[ 62.483608][ T603] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:4/603 [ 62.492865][ T603] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.499379][ T603] CPU: 1 PID: 603 Comm: kworker/u4:4 Not tainted 5.7.0-syzkaller #0 [ 62.507351][ T603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.517408][ T603] Workqueue: writeback wb_workfn (flush-8:0) [ 62.523371][ T603] Call Trace: [ 62.526640][ T603] dump_stack+0x18f/0x20d [ 62.530949][ T603] check_preemption_disabled+0x20d/0x220 [ 62.536558][ T603] ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.541645][ T603] ? ext4_find_extent+0x81a/0xad0 [ 62.546650][ T603] ? ext4_ext_search_right+0x2ca/0xb20 [ 62.552099][ T603] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 62.557798][ T603] ext4_ext_map_blocks+0x201b/0x33e0 [ 62.563077][ T603] ? ext4_ext_release+0x10/0x10 [ 62.567922][ T603] ? down_write_killable+0x170/0x170 [ 62.573196][ T603] ? ext4_es_lookup_extent+0x41d/0xd10 [ 62.578657][ T603] ext4_map_blocks+0x4cb/0x1640 [ 62.583487][ T603] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 62.588664][ T603] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.594184][ T603] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.600153][ T603] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 62.605589][ T603] ext4_writepages+0x1a7b/0x33c0 [ 62.610516][ T603] ? __ext4_mark_inode_dirty+0x940/0x940 [ 62.616122][ T603] ? __lock_acquire+0x2224/0x48b0 [ 62.621147][ T603] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 62.627127][ T603] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 62.633104][ T603] ? __ext4_mark_inode_dirty+0x940/0x940 [ 62.638718][ T603] ? do_writepages+0xfa/0x2a0 [ 62.643370][ T603] do_writepages+0xfa/0x2a0 [ 62.647854][ T603] ? page_writeback_cpu_online+0x10/0x10 [ 62.653487][ T603] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.659016][ T603] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.664975][ T603] ? lock_downgrade+0x840/0x840 [ 62.669810][ T603] __writeback_single_inode+0x12a/0x13d0 [ 62.675437][ T603] ? _raw_spin_unlock+0x24/0x40 [ 62.680276][ T603] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 62.686236][ T603] writeback_sb_inodes+0x515/0xdc0 [ 62.691344][ T603] ? __writeback_single_inode+0x13d0/0x13d0 [ 62.697240][ T603] __writeback_inodes_wb+0xc3/0x250 [ 62.702422][ T603] wb_writeback+0x8db/0xd50 [ 62.706916][ T603] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 62.713223][ T603] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 62.719106][ T603] ? cpumask_next+0x3c/0x40 [ 62.723587][ T603] ? get_nr_dirty_inodes+0xd6/0x130 [ 62.728762][ T603] wb_workfn+0xab3/0x1090 [ 62.733074][ T603] ? inode_wait_for_writeback+0x30/0x30 [ 62.738607][ T603] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.744156][ T603] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.750113][ T603] process_one_work+0x965/0x1690 [ 62.755045][ T603] ? lock_release+0x800/0x800 [ 62.759695][ T603] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.765042][ T603] ? rwlock_bug.part.0+0x90/0x90 [ 62.769960][ T603] worker_thread+0x96/0xe10 [ 62.774444][ T603] ? process_one_work+0x1690/0x1690 [ 62.779622][ T603] kthread+0x3b5/0x4a0 [ 62.783666][ T603] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.789359][ T603] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.795058][ T603] ret_from_fork+0x1f/0x30 [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ 65.100899][ T6750] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6750 [ 65.110393][ T6750] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.116662][ T6750] CPU: 1 PID: 6750 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 65.124898][ T6750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.134944][ T6750] Call Trace: [ 65.138235][ T6750] dump_stack+0x18f/0x20d [ 65.142576][ T6750] check_preemption_disabled+0x20d/0x220 [ 65.148211][ T6750] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.153337][ T6750] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.158790][ T6750] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.164868][ T6750] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.164894][ T6750] ? ext4_ext_release+0x10/0x10 [ 65.164929][ T6750] ? down_write_killable+0x170/0x170 [ 65.164941][ T6750] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.164963][ T6750] ext4_map_blocks+0x4cb/0x1640 [ 65.164985][ T6750] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.165000][ T6750] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.165015][ T6750] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.165028][ T6750] ? prandom_u32_state+0xe/0x170 [ 65.165045][ T6750] ? __brelse+0x84/0xa0 [ 65.165060][ T6750] ? __ext4_new_inode+0x144/0x55e0 [ 65.165078][ T6750] ext4_getblk+0xad/0x520 [ 65.165096][ T6750] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.165116][ T6750] ? ext4_free_inode+0x1700/0x1700 [ 65.165135][ T6750] ext4_bread+0x7c/0x380 [ 65.165149][ T6750] ? ext4_getblk+0x520/0x520 [ 65.165163][ T6750] ? dquot_get_next_dqblk+0x180/0x180 [ 65.165185][ T6750] ext4_append+0x153/0x360 [ 65.165204][ T6750] ext4_mkdir+0x5e0/0xdf0 [ 65.165227][ T6750] ? ext4_rmdir+0xde0/0xde0 [ 65.165256][ T6750] vfs_mkdir+0x419/0x690 [ 65.165274][ T6750] do_mkdirat+0x21e/0x280 [ 65.165290][ T6750] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.165306][ T6750] ? do_syscall_64+0x1c/0xe0 [ 65.165321][ T6750] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.165338][ T6750] do_syscall_64+0x60/0xe0 [ 65.165355][ T6750] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.165367][ T6750] RIP: 0033:0x7f9d46b02687 [ 65.165372][ T6750] Code: Bad RIP value. [ 65.165380][ T6750] RSP: 002b:00007ffd62754b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 65.165393][ T6750] RAX: ffffffffffffffda RBX: 0000557e8204a985 RCX: 00007f9d46b02687 [ 65.165401][ T6750] RDX: 00007ffd62754a00 RSI: 00000000000001ed RDI: 0000557e8204a985 [ 65.165409][ T6750] RBP: 00007f9d46b02680 R08: 0000000000000100 R09: 0000000000000000 [ 65.165417][ T6750] R10: 0000557e8204a980 R11: 0000000000000246 R12: 00000000000001ed [ 65.165424][ T6750] R13: 00007ffd62754cc0 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Warning: Permanently added '10.128.15.214' (ECDSA) to the list of known hosts. Debian GNU/Linux 9 syzkaller ttyS0 2020/06/14 19:43:38 fuzzer started 2020/06/14 19:43:38 connecting to host at 10.128.0.26:46579 2020/06/14 19:43:38 checking machine... 2020/06/14 19:43:38 checking revisions... 2020/06/14 19:43:38 testing simple program... syzkaller login: [ 67.447661][ T6827] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6827 [ 67.456895][ T6827] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.462876][ T6827] CPU: 1 PID: 6827 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 67.470761][ T6827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.480879][ T6827] Call Trace: [ 67.484154][ T6827] dump_stack+0x18f/0x20d [ 67.488462][ T6827] check_preemption_disabled+0x20d/0x220 [ 67.494135][ T6827] ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.499278][ T6827] ? ext4_ext_search_right+0x2ca/0xb20 [ 67.504721][ T6827] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 67.510473][ T6827] ext4_ext_map_blocks+0x201b/0x33e0 [ 67.515752][ T6827] ? ext4_ext_release+0x10/0x10 [ 67.520642][ T6827] ? down_write_killable+0x170/0x170 [ 67.525911][ T6827] ? ext4_es_lookup_extent+0x41d/0xd10 [ 67.531348][ T6827] ext4_map_blocks+0x4cb/0x1640 [ 67.536180][ T6827] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 67.541357][ T6827] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 67.546892][ T6827] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.552861][ T6827] ? prandom_u32_state+0xe/0x170 [ 67.557787][ T6827] ? __brelse+0x84/0xa0 [ 67.561931][ T6827] ? __ext4_new_inode+0x144/0x55e0 [ 67.567030][ T6827] ext4_getblk+0xad/0x520 [ 67.571348][ T6827] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 67.577049][ T6827] ? ext4_free_inode+0x1700/0x1700 [ 67.582140][ T6827] ext4_bread+0x7c/0x380 [ 67.586360][ T6827] ? ext4_getblk+0x520/0x520 [ 67.591532][ T6827] ? dquot_get_next_dqblk+0x180/0x180 [ 67.596912][ T6827] ext4_append+0x153/0x360 [ 67.601321][ T6827] ext4_mkdir+0x5e0/0xdf0 [ 67.605650][ T6827] ? ext4_rmdir+0xde0/0xde0 [ 67.610140][ T6827] vfs_mkdir+0x419/0x690 [ 67.614380][ T6827] do_mkdirat+0x21e/0x280 [ 67.618722][ T6827] ? __ia32_sys_mknod+0xb0/0xb0 [ 67.623552][ T6827] ? do_syscall_64+0x1c/0xe0 [ 67.628116][ T6827] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 67.634086][ T6827] do_syscall_64+0x60/0xe0 [ 67.638497][ T6827] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.644374][ T6827] RIP: 0033:0x4b02a0 [ 67.648240][ T6827] Code: Bad RIP value. [ 67.652289][ T6827] RSP: 002b:000000c0000cd4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 67.660704][ T6827] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 67.668665][ T6827] RDX: 00000000000001c0 RSI: 000000c0000d6ac0 RDI: ffffffffffffff9c [ 67.676839][ T6827] RBP: 000000c0000cd510 R08: 0000000000000000 R09: 0000000000000000 [ 67.684796][ T6827] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 67.692749][ T6827] R13: 0000000000000057 R14: 0000000000000056 R15: 0000000000000100 [ 67.718352][ T28] audit: type=1400 audit(1592163818.975:8): avc: denied { execmem } for pid=6840 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 67.719096][ T6840] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6840 [ 67.748448][ T6840] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.754500][ T6840] CPU: 0 PID: 6840 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 67.762731][ T6840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.772759][ T6840] Call Trace: [ 67.776085][ T6840] dump_stack+0x18f/0x20d [ 67.780394][ T6840] check_preemption_disabled+0x20d/0x220 [ 67.786060][ T6840] ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.791248][ T6840] ? ext4_ext_search_right+0x2ca/0xb20 [ 67.796729][ T6840] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 67.802472][ T6840] ext4_ext_map_blocks+0x201b/0x33e0 [ 67.807778][ T6840] ? ext4_ext_release+0x10/0x10 [ 67.812668][ T6840] ? down_write_killable+0x170/0x170 [ 67.817941][ T6840] ? ext4_es_lookup_extent+0x41d/0xd10 [ 67.823378][ T6840] ext4_map_blocks+0x4cb/0x1640 [ 67.828230][ T6840] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 67.833404][ T6840] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 67.838924][ T6840] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.844878][ T6840] ? prandom_u32_state+0xe/0x170 [ 67.849795][ T6840] ? __brelse+0x84/0xa0 [ 67.853926][ T6840] ? __ext4_new_inode+0x144/0x55e0 [ 67.859013][ T6840] ext4_getblk+0xad/0x520 [ 67.863336][ T6840] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 67.869032][ T6840] ? ext4_free_inode+0x1700/0x1700 [ 67.874135][ T6840] ext4_bread+0x7c/0x380 [ 67.878368][ T6840] ? ext4_getblk+0x520/0x520 [ 67.882940][ T6840] ? dquot_get_next_dqblk+0x180/0x180 [ 67.888293][ T6840] ? security_transition_sid+0x123/0x190 [ 67.893922][ T6840] ? security_transition_sid+0xed/0x190 [ 67.899452][ T6840] ext4_append+0x153/0x360 [ 67.903856][ T6840] ext4_mkdir+0x5e0/0xdf0 [ 67.908166][ T6840] ? ext4_rmdir+0xde0/0xde0 [ 67.912657][ T6840] vfs_mkdir+0x419/0x690 [ 67.916879][ T6840] do_mkdirat+0x21e/0x280 [ 67.921194][ T6840] ? __ia32_sys_mknod+0xb0/0xb0 [ 67.926051][ T6840] ? do_syscall_64+0x1c/0xe0 [ 67.930618][ T6840] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 67.936599][ T6840] do_syscall_64+0x60/0xe0 [ 67.944989][ T6840] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.950868][ T6840] RIP: 0033:0x45bee7 [ 67.954731][ T6840] Code: Bad RIP value. [ 67.958769][ T6840] RSP: 002b:00007fff5f22ae08 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 67.967161][ T6840] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 67.975108][ T6840] RDX: 0000000000000004 RSI: 00000000000001c0 RDI: 00007fff5f22afe0 [ 67.983056][ T6840] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000003e40 [ 67.991015][ T6840] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 67.998961][ T6840] R13: 00007fff5f22afe0 R14: 8421084210842109 R15: 00007fff5f22afec [ 68.090566][ T6841] IPVS: ftp: loaded support on port[0] = 21 [ 68.128662][ T6841] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6841 [ 68.138306][ T6841] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 68.144375][ T6841] CPU: 1 PID: 6841 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 68.152660][ T6841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.162691][ T6841] Call Trace: [ 68.165960][ T6841] dump_stack+0x18f/0x20d [ 68.170317][ T6841] check_preemption_disabled+0x20d/0x220 [ 68.176068][ T6841] ext4_mb_new_blocks+0xa4d/0x3b70 [ 68.181164][ T6841] ? ext4_ext_search_right+0x2ca/0xb20 [ 68.186600][ T6841] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 68.192302][ T6841] ext4_ext_map_blocks+0x201b/0x33e0 [ 68.197580][ T6841] ? ext4_ext_release+0x10/0x10 [ 68.202417][ T6841] ? down_write_killable+0x170/0x170 [ 68.207678][ T6841] ? ext4_es_lookup_extent+0x41d/0xd10 [ 68.213131][ T6841] ext4_map_blocks+0x4cb/0x1640 [ 68.217961][ T6841] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 68.223160][ T6841] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 68.228694][ T6841] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.234665][ T6841] ? prandom_u32_state+0xe/0x170 [ 68.239582][ T6841] ? __brelse+0x84/0xa0 [ 68.243715][ T6841] ? __ext4_new_inode+0x144/0x55e0 [ 68.248803][ T6841] ext4_getblk+0xad/0x520 [ 68.253114][ T6841] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 68.258812][ T6841] ? ext4_free_inode+0x1700/0x1700 [ 68.263924][ T6841] ext4_bread+0x7c/0x380 [ 68.268142][ T6841] ? ext4_getblk+0x520/0x520 [ 68.272710][ T6841] ? dquot_get_next_dqblk+0x180/0x180 [ 68.278059][ T6841] ? security_transition_sid+0x123/0x190 [ 68.283679][ T6841] ? security_transition_sid+0xed/0x190 [ 68.289200][ T6841] ext4_append+0x153/0x360 [ 68.293608][ T6841] ext4_mkdir+0x5e0/0xdf0 [ 68.297919][ T6841] ? ext4_rmdir+0xde0/0xde0 [ 68.302405][ T6841] vfs_mkdir+0x419/0x690 [ 68.306641][ T6841] do_mkdirat+0x21e/0x280 [ 68.310960][ T6841] ? __ia32_sys_mknod+0xb0/0xb0 [ 68.315792][ T6841] ? do_syscall_64+0x1c/0xe0 [ 68.320356][ T6841] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 68.326323][ T6841] do_syscall_64+0x60/0xe0 [ 68.330719][ T6841] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.336602][ T6841] RIP: 0033:0x45bee7 [ 68.340469][ T6841] Code: Bad RIP value. [ 68.344508][ T6841] RSP: 002b:00007fff5f22acf8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 68.352911][ T6841] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 68.360870][ T6841] RDX: 00007fff5f22ad43 RSI: 00000000000001ff RDI: 00007fff5f22ad40 [ 68.368818][ T6841] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 68.376775][ T6841] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 68.384733][ T6841] R13: 00007fff5f22ad30 R14: 0000000000000000 R15: 00007fff5f22ad40 [ 68.453347][ T6841] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6841 [ 68.463247][ T6841] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 68.469152][ T6841] CPU: 1 PID: 6841 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 68.477389][ T6841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.487437][ T6841] Call Trace: [ 68.490823][ T6841] dump_stack+0x18f/0x20d [ 68.495175][ T6841] check_preemption_disabled+0x20d/0x220 [ 68.500813][ T6841] ext4_mb_new_blocks+0xa4d/0x3b70 [ 68.505945][ T6841] ? ext4_ext_search_right+0x2ca/0xb20 [ 68.511406][ T6841] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 68.517309][ T6841] ext4_ext_map_blocks+0x201b/0x33e0 [ 68.522607][ T6841] ? ext4_ext_release+0x10/0x10 [ 68.527464][ T6841] ? down_write_killable+0x170/0x170 [ 68.532728][ T6841] ? ext4_es_lookup_extent+0x41d/0xd10 [ 68.538186][ T6841] ext4_map_blocks+0x4cb/0x1640 [ 68.543021][ T6841] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 68.548202][ T6841] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 68.553740][ T6841] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.559699][ T6841] ? prandom_u32_state+0xe/0x170 [ 68.564632][ T6841] ? __brelse+0x84/0xa0 [ 68.568775][ T6841] ? __ext4_new_inode+0x144/0x55e0 [ 68.573884][ T6841] ext4_getblk+0xad/0x520 [ 68.578203][ T6841] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 68.583909][ T6841] ? ext4_free_inode+0x1700/0x1700 [ 68.589010][ T6841] ext4_bread+0x7c/0x380 [ 68.593244][ T6841] ? ext4_getblk+0x520/0x520 [ 68.597840][ T6841] ? dquot_get_next_dqblk+0x180/0x180 [ 68.603188][ T6841] ? security_transition_sid+0x123/0x190 [ 68.608802][ T6841] ? security_transition_sid+0xed/0x190 [ 68.614350][ T6841] ext4_append+0x153/0x360 [ 68.618754][ T6841] ext4_mkdir+0x5e0/0xdf0 [ 68.627333][ T6841] ? ext4_rmdir+0xde0/0xde0 [ 68.631851][ T6841] vfs_mkdir+0x419/0x690 [ 68.636074][ T6841] do_mkdirat+0x21e/0x280 [ 68.640393][ T6841] ? __ia32_sys_mknod+0xb0/0xb0 [ 68.645223][ T6841] ? do_syscall_64+0x1c/0xe0 [ 68.652048][ T6841] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 68.658005][ T6841] do_syscall_64+0x60/0xe0 [ 68.662410][ T6841] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.668400][ T6841] RIP: 0033:0x45bee7 [ 68.672269][ T6841] Code: Bad RIP value. [ 68.676324][ T6841] RSP: 002b:00007fff5f22acf8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 68.684732][ T6841] RAX: ffffffffffffffda RBX: 0000000000010b5b RCX: 000000000045bee7 [ 68.692693][ T6841] RDX: 00007fff5f22ad43 RSI: 00000000000001ff RDI: 00007fff5f22ad40 2020/06/14 19:43:40 building call list... [ 68.700653][ T6841] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 68.708605][ T6841] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 68.716553][ T6841] R13: 00007fff5f22ad30 R14: 0000000000010b3a R15: 00007fff5f22ad40 [ 68.919495][ T7] tipc: TX() has been purged, node left! [ 69.413114][ T7] ================================================================== [ 69.421366][ T7] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 69.429249][ T7] Write of size 1 at addr ffff8880909609e4 by task kworker/u4:0/7 [ 69.437033][ T7] [ 69.439358][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.7.0-syzkaller #0 [ 69.447150][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 69.457203][ T7] Workqueue: netns cleanup_net [ 69.461957][ T7] Call Trace: [ 69.465247][ T7] dump_stack+0x18f/0x20d [ 69.469573][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.475111][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.480648][ T7] ? afs_put_call+0xa40/0xa40 [ 69.485322][ T7] print_address_description.constprop.0.cold+0xd3/0x413 [ 69.492356][ T7] ? vprintk_func+0x97/0x1a6 [ 69.496960][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.502510][ T7] kasan_report.cold+0x1f/0x37 [ 69.507276][ T7] ? rcu_read_lock_held+0x81/0xb0 [ 69.512296][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 69.517839][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 69.523206][ T7] ? afs_close_socket+0x320/0x320 [ 69.528226][ T7] ? afs_put_call+0xa40/0xa40 [ 69.532899][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 69.538008][ T7] ? afs_put_call+0xa40/0xa40 [ 69.542684][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 69.549096][ T7] rxrpc_call_completed+0xca/0xf0 [ 69.554122][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 69.559496][ T7] ? lock_sock_nested+0x94/0x110 [ 69.564433][ T7] rxrpc_listen+0x147/0x360 [ 69.568934][ T7] afs_close_socket+0x95/0x320 [ 69.573711][ T7] ? afs_purge_servers+0x16d/0x300 [ 69.578815][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 69.584291][ T7] ? init_wait_var_entry+0x200/0x200 [ 69.589581][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 69.595214][ T7] ? check_preemption_disabled+0x38/0x220 [ 69.600964][ T7] afs_net_exit+0x1bc/0x310 [ 69.605475][ T7] ? afs_net_init+0xe30/0xe30 [ 69.610144][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 69.615260][ T7] cleanup_net+0x511/0xa50 [ 69.619675][ T7] ? unregister_pernet_device+0x70/0x70 [ 69.625222][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 69.631205][ T7] process_one_work+0x965/0x1690 [ 69.636307][ T7] ? lock_release+0x800/0x800 [ 69.640991][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 69.646367][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 69.651316][ T7] worker_thread+0x96/0xe10 [ 69.655839][ T7] ? process_one_work+0x1690/0x1690 [ 69.661038][ T7] kthread+0x3b5/0x4a0 [ 69.665104][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.670817][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 69.676542][ T7] ret_from_fork+0x1f/0x30 [ 69.680963][ T7] [ 69.683289][ T7] Allocated by task 6841: [ 69.687630][ T7] save_stack+0x1b/0x40 [ 69.691798][ T7] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 69.697423][ T7] kmem_cache_alloc_trace+0x153/0x7d0 [ 69.702818][ T7] afs_alloc_call+0x55/0x630 [ 69.707400][ T7] afs_charge_preallocation+0xe9/0x2d0 [ 69.712861][ T7] afs_open_socket+0x292/0x360 [ 69.717618][ T7] afs_net_init+0xa6c/0xe30 [ 69.722119][ T7] ops_init+0xaf/0x420 [ 69.726190][ T7] setup_net+0x2de/0x860 [ 69.730559][ T7] copy_net_ns+0x293/0x590 [ 69.735012][ T7] create_new_namespaces+0x3fb/0xb30 [ 69.740306][ T7] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 69.745931][ T7] ksys_unshare+0x43d/0x8e0 [ 69.750418][ T7] __x64_sys_unshare+0x2d/0x40 [ 69.755179][ T7] do_syscall_64+0x60/0xe0 [ 69.759596][ T7] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 69.765473][ T7] [ 69.767795][ T7] Freed by task 7: [ 69.771515][ T7] save_stack+0x1b/0x40 [ 69.775664][ T7] __kasan_slab_free+0xf7/0x140 [ 69.780507][ T7] kfree+0x109/0x2b0 [ 69.784392][ T7] afs_put_call+0x585/0xa40 [ 69.788895][ T7] rxrpc_discard_prealloc+0x764/0xab0 [ 69.794257][ T7] rxrpc_listen+0x147/0x360 [ 69.798755][ T7] afs_close_socket+0x95/0x320 [ 69.803516][ T7] afs_net_exit+0x1bc/0x310 [ 69.808014][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 69.813114][ T7] cleanup_net+0x511/0xa50 [ 69.817523][ T7] process_one_work+0x965/0x1690 [ 69.822456][ T7] worker_thread+0x96/0xe10 [ 69.826954][ T7] kthread+0x3b5/0x4a0 [ 69.831015][ T7] ret_from_fork+0x1f/0x30 [ 69.835415][ T7] [ 69.837736][ T7] The buggy address belongs to the object at ffff888090960800 [ 69.837736][ T7] which belongs to the cache kmalloc-1k of size 1024 [ 69.851786][ T7] The buggy address is located 484 bytes inside of [ 69.851786][ T7] 1024-byte region [ffff888090960800, ffff888090960c00) [ 69.865129][ T7] The buggy address belongs to the page: [ 69.870759][ T7] page:ffffea0002425800 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888090960000 [ 69.881155][ T7] flags: 0xfffe0000000200(slab) [ 69.886005][ T7] raw: 00fffe0000000200 ffffea0002486f08 ffffea0002a5c708 ffff8880aa000c40 [ 69.894625][ T7] raw: ffff888090960000 ffff888090960000 0000000100000001 0000000000000000 [ 69.903199][ T7] page dumped because: kasan: bad access detected [ 69.909594][ T7] [ 69.911912][ T7] Memory state around the buggy address: [ 69.917707][ T7] ffff888090960880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.925765][ T7] ffff888090960900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.933821][ T7] >ffff888090960980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.941873][ T7] ^ [ 69.949059][ T7] ffff888090960a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.957111][ T7] ffff888090960a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 69.965158][ T7] ================================================================== [ 69.973205][ T7] Disabling lock debugging due to kernel taint [ 69.979391][ T7] Kernel panic - not syncing: panic_on_warn set ... [ 69.985976][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Tainted: G B 5.7.0-syzkaller #0 [ 69.995152][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 70.005201][ T7] Workqueue: netns cleanup_net [ 70.009983][ T7] Call Trace: [ 70.013265][ T7] dump_stack+0x18f/0x20d [ 70.017587][ T7] ? afs_wake_up_async_call+0x5f0/0x770 [ 70.023117][ T7] ? afs_put_call+0xa40/0xa40 [ 70.027784][ T7] panic+0x2e3/0x75c [ 70.031674][ T7] ? __warn_printk+0xf3/0xf3 [ 70.036263][ T7] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 70.042409][ T7] ? trace_hardirqs_on+0x55/0x220 [ 70.047449][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 70.053069][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 70.058598][ T7] ? afs_put_call+0xa40/0xa40 [ 70.063264][ T7] end_report+0x4d/0x53 [ 70.067407][ T7] kasan_report.cold+0xd/0x37 [ 70.072074][ T7] ? rcu_read_lock_held+0x81/0xb0 [ 70.077085][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 70.082618][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 70.087976][ T7] ? afs_close_socket+0x320/0x320 [ 70.092988][ T7] ? afs_put_call+0xa40/0xa40 [ 70.097653][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 70.102779][ T7] ? afs_put_call+0xa40/0xa40 [ 70.107795][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 70.114198][ T7] rxrpc_call_completed+0xca/0xf0 [ 70.119211][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 70.124578][ T7] ? lock_sock_nested+0x94/0x110 [ 70.129505][ T7] rxrpc_listen+0x147/0x360 [ 70.133997][ T7] afs_close_socket+0x95/0x320 [ 70.138745][ T7] ? afs_purge_servers+0x16d/0x300 [ 70.143848][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 70.149294][ T7] ? init_wait_var_entry+0x200/0x200 [ 70.154568][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 70.160186][ T7] ? check_preemption_disabled+0x38/0x220 [ 70.165892][ T7] afs_net_exit+0x1bc/0x310 [ 70.170385][ T7] ? afs_net_init+0xe30/0xe30 [ 70.175046][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 70.180147][ T7] cleanup_net+0x511/0xa50 [ 70.184555][ T7] ? unregister_pernet_device+0x70/0x70 [ 70.190090][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 70.196059][ T7] process_one_work+0x965/0x1690 [ 70.200988][ T7] ? lock_release+0x800/0x800 [ 70.205651][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 70.211010][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 70.215937][ T7] worker_thread+0x96/0xe10 [ 70.220429][ T7] ? process_one_work+0x1690/0x1690 [ 70.225617][ T7] kthread+0x3b5/0x4a0 [ 70.229672][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 70.235375][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 70.241081][ T7] ret_from_fork+0x1f/0x30 [ 70.247034][ T7] Kernel Offset: disabled [ 70.251345][ T7] Rebooting in 86400 seconds..