[ 61.021386][ T745] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:7/745 [ 61.030634][ T745] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.036545][ T745] CPU: 1 PID: 745 Comm: kworker/u4:7 Not tainted 5.7.0-syzkaller #0 [ 61.044520][ T745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.054600][ T745] Workqueue: writeback wb_workfn (flush-8:0) [ 61.060585][ T745] Call Trace: [ 61.063880][ T745] dump_stack+0x18f/0x20d [ 61.068259][ T745] check_preemption_disabled+0x20d/0x220 [ 61.073980][ T745] ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.079093][ T745] ? ext4_find_extent+0x81a/0xad0 [ 61.084129][ T745] ? ext4_ext_search_right+0x2ca/0xb20 [ 61.089590][ T745] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 61.095321][ T745] ext4_ext_map_blocks+0x201b/0x33e0 [ 61.100622][ T745] ? ext4_ext_release+0x10/0x10 [ 61.105491][ T745] ? down_write_killable+0x170/0x170 [ 61.110774][ T745] ? ext4_es_lookup_extent+0x41d/0xd10 [ 61.116240][ T745] ext4_map_blocks+0x4cb/0x1640 [ 61.121122][ T745] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.126329][ T745] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.131878][ T745] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.137887][ T745] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 61.143452][ T745] ext4_writepages+0x1a7b/0x33c0 [ 61.148416][ T745] ? __ext4_mark_inode_dirty+0x940/0x940 [ 61.154399][ T745] ? __lock_acquire+0x2224/0x48b0 [ 61.159440][ T745] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 61.165430][ T745] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 61.171426][ T745] ? __ext4_mark_inode_dirty+0x940/0x940 [ 61.177057][ T745] ? do_writepages+0xfa/0x2a0 [ 61.181731][ T745] do_writepages+0xfa/0x2a0 [ 61.186245][ T745] ? page_writeback_cpu_online+0x10/0x10 [ 61.191886][ T745] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.197440][ T745] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.203419][ T745] ? lock_downgrade+0x840/0x840 [ 61.208274][ T745] __writeback_single_inode+0x12a/0x13d0 [ 61.213906][ T745] ? _raw_spin_unlock+0x24/0x40 [ 61.218756][ T745] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 61.224756][ T745] writeback_sb_inodes+0x515/0xdc0 [ 61.229885][ T745] ? __writeback_single_inode+0x13d0/0x13d0 [ 61.235795][ T745] __writeback_inodes_wb+0xc3/0x250 [ 61.241007][ T745] wb_writeback+0x8db/0xd50 [ 61.245524][ T745] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 61.251860][ T745] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 61.257760][ T745] ? cpumask_next+0x3c/0x40 [ 61.262267][ T745] ? get_nr_dirty_inodes+0xd6/0x130 [ 61.267474][ T745] wb_workfn+0xab3/0x1090 [ 61.271815][ T745] ? inode_wait_for_writeback+0x30/0x30 [ 61.277376][ T745] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.282926][ T745] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.288915][ T745] process_one_work+0x965/0x1690 [ 61.293866][ T745] ? lock_release+0x800/0x800 [ 61.298554][ T745] ? pwq_dec_nr_in_flight+0x310/0x310 [ 61.303933][ T745] ? rwlock_bug.part.0+0x90/0x90 [ 61.308881][ T745] worker_thread+0x96/0xe10 [ 61.313393][ T745] ? process_one_work+0x1690/0x1690 [ 61.318591][ T745] kthread+0x3b5/0x4a0 [ 61.322658][ T745] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.328381][ T745] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.334124][ T745] ret_from_fork+0x1f/0x30 [ OK ] Listening on Load/Save RF Kill Switch Status /dev/rfkill Watch. [ OK ] Started Getty on tty6. [ OK ] Started Getty on tty5. [ OK ] Started Getty on tty4. [ OK ] Started Getty on tty3. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... Starting Load/Save RF Kill Switch Status... [ 63.461940][ T6727] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6727 [ 63.471550][ T6727] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.477476][ T6727] CPU: 1 PID: 6727 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0 [ 63.485705][ T6727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.495754][ T6727] Call Trace: [ 63.499049][ T6727] dump_stack+0x18f/0x20d [ 63.503389][ T6727] check_preemption_disabled+0x20d/0x220 [ 63.509023][ T6727] ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.514151][ T6727] ? ext4_ext_search_right+0x2ca/0xb20 [ 63.519926][ T6727] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 63.519958][ T6727] ext4_ext_map_blocks+0x201b/0x33e0 [ 63.519982][ T6727] ? ext4_ext_release+0x10/0x10 [ 63.535860][ T6727] ? down_write_killable+0x170/0x170 [ 63.541327][ T6727] ? ext4_es_lookup_extent+0x41d/0xd10 [ 63.547240][ T6727] ext4_map_blocks+0x4cb/0x1640 [ 63.552094][ T6727] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 63.557292][ T6727] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.562832][ T6727] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.568915][ T6727] ? prandom_u32_state+0xe/0x170 [ 63.573868][ T6727] ? __brelse+0x84/0xa0 [ 63.578063][ T6727] ? __ext4_new_inode+0x144/0x55e0 [ 63.583176][ T6727] ext4_getblk+0xad/0x520 [ 63.587526][ T6727] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 63.593248][ T6727] ? ext4_free_inode+0x1700/0x1700 [ 63.598377][ T6727] ext4_bread+0x7c/0x380 [ 63.602630][ T6727] ? ext4_getblk+0x520/0x520 [ 63.607228][ T6727] ? dquot_get_next_dqblk+0x180/0x180 [ 63.612614][ T6727] ext4_append+0x153/0x360 [ 63.617043][ T6727] ext4_mkdir+0x5e0/0xdf0 [ 63.621397][ T6727] ? ext4_rmdir+0xde0/0xde0 [ 63.626010][ T6727] vfs_mkdir+0x419/0x690 [ 63.630243][ T6727] do_mkdirat+0x21e/0x280 [ 63.634556][ T6727] ? __ia32_sys_mknod+0xb0/0xb0 [ 63.639387][ T6727] ? do_syscall_64+0x1c/0xe0 [ 63.643966][ T6727] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 63.649926][ T6727] do_syscall_64+0x60/0xe0 [ 63.654333][ T6727] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.660210][ T6727] RIP: 0033:0x7f1498c6a687 [ 63.664608][ T6727] Code: Bad RIP value. [ 63.668738][ T6727] RSP: 002b:00007ffdf94b1818 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 63.677141][ T6727] RAX: ffffffffffffffda RBX: 0000565066a04985 RCX: 00007f1498c6a687 [ 63.685101][ T6727] RDX: 00007ffdf94b16e0 RSI: 00000000000001ed RDI: 0000565066a04985 [ 63.693070][ T6727] RBP: 00007f1498c6a680 R08: 0000000000000100 R09: 0000000000000000 [ 63.701021][ T6727] R10: 0000565066a04980 R11: 0000000000000246 R12: 00000000000001ed [ 63.708968][ T6727] R13: 00007ffdf94b19a0 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Update UTMP about System Runlevel Changes. [ OK ] Started Load/Save RF Kill Switch Status. Warning: Permanently added '10.128.10.34' (ECDSA) to the list of known hosts. Debian GNU/Linux 9 syzkaller ttyS0 2020/06/14 11:04:19 fuzzer started 2020/06/14 11:04:19 connecting to host at 10.128.0.26:46291 2020/06/14 11:04:19 checking machine... 2020/06/14 11:04:19 checking revisions... 2020/06/14 11:04:19 testing simple program... syzkaller login: [ 66.004247][ T6806] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6806 [ 66.013338][ T6806] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.019210][ T6806] CPU: 0 PID: 6806 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 66.027084][ T6806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.037270][ T6806] Call Trace: [ 66.040548][ T6806] dump_stack+0x18f/0x20d [ 66.044862][ T6806] check_preemption_disabled+0x20d/0x220 [ 66.050481][ T6806] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.055585][ T6806] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.061065][ T6806] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.066778][ T6806] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.072060][ T6806] ? ext4_ext_release+0x10/0x10 [ 66.076906][ T6806] ? down_write_killable+0x170/0x170 [ 66.082169][ T6806] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.087617][ T6806] ext4_map_blocks+0x4cb/0x1640 [ 66.092451][ T6806] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.097643][ T6806] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.103175][ T6806] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.109130][ T6806] ? prandom_u32_state+0xe/0x170 [ 66.114047][ T6806] ? __brelse+0x84/0xa0 [ 66.118177][ T6806] ? __ext4_new_inode+0x144/0x55e0 [ 66.123266][ T6806] ext4_getblk+0xad/0x520 [ 66.127572][ T6806] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.133272][ T6806] ? ext4_free_inode+0x1700/0x1700 [ 66.138370][ T6806] ext4_bread+0x7c/0x380 [ 66.142604][ T6806] ? ext4_getblk+0x520/0x520 [ 66.147182][ T6806] ? dquot_get_next_dqblk+0x180/0x180 [ 66.152542][ T6806] ext4_append+0x153/0x360 [ 66.156943][ T6806] ext4_mkdir+0x5e0/0xdf0 [ 66.161260][ T6806] ? ext4_rmdir+0xde0/0xde0 [ 66.165755][ T6806] vfs_mkdir+0x419/0x690 [ 66.169978][ T6806] do_mkdirat+0x21e/0x280 [ 66.174283][ T6806] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.179177][ T6806] ? do_syscall_64+0x1c/0xe0 [ 66.183778][ T6806] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.190356][ T6806] do_syscall_64+0x60/0xe0 [ 66.194752][ T6806] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.200617][ T6806] RIP: 0033:0x4b02a0 [ 66.204523][ T6806] Code: Bad RIP value. [ 66.208572][ T6806] RSP: 002b:000000c0000eb4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 66.216956][ T6806] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 66.224918][ T6806] RDX: 00000000000001c0 RSI: 000000c00009ecc0 RDI: ffffffffffffff9c [ 66.232868][ T6806] RBP: 000000c0000eb510 R08: 0000000000000000 R09: 0000000000000000 [ 66.241472][ T6806] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 66.249429][ T6806] R13: 0000000000000067 R14: 0000000000000066 R15: 0000000000000100 [ 66.274839][ T27] audit: type=1400 audit(1592132660.394:8): avc: denied { execmem } for pid=6808 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 66.275548][ T6808] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6808 [ 66.304957][ T6808] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.310909][ T6808] CPU: 0 PID: 6808 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 66.319135][ T6808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.329166][ T6808] Call Trace: [ 66.332447][ T6808] dump_stack+0x18f/0x20d [ 66.336772][ T6808] check_preemption_disabled+0x20d/0x220 [ 66.342382][ T6808] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.347572][ T6808] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.353006][ T6808] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.358707][ T6808] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.363973][ T6808] ? ext4_ext_release+0x10/0x10 [ 66.368815][ T6808] ? down_write_killable+0x170/0x170 [ 66.374085][ T6808] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.379611][ T6808] ext4_map_blocks+0x4cb/0x1640 [ 66.384441][ T6808] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.389628][ T6808] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.395149][ T6808] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.401153][ T6808] ? prandom_u32_state+0xe/0x170 [ 66.406099][ T6808] ? __brelse+0x84/0xa0 [ 66.410258][ T6808] ? __ext4_new_inode+0x144/0x55e0 [ 66.415352][ T6808] ext4_getblk+0xad/0x520 [ 66.419662][ T6808] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.425361][ T6808] ? ext4_free_inode+0x1700/0x1700 [ 66.430449][ T6808] ext4_bread+0x7c/0x380 [ 66.434666][ T6808] ? ext4_getblk+0x520/0x520 [ 66.439246][ T6808] ? dquot_get_next_dqblk+0x180/0x180 [ 66.444594][ T6808] ? security_transition_sid+0x123/0x190 [ 66.450210][ T6808] ? security_transition_sid+0xed/0x190 [ 66.455749][ T6808] ext4_append+0x153/0x360 [ 66.460164][ T6808] ext4_mkdir+0x5e0/0xdf0 [ 66.464473][ T6808] ? ext4_rmdir+0xde0/0xde0 [ 66.468961][ T6808] vfs_mkdir+0x419/0x690 [ 66.473181][ T6808] do_mkdirat+0x21e/0x280 [ 66.477484][ T6808] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.482315][ T6808] ? do_syscall_64+0x1c/0xe0 [ 66.486879][ T6808] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.492833][ T6808] do_syscall_64+0x60/0xe0 [ 66.497237][ T6808] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.503101][ T6808] RIP: 0033:0x45bee7 [ 66.506964][ T6808] Code: Bad RIP value. [ 66.511014][ T6808] RSP: 002b:00007ffc81ad9728 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 66.519396][ T6808] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 66.527339][ T6808] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffc81ad9900 [ 66.535283][ T6808] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 00000000000032c0 [ 66.543239][ T6808] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 66.551187][ T6808] R13: 00007ffc81ad9900 R14: 8421084210842109 R15: 00007ffc81ad990c [ 66.636614][ T6809] IPVS: ftp: loaded support on port[0] = 21 [ 66.675382][ T6809] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6809 [ 66.684886][ T6809] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.690925][ T6809] CPU: 1 PID: 6809 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 66.699148][ T6809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.709186][ T6809] Call Trace: [ 66.712465][ T6809] dump_stack+0x18f/0x20d [ 66.716777][ T6809] check_preemption_disabled+0x20d/0x220 [ 66.722391][ T6809] ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.727492][ T6809] ? ext4_ext_search_right+0x2ca/0xb20 [ 66.732932][ T6809] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 66.738637][ T6809] ext4_ext_map_blocks+0x201b/0x33e0 [ 66.743917][ T6809] ? ext4_ext_release+0x10/0x10 [ 66.748757][ T6809] ? down_write_killable+0x170/0x170 [ 66.754030][ T6809] ? ext4_es_lookup_extent+0x41d/0xd10 [ 66.759470][ T6809] ext4_map_blocks+0x4cb/0x1640 [ 66.764301][ T6809] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 66.769490][ T6809] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 66.775010][ T6809] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.780972][ T6809] ? prandom_u32_state+0xe/0x170 [ 66.785901][ T6809] ? __brelse+0x84/0xa0 [ 66.790032][ T6809] ? __ext4_new_inode+0x144/0x55e0 [ 66.795120][ T6809] ext4_getblk+0xad/0x520 [ 66.799435][ T6809] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 66.805152][ T6809] ? ext4_free_inode+0x1700/0x1700 [ 66.810259][ T6809] ext4_bread+0x7c/0x380 [ 66.814476][ T6809] ? ext4_getblk+0x520/0x520 [ 66.819052][ T6809] ? dquot_get_next_dqblk+0x180/0x180 [ 66.824407][ T6809] ? security_transition_sid+0x123/0x190 [ 66.830027][ T6809] ? security_transition_sid+0xed/0x190 [ 66.835572][ T6809] ext4_append+0x153/0x360 [ 66.839966][ T6809] ext4_mkdir+0x5e0/0xdf0 [ 66.844289][ T6809] ? ext4_rmdir+0xde0/0xde0 [ 66.848787][ T6809] vfs_mkdir+0x419/0x690 [ 66.853283][ T6809] do_mkdirat+0x21e/0x280 [ 66.857602][ T6809] ? __ia32_sys_mknod+0xb0/0xb0 [ 66.862455][ T6809] ? do_syscall_64+0x1c/0xe0 [ 66.867028][ T6809] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 66.872991][ T6809] do_syscall_64+0x60/0xe0 [ 66.877399][ T6809] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.883281][ T6809] RIP: 0033:0x45bee7 [ 66.887145][ T6809] Code: Bad RIP value. [ 66.891186][ T6809] RSP: 002b:00007ffc81ad9618 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 66.899570][ T6809] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 66.907518][ T6809] RDX: 00007ffc81ad9663 RSI: 00000000000001ff RDI: 00007ffc81ad9660 [ 66.915465][ T6809] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 66.923410][ T6809] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185d0 [ 66.931363][ T6809] R13: 00007ffc81ad9650 R14: 0000000000000000 R15: 00007ffc81ad9660 [ 66.982847][ T6809] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6809 [ 66.992456][ T6809] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 66.998350][ T6809] CPU: 0 PID: 6809 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 67.006575][ T6809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.016626][ T6809] Call Trace: [ 67.019925][ T6809] dump_stack+0x18f/0x20d [ 67.024266][ T6809] check_preemption_disabled+0x20d/0x220 [ 67.029902][ T6809] ext4_mb_new_blocks+0xa4d/0x3b70 [ 67.035028][ T6809] ? ext4_ext_search_right+0x2ca/0xb20 [ 67.040493][ T6809] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 67.046226][ T6809] ext4_ext_map_blocks+0x201b/0x33e0 [ 67.051526][ T6809] ? ext4_ext_release+0x10/0x10 [ 67.056381][ T6809] ? down_write_killable+0x170/0x170 [ 67.061655][ T6809] ? ext4_es_lookup_extent+0x41d/0xd10 [ 67.067098][ T6809] ext4_map_blocks+0x4cb/0x1640 [ 67.071951][ T6809] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 67.077167][ T6809] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 67.082703][ T6809] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.088675][ T6809] ? prandom_u32_state+0xe/0x170 [ 67.093612][ T6809] ? __brelse+0x84/0xa0 [ 67.097760][ T6809] ? __ext4_new_inode+0x144/0x55e0 [ 67.102922][ T6809] ext4_getblk+0xad/0x520 [ 67.107231][ T6809] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 67.112946][ T6809] ? ext4_free_inode+0x1700/0x1700 [ 67.118056][ T6809] ext4_bread+0x7c/0x380 [ 67.122286][ T6809] ? ext4_getblk+0x520/0x520 [ 67.126858][ T6809] ? dquot_get_next_dqblk+0x180/0x180 [ 67.132210][ T6809] ? security_transition_sid+0x123/0x190 [ 67.137821][ T6809] ? security_transition_sid+0xed/0x190 [ 67.143361][ T6809] ext4_append+0x153/0x360 [ 67.147757][ T6809] ext4_mkdir+0x5e0/0xdf0 [ 67.152067][ T6809] ? ext4_rmdir+0xde0/0xde0 [ 67.156570][ T6809] vfs_mkdir+0x419/0x690 [ 67.160794][ T6809] do_mkdirat+0x21e/0x280 [ 67.165120][ T6809] ? __ia32_sys_mknod+0xb0/0xb0 [ 67.169948][ T6809] ? do_syscall_64+0x1c/0xe0 [ 67.174515][ T6809] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 67.180472][ T6809] do_syscall_64+0x60/0xe0 [ 67.184875][ T6809] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 67.190741][ T6809] RIP: 0033:0x45bee7 [ 67.194603][ T6809] Code: Bad RIP value. [ 67.198640][ T6809] RSP: 002b:00007ffc81ad9618 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 67.207023][ T6809] RAX: ffffffffffffffda RBX: 00000000000105a0 RCX: 000000000045bee7 [ 67.214970][ T6809] RDX: 00007ffc81ad9663 RSI: 00000000000001ff RDI: 00007ffc81ad9660 [ 67.222936][ T6809] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 2020/06/14 11:04:21 building call list... [ 67.230882][ T6809] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 67.238836][ T6809] R13: 00007ffc81ad9650 R14: 0000000000010589 R15: 00007ffc81ad9660 [ 67.519734][ T329] tipc: TX() has been purged, node left! [ 68.061677][ T329] ================================================================== [ 68.069897][ T329] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 68.077868][ T329] Write of size 1 at addr ffff8880a0f4a1e4 by task kworker/u4:5/329 [ 68.085833][ T329] [ 68.088175][ T329] CPU: 0 PID: 329 Comm: kworker/u4:5 Not tainted 5.7.0-syzkaller #0 [ 68.096137][ T329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.106187][ T329] Workqueue: netns cleanup_net [ 68.110939][ T329] Call Trace: [ 68.114228][ T329] dump_stack+0x18f/0x20d [ 68.118556][ T329] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.124093][ T329] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.129629][ T329] ? afs_put_call+0xa40/0xa40 [ 68.134318][ T329] print_address_description.constprop.0.cold+0xd3/0x413 [ 68.141343][ T329] ? vprintk_func+0x97/0x1a6 [ 68.145934][ T329] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.151476][ T329] kasan_report.cold+0x1f/0x37 [ 68.156240][ T329] ? rcu_read_lock_held+0x81/0xb0 [ 68.161256][ T329] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.166801][ T329] afs_wake_up_async_call+0x6aa/0x770 [ 68.172181][ T329] ? afs_close_socket+0x320/0x320 [ 68.177218][ T329] ? afs_put_call+0xa40/0xa40 [ 68.181903][ T329] rxrpc_notify_socket+0x1db/0x5d0 [ 68.187019][ T329] ? afs_put_call+0xa40/0xa40 [ 68.191690][ T329] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 68.198106][ T329] rxrpc_call_completed+0xca/0xf0 [ 68.203129][ T329] rxrpc_discard_prealloc+0x781/0xab0 [ 68.208500][ T329] ? lock_sock_nested+0x94/0x110 [ 68.213441][ T329] rxrpc_listen+0x147/0x360 [ 68.217941][ T329] afs_close_socket+0x95/0x320 [ 68.222697][ T329] ? afs_purge_servers+0x16d/0x300 [ 68.227803][ T329] ? afs_rx_discard_new_call+0x50/0x50 [ 68.233269][ T329] ? init_wait_var_entry+0x200/0x200 [ 68.238572][ T329] ? rcu_read_lock_held_common+0xa0/0xa0 [ 68.244211][ T329] ? check_preemption_disabled+0x38/0x220 [ 68.249938][ T329] afs_net_exit+0x1bc/0x310 [ 68.254446][ T329] ? afs_net_init+0xe30/0xe30 [ 68.259116][ T329] ops_exit_list.isra.0+0xa8/0x150 [ 68.264226][ T329] cleanup_net+0x511/0xa50 [ 68.268639][ T329] ? unregister_pernet_device+0x70/0x70 [ 68.274199][ T329] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.280191][ T329] process_one_work+0x965/0x1690 [ 68.285134][ T329] ? lock_release+0x800/0x800 [ 68.289809][ T329] ? pwq_dec_nr_in_flight+0x310/0x310 [ 68.295183][ T329] ? rwlock_bug.part.0+0x90/0x90 [ 68.300128][ T329] worker_thread+0x96/0xe10 [ 68.304642][ T329] ? process_one_work+0x1690/0x1690 [ 68.309840][ T329] kthread+0x3b5/0x4a0 [ 68.313903][ T329] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.319618][ T329] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.325341][ T329] ret_from_fork+0x1f/0x30 [ 68.329763][ T329] [ 68.332088][ T329] Allocated by task 6809: [ 68.336413][ T329] save_stack+0x1b/0x40 [ 68.340565][ T329] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 68.346192][ T329] kmem_cache_alloc_trace+0x153/0x7d0 [ 68.351556][ T329] afs_alloc_call+0x55/0x630 [ 68.356225][ T329] afs_charge_preallocation+0xe9/0x2d0 [ 68.361674][ T329] afs_open_socket+0x292/0x360 [ 68.366432][ T329] afs_net_init+0xa6c/0xe30 [ 68.370925][ T329] ops_init+0xaf/0x420 [ 68.374984][ T329] setup_net+0x2de/0x860 [ 68.379221][ T329] copy_net_ns+0x293/0x590 [ 68.383631][ T329] create_new_namespaces+0x3fb/0xb30 [ 68.388910][ T329] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 68.394546][ T329] ksys_unshare+0x43d/0x8e0 [ 68.399042][ T329] __x64_sys_unshare+0x2d/0x40 [ 68.403799][ T329] do_syscall_64+0x60/0xe0 [ 68.408209][ T329] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 68.414090][ T329] [ 68.416411][ T329] Freed by task 329: [ 68.420310][ T329] save_stack+0x1b/0x40 [ 68.424459][ T329] __kasan_slab_free+0xf7/0x140 [ 68.429387][ T329] kfree+0x109/0x2b0 [ 68.433278][ T329] afs_put_call+0x585/0xa40 [ 68.437780][ T329] rxrpc_discard_prealloc+0x764/0xab0 [ 68.443146][ T329] rxrpc_listen+0x147/0x360 [ 68.447641][ T329] afs_close_socket+0x95/0x320 [ 68.452397][ T329] afs_net_exit+0x1bc/0x310 [ 68.456892][ T329] ops_exit_list.isra.0+0xa8/0x150 [ 68.461999][ T329] cleanup_net+0x511/0xa50 [ 68.466430][ T329] process_one_work+0x965/0x1690 [ 68.471370][ T329] worker_thread+0x96/0xe10 [ 68.475867][ T329] kthread+0x3b5/0x4a0 [ 68.479929][ T329] ret_from_fork+0x1f/0x30 [ 68.484851][ T329] [ 68.487173][ T329] The buggy address belongs to the object at ffff8880a0f4a000 [ 68.487173][ T329] which belongs to the cache kmalloc-1k of size 1024 [ 68.501215][ T329] The buggy address is located 484 bytes inside of [ 68.501215][ T329] 1024-byte region [ffff8880a0f4a000, ffff8880a0f4a400) [ 68.514557][ T329] The buggy address belongs to the page: [ 68.520185][ T329] page:ffffea000283d280 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 68.529299][ T329] flags: 0xfffe0000000200(slab) [ 68.534145][ T329] raw: 00fffe0000000200 ffffea00029d0a48 ffffea0002530388 ffff8880aa000c40 [ 68.542731][ T329] raw: 0000000000000000 ffff8880a0f4a000 0000000100000002 0000000000000000 [ 68.551308][ T329] page dumped because: kasan: bad access detected [ 68.557793][ T329] [ 68.560111][ T329] Memory state around the buggy address: [ 68.565734][ T329] ffff8880a0f4a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.573786][ T329] ffff8880a0f4a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.581840][ T329] >ffff8880a0f4a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.589895][ T329] ^ [ 68.597079][ T329] ffff8880a0f4a200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.605238][ T329] ffff8880a0f4a280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 68.613284][ T329] ================================================================== [ 68.621335][ T329] Disabling lock debugging due to kernel taint [ 68.627527][ T329] Kernel panic - not syncing: panic_on_warn set ... [ 68.634106][ T329] CPU: 0 PID: 329 Comm: kworker/u4:5 Tainted: G B 5.7.0-syzkaller #0 [ 68.643454][ T329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 68.653499][ T329] Workqueue: netns cleanup_net [ 68.658247][ T329] Call Trace: [ 68.661530][ T329] dump_stack+0x18f/0x20d [ 68.665850][ T329] ? afs_wake_up_async_call+0x5f0/0x770 [ 68.671384][ T329] ? afs_put_call+0xa40/0xa40 [ 68.676047][ T329] panic+0x2e3/0x75c [ 68.679934][ T329] ? __warn_printk+0xf3/0xf3 [ 68.684512][ T329] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 68.690656][ T329] ? trace_hardirqs_on+0x55/0x220 [ 68.695671][ T329] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.701202][ T329] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.706732][ T329] ? afs_put_call+0xa40/0xa40 [ 68.711396][ T329] end_report+0x4d/0x53 [ 68.715542][ T329] kasan_report.cold+0xd/0x37 [ 68.720239][ T329] ? rcu_read_lock_held+0x81/0xb0 [ 68.725254][ T329] ? afs_wake_up_async_call+0x6aa/0x770 [ 68.730803][ T329] afs_wake_up_async_call+0x6aa/0x770 [ 68.736250][ T329] ? afs_close_socket+0x320/0x320 [ 68.741264][ T329] ? afs_put_call+0xa40/0xa40 [ 68.745937][ T329] rxrpc_notify_socket+0x1db/0x5d0 [ 68.751049][ T329] ? afs_put_call+0xa40/0xa40 [ 68.755717][ T329] __rxrpc_set_call_completion.part.0+0x172/0x410 executing program [ 68.762128][ T329] rxrpc_call_completed+0xca/0xf0 [ 68.767162][ T329] rxrpc_discard_prealloc+0x781/0xab0 [ 68.772531][ T329] ? lock_sock_nested+0x94/0x110 [ 68.777463][ T329] rxrpc_listen+0x147/0x360 [ 68.781969][ T329] afs_close_socket+0x95/0x320 [ 68.786728][ T329] ? afs_purge_servers+0x16d/0x300 [ 68.791825][ T329] ? afs_rx_discard_new_call+0x50/0x50 [ 68.797258][ T329] ? init_wait_var_entry+0x200/0x200 [ 68.802521][ T329] ? rcu_read_lock_held_common+0xa0/0xa0 [ 68.808193][ T329] ? check_preemption_disabled+0x38/0x220 [ 68.813930][ T329] afs_net_exit+0x1bc/0x310 [ 68.818440][ T329] ? afs_net_init+0xe30/0xe30 [ 68.823100][ T329] ops_exit_list.isra.0+0xa8/0x150 [ 68.828205][ T329] cleanup_net+0x511/0xa50 [ 68.832630][ T329] ? unregister_pernet_device+0x70/0x70 [ 68.838175][ T329] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 68.844174][ T329] process_one_work+0x965/0x1690 [ 68.849109][ T329] ? lock_release+0x800/0x800 [ 68.853780][ T329] ? pwq_dec_nr_in_flight+0x310/0x310 [ 68.859151][ T329] ? rwlock_bug.part.0+0x90/0x90 [ 68.864108][ T329] worker_thread+0x96/0xe10 [ 68.868590][ T329] ? process_one_work+0x1690/0x1690 [ 68.873763][ T329] kthread+0x3b5/0x4a0 [ 68.877825][ T329] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.883520][ T329] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 68.889223][ T329] ret_from_fork+0x1f/0x30 [ 68.895045][ T329] Kernel Offset: disabled [ 68.899357][ T329] Rebooting in 86400 seconds..