[ 62.827545][ T21] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:1/21 [ 62.836598][ T21] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.842865][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc1-syzkaller #0 [ 62.851110][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.861264][ T21] Workqueue: writeback wb_workfn (flush-8:0) [ 62.867406][ T21] Call Trace: [ 62.870688][ T21] dump_stack+0x18f/0x20d [ 62.875052][ T21] check_preemption_disabled+0x20d/0x220 [ 62.880696][ T21] ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.885843][ T21] ? ext4_find_extent+0x81a/0xad0 [ 62.890859][ T21] ? ext4_ext_search_right+0x2ca/0xb20 [ 62.896313][ T21] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 62.902051][ T21] ext4_ext_map_blocks+0x201b/0x33e0 [ 62.907693][ T21] ? ext4_ext_release+0x10/0x10 [ 62.912546][ T21] ? down_write_killable+0x170/0x170 [ 62.917830][ T21] ? ext4_es_lookup_extent+0x41d/0xd10 [ 62.923286][ T21] ext4_map_blocks+0x4cb/0x1640 [ 62.928136][ T21] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 62.933331][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.939072][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.945121][ T21] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 62.950577][ T21] ext4_writepages+0x1a7b/0x33c0 [ 62.955522][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 62.961148][ T21] ? __lock_acquire+0x2224/0x48b0 [ 62.966160][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 62.972122][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 62.978116][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 62.983766][ T21] ? do_writepages+0xfa/0x2a0 [ 62.988456][ T21] do_writepages+0xfa/0x2a0 [ 62.992973][ T21] ? page_writeback_cpu_online+0x10/0x10 [ 62.998614][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.004158][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.010159][ T21] ? lock_downgrade+0x840/0x840 [ 63.015104][ T21] __writeback_single_inode+0x12a/0x13d0 [ 63.020765][ T21] ? _raw_spin_unlock+0x24/0x40 [ 63.025639][ T21] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 63.031624][ T21] writeback_sb_inodes+0x515/0xdc0 [ 63.036744][ T21] ? __writeback_single_inode+0x13d0/0x13d0 [ 63.042634][ T21] __writeback_inodes_wb+0xc3/0x250 [ 63.047890][ T21] wb_writeback+0x8db/0xd50 [ 63.052395][ T21] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 63.058719][ T21] ? cpumask_next+0x3c/0x40 [ 63.063221][ T21] ? get_nr_dirty_inodes+0xd6/0x130 [ 63.068402][ T21] wb_workfn+0x9bc/0x1090 [ 63.072730][ T21] ? inode_wait_for_writeback+0x30/0x30 [ 63.078260][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.083785][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.089765][ T21] process_one_work+0x965/0x1690 [ 63.094687][ T21] ? lock_release+0x800/0x800 [ 63.099341][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.104715][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 63.109637][ T21] worker_thread+0x96/0xe10 [ 63.114146][ T21] ? process_one_work+0x1690/0x1690 [ 63.119324][ T21] kthread+0x3b5/0x4a0 [ 63.123381][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.129075][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.134783][ T21] ret_from_fork+0x1f/0x30 [ 63.142329][ T21] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:1/21 [ 63.151593][ T21] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.157630][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc1-syzkaller #0 [ 63.166051][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.176141][ T21] Workqueue: writeback wb_workfn (flush-8:0) [ 63.182117][ T21] Call Trace: [ 63.185410][ T21] dump_stack+0x18f/0x20d [ 63.189738][ T21] check_preemption_disabled+0x20d/0x220 [ 63.195513][ T21] ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.200630][ T21] ? ext4_find_extent+0x81a/0xad0 [ 63.205643][ T21] ? ext4_ext_search_right+0x2ca/0xb20 [ 63.211085][ T21] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 63.216799][ T21] ext4_ext_map_blocks+0x201b/0x33e0 [ 63.222093][ T21] ? ext4_ext_release+0x10/0x10 [ 63.226952][ T21] ? down_write_killable+0x170/0x170 [ 63.232222][ T21] ? ext4_es_lookup_extent+0x41d/0xd10 [ 63.237669][ T21] ext4_map_blocks+0x4cb/0x1640 [ 63.242522][ T21] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 63.247722][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.253247][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.259206][ T21] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 63.264670][ T21] ext4_writepages+0x1a7b/0x33c0 [ 63.269609][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 63.275309][ T21] ? __lock_acquire+0x2224/0x48b0 [ 63.280335][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 63.286318][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 63.292281][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 63.297895][ T21] ? do_writepages+0xfa/0x2a0 [ 63.302571][ T21] do_writepages+0xfa/0x2a0 [ 63.307074][ T21] ? page_writeback_cpu_online+0x10/0x10 [ 63.312739][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.318290][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.324266][ T21] ? lock_downgrade+0x840/0x840 [ 63.329117][ T21] __writeback_single_inode+0x12a/0x13d0 [ 63.334738][ T21] ? _raw_spin_unlock+0x24/0x40 [ 63.339570][ T21] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 63.345663][ T21] writeback_sb_inodes+0x515/0xdc0 [ 63.350769][ T21] ? __writeback_single_inode+0x13d0/0x13d0 [ 63.356657][ T21] __writeback_inodes_wb+0xc3/0x250 [ 63.361845][ T21] wb_writeback+0x8db/0xd50 [ 63.366348][ T21] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 63.372679][ T21] ? cpumask_next+0x3c/0x40 [ 63.377431][ T21] ? get_nr_dirty_inodes+0xd6/0x130 [ 63.382833][ T21] wb_workfn+0x9bc/0x1090 [ 63.387255][ T21] ? inode_wait_for_writeback+0x30/0x30 [ 63.392788][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.398338][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.404317][ T21] process_one_work+0x965/0x1690 [ 63.409239][ T21] ? lock_release+0x800/0x800 [ 63.413894][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.419263][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 63.424186][ T21] worker_thread+0x96/0xe10 [ 63.428674][ T21] ? process_one_work+0x1690/0x1690 [ 63.433952][ T21] kthread+0x3b5/0x4a0 [ 63.438100][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.443824][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.449538][ T21] ret_from_fork+0x1f/0x30 [ 63.456042][ T21] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:1/21 [ 63.465434][ T21] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.471476][ T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc1-syzkaller #0 [ 63.479707][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.489755][ T21] Workqueue: writeback wb_workfn (flush-8:0) [ 63.495717][ T21] Call Trace: [ 63.498993][ T21] dump_stack+0x18f/0x20d [ 63.503335][ T21] check_preemption_disabled+0x20d/0x220 [ 63.508985][ T21] ext4_mb_new_blocks+0xa4d/0x3b70 [ 63.514077][ T21] ? ext4_find_extent+0x81a/0xad0 [ 63.519112][ T21] ? ext4_ext_search_right+0x2ca/0xb20 [ 63.524549][ T21] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 63.530275][ T21] ext4_ext_map_blocks+0x201b/0x33e0 [ 63.535546][ T21] ? ext4_ext_release+0x10/0x10 [ 63.540405][ T21] ? down_write_killable+0x170/0x170 [ 63.545666][ T21] ? ext4_es_lookup_extent+0x41d/0xd10 [ 63.551108][ T21] ext4_map_blocks+0x4cb/0x1640 [ 63.555948][ T21] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 63.561155][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.566691][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.572654][ T21] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 63.578120][ T21] ext4_writepages+0x1a7b/0x33c0 [ 63.583088][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 63.588716][ T21] ? __lock_acquire+0x2224/0x48b0 [ 63.593752][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 63.599734][ T21] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 63.605722][ T21] ? __ext4_mark_inode_dirty+0x940/0x940 [ 63.611364][ T21] ? do_writepages+0xfa/0x2a0 [ 63.616043][ T21] do_writepages+0xfa/0x2a0 [ 63.620543][ T21] ? page_writeback_cpu_online+0x10/0x10 [ 63.626167][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.631697][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.637673][ T21] ? lock_downgrade+0x840/0x840 [ 63.642508][ T21] __writeback_single_inode+0x12a/0x13d0 [ 63.649090][ T21] ? _raw_spin_unlock+0x24/0x40 [ 63.653920][ T21] ? wbc_attach_and_unlock_inode+0x60a/0x9c0 [ 63.659887][ T21] writeback_sb_inodes+0x515/0xdc0 [ 63.664986][ T21] ? __writeback_single_inode+0x13d0/0x13d0 [ 63.670869][ T21] __writeback_inodes_wb+0xc3/0x250 [ 63.676067][ T21] wb_writeback+0x8db/0xd50 [ 63.680556][ T21] ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0 [ 63.686869][ T21] ? cpumask_next+0x3c/0x40 [ 63.691349][ T21] ? get_nr_dirty_inodes+0xd6/0x130 [ 63.696533][ T21] wb_workfn+0x9bc/0x1090 [ 63.700870][ T21] ? inode_wait_for_writeback+0x30/0x30 [ 63.706398][ T21] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 63.711934][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.717928][ T21] process_one_work+0x965/0x1690 [ 63.722862][ T21] ? lock_release+0x800/0x800 [ 63.727527][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.732879][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 63.737810][ T21] worker_thread+0x96/0xe10 [ 63.742297][ T21] ? process_one_work+0x1690/0x1690 [ 63.747474][ T21] kthread+0x3b5/0x4a0 [ 63.751548][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.757253][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.762993][ T21] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.0.88' (ECDSA) to the list of known hosts. 2020/06/16 17:44:51 fuzzer started 2020/06/16 17:44:51 connecting to host at 10.128.0.26:43727 2020/06/16 17:44:51 checking machine... 2020/06/16 17:44:51 checking revisions... 2020/06/16 17:44:51 testing simple program... [ 64.512682][ T6801] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6801 [ 64.521840][ T6801] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.528023][ T6801] CPU: 0 PID: 6801 Comm: syz-fuzzer Not tainted 5.8.0-rc1-syzkaller #0 [ 64.536270][ T6801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.546331][ T6801] Call Trace: [ 64.549614][ T6801] dump_stack+0x18f/0x20d [ 64.553975][ T6801] check_preemption_disabled+0x20d/0x220 [ 64.559592][ T6801] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.564695][ T6801] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.570163][ T6801] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.575894][ T6801] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.581308][ T6801] ? ext4_ext_release+0x10/0x10 [ 64.586258][ T6801] ? down_write_killable+0x170/0x170 [ 64.591534][ T6801] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.597008][ T6801] ext4_map_blocks+0x4cb/0x1640 [ 64.601876][ T6801] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.607086][ T6801] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.612621][ T6801] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.618591][ T6801] ? prandom_u32_state+0xe/0x170 [ 64.623545][ T6801] ? __brelse+0x84/0xa0 [ 64.627697][ T6801] ? __ext4_new_inode+0x144/0x55e0 [ 64.632804][ T6801] ext4_getblk+0xad/0x520 [ 64.637129][ T6801] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.642845][ T6801] ? ext4_free_inode+0x1700/0x1700 [ 64.647958][ T6801] ext4_bread+0x7c/0x380 [ 64.652179][ T6801] ? ext4_getblk+0x520/0x520 [ 64.656759][ T6801] ? dquot_get_next_dqblk+0x180/0x180 [ 64.662131][ T6801] ext4_append+0x153/0x360 [ 64.666550][ T6801] ext4_mkdir+0x5e0/0xdf0 [ 64.670906][ T6801] ? ext4_rmdir+0xde0/0xde0 [ 64.675409][ T6801] ? security_inode_permission+0xc4/0xf0 [ 64.681131][ T6801] vfs_mkdir+0x419/0x690 [ 64.685355][ T6801] do_mkdirat+0x21e/0x280 [ 64.689670][ T6801] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.694501][ T6801] ? do_syscall_64+0x1c/0xe0 [ 64.699088][ T6801] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.705051][ T6801] do_syscall_64+0x60/0xe0 [ 64.709450][ T6801] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.715504][ T6801] RIP: 0033:0x4b02a0 [ 64.719384][ T6801] Code: Bad RIP value. [ 64.723425][ T6801] RSP: 002b:000000c0000d14b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 64.731832][ T6801] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 64.739828][ T6801] RDX: 00000000000001c0 RSI: 000000c0000dac60 RDI: ffffffffffffff9c [ 64.748352][ T6801] RBP: 000000c0000d1510 R08: 0000000000000000 R09: 0000000000000000 [ 64.756308][ T6801] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 64.764693][ T6801] R13: 0000000000000064 R14: 0000000000000063 R15: 0000000000000100 [ 64.790906][ T6814] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6814 [ 64.800517][ T6814] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.806406][ T6814] CPU: 0 PID: 6814 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 64.814970][ T6814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 64.825031][ T6814] Call Trace: [ 64.828310][ T6814] dump_stack+0x18f/0x20d [ 64.832644][ T6814] check_preemption_disabled+0x20d/0x220 [ 64.838369][ T6814] ext4_mb_new_blocks+0xa4d/0x3b70 [ 64.843500][ T6814] ? ext4_ext_search_right+0x2ca/0xb20 [ 64.848989][ T6814] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 64.854734][ T6814] ext4_ext_map_blocks+0x201b/0x33e0 [ 64.860056][ T6814] ? ext4_ext_release+0x10/0x10 [ 64.864924][ T6814] ? down_write_killable+0x170/0x170 [ 64.870193][ T6814] ? ext4_es_lookup_extent+0x41d/0xd10 [ 64.875639][ T6814] ext4_map_blocks+0x4cb/0x1640 [ 64.880477][ T6814] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 64.885671][ T6814] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 64.891201][ T6814] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 64.897169][ T6814] ? prandom_u32_state+0xe/0x170 [ 64.902113][ T6814] ? __brelse+0x84/0xa0 [ 64.906260][ T6814] ? __ext4_new_inode+0x144/0x55e0 [ 64.911355][ T6814] ext4_getblk+0xad/0x520 [ 64.915691][ T6814] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 64.921399][ T6814] ? ext4_free_inode+0x1700/0x1700 [ 64.926501][ T6814] ext4_bread+0x7c/0x380 [ 64.930825][ T6814] ? ext4_getblk+0x520/0x520 [ 64.935397][ T6814] ? dquot_get_next_dqblk+0x180/0x180 [ 64.940765][ T6814] ext4_append+0x153/0x360 [ 64.945171][ T6814] ext4_mkdir+0x5e0/0xdf0 [ 64.949495][ T6814] ? ext4_rmdir+0xde0/0xde0 [ 64.954004][ T6814] ? security_inode_permission+0xc4/0xf0 [ 64.959630][ T6814] vfs_mkdir+0x419/0x690 [ 64.963854][ T6814] do_mkdirat+0x21e/0x280 [ 64.968163][ T6814] ? __ia32_sys_mknod+0xb0/0xb0 [ 64.972994][ T6814] ? do_syscall_64+0x1c/0xe0 [ 64.977572][ T6814] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 64.983530][ T6814] do_syscall_64+0x60/0xe0 [ 64.987934][ T6814] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 64.993802][ T6814] RIP: 0033:0x45bed7 [ 64.997685][ T6814] Code: Bad RIP value. [ 65.001779][ T6814] RSP: 002b:00007ffeac5a62d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 65.010166][ T6814] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 65.018116][ T6814] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffeac5a64b0 [ 65.026065][ T6814] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003280 [ 65.034033][ T6814] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 65.041985][ T6814] R13: 00007ffeac5a64b0 R14: 8421084210842109 R15: 00007ffeac5a64bc [ 65.136647][ T6815] IPVS: ftp: loaded support on port[0] = 21 [ 65.174453][ T6815] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6815 [ 65.184174][ T6815] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.190184][ T6815] CPU: 1 PID: 6815 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.198856][ T6815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.208890][ T6815] Call Trace: [ 65.212161][ T6815] dump_stack+0x18f/0x20d [ 65.216489][ T6815] check_preemption_disabled+0x20d/0x220 [ 65.222116][ T6815] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.227216][ T6815] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.232652][ T6815] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.238355][ T6815] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.243622][ T6815] ? ext4_ext_release+0x10/0x10 [ 65.248483][ T6815] ? down_write_killable+0x170/0x170 [ 65.253743][ T6815] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.259199][ T6815] ext4_map_blocks+0x4cb/0x1640 [ 65.264042][ T6815] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.269227][ T6815] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.274758][ T6815] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.280727][ T6815] ? prandom_u32_state+0xe/0x170 [ 65.285642][ T6815] ? __brelse+0x84/0xa0 [ 65.289775][ T6815] ? __ext4_new_inode+0x144/0x55e0 [ 65.294880][ T6815] ext4_getblk+0xad/0x520 [ 65.299203][ T6815] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.304905][ T6815] ? ext4_free_inode+0x1700/0x1700 [ 65.309996][ T6815] ext4_bread+0x7c/0x380 [ 65.314227][ T6815] ? ext4_getblk+0x520/0x520 [ 65.318809][ T6815] ? dquot_get_next_dqblk+0x180/0x180 [ 65.324171][ T6815] ext4_append+0x153/0x360 [ 65.328566][ T6815] ext4_mkdir+0x5e0/0xdf0 [ 65.332875][ T6815] ? ext4_rmdir+0xde0/0xde0 [ 65.337356][ T6815] ? security_inode_permission+0xc4/0xf0 [ 65.342971][ T6815] vfs_mkdir+0x419/0x690 [ 65.347214][ T6815] do_mkdirat+0x21e/0x280 [ 65.351546][ T6815] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.356384][ T6815] ? do_syscall_64+0x1c/0xe0 [ 65.360958][ T6815] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.366940][ T6815] do_syscall_64+0x60/0xe0 [ 65.371346][ T6815] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.377229][ T6815] RIP: 0033:0x45bed7 [ 65.381109][ T6815] Code: Bad RIP value. [ 65.385146][ T6815] RSP: 002b:00007ffeac5a61c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 65.393531][ T6815] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 65.401480][ T6815] RDX: 00007ffeac5a6213 RSI: 00000000000001ff RDI: 00007ffeac5a6210 [ 65.409428][ T6815] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 65.417375][ T6815] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185c0 [ 65.425323][ T6815] R13: 00007ffeac5a6200 R14: 0000000000000000 R15: 00007ffeac5a6210 [ 65.478485][ T6815] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6815 [ 65.487973][ T6815] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.493879][ T6815] CPU: 0 PID: 6815 Comm: syz-executor.0 Not tainted 5.8.0-rc1-syzkaller #0 [ 65.502459][ T6815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 65.512516][ T6815] Call Trace: [ 65.515813][ T6815] dump_stack+0x18f/0x20d [ 65.520157][ T6815] check_preemption_disabled+0x20d/0x220 [ 65.525798][ T6815] ext4_mb_new_blocks+0xa4d/0x3b70 [ 65.530933][ T6815] ? ext4_ext_search_right+0x2ca/0xb20 [ 65.536399][ T6815] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 65.542134][ T6815] ext4_ext_map_blocks+0x201b/0x33e0 [ 65.547441][ T6815] ? ext4_ext_release+0x10/0x10 [ 65.552331][ T6815] ? down_write_killable+0x170/0x170 [ 65.557631][ T6815] ? ext4_es_lookup_extent+0x41d/0xd10 [ 65.563098][ T6815] ext4_map_blocks+0x4cb/0x1640 [ 65.567974][ T6815] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 65.573151][ T6815] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 65.578681][ T6815] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 65.584638][ T6815] ? prandom_u32_state+0xe/0x170 [ 65.589624][ T6815] ? __brelse+0x84/0xa0 [ 65.593763][ T6815] ? __ext4_new_inode+0x144/0x55e0 [ 65.598872][ T6815] ext4_getblk+0xad/0x520 [ 65.603212][ T6815] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 65.608932][ T6815] ? ext4_free_inode+0x1700/0x1700 [ 65.614065][ T6815] ext4_bread+0x7c/0x380 [ 65.618307][ T6815] ? ext4_getblk+0x520/0x520 [ 65.622895][ T6815] ? dquot_get_next_dqblk+0x180/0x180 [ 65.628281][ T6815] ext4_append+0x153/0x360 [ 65.632680][ T6815] ext4_mkdir+0x5e0/0xdf0 [ 65.636991][ T6815] ? ext4_rmdir+0xde0/0xde0 [ 65.643025][ T6815] ? security_inode_permission+0xc4/0xf0 [ 65.648900][ T6815] vfs_mkdir+0x419/0x690 [ 65.653133][ T6815] do_mkdirat+0x21e/0x280 [ 65.657444][ T6815] ? __ia32_sys_mknod+0xb0/0xb0 [ 65.662283][ T6815] ? do_syscall_64+0x1c/0xe0 [ 65.666851][ T6815] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 65.672808][ T6815] do_syscall_64+0x60/0xe0 [ 65.677217][ T6815] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 65.683107][ T6815] RIP: 0033:0x45bed7 [ 65.686972][ T6815] Code: Bad RIP value. [ 65.691010][ T6815] RSP: 002b:00007ffeac5a61c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053 [ 65.699411][ T6815] RAX: ffffffffffffffda RBX: 000000000000ffbc RCX: 000000000045bed7 [ 65.707360][ T6815] RDX: 00007ffeac5a6213 RSI: 00000000000001ff RDI: 00007ffeac5a6210 [ 65.715308][ T6815] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 65.723258][ T6815] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003 [ 65.731208][ T6815] R13: 00007ffeac5a6200 R14: 000000000000ffb3 R15: 00007ffeac5a6210 2020/06/16 17:44:53 building call list... [ 65.966488][ T21] tipc: TX() has been purged, node left! [ 66.498824][ T21] ================================================================== [ 66.507080][ T21] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 66.514968][ T21] Write of size 1 at addr ffff8880a81299e4 by task kworker/u4:1/21 [ 66.522857][ T21] [ 66.525190][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.8.0-rc1-syzkaller #0 [ 66.533413][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 66.543813][ T21] Workqueue: netns cleanup_net [ 66.548573][ T21] Call Trace: [ 66.551862][ T21] dump_stack+0x18f/0x20d [ 66.556194][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.561733][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.567281][ T21] ? afs_put_call+0xa40/0xa40 [ 66.571963][ T21] print_address_description.constprop.0.cold+0xd3/0x413 [ 66.578993][ T21] ? vprintk_func+0x97/0x1a6 [ 66.583583][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.589127][ T21] kasan_report.cold+0x1f/0x37 [ 66.593895][ T21] ? rcu_read_lock_held_common+0x51/0xa0 [ 66.599524][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 66.605069][ T21] afs_wake_up_async_call+0x6aa/0x770 [ 66.610440][ T21] ? afs_close_socket+0x320/0x320 [ 66.615465][ T21] ? afs_put_call+0xa40/0xa40 [ 66.620139][ T21] rxrpc_notify_socket+0x1db/0x5d0 [ 66.625257][ T21] ? afs_put_call+0xa40/0xa40 [ 66.629933][ T21] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 66.636348][ T21] rxrpc_call_completed+0xca/0xf0 [ 66.641374][ T21] rxrpc_discard_prealloc+0x781/0xab0 [ 66.648241][ T21] ? lock_sock_nested+0x94/0x110 [ 66.653184][ T21] rxrpc_listen+0x147/0x360 [ 66.657688][ T21] afs_close_socket+0x95/0x320 [ 66.662459][ T21] ? afs_purge_servers+0x16d/0x300 [ 66.667580][ T21] ? afs_rx_discard_new_call+0x50/0x50 [ 66.673047][ T21] ? init_wait_var_entry+0x200/0x200 [ 66.678339][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 66.683971][ T21] ? check_preemption_disabled+0x38/0x220 [ 66.689698][ T21] afs_net_exit+0x1bc/0x310 [ 66.694214][ T21] ? afs_net_init+0xe30/0xe30 [ 66.698895][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 66.704007][ T21] cleanup_net+0x511/0xa50 [ 66.708425][ T21] ? unregister_pernet_device+0x70/0x70 [ 66.713974][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 66.719973][ T21] process_one_work+0x965/0x1690 [ 66.724938][ T21] ? lock_release+0x800/0x800 [ 66.729613][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 66.734986][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 66.739932][ T21] worker_thread+0x96/0xe10 [ 66.744448][ T21] ? process_one_work+0x1690/0x1690 [ 66.749665][ T21] kthread+0x3b5/0x4a0 [ 66.753732][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.759594][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 66.765323][ T21] ret_from_fork+0x1f/0x30 [ 66.769753][ T21] [ 66.772075][ T21] Allocated by task 6815: [ 66.776409][ T21] save_stack+0x1b/0x40 [ 66.780560][ T21] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 66.786187][ T21] kmem_cache_alloc_trace+0x153/0x7d0 [ 66.791556][ T21] afs_alloc_call+0x55/0x630 [ 66.796138][ T21] afs_charge_preallocation+0xe9/0x2d0 [ 66.801592][ T21] afs_open_socket+0x292/0x360 [ 66.806346][ T21] afs_net_init+0xa6c/0xe30 [ 66.810840][ T21] ops_init+0xaf/0x420 [ 66.814899][ T21] setup_net+0x2de/0x860 [ 66.819145][ T21] copy_net_ns+0x293/0x590 [ 66.823569][ T21] create_new_namespaces+0x3fb/0xb30 [ 66.829032][ T21] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 66.834757][ T21] ksys_unshare+0x43d/0x8e0 [ 66.839271][ T21] __x64_sys_unshare+0x2d/0x40 [ 66.844049][ T21] do_syscall_64+0x60/0xe0 [ 66.848475][ T21] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 66.854457][ T21] [ 66.856799][ T21] Freed by task 21: [ 66.860621][ T21] save_stack+0x1b/0x40 [ 66.864784][ T21] __kasan_slab_free+0xf7/0x140 [ 66.869634][ T21] kfree+0x109/0x2b0 [ 66.873522][ T21] afs_put_call+0x585/0xa40 [ 66.878026][ T21] rxrpc_discard_prealloc+0x764/0xab0 [ 66.883404][ T21] rxrpc_listen+0x147/0x360 [ 66.888002][ T21] afs_close_socket+0x95/0x320 [ 66.892786][ T21] afs_net_exit+0x1bc/0x310 [ 66.897307][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 66.902425][ T21] cleanup_net+0x511/0xa50 [ 66.906863][ T21] process_one_work+0x965/0x1690 [ 66.911806][ T21] worker_thread+0x96/0xe10 [ 66.916311][ T21] kthread+0x3b5/0x4a0 [ 66.920377][ T21] ret_from_fork+0x1f/0x30 [ 66.924888][ T21] [ 66.927217][ T21] The buggy address belongs to the object at ffff8880a8129800 [ 66.927217][ T21] which belongs to the cache kmalloc-1k of size 1024 [ 66.941403][ T21] The buggy address is located 484 bytes inside of [ 66.941403][ T21] 1024-byte region [ffff8880a8129800, ffff8880a8129c00) [ 66.955857][ T21] The buggy address belongs to the page: [ 66.961500][ T21] page:ffffea0002a04a40 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 66.972523][ T21] flags: 0xfffe0000000200(slab) [ 66.977375][ T21] raw: 00fffe0000000200 ffffea00029fb488 ffffea00027d9208 ffff8880aa000c40 [ 66.986216][ T21] raw: 0000000000000000 ffff8880a8129000 0000000100000002 0000000000000000 [ 66.994804][ T21] page dumped because: kasan: bad access detected [ 67.001207][ T21] [ 67.003529][ T21] Memory state around the buggy address: [ 67.009682][ T21] ffff8880a8129880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.017834][ T21] ffff8880a8129900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.025895][ T21] >ffff8880a8129980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.033950][ T21] ^ [ 67.041169][ T21] ffff8880a8129a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.049233][ T21] ffff8880a8129a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 67.057286][ T21] ================================================================== [ 67.065340][ T21] Disabling lock debugging due to kernel taint [ 67.071554][ T21] Kernel panic - not syncing: panic_on_warn set ... [ 67.078143][ T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Tainted: G B 5.8.0-rc1-syzkaller #0 [ 67.087760][ T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 67.097921][ T21] Workqueue: netns cleanup_net [ 67.102674][ T21] Call Trace: [ 67.105959][ T21] dump_stack+0x18f/0x20d [ 67.110306][ T21] ? afs_wake_up_async_call+0x690/0x770 [ 67.115842][ T21] ? afs_put_call+0xa40/0xa40 [ 67.120512][ T21] panic+0x2e3/0x75c [ 67.124403][ T21] ? __warn_printk+0xf3/0xf3 [ 67.128994][ T21] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 67.135145][ T21] ? trace_hardirqs_on+0x55/0x220 [ 67.140183][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.145752][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.151289][ T21] ? afs_put_call+0xa40/0xa40 [ 67.155957][ T21] end_report+0x4d/0x53 [ 67.160113][ T21] kasan_report.cold+0xd/0x37 [ 67.164805][ T21] ? rcu_read_lock_held_common+0x51/0xa0 [ 67.170427][ T21] ? afs_wake_up_async_call+0x6aa/0x770 [ 67.175980][ T21] afs_wake_up_async_call+0x6aa/0x770 [ 67.181342][ T21] ? afs_close_socket+0x320/0x320 [ 67.186359][ T21] ? afs_put_call+0xa40/0xa40 [ 67.191028][ T21] rxrpc_notify_socket+0x1db/0x5d0 [ 67.196134][ T21] ? afs_put_call+0xa40/0xa40 [ 67.200803][ T21] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 67.207210][ T21] rxrpc_call_completed+0xca/0xf0 [ 67.212233][ T21] rxrpc_discard_prealloc+0x781/0xab0 [ 67.217607][ T21] ? lock_sock_nested+0x94/0x110 [ 67.222539][ T21] rxrpc_listen+0x147/0x360 [ 67.227052][ T21] afs_close_socket+0x95/0x320 [ 67.231806][ T21] ? afs_purge_servers+0x16d/0x300 [ 67.236925][ T21] ? afs_rx_discard_new_call+0x50/0x50 [ 67.242380][ T21] ? init_wait_var_entry+0x200/0x200 [ 67.247660][ T21] ? rcu_read_lock_held_common+0xa0/0xa0 [ 67.253291][ T21] ? check_preemption_disabled+0x38/0x220 [ 67.259000][ T21] afs_net_exit+0x1bc/0x310 [ 67.263495][ T21] ? afs_net_init+0xe30/0xe30 [ 67.268181][ T21] ops_exit_list.isra.0+0xa8/0x150 [ 67.273286][ T21] cleanup_net+0x511/0xa50 [ 67.277813][ T21] ? unregister_pernet_device+0x70/0x70 [ 67.283354][ T21] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 67.289333][ T21] process_one_work+0x965/0x1690 [ 67.294268][ T21] ? lock_release+0x800/0x800 [ 67.298946][ T21] ? pwq_dec_nr_in_flight+0x310/0x310 [ 67.304312][ T21] ? rwlock_bug.part.0+0x90/0x90 [ 67.309244][ T21] worker_thread+0x96/0xe10 [ 67.313745][ T21] ? process_one_work+0x1690/0x1690 [ 67.318935][ T21] kthread+0x3b5/0x4a0 [ 67.323002][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.328715][ T21] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 67.334429][ T21] ret_from_fork+0x1f/0x30 [ 67.340159][ T21] Kernel Offset: disabled [ 67.344476][ T21] Rebooting in 86400 seconds..