002b:00007ffe0e734228 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 60.084196][ T6800] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 60.092281][ T6800] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007ffe0e734400 [ 60.100245][ T6800] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002a00 [ 60.108426][ T6800] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 60.116509][ T6800] R13: 00007ffe0e734400 R14: 8421084210842109 R15: 00007ffe0e73440c [ 60.198130][ T6801] IPVS: ftp: loaded support on port[0] = 21 [ 60.235313][ T6801] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6801 [ 60.244900][ T6801] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 60.250867][ T6801] CPU: 1 PID: 6801 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.259368][ T6801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.269578][ T6801] Call Trace: [ 60.272874][ T6801] dump_stack+0x188/0x20d [ 60.277188][ T6801] debug_smp_processor_id.cold+0x88/0x9b [ 60.282802][ T6801] ext4_mb_new_blocks+0xa77/0x3b30 [ 60.288415][ T6801] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.293900][ T6801] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.299774][ T6801] ext4_ext_map_blocks+0x2044/0x3410 [ 60.305060][ T6801] ? ext4_ext_release+0x10/0x10 [ 60.309906][ T6801] ? __down_timeout+0x2d0/0x2d0 [ 60.314863][ T6801] ? ext4_es_lookup_extent+0x41d/0xd30 [ 60.320430][ T6801] ext4_map_blocks+0x4cb/0x1640 [ 60.325274][ T6801] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.330458][ T6801] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.335991][ T6801] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.341965][ T6801] ? prandom_u32_state+0xe/0x170 [ 60.346947][ T6801] ? __brelse+0x84/0xa0 [ 60.351100][ T6801] ? __ext4_new_inode+0x144/0x57c0 [ 60.356195][ T6801] ext4_getblk+0xad/0x520 [ 60.360504][ T6801] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.366292][ T6801] ? ext4_free_inode+0x17e0/0x17e0 [ 60.371382][ T6801] ext4_bread+0x7c/0x380 [ 60.375600][ T6801] ? ext4_getblk+0x520/0x520 [ 60.380181][ T6801] ? dqget+0xff0/0xff0 [ 60.384229][ T6801] ext4_append+0x153/0x360 [ 60.388625][ T6801] ext4_mkdir+0x5e0/0xdf0 [ 60.392937][ T6801] ? ext4_rmdir+0xde0/0xde0 [ 60.397421][ T6801] ? security_inode_permission+0xc4/0xf0 [ 60.403038][ T6801] vfs_mkdir+0x419/0x690 [ 60.407267][ T6801] do_mkdirat+0x21e/0x280 [ 60.411575][ T6801] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.416411][ T6801] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.422716][ T6801] ? do_syscall_64+0x21/0x7d0 [ 60.427377][ T6801] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.433336][ T6801] do_syscall_64+0xf6/0x7d0 [ 60.437828][ T6801] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.443695][ T6801] RIP: 0033:0x45bee7 [ 60.447579][ T6801] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.467172][ T6801] RSP: 002b:00007ffe0e734118 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 60.475561][ T6801] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 60.483522][ T6801] RDX: 00007ffe0e734163 RSI: 00000000000001ff RDI: 00007ffe0e734160 [ 60.491471][ T6801] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 60.499530][ T6801] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185d0 [ 60.507623][ T6801] R13: 00007ffe0e734150 R14: 0000000000000000 R15: 00007ffe0e734160 [ 60.556256][ T6801] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6801 [ 60.565758][ T6801] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 60.571861][ T6801] CPU: 1 PID: 6801 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.580103][ T6801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.590155][ T6801] Call Trace: [ 60.593451][ T6801] dump_stack+0x188/0x20d [ 60.597795][ T6801] debug_smp_processor_id.cold+0x88/0x9b [ 60.603434][ T6801] ext4_mb_new_blocks+0xa77/0x3b30 [ 60.608572][ T6801] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.614124][ T6801] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.620117][ T6801] ext4_ext_map_blocks+0x2044/0x3410 [ 60.625418][ T6801] ? ext4_ext_release+0x10/0x10 [ 60.630299][ T6801] ? __down_timeout+0x2d0/0x2d0 [ 60.635193][ T6801] ? ext4_es_lookup_extent+0x41d/0xd30 [ 60.640694][ T6801] ext4_map_blocks+0x4cb/0x1640 [ 60.645540][ T6801] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.650714][ T6801] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.656250][ T6801] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.662219][ T6801] ? prandom_u32_state+0xe/0x170 [ 60.667646][ T6801] ? __brelse+0x84/0xa0 [ 60.671789][ T6801] ? __ext4_new_inode+0x144/0x57c0 [ 60.676889][ T6801] ext4_getblk+0xad/0x520 [ 60.681206][ T6801] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.686926][ T6801] ? ext4_free_inode+0x17e0/0x17e0 [ 60.692022][ T6801] ext4_bread+0x7c/0x380 [ 60.696247][ T6801] ? ext4_getblk+0x520/0x520 [ 60.700826][ T6801] ? dqget+0xff0/0xff0 [ 60.704874][ T6801] ext4_append+0x153/0x360 [ 60.709267][ T6801] ext4_mkdir+0x5e0/0xdf0 [ 60.713577][ T6801] ? ext4_rmdir+0xde0/0xde0 [ 60.718064][ T6801] ? security_inode_permission+0xc4/0xf0 [ 60.723679][ T6801] vfs_mkdir+0x419/0x690 [ 60.727913][ T6801] do_mkdirat+0x21e/0x280 [ 60.732249][ T6801] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.737078][ T6801] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.743049][ T6801] ? do_syscall_64+0x21/0x7d0 [ 60.747701][ T6801] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.753659][ T6801] do_syscall_64+0xf6/0x7d0 [ 60.758165][ T6801] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.764047][ T6801] RIP: 0033:0x45bee7 [ 60.767988][ T6801] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 60.787592][ T6801] RSP: 002b:00007ffe0e734118 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 60.795988][ T6801] RAX: ffffffffffffffda RBX: 000000000000ec83 RCX: 000000000045bee7 2020/06/13 17:14:04 building call list... [ 60.803964][ T6801] RDX: 00007ffe0e734163 RSI: 00000000000001ff RDI: 00007ffe0e734160 [ 60.812281][ T6801] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 60.820362][ T6801] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 60.828416][ T6801] R13: 00007ffe0e734150 R14: 000000000000ec7d R15: 00007ffe0e734160 [ 61.089607][ T6753] tipc: TX() has been purged, node left! [ 61.591925][ T6753] ================================================================== [ 61.600143][ T6753] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x7a7/0x880 [ 61.608056][ T6753] Write of size 1 at addr ffff88808d3fe9e4 by task kworker/u4:6/6753 [ 61.618492][ T6753] [ 61.620821][ T6753] CPU: 1 PID: 6753 Comm: kworker/u4:6 Not tainted 5.7.0-syzkaller #0 [ 61.628875][ T6753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.638930][ T6753] Workqueue: netns cleanup_net [ 61.643776][ T6753] Call Trace: [ 61.647070][ T6753] dump_stack+0x188/0x20d [ 61.651399][ T6753] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.656959][ T6753] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.662530][ T6753] ? afs_put_call+0xa70/0xa70 [ 61.667215][ T6753] print_address_description.constprop.0.cold+0xd3/0x413 [ 61.674246][ T6753] ? vprintk_func+0x97/0x1a6 [ 61.678837][ T6753] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.684381][ T6753] kasan_report.cold+0x1f/0x37 [ 61.689148][ T6753] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.694690][ T6753] afs_wake_up_async_call+0x7a7/0x880 [ 61.700053][ T6753] ? do_raw_spin_lock+0x129/0x2e0 [ 61.705083][ T6753] ? afs_close_socket+0x320/0x320 [ 61.710116][ T6753] ? rwlock_bug.part.0+0x90/0x90 [ 61.715045][ T6753] ? rcu_read_lock_held+0x9c/0xb0 [ 61.720062][ T6753] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.725697][ T6753] ? afs_close_socket+0x320/0x320 [ 61.730719][ T6753] ? afs_put_call+0xa70/0xa70 [ 61.735389][ T6753] rxrpc_notify_socket+0x1e5/0x5e0 [ 61.740499][ T6753] ? afs_put_call+0xa70/0xa70 [ 61.745254][ T6753] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 61.751678][ T6753] rxrpc_call_completed+0xca/0xf0 [ 61.757053][ T6753] rxrpc_discard_prealloc+0x786/0xac0 [ 61.762420][ T6753] ? lock_sock_nested+0x94/0x110 [ 61.767538][ T6753] rxrpc_listen+0x147/0x360 [ 61.772067][ T6753] afs_close_socket+0x95/0x320 [ 61.776851][ T6753] ? afs_purge_servers+0x16d/0x300 [ 61.781997][ T6753] ? afs_rx_discard_new_call+0x50/0x50 [ 61.787463][ T6753] ? debug_smp_processor_id+0x2f/0x185 [ 61.792954][ T6753] ? init_wait_var_entry+0x200/0x200 [ 61.798278][ T6753] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.803976][ T6753] afs_net_exit+0x1bc/0x310 [ 61.808473][ T6753] ? afs_net_init+0xe30/0xe30 [ 61.813151][ T6753] ops_exit_list.isra.0+0xa8/0x150 [ 61.818284][ T6753] cleanup_net+0x511/0xa50 [ 61.823946][ T6753] ? unregister_pernet_device+0x70/0x70 [ 61.829493][ T6753] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.835481][ T6753] process_one_work+0x965/0x16a0 [ 61.840426][ T6753] ? lock_release+0x800/0x800 [ 61.845125][ T6753] ? pwq_dec_nr_in_flight+0x310/0x310 [ 61.850502][ T6753] ? rwlock_bug.part.0+0x90/0x90 [ 61.855533][ T6753] worker_thread+0x96/0xe10 [ 61.860048][ T6753] ? process_one_work+0x16a0/0x16a0 [ 61.865241][ T6753] kthread+0x388/0x470 [ 61.869303][ T6753] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.875016][ T6753] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.880731][ T6753] ret_from_fork+0x24/0x30 [ 61.885149][ T6753] [ 61.887472][ T6753] Allocated by task 6801: [ 61.891797][ T6753] save_stack+0x1b/0x40 [ 61.895957][ T6753] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 61.901579][ T6753] kmem_cache_alloc_trace+0x153/0x7d0 [ 61.906944][ T6753] afs_alloc_call+0x55/0x640 [ 61.911529][ T6753] afs_charge_preallocation+0xe9/0x2d0 [ 61.916982][ T6753] afs_open_socket+0x292/0x360 [ 61.921741][ T6753] afs_net_init+0xa6c/0xe30 [ 61.926236][ T6753] ops_init+0xaf/0x420 [ 61.930299][ T6753] setup_net+0x2de/0x860 [ 61.934655][ T6753] copy_net_ns+0x293/0x590 [ 61.939072][ T6753] create_new_namespaces+0x3fb/0xb30 [ 61.944362][ T6753] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 61.950017][ T6753] ksys_unshare+0x43d/0x8e0 [ 61.954533][ T6753] __x64_sys_unshare+0x2d/0x40 [ 61.959818][ T6753] do_syscall_64+0xf6/0x7d0 [ 61.964320][ T6753] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 61.970216][ T6753] [ 61.972539][ T6753] Freed by task 6753: [ 61.976665][ T6753] save_stack+0x1b/0x40 [ 61.980818][ T6753] __kasan_slab_free+0xf7/0x140 [ 61.985662][ T6753] kfree+0x109/0x2b0 [ 61.989556][ T6753] afs_put_call+0x59b/0xa70 [ 61.994053][ T6753] rxrpc_discard_prealloc+0x769/0xac0 [ 61.999502][ T6753] rxrpc_listen+0x147/0x360 [ 62.003998][ T6753] afs_close_socket+0x95/0x320 [ 62.008763][ T6753] afs_net_exit+0x1bc/0x310 [ 62.013268][ T6753] ops_exit_list.isra.0+0xa8/0x150 [ 62.018377][ T6753] cleanup_net+0x511/0xa50 [ 62.022962][ T6753] process_one_work+0x965/0x16a0 [ 62.027893][ T6753] worker_thread+0x96/0xe10 [ 62.032388][ T6753] kthread+0x388/0x470 [ 62.036473][ T6753] ret_from_fork+0x24/0x30 [ 62.040872][ T6753] [ 62.043204][ T6753] The buggy address belongs to the object at ffff88808d3fe800 [ 62.043204][ T6753] which belongs to the cache kmalloc-1k of size 1024 [ 62.057342][ T6753] The buggy address is located 484 bytes inside of [ 62.057342][ T6753] 1024-byte region [ffff88808d3fe800, ffff88808d3fec00) [ 62.070691][ T6753] The buggy address belongs to the page: [ 62.076320][ T6753] page:ffffea000234ff80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 62.085772][ T6753] flags: 0xfffe0000000200(slab) [ 62.090622][ T6753] raw: 00fffe0000000200 ffffea0002566248 ffffea0002459388 ffff8880aa000c40 [ 62.099228][ T6753] raw: 0000000000000000 ffff88808d3fe000 0000000100000002 0000000000000000 [ 62.107887][ T6753] page dumped because: kasan: bad access detected [ 62.114423][ T6753] [ 62.116842][ T6753] Memory state around the buggy address: [ 62.122472][ T6753] ffff88808d3fe880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.130533][ T6753] ffff88808d3fe900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.138593][ T6753] >ffff88808d3fe980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.146663][ T6753] ^ [ 62.153849][ T6753] ffff88808d3fea00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.161920][ T6753] ffff88808d3fea80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.169989][ T6753] ================================================================== [ 62.178042][ T6753] Disabling lock debugging due to kernel taint [ 62.184240][ T6753] Kernel panic - not syncing: panic_on_warn set ... [ 62.190924][ T6753] CPU: 1 PID: 6753 Comm: kworker/u4:6 Tainted: G B 5.7.0-syzkaller #0 [ 62.200356][ T6753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.210493][ T6753] Workqueue: netns cleanup_net [ 62.215264][ T6753] Call Trace: [ 62.218553][ T6753] dump_stack+0x188/0x20d [ 62.222880][ T6753] ? afs_wake_up_async_call+0x6b0/0x880 [ 62.228439][ T6753] ? afs_put_call+0xa70/0xa70 [ 62.233104][ T6753] panic+0x2e3/0x75c [ 62.236990][ T6753] ? add_taint.cold+0x16/0x16 [ 62.241657][ T6753] ? retint_kernel+0x2b/0x2b [ 62.246241][ T6753] ? trace_hardirqs_on+0x55/0x230 [ 62.251354][ T6753] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.256886][ T6753] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.262418][ T6753] ? afs_put_call+0xa70/0xa70 [ 62.267105][ T6753] end_report+0x4d/0x53 [ 62.271250][ T6753] kasan_report.cold+0xd/0x37 [ 62.275917][ T6753] ? afs_wake_up_async_call+0x7a7/0x880 [ 62.281457][ T6753] afs_wake_up_async_call+0x7a7/0x880 [ 62.286819][ T6753] ? do_raw_spin_lock+0x129/0x2e0 [ 62.291838][ T6753] ? afs_close_socket+0x320/0x320 [ 62.296849][ T6753] ? rwlock_bug.part.0+0x90/0x90 [ 62.301864][ T6753] ? rcu_read_lock_held+0x9c/0xb0 [ 62.306885][ T6753] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.312507][ T6753] ? afs_close_socket+0x320/0x320 [ 62.317528][ T6753] ? afs_put_call+0xa70/0xa70 [ 62.322204][ T6753] rxrpc_notify_socket+0x1e5/0x5e0 [ 62.327314][ T6753] ? afs_put_call+0xa70/0xa70 [ 62.331984][ T6753] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 62.338418][ T6753] rxrpc_call_completed+0xca/0xf0 [ 62.343490][ T6753] rxrpc_discard_prealloc+0x786/0xac0 [ 62.348859][ T6753] ? lock_sock_nested+0x94/0x110 [ 62.353792][ T6753] rxrpc_listen+0x147/0x360 [ 62.358296][ T6753] afs_close_socket+0x95/0x320 [ 62.363056][ T6753] ? afs_purge_servers+0x16d/0x300 [ 62.368194][ T6753] ? afs_rx_discard_new_call+0x50/0x50 [ 62.373649][ T6753] ? debug_smp_processor_id+0x2f/0x185 [ 62.379108][ T6753] ? init_wait_var_entry+0x200/0x200 [ 62.384395][ T6753] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.390030][ T6753] afs_net_exit+0x1bc/0x310 [ 62.394543][ T6753] ? afs_net_init+0xe30/0xe30 [ 62.399235][ T6753] ops_exit_list.isra.0+0xa8/0x150 [ 62.404467][ T6753] cleanup_net+0x511/0xa50 [ 62.408884][ T6753] ? unregister_pernet_device+0x70/0x70 [ 62.414689][ T6753] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.420674][ T6753] process_one_work+0x965/0x16a0 [ 62.425610][ T6753] ? lock_release+0x800/0x800 [ 62.430282][ T6753] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.435648][ T6753] ? rwlock_bug.part.0+0x90/0x90 [ 62.440686][ T6753] worker_thread+0x96/0xe10 [ 62.445318][ T6753] ? process_one_work+0x16a0/0x16a0 [ 62.450556][ T6753] kthread+0x388/0x470 [ 62.454614][ T6753] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.460304][ T6753] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.466182][ T6753] ret_from_fork+0x24/0x30 [ 62.472055][ T6753] Kernel Offset: disabled [ 62.476395][ T6753] Rebooting in 86400 seconds..