[ 51.096488][ T25] process_one_work+0x965/0x1690 [ 51.096509][ T25] ? lock_release+0x800/0x800 [ 51.096523][ T25] ? pwq_dec_nr_in_flight+0x310/0x310 [ 51.096543][ T25] ? rwlock_bug.part.0+0x90/0x90 [ 51.096568][ T25] worker_thread+0x96/0xe10 [ 51.096596][ T25] ? process_one_work+0x1690/0x1690 [ 51.096613][ T25] kthread+0x3b5/0x4a0 [ 51.096626][ T25] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 51.096640][ T25] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 51.096659][ T25] ret_from_fork+0x1f/0x30 Warning: Permanently added '10.128.0.83' (ECDSA) to the list of known hosts. 2020/06/15 16:26:57 fuzzer started 2020/06/15 16:26:57 connecting to host at 10.128.0.26:46203 2020/06/15 16:26:57 checking machine... 2020/06/15 16:26:57 checking revisions... 2020/06/15 16:26:57 testing simple program... [ 60.075771][ T6793] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6793 [ 60.084849][ T6793] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.090798][ T6793] CPU: 1 PID: 6793 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0 [ 60.098688][ T6793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.108720][ T6793] Call Trace: [ 60.111992][ T6793] dump_stack+0x18f/0x20d [ 60.116332][ T6793] check_preemption_disabled+0x20d/0x220 [ 60.121943][ T6793] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.127038][ T6793] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.133403][ T6793] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.139104][ T6793] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.144369][ T6793] ? ext4_ext_release+0x10/0x10 [ 60.149206][ T6793] ? down_write_killable+0x170/0x170 [ 60.154476][ T6793] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.159917][ T6793] ext4_map_blocks+0x4cb/0x1640 [ 60.164759][ T6793] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.169951][ T6793] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.175474][ T6793] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.181443][ T6793] ? prandom_u32_state+0xe/0x170 [ 60.186360][ T6793] ? __brelse+0x84/0xa0 [ 60.190490][ T6793] ? __ext4_new_inode+0x144/0x55e0 [ 60.195588][ T6793] ext4_getblk+0xad/0x520 [ 60.199900][ T6793] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.205608][ T6793] ? ext4_free_inode+0x1700/0x1700 [ 60.210711][ T6793] ext4_bread+0x7c/0x380 [ 60.214930][ T6793] ? ext4_getblk+0x520/0x520 [ 60.219509][ T6793] ? dquot_get_next_dqblk+0x180/0x180 [ 60.224859][ T6793] ext4_append+0x153/0x360 [ 60.229263][ T6793] ext4_mkdir+0x5e0/0xdf0 [ 60.233590][ T6793] ? ext4_rmdir+0xde0/0xde0 [ 60.238070][ T6793] ? security_inode_permission+0xc4/0xf0 [ 60.243680][ T6793] vfs_mkdir+0x419/0x690 [ 60.247905][ T6793] do_mkdirat+0x21e/0x280 [ 60.252215][ T6793] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.257040][ T6793] ? do_syscall_64+0x1c/0xe0 [ 60.261605][ T6793] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.267564][ T6793] do_syscall_64+0x60/0xe0 [ 60.271971][ T6793] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.277838][ T6793] RIP: 0033:0x4b02a0 [ 60.281701][ T6793] Code: Bad RIP value. [ 60.285738][ T6793] RSP: 002b:000000c0000df4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102 [ 60.294123][ T6793] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0 [ 60.302069][ T6793] RDX: 00000000000001c0 RSI: 000000c00009eda0 RDI: ffffffffffffff9c [ 60.310030][ T6793] RBP: 000000c0000df510 R08: 0000000000000000 R09: 0000000000000000 [ 60.317978][ T6793] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff [ 60.325924][ T6793] R13: 000000000000006e R14: 000000000000006d R15: 0000000000000100 [ 60.342396][ T6806] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6806 [ 60.351885][ T6806] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.357848][ T6806] CPU: 1 PID: 6806 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.366084][ T6806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.376126][ T6806] Call Trace: [ 60.379408][ T6806] dump_stack+0x18f/0x20d [ 60.383716][ T6806] check_preemption_disabled+0x20d/0x220 [ 60.389324][ T6806] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.394416][ T6806] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.399852][ T6806] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.405558][ T6806] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.410823][ T6806] ? ext4_ext_release+0x10/0x10 [ 60.415672][ T6806] ? down_write_killable+0x170/0x170 [ 60.420930][ T6806] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.426366][ T6806] ext4_map_blocks+0x4cb/0x1640 [ 60.431208][ T6806] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.436385][ T6806] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.441919][ T6806] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.447880][ T6806] ? prandom_u32_state+0xe/0x170 [ 60.452794][ T6806] ? __brelse+0x84/0xa0 [ 60.456925][ T6806] ? __ext4_new_inode+0x144/0x55e0 [ 60.462012][ T6806] ext4_getblk+0xad/0x520 [ 60.466328][ T6806] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.472044][ T6806] ? ext4_free_inode+0x1700/0x1700 [ 60.477133][ T6806] ext4_bread+0x7c/0x380 [ 60.481357][ T6806] ? ext4_getblk+0x520/0x520 [ 60.485932][ T6806] ? dquot_get_next_dqblk+0x180/0x180 [ 60.491282][ T6806] ext4_append+0x153/0x360 [ 60.495674][ T6806] ext4_mkdir+0x5e0/0xdf0 [ 60.499998][ T6806] ? ext4_rmdir+0xde0/0xde0 [ 60.504477][ T6806] ? security_inode_permission+0xc4/0xf0 [ 60.510090][ T6806] vfs_mkdir+0x419/0x690 [ 60.514308][ T6806] do_mkdirat+0x21e/0x280 [ 60.518616][ T6806] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.523442][ T6806] ? do_syscall_64+0x1c/0xe0 [ 60.528020][ T6806] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.533989][ T6806] do_syscall_64+0x60/0xe0 [ 60.538401][ T6806] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.544279][ T6806] RIP: 0033:0x45bed7 [ 60.548145][ T6806] Code: Bad RIP value. [ 60.552184][ T6806] RSP: 002b:00007ffcee5d7398 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 60.560577][ T6806] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bed7 [ 60.568524][ T6806] RDX: 0000000000000003 RSI: 00000000000001c0 RDI: 00007ffcee5d7570 [ 60.576471][ T6806] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000003580 [ 60.584429][ T6806] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2 [ 60.592465][ T6806] R13: 00007ffcee5d7570 R14: 8421084210842109 R15: 00007ffcee5d757c [ 60.678701][ T6807] IPVS: ftp: loaded support on port[0] = 21 [ 60.714875][ T6807] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6807 [ 60.724446][ T6807] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.730439][ T6807] CPU: 0 PID: 6807 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 60.738661][ T6807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 60.748792][ T6807] Call Trace: [ 60.752063][ T6807] dump_stack+0x18f/0x20d [ 60.756374][ T6807] check_preemption_disabled+0x20d/0x220 [ 60.761994][ T6807] ext4_mb_new_blocks+0xa4d/0x3b70 [ 60.767088][ T6807] ? ext4_ext_search_right+0x2ca/0xb20 [ 60.772539][ T6807] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 60.778238][ T6807] ext4_ext_map_blocks+0x201b/0x33e0 [ 60.783503][ T6807] ? ext4_ext_release+0x10/0x10 [ 60.788358][ T6807] ? down_write_killable+0x170/0x170 [ 60.793630][ T6807] ? ext4_es_lookup_extent+0x41d/0xd10 [ 60.799069][ T6807] ext4_map_blocks+0x4cb/0x1640 [ 60.803899][ T6807] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 60.809073][ T6807] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 60.814593][ T6807] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 60.820548][ T6807] ? prandom_u32_state+0xe/0x170 [ 60.825475][ T6807] ? __brelse+0x84/0xa0 [ 60.829606][ T6807] ? __ext4_new_inode+0x144/0x55e0 [ 60.834698][ T6807] ext4_getblk+0xad/0x520 [ 60.839011][ T6807] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 60.844718][ T6807] ? ext4_free_inode+0x1700/0x1700 [ 60.849806][ T6807] ext4_bread+0x7c/0x380 [ 60.854022][ T6807] ? ext4_getblk+0x520/0x520 [ 60.858589][ T6807] ? dquot_get_next_dqblk+0x180/0x180 [ 60.863950][ T6807] ext4_append+0x153/0x360 [ 60.868348][ T6807] ext4_mkdir+0x5e0/0xdf0 [ 60.872671][ T6807] ? ext4_rmdir+0xde0/0xde0 [ 60.877153][ T6807] ? security_inode_permission+0xc4/0xf0 [ 60.882760][ T6807] vfs_mkdir+0x419/0x690 [ 60.886981][ T6807] do_mkdirat+0x21e/0x280 [ 60.891299][ T6807] ? __ia32_sys_mknod+0xb0/0xb0 [ 60.896127][ T6807] ? do_syscall_64+0x1c/0xe0 [ 60.900693][ T6807] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 60.906663][ T6807] do_syscall_64+0x60/0xe0 [ 60.911059][ T6807] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 60.916973][ T6807] RIP: 0033:0x45bed7 [ 60.920837][ T6807] Code: Bad RIP value. [ 60.924886][ T6807] RSP: 002b:00007ffcee5d7288 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 60.933384][ T6807] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bed7 [ 60.941331][ T6807] RDX: 00007ffcee5d72d3 RSI: 00000000000001ff RDI: 00007ffcee5d72d0 [ 60.949327][ T6807] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003 [ 60.957307][ T6807] R10: 0000000000000064 R11: 0000000000000206 R12: 00000000004185c0 [ 60.965260][ T6807] R13: 00007ffcee5d72c0 R14: 0000000000000000 R15: 00007ffcee5d72d0 [ 61.021519][ T6807] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6807 [ 61.031022][ T6807] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.037152][ T6807] CPU: 0 PID: 6807 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0 [ 61.045380][ T6807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.055422][ T6807] Call Trace: [ 61.058713][ T6807] dump_stack+0x18f/0x20d [ 61.063057][ T6807] check_preemption_disabled+0x20d/0x220 [ 61.068687][ T6807] ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.073809][ T6807] ? ext4_ext_search_right+0x2ca/0xb20 [ 61.079266][ T6807] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 61.084999][ T6807] ext4_ext_map_blocks+0x201b/0x33e0 [ 61.090272][ T6807] ? ext4_ext_release+0x10/0x10 [ 61.095125][ T6807] ? down_write_killable+0x170/0x170 [ 61.100384][ T6807] ? ext4_es_lookup_extent+0x41d/0xd10 [ 61.105821][ T6807] ext4_map_blocks+0x4cb/0x1640 [ 61.110663][ T6807] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.115857][ T6807] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.121386][ T6807] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.127338][ T6807] ? prandom_u32_state+0xe/0x170 [ 61.132262][ T6807] ? __brelse+0x84/0xa0 [ 61.136392][ T6807] ? __ext4_new_inode+0x144/0x55e0 [ 61.141481][ T6807] ext4_getblk+0xad/0x520 [ 61.145797][ T6807] ? ext4_iomap_overwrite_begin+0xa0/0xa0 [ 61.151506][ T6807] ? ext4_free_inode+0x1700/0x1700 [ 61.156593][ T6807] ext4_bread+0x7c/0x380 [ 61.160810][ T6807] ? ext4_getblk+0x520/0x520 [ 61.165375][ T6807] ? dquot_get_next_dqblk+0x180/0x180 [ 61.170724][ T6807] ext4_append+0x153/0x360 [ 61.175130][ T6807] ext4_mkdir+0x5e0/0xdf0 [ 61.179438][ T6807] ? ext4_rmdir+0xde0/0xde0 [ 61.183918][ T6807] ? security_inode_permission+0xc4/0xf0 [ 61.189547][ T6807] vfs_mkdir+0x419/0x690 [ 61.193765][ T6807] do_mkdirat+0x21e/0x280 [ 61.198081][ T6807] ? __ia32_sys_mknod+0xb0/0xb0 [ 61.202904][ T6807] ? do_syscall_64+0x1c/0xe0 [ 61.207469][ T6807] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.213435][ T6807] do_syscall_64+0x60/0xe0 [ 61.217829][ T6807] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 61.223705][ T6807] RIP: 0033:0x45bed7 [ 61.227568][ T6807] Code: Bad RIP value. [ 61.231606][ T6807] RSP: 002b:00007ffcee5d7288 EFLAGS: 00000206 ORIG_RAX: 0000000000000053 [ 61.239988][ T6807] RAX: ffffffffffffffda RBX: 000000000000ee51 RCX: 000000000045bed7 [ 61.247944][ T6807] RDX: 00007ffcee5d72d3 RSI: 00000000000001ff RDI: 00007ffcee5d72d0 [ 61.255976][ T6807] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003 [ 61.263920][ T6807] R10: 0000000000000064 R11: 0000000000000206 R12: 0000000000000003 [ 61.271873][ T6807] R13: 00007ffcee5d72c0 R14: 000000000000ee3a R15: 00007ffcee5d72d0 2020/06/15 16:26:58 building call list... [ 61.490705][ T1154] BUG: using smp_processor_id() in preemptible [00000000] code: khugepaged/1154 [ 61.499946][ T1154] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.505910][ T1154] CPU: 1 PID: 1154 Comm: khugepaged Not tainted 5.7.0-syzkaller #0 [ 61.505959][ T25] tipc: TX() has been purged, node left! [ 61.513781][ T1154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.513808][ T1154] Call Trace: [ 61.513828][ T1154] dump_stack+0x18f/0x20d [ 61.537365][ T1154] check_preemption_disabled+0x20d/0x220 [ 61.543034][ T1154] ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.548144][ T1154] ? ext4_find_extent+0x81a/0xad0 [ 61.553170][ T1154] ? ext4_ext_search_right+0x2ca/0xb20 [ 61.558622][ T1154] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 61.564346][ T1154] ext4_ext_map_blocks+0x201b/0x33e0 [ 61.569636][ T1154] ? ext4_ext_release+0x10/0x10 [ 61.574500][ T1154] ? down_write_killable+0x170/0x170 [ 61.579780][ T1154] ? ext4_es_lookup_extent+0x41d/0xd10 [ 61.585325][ T1154] ext4_map_blocks+0x4cb/0x1640 [ 61.590181][ T1154] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.595380][ T1154] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.600921][ T1154] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.606894][ T1154] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 61.612351][ T1154] ext4_writepages+0x1a7b/0x33c0 [ 61.617326][ T1154] ? __ext4_mark_inode_dirty+0x940/0x940 [ 61.622994][ T1154] ? __ext4_mark_inode_dirty+0x940/0x940 [ 61.628631][ T1154] ? do_writepages+0xfa/0x2a0 [ 61.633308][ T1154] do_writepages+0xfa/0x2a0 [ 61.637818][ T1154] ? page_writeback_cpu_online+0x10/0x10 [ 61.643465][ T1154] ? do_raw_spin_lock+0x120/0x2d0 [ 61.648492][ T1154] ? do_raw_spin_unlock+0x171/0x260 [ 61.653681][ T1154] ? _raw_spin_unlock+0x24/0x40 [ 61.658515][ T1154] __filemap_fdatawrite_range+0x2aa/0x390 [ 61.664213][ T1154] ? collapse_file+0x35a2/0x4330 [ 61.669325][ T1154] ? delete_from_page_cache_batch+0xeb0/0xeb0 [ 61.675420][ T1154] ? _raw_spin_unlock_irq+0x1f/0x80 [ 61.680613][ T1154] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.686595][ T1154] collapse_file+0x35ac/0x4330 [ 61.691370][ T1154] ? collapse_huge_page+0x4350/0x4350 [ 61.696737][ T1154] ? khugepaged+0x2506/0x3fc0 [ 61.701426][ T1154] khugepaged+0x3041/0x3fc0 [ 61.705941][ T1154] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 61.711570][ T1154] ? lock_downgrade+0x840/0x840 [ 61.716420][ T1154] ? finish_wait+0x260/0x260 [ 61.721011][ T1154] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 61.726809][ T1154] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 61.732791][ T1154] ? __kthread_parkme+0x13f/0x1e0 [ 61.738258][ T1154] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 61.743886][ T1154] kthread+0x3b5/0x4a0 [ 61.747951][ T1154] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.753661][ T1154] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 61.759383][ T1154] ret_from_fork+0x1f/0x30 [ 61.827655][ T1154] BUG: using smp_processor_id() in preemptible [00000000] code: khugepaged/1154 [ 61.836753][ T1154] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.842664][ T1154] CPU: 1 PID: 1154 Comm: khugepaged Not tainted 5.7.0-syzkaller #0 [ 61.850538][ T1154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 61.860579][ T1154] Call Trace: [ 61.863868][ T1154] dump_stack+0x18f/0x20d [ 61.868203][ T1154] check_preemption_disabled+0x20d/0x220 [ 61.873828][ T1154] ext4_mb_new_blocks+0xa4d/0x3b70 [ 61.878947][ T1154] ? ext4_ext_search_right+0x2ca/0xb20 [ 61.884405][ T1154] ? ext4_ext_next_allocated_block+0x221/0x2d0 [ 61.890564][ T1154] ext4_ext_map_blocks+0x201b/0x33e0 [ 61.895871][ T1154] ? ext4_ext_release+0x10/0x10 [ 61.900741][ T1154] ? down_write_killable+0x170/0x170 [ 61.906019][ T1154] ? ext4_es_lookup_extent+0x41d/0xd10 [ 61.911486][ T1154] ext4_map_blocks+0x4cb/0x1640 [ 61.916350][ T1154] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 61.921548][ T1154] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 61.927096][ T1154] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 61.933075][ T1154] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 61.938532][ T1154] ext4_writepages+0x1a7b/0x33c0 [ 61.943487][ T1154] ? __ext4_mark_inode_dirty+0x940/0x940 [ 61.949231][ T1154] ? __ext4_mark_inode_dirty+0x940/0x940 [ 61.954857][ T1154] ? do_writepages+0xfa/0x2a0 [ 61.959527][ T1154] do_writepages+0xfa/0x2a0 [ 61.964031][ T1154] ? page_writeback_cpu_online+0x10/0x10 [ 61.969658][ T1154] ? do_raw_spin_lock+0x120/0x2d0 [ 61.974676][ T1154] ? do_raw_spin_unlock+0x171/0x260 [ 61.979871][ T1154] ? _raw_spin_unlock+0x24/0x40 [ 61.984806][ T1154] __filemap_fdatawrite_range+0x2aa/0x390 [ 61.990522][ T1154] ? collapse_file+0x35a2/0x4330 [ 61.995454][ T1154] ? delete_from_page_cache_batch+0xeb0/0xeb0 [ 62.001535][ T1154] ? _raw_spin_unlock_irq+0x1f/0x80 [ 62.006747][ T1154] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.012753][ T1154] collapse_file+0x35ac/0x4330 [ 62.017541][ T1154] ? collapse_huge_page+0x4350/0x4350 [ 62.022913][ T1154] ? khugepaged+0x2506/0x3fc0 [ 62.027613][ T1154] khugepaged+0x3041/0x3fc0 [ 62.032143][ T1154] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 62.037771][ T1154] ? lock_downgrade+0x840/0x840 [ 62.042614][ T1154] ? finish_wait+0x260/0x260 [ 62.047207][ T1154] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 62.053007][ T1154] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.059072][ T1154] ? __kthread_parkme+0x13f/0x1e0 [ 62.064094][ T1154] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 62.069725][ T1154] kthread+0x3b5/0x4a0 [ 62.073786][ T1154] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.079494][ T1154] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.085208][ T1154] ret_from_fork+0x1f/0x30 [ 62.146454][ T1154] BUG: using smp_processor_id() in preemptible [00000000] code: khugepaged/1154 [ 62.156040][ T1154] caller is ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.161935][ T1154] CPU: 1 PID: 1154 Comm: khugepaged Not tainted 5.7.0-syzkaller #0 [ 62.169808][ T1154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.179938][ T1154] Call Trace: [ 62.183235][ T1154] dump_stack+0x18f/0x20d [ 62.187564][ T1154] check_preemption_disabled+0x20d/0x220 [ 62.193191][ T1154] ext4_mb_new_blocks+0xa4d/0x3b70 [ 62.198312][ T1154] ? ext4_ext_search_right+0x2ca/0xb20 [ 62.203771][ T1154] ? ext4_ext_next_allocated_block+0x221/0x2d0 [ 62.209922][ T1154] ext4_ext_map_blocks+0x201b/0x33e0 [ 62.215208][ T1154] ? ext4_ext_release+0x10/0x10 [ 62.220070][ T1154] ? down_write_killable+0x170/0x170 [ 62.225348][ T1154] ? ext4_es_lookup_extent+0x41d/0xd10 [ 62.230805][ T1154] ext4_map_blocks+0x4cb/0x1640 [ 62.235657][ T1154] ? ext4_issue_zeroout+0x1e0/0x1e0 [ 62.240855][ T1154] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 62.246405][ T1154] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 62.252382][ T1154] ? ext4_alloc_io_end_vec+0x145/0x1c0 [ 62.257838][ T1154] ext4_writepages+0x1a7b/0x33c0 [ 62.262791][ T1154] ? __ext4_mark_inode_dirty+0x940/0x940 [ 62.268447][ T1154] ? __ext4_mark_inode_dirty+0x940/0x940 [ 62.274071][ T1154] ? do_writepages+0xfa/0x2a0 [ 62.278741][ T1154] do_writepages+0xfa/0x2a0 [ 62.283245][ T1154] ? page_writeback_cpu_online+0x10/0x10 [ 62.289739][ T1154] ? do_raw_spin_lock+0x120/0x2d0 [ 62.294759][ T1154] ? do_raw_spin_unlock+0x171/0x260 [ 62.299952][ T1154] ? _raw_spin_unlock+0x24/0x40 [ 62.304801][ T1154] __filemap_fdatawrite_range+0x2aa/0x390 [ 62.310513][ T1154] ? collapse_file+0x35a2/0x4330 [ 62.315447][ T1154] ? delete_from_page_cache_batch+0xeb0/0xeb0 [ 62.321520][ T1154] ? _raw_spin_unlock_irq+0x1f/0x80 [ 62.326716][ T1154] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.332699][ T1154] collapse_file+0x35ac/0x4330 [ 62.337476][ T1154] ? collapse_huge_page+0x4350/0x4350 [ 62.342843][ T1154] ? khugepaged+0x2506/0x3fc0 [ 62.347532][ T1154] khugepaged+0x3041/0x3fc0 [ 62.352055][ T1154] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 62.357688][ T1154] ? lock_downgrade+0x840/0x840 [ 62.362878][ T1154] ? finish_wait+0x260/0x260 [ 62.367463][ T1154] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 62.373264][ T1154] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 62.379244][ T1154] ? __kthread_parkme+0x13f/0x1e0 [ 62.384263][ T1154] ? collapse_pte_mapped_thp+0xbf0/0xbf0 [ 62.389891][ T1154] kthread+0x3b5/0x4a0 [ 62.393955][ T1154] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.399665][ T1154] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 62.405385][ T1154] ret_from_fork+0x1f/0x30 [ 62.787965][ T25] ================================================================== [ 62.796790][ T25] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770 [ 62.804675][ T25] Write of size 1 at addr ffff8880a8ecd9e4 by task kworker/u4:2/25 [ 62.812546][ T25] [ 62.814873][ T25] CPU: 1 PID: 25 Comm: kworker/u4:2 Not tainted 5.7.0-syzkaller #0 [ 62.822748][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 62.832800][ T25] Workqueue: netns cleanup_net [ 62.837555][ T25] Call Trace: [ 62.840927][ T25] dump_stack+0x18f/0x20d [ 62.845253][ T25] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.850787][ T25] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.856322][ T25] ? afs_put_call+0xa40/0xa40 [ 62.861005][ T25] print_address_description.constprop.0.cold+0xd3/0x413 [ 62.868037][ T25] ? vprintk_func+0x97/0x1a6 [ 62.872629][ T25] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.878173][ T25] kasan_report.cold+0x1f/0x37 [ 62.882935][ T25] ? rcu_read_lock_held+0x81/0xb0 [ 62.887951][ T25] ? afs_wake_up_async_call+0x6aa/0x770 [ 62.893494][ T25] afs_wake_up_async_call+0x6aa/0x770 [ 62.898867][ T25] ? afs_close_socket+0x320/0x320 [ 62.903886][ T25] ? afs_put_call+0xa40/0xa40 [ 62.908557][ T25] rxrpc_notify_socket+0x1db/0x5d0 [ 62.913669][ T25] ? afs_put_call+0xa40/0xa40 [ 62.918444][ T25] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 62.924895][ T25] rxrpc_call_completed+0xca/0xf0 [ 62.929926][ T25] rxrpc_discard_prealloc+0x781/0xab0 [ 62.935301][ T25] ? lock_sock_nested+0x94/0x110 [ 62.940242][ T25] rxrpc_listen+0x147/0x360 [ 62.944746][ T25] afs_close_socket+0x95/0x320 [ 62.949506][ T25] ? afs_purge_servers+0x16d/0x300 [ 62.954623][ T25] ? afs_rx_discard_new_call+0x50/0x50 [ 62.960084][ T25] ? init_wait_var_entry+0x200/0x200 [ 62.965366][ T25] ? rcu_read_lock_held_common+0xa0/0xa0 [ 62.970994][ T25] ? check_preemption_disabled+0x38/0x220 [ 62.976712][ T25] afs_net_exit+0x1bc/0x310 [ 62.981210][ T25] ? afs_net_init+0xe30/0xe30 [ 62.985893][ T25] ops_exit_list.isra.0+0xa8/0x150 [ 62.991000][ T25] cleanup_net+0x511/0xa50 [ 62.995415][ T25] ? unregister_pernet_device+0x70/0x70 [ 63.000957][ T25] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.006940][ T25] process_one_work+0x965/0x1690 [ 63.011885][ T25] ? lock_release+0x800/0x800 [ 63.016571][ T25] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.021960][ T25] ? rwlock_bug.part.0+0x90/0x90 [ 63.026919][ T25] worker_thread+0x96/0xe10 [ 63.031437][ T25] ? process_one_work+0x1690/0x1690 [ 63.036636][ T25] kthread+0x3b5/0x4a0 [ 63.040705][ T25] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.046421][ T25] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.052143][ T25] ret_from_fork+0x1f/0x30 [ 63.056568][ T25] [ 63.058891][ T25] Allocated by task 6807: [ 63.063219][ T25] save_stack+0x1b/0x40 [ 63.067372][ T25] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 63.072996][ T25] kmem_cache_alloc_trace+0x153/0x7d0 [ 63.078369][ T25] afs_alloc_call+0x55/0x630 [ 63.082960][ T25] afs_charge_preallocation+0xe9/0x2d0 [ 63.088420][ T25] afs_open_socket+0x292/0x360 [ 63.093184][ T25] afs_net_init+0xa6c/0xe30 [ 63.097687][ T25] ops_init+0xaf/0x420 [ 63.101751][ T25] setup_net+0x2de/0x860 [ 63.105988][ T25] copy_net_ns+0x293/0x590 [ 63.110407][ T25] create_new_namespaces+0x3fb/0xb30 [ 63.115765][ T25] unshare_nsproxy_namespaces+0xbd/0x1f0 [ 63.121371][ T25] ksys_unshare+0x43d/0x8e0 [ 63.125866][ T25] __x64_sys_unshare+0x2d/0x40 [ 63.130655][ T25] do_syscall_64+0x60/0xe0 [ 63.135054][ T25] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 63.140916][ T25] [ 63.143217][ T25] Freed by task 25: [ 63.147004][ T25] save_stack+0x1b/0x40 [ 63.151133][ T25] __kasan_slab_free+0xf7/0x140 [ 63.155972][ T25] kfree+0x109/0x2b0 [ 63.159928][ T25] afs_put_call+0x585/0xa40 [ 63.164506][ T25] rxrpc_discard_prealloc+0x764/0xab0 [ 63.169852][ T25] rxrpc_listen+0x147/0x360 [ 63.174340][ T25] afs_close_socket+0x95/0x320 [ 63.179080][ T25] afs_net_exit+0x1bc/0x310 [ 63.183555][ T25] ops_exit_list.isra.0+0xa8/0x150 [ 63.188640][ T25] cleanup_net+0x511/0xa50 [ 63.193031][ T25] process_one_work+0x965/0x1690 [ 63.197950][ T25] worker_thread+0x96/0xe10 [ 63.202437][ T25] kthread+0x3b5/0x4a0 [ 63.206481][ T25] ret_from_fork+0x1f/0x30 [ 63.210865][ T25] [ 63.213182][ T25] The buggy address belongs to the object at ffff8880a8ecd800 [ 63.213182][ T25] which belongs to the cache kmalloc-1k of size 1024 [ 63.227210][ T25] The buggy address is located 484 bytes inside of [ 63.227210][ T25] 1024-byte region [ffff8880a8ecd800, ffff8880a8ecdc00) [ 63.240543][ T25] The buggy address belongs to the page: [ 63.246157][ T25] page:ffffea0002a3b340 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 63.255321][ T25] flags: 0xfffe0000000200(slab) [ 63.260165][ T25] raw: 00fffe0000000200 ffffea00024f9648 ffffea00024bf4c8 ffff8880aa000c40 [ 63.268739][ T25] raw: 0000000000000000 ffff8880a8ecd000 0000000100000002 0000000000000000 [ 63.277291][ T25] page dumped because: kasan: bad access detected [ 63.283673][ T25] [ 63.285988][ T25] Memory state around the buggy address: [ 63.291607][ T25] ffff8880a8ecd880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.299651][ T25] ffff8880a8ecd900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.307688][ T25] >ffff8880a8ecd980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.318853][ T25] ^ [ 63.326023][ T25] ffff8880a8ecda00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb executing program [ 63.334068][ T25] ffff8880a8ecda80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 63.342099][ T25] ================================================================== [ 63.350152][ T25] Disabling lock debugging due to kernel taint [ 63.356329][ T25] Kernel panic - not syncing: panic_on_warn set ... [ 63.363000][ T25] CPU: 1 PID: 25 Comm: kworker/u4:2 Tainted: G B 5.7.0-syzkaller #0 [ 63.372263][ T25] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 63.382314][ T25] Workqueue: netns cleanup_net [ 63.387064][ T25] Call Trace: [ 63.390348][ T25] dump_stack+0x18f/0x20d [ 63.394661][ T25] ? afs_wake_up_async_call+0x5f0/0x770 [ 63.400176][ T25] ? afs_put_call+0xa40/0xa40 [ 63.404827][ T25] panic+0x2e3/0x75c [ 63.408699][ T25] ? __warn_printk+0xf3/0xf3 [ 63.413270][ T25] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 63.419396][ T25] ? trace_hardirqs_on+0x55/0x220 [ 63.424393][ T25] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.429931][ T25] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.435446][ T25] ? afs_put_call+0xa40/0xa40 [ 63.440132][ T25] end_report+0x4d/0x53 [ 63.444271][ T25] kasan_report.cold+0xd/0x37 [ 63.448939][ T25] ? rcu_read_lock_held+0x81/0xb0 [ 63.453945][ T25] ? afs_wake_up_async_call+0x6aa/0x770 [ 63.459480][ T25] afs_wake_up_async_call+0x6aa/0x770 [ 63.464823][ T25] ? afs_close_socket+0x320/0x320 [ 63.470090][ T25] ? afs_put_call+0xa40/0xa40 [ 63.474774][ T25] rxrpc_notify_socket+0x1db/0x5d0 [ 63.479964][ T25] ? afs_put_call+0xa40/0xa40 [ 63.484622][ T25] __rxrpc_set_call_completion.part.0+0x172/0x410 [ 63.491047][ T25] rxrpc_call_completed+0xca/0xf0 [ 63.496053][ T25] rxrpc_discard_prealloc+0x781/0xab0 [ 63.501413][ T25] ? lock_sock_nested+0x94/0x110 [ 63.506339][ T25] rxrpc_listen+0x147/0x360 [ 63.510816][ T25] afs_close_socket+0x95/0x320 [ 63.515552][ T25] ? afs_purge_servers+0x16d/0x300 [ 63.520636][ T25] ? afs_rx_discard_new_call+0x50/0x50 [ 63.526097][ T25] ? init_wait_var_entry+0x200/0x200 [ 63.531357][ T25] ? rcu_read_lock_held_common+0xa0/0xa0 [ 63.536974][ T25] ? check_preemption_disabled+0x38/0x220 [ 63.542668][ T25] afs_net_exit+0x1bc/0x310 [ 63.547157][ T25] ? afs_net_init+0xe30/0xe30 [ 63.551805][ T25] ops_exit_list.isra.0+0xa8/0x150 [ 63.556891][ T25] cleanup_net+0x511/0xa50 [ 63.561280][ T25] ? unregister_pernet_device+0x70/0x70 [ 63.566800][ T25] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 63.572753][ T25] process_one_work+0x965/0x1690 [ 63.577666][ T25] ? lock_release+0x800/0x800 [ 63.582314][ T25] ? pwq_dec_nr_in_flight+0x310/0x310 [ 63.587665][ T25] ? rwlock_bug.part.0+0x90/0x90 [ 63.592589][ T25] worker_thread+0x96/0xe10 [ 63.597099][ T25] ? process_one_work+0x1690/0x1690 [ 63.602268][ T25] kthread+0x3b5/0x4a0 [ 63.606307][ T25] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.612008][ T25] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 63.617707][ T25] ret_from_fork+0x1f/0x30 [ 63.623436][ T25] Kernel Offset: disabled [ 63.627746][ T25] Rebooting in 86400 seconds..