Starting Load/Save RF Kill Switch Status... [ 52.346284][ T6750] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6750 [ 52.355708][ T6750] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 52.361608][ T6750] CPU: 0 PID: 6750 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 52.369841][ T6750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 52.379874][ T6750] Call Trace: [ 52.383147][ T6750] dump_stack+0x188/0x20d [ 52.387459][ T6750] debug_smp_processor_id.cold+0x88/0x9b [ 52.393154][ T6750] ext4_mb_new_blocks+0xa77/0x3b30 [ 52.398250][ T6750] ? ext4_ext_search_right+0x2ca/0xb20 [ 52.403898][ T6750] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 52.409623][ T6750] ext4_ext_map_blocks+0x2044/0x3410 [ 52.414893][ T6750] ? ext4_ext_release+0x10/0x10 [ 52.419754][ T6750] ? __down_timeout+0x2d0/0x2d0 [ 52.424584][ T6750] ? ext4_es_lookup_extent+0x41d/0xd30 [ 52.430033][ T6750] ext4_map_blocks+0x4cb/0x1640 [ 52.434881][ T6750] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 52.440055][ T6750] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 52.445578][ T6750] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 52.451546][ T6750] ? prandom_u32_state+0xe/0x170 [ 52.456476][ T6750] ? __brelse+0x84/0xa0 [ 52.460609][ T6750] ? __ext4_new_inode+0x144/0x57c0 [ 52.465711][ T6750] ext4_getblk+0xad/0x520 [ 52.470062][ T6750] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 52.475793][ T6750] ? ext4_free_inode+0x17e0/0x17e0 [ 52.480988][ T6750] ext4_bread+0x7c/0x380 [ 52.485213][ T6750] ? ext4_getblk+0x520/0x520 [ 52.489789][ T6750] ? dqget+0xff0/0xff0 [ 52.493855][ T6750] ext4_append+0x153/0x360 [ 52.498269][ T6750] ext4_mkdir+0x5e0/0xdf0 [ 52.502592][ T6750] ? ext4_rmdir+0xde0/0xde0 [ 52.507109][ T6750] ? security_inode_permission+0xc4/0xf0 [ 52.512737][ T6750] vfs_mkdir+0x419/0x690 [ 52.516976][ T6750] do_mkdirat+0x21e/0x280 [ 52.521297][ T6750] ? __ia32_sys_mknod+0xb0/0xb0 [ 52.526145][ T6750] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 52.532107][ T6750] ? do_syscall_64+0x21/0x7d0 [ 52.536773][ T6750] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 52.542744][ T6750] do_syscall_64+0xf6/0x7d0 [ 52.547230][ T6750] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 52.553371][ T6750] RIP: 0033:0x7f4b797ff687 [ 52.557777][ T6750] Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48 [ 52.577378][ T6750] RSP: 002b:00007ffd75b05e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 52.585767][ T6750] RAX: ffffffffffffffda RBX: 00005636229db985 RCX: 00007f4b797ff687 [ 52.594358][ T6750] RDX: 00007ffd75b05d60 RSI: 00000000000001ed RDI: 00005636229db985 [ 52.602350][ T6750] RBP: 00007f4b797ff680 R08: 0000000000000100 R09: 0000000000000000 [ 52.602360][ T6750] R10: 00005636229db980 R11: 0000000000000246 R12: 00000000000001ed [ 52.602368][ T6750] R13: 00007ffd75b06020 R14: 0000000000000000 R15: 0000000000000000 Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 57.162382][ T275] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:5/275 [ 57.172060][ T275] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 57.177941][ T275] CPU: 0 PID: 275 Comm: kworker/u4:5 Not tainted 5.7.0-syzkaller #0 [ 57.185993][ T275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.196124][ T275] Workqueue: writeback wb_workfn (flush-8:0) [ 57.202102][ T275] Call Trace: [ 57.205579][ T275] dump_stack+0x188/0x20d [ 57.209899][ T275] debug_smp_processor_id.cold+0x88/0x9b [ 57.215698][ T275] ext4_mb_new_blocks+0xa77/0x3b30 [ 57.220872][ T275] ? __kmalloc+0x62f/0x7a0 [ 57.225272][ T275] ? ext4_ext_search_right+0x2ca/0xb20 [ 57.230722][ T275] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 57.236450][ T275] ext4_ext_map_blocks+0x2044/0x3410 [ 57.241943][ T275] ? ext4_ext_release+0x10/0x10 [ 57.246787][ T275] ? __down_timeout+0x2d0/0x2d0 [ 57.251674][ T275] ? ext4_es_lookup_extent+0x41d/0xd30 [ 57.257217][ T275] ? debug_smp_processor_id+0x2f/0x185 [ 57.262659][ T275] ext4_map_blocks+0x4cb/0x1640 [ 57.267495][ T275] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 57.272669][ T275] ? debug_smp_processor_id+0x2f/0x185 [ 57.278110][ T275] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.283653][ T275] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.289623][ T275] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 57.295433][ T275] ext4_writepages+0x1ab7/0x3400 [ 57.300367][ T275] ? __ext4_mark_inode_dirty+0x950/0x950 [ 57.306189][ T275] ? __lock_acquire+0x2224/0x48a0 [ 57.311202][ T275] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.317178][ T275] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.323138][ T275] ? __ext4_mark_inode_dirty+0x950/0x950 [ 57.328752][ T275] ? do_writepages+0xfa/0x2a0 [ 57.333404][ T275] do_writepages+0xfa/0x2a0 [ 57.337890][ T275] ? page_writeback_cpu_online+0x10/0x10 [ 57.343515][ T275] ? debug_smp_processor_id+0x2f/0x185 [ 57.348970][ T275] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.354492][ T275] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.360461][ T275] ? lock_downgrade+0x840/0x840 [ 57.365293][ T275] __writeback_single_inode+0x12a/0x1410 [ 57.370990][ T275] ? _raw_spin_unlock+0x24/0x40 [ 57.375833][ T275] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 57.381819][ T275] writeback_sb_inodes+0x515/0xdd0 [ 57.386948][ T275] ? __writeback_single_inode+0x1410/0x1410 [ 57.392861][ T275] __writeback_inodes_wb+0xc3/0x250 [ 57.398062][ T275] wb_writeback+0x910/0xd90 [ 57.402571][ T275] ? print_usage_bug+0x240/0x240 [ 57.407578][ T275] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 57.413882][ T275] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 57.419780][ T275] ? cpumask_next+0x3c/0x40 [ 57.424266][ T275] ? get_nr_dirty_inodes+0xd6/0x130 [ 57.429451][ T275] wb_workfn+0xadf/0x10d0 [ 57.433767][ T275] ? inode_wait_for_writeback+0x30/0x30 [ 57.439436][ T275] ? debug_smp_processor_id+0x2f/0x185 [ 57.444884][ T275] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.450416][ T275] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.456465][ T275] process_one_work+0x965/0x16a0 [ 57.461409][ T275] ? lock_release+0x800/0x800 [ 57.466104][ T275] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.471488][ T275] ? rwlock_bug.part.0+0x90/0x90 [ 57.476418][ T275] worker_thread+0x96/0xe10 [ 57.480911][ T275] ? process_one_work+0x16a0/0x16a0 [ 57.486103][ T275] kthread+0x388/0x470 [ 57.490149][ T275] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.495845][ T275] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.501564][ T275] ret_from_fork+0x24/0x30 Warning: Permanently added '10.128.0.46' (ECDSA) to the list of known hosts. 2020/06/13 06:02:55 fuzzer started 2020/06/13 06:02:55 connecting to host at 10.128.0.26:33403 2020/06/13 06:02:55 checking machine... 2020/06/13 06:02:55 checking revisions... 2020/06/13 06:02:55 testing simple program... [ 58.254150][ T6817] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6817 [ 58.263231][ T6817] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 58.269123][ T6817] CPU: 0 PID: 6817 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 58.276984][ T6817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.287032][ T6817] Call Trace: [ 58.290328][ T6817] dump_stack+0x188/0x20d [ 58.294637][ T6817] debug_smp_processor_id.cold+0x88/0x9b [ 58.300255][ T6817] ext4_mb_new_blocks+0xa77/0x3b30 [ 58.305356][ T6817] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.310879][ T6817] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.316597][ T6817] ext4_ext_map_blocks+0x2044/0x3410 [ 58.321992][ T6817] ? ext4_ext_release+0x10/0x10 [ 58.326832][ T6817] ? __down_timeout+0x2d0/0x2d0 [ 58.331661][ T6817] ? ext4_es_lookup_extent+0x41d/0xd30 [ 58.337105][ T6817] ext4_map_blocks+0x4cb/0x1640 [ 58.341941][ T6817] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.347134][ T6817] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.352659][ T6817] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.358617][ T6817] ? prandom_u32_state+0xe/0x170 [ 58.363539][ T6817] ? __brelse+0x84/0xa0 [ 58.367692][ T6817] ? __ext4_new_inode+0x144/0x57c0 [ 58.372970][ T6817] ext4_getblk+0xad/0x520 [ 58.377364][ T6817] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.383081][ T6817] ? ext4_free_inode+0x17e0/0x17e0 [ 58.388173][ T6817] ext4_bread+0x7c/0x380 [ 58.392398][ T6817] ? ext4_getblk+0x520/0x520 [ 58.396963][ T6817] ? dqget+0xff0/0xff0 [ 58.401013][ T6817] ext4_append+0x153/0x360 [ 58.405606][ T6817] ext4_mkdir+0x5e0/0xdf0 [ 58.410032][ T6817] ? ext4_rmdir+0xde0/0xde0 [ 58.414528][ T6817] ? security_inode_permission+0xc4/0xf0 [ 58.420153][ T6817] vfs_mkdir+0x419/0x690 [ 58.424393][ T6817] do_mkdirat+0x21e/0x280 [ 58.428723][ T6817] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.433566][ T6817] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.439553][ T6817] ? do_syscall_64+0x21/0x7d0 [ 58.444225][ T6817] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.450224][ T6817] do_syscall_64+0xf6/0x7d0 [ 58.454751][ T6817] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.460635][ T6817] RIP: 0033:0x4b02a0 [ 58.464512][ T6817] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 58.484099][ T6817] RSP: 002b:000000c0000df4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 58.492506][ T6817] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 58.500465][ T6817] RDX: 00000000000001c0 RSI: 000000c0000267c0 RDI: ffffffffffffff9c [ 58.508620][ T6817] RBP: 000000c0000df510 R08: 0000000000000000 R09: 0000000000000000 [ 58.516577][ T6817] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 58.524545][ T6817] R13: 000000000000003f R14: 000000000000003e R15: 0000000000000100 [ 58.550931][ T6831] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6831 [ 58.560423][ T6831] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 58.566581][ T6831] CPU: 1 PID: 6831 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 58.574805][ T6831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.584850][ T6831] Call Trace: [ 58.588125][ T6831] dump_stack+0x188/0x20d [ 58.592473][ T6831] debug_smp_processor_id.cold+0x88/0x9b [ 58.598100][ T6831] ext4_mb_new_blocks+0xa77/0x3b30 [ 58.603217][ T6831] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.608744][ T6831] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.614459][ T6831] ext4_ext_map_blocks+0x2044/0x3410 [ 58.619739][ T6831] ? ext4_ext_release+0x10/0x10 [ 58.624593][ T6831] ? __down_timeout+0x2d0/0x2d0 [ 58.629715][ T6831] ? ext4_es_lookup_extent+0x41d/0xd30 [ 58.635166][ T6831] ext4_map_blocks+0x4cb/0x1640 [ 58.641317][ T6831] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.646501][ T6831] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.652036][ T6831] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.657994][ T6831] ? prandom_u32_state+0xe/0x170 [ 58.662926][ T6831] ? __brelse+0x84/0xa0 [ 58.667406][ T6831] ? __ext4_new_inode+0x144/0x57c0 [ 58.672522][ T6831] ext4_getblk+0xad/0x520 [ 58.676842][ T6831] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.682556][ T6831] ? ext4_free_inode+0x17e0/0x17e0 [ 58.687669][ T6831] ext4_bread+0x7c/0x380 [ 58.691909][ T6831] ? ext4_getblk+0x520/0x520 [ 58.696489][ T6831] ? dqget+0xff0/0xff0 [ 58.700565][ T6831] ext4_append+0x153/0x360 [ 58.704969][ T6831] ext4_mkdir+0x5e0/0xdf0 [ 58.709373][ T6831] ? ext4_rmdir+0xde0/0xde0 [ 58.713899][ T6831] ? security_inode_permission+0xc4/0xf0 [ 58.719553][ T6831] vfs_mkdir+0x419/0x690 [ 58.723795][ T6831] do_mkdirat+0x21e/0x280 [ 58.728112][ T6831] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.732949][ T6831] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.738918][ T6831] ? do_syscall_64+0x21/0x7d0 [ 58.743582][ T6831] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.749547][ T6831] do_syscall_64+0xf6/0x7d0 [ 58.754050][ T6831] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.759925][ T6831] RIP: 0033:0x45bee7 [ 58.763803][ T6831] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.783993][ T6831] RSP: 002b:00007ffc5746db68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 58.792404][ T6831] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 58.800723][ T6831] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007ffc5746dd40 [ 58.808680][ T6831] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002b80 [ 58.816646][ T6831] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 58.824614][ T6831] R13: 00007ffc5746dd40 R14: 8421084210842109 R15: 00007ffc5746dd4c [ 58.906104][ T6832] IPVS: ftp: loaded support on port[0] = 21 [ 58.941851][ T6832] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6832 [ 58.951571][ T6832] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 58.957470][ T6832] CPU: 0 PID: 6832 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 58.965692][ T6832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.975728][ T6832] Call Trace: [ 58.979002][ T6832] dump_stack+0x188/0x20d [ 58.983330][ T6832] debug_smp_processor_id.cold+0x88/0x9b [ 58.988956][ T6832] ext4_mb_new_blocks+0xa77/0x3b30 [ 58.994055][ T6832] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.999492][ T6832] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.005196][ T6832] ext4_ext_map_blocks+0x2044/0x3410 [ 59.010462][ T6832] ? ext4_ext_release+0x10/0x10 [ 59.015328][ T6832] ? __down_timeout+0x2d0/0x2d0 [ 59.020179][ T6832] ? ext4_es_lookup_extent+0x41d/0xd30 [ 59.026241][ T6832] ext4_map_blocks+0x4cb/0x1640 [ 59.031074][ T6832] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.036258][ T6832] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.041797][ T6832] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.047770][ T6832] ? prandom_u32_state+0xe/0x170 [ 59.052692][ T6832] ? __brelse+0x84/0xa0 [ 59.056897][ T6832] ? __ext4_new_inode+0x144/0x57c0 [ 59.062036][ T6832] ext4_getblk+0xad/0x520 [ 59.066359][ T6832] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.072075][ T6832] ? ext4_free_inode+0x17e0/0x17e0 [ 59.077197][ T6832] ext4_bread+0x7c/0x380 [ 59.081425][ T6832] ? ext4_getblk+0x520/0x520 [ 59.086012][ T6832] ? dqget+0xff0/0xff0 [ 59.090080][ T6832] ext4_append+0x153/0x360 [ 59.094481][ T6832] ext4_mkdir+0x5e0/0xdf0 [ 59.098797][ T6832] ? ext4_rmdir+0xde0/0xde0 [ 59.103307][ T6832] ? security_inode_permission+0xc4/0xf0 [ 59.108923][ T6832] vfs_mkdir+0x419/0x690 [ 59.113147][ T6832] do_mkdirat+0x21e/0x280 [ 59.117456][ T6832] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.122307][ T6832] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.128263][ T6832] ? do_syscall_64+0x21/0x7d0 [ 59.132918][ T6832] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.138876][ T6832] do_syscall_64+0xf6/0x7d0 [ 59.143361][ T6832] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.149247][ T6832] RIP: 0033:0x45bee7 [ 59.153121][ T6832] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.172962][ T6832] RSP: 002b:00007ffc5746da58 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 59.181347][ T6832] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 59.189482][ T6832] RDX: 00007ffc5746daa3 RSI: 00000000000001ff RDI: 00007ffc5746daa0 [ 59.197450][ T6832] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 59.206273][ T6832] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 59.215107][ T6832] R13: 00007ffc5746da90 R14: 0000000000000000 R15: 00007ffc5746daa0 [ 59.280912][ T6832] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6832 [ 59.290447][ T6832] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 59.296443][ T6832] CPU: 0 PID: 6832 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 59.304688][ T6832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.314747][ T6832] Call Trace: [ 59.318162][ T6832] dump_stack+0x188/0x20d [ 59.322511][ T6832] debug_smp_processor_id.cold+0x88/0x9b [ 59.328160][ T6832] ext4_mb_new_blocks+0xa77/0x3b30 [ 59.333289][ T6832] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.338748][ T6832] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.344479][ T6832] ext4_ext_map_blocks+0x2044/0x3410 [ 59.349896][ T6832] ? ext4_ext_release+0x10/0x10 [ 59.354743][ T6832] ? __down_timeout+0x2d0/0x2d0 [ 59.359716][ T6832] ? ext4_es_lookup_extent+0x41d/0xd30 [ 59.365178][ T6832] ext4_map_blocks+0x4cb/0x1640 [ 59.370034][ T6832] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.375224][ T6832] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.380755][ T6832] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.386733][ T6832] ? prandom_u32_state+0xe/0x170 [ 59.391651][ T6832] ? __brelse+0x84/0xa0 [ 59.395785][ T6832] ? __ext4_new_inode+0x144/0x57c0 [ 59.400891][ T6832] ext4_getblk+0xad/0x520 [ 59.405201][ T6832] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.410989][ T6832] ? ext4_free_inode+0x17e0/0x17e0 [ 59.416091][ T6832] ext4_bread+0x7c/0x380 [ 59.420342][ T6832] ? ext4_getblk+0x520/0x520 [ 59.424911][ T6832] ? dqget+0xff0/0xff0 [ 59.428961][ T6832] ext4_append+0x153/0x360 [ 59.433399][ T6832] ext4_mkdir+0x5e0/0xdf0 [ 59.437751][ T6832] ? ext4_rmdir+0xde0/0xde0 [ 59.442239][ T6832] ? security_inode_permission+0xc4/0xf0 [ 59.447861][ T6832] vfs_mkdir+0x419/0x690 [ 59.452115][ T6832] do_mkdirat+0x21e/0x280 [ 59.456588][ T6832] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.461452][ T6832] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.467437][ T6832] ? do_syscall_64+0x21/0x7d0 [ 59.472269][ T6832] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.478540][ T6832] do_syscall_64+0xf6/0x7d0 [ 59.483026][ T6832] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.488895][ T6832] RIP: 0033:0x45bee7 [ 59.492856][ T6832] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.512804][ T6832] RSP: 002b:00007ffc5746da58 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 59.521191][ T6832] RAX: ffffffffffffffda RBX: 000000000000e784 RCX: 000000000045bee7 2020/06/13 06:02:57 building call list... [ 59.529162][ T6832] RDX: 00007ffc5746daa3 RSI: 00000000000001ff RDI: 00007ffc5746daa0 [ 59.537223][ T6832] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 59.545292][ T6832] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 59.553259][ T6832] R13: 00007ffc5746da90 R14: 000000000000e772 R15: 00007ffc5746daa0 [ 59.841179][ T57] tipc: TX() has been purged, node left! [ 60.363412][ T57] ================================================================== [ 60.371645][ T57] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x7a7/0x880 [ 60.379530][ T57] Write of size 1 at addr ffff8880975a91e4 by task kworker/u4:2/57 [ 60.387513][ T57] [ 60.389846][ T57] CPU: 1 PID: 57 Comm: kworker/u4:2 Not tainted 5.7.0-syzkaller #0 [ 60.397726][ T57] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.407784][ T57] Workqueue: netns cleanup_net [ 60.412538][ T57] Call Trace: [ 60.415826][ T57] dump_stack+0x188/0x20d [ 60.420249][ T57] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.426512][ T57] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.432060][ T57] ? afs_put_call+0xa70/0xa70 [ 60.436738][ T57] print_address_description.constprop.0.cold+0xd3/0x413 [ 60.443926][ T57] ? vprintk_func+0x97/0x1a6 [ 60.448526][ T57] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.454069][ T57] kasan_report.cold+0x1f/0x37 [ 60.458841][ T57] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.464385][ T57] afs_wake_up_async_call+0x7a7/0x880 [ 60.469753][ T57] ? do_raw_spin_lock+0x129/0x2e0 [ 60.474778][ T57] ? afs_close_socket+0x320/0x320 [ 60.479806][ T57] ? rwlock_bug.part.0+0x90/0x90 [ 60.484750][ T57] ? rcu_read_lock_held+0x9c/0xb0 [ 60.489792][ T57] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.495435][ T57] ? afs_close_socket+0x320/0x320 [ 60.500474][ T57] ? afs_put_call+0xa70/0xa70 [ 60.505152][ T57] rxrpc_notify_socket+0x1e5/0x5e0 [ 60.510279][ T57] ? afs_put_call+0xa70/0xa70 [ 60.514972][ T57] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 60.521598][ T57] rxrpc_call_completed+0xca/0xf0 [ 60.526712][ T57] rxrpc_discard_prealloc+0x786/0xac0 [ 60.532203][ T57] ? lock_sock_nested+0x94/0x110 [ 60.537238][ T57] rxrpc_listen+0x147/0x360 [ 60.541762][ T57] afs_close_socket+0x95/0x320 [ 60.546525][ T57] ? afs_purge_servers+0x16d/0x300 [ 60.551731][ T57] ? afs_rx_discard_new_call+0x50/0x50 [ 60.557193][ T57] ? debug_smp_processor_id+0x2f/0x185 [ 60.562662][ T57] ? init_wait_var_entry+0x200/0x200 [ 60.567949][ T57] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.573592][ T57] afs_net_exit+0x1bc/0x310 [ 60.578092][ T57] ? afs_net_init+0xe30/0xe30 [ 60.582763][ T57] ops_exit_list.isra.0+0xa8/0x150 [ 60.587876][ T57] cleanup_net+0x511/0xa50 [ 60.592327][ T57] ? unregister_pernet_device+0x70/0x70 [ 60.597878][ T57] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.604049][ T57] process_one_work+0x965/0x16a0 [ 60.608993][ T57] ? lock_release+0x800/0x800 [ 60.614204][ T57] ? pwq_dec_nr_in_flight+0x310/0x310 [ 60.619588][ T57] ? rwlock_bug.part.0+0x90/0x90 [ 60.624539][ T57] worker_thread+0x96/0xe10 [ 60.629066][ T57] ? process_one_work+0x16a0/0x16a0 [ 60.637831][ T57] kthread+0x388/0x470 [ 60.641928][ T57] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.647645][ T57] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.653365][ T57] ret_from_fork+0x24/0x30 [ 60.657795][ T57] [ 60.660126][ T57] Allocated by task 6832: [ 60.665158][ T57] save_stack+0x1b/0x40 [ 60.669310][ T57] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 60.674936][ T57] kmem_cache_alloc_trace+0x153/0x7d0 [ 60.680311][ T57] afs_alloc_call+0x55/0x640 [ 60.684933][ T57] afs_charge_preallocation+0xe9/0x2d0 [ 60.690390][ T57] afs_open_socket+0x292/0x360 [ 60.695150][ T57] afs_net_init+0xa6c/0xe30 [ 60.699646][ T57] ops_init+0xaf/0x420 [ 60.703708][ T57] setup_net+0x2de/0x860 [ 60.707954][ T57] copy_net_ns+0x293/0x590 [ 60.712364][ T57] create_new_namespaces+0x3fb/0xb30 [ 60.717643][ T57] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 60.723361][ T57] ksys_unshare+0x43d/0x8e0 [ 60.727857][ T57] __x64_sys_unshare+0x2d/0x40 [ 60.732623][ T57] do_syscall_64+0xf6/0x7d0 [ 60.737174][ T57] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.743264][ T57] [ 60.745584][ T57] Freed by task 57: [ 60.749476][ T57] save_stack+0x1b/0x40 [ 60.753629][ T57] __kasan_slab_free+0xf7/0x140 [ 60.758476][ T57] kfree+0x109/0x2b0 [ 60.762366][ T57] afs_put_call+0x59b/0xa70 [ 60.766879][ T57] rxrpc_discard_prealloc+0x769/0xac0 [ 60.772676][ T57] rxrpc_listen+0x147/0x360 [ 60.777174][ T57] afs_close_socket+0x95/0x320 [ 60.781936][ T57] afs_net_exit+0x1bc/0x310 [ 60.786433][ T57] ops_exit_list.isra.0+0xa8/0x150 [ 60.791538][ T57] cleanup_net+0x511/0xa50 [ 60.795952][ T57] process_one_work+0x965/0x16a0 [ 60.800892][ T57] worker_thread+0x96/0xe10 [ 60.805391][ T57] kthread+0x388/0x470 [ 60.809454][ T57] ret_from_fork+0x24/0x30 [ 60.813856][ T57] [ 60.816181][ T57] The buggy address belongs to the object at ffff8880975a9000 [ 60.816181][ T57] which belongs to the cache kmalloc-1k of size 1024 [ 60.830491][ T57] The buggy address is located 484 bytes inside of [ 60.830491][ T57] 1024-byte region [ffff8880975a9000, ffff8880975a9400) [ 60.843849][ T57] The buggy address belongs to the page: [ 60.849481][ T57] page:ffffea00025d6a40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 60.858580][ T57] flags: 0xfffe0000000200(slab) [ 60.863431][ T57] raw: 00fffe0000000200 ffffea00024c5888 ffffea0002860248 ffff8880aa000c40 [ 60.872033][ T57] raw: 0000000000000000 ffff8880975a9000 0000000100000002 0000000000000000 [ 60.880617][ T57] page dumped because: kasan: bad access detected [ 60.887020][ T57] [ 60.889339][ T57] Memory state around the buggy address: [ 60.894965][ T57] ffff8880975a9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.903025][ T57] ffff8880975a9100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.911081][ T57] >ffff8880975a9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.919149][ T57] ^ [ 60.926338][ T57] ffff8880975a9200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.934396][ T57] ffff8880975a9280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.942446][ T57] ================================================================== [ 60.950499][ T57] Disabling lock debugging due to kernel taint [ 60.956700][ T57] Kernel panic - not syncing: panic_on_warn set ... [ 60.963280][ T57] CPU: 1 PID: 57 Comm: kworker/u4:2 Tainted: G B 5.7.0-syzkaller #0 [ 60.972627][ T57] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.982677][ T57] Workqueue: netns cleanup_net [ 60.988898][ T57] Call Trace: [ 60.992186][ T57] dump_stack+0x188/0x20d [ 60.996510][ T57] ? afs_wake_up_async_call+0x6b0/0x880 [ 61.002133][ T57] ? afs_put_call+0xa70/0xa70 [ 61.006800][ T57] panic+0x2e3/0x75c [ 61.010774][ T57] ? add_taint.cold+0x16/0x16 [ 61.015448][ T57] ? retint_kernel+0x2b/0x2b [ 61.020044][ T57] ? trace_hardirqs_on+0x55/0x230 [ 61.025067][ T57] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.030605][ T57] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.036406][ T57] ? afs_put_call+0xa70/0xa70 [ 61.041075][ T57] end_report+0x4d/0x53 [ 61.045225][ T57] kasan_report.cold+0xd/0x37 [ 61.049897][ T57] ? afs_wake_up_async_call+0x7a7/0x880 [ 61.055445][ T57] afs_wake_up_async_call+0x7a7/0x880 [ 61.061099][ T57] ? do_raw_spin_lock+0x129/0x2e0 [ 61.066137][ T57] ? afs_close_socket+0x320/0x320 [ 61.071155][ T57] ? rwlock_bug.part.0+0x90/0x90 [ 61.076176][ T57] ? rcu_read_lock_held+0x9c/0xb0 [ 61.081198][ T57] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.086829][ T57] ? afs_close_socket+0x320/0x320 [ 61.091857][ T57] ? afs_put_call+0xa70/0xa70 [ 61.096533][ T57] rxrpc_notify_socket+0x1e5/0x5e0 [ 61.101640][ T57] ? afs_put_call+0xa70/0xa70 [ 61.106342][ T57] __rxrpc_set_call_completion.part.0+0x172/0x420 executing program [ 61.112755][ T57] rxrpc_call_completed+0xca/0xf0 [ 61.117775][ T57] rxrpc_discard_prealloc+0x786/0xac0 [ 61.123143][ T57] ? lock_sock_nested+0x94/0x110 [ 61.128074][ T57] rxrpc_listen+0x147/0x360 [ 61.132574][ T57] afs_close_socket+0x95/0x320 [ 61.137411][ T57] ? afs_purge_servers+0x16d/0x300 [ 61.142598][ T57] ? afs_rx_discard_new_call+0x50/0x50 [ 61.148992][ T57] ? debug_smp_processor_id+0x2f/0x185 [ 61.154431][ T57] ? init_wait_var_entry+0x200/0x200 [ 61.159693][ T57] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.165316][ T57] afs_net_exit+0x1bc/0x310 [ 61.169811][ T57] ? afs_net_init+0xe30/0xe30 [ 61.174467][ T57] ops_exit_list.isra.0+0xa8/0x150 [ 61.179565][ T57] cleanup_net+0x511/0xa50 [ 61.183971][ T57] ? unregister_pernet_device+0x70/0x70 [ 61.189591][ T57] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.195562][ T57] process_one_work+0x965/0x16a0 [ 61.200475][ T57] ? lock_release+0x800/0x800 [ 61.205127][ T57] ? pwq_dec_nr_in_flight+0x310/0x310 [ 61.210472][ T57] ? rwlock_bug.part.0+0x90/0x90 [ 61.215408][ T57] worker_thread+0x96/0xe10 [ 61.219888][ T57] ? process_one_work+0x16a0/0x16a0 [ 61.225078][ T57] kthread+0x388/0x470 [ 61.229133][ T57] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.234831][ T57] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.240539][ T57] ret_from_fork+0x24/0x30 [ 61.246314][ T57] Kernel Offset: disabled [ 61.250641][ T57] Rebooting in 86400 seconds..