[ 51.842327][ T6720] RSP: 002b:00007fff520bc428 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 51.842340][ T6720] RAX: ffffffffffffffda RBX: 000056015519e985 RCX: 00007fe6f6f4b687 [ 51.842348][ T6720] RDX: 00007fff520bc2f0 RSI: 00000000000001ed RDI: 000056015519e985 [ 51.842355][ T6720] RBP: 00007fe6f6f4b680 R08: 0000000000000100 R09: 0000000000000000 [ 51.842361][ T6720] R10: 000056015519e980 R11: 0000000000000246 R12: 00000000000001ed [ 51.842369][ T6720] R13: 00007fff520bc5b0 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Serial Getty on ttyS0. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Load/Save RF Kill Switch Status. [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 55.917770][ T7] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:0/7 [ 55.926742][ T7] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 55.932754][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Not tainted 5.7.0-syzkaller #0 [ 55.940587][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.950644][ T7] Workqueue: writeback wb_workfn (flush-8:0) [ 55.956607][ T7] Call Trace: [ 55.959877][ T7] dump_stack+0x188/0x20d [ 55.964198][ T7] debug_smp_processor_id.cold+0x88/0x9b [ 55.969807][ T7] ext4_mb_new_blocks+0xa77/0x3b30 [ 55.974893][ T7] ? __kmalloc+0x62f/0x7a0 [ 55.979308][ T7] ? ext4_ext_search_right+0x2ca/0xb20 [ 55.985271][ T7] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 55.991056][ T7] ext4_ext_map_blocks+0x2044/0x3410 [ 55.996337][ T7] ? ext4_ext_release+0x10/0x10 [ 56.001187][ T7] ? __down_timeout+0x2d0/0x2d0 [ 56.006030][ T7] ? ext4_es_lookup_extent+0x41d/0xd30 [ 56.011464][ T7] ? debug_smp_processor_id+0x2f/0x185 [ 56.016901][ T7] ext4_map_blocks+0x4cb/0x1640 [ 56.021745][ T7] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 56.026938][ T7] ? debug_smp_processor_id+0x2f/0x185 [ 56.032378][ T7] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.037911][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.044823][ T7] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 56.050259][ T7] ext4_writepages+0x1ab7/0x3400 [ 56.055185][ T7] ? __ext4_mark_inode_dirty+0x950/0x950 [ 56.060805][ T7] ? __lock_acquire+0x2224/0x48a0 [ 56.065817][ T7] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.071791][ T7] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 56.077761][ T7] ? __ext4_mark_inode_dirty+0x950/0x950 [ 56.083382][ T7] ? do_writepages+0xfa/0x2a0 [ 56.088051][ T7] do_writepages+0xfa/0x2a0 [ 56.092563][ T7] ? page_writeback_cpu_online+0x10/0x10 [ 56.098170][ T7] ? debug_smp_processor_id+0x2f/0x185 [ 56.103608][ T7] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.109130][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.115431][ T7] ? lock_downgrade+0x840/0x840 [ 56.120263][ T7] __writeback_single_inode+0x12a/0x1410 [ 56.125870][ T7] ? _raw_spin_unlock+0x24/0x40 [ 56.130695][ T7] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 56.136651][ T7] writeback_sb_inodes+0x515/0xdd0 [ 56.141761][ T7] ? __writeback_single_inode+0x1410/0x1410 [ 56.147643][ T7] __writeback_inodes_wb+0xc3/0x250 [ 56.152835][ T7] wb_writeback+0x910/0xd90 [ 56.157351][ T7] ? print_usage_bug+0x240/0x240 [ 56.162293][ T7] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 56.168693][ T7] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 56.174745][ T7] ? cpumask_next+0x3c/0x40 [ 56.179233][ T7] ? get_nr_dirty_inodes+0xd6/0x130 [ 56.184413][ T7] wb_workfn+0xadf/0x10d0 [ 56.188727][ T7] ? inode_wait_for_writeback+0x30/0x30 [ 56.194260][ T7] ? debug_smp_processor_id+0x2f/0x185 [ 56.199701][ T7] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 56.205238][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 56.211355][ T7] process_one_work+0x965/0x16a0 [ 56.216434][ T7] ? lock_release+0x800/0x800 [ 56.221096][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 56.226468][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 56.231395][ T7] worker_thread+0x96/0xe10 [ 56.235892][ T7] ? process_one_work+0x16a0/0x16a0 [ 56.241074][ T7] kthread+0x388/0x470 [ 56.245136][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.250857][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 56.256565][ T7] ret_from_fork+0x24/0x30 Warning: Permanently added '10.128.0.165' (ECDSA) to the list of known hosts. 2020/06/13 03:02:50 fuzzer started 2020/06/13 03:02:51 connecting to host at 10.128.0.26:33841 2020/06/13 03:02:51 checking machine... 2020/06/13 03:02:51 checking revisions... 2020/06/13 03:02:51 testing simple program... [ 58.113376][ T6798] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6798 [ 58.122528][ T6798] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 58.128504][ T6798] CPU: 0 PID: 6798 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 58.136481][ T6798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.146524][ T6798] Call Trace: [ 58.149835][ T6798] dump_stack+0x188/0x20d [ 58.154171][ T6798] debug_smp_processor_id.cold+0x88/0x9b [ 58.159807][ T6798] ext4_mb_new_blocks+0xa77/0x3b30 [ 58.164904][ T6798] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.170343][ T6798] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.176041][ T6798] ext4_ext_map_blocks+0x2044/0x3410 [ 58.181317][ T6798] ? ext4_ext_release+0x10/0x10 [ 58.186162][ T6798] ? __down_timeout+0x2d0/0x2d0 [ 58.190997][ T6798] ? ext4_es_lookup_extent+0x41d/0xd30 [ 58.196444][ T6798] ext4_map_blocks+0x4cb/0x1640 [ 58.201275][ T6798] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.206449][ T6798] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.211983][ T6798] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.217943][ T6798] ? prandom_u32_state+0xe/0x170 [ 58.222856][ T6798] ? __brelse+0x84/0xa0 [ 58.227784][ T6798] ? __ext4_new_inode+0x144/0x57c0 [ 58.232884][ T6798] ext4_getblk+0xad/0x520 [ 58.237205][ T6798] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.242902][ T6798] ? ext4_free_inode+0x17e0/0x17e0 [ 58.248006][ T6798] ext4_bread+0x7c/0x380 [ 58.252289][ T6798] ? ext4_getblk+0x520/0x520 [ 58.256871][ T6798] ? dqget+0xff0/0xff0 [ 58.260927][ T6798] ext4_append+0x153/0x360 [ 58.265326][ T6798] ext4_mkdir+0x5e0/0xdf0 [ 58.269702][ T6798] ? ext4_rmdir+0xde0/0xde0 [ 58.274191][ T6798] ? security_inode_permission+0xc4/0xf0 [ 58.279817][ T6798] vfs_mkdir+0x419/0x690 [ 58.284038][ T6798] do_mkdirat+0x21e/0x280 [ 58.288371][ T6798] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.293197][ T6798] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.299166][ T6798] ? do_syscall_64+0x21/0x7d0 [ 58.303833][ T6798] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.309791][ T6798] do_syscall_64+0xf6/0x7d0 [ 58.314272][ T6798] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.320149][ T6798] RIP: 0033:0x4b02a0 [ 58.324020][ T6798] Code: 8b 7c 24 10 48 8b 74 24 18 48 8b 54 24 20 49 c7 c2 00 00 00 00 49 c7 c0 00 00 00 00 49 c7 c1 00 00 00 00 48 8b 44 24 08 0f 05 <48> 3d 01 f0 ff ff 76 20 48 c7 44 24 28 ff ff ff ff 48 c7 44 24 30 [ 58.343615][ T6798] RSP: 002b:000000c0000c74b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 58.352182][ T6798] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 58.360154][ T6798] RDX: 00000000000001c0 RSI: 000000c000026fa0 RDI: ffffffffffffff9c [ 58.368113][ T6798] RBP: 000000c0000c7510 R08: 0000000000000000 R09: 0000000000000000 [ 58.376060][ T6798] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 58.384010][ T6798] R13: 000000000000007e R14: 000000000000007d R15: 0000000000000100 [ 58.401640][ T6812] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6812 [ 58.411108][ T6812] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 58.417056][ T6812] CPU: 0 PID: 6812 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 58.425305][ T6812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.435340][ T6812] Call Trace: [ 58.439672][ T6812] dump_stack+0x188/0x20d [ 58.444029][ T6812] debug_smp_processor_id.cold+0x88/0x9b [ 58.449657][ T6812] ext4_mb_new_blocks+0xa77/0x3b30 [ 58.454756][ T6812] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.460223][ T6812] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.465942][ T6812] ext4_ext_map_blocks+0x2044/0x3410 [ 58.471228][ T6812] ? ext4_ext_release+0x10/0x10 [ 58.476084][ T6812] ? __down_timeout+0x2d0/0x2d0 [ 58.480917][ T6812] ? ext4_es_lookup_extent+0x41d/0xd30 [ 58.486377][ T6812] ext4_map_blocks+0x4cb/0x1640 [ 58.491219][ T6812] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.496398][ T6812] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.501954][ T6812] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.507929][ T6812] ? prandom_u32_state+0xe/0x170 [ 58.512848][ T6812] ? __brelse+0x84/0xa0 [ 58.517001][ T6812] ? __ext4_new_inode+0x144/0x57c0 [ 58.522205][ T6812] ext4_getblk+0xad/0x520 [ 58.526615][ T6812] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.532368][ T6812] ? ext4_free_inode+0x17e0/0x17e0 [ 58.537501][ T6812] ext4_bread+0x7c/0x380 [ 58.541756][ T6812] ? ext4_getblk+0x520/0x520 [ 58.546450][ T6812] ? dqget+0xff0/0xff0 [ 58.550532][ T6812] ext4_append+0x153/0x360 [ 58.554933][ T6812] ext4_mkdir+0x5e0/0xdf0 [ 58.561697][ T6812] ? ext4_rmdir+0xde0/0xde0 [ 58.566215][ T6812] ? security_inode_permission+0xc4/0xf0 [ 58.571832][ T6812] vfs_mkdir+0x419/0x690 [ 58.576069][ T6812] do_mkdirat+0x21e/0x280 [ 58.580379][ T6812] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.585226][ T6812] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.591187][ T6812] ? do_syscall_64+0x21/0x7d0 [ 58.595855][ T6812] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.601834][ T6812] do_syscall_64+0xf6/0x7d0 [ 58.606434][ T6812] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 58.612341][ T6812] RIP: 0033:0x45bee7 [ 58.616221][ T6812] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 58.636038][ T6812] RSP: 002b:00007ffcbf3c3868 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 58.644549][ T6812] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 58.652509][ T6812] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffcbf3c3a40 [ 58.660465][ T6812] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002f00 [ 58.668421][ T6812] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 58.676392][ T6812] R13: 00007ffcbf3c3a40 R14: 8421084210842109 R15: 00007ffcbf3c3a4c [ 58.756616][ T6813] IPVS: ftp: loaded support on port[0] = 21 [ 58.794293][ T6813] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6813 [ 58.804390][ T6813] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 58.810369][ T6813] CPU: 1 PID: 6813 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 58.818608][ T6813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 58.828660][ T6813] Call Trace: [ 58.831952][ T6813] dump_stack+0x188/0x20d [ 58.836385][ T6813] debug_smp_processor_id.cold+0x88/0x9b [ 58.842787][ T6813] ext4_mb_new_blocks+0xa77/0x3b30 [ 58.848416][ T6813] ? ext4_ext_search_right+0x2ca/0xb20 [ 58.853864][ T6813] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 58.859582][ T6813] ext4_ext_map_blocks+0x2044/0x3410 [ 58.864852][ T6813] ? ext4_ext_release+0x10/0x10 [ 58.869692][ T6813] ? __down_timeout+0x2d0/0x2d0 [ 58.874523][ T6813] ? ext4_es_lookup_extent+0x41d/0xd30 [ 58.879987][ T6813] ext4_map_blocks+0x4cb/0x1640 [ 58.884949][ T6813] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 58.891025][ T6813] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 58.896617][ T6813] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 58.902584][ T6813] ? prandom_u32_state+0xe/0x170 [ 58.907597][ T6813] ? __brelse+0x84/0xa0 [ 58.911804][ T6813] ? __ext4_new_inode+0x144/0x57c0 [ 58.917013][ T6813] ext4_getblk+0xad/0x520 [ 58.921942][ T6813] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 58.927659][ T6813] ? ext4_free_inode+0x17e0/0x17e0 [ 58.932772][ T6813] ext4_bread+0x7c/0x380 [ 58.937064][ T6813] ? ext4_getblk+0x520/0x520 [ 58.941638][ T6813] ? dqget+0xff0/0xff0 [ 58.945726][ T6813] ext4_append+0x153/0x360 [ 58.950125][ T6813] ext4_mkdir+0x5e0/0xdf0 [ 58.954439][ T6813] ? ext4_rmdir+0xde0/0xde0 [ 58.958925][ T6813] ? security_inode_permission+0xc4/0xf0 [ 58.964564][ T6813] vfs_mkdir+0x419/0x690 [ 58.968806][ T6813] do_mkdirat+0x21e/0x280 [ 58.973147][ T6813] ? __ia32_sys_mknod+0xb0/0xb0 [ 58.977975][ T6813] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.983934][ T6813] ? do_syscall_64+0x21/0x7d0 [ 58.988608][ T6813] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 58.994590][ T6813] do_syscall_64+0xf6/0x7d0 [ 58.999076][ T6813] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.004963][ T6813] RIP: 0033:0x45bee7 [ 59.008853][ T6813] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.028465][ T6813] RSP: 002b:00007ffcbf3c3758 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 59.036958][ T6813] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 59.044908][ T6813] RDX: 00007ffcbf3c37a3 RSI: 00000000000001ff RDI: 00007ffcbf3c37a0 [ 59.052871][ T6813] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 59.060821][ T6813] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 59.068784][ T6813] R13: 00007ffcbf3c3790 R14: 0000000000000000 R15: 00007ffcbf3c37a0 [ 59.124383][ T6813] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6813 [ 59.133864][ T6813] caller is ext4_mb_new_blocks+0xa77/0x3b30 [ 59.139888][ T6813] CPU: 1 PID: 6813 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 59.148128][ T6813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.158273][ T6813] Call Trace: [ 59.161922][ T6813] dump_stack+0x188/0x20d [ 59.166714][ T6813] debug_smp_processor_id.cold+0x88/0x9b [ 59.172453][ T6813] ext4_mb_new_blocks+0xa77/0x3b30 [ 59.177759][ T6813] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.183320][ T6813] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.189057][ T6813] ext4_ext_map_blocks+0x2044/0x3410 [ 59.194400][ T6813] ? ext4_ext_release+0x10/0x10 [ 59.199297][ T6813] ? __down_timeout+0x2d0/0x2d0 [ 59.204186][ T6813] ? ext4_es_lookup_extent+0x41d/0xd30 [ 59.209720][ T6813] ext4_map_blocks+0x4cb/0x1640 [ 59.214569][ T6813] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.219748][ T6813] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.225273][ T6813] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.231232][ T6813] ? prandom_u32_state+0xe/0x170 [ 59.236171][ T6813] ? __brelse+0x84/0xa0 [ 59.240314][ T6813] ? __ext4_new_inode+0x144/0x57c0 [ 59.245421][ T6813] ext4_getblk+0xad/0x520 [ 59.249746][ T6813] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.255446][ T6813] ? ext4_free_inode+0x17e0/0x17e0 [ 59.260555][ T6813] ext4_bread+0x7c/0x380 [ 59.264904][ T6813] ? ext4_getblk+0x520/0x520 [ 59.269486][ T6813] ? dqget+0xff0/0xff0 [ 59.273555][ T6813] ext4_append+0x153/0x360 [ 59.278733][ T6813] ext4_mkdir+0x5e0/0xdf0 [ 59.283066][ T6813] ? ext4_rmdir+0xde0/0xde0 [ 59.287568][ T6813] ? security_inode_permission+0xc4/0xf0 [ 59.293285][ T6813] vfs_mkdir+0x419/0x690 [ 59.297540][ T6813] do_mkdirat+0x21e/0x280 [ 59.301864][ T6813] ? __ia32_sys_mknod+0xb0/0xb0 [ 59.306794][ T6813] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.312759][ T6813] ? do_syscall_64+0x21/0x7d0 [ 59.317435][ T6813] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 59.323558][ T6813] do_syscall_64+0xf6/0x7d0 [ 59.328344][ T6813] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 59.334265][ T6813] RIP: 0033:0x45bee7 [ 59.338232][ T6813] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 59.358596][ T6813] RSP: 002b:00007ffcbf3c3758 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 59.367002][ T6813] RAX: ffffffffffffffda RBX: 000000000000e6e6 RCX: 000000000045bee7 2020/06/13 03:02:52 building call list... [ 59.374951][ T6813] RDX: 00007ffcbf3c37a3 RSI: 00000000000001ff RDI: 00007ffcbf3c37a0 [ 59.382991][ T6813] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 59.391066][ T6813] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 59.399275][ T6813] R13: 00007ffcbf3c3790 R14: 000000000000e6d4 R15: 00007ffcbf3c37a0 [ 59.667105][ T7] tipc: TX() has been purged, node left! [ 60.168264][ T7] ================================================================== [ 60.176488][ T7] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x7a7/0x880 [ 60.184461][ T7] Write of size 1 at addr ffff8880974611e4 by task kworker/u4:0/7 [ 60.192249][ T7] [ 60.194591][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.7.0-syzkaller #0 [ 60.202382][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.212438][ T7] Workqueue: netns cleanup_net [ 60.217189][ T7] Call Trace: [ 60.220479][ T7] dump_stack+0x188/0x20d [ 60.224823][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.230364][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.235902][ T7] ? afs_put_call+0xa70/0xa70 [ 60.240574][ T7] print_address_description.constprop.0.cold+0xd3/0x413 [ 60.247597][ T7] ? vprintk_func+0x97/0x1a6 [ 60.252188][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.257730][ T7] kasan_report.cold+0x1f/0x37 [ 60.262492][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.268036][ T7] afs_wake_up_async_call+0x7a7/0x880 [ 60.273411][ T7] ? do_raw_spin_lock+0x129/0x2e0 [ 60.278432][ T7] ? afs_close_socket+0x320/0x320 [ 60.283447][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 60.288392][ T7] ? rcu_read_lock_held+0x9c/0xb0 [ 60.293413][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.299045][ T7] ? afs_close_socket+0x320/0x320 [ 60.304071][ T7] ? afs_put_call+0xa70/0xa70 [ 60.308740][ T7] rxrpc_notify_socket+0x1e5/0x5e0 [ 60.313868][ T7] ? afs_put_call+0xa70/0xa70 [ 60.318539][ T7] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 60.324950][ T7] rxrpc_call_completed+0xca/0xf0 [ 60.330070][ T7] rxrpc_discard_prealloc+0x786/0xac0 [ 60.335438][ T7] ? lock_sock_nested+0x94/0x110 [ 60.340388][ T7] rxrpc_listen+0x147/0x360 [ 60.344899][ T7] afs_close_socket+0x95/0x320 [ 60.349660][ T7] ? afs_purge_servers+0x16d/0x300 [ 60.354771][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 60.360224][ T7] ? debug_smp_processor_id+0x2f/0x185 [ 60.365683][ T7] ? init_wait_var_entry+0x200/0x200 [ 60.370968][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.376607][ T7] afs_net_exit+0x1bc/0x310 [ 60.381125][ T7] ? afs_net_init+0xe30/0xe30 [ 60.385795][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 60.390905][ T7] cleanup_net+0x511/0xa50 [ 60.395320][ T7] ? unregister_pernet_device+0x70/0x70 [ 60.400866][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.406849][ T7] process_one_work+0x965/0x16a0 [ 60.411791][ T7] ? lock_release+0x800/0x800 [ 60.416469][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 60.421849][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 60.426801][ T7] worker_thread+0x96/0xe10 [ 60.431315][ T7] ? process_one_work+0x16a0/0x16a0 [ 60.436602][ T7] kthread+0x388/0x470 [ 60.440677][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.446397][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 60.452126][ T7] ret_from_fork+0x24/0x30 [ 60.456550][ T7] [ 60.458871][ T7] Allocated by task 6813: [ 60.463196][ T7] save_stack+0x1b/0x40 [ 60.467345][ T7] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 60.472969][ T7] kmem_cache_alloc_trace+0x153/0x7d0 [ 60.478342][ T7] afs_alloc_call+0x55/0x640 [ 60.482924][ T7] afs_charge_preallocation+0xe9/0x2d0 [ 60.488372][ T7] afs_open_socket+0x292/0x360 [ 60.493128][ T7] afs_net_init+0xa6c/0xe30 [ 60.497715][ T7] ops_init+0xaf/0x420 [ 60.501861][ T7] setup_net+0x2de/0x860 [ 60.506094][ T7] copy_net_ns+0x293/0x590 [ 60.510510][ T7] create_new_namespaces+0x3fb/0xb30 [ 60.515787][ T7] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 60.521447][ T7] ksys_unshare+0x43d/0x8e0 [ 60.525952][ T7] __x64_sys_unshare+0x2d/0x40 [ 60.530712][ T7] do_syscall_64+0xf6/0x7d0 [ 60.535215][ T7] entry_SYSCALL_64_after_hwframe+0x49/0xb3 [ 60.541090][ T7] [ 60.543404][ T7] Freed by task 7: [ 60.547123][ T7] save_stack+0x1b/0x40 [ 60.551272][ T7] __kasan_slab_free+0xf7/0x140 [ 60.556111][ T7] kfree+0x109/0x2b0 [ 60.560002][ T7] afs_put_call+0x59b/0xa70 [ 60.564511][ T7] rxrpc_discard_prealloc+0x769/0xac0 [ 60.569879][ T7] rxrpc_listen+0x147/0x360 [ 60.574375][ T7] afs_close_socket+0x95/0x320 [ 60.579144][ T7] afs_net_exit+0x1bc/0x310 [ 60.583642][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 60.588750][ T7] cleanup_net+0x511/0xa50 [ 60.593167][ T7] process_one_work+0x965/0x16a0 [ 60.598100][ T7] worker_thread+0x96/0xe10 [ 60.602597][ T7] kthread+0x388/0x470 [ 60.606659][ T7] ret_from_fork+0x24/0x30 [ 60.611056][ T7] [ 60.613378][ T7] The buggy address belongs to the object at ffff888097461000 [ 60.613378][ T7] which belongs to the cache kmalloc-1k of size 1024 [ 60.627442][ T7] The buggy address is located 484 bytes inside of [ 60.627442][ T7] 1024-byte region [ffff888097461000, ffff888097461400) [ 60.640804][ T7] The buggy address belongs to the page: [ 60.646451][ T7] page:ffffea00025d1840 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 60.655554][ T7] flags: 0xfffe0000000200(slab) [ 60.660409][ T7] raw: 00fffe0000000200 ffffea00025c8e88 ffffea0002775ac8 ffff8880aa000c40 [ 60.668988][ T7] raw: 0000000000000000 ffff888097461000 0000000100000002 0000000000000000 [ 60.677562][ T7] page dumped because: kasan: bad access detected [ 60.683962][ T7] [ 60.686281][ T7] Memory state around the buggy address: [ 60.691904][ T7] ffff888097461080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.699958][ T7] ffff888097461100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.708013][ T7] >ffff888097461180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.716086][ T7] ^ [ 60.723273][ T7] ffff888097461200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.731329][ T7] ffff888097461280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 60.739377][ T7] ================================================================== [ 60.747424][ T7] Disabling lock debugging due to kernel taint [ 60.753605][ T7] Kernel panic - not syncing: panic_on_warn set ... [ 60.760184][ T7] CPU: 0 PID: 7 Comm: kworker/u4:0 Tainted: G B 5.7.0-syzkaller #0 [ 60.769357][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.779407][ T7] Workqueue: netns cleanup_net [ 60.784170][ T7] Call Trace: [ 60.787452][ T7] dump_stack+0x188/0x20d [ 60.791779][ T7] ? afs_wake_up_async_call+0x6b0/0x880 [ 60.797313][ T7] ? afs_put_call+0xa70/0xa70 [ 60.801978][ T7] panic+0x2e3/0x75c [ 60.805864][ T7] ? add_taint.cold+0x16/0x16 [ 60.810528][ T7] ? retint_kernel+0x2b/0x2b [ 60.815111][ T7] ? trace_hardirqs_on+0x55/0x230 [ 60.820126][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.825655][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.831192][ T7] ? afs_put_call+0xa70/0xa70 [ 60.835856][ T7] end_report+0x4d/0x53 [ 60.840002][ T7] kasan_report.cold+0xd/0x37 [ 60.845018][ T7] ? afs_wake_up_async_call+0x7a7/0x880 [ 60.850564][ T7] afs_wake_up_async_call+0x7a7/0x880 [ 60.855923][ T7] ? do_raw_spin_lock+0x129/0x2e0 [ 60.860954][ T7] ? afs_close_socket+0x320/0x320 [ 60.865979][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 60.870911][ T7] ? rcu_read_lock_held+0x9c/0xb0 [ 60.875935][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.881560][ T7] ? afs_close_socket+0x320/0x320 [ 60.886586][ T7] ? afs_put_call+0xa70/0xa70 [ 60.891289][ T7] rxrpc_notify_socket+0x1e5/0x5e0 [ 60.896490][ T7] ? afs_put_call+0xa70/0xa70 [ 60.901171][ T7] __rxrpc_set_call_completion.part.0+0x172/0x420 [ 60.907596][ T7] rxrpc_call_completed+0xca/0xf0 [ 60.912622][ T7] rxrpc_discard_prealloc+0x786/0xac0 executing program [ 60.917994][ T7] ? lock_sock_nested+0x94/0x110 [ 60.922931][ T7] rxrpc_listen+0x147/0x360 [ 60.927560][ T7] afs_close_socket+0x95/0x320 [ 60.932328][ T7] ? afs_purge_servers+0x16d/0x300 [ 60.937440][ T7] ? afs_rx_discard_new_call+0x50/0x50 [ 60.942890][ T7] ? debug_smp_processor_id+0x2f/0x185 [ 60.948347][ T7] ? init_wait_var_entry+0x200/0x200 [ 60.953629][ T7] ? rcu_read_lock_held_common+0xa0/0xa0 [ 60.959254][ T7] afs_net_exit+0x1bc/0x310 [ 60.963731][ T7] ? afs_net_init+0xe30/0xe30 [ 60.968393][ T7] ops_exit_list.isra.0+0xa8/0x150 [ 60.973502][ T7] cleanup_net+0x511/0xa50 [ 60.977915][ T7] ? unregister_pernet_device+0x70/0x70 [ 60.983459][ T7] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.989445][ T7] process_one_work+0x965/0x16a0 [ 60.995336][ T7] ? lock_release+0x800/0x800 [ 61.000008][ T7] ? pwq_dec_nr_in_flight+0x310/0x310 [ 61.005372][ T7] ? rwlock_bug.part.0+0x90/0x90 [ 61.010286][ T7] worker_thread+0x96/0xe10 [ 61.015545][ T7] ? process_one_work+0x16a0/0x16a0 [ 61.020713][ T7] kthread+0x388/0x470 [ 61.024763][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.030644][ T7] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.036340][ T7] ret_from_fork+0x24/0x30 [ 61.042026][ T7] Kernel Offset: disabled [ 61.046358][ T7] Rebooting in 86400 seconds..