         Starting Load/Save RF Kill Switch Status...
[   53.020068][ T6727] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-rfkill/6727
[   53.030370][ T6727] caller is ext4_mb_new_blocks+0xa4d/0x3b70
[   53.036392][ T6727] CPU: 0 PID: 6727 Comm: systemd-rfkill Not tainted 5.7.0-syzkaller #0
[   53.044620][ T6727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   53.054650][ T6727] Call Trace:
[   53.057934][ T6727]  dump_stack+0x18f/0x20d
[   53.062247][ T6727]  check_preemption_disabled+0x20d/0x220
[   53.067875][ T6727]  ext4_mb_new_blocks+0xa4d/0x3b70
[   53.072971][ T6727]  ? ext4_ext_search_right+0x2ca/0xb20
[   53.078508][ T6727]  ? ext4_inode_to_goal_block+0x2df/0x3f0
[   53.084226][ T6727]  ext4_ext_map_blocks+0x201b/0x33e0
[   53.089493][ T6727]  ? ext4_ext_release+0x10/0x10
[   53.094344][ T6727]  ? down_write_killable+0x170/0x170
[   53.099604][ T6727]  ? ext4_es_lookup_extent+0x41d/0xd10
[   53.105129][ T6727]  ext4_map_blocks+0x4cb/0x1640
[   53.109962][ T6727]  ? ext4_issue_zeroout+0x1e0/0x1e0
[   53.115208][ T6727]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   53.120753][ T6727]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   53.126726][ T6727]  ? prandom_u32_state+0xe/0x170
[   53.131650][ T6727]  ? __brelse+0x84/0xa0
[   53.135784][ T6727]  ? __ext4_new_inode+0x144/0x55e0
[   53.140974][ T6727]  ext4_getblk+0xad/0x520
[   53.145284][ T6727]  ? ext4_iomap_overwrite_begin+0xa0/0xa0
[   53.150986][ T6727]  ? ext4_free_inode+0x1700/0x1700
[   53.156087][ T6727]  ext4_bread+0x7c/0x380
[   53.160343][ T6727]  ? ext4_getblk+0x520/0x520
[   53.164910][ T6727]  ? dquot_get_next_dqblk+0x180/0x180
[   53.170265][ T6727]  ext4_append+0x153/0x360
[   53.174662][ T6727]  ext4_mkdir+0x5e0/0xdf0
[   53.178974][ T6727]  ? ext4_rmdir+0xde0/0xde0
[   53.183458][ T6727]  ? security_inode_permission+0xc4/0xf0
[   53.189070][ T6727]  vfs_mkdir+0x419/0x690
[   53.193304][ T6727]  do_mkdirat+0x21e/0x280
[   53.197610][ T6727]  ? __ia32_sys_mknod+0xb0/0xb0
[   53.202439][ T6727]  ? do_syscall_64+0x1c/0xe0
[   53.207006][ T6727]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   53.212962][ T6727]  do_syscall_64+0x60/0xe0
[   53.217370][ T6727]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   53.223251][ T6727] RIP: 0033:0x7f483621f687
[   53.227638][ T6727] Code: Bad RIP value.
[   53.231693][ T6727] RSP: 002b:00007ffd94591b78 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[   53.240093][ T6727] RAX: ffffffffffffffda RBX: 000056183250c985 RCX: 00007f483621f687
[   53.248042][ T6727] RDX: 00007ffd94591a40 RSI: 00000000000001ed RDI: 000056183250c985
[   53.256000][ T6727] RBP: 00007f483621f680 R08: 0000000000000100 R09: 0000000000000000
[   53.263960][ T6727] R10: 000056183250c980 R11: 0000000000000246 R12: 00000000000001ed
[   53.271905][ T6727] R13: 00007ffd94591d00 R14: 0000000000000000 R15: 0000000000000000
[[0;32m  OK  [0m] Started Load/Save RF Kill Switch Status.

Debian GNU/Linux 9 syzkaller ttyS0

syzkaller login: [   57.128587][   T21] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u4:1/21
[   57.137660][   T21] caller is ext4_mb_new_blocks+0xa4d/0x3b70
[   57.143668][   T21] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.7.0-syzkaller #0
[   57.151550][   T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   57.161599][   T21] Workqueue: writeback wb_workfn (flush-8:0)
[   57.167552][   T21] Call Trace:
[   57.170821][   T21]  dump_stack+0x18f/0x20d
[   57.175146][   T21]  check_preemption_disabled+0x20d/0x220
[   57.180754][   T21]  ext4_mb_new_blocks+0xa4d/0x3b70
[   57.185841][   T21]  ? ext4_find_extent+0x81a/0xad0
[   57.190845][   T21]  ? ext4_ext_search_right+0x2ca/0xb20
[   57.196280][   T21]  ? ext4_inode_to_goal_block+0x2df/0x3f0
[   57.201981][   T21]  ext4_ext_map_blocks+0x201b/0x33e0
[   57.207381][   T21]  ? ext4_ext_release+0x10/0x10
[   57.212263][   T21]  ? down_write_killable+0x170/0x170
[   57.217547][   T21]  ? ext4_es_lookup_extent+0x41d/0xd10
[   57.222991][   T21]  ext4_map_blocks+0x4cb/0x1640
[   57.227829][   T21]  ? ext4_issue_zeroout+0x1e0/0x1e0
[   57.233040][   T21]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   57.238680][   T21]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   57.244688][   T21]  ? ext4_alloc_io_end_vec+0x145/0x1c0
[   57.250142][   T21]  ext4_writepages+0x1a7b/0x33c0
[   57.255073][   T21]  ? __ext4_mark_inode_dirty+0x940/0x940
[   57.260682][   T21]  ? __lock_acquire+0x2224/0x48b0
[   57.265731][   T21]  ? lockdep_hardirqs_on_prepare+0x590/0x590
[   57.271705][   T21]  ? lockdep_hardirqs_on_prepare+0x590/0x590
[   57.277662][   T21]  ? __ext4_mark_inode_dirty+0x940/0x940
[   57.283270][   T21]  ? do_writepages+0xfa/0x2a0
[   57.287919][   T21]  do_writepages+0xfa/0x2a0
[   57.292402][   T21]  ? page_writeback_cpu_online+0x10/0x10
[   57.298012][   T21]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   57.303534][   T21]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   57.309488][   T21]  ? lock_downgrade+0x840/0x840
[   57.314331][   T21]  __writeback_single_inode+0x12a/0x13d0
[   57.319949][   T21]  ? _raw_spin_unlock+0x24/0x40
[   57.324783][   T21]  ? wbc_attach_and_unlock_inode+0x60a/0x9c0
[   57.330759][   T21]  writeback_sb_inodes+0x515/0xdc0
[   57.335872][   T21]  ? __writeback_single_inode+0x13d0/0x13d0
[   57.341754][   T21]  __writeback_inodes_wb+0xc3/0x250
[   57.346934][   T21]  wb_writeback+0x8db/0xd50
[   57.351418][   T21]  ? writeback_inodes_wb.constprop.0+0x1a0/0x1a0
[   57.357734][   T21]  ? _find_next_bit.constprop.0+0x1a3/0x200
[   57.363605][   T21]  ? cpumask_next+0x3c/0x40
[   57.368082][   T21]  ? get_nr_dirty_inodes+0xd6/0x130
[   57.373262][   T21]  wb_workfn+0xab3/0x1090
[   57.377572][   T21]  ? inode_wait_for_writeback+0x30/0x30
[   57.383095][   T21]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   57.388630][   T21]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   57.394674][   T21]  process_one_work+0x965/0x1690
[   57.399602][   T21]  ? lock_release+0x800/0x800
[   57.404266][   T21]  ? pwq_dec_nr_in_flight+0x310/0x310
[   57.409615][   T21]  ? rwlock_bug.part.0+0x90/0x90
[   57.414532][   T21]  worker_thread+0x96/0xe10
[   57.419018][   T21]  ? process_one_work+0x1690/0x1690
[   57.424212][   T21]  kthread+0x3b5/0x4a0
[   57.428257][   T21]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   57.433949][   T21]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   57.439659][   T21]  ret_from_fork+0x1f/0x30
Warning: Permanently added '10.128.10.37' (ECDSA) to the list of known hosts.
2020/06/14 11:45:20 fuzzer started
2020/06/14 11:45:20 connecting to host at 10.128.0.26:43447
2020/06/14 11:45:20 checking machine...
2020/06/14 11:45:20 checking revisions...
2020/06/14 11:45:20 testing simple program...
[   58.252653][ T6790] BUG: using smp_processor_id() in preemptible [00000000] code: syz-fuzzer/6790
[   58.262024][ T6790] caller is ext4_mb_new_blocks+0xa4d/0x3b70
[   58.268011][ T6790] CPU: 0 PID: 6790 Comm: syz-fuzzer Not tainted 5.7.0-syzkaller #0
[   58.275890][ T6790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.285926][ T6790] Call Trace:
[   58.289272][ T6790]  dump_stack+0x18f/0x20d
[   58.293586][ T6790]  check_preemption_disabled+0x20d/0x220
[   58.299198][ T6790]  ext4_mb_new_blocks+0xa4d/0x3b70
[   58.304327][ T6790]  ? ext4_ext_search_right+0x2ca/0xb20
[   58.309763][ T6790]  ? ext4_inode_to_goal_block+0x2df/0x3f0
[   58.315467][ T6790]  ext4_ext_map_blocks+0x201b/0x33e0
[   58.320736][ T6790]  ? ext4_ext_release+0x10/0x10
[   58.325617][ T6790]  ? down_write_killable+0x170/0x170
[   58.330888][ T6790]  ? ext4_es_lookup_extent+0x41d/0xd10
[   58.336330][ T6790]  ext4_map_blocks+0x4cb/0x1640
[   58.341177][ T6790]  ? ext4_issue_zeroout+0x1e0/0x1e0
[   58.346354][ T6790]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   58.351888][ T6790]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   58.357857][ T6790]  ? prandom_u32_state+0xe/0x170
[   58.362787][ T6790]  ? __brelse+0x84/0xa0
[   58.366917][ T6790]  ? __ext4_new_inode+0x144/0x55e0
[   58.372009][ T6790]  ext4_getblk+0xad/0x520
[   58.376314][ T6790]  ? ext4_iomap_overwrite_begin+0xa0/0xa0
[   58.382197][ T6790]  ? ext4_free_inode+0x1700/0x1700
[   58.387284][ T6790]  ext4_bread+0x7c/0x380
[   58.391502][ T6790]  ? ext4_getblk+0x520/0x520
[   58.396067][ T6790]  ? dquot_get_next_dqblk+0x180/0x180
[   58.401434][ T6790]  ext4_append+0x153/0x360
[   58.405827][ T6790]  ext4_mkdir+0x5e0/0xdf0
[   58.410137][ T6790]  ? ext4_rmdir+0xde0/0xde0
[   58.414619][ T6790]  ? security_inode_permission+0xc4/0xf0
[   58.420231][ T6790]  vfs_mkdir+0x419/0x690
[   58.424464][ T6790]  do_mkdirat+0x21e/0x280
[   58.428772][ T6790]  ? __ia32_sys_mknod+0xb0/0xb0
[   58.433598][ T6790]  ? do_syscall_64+0x1c/0xe0
[   58.438180][ T6790]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   58.444137][ T6790]  do_syscall_64+0x60/0xe0
[   58.448543][ T6790]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   58.454406][ T6790] RIP: 0033:0x4b02a0
[   58.458270][ T6790] Code: Bad RIP value.
[   58.462307][ T6790] RSP: 002b:000000c0000dd4b8 EFLAGS: 00000212 ORIG_RAX: 0000000000000102
[   58.470696][ T6790] RAX: ffffffffffffffda RBX: 000000c00002e500 RCX: 00000000004b02a0
[   58.478649][ T6790] RDX: 00000000000001c0 RSI: 000000c00009eca0 RDI: ffffffffffffff9c
[   58.486604][ T6790] RBP: 000000c0000dd510 R08: 0000000000000000 R09: 0000000000000000
[   58.494571][ T6790] R10: 0000000000000000 R11: 0000000000000212 R12: ffffffffffffffff
[   58.502520][ T6790] R13: 0000000000000066 R14: 0000000000000065 R15: 0000000000000100
[   58.546926][ T6809] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6809
[   58.556523][ T6809] caller is ext4_mb_new_blocks+0xa4d/0x3b70
[   58.562650][ T6809] CPU: 0 PID: 6809 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0
[   58.570896][ T6809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.580951][ T6809] Call Trace:
[   58.584808][ T6809]  dump_stack+0x18f/0x20d
[   58.589184][ T6809]  check_preemption_disabled+0x20d/0x220
[   58.594823][ T6809]  ext4_mb_new_blocks+0xa4d/0x3b70
[   58.599953][ T6809]  ? ext4_ext_search_right+0x2ca/0xb20
[   58.605497][ T6809]  ? ext4_inode_to_goal_block+0x2df/0x3f0
[   58.611208][ T6809]  ext4_ext_map_blocks+0x201b/0x33e0
[   58.616483][ T6809]  ? ext4_ext_release+0x10/0x10
[   58.621327][ T6809]  ? down_write_killable+0x170/0x170
[   58.626626][ T6809]  ? ext4_es_lookup_extent+0x41d/0xd10
[   58.632075][ T6809]  ext4_map_blocks+0x4cb/0x1640
[   58.636908][ T6809]  ? ext4_issue_zeroout+0x1e0/0x1e0
[   58.642087][ T6809]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   58.647622][ T6809]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   58.653579][ T6809]  ? prandom_u32_state+0xe/0x170
[   58.658511][ T6809]  ? __brelse+0x84/0xa0
[   58.662684][ T6809]  ? __ext4_new_inode+0x144/0x55e0
[   58.667798][ T6809]  ext4_getblk+0xad/0x520
[   58.672140][ T6809]  ? ext4_iomap_overwrite_begin+0xa0/0xa0
[   58.677863][ T6809]  ? ext4_free_inode+0x1700/0x1700
[   58.682971][ T6809]  ext4_bread+0x7c/0x380
[   58.687208][ T6809]  ? ext4_getblk+0x520/0x520
[   58.691794][ T6809]  ? dquot_get_next_dqblk+0x180/0x180
[   58.697153][ T6809]  ext4_append+0x153/0x360
[   58.701555][ T6809]  ext4_mkdir+0x5e0/0xdf0
[   58.705871][ T6809]  ? ext4_rmdir+0xde0/0xde0
[   58.710366][ T6809]  ? security_inode_permission+0xc4/0xf0
[   58.716011][ T6809]  vfs_mkdir+0x419/0x690
[   58.720258][ T6809]  do_mkdirat+0x21e/0x280
[   58.724582][ T6809]  ? __ia32_sys_mknod+0xb0/0xb0
[   58.729419][ T6809]  ? do_syscall_64+0x1c/0xe0
[   58.734013][ T6809]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   58.739985][ T6809]  do_syscall_64+0x60/0xe0
[   58.744404][ T6809]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   58.750278][ T6809] RIP: 0033:0x45bee7
[   58.754149][ T6809] Code: Bad RIP value.
[   58.758194][ T6809] RSP: 002b:00007ffd1af0cab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[   58.766585][ T6809] RAX: ffffffffffffffda RBX: 000000000003a2f8 RCX: 000000000045bee7
[   58.774537][ T6809] RDX: 0000000000000002 RSI: 00000000000001c0 RDI: 00007ffd1af0cc90
[   58.782489][ T6809] RBP: 0000000000000001 R08: 000000000000f8c0 R09: 0000000000002880
[   58.790440][ T6809] R10: 0000000000000011 R11: 0000000000000246 R12: 00000000000000c2
[   58.798395][ T6809] R13: 00007ffd1af0cc90 R14: 8421084210842109 R15: 00007ffd1af0cc9c
[   58.886795][ T6810] IPVS: ftp: loaded support on port[0] = 21
[   58.923967][ T6810] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6810
[   58.933524][ T6810] caller is ext4_mb_new_blocks+0xa4d/0x3b70
[   58.939490][ T6810] CPU: 0 PID: 6810 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0
[   58.947723][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   58.957762][ T6810] Call Trace:
[   58.961041][ T6810]  dump_stack+0x18f/0x20d
[   58.965357][ T6810]  check_preemption_disabled+0x20d/0x220
[   58.970972][ T6810]  ext4_mb_new_blocks+0xa4d/0x3b70
[   58.976071][ T6810]  ? ext4_ext_search_right+0x2ca/0xb20
[   58.981509][ T6810]  ? ext4_inode_to_goal_block+0x2df/0x3f0
[   58.987229][ T6810]  ext4_ext_map_blocks+0x201b/0x33e0
[   58.992500][ T6810]  ? ext4_ext_release+0x10/0x10
[   58.997338][ T6810]  ? down_write_killable+0x170/0x170
[   59.002603][ T6810]  ? ext4_es_lookup_extent+0x41d/0xd10
[   59.008046][ T6810]  ext4_map_blocks+0x4cb/0x1640
[   59.012879][ T6810]  ? ext4_issue_zeroout+0x1e0/0x1e0
[   59.018076][ T6810]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   59.023618][ T6810]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   59.029577][ T6810]  ? prandom_u32_state+0xe/0x170
[   59.034512][ T6810]  ? __brelse+0x84/0xa0
[   59.038660][ T6810]  ? __ext4_new_inode+0x144/0x55e0
[   59.043750][ T6810]  ext4_getblk+0xad/0x520
[   59.048060][ T6810]  ? ext4_iomap_overwrite_begin+0xa0/0xa0
[   59.053757][ T6810]  ? ext4_free_inode+0x1700/0x1700
[   59.058849][ T6810]  ext4_bread+0x7c/0x380
[   59.063198][ T6810]  ? ext4_getblk+0x520/0x520
[   59.067773][ T6810]  ? dquot_get_next_dqblk+0x180/0x180
[   59.073136][ T6810]  ext4_append+0x153/0x360
[   59.077656][ T6810]  ext4_mkdir+0x5e0/0xdf0
[   59.082011][ T6810]  ? ext4_rmdir+0xde0/0xde0
[   59.086501][ T6810]  ? security_inode_permission+0xc4/0xf0
[   59.092122][ T6810]  vfs_mkdir+0x419/0x690
[   59.096347][ T6810]  do_mkdirat+0x21e/0x280
[   59.100658][ T6810]  ? __ia32_sys_mknod+0xb0/0xb0
[   59.105491][ T6810]  ? do_syscall_64+0x1c/0xe0
[   59.110082][ T6810]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   59.116042][ T6810]  do_syscall_64+0x60/0xe0
[   59.120441][ T6810]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   59.126312][ T6810] RIP: 0033:0x45bee7
[   59.130183][ T6810] Code: Bad RIP value.
[   59.134225][ T6810] RSP: 002b:00007ffd1af0c9a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053
[   59.142613][ T6810] RAX: ffffffffffffffda RBX: 000000000078c988 RCX: 000000000045bee7
[   59.150564][ T6810] RDX: 00007ffd1af0c9f3 RSI: 00000000000001ff RDI: 00007ffd1af0c9f0
[   59.158512][ T6810] RBP: 00000000000000f8 R08: 0000000000000000 R09: 0000000000000003
[   59.166462][ T6810] R10: 0000000000000064 R11: 0000000000000202 R12: 00000000004185d0
[   59.174410][ T6810] R13: 00007ffd1af0c9e0 R14: 0000000000000000 R15: 00007ffd1af0c9f0
[   59.244285][ T6810] BUG: using smp_processor_id() in preemptible [00000000] code: syz-executor.0/6810
[   59.253789][ T6810] caller is ext4_mb_new_blocks+0xa4d/0x3b70
[   59.259796][ T6810] CPU: 0 PID: 6810 Comm: syz-executor.0 Not tainted 5.7.0-syzkaller #0
[   59.268032][ T6810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   59.278088][ T6810] Call Trace:
[   59.281471][ T6810]  dump_stack+0x18f/0x20d
[   59.285804][ T6810]  check_preemption_disabled+0x20d/0x220
[   59.291440][ T6810]  ext4_mb_new_blocks+0xa4d/0x3b70
[   59.296556][ T6810]  ? ext4_ext_search_right+0x2ca/0xb20
[   59.302003][ T6810]  ? ext4_inode_to_goal_block+0x2df/0x3f0
[   59.307707][ T6810]  ext4_ext_map_blocks+0x201b/0x33e0
[   59.312997][ T6810]  ? ext4_ext_release+0x10/0x10
[   59.317854][ T6810]  ? down_write_killable+0x170/0x170
[   59.323121][ T6810]  ? ext4_es_lookup_extent+0x41d/0xd10
[   59.328579][ T6810]  ext4_map_blocks+0x4cb/0x1640
[   59.333430][ T6810]  ? ext4_issue_zeroout+0x1e0/0x1e0
[   59.338616][ T6810]  ? rcu_read_lock_sched_held+0x9c/0xd0
[   59.345796][ T6810]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   59.351760][ T6810]  ? prandom_u32_state+0xe/0x170
[   59.356682][ T6810]  ? __brelse+0x84/0xa0
[   59.360864][ T6810]  ? __ext4_new_inode+0x144/0x55e0
[   59.366337][ T6810]  ext4_getblk+0xad/0x520
[   59.370689][ T6810]  ? ext4_iomap_overwrite_begin+0xa0/0xa0
[   59.376386][ T6810]  ? ext4_free_inode+0x1700/0x1700
[   59.381478][ T6810]  ext4_bread+0x7c/0x380
[   59.385699][ T6810]  ? ext4_getblk+0x520/0x520
[   59.390274][ T6810]  ? dquot_get_next_dqblk+0x180/0x180
[   59.395629][ T6810]  ext4_append+0x153/0x360
[   59.400034][ T6810]  ext4_mkdir+0x5e0/0xdf0
[   59.404345][ T6810]  ? ext4_rmdir+0xde0/0xde0
[   59.408827][ T6810]  ? security_inode_permission+0xc4/0xf0
[   59.414439][ T6810]  vfs_mkdir+0x419/0x690
[   59.418680][ T6810]  do_mkdirat+0x21e/0x280
[   59.422988][ T6810]  ? __ia32_sys_mknod+0xb0/0xb0
[   59.427836][ T6810]  ? do_syscall_64+0x1c/0xe0
[   59.432402][ T6810]  ? lockdep_hardirqs_on_prepare+0x3a2/0x590
[   59.438363][ T6810]  do_syscall_64+0x60/0xe0
[   59.442759][ T6810]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   59.448626][ T6810] RIP: 0033:0x45bee7
[   59.452665][ T6810] Code: Bad RIP value.
[   59.456705][ T6810] RSP: 002b:00007ffd1af0c9a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000053
[   59.465090][ T6810] RAX: ffffffffffffffda RBX: 000000000000e755 RCX: 000000000045bee7
[   59.473038][ T6810] RDX: 00007ffd1af0c9f3 RSI: 00000000000001ff RDI: 00007ffd1af0c9f0
[   59.480986][ T6810] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000003
[   59.488932][ T6810] R10: 0000000000000064 R11: 0000000000000202 R12: 0000000000000003
[   59.496882][ T6810] R13: 00007ffd1af0c9e0 R14: 000000000000e746 R15: 00007ffd1af0c9f0
2020/06/14 11:45:22 building call list...
[   59.727835][   T21] tipc: TX() has been purged, node left!
[   60.230033][   T21] ==================================================================
[   60.238245][   T21] BUG: KASAN: use-after-free in afs_wake_up_async_call+0x6aa/0x770
[   60.246129][   T21] Write of size 1 at addr ffff88809f13f9e4 by task kworker/u4:1/21
[   60.254011][   T21] 
[   60.256342][   T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Not tainted 5.7.0-syzkaller #0
[   60.264218][   T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.274271][   T21] Workqueue: netns cleanup_net
[   60.279026][   T21] Call Trace:
[   60.282312][   T21]  dump_stack+0x18f/0x20d
[   60.286649][   T21]  ? afs_wake_up_async_call+0x6aa/0x770
[   60.292187][   T21]  ? afs_wake_up_async_call+0x6aa/0x770
[   60.297726][   T21]  ? afs_put_call+0xa40/0xa40
[   60.302401][   T21]  print_address_description.constprop.0.cold+0xd3/0x413
[   60.309423][   T21]  ? vprintk_func+0x97/0x1a6
[   60.314013][   T21]  ? afs_wake_up_async_call+0x6aa/0x770
[   60.319551][   T21]  kasan_report.cold+0x1f/0x37
[   60.324324][   T21]  ? rcu_read_lock_held+0x81/0xb0
[   60.329341][   T21]  ? afs_wake_up_async_call+0x6aa/0x770
[   60.334883][   T21]  afs_wake_up_async_call+0x6aa/0x770
[   60.340265][   T21]  ? afs_close_socket+0x320/0x320
[   60.345288][   T21]  ? afs_put_call+0xa40/0xa40
[   60.349959][   T21]  rxrpc_notify_socket+0x1db/0x5d0
[   60.355069][   T21]  ? afs_put_call+0xa40/0xa40
[   60.359740][   T21]  __rxrpc_set_call_completion.part.0+0x172/0x410
[   60.366151][   T21]  rxrpc_call_completed+0xca/0xf0
[   60.371178][   T21]  rxrpc_discard_prealloc+0x781/0xab0
[   60.376550][   T21]  ? lock_sock_nested+0x94/0x110
[   60.381487][   T21]  rxrpc_listen+0x147/0x360
[   60.386035][   T21]  afs_close_socket+0x95/0x320
[   60.390796][   T21]  ? afs_purge_servers+0x16d/0x300
[   60.395910][   T21]  ? afs_rx_discard_new_call+0x50/0x50
[   60.401371][   T21]  ? init_wait_var_entry+0x200/0x200
[   60.406658][   T21]  ? rcu_read_lock_held_common+0xa0/0xa0
[   60.412286][   T21]  ? check_preemption_disabled+0x38/0x220
[   60.418009][   T21]  afs_net_exit+0x1bc/0x310
[   60.422514][   T21]  ? afs_net_init+0xe30/0xe30
[   60.427184][   T21]  ops_exit_list.isra.0+0xa8/0x150
[   60.432295][   T21]  cleanup_net+0x511/0xa50
[   60.436714][   T21]  ? unregister_pernet_device+0x70/0x70
[   60.442262][   T21]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   60.448251][   T21]  process_one_work+0x965/0x1690
[   60.453207][   T21]  ? lock_release+0x800/0x800
[   60.457924][   T21]  ? pwq_dec_nr_in_flight+0x310/0x310
[   60.463319][   T21]  ? rwlock_bug.part.0+0x90/0x90
[   60.468393][   T21]  worker_thread+0x96/0xe10
[   60.472910][   T21]  ? process_one_work+0x1690/0x1690
[   60.478107][   T21]  kthread+0x3b5/0x4a0
[   60.482169][   T21]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   60.487883][   T21]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   60.493615][   T21]  ret_from_fork+0x1f/0x30
[   60.498042][   T21] 
[   60.500371][   T21] Allocated by task 6810:
[   60.504703][   T21]  save_stack+0x1b/0x40
[   60.508949][   T21]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[   60.514577][   T21]  kmem_cache_alloc_trace+0x153/0x7d0
[   60.519949][   T21]  afs_alloc_call+0x55/0x630
[   60.524527][   T21]  afs_charge_preallocation+0xe9/0x2d0
[   60.529984][   T21]  afs_open_socket+0x292/0x360
[   60.534743][   T21]  afs_net_init+0xa6c/0xe30
[   60.539240][   T21]  ops_init+0xaf/0x420
[   60.543304][   T21]  setup_net+0x2de/0x860
[   60.547545][   T21]  copy_net_ns+0x293/0x590
[   60.551957][   T21]  create_new_namespaces+0x3fb/0xb30
[   60.557260][   T21]  unshare_nsproxy_namespaces+0xbd/0x1f0
[   60.562893][   T21]  ksys_unshare+0x43d/0x8e0
[   60.567397][   T21]  __x64_sys_unshare+0x2d/0x40
[   60.572158][   T21]  do_syscall_64+0x60/0xe0
[   60.576580][   T21]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   60.582502][   T21] 
[   60.584850][   T21] Freed by task 21:
[   60.588658][   T21]  save_stack+0x1b/0x40
[   60.592817][   T21]  __kasan_slab_free+0xf7/0x140
[   60.597666][   T21]  kfree+0x109/0x2b0
[   60.601561][   T21]  afs_put_call+0x585/0xa40
[   60.606064][   T21]  rxrpc_discard_prealloc+0x764/0xab0
[   60.611431][   T21]  rxrpc_listen+0x147/0x360
[   60.615933][   T21]  afs_close_socket+0x95/0x320
[   60.620702][   T21]  afs_net_exit+0x1bc/0x310
[   60.625203][   T21]  ops_exit_list.isra.0+0xa8/0x150
[   60.630307][   T21]  cleanup_net+0x511/0xa50
[   60.634722][   T21]  process_one_work+0x965/0x1690
[   60.639653][   T21]  worker_thread+0x96/0xe10
[   60.644156][   T21]  kthread+0x3b5/0x4a0
[   60.648224][   T21]  ret_from_fork+0x1f/0x30
[   60.652633][   T21] 
[   60.654958][   T21] The buggy address belongs to the object at ffff88809f13f800
[   60.654958][   T21]  which belongs to the cache kmalloc-1k of size 1024
[   60.669005][   T21] The buggy address is located 484 bytes inside of
[   60.669005][   T21]  1024-byte region [ffff88809f13f800, ffff88809f13fc00)
[   60.682356][   T21] The buggy address belongs to the page:
[   60.687990][   T21] page:ffffea00027c4fc0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
[   60.698310][   T21] flags: 0xfffe0000000200(slab)
[   60.703162][   T21] raw: 00fffe0000000200 ffffea00028c6d08 ffffea000269c888 ffff8880aa000c40
[   60.711749][   T21] raw: 0000000000000000 ffff88809f13f000 0000000100000002 0000000000000000
[   60.720321][   T21] page dumped because: kasan: bad access detected
[   60.726721][   T21] 
[   60.729042][   T21] Memory state around the buggy address:
[   60.734666][   T21]  ffff88809f13f880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.742722][   T21]  ffff88809f13f900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.750779][   T21] >ffff88809f13f980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.758836][   T21]                                                        ^
[   60.766027][   T21]  ffff88809f13fa00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.774093][   T21]  ffff88809f13fa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   60.782148][   T21] ==================================================================
[   60.790199][   T21] Disabling lock debugging due to kernel taint
[   60.796384][   T21] Kernel panic - not syncing: panic_on_warn set ...
[   60.802971][   T21] CPU: 0 PID: 21 Comm: kworker/u4:1 Tainted: G    B             5.7.0-syzkaller #0
[   60.812238][   T21] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[   60.822374][   T21] Workqueue: netns cleanup_net
[   60.827125][   T21] Call Trace:
[   60.830409][   T21]  dump_stack+0x18f/0x20d
[   60.834735][   T21]  ? afs_wake_up_async_call+0x5f0/0x770
[   60.840276][   T21]  ? afs_put_call+0xa40/0xa40
[   60.844953][   T21]  panic+0x2e3/0x75c
[   60.848841][   T21]  ? __warn_printk+0xf3/0xf3
[   60.853422][   T21]  ? asm_sysvec_apic_timer_interrupt+0x12/0x20
[   60.859570][   T21]  ? trace_hardirqs_on+0x55/0x220
[   60.864585][   T21]  ? afs_wake_up_async_call+0x6aa/0x770
[   60.870122][   T21]  ? afs_wake_up_async_call+0x6aa/0x770
[   60.875654][   T21]  ? afs_put_call+0xa40/0xa40
[   60.880326][   T21]  end_report+0x4d/0x53
[   60.884473][   T21]  kasan_report.cold+0xd/0x37
[   60.889147][   T21]  ? rcu_read_lock_held+0x81/0xb0
[   60.894162][   T21]  ? afs_wake_up_async_call+0x6aa/0x770
[   60.899696][   T21]  afs_wake_up_async_call+0x6aa/0x770
[   60.905059][   T21]  ? afs_close_socket+0x320/0x320
[   60.910072][   T21]  ? afs_put_call+0xa40/0xa40
[   60.914741][   T21]  rxrpc_notify_socket+0x1db/0x5d0
[   60.919844][   T21]  ? afs_put_call+0xa40/0xa40
[   60.924511][   T21]  __rxrpc_set_call_completion.part.0+0x172/0x410
[   60.930924][   T21]  rxrpc_call_completed+0xca/0xf0
[   60.935943][   T21]  rxrpc_discard_prealloc+0x781/0xab0
[   60.941308][   T21]  ? lock_sock_nested+0x94/0x110
[   60.946241][   T21]  rxrpc_listen+0x147/0x360
[   60.950735][   T21]  afs_close_socket+0x95/0x320
[   60.955497][   T21]  ? afs_purge_servers+0x16d/0x300
[   60.960598][   T21]  ? afs_rx_discard_new_call+0x50/0x50
[   60.966048][   T21]  ? init_wait_var_entry+0x200/0x200
[   60.971325][   T21]  ? rcu_read_lock_held_common+0xa0/0xa0
[   60.976946][   T21]  ? check_preemption_disabled+0x38/0x220
[   60.982657][   T21]  afs_net_exit+0x1bc/0x310
[   60.987151][   T21]  ? afs_net_init+0xe30/0xe30
[   60.991823][   T21]  ops_exit_list.isra.0+0xa8/0x150
[   60.996928][   T21]  cleanup_net+0x511/0xa50
[   61.001335][   T21]  ? unregister_pernet_device+0x70/0x70
[   61.006881][   T21]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[   61.012864][   T21]  process_one_work+0x965/0x1690
[   61.017800][   T21]  ? lock_release+0x800/0x800
[   61.022473][   T21]  ? pwq_dec_nr_in_flight+0x310/0x310
[   61.027841][   T21]  ? rwlock_bug.part.0+0x90/0x90
executing program
[   61.032779][   T21]  worker_thread+0x96/0xe10
[   61.037287][   T21]  ? process_one_work+0x1690/0x1690
[   61.042487][   T21]  kthread+0x3b5/0x4a0
[   61.046553][   T21]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   61.052269][   T21]  ? kthread_mod_delayed_work+0x1a0/0x1a0
[   61.057987][   T21]  ret_from_fork+0x1f/0x30
[   61.063751][   T21] Kernel Offset: disabled
[   61.068069][   T21] Rebooting in 86400 seconds..