[ 55.531177][ T6728] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6728 [ 55.541601][ T6728] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 55.548000][ T6728] CPU: 1 PID: 6728 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 55.557040][ T6728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.568555][ T6728] Call Trace: [ 55.571831][ T6728] dump_stack+0x18f/0x20d [ 55.576409][ T6728] check_preemption_disabled+0x20d/0x220 [ 55.582054][ T6728] ext4_mb_new_blocks+0xa4d/0x3b70 [ 55.587673][ T6728] ? ext4_ext_search_right+0x2ca/0xb20 [ 55.593129][ T6728] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 55.598921][ T6728] ext4_ext_map_blocks+0x201b/0x33e0 [ 55.605623][ T6728] ? ext4_ext_release+0x10/0x10 [ 55.610485][ T6728] ? down_write_killable+0x170/0x170 [ 55.616287][ T6728] ? ext4_es_lookup_extent+0x41d/0xd10 [ 55.622177][ T6728] ext4_map_blocks+0x4cb/0x1640 [ 55.627881][ T6728] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 55.633055][ T6728] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 55.639636][ T6728] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 55.646316][ T6728] ? prandom_u32_state+0xe/0x170 [ 55.651250][ T6728] ? __brelse+0x84/0xa0 [ 55.655657][ T6728] ? __ext4_new_inode+0x144/0x55e0 [ 55.661921][ T6728] ext4_getblk+0xad/0x520 [ 55.666264][ T6728] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 55.673022][ T6728] ? ext4_free_inode+0x1700/0x1700 [ 55.678115][ T6728] ext4_bread+0x7c/0x380 [ 55.682354][ T6728] ? ext4_getblk+0x520/0x520 [ 55.686948][ T6728] ? dquot_get_next_dqblk+0x180/0x180 [ 55.692320][ T6728] ext4_append+0x153/0x360 [ 55.696751][ T6728] ext4_mkdir+0x5e0/0xdf0 [ 55.701071][ T6728] ? ext4_rmdir+0xde0/0xde0 [ 55.705562][ T6728] ? security_inode_permission+0xc4/0xf0 [ 55.712917][ T6728] vfs_mkdir+0x419/0x690 [ 55.717160][ T6728] do_mkdirat+0x21e/0x280 [ 55.721470][ T6728] ? __ia32_sys_mknod+0xb0/0xb0 [ 55.726735][ T6728] ? do_syscall_64+0x1c/0xe0 [ 55.731565][ T6728] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 55.737548][ T6728] do_syscall_64+0x60/0xe0 [ 55.742419][ T6728] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.748305][ T6728] RIP: 0033:0x7f28bc5c7687 [ 55.753265][ T6728] Code: Bad RIP value. [ 55.757607][ T6728] RSP: 002b:00007ffc7855e188 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 55.765998][ T6728] RAX: ffffffffffffffda RBX: 00005587c9d3f985 RCX: 00007f28bc5c7687 [ 55.774210][ T6728] RDX: 00007ffc7855e050 RSI: 00000000000001ed RDI: 00005587c9d3f985 [ 55.782599][ T6728] RBP: 00007f28bc5c7680 R08: 0000000000000100 R09: 0000000000000000 [ 55.791977][ T6728] R10: 00005587c9d3f980 R11: 0000000000000246 R12: 00000000000001ed [ 55.800391][ T6728] R13: 00007ffc7855e310 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. [ 56.924692][ T7] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:0/7 [ 56.933647][ T7] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.939811][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.8.0-rc1-syzkaller #0 [ 56.947986][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.958031][ T7] Workqueue: writeback wb_workfn (flush-8:0) [ 56.964001][ T7] Call Trace: [ 56.967275][ T7] dump_stack+0x18f/0x20d [ 56.971610][ T7] check_preemption_disabled+0x20d/0x220 [ 56.977223][ T7] ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.982922][ T7] ? ext4_find_extent+0x81a/0xad0 [ 56.990221][ T7] ? ext4_ext_search_right+0x2ca/0xb20 [ 56.995698][ T7] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 57.002114][ T7] ext4_ext_map_blocks+0x201b/0x33e0 [ 57.007839][ T7] ? ext4_ext_release+0x10/0x10 [ 57.012695][ T7] ? down_write_killable+0x170/0x170 [ 57.017974][ T7] ? ext4_es_lookup_extent+0x41d/0xd10 [ 57.023422][ T7] ext4_map_blocks+0x4cb/0x1640 [ 57.028609][ T7] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 57.033804][ T7] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.039865][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.045926][ T7] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 57.051382][ T7] ext4_writepages+0x1a7b/0x33c0 [ 57.056843][ T7] ? __ext4_mark_inode_dirty+0x940/0x940 [ 57.062460][ T7] ? __lock_acquire+0x2224/0x48b0 [ 57.067502][ T7] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.073571][ T7] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.079550][ T7] ? __ext4_mark_inode_dirty+0x940/0x940 [ 57.085605][ T7] ? do_writepages+0xfa/0x2a0 [ 57.090257][ T7] do_writepages+0xfa/0x2a0 [ 57.094742][ T7] ? page_writeback_cpu_online+0x10/0x10 [ 57.100492][ T7] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.106883][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.113447][ T7] ? lock_downgrade+0x840/0x840 [ 57.118716][ T7] __writeback_single_inode+0x12a/0x13d0 [ 57.124336][ T7] ? _raw_spin_unlock+0x24/0x40 [ 57.129174][ T7] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 57.136011][ T7] writeback_sb_inodes+0x515/0xdc0 [ 57.141117][ T7] ? __writeback_single_inode+0x13d0/0x13d0 [ 57.147481][ T7] __writeback_inodes_wb+0xc3/0x250 [ 57.152681][ T7] wb_writeback+0x8db/0xd50 [ 57.158151][ T7] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 57.165969][ T7] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 57.172829][ T7] ? cpumask_next+0x3c/0x40 [ 57.180466][ T7] ? get_nr_dirty_inodes+0xd6/0x130 [ 57.186000][ T7] wb_workfn+0xab3/0x1090 [ 57.190852][ T7] ? inode_wait_for_writeback+0x30/0x30 [ 57.196388][ T7] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.202024][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.207988][ T7] process_one_work+0x965/0x1690 [ 57.213461][ T7] ? lock_release+0x800/0x800 [ 57.220914][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.226788][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 57.231727][ T7] worker_thread+0x96/0xe10 [ 57.236424][ T7] ? process_one_work+0x1690/0x1690 [ 57.241650][ T7] kthread+0x3b5/0x4a0 [ 57.245981][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.251711][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.257543][ T7] ret_from_fork+0x1f/0x30 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.53' (ECDSA) to the list of known hosts. 2020/06/16 05:23:04 fuzzer started 2020/06/16 05:23:05 connecting to host at 10.128.0.26:44239 2020/06/16 05:23:05 checking machine... 2020/06/16 05:23:05 checking revisions... 2020/06/16 05:23:05 testing simple program... syzkaller login: [ 61.373632][ T6777] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6777 [ 61.382707][ T6777] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.388993][ T6777] CPU: 1 PID: 6777 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 61.397847][ T6777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.407898][ T6777] Call Trace: [ 61.411540][ T6777] dump_stack+0x18f/0x20d [ 61.416133][ T6777] check_preemption_disabled+0x20d/0x220 [ 61.422179][ T6777] ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.427281][ T6777] ? ext4_ext_search_right+0x2ca/0xb20 [ 61.432747][ T6777] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 61.439511][ T6777] ext4_ext_map_blocks+0x201b/0x33e0 [ 61.446836][ T6777] ? ext4_ext_release+0x10/0x10 [ 61.452909][ T6777] ? down_write_killable+0x170/0x170 [ 61.458196][ T6777] ? ext4_es_lookup_extent+0x41d/0xd10 [ 61.464093][ T6777] ext4_map_blocks+0x4cb/0x1640 [ 61.471346][ T6777] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.476530][ T6777] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.483029][ T6777] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.488991][ T6777] ? prandom_u32_state+0xe/0x170 [ 61.494171][ T6777] ? __brelse+0x84/0xa0 [ 61.498414][ T6777] ? __ext4_new_inode+0x144/0x55e0 [ 61.503527][ T6777] ext4_getblk+0xad/0x520 [ 61.508130][ T6777] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 61.513922][ T6777] ? ext4_free_inode+0x1700/0x1700 [ 61.519128][ T6777] ext4_bread+0x7c/0x380 [ 61.523471][ T6777] ? ext4_getblk+0x520/0x520 [ 61.535528][ T6777] ? dquot_get_next_dqblk+0x180/0x180 [ 61.541620][ T6777] ext4_append+0x153/0x360 [ 61.546640][ T6777] ext4_mkdir+0x5e0/0xdf0 [ 61.551127][ T6777] ? ext4_rmdir+0xde0/0xde0 [ 61.555735][ T6777] ? security_inode_permission+0xc4/0xf0 [ 61.562667][ T6777] vfs_mkdir+0x419/0x690 [ 61.566910][ T6777] do_mkdirat+0x21e/0x280 [ 61.571270][ T6777] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.576102][ T6777] ? do_syscall_64+0x1c/0xe0 [ 61.580699][ T6777] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.587920][ T6777] do_syscall_64+0x60/0xe0 [ 61.592542][ T6777] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.599573][ T6777] RIP: 0033:0x4b02a0 [ 61.603473][ T6777] Code: Bad RIP value. [ 61.607825][ T6777] RSP: 002b:000000c0000d14b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 61.616592][ T6777] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 61.624807][ T6777] RDX: 00000000000001c0 RSI: 000000c000026a00 RDI: ffffffffffffff9c [ 61.633564][ T6777] RBP: 000000c0000d1510 R08: 0000000000000000 R09: 0000000000000000 [ 61.641971][ T6777] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 61.650013][ T6777] R13: 0000000000000051 R14: 0000000000000050 R15: 0000000000000100 [ 61.669577][ T6790] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6790 [ 61.679579][ T6790] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.685523][ T6790] CPU: 1 PID: 6790 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 61.694299][ T6790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.704798][ T6790] Call Trace: [ 61.708181][ T6790] dump_stack+0x18f/0x20d [ 61.712510][ T6790] check_preemption_disabled+0x20d/0x220 [ 61.719279][ T6790] ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.724393][ T6790] ? ext4_ext_search_right+0x2ca/0xb20 [ 61.729849][ T6790] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 61.735677][ T6790] ext4_ext_map_blocks+0x201b/0x33e0 [ 61.740950][ T6790] ? ext4_ext_release+0x10/0x10 [ 61.746316][ T6790] ? down_write_killable+0x170/0x170 [ 61.751666][ T6790] ? ext4_es_lookup_extent+0x41d/0xd10 [ 61.757792][ T6790] ext4_map_blocks+0x4cb/0x1640 [ 61.762735][ T6790] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.768330][ T6790] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.774056][ T6790] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.780054][ T6790] ? prandom_u32_state+0xe/0x170 [ 61.785507][ T6790] ? __brelse+0x84/0xa0 [ 61.789668][ T6790] ? __ext4_new_inode+0x144/0x55e0 [ 61.794847][ T6790] ext4_getblk+0xad/0x520 [ 61.799592][ T6790] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 61.805468][ T6790] ? ext4_free_inode+0x1700/0x1700 [ 61.811359][ T6790] ext4_bread+0x7c/0x380 [ 61.815700][ T6790] ? ext4_getblk+0x520/0x520 [ 61.820716][ T6790] ? dquot_get_next_dqblk+0x180/0x180 [ 61.826589][ T6790] ext4_append+0x153/0x360 [ 61.830983][ T6790] ext4_mkdir+0x5e0/0xdf0 [ 61.835295][ T6790] ? ext4_rmdir+0xde0/0xde0 [ 61.839775][ T6790] ? security_inode_permission+0xc4/0xf0 [ 61.845388][ T6790] vfs_mkdir+0x419/0x690 [ 61.849608][ T6790] do_mkdirat+0x21e/0x280 [ 61.853915][ T6790] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.858742][ T6790] ? do_syscall_64+0x1c/0xe0 [ 61.863310][ T6790] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.869266][ T6790] do_syscall_64+0x60/0xe0 [ 61.873662][ T6790] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.879540][ T6790] RIP: 0033:0x45bed7 [ 61.883417][ T6790] Code: Bad RIP value. [ 61.887457][ T6790] RSP: 002b:00007ffc12d30578 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 61.895841][ T6790] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 61.903799][ T6790] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffc12d30750 [ 61.911749][ T6790] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003400 [ 61.920132][ T6790] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 61.928081][ T6790] R13: 00007ffc12d30750 R14: 8421084210842109 R15: 00007ffc12d3075c [ 62.011719][ T6791] IPVS: ftp: loaded support on port[0] = 21 [ 62.048832][ T6791] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6791 [ 62.058289][ T6791] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.064281][ T6791] CPU: 0 PID: 6791 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 62.072888][ T6791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.082943][ T6791] Call Trace: [ 62.086215][ T6791] dump_stack+0x18f/0x20d [ 62.090559][ T6791] check_preemption_disabled+0x20d/0x220 [ 62.096186][ T6791] ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.101296][ T6791] ? ext4_ext_search_right+0x2ca/0xb20 [ 62.106731][ T6791] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 62.112431][ T6791] ext4_ext_map_blocks+0x201b/0x33e0 [ 62.117705][ T6791] ? ext4_ext_release+0x10/0x10 [ 62.122560][ T6791] ? down_write_killable+0x170/0x170 [ 62.127833][ T6791] ? ext4_es_lookup_extent+0x41d/0xd10 [ 62.133279][ T6791] ext4_map_blocks+0x4cb/0x1640 [ 62.138120][ T6791] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 62.143324][ T6791] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.148850][ T6791] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.154830][ T6791] ? prandom_u32_state+0xe/0x170 [ 62.159750][ T6791] ? __brelse+0x84/0xa0 [ 62.163903][ T6791] ? __ext4_new_inode+0x144/0x55e0 [ 62.169084][ T6791] ext4_getblk+0xad/0x520 [ 62.173409][ T6791] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 62.179110][ T6791] ? ext4_free_inode+0x1700/0x1700 [ 62.184213][ T6791] ext4_bread+0x7c/0x380 [ 62.188476][ T6791] ? ext4_getblk+0x520/0x520 [ 62.193049][ T6791] ? dquot_get_next_dqblk+0x180/0x180 [ 62.198416][ T6791] ext4_append+0x153/0x360 [ 62.202814][ T6791] ext4_mkdir+0x5e0/0xdf0 [ 62.207126][ T6791] ? ext4_rmdir+0xde0/0xde0 [ 62.211624][ T6791] ? security_inode_permission+0xc4/0xf0 [ 62.217239][ T6791] vfs_mkdir+0x419/0x690 [ 62.221459][ T6791] do_mkdirat+0x21e/0x280 [ 62.225768][ T6791] ? __ia32_sys_mknod+0xb0/0xb0 [ 62.230607][ T6791] ? do_syscall_64+0x1c/0xe0 [ 62.235175][ T6791] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.241149][ T6791] do_syscall_64+0x60/0xe0 [ 62.245545][ T6791] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.251412][ T6791] RIP: 0033:0x45bed7 [ 62.255286][ T6791] Code: Bad RIP value. [ 62.259325][ T6791] RSP: 002b:00007ffc12d30468 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 62.267708][ T6791] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 62.275755][ T6791] RDX: 00007ffc12d304b3 RSI: 00000000000001ff RDI: 00007ffc12d304b0 [ 62.283702][ T6791] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 62.291648][ T6791] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185c0 [ 62.299595][ T6791] R13: 00007ffc12d304a0 R14: 0000000000000000 R15: 00007ffc12d304b0 [ 62.368875][ T6791] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6791 [ 62.378386][ T6791] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.384425][ T6791] CPU: 0 PID: 6791 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 62.393004][ T6791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.403060][ T6791] Call Trace: [ 62.406356][ T6791] dump_stack+0x18f/0x20d [ 62.410699][ T6791] check_preemption_disabled+0x20d/0x220 [ 62.416339][ T6791] ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.421472][ T6791] ? ext4_ext_search_right+0x2ca/0xb20 [ 62.426933][ T6791] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 62.432677][ T6791] ext4_ext_map_blocks+0x201b/0x33e0 [ 62.437943][ T6791] ? ext4_ext_release+0x10/0x10 [ 62.442898][ T6791] ? down_write_killable+0x170/0x170 [ 62.448171][ T6791] ? ext4_es_lookup_extent+0x41d/0xd10 [ 62.453650][ T6791] ext4_map_blocks+0x4cb/0x1640 [ 62.458493][ T6791] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 62.463684][ T6791] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.469209][ T6791] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.475168][ T6791] ? prandom_u32_state+0xe/0x170 [ 62.480096][ T6791] ? __brelse+0x84/0xa0 [ 62.484228][ T6791] ? __ext4_new_inode+0x144/0x55e0 [ 62.489329][ T6791] ext4_getblk+0xad/0x520 [ 62.493638][ T6791] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 62.499336][ T6791] ? ext4_free_inode+0x1700/0x1700 [ 62.504424][ T6791] ext4_bread+0x7c/0x380 [ 62.508662][ T6791] ? ext4_getblk+0x520/0x520 [ 62.513248][ T6791] ? dquot_get_next_dqblk+0x180/0x180 [ 62.518601][ T6791] ext4_append+0x153/0x360 [ 62.522997][ T6791] ext4_mkdir+0x5e0/0xdf0 [ 62.527306][ T6791] ? ext4_rmdir+0xde0/0xde0 [ 62.531788][ T6791] ? security_inode_permission+0xc4/0xf0 [ 62.537400][ T6791] vfs_mkdir+0x419/0x690 [ 62.541622][ T6791] do_mkdirat+0x21e/0x280 [ 62.545931][ T6791] ? __ia32_sys_mknod+0xb0/0xb0 [ 62.550758][ T6791] ? do_syscall_64+0x1c/0xe0 [ 62.555326][ T6791] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.561283][ T6791] do_syscall_64+0x60/0xe0 [ 62.565679][ T6791] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.571555][ T6791] RIP: 0033:0x45bed7 [ 62.575430][ T6791] Code: Bad RIP value. [ 62.579471][ T6791] RSP: 002b:00007ffc12d30468 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 62.587857][ T6791] RAX: ffffffffffffffda RBX: 000000000000f38f RCX: 000000000045bed7 [ 62.595804][ T6791] RDX: 00007ffc12d304b3 RSI: 00000000000001ff RDI: 00007ffc12d304b0 [ 62.603749][ T6791] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 62.611696][ T6791] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 2020/06/16 05:23:06 building call list... [ 62.619651][ T6791] R13: 00007ffc12d304a0 R14: 000000000000f382 R15: 00007ffc12d304b0 [ 62.812613][ T7] tipc: TX() has been purged, node left! [ 63.324861][ T7] ================================================================== [ 63.333109][ T7] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 63.340995][ T7] Write of size 1 at addr ffff888081ca21e4 by task kworker/u4:0/7 [ 63.348796][ T7] [ 63.351129][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.8.0-rc1-syzkaller #0 [ 63.359270][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.369329][ T7] Workqueue: netns cleanup_net [ 63.374086][ T7] Call Trace: [ 63.377378][ T7] dump_stack+0x18f/0x20d [ 63.381713][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.387341][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.392878][ T7] ? afs_put_call+0xa40/0xa40 [ 63.397555][ T7] print_address_description.constprop.0.cold+0xd3/0x413 [ 63.404578][ T7] ? vprintk_func+0x97/0x1a6 [ 63.409175][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.414723][ T7] kasan_report.cold+0x1f/0x37 [ 63.419487][ T7] ? rcu_read_lock_held_common+0x51/0xa0 [ 63.425112][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.430657][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 63.436021][ T7] ? afs_close_socket+0x320/0x320 [ 63.441044][ T7] ? afs_put_call+0xa40/0xa40 [ 63.445726][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 63.450836][ T7] ? afs_put_call+0xa40/0xa40 [ 63.455512][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 63.461926][ T7] rxrpc_call_completed+0xca/0xf0 [ 63.466954][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 63.472327][ T7] ? lock_sock_nested+0x94/0x110 [ 63.477265][ T7] rxrpc_listen+0x147/0x360 [ 63.481766][ T7] afs_close_socket+0x95/0x320 [ 63.486702][ T7] ? afs_purge_servers+0x16d/0x300 [ 63.491812][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 63.497277][ T7] ? init_wait_var_entry+0x200/0x200 [ 63.502571][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 63.508199][ T7] ? check_preemption_disabled+0x38/0x220 [ 63.513914][ T7] afs_net_exit+0x1bc/0x310 [ 63.518415][ T7] ? afs_net_init+0xe30/0xe30 [ 63.523086][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 63.528197][ T7] cleanup_net+0x511/0xa50 [ 63.532616][ T7] ? unregister_pernet_device+0x70/0x70 [ 63.538161][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.544146][ T7] process_one_work+0x965/0x1690 [ 63.549093][ T7] ? lock_release+0x800/0x800 [ 63.553765][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.559154][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 63.564099][ T7] worker_thread+0x96/0xe10 [ 63.568612][ T7] ? process_one_work+0x1690/0x1690 [ 63.573810][ T7] kthread+0x3b5/0x4a0 [ 63.577877][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.583591][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.589313][ T7] ret_from_fork+0x1f/0x30 [ 63.593734][ T7] [ 63.596056][ T7] Allocated by task 6791: [ 63.600382][ T7] save_stack+0x1b/0x40 [ 63.604534][ T7] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 63.610158][ T7] kmem_cache_alloc_trace+0x153/0x7d0 [ 63.615522][ T7] afs_alloc_call+0x55/0x630 [ 63.620103][ T7] afs_charge_preallocation+0xe9/0x2d0 [ 63.625648][ T7] afs_open_socket+0x292/0x360 [ 63.630400][ T7] afs_net_init+0xa6c/0xe30 [ 63.634894][ T7] ops_init+0xaf/0x420 [ 63.638952][ T7] setup_net+0x2de/0x860 [ 63.643191][ T7] copy_net_ns+0x293/0x590 [ 63.650119][ T7] create_new_namespaces+0x3fb/0xb30 [ 63.656093][ T7] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 63.661718][ T7] ksys_unshare+0x43d/0x8e0 [ 63.666215][ T7] __x64_sys_unshare+0x2d/0x40 [ 63.670977][ T7] do_syscall_64+0x60/0xe0 [ 63.676517][ T7] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.682393][ T7] [ 63.684711][ T7] Freed by task 7: [ 63.688426][ T7] save_stack+0x1b/0x40 [ 63.692573][ T7] __kasan_slab_free+0xf7/0x140 [ 63.697413][ T7] kfree+0x109/0x2b0 [ 63.701302][ T7] afs_put_call+0x585/0xa40 [ 63.705799][ T7] rxrpc_discard_prealloc+0x764/0xab0 [ 63.711164][ T7] rxrpc_listen+0x147/0x360 [ 63.715658][ T7] afs_close_socket+0x95/0x320 [ 63.720412][ T7] afs_net_exit+0x1bc/0x310 [ 63.724906][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 63.730008][ T7] cleanup_net+0x511/0xa50 [ 63.734419][ T7] process_one_work+0x965/0x1690 [ 63.739351][ T7] worker_thread+0x96/0xe10 [ 63.743847][ T7] kthread+0x3b5/0x4a0 [ 63.747922][ T7] ret_from_fork+0x1f/0x30 [ 63.752321][ T7] [ 63.754643][ T7] The buggy address belongs to the object at ffff888081ca2000 [ 63.754643][ T7] which belongs to the cache kmalloc-1k of size 1024 [ 63.768696][ T7] The buggy address is located 484 bytes inside of [ 63.768696][ T7] 1024-byte region [ffff888081ca2000, ffff888081ca2400) [ 63.782132][ T7] The buggy address belongs to the page: [ 63.787766][ T7] page:ffffea0002072880 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 63.796863][ T7] flags: 0xfffe0000000200(slab) [ 63.801714][ T7] raw: 00fffe0000000200 ffffea0002072808 ffffea00020728c8 ffff8880aa000c40 [ 63.810297][ T7] raw: 0000000000000000 ffff888081ca2000 0000000100000002 0000000000000000 [ 63.818866][ T7] page dumped because: kasan: bad access detected [ 63.825262][ T7] [ 63.827579][ T7] Memory state around the buggy address: [ 63.833202][ T7] ffff888081ca2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.841256][ T7] ffff888081ca2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.849311][ T7] >ffff888081ca2180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.857359][ T7] ^ [ 63.864546][ T7] ffff888081ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.872599][ T7] ffff888081ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.880645][ T7] ================================================================== [ 63.888692][ T7] Disabling lock debugging due to kernel taint [ 63.894890][ T7] Kernel panic - not syncing: panic_on_warn set ... [ 63.901468][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 63.910996][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.921057][ T7] Workqueue: netns cleanup_net [ 63.925811][ T7] Call Trace: [ 63.929106][ T7] dump_stack+0x18f/0x20d [ 63.933452][ T7] ? afs_wake_up_async_call+0x670/0x770 [ 63.938990][ T7] ? afs_put_call+0xa40/0xa40 [ 63.943658][ T7] panic+0x2e3/0x75c [ 63.947566][ T7] ? __warn_printk+0xf3/0xf3 [ 63.952156][ T7] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 63.958303][ T7] ? trace_hardirqs_on+0x55/0x220 [ 63.963323][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.968861][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.974400][ T7] ? afs_put_call+0xa40/0xa40 [ 63.979070][ T7] end_report+0x4d/0x53 [ 63.983219][ T7] kasan_report.cold+0xd/0x37 [ 63.987887][ T7] ? rcu_read_lock_held_common+0x51/0xa0 [ 63.993507][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.999048][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 64.004431][ T7] ? afs_close_socket+0x320/0x320 [ 64.009442][ T7] ? afs_put_call+0xa40/0xa40 [ 64.014112][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 64.019216][ T7] ? afs_put_call+0xa40/0xa40 [ 64.023881][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 64.031677][ T7] rxrpc_call_completed+0xca/0xf0 [ 64.036696][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 64.042060][ T7] ? lock_sock_nested+0x94/0x110 [ 64.046986][ T7] rxrpc_listen+0x147/0x360 [ 64.051481][ T7] afs_close_socket+0x95/0x320 [ 64.056234][ T7] ? afs_purge_servers+0x16d/0x300 [ 64.061336][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 64.066787][ T7] ? init_wait_var_entry+0x200/0x200 [ 64.072063][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 64.077684][ T7] ? check_preemption_disabled+0x38/0x220 [ 64.083390][ T7] afs_net_exit+0x1bc/0x310 [ 64.087890][ T7] ? afs_net_init+0xe30/0xe30 [ 64.092556][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 64.097661][ T7] cleanup_net+0x511/0xa50 [ 64.102070][ T7] ? unregister_pernet_device+0x70/0x70 [ 64.107616][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.113591][ T7] process_one_work+0x965/0x1690 [ 64.118531][ T7] ? lock_release+0x800/0x800 [ 64.123199][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 64.128560][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 64.133489][ T7] worker_thread+0x96/0xe10 [ 64.137985][ T7] ? process_one_work+0x1690/0x1690 [ 64.143170][ T7] kthread+0x3b5/0x4a0 [ 64.147229][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.152935][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.158644][ T7] ret_from_fork+0x1f/0x30 [ 64.164361][ T7] Kernel Offset: disabled [ 64.168688][ T7] Rebooting in 86400 seconds..