Starting Load/Save RF Kill Switch Status... [ 54.156400][ T6756] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6756 [ 54.166009][ T6756] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 54.172249][ T6756] CPU: 0 PID: 6756 Comm: systemd-rfkill Not tainted 5.7.0-next-20200611-syzkaller #0 [ 54.181784][ T6756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 54.191816][ T6756] Call Trace: [ 54.195085][ T6756] dump_stack+0x18f/0x20d [ 54.199426][ T6756] check_preemption_disabled+0x20d/0x220 [ 54.205264][ T6756] ext4_mb_new_blocks+0xa4d/0x3b70 [ 54.210368][ T6756] ? ext4_ext_search_right+0x2ca/0xb20 [ 54.215811][ T6756] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 54.221521][ T6756] ext4_ext_map_blocks+0x201b/0x33e0 [ 54.226787][ T6756] ? ext4_ext_release+0x10/0x10 [ 54.231649][ T6756] ? down_write_killable+0x170/0x170 [ 54.236931][ T6756] ? ext4_es_lookup_extent+0x41d/0xd10 [ 54.242397][ T6756] ext4_map_blocks+0x4cb/0x1640 [ 54.247264][ T6756] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 54.252467][ T6756] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 54.258392][ T6756] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 54.264470][ T6756] ? prandom_u32_state+0xe/0x170 [ 54.269416][ T6756] ? __brelse+0x84/0xa0 [ 54.273668][ T6756] ? __ext4_new_inode+0x144/0x55e0 [ 54.278876][ T6756] ext4_getblk+0xad/0x520 [ 54.283216][ T6756] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 54.288955][ T6756] ? ext4_free_inode+0x1700/0x1700 [ 54.294081][ T6756] ext4_bread+0x7c/0x380 [ 54.298359][ T6756] ? ext4_getblk+0x520/0x520 [ 54.302959][ T6756] ? dquot_get_next_dqblk+0x180/0x180 [ 54.308357][ T6756] ext4_append+0x153/0x360 [ 54.312785][ T6756] ext4_mkdir+0x5e0/0xdf0 [ 54.317234][ T6756] ? ext4_rmdir+0xde0/0xde0 [ 54.321726][ T6756] ? security_inode_permission+0xc4/0xf0 [ 54.327365][ T6756] vfs_mkdir+0x419/0x690 [ 54.331603][ T6756] do_mkdirat+0x21e/0x280 [ 54.335931][ T6756] ? __ia32_sys_mknod+0xb0/0xb0 [ 54.340772][ T6756] ? do_syscall_64+0x1c/0xe0 [ 54.345340][ T6756] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 54.351436][ T6756] do_syscall_64+0x60/0xe0 [ 54.355866][ T6756] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 54.361761][ T6756] RIP: 0033:0x7fc1522a4687 [ 54.366162][ T6756] Code: Bad RIP value. [ 54.370219][ T6756] RSP: 002b:00007ffc7e593158 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 54.378612][ T6756] RAX: ffffffffffffffda RBX: 0000555dc0662985 RCX: 00007fc1522a4687 [ 54.387610][ T6756] RDX: 00007ffc7e593020 RSI: 00000000000001ed RDI: 0000555dc0662985 [ 54.395562][ T6756] RBP: 00007fc1522a4680 R08: 0000000000000100 R09: 0000000000000000 [ 54.403929][ T6756] R10: 0000555dc0662980 R11: 0000000000000246 R12: 00000000000001ed [ 54.411885][ T6756] R13: 00007ffc7e5932e0 R14: 0000000000000000 R15: 0000000000000000 [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 syzkaller login: [ 57.607701][ T6790] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:6/6790 [ 57.617308][ T6790] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.623372][ T6790] CPU: 0 PID: 6790 Comm: kworker/u4:6 Not tainted 5.7.0-next-20200611-syzkaller #0 [ 57.633248][ T6790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 57.643333][ T6790] Workqueue: writeback wb_workfn (flush-8:0) [ 57.649438][ T6790] Call Trace: [ 57.653102][ T6790] dump_stack+0x18f/0x20d [ 57.657584][ T6790] check_preemption_disabled+0x20d/0x220 [ 57.663224][ T6790] ext4_mb_new_blocks+0xa4d/0x3b70 [ 57.668329][ T6790] ? ext4_find_extent+0x81a/0xad0 [ 57.673491][ T6790] ? ext4_ext_search_right+0x2ca/0xb20 [ 57.679077][ T6790] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 57.684789][ T6790] ext4_ext_map_blocks+0x201b/0x33e0 [ 57.690063][ T6790] ? ext4_ext_release+0x10/0x10 [ 57.694905][ T6790] ? down_write_killable+0x170/0x170 [ 57.700266][ T6790] ? ext4_es_lookup_extent+0x41d/0xd10 [ 57.705705][ T6790] ext4_map_blocks+0x4cb/0x1640 [ 57.710550][ T6790] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 57.715734][ T6790] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.721365][ T6790] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.727344][ T6790] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 57.732786][ T6790] ext4_writepages+0x1a83/0x33c0 [ 57.737816][ T6790] ? __ext4_mark_inode_dirty+0x940/0x940 [ 57.743426][ T6790] ? __lock_acquire+0x2224/0x48b0 [ 57.748439][ T6790] ? ext4_da_get_block_prep+0x1120/0x1120 [ 57.754134][ T6790] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 57.760094][ T6790] ? __ext4_mark_inode_dirty+0x940/0x940 [ 57.765711][ T6790] ? do_writepages+0xf3/0x2a0 [ 57.770366][ T6790] do_writepages+0xf3/0x2a0 [ 57.774935][ T6790] ? page_writeback_cpu_online+0x10/0x10 [ 57.780558][ T6790] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.786078][ T6790] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.792046][ T6790] ? lock_downgrade+0x840/0x840 [ 57.796875][ T6790] __writeback_single_inode+0x12a/0x13d0 [ 57.802484][ T6790] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 57.808443][ T6790] writeback_sb_inodes+0x541/0xe40 [ 57.813634][ T6790] ? __writeback_single_inode+0x13d0/0x13d0 [ 57.819539][ T6790] __writeback_inodes_wb+0xc6/0x280 [ 57.824736][ T6790] wb_writeback+0x8c9/0xd40 [ 57.829554][ T6790] ? find_held_lock+0x2d/0x110 [ 57.834307][ T6790] ? writeback_inodes_wb.constprop.0+0x1d0/0x1d0 [ 57.840632][ T6790] ? cpumask_next+0x3c/0x40 [ 57.845127][ T6790] ? get_nr_dirty_inodes+0xd6/0x130 [ 57.850335][ T6790] wb_workfn+0xab5/0x1090 [ 57.854653][ T6790] ? inode_wait_for_writeback+0x30/0x30 [ 57.860196][ T6790] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 57.865728][ T6790] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 57.871689][ T6790] process_one_work+0x965/0x1690 [ 57.876607][ T6790] ? lock_release+0x800/0x800 [ 57.881257][ T6790] ? pwq_dec_nr_in_flight+0x310/0x310 [ 57.886604][ T6790] ? rwlock_bug.part.0+0x90/0x90 [ 57.891523][ T6790] worker_thread+0x96/0xe10 [ 57.896012][ T6790] ? process_one_work+0x1690/0x1690 [ 57.901208][ T6790] kthread+0x3b5/0x4a0 [ 57.905264][ T6790] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.910964][ T6790] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 57.916709][ T6790] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.0.202' (ECDSA) to the list of known hosts. 2020/06/11 05:17:07 fuzzer started 2020/06/11 05:17:07 connecting to host at 10.128.0.26:41163 2020/06/11 05:17:07 checking machine... 2020/06/11 05:17:07 checking revisions... 2020/06/11 05:17:07 testing simple program... [ 59.854595][ T6829] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6829 [ 59.863677][ T6829] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.869878][ T6829] CPU: 1 PID: 6829 Comm: syz-fuzzer Not tainted 5.7.0-next-20200611-syzkaller #0 [ 59.878999][ T6829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 59.889049][ T6829] Call Trace: [ 59.892321][ T6829] dump_stack+0x18f/0x20d [ 59.896655][ T6829] check_preemption_disabled+0x20d/0x220 [ 59.902275][ T6829] ext4_mb_new_blocks+0xa4d/0x3b70 [ 59.907372][ T6829] ? ext4_ext_search_right+0x2ca/0xb20 [ 59.912804][ T6829] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 59.918520][ T6829] ext4_ext_map_blocks+0x201b/0x33e0 [ 59.923786][ T6829] ? ext4_ext_release+0x10/0x10 [ 59.928640][ T6829] ? down_write_killable+0x170/0x170 [ 59.933915][ T6829] ? ext4_es_lookup_extent+0x41d/0xd10 [ 59.939452][ T6829] ext4_map_blocks+0x4cb/0x1640 [ 59.944285][ T6829] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 59.949458][ T6829] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 59.954978][ T6829] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 59.961212][ T6829] ? prandom_u32_state+0xe/0x170 [ 59.966128][ T6829] ? __brelse+0x84/0xa0 [ 59.970275][ T6829] ? __ext4_new_inode+0x144/0x55e0 [ 59.975372][ T6829] ext4_getblk+0xad/0x520 [ 59.979732][ T6829] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 59.985463][ T6829] ? ext4_free_inode+0x1700/0x1700 [ 59.990575][ T6829] ext4_bread+0x7c/0x380 [ 59.994799][ T6829] ? ext4_getblk+0x520/0x520 [ 59.999371][ T6829] ? dquot_get_next_dqblk+0x180/0x180 [ 60.004723][ T6829] ext4_append+0x153/0x360 [ 60.009154][ T6829] ext4_mkdir+0x5e0/0xdf0 [ 60.013466][ T6829] ? ext4_rmdir+0xde0/0xde0 [ 60.018003][ T6829] ? security_inode_permission+0xc4/0xf0 [ 60.023621][ T6829] vfs_mkdir+0x419/0x690 [ 60.027857][ T6829] do_mkdirat+0x21e/0x280 [ 60.032193][ T6829] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.037032][ T6829] ? do_syscall_64+0x1c/0xe0 [ 60.041605][ T6829] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.047615][ T6829] do_syscall_64+0x60/0xe0 [ 60.052022][ T6829] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.057895][ T6829] RIP: 0033:0x4b02a0 [ 60.061763][ T6829] Code: Bad RIP value. [ 60.065808][ T6829] RSP: 002b:000000c0000cd4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 60.074716][ T6829] RAX: ffffffffffffffda RBX: 000000c00002c000 RCX: 00000000004b02a0 [ 60.082675][ T6829] RDX: 00000000000001c0 RSI: 000000c000026e80 RDI: ffffffffffffff9c [ 60.090630][ T6829] RBP: 000000c0000cd510 R08: 0000000000000000 R09: 0000000000000000 [ 60.098598][ T6829] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 60.106563][ T6829] R13: 0000000000000075 R14: 0000000000000074 R15: 0000000000000100 [ 60.125658][ T6845] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6845 [ 60.135116][ T6845] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.141081][ T6845] CPU: 1 PID: 6845 Comm: syz-executor.0 Not tainted 5.7.0-next-20200611-syzkaller #0 [ 60.150550][ T6845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.160710][ T6845] Call Trace: [ 60.163995][ T6845] dump_stack+0x18f/0x20d [ 60.168315][ T6845] check_preemption_disabled+0x20d/0x220 [ 60.173943][ T6845] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.179074][ T6845] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.184509][ T6845] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.190222][ T6845] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.195487][ T6845] ? ext4_ext_release+0x10/0x10 [ 60.200325][ T6845] ? down_write_killable+0x170/0x170 [ 60.205582][ T6845] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.211019][ T6845] ext4_map_blocks+0x4cb/0x1640 [ 60.215862][ T6845] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.221055][ T6845] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.226578][ T6845] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.232532][ T6845] ? prandom_u32_state+0xe/0x170 [ 60.237455][ T6845] ? __brelse+0x84/0xa0 [ 60.241614][ T6845] ? __ext4_new_inode+0x144/0x55e0 [ 60.246738][ T6845] ext4_getblk+0xad/0x520 [ 60.251062][ T6845] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.256780][ T6845] ? ext4_free_inode+0x1700/0x1700 [ 60.262006][ T6845] ext4_bread+0x7c/0x380 [ 60.266276][ T6845] ? ext4_getblk+0x520/0x520 [ 60.270896][ T6845] ? dquot_get_next_dqblk+0x180/0x180 [ 60.276410][ T6845] ext4_append+0x153/0x360 [ 60.281021][ T6845] ext4_mkdir+0x5e0/0xdf0 [ 60.285607][ T6845] ? ext4_rmdir+0xde0/0xde0 [ 60.290139][ T6845] ? security_inode_permission+0xc4/0xf0 [ 60.295792][ T6845] vfs_mkdir+0x419/0x690 [ 60.300041][ T6845] do_mkdirat+0x21e/0x280 [ 60.304376][ T6845] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.309219][ T6845] ? do_syscall_64+0x1c/0xe0 [ 60.313815][ T6845] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.319867][ T6845] do_syscall_64+0x60/0xe0 [ 60.324280][ T6845] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.330263][ T6845] RIP: 0033:0x45bee7 [ 60.334204][ T6845] Code: Bad RIP value. [ 60.338335][ T6845] RSP: 002b:00007ffef7078d78 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 60.346907][ T6845] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7 [ 60.354869][ T6845] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffef7078f50 [ 60.362818][ T6845] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003700 [ 60.370782][ T6845] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 60.378746][ T6845] R13: 00007ffef7078f50 R14: 8421084210842109 R15: 00007ffef7078f5c [ 60.461071][ T6846] IPVS: ftp: loaded support on port[0] = 21 [ 60.496939][ T6846] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6846 [ 60.506686][ T6846] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.512585][ T6846] CPU: 0 PID: 6846 Comm: syz-executor.0 Not tainted 5.7.0-next-20200611-syzkaller #0 [ 60.522018][ T6846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.532060][ T6846] Call Trace: [ 60.535346][ T6846] dump_stack+0x18f/0x20d [ 60.539674][ T6846] check_preemption_disabled+0x20d/0x220 [ 60.548157][ T6846] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.553261][ T6846] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.558711][ T6846] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.564432][ T6846] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.569707][ T6846] ? ext4_ext_release+0x10/0x10 [ 60.574633][ T6846] ? down_write_killable+0x170/0x170 [ 60.580017][ T6846] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.585480][ T6846] ext4_map_blocks+0x4cb/0x1640 [ 60.590392][ T6846] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.595674][ T6846] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.601222][ T6846] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.607181][ T6846] ? prandom_u32_state+0xe/0x170 [ 60.612105][ T6846] ? __brelse+0x84/0xa0 [ 60.616254][ T6846] ? __ext4_new_inode+0x144/0x55e0 [ 60.621369][ T6846] ext4_getblk+0xad/0x520 [ 60.625688][ T6846] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.631510][ T6846] ? ext4_free_inode+0x1700/0x1700 [ 60.636621][ T6846] ext4_bread+0x7c/0x380 [ 60.640847][ T6846] ? ext4_getblk+0x520/0x520 [ 60.645416][ T6846] ? dquot_get_next_dqblk+0x180/0x180 [ 60.650770][ T6846] ext4_append+0x153/0x360 [ 60.655165][ T6846] ext4_mkdir+0x5e0/0xdf0 [ 60.659477][ T6846] ? ext4_rmdir+0xde0/0xde0 [ 60.663962][ T6846] ? security_inode_permission+0xc4/0xf0 [ 60.669577][ T6846] vfs_mkdir+0x419/0x690 [ 60.673876][ T6846] do_mkdirat+0x21e/0x280 [ 60.678210][ T6846] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.683045][ T6846] ? do_syscall_64+0x1c/0xe0 [ 60.687632][ T6846] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.693589][ T6846] do_syscall_64+0x60/0xe0 [ 60.697985][ T6846] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.703850][ T6846] RIP: 0033:0x45bee7 [ 60.707712][ T6846] Code: Bad RIP value. [ 60.711751][ T6846] RSP: 002b:00007ffef7078c68 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 60.720146][ T6846] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7 [ 60.728118][ T6846] RDX: 00007ffef7078cb3 RSI: 00000000000001ff RDI: 00007ffef7078cb0 [ 60.736153][ T6846] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 60.744132][ T6846] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0 [ 60.752095][ T6846] R13: 00007ffef7078ca0 R14: 0000000000000000 R15: 00007ffef7078cb0 [ 60.808627][ T6846] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6846 [ 60.818278][ T6846] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.824185][ T6846] CPU: 1 PID: 6846 Comm: syz-executor.0 Not tainted 5.7.0-next-20200611-syzkaller #0 [ 60.833725][ T6846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.848505][ T6846] Call Trace: [ 60.852245][ T6846] dump_stack+0x18f/0x20d [ 60.856682][ T6846] check_preemption_disabled+0x20d/0x220 [ 60.862344][ T6846] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.868354][ T6846] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.873810][ T6846] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.879554][ T6846] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.885283][ T6846] ? ext4_ext_release+0x10/0x10 [ 60.890158][ T6846] ? down_write_killable+0x170/0x170 [ 60.895456][ T6846] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.901522][ T6846] ext4_map_blocks+0x4cb/0x1640 [ 60.906371][ T6846] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.911549][ T6846] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.917073][ T6846] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.923565][ T6846] ? prandom_u32_state+0xe/0x170 [ 60.928570][ T6846] ? __brelse+0x84/0xa0 [ 60.932927][ T6846] ? __ext4_new_inode+0x144/0x55e0 [ 60.939961][ T6846] ext4_getblk+0xad/0x520 [ 60.944307][ T6846] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.950043][ T6846] ? ext4_free_inode+0x1700/0x1700 [ 60.955242][ T6846] ext4_bread+0x7c/0x380 [ 60.959481][ T6846] ? ext4_getblk+0x520/0x520 [ 60.964081][ T6846] ? dquot_get_next_dqblk+0x180/0x180 [ 60.969707][ T6846] ext4_append+0x153/0x360 [ 60.974906][ T6846] ext4_mkdir+0x5e0/0xdf0 [ 60.979234][ T6846] ? ext4_rmdir+0xde0/0xde0 [ 60.983739][ T6846] ? security_inode_permission+0xc4/0xf0 [ 60.989487][ T6846] vfs_mkdir+0x419/0x690 [ 60.993844][ T6846] do_mkdirat+0x21e/0x280 [ 60.998279][ T6846] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.003197][ T6846] ? do_syscall_64+0x1c/0xe0 [ 61.007986][ T6846] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.014047][ T6846] do_syscall_64+0x60/0xe0 [ 61.018707][ T6846] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.024576][ T6846] RIP: 0033:0x45bee7 [ 61.028547][ T6846] Code: Bad RIP value. [ 61.032602][ T6846] RSP: 002b:00007ffef7078c68 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 61.041001][ T6846] RAX: ffffffffffffffda RBX: 000000000000ed7f RCX: 000000000045bee7 [ 61.049583][ T6846] RDX: 00007ffef7078cb3 RSI: 00000000000001ff RDI: 00007ffef7078cb0 2020/06/11 05:17:08 building call list... [ 61.057532][ T6846] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 61.066031][ T6846] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 61.074440][ T6846] R13: 00007ffef7078ca0 R14: 000000000000ed75 R15: 00007ffef7078cb0 [ 61.346195][ T6790] tipc: TX() has been purged, node left! [ 61.888303][ T6790] ================================================================== [ 61.896701][ T6790] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 61.904932][ T6790] Write of size 1 at addr ffff88809f2d29e4 by task kworker/u4:6/6790 [ 61.912977][ T6790] [ 61.915308][ T6790] CPU: 0 PID: 6790 Comm: kworker/u4:6 Not tainted 5.7.0-next-20200611-syzkaller #0 [ 61.924576][ T6790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.934653][ T6790] Workqueue: netns cleanup_net [ 61.939405][ T6790] Call Trace: [ 61.942694][ T6790] dump_stack+0x18f/0x20d [ 61.947111][ T6790] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.952919][ T6790] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.958457][ T6790] ? afs_put_call+0xa40/0xa40 [ 61.963160][ T6790] print_address_description.constprop.0.cold+0xd3/0x413 [ 61.970186][ T6790] ? vprintk_func+0x97/0x1a6 [ 61.974774][ T6790] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.980319][ T6790] kasan_report.cold+0x1f/0x37 [ 61.985082][ T6790] ? rcu_read_lock_held_common+0x71/0xa0 [ 61.990739][ T6790] ? afs_wake_up_async_call+0x6aa/0x770 [ 61.996290][ T6790] afs_wake_up_async_call+0x6aa/0x770 [ 62.001667][ T6790] ? afs_close_socket+0x320/0x320 [ 62.006691][ T6790] ? afs_put_call+0xa40/0xa40 [ 62.011377][ T6790] rxrpc_notify_socket+0x1db/0x5d0 [ 62.016492][ T6790] ? afs_put_call+0xa40/0xa40 [ 62.021166][ T6790] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 62.027587][ T6790] rxrpc_call_completed+0xca/0xf0 [ 62.032614][ T6790] rxrpc_discard_prealloc+0x781/0xab0 [ 62.037997][ T6790] ? lock_sock_nested+0x94/0x110 [ 62.042952][ T6790] rxrpc_listen+0x147/0x360 [ 62.047483][ T6790] afs_close_socket+0x95/0x320 [ 62.052249][ T6790] ? afs_purge_servers+0x16d/0x300 [ 62.057371][ T6790] ? afs_rx_discard_new_call+0x50/0x50 [ 62.062842][ T6790] ? init_wait_var_entry+0x200/0x200 [ 62.068125][ T6790] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.073754][ T6790] ? check_preemption_disabled+0x38/0x220 [ 62.079472][ T6790] afs_net_exit+0x1bc/0x310 [ 62.083969][ T6790] ? afs_net_init+0xe30/0xe30 [ 62.088638][ T6790] ops_exit_list.isra.0+0xa8/0x150 [ 62.093750][ T6790] cleanup_net+0x511/0xa50 [ 62.098165][ T6790] ? unregister_pernet_device+0x70/0x70 [ 62.103711][ T6790] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.109695][ T6790] process_one_work+0x965/0x1690 [ 62.114638][ T6790] ? lock_release+0x800/0x800 [ 62.119310][ T6790] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.124679][ T6790] ? rwlock_bug.part.0+0x90/0x90 [ 62.129622][ T6790] worker_thread+0x96/0xe10 [ 62.134145][ T6790] ? process_one_work+0x1690/0x1690 [ 62.139340][ T6790] kthread+0x3b5/0x4a0 [ 62.143924][ T6790] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.149637][ T6790] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.155354][ T6790] ret_from_fork+0x1f/0x30 [ 62.159775][ T6790] [ 62.162097][ T6790] Allocated by task 6846: [ 62.166420][ T6790] save_stack+0x1b/0x40 [ 62.170571][ T6790] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 62.176196][ T6790] kmem_cache_alloc_trace+0x153/0x7d0 [ 62.181570][ T6790] afs_alloc_call+0x55/0x630 [ 62.186157][ T6790] afs_charge_preallocation+0xe9/0x2d0 [ 62.191609][ T6790] afs_open_socket+0x292/0x360 [ 62.196363][ T6790] afs_net_init+0xa6c/0xe30 [ 62.200857][ T6790] ops_init+0xaf/0x420 [ 62.204916][ T6790] setup_net+0x2de/0x860 [ 62.209147][ T6790] copy_net_ns+0x293/0x590 [ 62.213556][ T6790] create_new_namespaces+0x3fb/0xb30 [ 62.218832][ T6790] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 62.224455][ T6790] ksys_unshare+0x43d/0x8e0 [ 62.228968][ T6790] __x64_sys_unshare+0x2d/0x40 [ 62.233726][ T6790] do_syscall_64+0x60/0xe0 [ 62.238144][ T6790] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 62.244033][ T6790] [ 62.246352][ T6790] Freed by task 6790: [ 62.250368][ T6790] save_stack+0x1b/0x40 [ 62.255053][ T6790] __kasan_slab_free+0xf7/0x140 [ 62.259901][ T6790] kfree+0x109/0x2b0 [ 62.263825][ T6790] afs_put_call+0x585/0xa40 [ 62.268322][ T6790] rxrpc_discard_prealloc+0x764/0xab0 [ 62.273690][ T6790] rxrpc_listen+0x147/0x360 [ 62.278189][ T6790] afs_close_socket+0x95/0x320 [ 62.282977][ T6790] afs_net_exit+0x1bc/0x310 [ 62.287472][ T6790] ops_exit_list.isra.0+0xa8/0x150 [ 62.292573][ T6790] cleanup_net+0x511/0xa50 [ 62.296994][ T6790] process_one_work+0x965/0x1690 [ 62.301922][ T6790] worker_thread+0x96/0xe10 [ 62.306418][ T6790] kthread+0x3b5/0x4a0 [ 62.310478][ T6790] ret_from_fork+0x1f/0x30 [ 62.314875][ T6790] [ 62.317195][ T6790] The buggy address belongs to the object at ffff88809f2d2800 [ 62.317195][ T6790] which belongs to the cache kmalloc-1k of size 1024 [ 62.331423][ T6790] The buggy address is located 484 bytes inside of [ 62.331423][ T6790] 1024-byte region [ffff88809f2d2800, ffff88809f2d2c00) [ 62.344769][ T6790] The buggy address belongs to the page: [ 62.350484][ T6790] page:ffffea00027cb480 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 62.359592][ T6790] flags: 0xfffe0000000200(slab) [ 62.364440][ T6790] raw: 00fffe0000000200 ffffea00028028c8 ffffea0002890d08 ffff8880aa000c40 [ 62.373018][ T6790] raw: 0000000000000000 ffff88809f2d2000 0000000100000002 0000000000000000 [ 62.381588][ T6790] page dumped because: kasan: bad access detected [ 62.387998][ T6790] [ 62.390491][ T6790] Memory state around the buggy address: [ 62.396135][ T6790] ffff88809f2d2880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.404620][ T6790] ffff88809f2d2900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.412674][ T6790] >ffff88809f2d2980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.420721][ T6790] ^ [ 62.427904][ T6790] ffff88809f2d2a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.435956][ T6790] ffff88809f2d2a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 62.444004][ T6790] ================================================================== [ 62.452051][ T6790] Disabling lock debugging due to kernel taint [ 62.458364][ T6790] Kernel panic - not syncing: panic_on_warn set ... [ 62.464963][ T6790] CPU: 0 PID: 6790 Comm: kworker/u4:6 Tainted: G B 5.7.0-next-20200611-syzkaller #0 [ 62.476237][ T6790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.486309][ T6790] Workqueue: netns cleanup_net [ 62.491068][ T6790] Call Trace: [ 62.494355][ T6790] dump_stack+0x18f/0x20d [ 62.498686][ T6790] ? afs_wake_up_async_call+0x660/0x770 [ 62.504229][ T6790] ? afs_put_call+0xa40/0xa40 [ 62.508899][ T6790] panic+0x2e3/0x75c [ 62.512879][ T6790] ? __warn_printk+0xf3/0xf3 [ 62.517461][ T6790] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 62.523616][ T6790] ? trace_hardirqs_on+0x55/0x220 [ 62.528627][ T6790] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.534158][ T6790] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.539680][ T6790] ? afs_put_call+0xa40/0xa40 [ 62.544353][ T6790] end_report+0x4d/0x53 [ 62.548495][ T6790] kasan_report.cold+0xd/0x37 [ 62.553181][ T6790] ? rcu_read_lock_held_common+0x71/0xa0 [ 62.558804][ T6790] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.564337][ T6790] afs_wake_up_async_call+0x6aa/0x770 [ 62.569686][ T6790] ? afs_close_socket+0x320/0x320 [ 62.574690][ T6790] ? afs_put_call+0xa40/0xa40 [ 62.579356][ T6790] rxrpc_notify_socket+0x1db/0x5d0 [ 62.584449][ T6790] ? afs_put_call+0xa40/0xa40 [ 62.589110][ T6790] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 62.595518][ T6790] rxrpc_call_completed+0xca/0xf0 [ 62.600533][ T6790] rxrpc_discard_prealloc+0x781/0xab0 [ 62.605894][ T6790] ? lock_sock_nested+0x94/0x110 [ 62.610819][ T6790] rxrpc_listen+0x147/0x360 [ 62.615390][ T6790] afs_close_socket+0x95/0x320 [ 62.620144][ T6790] ? afs_purge_servers+0x16d/0x300 [ 62.625240][ T6790] ? afs_rx_discard_new_call+0x50/0x50 [ 62.630681][ T6790] ? init_wait_var_entry+0x200/0x200 [ 62.635980][ T6790] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.641603][ T6790] ? check_preemption_disabled+0x38/0x220 [ 62.647314][ T6790] afs_net_exit+0x1bc/0x310 [ 62.651806][ T6790] ? afs_net_init+0xe30/0xe30 [ 62.656473][ T6790] ops_exit_list.isra.0+0xa8/0x150 [ 62.663052][ T6790] cleanup_net+0x511/0xa50 [ 62.667464][ T6790] ? unregister_pernet_device+0x70/0x70 [ 62.673546][ T6790] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.679518][ T6790] process_one_work+0x965/0x1690 [ 62.684460][ T6790] ? lock_release+0x800/0x800 [ 62.689123][ T6790] ? pwq_dec_nr_in_flight+0x310/0x310 [ 62.694478][ T6790] ? rwlock_bug.part.0+0x90/0x90 [ 62.699412][ T6790] worker_thread+0x96/0xe10 [ 62.703913][ T6790] ? process_one_work+0x1690/0x1690 [ 62.709180][ T6790] kthread+0x3b5/0x4a0 [ 62.713246][ T6790] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.719067][ T6790] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.724783][ T6790] ret_from_fork+0x1f/0x30 [ 62.730027][ T6790] Kernel Offset: disabled [ 62.734357][ T6790] Rebooting in 86400 seconds..