[ 57.706417][ T44] ext4_map_blocks+0x4cb/0x1640 [ 57.711284][ T44] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 57.716493][ T44] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.722052][ T44] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.728039][ T44] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 57.733805][ T44] ext4_writepages+0x1a7b/0x33c0 [ 57.733854][ T44] ? __ext4_mark_inode_dirty+0x940/0x940 [ 57.745082][ T44] ? __lock_acquire+0x2224/0x48b0 [ 57.750121][ T44] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.756102][ T44] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.762084][ T44] ? __ext4_mark_inode_dirty+0x940/0x940 [ 57.767720][ T44] ? do_writepages+0xfa/0x2a0 [ 57.773186][ T44] do_writepages+0xfa/0x2a0 Starting Load/Sa[ 57.777761][ T44] ? page_writeback_cpu_online+0x10/0x10 [ 57.784769][ T44] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.790330][ T44] ? rcu_read_lock_any_held.part.0+0x50/0x50 ve RF Kill Switc[ 57.796331][ T44] ? lock_downgrade+0x840/0x840 [ 57.802576][ T44] __writeback_single_inode+0x12a/0x13d0 h Status... [ 57.808213][ T44] ? _raw_spin_unlock+0x24/0x40 [ 57.814174][ T44] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 57.820158][ T44] writeback_sb_inodes+0x515/0xdc0 [ 57.825306][ T44] ? __writeback_single_inode+0x13d0/0x13d0 [ 57.831228][ T44] __writeback_inodes_wb+0xc3/0x250 [ 57.836444][ T44] wb_writeback+0x8db/0xd50 [ 57.841015][ T44] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 57.847363][ T44] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 57.853246][ T44] ? cpumask_next+0x3c/0x40 [ 57.857728][ T44] ? get_nr_dirty_inodes+0xd6/0x130 [ 57.862929][ T44] wb_workfn+0xab3/0x1090 [ 57.867275][ T44] ? inode_wait_for_writeback+0x30/0x30 [ 57.872847][ T44] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.878402][ T44] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.884395][ T44] process_one_work+0x965/0x1690 [ 57.889345][ T44] ? lock_release+0x800/0x800 [ 57.894026][ T44] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.899409][ T44] ? rwlock_bug.part.0+0x90/0x90 [ 57.904395][ T44] worker_thread+0x96/0xe10 [ 57.908926][ T44] ? process_one_work+0x1690/0x1690 [ 57.914135][ T44] kthread+0x3b5/0x4a0 [ 57.918307][ T44] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.924120][ T44] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.929025][ T6730] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6730 [ 57.930100][ T44] ret_from_fork+0x1f/0x30 [ 57.944270][ T6730] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.950248][ T6730] CPU: 1 PID: 6730 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 57.958841][ T6730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.969138][ T6730] Call Trace: [ 57.972426][ T6730] dump_stack+0x18f/0x20d [ 57.977361][ T6730] check_preemption_disabled+0x20d/0x220 [ 57.982990][ T6730] ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.988184][ T6730] ? ext4_ext_search_right+0x2ca/0xb20 [ 57.993646][ T6730] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 57.999354][ T6730] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.004627][ T6730] ? ext4_ext_release+0x10/0x10 [ 58.009731][ T6730] ? down_write_killable+0x170/0x170 [ 58.014992][ T6730] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.020433][ T6730] ext4_map_blocks+0x4cb/0x1640 [ 58.025264][ T6730] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.030543][ T6730] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.036092][ T6730] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.042063][ T6730] ? prandom_u32_state+0xe/0x170 [ 58.046998][ T6730] ? __brelse+0x84/0xa0 [ 58.052368][ T6730] ? __ext4_new_inode+0x144/0x55e0 [ 58.057460][ T6730] ext4_getblk+0xad/0x520 [ 58.061770][ T6730] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.067488][ T6730] ? ext4_free_inode+0x1700/0x1700 [ 58.072578][ T6730] ext4_bread+0x7c/0x380 [ 58.076797][ T6730] ? ext4_getblk+0x520/0x520 [ 58.081451][ T6730] ? dquot_get_next_dqblk+0x180/0x180 [ 58.086809][ T6730] ext4_append+0x153/0x360 [ 58.091203][ T6730] ext4_mkdir+0x5e0/0xdf0 [ 58.095600][ T6730] ? ext4_rmdir+0xde0/0xde0 [ 58.100102][ T6730] ? security_inode_permission+0xc4/0xf0 [ 58.105714][ T6730] vfs_mkdir+0x419/0x690 [ 58.109937][ T6730] do_mkdirat+0x21e/0x280 [ 58.114605][ T6730] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.119443][ T6730] ? do_syscall_64+0x1c/0xe0 [ 58.124008][ T6730] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.129978][ T6730] do_syscall_64+0x60/0xe0 [ 58.134465][ T6730] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.140867][ T6730] RIP: 0033:0x7f9f58892687 [ 58.145272][ T6730] Code: Bad RIP value. [ 58.149333][ T6730] RSP: 002b:00007ffc185689d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 58.157752][ T6730] RAX: ffffffffffffffda RBX: 000055d444f01985 RCX: 00007f9f58892687 [ 58.165847][ T6730] RDX: 00007ffc185688a0 RSI: 00000000000001ed RDI: 000055d444f01985 [ 58.173849][ T6730] RBP: 00007f9f58892680 R08: 0000000000000100 R09: 0000000000000000 [ 58.173860][ T6730] R10: 000055d444f01980 R11: 0000000000000246 R12: 00000000000001ed [ 58.173870][ T6730] R13: 00007ffc18568b60 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.15.199' (ECDSA) to the list of known hosts. 2020/06/15 21:45:20 fuzzer started 2020/06/15 21:45:20 connecting to host at 10.128.0.26:37937 2020/06/15 21:45:20 checking machine... 2020/06/15 21:45:20 checking revisions... 2020/06/15 21:45:20 testing simple program... syzkaller login: [ 63.705576][ T6803] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6803 [ 63.714790][ T6803] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.720753][ T6803] CPU: 0 PID: 6803 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 63.728998][ T6803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.739068][ T6803] Call Trace: [ 63.742448][ T6803] dump_stack+0x18f/0x20d [ 63.746774][ T6803] check_preemption_disabled+0x20d/0x220 [ 63.752483][ T6803] ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.762014][ T6803] ? ext4_ext_search_right+0x2ca/0xb20 [ 63.767450][ T6803] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 63.773151][ T6803] ext4_ext_map_blocks+0x201b/0x33e0 [ 63.778439][ T6803] ? ext4_ext_release+0x10/0x10 [ 63.783281][ T6803] ? down_write_killable+0x170/0x170 [ 63.788545][ T6803] ? ext4_es_lookup_extent+0x41d/0xd10 [ 63.794003][ T6803] ext4_map_blocks+0x4cb/0x1640 [ 63.798838][ T6803] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 63.804012][ T6803] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.809575][ T6803] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.815539][ T6803] ? prandom_u32_state+0xe/0x170 [ 63.820461][ T6803] ? __brelse+0x84/0xa0 [ 63.824602][ T6803] ? __ext4_new_inode+0x144/0x55e0 [ 63.829710][ T6803] ext4_getblk+0xad/0x520 [ 63.834030][ T6803] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 63.839751][ T6803] ? ext4_free_inode+0x1700/0x1700 [ 63.844885][ T6803] ext4_bread+0x7c/0x380 [ 63.849122][ T6803] ? ext4_getblk+0x520/0x520 [ 63.853710][ T6803] ? dquot_get_next_dqblk+0x180/0x180 [ 63.859154][ T6803] ext4_append+0x153/0x360 [ 63.863552][ T6803] ext4_mkdir+0x5e0/0xdf0 [ 63.867896][ T6803] ? ext4_rmdir+0xde0/0xde0 [ 63.872403][ T6803] ? security_inode_permission+0xc4/0xf0 [ 63.878031][ T6803] vfs_mkdir+0x419/0x690 [ 63.882271][ T6803] do_mkdirat+0x21e/0x280 [ 63.886620][ T6803] ? __ia32_sys_mknod+0xb0/0xb0 [ 63.891472][ T6803] ? do_syscall_64+0x1c/0xe0 [ 63.896047][ T6803] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.902013][ T6803] do_syscall_64+0x60/0xe0 [ 63.906488][ T6803] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.912385][ T6803] RIP: 0033:0x4b02a0 [ 63.916257][ T6803] Code: Bad RIP value. [ 63.920309][ T6803] RSP: 002b:000000c0000d94b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 63.928708][ T6803] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 63.936657][ T6803] RDX: 00000000000001c0 RSI: 000000c00009ee20 RDI: ffffffffffffff9c [ 63.944788][ T6803] RBP: 000000c0000d9510 R08: 0000000000000000 R09: 0000000000000000 [ 63.952754][ T6803] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 63.960810][ T6803] R13: 0000000000000072 R14: 0000000000000071 R15: 0000000000000100 [ 63.987185][ T6812] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6812 [ 63.996832][ T6812] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.002847][ T6812] CPU: 1 PID: 6812 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.011439][ T6812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.021494][ T6812] Call Trace: [ 64.024865][ T6812] dump_stack+0x18f/0x20d [ 64.029195][ T6812] check_preemption_disabled+0x20d/0x220 [ 64.034815][ T6812] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.039938][ T6812] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.045381][ T6812] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.051149][ T6812] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.056437][ T6812] ? ext4_ext_release+0x10/0x10 [ 64.061815][ T6812] ? down_write_killable+0x170/0x170 [ 64.067084][ T6812] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.072535][ T6812] ext4_map_blocks+0x4cb/0x1640 [ 64.077371][ T6812] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.082549][ T6812] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.088075][ T6812] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.094040][ T6812] ? prandom_u32_state+0xe/0x170 [ 64.098972][ T6812] ? __brelse+0x84/0xa0 [ 64.103106][ T6812] ? __ext4_new_inode+0x144/0x55e0 [ 64.108198][ T6812] ext4_getblk+0xad/0x520 [ 64.112506][ T6812] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.118212][ T6812] ? ext4_free_inode+0x1700/0x1700 [ 64.123301][ T6812] ext4_bread+0x7c/0x380 [ 64.127521][ T6812] ? ext4_getblk+0x520/0x520 [ 64.132097][ T6812] ? dquot_get_next_dqblk+0x180/0x180 [ 64.137450][ T6812] ext4_append+0x153/0x360 [ 64.141844][ T6812] ext4_mkdir+0x5e0/0xdf0 [ 64.146157][ T6812] ? ext4_rmdir+0xde0/0xde0 [ 64.150640][ T6812] ? security_inode_permission+0xc4/0xf0 [ 64.156270][ T6812] vfs_mkdir+0x419/0x690 [ 64.160510][ T6812] do_mkdirat+0x21e/0x280 [ 64.164815][ T6812] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.169653][ T6812] ? do_syscall_64+0x1c/0xe0 [ 64.174330][ T6812] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.180287][ T6812] do_syscall_64+0x60/0xe0 [ 64.184680][ T6812] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.190605][ T6812] RIP: 0033:0x45bed7 [ 64.194514][ T6812] Code: Bad RIP value. [ 64.198571][ T6812] RSP: 002b:00007fffd7cf7ac8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 64.206988][ T6812] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 64.214943][ T6812] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007fffd7cf7ca0 [ 64.222906][ T6812] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003a80 [ 64.230855][ T6812] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 64.238810][ T6812] R13: 00007fffd7cf7ca0 R14: 8421084210842109 R15: 00007fffd7cf7cac [ 64.325024][ T6813] IPVS: ftp: loaded support on port[0] = 21 [ 64.364245][ T6813] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6813 [ 64.373711][ T6813] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.379817][ T6813] CPU: 0 PID: 6813 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.388401][ T6813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.399319][ T6813] Call Trace: [ 64.402607][ T6813] dump_stack+0x18f/0x20d [ 64.406944][ T6813] check_preemption_disabled+0x20d/0x220 [ 64.412573][ T6813] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.417681][ T6813] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.423136][ T6813] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.428862][ T6813] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.434140][ T6813] ? ext4_ext_release+0x10/0x10 [ 64.438983][ T6813] ? down_write_killable+0x170/0x170 [ 64.444257][ T6813] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.449701][ T6813] ext4_map_blocks+0x4cb/0x1640 [ 64.454535][ T6813] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.459722][ T6813] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.465244][ T6813] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.471287][ T6813] ? prandom_u32_state+0xe/0x170 [ 64.476202][ T6813] ? __brelse+0x84/0xa0 [ 64.480335][ T6813] ? __ext4_new_inode+0x144/0x55e0 [ 64.485439][ T6813] ext4_getblk+0xad/0x520 [ 64.489749][ T6813] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.495457][ T6813] ? ext4_free_inode+0x1700/0x1700 [ 64.500567][ T6813] ext4_bread+0x7c/0x380 [ 64.504786][ T6813] ? ext4_getblk+0x520/0x520 [ 64.509354][ T6813] ? dquot_get_next_dqblk+0x180/0x180 [ 64.514724][ T6813] ext4_append+0x153/0x360 [ 64.519130][ T6813] ext4_mkdir+0x5e0/0xdf0 [ 64.523451][ T6813] ? ext4_rmdir+0xde0/0xde0 [ 64.527945][ T6813] ? security_inode_permission+0xc4/0xf0 [ 64.533558][ T6813] vfs_mkdir+0x419/0x690 [ 64.537792][ T6813] do_mkdirat+0x21e/0x280 [ 64.542124][ T6813] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.547058][ T6813] ? do_syscall_64+0x1c/0xe0 [ 64.551760][ T6813] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.557724][ T6813] do_syscall_64+0x60/0xe0 [ 64.562126][ T6813] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.567998][ T6813] RIP: 0033:0x45bed7 [ 64.571870][ T6813] Code: Bad RIP value. [ 64.575921][ T6813] RSP: 002b:00007fffd7cf79b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 64.584317][ T6813] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 64.592269][ T6813] RDX: 00007fffd7cf7a03 RSI: 00000000000001ff RDI: 00007fffd7cf7a00 [ 64.600226][ T6813] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 64.608196][ T6813] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0 [ 64.616152][ T6813] R13: 00007fffd7cf79f0 R14: 0000000000000000 R15: 00007fffd7cf7a00 [ 64.672364][ T6813] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6813 [ 64.681977][ T6813] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.687977][ T6813] CPU: 0 PID: 6813 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.696564][ T6813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.706617][ T6813] Call Trace: [ 64.709914][ T6813] dump_stack+0x18f/0x20d [ 64.714290][ T6813] check_preemption_disabled+0x20d/0x220 [ 64.719926][ T6813] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.725269][ T6813] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.730736][ T6813] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.736468][ T6813] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.741765][ T6813] ? ext4_ext_release+0x10/0x10 [ 64.746634][ T6813] ? down_write_killable+0x170/0x170 [ 64.751914][ T6813] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.757368][ T6813] ext4_map_blocks+0x4cb/0x1640 [ 64.762225][ T6813] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.767426][ T6813] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.772964][ T6813] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.778921][ T6813] ? prandom_u32_state+0xe/0x170 [ 64.783846][ T6813] ? __brelse+0x84/0xa0 [ 64.787980][ T6813] ? __ext4_new_inode+0x144/0x55e0 [ 64.793067][ T6813] ext4_getblk+0xad/0x520 [ 64.797386][ T6813] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.803107][ T6813] ? ext4_free_inode+0x1700/0x1700 [ 64.808198][ T6813] ext4_bread+0x7c/0x380 [ 64.812950][ T6813] ? ext4_getblk+0x520/0x520 [ 64.817526][ T6813] ? dquot_get_next_dqblk+0x180/0x180 [ 64.822889][ T6813] ext4_append+0x153/0x360 [ 64.827300][ T6813] ext4_mkdir+0x5e0/0xdf0 [ 64.831710][ T6813] ? ext4_rmdir+0xde0/0xde0 [ 64.836192][ T6813] ? security_inode_permission+0xc4/0xf0 [ 64.841803][ T6813] vfs_mkdir+0x419/0x690 [ 64.846089][ T6813] do_mkdirat+0x21e/0x280 [ 64.850431][ T6813] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.855278][ T6813] ? do_syscall_64+0x1c/0xe0 [ 64.859875][ T6813] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.865840][ T6813] do_syscall_64+0x60/0xe0 [ 64.870249][ T6813] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.876121][ T6813] RIP: 0033:0x45bed7 [ 64.879997][ T6813] Code: Bad RIP value. [ 64.884040][ T6813] RSP: 002b:00007fffd7cf79b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 64.892432][ T6813] RAX: ffffffffffffffda RBX: 000000000000fc93 RCX: 000000000045bed7 [ 64.900392][ T6813] RDX: 00007fffd7cf7a03 RSI: 00000000000001ff RDI: 00007fffd7cf7a00 [ 64.908360][ T6813] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/15 21:45:21 building call list... [ 64.916314][ T6813] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 64.924277][ T6813] R13: 00007fffd7cf79f0 R14: 000000000000fc8e R15: 00007fffd7cf7a00 [ 65.198884][ T4250] tipc: TX() has been purged, node left! [ 65.690542][ T4250] ================================================================== [ 65.699767][ T4250] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 65.707938][ T4250] Write of size 1 at addr ffff888093d9a9e4 by task kworker/u4:5/4250 [ 65.715992][ T4250] [ 65.718328][ T4250] CPU: 1 PID: 4250 Comm: kworker/u4:5 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.726827][ T4250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.738738][ T4250] Workqueue: netns cleanup_net [ 65.743677][ T4250] Call Trace: [ 65.747067][ T4250] dump_stack+0x18f/0x20d [ 65.751947][ T4250] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.758018][ T4250] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.763557][ T4250] ? afs_put_call+0xa40/0xa40 [ 65.768234][ T4250] print_address_description.constprop.0.cold+0xd3/0x413 [ 65.776144][ T4250] ? vprintk_func+0x97/0x1a6 [ 65.780740][ T4250] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.786309][ T4250] kasan_report.cold+0x1f/0x37 [ 65.791084][ T4250] ? rcu_read_lock_held_common+0x51/0xa0 [ 65.796721][ T4250] ? afs_wake_up_async_call+0x6aa/0x770 [ 65.804873][ T4250] afs_wake_up_async_call+0x6aa/0x770 [ 65.810242][ T4250] ? afs_close_socket+0x320/0x320 [ 65.815267][ T4250] ? afs_put_call+0xa40/0xa40 [ 65.820030][ T4250] rxrpc_notify_socket+0x1db/0x5d0 [ 65.826015][ T4250] ? afs_put_call+0xa40/0xa40 [ 65.830793][ T4250] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 65.837208][ T4250] rxrpc_call_completed+0xca/0xf0 [ 65.842333][ T4250] rxrpc_discard_prealloc+0x781/0xab0 [ 65.847707][ T4250] ? lock_sock_nested+0x94/0x110 [ 65.852656][ T4250] rxrpc_listen+0x147/0x360 [ 65.857167][ T4250] afs_close_socket+0x95/0x320 [ 65.861925][ T4250] ? afs_purge_servers+0x16d/0x300 [ 65.867041][ T4250] ? afs_rx_discard_new_call+0x50/0x50 [ 65.872604][ T4250] ? init_wait_var_entry+0x200/0x200 [ 65.878363][ T4250] ? rcu_read_lock_held_common+0xa0/0xa0 [ 65.884282][ T4250] ? check_preemption_disabled+0x38/0x220 [ 65.891348][ T4250] afs_net_exit+0x1bc/0x310 [ 65.895939][ T4250] ? afs_net_init+0xe30/0xe30 [ 65.902824][ T4250] ops_exit_list.isra.0+0xa8/0x150 [ 65.908116][ T4250] cleanup_net+0x511/0xa50 [ 65.914289][ T4250] ? unregister_pernet_device+0x70/0x70 [ 65.920012][ T4250] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.926097][ T4250] process_one_work+0x965/0x1690 [ 65.931502][ T4250] ? lock_release+0x800/0x800 [ 65.941686][ T4250] ? pwq_dec_nr_in_flight+0x310/0x310 [ 65.947513][ T4250] ? rwlock_bug.part.0+0x90/0x90 [ 65.953699][ T4250] worker_thread+0x96/0xe10 [ 65.958236][ T4250] ? process_one_work+0x1690/0x1690 [ 65.964076][ T4250] kthread+0x3b5/0x4a0 [ 65.968333][ T4250] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 65.974807][ T4250] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 65.981039][ T4250] ret_from_fork+0x1f/0x30 [ 65.985467][ T4250] [ 65.989193][ T4250] Allocated by task 6813: [ 65.993871][ T4250] save_stack+0x1b/0x40 [ 65.999361][ T4250] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 66.005362][ T4250] kmem_cache_alloc_trace+0x153/0x7d0 [ 66.011134][ T4250] afs_alloc_call+0x55/0x630 [ 66.016627][ T4250] afs_charge_preallocation+0xe9/0x2d0 [ 66.022400][ T4250] afs_open_socket+0x292/0x360 [ 66.035809][ T4250] afs_net_init+0xa6c/0xe30 [ 66.043790][ T4250] ops_init+0xaf/0x420 [ 66.052460][ T4250] setup_net+0x2de/0x860 [ 66.057674][ T4250] copy_net_ns+0x293/0x590 [ 66.062368][ T4250] create_new_namespaces+0x3fb/0xb30 [ 66.068175][ T4250] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 66.074209][ T4250] ksys_unshare+0x43d/0x8e0 [ 66.084791][ T4250] __x64_sys_unshare+0x2d/0x40 [ 66.090325][ T4250] do_syscall_64+0x60/0xe0 [ 66.095367][ T4250] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.101244][ T4250] [ 66.103582][ T4250] Freed by task 4250: [ 66.107560][ T4250] save_stack+0x1b/0x40 [ 66.111709][ T4250] __kasan_slab_free+0xf7/0x140 [ 66.116565][ T4250] kfree+0x109/0x2b0 [ 66.120458][ T4250] afs_put_call+0x585/0xa40 [ 66.124957][ T4250] rxrpc_discard_prealloc+0x764/0xab0 [ 66.130331][ T4250] rxrpc_listen+0x147/0x360 [ 66.134828][ T4250] afs_close_socket+0x95/0x320 [ 66.139588][ T4250] afs_net_exit+0x1bc/0x310 [ 66.144083][ T4250] ops_exit_list.isra.0+0xa8/0x150 [ 66.149187][ T4250] cleanup_net+0x511/0xa50 [ 66.153695][ T4250] process_one_work+0x965/0x1690 [ 66.158627][ T4250] worker_thread+0x96/0xe10 [ 66.163124][ T4250] kthread+0x3b5/0x4a0 [ 66.167886][ T4250] ret_from_fork+0x1f/0x30 [ 66.172316][ T4250] [ 66.174699][ T4250] The buggy address belongs to the object at ffff888093d9a800 [ 66.174699][ T4250] which belongs to the cache kmalloc-1k of size 1024 [ 66.190066][ T4250] The buggy address is located 484 bytes inside of [ 66.190066][ T4250] 1024-byte region [ffff888093d9a800, ffff888093d9ac00) [ 66.204576][ T4250] The buggy address belongs to the page: [ 66.210393][ T4250] page:ffffea00024f6680 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 66.228049][ T4250] flags: 0xfffe0000000200(slab) [ 66.233076][ T4250] raw: 00fffe0000000200 ffffea00029c3cc8 ffffea0002a29c88 ffff8880aa000c40 [ 66.245195][ T4250] raw: 0000000000000000 ffff888093d9a000 0000000100000002 0000000000000000 [ 66.254549][ T4250] page dumped because: kasan: bad access detected [ 66.260948][ T4250] [ 66.263267][ T4250] Memory state around the buggy address: [ 66.269342][ T4250] ffff888093d9a880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.277399][ T4250] ffff888093d9a900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.285975][ T4250] >ffff888093d9a980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.294023][ T4250] ^ [ 66.301211][ T4250] ffff888093d9aa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.309271][ T4250] ffff888093d9aa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.317320][ T4250] ================================================================== [ 66.325374][ T4250] Disabling lock debugging due to kernel taint [ 66.331570][ T4250] Kernel panic - not syncing: panic_on_warn set ... [ 66.338152][ T4250] CPU: 1 PID: 4250 Comm: kworker/u4:5 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 66.347948][ T4250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.358012][ T4250] Workqueue: netns cleanup_net [ 66.362774][ T4250] Call Trace: [ 66.366064][ T4250] dump_stack+0x18f/0x20d [ 66.370416][ T4250] ? afs_wake_up_async_call+0x670/0x770 [ 66.375949][ T4250] ? afs_put_call+0xa40/0xa40 [ 66.380624][ T4250] panic+0x2e3/0x75c [ 66.384512][ T4250] ? __warn_printk+0xf3/0xf3 [ 66.389105][ T4250] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 66.395255][ T4250] ? trace_hardirqs_on+0x55/0x220 [ 66.400279][ T4250] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.405815][ T4250] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.411350][ T4250] ? afs_put_call+0xa40/0xa40 [ 66.416195][ T4250] end_report+0x4d/0x53 [ 66.420340][ T4250] kasan_report.cold+0xd/0x37 [ 66.425007][ T4250] ? rcu_read_lock_held_common+0x51/0xa0 [ 66.430632][ T4250] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.436696][ T4250] afs_wake_up_async_call+0x6aa/0x770 [ 66.442055][ T4250] ? afs_close_socket+0x320/0x320 [ 66.447066][ T4250] ? afs_put_call+0xa40/0xa40 [ 66.451733][ T4250] rxrpc_notify_socket+0x1db/0x5d0 [ 66.456834][ T4250] ? afs_put_call+0xa40/0xa40 [ 66.461507][ T4250] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 66.467912][ T4250] rxrpc_call_completed+0xca/0xf0 [ 66.472933][ T4250] rxrpc_discard_prealloc+0x781/0xab0 [ 66.478313][ T4250] ? lock_sock_nested+0x94/0x110 [ 66.483278][ T4250] rxrpc_listen+0x147/0x360 [ 66.487778][ T4250] afs_close_socket+0x95/0x320 [ 66.492534][ T4250] ? afs_purge_servers+0x16d/0x300 [ 66.497641][ T4250] ? afs_rx_discard_new_call+0x50/0x50 [ 66.503109][ T4250] ? init_wait_var_entry+0x200/0x200 [ 66.508402][ T4250] ? rcu_read_lock_held_common+0xa0/0xa0 [ 66.514040][ T4250] ? check_preemption_disabled+0x38/0x220 [ 66.519753][ T4250] afs_net_exit+0x1bc/0x310 [ 66.524254][ T4250] ? afs_net_init+0xe30/0xe30 [ 66.528923][ T4250] ops_exit_list.isra.0+0xa8/0x150 [ 66.534022][ T4250] cleanup_net+0x511/0xa50 [ 66.538431][ T4250] ? unregister_pernet_device+0x70/0x70 [ 66.543969][ T4250] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.549947][ T4250] process_one_work+0x965/0x1690 [ 66.554881][ T4250] ? lock_release+0x800/0x800 [ 66.559550][ T4250] ? pwq_dec_nr_in_flight+0x310/0x310 [ 66.564912][ T4250] ? rwlock_bug.part.0+0x90/0x90 [ 66.569850][ T4250] worker_thread+0x96/0xe10 [ 66.574356][ T4250] ? process_one_work+0x1690/0x1690 [ 66.579539][ T4250] kthread+0x3b5/0x4a0 [ 66.583726][ T4250] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.589499][ T4250] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.595227][ T4250] ret_from_fork+0x1f/0x30 [ 66.600883][ T4250] Kernel Offset: disabled [ 66.605201][ T4250] Rebooting in 86400 seconds..