Starting Load/Save RF Kill Switch Status... [ 53.967545][ T6731] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6731 [ 53.976974][ T6731] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 53.982849][ T6731] CPU: 0 PID: 6731 Comm: systemd-rfkill Not tainted 5.7.0-next-20200612-syzkaller #0 [ 53.992406][ T6731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.002445][ T6731] Call Trace: [ 54.005745][ T6731] dump_stack+0x18f/0x20d [ 54.010062][ T6731] check_preemption_disabled+0x20d/0x220 [ 54.015681][ T6731] ext4_mb_new_blocks+0xa4d/0x3b70 [ 54.020778][ T6731] ? ext4_ext_search_right+0x2ca/0xb20 [ 54.026243][ T6731] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 54.031947][ T6731] ext4_ext_map_blocks+0x201b/0x33e0 [ 54.037229][ T6731] ? ext4_ext_release+0x10/0x10 [ 54.042070][ T6731] ? down_write_killable+0x170/0x170 [ 54.047352][ T6731] ? ext4_es_lookup_extent+0x41d/0xd10 [ 54.052794][ T6731] ext4_map_blocks+0x4cb/0x1640 [ 54.057636][ T6731] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 54.062830][ T6731] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 54.068361][ T6731] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 54.074340][ T6731] ? prandom_u32_state+0xe/0x170 [ 54.079256][ T6731] ? __brelse+0x84/0xa0 [ 54.083388][ T6731] ? __ext4_new_inode+0x144/0x55e0 [ 54.088495][ T6731] ext4_getblk+0xad/0x520 [ 54.092802][ T6731] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 54.098505][ T6731] ? ext4_free_inode+0x1700/0x1700 [ 54.103595][ T6731] ext4_bread+0x7c/0x380 [ 54.107831][ T6731] ? ext4_getblk+0x520/0x520 [ 54.112413][ T6731] ? dquot_get_next_dqblk+0x180/0x180 [ 54.117767][ T6731] ext4_append+0x153/0x360 [ 54.122164][ T6731] ext4_mkdir+0x5e0/0xdf0 [ 54.126481][ T6731] ? ext4_rmdir+0xde0/0xde0 [ 54.130981][ T6731] ? security_inode_permission+0xc4/0xf0 [ 54.136596][ T6731] vfs_mkdir+0x419/0x690 [ 54.140822][ T6731] do_mkdirat+0x21e/0x280 [ 54.145141][ T6731] ? __ia32_sys_mknod+0xb0/0xb0 [ 54.149991][ T6731] ? do_syscall_64+0x1c/0xe0 [ 54.154577][ T6731] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 54.160561][ T6731] do_syscall_64+0x60/0xe0 [ 54.165000][ T6731] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 54.171079][ T6731] RIP: 0033:0x7f52243d5687 [ 54.176439][ T6731] Code: Bad RIP value. [ 54.180516][ T6731] RSP: 002b:00007ffe14673158 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 54.188942][ T6731] RAX: ffffffffffffffda RBX: 0000560c11770985 RCX: 00007f52243d5687 [ 54.196894][ T6731] RDX: 00007ffe14673020 RSI: 00000000000001ed RDI: 0000560c11770985 [ 54.204845][ T6731] RBP: 00007f52243d5680 R08: 0000000000000100 R09: 0000000000000000 [ 54.212796][ T6731] R10: 0000560c11770980 R11: 0000000000000246 R12: 00000000000001ed [ 54.220761][ T6731] R13: 00007ffe146732e0 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 56.734199][ T40] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:3/40 [ 56.743416][ T40] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.749689][ T40] CPU: 1 PID: 40 Comm: kworker/u4:3 Not tainted 5.7.0-next-20200612-syzkaller #0 [ 56.758869][ T40] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 56.768920][ T40] Workqueue: writeback wb_workfn (flush-8:0) [ 56.774883][ T40] Call Trace: [ 56.778157][ T40] dump_stack+0x18f/0x20d [ 56.782470][ T40] check_preemption_disabled+0x20d/0x220 [ 56.788088][ T40] ext4_mb_new_blocks+0xa4d/0x3b70 [ 56.793180][ T40] ? ext4_find_extent+0x81a/0xad0 [ 56.798205][ T40] ? ext4_ext_search_right+0x2ca/0xb20 [ 56.803650][ T40] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 56.809351][ T40] ext4_ext_map_blocks+0x201b/0x33e0 [ 56.814636][ T40] ? ext4_ext_release+0x10/0x10 [ 56.819489][ T40] ? down_write_killable+0x170/0x170 [ 56.825111][ T40] ? ext4_es_lookup_extent+0x41d/0xd10 [ 56.830553][ T40] ext4_map_blocks+0x4cb/0x1640 [ 56.835390][ T40] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 56.840568][ T40] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.846106][ T40] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.852191][ T40] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 56.857682][ T40] ext4_writepages+0x1a83/0x33c0 [ 56.862619][ T40] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.868232][ T40] ? __lock_acquire+0x2224/0x48b0 [ 56.873257][ T40] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.879217][ T40] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.885200][ T40] ? __ext4_mark_inode_dirty+0x940/0x940 [ 56.890918][ T40] ? do_writepages+0xf3/0x2a0 [ 56.895586][ T40] do_writepages+0xf3/0x2a0 [ 56.900071][ T40] ? page_writeback_cpu_online+0x10/0x10 [ 56.905685][ T40] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.911286][ T40] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.917297][ T40] ? lock_downgrade+0x840/0x840 [ 56.922134][ T40] __writeback_single_inode+0x12a/0x13d0 [ 56.927765][ T40] ? _raw_spin_unlock+0x24/0x40 [ 56.932595][ T40] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 56.938580][ T40] writeback_sb_inodes+0x515/0xdc0 [ 56.943679][ T40] ? __writeback_single_inode+0x13d0/0x13d0 [ 56.949561][ T40] __writeback_inodes_wb+0xc3/0x250 [ 56.954745][ T40] wb_writeback+0x8c8/0xd40 [ 56.959237][ T40] ? writeback_inodes_wb.constprop.0+0x190/0x190 [ 56.965566][ T40] ? cpumask_next+0x3c/0x40 [ 56.970048][ T40] ? get_nr_dirty_inodes+0xd6/0x130 [ 56.975253][ T40] wb_workfn+0xab3/0x1090 [ 56.979582][ T40] ? inode_wait_for_writeback+0x30/0x30 [ 56.985130][ T40] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.990659][ T40] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.996621][ T40] process_one_work+0x965/0x1690 [ 57.001541][ T40] ? lock_release+0x800/0x800 [ 57.006233][ T40] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.011704][ T40] ? rwlock_bug.part.0+0x90/0x90 [ 57.016648][ T40] worker_thread+0x96/0xe10 [ 57.021148][ T40] ? process_one_work+0x1690/0x1690 [ 57.026351][ T40] kthread+0x3b5/0x4a0 [ 57.030399][ T40] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.036111][ T40] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.041832][ T40] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.10.1' (ECDSA) to the list of known hosts. 2020/06/12 16:18:38 fuzzer started 2020/06/12 16:18:38 connecting to host at 10.128.0.26:43533 2020/06/12 16:18:38 checking machine... 2020/06/12 16:18:38 checking revisions... 2020/06/12 16:18:38 testing simple program... [ 59.243796][ T6809] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6809 [ 59.252953][ T6809] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.258928][ T6809] CPU: 1 PID: 6809 Comm: syz-fuzzer Not tainted 5.7.0-next-20200612-syzkaller #0 [ 59.268116][ T6809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.278167][ T6809] Call Trace: [ 59.281465][ T6809] dump_stack+0x18f/0x20d [ 59.285815][ T6809] check_preemption_disabled+0x20d/0x220 [ 59.291455][ T6809] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.296604][ T6809] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.302080][ T6809] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.307820][ T6809] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.313130][ T6809] ? ext4_ext_release+0x10/0x10 [ 59.318024][ T6809] ? down_write_killable+0x170/0x170 [ 59.323325][ T6809] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.328814][ T6809] ext4_map_blocks+0x4cb/0x1640 [ 59.333687][ T6809] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.338901][ T6809] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.344483][ T6809] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.350449][ T6809] ? prandom_u32_state+0xe/0x170 [ 59.355367][ T6809] ? __brelse+0x84/0xa0 [ 59.359504][ T6809] ? __ext4_new_inode+0x144/0x55e0 [ 59.364615][ T6809] ext4_getblk+0xad/0x520 [ 59.368927][ T6809] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.374645][ T6809] ? ext4_free_inode+0x1700/0x1700 [ 59.379742][ T6809] ext4_bread+0x7c/0x380 [ 59.383978][ T6809] ? ext4_getblk+0x520/0x520 [ 59.388545][ T6809] ? dquot_get_next_dqblk+0x180/0x180 [ 59.393914][ T6809] ext4_append+0x153/0x360 [ 59.398308][ T6809] ext4_mkdir+0x5e0/0xdf0 [ 59.402616][ T6809] ? ext4_rmdir+0xde0/0xde0 [ 59.407113][ T6809] ? security_inode_permission+0xc4/0xf0 [ 59.412739][ T6809] vfs_mkdir+0x419/0x690 [ 59.416963][ T6809] do_mkdirat+0x21e/0x280 [ 59.421283][ T6809] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.426125][ T6809] ? do_syscall_64+0x1c/0xe0 [ 59.430710][ T6809] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.436692][ T6809] do_syscall_64+0x60/0xe0 [ 59.441102][ T6809] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.446986][ T6809] RIP: 0033:0x4b02a0 [ 59.450850][ T6809] Code: Bad RIP value. [ 59.454890][ T6809] RSP: 002b:000000c0000d94b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 59.463298][ T6809] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 59.471414][ T6809] RDX: 00000000000001c0 RSI: 000000c000026cc0 RDI: ffffffffffffff9c [ 59.479387][ T6809] RBP: 000000c0000d9510 R08: 0000000000000000 R09: 0000000000000000 [ 59.487341][ T6809] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 59.495408][ T6809] R13: 0000000000000067 R14: 0000000000000066 R15: 0000000000000100 [ 59.521393][ T6822] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6822 [ 59.530884][ T6822] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.536935][ T6822] CPU: 0 PID: 6822 Comm: syz-executor.0 Not tainted 5.7.0-next-20200612-syzkaller #0 [ 59.546596][ T6822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.556640][ T6822] Call Trace: [ 59.559973][ T6822] dump_stack+0x18f/0x20d [ 59.564289][ T6822] check_preemption_disabled+0x20d/0x220 [ 59.569900][ T6822] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.574997][ T6822] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.580476][ T6822] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.586212][ T6822] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.591491][ T6822] ? ext4_ext_release+0x10/0x10 [ 59.596352][ T6822] ? down_write_killable+0x170/0x170 [ 59.601641][ T6822] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.607087][ T6822] ext4_map_blocks+0x4cb/0x1640 [ 59.611967][ T6822] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.617178][ T6822] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.622713][ T6822] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.628703][ T6822] ? prandom_u32_state+0xe/0x170 [ 59.633620][ T6822] ? __brelse+0x84/0xa0 [ 59.637755][ T6822] ? __ext4_new_inode+0x144/0x55e0 [ 59.642844][ T6822] ext4_getblk+0xad/0x520 [ 59.647177][ T6822] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.652906][ T6822] ? ext4_free_inode+0x1700/0x1700 [ 59.658017][ T6822] ext4_bread+0x7c/0x380 [ 59.662243][ T6822] ? ext4_getblk+0x520/0x520 [ 59.666836][ T6822] ? dquot_get_next_dqblk+0x180/0x180 [ 59.672199][ T6822] ext4_append+0x153/0x360 [ 59.676761][ T6822] ext4_mkdir+0x5e0/0xdf0 [ 59.681085][ T6822] ? ext4_rmdir+0xde0/0xde0 [ 59.685600][ T6822] ? security_inode_permission+0xc4/0xf0 [ 59.691218][ T6822] vfs_mkdir+0x419/0x690 [ 59.695450][ T6822] do_mkdirat+0x21e/0x280 [ 59.699761][ T6822] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.704610][ T6822] ? do_syscall_64+0x1c/0xe0 [ 59.709179][ T6822] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.715260][ T6822] do_syscall_64+0x60/0xe0 [ 59.719732][ T6822] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.725612][ T6822] RIP: 0033:0x45bee7 [ 59.729571][ T6822] Code: Bad RIP value. [ 59.733614][ T6822] RSP: 002b:00007ffc62994348 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 59.742003][ T6822] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 59.749953][ T6822] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffc62994520 [ 59.757910][ T6822] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003800 [ 59.765859][ T6822] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 59.773817][ T6822] R13: 00007ffc62994520 R14: 8421084210842109 R15: 00007ffc6299452c [ 59.858042][ T6823] IPVS: ftp: loaded support on port[0] = 21 [ 59.895340][ T6823] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6823 [ 59.904896][ T6823] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.910773][ T6823] CPU: 1 PID: 6823 Comm: syz-executor.0 Not tainted 5.7.0-next-20200612-syzkaller #0 [ 59.920202][ T6823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.930246][ T6823] Call Trace: [ 59.933520][ T6823] dump_stack+0x18f/0x20d [ 59.937852][ T6823] check_preemption_disabled+0x20d/0x220 [ 59.943480][ T6823] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.948663][ T6823] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.954103][ T6823] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.959803][ T6823] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.965069][ T6823] ? ext4_ext_release+0x10/0x10 [ 59.969906][ T6823] ? down_write_killable+0x170/0x170 [ 59.975170][ T6823] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.980616][ T6823] ext4_map_blocks+0x4cb/0x1640 [ 59.985450][ T6823] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.990641][ T6823] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.996164][ T6823] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.002119][ T6823] ? prandom_u32_state+0xe/0x170 [ 60.007036][ T6823] ? __brelse+0x84/0xa0 [ 60.011170][ T6823] ? __ext4_new_inode+0x144/0x55e0 [ 60.016262][ T6823] ext4_getblk+0xad/0x520 [ 60.020568][ T6823] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.026376][ T6823] ? ext4_free_inode+0x1700/0x1700 [ 60.031493][ T6823] ext4_bread+0x7c/0x380 [ 60.035720][ T6823] ? ext4_getblk+0x520/0x520 [ 60.040301][ T6823] ? dquot_get_next_dqblk+0x180/0x180 [ 60.045669][ T6823] ext4_append+0x153/0x360 [ 60.050073][ T6823] ext4_mkdir+0x5e0/0xdf0 [ 60.054396][ T6823] ? ext4_rmdir+0xde0/0xde0 [ 60.058880][ T6823] ? security_inode_permission+0xc4/0xf0 [ 60.064493][ T6823] vfs_mkdir+0x419/0x690 [ 60.068724][ T6823] do_mkdirat+0x21e/0x280 [ 60.073029][ T6823] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.077860][ T6823] ? do_syscall_64+0x1c/0xe0 [ 60.082426][ T6823] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.088414][ T6823] do_syscall_64+0x60/0xe0 [ 60.092807][ T6823] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.098691][ T6823] RIP: 0033:0x45bee7 [ 60.102566][ T6823] Code: Bad RIP value. [ 60.106605][ T6823] RSP: 002b:00007ffc62994238 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 60.114988][ T6823] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 60.122941][ T6823] RDX: 00007ffc62994283 RSI: 00000000000001ff RDI: 00007ffc62994280 [ 60.130906][ T6823] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 60.138869][ T6823] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 60.146833][ T6823] R13: 00007ffc62994270 R14: 0000000000000000 R15: 00007ffc62994280 [ 60.211413][ T6823] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6823 [ 60.220919][ T6823] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.226988][ T6823] CPU: 1 PID: 6823 Comm: syz-executor.0 Not tainted 5.7.0-next-20200612-syzkaller #0 [ 60.236447][ T6823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.246507][ T6823] Call Trace: [ 60.249814][ T6823] dump_stack+0x18f/0x20d [ 60.254176][ T6823] check_preemption_disabled+0x20d/0x220 [ 60.259820][ T6823] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.264924][ T6823] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.270378][ T6823] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.277050][ T6823] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.282316][ T6823] ? ext4_ext_release+0x10/0x10 [ 60.287172][ T6823] ? down_write_killable+0x170/0x170 [ 60.292450][ T6823] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.298221][ T6823] ext4_map_blocks+0x4cb/0x1640 [ 60.303072][ T6823] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.308305][ T6823] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.313861][ T6823] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.319826][ T6823] ? prandom_u32_state+0xe/0x170 [ 60.324752][ T6823] ? __brelse+0x84/0xa0 [ 60.328886][ T6823] ? __ext4_new_inode+0x144/0x55e0 [ 60.333989][ T6823] ext4_getblk+0xad/0x520 [ 60.338295][ T6823] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.343993][ T6823] ? ext4_free_inode+0x1700/0x1700 [ 60.349180][ T6823] ext4_bread+0x7c/0x380 [ 60.353412][ T6823] ? ext4_getblk+0x520/0x520 [ 60.357981][ T6823] ? dquot_get_next_dqblk+0x180/0x180 [ 60.363335][ T6823] ext4_append+0x153/0x360 [ 60.367731][ T6823] ext4_mkdir+0x5e0/0xdf0 [ 60.372138][ T6823] ? ext4_rmdir+0xde0/0xde0 [ 60.376634][ T6823] ? security_inode_permission+0xc4/0xf0 [ 60.382264][ T6823] vfs_mkdir+0x419/0x690 [ 60.386500][ T6823] do_mkdirat+0x21e/0x280 [ 60.390816][ T6823] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.395816][ T6823] ? do_syscall_64+0x1c/0xe0 [ 60.400403][ T6823] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.406365][ T6823] do_syscall_64+0x60/0xe0 [ 60.410760][ T6823] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.416640][ T6823] RIP: 0033:0x45bee7 [ 60.420517][ T6823] Code: Bad RIP value. [ 60.425198][ T6823] RSP: 002b:00007ffc62994238 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 60.433600][ T6823] RAX: ffffffffffffffda RBX: 000000000000eb28 RCX: 000000000045bee7 [ 60.441564][ T6823] RDX: 00007ffc62994283 RSI: 00000000000001ff RDI: 00007ffc62994280 [ 60.449526][ T6823] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/12 16:18:39 building call list... [ 60.457523][ T6823] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 60.465482][ T6823] R13: 00007ffc62994270 R14: 000000000000eb17 R15: 00007ffc62994280 [ 60.743327][ T40] tipc: TX() has been purged, node left! [ 61.235299][ T40] ================================================================== [ 61.243541][ T40] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 61.251431][ T40] Write of size 1 at addr ffff888097f2b9e4 by task kworker/u4:3/40 [ 61.259306][ T40] [ 61.261636][ T40] CPU: 1 PID: 40 Comm: kworker/u4:3 Not tainted 5.7.0-next-20200612-syzkaller #0 [ 61.270731][ T40] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.280821][ T40] Workqueue: netns cleanup_net [ 61.285579][ T40] Call Trace: [ 61.288957][ T40] dump_stack+0x18f/0x20d [ 61.293286][ T40] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.299085][ T40] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.304622][ T40] ? afs_put_call+0xa40/0xa40 [ 61.309305][ T40] print_address_description.constprop.0.cold+0xd3/0x413 [ 61.316416][ T40] ? vprintk_func+0x97/0x1a6 [ 61.321030][ T40] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.326573][ T40] kasan_report.cold+0x1f/0x37 [ 61.331340][ T40] ? rcu_read_lock_held_common+0x41/0xa0 [ 61.336966][ T40] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.342511][ T40] afs_wake_up_async_call+0x6aa/0x770 [ 61.347876][ T40] ? afs_close_socket+0x320/0x320 [ 61.352899][ T40] ? afs_put_call+0xa40/0xa40 [ 61.357745][ T40] rxrpc_notify_socket+0x1db/0x5d0 [ 61.362867][ T40] ? afs_put_call+0xa40/0xa40 [ 61.367539][ T40] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 61.373956][ T40] rxrpc_call_completed+0xca/0xf0 [ 61.378990][ T40] rxrpc_discard_prealloc+0x781/0xab0 [ 61.384363][ T40] ? lock_sock_nested+0x94/0x110 [ 61.389300][ T40] rxrpc_listen+0x147/0x360 [ 61.393808][ T40] afs_close_socket+0x95/0x320 [ 61.399103][ T40] ? afs_purge_servers+0x16d/0x300 [ 61.404321][ T40] ? afs_rx_discard_new_call+0x50/0x50 [ 61.409783][ T40] ? init_wait_var_entry+0x200/0x200 [ 61.415068][ T40] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.420698][ T40] ? check_preemption_disabled+0x38/0x220 [ 61.426436][ T40] afs_net_exit+0x1bc/0x310 [ 61.430934][ T40] ? afs_net_init+0xe30/0xe30 [ 61.435614][ T40] ops_exit_list.isra.0+0xa8/0x150 [ 61.440725][ T40] cleanup_net+0x511/0xa50 [ 61.445142][ T40] ? unregister_pernet_device+0x70/0x70 [ 61.450688][ T40] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.456676][ T40] process_one_work+0x965/0x1690 [ 61.461621][ T40] ? lock_release+0x800/0x800 [ 61.466831][ T40] ? pwq_dec_nr_in_flight+0x310/0x310 [ 61.472201][ T40] ? rwlock_bug.part.0+0x90/0x90 [ 61.477146][ T40] worker_thread+0x96/0xe10 [ 61.481659][ T40] ? process_one_work+0x1690/0x1690 [ 61.486851][ T40] kthread+0x3b5/0x4a0 [ 61.490937][ T40] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.496745][ T40] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.502466][ T40] ret_from_fork+0x1f/0x30 [ 61.506892][ T40] [ 61.509220][ T40] Allocated by task 6823: [ 61.513565][ T40] save_stack+0x1b/0x40 [ 61.517733][ T40] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 61.523542][ T40] kmem_cache_alloc_trace+0x153/0x7d0 [ 61.528917][ T40] afs_alloc_call+0x55/0x630 [ 61.533765][ T40] afs_charge_preallocation+0xe9/0x2d0 [ 61.539217][ T40] afs_open_socket+0x292/0x360 [ 61.543976][ T40] afs_net_init+0xa6c/0xe30 [ 61.548475][ T40] ops_init+0xaf/0x420 [ 61.552544][ T40] setup_net+0x2de/0x860 [ 61.556780][ T40] copy_net_ns+0x293/0x590 [ 61.561191][ T40] create_new_namespaces+0x3fb/0xb30 [ 61.569634][ T40] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 61.575370][ T40] ksys_unshare+0x43d/0x8e0 [ 61.579887][ T40] __x64_sys_unshare+0x2d/0x40 [ 61.584739][ T40] do_syscall_64+0x60/0xe0 [ 61.589153][ T40] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.595028][ T40] [ 61.597345][ T40] Freed by task 40: [ 61.601150][ T40] save_stack+0x1b/0x40 [ 61.605297][ T40] __kasan_slab_free+0xf7/0x140 [ 61.610141][ T40] kfree+0x109/0x2b0 [ 61.614121][ T40] afs_put_call+0x585/0xa40 [ 61.618616][ T40] rxrpc_discard_prealloc+0x764/0xab0 [ 61.623983][ T40] rxrpc_listen+0x147/0x360 [ 61.628479][ T40] afs_close_socket+0x95/0x320 [ 61.633252][ T40] afs_net_exit+0x1bc/0x310 [ 61.638095][ T40] ops_exit_list.isra.0+0xa8/0x150 [ 61.643202][ T40] cleanup_net+0x511/0xa50 [ 61.647611][ T40] process_one_work+0x965/0x1690 [ 61.652558][ T40] worker_thread+0x96/0xe10 [ 61.657053][ T40] kthread+0x3b5/0x4a0 [ 61.661126][ T40] ret_from_fork+0x1f/0x30 [ 61.665526][ T40] [ 61.667852][ T40] The buggy address belongs to the object at ffff888097f2b800 [ 61.667852][ T40] which belongs to the cache kmalloc-1k of size 1024 [ 61.681982][ T40] The buggy address is located 484 bytes inside of [ 61.681982][ T40] 1024-byte region [ffff888097f2b800, ffff888097f2bc00) [ 61.695433][ T40] The buggy address belongs to the page: [ 61.701064][ T40] page:ffffea00025fcac0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 61.710872][ T40] flags: 0xfffe0000000200(slab) [ 61.715738][ T40] raw: 00fffe0000000200 ffffea00027e8148 ffffea000256bd48 ffff8880aa000c40 [ 61.724321][ T40] raw: 0000000000000000 ffff888097f2b000 0000000100000002 0000000000000000 [ 61.732903][ T40] page dumped because: kasan: bad access detected [ 61.739395][ T40] [ 61.741717][ T40] Memory state around the buggy address: [ 61.748209][ T40] ffff888097f2b880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.756372][ T40] ffff888097f2b900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.764439][ T40] >ffff888097f2b980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.772620][ T40] ^ [ 61.780333][ T40] ffff888097f2ba00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.788392][ T40] ffff888097f2ba80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 61.796617][ T40] ================================================================== [ 61.804683][ T40] Disabling lock debugging due to kernel taint [ 61.810894][ T40] Kernel panic - not syncing: panic_on_warn set ... [ 61.817916][ T40] CPU: 1 PID: 40 Comm: kworker/u4:3 Tainted: G B 5.7.0-next-20200612-syzkaller #0 [ 61.828614][ T40] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.838943][ T40] Workqueue: netns cleanup_net [ 61.843703][ T40] Call Trace: [ 61.846995][ T40] dump_stack+0x18f/0x20d [ 61.851522][ T40] ? afs_wake_up_async_call+0x630/0x770 [ 61.857069][ T40] ? afs_put_call+0xa40/0xa40 [ 61.861750][ T40] panic+0x2e3/0x75c [ 61.865649][ T40] ? __warn_printk+0xf3/0xf3 [ 61.870231][ T40] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 61.876406][ T40] ? trace_hardirqs_on+0x55/0x220 [ 61.881421][ T40] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.886954][ T40] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.892700][ T40] ? afs_put_call+0xa40/0xa40 [ 61.897384][ T40] end_report+0x4d/0x53 [ 61.901539][ T40] kasan_report.cold+0xd/0x37 [ 61.906210][ T40] ? rcu_read_lock_held_common+0x41/0xa0 [ 61.911844][ T40] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.918509][ T40] afs_wake_up_async_call+0x6aa/0x770 [ 61.923872][ T40] ? afs_close_socket+0x320/0x320 [ 61.928919][ T40] ? afs_put_call+0xa40/0xa40 [ 61.933673][ T40] rxrpc_notify_socket+0x1db/0x5d0 [ 61.938777][ T40] ? afs_put_call+0xa40/0xa40 [ 61.943449][ T40] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 61.949868][ T40] rxrpc_call_completed+0xca/0xf0 [ 61.954890][ T40] rxrpc_discard_prealloc+0x781/0xab0 [ 61.960251][ T40] ? lock_sock_nested+0x94/0x110 [ 61.965197][ T40] rxrpc_listen+0x147/0x360 [ 61.969691][ T40] afs_close_socket+0x95/0x320 [ 61.974476][ T40] ? afs_purge_servers+0x16d/0x300 [ 61.979680][ T40] ? afs_rx_discard_new_call+0x50/0x50 [ 61.985277][ T40] ? init_wait_var_entry+0x200/0x200 [ 61.990568][ T40] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.996209][ T40] ? check_preemption_disabled+0x38/0x220 [ 62.001930][ T40] afs_net_exit+0x1bc/0x310 [ 62.006465][ T40] ? afs_net_init+0xe30/0xe30 [ 62.011144][ T40] ops_exit_list.isra.0+0xa8/0x150 [ 62.016350][ T40] cleanup_net+0x511/0xa50 [ 62.020773][ T40] ? unregister_pernet_device+0x70/0x70 [ 62.026328][ T40] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.032319][ T40] process_one_work+0x965/0x1690 executing program [ 62.037265][ T40] ? lock_release+0x800/0x800 [ 62.041949][ T40] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.047353][ T40] ? rwlock_bug.part.0+0x90/0x90 [ 62.052299][ T40] worker_thread+0x96/0xe10 [ 62.056809][ T40] ? process_one_work+0x1690/0x1690 [ 62.062011][ T40] kthread+0x3b5/0x4a0 [ 62.066076][ T40] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.071899][ T40] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.077761][ T40] ret_from_fork+0x1f/0x30 [ 62.083878][ T40] Kernel Offset: disabled [ 62.088315][ T40] Rebooting in 86400 seconds..