[ 58.511968][ T477] check_preemption_disabled+0x20d/0x220 [ 58.517753][ T477] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.522914][ T477] ? ext4_find_extent+0x81a/0xad0 [ 58.528336][ T477] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.534529][ T477] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.540807][ T477] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.546134][ T477] ? ext4_ext_release+0x10/0x10 [ 58.551316][ T477] ? down_write_killable+0x170/0x170 [ 58.556753][ T477] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.562348][ T477] ext4_map_blocks+0x4cb/0x1640 [ 58.567336][ T477] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.572658][ T477] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.580584][ T477] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.587118][ T477] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 58.592680][ T477] ext4_writepages+0x1a7b/0x33c0 [ 58.597965][ T477] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.603795][ T477] ? __lock_acquire+0x2224/0x48b0 [ 58.608866][ T477] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.615327][ T477] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.621427][ T477] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.627281][ T477] ? do_writepages+0xfa/0x2a0 [ 58.632307][ T477] do_writepages+0xfa/0x2a0 [ 58.636939][ T477] ? page_writeback_cpu_online+0x10/0x10 [ 58.642989][ T477] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.648561][ T477] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.654723][ T477] ? lock_downgrade+0x840/0x840 [ 58.659639][ T477] __writeback_single_inode+0x12a/0x13d0 [ 58.665832][ T477] ? _raw_spin_unlock+0x24/0x40 [ 58.671448][ T477] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 58.678864][ T477] writeback_sb_inodes+0x515/0xdc0 [ 58.684447][ T477] ? __writeback_single_inode+0x13d0/0x13d0 [ 58.690660][ T477] __writeback_inodes_wb+0xc3/0x250 [ 58.696298][ T477] wb_writeback+0x8db/0xd50 [ 58.701098][ T477] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 58.707548][ T477] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 58.713733][ T477] ? cpumask_next+0x3c/0x40 [ 58.718636][ T477] ? get_nr_dirty_inodes+0xd6/0x130 [ 58.723875][ T477] wb_workfn+0xab3/0x1090 [ 58.728776][ T477] ? inode_wait_for_writeback+0x30/0x30 [ 58.734627][ T477] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.741211][ T477] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.747704][ T477] process_one_work+0x965/0x1690 [ 58.752679][ T477] ? lock_release+0x800/0x800 [ 58.757381][ T477] ? pwq_dec_nr_in_flight+0x310/0x310 [ 58.763137][ T477] ? rwlock_bug.part.0+0x90/0x90 [ 58.768259][ T477] worker_thread+0x96/0xe10 [ 58.772798][ T477] ? process_one_work+0x1690/0x1690 [ 58.778097][ T477] kthread+0x3b5/0x4a0 [ 58.782413][ T477] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.788745][ T477] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.794559][ T477] ret_from_fork+0x1f/0x30 Starting Load/Save RF Kill Switch Status... [ 58.898948][ T6773] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6773 [ 58.908992][ T6773] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.915933][ T6773] CPU: 1 PID: 6773 Comm: systemd-rfkill Not tainted 5.8.0-rc1-syzkaller #0 [ 58.925971][ T6773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.937923][ T6773] Call Trace: [ 58.941772][ T6773] dump_stack+0x18f/0x20d [ 58.946588][ T6773] check_preemption_disabled+0x20d/0x220 [ 58.952353][ T6773] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.958418][ T6773] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.964026][ T6773] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.970018][ T6773] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.975466][ T6773] ? ext4_ext_release+0x10/0x10 [ 58.980345][ T6773] ? down_write_killable+0x170/0x170 [ 58.985978][ T6773] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.991849][ T6773] ext4_map_blocks+0x4cb/0x1640 [ 58.997486][ T6773] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.002864][ T6773] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.010212][ T6773] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.016831][ T6773] ? prandom_u32_state+0xe/0x170 [ 59.022442][ T6773] ? __brelse+0x84/0xa0 [ 59.028995][ T6773] ? __ext4_new_inode+0x144/0x55e0 [ 59.034147][ T6773] ext4_getblk+0xad/0x520 [ 59.040410][ T6773] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.046330][ T6773] ? ext4_free_inode+0x1700/0x1700 [ 59.052367][ T6773] ext4_bread+0x7c/0x380 [ 59.056978][ T6773] ? ext4_getblk+0x520/0x520 [ 59.061815][ T6773] ? dquot_get_next_dqblk+0x180/0x180 [ 59.067779][ T6773] ext4_append+0x153/0x360 [ 59.073432][ T6773] ext4_mkdir+0x5e0/0xdf0 [ 59.079191][ T6773] ? ext4_rmdir+0xde0/0xde0 [ 59.084069][ T6773] ? security_inode_permission+0xc4/0xf0 [ 59.089963][ T6773] vfs_mkdir+0x419/0x690 [ 59.094430][ T6773] do_mkdirat+0x21e/0x280 [ 59.098769][ T6773] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.103773][ T6773] ? do_syscall_64+0x1c/0xe0 [ 59.108594][ T6773] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.114908][ T6773] do_syscall_64+0x60/0xe0 [ 59.119438][ T6773] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.125865][ T6773] RIP: 0033:0x7fc927fc9687 [ 59.131595][ T6773] Code: Bad RIP value. [ 59.137176][ T6773] RSP: 002b:00007ffc0d41c648 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.148066][ T6773] RAX: ffffffffffffffda RBX: 0000558e5b8e7985 RCX: 00007fc927fc9687 [ 59.157851][ T6773] RDX: 00007ffc0d41c510 RSI: 00000000000001ed RDI: 0000558e5b8e7985 [ 59.167290][ T6773] RBP: 00007fc927fc9680 R08: 0000000000000100 R09: 0000000000000000 [ 59.176611][ T6773] R10: 0000558e5b8e7980 R11: 0000000000000246 R12: 00000000000001ed [ 59.185570][ T6773] R13: 00007ffc0d41c7d0 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.15' (ECDSA) to the list of known hosts. 2020/06/16 05:55:21 fuzzer started 2020/06/16 05:55:21 connecting to host at 10.128.0.26:39389 2020/06/16 05:55:21 checking machine... 2020/06/16 05:55:21 checking revisions... 2020/06/16 05:55:21 testing simple program... syzkaller login: [ 64.296550][ T6844] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6844 [ 64.306807][ T6844] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.313641][ T6844] CPU: 0 PID: 6844 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 64.323470][ T6844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.333964][ T6844] Call Trace: [ 64.337263][ T6844] dump_stack+0x18f/0x20d [ 64.341637][ T6844] check_preemption_disabled+0x20d/0x220 [ 64.348259][ T6844] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.353782][ T6844] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.359451][ T6844] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.365240][ T6844] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.370550][ T6844] ? ext4_ext_release+0x10/0x10 [ 64.375900][ T6844] ? down_write_killable+0x170/0x170 [ 64.381724][ T6844] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.388050][ T6844] ext4_map_blocks+0x4cb/0x1640 [ 64.393100][ T6844] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.398786][ T6844] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.405098][ T6844] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.411481][ T6844] ? prandom_u32_state+0xe/0x170 [ 64.416888][ T6844] ? __brelse+0x84/0xa0 [ 64.421573][ T6844] ? __ext4_new_inode+0x144/0x55e0 [ 64.427094][ T6844] ext4_getblk+0xad/0x520 [ 64.431628][ T6844] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.437641][ T6844] ? ext4_free_inode+0x1700/0x1700 [ 64.442968][ T6844] ext4_bread+0x7c/0x380 [ 64.447606][ T6844] ? ext4_getblk+0x520/0x520 [ 64.452680][ T6844] ? dquot_get_next_dqblk+0x180/0x180 [ 64.458362][ T6844] ext4_append+0x153/0x360 [ 64.462808][ T6844] ext4_mkdir+0x5e0/0xdf0 [ 64.467254][ T6844] ? ext4_rmdir+0xde0/0xde0 [ 64.472433][ T6844] ? security_inode_permission+0xc4/0xf0 [ 64.478102][ T6844] vfs_mkdir+0x419/0x690 [ 64.482712][ T6844] do_mkdirat+0x21e/0x280 [ 64.488561][ T6844] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.497779][ T6844] ? do_syscall_64+0x1c/0xe0 [ 64.503061][ T6844] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.509519][ T6844] do_syscall_64+0x60/0xe0 [ 64.514272][ T6844] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.520839][ T6844] RIP: 0033:0x4b02a0 [ 64.524998][ T6844] Code: Bad RIP value. [ 64.529148][ T6844] RSP: 002b:000000c0000e74b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 64.538127][ T6844] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 64.547462][ T6844] RDX: 00000000000001c0 RSI: 000000c00009e880 RDI: ffffffffffffff9c [ 64.556057][ T6844] RBP: 000000c0000e7510 R08: 0000000000000000 R09: 0000000000000000 [ 64.564361][ T6844] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 64.572892][ T6844] R13: 0000000000000045 R14: 0000000000000044 R15: 0000000000000100 [ 64.600391][ T6849] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6849 [ 64.611613][ T6849] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.618237][ T6849] CPU: 1 PID: 6849 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.627312][ T6849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.637659][ T6849] Call Trace: [ 64.641044][ T6849] dump_stack+0x18f/0x20d [ 64.645690][ T6849] check_preemption_disabled+0x20d/0x220 [ 64.651712][ T6849] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.657324][ T6849] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.663652][ T6849] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.669936][ T6849] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.675568][ T6849] ? ext4_ext_release+0x10/0x10 [ 64.681974][ T6849] ? down_write_killable+0x170/0x170 [ 64.687299][ T6849] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.694100][ T6849] ext4_map_blocks+0x4cb/0x1640 [ 64.699234][ T6849] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.705131][ T6849] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.712481][ T6849] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.718589][ T6849] ? prandom_u32_state+0xe/0x170 [ 64.723985][ T6849] ? __brelse+0x84/0xa0 [ 64.728639][ T6849] ? __ext4_new_inode+0x144/0x55e0 [ 64.734136][ T6849] ext4_getblk+0xad/0x520 [ 64.738469][ T6849] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.744512][ T6849] ? ext4_free_inode+0x1700/0x1700 [ 64.749931][ T6849] ext4_bread+0x7c/0x380 [ 64.756437][ T6849] ? ext4_getblk+0x520/0x520 [ 64.761724][ T6849] ? dquot_get_next_dqblk+0x180/0x180 [ 64.767538][ T6849] ext4_append+0x153/0x360 [ 64.773182][ T6849] ext4_mkdir+0x5e0/0xdf0 [ 64.777963][ T6849] ? ext4_rmdir+0xde0/0xde0 [ 64.782633][ T6849] ? security_inode_permission+0xc4/0xf0 [ 64.788764][ T6849] vfs_mkdir+0x419/0x690 [ 64.793295][ T6849] do_mkdirat+0x21e/0x280 [ 64.797731][ T6849] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.802767][ T6849] ? do_syscall_64+0x1c/0xe0 [ 64.807548][ T6849] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.813844][ T6849] do_syscall_64+0x60/0xe0 [ 64.818262][ T6849] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.824605][ T6849] RIP: 0033:0x45bed7 [ 64.828861][ T6849] Code: Bad RIP value. [ 64.833382][ T6849] RSP: 002b:00007ffd0cc112e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 64.842322][ T6849] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 64.850605][ T6849] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007ffd0cc114c0 [ 64.859932][ T6849] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002d80 [ 64.868712][ T6849] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 64.876951][ T6849] R13: 00007ffd0cc114c0 R14: 8421084210842109 R15: 00007ffd0cc114cc [ 64.974655][ T6850] IPVS: ftp: loaded support on port[0] = 21 [ 65.016321][ T6850] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6850 [ 65.026368][ T6850] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.032486][ T6850] CPU: 0 PID: 6850 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.041414][ T6850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.052240][ T6850] Call Trace: [ 65.055539][ T6850] dump_stack+0x18f/0x20d [ 65.059896][ T6850] check_preemption_disabled+0x20d/0x220 [ 65.065788][ T6850] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.071008][ T6850] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.076476][ T6850] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.083213][ T6850] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.089279][ T6850] ? ext4_ext_release+0x10/0x10 [ 65.094421][ T6850] ? down_write_killable+0x170/0x170 [ 65.100154][ T6850] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.106189][ T6850] ext4_map_blocks+0x4cb/0x1640 [ 65.111294][ T6850] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.116882][ T6850] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.122629][ T6850] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.129030][ T6850] ? prandom_u32_state+0xe/0x170 [ 65.134170][ T6850] ? __brelse+0x84/0xa0 [ 65.138482][ T6850] ? __ext4_new_inode+0x144/0x55e0 [ 65.145008][ T6850] ext4_getblk+0xad/0x520 [ 65.149526][ T6850] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.155656][ T6850] ? ext4_free_inode+0x1700/0x1700 [ 65.160994][ T6850] ext4_bread+0x7c/0x380 [ 65.165411][ T6850] ? ext4_getblk+0x520/0x520 [ 65.170086][ T6850] ? dquot_get_next_dqblk+0x180/0x180 [ 65.175849][ T6850] ext4_append+0x153/0x360 [ 65.180564][ T6850] ext4_mkdir+0x5e0/0xdf0 [ 65.185375][ T6850] ? ext4_rmdir+0xde0/0xde0 [ 65.190013][ T6850] ? security_inode_permission+0xc4/0xf0 [ 65.195953][ T6850] vfs_mkdir+0x419/0x690 [ 65.200386][ T6850] do_mkdirat+0x21e/0x280 [ 65.204868][ T6850] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.210769][ T6850] ? do_syscall_64+0x1c/0xe0 [ 65.216070][ T6850] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.222809][ T6850] do_syscall_64+0x60/0xe0 [ 65.227632][ T6850] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.233778][ T6850] RIP: 0033:0x45bed7 [ 65.239868][ T6850] Code: Bad RIP value. [ 65.244584][ T6850] RSP: 002b:00007ffd0cc111d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 65.253575][ T6850] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 65.261810][ T6850] RDX: 00007ffd0cc11223 RSI: 00000000000001ff RDI: 00007ffd0cc11220 [ 65.270673][ T6850] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 65.278926][ T6850] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0 [ 65.287486][ T6850] R13: 00007ffd0cc11210 R14: 0000000000000000 R15: 00007ffd0cc11220 [ 65.341918][ T6850] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6850 [ 65.351977][ T6850] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.358026][ T6850] CPU: 1 PID: 6850 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.366853][ T6850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.377458][ T6850] Call Trace: [ 65.381019][ T6850] dump_stack+0x18f/0x20d [ 65.385471][ T6850] check_preemption_disabled+0x20d/0x220 [ 65.392359][ T6850] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.398664][ T6850] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.404289][ T6850] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.411713][ T6850] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.417248][ T6850] ? ext4_ext_release+0x10/0x10 [ 65.422140][ T6850] ? down_write_killable+0x170/0x170 [ 65.428228][ T6850] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.433988][ T6850] ext4_map_blocks+0x4cb/0x1640 [ 65.440308][ T6850] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.445905][ T6850] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.451789][ T6850] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.459709][ T6850] ? prandom_u32_state+0xe/0x170 [ 65.465213][ T6850] ? __brelse+0x84/0xa0 [ 65.469409][ T6850] ? __ext4_new_inode+0x144/0x55e0 [ 65.475739][ T6850] ext4_getblk+0xad/0x520 [ 65.481117][ T6850] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.487492][ T6850] ? ext4_free_inode+0x1700/0x1700 [ 65.492940][ T6850] ext4_bread+0x7c/0x380 [ 65.497469][ T6850] ? ext4_getblk+0x520/0x520 [ 65.502114][ T6850] ? dquot_get_next_dqblk+0x180/0x180 [ 65.508408][ T6850] ext4_append+0x153/0x360 [ 65.513851][ T6850] ext4_mkdir+0x5e0/0xdf0 [ 65.518654][ T6850] ? ext4_rmdir+0xde0/0xde0 [ 65.524067][ T6850] ? security_inode_permission+0xc4/0xf0 [ 65.531349][ T6850] vfs_mkdir+0x419/0x690 [ 65.536092][ T6850] do_mkdirat+0x21e/0x280 [ 65.540835][ T6850] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.546215][ T6850] ? do_syscall_64+0x1c/0xe0 [ 65.551887][ T6850] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.558281][ T6850] do_syscall_64+0x60/0xe0 [ 65.563967][ T6850] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.570304][ T6850] RIP: 0033:0x45bed7 [ 65.574898][ T6850] Code: Bad RIP value. [ 65.579371][ T6850] RSP: 002b:00007ffd0cc111d8 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 2020/06/16 05:55:23 building call list... [ 65.588705][ T6850] RAX: ffffffffffffffda RBX: 000000000000ff3d RCX: 000000000045bed7 [ 65.597126][ T6850] RDX: 00007ffd0cc11223 RSI: 00000000000001ff RDI: 00007ffd0cc11220 [ 65.606708][ T6850] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 65.615436][ T6850] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 65.624003][ T6850] R13: 00007ffd0cc11210 R14: 000000000000ff2f R15: 00007ffd0cc11220 [ 65.889451][ T268] tipc: TX() has been purged, node left! [ 66.411733][ T268] ================================================================== [ 66.420475][ T268] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 66.429131][ T268] Write of size 1 at addr ffff888092c419e4 by task kworker/u4:6/268 [ 66.437825][ T268] [ 66.440169][ T268] CPU: 0 PID: 268 Comm: kworker/u4:6 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.448949][ T268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.459032][ T268] Workqueue: netns cleanup_net [ 66.464021][ T268] Call Trace: [ 66.467338][ T268] dump_stack+0x18f/0x20d [ 66.471696][ T268] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.477259][ T268] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.483018][ T268] ? afs_put_call+0xa40/0xa40 [ 66.487719][ T268] print_address_description.constprop.0.cold+0xd3/0x413 [ 66.494897][ T268] ? vprintk_func+0x97/0x1a6 [ 66.499616][ T268] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.505591][ T268] kasan_report.cold+0x1f/0x37 [ 66.510558][ T268] ? rcu_read_lock_held_common+0x51/0xa0 [ 66.516199][ T268] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.521938][ T268] afs_wake_up_async_call+0x6aa/0x770 [ 66.527712][ T268] ? afs_close_socket+0x320/0x320 [ 66.532935][ T268] ? afs_put_call+0xa40/0xa40 [ 66.537740][ T268] rxrpc_notify_socket+0x1db/0x5d0 [ 66.542896][ T268] ? afs_put_call+0xa40/0xa40 [ 66.547588][ T268] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 66.554495][ T268] rxrpc_call_completed+0xca/0xf0 [ 66.559635][ T268] rxrpc_discard_prealloc+0x781/0xab0 [ 66.565120][ T268] ? lock_sock_nested+0x94/0x110 [ 66.570079][ T268] rxrpc_listen+0x147/0x360 [ 66.574790][ T268] afs_close_socket+0x95/0x320 [ 66.579688][ T268] ? afs_purge_servers+0x16d/0x300 [ 66.585135][ T268] ? afs_rx_discard_new_call+0x50/0x50 [ 66.590615][ T268] ? init_wait_var_entry+0x200/0x200 [ 66.596007][ T268] ? rcu_read_lock_held_common+0xa0/0xa0 [ 66.602244][ T268] ? check_preemption_disabled+0x38/0x220 [ 66.608452][ T268] afs_net_exit+0x1bc/0x310 [ 66.614102][ T268] ? afs_net_init+0xe30/0xe30 [ 66.618792][ T268] ops_exit_list.isra.0+0xa8/0x150 [ 66.623967][ T268] cleanup_net+0x511/0xa50 [ 66.628585][ T268] ? unregister_pernet_device+0x70/0x70 [ 66.634332][ T268] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.640330][ T268] process_one_work+0x965/0x1690 [ 66.645291][ T268] ? lock_release+0x800/0x800 [ 66.649980][ T268] ? pwq_dec_nr_in_flight+0x310/0x310 [ 66.655455][ T268] ? rwlock_bug.part.0+0x90/0x90 [ 66.660426][ T268] worker_thread+0x96/0xe10 [ 66.665166][ T268] ? process_one_work+0x1690/0x1690 [ 66.671133][ T268] kthread+0x3b5/0x4a0 [ 66.675509][ T268] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.681437][ T268] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.687292][ T268] ret_from_fork+0x1f/0x30 [ 66.691732][ T268] [ 66.694218][ T268] Allocated by task 6850: [ 66.698701][ T268] save_stack+0x1b/0x40 [ 66.703222][ T268] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 66.709081][ T268] kmem_cache_alloc_trace+0x153/0x7d0 [ 66.715328][ T268] afs_alloc_call+0x55/0x630 [ 66.719931][ T268] afs_charge_preallocation+0xe9/0x2d0 [ 66.725581][ T268] afs_open_socket+0x292/0x360 [ 66.730356][ T268] afs_net_init+0xa6c/0xe30 [ 66.734961][ T268] ops_init+0xaf/0x420 [ 66.739044][ T268] setup_net+0x2de/0x860 [ 66.743293][ T268] copy_net_ns+0x293/0x590 [ 66.747718][ T268] create_new_namespaces+0x3fb/0xb30 [ 66.753328][ T268] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 66.759235][ T268] ksys_unshare+0x43d/0x8e0 [ 66.763748][ T268] __x64_sys_unshare+0x2d/0x40 [ 66.768593][ T268] do_syscall_64+0x60/0xe0 [ 66.773127][ T268] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.779203][ T268] [ 66.781539][ T268] Freed by task 268: [ 66.787181][ T268] save_stack+0x1b/0x40 [ 66.791371][ T268] __kasan_slab_free+0xf7/0x140 [ 66.796260][ T268] kfree+0x109/0x2b0 [ 66.800279][ T268] afs_put_call+0x585/0xa40 [ 66.804826][ T268] rxrpc_discard_prealloc+0x764/0xab0 [ 66.810380][ T268] rxrpc_listen+0x147/0x360 [ 66.814901][ T268] afs_close_socket+0x95/0x320 [ 66.820152][ T268] afs_net_exit+0x1bc/0x310 [ 66.825018][ T268] ops_exit_list.isra.0+0xa8/0x150 [ 66.830221][ T268] cleanup_net+0x511/0xa50 [ 66.834653][ T268] process_one_work+0x965/0x1690 [ 66.839595][ T268] worker_thread+0x96/0xe10 [ 66.844105][ T268] kthread+0x3b5/0x4a0 [ 66.848184][ T268] ret_from_fork+0x1f/0x30 [ 66.852686][ T268] [ 66.855133][ T268] The buggy address belongs to the object at ffff888092c41800 [ 66.855133][ T268] which belongs to the cache kmalloc-1k of size 1024 [ 66.869376][ T268] The buggy address is located 484 bytes inside of [ 66.869376][ T268] 1024-byte region [ffff888092c41800, ffff888092c41c00) [ 66.883006][ T268] The buggy address belongs to the page: [ 66.888774][ T268] page:ffffea00024b1040 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 66.898214][ T268] flags: 0xfffe0000000200(slab) [ 66.903166][ T268] raw: 00fffe0000000200 ffffea00029ccb48 ffffea00028ad0c8 ffff8880aa000c40 [ 66.912454][ T268] raw: 0000000000000000 ffff888092c41000 0000000100000002 0000000000000000 [ 66.921477][ T268] page dumped because: kasan: bad access detected [ 66.928073][ T268] [ 66.930482][ T268] Memory state around the buggy address: [ 66.936575][ T268] ffff888092c41880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.944665][ T268] ffff888092c41900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.952868][ T268] >ffff888092c41980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.960941][ T268] ^ [ 66.968326][ T268] ffff888092c41a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.976412][ T268] ffff888092c41a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.984573][ T268] ================================================================== [ 66.992790][ T268] Disabling lock debugging due to kernel taint [ 66.999368][ T268] Kernel panic - not syncing: panic_on_warn set ... [ 67.006088][ T268] CPU: 0 PID: 268 Comm: kworker/u4:6 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 67.017044][ T268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.027493][ T268] Workqueue: netns cleanup_net [ 67.034153][ T268] Call Trace: [ 67.037456][ T268] dump_stack+0x18f/0x20d [ 67.041929][ T268] ? afs_wake_up_async_call+0x670/0x770 [ 67.047687][ T268] ? afs_put_call+0xa40/0xa40 [ 67.052472][ T268] panic+0x2e3/0x75c [ 67.056555][ T268] ? __warn_printk+0xf3/0xf3 [ 67.061518][ T268] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 67.068557][ T268] ? trace_hardirqs_on+0x55/0x220 [ 67.073747][ T268] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.079637][ T268] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.085191][ T268] ? afs_put_call+0xa40/0xa40 [ 67.090028][ T268] end_report+0x4d/0x53 [ 67.094403][ T268] kasan_report.cold+0xd/0x37 [ 67.099153][ T268] ? rcu_read_lock_held_common+0x51/0xa0 [ 67.105086][ T268] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.111074][ T268] afs_wake_up_async_call+0x6aa/0x770 [ 67.117053][ T268] ? afs_close_socket+0x320/0x320 [ 67.122369][ T268] ? afs_put_call+0xa40/0xa40 [ 67.127469][ T268] rxrpc_notify_socket+0x1db/0x5d0 [ 67.133152][ T268] ? afs_put_call+0xa40/0xa40 [ 67.138060][ T268] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.145456][ T268] rxrpc_call_completed+0xca/0xf0 [ 67.150900][ T268] rxrpc_discard_prealloc+0x781/0xab0 [ 67.156862][ T268] ? lock_sock_nested+0x94/0x110 [ 67.162507][ T268] rxrpc_listen+0x147/0x360 [ 67.167018][ T268] afs_close_socket+0x95/0x320 [ 67.171939][ T268] ? afs_purge_servers+0x16d/0x300 [ 67.177274][ T268] ? afs_rx_discard_new_call+0x50/0x50 [ 67.182828][ T268] ? init_wait_var_entry+0x200/0x200 [ 67.188289][ T268] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.194526][ T268] ? check_preemption_disabled+0x38/0x220 [ 67.200696][ T268] afs_net_exit+0x1bc/0x310 [ 67.206009][ T268] ? afs_net_init+0xe30/0xe30 [ 67.211354][ T268] ops_exit_list.isra.0+0xa8/0x150 [ 67.217336][ T268] cleanup_net+0x511/0xa50 [ 67.221916][ T268] ? unregister_pernet_device+0x70/0x70 [ 67.227820][ T268] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.234109][ T268] process_one_work+0x965/0x1690 [ 67.239549][ T268] ? lock_release+0x800/0x800 [ 67.244907][ T268] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.250957][ T268] ? rwlock_bug.part.0+0x90/0x90 [ 67.256352][ T268] worker_thread+0x96/0xe10 [ 67.260958][ T268] ? process_one_work+0x1690/0x1690 [ 67.266713][ T268] kthread+0x3b5/0x4a0 [ 67.270979][ T268] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.277460][ T268] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.284508][ T268] ret_from_fork+0x1f/0x30 [ 67.291099][ T268] Kernel Offset: disabled [ 67.295437][ T268] Rebooting in 86400 seconds..