[ 58.828092][ T6723] do_syscall_64+0x60/0xe0 [ 58.828112][ T6723] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 58.828125][ T6723] RIP: 0033:0x7ff5407d7687 [ 58.828130][ T6723] Code: Bad RIP value. [ 58.828139][ T6723] RSP: 002b:00007fff9073c108 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 58.828155][ T6723] RAX: ffffffffffffffda RBX: 0000557ee35f1985 RCX: 00007ff5407d7687 [ 58.828165][ T6723] RDX: 00007fff9073bfd0 RSI: 00000000000001ed RDI: 0000557ee35f1985 [ 58.828174][ T6723] RBP: 00007ff5407d7680 R08: 0000000000000100 R09: 0000000000000000 [ 58.828182][ T6723] R10: 0000557ee35f1980 R11: 0000000000000246 R12: 00000000000001ed [ 58.828191][ T6723] R13: 00007fff9073c290 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 63.552044][ T21] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:1/21 [ 63.561313][ T21] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.568084][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc1-syzkaller #0 [ 63.576477][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.586917][ T21] Workqueue: writeback wb_workfn (flush-8:0) [ 63.592982][ T21] Call Trace: [ 63.596476][ T21] dump_stack+0x18f/0x20d [ 63.601757][ T21] check_preemption_disabled+0x20d/0x220 [ 63.608719][ T21] ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.613934][ T21] ? ext4_find_extent+0x81a/0xad0 [ 63.619111][ T21] ? ext4_ext_search_right+0x2ca/0xb20 [ 63.624757][ T21] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 63.630889][ T21] ext4_ext_map_blocks+0x201b/0x33e0 [ 63.636309][ T21] ? ext4_ext_release+0x10/0x10 [ 63.641256][ T21] ? down_write_killable+0x170/0x170 [ 63.647292][ T21] ? ext4_es_lookup_extent+0x41d/0xd10 [ 63.653075][ T21] ext4_map_blocks+0x4cb/0x1640 [ 63.658315][ T21] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 63.663868][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.669792][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.675831][ T21] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 63.681854][ T21] ext4_writepages+0x1a7b/0x33c0 [ 63.686977][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 63.693237][ T21] ? __lock_acquire+0x2224/0x48b0 [ 63.698277][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 63.704643][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 63.710635][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 63.716509][ T21] ? do_writepages+0xfa/0x2a0 [ 63.721226][ T21] do_writepages+0xfa/0x2a0 [ 63.725736][ T21] ? page_writeback_cpu_online+0x10/0x10 [ 63.731807][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.738656][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.744682][ T21] ? lock_downgrade+0x840/0x840 [ 63.749530][ T21] __writeback_single_inode+0x12a/0x13d0 [ 63.755956][ T21] ? _raw_spin_unlock+0x24/0x40 [ 63.761110][ T21] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 63.767595][ T21] writeback_sb_inodes+0x515/0xdc0 [ 63.772722][ T21] ? __writeback_single_inode+0x13d0/0x13d0 [ 63.779687][ T21] __writeback_inodes_wb+0xc3/0x250 [ 63.785456][ T21] wb_writeback+0x8db/0xd50 [ 63.790674][ T21] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 63.798535][ T21] ? cpumask_next+0x3c/0x40 [ 63.803345][ T21] ? get_nr_dirty_inodes+0xd6/0x130 [ 63.809272][ T21] wb_workfn+0x9bc/0x1090 [ 63.814477][ T21] ? inode_wait_for_writeback+0x30/0x30 [ 63.820462][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.826346][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.832372][ T21] process_one_work+0x965/0x1690 [ 63.838348][ T21] ? lock_release+0x800/0x800 [ 63.843609][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.849880][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 63.855432][ T21] worker_thread+0x96/0xe10 [ 63.860005][ T21] ? process_one_work+0x1690/0x1690 [ 63.865490][ T21] kthread+0x3b5/0x4a0 [ 63.870171][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.876505][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.882233][ T21] ret_from_fork+0x1f/0x30 [ 63.889294][ T21] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:1/21 [ 63.899149][ T21] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.905430][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc1-syzkaller #0 [ 63.913840][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.924492][ T21] Workqueue: writeback wb_workfn (flush-8:0) [ 63.930830][ T21] Call Trace: [ 63.934508][ T21] dump_stack+0x18f/0x20d [ 63.939405][ T21] check_preemption_disabled+0x20d/0x220 [ 63.945556][ T21] ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.952221][ T21] ? ext4_find_extent+0x81a/0xad0 [ 63.957684][ T21] ? ext4_ext_search_right+0x2ca/0xb20 [ 63.963230][ T21] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 63.970095][ T21] ext4_ext_map_blocks+0x201b/0x33e0 [ 63.976259][ T21] ? ext4_ext_release+0x10/0x10 [ 63.982003][ T21] ? down_write_killable+0x170/0x170 [ 63.988163][ T21] ? ext4_es_lookup_extent+0x41d/0xd10 [ 63.993693][ T21] ext4_map_blocks+0x4cb/0x1640 [ 63.998654][ T21] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.003909][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.009457][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.016159][ T21] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 64.021937][ T21] ext4_writepages+0x1a7b/0x33c0 [ 64.027133][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 64.032760][ T21] ? __lock_acquire+0x2224/0x48b0 [ 64.038245][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 64.044467][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 64.050969][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 64.057338][ T21] ? do_writepages+0xfa/0x2a0 [ 64.062022][ T21] do_writepages+0xfa/0x2a0 [ 64.066526][ T21] ? page_writeback_cpu_online+0x10/0x10 [ 64.072405][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.078031][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.084275][ T21] ? lock_downgrade+0x840/0x840 [ 64.089410][ T21] __writeback_single_inode+0x12a/0x13d0 [ 64.095955][ T21] ? _raw_spin_unlock+0x24/0x40 [ 64.100823][ T21] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 64.106819][ T21] writeback_sb_inodes+0x515/0xdc0 [ 64.112088][ T21] ? __writeback_single_inode+0x13d0/0x13d0 [ 64.119345][ T21] __writeback_inodes_wb+0xc3/0x250 [ 64.124655][ T21] wb_writeback+0x8db/0xd50 [ 64.129242][ T21] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 64.135565][ T21] ? cpumask_next+0x3c/0x40 [ 64.140269][ T21] ? get_nr_dirty_inodes+0xd6/0x130 [ 64.146054][ T21] wb_workfn+0x9bc/0x1090 [ 64.150611][ T21] ? inode_wait_for_writeback+0x30/0x30 [ 64.157104][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.163356][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.169556][ T21] process_one_work+0x965/0x1690 [ 64.174746][ T21] ? lock_release+0x800/0x800 [ 64.179743][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 64.185396][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 64.191078][ T21] worker_thread+0x96/0xe10 [ 64.195636][ T21] ? process_one_work+0x1690/0x1690 [ 64.201007][ T21] kthread+0x3b5/0x4a0 [ 64.207613][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.215406][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.221128][ T21] ret_from_fork+0x1f/0x30 [ 64.277831][ T21] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:1/21 [ 64.287335][ T21] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.293661][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.303005][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.314392][ T21] Workqueue: writeback wb_workfn (flush-8:0) [ 64.320691][ T21] Call Trace: [ 64.324117][ T21] dump_stack+0x18f/0x20d [ 64.328663][ T21] check_preemption_disabled+0x20d/0x220 [ 64.334321][ T21] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.339468][ T21] ? ext4_find_extent+0x81a/0xad0 [ 64.344536][ T21] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.350112][ T21] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.356454][ T21] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.361996][ T21] ? ext4_ext_release+0x10/0x10 [ 64.366895][ T21] ? down_write_killable+0x170/0x170 [ 64.372336][ T21] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.377802][ T21] ext4_map_blocks+0x4cb/0x1640 [ 64.384049][ T21] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.389266][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.394840][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.400818][ T21] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 64.406430][ T21] ext4_writepages+0x1a7b/0x33c0 [ 64.411385][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 64.417011][ T21] ? __lock_acquire+0x2224/0x48b0 [ 64.422049][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 64.428261][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 64.434493][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 64.440302][ T21] ? do_writepages+0xfa/0x2a0 [ 64.445075][ T21] do_writepages+0xfa/0x2a0 [ 64.449834][ T21] ? page_writeback_cpu_online+0x10/0x10 [ 64.456923][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.463614][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.470628][ T21] ? lock_downgrade+0x840/0x840 [ 64.478317][ T21] __writeback_single_inode+0x12a/0x13d0 [ 64.484353][ T21] ? _raw_spin_unlock+0x24/0x40 [ 64.489894][ T21] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 64.495963][ T21] writeback_sb_inodes+0x515/0xdc0 [ 64.501547][ T21] ? __writeback_single_inode+0x13d0/0x13d0 [ 64.507609][ T21] __writeback_inodes_wb+0xc3/0x250 [ 64.512820][ T21] wb_writeback+0x8db/0xd50 [ 64.517329][ T21] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 64.523755][ T21] ? cpumask_next+0x3c/0x40 Warning: Permanently added '10.128.10.30' (ECDSA) to the list of known hosts. [ 64.529099][ T21] ? get_nr_dirty_inodes+0xd6/0x130 [ 64.534406][ T21] wb_workfn+0x9bc/0x1090 [ 64.538832][ T21] ? inode_wait_for_writeback+0x30/0x30 [ 64.544648][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.550354][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.556452][ T21] process_one_work+0x965/0x1690 [ 64.561953][ T21] ? lock_release+0x800/0x800 [ 64.566832][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 64.572208][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 64.577153][ T21] worker_thread+0x96/0xe10 [ 64.581789][ T21] ? process_one_work+0x1690/0x1690 [ 64.587318][ T21] kthread+0x3b5/0x4a0 [ 64.591586][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.601855][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 64.609470][ T21] ret_from_fork+0x1f/0x30 2020/06/15 05:46:18 fuzzer started 2020/06/15 05:46:18 connecting to host at 10.128.0.26:45045 2020/06/15 05:46:18 checking machine... 2020/06/15 05:46:18 checking revisions... 2020/06/15 05:46:18 testing simple program... [ 65.456928][ T6794] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6794 [ 65.467221][ T6794] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.473280][ T6794] CPU: 0 PID: 6794 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 65.481667][ T6794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.491900][ T6794] Call Trace: [ 65.495209][ T6794] dump_stack+0x18f/0x20d [ 65.499641][ T6794] check_preemption_disabled+0x20d/0x220 [ 65.506274][ T6794] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.511818][ T6794] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.517734][ T6794] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.523489][ T6794] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.529162][ T6794] ? ext4_ext_release+0x10/0x10 [ 65.534332][ T6794] ? down_write_killable+0x170/0x170 [ 65.540579][ T6794] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.546729][ T6794] ext4_map_blocks+0x4cb/0x1640 [ 65.551589][ T6794] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.556927][ T6794] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.562960][ T6794] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.569162][ T6794] ? prandom_u32_state+0xe/0x170 [ 65.574102][ T6794] ? __brelse+0x84/0xa0 [ 65.578965][ T6794] ? __ext4_new_inode+0x144/0x55e0 [ 65.584228][ T6794] ext4_getblk+0xad/0x520 [ 65.588561][ T6794] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.594443][ T6794] ? ext4_free_inode+0x1700/0x1700 [ 65.599553][ T6794] ext4_bread+0x7c/0x380 [ 65.603802][ T6794] ? ext4_getblk+0x520/0x520 [ 65.608425][ T6794] ? dquot_get_next_dqblk+0x180/0x180 [ 65.614096][ T6794] ext4_append+0x153/0x360 [ 65.618820][ T6794] ext4_mkdir+0x5e0/0xdf0 [ 65.623400][ T6794] ? ext4_rmdir+0xde0/0xde0 [ 65.627991][ T6794] ? security_inode_permission+0xc4/0xf0 [ 65.634189][ T6794] vfs_mkdir+0x419/0x690 [ 65.638552][ T6794] do_mkdirat+0x21e/0x280 [ 65.642883][ T6794] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.648687][ T6794] ? do_syscall_64+0x1c/0xe0 [ 65.653285][ T6794] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.659316][ T6794] do_syscall_64+0x60/0xe0 [ 65.664185][ T6794] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.672363][ T6794] RIP: 0033:0x4b02a0 [ 65.676385][ T6794] Code: Bad RIP value. [ 65.680469][ T6794] RSP: 002b:000000c0000d94b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 65.689749][ T6794] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 65.698361][ T6794] RDX: 00000000000001c0 RSI: 000000c000026c40 RDI: ffffffffffffff9c [ 65.706716][ T6794] RBP: 000000c0000d9510 R08: 0000000000000000 R09: 0000000000000000 [ 65.715273][ T6794] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 65.723376][ T6794] R13: 0000000000000063 R14: 0000000000000062 R15: 0000000000000100 [ 65.738237][ T6797] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6797 [ 65.747894][ T6797] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.754062][ T6797] CPU: 0 PID: 6797 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.762678][ T6797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.772765][ T6797] Call Trace: [ 65.776053][ T6797] dump_stack+0x18f/0x20d [ 65.780387][ T6797] check_preemption_disabled+0x20d/0x220 [ 65.786057][ T6797] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.791270][ T6797] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.796810][ T6797] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.802527][ T6797] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.807808][ T6797] ? ext4_ext_release+0x10/0x10 [ 65.812790][ T6797] ? down_write_killable+0x170/0x170 [ 65.818306][ T6797] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.824018][ T6797] ext4_map_blocks+0x4cb/0x1640 [ 65.829185][ T6797] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.835006][ T6797] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.841402][ T6797] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.847466][ T6797] ? prandom_u32_state+0xe/0x170 [ 65.852545][ T6797] ? __brelse+0x84/0xa0 [ 65.856713][ T6797] ? __ext4_new_inode+0x144/0x55e0 [ 65.861904][ T6797] ext4_getblk+0xad/0x520 [ 65.866713][ T6797] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.872427][ T6797] ? ext4_free_inode+0x1700/0x1700 [ 65.877664][ T6797] ext4_bread+0x7c/0x380 [ 65.881901][ T6797] ? ext4_getblk+0x520/0x520 [ 65.886497][ T6797] ? dquot_get_next_dqblk+0x180/0x180 [ 65.891895][ T6797] ext4_append+0x153/0x360 [ 65.896511][ T6797] ext4_mkdir+0x5e0/0xdf0 [ 65.900835][ T6797] ? ext4_rmdir+0xde0/0xde0 [ 65.905329][ T6797] ? security_inode_permission+0xc4/0xf0 [ 65.911140][ T6797] vfs_mkdir+0x419/0x690 [ 65.915371][ T6797] do_mkdirat+0x21e/0x280 [ 65.919718][ T6797] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.924558][ T6797] ? do_syscall_64+0x1c/0xe0 [ 65.929140][ T6797] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.935114][ T6797] do_syscall_64+0x60/0xe0 [ 65.939525][ T6797] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.945410][ T6797] RIP: 0033:0x45bee7 [ 65.949379][ T6797] Code: Bad RIP value. [ 65.953433][ T6797] RSP: 002b:00007ffd4234c0d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 65.961945][ T6797] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 65.970067][ T6797] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffd4234c2b0 [ 65.978036][ T6797] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 00000000000030c0 [ 65.986002][ T6797] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 65.994101][ T6797] R13: 00007ffd4234c2b0 R14: 8421084210842109 R15: 00007ffd4234c2bc [ 66.079928][ T6798] IPVS: ftp: loaded support on port[0] = 21 [ 66.117098][ T6798] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6798 [ 66.127273][ T6798] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.133534][ T6798] CPU: 1 PID: 6798 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.142257][ T6798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.152761][ T6798] Call Trace: [ 66.156080][ T6798] dump_stack+0x18f/0x20d [ 66.160413][ T6798] check_preemption_disabled+0x20d/0x220 [ 66.166396][ T6798] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.171746][ T6798] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.177325][ T6798] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.183874][ T6798] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.189681][ T6798] ? ext4_ext_release+0x10/0x10 [ 66.194838][ T6798] ? down_write_killable+0x170/0x170 [ 66.200123][ T6798] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.209485][ T6798] ext4_map_blocks+0x4cb/0x1640 [ 66.214557][ T6798] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.219786][ T6798] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.225589][ T6798] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.231689][ T6798] ? prandom_u32_state+0xe/0x170 [ 66.236627][ T6798] ? __brelse+0x84/0xa0 [ 66.240782][ T6798] ? __ext4_new_inode+0x144/0x55e0 [ 66.246213][ T6798] ext4_getblk+0xad/0x520 [ 66.250660][ T6798] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.256767][ T6798] ? ext4_free_inode+0x1700/0x1700 [ 66.262232][ T6798] ext4_bread+0x7c/0x380 [ 66.266710][ T6798] ? ext4_getblk+0x520/0x520 [ 66.271315][ T6798] ? dquot_get_next_dqblk+0x180/0x180 [ 66.276932][ T6798] ext4_append+0x153/0x360 [ 66.281371][ T6798] ext4_mkdir+0x5e0/0xdf0 [ 66.285792][ T6798] ? ext4_rmdir+0xde0/0xde0 [ 66.290427][ T6798] ? security_inode_permission+0xc4/0xf0 [ 66.296506][ T6798] vfs_mkdir+0x419/0x690 [ 66.300909][ T6798] do_mkdirat+0x21e/0x280 [ 66.305239][ T6798] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.310268][ T6798] ? do_syscall_64+0x1c/0xe0 [ 66.314979][ T6798] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.321705][ T6798] do_syscall_64+0x60/0xe0 [ 66.326124][ T6798] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.332481][ T6798] RIP: 0033:0x45bee7 [ 66.336380][ T6798] Code: Bad RIP value. [ 66.341175][ T6798] RSP: 002b:00007ffd4234bfc8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 66.349601][ T6798] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 66.357681][ T6798] RDX: 00007ffd4234c013 RSI: 00000000000001ff RDI: 00007ffd4234c010 [ 66.365738][ T6798] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 66.374658][ T6798] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 66.382630][ T6798] R13: 00007ffd4234c000 R14: 0000000000000000 R15: 00007ffd4234c010 [ 66.438269][ T6798] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6798 [ 66.448254][ T6798] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.454456][ T6798] CPU: 1 PID: 6798 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.465845][ T6798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.476580][ T6798] Call Trace: [ 66.480670][ T6798] dump_stack+0x18f/0x20d [ 66.485288][ T6798] check_preemption_disabled+0x20d/0x220 [ 66.490939][ T6798] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.496271][ T6798] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.501839][ T6798] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.507674][ T6798] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.513258][ T6798] ? ext4_ext_release+0x10/0x10 [ 66.518149][ T6798] ? down_write_killable+0x170/0x170 [ 66.524197][ T6798] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.529921][ T6798] ext4_map_blocks+0x4cb/0x1640 [ 66.535057][ T6798] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.541346][ T6798] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.547125][ T6798] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.553363][ T6798] ? prandom_u32_state+0xe/0x170 [ 66.558726][ T6798] ? __brelse+0x84/0xa0 [ 66.563061][ T6798] ? __ext4_new_inode+0x144/0x55e0 [ 66.568493][ T6798] ext4_getblk+0xad/0x520 [ 66.573617][ T6798] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.579462][ T6798] ? ext4_free_inode+0x1700/0x1700 [ 66.584611][ T6798] ext4_bread+0x7c/0x380 2020/06/15 05:46:20 building call list... [ 66.588848][ T6798] ? ext4_getblk+0x520/0x520 [ 66.593631][ T6798] ? dquot_get_next_dqblk+0x180/0x180 [ 66.599091][ T6798] ext4_append+0x153/0x360 [ 66.603558][ T6798] ext4_mkdir+0x5e0/0xdf0 [ 66.608009][ T6798] ? ext4_rmdir+0xde0/0xde0 [ 66.612510][ T6798] ? security_inode_permission+0xc4/0xf0 [ 66.618495][ T6798] vfs_mkdir+0x419/0x690 [ 66.622823][ T6798] do_mkdirat+0x21e/0x280 [ 66.627251][ T6798] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.632223][ T6798] ? do_syscall_64+0x1c/0xe0 [ 66.636805][ T6798] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.643227][ T6798] do_syscall_64+0x60/0xe0 [ 66.647644][ T6798] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.654020][ T6798] RIP: 0033:0x45bee7 [ 66.658039][ T6798] Code: Bad RIP value. [ 66.662119][ T6798] RSP: 002b:00007ffd4234bfc8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 66.670524][ T6798] RAX: ffffffffffffffda RBX: 000000000001037f RCX: 000000000045bee7 [ 66.679362][ T6798] RDX: 00007ffd4234c013 RSI: 00000000000001ff RDI: 00007ffd4234c010 [ 66.687448][ T6798] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 66.696544][ T6798] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 66.704689][ T6798] R13: 00007ffd4234c000 R14: 000000000001036c R15: 00007ffd4234c010 [ 66.970568][ T854] tipc: TX() has been purged, node left! [ 67.492653][ T854] ================================================================== [ 67.500908][ T854] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 67.508795][ T854] Write of size 1 at addr ffff888081a269e4 by task kworker/u4:4/854 [ 67.516758][ T854] [ 67.519116][ T854] CPU: 0 PID: 854 Comm: kworker/u4:4 Not tainted 5.8.0-rc1-syzkaller #0 [ 67.527436][ T854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.537496][ T854] Workqueue: netns cleanup_net [ 67.542774][ T854] Call Trace: [ 67.546069][ T854] dump_stack+0x18f/0x20d [ 67.550402][ T854] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.555947][ T854] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.561490][ T854] ? afs_put_call+0xa40/0xa40 [ 67.566302][ T854] print_address_description.constprop.0.cold+0xd3/0x413 [ 67.573343][ T854] ? vprintk_func+0x97/0x1a6 [ 67.577940][ T854] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.583507][ T854] kasan_report.cold+0x1f/0x37 [ 67.588284][ T854] ? rcu_read_lock_held_common+0x51/0xa0 [ 67.593923][ T854] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.599475][ T854] afs_wake_up_async_call+0x6aa/0x770 [ 67.604865][ T854] ? afs_close_socket+0x320/0x320 [ 67.609892][ T854] ? afs_put_call+0xa40/0xa40 [ 67.614573][ T854] rxrpc_notify_socket+0x1db/0x5d0 [ 67.619712][ T854] ? afs_put_call+0xa40/0xa40 [ 67.625353][ T854] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.631860][ T854] rxrpc_call_completed+0xca/0xf0 [ 67.636891][ T854] rxrpc_discard_prealloc+0x781/0xab0 [ 67.642271][ T854] ? lock_sock_nested+0x94/0x110 [ 67.647391][ T854] rxrpc_listen+0x147/0x360 [ 67.651904][ T854] afs_close_socket+0x95/0x320 [ 67.656668][ T854] ? afs_purge_servers+0x16d/0x300 [ 67.661780][ T854] ? afs_rx_discard_new_call+0x50/0x50 [ 67.667266][ T854] ? init_wait_var_entry+0x200/0x200 [ 67.672556][ T854] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.678188][ T854] ? check_preemption_disabled+0x38/0x220 [ 67.683930][ T854] afs_net_exit+0x1bc/0x310 [ 67.688434][ T854] ? afs_net_init+0xe30/0xe30 [ 67.693111][ T854] ops_exit_list.isra.0+0xa8/0x150 [ 67.698226][ T854] cleanup_net+0x511/0xa50 [ 67.702645][ T854] ? unregister_pernet_device+0x70/0x70 [ 67.708198][ T854] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.714213][ T854] process_one_work+0x965/0x1690 [ 67.719183][ T854] ? lock_release+0x800/0x800 [ 67.723860][ T854] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.729238][ T854] ? rwlock_bug.part.0+0x90/0x90 [ 67.734207][ T854] worker_thread+0x96/0xe10 [ 67.738726][ T854] ? process_one_work+0x1690/0x1690 [ 67.743928][ T854] kthread+0x3b5/0x4a0 [ 67.748000][ T854] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.753716][ T854] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.759441][ T854] ret_from_fork+0x1f/0x30 [ 67.763868][ T854] [ 67.766194][ T854] Allocated by task 6798: [ 67.771304][ T854] save_stack+0x1b/0x40 [ 67.776324][ T854] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 67.781954][ T854] kmem_cache_alloc_trace+0x153/0x7d0 [ 67.787323][ T854] afs_alloc_call+0x55/0x630 [ 67.791909][ T854] afs_charge_preallocation+0xe9/0x2d0 [ 67.797363][ T854] afs_open_socket+0x292/0x360 [ 67.802124][ T854] afs_net_init+0xa6c/0xe30 [ 67.806622][ T854] ops_init+0xaf/0x420 [ 67.810684][ T854] setup_net+0x2de/0x860 [ 67.814941][ T854] copy_net_ns+0x293/0x590 [ 67.819355][ T854] create_new_namespaces+0x3fb/0xb30 [ 67.825514][ T854] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 67.831159][ T854] ksys_unshare+0x43d/0x8e0 [ 67.835682][ T854] __x64_sys_unshare+0x2d/0x40 [ 67.840471][ T854] do_syscall_64+0x60/0xe0 [ 67.844917][ T854] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.850804][ T854] [ 67.853129][ T854] Freed by task 854: [ 67.857039][ T854] save_stack+0x1b/0x40 [ 67.861205][ T854] __kasan_slab_free+0xf7/0x140 [ 67.866063][ T854] kfree+0x109/0x2b0 [ 67.869959][ T854] afs_put_call+0x585/0xa40 [ 67.874468][ T854] rxrpc_discard_prealloc+0x764/0xab0 [ 67.879862][ T854] rxrpc_listen+0x147/0x360 [ 67.884450][ T854] afs_close_socket+0x95/0x320 [ 67.889212][ T854] afs_net_exit+0x1bc/0x310 [ 67.893710][ T854] ops_exit_list.isra.0+0xa8/0x150 [ 67.898818][ T854] cleanup_net+0x511/0xa50 [ 67.903255][ T854] process_one_work+0x965/0x1690 [ 67.908189][ T854] worker_thread+0x96/0xe10 [ 67.912701][ T854] kthread+0x3b5/0x4a0 [ 67.916770][ T854] ret_from_fork+0x1f/0x30 [ 67.921182][ T854] [ 67.923510][ T854] The buggy address belongs to the object at ffff888081a26800 [ 67.923510][ T854] which belongs to the cache kmalloc-1k of size 1024 [ 67.938519][ T854] The buggy address is located 484 bytes inside of [ 67.938519][ T854] 1024-byte region [ffff888081a26800, ffff888081a26c00) [ 67.952478][ T854] The buggy address belongs to the page: [ 67.958111][ T854] page:ffffea0002068980 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 67.967210][ T854] flags: 0xfffe0000000200(slab) [ 67.972065][ T854] raw: 00fffe0000000200 ffffea0002064948 ffffea00020689c8 ffff8880aa000c40 [ 67.980653][ T854] raw: 0000000000000000 ffff888081a26000 0000000100000002 0000000000000000 [ 67.989248][ T854] page dumped because: kasan: bad access detected [ 67.995651][ T854] [ 67.999001][ T854] Memory state around the buggy address: [ 68.004629][ T854] ffff888081a26880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.012707][ T854] ffff888081a26900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.020792][ T854] >ffff888081a26980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.028844][ T854] ^ [ 68.036035][ T854] ffff888081a26a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.044107][ T854] ffff888081a26a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.052277][ T854] ================================================================== [ 68.060340][ T854] Disabling lock debugging due to kernel taint [ 68.066716][ T854] Kernel panic - not syncing: panic_on_warn set ... [ 68.073307][ T854] CPU: 0 PID: 854 Comm: kworker/u4:4 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 68.083013][ T854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.093065][ T854] Workqueue: netns cleanup_net [ 68.097819][ T854] Call Trace: [ 68.101106][ T854] dump_stack+0x18f/0x20d [ 68.105448][ T854] ? afs_wake_up_async_call+0x670/0x770 [ 68.110990][ T854] ? afs_put_call+0xa40/0xa40 [ 68.115657][ T854] panic+0x2e3/0x75c [ 68.119549][ T854] ? __warn_printk+0xf3/0xf3 [ 68.124134][ T854] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 68.130285][ T854] ? trace_hardirqs_on+0x55/0x220 [ 68.135304][ T854] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.140839][ T854] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.146374][ T854] ? afs_put_call+0xa40/0xa40 [ 68.151044][ T854] end_report+0x4d/0x53 [ 68.155193][ T854] kasan_report.cold+0xd/0x37 [ 68.159867][ T854] ? rcu_read_lock_held_common+0x51/0xa0 [ 68.165501][ T854] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.171038][ T854] afs_wake_up_async_call+0x6aa/0x770 [ 68.176402][ T854] ? afs_close_socket+0x320/0x320 [ 68.181418][ T854] ? afs_put_call+0xa40/0xa40 [ 68.186091][ T854] rxrpc_notify_socket+0x1db/0x5d0 [ 68.191386][ T854] ? afs_put_call+0xa40/0xa40 [ 68.196749][ T854] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 68.203159][ T854] rxrpc_call_completed+0xca/0xf0 [ 68.208182][ T854] rxrpc_discard_prealloc+0x781/0xab0 [ 68.213551][ T854] ? lock_sock_nested+0x94/0x110 [ 68.218492][ T854] rxrpc_listen+0x147/0x360 [ 68.222994][ T854] afs_close_socket+0x95/0x320 [ 68.227836][ T854] ? afs_purge_servers+0x16d/0x300 [ 68.232940][ T854] ? afs_rx_discard_new_call+0x50/0x50 [ 68.238394][ T854] ? init_wait_var_entry+0x200/0x200 [ 68.243677][ T854] ? rcu_read_lock_held_common+0xa0/0xa0 [ 68.249315][ T854] ? check_preemption_disabled+0x38/0x220 [ 68.255031][ T854] afs_net_exit+0x1bc/0x310 [ 68.259530][ T854] ? afs_net_init+0xe30/0xe30 [ 68.264206][ T854] ops_exit_list.isra.0+0xa8/0x150 [ 68.269314][ T854] cleanup_net+0x511/0xa50 [ 68.273724][ T854] ? unregister_pernet_device+0x70/0x70 [ 68.279280][ T854] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.285254][ T854] process_one_work+0x965/0x1690 [ 68.290193][ T854] ? lock_release+0x800/0x800 [ 68.294864][ T854] ? pwq_dec_nr_in_flight+0x310/0x310 [ 68.300229][ T854] ? rwlock_bug.part.0+0x90/0x90 [ 68.305163][ T854] worker_thread+0x96/0xe10 [ 68.309667][ T854] ? process_one_work+0x1690/0x1690 [ 68.314860][ T854] kthread+0x3b5/0x4a0 [ 68.318926][ T854] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.324639][ T854] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.330351][ T854] ret_from_fork+0x1f/0x30 [ 68.336169][ T854] Kernel Offset: disabled [ 68.340529][ T854] Rebooting in 86400 seconds..