Starting Load/Save RF Kill Switch Status... [ 54.307986][ T6727] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6727 [ 54.317585][ T6727] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 54.323545][ T6727] CPU: 0 PID: 6727 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 54.331782][ T6727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.341851][ T6727] Call Trace: [ 54.345132][ T6727] dump_stack+0x18f/0x20d [ 54.349449][ T6727] check_preemption_disabled+0x20d/0x220 [ 54.355062][ T6727] ext4_mb_new_blocks+0xa4d/0x3b70 [ 54.360165][ T6727] ? ext4_ext_search_right+0x2ca/0xb20 [ 54.365705][ T6727] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 54.372728][ T6727] ext4_ext_map_blocks+0x201b/0x33e0 [ 54.377999][ T6727] ? ext4_ext_release+0x10/0x10 [ 54.382840][ T6727] ? down_write_killable+0x170/0x170 [ 54.388102][ T6727] ? ext4_es_lookup_extent+0x41d/0xd10 [ 54.393540][ T6727] ext4_map_blocks+0x4cb/0x1640 [ 54.398374][ T6727] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 54.403680][ T6727] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 54.409213][ T6727] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 54.415186][ T6727] ? prandom_u32_state+0xe/0x170 [ 54.420118][ T6727] ? __brelse+0x84/0xa0 [ 54.424265][ T6727] ? __ext4_new_inode+0x144/0x55e0 [ 54.429355][ T6727] ext4_getblk+0xad/0x520 [ 54.433663][ T6727] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 54.439366][ T6727] ? ext4_free_inode+0x1700/0x1700 [ 54.444482][ T6727] ext4_bread+0x7c/0x380 [ 54.448699][ T6727] ? ext4_getblk+0x520/0x520 [ 54.453262][ T6727] ? dquot_get_next_dqblk+0x180/0x180 [ 54.458614][ T6727] ext4_append+0x153/0x360 [ 54.463008][ T6727] ext4_mkdir+0x5e0/0xdf0 [ 54.467318][ T6727] ? ext4_rmdir+0xde0/0xde0 [ 54.471815][ T6727] ? security_inode_permission+0xc4/0xf0 [ 54.477447][ T6727] vfs_mkdir+0x419/0x690 [ 54.481722][ T6727] do_mkdirat+0x21e/0x280 [ 54.486052][ T6727] ? __ia32_sys_mknod+0xb0/0xb0 [ 54.490897][ T6727] ? do_syscall_64+0x1c/0xe0 [ 54.495466][ T6727] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 54.501447][ T6727] do_syscall_64+0x60/0xe0 [ 54.505856][ T6727] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 54.511734][ T6727] RIP: 0033:0x7efff7fc4687 [ 54.516128][ T6727] Code: Bad RIP value. [ 54.520194][ T6727] RSP: 002b:00007ffd32a5f958 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 54.528591][ T6727] RAX: ffffffffffffffda RBX: 0000556e8906c985 RCX: 00007efff7fc4687 [ 54.536555][ T6727] RDX: 00007ffd32a5f820 RSI: 00000000000001ed RDI: 0000556e8906c985 [ 54.544503][ T6727] RBP: 00007efff7fc4680 R08: 0000000000000100 R09: 0000000000000000 [ 54.552462][ T6727] R10: 0000556e8906c980 R11: 0000000000000246 R12: 00000000000001ed [ 54.560425][ T6727] R13: 00007ffd32a5fae0 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 58.335676][ T21] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:1/21 [ 58.345171][ T21] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.351058][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.7.0-syzkaller #0 [ 58.358926][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.368973][ T21] Workqueue: writeback wb_workfn (flush-8:0) [ 58.374947][ T21] Call Trace: [ 58.378238][ T21] dump_stack+0x18f/0x20d [ 58.382565][ T21] check_preemption_disabled+0x20d/0x220 [ 58.388555][ T21] ext4_mb_new_blocks+0xa4d/0x3b70 [ 58.393650][ T21] ? ext4_find_extent+0x81a/0xad0 [ 58.398662][ T21] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.404100][ T21] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.409824][ T21] ext4_ext_map_blocks+0x201b/0x33e0 [ 58.415102][ T21] ? ext4_ext_release+0x10/0x10 [ 58.419960][ T21] ? down_write_killable+0x170/0x170 [ 58.425238][ T21] ? ext4_es_lookup_extent+0x41d/0xd10 [ 58.430677][ T21] ext4_map_blocks+0x4cb/0x1640 [ 58.435511][ T21] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.440721][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.446270][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.452242][ T21] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 58.457690][ T21] ext4_writepages+0x1a7b/0x33c0 [ 58.462626][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.468259][ T21] ? __lock_acquire+0x2224/0x48b0 [ 58.473273][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.479235][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 58.485220][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 58.490863][ T21] ? do_writepages+0xfa/0x2a0 [ 58.495516][ T21] do_writepages+0xfa/0x2a0 [ 58.500001][ T21] ? page_writeback_cpu_online+0x10/0x10 [ 58.505620][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.511160][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.517116][ T21] ? lock_downgrade+0x840/0x840 [ 58.521966][ T21] __writeback_single_inode+0x12a/0x13d0 [ 58.527586][ T21] ? _raw_spin_unlock+0x24/0x40 [ 58.532437][ T21] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 58.538396][ T21] writeback_sb_inodes+0x515/0xdc0 [ 58.543493][ T21] ? __writeback_single_inode+0x13d0/0x13d0 [ 58.549389][ T21] __writeback_inodes_wb+0xc3/0x250 [ 58.554570][ T21] wb_writeback+0x8db/0xd50 [ 58.559055][ T21] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 58.565368][ T21] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 58.571251][ T21] ? cpumask_next+0x3c/0x40 [ 58.575730][ T21] ? get_nr_dirty_inodes+0xd6/0x130 [ 58.580906][ T21] wb_workfn+0xab3/0x1090 [ 58.585220][ T21] ? inode_wait_for_writeback+0x30/0x30 [ 58.590762][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.596285][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.602245][ T21] process_one_work+0x965/0x1690 [ 58.607169][ T21] ? lock_release+0x800/0x800 [ 58.611825][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 58.617185][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 58.622114][ T21] worker_thread+0x96/0xe10 [ 58.626612][ T21] ? process_one_work+0x1690/0x1690 [ 58.631795][ T21] kthread+0x3b5/0x4a0 [ 58.635850][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.641548][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 58.647250][ T21] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.10.59' (ECDSA) to the list of known hosts. 2020/06/15 12:59:23 fuzzer started 2020/06/15 12:59:23 connecting to host at 10.128.0.26:34021 2020/06/15 12:59:23 checking machine... 2020/06/15 12:59:23 checking revisions... 2020/06/15 12:59:23 testing simple program... [ 59.539660][ T6796] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6796 [ 59.548769][ T6796] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.554654][ T6796] CPU: 1 PID: 6796 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 59.562633][ T6796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.572695][ T6796] Call Trace: [ 59.575980][ T6796] dump_stack+0x18f/0x20d [ 59.580305][ T6796] check_preemption_disabled+0x20d/0x220 [ 59.585922][ T6796] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.591040][ T6796] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.596710][ T6796] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.602637][ T6796] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.607958][ T6796] ? ext4_ext_release+0x10/0x10 [ 59.612841][ T6796] ? down_write_killable+0x170/0x170 [ 59.618127][ T6796] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.623623][ T6796] ext4_map_blocks+0x4cb/0x1640 [ 59.628487][ T6796] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.633714][ T6796] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.639266][ T6796] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.645248][ T6796] ? prandom_u32_state+0xe/0x170 [ 59.650183][ T6796] ? __brelse+0x84/0xa0 [ 59.654320][ T6796] ? __ext4_new_inode+0x144/0x55e0 [ 59.659422][ T6796] ext4_getblk+0xad/0x520 [ 59.663732][ T6796] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.669449][ T6796] ? ext4_free_inode+0x1700/0x1700 [ 59.674555][ T6796] ext4_bread+0x7c/0x380 [ 59.678780][ T6796] ? ext4_getblk+0x520/0x520 [ 59.683372][ T6796] ? dquot_get_next_dqblk+0x180/0x180 [ 59.688740][ T6796] ext4_append+0x153/0x360 [ 59.693428][ T6796] ext4_mkdir+0x5e0/0xdf0 [ 59.697769][ T6796] ? ext4_rmdir+0xde0/0xde0 [ 59.702270][ T6796] ? security_inode_permission+0xc4/0xf0 [ 59.707917][ T6796] vfs_mkdir+0x419/0x690 [ 59.712257][ T6796] do_mkdirat+0x21e/0x280 [ 59.716588][ T6796] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.721422][ T6796] ? do_syscall_64+0x1c/0xe0 [ 59.725997][ T6796] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.731970][ T6796] do_syscall_64+0x60/0xe0 [ 59.736395][ T6796] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 59.742263][ T6796] RIP: 0033:0x4b02a0 [ 59.746130][ T6796] Code: Bad RIP value. [ 59.750173][ T6796] RSP: 002b:000000c0000e14b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 59.758684][ T6796] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 59.766752][ T6796] RDX: 00000000000001c0 RSI: 000000c0000e6aa0 RDI: ffffffffffffff9c [ 59.774814][ T6796] RBP: 000000c0000e1510 R08: 0000000000000000 R09: 0000000000000000 [ 59.783151][ T6796] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 59.791573][ T6796] R13: 0000000000000056 R14: 0000000000000055 R15: 0000000000000100 [ 59.818066][ T6809] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6809 [ 59.827739][ T6809] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.833639][ T6809] CPU: 1 PID: 6809 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 59.841938][ T6809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.852081][ T6809] Call Trace: [ 59.855354][ T6809] dump_stack+0x18f/0x20d [ 59.859680][ T6809] check_preemption_disabled+0x20d/0x220 [ 59.865315][ T6809] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.870421][ T6809] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.875873][ T6809] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.881590][ T6809] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.886873][ T6809] ? ext4_ext_release+0x10/0x10 [ 59.891742][ T6809] ? down_write_killable+0x170/0x170 [ 59.897011][ T6809] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.902451][ T6809] ext4_map_blocks+0x4cb/0x1640 [ 59.907636][ T6809] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.912812][ T6809] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.918346][ T6809] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.924319][ T6809] ? prandom_u32_state+0xe/0x170 [ 59.929245][ T6809] ? __brelse+0x84/0xa0 [ 59.933392][ T6809] ? __ext4_new_inode+0x144/0x55e0 [ 59.938491][ T6809] ext4_getblk+0xad/0x520 [ 59.943594][ T6809] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.949311][ T6809] ? ext4_free_inode+0x1700/0x1700 [ 59.954401][ T6809] ext4_bread+0x7c/0x380 [ 59.958628][ T6809] ? ext4_getblk+0x520/0x520 [ 59.963204][ T6809] ? dquot_get_next_dqblk+0x180/0x180 [ 59.968556][ T6809] ext4_append+0x153/0x360 [ 59.972953][ T6809] ext4_mkdir+0x5e0/0xdf0 [ 59.977274][ T6809] ? ext4_rmdir+0xde0/0xde0 [ 59.981769][ T6809] ? security_inode_permission+0xc4/0xf0 [ 59.987387][ T6809] vfs_mkdir+0x419/0x690 [ 59.991609][ T6809] do_mkdirat+0x21e/0x280 [ 59.995919][ T6809] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.000748][ T6809] ? do_syscall_64+0x1c/0xe0 [ 60.005402][ T6809] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.011357][ T6809] do_syscall_64+0x60/0xe0 [ 60.015753][ T6809] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.021616][ T6809] RIP: 0033:0x45bed7 [ 60.025493][ T6809] Code: Bad RIP value. [ 60.029531][ T6809] RSP: 002b:00007ffe764db198 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 60.037928][ T6809] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 60.045879][ T6809] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffe764db370 [ 60.053935][ T6809] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003940 [ 60.061888][ T6809] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 60.069839][ T6809] R13: 00007ffe764db370 R14: 8421084210842109 R15: 00007ffe764db37c [ 60.156713][ T6810] IPVS: ftp: loaded support on port[0] = 21 [ 60.193525][ T6810] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6810 [ 60.203073][ T6810] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.209231][ T6810] CPU: 0 PID: 6810 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.217459][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.227529][ T6810] Call Trace: [ 60.230801][ T6810] dump_stack+0x18f/0x20d [ 60.235114][ T6810] check_preemption_disabled+0x20d/0x220 [ 60.240783][ T6810] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.246166][ T6810] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.251743][ T6810] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.257524][ T6810] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.262805][ T6810] ? ext4_ext_release+0x10/0x10 [ 60.268954][ T6810] ? down_write_killable+0x170/0x170 [ 60.274215][ T6810] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.279654][ T6810] ext4_map_blocks+0x4cb/0x1640 [ 60.284484][ T6810] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.289662][ T6810] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.295618][ T6810] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.301572][ T6810] ? prandom_u32_state+0xe/0x170 [ 60.306635][ T6810] ? __brelse+0x84/0xa0 [ 60.310781][ T6810] ? __ext4_new_inode+0x144/0x55e0 [ 60.316505][ T6810] ext4_getblk+0xad/0x520 [ 60.320823][ T6810] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.326527][ T6810] ? ext4_free_inode+0x1700/0x1700 [ 60.331626][ T6810] ext4_bread+0x7c/0x380 [ 60.335848][ T6810] ? ext4_getblk+0x520/0x520 [ 60.340414][ T6810] ? dquot_get_next_dqblk+0x180/0x180 [ 60.345859][ T6810] ext4_append+0x153/0x360 [ 60.350262][ T6810] ext4_mkdir+0x5e0/0xdf0 [ 60.354569][ T6810] ? ext4_rmdir+0xde0/0xde0 [ 60.359075][ T6810] ? security_inode_permission+0xc4/0xf0 [ 60.364761][ T6810] vfs_mkdir+0x419/0x690 [ 60.369113][ T6810] do_mkdirat+0x21e/0x280 [ 60.373441][ T6810] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.378284][ T6810] ? do_syscall_64+0x1c/0xe0 [ 60.382886][ T6810] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.389033][ T6810] do_syscall_64+0x60/0xe0 [ 60.393449][ T6810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.399316][ T6810] RIP: 0033:0x45bed7 [ 60.403193][ T6810] Code: Bad RIP value. [ 60.407235][ T6810] RSP: 002b:00007ffe764db088 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 60.415618][ T6810] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 60.423572][ T6810] RDX: 00007ffe764db0d3 RSI: 00000000000001ff RDI: 00007ffe764db0d0 [ 60.431524][ T6810] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 60.439471][ T6810] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0 [ 60.447419][ T6810] R13: 00007ffe764db0c0 R14: 0000000000000000 R15: 00007ffe764db0d0 [ 60.499106][ T6810] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6810 [ 60.508585][ T6810] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.514488][ T6810] CPU: 1 PID: 6810 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.522718][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.532770][ T6810] Call Trace: [ 60.536066][ T6810] dump_stack+0x18f/0x20d [ 60.540408][ T6810] check_preemption_disabled+0x20d/0x220 [ 60.546047][ T6810] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.551179][ T6810] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.556716][ T6810] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.562418][ T6810] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.567687][ T6810] ? ext4_ext_release+0x10/0x10 [ 60.574068][ T6810] ? down_write_killable+0x170/0x170 [ 60.579453][ T6810] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.584908][ T6810] ext4_map_blocks+0x4cb/0x1640 [ 60.589794][ T6810] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.595025][ T6810] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.600548][ T6810] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.606524][ T6810] ? prandom_u32_state+0xe/0x170 [ 60.611449][ T6810] ? __brelse+0x84/0xa0 [ 60.615594][ T6810] ? __ext4_new_inode+0x144/0x55e0 [ 60.620770][ T6810] ext4_getblk+0xad/0x520 [ 60.625103][ T6810] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.630800][ T6810] ? ext4_free_inode+0x1700/0x1700 [ 60.635897][ T6810] ext4_bread+0x7c/0x380 [ 60.640134][ T6810] ? ext4_getblk+0x520/0x520 [ 60.644708][ T6810] ? dquot_get_next_dqblk+0x180/0x180 [ 60.650080][ T6810] ext4_append+0x153/0x360 [ 60.654488][ T6810] ext4_mkdir+0x5e0/0xdf0 [ 60.658814][ T6810] ? ext4_rmdir+0xde0/0xde0 [ 60.663305][ T6810] ? security_inode_permission+0xc4/0xf0 [ 60.668918][ T6810] vfs_mkdir+0x419/0x690 [ 60.673152][ T6810] do_mkdirat+0x21e/0x280 [ 60.677465][ T6810] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.682317][ T6810] ? do_syscall_64+0x1c/0xe0 [ 60.686905][ T6810] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.692889][ T6810] do_syscall_64+0x60/0xe0 [ 60.697296][ T6810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.703259][ T6810] RIP: 0033:0x45bed7 [ 60.707126][ T6810] Code: Bad RIP value. [ 60.711165][ T6810] RSP: 002b:00007ffe764db088 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 60.719553][ T6810] RAX: ffffffffffffffda RBX: 000000000000ec44 RCX: 000000000045bed7 [ 60.727526][ T6810] RDX: 00007ffe764db0d3 RSI: 00000000000001ff RDI: 00007ffe764db0d0 [ 60.735475][ T6810] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/15 12:59:24 building call list... [ 60.743423][ T6810] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 60.751381][ T6810] R13: 00007ffe764db0c0 R14: 000000000000ec39 R15: 00007ffe764db0d0 [ 61.064796][ T7] tipc: TX() has been purged, node left! [ 61.586999][ T7] ================================================================== [ 61.595253][ T7] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 61.603151][ T7] Write of size 1 at addr ffff8880a850d1e4 by task kworker/u4:0/7 [ 61.610938][ T7] [ 61.613272][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.7.0-syzkaller #0 [ 61.621066][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.631119][ T7] Workqueue: netns cleanup_net [ 61.635871][ T7] Call Trace: [ 61.639161][ T7] dump_stack+0x18f/0x20d [ 61.643573][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.649108][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.654648][ T7] ? afs_put_call+0xa40/0xa40 [ 61.659323][ T7] print_address_description.constprop.0.cold+0xd3/0x413 [ 61.666346][ T7] ? vprintk_func+0x97/0x1a6 [ 61.670933][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.676472][ T7] kasan_report.cold+0x1f/0x37 [ 61.681234][ T7] ? rcu_read_lock_held+0x81/0xb0 [ 61.686255][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.691796][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 61.697161][ T7] ? afs_close_socket+0x320/0x320 [ 61.702180][ T7] ? afs_put_call+0xa40/0xa40 [ 61.706851][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 61.711962][ T7] ? afs_put_call+0xa40/0xa40 [ 61.716639][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 61.723072][ T7] rxrpc_call_completed+0xca/0xf0 [ 61.728095][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 61.733464][ T7] ? lock_sock_nested+0x94/0x110 [ 61.738407][ T7] rxrpc_listen+0x147/0x360 [ 61.742913][ T7] afs_close_socket+0x95/0x320 [ 61.747758][ T7] ? afs_purge_servers+0x16d/0x300 [ 61.753225][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 61.758689][ T7] ? init_wait_var_entry+0x200/0x200 [ 61.763971][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 61.769601][ T7] ? check_preemption_disabled+0x38/0x220 [ 61.775526][ T7] afs_net_exit+0x1bc/0x310 [ 61.780053][ T7] ? afs_net_init+0xe30/0xe30 [ 61.784735][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 61.789846][ T7] cleanup_net+0x511/0xa50 [ 61.794261][ T7] ? unregister_pernet_device+0x70/0x70 [ 61.800096][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.806103][ T7] process_one_work+0x965/0x1690 [ 61.811106][ T7] ? lock_release+0x800/0x800 [ 61.815793][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 61.821194][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 61.826143][ T7] worker_thread+0x96/0xe10 [ 61.830645][ T7] ? process_one_work+0x1690/0x1690 [ 61.835848][ T7] kthread+0x3b5/0x4a0 [ 61.839922][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.845641][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.851364][ T7] ret_from_fork+0x1f/0x30 [ 61.855811][ T7] [ 61.858132][ T7] Allocated by task 6810: [ 61.862461][ T7] save_stack+0x1b/0x40 [ 61.866709][ T7] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 61.872335][ T7] kmem_cache_alloc_trace+0x153/0x7d0 [ 61.877875][ T7] afs_alloc_call+0x55/0x630 [ 61.882456][ T7] afs_charge_preallocation+0xe9/0x2d0 [ 61.887927][ T7] afs_open_socket+0x292/0x360 [ 61.892687][ T7] afs_net_init+0xa6c/0xe30 [ 61.897180][ T7] ops_init+0xaf/0x420 [ 61.901240][ T7] setup_net+0x2de/0x860 [ 61.905476][ T7] copy_net_ns+0x293/0x590 [ 61.909884][ T7] create_new_namespaces+0x3fb/0xb30 [ 61.915178][ T7] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 61.920817][ T7] ksys_unshare+0x43d/0x8e0 [ 61.925351][ T7] __x64_sys_unshare+0x2d/0x40 [ 61.930126][ T7] do_syscall_64+0x60/0xe0 [ 61.934543][ T7] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.940423][ T7] [ 61.942745][ T7] Freed by task 7: [ 61.946459][ T7] save_stack+0x1b/0x40 [ 61.951065][ T7] __kasan_slab_free+0xf7/0x140 [ 61.955914][ T7] kfree+0x109/0x2b0 [ 61.959801][ T7] afs_put_call+0x585/0xa40 [ 61.964302][ T7] rxrpc_discard_prealloc+0x764/0xab0 [ 61.969666][ T7] rxrpc_listen+0x147/0x360 [ 61.974165][ T7] afs_close_socket+0x95/0x320 [ 61.978923][ T7] afs_net_exit+0x1bc/0x310 [ 61.983448][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 61.988549][ T7] cleanup_net+0x511/0xa50 [ 61.992959][ T7] process_one_work+0x965/0x1690 [ 61.997923][ T7] worker_thread+0x96/0xe10 [ 62.002417][ T7] kthread+0x3b5/0x4a0 [ 62.006482][ T7] ret_from_fork+0x1f/0x30 [ 62.010884][ T7] [ 62.013208][ T7] The buggy address belongs to the object at ffff8880a850d000 [ 62.013208][ T7] which belongs to the cache kmalloc-1k of size 1024 [ 62.027348][ T7] The buggy address is located 484 bytes inside of [ 62.027348][ T7] 1024-byte region [ffff8880a850d000, ffff8880a850d400) [ 62.040869][ T7] The buggy address belongs to the page: [ 62.046603][ T7] page:ffffea0002a14340 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 62.056136][ T7] flags: 0xfffe0000000200(slab) [ 62.063855][ T7] raw: 00fffe0000000200 ffffea000290ae48 ffffea000269a0c8 ffff8880aa000c40 [ 62.072529][ T7] raw: 0000000000000000 ffff8880a850d000 0000000100000002 0000000000000000 [ 62.081102][ T7] page dumped because: kasan: bad access detected [ 62.087587][ T7] [ 62.089903][ T7] Memory state around the buggy address: [ 62.096568][ T7] ffff8880a850d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.104897][ T7] ffff8880a850d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.112953][ T7] >ffff8880a850d180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.121004][ T7] ^ [ 62.128207][ T7] ffff8880a850d200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.136271][ T7] ffff8880a850d280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.144326][ T7] ================================================================== [ 62.152371][ T7] Disabling lock debugging due to kernel taint [ 62.158573][ T7] Kernel panic - not syncing: panic_on_warn set ... [ 62.165159][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Tainted: G B 5.7.0-syzkaller #0 [ 62.174883][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.184962][ T7] Workqueue: netns cleanup_net [ 62.189720][ T7] Call Trace: [ 62.193005][ T7] dump_stack+0x18f/0x20d [ 62.197416][ T7] ? afs_wake_up_async_call+0x5f0/0x770 [ 62.202947][ T7] ? afs_put_call+0xa40/0xa40 [ 62.207611][ T7] panic+0x2e3/0x75c [ 62.211497][ T7] ? __warn_printk+0xf3/0xf3 [ 62.216076][ T7] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 62.222225][ T7] ? trace_hardirqs_on+0x55/0x220 [ 62.227237][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.232771][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.238565][ T7] ? afs_put_call+0xa40/0xa40 [ 62.243230][ T7] end_report+0x4d/0x53 [ 62.247376][ T7] kasan_report.cold+0xd/0x37 [ 62.252046][ T7] ? rcu_read_lock_held+0x81/0xb0 [ 62.257059][ T7] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.262596][ T7] afs_wake_up_async_call+0x6aa/0x770 [ 62.267957][ T7] ? afs_close_socket+0x320/0x320 [ 62.272977][ T7] ? afs_put_call+0xa40/0xa40 [ 62.277644][ T7] rxrpc_notify_socket+0x1db/0x5d0 [ 62.282744][ T7] ? afs_put_call+0xa40/0xa40 [ 62.287409][ T7] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 62.293815][ T7] rxrpc_call_completed+0xca/0xf0 [ 62.298857][ T7] rxrpc_discard_prealloc+0x781/0xab0 [ 62.304222][ T7] ? lock_sock_nested+0x94/0x110 [ 62.309415][ T7] rxrpc_listen+0x147/0x360 [ 62.313934][ T7] afs_close_socket+0x95/0x320 [ 62.319296][ T7] ? afs_purge_servers+0x16d/0x300 [ 62.324417][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 62.332130][ T7] ? init_wait_var_entry+0x200/0x200 executing program [ 62.337405][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.343032][ T7] ? check_preemption_disabled+0x38/0x220 [ 62.348749][ T7] afs_net_exit+0x1bc/0x310 [ 62.353251][ T7] ? afs_net_init+0xe30/0xe30 [ 62.357928][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 62.363032][ T7] cleanup_net+0x511/0xa50 [ 62.367442][ T7] ? unregister_pernet_device+0x70/0x70 [ 62.372985][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.378966][ T7] process_one_work+0x965/0x1690 [ 62.384513][ T7] ? lock_release+0x800/0x800 [ 62.389193][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.394562][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 62.399500][ T7] worker_thread+0x96/0xe10 [ 62.404006][ T7] ? process_one_work+0x1690/0x1690 [ 62.409203][ T7] kthread+0x3b5/0x4a0 [ 62.413268][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.419088][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.424804][ T7] ret_from_fork+0x1f/0x30 [ 62.430583][ T7] Kernel Offset: disabled [ 62.434917][ T7] Rebooting in 86400 seconds..