[ 58.932422][ T390] ext4_map_blocks+0x4cb/0x1640 [ 58.937318][ T390] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.942699][ T390] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.948257][ T390] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.954244][ T390] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 58.959714][ T390] ext4_writepages+0x1a7b/0x33c0 [ 58.964681][ T390] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.970315][ T390] ? __lock_acquire+0x2224/0x48b0 [ 58.975359][ T390] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.981345][ T390] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.987334][ T390] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.992970][ T390] ? do_writepages+0xfa/0x2a0 [ 58.997649][ T390] do_writepages+0xfa/0x2a0 [ 59.002170][ T390] ? page_writeback_cpu_online+0x10/0x10 [ 59.007814][ T390] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.013364][ T390] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.019347][ T390] ? lock_downgrade+0x840/0x840 [ 59.024208][ T390] __writeback_single_inode+0x12a/0x13d0 [ 59.029849][ T390] ? _raw_spin_unlock+0x24/0x40 [ 59.034703][ T390] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 59.040860][ T390] writeback_sb_inodes+0x515/0xdc0 [ 59.045991][ T390] ? __writeback_single_inode+0x13d0/0x13d0 [ 59.051908][ T390] __writeback_inodes_wb+0xc3/0x250 [ 59.057118][ T390] wb_writeback+0x8db/0xd50 [ 59.061635][ T390] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 59.067969][ T390] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 59.073869][ T390] ? cpumask_next+0x3c/0x40 [ 59.078464][ T390] ? get_nr_dirty_inodes+0xd6/0x130 [ 59.083683][ T390] wb_workfn+0xab3/0x1090 [ 59.088022][ T390] ? inode_wait_for_writeback+0x30/0x30 [ 59.093574][ T390] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.099132][ T390] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.105124][ T390] process_one_work+0x965/0x1690 [ 59.110077][ T390] ? lock_release+0x800/0x800 [ 59.114760][ T390] ? pwq_dec_nr_in_flight+0x310/0x310 [ 59.120137][ T390] ? rwlock_bug.part.0+0x90/0x90 [ 59.125087][ T390] worker_thread+0x96/0xe10 [ 59.129605][ T390] ? process_one_work+0x1690/0x1690 [ 59.134813][ T390] kthread+0x3b5/0x4a0 [ 59.139003][ T390] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 59.144722][ T390] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 59.150468][ T390] ret_from_fork+0x1f/0x30 [ 60.207632][ T6785] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6785 [ 60.217163][ T6785] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.223399][ T6785] CPU: 0 PID: 6785 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 60.231962][ T6785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.241995][ T6785] Call Trace: [ 60.245339][ T6785] dump_stack+0x18f/0x20d [ 60.249690][ T6785] check_preemption_disabled+0x20d/0x220 [ 60.255313][ T6785] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.260792][ T6785] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.266258][ T6785] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.271981][ T6785] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.277260][ T6785] ? ext4_ext_release+0x10/0x10 [ 60.282119][ T6785] ? down_write_killable+0x170/0x170 [ 60.287398][ T6785] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.292840][ T6785] ext4_map_blocks+0x4cb/0x1640 [ 60.297674][ T6785] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.302847][ T6785] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.308375][ T6785] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.314345][ T6785] ? prandom_u32_state+0xe/0x170 [ 60.319262][ T6785] ? __brelse+0x84/0xa0 [ 60.323395][ T6785] ? __ext4_new_inode+0x144/0x55e0 [ 60.328488][ T6785] ext4_getblk+0xad/0x520 [ 60.332798][ T6785] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.338513][ T6785] ? ext4_free_inode+0x1700/0x1700 [ 60.343605][ T6785] ext4_bread+0x7c/0x380 [ 60.347845][ T6785] ? ext4_getblk+0x520/0x520 [ 60.352426][ T6785] ? dquot_get_next_dqblk+0x180/0x180 [ 60.357789][ T6785] ext4_append+0x153/0x360 [ 60.362623][ T6785] ext4_mkdir+0x5e0/0xdf0 [ 60.366938][ T6785] ? ext4_rmdir+0xde0/0xde0 [ 60.371525][ T6785] ? security_inode_permission+0xc4/0xf0 [ 60.377172][ T6785] vfs_mkdir+0x419/0x690 [ 60.381504][ T6785] do_mkdirat+0x21e/0x280 [ 60.385833][ T6785] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.390684][ T6785] ? do_syscall_64+0x1c/0xe0 [ 60.395449][ T6785] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.401434][ T6785] do_syscall_64+0x60/0xe0 [ 60.405857][ T6785] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.411734][ T6785] RIP: 0033:0x7fcb189ae687 [ 60.416121][ T6785] Code: Bad RIP value. [ 60.420178][ T6785] RSP: 002b:00007ffd9c9f5818 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 60.428569][ T6785] RAX: ffffffffffffffda RBX: 000056065abd5985 RCX: 00007fcb189ae687 [ 60.436541][ T6785] RDX: 00007ffd9c9f56e0 RSI: 00000000000001ed RDI: 000056065abd5985 [ 60.444509][ T6785] RBP: 00007fcb189ae680 R08: 0000000000000100 R09: 0000000000000000 [ 60.452475][ T6785] R10: 000056065abd5980 R11: 0000000000000246 R12: 00000000000001ed [ 60.460424][ T6785] R13: 00007ffd9c9f59a0 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.8' (ECDSA) to the list of known hosts. 2020/06/17 18:50:12 fuzzer started 2020/06/17 18:50:12 connecting to host at 10.128.0.26:38061 2020/06/17 18:50:12 checking machine... 2020/06/17 18:50:12 checking revisions... 2020/06/17 18:50:12 testing simple program... syzkaller login: [ 64.759517][ T6797] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6797 [ 64.768646][ T6797] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.774717][ T6797] CPU: 1 PID: 6797 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 64.782952][ T6797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.792987][ T6797] Call Trace: [ 64.796273][ T6797] dump_stack+0x18f/0x20d [ 64.800585][ T6797] check_preemption_disabled+0x20d/0x220 [ 64.806209][ T6797] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.811315][ T6797] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.816750][ T6797] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.822449][ T6797] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.827719][ T6797] ? ext4_ext_release+0x10/0x10 [ 64.832555][ T6797] ? down_write_killable+0x170/0x170 [ 64.837814][ T6797] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.843253][ T6797] ext4_map_blocks+0x4cb/0x1640 [ 64.848094][ T6797] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.853282][ T6797] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.858802][ T6797] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.864765][ T6797] ? prandom_u32_state+0xe/0x170 [ 64.870291][ T6797] ? __brelse+0x84/0xa0 [ 64.874424][ T6797] ? __ext4_new_inode+0x144/0x55e0 [ 64.879523][ T6797] ext4_getblk+0xad/0x520 [ 64.883830][ T6797] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.889527][ T6797] ? ext4_free_inode+0x1700/0x1700 [ 64.894616][ T6797] ext4_bread+0x7c/0x380 [ 64.898834][ T6797] ? ext4_getblk+0x520/0x520 [ 64.903402][ T6797] ? dquot_get_next_dqblk+0x180/0x180 [ 64.908767][ T6797] ext4_append+0x153/0x360 [ 64.913163][ T6797] ext4_mkdir+0x5e0/0xdf0 [ 64.917474][ T6797] ? ext4_rmdir+0xde0/0xde0 [ 64.921959][ T6797] ? security_inode_permission+0xc4/0xf0 [ 64.927580][ T6797] vfs_mkdir+0x419/0x690 [ 64.931813][ T6797] do_mkdirat+0x21e/0x280 [ 64.936121][ T6797] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.941022][ T6797] ? do_syscall_64+0x1c/0xe0 [ 64.945612][ T6797] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.951585][ T6797] do_syscall_64+0x60/0xe0 [ 64.955999][ T6797] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.961872][ T6797] RIP: 0033:0x4b02a0 [ 64.965739][ T6797] Code: Bad RIP value. [ 64.969780][ T6797] RSP: 002b:000000c0003bd4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 64.978164][ T6797] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 64.986125][ T6797] RDX: 00000000000001c0 RSI: 000000c0000ceb20 RDI: ffffffffffffff9c [ 64.994514][ T6797] RBP: 000000c0003bd510 R08: 0000000000000000 R09: 0000000000000000 [ 65.002474][ T6797] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 65.010434][ T6797] R13: 000000000000005a R14: 0000000000000059 R15: 0000000000000100 [ 65.026090][ T6809] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6809 [ 65.035570][ T6809] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.041462][ T6809] CPU: 1 PID: 6809 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.050018][ T6809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.060061][ T6809] Call Trace: [ 65.063336][ T6809] dump_stack+0x18f/0x20d [ 65.067673][ T6809] check_preemption_disabled+0x20d/0x220 [ 65.073284][ T6809] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.078380][ T6809] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.083816][ T6809] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.089516][ T6809] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.094782][ T6809] ? ext4_ext_release+0x10/0x10 [ 65.099620][ T6809] ? down_write_killable+0x170/0x170 [ 65.104910][ T6809] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.110349][ T6809] ext4_map_blocks+0x4cb/0x1640 [ 65.115193][ T6809] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.120378][ T6809] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.125899][ T6809] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.131855][ T6809] ? prandom_u32_state+0xe/0x170 [ 65.136769][ T6809] ? __brelse+0x84/0xa0 [ 65.140911][ T6809] ? __ext4_new_inode+0x144/0x55e0 [ 65.146001][ T6809] ext4_getblk+0xad/0x520 [ 65.150308][ T6809] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.156006][ T6809] ? ext4_free_inode+0x1700/0x1700 [ 65.161095][ T6809] ext4_bread+0x7c/0x380 [ 65.165325][ T6809] ? ext4_getblk+0x520/0x520 [ 65.169889][ T6809] ? dquot_get_next_dqblk+0x180/0x180 [ 65.175240][ T6809] ext4_append+0x153/0x360 [ 65.179635][ T6809] ext4_mkdir+0x5e0/0xdf0 [ 65.183957][ T6809] ? ext4_rmdir+0xde0/0xde0 [ 65.188450][ T6809] ? security_inode_permission+0xc4/0xf0 [ 65.194061][ T6809] vfs_mkdir+0x419/0x690 [ 65.198282][ T6809] do_mkdirat+0x21e/0x280 [ 65.202603][ T6809] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.207443][ T6809] ? do_syscall_64+0x1c/0xe0 [ 65.212033][ T6809] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.218002][ T6809] do_syscall_64+0x60/0xe0 [ 65.222396][ T6809] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.228262][ T6809] RIP: 0033:0x45bed7 [ 65.232127][ T6809] Code: Bad RIP value. [ 65.236168][ T6809] RSP: 002b:00007ffc7e2802e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 65.244552][ T6809] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 65.252499][ T6809] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffc7e2804c0 [ 65.260445][ T6809] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003880 [ 65.268391][ T6809] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 65.276336][ T6809] R13: 00007ffc7e2804c0 R14: 8421084210842109 R15: 00007ffc7e2804cc [ 65.363062][ T6810] IPVS: ftp: loaded support on port[0] = 21 [ 65.403080][ T6810] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6810 [ 65.412599][ T6810] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.418648][ T6810] CPU: 0 PID: 6810 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.427222][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.437256][ T6810] Call Trace: [ 65.440528][ T6810] dump_stack+0x18f/0x20d [ 65.444858][ T6810] check_preemption_disabled+0x20d/0x220 [ 65.450473][ T6810] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.456624][ T6810] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.462060][ T6810] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.467770][ T6810] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.473040][ T6810] ? ext4_ext_release+0x10/0x10 [ 65.477877][ T6810] ? down_write_killable+0x170/0x170 [ 65.483156][ T6810] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.488606][ T6810] ext4_map_blocks+0x4cb/0x1640 [ 65.493687][ T6810] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.498880][ T6810] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.504432][ T6810] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.510604][ T6810] ? prandom_u32_state+0xe/0x170 [ 65.515557][ T6810] ? __brelse+0x84/0xa0 [ 65.519717][ T6810] ? __ext4_new_inode+0x144/0x55e0 [ 65.524837][ T6810] ext4_getblk+0xad/0x520 [ 65.529187][ T6810] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.534918][ T6810] ? ext4_free_inode+0x1700/0x1700 [ 65.540037][ T6810] ext4_bread+0x7c/0x380 [ 65.544286][ T6810] ? ext4_getblk+0x520/0x520 [ 65.548905][ T6810] ? dquot_get_next_dqblk+0x180/0x180 [ 65.554292][ T6810] ext4_append+0x153/0x360 [ 65.558753][ T6810] ext4_mkdir+0x5e0/0xdf0 [ 65.563222][ T6810] ? ext4_rmdir+0xde0/0xde0 [ 65.567736][ T6810] ? security_inode_permission+0xc4/0xf0 [ 65.573388][ T6810] vfs_mkdir+0x419/0x690 [ 65.577657][ T6810] do_mkdirat+0x21e/0x280 [ 65.582002][ T6810] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.586866][ T6810] ? do_syscall_64+0x1c/0xe0 [ 65.591471][ T6810] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.597709][ T6810] do_syscall_64+0x60/0xe0 [ 65.602117][ T6810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.608211][ T6810] RIP: 0033:0x45bed7 [ 65.612092][ T6810] Code: Bad RIP value. [ 65.616139][ T6810] RSP: 002b:00007ffc7e2801d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 65.624526][ T6810] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 65.632474][ T6810] RDX: 00007ffc7e280223 RSI: 00000000000001ff RDI: 00007ffc7e280220 [ 65.640422][ T6810] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 65.648406][ T6810] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0 [ 65.656529][ T6810] R13: 00007ffc7e280210 R14: 0000000000000000 R15: 00007ffc7e280220 [ 65.707512][ T6810] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6810 [ 65.717072][ T6810] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.723066][ T6810] CPU: 1 PID: 6810 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.731644][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.742566][ T6810] Call Trace: [ 65.745861][ T6810] dump_stack+0x18f/0x20d [ 65.750202][ T6810] check_preemption_disabled+0x20d/0x220 [ 65.755843][ T6810] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.760972][ T6810] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.766434][ T6810] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.772165][ T6810] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.777458][ T6810] ? ext4_ext_release+0x10/0x10 [ 65.782328][ T6810] ? down_write_killable+0x170/0x170 [ 65.787622][ T6810] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.793098][ T6810] ext4_map_blocks+0x4cb/0x1640 [ 65.797947][ T6810] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.803125][ T6810] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.808654][ T6810] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.814613][ T6810] ? prandom_u32_state+0xe/0x170 [ 65.819540][ T6810] ? __brelse+0x84/0xa0 [ 65.823675][ T6810] ? __ext4_new_inode+0x144/0x55e0 [ 65.828764][ T6810] ext4_getblk+0xad/0x520 [ 65.833073][ T6810] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.838773][ T6810] ? ext4_free_inode+0x1700/0x1700 [ 65.843864][ T6810] ext4_bread+0x7c/0x380 [ 65.848262][ T6810] ? ext4_getblk+0x520/0x520 [ 65.852836][ T6810] ? dquot_get_next_dqblk+0x180/0x180 [ 65.858200][ T6810] ext4_append+0x153/0x360 [ 65.862594][ T6810] ext4_mkdir+0x5e0/0xdf0 [ 65.866904][ T6810] ? ext4_rmdir+0xde0/0xde0 [ 65.871397][ T6810] ? security_inode_permission+0xc4/0xf0 [ 65.877011][ T6810] vfs_mkdir+0x419/0x690 [ 65.881231][ T6810] do_mkdirat+0x21e/0x280 [ 65.885539][ T6810] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.890371][ T6810] ? do_syscall_64+0x1c/0xe0 [ 65.894954][ T6810] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.900912][ T6810] do_syscall_64+0x60/0xe0 [ 65.905305][ T6810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.911171][ T6810] RIP: 0033:0x45bed7 [ 65.915036][ T6810] Code: Bad RIP value. [ 65.919086][ T6810] RSP: 002b:00007ffc7e2801d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 65.927470][ T6810] RAX: ffffffffffffffda RBX: 0000000000010095 RCX: 000000000045bed7 [ 65.935427][ T6810] RDX: 00007ffc7e280223 RSI: 00000000000001ff RDI: 00007ffc7e280220 [ 65.943372][ T6810] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/17 18:50:13 building call list... [ 65.951319][ T6810] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 65.959267][ T6810] R13: 00007ffc7e280210 R14: 0000000000010084 R15: 00007ffc7e280220 [ 66.232857][ T308] tipc: TX() has been purged, node left! [ 66.735218][ T308] ================================================================== [ 66.743457][ T308] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 66.751355][ T308] Write of size 1 at addr ffff8880a8a929e4 by task kworker/u4:4/308 [ 66.759315][ T308] [ 66.761646][ T308] CPU: 0 PID: 308 Comm: kworker/u4:4 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.769974][ T308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.780036][ T308] Workqueue: netns cleanup_net [ 66.784787][ T308] Call Trace: [ 66.788077][ T308] dump_stack+0x18f/0x20d [ 66.792408][ T308] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.797951][ T308] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.803490][ T308] ? afs_put_call+0xa40/0xa40 [ 66.808168][ T308] print_address_description.constprop.0.cold+0xd3/0x413 [ 66.815194][ T308] ? vprintk_func+0x97/0x1a6 [ 66.819790][ T308] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.825331][ T308] kasan_report.cold+0x1f/0x37 [ 66.830105][ T308] ? rcu_read_lock_held_common+0x51/0xa0 [ 66.835729][ T308] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.841275][ T308] afs_wake_up_async_call+0x6aa/0x770 [ 66.846641][ T308] ? afs_close_socket+0x320/0x320 [ 66.851676][ T308] ? afs_put_call+0xa40/0xa40 [ 66.856350][ T308] rxrpc_notify_socket+0x1db/0x5d0 [ 66.861465][ T308] ? afs_put_call+0xa40/0xa40 [ 66.866137][ T308] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 66.872549][ T308] rxrpc_call_completed+0xca/0xf0 [ 66.877664][ T308] rxrpc_discard_prealloc+0x781/0xab0 [ 66.883042][ T308] ? lock_sock_nested+0x94/0x110 [ 66.887986][ T308] rxrpc_listen+0x147/0x360 [ 66.892491][ T308] afs_close_socket+0x95/0x320 [ 66.897249][ T308] ? afs_purge_servers+0x16d/0x300 [ 66.902373][ T308] ? afs_rx_discard_new_call+0x50/0x50 [ 66.909408][ T308] ? init_wait_var_entry+0x200/0x200 [ 66.914705][ T308] ? rcu_read_lock_held_common+0xa0/0xa0 [ 66.920348][ T308] ? check_preemption_disabled+0x38/0x220 [ 66.926081][ T308] afs_net_exit+0x1bc/0x310 [ 66.930581][ T308] ? afs_net_init+0xe30/0xe30 [ 66.935254][ T308] ops_exit_list.isra.0+0xa8/0x150 [ 66.940368][ T308] cleanup_net+0x511/0xa50 [ 66.944786][ T308] ? unregister_pernet_device+0x70/0x70 [ 66.950330][ T308] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.956316][ T308] process_one_work+0x965/0x1690 [ 66.961261][ T308] ? lock_release+0x800/0x800 [ 66.965936][ T308] ? pwq_dec_nr_in_flight+0x310/0x310 [ 66.971311][ T308] ? rwlock_bug.part.0+0x90/0x90 [ 66.976266][ T308] worker_thread+0x96/0xe10 [ 66.980785][ T308] ? process_one_work+0x1690/0x1690 [ 66.985981][ T308] kthread+0x3b5/0x4a0 [ 66.990046][ T308] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.995847][ T308] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.001566][ T308] ret_from_fork+0x1f/0x30 [ 67.005992][ T308] [ 67.008312][ T308] Allocated by task 6810: [ 67.012898][ T308] save_stack+0x1b/0x40 [ 67.017057][ T308] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 67.022681][ T308] kmem_cache_alloc_trace+0x153/0x7d0 [ 67.028069][ T308] afs_alloc_call+0x55/0x630 [ 67.032660][ T308] afs_charge_preallocation+0xe9/0x2d0 [ 67.038109][ T308] afs_open_socket+0x292/0x360 [ 67.042881][ T308] afs_net_init+0xa6c/0xe30 [ 67.047376][ T308] ops_init+0xaf/0x420 [ 67.051438][ T308] setup_net+0x2de/0x860 [ 67.055671][ T308] copy_net_ns+0x293/0x590 [ 67.060082][ T308] create_new_namespaces+0x3fb/0xb30 [ 67.066063][ T308] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 67.071726][ T308] ksys_unshare+0x43d/0x8e0 [ 67.076225][ T308] __x64_sys_unshare+0x2d/0x40 [ 67.081002][ T308] do_syscall_64+0x60/0xe0 [ 67.085426][ T308] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.091309][ T308] [ 67.093638][ T308] Freed by task 308: [ 67.097534][ T308] save_stack+0x1b/0x40 [ 67.101685][ T308] __kasan_slab_free+0xf7/0x140 [ 67.106556][ T308] kfree+0x109/0x2b0 [ 67.110449][ T308] afs_put_call+0x585/0xa40 [ 67.114955][ T308] rxrpc_discard_prealloc+0x764/0xab0 [ 67.120325][ T308] rxrpc_listen+0x147/0x360 [ 67.124827][ T308] afs_close_socket+0x95/0x320 [ 67.130118][ T308] afs_net_exit+0x1bc/0x310 [ 67.134631][ T308] ops_exit_list.isra.0+0xa8/0x150 [ 67.139733][ T308] cleanup_net+0x511/0xa50 [ 67.144153][ T308] process_one_work+0x965/0x1690 [ 67.149088][ T308] worker_thread+0x96/0xe10 [ 67.153590][ T308] kthread+0x3b5/0x4a0 [ 67.157655][ T308] ret_from_fork+0x1f/0x30 [ 67.162055][ T308] [ 67.164378][ T308] The buggy address belongs to the object at ffff8880a8a92800 [ 67.164378][ T308] which belongs to the cache kmalloc-1k of size 1024 [ 67.178698][ T308] The buggy address is located 484 bytes inside of [ 67.178698][ T308] 1024-byte region [ffff8880a8a92800, ffff8880a8a92c00) [ 67.192040][ T308] The buggy address belongs to the page: [ 67.197668][ T308] page:ffffea0002a2a480 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 67.206796][ T308] flags: 0xfffe0000000200(slab) [ 67.211647][ T308] raw: 00fffe0000000200 ffffea000244cc48 ffffea0002a06fc8 ffff8880aa000c40 [ 67.220229][ T308] raw: 0000000000000000 ffff8880a8a92000 0000000100000002 0000000000000000 [ 67.228888][ T308] page dumped because: kasan: bad access detected [ 67.235297][ T308] [ 67.237623][ T308] Memory state around the buggy address: [ 67.243249][ T308] ffff8880a8a92880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.252104][ T308] ffff8880a8a92900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.260162][ T308] >ffff8880a8a92980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.268211][ T308] ^ [ 67.275401][ T308] ffff8880a8a92a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.283455][ T308] ffff8880a8a92a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.291503][ T308] ================================================================== [ 67.299551][ T308] Disabling lock debugging due to kernel taint [ 67.306113][ T308] Kernel panic - not syncing: panic_on_warn set ... [ 67.312718][ T308] CPU: 0 PID: 308 Comm: kworker/u4:4 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 67.322414][ T308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.332461][ T308] Workqueue: netns cleanup_net [ 67.337208][ T308] Call Trace: [ 67.340525][ T308] dump_stack+0x18f/0x20d [ 67.344848][ T308] ? afs_wake_up_async_call+0x690/0x770 [ 67.350380][ T308] ? afs_put_call+0xa40/0xa40 [ 67.355044][ T308] panic+0x2e3/0x75c [ 67.358932][ T308] ? __warn_printk+0xf3/0xf3 [ 67.363514][ T308] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 67.370125][ T308] ? trace_hardirqs_on+0x55/0x220 [ 67.375141][ T308] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.380676][ T308] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.386211][ T308] ? afs_put_call+0xa40/0xa40 [ 67.390881][ T308] end_report+0x4d/0x53 [ 67.395032][ T308] kasan_report.cold+0xd/0x37 [ 67.399706][ T308] ? rcu_read_lock_held_common+0x51/0xa0 [ 67.405330][ T308] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.410865][ T308] afs_wake_up_async_call+0x6aa/0x770 [ 67.416228][ T308] ? afs_close_socket+0x320/0x320 [ 67.421241][ T308] ? afs_put_call+0xa40/0xa40 [ 67.425906][ T308] rxrpc_notify_socket+0x1db/0x5d0 [ 67.431008][ T308] ? afs_put_call+0xa40/0xa40 [ 67.435674][ T308] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.442080][ T308] rxrpc_call_completed+0xca/0xf0 [ 67.447099][ T308] rxrpc_discard_prealloc+0x781/0xab0 [ 67.452636][ T308] ? lock_sock_nested+0x94/0x110 [ 67.457562][ T308] rxrpc_listen+0x147/0x360 [ 67.462073][ T308] afs_close_socket+0x95/0x320 [ 67.466826][ T308] ? afs_purge_servers+0x16d/0x300 [ 67.471926][ T308] ? afs_rx_discard_new_call+0x50/0x50 [ 67.477387][ T308] ? init_wait_var_entry+0x200/0x200 [ 67.482663][ T308] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.488287][ T308] ? check_preemption_disabled+0x38/0x220 [ 67.493994][ T308] afs_net_exit+0x1bc/0x310 [ 67.498504][ T308] ? afs_net_init+0xe30/0xe30 [ 67.503174][ T308] ops_exit_list.isra.0+0xa8/0x150 [ 67.508420][ T308] cleanup_net+0x511/0xa50 [ 67.512838][ T308] ? unregister_pernet_device+0x70/0x70 [ 67.518382][ T308] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.524359][ T308] process_one_work+0x965/0x1690 [ 67.529292][ T308] ? lock_release+0x800/0x800 [ 67.533965][ T308] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.539332][ T308] ? rwlock_bug.part.0+0x90/0x90 [ 67.544282][ T308] worker_thread+0x96/0xe10 [ 67.548781][ T308] ? process_one_work+0x1690/0x1690 [ 67.554054][ T308] kthread+0x3b5/0x4a0 [ 67.558114][ T308] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.563840][ T308] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.569555][ T308] ret_from_fork+0x1f/0x30 [ 67.575369][ T308] Kernel Offset: disabled [ 67.579691][ T308] Rebooting in 86400 seconds..